Malicious Automatic Updates

The early days of the Internet demonstrated both the importance and lack of computer security. Versions of Windows before XP had no security to speak off. But even by the time Windows XP was released, your could still easily compromise your entire system by visiting a malicious site (while this is still a possibility today, it was a guarantee back then). It was during the reign of Windows XP when Microsoft started taking security more seriously. Windows XP Service Pack 2 included a number of security improvements to the operating system. However, this didn’t solve the problem of woeful computer security because even the best security improvements are worthless if nobody actually installs them.

Most users won’t manually check for software updates. Even if the system automatically checks for updates and notifies users when they’re available, those users often still won’t install those updates. This behavior lead to the rise of automatic updates.

In regards to security, automatic updates are good. But like all good things, automatic updates are also abused by malicious actors. Nowhere is this more prominent than with smart appliances. Vizio recently released an update for some of their smart televisions. The update included a new “feature” that spies on what you’re watching and displays tailored ads over that content:

The Vizio TV that you bought with hard-earned cash has a new feature; Jump Ads. Vizio will first identify what is on your screen and then place interactive banner ads over live TV programs.

[…]

It is based on Vizio’s in-house technology from subsidiary company Inscape that uses automatic content recognition (ACR) to identify what is on your screen at any given moment. If the system detects a specific show on live TV it can then show ads in real-time.

Vizio isn’t unique in this behavior. Many device manufacturers use automatic updates to push out bullshit “features.” This strategy is especially insidious because the malicious behavior isn’t present when the device is purchased and, oftentimes, the buyer has no method to stop the updates from being installed. Many smart devices demand an active Internet connection before they’ll provide any functionality, even offline functionality. Some smart devices when not given Internet access will scan for open Wi-Fi networks and automatically connect to any one they find (which is a notable security problem). And as the price of machine to machine cellular access continues to drop, more manufacturers are going to cut out the local network requirement and setup their smart devices to automatically connect to any available cellular network.

This pisses me off for a number of reasons. The biggest reason is that the functionality of the device is being significantly altered after purchase. S consumer may buy a specific device for a reason that ceases to exists after an automatic update is pushed out by the manufacturer. The second biggest reason this behavior pisses me off is because it taints the idea of automatic updates in the eyes of consumers. Automatic updates are an important component in consumer computer security, but consumers will shy away from them if they are continually used to provide a negative experience. Hence this behavior is a detriment to consumer computer security.

As an aside, this behavior illustrates another important fact that I’ve ranted about numerous times: you don’t own your smart devices. When you buy a smart device, you’re paying money to grant a manufacturer the privilege to dictate how you will use that device. If the manufacturer decides that you need to view ads on the screen of your smart oven in order to use it, there is nothing you as an end consumer can do (if you’re sufficiently technical you might be able to work around it, but then you’re just paying money to suffer the headache of fighting your own device).

Once again I encourage everybody reading this to give serious consideration to the dwindling number of dumb devices. Even if a smart device offers features that are appealing to your use case, you have to remember that the manufacturer can take those features away at any time without giving you any prior notice. Moreover, they can also add features you don’t want at any time without any notice (such as spyware on your television).

It Always Comes Back to Fascism

Champions of democracy whether they be republicans (not the party), socialists, communists, or social democrats always claim that their idealized form of government is the opposite of fascism. When things are going well for democratic governments, they can appear quite different from fascism. However, when things go bad, democracies always revert to fascism.

A few weeks ago a bunch of Canadian truckers decided that they had had enough of their government’s COVID mandates. As a form of protest they drove to Ottawa and setup camp. What makes this protest different from recent popular occupational protests like the Occupy movement is that the protesters are working class instead of petty bourgeois. Because of that they’ve been labeled insurrectionists, racists, and worse instead of protesters (it turns out self-proclaimed champions of the working class tend to hate the actual working class). In spite of the labels foisted on the protesters, they have successfully embarrassed the Canadian government. The Canadian government’s reaction was predictable. It resorted to good old-fashioned fascism:

Under the extraordinary measures invoked by Mr. Trudeau, the police across the country will now be able to seize trucks and other vehicles being used in blockades. The measure will formally ban demonstrations that “go beyond lawful protest,” and the government can formally ban blockades in designated areas like border crossings, airports and the city of Ottawa.

Tow-truck operators, who have been reluctant to cooperate with the police, will also now be compelled to work with law enforcement agencies to clear Ottawa’s streets and the border crossings at Coutts, Alberta. If they don’t cooperate, they could face arrest.

The second paragraph is the most interesting. Most tow-truck operators who possess the equipment necessary to move semis rely on the good grace of truckers for their income. As a result they have refused the government’s request for towing services. In response the Canadian government is now putting a gun to their head and demanding obedience. This practice is commonly referred to as forced labor or slavery.

The Canadian government’s behavior isn’t unique amongst democracies. All democracies will toss aside their facade of respecting individuals when their power is challenged.

Cutting Off Power and Water

I’m going to start this post by quoting myself from yesterday:

It is also easy to see how the state was able to become more authoritarian as more and more people migrated into tightly packed cities (there’s a reason the most authoritarian regimes tightly control travel) and as the state claimed monopoly powers over critical infrastructure such as electricity, power, and sanitation. If you live in a city, the very things you depend on to survive are likely entirely controlled by the state and that gives it literal power of life and death.

I think the universe may be conspiring to prove my point:

The mayor went on to announce the “business ambassadors program” — an effort to get nonessential businesses to close.

“This behavior is irresponsible and selfish,” he said of those that remain open.

He said the Department of Water and Power will shut off services for the businesses that don’t comply with the “safer at home” ordinance.

If you ask a random Joe on the street why the state usually claims a monopoly on providing utilities like power and water, the odds are extremely good that they will claim that those things are natural monopolies. It’s a bullshit claim because natural monopolies don’t exist. The real reason the state claims a monopoly on those things is because those things provide it tremendous power. A lack of power and water will cripple most businesses (and residences) this day and age.

War Is Good

Remember the aftermath of 9/11 when Bush entangled the United States in several Middle Eastern conflicts? It lead to the rise of a very fervent anti-war left.

Then Obama came into power. The anti-war left fell silent. I guess they were on vacation or something.

Now Trump has undone one of the products of Bush’s legacy and announced that the United States is pulling out of Syria, which has cause the anti-war left to not only decide that Bush’s wars were OK but that his wars were absolutely necessary!

I have to assume that during its mysterious eight year disappearance, the anti-war left was taken away to Room 101 and taught the importance of Big Brother’s wars. Either that or the anti-war left was never actually against war and merely exploited Bush’s war in order to criticize somebody who worshiped the wrong political god.

No Good Deed Goes Unpunished

What happens if you witness a bad crash in front of you and stop to help the injured parties? You get detained and have to pay to get your vehicle out of the impound lot:

Davis managed to get the survivor out of the car, but the second person in the car, 21-year-old Kyree Payne of Northeast D.C., died.

Davis, who lives in Baltimore and was on his way to work, says he told D.C. Police everything he witnessed and was allowed to leave. But when he was just a block away, he was pulled over by a D.C. Police officer – and that’s when his nightmare began.

“He said, ‘You’re being detained because you were a witness to a vehicle where someone died in an accident,'” Davis said.

Davis said he was made to wait for about two hours and was harshly questioned, before he claims a police supervisor told him because he witnessed a fatal crash, his car was being towed.

Davis also said that he was not involved in the crash and that his driver’s license is active and his car is registered and insured — as police gave him no citations. Unfortunately for Davis, he will have to find a way to work as his car is still impounded.

That’ll teach him for being a good Samaritan!

Of course the officer is claiming that Davis’s car was impounded because Davis refused to show a valid driver’s license. Davis refutes the officer’s claim and since the story points out that he does have a valid driver’s license, I’m inclined to side with Davis. However, a more important question is, so what if Davis didn’t have a valid driver’s license? He pulled a survivor out of a car wreck that was bad enough to leave the other occupant dead. I think a scene like that has far more important issues to address than the validity of anybody’s driver’s license. And the fact that he stopped to help people should have at least netted him a get out of a petty offense card.

Never Trust a Surveillance Company

The parliament of the United Kingdom (UK) decided to pull a Facebook on Facebook by collecting the company’s personal information. Not only did the parliament collect Facebook’s personal information but it’s now airing the company’s dirty laundry. There are a lot of interesting tidbits to be found within the documents posted by the parliament but one in particular shows Facebook’s ruthlessness when it comes to collecting your personal information:

The emails show Facebook’s growth team looking to call log data as a way to improve Facebook’s algorithms as well as to locate new contacts through the “People You May Know” feature. Notably, the project manager recognized it as “a pretty high-risk thing to do from a PR perspective,” but that risk seems to have been overwhelmed by the potential user growth.

Initially, the feature was intended to require users to opt in, typically through an in-app pop-up dialog box. But as developers looked for ways to get users signed up, it became clear that Android’s data permissions could be manipulated to automatically enroll users if the new feature was deployed in a certain way.

In another email chain, the group developing the feature seems to see the Android permissions screen as a point of unnecessary friction, to be avoided if possible. When testing revealed that call logs could be collected without a permissions dialog, that option seems to have been obviously preferable to developers.

“Based on our initial testing,” one developer wrote, “it seems that this would allow us to upgrade users without subjecting them to an Android permissions dialog at all.”

If you’re using Facebook on a Google operating system, you’re in the center of a surveillance Eiffel Tower, and I’m not talking about the monument!

The history of Android’s permission system has not been a happy one. Until fairly recently Android had an all or nothing model where you either had to grant an application all the permissions it asked for or you couldn’t use it. Not surprisingly this resulted in almost every app requesting every possible permission, which turned the permissions dialog into a formality. Android 6.0 changed the permission system to mirror iOS’s. When an app running on Android 6.0 or later wants to access a protected feature such as text messages, the user is presented with a dialog alerting them to the attempted access and asks if they want to allow it.

If you read the excerpts, you’ll see that Facebook was concerned about the kind of public relations nightmare asking for permission to access call and text message logs could bring. At first the company was planning to only request permission to access call logs, hoping it wouldn’t cause a ruckus. However, once somebody figured out a way to add the additional capabilities without triggering any new permission requests, Facebook moved forward with the plan. So we know for a fact that Facebook knew what it was doing was likely to piss off its users and was willing to use underhanded tactics to do it without getting caught.

You should never trust a company that profits by collecting your personal information to respect your privacy. In light of the information released by the UK’s parliament, this goes double for Facebook.

Weaponizing Dependencies

How I miss the halcyon days of the Internet when perceived slights were commonly forgotten after a short period of inconsequential shitposting. Today perceived slights often result in real-world consequences. The most recent example of this is ThotAudit, the result of a bunch of pathetic sexless whiners perceiving women slighting them. In response to their inability to get laid, they have decided to sic the Internal Revenue Service (IRC) and third-part payment processors on online sex workers:

The campaign is called the “ThotAudit,” in reference to the derogatory term “thot,” which stands for “that ho over there.” It began over the Thanksgiving holiday as a grassroots effort to intimidate sex workers and women who sell access to private pornographic social media accounts by reporting them to the Internal Revenue Service for tax evasion—without evidence of wrongdoing. But it quickly morphed into a battle over who has the right to make money on the internet.

The harassers are taking advantage of user reporting tools made available by companies like PayPal, Venmo, and CirclePay, in an attempt to force their targets offline and freeze their finances. The tactic has far-reaching implications beyond adult entertainment. Foreign governments and other groups have abused the policies to silence opponents on platforms like Twitter and Facebook for years. Attacking through the payment processors is a new wrinkle on that approach.

What kind of lowlife piece of shit sics revenuers on people? I mean, come on! That’s below the belt, guys!

Back to the story at hand. There are two aspects that I want to discuss in this post.

The first is the extent individuals will go to avoid acknowledging and accepting their faults. When I was young, I wasn’t exactly drowning in pussy. I didn’t blame women for that though. I acknowledged and accepted my faults, namely my socially awkward nature. I worked to overcome those faults. By the time I hit my mid 20’s, I was still socially awkward but I was at least capable of schmoozing a room full of people and was capable of gaining the attention of members of the opposite sex. While I’m still a bit socially awkward today, I have a smoking hot wife and have little trouble meeting new people and entertaining people at a party (entertaining people is commonly seen as an attractive quality and thus a skill worth cultivating).

The key to my transformation was accepting my flaws and working to overcome them. Most people who call themselves incels suffer from a lack of self-awareness and an unwillingness to overcome their faults. The reason they’re not getting laid isn’t because women are conspiring against them, it’s because they have a number of flaws that make them unattractive. Instead of working to improve themselves, they’re taking actions that make them even less attractive. They’re actually going so far as to exacerbate their faults to avoid acknowledging their faults.

The second thing I want to discuss is something I harp on a lot, the dangers of being dependent on third-parties. Those making themselves part of ThotAudit are trying to convince third-party payment processors to stop processing payments for targeted online sex workers. By doing this, they’re destroying the livelihood of those workers. However, this tactic is only feasible because those workers are dependent on third-party payment processors. The fewer third-parties you depend on, the fewer dependencies exist that can be weaponized against you. While it’s trendy to recommend cryptocurrencies for sex workers, that’s not the only option. Online sex workers could try pooling their resources and establishing a payment processor for their industry, which is a suggestion I made to gun stores that were being blacklisted by third-party payment processors. You might not be able to control the infrastructure yourself but if you have to rely on a third-party, it’s better to rely on one that specifically caters to your industry. After all, if your business is porn, Tumblr might cast you overboard but Pornhub probably won’t.

Intellectual Property Means Not Owning Property

I make no secret of the fact that I don’t subscribe to the concept of intellectual property. The biggest reason I don’t subscribe to the concept is because the concept itself is an oxymoron. Property implies ownership and ownership implies absolute control. Intellectual property takes the form of copyrights, trademarks, and patents. If you create a song and are granted a copyright, does that mean you own it? No. The copyright is granted by a government agency. The agency dictates the terms of the copyright. Usually it dictates limitations such as a time frame (for example, your copyright is only valid for so many years). The same is true of trademarks and patents. Receiving a copyright does not grant absolute control, it grants limited controls. Under the concept of intellectual property the only ownership that can be said to exist is government ownership over all creative works.

Things are even worse for consumers. Consider Nintendo’s recent announcement:

For nearly three years now, creators who wanted to make money from videos that included footage of Nintendo games had to go through the onerous approval and content requirements of the Nintendo Creators Program, which also gave Nintendo a 30 percent cut of any ad revenues. Today, Nintendo announced it would be halting that program at the end of the year, in favor of a new set of “basic rules” for video creators. If those rules are followed, Nintendo now says, “we will not object to your use of gameplay footage and/or screenshots captured from games for which Nintendo owns the copyright.”

[…]

In addition, Nintendo says video creators can only monetize these videos through a number of official partner programs on a handful of platforms, including YouTube, Twitter, Twitch, and Facebook.

When you pay for a Nintendo game, you’re only paying for the privilege of playing it as far as Nintendo is concerned. If you dared to record yourself enjoying “your” game and clicked the monetize button on YouTube, you could expect a take down notice from Nintendo’s legal department because, as far as the company was concerned, it owned any footage made of its games and determined that it wouldn’t allow anybody to profit from “its” footage. Nintendo eventually eased up a bit and announced that it would allow you to profit from “its” footage so long as you gave Nintendo a 30 percent cut of the profits. Now it’s changing the rules again because as the owner of the games and, according to it at least, all footage of the games, it has the legal authority to do so. While you don’t have to become part of Nintendo’s Partner Program, you are restricted on where you can post footage from which you want to profit.

Imagine if these restrictions allowed under the concept of intellectual property were expanded to actual property. The construction company that built your home might be able to restrict you from monetizing any footage you made of the house. The manufacturer that built your vehicle might not allow you to post pictures of it on Instagram but only on Flickr. The manufacturer that built your computer might prohibit you from making an unboxing video. If any of the rules that apply to the concept of intellectual property were applied to actual property, most people would probably recognize how ridiculous the situation is.

In my opinion if you purchase a copy of a game, you should own that copy. You should be allowed to do whatever you want with it. If you want to record yourself playing it while you’re snorting coke off of a hooker’s ass and monetize that video, you should be allowed to do so (I also believe that you should be allowed to snort coke off of a hooker’s ass). There shouldn’t be a loophole that says any footage of that game is owned by the developer nor should there be any restriction preventing you from profiting from the game you purchased.

Worst Parents of the Year Award

There are a lot of ways that parents can make the lives of their children miserable. One way for parents to start early down this path is to give their child a stupid name:

A Southwest Airlines gate agent at John Wayne Airport is accused of being awful in front of a five-year old girl – and on social media – because of her unique name.

The girl’s mother says the agent made fun of the name and even posted a photo of her boarding pass on social media for others to chime in.

Five-year-old Abcde Redford pronounces her name “ab-city.”

I guess some points go to the parents for at least getting five letters of the alphabet in the correct order.

Granted, I don’t think that the gate agent should have made fun of the child because the child was innocent. They should have ridiculed the parents for picking a name that would so inevitably cause their child to be picked on. If you want to give your child a unique name, there are a lot of excellent choices that aren’t as likely to result in ridicule from schoolmates (and gate attendants) as Abcde.

Using Approved Forms of Violence

A college in Michigan has announced that it has developed a plan to defend against shooters. Faculty and students will be given hockey pucks:

Oakland University, a public school in Rochester Hills, near Detroit, is distributing thousands of 94-cent hockey pucks for just that reason.

The distribution, which began earlier this month, stemmed from a March faculty active-shooter training session, which followed February’s shooting at a Parkland, Fla., high school that left 17 dead.

A participant at the training asked Oakland University Police Chief Mark Gordon what items people could use to defend themselves on the campus, which has a no-weapons policy, the Detroit Free Press reports.

There are so many levels of hypocrisy here that I’m not even sure where to begin.

I guess I’ll start with the layer that seems to me to be the most obvious. The school has a no-weapons policy. It is providing faculty and students with hockey pucks for the express purpose of hurling them at an active shooter. In other words the hockey pucks are meant to be used to hurt people. A common word to describe a tool that is meant to hurt somebody is “weapon.” So the school no longer has a no-weapons policy. What it really has is a prohibition against unapproved weapons.

Now that the school no longer has a no-weapons policy, I think that it’s fair to ask what the purpose of the previous no-weapons policy was. If it was protection, the school has admitted that its no-weapons policy was incapable of fulfilling that purpose by distributing weapons. If it was meant to be a moral statement about the superiority of nonviolence, the school can no longer claim any moral high ground since it is now encouraging faculty and students to use violence. The only possible purpose that is left is that the policy is meant to conceal from faculty and students the fact that certain types of weapons exist. The only thing this accomplishes is prohibiting faculty and students from having a more effective means of self-defense if they want to stay within the rules.

This policy is a demonstration of pure cognitive dissonance. The school doesn’t want to admit that it’s no-weapons policy doesn’t provide any protection against weapons. In order to avoid admitting that it has attempted to equip faculty and students with “totally not weapons” to give them the illusion that they might survive when a bad person violates the no-weapons policy. The bureaucrats who administer the school know there is a threat but are unwilling to give faculty and students sanction to effectively defend themselves. In other words they are knowingly putting the people under their authority in danger.