by Adam Clark EstesOctober 17, 2014
When apps are accused of shady behavior, Jonathan Zdziarski is the guy that investigates. And this week, the self-identified iOS forensics expert was quick to respond to requests for a deep dive into Whisper, the supposedly anonymous secret-sharing app that’s been taking heat lately. Guess what: Whisper’s not so anonymous.
Zdziarski just published his preliminary findings on Whisper, and they are not encouraging to anybody who’s used the app with the hope of concealing their identity. Actually, based on the back end, he found that Whisper doesn’t even seem like it’s well-intentioned. And if you’re going to listen to anybody about this sort of thing, Zdziarski is a good bet. The security researcher says that he “frequently trains many federal and state law enforcement agencies in digital forensic techniques and assists law enforcement and the military in high profile cases.” He’s also written books about iPhone hacking.
Zdziarski leads off with a startling realization: “The Whisper app does not appear to be a social networking application with analytics; it appears to be an analytics and user acquisition application that also happens to have a social networking component.” In other words, Whisper’s not built to make it easy to share your secrets. It’s designed to keep track of you.
It gets worse. According to Zdziarski, Whisper actually logs identifying data regardless of whether or not you want it to. The iOS expert writes:
The application generates unique identifiers the first time it is run, without any initial user interaction. … These unique identifiers provide positive identification of the device that, given fingerprint and/or passcode authentication, can also serve as positive identification of an individual, eliminating any plausible deniability of the user’s identity. These user identifiers appear to exist for the life of the application, and are assigned even if the user wishes to remain anonymous while using the application.
It gets worse. After The Guardian reported that Whisper tracks users’ locations, sometimes even if they don’t want it to, Whisper’s editor-in-chief Neetzan Zimmerman claimed that the app “HEAVILY FUZZED [location data] to 500 meters away.” This is not true, according to Zdziarski:
In spite of Whisper’s claims that location data is “fuzzed”, “salted”, or in some way cleansed to a large radius, the application requests a level of accuracy from Apple’s CoreLocation manager of no worse than 100 meters, as shown below by the Apple constant kCLLocationAccuracyHundredMeters. Other constants available from Apple include 1km and 3km radii, however these larger constraints were not used by the Whisper app.
It’s worth pointing out that Whisper stores your location data, as well. So even if you only open the app once when location services are enabled, the app keeps that GPS data on file and permanently associates it with your user ID. To that effect, Zdziarski’s conclusion is foreboding:
Anonymous users have good reason to be concerned about their anonymity when using the Whisper application. While they may not have provided their name, the application has generated a unique identifier that can potentially be used to track them throughout the life of the application. When associated with global positioning data of 100m or smaller radius, their identities could be at risk.
In other words, if you want to remain anonymous, don’t use Whisper. [Jonathan Zdziarski]
by Kelsey Campbell-DollaghanOctober 17, 2014
In the early days of modern warfare, ships protected themselves from German U-boats withwild, eye-catching painted patterns called dazzle. The military moved on to new forms of camo decades ago, but for carmakers, dazzle is still the best way to protect prototype cars from being photographed.
If you read our wonderful sister blog Jalopnik, you know how Chevy recently released images of the new Volt covered in swirling, black-and-white camouflage. The release itself was a bit of joke: If you want to keep a car secret, send out a press release! But it’s also a pretty interesting example of how carmakers regularly adapt a century-old optical trick to make sure photos of their new cars don’t reveal too much. We got in touch with Chevy to find out a bit more about these cars.
Chevy Volt’s engineer poses for a press pic.
It seems that the adoption of “dazzle” to hide car designs coincided with the explosion of consumer cameras, and more so with the ubiquity of smartphones. GM told me that the practice began in the late 1980s, but didn’t really explode until the 1990s. “In recent years with the rise of smartphones and mobile internet devices, the vehicle camouflaging technique has really escalated to a technique used for the entire lineup,” the company’s reps added.
So, how does it work? Dazzle camouflage sounds oxymoronic: Why would you cover something you want to disguise with vivid, contrast-heavy patterns? It’s actually one of the primary concepts of camo, found both in nature and manmade systems. Think of a white tiger with black stripes. Those stripes run perpendicular to the line of the lion’s limbs, and in this way, they break up the continuous form of the animal itself. Along the same lines, Army camouflage is designed to break up the lines of soldiers’ arms and legs.
1917: A soldier in World War I models early camouflage. Image via the National Archives/Department of Defense.
Dazzle functions similarly. By creating giant, optical patterns on an object, it makes it hard to track where and how quickly that object is moving. In World War I, these irregular patterns were used to help disguise ships from German U-boats. In fact, even Winston Churchill wrote about noticing them. “The vessels themselves were painted for the first time in the queer mottled fashion which marked the early beginnings of the science of camouflage,” he wrote in 1932’s Thoughts and Adventures, quoted in this paper on dazzle.
Dazzle works well for confusing cameras, too, which is why carmakers are so keen to it. Your camera’s autofocus works by detecting shapes by color and light; dazzle makes it tough for it to focus on the underlying shapes of a car’s body. Here’s a great explanation from Auto Guide's Sami Haj-Assaad:
Some cameras auto focus by using something like SONAR, but instead of sound, using infrared light. The infrared bounces back to the camera and the camera’s computers calculate the difference in time, and focus accordingly. However, if the subject is painted black, it could absorb the infrared light that the camera uses, and makes it harder for the camera to calculate the autofocus.
Of course, dazzle can’t conceal everything. The cars being tested on public roads are close to hitting the floor of your local dealer, and companies simply want to conceal all the glittering details.
The Camaro’s dazzle.
And in a way, now that car dazzle is a widely-acknowledged way to conceal design secrets, it’s also a public relations ploy. Really, it borrows not only the oldest trick in the camo book, but also the oldest trick in the advertising book as well: Secrets sell.
All images courtesy of GM.