Single-Pixel Tracker Leads Paranoid Turkish Authorities To Wrongly Accuse Over 10,000 People Of Treason

from the tiny-web-beacons,-massive-consequences dept

We've written many articles about the thin-skinned Turkish president, Recep Tayyip Erdoğan, and his massive crackdown on opponents, real or imagined, following the failed coup attempt in 2016. Boing Boing points us to a disturbing report on the Canadian CBC News site revealing how thousands of innocent citizens have ended up in prison because they were falsely linked with the encrypted messaging app Bylock:

The Turkish government under President Recep Tayyip Erdogan links Bylock with treason, because of the app's alleged connection to followers of Fethullah Gülen, the man the Turkish government believes is behind the deadly 2016 coup attempt. Gülen denies the allegations.

Alleged Bylock users are a large part of the nearly 150,000 Turks detained, arrested or forced from their jobs under state of emergency decrees since the summer of 2016.

An estimated 30,000 are believed to be among the innocent swept up in this particular campaign, victims of the chaos, confusion and fear in Turkey.

It's bad enough that the Turkish authorities are equating the mere use of the Bylock app with treason. But it gets worse. It turns out that many of those arrested for that reason didn't even use Bylock, but were falsely accused:

it was due to a single line of code, which created a window "one pixel high, one pixel wide" -- essentially invisible to the human eye -- to Bylock.net. Hypothetically, people could be accused of accessing the site without having knowingly viewed it.

That line redirected people to the Bylock server using several other applications, including a Spotify-like music app called Freezy and apps to look up prayer times or find the direction of Mecca. Some people have been accused because someone they shared a wifi connection with was linked to Bylock.

According to the CBC News report, the single-pixel trackers that linked back to Bylock.net were used intentionally by the Bylock developers in order to muddy the waters, and make it harder to identify real Bylock users. However, it's not clear how these Web "beacons" came to be associated with other apps. Whatever the mechanism used to accuse innocent people, the Turkish authorities have confirmed indirectly that the misleading calls to Bylock.net did indeed take place, albeit releasing that information in a way that violates the victims' privacy pretty badly:

The Turkish government and the country's courts rarely admit they are wrong, but in December, they revealed the gravity of the mistake they'd made by publishing a list of 11,480 mobile phone numbers. Each number represented a person wrongly accused of terrorism in the Bylock affair.

As well as confirming that Turkey remains in the grip of institutionalized paranoia emanating from the country's president, this episode underlines just how serious the implications of single-pixel tracking can be. In an ideal world, such surreptitious tracking would not be taking place. As a second best, browsers would incorporate technology that warned users of such tricks and blocked their callbacks as a matter of course, but it's hard to see how this could be done in a way that isn't easily circumvented.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    Stephen T. Stone (profile), 7 Feb 2018 @ 10:48am

    And some people wonder why adblockers are necessary.

    reply to this | link to this | view in chronology ]

  • icon
    Roger Strong (profile), 7 Feb 2018 @ 11:00am

    It could be worse. He could declare that not clapping for his speech is treasonous.

    I expect that next time, Trump will put appoint someone to ensure that people clap. Jeb! has experience.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Feb 2018 @ 11:32am

    Single-pixel trackers have a dark origin

    They were developed and deployed by spammers in order to help them figure out which tactics were getting their abuse delivered. Each access to those pixels is accompanied by data that tells them:

    - which of their outbound mail servers was used
    - which version of the spam was sent
    - which user was targeted
    - which delivery method their mail server used
    - and so on

    When a spam victim hits one of those single pixels, that N-tuplet of information is sent back to the spammers -- along with a timestamp of course, so they can also measure the time between when spam was sent and when it read by someone insane enough to use an HTML-capable mail reader.

    This tactic is still used today by spammers-for-hire like MailChimp, ExactTarget, ConstantContact, and so on. All of them have been busy spying on huge numbers of users for years.

    This would be a good time to wonder who they're selling all that data to.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Feb 2018 @ 11:34am

    Fake coup is more like it. This guy is doing what the gop only dreams of.

    reply to this | link to this | view in chronology ]

    • identicon
      Turk here, 7 Feb 2018 @ 12:44pm

      Re:

      These gulenist who made the bylock app are active for over 30 years. Every Turk on earth knows about their existent. I get how it would sound tinfoil hat bs, but it`s not.
      Gulen is their leader and there is a video of him saying to move into every position of power inside the government and armed forces. To grab as much power positions as possible so they can take over the government in the end.

      The net the government threw out is indeed too large and innocent people get caught up the process of catching the guilty ones. Time to time, they`re getting released after more research about them.

      You should research the gulenist school in europe, america, asia and africa. They`re everywhere "educating" the elites childeren to get in those governments also. Super easy in poor countries which have bad education.

      reply to this | link to this | view in chronology ]

      • icon
        Richard (profile), 7 Feb 2018 @ 1:22pm

        Re: Re:

        However Gulen was allied with Erdogan until comparatively recently.

        This is Stalin vs Trotsky.

        From the point of view of everyone else in the world Trotsky may not be wonderful but Stalin is 1000times worse.

        reply to this | link to this | view in chronology ]

        • identicon
          Turk here, 7 Feb 2018 @ 2:17pm

          Re: Re: Re:

          You can`t compare a person like Stalin who killed millions of his own people and millions of none Russians with gulen or Erdogan. Or with that propaganda Trotsky.

          It`s correct that Erdogan/akp was allied with gulen and his followers. They did that to take down the army`s hold over the government. Something the west also demanded from Turkey. Civilian rule not a military one.
          That alliance broke up when the government realized that gulen was putting his own followers inside the army high command.
          I followed the probe against the the army. Files were full with errors like wrong dates, places or buildings that didn't exist until after the criminal offenses were committed. All those arrested in the probe are released, got money for time spend in prison and missed promotions.

          Coup
          2 weeks before the coup, i saw a news report on tv, that the army would be purged of gulens followers. It was stupid to release that information.
          After that the gulenist had 2 options. Do nothing and get arrested. Or do a last stand and take over the army and with that the country.
          The coup failed because the mit(Turkish fbi)hacked the bylock server and knew of the coup. So they had to rush the operation. The day the coup was going to happen one of those gulenist got caught and they could follow the operation trough whatsapp group chats. If the civilians didn't take to the streets, coup would have been successful.

          https://www.bellingcat.com/news/mena/2016/07/24/the-turkey-coup-through-the-eyes-of-its-p lotters/
          Western source about the coup. Worth reading, they fact check everything.

          It`s complicated and everyone in Turkey wants it to be over. You can dismiss what i said as pro government propaganda. Thats up to you. All i and millions of Turks want is a stable Turkey.

          reply to this | link to this | view in chronology ]

          • icon
            Roger Strong (profile), 7 Feb 2018 @ 2:52pm

            Re: Re: Re: Re:

            Even if you accept that there was a real coup attempt, it's obvious those involved make up a only tiny percentage of the tens of thousands arrested.

            Erdogan used it to clear all opposition - reporters and newspaper editors, teachers and professors, police and judges, mayors and other politicians, etc.

            He used a failed coup as a pretense to launch his own, seizing totalitarian power.

            reply to this | link to this | view in chronology ]

          • icon
            Richard (profile), 8 Feb 2018 @ 3:44am

            Re: Re: Re: Re:

            You can`t compare a person like Stalin who killed millions of his own people and millions of none Russians with gulen or Erdogan. Or with that propaganda Trotsky.

            BUT I can compare the RELATIONSIP between Erdogan and Gulen with the RELATIONSHIP between Stalin and Trotsky.

            I can also point out that Erdogan is a nastier character than Gulen, in the same way as Stalin was a nastier character than Trotsky. I can also point out that Trotsky and Gulen ended up in exile and that Stalin and Erdogan ended up in power.

            I can also point out that Stalin pursued the exiled Trotsky just as Erdogan is pursuing the exiled Gulen.

            The parallels are obvious.

            Stalin knocked down the church of the Saviour in Moscow to make way for the (never built) palace of the Soviets.

            Erdogan wants to reconvert the Hagia Sophis into a Mosque. If he was a peaceful leader, friendly to other religions but his own he would give it back to the Orthodox Church.

            He is not - he has an agenda of Islamic domination - just like Stalin had an agenda of communist domination.

            Gulen also has an Islamic agenda - but it is a more peaceful one.

            reply to this | link to this | view in chronology ]

      • icon
        orbitalinsertion (profile), 7 Feb 2018 @ 2:14pm

        Re: Re:

        Gee yeah, can't have anyone doing the same thing Erdo─čan did. Especially not his former buddy.

        Every Turk on earth knows what happened to your secular democracy. There's the crazy. (Don't worry, we are trying so hard to catch up.)

        reply to this | link to this | view in chronology ]

        • identicon
          Turk here, 7 Feb 2018 @ 2:36pm

          Re: Re: Re:

          I`m secular, didn't go to a mosque in at least 20 years. I`m covered in tattoos, i drink alcohol and enjoy the separation of government and religion.
          I hear western people always talk good about secular governments Turkey had. Yet they never research what those governments did. They`re the ones which took away every right kurds had. They invested nothing in Turkey and killed every big project. If they did their job, no one would have voted for the akp. Good start would be wiki
          https://en.wikipedia.org/wiki/Turkey

          The sad thing is, the opposition parties would lose an election to a demented eldery. 3 main parties next to akp

          chp(secular) Basically trump with even worse ideas. They suck so bad. They had a convention last week where 100 got food poison en they fought among each other.

          MHP(ultra nationalistic party) Run by a 80 year old dude, who wants to go to war with everyone(russia/iran/the west)

          HDP (leftist pro pkk) They even go to kandil mountains and do photo shoots with terrorist. Brother of their leader is in the pkk.

          As much as i want more parties in the government. There is no other party which works like one should. Until they fix their parties, akp will keep winning. The way the west is reacting to Turkey, only strengthens the hand of akp. Turks from all sides will fight each other with no problem. But we always unite against an outside attack.

          Just trying to explain how Turks think. Do with this info as you pleas.

          reply to this | link to this | view in chronology ]

          • identicon
            Dave, 7 Feb 2018 @ 5:00pm

            Re: Re: Re: Re:

            +100
            Great points. Thank you for encouraging me to read more Turkish political history

            reply to this | link to this | view in chronology ]

          • icon
            Richard (profile), 8 Feb 2018 @ 4:13am

            Re: Re: Re: Re:

            You are right that the old secular parties weren't that great.

            Lots of bad things happened on their watch. Attaturk, after all, came out of the same environment as Mussolini and Hitler (ie defeated nations after WW1). Unlike them he did avoid WW2 but the regime he left behind was blatantly nationalistic.

            Subsequently Turkey did tend to get a free pass (rather like Iran) as a frontline state against communism and I think that didn't help the political atmosphere.

            reply to this | link to this | view in chronology ]

          • icon
            Richard (profile), 8 Feb 2018 @ 4:31am

            Re: Re: Re: Re:

            Turks from all sides will fight each other with no problem. But we always unite against an outside attack.

            I think that is actually part of the problem.

            Nations have to learn self-criticism if they are to become mature.

            Germany did this after the war by admitting their fault and is a better nation as a result.

            Similarly with (most of) the US vs slavery.

            Similarly with the colonial history of the UK.

            S. Africa had its "Truth and Reconciliation" process.

            Countries that don't go through this type of process (eg Zimbabwe) tend to remain barbaric.

            That is why Turkey needs to own up to a few things (eg Armenian Genocide). However Turkey has to do this willingly. No one else can force them.

            They have to realise that their standing in the world would be vastly improved if they did.

            reply to this | link to this | view in chronology ]

  • icon
    Richard (profile), 7 Feb 2018 @ 12:17pm

    The Turkish government and the country's courts rarely admit they are wrong,

    The Turkish government and the country's courts never admit to anything. Strangely the rest of the world seems to keep letting them get away with it.

    From the Armenian/Greek/Assyrian genocide, through the invasion of Cyprus to the current attacks on the Kurds - with many smaller stopping points on the way there is a great litany of actions that few other countries could have done with the impunity that Turkey seems to enjoy.

    It isn't just Erdogan - it is the country - or at least a big chunk of it - and the part that doesn't agree is largely behind bars (or at least out of a job) today.

    reply to this | link to this | view in chronology ]

    • identicon
      Wendy Cockcroft, 9 Feb 2018 @ 5:52am

      Re: The Turkish government and the country's courts rarely admit they are wrong,

      This might be a good time to carry out a search on "Japan comfort women," a euphemism for horrific sexual slavery. Their other atrocities (Rape of Nangking, abuse of POWs, Tenko, etc.) are well noted in the historical record.

      The UK government has yet to admit that colonialism was a bad thing that resulted in millions starving to death in manufactured crises wherein laissez-faire policies prevented the government from intervening as the all-powerful god Market was supposed to be doing that. Must have been on his jollies or something. We Irish have not forgotten. Oh, and Brits invented concentration camps during the Boer War.

      I recently learned that colonists wiped out the indigenous people of Tasmania (they put bounties on the locals) and racist policies continue in Australia to this day; indigenous kids are fostered out to white families instead of being placed with their own people to maintain their family and cultural ties.

      The takeaway: nobody's perfect and we ourselves have a lot of cleaning up to do where our own acts are concerned. Shouldn't we at least make a start before calling other people out?

      reply to this | link to this | view in chronology ]

  • identicon
    Pixelation, 7 Feb 2018 @ 5:29pm

    That tricksy old Gollum!

    reply to this | link to this | view in chronology ]

  • icon
    Coyne Tibbets (profile), 7 Feb 2018 @ 7:44pm

    We can do better

    The next time they're running a search like this, let's see if we can get them six million matches.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Feb 2018 @ 10:14pm

    Well past time to cut Turkey loose from NATO let alone keeping them out of the EU.

    Get rid of their sorry dead weight.

    reply to this | link to this | view in chronology ]

  • icon
    PaulT (profile), 8 Feb 2018 @ 2:04am

    While it's on a different scale, this sort of thing is why I'm always opposed to the three strikes-style rules. The evidence used is so flimsy and so easily spoofed that plenty of innocent people would have their connections shut off, and it would be trivial to deliberately target victims.

    In this case, it's nice that the authorities have admitted their mistake, but I can't help wonder how much irreversible damage has been done to these peoples' lives in the meantime.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 10 Feb 2018 @ 2:04pm

    As a second best, browsers would incorporate technology that warned users of such tricks and blocked their callbacks as a matter of course, but it's hard to see how this could be done in a way that isn't easily circumvented.

    Although slightly overkill, blocking cross-origin requests by default kills this and blocks a surprising amount of other badness too. Firefox has Policeman to do this (and RequestPolicy before that). Chrome probably has something similar. In principle, it's as simple as:

    if source_document_domain is not target_document_domain:

    deny_by_default()

    The ugly details come down to how precisely to match domains: do you allow www.techdirt.com to embed cdn.techdirt.com (often yes, but even that is risky if the stakes for a false negative are as high as in Turkey)? Do you allow www.techdirt.com to embed www.techdirt-user-content.com (usually no)? What do you do about the obnoxious sites that stupidly embed things like long-random-string.long-random-string.cloudfront.net? Etc.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Shop Now: Copying Is Not Theft
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.