Reverse location search warrants

Google collects and retains location data from Android-enabled mobile devices when a Google account user has enabled Google location services. The company uses this information for location-based advertising and location-based search results. This information is derived from GPS data cell site/cell tower information, and Wi-Fi access points… It is probable that the unknown suspects of this investigation had cellular telephones which utilized either Google’s Android or Apple iOS operating systems.

Like all evidence, there is potential for issues when the collectors are not scrupulous.

  1. Location services might be turned off. Really, if you don’t have a need, then it should be turned off. And, they tend to drain the battery, so turning it off would mean less frequent recharging.
  2. Location services might not be precise. Several apps work on geofencing. The concept being that if a phone enters a certain location, then do something. As examples, I have something that will silence my phone when I get to work. Initially, I set it for not much wider than the building, but it often didn’t run. After a few iterations of expanding the area, it is now about a quarter mile wide and seems to be consistent now.
  3. Device Identities. My wife let the stepson borrow her phone to play a game. He signed into Google on the Android device. While she signed back into her account, somehow she still got his Google Hangouts messages until she replaced the device. Google might report both of them being at the phone’s location if Hangouts provides location information.

Manychat API and suspicious Fb chat

16782102211_f64ede5b60_o
“apolitik_Magritte” by ApolitikNow is licensed under CC BY-NC 2.0

A friend’s Facebook account sent a message with a video link titled, “When was this video?” My hackles were raised because:

  1. I rarely get messages from this person.
  2. It reminded me of the Is This You video Facebook Messenger virus.

If you clicked on either, then go to the link on #2 to get advice on kicking off the program with access to your account.

I grabbed the link, https://mnch.at/r?act=48a93ac45jkbhf455465548bc&u=236764556620374&p=112045350166462&h=c2446617ed and had wget download the content safely. It took a couple iterations having it ignore the SSL mismatch and supply a “valid” browser user-agent.

It looks like this new to me version uses a Web Bot service called Manychat to propagate. mnch.at is a short DNS name for it. That posts to the /r URI with the act variable. That redirects to Facebook. Unfortunately, the Facebook HTML is obtuse to read, so I stopped here. I miss the days of hackers using simple HTML on compromised web servers.

Being able to host it in Facebook makes it more difficult to discover what they are doing.

If you go to manychat.com/r, then it has a redirect to send your browser to Facebook. I’m thinking the hackers are exploiting the trust of manychat to get a way to come to Facebook in a way that looks natural to tools looking to block malicious traffic. Sneaky.

Celebrity Death Bump

Me with a Vulcan at the Las Vegas Star Trek Experience
Star Trek Experience Re-opening in May

When a formerly popular musician dies, I suddenly see a bunch of people posting in social media about them. They come back into the consciousness. And, many people are suddenly listening to the music again. Today it was Eddie Money. But, I’ve seen this trend for most.

I bet it means more sales and listens on streaming services. (For movie stars streaming their movies or sale. For authors more book sales.) In which case, it is good for the owner of the music as they make money off them. I guess the estate benefits from this renewed attention.

Which is crazy to me. I wonder if any of these deaths were tied to financial insolvency? And could have been prevented by getting the same amount of attention while still alive?

It seems sad that we only remember many of these people at their death. Why don’t we remember them in their life?

15 days of fame

Screenshot 2019-09-03 11.03.37 Looks like the storm of visitors to this blog looking for information on that fake video circulating Facebook is over. Most of the searches were for the hostname of the server which I happened to mention in the post. Which, I guess put me to the top of the search results.

One individual found me on Facebook and accused me of being the creator of the video because I mentioned it on my blog. Of course, I had her read the blog post for help addressing her account to getting the hacker’s session kicked out and securing it.

Primed

Someone posted a video of a really long Chick-Fil-A drive thru line. The comment was Popeyes was getting to CFA.

It made me wonder if given the Popeyes running out created a pop in CFA business. If people primed themselves for a chicken sandwich, went to a place who was out, then they are more likely to go to another place with a chicken sandwich. Could these shortages create a bump in business for competitors?

Supposedly there is a beef between the two chicken chains. It would be hilarious if one inadvertently helped the other.