Month: January 2016

Is Your Device A Snitch

I’m convinced that one of the biggest threat to privacy is the reliance on advertisements many industries suffer from. This reliance has lead to a proliferation of surveillance technology. And now that the so-called Internet of Things (IoT) is the new hot commodity we’re seeing surveillance technology being embedded to more everyday things. With so many devices being capable of spying on you the next big thing in advertising has become cross-device surveillance. Bruce Schneier has an excellent article that shows just how far these advertisers are trying to go:

SilverPush is an Indian startup that’s trying to figure out all the different computing devices you own. It embeds inaudible sounds into the webpages you read and the television commercials you watch. Software secretly embedded in your computers, tablets, and smartphones pick up the signals, and then use cookies to transmit that information back to SilverPush. The result is that the company can track you across your different devices. It can correlate the television commercials you watch with the web searches you make. It can link the things you do on your tablet with the things you do on your work computer.

Your computerized things are talking about you behind your back, and for the most part you can’t stop them­ — or even learn what they’re saying.

Now white noise generators that broadcast on the frequencies used by this surveillance technology are suddenly good ideas for stocking stuffers. Without them your new smart fridge can display advertisements to you based on what your smart television told it you were watching.

Not only does this open the floodgates of privacy violations further but it also greatly increases the ability of malicious attackers. Ad networks have become major targets for malware distributors. This has created headaches for computer and smart phone users but now it could create headaches for your television, fridge, coffee maker, and even your damn doorbell. Making matters even worse is how unreliable IoT manufacturers are at both implementing and maintaining security. What happens when your smart fridge is considered out of date by the manufacturer and its software security problems are no longer fixed?

The reliance on advertising to fund so much technology is creating both a private and security nightmare. And it’s only getting worse.

The Never Ending Ended War

Remember the war in Iraq officially declared over? Remember how much he and his supporters bragged about him ending Bush’s war? Guess what? We’re sending more troops there yet again:

FORT CAMPBELL, Ky. – An elite U.S. Special Operations targeting force has arrived in Iraq and will carry out operations against the Islamic State, part of a broader effort in 2016 to strike at the militants and that also includes U.S. Special Operations troops in Syria, Defense Secretary Ashton B. Carter said Wednesday.

The targeting force is now in place and is prepared to work with Iraqis to begin going after militant fighters and commanders, “killing or capturing them wherever we find them,” Carter said, speaking to about 200 soldiers at the home of the Army’s 101st Airborne Division, which is expected to deploy about 500 soldiers next month to Iraq and Kuwait as part of the campaign against the Islamic State, also known as ISIS and ISIL.

If you’re psychopathic enough to want to build an empire there are two ways to go about it. You can do it the smart way, the way the Mongols did it, and leave a conquered area to run its own affairs as long as it pays your demanded tribute. Or you can do it the stupid way, the way the United States prefers, and try to micromanage a conquered area even if they do pay your demanded tribute.

The problem with the stupid way is that the people tend to resent you far more. Because of that they continue actively fighting you, which ensures you can never really lay longterm ownership over the region. Even though the war was declared over the United States will likely be fighting it until it finally decides to leave.

Intellectual Property Means Not Owning Your Stuff

Intellectual property laws are always justified as being necessary for human innovation. Setting aside the fact humans have been innovating for longer than intellectual property laws have existed, the belief many people hold is that nobody would invest the resources necessary to innovate if they weren’t promised a monopoly on manufacturing afterwards. More and more though we’re seeing what the real purpose behind intellectual property laws are. It’s not to encourage innovation, it’s to curtail ownership.

Copyright is the biggest offender. Due to software copyright laws it’s getting more and more difficult to say you own anything because manufacturers are claiming anything with a computer in it is licensed, not sold. What’s that mean? It means when your product breaks down you are legally prohibited from fixing it:

How many people does it take to fix a tractor? A year ago, I would have said it took just one person. One person with a broken tractor, a free afternoon, and a box of tools.

I would have been wrong.

When the repair involves a tractor’s computer, it actually takes an army of copyright lawyers, dozens of representatives from U.S. government agencies, an official hearing, hundreds of pages of legal briefs, and nearly a year of waiting. Waiting for the Copyright Office to make a decision about whether people like me can repair, modify, or hack their own stuff.

[…]

Thanks to the “smart” revolution, our appliances, watches, fridges, and televisions have gotten a computer-aided intelligence boost. But where there are computers, there is also copyrighted software, and where there is copyrighted software, there are often software locks. Under Section 1201 of the DMCA, you can’t pick that lock without permission. Even if you have no intention of pirating the software. Even if you just want to modify the programming or repair something you own.

Enter the tractor. I’m not a lawyer. I’m a repairman by trade and a software engineer by education. I fix things—especially things with computers in them. And I run an online community of experts that teaches other people how to fix broken equipment. When a farmer friend of mine wanted to know if there was a way to tweak the copyrighted software of his broken tractor, I knew it was going to be rough. The only way to get around the DMCA’s restriction on software tinkering is to ask the Copyright Office for an exemption at the Section 1201 Rulemaking, an arduous proceeding that takes place just once every three years.

Ownership implies you have sole control over something. It can’t exist under intellectual property laws. So long as you stand the chance of being severely punished for repairing, modifying, or selling something you cannot claim to own it. Intellectual property claims are promises granted by the State that it will dish out those severe punishments.

This problem is also going to become exponentially worse as the number or products with embedded software increases exponentially. Soon we won’t be able to claim ownership over our refrigerators, coffee makers, or door bells. Everything in our homes will be rented property of the manufacturer. And if we violate the terms of the rental agreement the State will send its armed goons at oh dark thirty, kick down our doors announced, and shoot our pets.

The Pervasiveness Of Government Databases

Let’s discuss government databases. The United States government maintains numerous databases on its citizens. Many of these databases are populated, if not entirely, in part by algorithms. And unlike Amazon’s recommendation algorithms or Google’s search algorithms, government algorithms have real world consequences. Because government databases have become so pervasive these consequences can range from being barred from flying on a plane to signing up for the latest video game:

Last weekend Muhammad Zakir Khan, an avid gamer and assistant professor at Broward College in Florida, booted up his PC and attempted to sign up for Epic Games’ MOBA-inspired Paragon beta. Unbeknownst to Khan, however, was that his name name—-along with many others-—is on the US government’s “Specially Designated Nationals list,” and as such was blocked from signing up.

“Your account creation has been blocked as a result of a match against the Specially Designated Nationals list maintained by the United States of America’s Office of Foreign Assets control,” read the form. “If you have questions, please contact customer service at accounts@epicgames.com.”

There’s an interesting series of connections here. The first connection is Mr. Khan’s name appearing in the Specially Designated Nationals list. The second connection is the database, which is used to enforce the United States government’s various sanctions, applying to the Unreal 4 engine. The third connection is the game utilizing the Unreal 4 engine. In all likelihood Mr. Khan’s name was added to the database by an algorithm that adds anybody who has an arbitrarily selected number of characteristics that include such things as last names and religions.

So, ultimately, Mr. Khan was being prevented from signing up for a game because the government believes if they prevent modern video game technology from entering Iran, North Korea, or other countries under sanctions that the citizenry will start a revolution. Being human (or at least somewhat close approximations thereof) the agents charged with enforcing these sanctions chose to automate the process as much as possible, which resulted in a database likely automatically populated algorithmically.

What’s Your Score

Police, even more so than most people, tend to be lazy. And like other lazy people police are trying to replace everything with algorithms. But there is a difference between police relying on algorithms and private entities: algorithms in private hands seldom lead to people being killed. A higher death rate is the only outcome I can see coming from this:

FRESNO, Calif. — While officers raced to a recent 911 call about a man threatening his ex-girlfriend, a police operator in headquarters consulted software that scored the suspect’s potential for violence the way a bank might run a credit report.

The program scoured billions of data points, including arrest reports, property records, commercial databases, deep Web searches and the man’s social- media postings. It calculated his threat level as the highest of three color-coded scores: a bright red warning.

Algorithms that try to model human behavior are notoriously unreliable. Part of this is due to humanity’s lack of homogeneity and part of it is due to data limitations. An algorithm is only as good as the data it is fed. What data is fed into an algorithm is determined by the developers, which means the results often reflect their biases. In this case if the developers viewed gun owners as being prone to violence the algorithm would end up reflecting that.

Usually we don’t pay much attention when an algorithm screws up and recommends a product to us based on our previous purchasing history that we have no interest in. But an algorithm that tries to estimate a person’s threat level to police is going to carry much more dire consequences. There is already a chronic problem with police being too trigger happy. Imagine how much more trigger happy your average cop would be if they were told the suspect is rated high by the threat assessment algorithm. Chances are the officer will go for a shoot first and ask questions later approach.

Theoretically this type of algorithm wouldn’t have to result in such severe consequences but it is being utilized by individuals who are generally not held accountable for their actions. If an officer, for example, received notification that the suspect was rated is highly likely to be violent but knew gunning them down without cause would result in charges they would likely act more cautiously but still not resort to shooting without justification. But that’s not how things are this is will likely end badly for anybody facing off with an officer employed by a department that utilizes this system.

The Great American Outdoor Show Will Be Safer This Year

There has been some disagreement between the City of Harrisburg and the National Rifle Association (NRA). The NRA is hosting its Great American Outdoor Show in the city. In addition to brining a good deal of money to local businesses the NRA is also making a donation to the Civil War Museum. However, the mayor of Harrisburg wants to shutdown the museum so he’s a bit peeved that the cash is going there instead of his gang in blue. Now the mayor wants to exact revenge:

Harrisburg Mayor Eric Papenfuse says Harrisburg City Police will not staff the upcoming gun show, which is sponsored by the NRA.

In the past, the city staffed officers and the NRA made a donation to Harrisburg City Police in return. In 2015, that donation was $50,000.

This year, Papenfuse says the NRA is donating money and most of it is going to the Civil war Museum, which the mayor wants to close.

And in so doing he inadvertently made the event safer. Without the local gang in blue meddling with the event the attendees don’t have to worry about being extorted, assaulted, or kidnapped.

So the secret to hosting a safe event in Harrisburg is to make a donation to the local Civil War Museum instead of the gang in blue.

I Guess The ATF Will Sell Guns To Colorado Now

A lot of statists are unhappy about Colorado legalizing cannabis. In fact a couple of Republican attorneys general have gone so far as to call Colorado a drug cartel:

WASHINGTON — Oklahoma and Nebraska compared Colorado to a drug cartel on Wednesday and again urged the Supreme Court to let them sue their neighbor over its marijuana production and distribution system.

In sharply written arguments, the two states said Colorado “has created a massive criminal enterprise whose sole purpose is to authorize and facilitate the manufacture, distribution, sale and use of marijuana.”

“The State of Colorado authorizes, oversees, protects and profits from a sprawling $100 million per-month marijuana growing, processing and retailing organization that exported thousands of pounds of marijuana to some 36 States in 2014,” the states’ new brief says.

“If this entity were based south of our border, the federal government would prosecute it as a drug cartel.”

Does that mean the Bureau of Alcohol, Tobacco, Firearms, and Explosives (ATF) will now give guns to Colorado citizens?

When Idiots Write Stories

The Internet, although overall a glorious invention, is rife with bullshit. Unfortunately a lot of the bullshit seems to be widely circulated.

Several of my friends shared a story about all shipping traffic between Europe and the United States stopping:

when-idiots-write-headlines

This story was posted on such reputable sites as SupreStation95 and We Are Change (reputable, like a hipster’s stupid wardrobe, was ironic in this case). And who could argue with it? There’s a map right there clearly showing no ships between Europe and the United States, right? Wrong.

The map is taken from MarineTraffic, a website that gives a live view of ships throughout the world. It uses data collected from ships’ Automatic Identification System (AIS). But the idiot who wrote the story didn’t read MarineTraffic’s FAQ. If they had they would have realized that AIS utilizes ground stations to detect ships and has an approximate range of 15 to 20 nautical miles. Once a ship is outside of the range of any ground stations it is no longer trackable by MarineTraffic. Since there is a lack of landmasses in the Atlantic there are no ground stations to pick up ships’ AIS.

File this under “Life Lessons: Don’t Believe Everything You Read.” With that said, MarineTraffic is really cool and you should poke around on it. Seeing the sheer number of ships in the water at any time is pretty wild.

The Networks Have Ears

As a general rule I avoid local networks I don’t personally administer. If I’m at an event with free Wi-Fi I still use my cell phone’s data and tethering mode when I need to access the Internet on my laptop. For those times I cannot avoid using a local network I route my data through a Virtual Private Network (VPN) connection. Although these measures won’t stop my Internet Service Providers (ISPs) and their partners from snooping on me they do prevent malicious actors on a local network from snooping on me. Attendees at the Consumer Electronics Show (CES) who opted into the free Wi-Fi became excellent demonstrations on the lack of privacy you have when using a local Wi-Fi network without a VPN connection:

This week, more than 170,000 tech and media professionals converged on the city of Las Vegas to see the latest in technology at the Consumer Electronics Show, and––inevitably––some of them used their smart, connected devices to try to get laid.

Vector Media offered attendees free WiFi at major hotels, shuttle buses, and convention centers throughout the week in exchange for collecting anonymized app usage data. More than 1,800 people opted in, and Vector found a whopping 61 percent of attendees’ used Tinder while at CES––nearly five times more than productivity app Slack, which only 12.8 percent of attendees on Vector’s network used. Facebook Messenger came in first place with 74.3 percent, and Grindr also made an appearance on its list of apps in use, at 16 percent.

The amount of information a local network administrator can obtain about you would likely surprise most people. In addition to that the amount of attacks a malicious actor on a local network can perform is notable. If you value your privacy or security I would recommend avoiding Wi-Fi networks you don’t personally control as much as possible (granted, even your own network isn’t necessarily trustworthy but you have far more control in most cases than with other networks).

It’s Always About The Money

Late last year the Federal Aviation Administration (FAA) declared that all personal drones must be registered. This declaration was sold as a means to attach accountability to mishandling drones but as with all government declarations it was about the money. The FAA came down on a hobbyist drone operator because he posted his footage on YouTube. Because the operator allows YouTube to display ads on his videos the FAA said he was flying his drone for commercial purposes:

If you fly a drone and post footage on YouTube, you could end up with a letter from the Federal Aviation Administration.

Earlier this week, the agency sent a legal notice to Jayson Hanes, a Tampa-based drone hobbyist who has been posting drone-shot videos online for roughly the last year.

The FAA said that, because there are ads on YouTube, Hanes’s flights constituted a commercial use of the technology subject to stricter regulations and enforcement action from the agency. It said that if he did not stop flying “commercially,” he could be subject to fines or sanctions.

Now the operator has a choice. He can either buy whatever license the FAA requires for commercial drone operations or he can pay a hefty fine. I guess he can also be a good little slave to turn off YouTube’s monetization option since the State is only unhappy with you making money if it doesn’t get a cut of the action.

As always, when the State wants to establish accountability it means it wants to make the people accountable for handing over a chunk of their income.