Portuguese startup and vigilance

This startup is building and selling to municipalities smart sensors, remoter counters and temperature meters, etc. Can’t open their webpage using Tor
smartcitysensors

http://www.smartcitysensor.pt/

https://vilanovaonline.pt/2020/05/15/tecnologia-smart-city-sensor-produz-torniquete-balnear-para-acesso-seguro-as-praias/

1 Like

Privacy violations that are GDPR-compliant

Thanks for bringing this up @astrange. This reminds me to talk about privacy violations that are not covered by the GDPR. So I’ll use this opportunity to talk about it.

After taking a small look at the technology, it seems that it’s not privacy invasive on a first look as it can’t identify individual people - which makes it not even require GDPR compliance (since that applies only to personal data and personally identifiable data).

But I would argue it can be used for privacy violations that fall outside of the GDPR. In other words it is possible to violate one’s privacy without ever knowing personal data.

For this, we’ll have to take a look at privacy from the following perspective

Privacy as a safeguard from arbitrary interference

Example situation

Imagine they change the conditions of the alert mechanism and make it in a way that it alerts the police when people go to the beach at night (that could easily be done with this tech). The people who decided to take a casual mid-night walk on the beach will have a very unpleasant surprise visit by the police (thinking there was criminal activity on the beach). For sure those people will consider very seriously going to the beach at night.

Thank You for thinking together and commenting :slight_smile:
Indeed, following your line of thought, much that isn’t individual or personal data is violating privacy and human rights. An example might be that we have the constitutional right to assemble, and even if no one is identified that right (which implies that lawful gatherings are outside the scope of the State’s eye) is questioned by this app.Also, how Can a restaurant or an organization telemeter a customer’s temperature without knowing who they are? And then what about sovereignty (back to the Constitution) and metadata about car fluxes? That idea you brought, about privacy (or human rights) violations outside gdpr sound like a very useful and helpful way to approach it! Thanks!

1 Like

Exactly. I think if we frame it as interfering on the fundamental right of assembly and breaking the misconception that GDPR compliant doesn’t mean privacy-friendly we might have a strong defense.

This is actually already tracked. All information about car movements should be registered at toll gates, but I think there is specific legislation to that blocks that data to be used for fining people because at the time people protested about that measure.

If you’re freaked out about that portuguese startup you should look at this one: https://www.sensei.tech/ they are collaborating with supermarkets to turn CCTVs into movement tracking cameras to understand how people are shopping. Privacy violation of epic proportions and sponsored by EU and Portuguese grants :frowning:

Wow! Portuguese too! Major privacy issues, indeed! a bit less obvious while just browsing. Again, can’t open their web page with TOR…
About the tolls… the thing is, i would expect toll data to be collected. Having cities accesses processed in this way is unexpectedly creepy for me, because of the disproportion… in a small town like my own, it doesn’t seem to make much sense, yet i know it’s been marketed to the municipality… and suddenly all of our data is out there, data we , ourselves (the municipality) isn’t aware of and doesn’t even know exists and is unable to know about themselves/ ourselves as much as some company does. Even at a non individual level this looks like a national security breech. I am thinking of shooting a very brief thing in portuguese just enumerating the sorts of personal data that can be extracted and then list examples of metadata. A very non techy thing by a non techy person, to be better addressed later…
I do think people protested against that also :slight_smile: And maybe all this humdrum is helping to make people a bit more aware, but some understanding is in need. This association’s training is really fundamental :slight_smile:

3 Likes

Oh sensei did eventually open on Tor…

I think this is the key issue with surveillance tech. It’s not that municipalities seek it necessary. I’d rather say surveillance companies are keen to promote their products to state entities and it gets seen as fancy tech without getting asked the right questions about data sovereignty. I think in this sense our association could also provide some help by offering consultation for privacy matters. Though that may be a mid-term goal as we need to be know, in order to do that.

yeah, most websites do open via Tor. But if they are not, just try a few of these until it works:

  • click ctrl+shift+l (switches Tor circuit for the website) - repeat 1-5 times can bypass some captcha
  • go to the web archive and paste and search for the website (it will work as a proxy)

(btw, @kgallagher is our expert-in-house of Tor usability)

:slight_smile: In the thing with the public library, we could invite someone over from the municipality. Yes, the discussion about these covid apps and the like feels more like something the companies want to have discussed as a serious issue then something people and municipalities are truly interested in. a dangerous business,
Didn’t know that. Is there a way to circumvent some of the restrictions public workers find in using tor in the workplace? @kgallagher ?

Hi @astrange, I don’t know which kind of restrictions you face in the workplace regarding tor but in case you can’t install it in local computers you can always install it on a pendrive.

1 Like

Pretty much. In practice Tor is not installed at all. It’s just a program that executes when you click it. So you can move is to a usb stick and open it in any computer like @joana said.

I think some workplaces might block connections to the Tor network, where tor effectively can’t start. But there are solutions to that.

They are a list of Tor “nodes” that are not publicly known and they can be obtained from https://bridges.torproject.org/

1 Like

Thank you @Joana and @Core. It’s actually not me, but a friend who complained about this some time ago. I’ll make sure to pass these tips to him. I dont think they’re free to use external drives either, but this will be, I think very useful and I am learning too :slight_smile:

2 Likes

Here you can find all zip files of Tor Browser that you can run without installing it:
https://dist.torproject.org/torbrowser/

Another way to access websites that are blocking Tor is by using a web proxy (such as https://openinternetaccess.com/Web-Proxy) via Tor Browser. This way you can still access websites that are blocking Tor.
Beware: you should never enter any credentials or other valuable information when using web proxies.

2 Likes

Thank you so much, Vasilis! :slight_smile: Great to learn this!You guys are great :-)!

1 Like