Tutorial: Creating one-tap shortcuts to turn on Apple Airtag unknown tracker alerts

[Wally J]

Tutorial:
Creating one-tap shortcuts to turn on Apple Airtag unknown tracker alerts.
Works on both Windows & Android (if your Android is on your local network).

Disclaimer:
I didn't know a thing about this until I saw micky's recent thread.
*Deep thoughts: Airtags for Android*
<https://groups.google.com/g/comp.mobile.android/c/60bIiN5bty0>
So everything could be wrong - but I tested everything I wrote below.

Note: Three motherships are involved, Android, Windows & Apple Airtags.
(See adb command to check for unwanted airtags using a Windows PC.)

Here is how to create one-tap shortcuts to Android unknown trackers:
<https://i.postimg.cc/597JNDVR/unknowntracker01.jpg>
<https://i.postimg.cc/K8tkchJV/unknowntracker02.jpg>
<https://i.postimg.cc/rwb3T30Y/unknowntrackers03.jpg>

1. Start MuntashirAkon App Manager
<https://github.com/MuntashirAkon/AppManager>
<https://muntashirakon.github.io/AppManager/en/>
<https://f-droid.org/packages/io.github.muntashirakon.AppManager/>

2. Search for "Google Play Services", tap on it, and then tap
the "Activities" tab & search for "Unknown tracker alerts".

Click the "Create shortcut" button & place in your shortcut folder.
Voila!
You just created a one-tap shortcut to the unknown trackers GUI.

If you want to change the icon, just go to images.google.com and
type in "unknown trackers" and screenshot the page that results.

Then paste that screenshot into any image editor (e.g., Irfanview)
and crop to a 48x48 pixel square PNG icon (transparent bg or not).

Longpress on the shortcut to set the icon to that square PNG.

3a. To run automatic scans for unwanted unknown Apple Airtag trackers
a. Tap your one-tap shortcut to turn "Bluetooth" on
b. Tap your one-tap shortcut to turn "Location" on
c. Tap your one-tap shortcut for "Unknown tracker alerts"
d. Set "Allow alerts" to "ON"
"When alerts are on, you'll get a notification if an
unknown tracker is detected traveling with you.
Alerts are deleted after 48 hours."
<https://support.google.com/android/answer/13658562>

3b. To run manual scans for unwanted unknown Apple Airtag trackers
a. Tap your one-tap shortcut to turn "Bluetooth" on
b. There is no need to turn "Location" on
c. Tap your one-tap shortcut for "Unknown tracker alerts"
d. There is no need to set "Allow alerts" to "ON"
e. Under "Manual scan", tap "Scan now"
f. You will see "Checking for trackers" for about 15 seconds
g. And then you should see "No trackers detected"

Make sure you tap your one-tap shortcuts to turn bluetooth off
once you've run a manual scan. You need "Bluetooth" & "Location
on (in addition to "Allow alerts" to be on) for automatic scans.

---< below is background information with gory details >---

*Unknown tracker alerts currently work with Apple AirTags*
<https://support.google.com/android/answer/13658562>

How unknown trackers work:

An unknown tracker alert is sent when someone else's tracker device
is separated from them and detected to be traveling with you
(and out of Bluetooth range from the owner).

The notification alerts you to the tracker and tells you how
to find it and what to do next.

Bluetooth trackers, also called tags, are small devices that you
can attach to items, like keys or a backpack, to help you locate
them if they get lost.

However, in some cases, these devices can be misused to track
others without their knowledge or consent.

You can identify, find, and remove trackers that have been placed
near you or in your belongings without your knowledge or consent.

Notice the tracker alert requires both Bluetooth & Location.

URI=intent:#Intent;package=com.google.android.gms;component=com.google.android.gms/com.google.android.personalsafety.settings.BleTagSettingsActivity;end
ACTION=android.intent.action.VIEW
COMPONENT=com.google.android.gms/com.google.android.personalsafety.settings.BleTagSettingsActivity
PACKAGE=com.google.android.gms
LABEL=Unknown tracker alerts
NAME=com.google.android.personalsafety.settings.BleTagSettingsActivity
PACKAGE=com.google.android.gms

If you want to start this Android activity from Windows, use this:
C:\> adb shell cmd activity start --user 0 -a android.intent.action.VIEW -n com.google.android.gms/com.google.android.personalsafety.settings.BleTagSettingsActivity -f 0 com.google.android.gms

If you know more, please add value so that everyone learns from you.
--
The whole point of Usenet is to find people who know more than you do.
And to contribute to the overall tribal knowledge value of the newsgroup.

[Andy Burns]

Wally J wrote:

> Here is how to create one-tap shortcuts to Android unknown trackers:
> <https://i.postimg.cc/597JNDVR/unknowntracker01.jpg>

Have you (or PostImage) recently changed the compression level on your
screenshots? They look really low quality when zoomed in now ...

[Wally J]

For the Windows users, I forgot to mention that I don't ever need to
touch the Android phone nowadays because I use the Windows monitor,
keyboard & mouse for that (which makes the phone about 2-feet tall).
*These 2 commands cast your phone into a 2-feet-tall giant on your PC monitor over Wi-Fi*
<https://groups.google.com/g/alt.comp.microsoft.windows/c/AlIRPbb2tgY/>

That is, over Wi-Fi, every phone on the LAN is operated via scrcpy
freeware to mirror the phone and clipboard from Android to Windows)...

However... even without scrcpy (screen copy) freeware mirroring...

You can still control the phone from Windows if you know the screen
position of the buttons - which you can find out for your phone.

1. On Android, set "Developer options > Pointer location = on".
2. Once set, then go to the desired "Allow alerts" button & tap it
3. Android will report the X:Y location, e.g., X=600 Y=775 on my Galaxy

Then you add the adb command to turn on "Allow alerts" from Windows:
C:\> adb shell input tap 600 775

That will turn the "Allow alerts" on from Windows, but how do you run a
manual scan, given you now need to _scroll_ to a new screen to see it?

Ah... if you're controlling Android from Windows, you can do anything.
The problem to solve is the screen X:Y location resets for each scroll.

Drat.... But wait... Not to worry...

A list of adb keycode options are listed in the Android documentation:
<https://developer.android.com/reference/android/view/KeyEvent#constants_1>
C:\> adb shell input keyevent KEYCODE_HOME
That should press the "Home" button.
C:\> adb shell input keyevent KEYCODE_CAMERA
That should press the "Camera" button.
C:\> adb shell input keyevent KEYCODE_BACK
That should press the "Back" button.
C:\> adb shell input keyevent KEYCODE_HEADSETHOOK
That should press the "Headset" button.
etc.

Doing a "Control+F" for "scroll" finds the command we need to scroll.
C:\> adb shell input keyevent KEYCODE_MOVE_END
Notice that's the same "full scroll" to the bottom, every time.
That's good because it means the button position will repeat itself.

Sans an if-then-else, this tutorial will assume the starting point
of "Allow alerts is off" as I'd have to write an if-then-else if not
(and I suck at shell programming - that's what alt.msdos.batch is for).

So it's these commands from Windows to run a manual scan on Android.
A. From Windows, set the Android phone to the homescreen
B. From Windows, bring up the "Unknown tracker alerts" activity
C. Then from Windows, turn "Allow alerts = ON"
D. Then from Windows, scroll completely to the bottom of the screen
E. Now you can, from Windows, press the "Scan now" button
F. If desired, press HOME to return back to the homescreen

Now let's put that plan into action... from Windows, try this.
(Start at a known clean starting point)
C:\> adb shell input keyevent KEYCODE_HOME

(Bring up the "unknown tracker alert" activity)

C:\> adb shell cmd activity start --user 0 -a android.intent.action.VIEW -n com.google.android.gms/com.google.android.personalsafety.settings.BleTagSettingsActivity -f 0 com.google.android.gms

(Set "Allow alerts = on")
C:\> adb shell input tap 600 775

(Scroll fully to the bottom of the activity displayed)
C:\> adb shell input keyevent KEYCODE_MOVE_END

(Tap the "Scan now" button)
C:\> adb shell input tap 125 1320

(Return to your known clean starting point)
C:\> adb shell input keyevent KEYCODE_HOME

Voila!

Note this will work no matter where your Android phone is located,
as long as your phone is on your LAN and also connected to adb.

Tested just now (only!) on my Android 13 Samsung Galaxy A32-5G.

[Wally J]

C:\> adb shell cmd activity start --user 0 -a android.intent.action.VIEW -n com.google.android.gms/com.google.android.personalsafety.settings.BleTagSettingsActivity -f 0 com.google.android.gms

(Set "Allow alerts = on")
C:\> adb shell input tap 600 775

(Scroll fully to the bottom of the activity displayed)
C:\> adb shell input keyevent KEYCODE_MOVE_END

(Tap the "Scan now" button)
C:\> adb shell input tap 125 1320

(Return to your known clean starting point)
C:\> adb shell input keyevent KEYCODE_HOME

Voila!

Note this will work no matter where your Android phone is located,
as long as your phone is on your LAN and also connected to adb.

Tested just now (only!) on my Android 13 Samsung Galaxy A32-5G.

[Wally J]

Andy Burns <use...@andyburns.uk> wrote

Hi Andy,

Yes. I'm surprised you noticed. I recently turned it down to 75% where I
often do multiple saves in JPEG of a random number due to inevitable edits.

Wow. I'm impressed.

Here are the images without that compression (but with FFT obfuscation).
<https://i.postimg.cc/mgzvw0mv/unknowntracker01x.jpg>
<https://i.postimg.cc/G90F1T1J/unknowntracker02x.jpg>
<https://i.postimg.cc/NfzhRgk8/unknowntrackers03x.jpg>

Are those better?
10/22/2023 03:31 AM 198,150 unknowntracker01.jpg
10/22/2023 07:10 AM 918,024 unknowntracker01x.jpg
10/22/2023 05:22 AM 202,360 unknowntracker02.jpg
10/22/2023 07:10 AM 927,583 unknowntracker02x.jpg
10/22/2023 05:09 AM 79,650 unknowntrackers03.jpg
10/22/2023 07:11 AM 352,299 unknowntrackers03x.jpg

I don't test the postimages as 'they' would (over time) be able to
track me from just those tests (as I'd always be the first downloader),
so I only look at the postimages sporadically (& always on random VPN).

If I ever look at them, I introduce random latency to that lookup for
that reason (much as I copy a magnet days before running the torrent).

Privacy is everything when you post thousands of images to the net. :)
I'm impressed though that you noticed that recent change in compression.

It's pretty much only Paul and I who care enough to provide others
with annotated screenshots (since they're clearly a bitch to make)
so I'm happy that you, at least, are _looking_ at them (as my goal
is to be purposefully helpful & yet they take a lot of effort).

What I'll do is decrease the compression (I could also save as a BMP/GIF).
I'll put it back to, oh, I think it was previously at around 90% or so.

I'm a privacy kind of guy so what I say below requires aluminum foil...

Bear in mind that I post thousands of images to the Internet on a
variety of forums, and hence I'm aware of Fourier transforms & how they're
used by TLAs to identify the exact camera that snaps any photo so I also
run a few randomized operations that aim to prevent FFT fingerprinting.

I'm pretty sure Andy understands as he and those like Stan, Paul, & Herbert
are way smarter than I am, but for those who don't know this fact,
if you put photo #1 from your camera on Facebook, and then you put Photo #2
in your political discussion group... "they" (they who run that software),
can uniquely associate _every single picture_ you ever posted to the
Internet to that same camera - simply by fingerprinting the pixel flaws.

Yes. Every single photo.
Which, let's agree, you might not want "them" doing, right?

How do you stop them from knowing every photo ever posted to the Internet?
Me?

I run a series of image-obfuscation steps to make that image fingerprinting
harder, just as I do with my browser by changing randomly the string
and timezone and the Windows installed fonts & other fingerprinting data.

Inevitably, those pixel-flaw obfuscation efforts also lower image quality.
Although what you're noticing is probably the switch to 75% JPG quality.

[Wally J]

Wally J <walte...@invalid.nospam> wrote

> That is, over Wi-Fi, every phone on the LAN is operated via scrcpy
> freeware to mirror the phone and clipboard from Android to Windows)...

Sorry for the hiccup. I had NOT meant to post this article twice.

Sometimes, with Wolfgang Weygand's Eternal September (ES), it says it
failed, but in reality, it's just delayed by ten minutes or so. Sigh.

I'm using Herbert's alt.msdos.batch timezone randomizer which seems to
cause the SSL in TOR & VPN encryption to have issues when the timezone
randomly switches out from under it. It only happens with Ray Banana's
Eternal September NNTP server though, but I can't use Ivo Gondolfo's bofh
server with this set of newsgroups as paga's filters are Draconian compared
to Wolfgang's much more lax ES filters.

You can see the timezone flip in the timestamps of the resulting files.

<https://i.postimg.cc/597JNDVR/unknowntracker01.jpg>
<https://i.postimg.cc/K8tkchJV/unknowntracker02.jpg>
<https://i.postimg.cc/rwb3T30Y/unknowntrackers03.jpg>

<https://i.postimg.cc/mgzvw0mv/unknowntracker01x.jpg>
<https://i.postimg.cc/G90F1T1J/unknowntracker02x.jpg>
<https://i.postimg.cc/NfzhRgk8/unknowntrackers03x.jpg>

Where it looks like a random shift of about 3 hours moments ago.

10/22/2023 03:31 AM 198,150 unknowntracker01.jpg
10/22/2023 07:10 AM 918,024 unknowntracker01x.jpg
10/22/2023 05:22 AM 202,360 unknowntracker02.jpg
10/22/2023 07:10 AM 927,583 unknowntracker02x.jpg
10/22/2023 05:09 AM 79,650 unknowntrackers03.jpg
10/22/2023 07:11 AM 352,299 unknowntrackers03x.jpg

Note that my NNTP headers don't reflect the timezone of the machine because
I don't use a newsreader for Usenet, but a set of telnet/vim scripts.

The header is completely bogus, and randomly plucked out of a dictionary
lookup table where I don't even know what's in the headers (as the gift of
the value in messages on Usenet is not in the meaningless wrapping paper).

At one point it even plucked out Andy Burns' header (where the dictionary
was originally created from a script that gathered up real headers and
randomly re-utilized them - but I've added recently a catch for that).

Each newsgroup gets headers that the newsgroup is familiar with.
(It's all part of the plan of remaining anonymous while posting
tons of value to the Internet via dozens of disparate forums).

PS: If someone can explain HOW the heck SSL _knows_ your "real"
timezone, please explain it to me as I don't know how they do it.
--
Ignorance can be cured - often with effort... but stupidity is permanent.

[candycanearter07]

On 10/22/23 06:19, Wally J wrote:
> I'm pretty sure Andy understands as he and those like Stan, Paul, & Herbert
> are way smarter than I am, but for those who don't know this fact,
> if you put photo #1 from your camera on Facebook, and then you put Photo #2
> in your political discussion group... "they" (they who run that software),
> can uniquely associate _every single picture_ you ever posted to the
> Internet to that same camera - simply by fingerprinting the pixel flaws.
>
> Yes. Every single photo.
> Which, let's agree, you might not want "them" doing, right?
>
> How do you stop them from knowing every photo ever posted to the Internet?
> Me?
>
> I run a series of image-obfuscation steps to make that image fingerprinting
> harder, just as I do with my browser by changing randomly the string
> and timezone and the Windows installed fonts & other fingerprinting data.
>
> Inevitably, those pixel-flaw obfuscation efforts also lower image quality.
> Although what you're noticing is probably the switch to 75% JPG quality.

Huh, neat. Can you provide stuff for further reading? I tried to Google
it, but couldn't find much.
--
user <candycane> is generated from /dev/urandom

[candycanearter07]

On 10/22/23 06:41, Wally J wrote:
> Sorry for the hiccup. I had NOT meant to post this article twice.
>
> Sometimes, with Wolfgang Weygand's Eternal September (ES), it says it
> failed, but in reality, it's just delayed by ten minutes or so. Sigh.
>
> I'm using Herbert's alt.msdos.batch timezone randomizer which seems to
> cause the SSL in TOR & VPN encryption to have issues when the timezone
> randomly switches out from under it. It only happens with Ray Banana's
> Eternal September NNTP server though, but I can't use Ivo Gondolfo's bofh
> server with this set of newsgroups as paga's filters are Draconian compared
> to Wolfgang's much more lax ES filters.

It's not just you that has that issue with ES. I've had that happen
multiple times, and there's a thread in e-s.support about it. Hopefully
a fix will come soon.

> PS: If someone can explain HOW the heck SSL _knows_ your "real"
> timezone, please explain it to me as I don't know how they do it.

My guess is IP fingerprinting, but I'll look it up.

[candycanearter07]

There's almost nothing about it, but these might help?

https://security.stackexchange.com/questions/71364/tls-reliance-on-system-time
https://stackoverflow.com/questions/40372487/will-timezone-change-affect-ssl-handshakes

[Andy Burns]

Wally J wrote:

> Andy Burns wrote:
>
>> Have you (or PostImage) recently changed the compression level on your
>> screenshots? They look really low quality when zoomed in now ...
>

> Yes. I'm surprised you noticed.

> Here are the images without that compression (but with FFT obfuscation).
> <https://i.postimg.cc/mgzvw0mv/unknowntracker01x.jpg>
>

> Are those better?

they are

> I don't test the postimages as 'they' would (over time) be able to
> track me from just those tests (as I'd always be the first downloader),
> so I only look at the postimages sporadically (& always on random VPN).

If "they" could track you via download logs, can't they also track you
via upload logs?

> It's pretty much only Paul and I who care enough to provide others
> with annotated screenshots (since they're clearly a bitch to make)

Yeah, I generally just save screenshots, very rarely with a bit of
highlighting.

> Bear in mind that I post thousands of images to the Internet on a
> variety of forums, and hence I'm aware of Fourier transforms & how they're
> used by TLAs to identify the exact camera that snaps any photo

Is there a camera involved? I thought we were discussing screen
captures, rather than photos of screens.

> I'm pretty sure Andy understands as he and those like Stan, Paul, & Herbert
> are way smarter than I am, but for those who don't know this fact,
> if you put photo #1 from your camera on Facebook, and then you put Photo #2
> in your political discussion group... "they" (they who run that software),
> can uniquely associate _every single picture_ you ever posted to the
> Internet to that same camera - simply by fingerprinting the pixel flaws.

I would expect that sort of thing is possible, but might have assumed it
would take "several" photos, no just two to make the connection, and I
wouldn't expect it to be feasible across all photos, but reserved for
the sort of folk who appear on most-wanted lists.

[Wally J]

Andy Burns <use...@andyburns.uk> wrote

>> I don't test the postimages as 'they' would (over time) be able to
>> track me from just those tests (as I'd always be the first downloader),
>> so I only look at the postimages sporadically (& always on random VPN).
>
> If "they" could track you via download logs, can't they also track you
> via upload logs?

Hi Andy,

Yes. But I have, among my degrees, engineering & microbiology degrees,
where each field has a set of "good practices" that you always follow.

And, looooooong ago, I had TSSI clearance when I worked with the people
whom we shall simply call "Fort Meade" (way before the new buildings) where
they had this big brick building with all the windows covered from floor to
ceiling with heavy layers of carpet-like curtains - and where they escorted
you even _in_ the bathroom (which is the only place I visited that ever did
that although Haifa's visits were similarly secretive - and where I recall
they showed me the holes in the outside safe-room walls from the missile
blasts raining down from Lebanon).

At least in Haifa they have those special protect-you-from-everything rooms
(which is kind of sort of like what I'm trying to do here with images).

For example, I wash my hands after I pee for a happy birthday song time.
And I ground my hands by touching metal before I remove a socketed chip.

Am I really worried that the spirochetes are gonna get me?
Or that the 30K volts from my body is gonna destroy the CMOS gates?

No.
It's just basic habitual good practice.

As for upload logs, I once sold a car so I left a forum and I was shocked
that people were looking for me for years. My contributions to that forum
were acknowledged to be the best where they're still often the first Google
hit when you search for specific keyworded brand-related problem sets.

That shocked me.
People truly care to track me down.

Some geolocated my photos to the same area I lived and they asked the
administrators to track me down. They even checked the obituaries. If you
have a private way of communicating with me I can prove that they tried to
track me down because they were worried that I had died - but the point is
that I keep my real IP address out of anything that I have to log into.

Even Rod Speed, whom I reported to the FBI for asking people to kill me
and, in doing so, he asked them to contact him at his mail address, tried
to track me down when I had Paolo remove a.h.r from his news servers.

But to answer your question about download logs, that's one reason why I
never download my own pictures at any time near upload (or ever, if
possible).

And I don't post to the same nntp newsserver that I read from, as another
example of just basic good practices.

I have every web browser known to man installed, so that I can use one web
browser per task such that it's set up specifically for _that_ task.

I have killswitches that I run when I use decryption software, for another
example, just in case someone is watching in real time (although a
keystroke recorder would negate that in a flash even as I move the mouse on
and off the input field whenever I'm typing passphrases into login fields).

At last count I had six thousand free VPN servers, which are randomly
rotated through, where none of them require a login - but of course - the
VPN service certainly has my IP address.

You may notice my screenshots show GPS spoofing where my phone's location
is always spoofed (where it changes at a certain rate but I wish I could
get it to follow a road instead of just moving randomly about).

It disturbs me that my neighbors don't employ SSID broadcast "hiding" and
that they don't put "_nomap" on their access point SSIDs because Google
Maps has a conniption when it thinks I'm at the San Jose Airport and my
true home location at the same time where you can rest assured I have
"_nomap" and hidden broadcast to prevent my exact location being in the
Google or NetStumbler or WiGle or Mozilla, etc., wardriving databases.

These are all just basic "wash your hands & disinfect your needles" habits.

As a side note, I think it's incredibly rude for the many stupid people
(which are about 990 out of 1000 people) who don't think twice about
broadcasting their SSID in the clear and not including the "_nomap" and
then it's doubly rude for even more stupid people to habitualy upload
everyone's unique BSSID/GPS to those same tracking databases.

It's like 990 out of 1000 people kick a stray dog, just because they can.

>> It's pretty much only Paul and I who care enough to provide others
>> with annotated screenshots (since they're clearly a bitch to make)
>
> Yeah, I generally just save screenshots, very rarely with a bit of
> highlighting.

You do too. It's only the ones who care the most who upload screenshots.
Me? I strive to add value archived for many future users to benefit.

>> Bear in mind that I post thousands of images to the Internet on a
>> variety of forums, and hence I'm aware of Fourier transforms & how they're
>> used by TLAs to identify the exact camera that snaps any photo
>
> Is there a camera involved?

Your thoughtful question shows you're thinking - and - that you're well
ahead of me - as always - in terms of your knowledge level & acumen.

The display of the Android phone is being "recorded" by the Android
screenshot capability - and the display of the PC is also doing that.

Are those two screen displays capable of being digitally fingerprinted?

> I thought we were discussing screen captures, rather than photos of screens.

It's a habit for all images which are posted to the Internet, even on
social media, just alike disinfecting all my meth needles is a basic habit.

However, you bring up a great point where _different_ things are involved!
a. The screen capture of the phone (specifically for long scrolls)
b. The screen capture of Windows (of the phone, via Irfanview's "C" cmd)
c. The camera images (which are less used in OS stuff than in other areas)

Since I'm on many web discussion forums (e.g., I write the best tutorials
you've ever seen for step-by-step electronics repair, for example) there's
a camera involved in almost every situation for home and automotive repair.

However, _most_ cases on these newsgroups are screen captures from Windows
of the Android screen as displayed by scrcpy onto Windows using Irfanview.

But not all cases, since long scrolls, are captured on Android as I don't
know of any way on Windows to capture a long scroll on Android. Do you?

What I do, of course, is habitually mount my phone (over WebDAV over Wi-Fi)
as a Windows drive letter where only recently did I get that hands off.
*How to take long Android screenshots from Windows without touching buttons*
<https://groups.google.com/g/comp.mobile.android/c/W2l42QgUXZI>

These long scrolls are initiated from Windows (because I never touch my
phone, that's why) and, of course, they're autosaved to the DCIM
Screenshots location, which is mounted as a drive letter on Windows.

Since I was born a problem solver, I just realized as I was typing that up,
that I can maybe capture the long scroll from Windows by displaying the
long scroll on Android and then using Irfanview to snapshot it on Windows.

Then I don't even need to copy the long scroll from the Android Windows
drive letter into my editing folder since Irfanview already does that.

Hmmm... good idea. I'll try that next time & check if resolution suffers.

>> I'm pretty sure Andy understands as he and those like Stan, Paul, & Herbert
>> are way smarter than I am, but for those who don't know this fact,
>> if you put photo #1 from your camera on Facebook, and then you put Photo #2
>> in your political discussion group... "they" (they who run that software),
>> can uniquely associate _every single picture_ you ever posted to the
>> Internet to that same camera - simply by fingerprinting the pixel flaws.
>
> I would expect that sort of thing is possible, but might have assumed it
> would take "several" photos, no just two to make the connection, and I
> wouldn't expect it to be feasible across all photos, but reserved for
> the sort of folk who appear on most-wanted lists.

No. I posted about this years ago. It takes only a two photos to 100%
accurately identify the EXACT camera according to reports from years ago.

Of course, I asked about this on the rec.photo.digital newsgroup, and this
newsgroup, as I recall - but nobody knew anything about it - and - truth be
told - very few people other than the likes of Paul will even understand
it.

I'm sure you do - but you're not on the r.p.d newsgroup - where you'd
"expect" them to know something about photo fingerprinting - but I asked
the question over a couple of years in multiple occasions and determined it
would be a waste to continue trying as they know absolutely nothing.

I was disappointed in the lack of knowledge, and how childish the responses
were (tin foil stuff) but then again, I lack the requisite knowledge too.

I'd love to know more about digital fingerprinting so if anyone has
references, let me know and I'll read them as I have been doing this for
years, such that I've introduced randomness into thousands of uploads.

[Wally J]

candycanearter07 <n...@thanks.net> wrote

>> Inevitably, those pixel-flaw obfuscation efforts also lower image quality.
>> Although what you're noticing is probably the switch to 75% JPG quality.
>
> Huh, neat. Can you provide stuff for further reading? I tried to Google
> it, but couldn't find much.

Anyone can find it on r.p.d because that's where I asked over the years,
but nothing of value came out of asking those "image experts", who weren't.
<https://groups.google.com/g/rec.photo.digital/search?q=fingerprinting>

Truth be told, it was mostly the Apple morons like nospam who turned each
query into a childish morass of their kindergarten tin-foil hat retorts.

Bear in mind what Snowden taught us, which is that privacy is a right that
you have to protect, just like freedom is a right you have to strive for.

Anyway, those so-called photo experts are not photo experts in this realm.
I gave up trying to find something there who knew more than I did already.

And that's sad, because I do NOT know much about thwarting fingerprinting.
Other than reading a couple of the papers on the subject.

From those papers, I learned a few tricks of the trade to obfuscate
repeatable image flaws, but I have no idea if those tricks really work.

Luckily, I'm hiding from the likes of Rod Speed (who had asked people to
murder me, for which I contacted the FBI) and not a well-funded adversary.

[Wally J]

candycanearter07 <n...@thanks.net> wrote

> It's not just you that has that issue with ES. I've had that happen
> multiple times, and there's a thread in e-s.support about it. Hopefully
> a fix will come soon.

I saw some information about that in one of the a.f.n & n.a.p & n.s.n ngs.
<http://groups.google.com/g/news.software.nntp>
<http://groups.google.com/g/news.admin.peering>
<http://groups.google.com/g/alt.free.newsservers>
etc.

As for _how_ SSL knows what your real TZ timezone is, I still don't know.

I had asked on the Firefox newsgroup; the problem there was people knew so
much more than I did about TOR (which is another place it shows up) about
SSL that they assumed I knew what they were saying - but I didn't
understand how SSL knows what your "real" time zone is.

How could SSL know your "real" TZ?
Does SSL look at the TZ of the first downstream hop?
If so, why doesn't a VPN server in a different TZ screw it up then?

Unfortunately, that Firefox newsgroup question isn't autoarchived
<https://groups.google.com/g/alt.comp.software.firefox>
Which means _everything_ posted to it is, sadly, wasted over time.

But similar questions were asked on other newsgroups to no avail.
<https://groups.google.com/g/alt.msdos.batch/search?q=ssl%20timezone>

>> PS: If someone can explain HOW the heck SSL _knows_ your "real"
>> timezone, please explain it to me as I don't know how they do it.
>
> My guess is IP fingerprinting, but I'll look it up.

Start here where supposedly the answer was provided but all I gleaned from
replies is that SSL requires an accurate timezone but not how it does it.
<https://groups.google.com/g/alt.msdos.batch/search?q=ssl%20timezone>

Even reading the results, I still don't understand how SSL knows your TZ.
How does SSL figure out your _real_ timezone to know that it was changed?

[candycanearter07]

On 10/22/23 13:47, Wally J wrote:
> candycanearter07 <n...@thanks.net> wrote
>
>>> Inevitably, those pixel-flaw obfuscation efforts also lower image quality.
>>> Although what you're noticing is probably the switch to 75% JPG quality.
>>
>> Huh, neat. Can you provide stuff for further reading? I tried to Google
>> it, but couldn't find much.
>
> Anyone can find it on r.p.d because that's where I asked over the years,
> but nothing of value came out of asking those "image experts", who weren't.
> <https://groups.google.com/g/rec.photo.digital/search?q=fingerprinting>
>
> Truth be told, it was mostly the Apple morons like nospam who turned each
> query into a childish morass of their kindergarten tin-foil hat retorts.
>
> Bear in mind what Snowden taught us, which is that privacy is a right that
> you have to protect, just like freedom is a right you have to strive for.
>
> Anyway, those so-called photo experts are not photo experts in this realm.
> I gave up trying to find something there who knew more than I did already.
>
> And that's sad, because I do NOT know much about thwarting fingerprinting.
> Other than reading a couple of the papers on the subject.
>
> From those papers, I learned a few tricks of the trade to obfuscate
> repeatable image flaws, but I have no idea if those tricks really work.

Thanks a bunch, I'm currently studying Stenography.

> Luckily, I'm hiding from the likes of Rod Speed (who had asked people to
> murder me, for which I contacted the FBI) and not a well-funded adversary.

Yikes, what happened?

[The Real Bev]

<other groups snipped>

On 10/23/23 5:17 AM, candycanearter07 wrote:
> On 10/22/23 13:47, Wally J wrote:

>> From those papers, I learned a few tricks of the trade to obfuscate
>> repeatable image flaws, but I have no idea if those tricks really work.
>
> Thanks a bunch, I'm currently studying Stenography.

Gregg is faster than Palmer. Do they still teach that? I could write
pretty fast, but couldn't read my own writing worth shit. Same with
speaking foreign languages. Or did you mean Steganography?

>> Luckily, I'm hiding from the likes of Rod Speed (who had asked people to
>> murder me, for which I contacted the FBI) and not a well-funded adversary.

That guy has way too much energy and appears in too many newsgroups. I
suspect he's a group, some members of which know something and others of
which are purely disruptive.

> Yikes, what happened?

Nothing.



--
Cheers, Bev
"Don't bother looking for that key. There is no Esc."
-- M. Tabnik

[candycanearter07]

On 10/23/23 09:29, The Real Bev wrote:
> <other groups snipped>
>
> On 10/23/23 5:17 AM, candycanearter07 wrote:
>> On 10/22/23 13:47, Wally J wrote:
>
>>>  From those papers, I learned a few tricks of the trade to obfuscate
>>> repeatable image flaws, but I have no idea if those tricks really work.
>>
>> Thanks a bunch, I'm currently studying Stenography.
>
> Gregg is faster than Palmer.  Do they still teach that?  I could write
> pretty fast, but couldn't read my own writing worth shit.  Same with
> speaking foreign languages.  Or did you mean Steganography?

Double checked the spelling on Google, its Stenography.

>>> Luckily, I'm hiding from the likes of Rod Speed (who had asked people to
>>> murder me, for which I contacted the FBI) and not a well-funded
>>> adversary.
>
> That guy has way too much energy and appears in too many newsgroups.  I
> suspect he's a group, some members of which know something and others of
> which are purely disruptive.
>
>> Yikes, what happened?
>
> Nothing.

Ah

[Alan]

He stopped taking his meds.