Who is following me on the Internet? Everything is under control - who and why can monitor us through computers and phones

In 1993, The New Yorker magazine published a famous cartoon about a dog using a computer. “No one on the Internet knows you’re a dog,” the caption said. More than twenty years later, things are exactly the opposite. On today's Internet, any dog ​​knows who you are - and sometimes even better than you do.

The Internet doesn't do well with secrets, and privacy is no exception. Every click made in the browser, by definition, must be known to two parties: the client and the server. This is the best case scenario. In fact, where there are two, there are three, or even, if we take the Hacker website as an example, all twenty-eight.

For example

To verify this, just enable the developer tools built into Chrome or Firefox. More than half of these requests have nothing to do with documents located on the “Hacker” servers. Instead, they lead to 27 different domains belonging to several foreign companies. It is these requests that eat up 90% of the time when loading a site.

What are these domains? Advertising networks, several web analytics systems, social media, a payment service, Amazon cloud and a couple of marketing widgets. A similar set, and often even more extensive, is available on any commercial site. Not only we know about them (this goes without saying), but also the owners of these 27 domains.

Many of them don't just know. They watch you with the most intense interest. Do you see the banner? It is loaded from the server of Doubleclick, a large advertising network that is owned by Google. If the banner were not there, it would have found another way. The same data can be retrieved using a tracker Google Analytics or through AdSense, by accessing fonts from Google Fonts or jQuery on Google CDN. At least some clue can be found on a significant proportion of pages on the Internet.

Analyzing the history of a user’s movements on the Internet helps Google determine with good accuracy his interests, gender, age, income, Family status and even health status. This is necessary in order to select advertisements more accurately. Even a small increase in targeting accuracy at the scale of Google is worth billions of dollars, but other applications are possible. According to documents published by Edward Snowden, American and British intelligence agencies intercepted Google trackers to identify suspects.

You are being watched - this is a fact that you need to come to terms with. It's better to focus on other issues. How do they do it? Is it possible to hide from surveillance? And is it worth it?

Find and hide

In order to follow a person, you need to be able to identify him. The simplest and most well-studied identification method is a cookie. The problem is that it is most vulnerable to attacks from privacy advocates. Both users and even politicians know about them. In the European Union, for example, there is a law that forces sites to warn users about the dangers of cookies. It makes no sense, but the fact itself is alarming.

Another problem is that some browsers, by default, block cookies set by a third party - such as a web analytics service or advertising network. This limitation can be circumvented by sending the user through a chain of redirects to a third-party server and back, but this, firstly, is not very convenient, and secondly, it is unlikely to save anyone in the long term. Sooner or later a more reliable identification method will be required.

In the browser where more places, where you can hide identification information than the developers intended. It just takes some ingenuity. For example, through the DOM property window.name, you can transfer up to two megabytes of data to other pages, and unlike cookies, which are only accessible to scripts from the same domain, data in window.name is also available from other domains. The only thing that prevents us from replacing cookies with window.name is the ephemerality of this property. It does not retain its value after the session ends.

A few years ago, it became fashionable to store identity information using so-called Local Shared Objects (LSOs), which Flash provides. Two factors played in LSO's favor. Firstly, unlike cookies, the user could not delete them using the browser. Secondly, if each browser has its own cookies, then LSO, like Flash itself, is the same for all browsers on the computer. Due to this, it is possible to identify a user who alternately works in different browsers.

Continuation is available only to subscribers

Option 1. Subscribe to Hacker to read all materials on the site

Subscription will allow you to specified period read ALL paid materials on the site. We accept payment bank cards

, electronic money and transfers from mobile operator accounts. All governments monitor their citizens in one way or another, using various technologies. To do this, they create special services, give the necessary powers to the police and try to establish interaction with commercial companies

. These include telecom operators, equipment suppliers, and software developers. The only question is why they are doing this and how the rights of people to respect for private life are ensured. In other words, who will control the controllers, monitor the guards. In democratic countries, intelligence agencies are limited by a strong free press and developed civil society , and also really independent courts , which in necessary cases give permission to invade privacy

. You can also file a complaint against the special services in these courts, and, most likely, a person whose rights were illegally limited will be able to count on restoration of rights and compensation from the state.

It's not like that in Russia. First of all, the activities of intelligence services, including in the field of surveillance, are not limited in any way. For example, the courts, which by law must grant permission for wiretapping, grant more than 98% of such requests and at the same time have absolutely no way to control how conscientiously such permission is executed. You also have virtually no chance of proving Russian court

that the surveillance of you was carried out illegally. Perhaps such a claim will not even be accepted for proceedings.

There are practically no independent media left, and those that exist are under constant pressure. Civil activists and NGOs are themselves one of the main targets of surveillance. When we wrote last year's report, we focused on politically motivated surveillance of activists and the opposition. As the work progressed, it became clear that the matter was not limited to this group. It seems, Russian authorities collect the maximum possible amount of information about everyone who is within reach. At least 25 million people must be fingerprinted, and it's not just criminals. Sailors, conscripts, rescuers, foreigners applying for a residence permit, Russian citizens

In Moscow alone, almost 130,000 CCTV cameras are installed throughout the city. When you go to the stadium, your face is likely to be scanned by a camera with facial recognition function. If you buy a ticket for an interregional bus, train or plane, you must present an identification card, and the authorities will know not only your route and flight number, but even the license plate number and brand of the bus, as well as your seat on board.

Administrators of campgrounds and motels must immediately notify the “curator” from the intelligence services if “non-governmental organization employees or foreign journalists are detected in the field of view.”

With the adoption of the Yarovaya package, telecom operators and Internet services must store gigantic amounts of information about users, including IP addresses, information about relatives, languages ​​spoken by the user, associated accounts, as well as voice, text and other images, and even unsent drafts.

For example, you decided to post something on VKontakte extremist appeal, typed the text, but then changed their minds and did not publish it. But the draft has already gone where it should be.

And pay the costs of building data centers, purchasing equipment and software offered to the services themselves, and therefore to the users. At the same time, the authorities, trying to collect huge volumes various information about citizens, are absolutely unable to ensure their safety. Hence the constant leaks of personal data - either car owners or customers pension fund, then the Ministry of Internal Affairs databases.

And there is no data that existing systems control and surveillance somehow help to solve, let alone prevent, crimes and fight terrorism.

For example, after the murder of Boris Nemtsov, it turned out that the video cameras on the Kremlin wall did not work. Thus, the authorities, while asking citizens to pay for surveillance of themselves out of their own pockets, are unable to ensure either the security of personal data or the efficient use of resources to achieve their declared goals.

The penetration of electronics into all areas of our lives haunts everyone more people: they choose “safe” instant messengers, cover up the cameras on their laptops, and when meeting with business partners, take out the battery from their phones - you never know, suddenly there’s wiretapping. Who is watching us, how and for what purpose, Artem Cheranev, general director of the Internet provider INSIS, told the resource.

The other day, WhatsApp messenger told its users: “The messages you send to this chat and calls are now protected by encryption.” “Wow, how great! Now the secret services won’t know anything about me,” apparently, this should have been the response. Artem Cheranev has been working in communications for almost 20 years. He talked about how intelligence services cooperate with operators, who can become the object of total control, and why an ordinary citizen can use any gadgets and any software.

From almost every second acquaintance I periodically hear: “I don’t use this messenger (this device, this email) because it’s easy to hack.” I always say in response: “Darling, you can use everything! Because who needs you?

In fact technical capabilities allow you to hack, listen and track all devices on which the software is installed. I can’t say anything about smartphones, laptops and other gadgets - I don’t know for sure. But, for example, I heard a story: when for one power structure We ordered three UPS (uninterruptible power supply systems) and checked them before installation, it turned out that microphones were soldered into all three “upees”. Moreover, there is a suspicion that they were soldered there on the assembly line in China, although it would seem, what kind of nonsense...

In general, any printer (provided it has a microphone installed and the required bit is included in the driver code) can collect all voice traffic from your office and forward it somewhere. Technically, this is all possible.

In addition, there is such a thing called the “system of operational investigative measures” (SORM). Within the framework of SORM, each telecom operator, in order not to lose its license, is obliged to install at its node appropriate equipment that is certified Federal service security and is used by it. This, relatively speaking, is a piece of hardware that exists parallel to the operator’s central routers, through which all traffic passes. I emphasize - all: Internet traffic, voice traffic, everything.

That is, in fact, the special services do not have to connect to every microphone or sit in headphones and listen to all our flood. In order to track something, it is often enough for them to turn to their own “traffic collector” and absolutely freely, in remote access, from their terminals in the conditional basements of Lubyanka on the required feature traffic is isolated and analyzed. It's not difficult at all. Moreover, within the framework of the same SORM, drives are installed that mirror all traffic for certain period, that is, what you need can be pulled out not just online, but also from the archives. Accordingly, in order to follow someone, you need to put in much less effort than the average person imagines. No satellites or secret drones are needed for this.

But, on the other hand, all negotiations, correspondence, some photographs begin to be interesting only in two cases: if a person becomes a major media or political figure and the general public wants to see how he lives, what he eats, who he sleeps with. The second moment is when a person begins to imagine some kind of real threat to the state: here we are already talking about terrorism, the distribution of child pornography, extremism or things related to the distribution of drugs or calls for suicide. These are the main parameters that are quite actively monitored by the relevant structures: department “K” in the Ministry of Internal Affairs and IT departments in the FSB. Until a person falls into either the first or the second category, he is of no interest to the FSB, the KGB, the CIA, the Ministry of Internal Affairs, or Putin personally. This must be understood.

However, as soon as you approach the categories that are of interest to the intelligence services (I provided an exhaustive list), then at least use a rotary telephone: they will track you, listen to you, and watch you. Let me give you a simple example: in operational filming of operations to uncover gangs of drug dealers, it is clearly visible that these guys use completely ancient push-button phones without Internet access, such as Nokia 3310, constantly change handsets and SIM cards, and communicate with conventional signals. But they are covered.

“If a person comes to the attention of the FSB and Directorate “K” of the Ministry of Internal Affairs, he can use either an iPhone or a rotary phone - he will be tracked, listened to and monitored.”

There are also, for example, special programs, which are aimed at recognizing specific words. How they are used and with what regularity, of course, no one will tell me. But I know for sure that such technologies exist and, moreover, they recognize not only words, but also intonations and determine a person’s emotional state.

And, of course, intelligence agencies always work closely with telecom operators. In our practice, there have been several requests from law enforcement: they once "developed" a hacker who hacked bank accounts. There was also a case where a distributor of child pornography was caught. Recently they busted a terrorist cell that was calling here, here, for jihad. Such cooperation can be in the most different forms- starting from gaining access to IP addresses and ending with the fact that under the guise of employees of the operator company, imitating some preventative work At the site, intelligence agencies install their equipment.

But all this is done only by official request, there should be regulations for this competent authorities. This doesn’t happen just by calling: “Hey, hello, give me access.” If this suddenly happens and pops up, the operator runs the risk of getting hit in the head so much that it will close and never open again.

I’ve been in this business for 17 years: in my memory, in all such incidents when we were approached, it was about really bad guys. For someone to say: “But there’s a deputy living there (or, let’s say, mere mortal Ivan Ivanov) - we want to look at him and smell him,” I swear, this has never happened. So all this paranoia that we are constantly being watched is complete bullshit.

CHISINAU, December 4 – Sputnik. Smartphone is one of the most effective means tracking and provision of personal data.

The validity of this conclusion is indicated by another scandal, which erupted after the Kryptowire company discovered a component in the firmware of several BLU Products smartphones that collects all the user’s text correspondence, address book data, call history and user location and sends everything to Chinese servers every 72 hours.

This case is not unique. An expert in the field spoke in an interview with the Sputnik Moldova radio studio about how large-scale surveillance can be and how they penetrate into our gadgets, whether it is possible to protect ourselves from penetration of personal data and whether there are safe messengers. information technologies And computer security Vadim Melnik.

- Vadim, what do you think is the purpose of collecting this information?

“It seems to me that this information is collected for analysis and to obtain from it some kind of information that would facilitate tracking of users. The Chinese, accordingly, are watching the Americans and Europeans.

- How does this happen?

— There are many applications, including American ones, that request access to personal data. This may be done to improve the quality of the application or we're talking about about cybersecurity. That is, this information is requested by the application for the application itself. For example, because without access to this information, applications cannot work. But there are fake applications - they can use other information that is needed for third-party purposes. For example, the game Pokemon. People suffered because of this application because they ended up not on the official one, but on a fake application that requested confidential information, and people fell for this trick. However, it should be noted that in most cases, applications are tested before they enter the store, and the information they request does not lead to anything bad.

- Do you think the intelligence services have a mechanism for obtaining personal data through such fake applications?

It is difficult to say whether they have such an opportunity. But if there are applications developed by intelligence agencies that are popular, then, yes, they, in principle, can receive any information through these applications. This is not a problem if the application requests access to the address book.
- Is it possible to access personal correspondence on social networks?

Technically, this is possible if these services do not have encryption enabled for correspondence. If encryption is enabled and it works as it should, then there is no such option. Because, for example, in services that use encryption, it is impossible to read the message without the key, and the correspondence becomes unreadable. These are instant messengers such as Telegram, WhatsApp, and Facebook recently turned on encryption. Such messengers can be considered safe. But there is no encryption in Skype.

Many fear that surveillance occurs through the built-in camera. Should smartphone owners be afraid that they are being spied on?

— In principle, you can always be wary, but usually device manufacturers do not insert such a backdoor (editor's note: a backdoor is a defect in the algorithm that is intentionally built into it by the developer and allows secret access to data or remote control of a computer) that would monitor users through the camera. If this happens, and experts find it, then it seriously damages the reputation of this company. It happens that the user himself installs fake applications that gain access to the camera. It happens that the user himself stumbles upon a virus that will have access to the smartphone’s camera.

- What about the camera? personal computers?

Here, in principle, the same situation.

Just recently I showed my friend the capabilities of Yandex Metrics (Dzheneta, hello 😉). Her surprise knew no bounds. How can I find out my phone model? My age? Floor? Actions on the site? Well, in general, those who have worked with Metrica understand what I mean. And for her, all this was not only new, but a real shock. As a result, our conversation with her about confidentiality of information on the Internet inspired me to write this post. And, therefore, today I want to talk about how protected our data is on the global Internet, about who and how is watching us on the Internet, and also how dangerous it is.

Probably, initially you need to remember one sad thing, any information that gets into the network potentially becomes publicly available. This happens due to the imperfection of Internet services, due to hacker attacks, and due to the dishonesty of the people who were entrusted with your information. In a word, everything that gets onto the Internet, or even onto your computer, can sooner or later become publicly available. And this must be clearly understood.

The only way to avoid making your personal data public is to not post it online. But this is not always possible, and people themselves often like to play victims of deception.

But still,

How secure is our data on the Internet?

First, you need to divide your data into two categories: public information and private information.

What is public information on the Internet

In general, formally, public information is information to which access is not limited by the laws of a particular country. But the whole point is that there are no countries on the Internet, maximum domain zones, belonging to countries. And this fact makes the concept of public information extremely vague. Therefore, for simplicity, understanding public information on the Internet they accept data that we are so happy to put on the Internet ourselves and do not limit access to it (this could be name, age, interests, articles, etc.). The point is clear, such information is publicly available, and there is no need to shout and swear ugly when strangers call you and offer to buy a lip rolling machine (or something else).

What is personal information on the Internet

In determining personal information, the same rake. Everything is vague and unclear. Therefore, we again accept a conditional definition: Personal information on the Internet is data about which we do not want to inform strangers(passport series, addresses, MTPL number or e-mail of Elvis Presley’s grandmother).

But now, the most interesting thing is, no matter how intrusively we try to encrypt or hide our information, it can still fall into the wrong hands. How? Let's figure it out.

None of our data is particularly protected on the Internet. Let's look at social media. For example, you posted photos and want to deny access to them to everyone except yourself (there are such functions, although they always surprise me - why is this necessary). I will not talk now about the specifics of the structure of social. networks, I’ll say something else - if you see these photos, it means they are stored somewhere and, as a fact, if you know the password or gain access to your account, you can view them. But there is one more feature: the owner of the portal has access to all the data of his clients. They may or may not be encrypted, but the owner always has access. And this must be clearly understood!

Since we are talking about portal owners, we can consider one more interesting thing. Every webmaster knows information about the users of his site that the user is not even aware of. So, for example, while you are reading this post, a special code on the site is collecting information about your computer, operating system, browser, screen resolution, even mouse movements on the screen are recorded on a special server on the Internet. Moreover, all actions to collect information are absolutely legal. You can get them, for example, in Yandex Metrica (which I mentioned at the beginning). And every owner of absolutely any website has similar access to his resource. Therefore, as soon as you go online, know that all your actions are recorded and processed by the machine.

But still, what’s interesting is probably something else – how it all works.

How are we monitored on the Internet?

Another animal that helps keep an eye on us is DPI or Deep Packet Inspection. This is a very interesting thing that can accumulate statistics, check and filter network packets, control traffic (block, limit or increase). In my opinion, this is the most unpleasant of all the methods of surveillance described now. Because all this is used at the provider level, and here from a faceless user I turn into a specific person.

The fact that we are under surveillance is more than obvious. But, still, who is this big brother who is watching us so unceremoniously?

Who is watching us on the Internet? And how dangerous is it to disclose our data?

As a rule, there are only three main groups of people who are interested in you and me.

• Website owners
• Advertisers and trekking companies
• Intelligence services

Website owners The data is needed solely to build the right strategy for promoting your website. The site owner does not know the names and personal information of his visitors, only general information.

Is it scary to transmit such data? No. Well, what does it do to you if the owner of the resource recognizes the extension of your screen, or modification of the browser?

Advertisers and trekking companies collect more specific information about you. Based on which, you will be shown advertisements that are potentially interesting to you. Is this scary? Rather unpleasant. Because information is not only collected, but also freely sold. Therefore, while browsing the Internet, use a VPN, this will potentially protect you from the collection of confidential information.

Intelligence services. Unfortunately, you do not have enough karma to view this paragraph. Even the owner of the resource who wrote this article does not have enough karma.