why riot is not as scary as you’d think

February 15, 2013

paranoia

Recently, word got out that a major defense contractor has been working on Riot, an application that tracks people across the web to figure out what they’re doing, and give those using it some sort of an idea of their routine. In the demonstration video, an employee is accurately placed as a morning gym rat who can be found on a treadmill at 6 am, should anyone want to ambush him with a warrant or start trailing him for one reason or another. Sounds kind of creepy, huh? It’s a massive computer system that knows where people are, their friends, and gives faceless agents of various three letter entities a deep look into their lives. But of course there’s a caveat to how scary Riot really is and that caveat should worry you, the average internet user, a lot more than anything that can be done by Riot. For all its predictive and tracking abilities, Riot can only use public data, data you shared with social media sites which can be read with an RSS feed. So the efficacy of Riot is essentially based on its victim rather than a backdoor into his digital life.

Don’t want yourself targeted by Riot or whatever Riot 2.0 is being cooked up? Keep as much as you can off Facebook and make sure you and your friends stay on top of your current security settings. Turn off any automatic geolocation services on your smartphones and on your favorite social media sites and clients, and don’t check in on any of them. This would make you virtually invisible to the application. You’d be little more than an occasional blip on the radar which isn’t all that easy to decipher. Now, if Riot was able to crack your passwords or install a backdoor into your social media accounts and your phone, then you’d have to start worrying. But what I saw in the demos shows a sales pitch for an automated way to do something many intelligence agency analysts can do by hand nowadays and reliant on internet savvy but security naive users to do much of the data mining on themselves, handing over their lives via FB and Twitter.

If anything, the leaked video shows how easy it is for those who live on the web to expose a lot more than they think they’re exposing to the outside world, that is if they’re even aware of how freely they release intimate details about their lives and daily routine to complete strangers. And of course, those who are mindful of how much data is being collected on them and how easily an overlooked security setting can put information meant solely for friends and/or family can spill in the social media world, will take care not to expose themselves the way Raytheon’s test subject did, rendering the use of this app to find potential terrorists and spies rather moot. The digital medium allows for all sorts of interesting cat and mouse head games and false trails can cover a spy’s trail, leading analysts to dead ends and making them waste hours on wild goose-chases as they try to establish routines and patterns from fictional data being fed into social media sites on a daily basis. And this is why Riot is likely still in its proof of concept stage…

[ illustration by Sven Prim ]

Share
  • Big Tim

    Sounds like a cookie for real life – it’ll only be a problem for the paranoid, cdiminals or Terrorists

  • TheBrett

    I’ve never authorized any social network or other program to activate geo-locating. It just sounds creepy and intrusive, plus there have been instances where idiots left their Facebook profiles open to public viewing and got robbed because they were listed as being away from their homes.

  • Paul451

    For all its predictive and tracking abilities, Riot can only use public data, data you shared with social media sites which can be read with an RSS feed. So the efficacy of Riot is essentially based on its victim rather than a backdoor into his digital life.

    However, there’s nothing to prevent said three letter agencies from adding less public data, such as your cellphone use (and location), all financial details such as credit-card use, travel records, plus any other information that is routinely provided to law-enforcement from private companies without a warrant (such a hotel registrations/hire-cars/etc).

  • Paul451

    …social activists, whistleblowers, journalists…