Category Archives: Internet and Computers

NSA Prism program taps in to user data of Apple, Google and others

Prism

A slide depicting the top-secret PRISM program.

• Top-secret Prism program claims direct access to servers of firms including Google, Apple and Facebook

• Companies deny any knowledge of program in operation since 2007

Guardian | Jun 6, 2013    

by Glenn Greenwald and Ewen MacAskill

The National Security Agency has obtained direct access to the systems of Google, Facebook, Apple and other US internet giants, according to a top secret document obtained by the Guardian.

The NSA access is part of a previously undisclosed program called Prism, which allows officials to collect material including search history, the content of emails, file transfers and live chats, the document says.

The Guardian has verified the authenticity of the document, a 41-slide PowerPoint presentation – classified as top secret with no distribution to foreign allies – which was apparently used to train intelligence operatives on the capabilities of the program. The document claims “collection directly from the servers” of major US service providers.

Although the presentation claims the program is run with the assistance of the companies, all those who responded to a Guardian request for comment on Thursday denied knowledge of any such program.

In a statement, Google said: “Google cares deeply about the security of our users’ data. We disclose user data to government in accordance with the law, and we review all such requests carefully. From time to time, people allege that we have created a government ‘back door’ into our systems, but Google does not have a back door for the government to access private user data.”

Several senior tech executives insisted that they had no knowledge of Prism or of any similar scheme. They said they would never have been involved in such a program. “If they are doing this, they are doing it without our knowledge,” one said.

An Apple spokesman said it had “never heard” of Prism.

The NSA access was enabled by changes to US surveillance law introduced under President Bush and renewed under Obama in December 2012.

Prism

The program facilitates extensive, in-depth surveillance on live communications and stored information. The law allows for the targeting of any customers of participating firms who live outside the US, or those Americans whose communications include people outside the US.

It also opens the possibility of communications made entirely within the US being collected without warrants.

Disclosure of the Prism program follows a leak to the Guardian on Wednesday of a top-secret court order compelling telecoms provider Verizon to turn over the telephone records of millions of US customers.

The participation of the internet companies in Prism will add to the debate, ignited by the Verizon revelation, about the scale of surveillance by the intelligence services. Unlike the collection of those call records, this surveillance can include the content of communications and not just the metadata.

Some of the world’s largest internet brands are claimed to be part of the information-sharing program since its introduction in 2007. Microsoft – which is currently running an advertising campaign with the slogan “Your privacy is our priority” – was the first, with collection beginning in December 2007.

It was followed by Yahoo in 2008; Google, Facebook and PalTalk in 2009; YouTube in 2010; Skype and AOL in 2011; and finally Apple, which joined the program in 2012. The program is continuing to expand, with other providers due to come online.

Collectively, the companies cover the vast majority of online email, search, video and communications networks.

Prism

 

The extent and nature of the data collected from each company varies.

Companies are legally obliged to comply with requests for users’ communications under US law, but the Prism program allows the intelligence services direct access to the companies’ servers. The NSA document notes the operations have “assistance of communications providers in the US”.

The revelation also supports concerns raised by several US senators during the renewal of the Fisa Amendments Act in December 2012, who warned about the scale of surveillance the law might enable, and shortcomings in the safeguards it introduces.

When the FAA was first enacted, defenders of the statute argued that a significant check on abuse would be the NSA’s inability to obtain electronic communications without the consent of the telecom and internet companies that control the data. But the Prism program renders that consent unnecessary, as it allows the agency to directly and unilaterally seize the communications off the companies’ servers.

A chart prepared by the NSA, contained within the top-secret document obtained by the Guardian, underscores the breadth of the data it is able to obtain: email, video and voice chat, videos, photos, voice-over-IP (Skype, for example) chats, file transfers, social networking details, and more.

PRISM slide crop


The document is recent, dating to April 2013. Such a leak is extremely rare in the history of the NSA, which prides itself on maintaining a high level of secrecy.

The Prism program allows the NSA, the world’s largest surveillance organisation, to obtain targeted communications without having to request them from the service providers and without having to obtain individual court orders.

With this program, the NSA is able to reach directly into the servers of the participating companies and obtain both stored communications as well as perform real-time collection on targeted users.

The presentation claims Prism was introduced to overcome what the NSA regarded as shortcomings of Fisa warrants in tracking suspected foreign terrorists. It noted that the US has a “home-field advantage” due to housing much of the internet’s architecture. But the presentation claimed “Fisa constraints restricted our home-field advantage” because Fisa required individual warrants and confirmations that both the sender and receiver of a communication were outside the US.

“Fisa was broken because it provided privacy protections to people who were not entitled to them,” the presentation claimed. “It took a Fisa court order to collect on foreigners overseas who were communicating with other foreigners overseas simply because the government was collecting off a wire in the United States. There were too many email accounts to be practical to seek Fisas for all.”

The new measures introduced in the FAA redefines “electronic surveillance” to exclude anyone “reasonably believed” to be outside the USA – a technical change which reduces the bar to initiating surveillance.

The act also gives the director of national intelligence and the attorney general power to permit obtaining intelligence information, and indemnifies internet companies against any actions arising as a result of co-operating with authorities’ requests.

In short, where previously the NSA needed individual authorisations, and confirmation that all parties were outside the USA, they now need only reasonable suspicion that one of the parties was outside the country at the time of the records were collected by the NSA.

The document also shows the FBI acts as an intermediary between other agencies and the tech companies, and stresses its reliance on the participation of US internet firms, claiming “access is 100% dependent on ISP provisioning”.

In the document, the NSA hails the Prism program as “one of the most valuable, unique and productive accesses for NSA”.

It boasts of what it calls “strong growth” in its use of the Prism program to obtain communications. The document highlights the number of obtained communications increased in 2012 by 248% for Skype – leading the notes to remark there was “exponential growth in Skype reporting; looks like the word is getting out about our capability against Skype”. There was also a 131% increase in requests for Facebook data, and 63% for Google.

The NSA document indicates that it is planning to add Dropbox as a PRISM provider. The agency also seeks, in its words, to “expand collection services from existing providers”.

The revelations echo fears raised on the Senate floor last year during the expedited debate on the renewal of the FAA powers which underpin the PRISM program, which occurred just days before the act expired.

Senator Christopher Coons of Delaware specifically warned that the secrecy surrounding the various surveillance programs meant there was no way to know if safeguards within the act were working.

“The problem is: we here in the Senate and the citizens we represent don’t know how well any of these safeguards actually work,” he said.

“The law doesn’t forbid purely domestic information from being collected. We know that at least one Fisa court has ruled that the surveillance program violated the law. Why? Those who know can’t say and average Americans can’t know.”

Other senators also raised concerns. Senator Ron Wyden of Oregon attempted, without success, to find out any information on how many phone calls or emails had been intercepted under the program.

When the law was enacted, defenders of the FAA argued that a significant check on abuse would be the NSA’s inability to obtain electronic communications without the consent of the telecom and internet companies that control the data. But the Prism program renders that consent unnecessary, as it allows the agency to directly and unilaterally seize the communications off the companies’ servers.

When the NSA reviews a communication it believes merits further investigation, it issues what it calls a “report”. According to the NSA, “over 2,000 Prism-based reports” are now issued every month. There were 24,005 in 2012, a 27% increase on the previous year.

In total, more than 77,000 intelligence reports have cited the PRISM program.

Jameel Jaffer, director of the ACLU’s Center for Democracy, that it was astonishing the NSA would even ask technology companies to grant direct access to user data.

“It’s shocking enough just that the NSA is asking companies to do this,” he said. “The NSA is part of the military. The military has been granted unprecedented access to civilian communications.

“This is unprecedented militarisation of domestic communications infrastructure. That’s profoundly troubling to anyone who is concerned about that separation.”

A senior administration official said in a statement: “The Guardian and Washington Post articles refer to collection of communications pursuant to Section 702 of the Foreign Intelligence Surveillance Act. This law does not allow the targeting of any US citizen or of any person located within the United States.

“The program is subject to oversight by the Foreign Intelligence Surveillance Court, the Executive Branch, and Congress. It involves extensive procedures, specifically approved by the court, to ensure that only non-US persons outside the US are targeted, and that minimize the acquisition, retention and dissemination of incidentally acquired information about US persons.

“This program was recently reauthorized by Congress after extensive hearings and debate.

“Information collected under this program is among the most important and valuable intelligence information we collect, and is used to protect our nation from a wide variety of threats.

“The Government may only use Section 702 to acquire foreign intelligence information, which is specifically, and narrowly, defined in the Foreign Intelligence Surveillance Act. This requirement applies across the board, regardless of the nationality of the target.”

Advertisements

PRISM scandal: tech giants flatly deny allowing NSA direct access to servers

Prism
Silicon Valley executives insist they did not know of secret PRISM program that grants access to emails and search history

guardian.co.uk | Jun 6, 2013

by Dominic Rushe and James Ball in New York

prism smallExecutives at several of the tech firms said they had never heard of PRISM until they were contacted by the Guardian

Two different versions of the PRISM scandal were emerging on Thursday with Silicon Valley executives denying all knowledge of the top secret program that gives the National Security Agency direct access to the internet giants’ servers.

The eavesdropping program is detailed in the form of PowerPoint slides in a leaked NSA document, seen and authenticated by the Guardian, which states that it is based on “legally-compelled collection” but operates with the “assistance of communications providers in the US.”

Each of the 41 slides in the document displays prominently the corporate logos of the tech companies claimed to be taking part in PRISM.

However, senior executives from the internet companies expressed surprise and shock and insisted that no direct access to servers had been offered to any government agency.

The top-secret NSA briefing presentation set out details of the PRISM program, which it said granted access to records such as emails, chat conversations, voice calls, documents and more. The presentation the listed dates when document collection began for each company, and said PRISM enabled “direct access from the servers of these US service providers: Microsoft, Yahoo, Google, Facebook, Paltalk, AOL, Skype, YouTube, Apple“.

Senior officials with knowledge of the situation within the tech giants admitted to being confused by the NSA revelations, and said if such data collection was taking place, it was without companies’ knowledge.

An Apple spokesman said: “We have never heard of PRISM. We do not provide any government agency with direct access to our servers and any agency requesting customer data must get a court order,” he said.

Joe Sullivan, Facebook’s chief security officer, said it did not provide government organisation with direct access to Facebook servers. “When Facebook is asked for data or information about specific individuals, we carefully scrutinise any such request for compliance with all applicable laws, and provide information only to the extent required by law.”

A Google spokesman also said it did not provide officials with access to its servers. “Google cares deeply about the security of our users’ data. We disclose user data to government in accordance with the law, and we review all such requests carefully. From time to time, people allege that we have created a government ‘backdoor’ into our systems, but Google does not have a ‘back door’ for the government to access private user data.”

Microsoft said it only turned over data when served with a court order: “We provide customer data only when we receive a legally binding order or subpoena to do so, and never on a voluntary basis. In addition we only ever comply with orders for requests about specific accounts or identifiers. If the government has a broader voluntary national security program to gather customer data we don’t participate in it.”

A Yahoo spokesman said: “Yahoo! takes users’ privacy very seriously. We do not provide the government with direct access to our servers, systems, or network.

Within the tech companies, and talking on off the record, executives said they had never even heard of PRISM until contacted by the Guardian. Executives said that they were regularly contacted by law officials and responded to all subpoenas but they denied ever having heard of a scheme like PRISM, an information programme internal the documents state has been running since 2007.

Executives said they were “confused” by the claims in the NSA document. “We operate under what we are required to do by law,” said one. “We receive requests for information all the time. Say about a potential terrorist threat or after the Boston bombing. But we have systems in place for that.” The executive claimed, as did others, that the most senior figures in their organisation had never heard of PRISM or any scheme like it.

The chief executive of transparency NGO Index on Censorship, Kirsty Hughes, remarked on Twitter that the contradiction seemed to leave two options: “Back door or front?” she posted.

DARPA wants to watch how you type your sentences and how you use your mouse to assemble an “online fingerprint”

armypad

foreignpolicy.com | Feb 15, 2013

By John Reed Friday,

DARPA is getting serious about one of the issues that cyber-security professionals inside and outside government regularly bemoan: the relative inability of weak passwords to protect…anything.

To overcome the fact that passwords can be stolen or hacked — and don’t necessarily protect a computer once the authorized user is logged on — the Pentagon’s research arm has kicked off a $14 million effort to develop sensors that can constantly monitor users’ online behavior to determine whether they are who they say they are.

This kind of vigilance is going to become all the more important as the Pentagon shrinks the number of networks it runs under its cloud-computing initiative and fields mobile devices capable of handling classified information. Ask any cyber security expert and they will tell you that computer networks will inevitably be compromised and that the best defense lies in constantly monitoring for weird behavior.

How exactly do you do that? Well, that’s where DARPA’s Active Authentication program comes in. The Active Authentication program is aimed at verifying your identity based on your online behavior instead of an easily guessed or stolen password.

“The program focuses on the development of new types of behavioral biometrics focused on the user’s cognitive processes,” Richard Guidorizzi, DARPA program manager, explained in an email to Killer Apps. In English, that means Active Authentication will monitor your computer habits — like your typing patterns, the way you use a mouse, and even how you construct sentences — to assemble an “online fingerprint.”

“Examples of this could include, but are not limited to, behavioral biometrics that focus on a user’s unique way of typing on the device or cognitive biometrics that focus on how the user processes language and structures sentences,” he said.

In theory, a user would log onto his computer using a government-issued secure ID card, known as a Common Access Control card. This would tell AA sensors to begin monitoring the user, analyzing typing and sentence structure, and comparing the patterns to previous behavior.

AA isn’t just limited to desktop computers. DARPA will also address mobile devices.

This could come in mighty handy for soldiers and spies who are increasingly reliant on smart phones and tablets to do everything from filing flight plans to collecting and sharing classified information.

Mobile devices will have their own unique safeguards. “For example, the accelerometer in a mobile phone could track how the device rests in a user’s hand or the angle at which he talks into it. Another technique might track the user’s gait, reflecting how he walks as it is transported. In theory, each of these examples could be another layer of user validation,” Guidorizzi writes.

Don’t expect AA tech to be put into place anytime in the near future, though — AA’s work is experimental. “This program is not intended to develop fielded systems but instead to advance the technologies and concepts outlined above,” added Guidorizzi.

Still, some type of online identity software may emerge in the coming years. Just today White House Cyber Security Coordinator Michael Daniel told an audience at the Center for Strategic and International Studies that he wants to see research and development programs that sound a lot like AA shift the balance of cyber power from favoring the attacker, as it does right now, to favoring the defender.

Daniel told Killer Apps he wants to know whether there are “ways that you can bake in better credentialing into the underlying structure of the Internet? Are there ways you can get the software manufacturers make software secure by default, so that you actually have to work at browsing insecurely?”

Parents horrified after learning primary schoolchildren aged just 10 are playing ‘the raping game’

school
Shock: Pupils have been banned from playing ‘the raping game’ – a playground activity that Stanford Junior School in Brighton (pictured) has stepped in to stop

One game called Rapelay sees the main character try to rape a mother and two daughters.

‘As soon as we found out this inappropriate word was being used, we spoke to the children concerned and they now no longer use it.’

Daily Mail | Feb 15, 2013

Primary school children have been banned from playing a new break time game they called ‘the raping game’.

The playground activity had been named after a violent video game which depicts violent sexual assaults on a mother and two daughters.

More than a dozen boys, some as young as nine, were caught playing the ‘the raping game’ at Stanford Junior School in Brighton, East Sussex.

The school confirmed it had been taking place and headteacher Gina Hutchins said she had spoken to children about the vile name. It has now been called ‘the survival game’ following the head’s intervention.

Mrs Hutchins said: ‘As soon as we found out that this inappropriate word was being used, we spoke to the children concerned and they now no longer use it.’

The game has been played mainly by boys in Year 5 at the school for the past two to three weeks.

It involves one person being ‘on’ who has to catch others until only one is left uncaught and that person is the winner.

About 13 boys, aged nine and ten, played the game in the school playground but have since changed the title.

One concerned parent said: ‘I was horrified that my son had learnt that word.

‘He is only nine. Thankfully he did not know what it meant but it was that horrible thought he might use it elsewhere.

‘Most people assume children learn these words at home.’

The parent added she did not blame the school saying it is almost impossible to stop children bringing words into the playground.

They commended the headteacher for her swift actions in taking decisive action and stamping out the use of the word.

It is unsure what video game led to the naming of the game, but several on the market contain scenes of rape.

One game called Rapelay sees the main character try to rape a mother and two daughters.

Military contractor Raytheon’s disturbing Big Brother software trolls social networks to find out where you are and what you are doing

i-am-totally-aware-that-i-dont

It’s a disturbing vision, summoning up George Orwell’s “Big Brother.”

sfgate.com | Feb 12, 2013

by Caleb Garling and Benny Evangelista

Raytheon, a Massachusetts defense contractor, has built tracking software that pulls information from social networks, according to a video obtained by the Guardian newspaper in London.

The gist of the Guardian article:

“The Massachusetts-based company has acknowledged the technology was shared with U.S. government and industry as part of a joint research and development effort, in 2010, to help build a national security system capable of analyzing ‘trillions of entities’ from cyberspace.”

Using public data from Facebook, Twitter, Gowalla and Foursquare, the software – called RIOT, or Rapid Information Overlay Technology – apparently gathers uploaded information and forms a profile of a person’s every move that was registered with one of the websites.

The video obtained by the newspaper starts with a demonstration by Raytheon’s “principal investigator,” Brian Urch, showing how easy it is to track an employee named Nick – a real person – based on all the places he has checked in using his smartphone.

Raytheon Riot: Defense spying is coming to social networks

Raytheon Riot Software Predicts Behavior Based on Social Media

“When people take pictures and post them on the Internet using their smartphones, the phone will actually embed the latitude and longitude in the header data – so we’re going to take advantage of that,” Urch says. “So now we know where Nick’s gone … and now we’ll predict where he’ll be in the future.”

Urch goes on to analyze – using graphs and calendars – where Nick likes to spend his personal time and make predictions about his behavior.

“If you ever wanted to get a hold of his laptop, you might want to visit the gym at 6 a.m. on Monday,” Urch says with alarming casualness.

It’s a disturbing vision, summoning up George Orwell’s “Big Brother.”

But it’s also a reminder that advertisers are not the only ones with interest in the reams of data that social networks collect about regular people. Consider: Had the CIA built a tool like Facebook, we’d probably all be terrified.

And all the tracking data this tool analyzes is provided voluntarily, by us. The satirical news site the Onion, always on point, once joked that the CIA’s “Facebook Program” had drastically cut its spying costs.

Users who enjoy posting their lives on computers they don’t control – i.e. those of Facebook, Twitter, Google, et al – should not be surprised when that data get out of their control. Some governments, like France, are doing what they can to keep an eye on how social-networking data are used, but at the end of the day, if we don’t want Facebook and Twitter using our data, we shouldn’t give that to them.

A final note: The Raytheon video features technology from 2010 – three years ago. No doubt the tracking software has come a long way since then.

Intel’s creepy face-scanning camera watches you while you watch TV

 

telescreen

One day we’re gonna watch you like it’s 1984

Intel’s new TV box to point creepy spy camera at YOUR FACE

theregister.co.uk | Feb  13, 2013

By Bill Ray

Intel has confirmed it will be selling a set-top box direct to the public later this year, along with a streaming TV service designed to watch you while you’re watching it.

The device will come from Intel Media, a new group populated with staff nicked from Netflix/Apple/Google and so forth. Subscribers will get live and catch-up TV as well as on-demand content – all delivered direct from Intel over their broadband connections. It’s a move which will put Chipzilla firmly into US living room, and no doubt ignite a host of privacy concerns from those who want to watch without being watched.

The announcement, made during an interview at the AllThingsD conference in California, isn’t a great surprise; rumours of an Intel play have been swirling around for the last year and sure enough Erik Huggers (VP at Intel Media) admitted that the company has been working on the device, and associated service, for the last 12 months. He didn’t say what the service will be called, but did say that the US isn’t ready for entirely à la carte options and that Intel will be selling bundles of content – though we’ll have to wait to see what they comprise.

Intel’s television set top box will include a built-in camera that watches you in your living room

Intel Developing Box That Watches You Watch TV

Intel Jumps Into Living Room with Internet TV Device

It’s true: Intel is building an internet TV platform that also watches you

More controversial is the plan to use a camera on the box to look outward, to identify the faces staring at the goggle box… telescreen-stylie. Intel will use that to present personalised options and targeted advertising, in a process which seems immediately creepy but might make sense to anyone who has tuned in to NetFlix to be told “Because you watched Power Rangers Ninja Storm…” We’re used to being watched while we’re web surfing, and those using Google Docs know the composition process contributes to their profile, but being watched on camera might be a step too far for some.

Huggers points out that the camera will have a physical shutter on the front, which can be closed, and that having the box recognise the viewers is simply easier than maintaining separate accounts, but Intel accepts that there’s a public-relations challenge ahead.

Intel will be embracing the H.265 codec, recently developed and just approved by the ITU, which should provide better video over less bandwidth, but will make getting support across devices a challenge.

Huggers made much of his experience at the BBC: “I built this thing called iPlayer in the UK, and we made that service available to more than 650 devices”, citing the broad platform support as essential to the success of iPlayer (which he describes as “catch-up TV done properly”) and promising that Intel’s service will also get broad support.

Whether the Android and iOS clients will feature the watching-you-watching-them tech, patented by Intel last year, we don’t know, but the entry of Intel into the market is significant not only to shake up on-demand TV but also to ensure a future for the chip manufacturer as a provider of on-demand television – a business safe from the ARM-based competitors.

Pentagon contractor Raytheon knows what you are doing, where you are and where you are going

Defence contractor Raytheon has developed a tool that can mine social media to track and predict individuals’ behaviour, according to The Guardian.

Privacy crisis in progress as social media tracking again found to be intrusive

Register | Feb 11, 2013

A global “Big Sinister Defence Company Develops ‘Google For Spies’ That Your Government May Already Have Bought “ story is therefore unfurling as you read this piece.

The key “features” of Raytheon’s tool, developed in co-operation with the US government and delicately titled Rapid Information Overlay Technology (RIOT), are said to be an ability to sift through social media and figure out who your friends are and the places you frequent. With that data in hand, The Guardian feels “monitoring and control” of you, I, and everyone we collectively hold dear is eminently possible. It’s implied, despite Raytheon saying it’s had no buyers, that such software is likely to end up in the hands of a repressive State, or a shadowy agency inside a more open State. Australia’s Sydney Morning Herald has piled in with a story on the same theme.

How Raytheon software tracks you online video

All of which sounds just terrifying, except for the fact similar software can be had from other sources that are far less scary than a “defence contractor.”

IBM, for example, happily sells “social media analytics” software that can “Capture consumer data from social media to understand attitudes, opinions, trends and manage online reputation” and even “Predict customer behavior”. And yes, that’s the same IBM that can whip up a supercomputer or sell you a scale-out NAS capable of storing multiple petabytes of data. Throw in the social stuf and Big Blue, too, could help someone nasty to obtain, retain and analyse petabytes of data about us all.

SAS’ offering in the same software category is capable of “continuously monitoring online and social conversation data to identify important topics” and “continuously captures and retains more than two years of online conversation history”. SAS even offers to host its solution, meaning all that data about you is stored by a third-party company you’ve never heard of (and isn’t even open to the scrutiny afforded to listed companies).

Customer service software outfit Genesys sells “Social engagement” software that “Automates the process of (social) listening to your customers” and “Extends business rules and service level strategies to the growing volume of social media-based customer interactions. Could those business rules become “security rules”?

A quick mention of Big Data, daily and breathlessly advanced as capable of all of the above, and much more to more data, is also surely worth inserting at this point.

And then there are Google, Twitter, Facebook and others whose entire business is built on figuring out who you spend time with and where you spend (or intend to spend) that time, so they can sell that information to advertisers. Or hand it over to the government, when asked, which seems to be happening rather more regularly if the social networks’ own reports on the matter suggest.

We’re not suggesting any of the software or services mentioned above were designed as instruments of State surveillance, but it is surely worth pointing out that Raytheon is far from alone in having developed software capable of tracking numerous data public sources, aggregating them into a file on an individual, and doing so without individuals’ knowledge. That the company has done so in collaboration with the US government should not surprise, either: show The Reg a software company uninterested in adapting their wares for government and/or military applications and we’ll show you a software company begging for a shareholder lawsuit and/or swift and replacement of its top executives.

As for the spatial aspect of the allegations, the fact that photos contain spatial metadata is hardly news, nor is the notion that social media leaves a trail of breadcrumbs novel. One has only to revisit news from 2010 to be reminded of how pleaserobme.com pointed out how social media can alert thieves to the fact you’ve left your home. And let’s not even try to draw a line between a new-wave marketing tool like Geofeedia (today spruiking itself as offering real-time maps showing Tweets around the Grammies and as capable of letting one “monitor events to gather sentiment data”), mashups from clever folks who map check-ins and sinister surveillance-ware.

Far clearer is the fact that you, dear reader, are the product for any free online product. Also crystal clear is that by using such services, data about you will be consumed by a large and diverse audience. The scariest thing of all may be how few of those that use such services care or even realise the reality of the situation.