[rodgerd]

On one level I agree - ensuring that it's easier for, say, a criminal gang to track unmarked police cars or abusive exes to find their victims seems a backward step.

The flips side of that, though, is that this power exists and is being used by rich, powerful entities anyway. If I was a law-abiding member of a mosque or political group, I'd love to know that undercover law enforcement officers are trying to stir up trouble, for example. If they can track me, why shouldn't I be able to track them? Or, less melodramatically, the highest rate of road fatalities in my country involve logging trucks. There are persistent claims that companies keep them on the road for more hours than their drivers are legally allowed to work, but they're politically shielded from official investigations. It would be nice for citizen groups to have the tools to investigate those claims.

If we should be able to go about free of day-to-day surveillance (absent good, court-approved cause), which I certainly agree with, then we should be modifying laws and institutions to reflect that. Since what we've got is a situation where the powerful (government agencies, large companies) use the absence of regulation and powerful tools to watch us the second-best option is for us to have the tools to watch them.

[jacquesm]

It'd be trivial to make a car bomb that only explodes when a certain car passes by.

[bigiain]

Sorry, but this is just a "movie plot terrorism" entry for Schneier's annual competition, not reality as we live in it.

In what way is acquiring the skills required to download/compile/configure this software, then integrate it with an electrically detonated bomb - more likely to be undertaken by "the bad guys" than hooking the detonator up to the backlight of a burner phone and standing a block away and texting it? (Just like every reported IED from the latest war-torn country being bombed into democracy and freedom.)

It makes me mad when intelligent people think up "bad things" that might be done with extremely high barriers to entry, when way simpler and easier to achieve methods for the same "bad stuff" are obvious.

Case in point - one of my local councils has just blanket banned "drones" (without even bothering to define what a "drone" is) on the pretext that "there is a concern about people taking unauthorised photos of children in public areas" - See more at: http://www.ausleisure.com.au/news/safety-fears-see-leichhard....

Watch this video of a $600 point-n-shoot camera (at least past the 37 sec mark) and tell me you're more at risk from someone with a drone invading your privacy: https://www.youtube.com/watch?v=Csp6asxf00o

If people want to take your (or your families) picture, they will. Probably with their cell phone without anyone noticing, or with a $600 camera on a tripod so far away you can't even see them. They _won't_ buy a $1,200+ drone and learn to pilot it, then fly it up close where you can see it. (And they _certainly_ won't be learning to assemble and tune their own quadcopter for a few hundred dollars of Chinese sourced parts. Not just to be a creep with.)

Same if they want to blow something up - they're not going to clone some open source code from github, learn how to use it's python bindings, and build a RaspberryPi powered auto-detonator to trigger off your numberplate. There are _way_ lower barrier-to-entry methods to achieve that goal (which are also way more reliable).

[jacquesm]

Yes, who ever thought that aircraft could be used against skyscrapers right? Only in Hollywood.

[bigiain]

And hence we get groped or porno-scanned at every airport check in, and secret no fly lists which are good enough to stop people with names vaguely similar to possible terrorists from flying but which are not accurate enough for use as lists of people who shouldn't be permitted to buy guns.

Do you think that's an appropriate response? Especially since it seems to be almost universally true that every time the TSA is tested, weapons still get through the checkpoints with startling regularity.

Sorry, but I still see this as kneejerk reactions to spectacularly unlikely scenarios of "bad things happening" being proposed and regulated by people who don't care about reducing other people's freedom because it won't affect them personally.

I'm still unsure what you're suggesting "shouldn't be allowed" here? Open sourcing computer vision projects? Publishing on github? SHould all hobbyists leave face detection algorithms to Facebook and Apple and Google, because someone else might misuse the results (worse that Zuckerberg already does)? It's all extremely reminiscent of the "crypto wars" and Homeland Security's new "House Un-American Mathematics Committee": https://twitter.com/puellavulnerata/status/67290345222221824...

Me? I'm 100% for publishing this(and similar) projects - because the tech is already out there and being used. Pretty much every towtruck and repo man has had this tech running for 5+ years, and almost nobody knows. Why is it a problem now that sufficiently motivated geeks can roll their own for ~$100 and a weekend's futzing around? Same with using promiscuous wifi adapters or TV-tuner SDRs to sniff MAC addresses or TMSIs - shopping malls and law enforcement are routinely using that tech to track you, I reckon more art projects showing how simple and creepy it is would be a good thing.

There's another movie-plot bomb detonator for you - an UberTooth One (or $5 Chinese counterfeit wifi adaptor in promiscuous mode) listening for the MAC address of your phone/smartwatch/tablet. What're we going to have to ban in response to that idea?

(I know, lets ban _ideas!_... (Sorry, that's way snarkier than intended...))

[jacquesm]

> Do you think that's an appropriate response?

No because it is not going to make much difference.

> Sorry, but I still see this as kneejerk reactions to spectacularly unlikely scenarios of "bad things happening" being proposed and regulated by people who don't care about reducing other people's freedom because it won't affect them personally.

Fully agreed on that one.

> I'm still unsure what you're suggesting "shouldn't be allowed" here?

This software has a ton of bad use possibilities, I just threw out the first one that I could think of, there are a whole raft of others.

> Open sourcing computer vision projects? Publishing on github?

No, it's inevitable. But there is currently no framework on how to deal with these things. Just because you can doesn't always mean that you should. There are a ton of things I could do that are legal but that does not mean that all those things have a net-positive effect on the society we live in and I think that the ability to build these systems comes with some responsibility.

> Me? I'm 100% for publishing this(and similar) projects - because the tech is already out there and being used. Pretty much every towtruck and repo man has had this tech running for 5+ years, and almost nobody knows.

Yes, but they are limited in quantity and enough of a quantitative change is a qualitative change.

> (I know, lets ban _ideas!_... (Sorry, that's way snarkier than intended...))

I think I beat you to that:

https://twitter.com/jmattheij/status/670367390828535808

[c22]

Trivial might be a stretch. Try talking to some random people who aren't hackers/diy techies. I suspect this sort of task requires at least half a decade of somewhat specialized learning to execute with minimal physical risk, let alone without leaving ample evidence leading to your immediate detention. Most people who put this much time into building a marketable skillset find better things to do than commiting senseless acts of terrorism.

[jacquesm]

Bombs are tremendously easy, making them go off at the right moment is the hard part and with a handy open source license plate reader, a camera and a raspberry-pi with one gpio line that just got a lot easier.

[c22]

Right, but it takes years of immersion in specific fields just to be made aware of the existence of git, let alone grasping the only somewhat related concepts necessary to interface your raspberry pi with your homemade bomb (a whole nother set of skills!) Do you remember your first foray into microelectronics? Let's just say you might not want to use live explosives for your first attempt...

I have a friend who likes to make and print his own 3d models. He built his own 3d printer. I connected the camera he got to his raspberry pi and installed and configured octopi for him because he wasn't confident he could figure it out in a timely manner.

[jacquesm]

Ok, well let's rephrase that: it would be trivial for me and I hate to underestimate the opposition, they're not all dumb. And the proliferation of IEDs in Iraq suggests that those skills are readily transferable.

[bigiain]

So the not-dumb ones probably also know of the existence of things like this: http://www.amazon.com/Linear-Garage-Opener-Receiver-Remote/d...

If you need more than around 200feet of range, a coathanger as an antenna at each end could probably triple that range, a couple of coathangers fashioned into a pair of 310MHz yagis could likely get you several miles range.

All for less than a Raspberry Pi camera.

Even if you, as a "smart guy" were also a bad guy, would you _really_ consider doing things "the hard way"?

The "bad guys" already know reliable ways of long-distance remotely triggering IEDs: https://www.google.com.au/search?q=IED+trigger&num=100&tbm=i...

They're using those cell phone we all threw out 10 years ago. (I think I see a dozen or more of my old Nokia 8210 there...)

[woodman]

> And the proliferation of IEDs in Iraq suggests that those skills are readily transferable.

Nope, there were a small number of bomb makers who provided the bombs to a distribution network - this network then assigned the bombs to emplacement teams. There was also state level assistance coming from Iran. A few bomb makers and a lot of emplacement teams blew themselves up - so it isn't as easy as Hollywood has portrayed.

[mentat]

ADB-B receiver + cheap drones with simple homing software = total shutdown of US air traffic. I think $20,000 is probably an overestimation of what it would take. There's a lot of asymmetric situations starting to "mature" and defense side is way behind since they're using them to exploit the populace. It's not just a "cyber" problem.

[Johnny555]

All of the pieces are readily available online, all it takes is someone to put them together. And it's something that pretty much any high school kid with a credit card and interest in electronics could do.

[toomuchtodo]

Just detect their toll transponder tag in the car, no license plate required.

[jacquesm]

Toll transponders are optional but license plates are not.

Curious the downvotes on that comment, it's totally feasible.

[woodman]

> Curious the downvotes on that comment, it's totally feasible.

I'm guessing that you got downvoted because the logic is ridiculous: LPRs are to be feared because bombs can be attached to them. That is true of every technology. Also, if somebody has your plate number and knows your driving patterns well enough to leave a VBIED there - they could find a much more certain and easily executed method of assassination.

[jacquesm]

A stationary car bomb has a lot of advantages over other assassination methods. For one it allows you to get away, you only need to plant the thing and it could go off hours, days or weeks later. The assassin could be a in a different country when the bomb goes off. You could put more of them at strategic points into a city not knowing anything about the daily routine of your target, just their license plate would be enough. You could drop a bunch of them ahead of time in random places and program all of them by remote to scan for new plates and so on. Not much you could do about it either, every parked car would be a risk.

[woodman]

I'm guessing that you're concerned about a place that has no parking authority, highway patrol, corporate security, nosey neighbors - because an abandoned vehicle won't last more than two days otherwise. There is a reason why assassins have historically chosen guns over bombs, and it isn't due to a lack of technology that places distance between themselves and the target. Like most important things, when assassinating somebody, you want to eliminate as much uncertainty as possible. That is pretty much the opposite of just leaving a bomb somewhere and crossing your fingers. Also, leaving a lot of bombs all over the place increases the odds of detection.

[Johnny555]

I think it'd be more effective against a class of vehicles... like if you have an agenda against Company XYZ, scope out their parking lot and build a database of their employees, then you can target those employees. Likewise, if you want to shut down the entire EMS system, build a database of police, fire, etc vehicles and target them and you can ground the entire EMS fleet.

[woodman]

It would, and a ball-peen hammer is better at mashing potatos than a baseball hat. Just attack the company parking lot or the city motorpool. This whole thing sounds like the darkest rube goldberg machine ever.

[CamperBob2]

TPMS transmitters aren't optional, either...

[jacquesm]

How so? My car works pretty good without them.

[CamperBob2]

They're legally required on current-production cars, so your car "works pretty good without them" in the sense that it also works pretty good without a license plate.

(I suppose technically the TPMS requirement applies to the manufacturer as opposed to the owner, though.)