Computer Hacks, Smartphone Tracks and “Evil Maid” Protection from Snowden, Citizen Lab, EFF

By: Lee Rickwood

January 12, 2018

Protection against computer hacking, smartphone tracking and a nasty new entity known as the “evil maid” is available in new applications for mobile and desktop users.

Among the application backers and developers are leading online safety and security experts like whistleblower Edward Snowden, Canada’s Citizen Lab and the Electronic Frontier Foundation.

Security Planner is an online platform and learning tool from Citizen Lab, a technology and global security group based at the University of Toronto.

The platform was developed and tested by a multidisciplinary security team, but it uses non-technical terms and easy-to-follow instructions so that users can describe their own tech environment (I use a PC, I carry a smartphone, I’m on different social media platforms, etc.) and then share their own security concerns (better privacy, securing social media accounts, concerns about online harassment, backing up an iPhone or managing passwords).

Computer Hacks, Smartphone Tracks and “Evil Maid” Protection from Snowden, Citizen Lab, EFF

A new app from Citizen Lab provides each user with a personalized action plan for greater data protection.

It takes a few minutes to go through the entire app, but there’s tons of informative ‘safe tech’ material available in return for your time.

The platform then provides each user with a personalized action plan for greater data protection, and there are informative sections called Learn More on the platform with added info about the technologies or safety concerns mentioned.

Some security guides out there are technically dated or too difficult to benefit all users, so this tool is both up-to-date and easily understandable. Ron Deibert, Citizen Lab Director and Founder, says “Security Planner will raise the security bar for average Internet users on an ongoing basis.”

Security Planner also offers users a number of general recommendations for safe Web surfing, computer use, online account management, smartphones and Internet connections, among other areas of interest and online safety concerns.

In such cases, the use of encryption technology, such as the recommended HTTPS Everywhere program, is encouraged, as is the use of a tool like the Privacy Badger plug-in, which prevents advertisers and others from tracking users on the Web.

Security Planner was launched at Jigsaw (formerly Google Ideas) and passed to Citizen Lab just over a year ago; some funding and support comes from Consumers Union, part of Consumers Report, and Citizen Lab maintains that it “never accept(s) money or services in exchange for making a recommendation.”

Clearly aiming to help the general and average tech user, the platform also offers recommendations for more high-risk users (like political activists or investigative journalists).

They are often at the top of the list of people who face both virtual threats and physical risks, as whistleblower Edward Snowden knows well.

Computer Hacks, Smartphone Tracks and “Evil Maid” Protection from Snowden, Citizen Lab, EFF

Ironically making use of the many sophisticated surveillance tools that our smartphones already have built in them, this app turns the phone into a capable surveillance system – for you. Image from YouTube.

One of his concerns is that, even with the best encryption available, a person’s laptop or smartphone is vulnerable to physical, in-person tampering – like from that notorious “evil maid” who represents a hotel worker or room service attendant who could get their hands on a device if it’s left behind, even for a moment.

Snowden and a group of application developers working on privacy and encrypted communications have created and released Haven, an open source app for any Android phone.

The idea is that you load it onto a disposable or “burner” phone, and leave that device (with the app on) in your hotel room or supposedly secure location.

Turning the tables on unwanted surveillance, and somewhat ironically making use of the many sophisticated surveillance tools that our smartphones already have built in them, this app turns the phone into a capable surveillance system you can use to protect yourself. It can tap into the device’s camera, and take a snap of anyone entering your room, or use the audio recording system to further document suspicious activity in the vicinity. The smartphone’s accelerometer can be used to detect motion (and of course, the user is notified on his or her real phone as soon as the surveillance phone has anything to report).

Haven has an encrypted messenger service called Signal built in, so communications from the app are secure, and it does work with other Android apps to connect with the user-anonymizing Tor network.

With some luck and certain lifestyle choices, the protection offered by Haven may not be necessary for most of us.

But all of us can be tracked and identified online, even if we have special software installed to prevent such a thing.

Computer Hacks, Smartphone Tracks and “Evil Maid” Protection from Snowden, Citizen Lab, EFF

A tool called Panopticlick checks the privacy protections (you believe) are working for you.

So there’s a tool called Panopticlick that checks the privacy protections (you believe) are working for you, and it simulates the kind of tracking tools used (in online ads and webpage scripts, for example.) by some websites out there, even if they say they respect Do Not Track messages.

Panopticlick developers (it is a research project from EFF, the U.S.-based non-profit digital rights organization) also have way to protect against so-called computer or browser “fingerprinting”, and the unique, tell-tale digital settings that Web browser or personal computer configurations can have.

Yes, it is a challenge to be safe online. Yes, the risks to our online life can be enormous. So, too, the rewards that can come from a technically enabled and safely secured environment.

These new applications are leading the way, as their developers and supporters are, giving users the ability to help raise that security bar for us all.

-30-


1 comment

  1. Lee says:

    Browser fingerprinting is a serious and continuing privacy challenge to web surfers.

    The Panopticlick tool mentioned above offers good protection; for those wishing to know more about the tool and how to use it, Bill Hess and the folks at Pixel Privacy have developed a guide to browser fingerprinting. It can be found at (https://pixelprivacy.com/resources/browser-fingerprinting/) along with other data privacy and online security tips.

Leave a Reply

Your email address will not be published. Required fields are marked *