Who wants to be safe? Online protection as a black box

~~~

[6 min read]

Hacking that affects individuals is very widespread. The Pew Research Center reports nearly 2/3 of online Americans have experienced some form of data theft. A total of about 50% of onliners think their personal data are less secure than five years ago (see previous post for other details).

What does “data theft” look like? Pew examined seven types, and found that only two – fraudulent credit charges and stolen tax refunds – entailed direct financial loss. The others involved some less definable harm, such as an attacker getting his hands on social security numbers or login credentials for social media accounts. We call it “compromising” the data.

This amorphous concept of “compromised data” is growing into one of the chief barriers standing in the way of advances in cybersecurity for end-users. It takes what’s already invisible and annoying (see: strong passwords), and adds a hefty dose of abstraction. Exactly when can we say a piece of data has been sufficiently “compromised” to start worrying and take action? What kind of action?

WhatsApp: how secure?

Let’s look at WhatsApp to see how a popular messaging service handles security for a billion users – and how adding security can actually lead to trouble as well as safety.

Last year WhatsApp announced deployment of end-to-end encryption (E2EE) for all messages and media crossing its systems. Their FAQ assures users that everything they send is “secured from falling into the wrong hands” – right from the sender’s device all the way to the recipient’s (hence “end-to-end”). Marketing wants to be reassuring, not to mention emphatic as to why their platform is better than competing platforms. Continue reading

Moronic multitaskers vs digital natives: the smartphone crisis

4520-summ-2015-phone-warn-skull

First impressions are important

“The single biggest problem facing education today is that our Digital Immigrant instructors, who speak an outdated language (that of the pre-digital age), are struggling to teach a population that speaks an entirely new language.” –Marc Prensky, 2001 (creator of the “digital natives” concept)

“Multitaskers are terrible at every aspect of multitasking.” –Clifford Nass, 2009

~~~

Almost four years ago, I launched a radical new approach to teaching my courses. I began confiscating student phones for the duration of every class.

blank-face-2Let’s pretend her name was Kathy. I kept issuing the usual pleas to her – and everyone – to stay off their phones, as it’s hard to participate in a seminar discussion when you’re typing Facebook likes. Kathy was worse than most, so I moved her to a seat directly in front of the lab podium. But even when I was hovering, she kept typing furiously, like I was invisible. She was the last straw. Neither my ego nor my pedagogy could take it any more.

phones-lab-2

Where phones go to facilitate the learning process (COMN 4520)

Around the time I started my full frontal phone attack, I posted the first of three items on dumb things you can do with smartphones, in September 2011. I took it for granted that thousands of other instructors faced the same problem every time they walked into a classroom. But I figured I had a particularly good reason for my phone strategy. I was teaching liberal arts undergrads how the Internet works. Continue reading

The Internet in 2025: which tech giants will dominate? (Pew 2)

pew-survey-company-question-2

Screen grab from Pew/Elon survey questionnaire, January 2014

~~~

The Pew survey included a question about tech firms that was set up a little differently than the others. As the screen grab above shows, participants were asked to rank the long-term success, or lack of success, among the Big 5 as listed, as well as among other firms of our choosing.

Although it’s about 10 years too early to say “I told you so,” the news over the last few days provides some support for conclusions drawn in my response. As you can see, I’m calling for Amazon and Apple to become “More important”… Facebook and Microsoft to become “Less important”… and Google to “remain the same.”

grip-iphone-3b

Apple: too big to be successful any more?

A recent financial piece in the New York Times (Trying to See Apple From a Different Angle) says the stock market “doesn’t know quite what to make of Apple.” Two general reasons are adduced. One is cyclical: the company has had problems with sales of its cash cow, the iPhone. The other is structural: Apple has the largest market cap of any multinational, as well as the highest brand rating on the global Interbrand survey (all that engineering brainpower finally knocked a syrupy, dark-brown soft drink off its throne). Oh, and the $159 billion in cash it has lying around. Apple’s now so big and so successful that it’s scaring off growth investors who want to see a hit product every six months. Continue reading

The NSA and an escalating battle over Internet privacy

post-beach

Beach at Brighton, UK, August 2013

~~~~

“I would rather have a rectal examination on live TV by a fellow with cold hands than have a Facebook page.” — George Clooney, Sept 2009

“To the engineers, I say this: we built the Internet, and some of us have helped to subvert it. Now, those of us who love liberty have to fix it.” — Bruce Schneier, Sept 2013

~~~

Update (Sept 9). More evidence of the damage to online privacy politicians can cause without any help from spooks or decryption… TorrentFreak is running a story about British PM David Cameron and his alarming online content filter. Mobile carriers in the UK must have the filter turned on by default to block content that may be considered “harmful” to children. As the story points out: “The filter mainly targets adult-oriented content, but one provider now says that VPN services also fall into this category as they allow kids to bypass age restrictions.” In other words, the use of a VPN service like WiTopia, which I describe at the end of this post, may turn out to be illegal. Without the anonymity provided by tools like VPNs (virtual private networks), the public cannot expect to have any reasonable measure of privacy on the Internet.

Update 2 (Sept 9). ISOC has issued a statement strongly condemning the US government’s attack on the Internet’s core encryption technologies. An excerpt:

“The Internet Society believes that global interoperability and openness of the Internet are pre-requisites for confidence in online interaction; they unlock the Internet as a forum for economic and social progress; and they are founded on basic assumptions of trust. We are deeply concerned that these principles are being eroded and that users’ legitimate expectations of online security are being treated with contempt. … Security is a collective responsibility that involves multiple stakeholders. In this regard, we call on:

  • Those involved in technology research and development: use the openness of standards processes like the IETF to challenge assumptions about security specifications.
  • Those who implement the technology and standards for Internet security: uphold that responsibility in your work, and be mindful of the damage caused by loss of trust.
  • Those who develop products and services that depend on a trusted Internet: secure your own services, and be intolerant of insecurity in the infrastructure on which you depend.”

ssl-3

This summer, the Snowden NSA revelations greatly altered priorities in the battle for an otherwise enduring goal: keeping the Internet secure and open for use by us ordinary folk.

VerizonLogo1True, some things never change. Persistently the enemy of reason and fair play, Verizon will have its day in court on September 9, when it begins arguments before the D.C. Circuit as to why the FCC’s network neutrality rules should be torn up into little pieces, cremated and cast into the Chesapeake Bay. The carrier claims the FCC has no possible grounds for imposing such rules; is acting capriciously by trying to do so; and is threatening Verizon’s First Amendment rights into the bargain. As Harold Feld of Public Knowledge wrote in his policy blog:

“Just like Verizon FiOS decides whether or not to carry Al Jazeera America, and on what terms, Verizon argues it has the right to decide whether or not to go to AlJazeera.com, and on what terms.”

Abuse as a feature, privacy as a bug

fb-like-2Which brings us to Facebook and another unsettling story about risks to privacy. Facebook has once again given not just movie stars and world-renowned cryptographers like Bruce Schneier but a billion other people compelling reasons to worry about their privacy. Not that this is news. Abusing everyone’s privacy – in part by changing the abuse policy regularly – is a Facebook feature not a bug. This month it’s not even changing policy, just “clarifying” it. As the LA Times noted:

“The new language says users automatically give Facebook the right to use their information unless they specifically deny the company permission to do it. At the same time, Facebook made it more complicated to opt out.”

Continue reading

A downside to Netflix-style binge viewing? Say it ain’t so!

tv-banana1From Wired.com, March 2013.

Yesterday I landed on the Web page that’s home to tech omnivore Pete Nowak, where I was stunned to read the headline, The downside of Netflix-exclusive series. Impossible, I thought. Must be a typo, mental or otherwise.

As luck would have it, I’ve been posting notes myself on how the boob tube is morphing – including notes for my interminable series of posts on must-carry TV. Moreover, I’m a devoted Netflix subscriber and big fan of Reed Hastings and his disruptive business activities (apart from occasional lapses like his privacy-busting partnership with Facebook). Continue reading

Voltage vs TekSavvy: are we fighting the right battles?

sumo

A version of this post was published yesterday at Cartt.ca.

Piracy is a lot like religion and politics. It tends to polarize opinion and get in the way of finding common ground for thoughtful discussion. That’s the pattern we’ve seen in Voltage Pictures’ demand for information from TekSavvy about putative pirating of their movies. Clashes between the studio and the ISP have touched off a rancorous debate that has divided even like-minded members of the pro-Internet community.

The single issue that has most divided the pundits concerns whether or not TekSavvy CEO Marc Gaudrault let down his customers and the public interest by not opposing the Voltage motion from the get-go. Most of the arguments share one principal concern: that opposing the Voltage motion would have been the most effective and maybe only way to protect customer privacy, as well as to ward off future suits of this kind.

A lot of ink has now been spilt on this point, especially in light of the fact that Marc and his lawyers arrived at their decision after considering factors that remain confidential. Nevertheless, some further comment seems to be in order.

privacy-iconPutting privacy in perspective

First of all, I’m no longer convinced that the biggest public interest issue in this case is privacy, a sentiment I know will not win much sympathy. For one thing, I believe Marc did his best to protect his customers’ privacy by giving everyone, especially those on the charge list, advance notice despite it not being a legal requirement. TekSavvy has also spent a great deal of time and money weeding out numeric IPs that didn’t match an account, in an attempt to protect otherwise innocent customers. Continue reading

Is blabbing about yourself on Facebook like getting laid?

Your brain on Facebook

One of my favorite blogs is Techdirt, especially the posts written by Mike Masnick. Apart from being breathlessly prolific, he has a sharp eye – and tongue – for the idiotic measures promoted by governments, Hollywood and other would-be cyber-gatekeepers in the name of saving Western civilization from IP piracy and other putative evils.

Sometimes, however, Mike can be irritatingly dismissive. Witness the Friday post entitled “Sharing On Social Networks Triggers The Same Part Of Our Brains As Sex… Sorta,” which he files under the but-other-than-that-is-nothing-like-sex dept. He’s referring to a recent study by two Harvard psychologists that has achieved some notoriety, namely “Disclosing information about the self is intrinsically rewarding” – pdf here. (And btw, self-disclosure is a lot like sex, at least the kind practised without a second party.)

Mike trivializes the findings of a series of lab experiments that have something important to tell us about the things people do and say on social network sites – and why they do them, based on lots of MRI brain imaging. Mike claims the authors have done nothing more than point out that sharing information about yourself is “intrinsically rewarding” – as in what else is new? (“I don’t think that’s a particularly surprising finding.”) The handy example is all those relentlessly annoying tweets about what you’re having for lunch – which people obviously indulge in “because it feels good.” We also learn that attention-getting is “the same kind of thing as getting a brief glimpse of attractive members of the opposite sex.” From which we conclude what? That “science has proved that talking about yourself to lots of people and seeing attractive people make your brain happy.”

Mike’s punchline: “Case closed.”

Continue reading

Dumb things you can do with smartphones (part 2)

“We live in a technological universe in which we are always communicating. And yet we have sacrificed conversation for mere connection.”

Thus begins a provocative article published recently in The New York Times by MIT psychology prof Sherry Turkle, entitled “The Flight From Conversation.” She argues that our growing obsession with technologies like texting and social networking are inflicting profound changes on who we are and how we relate socially – making us increasingly “alone together,” which happens to be the title of Turkle’s last book.

The twin claims that we’re getting lonelier while we throw away the fine art of conversation are controversial to say the least. They suggest we’re seeing the end of some Golden Age when everyone was friendlier, the streets were safer and the music was better. Then there’s the old hobgoblin of causality – the idea that our behavior, especially bad behavior, is determined by popular new technologies like computers, the Internet, and all the clever algorithms that have helped insinuate digital communications so deeply into our lives. None of which has ever slowed down the tech critics.

Yet there’s something different about the technology-bashing in the air these days: it seems to be crossing party lines. We’ve long been accustomed to established interests in business and government foretelling the end of civilization when disruptive technologies threaten to take away some of their marbles. The worldview according to which new technologies are all evil is, of course, especially popular among media fat cats. Here’s how Hollywood lobbyist and consummate drama queen Jack Valenti described the dangers of a once-pervasive consumer technology while testifying to a Congressional committee:

“I say to you that the VCR is to the American film producer and the American public as the Boston strangler is to the woman home alone.” Continue reading