A Geek With Guns

Chronicling the depravities of the State.

Feed Me More Data, Seymour!

without comments

When fitness trackers started becoming affordable and popular many people knew that this was right around the corner:

Life insurance company John Hancock will stop offering traditional policies, according to Venture Beat. Instead, the company, which is one of the oldest and largest life insurance underwriters in the US, will only sell policies that track fitness and health data.

The company will offer two different types of insurance: the basic Vitality offering will require customers to enter their fitness activity into an app or on a website. They will receive gift cards and other rewards for completing goals. For a discount of up to 15 percent on premiums, though, John Hancock is offering an expanded insurance policy that will track health data and fitness using wearable devices.

Insurance companies are in the business of risk mitigation and have therefore always had an interest in collecting as much data as possible on the property and people they insure. Fitness trackers and apps provide data that can be pretty valuable to health and life insurance companies since they give some indication about an individual’s health. The danger of this kind of policy is that the insurance company gets possession of the data. Even if you trust your insurance company to not sell that data to third parties (which is something you should never trust a company to refrain from doing), the chances of that data falling into unauthorized hands through a database breach are high. Another potential danger is that this data could be used to identify unlawful activity.

Most illegal substances cause changes in heart rate. If an individual’s heart rate changes without any obvious reason (such as they’re exercising), that information could potentially be used at evidence that they’re using illegal substances. If law enforcers suspect that you’re using illegal substances, they could acquire your health data via a subpoena and use it as probable cause to get an arrest warrant issued. Worse yet, if your health data indicates that you might be using illegal substances, your insurance company might decide to hand that data over to law enforcement voluntarily. In a nation where so many activities are illegal, handing out health data can be dangerous.

Written by Christopher Burg

September 21st, 2018 at 11:00 am

Posted in News You Need to Know

Tagged with

Jacking Up the Rent

with one comment

If the primary difference between capitalist and socialist nations is that in capitalist nations property is held in private, then the United States is solidly a socialist nation. While the fiction of private property exists, the reality is that all property is owned by the State. That is why you have to pay rent on your property. And like any good landlord, the State can up the rent when it so chooses:

Hennepin County officials said Tuesday they need to raise $43 million more in property taxes next year, in part to pay for personnel and the surging costs of protecting children from abuse and neglect.

County Administrator David Hough proposed a 5.5 percent increase in the property tax levy during his budget presentation to the County Board. The proposal is a response to what Hough said were “significant ongoing challenges” faced by the county. He pointed to the massive new spending in recent years aimed at child protection services, which has drawn millions from budget reserves.

Of course it’s for the children. That makes it easy to criticize anybody who opposes the rent hike by claiming that they hate children.

Less surprising than claiming that the increase is for the children is the fact that the politicians are also claiming that this increase won’t impact people too much:

Property taxes pay for a third of the $2.4 billion county budget. If the levy is approved, the owner of a $281,000 house — the median value for the county — would pay $75 more in county property taxes, Lawless said.

If you can afford a home, you can afford an additional $75 a year, right? Maybe. It really depends on the family. Moreover, the politicians are only stating what this increase will add. What they’re ignoring is all of the previous increases. $75 might not be much on a $281,000 property but over the decades the increase has probably been notable. Add that to the fact that property value is assessed by the State and you realize that, in addition to the previous increases, the properties themselves are probably assessed much higher now than they were a decade or two ago. Couple these points with the fact that wages have stagnated and the cost of goods has increased due to inflation and suddenly this seemingly minor rent increase adds up to being far less minor. But none of that matters to the State. If you can’t pay your rent, you’ll be evicted.

Written by Christopher Burg

September 21st, 2018 at 10:30 am

Cloudflare Makes Tor Use More Bearable

without comments

One of the biggest annoyances of using the Tor Browser is that so many sites that rely on Cloudflare services throw up CAPTCHA challenges before allowing you to view content. Yesterday Cloudflare announced a change to its service that should make life more bearable for Tor users:

Cloudflare launched today a new service named the “Cloudflare Onion Service” that can distinguish between bots and legitimate Tor traffic. The main advantage of this new service is that Tor users will see far less, or even no CAPTCHAs when accessing a Cloudflare-protected website via the Tor Browser.

The new Cloudflare Onion Service needed the Tor team to make “a small tweak in the Tor binary,” hence it will only work with recent versions of the Tor Browser –the Tor Browser 8.0 and the new Tor Browser for Android, both launched earlier this month.


Written by Christopher Burg

September 21st, 2018 at 10:00 am

Let the Speculation Begin

with 2 comments

I’m betting that there are a lot of people who aren’t surprised to hear that Cody Wilson has been charged with the sexual assault of a child:

Cody Rutledge Wilson, the 31-year-old Texas man who’s been fighting with the U.S. government to publish instructions for 3D-printed guns on the internet, was charged today with the sexual assault of a child. Wilson allegedly met the girl on a website called SugarDaddyMeet.com.

Wilson allegedly paid the girl, whose name has been withheld in court documents, $500 for sex at a hotel in Austin, Texas. The exact age of the victim is not immediately clear, though the affidavit for the arrest warrant explains that she’s under the age of 17.

The reason I’m betting that a lot of people aren’t surprised by this is because it wouldn’t be the first time that a thorn in the government’s side found themselves falsely charged with a crime that was convenient for the government. Governments aren’t above ridding themselves of troublesome individuals by assassinating their character through fabricating evidence that they committed heinous crimes. In addition to being very convenient for the government for which Wilson is currently causing trouble, another reason this charge seems fishy is because Wilson seems to be aware enough of security matters to know that seeking sex from a minor online is a recipe for getting caught up in a sting operation.

However, in the interest of objectivity, I must also accept that there is a possibility that the charges are legitimate. If they are, Wilson wouldn’t be the first thorn in the government’s side who handed it a freebie by acting in a manner that most people find reprehensible.

What makes matters worse is if Wilson doesn’t beat the charge, we will probably never know beyond a reasonable doubt whether the charge was fabricated by the government or legitimate.

Written by Christopher Burg

September 20th, 2018 at 11:00 am

It’s Not Your Car

with one comment

I think the technology behind modern electric cars is really cool. What I don’t like though is that electric car manufacturers don’t seem satisfied with simply replacing gasoline engines with electric motors, they are also trying to replace the owner as the decision maker:

Hurricane Florence is approaching the East Coast of the US, and is predicted to bring with it catastrophic flooding, high winds, as well as a life-threatening storm surge and rain in North and South Carolina. As a result, both GM and Tesla have remotely activated features in their cars that could be of use in an evacuation.

Since OnStar is a subscription service, I at least understand why GM has control over whether or not certain features are available to users. But why should Tesla owners require the manufacturer to decide they need access to the extra battery capacity in order to utilize it? Why can’t the car have a button that enables and disables the capacity lock?

More and more consumers are losing control over devices that are supposedly theirs. Consumers are being treated like children who are incapable of making rational decisions and must therefore be guided by the manufacturer. This doesn’t sit well with me. When I buy something, I want complete control over it. If there is extra capacity in my vehicle’s battery, I want to have the ability to decide whether or not it’s being utilized. Unfortunately, it appears that I’m in the minority because most consumers appear to welcome having an overlord dictate what they can and cannot do with their devices.

Written by Christopher Burg

September 20th, 2018 at 10:30 am

Creating Jobs

without comments

If you ask an advocate of tariffs what punishing consumers is supposed to accomplish, amongst other things they will claim that tariffs create domestic jobs. That ignorance is based on the belief that foreign companies don’t employ people domestically but since we live in a global economy, a lot of foreign companies hire domestic employees. So tariffs often destroy jobs rather than create them:

Alibaba’s founder and chairman Jack Ma says the Chinese mega e-commerce company no longer has plans to create 1 million jobs in the US, citing the ongoing trade conflict as the reason Alibaba is retracting its promise to Donald Trump. A new round of tariffs between the US and China will make mutual trade more difficult.

Who would have guessed that alienating one of the largest economies on Earth would have consequences?

Written by Christopher Burg

September 20th, 2018 at 10:00 am

The Bias within the System

without comments

Radley Balko wrote an excellent article outlining just the tip of the iceberg that is the overwhelming evidence that the legal system in the United States is racial biased.

The entire article is worth reading but I wanted to take a moment to highlight the third paragraph because it addresses a common myth about the system:

Of particular concern to some on the right is the term “systemic racism,” often wrongly interpreted as an accusation that everyone in the system is racist. In fact, systemic racism means almost the opposite. It means that we have systems and institutions that produce racially disparate outcomes, regardless of the intentions of the people who work within them. When you consider that much of the criminal-justice system was built, honed and firmly established during the Jim Crow era — an era almost everyone, conservatives concluded, will concede rife with racism — this is pretty intuitive. The modern criminal-justice system helped preserve racial order — it kept black people in their place. For much of the early 20th century, in some parts of the country, that was its primary function. That it might retain some of those proclivities today shouldn’t be all that surprising.

One thing on which the “left” and “right” (in this context “left” is being used to refer to those who believe the system is racially biased while “right” is being used to refer to those who disagree with those on the “left”) commonly agree is that the definition of a racially biased system is based on those within it. The “left” tend to argue that the legal system in the United States is racist because the majority of those within it are racists. The “right” often adopt this definition because it’s easy to argue against. Since both groups subscribe to this definition of systemic racism, the argument over whether the legal system is racially biased tends to involve people on the “right” pointing to people within the system who aren’t racist while people on the “left” refute their argument by claiming that those people are actually racist (if no evidence exists supporting their accusation, they argue that the person is a closet racist).

Systemic racism isn’t defined by who composes the system but by what rules govern the system.

The legal system in the United States would continue to show a racial bias even if the entire system was composed by individuals who didn’t contain a single racist bone in their body (assuming, of course, that they also followed the rules). This is because the rules governing the system ensure a racially biased outcome. How is that accomplished without the laws overtly being based on race? By criminalizing activities that are more often enjoyed by individuals who belong to a target race (I say this with the understanding that race itself is arbitrarily defined).

Let’s consider a hypothetical scenario. Let’s say we have a racist politician who wants to write a law that will primarily put more black men in prison. How can he go about accomplishing this without mentioning race in his law? First he would identify an activity that is more often enjoyed by black men than white men. If we’re discussing fashion, it is more common for black men to wear pants that hang below their waist than it is for white men so that would make a good candidate. So our hypothetical politician could write a law criminalizing the act of wearing pants that hang below the waist. What do you think the arrest statistics are going to look like after one year? They will almost certainly show that far more black men were arrested than white men. As an added bonus, the arrest statistics will likely contain a few white men, which will give the politician evidence to argue that the law isn’t racist. Even if the majority of people who are tasked with enforcing the law (again, assuming they follow the rules) aren’t racist, the statistics will show a racial bias because the law targets an activity more commonly enjoyed by black men.

A system like this will more reliably deliver the desired outcome of its creators than a system that is composed of individuals who share the same desires as its creators. Why? Because the people who compose a system tend to change rather quickly whereas the rules that govern a system tend to change far less frequently. Moreover, even if the system is infiltrated by individuals who disagree with its creators’ desires, there isn’t anything they can do to change the system without breaking the rules (and thus being exposed and dismissed).

It’s unfortunate that the definition of systemic racism is far more complex than the commonly used definition. People tend to shy away from complexity. Although shying away from complexity is a sane default, it’s the wrong response when the seemingly simpler definition is wrong.

Written by Christopher Burg

September 19th, 2018 at 11:00 am

But Some Animals Are More Equal than Others

without comments

Under the evil system of capitalism, hierarchies arise. The workers are reduced to a subservient class whose only purpose is to create wealth for the capitalists. The glories of socialism, on the other hand, ensure that all animals are equal:

With his country facing starvation, Venezuela’s leftist dictator caused a wave of disgust this week when he was seen chowing down on a pricey meal personally served to him by the celebrity chef “Salt Bae.”

Nicolás Maduro smiled and guffawed as he tucked into a $275 cut of lamb at the posh Nusr-Et steakhouse in Istanbul, Turkey, which is run by Nusret “Salt Bae” Gökçe, famous for viral videos of him seductively sprinkling salt.

In one video of the meal, the chef is seen slicing into the succulent lamb as the cigar-chomping Maduro watches.

This is why I don’t take socialists’ claims seriously. They claim that socialism creates equality but a rigid hierarchy of rich and poor has arisen in every country where it has been implemented. Living in the former Soviet Union, German Democratic Republic, Hungarian People’s Republic, etc. wasn’t too bad… if you were a member of the ruling party. If you weren’t, life was pretty miserable.

We’re seeing the equality of socialism play out again in Venezuela. While the plebeians starve to death, the patricians are eating lavish meals and smoking fancy cigars. The only silver lining is that governments aren’t permanent and the current Venezuelan government appears to be in the collapse stage. If the people are Venezuela are lucky, the next set of rulers won’t be as totalitarian.

Written by Christopher Burg

September 19th, 2018 at 10:30 am

The Power of Public Shaming

without comments

Every major security breach is followed by calls for politicians to enact more stringent regulations. When I see people demanding additional government regulations I like to point out that there is a list of alternative solutions that can yield far better results (especially since regulations, being a product of government, are extremely rigid and slow to change, which makes them a solution ill-suited to fast moving markets). One of those solutions is public shaming. It turns out that public shaming is often a viable solution to security issues:

See the theme? Crazy statements made by representatives of the companies involved. The last one from Betfair is a great example and the entire thread is worth a read. What it boiled down to was the account arguing with a journalist (pro tip: avoid arguing being a dick to those in a position to write publicly about you!) that no, you didn’t just need a username and birth date to reset the account password. Eventually, it got to the point where Betfair advised that providing this information to someone else would be a breach of their terms. Now, keeping in mind that the username is your email address and that many among us like cake and presents and other birthday celebratory patterns, it’s reasonable to say that this was a ludicrous statement. Further, I propose that this is a perfect case where shaming is not only due, but necessary. So I wrote a blog post..

Shortly after that blog post, three things happened and the first was that it got press. The Register wrote about it. Venture Beat wrote about it. Many other discussions were held in the public forum with all concluding the same thing: this process sucked. Secondly, it got fixed. No longer was a mere email address and birthday sufficient to reset the account, you actually had to demonstrate that you controlled the email address! And finally, something else happened that convinced me of the value of shaming in this fashion:

A couple of months later, I delivered the opening keynote at OWASP’s AppSec conference in Amsterdam. After the talk, a bunch of people came up to say g’day and many other nice things. And then, after the crowd died down, a bloke came up and handed me his card – “Betfair Security”. Ah shit. But the hesitation quickly passed as he proceeded to thank me for the coverage. You see, they knew this process sucked – any reasonable person with half an idea about security did – but the internal security team alone telling management this was not cool wasn’t enough to drive change.

As I mentioned above, regulations tend to be rigid and slow to change. Public shaming on the other hand is often almost instantaneous. It seldom takes long for a company tweet that makes an outrageous security claim to be bombarded with criticism. Within minutes there are retweets by people mocking the statement, replies from people explaining why the claim is outrageous, and journalists writing about how outrageous the claim is. That public outrage, unlike C-SPAN, quickly reaches the public at large. Once the public becomes aware of the company’s claim and why it’s bad, the company has to being worrying about losing customers and by extent profits.

Written by Christopher Burg

September 19th, 2018 at 10:00 am

Gun Control Support Rating System

without comments

Read any article discussing gun ownership privileges (sometimes referred to as rights but rights are something you take and in most cases the discussion of gun ownership revolves around what privileges the government will grant) from the perspective of a gun control supporter and it will inevitably mention the zealous National Rifle Association (NRA) and it’s absolutist position against gun control. Obviously there is some confusion on this matter because the NRA has a long history of supporting gun control. To say that the organization is absolutist is nonsense.

Because I like to be helpful, I’ve decided to put together a quick and dirty three tier rating system for gun control support. I hope that it helps people writing articles in the future (because let’s face it, anybody who claim that the NRA is an absolutist when it comes to opposing gun control is a damn fool). Without further ado, here’s the rating system:

Tier 1: Supports the abolition of private gun ownership. Examples of this tier are Everytown for Gun Safety and the Brady Campaign.

Tier 2: Supports some restrictions to private gun ownership. Examples of this tier are the NRA and Gun Owners of America.

Tier 3: Opposes all forms of restrictions on private gun ownership. The best example of this tier is Cody Wilson and his company Defense Distributed.

Written by Christopher Burg

September 18th, 2018 at 11:00 am