Author: Christopher Burg

Tracking Your Pieces of Flair

Some people mistakenly believe that if they don’t carry a cell phone, government agents can’t track them. While cell phones are convenient tracking devices, they aren’t the only tool in the State’s toolbox. Law enforcers have been using license plate scanners for years now. Such scanners can track the whereabouts of every vehicle in the department’s territory. And since license plate scanners are technological devices, they are improving in capabilities:

On Tuesday, one of the largest LPR manufacturers, ELSAG, announced a major upgrade to “allow investigators to search by color, seven body types, 34 makes, and nine visual descriptors in addition to the standard plate number, location, and time.”

Plus, the company says, the software is now able to visually identity things like a “roof rack, spare tire, bumper sticker, or a ride-sharing company decal.”

Even obscuring or changing your license plate won’t work if you have, like so many Americans, covered your car in unique pieces of flair.

I’m sure some people, thinking that they’re very clever, have already come up with the strategy of not driving their vehicle. After all, if you don’t have a cell phone or a personal vehicle, the government can’t track you, right? Wrong again.

Missed Opportunities

Toys ‘R’ Us is one of many victims of the recent retail apocalypse. Now that its assets are being liquidated, we’re learning that the company missed some potentially significant opportunities:

Among the URLs purchased by Toys ‘R’ Us and now up for sale are sex-toys-r-us.com, kinkytoysrus.com, and aforementioned adult-toys-r-us.com. There are also more benign domain names, like toysrussucks.com, burgers-r-us.com, and cigars-r-us.com.

If Toys ‘R’ Us had associated businesses for those URLs, it probably wouldn’t be in its current financial situation.

Find a Career in Letting Children Get Gunned Down

Are you looking for a career that will allow you to live comfortably in your old age? Try a career in standing by while the children you’re tasked with protecting get gunned down:

Scott Peterson, the Broward County sheriff’s deputy who failed to engage the Parkland high school shooter, is eligible to receive an annual pension in excess of six figures.

The Sun Sentinel obtained records from the Florida Department of Management Services showing that Peterson, who retired in the weeks after the March shooting, is due to collect $8,700 per month. That works out to slightly more than $104,000 a year. Peterson, who is 55 years old, will be able to receive that pension for the rest of his life, and Broward County taxpayers will cover 50 percent of his health insurance premiums.

I guess the only solace here is that half of his health insurance premiums will quickly gobble up $104,000 per year at the rate it’s increasing.

My criticism here isn’t so much against Peterson (I’ve already criticized him) but against the department that employed him. Peterson failed to do his job and that failure likely lead to unnecessary deaths (shooters tend to off themselves upon meeting armed resistance so Peterson’s mere presence with a firearm would have stood a very high chance of immediately resolving the situation). He should have been terminated from the department for that. Instead the department let him retire and collect his absurd pension.

Shame Only Works on Those Who Feel Shame

It seems like every time I turn around it’s election season again. Primary seasons has just come and gone for some states, which means a bunch of statists just finished up trying to make people feel guilty for not suffering the same bullshit they just suffered:

Some Pennsylvania voters have received letters publicising whether they had voted in previous elections before they head to the polls on Tuesday.

The letters appeared to be intended to “embarrass” people into voting by revealing their voting record compared to that of friends and neighbours.

[…]

The information used in the letters comes from a public registry that costs $20 (£15) to access. This data is typically used by political parties for voter outreach.

“What if your friends, your neighbours, and your community knew whether you vote?” the letter asks.

What if my friends, neighbors, and community members knew whether I voted? They already do because I’m quite loud about the fact that I don’t vote.

Blackmail, which is what these letters are threatening, only works if the person being threatened wants a secret kept secret. As soon as the person being threatened ceases to care about whatever secret somebody is threatening to reveal, blackmail no longer works. If, for example, somebody is threatening to reveal that you didn’t vote in the last election, the best thing you can do to take their power away is publicly advertise the fact that you didn’t vote in the last election.

Government Goons Declare Anarchy Symbol a Hate Symbol

The City of Hamilton’s bureaucrats have declared that the anarchy symbol is a hate symbol in the same league as the Nazi swastika:

The City of Hamilton has forced a local anarchist group to remove the circle A anarchy symbol from its headquarters, saying it is “hate material” similar to the swastika.

City officials say they’re taking direction from Hamilton police on the issue, but police say that’s not the case.

Since anarchists want to abolish government, I understand why a bunch of government parasites would find the anarchy symbol hateful.

When people bring up the topic of hate speech, I like to point out that hate is a subjective idea. This rankles a lot of people because the topic of hate is often emotionally charged and most individuals seem to believe that hate is an objectively provable thing. They also seem to believe that hate is objectively whatever they believe hate to be.

I don’t consider the anarchy symbol to be a symbol of hate. In fact, I consider symbols of government to be symbols of hate. Am I right? That depends on whom you ask.

What I really want to know now is whether or not I as an anarchist qualify as an oppressed person in Hamilton.

Tipper Gore Would Be Proud

Fighting “hate” is all the rage these days. Facebook, Twitter, and now Spotify have all made pledges to fight “hate” on their platforms. But how does one define hate? Spotify decided that it didn’t want to tackle that difficult philosophical question itself so it outsourced the exercise to a few organizations including the Southern Poverty Laws Center (SPLC):

According to the policy, any tracks or artists identified as “hate content”—defined as music that “principally promotes, advocates, or incites hatred or violence against a group or individual based on characteristics, including, race, religion, gender identity, sex, ethnicity, nationality, sexual orientation, veteran status, or disability”—will be either removed from Spotify altogether or suppressed in promotions and stripped out of any platform-generated playlists.

The “hateful conduct” part of the policy will take aim at musicians’ off-the-clock behavior. “When an artist or creator does something that is especially harmful or hateful,” the company explains, that will affect the company’s dealings with them. R. Kelly, who has been accused of sexually abusing underage girls, appears to be the first casualty of this policy: The singer’s music will still stream at Spotify but will no longer be promoted there.

Several advocacy groups will help Spotify identify “hate content.” Among them: the Southern Poverty Law Center, the Anti-Defamation League, and GLAAD.

Since the SPLC is involved, anything that isn’t left of communism will probably get purged.

What will the aftermath of this policy announcement look like? If other streaming services decide to follow along, we will likely see an increase in music piracy again. People aren’t going to suddenly not want to listen to music by an artist simply because the SPLC decided it was hateful. If Spotify or Apple Music won’t stream the music people want, they will stop paying for those services and find their music elsewhere. This is how things have always worked.

EFAIL

A vulnerability was announced yesterday that affects both OpenPGP and S/MIME encrypted e-mails. While this was initially being passed off as an apocalyptic discovery, I don’t think that it’s scope is quite as bad as many are claiming. First, like all good modern vulnerabilities, it has a name, EFAIL, and a dedicated website:

The EFAIL attacks exploit vulnerabilities in the OpenPGP and S/MIME standards to reveal the plaintext of encrypted emails. In a nutshell, EFAIL abuses active content of HTML emails, for example externally loaded images or styles, to exfiltrate plaintext through requested URLs. To create these exfiltration channels, the attacker first needs access to the encrypted emails, for example, by eavesdropping on network traffic, compromising email accounts, email servers, backup systems or client computers. The emails could even have been collected years ago.

The attacker changes an encrypted email in a particular way and sends this changed encrypted email to the victim. The victim’s email client decrypts the email and loads any external content, thus exfiltrating the plaintext to the attacker.

The weakness isn’t in the OpenPGP or S/MIME encryption algorithms themselves but in how mail clients interact with encrypted e-mails. If your e-mail client is configured to automatically decrypt encrypted e-mails and allows HTML content to be displayed, the encrypted potion of your e-mail could be exfiltrated by a malicious attacker.

I generally recommend against using e-mail for secure communications in any capacity. OpenPGP and S/MIME are bandages applied to an insecure protocol. Due to their nature as a bolted on feature added after the fact, they are unable to encrypt a lot of data in your e-mail (the only thing they can encrypt is the body). However, if you are going to use it, I generally recommend against allowing your client to automatically decrypt your encrypted e-mails. Instead at least require that your enter a password to decrypt your private key (this wouldn’t defend against this attack if your client is configured to display HTML e-mail content but it would prevent malicious e-mails from automatically exfiltrating encrypted content). Better yet, have your system setup in such a manner where you actually copy the encrypted contents of an e-mail into a separate decryption program, such as the OpenPGP command line tools, to view the secure contents. Finally, I would recommend disabling the ability to display HTML e-mails in your client if you are at all concerned about security.

If you perform the above practices, you can mitigate this attack… on your system. The real problem is, as always, other people’s systems. While you may perform the above practices, you can’t guarantee that everybody with whom you communicate will as well. If an attacker can exploit one party, they will generally get the e-mails sent by all parties. This is why I’d recommend using a communication tool that was designed to be secure from the beginning, such as Signal, over e-mail with OpenPGP or S/MIME. While tools like Signal aren’t bulletproof, they are designed to be secure by default, which makes them less susceptible to vulnerabilities created by an improper configuration.

He Just Wanted to Go Home to His Fam… Oh

Another day, another bad apple:

MIAMI — A father is under arrest after allegedly beating his daughter at school.

The attack was caught on camera — and shows school employees going about their business and doing nothing to stop him.

The father, Raymond Emilio Rosario, is also a Miami-Dade police officer with a position at an airport.

This story is jam packed with terrible people. First you have the the father, a law enforcer, who beat his daughter. Then you have the school employees who just sat there and acted like nothing was happening while the father was beating his daughter in their presence. Finally you have his employer who will continue to pay him while he awaits his fate:

The Miami-Dade Police Department suspended him with pay.

A law enforcer beating his daughter isn’t a surprising story. Law enforcers have a notably high rate of domestic violence. However, it is a bit surprising to me that none of the school employees even reacted to the event. If you watch the video, they’re just sitting there and acting like nothing out of the ordinary is happening. I would’ve expected at least one employee to have enough courage to say to themselves that that wasn’t right and at least called 911 if they weren’t willing to intervene directly.

Make the Slaves Carry Their Tracking Devices

Mobile phones are useful for both us and government. For us they provide almost instant communications with any of our contacts across the globe as well as access to the collective knowledge base of humanity. For government they provide real-team location information and a potential goldmine of evidence, which is why one British judge thinks that there are benefits to forcing individuals to carry their cell phones at all times:

A senior British judge has highlighted the benefits of legislation that obliges people to carry their mobile phone at all times.

Sir Geoffrey Vos QC, Chancellor of the High Court and former head of the Bar Council, raised the prospect of compulsory mobe-carrying in a speech to the Law Society (PDF).

His speech hypothesized a future where everybody is required to carry their cell phone and how that would lead to easier criminal prosecutions. It’s also not an implausible future, especially in Britain. The island is already a surveillance state. Legally requiring individuals to carry a tracking device at all times probably wouldn’t even be noticed in the pile of other tracking technologies already being employed by Big Brother. Moreover, once everybody is legally required to carry their cell phone, another law could easily be passed that mandates that all cell phones have a “law enforcement mode” that allows law enforcers to secretly active a phone’s microphone and camera to collect evidence. That would, after all, make life easier for law enforcers, which seems to be what this judge is interested in.

We live in an time where Nineteen Eighty-Four is not only technologically feasible but is easily implementable thanks to the fact that most people already voluntarily carry around a device that can collect evidence against them.