That code eventually got a big fancy "forensics" UI wrapped around it with a bunch of other functionality such as logging the process, and it got sold for $1k / copy. It would sell upwards of 80 copies at a time in a single batch. It was very profitable (though I personally did not see much of that profit).
I always felt very uneasy about it and I stopped developing that line of software even though at this point I could get ~50% of the profit if I were to continue it. I had no idea what it was actually being used for all of the time and I had no way to find out. I do know however that some of the time it was used for good, to catch people distributing child pornography and so forth, however I don't know what percentage of the time it was used for that kind of thing, and I'm also aware that that is the justification that is used for a lot of surveillance. Philosophically I believe in counter-survelliance more than surveillance, because I'm pro privacy and pro citizen empowerment rather than the other way around, I think the balance of power has gotten out of whack as this article nicely illustrates.
Tools like yours (cracked/warez - even a $100 bar was impossible for a schoolkid in late '90s/early '00s Russia, not to say about $1K+ price points) and articles on filesystem internals had helped me to recover my own data from drive failures a couple of times. So, thank you.
And I really believe that would've anyone taken a possession of my notes and inspected them with a magnifying glass - the problem would be anything (me leaving the notes, someone taking the notes, ...) but that someone made the glass.
When engineering and philosophy are divorced, bad things happen.
Unfortunatelly that may not even be enough. Intelligence doesn't have morals, and when it is employed with a predatory mindset, there may not be escape for the "prey" without a fight.. The arms race may be a mechanism of evolotion. You either accept it, or dissapear..
You wont find any data recovery software that does a more thorough scan than that, even though it was written in 2004 or so and has been barely modified since. I spent years writing it, in C, so it ended up highly optimized. In forensics mode it scans a drive byte-by-byte, and it assumes each byte is the start of a file of the 100 or so filetypes that it supports, and it maintains that assumption until it is proven to be false as it goes deeper into that file's data. That way it really shouldn't miss anything. It also transparently UUDecodes, unzips, and otherwise decodes data on the fly as to extract file contents under as many conditions as possible. It uses linked lists to maintain its memory of what files are where until it dumps out its buffer as output files, and it uses binary searches and threads to speed up. All in all it's about 1000 lines of code, though I really don't think that anyone would ever be able to read it except for me.
I recently noticed that if you run it over your iTunes Music folder it'll extract and output the media that is contained inside your M4P ("MPEG 4 protected audio") files, and output it as unprotected MP3's. So it effectively strips all of the DRM off of all your media in seconds. Even if you didn't purchase that media (say your friend sent it to you) and couldn't play it before. That was not intentional. You can see that effect in this app: https://itunes.apple.com/app/file-extractor/id1129674765 which is the same codebase, but it is being applied to used space (files) instead of free space.
Do the forensic techniques you implemented work on SSDs? Also, were you the person who posted that earlier?
The only two ways to fight it (that I can think of) are:
1) Make it technically impossible (open firmware, open hardware)
2) Make it illegal
There's of course a third way - not give a crap, and just let them watch you.
Actually, I think both technological and legal measures are always necessary. One just doesn't work well without the other.
(Personally, I'm leaning towards "but technical measures first", though - as tech is much more agile than legal stuff.)
That isn't necessarily true, though it's an easy fig leaf to hide behind when you're doing something that is unique and that helps the dark side.
I've heard it said by people that were actively developing malware and spam software.
The target is sent an SMS containing a link to site that triggers the explot chain to remotely jailbreak the phone and clandestinely install the monitoring software.
Ahmed Mansoor, a UAE journalist, was recently targeted with one of these SMS messages and was immediately suspicious. Instead of clicking the link he contacted Citizen Lab researchers who connected it back to NSO group.
[1] https://citizenlab.org/2016/08/million-dollar-dissident-ipho... [2] https://news.ycombinator.com/item?id=12360662
Not that it matters - high profile should not use any kind of phone for anything serious.
It takes people with power in the corporate structure to contradict that default.
Governments have done horrible things. Researchers have done horrible things. Religious Groups have done horrible things. NonProfits have done horrible things.
It's not about profits.
A government might not have a moral compass at all. They may start mass surveillance with good intentions like fighting terrorism but when should they stop? Since they have already invested into mass surveillance why stop at terrorism? Why not use it to fight crime in general? Why not use it to enforce every law imaginable? Since we now have data ranging back several years into the past why not use it retroactively enfore laws?
What's the way out? Become less connected? Go back to fixed function hardware? Is there even a way out without shedding layers of abstraction? Is there even a way out at all, or is this our new brave new world?
Battlestar Galactica phones?
No, but I think we will eventually go to peer-based mesh networks with smarter clients. The reasons are:
1. Mobile devices keep getting faster and have more memory- they aren't and shouldn't be dumbed-down clients peddled by telecom companies to get them to buy their services.
2. People don't want to pay for things they shouldn't have to, like interconnectivity, if there are enough devices for everyone to pull off the network without help.
However, we can't think about anything digital nowadays without factoring in AI, the problem is that once you do that, things become quite unpredictable...
For certain, there will be a fight, on one side governments ans control structures trying to increase their control, and on the other regular citizens trying to live the way they once did.. althogh.. that may already be impossible..
Like it will make any difference. There are people in the military that will go to church and then invade a country like Lybia or Syria for their oil or gas while believing they are doing good for humanity.
We need less moral compasses and more accountancy, checks and balances of the people in power. It should never be about self control, but controls in the institutions.
For the record, I do not believe that at all. But it hasn't been ruled out.
Additionally, they just repeated no laws were broken.
There is no playing devils advocate here. They clearly don't care about what happened in Mexico or middle-east.
And why should they? If you don't agree with their moral compass, then don't invest or support them. By laws of nature, they will eventually die away if it is unsustainable. However, I'd wager it is highly sustainable hence their continued existence. This has happened throughout all of human history.
Try applying your same logic to people who murder journalists in order to maintain a deceptive narrative. Should we avoid having any qualms about that too?
What UAE sovereign does in its own territory is his own business. It is not the other parties' job to interfere in its internal dealings.
Don't blame governments for being mafia, blame us for not forcing them to behave. We need a public debate on the meaning of privacy and the ownership of personal computing.
The government is us, at least in democracies. Voters get what they vote for. Your problems isn't with government, but with your fellow voters: The eternal problem of society.
But I do need to work with my fellow voters on many issues - I don't live in a cave - and I need government to protect me from crime, invasion, poisons in my food, diseases, aircraft that crash, racial discrimination, contractual abuses and violations, and many other things.
USA is the same, government spies on their own citizens and on rest of the world. That is what we need protection from. They are not really protecting us, they are just playing a theatre pretending they do.
you say I need government to protect me from crime, invasion, poisons in my food, diseases, aircraft that crash, racial discrimination, contractual abuses and violations, and many other things.
I believe we would do better job at this without government. Or at least without the monopoly government as it exists today.
