Securing Financial Applications Behind Secondary Accounts

Many people run their entire lives from their mobile devices. Unfortunately, this makes mobile devices prime targets for malicious actors. Apple and Google have responded to this by continuously bolstering the security of their respective mobile operating systems (although the openness of Android means device manufacturers can and often do undo a lot of that security work). One major security improvement has been the optional use of biometrics to unlock devices. Before fingerprint and facial recognition on mobile devices, you had to type in a password (or optionally draw a pattern on Android) every time you wanted to unlock your device. This dissuaded people from setting an unlock password on their devices. Now that mobile devices can be quickly unlocked with fingerprint or facial recognition, implementing a proper unlock password on a device isn’t as inconvenient. With this increase in convenience came an increase in the number of people properly locking their devices.

Setting a proper unlock password protects the owner from the consequences of their mobile device being stolen. A thief might get the device, but if it’s a properly locked (which implies all security updates are installed and the device is actively supported by the manufacturer) device, the thief will be blocked from accessing data on the device such as any financial applications.

Now that locked devices are more prevalent, thieves are resorting to new forms of trickery to gain access to the valuable information on devices:

Most scams that utilize payment apps involve a range of tricks to get you to send money. But some criminals are now skipping that step; they simply ask strangers to use their phones and then send the money themselves.

The victim often doesn’t realize what’s happened until hours or even days later. And by that point, there’s very little they can do about it.

If somebody asks to borrow your phone, tell them no. But asking to borrow a phone isn’t the only way thieves acquire access to unlocked devices. Thieves are also targeting people who are actively using their devices (and since those people often aren’t paying attention to their surrounding, they’re easy targets). If a thief steals an unlocked device from somebody, they can gain access to the information on the device until it is locked again.

Most financial applications offer the ability to set an application specific password, which you should do. However, Android offers another level of security. Android supports multiple user accounts. Applications and data in one user account cannot be accessed by other user accounts (an application can be installed in multiple accounts, but each installation is unique to an account). A user can add a separate user and install their financial applications in that account. When they’re using their main account for things like making calls and instant messaging, their financial accounts remained locked behind the secondary account. So long as the user isn’t actively using the secondary account, any thief who swipes the device while it’s unlocked will not even be able to see which, if any, financial applications are installed.

Financial applications aren’t the only ones that you can hide behind secondary user accounts, but they’re good candidates because unauthorized access to those applications can result in real world consequences. Furthermore, financial applications usually aren’t accessed frequently. They’re accessed when a user needs to check the status of an account or make a transaction.

Malicious Automatic Updates

The early days of the Internet demonstrated both the importance and lack of computer security. Versions of Windows before XP had no security to speak off. But even by the time Windows XP was released, your could still easily compromise your entire system by visiting a malicious site (while this is still a possibility today, it was a guarantee back then). It was during the reign of Windows XP when Microsoft started taking security more seriously. Windows XP Service Pack 2 included a number of security improvements to the operating system. However, this didn’t solve the problem of woeful computer security because even the best security improvements are worthless if nobody actually installs them.

Most users won’t manually check for software updates. Even if the system automatically checks for updates and notifies users when they’re available, those users often still won’t install those updates. This behavior lead to the rise of automatic updates.

In regards to security, automatic updates are good. But like all good things, automatic updates are also abused by malicious actors. Nowhere is this more prominent than with smart appliances. Vizio recently released an update for some of their smart televisions. The update included a new “feature” that spies on what you’re watching and displays tailored ads over that content:

The Vizio TV that you bought with hard-earned cash has a new feature; Jump Ads. Vizio will first identify what is on your screen and then place interactive banner ads over live TV programs.

[…]

It is based on Vizio’s in-house technology from subsidiary company Inscape that uses automatic content recognition (ACR) to identify what is on your screen at any given moment. If the system detects a specific show on live TV it can then show ads in real-time.

Vizio isn’t unique in this behavior. Many device manufacturers use automatic updates to push out bullshit “features.” This strategy is especially insidious because the malicious behavior isn’t present when the device is purchased and, oftentimes, the buyer has no method to stop the updates from being installed. Many smart devices demand an active Internet connection before they’ll provide any functionality, even offline functionality. Some smart devices when not given Internet access will scan for open Wi-Fi networks and automatically connect to any one they find (which is a notable security problem). And as the price of machine to machine cellular access continues to drop, more manufacturers are going to cut out the local network requirement and setup their smart devices to automatically connect to any available cellular network.

This pisses me off for a number of reasons. The biggest reason is that the functionality of the device is being significantly altered after purchase. S consumer may buy a specific device for a reason that ceases to exists after an automatic update is pushed out by the manufacturer. The second biggest reason this behavior pisses me off is because it taints the idea of automatic updates in the eyes of consumers. Automatic updates are an important component in consumer computer security, but consumers will shy away from them if they are continually used to provide a negative experience. Hence this behavior is a detriment to consumer computer security.

As an aside, this behavior illustrates another important fact that I’ve ranted about numerous times: you don’t own your smart devices. When you buy a smart device, you’re paying money to grant a manufacturer the privilege to dictate how you will use that device. If the manufacturer decides that you need to view ads on the screen of your smart oven in order to use it, there is nothing you as an end consumer can do (if you’re sufficiently technical you might be able to work around it, but then you’re just paying money to suffer the headache of fighting your own device).

Once again I encourage everybody reading this to give serious consideration to the dwindling number of dumb devices. Even if a smart device offers features that are appealing to your use case, you have to remember that the manufacturer can take those features away at any time without giving you any prior notice. Moreover, they can also add features you don’t want at any time without any notice (such as spyware on your television).

Full Faith and Credit

A common criticism made against market based currencies (for example, precious metals and cryptocurrencies) by advocates of fiat is that market based currencies aren’t backed by the full faith and credit of any notable governments. The implication is that governments are the best shepherds of currency. Is this really true though? A quick look at the historical performance of government fiat indicates that it isn’t.

The dollar is currently experiencing a high rate of inflation. While official numbers state an inflation rate of approximately eight percent, the real rate is likely significantly higher. Compounding this issue is the fact that these numbers aren’t unprecedented. The linked article notes that this is the highest rate of inflation since 1982, which wasn’t that long ago in the grand scheme of things. If you look at the performance of the dollar since 1800, you’ll find that 22.52 2022 dollars are needed to equal the purchasing power of a single 1800 dollar.

When people think of Bitcoin, they often think of its short term ups and downs. Critics use its sometimes wild short term fluctuation in value as an argument against it. But if you look past its short term performance and instead look at its long term performance, you’ll notice that it has increased in value dramatically. When Mt. Gox (remember them) came onto the scene in 2010, one Bitcoin was worth $0.07. As of this writing, not quite twelve years later, one Bitcoin is trading at approximately $44,428.81. Meanwhile, in the same span of time a single dollar has inflated to $1.30. Had you invested in dollars in 2010, you would have lost almost a third of your purchasing power. Had you invested in Bitcoin in 2010, you would have gained a tremendous amount of purchasing power.

Bitcoin isn’t the only market based currency that increased in value over the last 12 years. Let’s take a look at gold. At the beginning of 2010 a troy ounce of gold was worth approximately $1136.40. As of this writing a troy ounce of gold is worth $1,934.43. That’s nowhere near the same increase in value as Bitcoin, but it’s still a sizable increase. As with Bitcoin, had you invested in gold in 2010, you would have gained purchasing power.

The dollar isn’t the only government backed currency that sucks. Since 2010 a single euro has inflated to €1.20 , a single ruble has inflated to ₽2.09, and a single Canadian dollar has inflated to $1.24. Even the Swiss franc has inflated, albeit only to fr.1.01 (making it the least terrible fiat store of value on this list).

It seems that the full faith and credit of a notable government is actually detrimental to a currency. Unless, of course, you like losing purchasing power over time. But if that’s your thing, I suggest just sending your unwanted purchasing power to me. I’ll happily take it.

It Always Comes Back to Fascism

Champions of democracy whether they be republicans (not the party), socialists, communists, or social democrats always claim that their idealized form of government is the opposite of fascism. When things are going well for democratic governments, they can appear quite different from fascism. However, when things go bad, democracies always revert to fascism.

A few weeks ago a bunch of Canadian truckers decided that they had had enough of their government’s COVID mandates. As a form of protest they drove to Ottawa and setup camp. What makes this protest different from recent popular occupational protests like the Occupy movement is that the protesters are working class instead of petty bourgeois. Because of that they’ve been labeled insurrectionists, racists, and worse instead of protesters (it turns out self-proclaimed champions of the working class tend to hate the actual working class). In spite of the labels foisted on the protesters, they have successfully embarrassed the Canadian government. The Canadian government’s reaction was predictable. It resorted to good old-fashioned fascism:

Under the extraordinary measures invoked by Mr. Trudeau, the police across the country will now be able to seize trucks and other vehicles being used in blockades. The measure will formally ban demonstrations that “go beyond lawful protest,” and the government can formally ban blockades in designated areas like border crossings, airports and the city of Ottawa.

Tow-truck operators, who have been reluctant to cooperate with the police, will also now be compelled to work with law enforcement agencies to clear Ottawa’s streets and the border crossings at Coutts, Alberta. If they don’t cooperate, they could face arrest.

The second paragraph is the most interesting. Most tow-truck operators who possess the equipment necessary to move semis rely on the good grace of truckers for their income. As a result they have refused the government’s request for towing services. In response the Canadian government is now putting a gun to their head and demanding obedience. This practice is commonly referred to as forced labor or slavery.

The Canadian government’s behavior isn’t unique amongst democracies. All democracies will toss aside their facade of respecting individuals when their power is challenged.

Bring Enough Gun

A story making the rounds illustrates the importance of ensuring that you have enough gun:

A large bull moose spent more than an hour stomping on the sled dog team of a rookie Iditarod musher in the wilds of Alaska last week – and the attack didn’t end even after Bridgett Watkins emptied her gun into the animal.

[…]

‘As he charged me I emptied my gun into him and he never stopped,’ she wrote on Facebook. ‘I ran for my life and prayed I was fast enough to not be killed in that moment. He trampled the team and then turned for us.’

[…]

She did carry a .380 caliber gun because there are few people where she trains, and she keeps it to to deter or scare off animals. She has since upgraded to a larger caliber firearm after it didn’t stop the moose.

A bull moose is basically a freight train on legs that is fueled by rage. Shooting one with a .380 will just piss it off. In Watson’s defense, she wasn’t foolish enough to believe that a .380 would drop a moose. She carried it assuming that the noise it created would be sufficient to scare off an attacking animal.

So this story illustrates two important consideration when creating a self-defense plan. First, recognize the threats and bring sufficient firepower to deal with those threats. Second, if your plan includes deterrence (which it should), have a backup plan in case it doesn’t work.

Consider the self-defense plan one might establish in a city. Your primary threat will likely be humans. That means calibers like 9mm, .45 ACP, 5.56x45mm, and 7.62x39mm are sufficient in most cases. Pepper spray is a non-lethal option that is often sufficient to dissuade an attacking human. In a city your defensive plan might include a 9mm handgun and a small canister of pepper spray.

Now consider the wilderness in the Upper Midwest. While humans are still a threat in the wilderness, they’re much less common in the wilderness and smaller than some other threats. If you go to the northern parts of Minnesota, you might encounter moose. Throughout much of the Upper Midwest there are also black bears. Both are larger than humans and require more firepower to reliably drop. Therefore, your self-defense strategy might include a .357 magnum, .44 magnum, or 12 gauge shotgun loaded with slugs. Run of the mill pepper spray won’t be sufficient, which is why bear mace exists. In the wilderness of the Upper Midwest your defensive plan might include a .44 magnum revolver and a canister of bear mace.

Obviously a gun and chemical irritant aren’t a complete self-defense plan. There are many other components including a plan to deal with injuries (which is even more critical in the wilderness where emergency services are often unavailable). However, like every other part of your plan, your lethal and non-lethal tools need to match the environment.

Ode to the Dumb Car

I own three vehicles. The newest one was built in 2008. They’re all dumb vehicles. They have gauges on the dashboard and the only “screen” any of them have are primitive segmented LED displays on their radios. The clocks only know how to display hours and minutes and need to be manually set whenever daylight savings time changes (or the battery is disconnected).

To me a vehicle is a long term purchase. When I buy one, I assume that I’ll be driving it until is stops functioning. I want at least a decade and always hope for more. Because I tend to drive vehicles for a long time, I avoid vehicles that have built-in navigation, touch screens, or infotainment systems. Vehicle manufacturers are notoriously bad at software. Not only do they tend to write software poorly, they also don’t provide updates for very long. That can lead to awkward situations like your clock rolling back 1024 weeks:

The Jalopnik inbox has been lit up with a number of reports about clocks and calendars in Honda cars getting stuck at a certain time in the year 2002. The spread is impressive, impacting Honda and Acura models as old as 2004 and as new as 2012. Here’s what might be happening.

If you scroll through a Honda or Acura forum right now, chances are you’re going to run into a bunch of confused owners. When they hopped into their cars on January 1 they found the clocks on their navigation systems frozen at a certain time. And the calendar date? 2002, or 20 years ago.

[…]

Drive Accord forum user Jacalar went into the navigation system’s diagnostic menu on Sunday and discovered that the GPS date was set to May 19, 2002, or exactly 1024 weeks in the past.

Global Positioning Systems measure time from an epoch, or a specific starting point used to calculate time. The date is broadcasted including a number representing the week, coded in 10 binary digits. These digits count from 0 to 1023 then roll over on week 1024. GPS weeks first started on January 6, 1980 before first zeroing out on midnight August 21, 1999. It happened again April 6, 2019. The next happens in 2038.

Synchronizing time with GPS is an intelligent choice. But you have to understand the specification. Since the week counter for GPS rolls over every 1024 weeks, you need your system to take that into account and adjust accordingly. Honda didn’t take that into consideration so now the clock on a bunch of their vehicles is stuck 20 years in the past. Making the matter worse is that Honda hasn’t provided a fix and, if history is any indicator, may never provide a fix (or at least not provide a fix for vehicles past a certain manufacturing date).

This problem is just another on the long list of what I like to call software based obsolescence. Software based obsolescence isn’t necessarily planned obsolescence. I doubt anybody at Honda implemented a plan to cause this issue. In all likelihood the software developers were ignorant of the fact that the GPS week counter rolls over every 1024 weeks. Because they were ignorant of that behavior, the didn’t take it into consideration when they wrote the software (in fact the developers may have been using a third-party library for syncing time with GPS and that library didn’t take the rollover into consideration).

As a general rule software doesn’t age well. The more complex a piece of software is, the worse it will age (obviously exceptions to the rule exist). So software written to control a specific process in your engine may age fine, but software that handles time synchronization (a surprisingly complex task) will likely age poorly. This is why software patches exist. However, when you combine increasingly complex software with systems that cannot be updated or will not be updated after a specific period of time, that product, if it’s dependent on software, will have the same life expectancy as the software. In the case of the Honda vehicles mentioned in the story, the rest of the vehicle is able to operate properly even if the time synchronization is broken. But if a system depends on an accurate clock, then improper time synchronization will break that system.

This is why I prefer to avoid systems that are reliant on software unless I only plan to use the platform for a specific period of time or the platform is open to user modification and the software it depends on is open source.

The Rittenhouse Trial

Because I started my blogging “career” as a gun blogger, the fact that I haven’t posted about the Rittenhouse case may have surprised a few longtime readers. However, I chose to refrain from commenting about it because I wanted to have access to all of the evidence before making an ass out of myself (better to be an ass who analyzed the evidence than an ass who didn’t).

Fortunately, the entire trial was livestreamed. Rather than listen to my usual assortment of podcasts while I worked, I opted to listen to the livestream of the trial. This gave me the opportunity to hear both the prosecution’s and defense’s cases. Based on the cases put forth I agree with the jury’s decision to find Rittenhouse not guilty on all charges.

A quick browsing of Twitter shows that a lot of people disagree with the jury’s verdict. It also shows me that many of the people expressing the strongest opinions, as is the tradition of online debates, didn’t watch the trial and misunderstand how the justice system in the United States is supposed to work (which is different than how it often works).

Let’s start with what I consider to be one of the most important characteristics of a functional justice system: presumption of innocence. When the state brings charges against an individual, the individual is assumed to be innocent. This means that the burden is placed on the state to prove the individual is guilty beyond a reasonable doubt. If you watched the trial, you saw how weak the prosecution’s case was. By the end of the trial the prosecution was leaning almost exclusively on video captured from a drone. The prosecution claimed that the video showed Rittenhouse aiming his rifle at people. This according to the prosecution proved that Rittenhouse instigated the situation and therefore lost the right to claim self-defense. Setting aside the minutia of self-defense law (what qualifies as instigation, when you lose the right to claim self-defense, when you regain the right to claim self-defense, etc.) the drone footage didn’t conclusively show Rittenhouse aiming his gun at people, which means the evidence didn’t prove the prosecution’s argument beyond a reasonable doubt.

I’m highlighting the drone footage because it allows me to segue into another point: trials have rules. A lot of rules. One rule is that the defense must be given access to the prosecution’s evidence. The prosecution provided the defense with a compressed copy of the drone footage. The defense brought this up in trial. A lot of online publications tried to make this sounds like the defense was desperate, but it was raising legitimate concerns about artifacts that are introduced when video files are compressed. Miraculously the prosecution produced a higher resolution version of the video footage and asked to show it to the jury… without first give the defense reasonable time to analyze it. This lead to the defense filing a motion for mistrial. Again online publications tried to make the motion sound like a desperate last ditch effort by a losing defense, but in actuality the motion was filed because the prosecution broke the rules.

This segues into a third point. Judges are basically referees. They ensure both the defense and prosecution (as well as everybody else in the courtroom) play by the rules. A lot of people accused the judge of (amongst other things) being biased in favor of the defense. Having watched the trial I can’t agree with those accusations. The judge came off to me as being pretty fair. Some of his actions did favor the defense, but some of his actions also favored the prosecution. The most obvious action he took that favored the prosecution was not declaring a mistrial (I believe the motion for a mistrial had merit and the judge would have been well within his rights to declare a mistrial).

These are just a few highlights that I chose to explain some of the important features of a trial. In truth the prosecution made a pitiful showing. Not only did it bring a weak case, but it violated some major rules (bringing up the fact Rittenhouse choice to exercise is Fifth Amendment right, which is a big no-no for a prosecutor, being one of the more egregious violations).

So, despite what many Twitter users seem to believe, a criminal trial is not meant to be a mere formality that enacts the desires of the loudest majority. It’s meant to be a strictly defined process to determine whether a person is guilty of a crime. While you’ll find no shortage of criticisms of the United States justice system coming from me, in this case I believe that the trial was executed more or less appropriately and the verdict was correct based on the arguments made by the defense and prosecution.

What annoys me most about this case is that even though the video footage of the entire trial is readily available on sites like YouTube, people will continue to spout falsehoods about it and the events that lead up to it. I still see a lot of tweets claiming that Rittenhouse illegally crossed state lines with his rifle or was illegally in possession of the rifle because he was a minor (those who watched the trial know that neither statement is correct). I also see a lot of tweets accusing the judge of being biased or a white supremacist (which mostly derive from a joke he made about Asian food that was actually, and pretty obviously in context, a joke about the current supply chain issues). Nothing the judge said during the trial leads me to believe he’s a white supremacist (and considering all three of the individuals Rittenhouse shot were white, I’m not sure why this is something people are wasting so much bandwidth arguing) and, as I wrote previously, his actions didn’t indicate any obvious bias.

Preparing for Bad Times

It’s obvious that inflation and shortages are long term trends, not short term “transitory” states as claimed by the current rulers and their mouthpieces in the mainstream media. If history is any indicator, we’re moving towards bad times. However, the effects of bad times can be mitigated with a bit of planning and preparation.

I’m guessing a large percentage of people reading this have been preparing for bad times for a while. If you have been, good on you. You were smart. If you haven’t, don’t worry. There’s still time. Although most goods are harder to come by than they were two years ago, necessities can still be readily had in most places (although you may have to go to several stores to get everything on a list).

If you haven’t been, this post is a primer for you. It’s not all encompassing. It’s a bullet point list meant to get your started.

Creating a Plan

During the first wave of lock downs people snapped up toilet paper and frozen pizzas like they were gold. They did this because they realized that they needed to “do something” but didn’t bother to develop a plan.

When preparing for bad times, you want to allocate resources where they will do the most good. Having a stockpile of toilet paper is good, but all the toilet paper in the world is worthless if you don’t have any food. The first step of developing a plan is identifying what you need. The most immediate needs of a person are water, food, and protection from the elements (shelter and clothing). If you want to avoid disease, you will also need a hygienic environment and medical supplies. I suggest starting with these categories.

Water

Water availability will differ from region to region. If you live in a desert, you will need more stored water than somebody who lives near plentiful fresh surface water (in which case filtration can be an alternative to storage). Unless the water coming out of your tap is poisonous (in other words what I’m writing doesn’t apply if you live in Flint, Michigan), I’d suggest storing tap water over buying bottled water from a store. Do keep in mind that filling random containers with water isn’t sufficient. You need to store your water properly if you want it to last.

Food

Judging by availability immediately after the lock downs, a lot of people believe they can eat frozen pizzas forever. Setting aside the dubious nutritional value of frozen pizzas, putting all of your eggs in one freezer isn’t a smart long term plan. Freezers require electricity and can breakdown. If electricity is unavailable for an extended period of time or your freezer suffers a mechanical failure, everything stored in it will thaw and spoil. You can mitigate the risk of power loss with a generator (so long as fuel is available), but you can’t mitigate the effects of a breakdown unless you have a backup freezer (two is one, one is none). I don’t want to discourage you from making frozen food part of your plan, just don’t make it your entire plan. Having a backup plan for your backup plan is never a dumb idea (again, two is one…).

The good news for your preparedness plan is that there are options in addition to frozen food. Canned goods are the most obvious. Canned goods in good condition can last for a very long time if properly stored. Dry goods are also worth adding to your plan. Dried beans, rice, pasta, etc. store well without the need for refrigeration. Specially prepared foods such as pemmican and hard tack also store well without refrigeration and can serve as alternative ways to store otherwise perishable foods like meat if a freezer isn’t available.

Before you run to the store and buy every can of Spam on the shelf, consider your current diet. If you don’t like Spam, buying pallets of it is foolish. Survival is the primary purpose of preparing for bad times, but there’s no reason you have to suffer to survive. Focus on buying foods you actually like to eat. This will make your life more pleasant in bad times and allow you to cycle through your stockpile during good times (more on that in a bit). Moreover, buy a variety of foods you like to eat. That will allow you to mitigate appetite fatigue (the point where you become so sick of eating the same thing that you can no longer choke it down even in a survival situation).

Protection from the Elements

I’m not going to spend much time on this. You need appropriate living arrangements to both protect yourself from the elements and to store your necessities. Proper clothing for where you live is also necessary (for example, if you live in an area with harsh winters, make sure you have clothing that will protect you from those conditions).

A bug out destination can be included in this category. Depending on the type of bad time you’re experiencing, your home may not be safe.

A Hygienic Environment

Medical care may be limited or unavailable during bad times. That makes getting sick more dangerous. The best way to avoid sickness is to maintain a hygienic environment. You want to have sufficient cleaning supplies to keep your home clean. That means supplies to sanitize where you prepare your food, supplies to prevent mold from growing in your bathroom, and supplies to keep your clothing and body clean.

This seems to be the most often overlooked part of a preparedness plan. Most people remember food and water, but often forget soap, laundry detergent, bleach, etc. Don’t be one of those individuals or all the water and food you painstakingly stocked will be wasted.

Medical Supplies

Speaking of illness, make sure you have stocks of basic medical supplies. Bandages, gauze, medical tape, tourniquets, disinfectant, etc. are all good things to have and usually store for a long time. Again, medical care may be limited so you may have to fend for yourself if you are injured. Moreover, try to stockpile any medications you need (this can be hard because the state artificially restricts access to prescription medications).

Pets

Do you have pets? Do you want them to survive bad times? If so, makes sure you stock supplies for your pets as well. How easy this is will depend on the kind of pets you have.

Cycling Stock

Instead of building a stockpile and forgetting about it until bad times hit, you should use and replace items from your stockpile during good times. For example, if you have a recipe calling for green beans, pull a can of green beans from your stockpile and replace that can with a new one. This serves two purposes. First, it guards against spoilage by limiting the amount of time any good is stored. Second, it increases your chances of discovering spoiled stock when it can be readily replaced. A can of rancid meat is less of a problem when you can go to the store and buy a replacement than it is when canned meat is unavailable.

Allocating Resources

So you put together a plan, crunched the numbers, and realized that this is going to cost a lot of money. Don’t be disparaged. You don’t have to buy everything immediately.

Your plan should be prioritized. This can be done by asking some simple questions. What items do you need immediately? What items can be acquired cheaply? What items will require saving money to acquire? What items are more readily available?

Obviously items you need immediately should be prioritized. If, for example, you were one of those individuals who stockpiled toilet paper during the beginning of the lock downs and still have several months worth in stock, toilet paper should have a low priority. You may want to prioritize items that you need and are already in short supply. For example, many of the recipes my wife cooks require coconut milk. We live in the Midwest where coconut milk is usually relegated to the “Asian section” of the grocery store, which usually has limited stock in the best of times. So coconut milk is prioritized higher on my list.

Items that can be acquired cheaply are good add-ons to your normal grocery list. For example, many canned vegetables can still be found for under a dollar a can (this is being written on November of 2021, if you’re reading this months after I wrote it, inflation may have made this claim look absurd). Adding a few cans of vegetables to your grocery list probably won’t break the bank. Over time a few cans here and there will result in a very comfortable stockpile. Keep an eye out for sales. If your grocery store is having a sale on an item on your preparedness plan, use the opportunity to stock up for less.

What about expensive items like generators and hiring and electrician to wire your house so you can connect your generator to your home? Budget for them. Save some money each month for the purpose of acquiring more expensive items.

Don’t Panic

Preparing for bad times is, in my opinion, a continuous process. If you do a little bit every week or month, you will be in a solid position surprisingly quickly. It’s easy to convince yourself that everything could fall to pieces tomorrow and panic. Remember that things seldom fall to pieces overnight. When you wake up tomorrow, there will likely still be food on store shelves and the money in your wallet will likely still be able to buy it.

Always On Microphones are Always On

Reader Steve T. sent me a link to story confirming my decision to not own smart speakers. A woman going by the name my.data.not.yours on TikTok (I guess this is the new hip surveillance social media network) sent a request to Amazon for all of the data the company had on her. The result? Exactly what you would expect (I sanitize the TikTok link embedded in the source so I’ll apologize here if it doesn’t work):

TikToker my.data.not.yours explained: “I requested all the data Amazon has on me and here’s what I found.”

She revealed that she has three Amazon smart speakers.

Two are Amazon Dot speakers and one is an Echo device.

Her home also contains smart bulbs.

She said: “When I downloaded the ZIP file these are all the folders it came with.”

The TikToker then clicked on the audio file and revealed thousands of short voice clips that she claims Amazon has collected from her smart speakers.

Smart speakers like the ones provided by Amazon have an always on microphone to listen for voice commands. The problem isn’t necessarily the always on microphone but the fact that most smart speakers don’t perform on-site audio analysis (or only perform very limited on-site analysis). Instead they record audio and send it to an off-site server for processing. Why is the audio moved off-site? Ostensibly it’s because an embedded device like a smart speaker doesn’t have the same processing power as a data center full of computers. Though I suspect that gaining access to valuable information like household conversations has more to do with the data being moved off-site than the accuracy of the audio analysis.

The next question one might ask is, why is the data being stored? This is why I suspect moving the data off-site has more to do with gaining access to valuable information. Once the audio has been analyzed and the commands to be executed transmitted back to the smart speaker, the audio recording could be deleted. my.data.not.yours discovered that the audio isn’t deleted or at least not all of the audio is deleted. But even if Amazon promised to delete all of the audio sent to its servers, there would be no way for you as an end user to verify whether the company actually followed through. Once the data leaves your network, you lose control over it.

The problem with Amazon’s smart speakers is exacerbated by their proprietary nature. While Amazon provides the source code necessary to comply with the licenses of the open source components it uses, much of the stack involved with its smart speakers is proprietary. This means you have no insight into what your Amazon smart speaker is actually doing. You have a black box and promises from Amazon that it isn’t doing any shady shit. That’s not much of a guarantee. Especially when dealing with a device that is designed to listen to everything you say.

Gun Control Continues to Fail

I’ve stated many times on this blog that gun control is futile because it’s impossible to control the production of simple mechanical devices. Guns aren’t like semiconductors. Today (however, this will change in the future) manufacturing semiconductors requires highly specialized equipment and knowledge. Guns on the other hand require only the simplest tools and materials to build. The knowledge isn’t specialized either. Books on the topic of gunsmithing are readily available and the information is easily accessible online.

Whenever I brought up these points advocates for gun control (and even some opponents of gun control) claimed that I was full of shit. To them I submit the following:

The proliferation of homemade “ghost guns” has skyrocketed in Los Angeles, contributing to more than 100 violent crimes this year, the Los Angeles Police Department said in a report released Friday.

Detectives have linked the untraceable weapons to 24 killings, eight attempted homicides and dozens of assaults and armed robberies since January, according to the report.

And police expect the problem to get worse, the report said.

During the first half of this year, the department confiscated 863 ghost guns, a nearly 300% increase over the 217 it seized during the same period last year, according to the report. Since 2017, the report said, the department has seen a 400% increase in seizures. That sharp jump suggests the number of ghost guns on the streets and such seizures “will continue to grow exponentially,” the authors of the report wrote.

This is nothing new. Just ask Brazil. But this is a good story to show that gun control can’t even succeed in a city with extremely restrictive gun control laws located in a state that also has extremely restrictive gun control laws. If people in Los Angeles can’t be stopped from manufacturing firearms, there’s no hope of any government entity controlling it elsewhere.

Nothing I said here is specific to firearms. Anytime a government attempts to outlaw a technology it only leads to the creation of a black market. The only difference between a legal and illegal technology is that manufacturing, selling, and buying an illegal technology carries additional risks. These risks are reflected in the higher prices charged by manufacturers and the amount of effort put into hiding them from authorities (whereas little if any effort is ever put into hiding legal technologies from authorities so it’s actually easier for authorities to track them). I’m sure law enforcement agencies and the mainstream media will make this into a big issue over the next few years. Their efforts will be wasted though because there’s nothing government can do to stop this.