Google: 'Reverse Warrants' Becoming Law Enforcement's Go-To Investigative Tool
techdirt.comInstructions for deleting your location history and disabling location reporting on a Google account:
https://support.google.com/accounts/answer/3118687
It's unclear whether this is enough to prevent a geofence warrant from sweeping up your data.
For additional security, an Android user can stop using Google Play Services for geolocation. This can be done by disabling Google Play Services or switching to an Android distribution without Play Services, at the cost of slowing down the process of getting a location lock (since Play Services uses Wi-Fi and cell tower trilateration to accelerate this).
Another solution is to replace Play Services with microG, which allows you to use a selection of non-Google location providers for trilateration, including ones that work fully offline. Android distributions that pre-install microG include CalyxOS, LineageOS for microG, and /e/. Alternatively, DivestOS includes the location module of microG (UnifiedNlp) but not the other parts.
I suppose it's time to stop carrying tracking devices around with us everywhere we go.
I find it is always instructive to ponder how intelligence services or law enforcement had to work prior to the high technology we have these days.
If a government body wanted to know where you were - always, they would need to send a team to watch you.
This could be made much easier by recruiting a coworker or two, a neighbor or two, to keep an eye out if you did something other than what was expected.
Informants help scale the system.
If they wanted to know who you were contacting, they would need someone to tap your phone (in one way or another).
Your mail is easily intercepted and checked.
All of it would consume resource that were not endless. There were limits on how many people Stasi could watch at the same time, even with informers.
Now, nearly all of this can be done without any human resources being spent and truly little cost overall. It even worse retroactively. Where were you two years ago in December 12?
That would be hard to figure out for even a nation state in 1930. (Unless you were already being watched).
Now it is trivial.
It is available to the US, and all Western nations, as well as most nations at a certain technological level.
The US uses fragments of it to kill people on a regular basis. Without any bothersome judicial oversight.
I keep thinking that Stasi leaders would have continues orgasms if they had access to the tools that are available for a nation state now.
This. Just don’t bring the phone. I have a notebook for important things and a VHF radio for sailing. In the car I have a road atlas. The phone is moderately more convenient but it’s just not worth the cost.
With the documentation Snowden made available about the cooperation between Google (and others) and the national intelligence services I tend to doubt that such things are ever really deleted.
> They're called "warrants" but they can't possibly be supported by probable cause. Treating everyone in the area of a suspected crime as a criminal suspect until things can be sorted out inverts this concept.
This not a good faith analysis. Probable cause to make an arrest of a suspect is different for probable cause of a search.
Only the former requires probable cause to believe that a crime was committed and that the person in question committed it.
Probable cause for a search means probable cause to believe a crime was committed and that the area to be searched contains relevant evidence. It is the question of whether "there is a fair probability that contraband or evidence of a crime will be found in a particular place." Illinois v. Gates, 462 U.S. 213, 214 (1983).
If there was a murder in your neighborhood and your neighbor saw a random person digging a large hole in your back yard and putting a body bag in it, there would be probable cause to search your property without regard to whether you yourself were implicated as a suspect.
But there would not be probable cause to place GPS trackers on every car in the neighborhood, or wire taps on every phone. Tracking phones and capturing metadata or search results is not investigating the scene of a crime.
The source of the problem is the metrics and motivations are not aligned with keeping the population safe. It is more about self-serving the existence and growth of law enforcement.
The tech maxim: everything that can be used for evil will be used for evil.
Prior relevant discussion.
https://news.ycombinator.com/item?id=28266650 (23 Aug 2021)
It seems like it would be relatively easy to poison a geofenced area with a mountain of fake data during a crime.
the world governments are incidentally launching an attack on data holding enterprises. the danger of keeping data js rapidly becoming a bigger risk than it's value. this is both good because jt will rebalance how & where data is kept, but bad because the governments of the world are inhibiting the ability of companies to keep many classes of data at all. government is ruining computing in the cloud and there's nothing to stop it from ongoingly fucking it all up.
Stop using the cloud? Or maybe just stop worshiping it like it’s the answer to everything.
I once had a tech lead insist we take everything out of the cloud, and do it on our own bare metal.
People thought he was insane. But he did the math again and again: faster and cheaper.
Turned out really, really well.
Even in personal computing … do we really need the cloud for everything?
It's not even a case of stopping using the cloud entirely so much as be aware of all the trade-offs, calculate them as much as possible and make an educated choice which it sounds like your lead did.
The problem is that for many dev's who've been inculcated their entire careers with the mantra "cloud first" getting them to a point where they can accurately make an educated choice takes time.
Or to put it another way, the pendulum is currently swung way over towards "cloud everything".
I'm older than I suspect the average age is on here so I've lived in the "pre-cloud" and "cloud" world and can see the benefits (and drawbacks) of both.
The irony is that much of the work done to make things work in the cloud is directly applicable to running similar workloads on your own hardware if you want to (docker, things like minio as a random example) hell even Kubernetes.
I don't know, in my opinion, "cloud first" is becoming less popular during the last two years. The pendulum is swinging back.
If someone has been "inculcated their entire career" to be cloud-first, then their career is only six years old. Cloud-first hasn't been a viable solution for much longer than that.
For many endeavors these days, cloud-first will be the correct default choice. Get something up, min-max it later. For most devs, for most workloads, the cost of running a data center isn't worth it.
I've been building software since before the internet was a thing. I'm fairly certain this isn't a pendulum that will swing back the other way. It is a rising waterline.
> For most devs, for most workloads, the cost of running a data center isn't worth it.
This is complete bullshit. For most devs and most workloads, you don’t need a datacenter, you need a few servers with UPSes.
There is just a vast amount of ignorance that leads both devs and CTOs to pick cloud solutions without even trying. “Put it on the cloud” is the new “nobody got fired for buying IBM”. There are vanishingly small sets of cases where the flexibility of the cloud actually makes sense financially.
> I'm fairly certain this isn't a pendulum that will swing back the other way. It is a rising waterline.
It will when these companies need to start competing on margin.
"you need a few servers with UPSes" imagines a world where companies can responsibly maintain a reasonable computing environment independently. oh such optimism! refreshing!!
we are near to having a world where that might be reasonably possible & likely, thanks to the availability of off-the-shelf open-source broadscale diy cloud software like Kubernetes. but until today, few companies have been able to create & more challengingly maintain healthy points of presence that they can manage & run competently. there have long been offerings like Puppet and Chef & countless others to help a company try to maintain systems, but it's always been a picking of assorted pieces, a cobbling together of various concerns. rarely has running a couple boxes been a reasonably strong competency for most companies, as simple & elegant sounding as the idea may come off as.
and if you do have people with less than stellar, 100% self-hosting experience, they will have no where to go to learn & skill up. all the articles, all the focus today is on using cloud systems. when you're on your own you're on your own.
i do think we are nearing a new era, a new place, where running systems may be possible. but it's only because we have started to upscale & compete with what the cloud offers. we've begun to reconsider how most software is ran, & have advanced our collective skill, knowledge & systems to align towards more managable, coherent, modern practices. we've learned so much. but we're only just beginning to figure out how to deploy & run & keep running these private clouds. and anything less seems like an act certain to become a tragedy.
> It will when these companies need to start competing on margin.
i see the future as supply side driven, not, as posited here, demand side driven. running your own has usually been a barrier to competing, to keeping your talent focused on product & development. we've had no general access to good, strong, competent, robust, well used alternatives for running software, versus using the cloud & it's array of easy to latch onto, well maintained, affordable, pay per use, easy to scale cloud service. we have been gaining that rapidly with Kubernetes, with open source & even proprietary, assistive Cloud Native Computing Foundation & other software. we're just starting to work together, to have known quantities we can put into place.
the option of trying to cut cost, avoid the colossal Hyperscaler surcharges has been out there. but it has absolutely, per the parent, been radically in favor of not running shit yourselves. i strongly agree, "for most devs, for most workloads, the cost of running a data center isn't worth it," because there's been few good understandable deployable patterns for running software. Kubernetes marks an early beginning where we emerge from this tar pit. nothing else has come close to providing a solid base for computing alike this. i'd seen some decent Rancher Fleets in action, which came semi-close, but like many of the possibilities from >5 years ago, it was esoteric, known to few, hard to skill up in, fraught with unknown perils, and few could help you. the situation has just started changing, we have just started finding common shared practices for computing, where skills & expertise are exchangeable across systems, where newcomers to your business have some chance of following along, understanding, on their own, with the out of the box tools. without having to deeply dive into the particulars that you have used to cobble together your systems.
cobbling shit together is how things have gone, & it's a long term nightmare, as easy as it is to start. we're finally becoming better. but i'd still say, for most entities, it's too soon.
> then their career is only six years old.
So they definitely have the Senior Developer title and might even be the lead somewhere.
Pretty much.
I was a lead (or the equivalent since titles change) after 5 years way back in the day and I really shouldn't have been.
The thing is the job titles are pretty much meaningless as I've never worked two places that had similar criteria for what they considered junior, regular, senior, lead and in some places seniors are leads (if you only have 1 senior on a team of 8 they are a lead, if you have 6 seniors on a team of 8 and no lead then are they really senior and to who).
Other places promote on time served, so you are junior 2 years, regular dev for 2-3 years, senior after that.
It's one of the reasons when hiring I completely ignore their previous titles and look at what they actually did.
I've seen juniors who where at least equivalent to seniors in other places and "Seniors" who I wouldn't have hired as a junior.
My favourite title in my entire career (and it was my actual title) was "Code Monkey"[1], it got entered as a joke in the HR system and everything after that sort of followed on even my business cards (remember those?) said it (since company ordered them and did a mail merge from the HR system).
> My favourite title in my entire career (and it was my actual title) was "Code Monkey"[1], it got entered as a joke in the HR system and everything after that sort of followed on even my business cards (remember those?) said it (since company ordered them and did a mail merge from the HR system).
One company I worked at let people use whatever title they wanted, as long as it was in good taste, and it didn't imply a level of authority you didn't have. I never actually took advantage of that, but I kind of wish I had, just for the sake of having some hilarious business cards.
I'm gonna guess the career-savvy people just went with no-joke "senior software engineer" or "principal software engineer", because the easiest way to be hired as a senior/principal and get the associated salary bump is to already have that job title on CV from your previous job.
Sorta kinda. Most people just went with some variation on "software engineer," but I don't think anybody really inflated their title beyond what the norm would have been for their experience level.
Now that I've read what @noir_lord wrote about how it's helped a bit career-wise, I may go back and revise my title to "Code Slinger" or something. After all, given the policy, it's not like they can really call me on it. ;)
It actually worked to my advantage career wise.
Partners would get a chuckle out of it, then remember me when anything dev related came up which let me make really useful contacts I otherwise wouldn't have made.
What is life for if not to be whimsical occasionally.
> Do not take life too seriously. You will never get out of it alive. (Hubbard)
I knew a guy at Morgan Stanley who’s business card said ‘Tea Lady’
When I was working for the Danish government on several standardization projects (basically writing schemas and attending meetings with interested parties to work out syntax) me and a couple other guys chose the title 'XML Architect' as sort of nose-thumbing at the IT architecture division (unfortunately there are stories and reasons there that should probably be kept unshared)
> Stop using the cloud?
Is this not exactly what I just described as the problem? Governments ruining the ability to hold data safely in online locations? "Stop being an online services company" does not seem like a solution. Being able to provide online services & networks seems to power a vast amount of modernity.
A lot of downvotes on my post. But holy shit I have no idea how anyone can see this as anything else. The discussion seems ridiculously off target. The government is making the data-center untrustable: how is this at all debateable? How is this any better than the Chinese authoritarianism that plagues their intranet? In neither world are people free to think or communicate. This is obvious.
I agree with you, but I do believe there's a large cohort of people that either believe that data centers were never trustable, or they believe strongly against any kind of data collection so strongly that there is a hope everything will get pushed back out to user's devices.
Nothings stopping you from doing it voluntary.
When is it legitimate to "punch of Googler"?
I guess I support this for only "serious crimes". Probably best to limit it to violent crimes against citizens mostly for now (e.g. murder, etc), and then consider expanding it on a case-by-case basis.
It's a slippery slope situation. The same as how an invasive technology would first be used for the worst imaginable offenses that hardly no one would be opposed to. The critical thinkers would recognize the pattern that it's a foot in the door. Saying the ends justify the means in these cases unwittingly endorses the means used for other ends.
It's like saying "innocent until proven guilty" doesn't apply for serious accusations.
I don't carry my phone anywhere. However, I have it in a Faraday bag at all times, even a the place where I store it. No signals can get through a Faraday bag, so there is no tracking you. https://en.wikipedia.org/wiki/Faraday_cage
I never use my mobile phone, except rarely. Unfortunately, having a phone is becoming 100% mandatory. One cannot get financial services, for example, without a mobile phone. The companies will not accept you as a client. If I could get away with not having a mobile phone, I would never buy one. So I broke down and bought the least expensive mobile phone that I could a few months ago, paid the cheapest plan ($15/month), and keep it for those singular occasions where I need it. I need it maybe once every few months, and have to pay $50 for the phone, and $180 per year for the phone plan. Just to use it a few times a year.
Anyways, if you don't want to be tracked everywhere, get a Faraday bag and keep your phone in it all the time, except when you use it.