One million and one Apple device IDs leaked

AntiSec – part of Anonymous – obtained the data by hacking an FBI agent's laptop.

The AntiSec group of hackers – one of many spun off from the sprawling leviathan that is the Anonymous movement – have released what they claim is a set of 1,000,001 unique device identifiers (UDIDs) for iPhones, iPads and iPod touches, which were stolen from the FBI.

The release also contains the device names and APNS tokens, which are key to getting push notifications onto devices, is in itself a pretty big security breach. It's bigger still given the fact that the default device name for Apple products is "[full name]'s iPhone". Even worse, AntiSec claim that the data is just a small part of a much large trove of personal information, which includes the UDIDs of 12,000,000 devices, and "full names, cell numbers, addresses, zipcodes, etc" for a smaller subset of them.

The group explain (at length) why they've leaked the data, and it boils down to trying to get people's attention that "FUCKING FBI IS USING YOUR DEVICE INFO FOR A TRACKING PEOPLE PROJECT OR SOME SHIT [sic]", though they are also aggreived at what they call the "hypocritical attempt made by the system" to encourage hackers to sign up:

You are forbidden to outsmart the system, to defy it, to work around it. In short, while you may hack for the status quo, you are forbidden to hack the status quo. Just do what you're told. Don't worry about dirty geopolitical games, that's business for the elite. They're the ones that give dancing orders to our favorite general, [NSA's general] Keith [Alexander], while he happily puts on a ballet tutu. Just dance along, hackers. Otherwise... well...

The method by which they claim to have got hold of the data is concerning as well – quite aside from whether or not the FBI ought to have the info, if they do, one would hope that they would store it more securely:

During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java, during the shell session some files were downloaded from his Desktop folder one of them with the name of "NCFTA_iOS_devices_intel.csv" turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc. the personal details fields referring to people appears many times empty leaving the whole list incompleted on many parts. no other file on the same folder makes mention about this list or its purpose.

AntiSec also expressed their desire that the leak would expose the flaws with the UDID system itself. Even without any extra info leaked, that breach exposes victims to a fair degree of damage. As one programmer, Aldo Cortesi, writes:

If you use an Apple device regularly, it's certain that your UDID has found its way into scores of databases you're entirely unaware of. Developers often assume UDIDs are anonymous values, and routinely use them to aggregate detailed and sensitive user behavioural information.

Apple has been quietly killing the methods by which developers can access UDIDs for the last year or so, removing their ability to directly read them; but that won't prevent at least some users suffering from this leak. A number of older apps and unsecure networks still allow users to log in using just the UDID as identification. Although this hasn't been recommended practice for some time, not everyone runs their companies the way they ought to.

Unfortunately, we won't be able to hear anything else from AntiSec until Gawker journalist Adrian Chen dresses up in a tutu with a shoe on his head. Yes, those are their demands:

no more interviews to anyone till Adrian Chen get featured in the front page of Gawker, a whole day, with a huge picture of him dressing a ballet tutu and shoe on the head, no photoshop. yeah, man. like Keith Alexander. go, go, go. (and there you ll get your desired pageviews number too) Until that happens, this whole statement will be the only thing getting out directly from us. So no tutu, no sources.

The AntiSec logo, in ASCII-art form.

Alex Hern is a technology reporter for the Guardian. He was formerly staff writer at the New Statesman. You should follow Alex on Twitter.

ILONA WELLMANN/MILLENNIUM IMAGES, UK
Show Hide image

How the internet has democratised pornography

With people now free to circumvent the big studios, different bodies, tastes and even pubic hair styles are being represented online.

Our opinions and tastes are influenced by the media we consume: that much is obvious. But although it’s easy to have that conversation if the medium we are discussing is “safe for work”, pornography carries so much stigma that we only engage with it on simple terms. Porn is either “good” or “bad”: a magical tool for ­empowerment or a destructive influence on society. Many “pro-porn” campaigners shy away from nuanced critique, fearing it could lead to censorship. “Anti-porn” campaigners, convinced that porn is harmful by definition, need look no further than the mainstream tube sites – essentially, aggregators of clips from elsewhere – to gather examples that will back them up.

When we talk about the influence of porn, the emphasis is usually on a particular type of video – hardcore sex scenes featuring mostly slim, pubic-hairless women and faceless men: porn made for men about women. This kind of porn is credited with everything from the pornification of pop music to changing what we actually do in bed. Last year the UK government released a policy note that suggested porn was responsible for a rise in the number of young people trying anal sex. Although the original researcher, Cicely Marston, pointed out that there was no clear link between the two, the note prompted a broad debate about the impact of porn. But in doing so, we have already lost – by accepting a definition of “porn” shaped less by our desires than by the dominant players in the industry.

On the day you read this, one single site, PornHub, will get somewhere between four and five million visits from within the UK. Millions more will visit YouPorn, Tube8, Redtube or similar sites. It’s clear that they’re influential. Perhaps less clear is that they are not unbiased aggregators: they don’t just reflect our tastes, they shape what we think and how we live. We can see this even in simple editorial decisions such as categorisation: PornHub offers 14 categories by default, including anal, threesome and milf (“mum I’d like to f***”), and then “For Women” as a separate category. So standard is it for mainstream sites to assume their audience is straight and male that “point of view” porn has become synonymous with “top-down view of a man getting a blow job”. Tropes that have entered everyday life – such as shaved pubic hair – abound here.

Alongside categories and tags, tube sites also decide what you see at the top of their results and on the home page. Hence the videos you see at the top tend towards escalation to get clicks: biggest gang bang ever. Dirtiest slut. Horniest milf. To find porn that doesn’t fit this mould you must go out of your way to search for it. Few people do, of course, so the clickbait gets promoted more frequently, and this in turn shapes what we click on next time. Is it any wonder we’ve ended up with such a narrow definition of porn? In reality, the front page of PornHub reflects our desires about as accurately as the Daily Mail “sidebar of shame” reflects Kim Kardashian.

Perhaps what we need is more competition? All the sites I have mentioned are owned by the same company – MindGeek. Besides porn tube sites, MindGeek has a stake in other adult websites and production companies: Brazzers, Digital Playground, Twistys, PornMD and many more. Even tube sites not owned by MindGeek, such as Xhamster, usually follow the same model: lots of free content, plus algorithms that chase page views aggressively, so tending towards hardcore clickbait.

Because porn is increasingly defined by these sites, steps taken to tackle its spread often end up doing the opposite of what was intended. For instance, the British government’s Digital Economy Bill aims to reduce the influence of porn on young people by forcing porn sites to age-verify users, but will in fact hand more power to large companies. The big players have the resources to implement age verification easily, and even to use legislation as a way to expand further into the market. MindGeek is already developing age-verification software that can be licensed to other websites; so it’s likely that, when the bill’s rules come in, small porn producers will either go out of business or be compelled to license software from the big players.

There are glimmers of hope for the ethical porn consumer. Tube sites may dominate search results, but the internet has also helped revolutionise porn production. Aspiring producers and performers no longer need a contract with a studio – all that’s required is a camera and a platform to distribute their work. That platform might be their own website, a dedicated cam site, or even something as simple as Snapchat.

This democratisation of porn has had positive effects. There’s more diversity of body shape, sexual taste and even pubic hair style on a cam site than on the home page of PornHub. Pleasure takes a more central role, too: one of the most popular “games” on the webcam site Chaturbate is for performers to hook up sex toys to the website, with users paying to try to give them an orgasm. Crucially, without a studio, performers can set their own boundaries.

Kelly Pierce, a performer who now works mostly on cam, told me that one of the main benefits of working independently is a sense of security. “As long as you put time in you know you are going to make money doing it,” she said. “You don’t spend your time searching for shoots, but actually working towards monetary gain.” She also has more freedom in her work: “You have nobody to answer to but yourself, and obviously your fans. Sometimes politics comes into play when you work for others than yourself.”

Cam sites are also big business, and the next logical step in the trickle-down of power is for performers to have their own distribution platforms. Unfortunately, no matter how well-meaning your indie porn project, the “Adult” label makes it most likely you’ll fail. Mainstream payment providers won’t work with adult businesses, and specialist providers take a huge cut of revenue. Major ad networks avoid porn, so the only advertising option is to sign up to an “adult” network, which is probably owned by a large porn company and will fill your site with bouncing-boob gifs and hot milfs “in your area”: exactly the kind of thing you’re trying to fight against. Those who are trying to take on the might of Big Porn need not just to change what we watch, but challenge what we think porn is, too.

The internet has given the porn industry a huge boost – cheaper production and distribution, the potential for more variety, and an influence that it would be ridiculous to ignore. But in our failure properly to analyse the industry, we are accepting a definition of porn that has been handed to us by the dominant players in the market.

Girl on the Net writes one of the UK’s most popular sex blogs: girlonthenet.com

This article first appeared in the 16 February 2017 issue of the New Statesman, The New Times