Reverse location search warrants

Google collects and retains location data from Android-enabled mobile devices when a Google account user has enabled Google location services. The company uses this information for location-based advertising and location-based search results. This information is derived from GPS data cell site/cell tower information, and Wi-Fi access points… It is probable that the unknown suspects of this investigation had cellular telephones which utilized either Google’s Android or Apple iOS operating systems.

Like all evidence, there is potential for issues when the collectors are not scrupulous.

  1. Location services might be turned off. Really, if you don’t have a need, then it should be turned off. And, they tend to drain the battery, so turning it off would mean less frequent recharging.
  2. Location services might not be precise. Several apps work on geofencing. The concept being that if a phone enters a certain location, then do something. As examples, I have something that will silence my phone when I get to work. Initially, I set it for not much wider than the building, but it often didn’t run. After a few iterations of expanding the area, it is now about a quarter mile wide and seems to be consistent now.
  3. Device Identities. My wife let the stepson borrow her phone to play a game. He signed into Google on the Android device. While she signed back into her account, somehow she still got his Google Hangouts messages until she replaced the device. Google might report both of them being at the phone’s location if Hangouts provides location information.

Manychat API and suspicious Fb chat

16782102211_f64ede5b60_o
“apolitik_Magritte” by ApolitikNow is licensed under CC BY-NC 2.0

A friend’s Facebook account sent a message with a video link titled, “When was this video?” My hackles were raised because:

  1. I rarely get messages from this person.
  2. It reminded me of the Is This You video Facebook Messenger virus.

If you clicked on either, then go to the link on #2 to get advice on kicking off the program with access to your account.

I grabbed the link, https://mnch.at/r?act=48a93ac45jkbhf455465548bc&u=236764556620374&p=112045350166462&h=c2446617ed and had wget download the content safely. It took a couple iterations having it ignore the SSL mismatch and supply a “valid” browser user-agent.

It looks like this new to me version uses a Web Bot service called Manychat to propagate. mnch.at is a short DNS name for it. That posts to the /r URI with the act variable. That redirects to Facebook. Unfortunately, the Facebook HTML is obtuse to read, so I stopped here. I miss the days of hackers using simple HTML on compromised web servers.

Being able to host it in Facebook makes it more difficult to discover what they are doing.

If you go to manychat.com/r, then it has a redirect to send your browser to Facebook. I’m thinking the hackers are exploiting the trust of manychat to get a way to come to Facebook in a way that looks natural to tools looking to block malicious traffic. Sneaky.

Celebrity Death Bump

Me with a Vulcan at the Las Vegas Star Trek Experience
Star Trek Experience Re-opening in May

When a formerly popular musician dies, I suddenly see a bunch of people posting in social media about them. They come back into the consciousness. And, many people are suddenly listening to the music again. Today it was Eddie Money. But, I’ve seen this trend for most.

I bet it means more sales and listens on streaming services. (For movie stars streaming their movies or sale. For authors more book sales.) In which case, it is good for the owner of the music as they make money off them. I guess the estate benefits from this renewed attention.

Which is crazy to me. I wonder if any of these deaths were tied to financial insolvency? And could have been prevented by getting the same amount of attention while still alive?

It seems sad that we only remember many of these people at their death. Why don’t we remember them in their life?

15 days of fame

Screenshot 2019-09-03 11.03.37 Looks like the storm of visitors to this blog looking for information on that fake video circulating Facebook is over. Most of the searches were for the hostname of the server which I happened to mention in the post. Which, I guess put me to the top of the search results.

One individual found me on Facebook and accused me of being the creator of the video because I mentioned it on my blog. Of course, I had her read the blog post for help addressing her account to getting the hacker’s session kicked out and securing it.

Primed

Someone posted a video of a really long Chick-Fil-A drive thru line. The comment was Popeyes was getting to CFA.

It made me wonder if given the Popeyes running out created a pop in CFA business. If people primed themselves for a chicken sandwich, went to a place who was out, then they are more likely to go to another place with a chicken sandwich. Could these shortages create a bump in business for competitors?

Supposedly there is a beef between the two chicken chains. It would be hilarious if one inadvertently helped the other.

Birthright Citizenship

Photo of me by Wesley Abney
Photo of me by Wesley Abney

Since 2015, the idea of ending birthright citizenship has been on my radar. Those favoring anti-immigration, view the bestowal of citizenship on children of foreign citizens as a problem. In their mind, pregnant women are invading the United States specifically to have children and force the country to keep the parents. (It may delay, but the parents are still deported and the children either go with them or stay with a relative in the US.) I guess they think of birthright citizenship as a loophole to encouraging or allowing undesirable immigration.

I am thinking about it because of the PotUS talking yet again about ending birthright citizenship through an executive order. Well, he’s probably echoing Stephen Miller again. The 14th amendment’s section 1 is what created it.

Amendment XIV
Section 1.
All persons born or naturalized in the United States, and subject to the jurisdiction thereof, are citizens of the United States and of the state wherein they reside. No state shall make or enforce any law which shall abridge the privileges or immunities of citizens of the United States; nor shall any state deprive any person of life, liberty, or property, without due process of law; nor deny to any person within its jurisdiction the equal protection of the laws.

The original intent was to make African-Americans citizens in a way that could not be legislated away by the Southern states. Prior to this, we were in the North but not in the South. It established across the board that we are.

The legal principle is called jus soli which means “right of the soil.” It primarily is something that exists in Western countries only restricting it from people who are working for a foreign government. The US Supreme Court allows the denying of it to foreign diplomats or enemy forces occupying our territory. The current issue has not been tested, so I wonder if this executive order is really to set up that test with a court more friendly to the idea of ending it.

The alternative is jus sanguinis which means “right of blood.” Citizenship is determined by the nationality of one or both parents (or permanent residency). This is what got the paranoid-schizophrenic diabetic man deported to Iraq where he had never lived. He was born in Greece who did not have birthright citizenship, so his was Iraqi. He grew up in the US, so he only spoke English. When the US deported him, he was sent to Iraq where he knew no one, had no access to medication, and soon died. Countries are moving towards restricted birthright citizenship to solve this problem of statelessness.

There is also restricted jus soli where a child born of a permanent resident for some time gains citizenship at birth or at a certain age. The United Kingdom, for example, has jus sanguinis but allows the children of legal immigrant settlers to become citizens at birth or upon the 10th birthday. Greece now allows the acquisition of citizenship by children if they attend school in the country for several years, but only 22% of applications are approved.

I guess this last is something to worry about in that whatever the new system is designed to be, the Devil is in the details. As it is, the rumored executive order is either FUD to open immigration advocates or a blessing to anti-immigration advocates.

A Dunbar model in social media

This made me wonder about the possibilities of a better model.

Fifteen years into the Facebook era, it’s well established that people aren’t actually friends with the hundreds or thousands of Facebook friends they may have. They couldn’t be if they tried—research has found that there seems to be a limit to the number of social connections a human brain can manage. Robin Dunbar, an anthropologist at the University of Oxford, is the most famous proponent of this theory, and his estimate of 150—known as “Dunbar’s number”—is often cited as the (approximate) number of casual friends a person can keep track of. There are different Dunbar numbers for different levels of closeness—concentric circles, if you will. The smallest circle, of five friends, consists of someone’s most intimate friendships. One can keep track of 15 close friends, and 50 pretty close friends. Expanding out from the 150 casual friends, this research suggests that the brain can handle 500 acquaintances, and 1,500 is the absolute limit—“the number of faces we can put names to,” Dunbar writes.

I’ve mentally categorized them as:

  1. Must Friends (support clique) : 5 people : a best friend, a member of your inner circle, a person you count on when something big happens in your life
  2. Trust Friends (sympathy group) : 15 people : a friend who shows integrity, someone you feel comfortable with, that you’re always glad to see, but not in your inmost circle; perhaps someone you’d like to be closer to if you had the time or opportunity
  3. Rust Friends (close friends) : 50 people : a person you’ve known for a long, long time; you’re probably not going to get any closer to that person unless something changes, but a part of your life
  4. Just Friends (casual friends) : 150 people : a person you see — at a weekly poker game, at your child’s school — who is enjoyable company, but you have no desire to socialize outside a specific context or to get to know that person better
  5. Acquaintances : 500 people
  6. Facial Recognition : another 780 (bringing total up to 1,500)

The Facebook algorithm is already looking for how much we engage with individuals in order to decide which content to show us on the Newsfeed. By deciding which people are important to us, they are in effect, modeling the Dunbar theory for us. Just in the shadows without allowing us to veto or decide on it. Well, sort of, we have the options for “Close Friends” and “Acquaintances” which seem to be taken from Dunbar albeitly at the wrong levels.

It seems plausible that Facebook could formalize the model further by just adding three more levels. They could automatically mark people based on their interpretation of our behavior with the person. And then also allow us to override it by changing the mark. That could help Facebook understand our idealized state of the relationship to better improve the Newsfeed. People leave the service because of frustrations about what they see. For some, that is too much about acquaintances and not enough about close friends. (The algorithms are showing unwanted content based on misunderstanding the individual, who doesn’t understand how to like the correct things to optimize the Newsfeed.)

Then again, I am probably one of the few Homo Roboticus using social media who would appreciate this. Most people probably would find it overwhelming.

Fb Messenger virus

Got a message from a coworker that suggested I was in a video. Naturally, I am supposed to click on it, but it felt wrong. A quick Duck Duck Go search revealed it to be a virus.

If you think a virus was installed on your device, then my advice is to find a trusted anti-virus software to scan your computer. There are also malware apps to scan & protect your phone. Some carriers offer them for free.

Some reports suggest if you click on it, then you get a Facebook login page.

Only, it is not a real one and designed to capture your credentials. That gives another party your credentials so that they can:

  1. send this out as messages to your contacts
  2. capture more information from your account

If you fell for the 2nd login issue, then my advice is to:

  1. Immediately change your password.
  2. Kick off all sessions in the “Security and Login” page. There is a “Log Out Of All Sessions” option.
  3. Also in the security section, setup two-factor authentication.
  4. Turn on getting alerts about unrecognized logins.

Of all the things I can report, I cannot report this?

It seems like Facebook should be able to detect this virus or phishing by now. What I can see of the link goes to a Facebook server: si-chao.cstools.facebook.com  So, at least the link to virus/phishing is on their servers enough that they could check for its presence.

The person who sent it me says the account was locked out for 24 hours for behaving suspiciously. The act of sending hundreds of messages in a few seconds alerted Facebook to automated behavior. So, these are accounts they could be checking for being compromised.

Juggling Social Roles in Social Media

Browncoat (from show Firefly) polo
Juggling the dual role of worker bee and geek by wearing a business casual geek shirt

Sociology has a concept of us holding multiple social roles. At home, I am both a husband and a father. With relatives, I am a son, nephew, or cousin. At work, I am a supervisee, mentor, subject matter expert, or organization historian. Things get a bit more undefined out in the wider world, but I hold social roles out there too.

Each of these social roles vary in the expectations of behavior. So, our behavior may vary depending on which role we are occupying at a given time. And, even more interesting is when we have to juggle multiple social roles AT THE SAME TIME for the first time. The more experience we attain at doing something, the better we get at figuring out the constraints and minefields in a situation.

The human brain devotes a large amount of processing to managing the information about the behavior of others to determine trust. And also ensuring our own behaviors are trustworthy. (You’ve read my prior stuff on Dunbar, right? 1, 2)

Perhaps part of the stress inducing nature of social media is the mixing of these social roles? A giant social network like Facebook means having a variety of relatives, coworkers, and friends mixing in the same spaces. People who come from different backgrounds, political viewpoints, education levels, interests, and levels of restraint. Navigating all this probably generates a ton of stress.

If so, then we need more segmentation.

  1. Limit coworkers to more work appropriate social networks like LinkedIn.
  2. Join topic groups and post content related to it there. To talk about politics, join groups that discuss it. (Be careful to avoid echo chamber groups.)
  3. A private place to discuss more openly with friends. Maybe a private twitter account, a private Facebook group, group chat, etc.
  4. A private place to discuss more openly with family.

Tech drains English of meaning

9576229065_4844cf7b53_o
Alien ‘word’. Actually explaining the three kinds of quotes and Linux sensitivity. by Ezra S F

Semantic Drain and the Meaninglessness of Modern Work makes an interesting point that a problem with knowledge management work is that much of is filler work without a fulfilling purpose. I was far more stressed as the university webmaster than as a database administrator. The webmaster job was highly subjective with people getting upset about the tiniest of minutia that almost no one would notice. “Move this 5 pixels to the left.” “The color in the logo is FF0202 when it should be FF0303.”

Semantic drain in this context is about the pervasiveness of jargon and how it is inventing new insider terminology for concepts that already exist. I really liked the discussion about “content” for the author became to to mean text one-way communication that has no value. It is less than journalism. A content specialist is someone who creates useless drivel.

It goes on to talk about the difficulty in seeing the end product of knowledge work. One of the things I like about working in database and application administration is having a better sense about how what I do affects others. Living in a college town and running a computer system college students use, I ran into people all the time who were impacted by my work. True, it is a lot more abstract than a plumber, but it is no more abstract than a widget maker. I should visit the Georgia Archives more so that I can better relate and understand the meaning of my work with their systems.