google earth

Anonymous Google Earth over Tor

I'm probably not the first one to notice this, but you can actually use Google Earth anonymously (upon first glance at least) over Tor. It seems all the traffic (downloads of maps and textures etc.) goes over port 80 (http) and 443 (https), which can easily be anonymized with Tor (read an older post of mine for details on Tor).

Just type

export http_proxy=http://127.0.0.1:8118/
export HTTP_PROXY=http://127.0.0.1:8118/

and set up Privoxy and Tor correctly, then start Google Earth in the same xterm and you're done. I haven't looked closely at the protocol Google Earth uses (any articles available on that?) but upon a quick glance in Ethereal / Wireshark all traffic is torified, not even DNS requests are leaked. Technical explanation: the Google Earth binary uses libcurl internally, which honors the http_proxy environment variable.

However, that's not a guarantee that you're 100% anonymous, as Goole Earth could send some unique identifier (e.g. MAC address, hard drive ID etc.) to their servers which would spoil your anonymity.

Btw, I actually discovered this accidentally because I have the above HTTP_PROXY lines in my .bashrc, so most of my HTTP traffic is anonymized by default...

Google Earth for Linux - Beta

OK, so Goole has finally released a first version of Google Earth for Linux (beta, of course).

Well, maybe this time they really mean it when they say "beta"...
Google Earth Linux 1 Google Earth Linux 2 Google Earth Linux 3
Here's some quick observations:

  • Of course, it's not open source, you basically get a bunch of *.so files and an executable.
  • It uses a bunch of open source software packages, though, e.g. libcurl, OpenSSL, libjpeg, libPNG, libtiff, libmng, zlib, Expat XML Parser, FreeImage, and a bunch of other things. All the licenses of those projects are contained in a README, though.
  • The installer seems to be (based on) the Loki installer, at least a ~/.loki directory is created with some stuff in it.
  • The maps cache, and some other files are stored in ~/.googleearth.
  • The ~/.googleearth/crashlogs directory contains log files which are generated when the application crashes, and sent to Google upon the next restart of the application automatically. The README says that you should basically chmod 000 ~/.googleearth/crashlogs if you don't want that. They say these files don't contain personal information. I haven't seen one yet (didn't crash, yet), so I cannot tell if that's true.
  • The EULA says that Google Earth will phone home (they call it "check for available updates to the Software"), and that you automatically agree to that when you use it: "By installing the Software, you agree to automatically request and receive Updates".
  • When I start Google Earth, I get a popup window which tells me to install Bitstream Vera Sans fonts or things might look strange. No idea which fonts extactly they mean, I've got the Debian packages ttf-bitstream-vera, and ttf-dejavu, but the warning still appears.
  • After Google Earth connects to the server(s) I get to see something resembling a globe, but not really what I (or Google possibly) expected. There's simply no textures for anything, I just see (broken) wireframes (see screenshot), but that's about it.

I'll have to play around with it a bit more, maybe it's an issue with the NVIDIA drivers or something. But as I don't have the source I can basically just make stupid guesses...

(via Golem, and a bunch of other sites)

Cell Phone Tracking Paranoia

Nothing really new for most of you, but still some good food for thought:

Cell tower records can pinpoint a phone owner's location for police, whether the phone is used or not.

Cell phone trails snare criminals, call or no — a nice article which tells us that several murderers were convicted using (among other things, I guess) cell tower records. Police could often pinpoint the location of the accused within a few blocks and thus "prove" they were lying in court about their location at a given time (i.e., their alibi was smashed).

Of course, this is not a reliable method in all cases. A murderer could give someone else his cell phone to create an alibi in the first place. I can easily imagine lots of other ways to abuse this.

While probably useful in some cases, this is pretty scary stuff. Authorities can track where you are at a given time, and where you are going in realtime. Combine this with Google Earth and you've got some pretty Big Brother style surveillance. This is inacceptable in general, but even more so if performed without probable cause (as has happened already). The EFF has some more information.

Issues like this always make me wonder whether I'm too paranoid or not paranoid enough...

(via Bruce Schneier)

Google Earth

OK, I heard lots and lots of stuff about Google Earth so far. Yesterday, I actually installed it on some not-so-free-OS box and gave it a try. Two things are floating on my mind now:

  1. w00t!
  2. This is the scariest shit one can imagine!

I "browsed" different parts of the world and got more and more fascinated... and scared. For instance you can see the Statue of Liberty, and if you zoom in enough, you see people walking around on liberty island! Nice on the one hand, major security and privacy problem on the other hand.

There are loads of interesting ways to use Google Earth, e.g. over at Google Earth Hacks. I'm afraid most of my spare time during the next few days has just crumbled to dust... Now, if they would only port it to Linux, that'd be really nice...

Syndicate content