Tracking, Geolocation and Digital Exhaust

You are unique… In so many ways… The accounting systems on which modern society depends are surveillance systems when viewed with another lens. All administrative, financial, logistics, public heath, and intelligence systems rely on the ability to track people, objects, and data. Efficiency and effectiveness in tracking have been greatly aided by improvements in data analysis, computational capabilities, and greater aggregations of data. Advances in social network analysis, traffic analysis, fingerprinting, profiling, de-anonymization/re-identification, and behavioral modeling techniques have all contributed to better tracking capabilities. In addition, modern technological artifacts typically contain one or more unique hardware device identifiers. These identifiers—particularly in mobile devices, but also RFIDs, and soon Intelligent Vehicle-Highway Systems—are widespread, but also effectively unmodifiable and relatively unknown to most of their owners. For example, with mobile devices, each network interface (cellular, Bluetooth, WiFi) requires a minimum of one unique hardware identifier—all uniquely trackable. One hand, aggregating these unique identifiers allows services like Google, Skyhook, and others to associate geolocation data with WiFi access points and provide useful services. On the other hand, Samy Kamkar’s work described in Hack pinpoints where you live: How I met your girlfriend shows the potentially awkward and invasive side effects. ...

October 12, 2011

How and Why to Sniff Smartphone Network Traffic

Smartphone Network Connection Monitoring Tools for monitoring and modifying connections between web browsers and web servers are essential for debugging, testing, optimizing performance, and assessing vulnerabilities of web-based applications and native applications. Developers, security professionals, and anyone with an interest in gaining insight into the lower levels of web traffic commonly use these tools. There are many mature options for monitoring connections from desktop machines. Unfortunately, there are fewer tools to monitor connections on smartphones and these tools often require more complex configurations, as the monitoring software must run on a separate device. In this article, I present an overview of tools and methods for monitoring network connections on Smartphones including devices based on Apple’s iOS–iPhone, iPod Touch, iPad), Google’s Android OS, BlackBerry OS, and Symbian. This article focuses on inspecting HTTP and HTTPS traffic, although many of the tools and techniques described work equally well to analyze other protocols. ...

October 27, 2010

No Frills SSL Certificates are Inexpensive and Useful

SSL De Facto for Securing Connections SSL, short for Secure Socket Layer, is a cryptographic protocol for securing network traffic that is the de facto mechanism for securing transactions on the web and many other protocols including email (SMTP/IMAP/POP), IM (Jabber/XMPP), VoIP (SIP), and SSL-based VPNs. The topic of SSL certificates is a bit arcane, but the much of security of our everyday online purchases depends on SSL. Yet, fewer services use SSL than one might hope. It is possible to buy a basic no-frills SSL certificates from a universally accepted certificate authority very inexpensively–less than $15 a year–if you shop around. In most cases, it makes no sense to use a self-signed certificate, to purchase a certificate from a second tier provider, or to purchase a chained certificate. This article is a substantial revision of an article in Messaging News from a few years ago. I receive some requests for an update and have also found an even more inexpensive provider in the meantime, which make the update worthwhile. ...

September 1, 2010

Why Pinboard is My Favorite Bookmarking Service

Pinboard is a bookmarking service that allows you to easily save, tag, annotate, share, and archive bookmarks independent of your browser. Pinboard describes itself as “antisocial bookmarking,” which highlights its capabilities as a private and personal archiving tool compared to the social features offered by Yahoo’s Delicious service. I find Pinboard a simple, fast, and reliable way for me to save bookmarks and archive web pages for future reference. I have been happily using the service for nearly five months (Update a year) and recommend it highly. ...

June 25, 2010

iPhone Screenshot and Photo Smart Album Hack

I take a lot of screenshots when I research products, both on the desktop and on the iPhone, so having some way to automate organizing my collection is important. The problem is that screenshots images taken with the iPhone have no EXIF metadata. This means there is no straightforward way to produce a list of all your screenshots. After a little bit of experimentation, I found a workable but not ideal solution. You can use the lack of EXIF metadata as conditions to group all the images. Screenshots are saved as PNG files on the original iPhone and the iPhone 3GS (the two models I had access to) and have no EXIF records. The only other metadata fields available are filename, file size, and modified, and imported dates. The PNG extension for the filename is the one existing feature you can search for, all others have to be unknown. I selected two features aperture and ISO, even though one would work in the hopes that this would reduce any false positives. ...

June 4, 2010

Great iPhone and iPad Apps for Reading and Sharing Docs

Instapaper, Dropbox, GoodReader, and Simplenote are my favorite applications for reading, writing, and sharing documents on the iPhone and the iPad. I have used each application for more than six months and I highly recommend all of them. Instapaper The Instapaper application makes it simple and pleasant to read lengthy articles on your mobile device. Instapaper is optimized for the type of articles where you find yourself starting in your browser and thinking, “I’d rather read this later”. The application automatically loads any new content from the Instapaper Web service, which reformats Web pages for small screens and strips away unnecessary elements. The service provides an experimental option to save pages formatted for the Kindle as well. ...

May 19, 2010

Preparing Your Site for the iPad

The Apple iPad does an excellent job of displaying most web sites. However, there are a few obstacles you may want to avoid. There are also a few customizations that will make your site look even better on the iPad. I will summarize the most important issues you should start to plan for and the differences between the iPad browser, the iPhone browser, and desktop browsers. As an added benefit, most improvements made for the iPad will also benefit users with an iPhone or an iPod Touch. There is list of resources to find more information and a list of tools to help you test your site at the end of the article. ...

April 9, 2010

Smartphone Phishing Protection Needs Improvement

Recent versions of desktop Web browsers and email clients feature phishing and malware protection in addition to improved security notifications and indicators. Unfortunately, many of these improvements have not reached their mobile device counterparts. While the patterns of use and the threat model for Web browsing and email on mobile devices differ from desktop applications, as smartphones become more capable they present an increasingly attractive target. Institutions and services that wish to protect their mobile user base should seriously consider server-based filtering for both email and Web content on mobile devices. Currently, it is difficult–to nearly impossible–to verify the authenticity of email messages and the destination of hyperlinks on many common smartphones. ...

March 26, 2010

Simple Package Tracking with TrackMyShipments

The web-based interfaces offered by the shipping services allow you to schedule shipments, manage billing, store addresses, and track packages online. Some third-party services offer simplified interfaces and allow you to track shipments from multiple shipping carriers at once. Still, the process of entering multiple tracking numbers into multiple services can be cumbersome. I prefer the email-based input method used by the TrackMyShipments service. TrackMyShipments is an email-based online package tracking service I used for more than year and half to as a streamlined method to track packages. TrackMyShipments takes advantage of the fact that you already have the tracking numbers sent to you in email. I wrote about another email based interface in my review of how TripIt Shows the Value of Combining Email, Web and APIs. The signup process is very quick. After registration, you simply forward an email messages with tracking numbers to track@trackmyshipments.com and the service will send you a notification when the shipping status of you package changes. ...

November 19, 2009

New Directions in Push Notifications for PC's, Phones, and the Web

For the Internet connected population, the problems of access to information have long shifted from limited availability of information to problems of narrowing down the flood of relevant information to a manageable amount. Filters have become increasingly sophisticated, but timely, relevant, and unobtrusive display notifications for the information we want are still a work in progress. This article explores recent developments in notifications for desktop clients, mobile phones, and Web applications. Notifications range from the mundane “Your backup is finished” or “Someone just responded to your column online” to the important “Your flight is delayed and has a new gate” to the urgent “A large out of state jewelry purchase just appeared on your credit card” or “Your corporate mail server and primary database are offline.” Many of these recent developments are very much in the experimental stage, but are clearly leading to important changes in how we receive information. For those willing to tinker a bit, the new capabilities are impressive. ...

September 11, 2009