- <item>
- <title>Creepy, visualise geotagged social media information - nice free software</title>
- <link>http://people.skolelinux.org/pere/blog/Creepy__visualise_geotagged_social_media_information___nice_free_software.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Creepy__visualise_geotagged_social_media_information___nice_free_software.html</guid>
- <pubDate>Sun, 24 Jan 2016 10:50:00 +0100</pubDate>
- <description><p>Most people seem not to realise that every time they walk around
-with the computerised radio beacon known as a mobile phone their
-position is tracked by the phone company and often stored for a long
-time (like every time a SMS is received or sent). And if their
-computerised radio beacon is capable of running programs (often called
-mobile apps) downloaded from the Internet, these programs are often
-also capable of tracking their location (if the app requested access
-during installation). And when these programs send out information to
-central collection points, the location is often included, unless
-extra care is taken to not send the location. The provided
-information is used by several entities, for good and bad (what is
-good and bad, depend on your point of view). What is certain, is that
-the private sphere and the right to free movement is challenged and
-perhaps even eradicated for those announcing their location this way,
-when they share their whereabouts with private and public
-entities.</p>
-
-<p align="center"><img width="70%" src="http://people.skolelinux.org/pere/blog/images/2016-01-24-nice-creepy-desktop-window.png"></p>
-
-<p>The phone company logs provide a register of locations to check out
-when one want to figure out what the tracked person was doing. It is
-unavailable for most of us, but provided to selected government
-officials, company staff, those illegally buying information from
-unfaithful servants and crackers stealing the information. But the
-public information can be collected and analysed, and a free software
-tool to do so is called
-<a href="http://www.geocreepy.com/">Creepy or Cree.py</a>. I
-discovered it when I read
-<a href="http://www.aftenposten.no/kultur/Slik-kan-du-bli-overvaket-pa-Twitter-og-Instagram-uten-a-ane-det-7787884.html">an
-article about Creepy</a> in the Norwegian newspaper Aftenposten i
-November 2014, and decided to check if it was available in Debian.
-The python program was in Debian, but
-<a href="https://tracker.debian.org/pkg/creepy">the version in
-Debian</a> was completely broken and practically unmaintained. I
-uploaded a new version which did not work quite right, but did not
-have time to fix it then. This Christmas I decided to finally try to
-get Creepy operational in Debian. Now a fixed version is available in
-Debian unstable and testing, and almost all Debian specific patches
-are now included
-<a href="https://github.com/jkakavas/creepy">upstream</a>.</p>
-
-<p>The Creepy program visualises geolocation information fetched from
-Twitter, Instagram, Flickr and Google+, and allow one to get a
-complete picture of every social media message posted recently in a
-given area, or track the movement of a given individual across all
-these services. Earlier it was possible to use the search API of at
-least some of these services without identifying oneself, but these
-days it is impossible. This mean that to use Creepy, you need to
-configure it to log in as yourself on these services, and provide
-information to them about your search interests. This should be taken
-into account when using Creepy, as it will also share information
-about yourself with the services.</p>
-
-<p>The picture above show the twitter messages sent from (or at least
-geotagged with a position from) the city centre of Oslo, the capital
-of Norway. One useful way to use Creepy is to first look at
-information tagged with an area of interest, and next look at all the
-information provided by one or more individuals who was in the area.
-I tested it by checking out which celebrity provide their location in
-twitter messages by checkout out who sent twitter messages near a
-Norwegian TV station, and next could track their position over time,
-making it possible to locate their home and work place, among other
-things. A similar technique have been
-<a href="http://www.buzzfeed.com/maxseddon/does-this-soldiers-instagram-account-prove-russia-is-covertl">used
-to locate Russian soldiers in Ukraine</a>, and it is both a powerful
-tool to discover lying governments, and a useful tool to help people
-understand the value of the private information they provide to the
-public.</p>
-
-<p>The package is not trivial to backport to Debian Stable/Jessie, as
-it depend on several python modules currently missing in Jessie (at
-least python-instagram, python-flickrapi and
-python-requests-toolbelt).</p>
-
-<p>(I have uploaded
-<a href="https://screenshots.debian.net/package/creepy">the image to
-screenshots.debian.net</a> and licensed it under the same terms as the
-Creepy program in Debian.)</p>
-</description>
- </item>
-
- <item>
- <title>Always download Debian packages using Tor - the simple recipe</title>
- <link>http://people.skolelinux.org/pere/blog/Always_download_Debian_packages_using_Tor___the_simple_recipe.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Always_download_Debian_packages_using_Tor___the_simple_recipe.html</guid>
- <pubDate>Fri, 15 Jan 2016 00:30:00 +0100</pubDate>
- <description><p>During his DebConf15 keynote, Jacob Appelbaum
-<a href="https://summit.debconf.org/debconf15/meeting/331/what-is-to-be-done/">observed
-that those listening on the Internet lines would have good reason to
-believe a computer have a given security hole</a> if it download a
-security fix from a Debian mirror. This is a good reason to always
-use encrypted connections to the Debian mirror, to make sure those
-listening do not know which IP address to attack. In August, Richard
-Hartmann observed that encryption was not enough, when it was possible
-to interfere download size to security patches or the fact that
-download took place shortly after a security fix was released, and
-<a href="http://richardhartmann.de/blog/posts/2015/08/24-Tor-enabled_Debian_mirror/">proposed
-to always use Tor to download packages from the Debian mirror</a>. He
-was not the first to propose this, as the
-<tt><a href="https://tracker.debian.org/pkg/apt-transport-tor">apt-transport-tor</a></tt>
-package by Tim Retout already existed to make it easy to convince apt
-to use <a href="https://www.torproject.org/">Tor</a>, but I was not
-aware of that package when I read the blog post from Richard.</p>
-
-<p>Richard discussed the idea with Peter Palfrader, one of the Debian
-sysadmins, and he set up a Tor hidden service on one of the central
-Debian mirrors using the address vwakviie2ienjx6t.onion, thus making
-it possible to download packages directly between two tor nodes,
-making sure the network traffic always were encrypted.</p>
-
-<p>Here is a short recipe for enabling this on your machine, by
-installing <tt>apt-transport-tor</tt> and replacing http and https
-urls with tor+http and tor+https, and using the hidden service instead
-of the official Debian mirror site. I recommend installing
-<tt>etckeeper</tt> before you start to have a history of the changes
-done in /etc/.</p>
-
-<blockquote><pre>
-apt install apt-transport-tor
-sed -i 's% http://ftp.debian.org/% tor+http://vwakviie2ienjx6t.onion/%' /etc/apt/sources.list
-sed -i 's% http% tor+http%' /etc/apt/sources.list
-</pre></blockquote>
-
-<p>If you have more sources listed in /etc/apt/sources.list.d/, run
-the sed commands for these too. The sed command is assuming your are
-using the ftp.debian.org Debian mirror. Adjust the command (or just
-edit the file manually) to match your mirror.</p>
-
-<p>This work in Debian Jessie and later. Note that tools like
-<tt>apt-file</tt> only recently started using the apt transport
-system, and do not work with these tor+http URLs. For
-<tt>apt-file</tt> you need the version currently in experimental,
-which need a recent apt version currently only in unstable. So if you
-need a working <tt>apt-file</tt>, this is not for you.</p>
-
-<p>Another advantage from this change is that your machine will start
-using Tor regularly and at fairly random intervals (every time you
-update the package lists or upgrade or install a new package), thus
-masking other Tor traffic done from the same machine. Using Tor will
-become normal for the machine in question.</p>
-
-<p>On <a href="https://wiki.debian.org/FreedomBox">Freedombox</a>, APT
-is set up by default to use <tt>apt-transport-tor</tt> when Tor is
-enabled. It would be great if it was the default on any Debian
-system.</p>
-</description>
- </item>
-
projects / homepage.git / blobdiff