All source URLs cited below were accurate as of the original writing of this book, July 2016.
1. https://www.youtube.com/watch?t=33&v=XEVlyP4_11M.
2. Snowden first went to Hong Kong before receiving permission to live in Russia. He has since applied to live in Brazil and other nations and has not ruled out a return to the United States if he were to receive a fair trial.
3. http://www.reuters.com/article/2011/02/24/idUSN2427826420110224.
4. https://www.law.cornell.edu/supct/html/98-93.ZD.html.
5. https://www.law.cornell.edu/uscode/text/16/3372.
6. http://www.wired.com/2013/06/why-i-have-nothing-to-hide-is-the-wrong-way-to-think-about-surveillance/.
1. https://www.apple.com/pr/library/2014/09/02Apple-Media-Advisory.html.
2. http://anon-ib.com/. Please note this site is not safe for work and may also contain disturbing images as well.
3. http://www.wired.com/2014/09/eppb-icloud/.
4. https://www.justice.gov/usao-mdpa/pr/lancaster-county-man-sentenced-18-months-federal-prison-hacking-apple-and-google-e-mail.
5. http://arstechnica.com/security/2015/09/new-stats-show-ashley-madison-passwords-are-just-as-weak-as-all-the-rest/.
6. http://www.openwall.com/john/.
7. “MaryHadALittleLamb123$” as rendered by http://www.danstools.com/md5-hash-generator/.
8. http://news.bbc.co.uk/2/hi/technology/3639679.stm.
9. http://www.consumerreports.org/cro/news/2014/04/smart-phone-thefts-rose-to-3-1-million-last-year/index.htm.
10. http://www.mercurynews.com/california/ci_26793089/warrant-chp-officer-says-stealing-nude-photos-from.
11. http://arstechnica.com/security/2015/08/new-data-uncovers-the-surprising-predictability-of-android-lock-patterns/.
12. http://www.knoxnews.com/news/local/official-explains-placing-david-kernell-at-ky-facility-ep-406501153-358133611.html.
13. http://www.wired.com/2008/09/palin-e-mail-ha/.
14. http://fusion.net/story/62076/mothers-maiden-name-security-question/.
15. http://web.archive.org/web/20110514200839/http://latimesblogs.latimes.com/webscout/2008/09/4chans-half-hac.html.
16. http://www.commercialappeal.com/news/david-kernell-ut-student-in-palin-email-case-is-released-from-supervision-ep-361319081-326647571.html; http://edition.cnn.com/2010/CRIME/11/12/tennessee.palin.hacking.case/.
17. http://www.symantec.com/connect/blogs/password-recovery-scam-tricks-users-handing-over-email-account-access.
18. https://techcrunch.com/2016/06/10/how-activist-deray-mckessons-twitter-account-was-hacked/.
1. In case you’re wondering, images of child sexual abuse are identified and tagged by the National Center for Missing and Exploited Children, which is how Google and other search engine companies’ automated scanning system distinguishes those images from the nonpornographic images on their networks. See http://www.dailymail.co.uk/news/article-2715396/Google-s-email-scan-helps-catch-sex-offender-tips-police-indecent-images-children-Gmail-account.html.
2. http://www.braingle.com/brainteasers/codes/caesar.php.
3. https://theintercept.com/2014/10/28/smuggling-snowden-secrets/.
4. For example, see the list here: https://en.wikipedia.org/wiki/Category:Cryptographic_algorithms.
5. Mailvelope works with Outlook, Gmail, Yahoo Mail, and several other Web-based e-mail services. See https://www.mailvelope.com/.
6. To see the metadata on your Gmail account, choose a message, open it, then click the down arrow in the upper right corner of the message. Among the choices (“Reply,” “Reply All,” “Forward,” and so on) is “Show Original.” In Apple Mail, select the message, then choose View>Message>All Headers. In Yahoo, click “More,” then “View Full Header.” Similar options appear in other mail programs.
7. http://www.bbc.com/future/story/20150206-biggest-myth-about-phone-privacy.
8. https://immersion.media.mit.edu/.
9. http://www.npr.org/2013/06/13/191226106/fisa-court-appears-to-be-rubberstamp-for-government-requests.
10. You can type “IP Address” into the Google search window to see your own IP address at the time of the request.
11. https://play.google.com/store/apps/details?id=org.torproject.android.
12. http://www.wired.com/threatlevel/2014/01/tormail/.
13. https://www.theguardian.com/technology/2014/oct/28/tor-users-advised-check-computers-malware.
14. http://arstechnica.com/security/2014/07/active-attack-on-tor-network-tried-to-decloak-users-for-five-months/.
15. For the Tor box on a Raspberry Pi, you can use something like Portal: https://github.com/grugq/PORTALofPi.
16. https://www.skype.com/en/features/online-number/.
17. http://www.newyorker.com/magazine/2007/02/19/the-kona-files.
18. Again, it’s probably best not to use Google or large e-mail providers, but for the sake of illustration I’m using it here.
1. You can opt out of sharing your personal data with commuting services on the Android. Go to Settings>Search & Now>Accounts & privacy>Commute sharing. Apple does not provide a similar service, but future versions of iOS may help you plan trips based on where your phone is at a given moment.
2. http://www.abc.net.au/news/2015-07-06/nick-mckenzie-speaks-out-about-his-brush-with-the-mafia/6596098.
3. You would actually purchase a refill card that you would use with the phone itself. Best to use Bitcoin to do it.
4. https://www.washingtonpost.com/news/the-switch/wp/2014/12/18/german-researchers-discover-a-flaw-that-could-let-anyone-listen-to-your-cell-calls-and-read-your-texts/.
5. http://arstechnica.com/gadgets/2010/12/15-phone-3-minutes-all-thats-needed-to-eavesdrop-on-gsm-call/.
6. http://www.latimes.com/local/la-me-pellicano5mar05-story.html#navtype=storygallery.
7. http://www.nytimes.com/2008/03/24/business/media/24pellicano.html?pagewanted=all.
8. https://www.hollywoodreporter.com/thr-esq/anthony-pellicanos-prison-sentence-vacated-817558.
9. http://www.cryptophone.de/en/products/landline/.
10. https://www.kickstarter.com/projects/620001568/jackpair-safeguard-your-phone-conversation/posts/1654032.
11. http://spectrum.ieee.org/telecom/security/the-athens-affair.
12. http://bits.blogs.nytimes.com/2007/07/10/engineers-as-counterspys-how-the-greek-cellphone-system-was-bugged/.
13. https://play.google.com/store/apps/details?id=org.thoughtcrime.redphone.
1. http://caselaw.findlaw.com/wa-supreme-court/1658742.html.
2. http://courts.mrsc.org/mc/courts/zsupreme/179wn2d/179wn2d0862.htm.
3. http://www.komonews.com/news/local/Justices-People-have-right-to-privacy-in-text-messages-247583351.html.
4. http://www.democracynow.org/2016/10/26/headlines/project_hemisphere_at_ts_secret_program_to_spy_on_americans_for_profit.
5. http://www.wired.com/2015/08/know-nsa-atts-spying-pact/.
6. http://espn.go.com/nfl/story/_/id/13570716/tom-brady-new-england-patriots-wins-appeal-nfl-deflategate.
7. https://www.bostonglobe.com/sports/2015/07/28/tom-brady-destroyed-his-cellphone-and-texts-along-with/ZuIYu0he05XxEeOmHzwTSK/story.html.
8. DES was cracked partly because it only encrypted the data once. AES uses three layers of encryption and is therefore much stronger, even independent of the number of bits.
9. Diskreet is no longer available.
10. https://twitter.com/kevinmitnick/status/346065664592711680. This link provides a more technical explanation of the thirty-two-bit DES used: https://www.cs.auckland.ac.nz/~pgut001/pubs/norton.txt.
11. http://www.theatlantic.com/technology/archive/2014/06/facebook-texting-teens-instagram-snapchat-most-popular-social-network/373043/.
12. http://www.pewinternet.org/2015/04/09/teens-social-media-technology-2015.
13. http://www.forbes.com/sites/andygreenberg/2014/02/21/whatsapp-comes-under-new-scrutiny-for-privacy-policy-encryption-gaffs/.
14. https://www.wired.com/2016/10/facebook-completely-encrypted-messenger-update-now/.
15. https://community.skype.com/t5/Security-Privacy-Trust-and/Skype-to-Skype-call-recording/td-p/2064587.
16. https://www.eff.org/deeplinks/2011/12/effs-raises-concerns-about-new-aol-instant-messenger-0.
17. http://www.wired.com/2007/05/always_two_ther/.
18. http://venturebeat.com/2016/08/02/hackers-break-into-telegram-revealing-15-million-users-phone-numbers/.
19. http://www.csmonitor.com/World/Passcode/2015/0224/Private-chat-app-Telegram-may-not-be-as-secretive-as-advertised.
20. https://otr.cypherpunks.ca/.
21. https://chatsecure.org/.
22. https://guardianproject.info/apps/chatsecure/.
23. https://crypto.cat/.
24. https://getconfide.com/.
1. https://www.techdirt.com/articles/20150606/16191831259/according-to-government-clearing-your-browser-history-is-felony.shtml.
2. http://www.cbc.ca/news/trending/clearing-your-browser-history-can-be-deemed-obstruction-of-justice-in-the-u-s-1.3105222.
3. http://ftpcontent2.worldnow.com/whdh/pdf/Matanov-Khairullozhon-indictment.pdf.
4. https://www.eff.org/https-everywhere%20.
5. http://www.tekrevue.com/safari-sync-browser-history/.
6. http://www.theguardian.com/commentisfree/2013/aug/01/government-tracking-google-searches.
7. https://myaccount.google.com/intro/privacy.
8. http://www.fastcompany.com/3026698/inside-duckduckgo-googles-tiniest-fiercest-competitor.
1. https://timlibert.me/pdf/Libert-2015-Health_Privacy_on_Web.pdf.
2. An informal test conducted while writing this book showed that the Ghostery plug-in on Chrome blocked up to twenty-one requests from partners of the Mayo Clinic and twelve requests from partners of WebMD when returning results for “athlete’s foot.”
3. For a more detailed look at what information your browser leaks, check out http://browserspy.dk/.
4. https://noscript.net/.
5. https://chrome.google.com/webstore/detail/scriptblock/hcdjknjpbnhdoabbngpmfekaecnpajba?hl=en.
6. https://www.ghostery.com/en/download?src=external-ghostery.com.
7. By “mail drop” I mean commercial mailbox outfits such as the UPS Store, although many do require a photo ID before you can obtain one.
8. http://www.wired.com/2014/10/verizons-perma-cookie/.
9. http://www.pcworld.com/article/2848026/att-kills-the-permacookie-stops-tracking-customers-internet-usage-for-now.html.
10. http://www.verizonwireless.com/support/unique-identifier-header-faqs/.
11. http://www.reputation.com/blog/privacy/how-disable-and-delete-flash-cookies; http://www.brighthub.com/computing/smb-security/articles/59530.aspx.
12. http://en.wikipedia.org/wiki/Samy_Kamkar.
13. https://github.com/samyk/evercookie.
14. http://venturebeat.com/2015/07/14/consumers-want-privacy-yet-demand-personalization/.
15. http://www.businessinsider.com/facebook-will-not-honor-do-not-track-2014-6.
16. https://chrome.google.com/webstore/detail/facebook-disconnect/ejpepffjfmamnambagiibghpglaidiec?hl=en.
17. https://facebook.adblockplus.me/.
18. https://zephoria.com/top-15-valuable-facebook-statistics/.
19. http://www.latimes.com/business/la-fi-lazarus-20150417-column.html.
20. https://www.propublica.org/article/meet-the-online-tracking-device-that-is-virtually-impossible-to-block#.
21. https://addons.mozilla.org/en-us/firefox/addon/canvasblocker/.
22. https://chrome.google.com/webstore/detail/canvasfingerprintblock/ipmjngkmngdcdpmgmiebdmfbkcecdndc?hl=en-US.
23. https://trac.torproject.org/projects/tor/ticket/6253.
24. https://www.technologyreview.com/s/538731/how-ads-follow-you-from-phone-to-desktop-to-tablet/.
25. https://theintercept.com/2014/10/28/smuggling-snowden-secrets/.
1. http://www.computerworld.com/article/2511814/security0/man-used-neighbor-s-wi-fi-to-threaten-vice-president-biden.html.
2. http://www.computerworld.com/article/2476444/mobile-security-comcast-xfinity-wifi-just-say-no.html.
3. http://customer.xfinity.com/help-and-support/internet/disable-xfinity-wifi-home-hotspot/.
4. BitTorrent is a streaming video service for movies, some of which are provided by sources other than the copyright holders.
5. http://blog.privatewifi.com/why-six-strikes-could-be-a-nightmare-for-your-internet-privacy/.
6. There is also the basic service set (BSS), which provides the basic building block of an 802.11 wireless LAN (local area network). Each BSS or ESS (extended service set) is identified by a service set identifier (SSID).
7. http://www.techspot.com/guides/287-default-router-ip-addresses/.
8. http://www.routeripaddress.com/.
9. It’s easy to figure out the MAC address of authorized devices by using a penetration-test tool known as Wireshark.
10. https://www.pwnieexpress.com/blog/wps-cracking-with-reaver.
11. http://www.wired.com/2010/10/webcam-spy-settlement/.
12. http://www.telegraph.co.uk/technology/internet-security/11153381/How-hackers-took-over-my-computer.html.
13. https://www.blackhat.com/docs/us-16/materials/us-16-Seymour-Tully-Weaponizing-Data-Science-For-Social-Engineering-Automated-E2E-Spear-Phishing-On-Twitter.pdf.
14. http://www.wired.com/2010/01/operation-aurora/.
15. http://www.nytimes.com/2015/01/04/opinion/sunday/how-my-mom-got-hacked.html.
16. http://arstechnica.com/security/2013/10/youre-infected-if-you-want-to-see-your-data-again-pay-us-300-in-bitcoins/.
17. https://securityledger.com/2015/10/fbis-advice-on-cryptolocker-just-pay-the-ransom/.
1. It’s important to note that public Wi-Fi is not open in all parts of the world. For example, in Singapore, to use public Wi-Fi outside your hotel or a McDonald’s restaurant, you will need to register. Locals must have a Singapore cell-phone number, and tourists must present their passports to a local authority before getting approval.
2. https://business.f-secure.com/the-dangers-of-public-wifi-and-crazy-things-people-do-to-use-it/.
3. http://dnlongen.blogspot.com/2015/05/is-your-home-router-spying-on-you.html.
4. There are lots of considerations a user should know about when choosing a VPN provider. See https://torrentfreak.com/anonymous-vpn-service-provider-review-2015-150228/3/.
5. One commercial VPN choice is TunnelBear, a Canadian VPN company. They state: “TunnelBear does NOT store users originating IP addresses when connected to our service and thus cannot identify users when provided IP addresses of our servers. Additionally, we cannot disclose information about the applications, services or websites our users consume while connected to our Services; as TunnelBear does NOT store this information.” https://www.tunnelbear.com/privacy-policy/.
6. http://www.howtogeek.com/215730/how-to-connect-to-a-vpn-from-your-iphone-or-ipad/.
7. http://www.howtogeek.com/135036/how-to-connect-to-a-vpn-on-android/?PageSpeed=noscript.
8. http://www.cbc.ca/news/politics/csec-used-airport-wi-fi-to-track-canadian-travellers-edward-snowden-documents-1.2517881.
9. http://www.telegraph.co.uk/news/worldnews/northamerica/usa/9673429/David-Petraeus-ordered-lover-Paula-Broadwell-to-stop-emailing-Jill-Kelley.html.
10. http://www.nytimes.com/2012/11/12/us/us-officials-say-petraeuss-affair-known-in-summer.html.
11. https://www.wired.com/2012/11/gmail-location-data-petraeus/.
12. http://www.howtogeek.com/192173/how-and-why-to-change-your-mac-address-on-windows-linux-and-mac/?PageSpeed=noscript.
1. http://www.wired.com/2012/12/ff-john-mcafees-last-stand/.
2. http://defensetech.org/2015/06/03/us-air-force-targets-and-destroys-isis-hq-building-using-social-media/.
3. http://www.bbc.com/future/story/20150206-biggest-myth-about-phone-privacy.
4. http://www.dailymail.co.uk/news/article-3222298/Is-El-Chapo-hiding-Costa-Rica-Net-closes-world-s-wanted-drug-lord-hapless-son-forgets-switch-location-data-Twitter-picture.html.
5. https://threatpost.com/how-facebook-and-facial-recognition-are-creating-minority-report-style-privacy-meltdown-080511/75514.
6. http://www.forbes.com/sites/kashmirhill/2011/08/01/how-face-recognition-can-be-used-to-get-your-social-security-number/2/.
7. http://searchengineland.com/with-mobile-face-recognition-google-crosses-the-creepy-line-70978.
8. Robert Vamosi, When Gadgets Betray Us: The Dark Side of Our Infatuation with New Technologies (New York: Basic Books, 2011).
9. http://www.forbes.com/sites/kashmirhill/2011/08/01/how-face-recognition-can-be-used-to-get-your-social-security-number/.
10. https://techcrunch.com/2015/07/13/yes-google-photos-can-still-sync-your-photos-after-you-delete-the-app/.
11. https://www.facebook.com/legal/terms.
12. http://www.consumerreports.org/cro/news/2014/03/how-to-beat-facebook-s-biggest-privacy-risk/index.htm.
13. http://www.forbes.com/sites/amitchowdhry/2015/05/28/facebook-security-checkup/.
14. http://www.consumerreports.org/cro/magazine/2012/06/facebook-your-privacy/index.htm.
15. http://www.cnet.com/news/facebook-will-the-real-kevin-mitnick-please-stand-up/.
16. http://www.eff.org/files/filenode/social_network/training_course.pdf.
17. http://bits.blogs.nytimes.com/2015/03/17/pearson-under-fire-for-monitoring-students-twitter-posts/.
18. http://www.washingtonpost.com/blogs/answer-sheet/wp/2015/03/14/pearson-monitoring-social-media-for-security-breaches-during-parcc-testing/.
19. http://www.csmonitor.com/World/Passcode/Passcode-Voices/2015/0513/Is-student-privacy-erased-as-classrooms-turn-digital.
20. https://motherboard.vice.com/blog/so-were-sharing-our-social-security-numbers-on-social-media-now.
21. http://pix11.com/2013/03/14/snapchat-sexting-scandal-at-nj-high-school-could-result-in-child-porn-charges/.
22. http://www.bbc.co.uk/news/uk-34136388.
23. https://www.ftc.gov/news-events/press-releases/2014/05/snapchat-settles-ftc-charges-promises-disappearing-messages-were.
24. http://www.informationweek.com/software/social/5-ways-snapchat-violated-your-privacy-security/d/d-id/1251175.
25. http://fusion.net/story/192877/teens-face-criminal-charges-for-taking-keeping-naked-photos-of-themselves/.
26. http://www.bbc.com/future/story/20150206-biggest-myth-about-phone-privacy.
27. http://fusion.net/story/141446/a-little-known-yelp-setting-tells-businesses-your-gender-age-and-hometown/?utm_source=rss&utm_medium=feed&utm_campaign=/author/kashmir-hill/feed/.
28. On the iPhone or iPad, go to Settings>Privacy>Location Services, where you find a list of all of your location-aware apps. For example, it is possible to disable the geolocation for the Facebook Messenger app by itself. Scroll to “Facebook Messenger” and ensure that its location services are set to “Never.” On Android devices, Open the Facebook Messenger app, click the “Settings” icon (shaped like a gear) in the upper right corner, scroll to “New messages include your location by default,” and uncheck it. On Android devices in general you will have to individually disable geolocation (if it’s offered as a choice); there is no one-size-fits-all setting.
29. https://blog.lookout.com/blog/2016/08/25/trident-pegasus/.
1. You can turn off GPS in later verions of iOS as described here: http://smallbusiness.chron.com/disable-gps-tracking-iphone-30007.html.
2. https://gigaom.com/2013/07/08/your-metadata-can-show-snoops-a-whole-lot-just-look-at-mine/.
3. http://www.zeit.de/datenschutz/malte-spitz-data-retention.
4. https://www.washingtonpost.com/local/public-safety/federal-appeals-court-that-includes-va-md-allows-warrantless-tracking-of-historical-cell-site-records/2016/05/31/353950d2-2755-11e6-a3c4-0724e8e24f3f_story.html.
5. http://fusion.net/story/177721/phone-location-tracking-google-feds/?utm_source=rss&utm_medium=feed&utm_campaign=/author/kashmir-hill/feed/.
6. http://www.forbes.com/sites/andyrobertson/2015/05/19/strava-flyby/?ss=future-tech.
7. http://fusion.net/story/119745/in-the-future-your-insurance-company-will-know-when-youre-having-sex/?utm_source=rss&utm_medium=feed&utm_campaign=/author/kashmir-hill/feed/.
8. http://thenextweb.com/insider/2011/07/04/details-of-fitbit-users-sex-lives-removed-from-search-engine-results/.
9. http://fusion.net/story/119745/in-the-future-your-insurance-company-will-know-when-youre-having-sex/?utm_source=rss&utm_medium=feed&utm_campaign=/author/kashmir-hill/feed/.
10. http://www.engadget.com/2015/06/28/fitbit-data-used-by-police/.
11. http://abc27.com/2015/06/19/police-womans-fitness-watch-disproved-rape-report/.
12. http://www.theguardian.com/technology/2014/nov/18/court-accepts-data-fitbit-health-tracker.
13. http://www.smithsonianmag.com/innovation/invention-snapshot-changed-way-we-viewed-world-180952435/?all&no-ist.
14. https://books.google.com/books?id=SlMEAAAAMBAJ&pg=PA158&lpg=PA158&dq=%22The+kodak+has+added+a+new+terror+to+the+picnic%22&source=bl&ots=FLtKbYGv6Y&sig=YzE2BisTYejb1pT3vYhR2QBPAYM&hl=en&sa=X&ei=BhUwT7fVBOTgiALv2-S3Cg&ved=0CCAQ6AEwAA#v=onepage&q=%22The%20koda&f=false.
15. http://www.smithsonianmag.com/innovation/invention-snapshot-changed-way-we-viewed-world-180952435/?no-ist=&page=2.
16. https://www.faa.gov/uas/media/Part_107_Summary.pdf.
17. https://www.faa.gov/uas/where_to_fly/b4ufly/.
18. http://www.slate.com/articles/technology/future_tense/2015/06/facial_recognition_privacy_talks_why_i_walked_out.html.
19. http://www.extremetech.com/mobile/208815-how-facial-recognition-will-change-shopping-in-stores.
20. http://www.retail-week.com/innovation/seven-in-ten-uk-shoppers-find-facial-recognition-technology-creepy/5077039.article.
21. http://www.ilga.gov/legislation/ilcs/ilcs3.asp?ActID=3004&ChapterID=57.
22. http://arstechnica.com/business/2015/06/retailers-want-to-be-able-to-scan-your-face-without-your-permission/.
23. http://fusion.net/story/154199/facial-recognition-no-rules/?utm_source=rss&utm_medium=feed&utm_campaign=/author/kashmir-hill/feed/.
24. https://www.youtube.com/watch?v=NEsmw7jpODc.
25. http://motherboard.vice.com/read/glasses-that-confuse-facial-recognition-systems-are-coming-to-japan.
1. http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/.
2. This is silly. Just because something is prohibited doesn’t mean it won’t happen. And this creates a dangerous scenario in which hacked cars can still affect the driving public. Zero-days for automobiles, anyone?
3. http://keenlab.tencent.com/en/2016/06/19/Keen-Security-Lab-of-Tencent-Car-Hacking-Research-Remote-Attack-to-Tesla-Cars/.
4. http://www.buzzfeed.com/johanabhuiyan/uber-is-investigating-its-top-new-york-executive-for-privacy.
5. http://www.theregister.co.uk/2015/06/22/epic_uber_ftc/.
6. http://nypost.com/2014/11/20/uber-reportedly-tracking-riders-without-permission/.
7. https://www.uber.com/legal/usa/privacy.
8. http://fortune.com/2015/06/23/uber-privacy-epic-ftc/.
9. http://www.bbc.com/future/story/20150206-biggest-myth-about-phone-privacy.
10. http://tech.vijay.ca/of-taxis-and-rainbows-f6bc289679a1.
11. http://arstechnica.com/tech-policy/2014/06/poorly-anonymized-logs-reveal-nyc-cab-drivers-detailed-whereabouts/.
12. You can walk into a transit authority office and request to pay cash for an NFC card, but this requires extra time and will undoubtedly result in a lecture about tying your bank or credit card to the card instead.
13. http://www.wsj.com/articles/SB10000872396390443995604578004723603576296.
14. https://www.aclu.org/blog/free-future/internal-documents-show-fbi-was-wrestling-license-plate-scanner-privacy-issues.
15. http://www.wired.com/2015/05/even-fbi-privacy-concerns-license-plate-readers/.
16. Five of the sources were the St. Tammany Parish Sheriff’s Office, the Jefferson Parish Sheriff’s Office, and the Kenner Police Department, in Louisiana; the Hialeah Police Department, in Florida; and the University of Southern California Department of Public Safety.
17. http://www.forbes.com/sites/robertvamosi/2015/05/04/dont-sell-that-connected-car-or-home-just-yet/.
18. https://www.washingtonpost.com/blogs/the-switch/wp/2015/06/24/tesla-says-its-drivers-have-traveled-a-billion-miles-and-tesla-knows-how-many-miles-youve-driven/.
19. http://www.dhanjani.com/blog/2014/03/curosry-evaluation-of-the-tesla-model-s-we-cant-protect-our-cars-like-we-protect-our-workstations.html.
20. http://www.teslamotors.com/blog/most-peculiar-test-drive.
21. http://www.forbes.com/sites/kashmirhill/2013/02/19/the-big-privacy-takeaway-from-tesla-vs-the-new-york-times/.
22. http://www.wired.com/2015/07/gadget-hacks-gm-cars-locate-unlock-start/.
23. http://spectrum.ieee.org/cars-that-think/transportation/advanced-cars/researchers-prove-connected-cars-can-be-tracked.
24. http://www.wired.com/2015/10/cars-that-talk-to-each-other-are-much-easier-to-spy-on/.
25. https://grahamcluley.com/2013/07/volkswagen-security-flaws/.
26. https://grahamcluley.com/2015/07/land-rover-cars-bug/.
27. http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/.
28. http://www.forbes.com/sites/robertvamosi/2015/03/24/securing-connected-cars-one-chip-at-a-time/.
29. http://www.nytimes.com/2016/07/30/business/tesla-faults-teslas-brakes-but-not-autopilot-in-fatal-crash.html.
1. http://www.amazon.com/review/R3IMEYJFO6YWHD.
2. https://www.blackhat.com/docs/us-14/materials/us-14-Jin-Smart-Nest-Thermostat-A-Smart-Spy-In-Your-Home.pdf.
3. http://venturebeat.com/2014/08/10/hello-dave-i-control-your-thermostat-googles-nest-gets-hacked/.
4. http://www.forbes.com/sites/kashmirhill/2014/07/16/nest-hack-privacy-tool/.
5. http://venturebeat.com/2014/08/10/hello-dave-i-control-your-thermostat-googles-nest-gets-hacked/.
6. http://www.networkworld.com/article/2909212/security0/schneier-on-really-bad-iot-security-it-s-going-to-come-crashing-down.html.
7. http://www.forbes.com/sites/kashmirhill/2013/07/26/smart-homes-hack/.
8. http://www.dhanjani.com/blog/2013/08/hacking-lightbulbs.html.
9. http://www.wired.com/2009/11/baby-monitor/.
10. http://www.bbc.com/news/technology-31523497.
11. http://mashable.com/2012/05/29/sensory-galaxy-s-iii/.
12. http://www.forbes.com/sites/marcwebertobias/2014/01/26/heres-how-easy-it-is-for-google-chrome-to-eavesdrop-on-your-pc-microphone/.
13. http://www.theguardian.com/technology/2015/jun/23/google-eavesdropping-tool-installed-computers-without-permission.
14. Perhaps the easiest way is to open the Amazon Echo app. Go to your settings, then go to History>Tap Individual Recording>Delete.
15. Log in to your account on Amazon, then from “Account Settings,” click on Your Devices>Amazon Echo>Delete.
16. http://www.theregister.co.uk/2015/08/24/smart_fridge_security_fubar/.
17. www.shodan.io.
1. http://www.wsj.com/articles/SB10001424052702303672404579151440488919138.
2. http://theweek.com/articles/564263/rise-workplace-spying.
3. https://olin.wustl.edu/docs/Faculty/Pierce_Cleaning_House.pdf.
4. http://harpers.org/archive/2015/03/the-spy-who-fired-me/.
5. https://room362.com/post/2016/snagging-creds-from-locked-machines/.
6. Normally document metadata is hidden from view. You can see the metadata included with your document by clicking File>Info, then viewing the properties on the right side of the window.
7. If you use Document Inspector, first make a copy of your document, because changes made cannot be undone. In the copy of your original document, click the “File” tab, then click “Info.” Under “Prepare for Sharing,” click “Check for Issues,” then click “Inspect Document.” In the Document Inspector dialog box, select the check boxes for the content that you want to be inspected. Click “Inspect.” Review the results of the inspection in the Document Inspector dialog box. Click “Remove All” next to the inspection results for the types of hidden content that you want to remove from your document.
8. http://www.infosecurity-magazine.com/news/printer-related-security-breaches-affect-63-of/.
9. http://www.wired.com/2014/08/gyroscope-listening-hack/.
10. http://ossmann.blogspot.com/2013/01/funtenna.html.
11. http://cs229.stanford.edu/proj2013/Chavez-ReconstructingNon-IntrusivelyCollectedKeystrokeDataUsingCellphoneSensors.pdf.
12. http://www.cc.gatech.edu/~traynor/papers/traynor-ccs11.pdf.
13. http://samy.pl/keysweeper/.
14. http://www.wired.com/2015/10/stingray-government-spy-tools-can-record-calls-new-documents-confirm/.
15. http://phys.org/news/2013-07-femtocell-hackers-isec-smartphone-content.html.
16. http://arstechnica.com/information-technology/2015/04/this-machine-catches-stingrays-pwnie-express-demos-cellular-threat-detector/.
17. http://www.guardian.co.uk/world/2013/jul/11/microsoft-nsa-collaboration-user-data.
18. http://www.computerworld.com/article/2474090/data-privacy/new-snowden-revelation-shows-skype-may-be-privacy-s-biggest-enemy.html.
19. https://community.rapid7.com/community/metasploit/blog/2012/01/23/video-conferencing-and-self-selecting-targets.
20. http://www.polycom.com/global/documents/solutions/industry_solutions/government/max_security/uc-deployment-for-maximum-security.pdf.
21. https://community.rapid7.com/community/metasploit/blog/2012/01/23/video-conferencing-and-self-selecting-targets.
22. For example, https://www.boxcryptor.com/en.
1. That this is a border search and arrest is not really relevant. U.S. courts have not settled whether a person of interest has to give up their passwords—so far not. However, a court has ruled that a person of interest can be forced into authenticating his or her iPhone by using Touch ID (fingerprint). To eliminate the risk, whenever you pass through customs in any country, reboot your iPhone or any other Apple device with Touch ID and do not put in your passcode. As long as you don’t enter your passcode, Touch ID will fail.
2. http://www.computerweekly.com/Articles/2008/03/13/229840/us-department-of-homeland-security-holds-biggest-ever-cybersecurity.htm.
3. In iOS 8 or more recent versions of the operating system, you can reset all pairing relationships by going to Settings>General>Reset>Reset Location & Privacy or Reset Network Settings. Researcher Jonathan Zdziarski has published a number of blog posts on the topic. The instructions are beyond the scope of this book, but if you are serious about removing these, he offers a way. See http://www.zdziarski.com/blog/?p=2589.
4. http://www.engadget.com/2014/10/31/court-rules-touch-id-is-not-protected-by-the-fifth-amendment-bu/.
5. http://www.cbc.ca/news/canada/nova-scotia/quebec-resident-alain-philippon-to-fight-charge-for-not-giving-up-phone-password-at-airport-1.2982236.
6. http://www.ghacks.net/2013/02/07/forensic-tool-to-decrypt-truecrypt-bitlocker-and-pgp-contains-and-disks-released/.
7. https://www.symantec.com/content/en/us/enterprise/white_papers/b-pgp_how_wholedisk_encryption_works_WP_21158817.en-us.pdf.
8. http://www.kanguru.com/storage-accessories/kanguru-ss3.shtml.
9. https://www.schneier.com/blog/archives/2007/11/the_strange_sto.html.
10. https://theintercept.com/2015/04/27/encrypting-laptop-like-mean/.
11. http://www.securityweek.com/researcher-demonstrates-simple-bitlocker-bypass.
12. https://www.fbi.gov/news/speeches/going-dark-are-technology-privacy-and-public-safety-on-a-collision-course.
13. http://www.nytimes.com/library/tech/00/01/cyber/cyberlaw/28law.html.
14. https://partners.nytimes.com/library/tech/00/01/cyber/cyberlaw/28law.html.
15. https://www.wired.com/2015/10/cops-dont-need-encryption-backdoor-to-hack-iphones/.
16. http://theinvisiblethings.blogspot.com/2009/10/evil-maid-goes-after-truecrypt.html.
17. https://blog.gdatasoftware.com/blog/article/hotel-safes-are-they-really-safe.html.
18. http://www.snopes.com/crime/warnings/hotelkey.asp.
19. http://www.themarysue.com/hotel-key-myth/.
20. https://shaun.net/posts/whats-contained-in-a-boarding-pass-barcode.
21. Apparently United is one of the few airlines that only gives a partial frequent flyer mile number. Most other airlines do put the full number in the bar code.
22. http://www.wired.com/2014/11/darkhotel-malware/.
23. https://bitlaunder.com/launder-bitcoin.
1. https://www.wired.com/2015/05/silk-road-creator-ross-ulbricht-sentenced-life-prison/.
2. http://www.nytimes.com/2015/12/27/business/dealbook/the-unsung-tax-agent-who-put-a-face-on-the-silk-road.html?_r=0.
3. http://www.wired.com/2015/07/online-anonymity-box-puts-mile-away-ip-address/.
4. https://samy.pl/proxygambit/.
1. There’s more. Even though the FBI identified my apartment complex, they didn’t know where I was. That changed when I stepped outside one night. This story can be found in my book Ghost in the Wires.
2. Sites like Weather Underground put the longitude and latitude of the visitor in the URL.
3. For example, https://www.bitrefill.com.
4. https://nakedsecurity.sophos.com/2015/07/30/websites-can-track-us-by-the-way-we-type-heres-how-to-stop-it/.