You are here

Privacy

Google can spin the "Duplex" calling agent in a much more positive way

Most of the world was wowed by the Google Duplex demo, where their system was able to cold-call a hairdresser and make an appointment with her, with the hairdresser unaware she was talking to an AI. The system included human speech mannerisms and the ability to respond to the random phrases the hairdresser through back.

How to attack the social media incentive and privacy problems

A huge opportunity awaits a young social media company that is poised to take advantage of the fall of Facebook (and Twitter). Is somebody out there ready to carry the ball and make it happen. It probably has to be somebody already with most of this done, or even operating.

Private Big Brothers are arriving

For many decades I've had an ongoing debate with my friend David Brin over the ideas in his book The Transparent Society where he ponders what happens when cameras and surveillance technology become so cheap it's impossible to stop them from being everywhere.

Topic: 

The terrible power of computer espionage in our world of shame

I have some dark secrets. Some I am not proud of, some that are fine by me but I know would be better kept private. So do you. So does everybody. And the more complex your life, the more "big" things you have done in the world, the bigger your mistakes and other secrets are. It is true for all of us. This is one of the reasons the world needs privacy to work.

I was investigated by the feds for taking a picture of the sun

A week ago, a rather strange event took place. No, I'm not talking about just the Transit of Mercury in front of the sun on May 9, but an odd result of it.

Topic: 

Maintaining Privacy in the Robotaxi

While I've been in love for a long time with the idea of mobility-on-demand and the robocar taxi, I continue to have some privacy concerns. The first is simply over the idea that a service company gets a map of all your travels. Of course, your cell phone company, and companies like Google with their Location History (Warning, don't click or you will be freaked out if you didn't know about this) know this already, as does the NSA and probably all the other spy agencies in the world. That doesn't make it much better to add more trackers.

Short Big Think video piece on Privacy vs. Security

There's another video presentation by me that I did while visiting Big Think in NYC.

This one is on The NSA, Snowden and the "tradeoff" of Privacy and Security.

Earlier, I did a 10 minute piece on Robocars for Big Think that won't be news to regular readers here but was reasonably popular.

Do we need to ban the password?

Ok, I'm not really much of a fan of banning anything, but the continued reports of massive thefts of password databases from web sites are not slowing down. Whether the recent Hold Security report of discovering a Russian ring that got a billion account records from huge numbers of websites is true or not, we should imagine that it is.

As I've written before there are two main kinds of password using sites. The sites that keep a copy of your password (ie. any site that can e-mail you your password if you forget it) and the sites who keep an encrypted/hashed version of your password (these can reset your password for you via e-mail if you forget it.) The latter class is vastly superior, though it's still an issue when a database of encrypted passwords is stolen as it makes it easier for attackers to work out brute-force attacks.

Sites that are able to e-mail you a lost password should be stamped out. While I'm not big on banning, it make make sense that a rule require that any site which is going to remember your password in plain form have a big warning on the password setting page and login page:

This site is going to store your password without protection. There is significant risk attackers will someday breach this site and get your ID and password. If you use these credentials on any other site, you are giving access to these other accounts to the operators of this site or anybody who compromises this site.

Sites which keep a hashed password (including the Drupal software running this blog, though I no longer do user accounts) probably should have a lesser warning too. If you use a well-crafted password unlikely to be checked in a brute-force attack, you are probably OK, but only a small minority do that. Such sites still have a risk if they are taken over, because the taken over site can see any passwords typed by people logging in while it's taken over.

Don't feel too guilty for re-using passwords. Everybody does it. I do it, in places where it's no big catastrophe if the password leaks. It's not the end of the world if one blog site has the multi-use password I use on another blog site. With hundreds of accounts, there's no way to not re-use with today's tools. For my bank accounts or other accounts that could do me harm, I keep better hygene, and so should you.

But in reality we should not use passwords at all. Much better technology has existed for many decades, but it's never been built in a way to make it easy to use. In particular it's been hard to make it portable -- so you can just go to another computer and use it to log into a site -- and it's been impossible to make it universal, so you can use it everywhere. Passwords need no more than your memory, and they work for almost all sites.

Even our password security is poor. Most sites use your password just to create a session cookie that keeps you authenticated for a long session on the site. That cookie's even easier to steal than a password at most sites.

Topic: 

Having secure open wifi (Death to wifi login part 2)

In part 1 I outlined the many problems caused by wifi login pages that hijack your browser ("captive portals") and how to improve things.

Today I want to discuss the sad state of having security in WIFI in most of the setups used today.

Almost all open WIFI networks are simply "in the clear." That means, however you got on, your traffic is readable by anybody, and can be interfered with as well, since random users near you can inject fake packets or pretend to be the access point. Any security you have on such a network depends on securing your outdoing connections. The most secure way to do this is to have a VPN (virtual private network) and many corporations run these and insist their employees use them. VPNs do several things:

  • Encrypt your traffic
  • Send all the traffic through the same proxy, so sniffers can't even see who else you are talking to
  • Put you on the "inside" of corporate networks, behind firewalls. (This has its own risks.)

VPNs have downsides. They are hard to set up. If you are not using a corporate VPN, and want a decent one, you typically have to pay a 3rd party provider at least $50/year. If your VPN router is not in the same geographic region as you are, all your traffic is sent to somewhere remote first, adding latency and in some cases reducing bandwidth. Doing voice or video calls over a VPN can be quite impractical -- some VPNs are all TCP without the UDP needed for that, and extra latency is always a killer. Also, there is the risk your VPN provider could be snooping on you -- it actually can make it much easier to snoop on you (by tapping the outbound pipe of your VPN provider) than to follow you everywhere to tap where you are.

If you don't have a VPN, you want to try to use encrypted protocols for all you do. At a minimum, if you use POP/IMAP E-mail, it should be configured to only get and receive mail over TLS encrypted channels. In fact, my own IMAP server doesn't even accept connections in the clear to make sure nobody is tempted to use one. For your web traffic, use sites in https mode as much as possible, and use EFF's plugin https everywhere to make your browser switch to https wherever it can.

Locking devices down too hard, and other tales of broken phones

One day I noticed my nice 7 month old Nexus 4 had a think crack on the screen. Not sure where it came from, but my old Nexus One had had a similar crack and when it was on you barely saw it and the phone worked fine, so I wasn't scared -- until I saw that the crack stopped the digitizer from recognizing my finger in a band in the middle of the screen. A band which included dots from my "unlock" code.

And so, while the phone worked fine, you could not unlock it. That was bad news because with 4.3, the Android team had done a lot of work to make sure unlocked phones are secure if people randomly pick them up. As I'll explain in more detail, you really can't unlock it. And while it's locked, it won't respond to USB commands either. I had enabled debugging some time ago, but either that doesn't work unlocked or that state had been reset in a system update.

No unlocking meant no backing up the things that Google doesn't back up for you. It backs up a lot, these days, but there's still dozens of settings, lots of app data, logs of calls and texts, your app screen layout and much more that's lost.

I could repair the phone -- but when LG designed this phone they merged the digitizer and screen, so the repair is $180, and the parts take weeks to come in at most shops. Problem is, you can now buy a new Nexus 4 for just $199 (which is a truly great price for an unlocked phone) or the larger model I have for $249. Since the phone still has some uses, it makes much more sense to get a new one than to repair, other than to get that lost data. But more to the point, it's been 7 months and there are newer, hotter phones out there! So I eventually got a new phone.

But first I did restore functionality on the N4 by doing a factory wipe. That's possible without the screen, and the wiped phone has no lock code. It's actually possible to use quite a bit of the phone. Typing is a pain since a few letters on the right don't register but you can get them by rotating. You would not want to use this long term, but many apps are quite usable, such as maps and in particular eBook reading -- for cheap I have a nice small eBook reader. And you can make and receive calls. (Even on the locked phone I could receive a call somebody made to me -- it was the only thing it could do.) In addition, by connecting a bluetooth mouse and keyboard, I could use the phone fully -- this was essential for setting the phone up again, where the lack of that region on the touchpad would have made it impossible.

One of my security maxims is "Every security system ends up blocking legitimate users, often more than it blocks out the bad guys." I got bitten by that.

Cats against surveillance

I always feel strange when I see blog and social network posts about the death of a pet or even a relative. I know the author but didn't know anything about the pet other than that the author cared.

We need a security standard for USB and other plug-in devices

Studies have shown that if you leave USB sticks on the ground outside an office building, 60% of them will get picked up and plugged into a computer in the building. If you put the company logo on the sticks, closer to 90% of them will get picked up and plugged in.

A Bitcoin Analogy

Bitcoin is having its first "15 minutes" with the recent bubble and crash, but Bitcoin is pretty hard to understand, so I've produced this analogy to give people a deeper understanding of what's going on.

It begins with a group of folks who take a different view on several attributes of conventional "fiat" money. It's not backed by any physical commodity, just faith in the government and central bank which issues it. In fact, it's really backed by the fact that other people believe it's valuable, and you can trade reliably with them using it. You can't go to the US treasury with your dollars and get very much directly, though you must pay your US tax bill with them. If a "fiat" currency faces trouble, you are depending on the strength of the backing government to do "stuff" to prevent that collapse. Central banks in turn get a lot of control over the currency, and in particular they can print more of it any time they think the market will stomach such printing -- and sometimes even when it can't -- and they can regulate commerce and invade privacy on large transactions. Their ability to set interest rates and print more money is both a bug (that has sometimes caused horrible inflation) and a feature, as that inflation can be brought under control and deflation can be prevented.

The creators of Bitcoin wanted to build a system without many of these flaws of fiat money, without central control, without anybody who could control the currency or print it as they wish. They wanted an anonymous, privacy protecting currency. In addition, they knew an open digital currency would be very efficient, with transactions costing effectively nothing -- which is a pretty big deal when you see Visa and Mastercard able to sustain taking 2% of transactions, and banks taking a smaller but still real cut.

With those goals in mind, they considered the fact that even the fiat currencies largely have value because everybody agrees they have value, and the value of the government backing is at the very least, debatable. They suggested that one might make a currency whose only value came from that group consensus and its useful technical features. That's still a very debatable topic, but for now there are enough people willing to support it that the experiment is underway. Most are aware there is considerable risk.

Update: I've grown less fond of this analogy and am working up a superior one, closer to the reality but still easy to understand.

Wordcoin

Bitcoins -- the digital money that has value only because enough people agree it does -- are themselves just very large special numbers. To explain this I am going to lay out an imperfect analogy using words and describe "wordcoin" as it might exist in the pre-computer era. The goal is to help the less technical understand some of the mechanisms of a digital crypto-based currency, and thus be better able to join the debate about them.

Tags: 

The Personal Cloud and Data Deposit Box

Last night I gave a short talk at the 3rd "Personal Clouds" meeting in San Francisco, The term "personal clouds" is a bit vague at present, but in part it describes what I had proposed in 2008 as the "data deposit box" -- a means to acheive the various benefits of corporate-hosted cloud applications in computing space owned and controlled by the user. Other people are interpreting the phrase "personal clouds" to mean mechanisms for the user to host, control or monetize their own data, to control their relationships with vendors and others who will use that data, or in the simplest form, some people are using it to refer to personal resources hosted in the cloud, such as cloud disk drive services like Dropbox.

I continue to focus on the vision of providing the advantages of cloud applications closer to the user, bringing the code to the data (as was the case in the PC era) rather than bringing the data to the code (as is now the norm in cloud applications.)

Consider the many advantages of cloud applications for the developer:

  • You write and maintain your code on machines you build, configure and maintain.
    • That means none of the immense support headaches of trying to write software to run on mulitple OSs, with many versions and thousands of variations. (Instead you do have to deal with all the browsers but that's easier.)
    • It also means you control the uptime and speed
    • Users are never running old versions of your code and facing upgrade problems
    • You can debug, monitor, log and fix all problems with access to the real data
  • You can sell the product as a service, either getting continuing revenue or advertising revenue
  • You can remove features, shut down products
  • You can control how people use the product and even what steps they may take to modify it or add plug-ins or 3rd party mods
  • You can combine data from many users to make compelling applications, particuarly in the social space
  • You can track many aspects of single and multiple user behaviour to customize services and optimize advertising, learning as you go

Some of those are disadvantages for the user of course, who has given up control. And there is one big disadvantage for the provider, namely they have to pay for all the computing resources, and that doesn't scale -- 10x users can mean paying 10x as much for computing, especially if the cloud apps run on top of a lower level cloud cluster which is sold by the minute.

But users see advantages too:

Topic: 

Speaking on Personal Clouds in SF, and Robocars in Phoenix

Two upcoming talks:

Tomorrow (April 4) I will give a very short talk at the meeting of the personal clouds interest group. As far as I know, I was among the first to propose the concept of the personal cloud in my essages on the Data Deposit Box back in 2007, and while my essays are not the reason for it, the idea is gaining some traction now as more and more people think about the consequences of moving everything into the corporate clouds.

Your session has expired. Forgot your password? Click Here!

We see it all the time. We log in to a web site but after not doing anything on the site for a while -- sometimes as little as 10 minutes -- the site reports "your session has timed out, please log in again."

And you get the login screen. Which offers, along with the ability to log in, a link marked "Forget your password?" which offers the ability to reset (OK) or recover (very bad) your password via your E-mail account.

The same E-mail account you are almost surely logged into in another tab or another window on your desktop. The same e-mail account that lets you go a very long time idle before needing authentication again -- perhaps even forever.

So if you've left your desktop and some villain has come to your computer and wants to get into that site that oh-so-wisely logged you out, all they need to is click to recover the password, go into the E-mail to learn it, delete that E-mail and log in again.

Well, that's if you don't, as many people do, have your browser remember passwords, and thus they can log-in again without any trouble.

It's a little better if the site does only password reset rather than password recovery. In that case, they have to change your password, and you will at least detect they did that, because you can't log in any more and have to do a password reset. That is if you don't just think, "Damn, I must have forgotten that password. Oh well, I will reset it now."

In other words, a lot of user inconvenience for no security, except among the most paranoid who also have their E-mail auth time out just as quickly, which is nobody. Those who have their whole computer lock with the screen saver are a bit better off, as everything is locked out, as long as they also use whole disk encryption to stop an attacker from reading stuff off the disk.

Topic: 

Meter to show speakers when they are losing the audience

Any speaker or lecturer is familiar with a modern phenomenon. A large fraction of your audience is using their tablet, phone or laptop doing email or surfing the web rather than paying attention to you. Some of them are taking notes, but it's a minority. And it seems we're not going to stop this, even speakers do it when attending the talks of others.

Don't count my old passwords as failed login attempts

Like most people, I have a lot of different passwords in my brain. While we really should have used a different system from passwords for web authentication, that's what we are stuck with now. A general good policy is to use the same password on sites you don't care much about and to use more specific passwords on sites where real harm could be done if somebody knows your password, such as your bank or email.

Understanding when and how to be secure

Over the years I have come to the maxim that "Everything should be as secure as is easy to use, and no more secure" to steal a theme from Einstein. One of my peeves has been the many companies who, feeling that E-mail is insecure, instead send you an E-mail that tells you you have an E-mail if you would only log onto their web site (often one you rarely log into) with the password you set up 2 years ago to read it.

Pages

Subscribe to RSS - Privacy