Comment by armchairhacker
1 month ago
> The solution here shouldn't be technical; it should be legal.
I disagree. Solutions should be technical whenever possible, because in practice, laws tend to be abused and/or not enforced. Laws also need resources and cooperation to be enforced, and some laws are hard to enforce without creating backdoors or compromising other rights.
"ISPs will be prohibited from spying on their customers" doesn't mean ISPs won't spy on their customers.
We need more funding for open-source WiFi Sensing counter-measures, e.g. EU research, https://ans.unibs.it/projects/csi-murder/
> this paper addressed passive attacks, where the attacker controls only a receiver, but exploits the normal Wi-Fi traffic. In this case, the only useful traffic for the attacker comes from transmitters that are perfectly fixed and whose position is well known and stable, so that the NN can be trained in advance, thus the obfuscator needs to be installed only in APs or similar ‘infrastructure’ devices. Active attacks, where the attacker controls both the transmitter and the receiver are another very interesting research area, where, however, privacy protection cannot be based on randomization at the transmitter.
https://github.com/ansresearch/csi-murder/
> The experimental results obtained in our laboratory show that the considered localization method (first proposed in an MSc thesis) works smoothly regardless of the environment, and that adding random information to the CSI mess up the localization, thus providing the community with a system that preserve location privacy and communication performance at the same time.
There is no technical solution for this unless you want to invest billions/trillions in building new computing and networking platforms created with privacy in mind.
ISPs will always have the ability to at least deduce whether a connection was used, the MAC address, and it there is WiFi, unfortunately whether people are physically present.
If we look at the roadmap for WiFi/phones/etc, they will soon gain the ability to map out your home, including objects, using consumer radios.
"There is no technical solution for this"
This isn't really true. The easiest technical solution to the problem of ISPs using your wifi data is to simply use your own WiFi router which does not send the data to them.
They can still deduce this from the traffic patterns.
11 replies →
You can’t solve social problems with technical solutions. Technical solutions won’t work without some kind of legal backing to force it.
Sometimes mathematics and physics provide superior solutions than man-made laws. Encryption for example. It's better to make something impossible, than to have laws that are routinely ignored by law enforcement.
>You can’t solve social problems with technical solutions.
Sure, this has a fair amount of truth to it. However, security is not a social problem, it's an economic one. No one, not even the most well funded and skilled organizations like the NSA, has access to infinite resources. Whether a given attack/data harvesting effort costs $1 million, $10 thousand, $100, $1, or $0.01 makes an enormous difference in impact. Can a given three letter agency afford to spend $1m on anyone? Sure. Can they afford it against everyone? No. Same with private orgs, if harvesting data costs $10000/person, it has to generate well over that much money in profit to make it worth it. Is that likely on average? Probably not. If it costs fractions of a cent, then they will be incentivized to scale it as hard as possible, since payoff from even one person will cover thousands of duds.
So sure, by all means we should pursue laws too, as that also shifts costs a bit. But there is zero reason not to simultaneously pursue technical means to make costs as high as possible. Both tracks matter a lot.
I am really struggling to see the technical solution here. This isn’t a security question - security has already been lost. We’re talking about a device in a home that the owner doesn’t control, being able to monitor the presence of a person using either WiFi signals or device identifiers.
The obvious solution is to not use that device. But that’s not necessarily possible for a variety of reasons, not all of them controllable.
So, what is the technical solution to this? Anything that’s going to mask a persons RF signal is probably going to make WiFi difficult to use. Anything at the network level is already lost because we have a potentially hostile device in a critical point in the network path.
Am I missing a different solution?
1 reply →
It makes it much more difficult to be profitable if its illegal. This deters the majority of opportunists leaving only the dedicated criminals. And just like thief's people might understand why they steal no one sheds a tear when they go to prison.
And how do you technically stop an ISP from using the radio in their hardware to detect small changes in phase angle of signals in your home?
Own your own hardware is how.
Comcast cannot administer my router/AP or modem.
Some other ISP's like AT&T force you to use their gateway. I try and avoid these companies or severely limit the functions of the built in gateway.
And how do you force all consumers to buy their own privacy hardware?
Edit: sorry my question is not strictly how one person would mangle their hardware so it breaks presence detection, it’s how the tech industry would develop an at scale everyday consumer solution to this problem.
2 replies →
Some ISPs allow you to bring your own modem, so there wouldn't be any hardware other than your own and whatever they install to bring it into your home.
You attach large sacks of potatoes to the ceiling fans and lighting fixtures that are connected to strings and random timers to move them. The potato bags perfectly simulate human motion.
Every house should look like a party of 50.
Invest in potatoes
Disconnect and ground the antenna and supply your own equipment?
I thought we were talking about a solution that the tech industry could implement and deploy en masse to users, because it’s just, like TLS and browser standards. That’s usually what is being discussed when these give everyone privacy topics come up. The people that care enough to ground their antenna are already using their own hardware. And the ISP will deter hardware modification by charging you for damaged leased hardware. Or you’ll be in an arms race where the ISP’s firmware will flag the unit as defective because the radio doesn't work and cut off access till you fix it.
I guess you could put it in a cage. Maybe I should go door to door selling privacy cages. Do people pay for tinfoil hats these days?
2 replies →
When we find them spying on customers they will take it all the way to the supreme court where the definition of spying will be put the wringer and flushed of all actual meaning. Then the law will be struck because it violates the corporation's 1st amendment protections concerning 'free speech'. See also Citizen's United.
Technical and legal solutions are for different classes of problems.
Encryption is a technical solution trying to solve the problem of people being able to steal your data/money without your knowledge.
The law/police are the solution to the 5 dollar wrench problem, where you are very aware of the attack but unable to physically stop it
And the law can’t stop someone from using a $5 wrench before the harm is done…
I don’t expect the law to prevent the crime. Much like my comment you replied to, I recognize different tools are for different situations.
The law is there to enforce the “rule of law”
It’s a little ambiguous because the phrase is in English and doesn’t match up 1:1 with the common vernacular, but I want the “rule of law” to enforce that the rules are real, not to prevent someone from testing their existence
The legal part should be requiring a technical solution.
E.g. the you should be able to own your router and even if you choose to rent you should have full control over the software.
It might make it a bit harder to use the information obtained through spying, though. Both is good.