+ <div class="entry">
+ <div class="title">
+ <a href="http://people.skolelinux.org/pere/blog/When_terms_and_policy_turn_users_away.html">When terms and policy turn users away</a>
+ </div>
+ <div class="date">
+ 7th December 2019
+ </div>
+ <div class="body">
+ <p>When asked to accept terms of use and privacy policies that state
+it will to remove rights I otherwise had or accept unreasonable terms
+undermining my privacy, I choose away the service. I simply do not
+have the conscience to accept terms I have no indention of upholding.
+But how are the system and service providers to know how many people
+they scared away? Normally I just quietly walk away. But today, I
+tried a new approach. I sent the following email (removing the
+specifics, as I am not out to take the specific service in question)
+to the service provider I decided to not use, to at least give them
+one data point on how many users are unhappy with their terms:</p>
+
+<blockquote>
+From: Petter Reinholdtsen
+<br>Subject: When terms of use turn users away
+<br>To: [contact@some.site]
+<br>Date: Sat, 07 Dec 2019 16:30:56 +0100
+
+<p>Dear [Site Owner],</p>
+
+<p>I was eager to test the system, as it seemed like a fun and
+interesting application of [some] technology, but after reading the
+terms of use and privacy policy on <URL:
+https://www.[some.site]/terms-of-use > and <URL:
+https://www.[some.site]/privacy-policy > I want you to know that I
+decided to turn away. There were several provisions in the terms and
+policy turning me off, but the final term that convinced me was being
+asked to sign away my right to reverse engineer.</p>
+
+<p>--
+<br>Happy hacking
+<br>Petter Reinholdtsen</p>
+</blockquote>
+
+<p>I do not expect much to come out of it, but sharing it here in case
+others want to give something similar a try too. If companies
+discover their terms scare away enough people, perhaps they will be
+improved...</p>
+
+<p>As usual, if you use Bitcoin and want to show your support of my
+activities, please send Bitcoin donations to my address
+<b><a href="bitcoin:15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b">15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b</a></b>.</p>
+
+ </div>
+ <div class="tags">
+
+
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern</a>.
+
+
+ </div>
+ </div>
+ <div class="padding"></div>
+
+ <div class="entry">
+ <div class="title">
+ <a href="http://people.skolelinux.org/pere/blog/What_would_it_cost_to_store_all_2018_phone_calls_in_Norway_.html">What would it cost to store all 2018 phone calls in Norway?</a>
+ </div>
+ <div class="date">
+ 25th November 2019
+ </div>
+ <div class="body">
+ <p>Four years ago, I did a back of the envelope calculation on
+<a href="http://people.skolelinux.org/pere/blog/What_would_it_cost_to_store_all_phone_calls_in_Norway_.html">how
+much it would cost to store audio recordings of all the phone calls in
+Norway</a>, and came up with NOK 2.1 million / EUR 250 000 for the
+year 2013. It is time to repeat the calculation using updated
+numbers. The calculation is based on how much data storage is needed
+for each minute of audio, how many minutes all the calls in Norway
+sums up to, multiplied by the cost of data storage.</p>
+
+<p>The number of phone call minutes for 2018 was fetched from
+<a href="https://ekomstatistikken.nkom.no/">the NKOM statistics
+site</a>, and for 2018, land line calls are listed as 434 238 000
+minutes, while mobile phone calls are listed with 7 542 006 000
+minutes. The total number of minutes is thus 7 976 244 000. For
+simplicity, I decided to ignore any advantages in audio compression the
+last four years, and continue to assume 60 Kbytes/min as the last
+time.</p>
+
+<p>Storage prices still varies a lot, but as last time, I decide to
+take a reasonable big and cheap hard drive, and double its price to
+include the surrounding costs into account. A 10 TB disk cost less
+than 4500 NOK / 450 EUR these days, and doubling it give 9000 NOK per
+10 TB.</p>
+
+<p>So, with the parameters in place, lets update the old table
+estimating cost for calls in a given year:</p>
+
+<table border="1">
+<tr><th>Year</th><th>Call minutes</th><th>Size</th><th>Price in NOK / EUR</th></tr>
+<tr><td>2005</td><td align="right">24 000 000 000</td><td align="right">1.3 PiB</td><td align="right">1 170 000 / 117 000</td></tr>
+
+<tr><td>2012</td><td align="right">18 000 000 000</td><td align="right">1.0 PiB</td><td align="right">900 000 / 90 000</td></tr>
+
+<tr><td>2013</td><td align="right">17 000 000 000</td><td align="right">950 TiB</td><td align="right">855 000 / 85 500</td></tr>
+
+<tr><td>2018</td><td align="right">7 976 244 000</td><td align="right">445 TiB</td><td align="right">401 100 / 40 110</td></tr>
+</table>
+
+<p>Both the cost of storage and the number of phone call minutes have
+dropped since the last time, bringing the cost down to a level where I
+guess even small organizations can afford to store the audio recording
+from every phone call taken in a year in Norway. Of course, this is
+just the cost of buying the storage equipment. Maintenance, need to
+be included as well, but the volume of a single year is about a single
+rack of hard drives, so it is not much more than I could fit in my own
+home. Wonder how much the electricity bill would raise if I had that
+kind of storage? I doubt it would be more than a few tens of thousand
+NOK per year.</p>
+
+ </div>
+ <div class="tags">
+
+
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern</a>, <a href="http://people.skolelinux.org/pere/blog/tags/surveillance">surveillance</a>.
+
+
+ </div>
+ </div>
+ <div class="padding"></div>
+
+ <div class="entry">
+ <div class="title">
+ <a href="http://people.skolelinux.org/pere/blog/Teach_kids_to_protect_their_privacy___the_EDRi_way.html">Teach kids to protect their privacy - the EDRi way</a>
+ </div>
+ <div class="date">
+ 4th July 2019
+ </div>
+ <div class="body">
+ <p>Childs need to learn how to guard their privacy too. To help them,
+<a href="https://edri.org/">European Digital Rights (EDRi)</a> created
+a colorful booklet providing information on several privacy related topics,
+and tips on how to protect ones privacy in the digital age.</p>
+
+<p>The 24 page booklet titled Digital Defenders is
+<a href="https://edri.org/digital-defenders-help-kids-defend-their-privacy-around-europe">available
+in several languages</a>. Thanks to the valuable contributions from
+members of <a href="https://efn.no/">the Electronic Foundation Norway
+(EFN)</a> and others, it is also available in Norwegian Bokmål.
+If you would like to have it available in your language too,
+<a href="https://hosted.weblate.org/projects/efn/privacy4kids/">contribute
+via Weblate</a> and get in touch.</p>
+
+<p>But a funny, well written and good looking PDF do not have much
+impact, unless it is read by the right audience. To increase the
+chance of kids reading it, I am currently assisting EFN in getting
+copies printed on paper to distribute on the street and in class
+rooms. Print the booklet was made possible thanks to a small et of
+great sponsors. Thank you very much to each and every one of them! I
+hope to have the printed booklet ready to hand out on Tuesday, when
+<a href="https://www.nuug.no/>">the Norwegian Unix Users Group</a> is
+organizing <a href="https://wiki.nuug.no/sommerfest2019">its yearly
+barbecue for geeks and free software zealots in the Oslo area</a>. If
+you are nearby, feel free to come by and check out the party and the
+booklet.</p>
+
+<p>If the booklet prove to be a success, it would be great to get
+more sponsoring and distribute it to every kid in the country. :)</p>
+
+<p>As usual, if you use Bitcoin and want to show your support of my
+activities, please send Bitcoin donations to my address
+<b><a href="bitcoin:15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b">15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b</a></b>.</p>
+
+ </div>
+ <div class="tags">
+
+
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>, <a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern</a>.
+
+
+ </div>
+ </div>
+ <div class="padding"></div>
+
+ <div class="entry">
+ <div class="title">
+ <a href="http://people.skolelinux.org/pere/blog/Retten_til_kontant_betaling_er_en_rettighet_som_m__brukes_for___beholdes.html">Retten til kontant betaling er en rettighet som må brukes for å beholdes</a>
+ </div>
+ <div class="date">
+ 11th December 2018
+ </div>
+ <div class="body">
+ <p><a href="https://www.fn.no/Om-FN/Avtaler/Menneskerettigheter/FNs-verdenserklaering-om-menneskerettigheter">FNs
+menneskerettighetserklæring</a> artikkel 13 første punkt lyder som
+følger:</p>
+
+<p><blockquote>
+Enhver har rett til å bevege seg fritt og til fritt å velge
+oppholdssted innenfor en stats grenser.
+</blockquote></p>
+
+<p>Det er altså en menneskerett å kunne bevege seg fritt i landet.
+For å bevege seg fritt i landet, så må en kunne bevege seg uten å bli
+sporet. Det vil i dagens samfunn innebære å bevege seg uten å legge
+igjen digitale spor og uten å være radiomerket. Hvis en vet at ens
+bevegelser, hvor en befinner seg når, og hvem som befinner seg i
+nærheten, blir samlet inn og gjort tilgjengelig for fremmede, det være
+seg myndighetene eller private organisasjoner, så kan en ikke lenger
+bevege seg fritt. Dette gjør at det er en forutsetning for å ha glede
+av retten til å bevege seg fritt i landet at en motstår fristelsen til
+å legge igjen digitale spor når en betaler for seg. Rettigheter som
+ikke blir brukt, blir fjernet. Den eneste måten i dag å unngå å legge
+igjen digitale spor når en betaler for seg, er å betale med kontanter,
+samt takke nei til å legge igjen navn og adresse (slik f.eks. Elkjøp
+ber om — jeg sier de kan legge inn «anonym anonym» når
+datasystemet deres trenger et navn). Personlig anbefaler jeg å
+konsekvent bruke kontant betaling når man beveger seg rundt, for å
+bidra til forsvaret av menneskerettighetene i Norge. Kanskje noe også
+for deg? Merk at det ikke er tilstrekkelig for å unngå sporing å
+betale med kontanter, men det er et lite steg i riktig retning.</p>
+
+<p>Det er flere andre argumenter i tillegg til
+menneskerettighetsargumentet for å bruke kontanter. I går hadde
+Dagbladet en utmerket kommentar av sin journalist John Olav Egeland om
+hvilket
+<a href="https://www.dagbladet.no/kultur/kontantlost-diktatur/70543434">kontantløst
+diktatur</a> som venter oss hvis mange nok slutter å insistere på å
+betale med kontanter. Jeg anbefaler deg å lese den.</p>
+
+<p>Som vanlig, hvis du bruker Bitcoin og ønsker å vise din støtte til
+det jeg driver med, setter jeg pris på om du sender Bitcoin-donasjoner
+til min adresse
+<b><a href="bitcoin:15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b">15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b</a></b>.
+Merk, betaling med bitcoin er ikke anonymt. :)</p>
+
+ </div>
+ <div class="tags">
+
+
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/betalkontant">betalkontant</a>, <a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk</a>, <a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern</a>.
+
+
+ </div>
+ </div>
+ <div class="padding"></div>
+
+ <div class="entry">
+ <div class="title">
+ <a href="http://people.skolelinux.org/pere/blog/En_grunn_til___takke_nei_til_usikker_digital_post.html">En grunn til å takke nei til usikker digital post</a>
+ </div>
+ <div class="date">
+ 2nd April 2018
+ </div>
+ <div class="body">
+ <p>Brevpost er beskyttet av straffelovens bestemmelse som gjør det
+kriminelt å åpne andres brev. Dette følger av (ny) straffelovs
+<a href="https://lovdata.no/dokument/NL/lov/2005-05-20-28/§205">§ 205
+(Krenkelse av retten til privat kommunikasjon)</a>, som sier at «Med
+bot eller fengsel inntil 2 år straffes den som uberettiget ... c)
+åpner brev eller annen lukket skriftlig meddelelse som er adressert
+til en annen, eller på annen måte skaffer seg uberettiget tilgang til
+innholdet.» Dette gjelder såvel postbud som alle andre som har
+befatning med brevet etter at avsender har befatning med et lukket
+brev. Tilsvarende står også tidligere utgaver av den norske
+straffeloven.</p>
+
+<p>Når en registrerer seg på usikre digitale postkasseløsningene, som
+f.eks. Digipost og e-Boks, og slik tar disse i bruk, så gir en de som
+står bak løsningene tillatelse til å åpne sine brev. Dette er
+nødvendig for at innholdet i digital post skal kunne vises frem til
+mottaker via tjenestens websider. Dermed gjelder ikke straffelovens
+paragraf om forbud mot å åpne brev, da tilgangen ikke lenger er
+uberettiget. En gir altså fremmede tilgang til å lese sin
+korrespondanse. I tillegg vil bruk av slike usikre digitale
+postbokser føre til at det blir registrert når du leser brevene, hvor
+du befinner deg (vha. tilkoblingens IP-adresse), hvilket utstyr du
+bruker og en rekke annen personlig informasjon som ikke er
+tilgjengelig når papirpost brukes. Jeg foretrekker at det er
+lovmessig beskyttelse av min korrespondanse, som jo inneholder privat
+og personlig informasjon. Det bidrar til litt bedre vern av personlig
+integritet i dagens norske samfunn.</p>
+
+ </div>
+ <div class="tags">
+
+
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk</a>, <a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern</a>, <a href="http://people.skolelinux.org/pere/blog/tags/surveillance">surveillance</a>.
+
+
+ </div>
+ </div>
+ <div class="padding"></div>
+
+ <div class="entry">
+ <div class="title">
+ <a href="http://people.skolelinux.org/pere/blog/Facebooks_ability_to_sell_your_personal_information_is_the_real_Cambridge_Analytica_scandal.html">Facebooks ability to sell your personal information is the real Cambridge Analytica scandal</a>
+ </div>
+ <div class="date">
+ 21st March 2018
+ </div>
+ <div class="body">
+ <p>So, Cambridge Analytica is getting some well deserved criticism for
+(mis)using information it got from Facebook about 50 million people,
+mostly in the USA. What I find a bit surprising, is how little
+criticism Facebook is getting for handing the information over to
+Cambridge Analytica and others in the first place. And what about the
+people handing their private and personal information to Facebook?
+And last, but not least, what about the government offices who are
+handing information about the visitors of their web pages to Facebook?
+No-one who looked at the terms of use of Facebook should be surprised
+that information about peoples interests, political views, personal
+lifes and whereabouts would be sold by Facebook.</p>
+
+<p>What I find to be the real scandal is the fact that Facebook is
+selling your personal information, not that one of the buyers used it
+in a way Facebook did not approve when exposed. It is well known that
+Facebook is selling out their users privacy, but a scandal
+nevertheless. Of course the information provided to them by Facebook
+would be misused by one of the parties given access to personal
+information about the millions of Facebook users. Collected
+information will be misused sooner or later. The only way to avoid
+such misuse, is to not collect the information in the first place. If
+you do not want Facebook to hand out information about yourself for
+the use and misuse of its customers, do not give Facebook the
+information.</p>
+
+<p>Personally, I would recommend to completely remove your Facebook
+account, and take back some control of your personal information.
+<a href="https://www.theguardian.com/technology/2018/mar/19/how-to-protect-your-facebook-privacy-or-delete-yourself-completely">According
+to The Guardian</a>, it is a bit hard to find out how to request
+account removal (and not just 'disabling'). You need to
+<a href="https://www.facebook.com/help/224562897555674?helpref=faq_content">visit
+a specific Facebook page</a> and click on 'let us know' on that page
+to get to <a href="https://www.facebook.com/help/delete_account">the
+real account deletion screen</a>. Perhaps something to consider? I
+would not trust the information to really be deleted (who knows,
+perhaps NSA, GCHQ and FRA already got a copy), but it might reduce the
+exposure a bit.</p>
+
+<p>If you want to learn more about the capabilities of Cambridge
+Analytica, I recommend to see the video recording of the one hour talk
+Paul-Olivier Dehaye gave to <a href="">NUUG</a> last april about
+<a href="https://www.nuug.no/aktiviteter/20170404-big-data-psychometric/">
+Data collection, psychometric profiling and their impact on
+politics</a>.</p>
+
+<p>And if you want to communicate with your friends and loved ones,
+use some end-to-end encrypted method like
+<a href="https://www.signal.org/">Signal</a> or
+<a href="https://ring.cx/">Ring</a>, and stop sharing your private
+messages with strangers like Facebook and Google.</p>
+
+ </div>
+ <div class="tags">
+
+
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern</a>.
+
+
+ </div>
+ </div>
+ <div class="padding"></div>
+
+ <div class="entry">
+ <div class="title">
+ <a href="http://people.skolelinux.org/pere/blog/H__Ap__Frp_og_Venstre_g_r_for_DNA_innsamling_av_hele_befolkningen.html">H, Ap, Frp og Venstre går for DNA-innsamling av hele befolkningen</a>
+ </div>
+ <div class="date">
+ 14th March 2018
+ </div>
+ <div class="body">
+ <p>I går kom det nok et argument for å holde seg unna det norske
+helsevesenet. Da annonserte et stortingsflertall, bestående av Høyre,
+Arbeiderpartiet, Fremskrittspartiet og Venstre, at de går inn for å
+samle inn og lagre DNA-prøver fra hele befolkningen i Norge til evig
+tid. Endringen gjelder innsamlede blodprøver fra nyfødte i Norge.
+Det vil dermed ta litt tid før en har hele befolkningen, men det er
+dit vi havner gitt nok tid. I dag er det nesten hundre prosent
+oppslutning om undersøkelsen som gjøres like etter fødselen, på
+bakgrunn av blodprøven det er snakk om å lagre, for å oppdage endel
+medfødte sykdommer. Blodprøven lagres i dag i inntil seks år.
+<a href="https://www.stortinget.no/no/Saker-og-publikasjoner/Publikasjoner/Innstillinger/Stortinget/2017-2018/inns-201718-182l/?all=true">Stortingets
+flertallsinnstilling</a> er at tidsbegrensingen skal fjernes, og mener
+at tidsubegrenset lagring ikke vil påvirke oppslutningen om
+undersøkelsen.</p>
+
+<p>Datatilsynet har ikke akkurat applaudert forslaget:</p>
+
+<p><blockquote>
+
+ <p>«Datatilsynet mener forslaget ikke i tilstrekkelig grad
+ synliggjør hvilke etiske og personvernmessige utfordringer som må
+ diskuteres før en etablerer en nasjonal biobank med blodprøver fra
+ hele befolkningen.»</p>
+
+</blockquote></p>
+
+<p>Det er flere historier om hvordan innsamlet biologisk materiale har
+blitt brukt til andre formål enn de ble innsamlet til, og historien om
+<a href="https://www.aftenposten.no/norge/i/Ql0WR/Na-ma-Folkehelsa-slette-uskyldiges-DNA-info">folkehelseinstituttets
+lagring på vegne av politiet (Kripos) av innsamlet biologisk materiale
+og DNA-informasjon i strid med loven</a> viser at en ikke kan være
+trygg på at lover og intensjoner beskytter de som blir berørt mot
+misbruk av slik privat og personlig informasjon.</p>
+
+<p>Det er verdt å merke seg at det kan forskes på de innsamlede
+blodprøvene uten samtykke fra den det gjelder (eller foreldre når det
+gjelder barn), etter en lovendring for en stund tilbake, med mindre
+det er sendt inn skjema der en reserverer seg mot forskning uten
+samtykke. Skjemaet er tilgjengelig fra
+<a href="https://www.fhi.no/arkiv/publikasjoner/for-pasienter-skjema-for-reservasjo/">folkehelseinstituttets
+websider</a>, og jeg anbefaler, uavhengig av denne saken, varmt alle å
+sende inn skjemaet for å dokumentere hvor mange som ikke synes det er
+greit å fjerne krav om samtykke.</p>
+
+<p>I tillegg bør en kreve destruering av alt biologisk materiale som
+er samlet inn om en selv, for å redusere eventuelle negative
+konsekvenser i fremtiden når materialet kommer på avveie eller blir
+brukt uten samtykke, men det er så vidt jeg vet ikke noe system for
+dette i dag.</p>
+
+<p>Som vanlig, hvis du bruker Bitcoin og ønsker å vise din støtte til
+det jeg driver med, setter jeg pris på om du sender Bitcoin-donasjoner
+til min adresse
+<b><a href="bitcoin:15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b">15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b</a></b>.</p>
+
+ </div>
+ <div class="tags">
+
+
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk</a>, <a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern</a>, <a href="http://people.skolelinux.org/pere/blog/tags/surveillance">surveillance</a>.
+
+
+ </div>
+ </div>
+ <div class="padding"></div>
+
+ <div class="entry">
+ <div class="title">
+ <a href="http://people.skolelinux.org/pere/blog/Visualizing_GSM_radio_chatter_using_gr_gsm_and_Hopglass.html">Visualizing GSM radio chatter using gr-gsm and Hopglass</a>
+ </div>
+ <div class="date">
+ 29th September 2017
+ </div>
+ <div class="body">
+ <p>Every mobile phone announce its existence over radio to the nearby
+mobile cell towers. And this radio chatter is available for anyone
+with a radio receiver capable of receiving them. Details about the
+mobile phones with very good accuracy is of course collected by the
+phone companies, but this is not the topic of this blog post. The
+mobile phone radio chatter make it possible to figure out when a cell
+phone is nearby, as it include the SIM card ID (IMSI). By paying
+attention over time, one can see when a phone arrive and when it leave
+an area. I believe it would be nice to make this information more
+available to the general public, to make more people aware of how
+their phones are announcing their whereabouts to anyone that care to
+listen.</p>
+
+<p>I am very happy to report that we managed to get something
+visualizing this information up and running for
+<a href="http://norwaymakers.org/osf17">Oslo Skaperfestival 2017</a>
+(Oslo Makers Festival) taking place today and tomorrow at Deichmanske
+library. The solution is based on the
+<a href="http://people.skolelinux.org/pere/blog/Easier_recipe_to_observe_the_cell_phones_around_you.html">simple
+recipe for listening to GSM chatter</a> I posted a few days ago, and
+will show up at the stand of <a href="http://sonen.ifi.uio.no/">Åpen
+Sone from the Computer Science department of the University of
+Oslo</a>. The presentation will show the nearby mobile phones (aka
+IMSIs) as dots in a web browser graph, with lines to the dot
+representing mobile base station it is talking to. It was working in
+the lab yesterday, and was moved into place this morning.</p>
+
+<p>We set up a fairly powerful desktop machine using Debian
+Buster/Testing with several (five, I believe) RTL2838 DVB-T receivers
+connected and visualize the visible cell phone towers using an
+<a href="https://github.com/marlow925/hopglass">English version of
+Hopglass</a>. A fairly powerfull machine is needed as the
+grgsm_livemon_headless processes from
+<a href="https://tracker.debian.org/pkg/gr-gsm">gr-gsm</a> converting
+the radio signal to data packages is quite CPU intensive.</p>
+
+<p>The frequencies to listen to, are identified using a slightly
+patched scan-and-livemon (to set the --args values for each receiver),
+and the Hopglass data is generated using the
+<a href="https://github.com/petterreinholdtsen/IMSI-catcher/tree/meshviewer-output">patches
+in my meshviewer-output branch</a>. For some reason we could not get
+more than four SDRs working. There is also a geographical map trying
+to show the location of the base stations, but I believe their
+coordinates are hardcoded to some random location in Germany, I
+believe. The code should be replaced with code to look up location in
+a text file, a sqlite database or one of the online databases
+mentioned in
+<a href="https://github.com/Oros42/IMSI-catcher/issues/14">the github
+issue for the topic</a>.
+
+<p>If this sound interesting, visit the stand at the festival!</p>
+
+ </div>
+ <div class="tags">
+
+
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern</a>, <a href="http://people.skolelinux.org/pere/blog/tags/surveillance">surveillance</a>.
+
+
+ </div>
+ </div>
+ <div class="padding"></div>
+
+ <div class="entry">
+ <div class="title">
+ <a href="http://people.skolelinux.org/pere/blog/Easier_recipe_to_observe_the_cell_phones_around_you.html">Easier recipe to observe the cell phones around you</a>
+ </div>
+ <div class="date">
+ 24th September 2017
+ </div>
+ <div class="body">
+ <p>A little more than a month ago I wrote
+<a href="http://people.skolelinux.org/pere/blog/Simpler_recipe_on_how_to_make_a_simple__7_IMSI_Catcher_using_Debian.html">how
+to observe the SIM card ID (aka IMSI number) of mobile phones talking
+to nearby mobile phone base stations using Debian GNU/Linux and a
+cheap USB software defined radio</a>, and thus being able to pinpoint
+the location of people and equipment (like cars and trains) with an
+accuracy of a few kilometer. Since then we have worked to make the
+procedure even simpler, and it is now possible to do this without any
+manual frequency tuning and without building your own packages.</p>
+
+<p>The <a href="https://tracker.debian.org/pkg/gr-gsm">gr-gsm</a>
+package is now included in Debian testing and unstable, and the
+IMSI-catcher code no longer require root access to fetch and decode
+the GSM data collected using gr-gsm.</p>
+
+<p>Here is an updated recipe, using packages built by Debian and a git
+clone of two python scripts:</p>
+
+<ol>
+
+<li>Start with a Debian machine running the Buster version (aka
+ testing).</li>
+
+<li>Run '<tt>apt install gr-gsm python-numpy python-scipy
+ python-scapy</tt>' as root to install required packages.</li>
+
+<li>Fetch the code decoding GSM packages using '<tt>git clone
+ github.com/Oros42/IMSI-catcher.git</tt>'.</li>
+
+<li>Insert USB software defined radio supported by GNU Radio.</li>
+
+<li>Enter the IMSI-catcher directory and run '<tt>python
+ scan-and-livemon</tt>' to locate the frequency of nearby base
+ stations and start listening for GSM packages on one of them.</li>
+
+<li>Enter the IMSI-catcher directory and run '<tt>python
+ simple_IMSI-catcher.py</tt>' to display the collected information.</li>
+
+</ol>
+
+<p>Note, due to a bug somewhere the scan-and-livemon program (actually
+<a href="https://github.com/ptrkrysik/gr-gsm/issues/336">its underlying
+program grgsm_scanner</a>) do not work with the HackRF radio. It does
+work with RTL 8232 and other similar USB radio receivers you can get
+very cheaply
+(<a href="https://www.ebay.com/sch/items/?_nkw=rtl+2832">for example
+from ebay</a>), so for now the solution is to scan using the RTL radio
+and only use HackRF for fetching GSM data.</p>
+
+<p>As far as I can tell, a cell phone only show up on one of the
+frequencies at the time, so if you are going to track and count every
+cell phone around you, you need to listen to all the frequencies used.
+To listen to several frequencies, use the --numrecv argument to
+scan-and-livemon to use several receivers. Further, I am not sure if
+phones using 3G or 4G will show as talking GSM to base stations, so
+this approach might not see all phones around you. I typically see
+0-400 IMSI numbers an hour when looking around where I live.</p>
+
+<p>I've tried to run the scanner on a
+<a href="https://wiki.debian.org/RaspberryPi">Raspberry Pi 2 and 3
+running Debian Buster</a>, but the grgsm_livemon_headless process seem
+to be too CPU intensive to keep up. When GNU Radio print 'O' to
+stdout, I am told there it is caused by a buffer overflow between the
+radio and GNU Radio, caused by the program being unable to read the
+GSM data fast enough. If you see a stream of 'O's from the terminal
+where you started scan-and-livemon, you need a give the process more
+CPU power. Perhaps someone are able to optimize the code to a point
+where it become possible to set up RPi3 based GSM sniffers? I tried
+using Raspbian instead of Debian, but there seem to be something wrong
+with GNU Radio on raspbian, causing glibc to abort().</p>
+
+ </div>
+ <div class="tags">
+
+
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern</a>, <a href="http://people.skolelinux.org/pere/blog/tags/surveillance">surveillance</a>.
+
+
+ </div>
+ </div>
+ <div class="padding"></div>
+
+ <div class="entry">
+ <div class="title">
+ <a href="http://people.skolelinux.org/pere/blog/Datalagringsdirektivet_kaster_skygger_over_H_yre_og_Arbeiderpartiet.html">Datalagringsdirektivet kaster skygger over Høyre og Arbeiderpartiet</a>
+ </div>
+ <div class="date">
+ 7th September 2017
+ </div>
+ <div class="body">
+ <p>For noen dager siden publiserte Jon Wessel-Aas en bloggpost om
+«<a href="http://www.uhuru.biz/?p=1821">Konklusjonen om datalagring som
+EU-kommisjonen ikke ville at vi skulle få se</a>». Det er en
+interessant gjennomgang av EU-domstolens syn på snurpenotovervåkning
+av befolkningen, som er klar på at det er i strid med
+EU-lovgivingen.</p>
+
+<p>Valgkampen går for fullt i Norge, og om noen få dager er siste
+frist for å avgi stemme. En ting er sikkert, Høyre og Arbeiderpartiet
+får ikke min stemme
+<a href="http://people.skolelinux.org/pere/blog/Datalagringsdirektivet_gj_r_at_Oslo_H_yre_og_Arbeiderparti_ikke_f_r_min_stemme_i__r.html">denne
+gangen heller</a>. Jeg har ikke glemt at de tvang igjennom loven som
+skulle pålegge alle data- og teletjenesteleverandører å overvåke alle
+sine kunder. En lov som er vedtatt, og aldri opphevet igjen.</p>
+
+<p>Det er tydelig fra diskusjonen rundt grenseløs digital overvåkning
+(eller "Digital Grenseforsvar" som det kalles i Orvellisk nytale) at
+hverken Høyre og Arbeiderpartiet har noen prinsipielle sperrer mot å
+overvåke hele befolkningen, og diskusjonen så langt tyder på at flere
+av de andre partiene heller ikke har det. Mange av
+<a href="https://data.holderdeord.no/votes/1301946411e">de som stemte
+for Datalagringsdirektivet i Stortinget</a> (64 fra Arbeiderpartiet,
+25 fra Høyre) er fortsatt aktive og argumenterer fortsatt for å radere
+vekk mer av innbyggernes privatsfære.</p>
+
+<p>Når myndighetene demonstrerer sin mistillit til folket, tror jeg
+folket selv bør legge litt innsats i å verne sitt privatliv, ved å ta
+i bruk ende-til-ende-kryptert kommunikasjon med sine kjente og kjære,
+og begrense hvor mye privat informasjon som deles med uvedkommende.
+Det er jo ingenting som tyder på at myndighetene kommer til å være vår
+privatsfære.
+<a href="http://people.skolelinux.org/pere/blog/How_to_talk_with_your_loved_ones_in_private.html">Det
+er mange muligheter</a>. Selv har jeg litt sans for
+<a href="https://ring.cx/">Ring</a>, som er basert på p2p-teknologi
+uten sentral kontroll, er fri programvare, og støtter meldinger, tale
+og video. Systemet er tilgjengelig ut av boksen fra
+<a href="https://tracker.debian.org/pkg/ring">Debian</a> og
+<a href="https://launchpad.net/ubuntu/+source/ring">Ubuntu</a>, og det
+finnes pakker for Android, MacOSX og Windows. Foreløpig er det få
+brukere med Ring, slik at jeg også bruker
+<a href="https://signal.org/">Signal</a> som nettleserutvidelse.</p>
+
+ </div>
+ <div class="tags">
+
+
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/dld">dld</a>, <a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk</a>, <a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern</a>, <a href="http://people.skolelinux.org/pere/blog/tags/stortinget">stortinget</a>, <a href="http://people.skolelinux.org/pere/blog/tags/surveillance">surveillance</a>, <a href="http://people.skolelinux.org/pere/blog/tags/valg">valg</a>.
+
+
+ </div>
+ </div>
+ <div class="padding"></div>
+
+ <div class="entry">
+ <div class="title">
+ <a href="http://people.skolelinux.org/pere/blog/Simpler_recipe_on_how_to_make_a_simple__7_IMSI_Catcher_using_Debian.html">Simpler recipe on how to make a simple $7 IMSI Catcher using Debian</a>
+ </div>
+ <div class="date">
+ 9th August 2017
+ </div>
+ <div class="body">
+ <p>On friday, I came across an interesting article in the Norwegian
+web based ICT news magazine digi.no on
+<a href="https://www.digi.no/artikler/sikkerhetsforsker-lagde-enkel-imsi-catcher-for-60-kroner-na-kan-mobiler-kartlegges-av-alle/398588">how
+to collect the IMSI numbers of nearby cell phones</a> using the cheap
+DVB-T software defined radios. The article refered to instructions
+and <a href="https://www.youtube.com/watch?v=UjwgNd_as30">a recipe by
+Keld Norman on Youtube on how to make a simple $7 IMSI Catcher</a>, and I decided to test them out.</p>
+
+<p>The instructions said to use Ubuntu, install pip using apt (to
+bypass apt), use pip to install pybombs (to bypass both apt and pip),
+and the ask pybombs to fetch and build everything you need from
+scratch. I wanted to see if I could do the same on the most recent
+Debian packages, but this did not work because pybombs tried to build
+stuff that no longer build with the most recent openssl library or
+some other version skew problem. While trying to get this recipe
+working, I learned that the apt->pip->pybombs route was a long detour,
+and the only piece of software dependency missing in Debian was the
+gr-gsm package. I also found out that the lead upstream developer of
+gr-gsm (the name stand for GNU Radio GSM) project already had a set of
+Debian packages provided in an Ubuntu PPA repository. All I needed to
+do was to dget the Debian source package and built it.</p>
+
+<p>The IMSI collector is a python script listening for packages on the
+loopback network device and printing to the terminal some specific GSM
+packages with IMSI numbers in them. The code is fairly short and easy
+to understand. The reason this work is because gr-gsm include a tool
+to read GSM data from a software defined radio like a DVB-T USB stick
+and other software defined radios, decode them and inject them into a
+network device on your Linux machine (using the loopback device by
+default). This proved to work just fine, and I've been testing the
+collector for a few days now.</p>
+
+<p>The updated and simpler recipe is thus to</p>
+
+<ol>
+
+<li>start with a Debian machine running Stretch or newer,</li>
+
+<li>build and install the gr-gsm package available from
+<a href="http://ppa.launchpad.net/ptrkrysik/gr-gsm/ubuntu/pool/main/g/gr-gsm/">http://ppa.launchpad.net/ptrkrysik/gr-gsm/ubuntu/pool/main/g/gr-gsm/</a>,</li>
+
+<li>clone the git repostory from <a href="https://github.com/Oros42/IMSI-catcher">https://github.com/Oros42/IMSI-catcher</a>,</li>
+
+<li>run grgsm_livemon and adjust the frequency until the terminal
+where it was started is filled with a stream of text (meaning you
+found a GSM station).</li>
+
+<li>go into the IMSI-catcher directory and run 'sudo python simple_IMSI-catcher.py' to extract the IMSI numbers.</li>
+
+</ol>
+
+<p>To make it even easier in the future to get this sniffer up and
+running, I decided to package
+<a href="https://github.com/ptrkrysik/gr-gsm/">the gr-gsm project</a>
+for Debian (<a href="https://bugs.debian.org/871055">WNPP
+#871055</a>), and the package was uploaded into the NEW queue today.
+Luckily the gnuradio maintainer has promised to help me, as I do not
+know much about gnuradio stuff yet.</p>
+
+<p>I doubt this "IMSI cacher" is anywhere near as powerfull as
+commercial tools like
+<a href="https://www.thespyphone.com/portable-imsi-imei-catcher/">The
+Spy Phone Portable IMSI / IMEI Catcher</a> or the
+<a href="https://en.wikipedia.org/wiki/Stingray_phone_tracker">Harris
+Stingray</a>, but I hope the existance of cheap alternatives can make
+more people realise how their whereabouts when carrying a cell phone
+is easily tracked. Seeing the data flow on the screen, realizing that
+I live close to a police station and knowing that the police is also
+wearing cell phones, I wonder how hard it would be for criminals to
+track the position of the police officers to discover when there are
+police near by, or for foreign military forces to track the location
+of the Norwegian military forces, or for anyone to track the location
+of government officials...</p>
+
+<p>It is worth noting that the data reported by the IMSI-catcher
+script mentioned above is only a fraction of the data broadcasted on
+the GSM network. It will only collect one frequency at the time,
+while a typical phone will be using several frequencies, and not all
+phones will be using the frequencies tracked by the grgsm_livemod
+program. Also, there is a lot of radio chatter being ignored by the
+simple_IMSI-catcher script, which would be collected by extending the
+parser code. I wonder if gr-gsm can be set up to listen to more than
+one frequency?</p>
+
+ </div>
+ <div class="tags">
+
+
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern</a>, <a href="http://people.skolelinux.org/pere/blog/tags/surveillance">surveillance</a>.
+
+
+ </div>
+ </div>
+ <div class="padding"></div>
+
projects / homepage.git / blobdiff