Tag: Technology

Open Textbooks

I enjoy helping individuals educate themselves. In pursuit of this goal I try to find sources of free educational material and share them with as many people as possible. Recently I stumbled across the Open Culture website, which has a page listing freely available textbooks.

I haven’t had an opportunity to dig through all of the listed textbooks nor am I qualified to determine the accuracy of the material in many of the listed books. However, of the few textbooks I have perused, they appear to be good quality and were written by credentialed professors.

Feel free to go through the list and download anything that piques your interest.

It’s Not Your Phone, Pleb

The Fourth Amendment is often cited whenever a legal issue involving privacy arises. While I recognize that the “rights” listed in the Bill of Rights are actually temporary privileges that are revoked the second they become inconvenient to the government, I think that it’s worth taking a look at the language:

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

What’s noteworthy in regards to this post is the fact that nowhere does the Fourth Amendment state that measures have to be taken to make information easily accessible to the government once a warrant is issued. This omission is noteworthy because a lot of the political debates revolving around computer security are argued as if the Fourth Amendment contains or implies such language:

Dubbed “Clear,” Ozzie’s idea was first detailed Wednesday in an article published in Wired and described in general terms last month.

[…]

  1. Apple and other manufacturers would generate a cryptographic keypair and would install the public key on every device and keep the private key in the same type of ultra-secure storage vault it uses to safeguard code-signing keys.
  2. The public key on the phone would be used to encrypt the PIN users set to unlock their devices. This encrypted PIN would then be stored on the device.
  3. In cases where “exceptional access” is justified, law enforcement officials would first obtain a search warrant that would allow them to place a device they have physical access over into some sort of recovery mode. This mode would (a) display the encrypted PIN and (b) effectively brick the phone in a way that would permanently prevent it from being used further or from data on it being erased.
  4. Law enforcement officials would send the encrypted PIN to the manufacturer. Once the manufacturer is certain the warrant is valid, it would use the private key stored in its secure vault to decrypt the PIN and provide it to the law enforcement officials.

This proposal, like all key escrow proposals, is based on the idea that law enforcers have some inherent right to easily access your data after a warrant is issued. This idea also implies that your phone is actually the property of the various bodies of government that exist in the United States and they are therefore able to dictate in what ways you may use it.

If we are to operate under the assumption that law enforcers have a right to easily access your data once a warrant is issued, we must necessarily admit that the “rights” outlines in the Fourth Amendment doesn’t exist since the language offers no such right to law enforcers.

Set a Strong Password on Your Phone

My girlfriend and I had to take our cat to the emergency vet last night so I didn’t have an opportunity to prepare much material for today. However, I will leave you with a security tip. You should set a strong password on your phone:

How long is your iPhone PIN? If you still use one that’s only made by six numbers (or worse, four!), you may want to change that.

Cops all over the United States are racing to buy a new and relatively cheap technology called GrayKey to unlock iPhones. GrayShift, the company that develops it, promises to crack any iPhone, regardless of the passcode that’s on it. GrayKey is able to unlock some iPhones in two hours, or three days for phones with six digit passcodes, according to an anonymous source who provided security firm Malwarebytes with pictures of the cracking device and some information about how it works.

The article goes on to explain that you should use a password with lowercase and upper case letters, numbers, and symbols. Frankly, I think such advice is antiquated and prefer the advice given in this XKCD comic. You can create more bits of entropy if you have a longer password that is easier to remember. Instead of having something like “Sup3r53cretP@5sw0rd” you could have “garish-bethel-perry-best-finale.” The second is easier to remember and is actually longer. Moreover, you can increase your security by tacking on additional words. If you want a randomly generated password, you can use a Diceware program such as this one (which I used to generate the latter of the two passwords.

Oftentimes Dumb is Better

The philosophy modern hardware manufacturers seem to predominantly follow is that any product can be improved by putting a chip in it. While it may be convenient to have speakers that can wirelessly connect to you phone and stream music from it, there is a significant downside to such a convenience, near future obsolesce:

But more important to me, the Nocs app — which you need to configure to use Wi-Fi networking and update firmware — hasn’t been updated since October 2014, meaning that the iOS app doesn’t work at all anymore, since Nocs never updated it with a 64-bit version. (There’s apparently an Android app, but reviews indicate that it seems to crash more often than not, so that probably isn’t a great solution, either.)

This would all be less of a problem if I had another way to use the speakers, but since I don’t have the Bluetooth model, I’m stuck with either Airplay or a 3.5mm cable (which isn’t super convenient to access, since they’re on a bookshelf). Plus, Airplay itself as a standard is on its way out, so even if the NS2 pair that I have work without any problems, they’ll be obsolete and incompatible with the new wave of speakers that will be out whenever Apple decides to finally release Airplay 2.

In this case the author has the fortune of being able to fallback to a standard 3.5mm headphone jack but many “smart” devices don’t include legacy support.

Dumb devices tend to have a longer shelf life than their smart brethren. This is because dumb device tend to operate on standards that have been around for decades. Speakers that attach to receivers using two copper cables have been around for decades and will likely be around for decades to come. What makes dumb speakers even better is that they’re modular. If a smart speaker becomes obsolete, you have to replace the whole speaker. If the receiver you plug your dumb speakers into becomes obsolete, you can replace the receiver while keeping your bitchin’ speakers.

There are a lot of legitimate reasons to add a chip to old products but there is also a trade off. In many cases, at least in my opinion, dumb devices enjoy enough advantages in shelf life that they remain superior to their smart brethren.

How Do I Internet?

Yesterday people who are in charge of the largest violator of privacy, the United States Congress, ironically grilled Mark Zuckerberg on the topic of privacy. I didn’t watch the hearing because I have better things to do with my time but I did check the highlights and they were what I expected. A bunch of old white people who have no idea how the Internet works made a public show of authority in the hopes of convincing the masses that their desire to further control the Internet is necessary:

In doing so, many of the senators betrayed a general lack of knowledge about how Facebook operates. Imagine trying to explain social media to your grandparents—this was essentially Zuckerberg’s task.

Sen. Roy Blunt, (R–Mo.), for instance, didn’t seem to understand that Facebook lacks a means of accessing information from other apps unless users specifically opt in. The same was true of Sen. Roger Wicker (R–Miss.), who needed a lot of clarification on how Facebook Messenger interacts with cellular service. Zuckerberg had to carefully explain to Sen. Brian Schatz (D–Hawaii) that WhatsApp is encrypted, and Facebook can’t read, let alone monetize, the information people exchange using that service. Zuckerberg had to explain to multiple senators, including Dean Heller (R–Nev.), that Facebook doesn’t technically sell its data: The ad companies don’t get to see the raw information.

[…]

But senators on both sides of the political aisle were clear about their concerns—and more than willing to step in.

“If Facebook and other online companies will not or cannot fix their privacy invasions, then we are going to have to,” said Sen. Bill Nelson (D–Fla.). “We, the Congress.”

What Nelson and his colleagues largely failed to do was demonstrate that “we, the Congress” possess the requisite knowledge to regulate Facebook, or that those regulations would improve upon the policies Facebook would like to implement on its own.

The article contains other ignorant questions and concerns that were fielded by senators. From reading through them it’s obvious that the people tasked with the hearing are entirely out of touch with the topic at hand. Were it not for the positions of power that they hold, their opinions on the matter would almost certainly be dismissed by most people. But they wear suits and occupy a marble building so their ignorance is irrelevant. They have the power to give themselves whatever control they so desire. They may not understand how Facebook or the overall Internet works but they can vote themselves the power to regulate them.

This is part of the reason why political solutions always fail. There is no requirement that the politicians understand the problem to which they’re providing a solution. If you don’t understand the problem, you cannot hope to provide a valid solution.

We’re at the Mercy of Service Providers

Yesterday I mentioned the changes Microsoft made to its terms of service and touched on the one sided licensing agreements to which users must agree in order to use Microsoft’s services. Today I want to take the discussion one step further by explaining the dangers these one sided agreements have to users integrated into entire company ecosystems.

Imagine that you, like many people, are heavily tied to Microsoft’s ecosystem. You have an Xbox 360 and an Xbox One. You play games online with your Xbox Live Gold membership. Your home computers all run Windows 10. You use Outlook.com for e-mail. You’re a developer who relies on Visual Studio to do your job and utilize One Drive and Office for online collaboration with coworkers. When you’re traveling to customer sites, you rely on Skype to keep in touch with your family. Your Microsoft account pretty much touches every facet of your life.

Now let’s say you’re on a work trip. While talking to your wife on Skype you say and offensive word and somebody at Microsoft just happens to be monitoring the session. Perhaps this individual is a stickler for the rules, perhaps they’re just having a bad day. Either way they decide to exercise Microsoft’s right under the terms of service to which you agreed to terminate your Microsoft account right then and there. Your Skype session terminates immediately. You can no longer access your e-mail. Your entire trip to the customer site is wasted because you no longer have the tool you need, Visual Studio, to do your job.

The trip was a complete loss but the pain doesn’t stop there. When you get home and decide to blow off some steam by tearing apart people online, you find that your Xbox Live subscription has also been terminated. You aren’t even able to play offline games because you purchased them all via the Xbox One Store and the licenses for those purchases were tied to your user account, which was terminated. Much of your life has come to a grinding halt because one Microsoft employee monitoring your Skype session decided to terminate your account.

While one could accuse me of hyperbole for concocting this scenario, it is a very real possibility under the terms of service to which you agree when signing up for a Microsoft account. The terms of service give you no power and Microsoft absolute power. Microsoft can make whatever rules it wants whenever it wants and your only options are to submit or not use its services.

Microsoft isn’t even unique in this regard. The same one sided agreements are made when you create a account with Google, Apple, Facebook, Twitter, or pretty much any other service provider. The sad truth is that most of us rely heavily on accounts that we have no real control over. Your Google account could be suspended tomorrow and with it would go your Gmail account, any apps you’ve purchased for Android via the Play Store, revenue derived from YouTube ads, etc.

The licensing model ensures that we don’t actually own many of the things that we rely on. The one sided agreements to which we agree in order to access services that we rely on ensure that we have no recourse if our accounts are suspended. We’re effectively peasants and our lords are our service providers. What makes this situation even worse is that it’s one we helped create. By submitting to one sided agreements early on, we told service providers that it’s acceptable to take all of the power for themselves. By being willing to license software instead of owning it, we told developers that it’s acceptable to let us borrow their software instead of purchase it. We put ourselves at the mercy of these service providers and now we’re finally faced with an absurdly high bill and having regrets.

Teach Facebook a Lesson, Leave Facebook for Facebook

People continue to pretend that they’re upset with Facebook. Some of the people pretending that they’re upset have decided to leave Facebook for Instagram:

Goodbye Facebook, hello Instagram.

Instagram, which Facebook bought in 2012 for $1 billion, is having a moment — and just in time to be a lone bright spot for its parent company, which is in crisis over its handling of people’s private information.

“Thank Goodness For Instagram,” said a Wall Street research note on Facebook’s mounting troubles earlier this week. “I will delete Facebook, but you can pry Instagram from my cold, dead hands,” read a headline on tech news outlet Mashable.

I say that they’re pretending to be upset with Facebook because they’re effectively leaving Facebook for Facebook. Instagram was purchased by Facebook back in 2012 for the then seemingly absurd sum of $1 billion.

If you want to disassociate with Facebook, you need to be willing to do a bit of research (literally a single search on DuckDuckGo) to avoid simply transferring yourself to one of the company’s other departments. Furthermore, you should invest some time into finding an alternative that isn’t likely to suffer the same pitfalls as Facebook. For example, any company that appears to be providing a “free” service likely has a similar business model to Facebook. If you jump ship to another company with the same business model, you’re going to suffer the same privacy violations.

Embracing the Darknet

Big changes came to the Internet shortly after Congress passed the Stop Enabling Sex Traffickers Act (SESTA). SESTA, like most legislation, has a name that sounds good on the surface but actually conceals some heinous provisions. One of those major provisions is holding website owners criminally liable for user generated content. This resulted in some drastic changes to sites like Reddit and Craiglist:

So far, four subreddits related to sex have banned: Escorts, Male Escorts, Hookers, and SugarDaddy. None were what could accurately be described as advertising forums, though (to varying degrees) they may have helped connect some people who wound up in “mutually beneficial relationships.” The escort forums were largely used by sex workers to communicate with one another, according to Partridge. Meanwhile, the “hooker” subreddit “was mostly men being disgusting,” according to Roux, “but also was a place that sometimes had people answering educational questions in good faith.”

[…]

Reddit yesterday announced changes to its content policy, now forbidding “transactions for certain goods and services,” including “firearms, ammunition, or explosives” and “paid services involving physical sexual contact.” While some of the prohibited exchanges are illegal, many are not.

Yet they run close enough up against exchanges that could be illegal that it’s hard for a third-party like Reddit to differentiate. And the same goes for forums where sex workers post educational content, news, safety and legal advice. Without broad Section 230 protections, Reddit could be in serious financial and legal trouble if they make the wrong call.

The passage of SESTA set a precedence that will certainly expand. Today Section 230 protections can be revoked for user generated content about sex trafficking. Tomorrow it could be revoked for user generated content involving hate speech, explaining the chemistry and biology behind how prohibited drugs work, showing the mechanics of how a machine gun operates, and so on. User generated content is now a liability and will only become more of a liability as the precedence is expanded.

Will this rid the world of content about sex work, drugs, and guns? Of course not. It will merely push that content to anonymized servers, commonly referred to as the “darkweb.” As laws make hosting content on the non-anonymized Internet a legal hazard, Internet users will find that they need tools like I2P and the Tor Browser to access more and more of the content they desire. The upside to this is that it will lead to a tremendous increase in resources available to developers and operators of “darkweb” technologies. Eventually the laws passed to thwart unapproved behavior will again make restricting unapproved behavior all but impossible.

Microsoft Is Altering the Deal

Microsoft recently announced some changes to its terms of services:

5. In the Code of Conduct section, we’ve clarified that use of offensive language and fraudulent activity is prohibited. We’ve also clarified that violation of the Code of Conduct through Xbox Services may result in suspensions or bans from participation in Xbox Services, including forfeiture of content licenses, Xbox Gold Membership time, and Microsoft account balances associated with the account.

This is a great example of the pitfalls of the licensing model. When you purchase a game, movie, or other form of digital content from Microsoft, you’re merely acquiring a very one sided license. Effectively the license states that you can continue to use the content so long as Microsoft doesn’t decide to revoke your license. To make matters worse, the license gives Microsoft the option to alter the terms of the license whenever it wants and without even giving prior notice. In this case Microsoft changed the terms to state that your content licenses can be revoked if you use “offensive language” (a term so vague that it covers pretty much anything you say).

But the fun didn’t stop there. In order to enforce the new terms of service, Microsoft has also reserved the right to surveil you:

When investigating alleged violations of these Terms, Microsoft reserves the right to review Your Content in order to resolve the issue.

And this is a great example of the pitfall of not having end-to-end encryption. Microsoft’s services generally lack an end-to-end encryption option, which means a man in the middle, like Microsoft or any entity it authorizes, can view whatever information is being transmitted using its services. Your Skype sessions aren’t as private as you might think.

This shouldn’t come as a surprise to anybody. Any agreement that gives one party no power and the other party absolute power, like content licenses, is going to be abused by the party with absolute power. Fortunately, unlike with government, you have an option when Microsoft does something you don’t like; you can cease using its products and services.

There Must Always Be a New Frontier

The early days of the Internet were akin to the myth of the Wild West. There was no rule of law. First tens then hundreds and eventually thousands of little experiments were running simultaneously. Some experiments attracted users and flourished, other experiments failed to attract users and floundered. It didn’t matter much because it didn’t require a lot of capital to put a server online.

Some of the successful experiments became more and more successful. Their success allowed the to push out or buy up their competitors. Overtime they turned into multimillion and even multibillion dollar websites. Slowly but surely much of the Internet was centralized into a handful of silos. Much like the Wild West of mythology, the Internet gradually became domesticated and restricted.

There’s nothing unique about the story of the Internet. New frontiers have a tendency to slowly become “civilized.” The rule of law is established. Restrictions are put into place. The number of experiments continue to approach zero. However, “civilization” is never the end of experimentation. Experimenters simply need to move to a new frontier.

Innovation slows to a crawl and can even stop entirely without frontiers. The Internet is mostly “civilized” at this point. A handful of successful experiments such as Amazon, Facebook, and Google exercise a tremendous amount of control. With a simple statement they can make or break other experiments and amplify or silence voices. Moreover, the rule of law has been established by various national governments and they will only tighten their grips. In order for innovation to continue on the Internet, the next frontier must be explored.

Fortunately, there are several frontiers. The most popular are “darknets,” networks that bake anonymity in by default. If clients and servers are unable to identify each others’ locations, they can’t enforce rules on one another. Other frontiers are mesh networks. While mesh networks are able to access the Internet, they are also able to operate independently. Being decentralized, it’s far more difficult to enact widespread censorship on a mesh network than on the traditional Internet whose users depend on a handful of Internet Service Providers (ISP) for their connection. But the most exciting frontiers are the ones that remain entirely unexplored.

Of course the cycle will repeat itself. The next frontier will become “civilized,” which is why there must always be a new frontier if innovation is to continue.