Month: September 2018

Incentivizing Law Enforcement

There are many ways to encourage and discourage desired behavior. The two most common methods are rewards and punishments. You reward behavior you want and punish behavior you don’t want. These two methods are used in every walk of life, even law enforcement. Many municipalities have been encouraging their law enforcers to pursue fines. Unfortunately, an individual can only do so much so when law enforcers are encouraged to pursue fines, they necessarily must put less time into other activities such as solving crimes:

Alongside the Black Lives Matter movement in the past several years, civil rights advocates have begun pointing out that the way municipalities collect fees and fines often disproportionately affects low-income communities of color, especially when those communities aren’t well represented in local governments. In 2015, as a follow-up to investigations of police bias in Ferguson, Mo., the Civil Rights Division of the Justice Department released the Ferguson report, which painstakingly documents how the police department in that city relied overwhelmingly on fees and fines collected from people in ways that “both reflect and exacerbate existing racial bias.”

But here’s another result of fee and fine enforcement that has never before been measured: Police departments that collect more in fees and fines are less effective at solving crimes.

In addition to fines and permits fees, fines are a major source of revenue for cities. Moreover, city governments make nothing when burglaries, rapes, and murders are solved. When these facts are considered, it’s not surprise that municipalities encourage their law enforcers to pursue fines instead of solving actual crimes.

One of the most common criticisms of privatizing police is that doing so would result in the police pursuing the interests of those who hired them. What most critics of police privatization don’t recognize is that socialized police also pursue the interests of those who hire them, which is why today’s law enforcers spend most of their time enforcing laws that profit city governments. If police were privatized, you could actually hire them to solve burglaries, rapes, and murders. So long as police remain socialized, the chances of that happening are effectively zero.

We’re Not Telling You the Rules

The politicians in California have passed the first law regulating the security of Internet connected devices. However, manufacturers of said devices are going to have a difficult time complying with the law since the rules are never defined:

This bill, beginning on January 1, 2020, would require a manufacturer of a connected device, as those terms are defined, to equip the device with a reasonable security feature or features that are appropriate to the nature and function of the device, appropriate to the information it may collect, contain, or transmit, and designed to protect the device and any information contained therein from unauthorized access, destruction, use, modification, or disclosure, as specified.

The California bill doesn’t define exactly what a ‘reasonable security feature’ would be but it mandates that connected devices come with unique passwords that users can change, which isn’t the case for many IoT products. If someone can log into the device outside a LAN, then it must have either preprogrammed passwords that are unique to each device (no more default login credentials) or a way to generate new authentication credentials before accessing it for the first time.

You must implement ‘a reasonable security feature or features’ but we’re not going to tell you what those features are. Oh, and if you fail to comply with our undefined rules, you will be subject to punishment. Anyways, good luck!

That sounds perfectly reasonable, doesn’t it?

Upgrading Your Unsupported Mac to Mojave

macOS Mojave was released last night. As is often the case with major macOS updates, Mojave dropped support for a slew of older platforms. But just because Apple doesn’t support installing Mojave on older computers doesn’t mean that it can’t be installed. dosdude1 has a utility that allows you to install Mojave on a lot of officially unsupported Macs.

I’ve used his patch utility to get High Sierra on my unsupported 2010 MacBook Pro and haven’t had an issues. I attempted to upgrade my 2010 Mac Mini to Mojave last night but discovered that the utility currently has a problem decrypting encrypted APFS containers. dosdude1 is aware of this problem and will hopefully be able to figure out what is going on so it can be fixed. However, if your older Mac isn’t utilizing APFS or FileVault 2 (which it really should be utilizing), you should be good to go.

How Not to Handle Business Model Changes

GPGTools is a software suite that makes using OpenPGP on macOS easier. I’ve recommended this tool for quite some time to the three people who are interested in encrypting the contents of their e-mail. While the tool was freely available, the development team has been warning users for over a year that the suite would eventually move to a paid model. I completely understand their motivation. A man has to eat after all. However, there are proper ways to change business models and improper ways. The GPGTools team chose the improper way.

Here is the latest update notification for GPGTools:

It looks innocuous enough but if you install it, you’ll discover that your Mail.app plugin will be a one month trial. The initial screen of the update note doesn’t indicate that this update is the one that moves GPGTools from free to paid. You have to scroll down to learn that tidbit of information. Since most users probably don’t scroll through the entire update note, they will likely be rather surprised when their free app is now telling them that they have to pay.

Another issue with GPGTools’s transition is that there is no English version of the terms of distribution. Since GPGTools is based in Germany, this might not seem odd but everything else on the site is translated into English. If you’re going to toss a license agreement at somebody, you should provide it in every language that your application supports.

The final major problem with the transitions, which has fortunately been fixed now but you can read about it by digging through the announcement thread on Twitter, was that there was no information about the license being sold. When you went to buy a license, the site originally didn’t tell you if the license was per computer, per user, or something else. Now the site states that the purchase covers one person and activation on up to three computers (a limit that I find more restrictive than I prefer).

I’m not one to criticize somebody when they make an effort to profit from their endeavors but GPGTools’s transition from a free suite to a paid suite should be a valuable lesson on how not to perform such a transition.

If you’re ever in a situation where you want to begin charging users for something that you have been providing for free, here are a few rules.

First, don’t foist the change on users out of the blue. Announce your intentions early. Moreover, give your users a firm date as soon as possible. GPGTools’s development team kept saying that the change would come eventually but never provided a hard date.

Second, if you’re going to change the business model through an update, make sure that the update informs users in a very obvious manner. That information should be the first thing in the update note. It wouldn’t hurt to put that part of the note in big bold letters so it jumps out at the user. An even better solution would be to release another free version that told the user that the next version would be the one that transitioned over to a paid model. When the next update was released, have the app clearly tell the user that it will transition the software over to a paid model.

Third, make sure you tell the user what they’re purchasing. The link to buy the software should inform the user if the license is per user, per computer, a monthly subscription, or something else.

Fourth, make any license agreements available in every language that the software supports. If the application is translated into English, then the user should expect an English version of any license agreements to be available.

If anybody is wondering if I’m going to buy a license for GPGTools, the answer is maybe. I haven’t been enamored with the GPGTools development team. Its biggest problem has been a lack of timeliness. Mail.app doesn’t support plugins so the GPGTools plugin requires a fair bit of hackery and often breaks between major macOS releases. GPGTools has often been months behind of major macOS releases, which means that there has often been months where the tool simply doesn’t work if you’re running the current version of macOS. I’m willing to overlook such an issue for a free tool (you get what you pay for) but not a paid tool. So the GPGTools development team will have to demonstrate an ability to have working versions of its software available when new versions of macOS are released before I’ll purchase a license. I also find the three computer limitation too restrictive. I’d rather see it bumped up to at least five computers or better yet unlimited computers (merely make it a per user license agreement).

If the GPGTools development team does resolve these issues, I’ll likely buy a license. It’s only $23.90 (for the current major version, it is implied that a new license will be required for the next major release), which is reasonable. And while I don’t use encrypted e-mail very often (not for lack of want but for lack of people who also use it), I do like to throw money at teams that make quality products and GPGTools, minus the issue noted in the previous paragraph, has been a quality product.

Feed Me More Data, Seymour!

When fitness trackers started becoming affordable and popular many people knew that this was right around the corner:

Life insurance company John Hancock will stop offering traditional policies, according to Venture Beat. Instead, the company, which is one of the oldest and largest life insurance underwriters in the US, will only sell policies that track fitness and health data.

The company will offer two different types of insurance: the basic Vitality offering will require customers to enter their fitness activity into an app or on a website. They will receive gift cards and other rewards for completing goals. For a discount of up to 15 percent on premiums, though, John Hancock is offering an expanded insurance policy that will track health data and fitness using wearable devices.

Insurance companies are in the business of risk mitigation and have therefore always had an interest in collecting as much data as possible on the property and people they insure. Fitness trackers and apps provide data that can be pretty valuable to health and life insurance companies since they give some indication about an individual’s health. The danger of this kind of policy is that the insurance company gets possession of the data. Even if you trust your insurance company to not sell that data to third parties (which is something you should never trust a company to refrain from doing), the chances of that data falling into unauthorized hands through a database breach are high. Another potential danger is that this data could be used to identify unlawful activity.

Most illegal substances cause changes in heart rate. If an individual’s heart rate changes without any obvious reason (such as they’re exercising), that information could potentially be used at evidence that they’re using illegal substances. If law enforcers suspect that you’re using illegal substances, they could acquire your health data via a subpoena and use it as probable cause to get an arrest warrant issued. Worse yet, if your health data indicates that you might be using illegal substances, your insurance company might decide to hand that data over to law enforcement voluntarily. In a nation where so many activities are illegal, handing out health data can be dangerous.

Jacking Up the Rent

If the primary difference between capitalist and socialist nations is that in capitalist nations property is held in private, then the United States is solidly a socialist nation. While the fiction of private property exists, the reality is that all property is owned by the State. That is why you have to pay rent on your property. And like any good landlord, the State can up the rent when it so chooses:

Hennepin County officials said Tuesday they need to raise $43 million more in property taxes next year, in part to pay for personnel and the surging costs of protecting children from abuse and neglect.

County Administrator David Hough proposed a 5.5 percent increase in the property tax levy during his budget presentation to the County Board. The proposal is a response to what Hough said were “significant ongoing challenges” faced by the county. He pointed to the massive new spending in recent years aimed at child protection services, which has drawn millions from budget reserves.

Of course it’s for the children. That makes it easy to criticize anybody who opposes the rent hike by claiming that they hate children.

Less surprising than claiming that the increase is for the children is the fact that the politicians are also claiming that this increase won’t impact people too much:

Property taxes pay for a third of the $2.4 billion county budget. If the levy is approved, the owner of a $281,000 house — the median value for the county — would pay $75 more in county property taxes, Lawless said.

If you can afford a home, you can afford an additional $75 a year, right? Maybe. It really depends on the family. Moreover, the politicians are only stating what this increase will add. What they’re ignoring is all of the previous increases. $75 might not be much on a $281,000 property but over the decades the increase has probably been notable. Add that to the fact that property value is assessed by the State and you realize that, in addition to the previous increases, the properties themselves are probably assessed much higher now than they were a decade or two ago. Couple these points with the fact that wages have stagnated and the cost of goods has increased due to inflation and suddenly this seemingly minor rent increase adds up to being far less minor. But none of that matters to the State. If you can’t pay your rent, you’ll be evicted.

Cloudflare Makes Tor Use More Bearable

One of the biggest annoyances of using the Tor Browser is that so many sites that rely on Cloudflare services throw up CAPTCHA challenges before allowing you to view content. Yesterday Cloudflare announced a change to its service that should make life more bearable for Tor users:

Cloudflare launched today a new service named the “Cloudflare Onion Service” that can distinguish between bots and legitimate Tor traffic. The main advantage of this new service is that Tor users will see far less, or even no CAPTCHAs when accessing a Cloudflare-protected website via the Tor Browser.

The new Cloudflare Onion Service needed the Tor team to make “a small tweak in the Tor binary,” hence it will only work with recent versions of the Tor Browser –the Tor Browser 8.0 and the new Tor Browser for Android, both launched earlier this month.

Hallelujah!