I Spy You

“Jay, can somebody spy on me, including my activities in my home, if I use my computer?”


I was asked this question by a friend of mine, since one of her friends told her that it is possible. Or may be she really suspected that this particular friend is doing that. I did not take her seriously that time. But I asked his credentials and she told me that this guy is a Russian spy working for the US (waahhhaa). I did not believe her but the stuffs she told about him made me think that he knows something. I gave her some general tips about internet security.


Ok, how can we secure our computer 100%? There is only one way, don’t use internet. Keep it standalone and use only genuine software. Is that practically possible?


The answer is ‘No’ and this means there is nothing like 100% privacy if we are using internet. Our browser discloses some basic information about us to every site we visit. But my friend’s fears were much deeper. She wasn’t bothered about her IP address or browser type or location or operating system details being exposed. But she suspected that her camera and microphone is spying without her knowledge. Is that really possible?


Almost everyone who use computer know that there is something called ‘cookies’. Some people don’t know why it is there and some know why it is there. There are cookies which spy on us and there are cookies we need for normal functioning of most of the ‘considered safe’ sites (like an e-news paper ). And most of us delete these cookies very often and thinks that that is the end. But that is not the case.


The lion’s share goes to the lion. In the same way the giants in the internet are responsible for lifting information from our computer and many a times, we might have given them the right to do so when we accepted the terms and conditions without reading them. Most of the animated stuffs in the net is flash based and for that we need to install flash that comes from Adobe. This is free. Here we need to understand that anything that comes free in the net has something attached to it, in general.


There is something called LSO (Local Shared Objects). There are similar to cookies; like a bunch of cookies in a single file. (LSOs are not kept by individuals but by websites and can be deleted using some tools or browser plug-in, that is not my topic here, this time.)What do they do?


-they are never expiring - staying on your computer for an unlimited time.

- by default they offer a storage of 100 KB (compare: Usual cookies 4 KB).

- browsers are not aware of those cookies, LSO's usually cannot be removed by browsers.

- via Flash they can access and store highly specific personal and technical information (system, user name, files,...).

- ability to send the stored information to the appropriate server, without user's permission.

- flash applications do not need to be visible- there is no easy way to tell which flash-cookie sites are tracking you.

- shared folders allow cross-browser tracking, LSO's work in every flash-enabled application

- the company doesn't provide a user-friendly way to manage LSO's, in fact it's incredible cumbersome.

- many domains and tracking companies make extensive use of flash-cookies.


(courtesy :Netticat)


This is controlled by Adobe’s flash and unfortunately, a normal computer user can not delete it (well, anybody can do a Google and find out how to delete it. but most of the normal users might not have even heard of LSO, in the first place. Then how can they delete?). Secondly, we can not make any setting changes at our end. When flash is installed for the first time in the computer, it asks for some settings and it will be stored as our default setting for every site we visit. These LSOs can lift more information than a normal cookie. So, how can we control them?


Either we need to make changes for every site we visit individually or we need to go to Adobe’s site and set the Global settings for our flash. Most of us are not aware that there exists such a site from Adobe where we can set our privacy settings related to flash.



Adobe's Global Flash Privacy setting site:


http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager04.html


Global Privacy setting gives us two options – Always deny and Always ask


What is Always deny? Adobe says:


“If you select Always Deny and then confirm your selection, any website that tries to use your camera or microphone will be denied access. You will not be asked again if a website can use your camera or microphone. This action applies both to websites you have already visited and to those you haven't yet visited.”


This shows that using flash programming, a web site can access our camera and microphone (that is how web based video and audio chats work).


So, it is better every one of us visit Adobe’s Global flash setting page and make sure that our privacy settings are fine. And we can have a look at the present LSOs sitting in our computer too.


Back to my friend… I told her to not to worry about that kind of spying. Just because you have a mic and cam in your computer does not mean that anybody can access them without you knowing it. Logically, it is possible to un-mute our mic using a script (using the mixer API, in the case of windows). That is not at all a kid's play.



Even an embassy got hacked the other day, so what privacy we normal people can expect with our free anti-virus and firewalls?


Well, if CIA has not kept their server in our house, there is not need to worry too much about somebody trying to spy on us using our own cam and mic (that too with out we knowing) provided we are not discussing super secrets that can trigger some nuclear weapons, sitting just in front of our computer.


Always follow some general internet safety measures when visiting web sites and most importantly use common sense !