On Wed, Dec 30, 2009 at 03:55:37PM -0500, Sean Phelan wrote: > > there is talk of adding rfid chips to cars. > > My understanding of RFID chips is that the range is pretty limited, > so it's probably not the best option for "tracking" a car (you'd > need sensors attached to every mile marker). It _could_ be very > useful for the next generation EZPASS - if the car has a unique > number, you could run highway tolls off that instead of a customized > transponder.
RFID is USUALLY short range, but not always. EZ-Pass is basically RFID tech, and works at N MPH (look at the fast-lane stuff on the jersey turnpike) > Something like this, I'd prefer to see it as an opt-in feature. > > > you can surreptitiously add an ap to iPhone so you can track the > owner of it. > > Anything "surreptitious" to an iPhone would require the iPhone to be > jailbroken first ... something that is done "at your own risk". > Without the Jailbreak, Apple & ATT control the access to your phone, > so you're trusting that particular dictator to be benevolent :) Any GSM phone can be tracked by the phone number alone, with tower precision (ie, lower precision as you get away from urban areas due to the less dense tower deployment). Expect to see security papers on this in the next 6 months or so. This requires only some cleverness and some money (and not "well you'd need a company to do that") kinds of money, either. Never mind that all the tower data is tracked & triangulated by the phone company for E911, tower measurement, and location services. And for the feds to subpoena. If you carry a phone, you are trackable, with or without your consent. Turn it off if you don't want that, there's no other way around it. See below for additional smartphone risks. > > It's bad enough to trade freedom for safety but to trade it for > the newest flashy technology? > > I agree that chasing the next shiny object is not very wise, but the > privacy implications are secondary to the immediate waste problems > we cause - every product creates a box of trash, and the product has > to be replace wholesale every year, instead of just replacing a > small part with minimal packaging. Chrome/ChromeOS/Android aren't really exposing much more than you already expose simply by allowing flash, javascript, and cookies in your PC browser. If you use google docs now for your documents, you're not losing anything using it in chrome or whatever. If you use firefox with safe-browsing turned on, it's checking every URL you go to with google anyhow. If you allow cookies, you're getting fully tracked by urchin/analytics anywhere you go anyway. Additional info it CAN provide: GPS location (if used on a cell). Google uses this for their skyhook clone (gps positioning via adjacent wifi devices, saves battery if wifi is turned on and gps is not), traffic (as in road traffic) analysis, and services that get them more revenue (local search, latitude, etc). You can turn off GPS if you want. So yes - all these convenient google products allow google to gather even more info about you, but they're already gathering a TON of info, probably more than you think. The bigger privacy risk to my mind w/ smart phones is that there's really only a handful of ecologies (iphone, blackberry, and growing, android). They're always on. They keep a LOT of info (phone lists, facebook logins, bank logins, your banking APP, etc, etc). Find a remotely exploitable bug in that (and they do exist, google the panic about the iphone SMS bug last spring which was remotely exploitable) and you've got a good environment for a fast-moving worm which trojans the system. Depending on the device, physical access may also be a major risk. With the current bugs in the android/moto droid 2.0.1 rescue partition code, leaving me with a droid for about 5 minutes would let me trojan core system binaries w/ tracker, keyboard logger, etc apps which would be undetectable (nothing in the phone provides a mechanism for monitoring changes to the system partitions). Using a smartphone on wifi has the same risks as using a laptop on wifi - if it's open, any traffic can be sniffed, man-in-the-middled, rewritten, cache poisoned, etc. Using cell data is "more" secure, provided you trust your cell provider not to be playing any of the same tricks. -m -- Mike Kershaw/Dragorn <[email protected]> GPG Fingerprint: 3546 89DF 3C9D ED80 3381 A661 D7B2 8822 738B BDB1 Life is just Natures way of keeping meat fresh -- The Doctor
pgp8kN7NtzwS1.pgp
Description: PGP signature
_______________________________________________ Mid-Hudson Valley Linux Users Group http://mhvlug.org http://mhvlug.org/cgi-bin/mailman/listinfo/mhvlug Upcoming Meetings (6pm - 8pm) MHVLS Auditorium Dec 2 - MythTV Jan 6 - Git
