- <div class="title"><a href="http://people.skolelinux.org/pere/blog/Simpler_recipe_on_how_to_make_a_simple__7_IMSI_Catcher_using_Debian.html">Simpler recipe on how to make a simple $7 IMSI Catcher using Debian</a></div>
- <div class="date"> 9th August 2017</div>
- <div class="body"><p>On friday, I came across an interesting article in the Norwegian
-web based ICT news magazine digi.no on
-<a href="https://www.digi.no/artikler/sikkerhetsforsker-lagde-enkel-imsi-catcher-for-60-kroner-na-kan-mobiler-kartlegges-av-alle/398588">how
-to collect the IMSI numbers of nearby cell phones</a> using the cheap
-DVB-T software defined radios. The article refered to instructions
-and <a href="https://www.youtube.com/watch?v=UjwgNd_as30">a recipe by
-Keld Norman on Youtube on how to make a simple $7 IMSI Catcher</a>, and I decided to test them out.</p>
-
-<p>The instructions said to use Ubuntu, install pip using apt (to
-bypass apt), use pip to install pybombs (to bypass both apt and pip),
-and the ask pybombs to fetch and build everything you need from
-scratch. I wanted to see if I could do the same on the most recent
-Debian packages, but this did not work because pybombs tried to build
-stuff that no longer build with the most recent openssl library or
-some other version skew problem. While trying to get this recipe
-working, I learned that the apt->pip->pybombs route was a long detour,
-and the only piece of software dependency missing in Debian was the
-gr-gsm package. I also found out that the lead upstream developer of
-gr-gsm (the name stand for GNU Radio GSM) project already had a set of
-Debian packages provided in an Ubuntu PPA repository. All I needed to
-do was to dget the Debian source package and built it.</p>
-
-<p>The IMSI collector is a python script listening for packages on the
-loopback network device and printing to the terminal some specific GSM
-packages with IMSI numbers in them. The code is fairly short and easy
-to understand. The reason this work is because gr-gsm include a tool
-to read GSM data from a software defined radio like a DVB-T USB stick
-and other software defined radios, decode them and inject them into a
-network device on your Linux machine (using the loopback device by
-default). This proved to work just fine, and I've been testing the
-collector for a few days now.</p>
-
-<p>The updated and simpler recipe is thus to</p>
-
-<ol>
-
-<li>start with a Debian machine running Stretch or newer,</li>
-
-<li>build and install the gr-gsm package available from
-<a href="http://ppa.launchpad.net/ptrkrysik/gr-gsm/ubuntu/pool/main/g/gr-gsm/">http://ppa.launchpad.net/ptrkrysik/gr-gsm/ubuntu/pool/main/g/gr-gsm/</a>,</li>
-
-<li>clone the git repostory from <a href="https://github.com/Oros42/IMSI-catcher">https://github.com/Oros42/IMSI-catcher</a>,</li>
-
-<li>run grgsm_livemon and adjust the frequency until the terminal
-where it was started is filled with a stream of text (meaning you
-found a GSM station).</li>
-
-<li>go into the IMSI-catcher directory and run 'sudo python simple_IMSI-catcher.py' to extract the IMSI numbers.</li>
-
-</ol>
-
-<p>To make it even easier in the future to get this sniffer up and
-running, I decided to package
-<a href="https://github.com/ptrkrysik/gr-gsm/">the gr-gsm project</a>
-for Debian (<a href="https://bugs.debian.org/871055">WNPP
-#871055</a>), and the package was uploaded into the NEW queue today.
-Luckily the gnuradio maintainer has promised to help me, as I do not
-know much about gnuradio stuff yet.</p>
-
-<p>I doubt this "IMSI cacher" is anywhere near as powerfull as
-commercial tools like
-<a href="https://www.thespyphone.com/portable-imsi-imei-catcher/">The
-Spy Phone Portable IMSI / IMEI Catcher</a> or the
-<a href="https://en.wikipedia.org/wiki/Stingray_phone_tracker">Harris
-Stingray</a>, but I hope the existance of cheap alternatives can make
-more people realise how their whereabouts when carrying a cell phone
-is easily tracked. Seeing the data flow on the screen, realizing that
-I live close to a police station and knowing that the police is also
-wearing cell phones, I wonder how hard it would be for criminals to
-track the position of the police officers to discover when there are
-police near by, or for foreign military forces to track the location
-of the Norwegian military forces, or for anyone to track the location
-of government officials...</p>
-
-<p>It is worth noting that the data reported by the IMSI-catcher
-script mentioned above is only a fraction of the data broadcasted on
-the GSM network. It will only collect one frequency at the time,
-while a typical phone will be using several frequencies, and not all
-phones will be using the frequencies tracked by the grgsm_livemod
-program. Also, there is a lot of radio chatter being ignored by the
-simple_IMSI-catcher script, which would be collected by extending the
-parser code. I wonder if gr-gsm can be set up to listen to more than
-one frequency?</p>
+ <div class="title"><a href="http://people.skolelinux.org/pere/blog/Facebooks_ability_to_sell_your_personal_information_is_the_real_Cambridge_Analytica_scandal.html">Facebooks ability to sell your personal information is the real Cambridge Analytica scandal</a></div>
+ <div class="date">21st March 2018</div>
+ <div class="body"><p>So, Cambridge Analytica is getting some well deserved criticism for
+(mis)using information it got from Facebook about 50 million people,
+mostly in the USA. What I find a bit surprising, is how little
+criticism Facebook is getting for handing the information over to
+Cambridge Analytica and others in the first place. And what about the
+people handing their private and personal information to Facebook?
+And last, but not least, what about the government offices who are
+handing information about the visitors of their web pages to Facebook?
+No-one who looked at the terms of use of Facebook should be surprised
+that information about peoples interests, political views, personal
+lifes and whereabouts would be sold by Facebook.</p>
+
+<p>What I find to be the real scandal is the fact that Facebook is
+selling your personal information, not that one of the buyers used it
+in a way Facebook did not approve when exposed. It is well known that
+Facebook is selling out their users privacy, but a scandal
+nevertheless. Of course the information provided to them by Facebook
+would be misused by one of the parties given access to personal
+information about the millions of Facebook users. Collected
+information will be misused sooner or later. The only way to avoid
+such misuse, is to not collect the information in the first place. If
+you do not want Facebook to hand out information about yourself for
+the use and misuse of its customers, do not give Facebook the
+information.</p>
+
+<p>Personally, I would recommend to completely remove your Facebook
+account, and take back some control of your personal information.
+<a href="https://www.theguardian.com/technology/2018/mar/19/how-to-protect-your-facebook-privacy-or-delete-yourself-completely">According
+to The Guardian</a>, it is a bit hard to find out how to request
+account removal (and not just 'disabling'). You need to
+<a href="https://www.facebook.com/help/224562897555674?helpref=faq_content">visit
+a specific Facebook page</a> and click on 'let us know' on that page
+to get to <a href="https://www.facebook.com/help/delete_account">the
+real account deletion screen</a>. Perhaps something to consider? I
+would not trust the information to really be deleted (who knows,
+perhaps NSA, GCHQ and FRA already got a copy), but it might reduce the
+exposure a bit.</p>
+
+<p>If you want to learn more about the capabilities of Cambridge
+Analytica, I recommend to see the video recording of the one hour talk
+Paul-Olivier Dehaye gave to <a href="">NUUG</a> last april about
+<a href="https://www.nuug.no/aktiviteter/20170404-big-data-psychometric/">
+Data collection, psychometric profiling and their impact on
+politics</a>.</p>
+
+<p>And if you want to communicate with your friends and loved ones,
+use some end-to-end encrypted method like
+<a href="https://www.signal.org/">Signal</a> or
+<a href="https://ring.cx/">Ring</a>, and stop sharing your private
+messages with strangers like Facebook and Google.</p>
projects / homepage.git / blobdiff