Category Archives: Privacy

Passcode Vulnerability

Posted on by
Reply

The subheadline of a Wall Street Journal article on cell phone security vulnerabilities presents the subject of my post.

The passcode that unlocks your phone can give thieves access to your money and data; “it’s like a treasure box”

The article then laid out the problem:

The thieves are exploiting a simple vulnerability in the software design of over one billion iPhones active globally. It centers on the passcode, the short string of numbers that grants access to a device; and passwords, generally longer alphanumeric combinations that serve as the logins for different accounts.
With only the iPhone and its passcode, an interloper can within seconds change the password associated with the iPhone owner’s Apple ID. This would lock the victim out of their account, which includes anything stored in iCloud. The thief can also often loot the phone’s financial apps since the passcode can unlock access to all the device’s stored passwords.
“Once you get into the phone, it’s like a treasure box,” said Alex Argiro, who investigated a high-profile theft ring as a New York Police Department detective before retiring last fall.

This image lays out the technique:There’s nothing magic about iPhones in this regard, though; Android cell phones are just as vulnerable to this sort of attack.

However, there are a couple of solutions to this, regardless of the type of cell phone you use. Each solution also works even better when done in concert with the other, and they rely on something old-fashioned: caution and concern for personal privacy.

One solution is to not use your cell phone to conduct any activity, not only financial, that you don’t want exposed to the public, much less to a thief. That way, if your cell phone is stolen, there’s nothing in it beyond your contact list that can be hacked. The potential cost of doing non-telephone things on your cell phone is far greater than the short-term convenience gained.

The other solution is to not store anything in the cloud. Keep your private material private by keeping it entirely within your home’s network, and ideally even more restricted: keep that information solely on your PC’s or laptop’s hard drive, or better, on an external hard drive that connects only via USB—and keep that external storage device separate from your PC/laptop.

Related, and subsidiary to all of that, don’t store passcodes or passwords on your PC/laptop, even via a passcode/word manager. In the unlikely event your laptop is stolen, or your PC is stolen via home break-in, that manager can be hacked at the thief’s leisure.

A Terse View of Law

Posted on by
Reply

This is from Ron Wyden, a Progressive-Democratic Party Senator from Oregon:

In the coming days a lawless Trump-appointed judge is expected to ban access to abortion medication nationwide. I’m calling on the FDA to protect the safety of every woman in America by keeping the drug on the market no matter the ruling.

He insists that doctors also ignore the court’s ruling, and the law of the land, if that ruling goes against the Progressive-Democrat’s personal views.

This is the contempt that Party has for law, for court rulings, for our Constitution, and for us average Americans. Law, courts, our Constitution are not even suggestions; they’re simply to be ignored because these Know Betters are above all that petty stuff.

We need to remember this despotic attitude of Party in 21 months. And inject backbone into our non-Progressive representatives at all levels of government in the meantime.

Dehumanizing Babies

Posted on by
Reply

Florida has a law (HB5, Reducing Fetal and Infant Mortality Act) banning abortions after 15 weeks of pregnancy. Florida’s Governor DeSantis (R) has characterized the law as

protect[ing] babies in the womb who have beating hearts, who can move, who can taste, who can see, and who can feel pain.

Planned Parenthood and the ACLU have sued, claiming that the ban violates the Florida Constitution. The Florida Constitution, Art I, Sect 23, grants a right of privacy to every natural person. The only part of the Florida Constitution that directly addresses abortion is Art X, Sect 22, which authorizes the State’s legislature to enact laws requiring notification of a minor’s parent or guardian prior to termination of the minor’s pregnancy.

Whitney White, a staff attorney with the ACLU’s Reproductive Freedom Project:

…we are dismayed that it has allowed this dangerous ban to remain in effect and to harm real people each and every day until this case is finally decided[.]

The State’s district-level judge, Leon County Circuit Court Judge John Cooper, siding with PP and the ACLU in issuing an injunction barring enforcement, wrote in part that (as cited by Fox News)

the Florida Constitution contains an explicit “right to privacy” that is “much broader in scope” than any privacy right under the United States Constitution. He further ruled that a 15-week cutoff for abortions is not supported by sufficient state interest.

Florida appealed the judge’s ruling and got the injunction lifted; the matter now is before the State’s Supreme Court.

It’s important to note that, both the ACLU’s and Cooper’s arguments can have legitimacy only by denying that unborn babies—especially after those 15 weeks—are not “real people,” are not natural persons. The only way in which the law’s abortion cutoff time is unsupported by sufficient State interest is by denying that unborn babies are not natural persons. After all, a core responsibility—a core duty—of the State government is to see to the safety and welfare of every “real” natural person in the State.

This is Planned Parenthood, the ACLU, and a Florida judge shamefully denying babies’ personhood, shamefully dehumanizing babies, just because they’re unborn.

Surveillance State, Part 2

Posted on by
Reply

Another one from New York. It seems that US Ambassador to the United Nations Nikki Haley’s Stand for America PAC, a 501(c)(4) organization with a legally protected list of donors has had that list released by the NY AG’s Charities Bureau to Politico, which then proceeded to publish that list.

The Charities Bureau is an arm of New York Attorney General Letitia James’ (the same one who “consulted” with then-FBI Director James Comey to suppress any hint of investigation of Hillary Clinton’s classified email handling ‘way back in 2016) Attorney General office.

Never mind that the leak was illegal. Never mind that the Supreme Court in Prosperity Foundation v Bonta—just a year ago—had ruled that the California AG’s blanket demand that all charities disclose donor information was unconstitutional.

Letitia James, a Progressive-Democrat through and through, cares not a fig for any law that’s inconvenient to her. She’s going to collect non-Progressive-Democrat data and release it whenever she takes a notion to.

Location Apps on Smartphones

Posted on by
Reply

A techy article about the wonders of location apps in our smartphones—if “properly shared”—in Sunday’s Wall Street Journal caught my eye. The author’s piece centered on the alleged benefits of automatically sharing your personal location data with a selected audience (usually family members) and the app providers’ directions for how to achieve “proper sharing,” supposedly limiting the location sharing to that selected audience.

The author missed the larger problem, though: the intrinsic lack of security on those apps, especially given the historical disdain for personal information security on the part of some of those providers.

I won’t share my location, ever. It wasn’t necessary before such apps became available, and it isn’t necessary today. My smartphone has a—wait for it—telephone app that I can use to check in with and/or check on the ones about whom I care.

The location data in these apps simply aren’t as secure as the touters make them out to be. Data that are held anywhere but on my personal devices are vulnerable to exposure, whether by “mistake”—last week’s IRS release of tax records (which is all too routine for this government agency) comes to mind—or programming mistakes, or cloud or providers’ servers being hacked, or the receivers’ devices being hacked, or location history being vulnerable to government information demands, or….

Location data that aren’t in the cloud or on those other servers and that aren’t being transmitted to a supposedly limited audience aren’t available to exposure.

Along those lines, a commenter in the comment thread for that article had this:

I checked FindMy to see if my wife was lost coming to an appointment at the bank (she was). The banker gasped, “Does she know you’re tracking her?” Her reaction? “It’s a sign of a secure marriage.”
She once missed where I-26 turns and followed the connector straight ahead into downtown Columbia, SC. I was able to guide her through town back to I-26 by a convenient route. I had been tracking her anticipating that very thing.
Very useful app, but one has to be careful with it.

Leaving aside the Banker’s intrusion into a family matter having nothing to do with the family business being conducted, I had this reaction:

Before location apps were available, my wife had a similar missed-turn-now-lost experience trying to get to a location in a large city in Texas hours away from the large city in Texas in which we live, and where I still was.
Her solution? She exercised the telephone app that happened be on her smartphone and called me. I brought up the map function on my laptop, and from her description of the landmarks she was seeing, I quickly located her and then talked her back onto her route. She finished her trip with no further trouble.

Telephone apps. What will Big Tech think of next?