Report on the Stalkerware Industry
Citizen Lab just published an excellent report on the stalkerware industry.
Boing Boing post.
Comments
gordo • June 13, 2019 10:16 AM
@ Humdee,
The misused hammer would be referred to as a “blunt instrument”.
Sed Contra • June 13, 2019 10:44 AM
“Set a thief to catch a thief.” Set Google Protect to catch a stalker.
Petre Peter • June 13, 2019 10:54 AM
Does this Stalkware come with a Privacy Policy?
tfb • June 13, 2019 11:24 AM
@Humdee Of course it is how English and other natural languages work: new words and modifications of old words get invented to describe new things: software (itself a new word) gave rise to freeware, crapware, malware, bloatware, ransomware, firmware, nagware, adware, and I am sure many others I have mot remembered. You may not like it, but that is how languages work.
Humdee • June 13, 2019 1:33 PM
@tfb
English invents new words all the time, but there are structured ways to do that; it is plain error to suggest that English is a “free for all”. One the cardinal rules in English neologisms is that we don’t combine an action with an object which is why we have crapware but not talkware and why we have software and hardware but not walkware (instead, we use “wearables”). English keeps its nouns and verbs separate so much so that we even have a distinct category for verbs that act like nouns: gerunds.
Indeed, the list your provided proves the point. Parallelism alone dictates that the proper term should be “stalkware” rather than “stalkerware”. We don’t have “crapperware” or “naggerware” do we?
I suspect, however, that “stalkware” is too ambiguous for the propagandist thrust of the report. Plants, and not the cry of of a victimimization, might sprint to the forefront of the reader’s mind.
LameProtect • June 13, 2019 2:44 PM
@Sed Contra: “Set Google Protect to catch a stalker”:
Not enough, the full paper states that “[…] Google Play Protect system and found that it was generally successful in detecting stalkerware with the exception of Cerberus, which we hypothesize may be due to a non-obfuscated version of the application which was sold as legitimate software on the Google Play Store at the time of writing.”
gordo • June 13, 2019 5:21 PM
Cyberstalking’s IoT cognate:
Cyber Gaslighting: PsyOps in the Home
By Irving Lachnow June 12, 2019
In response to cyber stalking threats, activist Eva Galperin has proposed a solution that combines technical and legal tactics. On the technical side, Galperin has asked antivirus vendors to treat “stalkerware” like malware. One company, Kaspersky, has responded by alerting users when they have stalkerware on their phones and giving users the option to quarantine or remove these apps. On the legal front, Galperin is pushing government officials to prosecute the executives of stalkerware companies for violating criminal laws such as the Wiretap Act and the Computer Fraud and Abuse Act.
Unfortunately, many of these measures cannot be applied directly to cyber gaslighting because, unlike the stalkerware situation, abusers are not adding software to home-based smart devices in order to harass their victims. Instead, they are using the devices as they were intended to be used. Antivirus vendors do not have a role to play in this situation. In cyber gaslighting, the victim may also be dealing with a dozen devices, each of which performs a different function, which may make it difficult to identify the scope of the threat and determine where to focus one’s attention.
Erdem Memisyazici • June 13, 2019 7:13 PM
Stalkers and abusers almost always track their victims like animals.
Otter • June 13, 2019 8:08 PM
The difference between gathering personal information for “commercial purposes” and stalking is almost entirely in the number of victims.
Jerry • June 13, 2019 10:41 PM
@Humdee
That’s a half truth because walk can be used as a noun and we have “spyware.”
I hate people who verb their nouns.
James • June 14, 2019 6:05 PM
A stalker is a stalker, it’s a psychological and/or psychiatric disorder that most times can’t be “fixed”. The means they use to satisfy their sick behavior are irrelevant, as stalking existed long before the Internet. The Internet indeed makes it easier, usually with victim’s willing or unwitting cooperation, however stalking is a serious problem. Usually a stalker will stop if he is imprisoned, committed to a mental institution or killed.
James • June 14, 2019 6:22 PM
By a long shot, debt collectors could be considered stalkers, as they employ similar tactics …
android.keylogger.org • August 15, 2019 4:01 AM
I consider it very premature to call all monitoring products harmful. As already said here, if a kitchen knife has become an instrument of crime, it does not cease to be a tool of a cook.
If some software is positioning as a tracking tool that needs to be installed on someone else’s device, this is one thing (in fact, this is a crime in many countries).
But if I install the monitoring program on MY computer, laptop or smartphone – this is different.
Subscribe to comments on this entry
Leave a comment
Sidebar photo of Bruce Schneier by Joe MacInnis.
Humdee • June 13, 2019 9:19 AM
“Spyware that possesses powerful surveillance capabilities are routinely marketed to consumer audiences to facilitate intimate partner surveillance, parent-child monitoring, or monitoring of employees. When these powerful capabilities are used to facilitate intimate partner violence, abuse, or harassment, we refer to such spyware as stalkerware.”
That’s not the way English works. A hammer can be used to kill someone by hitting them over the head, when that happens we don’t stop calling it a hammer and call it “basherware”…we keep calling it a hammer.
In English, when a thing is misused we use terms such as “misuse,” “abuse,” etc. to describe such inappropriate behavior. We don’t get that thing a new name.
From now on I shall refer to encryption software such as Veracrypt as “cowardware,” since as we all know if you have nothing to hide…