Andy's insights

Remember one simple and basic knowlege that is about to get lost: The definition of the Web:

It must be linkable and allow any client to access it.

See What Is The Web on The Verge.

posted at: 01:03 | path: /net | permanent link to this entry

In my former posts I talked about how the relation network and “likes” can be used to identify the psychological profile of a human being. It looks like this is now used in reversed order: As a search machine to identify persons with a specific profile. And it’s used to target a single person. For example in the Brexit and US president election 2016. See The Guardian or German Tagesanzeiger for how this is exploited by SCL.

posted at: 17:39 | path: /net | permanent link to this entry

For years I’ve warn about how the World Wide Web is zentralized. While the internet provides a dezentralized infrastructure and protocols for the WWW are intended for dezentralized services too, the most used services are like hubs: The biggest search engine, the biggest social network and the messenger with the most users. While there are alternatives by a technical view all those services are basically a monopoly.

Now the inventor of the WWW himself, Sir Tim Berners-Lee, questioning this development as the internet has become world’s largest surveillance network

posted at: 17:04 | path: /net | permanent link to this entry

A new study Computer-based personality judgments are more accurate than those made by humans shows that computers are better at predicting a personality than humans. The personality predicted based on the digital footprint is more accurate than the appraisal of close acquaintances.

Given that this study is based on generic likes, this support my claim that Facebook (and Google, and Amazon, …) knows you better than you think. It knows you well enough even if your profile info is wrong to manipulate you (see Facebook mood manipulation study). And I claim it is even able to build your profile without any likes from you based on the like button website bug implant and I’m quite sure this even works by simply analyzing your social network of all the people who added you to their profile.

Given that Facebooks now owns Whatsapp it should be able to do the same for me just from the phone book uploaded by Whatsapp. But still this isn’t an excuse for me to use Facebook or Whatsapp as I’m still trying to expose as little as possible of my personal data.

posted at: 11:26 | path: /net | permanent link to this entry

By now everybody should know about how NSA intercept nearly the whole world with the PRISM program thanks to Edward Snowden.

This leads to a few interesting questions. While this program probably helped to detect terrorist, its primary justification, it also installed all components necessary for surveillance and police states. This not only includes the technology, but also the intransparent processes, courts, and secrets to avoid investigations and control by the citizen.

For instance, there is formally a process which investigations are allowed, even a court to take the decisions to. But all this is secret. In practice the court only rejected a few two digit number out of fifteen tousands cases. Another example: The decision whether a conversation involves an american citizen needs a 51% surety before it can take place. 51% is one percent more than a coin flip! Let alone this only affects american citizen, all other people in the world will be observed anyway.

Former technical director William Binney who retired in 2001 said the first draft of this system included all saftey measures to protect the general right of privacy. But then nine eleven happened and the Bush administration wanted to observe them all. As a consequence Binney retired. Later Obama followed and extended the whole program.

So how does that affect us, we foreign people of the world? Well most internet services, search engines, mail services, social networks, telephony, and chat services are owned by an american company that is vulnerable to the electronic eavesdropping of the NSA or a connected agency. We can surely say our communication is logged once it crosses the american border, and quite probably logged if it crosses an submarine communication cable. Even if the communication is encrypted it probably is readable if it ends in a data center owned by an american company. And if it couldn’t be encrypted, there’s always the connection meta data that is as valuable as the communication itself.

Ok, and how does that affect us? Well even if the NSA is primarly oriented towards terrorism and crime, John and Jane Doe are still risking to be affected. May it collateral damage caused by dragnet investigation. Or its libability to submit to blackmail, if he has some valuable knowledge. As the USA is known to targeted killing and confinement without court, this is nothing to just ignore.

For corporations this has some more implications: Who say that once a business secrect is intercepted by the NSA they won’t forward it to a competitor?

What can we do against this?

First there are some political solutions: The first political solution does not only apply to this but can’t be said enough: Make all as transparent as possible. Each surveillance must be approved by an independed court. The court must be controllable by citizen. Of course ongoing investigations can’t be made public, but as soon as the case is solved the have to be published. Each person under surveillance must be informed too. Second: Don’t allow dragnet inestigations. They are too risky. Third: Keep the observation as low as possible. Destroy old records as soon as possible.

Then there are technical solutions: Avoid the cloud, or whatever the marketing division calls the outsourced data store and application servers. If you can’t choose hosters that can guarantee the data stays in your own country. Use distributed communiation services instead of central services for instance messaging, chat and telephony: Use XMPP (Jabber) for chat and instance messaging, switch to distributed social networks (egg and chicken problem). By all means avoid Skype, Facebook, Whatsapp for sensitive data. Encrypt all your E-Mail communications. E-Mails are only postcards without envelopes. There is tried and tested technology out there, S/MIME for corporations or PGP/GNUPG for all other (I use it for over 10 years now). Use HTTPS instead of HTTP to access websites, clean cookies often and block Google analytics, Twitter and Facebook counters in each and every website (I’m looking at you web page owner).

When I first heard from the leak I wasn’t surprised about the surveillance program. I somehow reckon that it was there. But as more and more details revealed I’m shocked about the backgrounds and intransparencies. We must stop it right now. We live in a liberal democracy, a state based on justice and integrity. I want to keep it. If we ignore the demount of our privacy right we may find us sooner than expected in a state without basic human rights.

posted at: 00:55 | path: /net | permanent link to this entry

In my recent rant I mentioned that even if you enter wrong data or leave it out Facebook knows all about you by your connections.

The Guardian brings more evidence that this is not just a conspiracy theory. In this study the likes are used: Facebook users reveal intimate secrets (See also this interpretation)

posted at: 11:04 | path: /net | permanent link to this entry

As the people equate social networking with the internet — particularly one social networking service — I’m often asked if I also have such an account.

No I don’t. And I advice you to consider it too.

It’s not about social networking, social networking is a good thing. It’s all about joining a social network owned by a single company. It doesn’t matter which company, social network or even it’s business model. If 800 million people joining the same company we have basically a monopoly. But even if it’s smaller the social network provider gets an extremely valuable data set for each of it’s user. Like every company social networking providers have to maximize their profit and will do anything with this data as long as the users don’t get upset and laws are broken (and enforced). And just because the social network provider doesn’t misuse the data right now you never know if the will misuse it later. Or it is acquired later. Or the data will be stolen.

Let’s have a quick look at the Facebook business model: The customers are the advertisers. As far as known they don’t get access to the data itself (Facebook won’t give that away!), but are able to advertise to probably the best target groups available. So we seriously identify the 800 million users as products.

Only naïve users enter fill all available data. Careful users know that they should only enter data that could safely be public anyway. Well are you sure you can control that? What if the very connections only allow to estimate the follow attributes (there is some research in this direction):

• Rough age
• Location (Country, City)
• Sex
• Hobbies
• Travel habits
• Class of population
• Rough income range

So even if your profile data is bogus as soon as friends get added and you start to communicate you are not anonymous anymore. Probably those criteria gets more weighted than your profile data as you can’t easily influence them.

Social site users are blinded by the “privacy settings”: Of course you can only allow your closest friends to see your profile. Messages and photos can be marked as deleted that even you will never see them again. You may even have two accounts; a public one and a hidden one. But there is always the social service owner who is able to see all your data. Even the data marked as deleted: A few Austrian students forced Facebook to provide all data stored about them (this was possible due an European law). And they got it , including messages long marked as deleted.

Then there is the like button. You have to search a long time to find a website without one. Knowing that this button is usually implemented by loading the button image directly from www.facebook.com it sends a session cookie back to Facebook. This allow to track the surfing habit nearly gapless. If an user is logged into Facebook the profile is connected. I call the like button Facebook bugging device.

I nearly signed up to Facebook a few years ago. But as one of the few who reads the terms of service I noticed that with sign up I pass over all rights to the data I enter and allow them to do anything with them. I didn’t sign up. I don’t do data prostitution.

Even if the terms of service are improved we already saw the real face of Facebook.

Imagine the possibilities to misuse the data a social network stores about an user. Insurance companies can estimate whether a person has been smoked or doped, do sport. The user may never be able to identify the underlying cause of the outcome of this risk estimate. Or maybe the cause for an application for a company denied was not a candidate more capable, but a dismissive comment about the companies product a few years ago to a friend in a private conversation.

We may now ask if I don’t have an account: Am I invisible to Facebook? No. I got invitations, some users may have uploaded their address book, including my address, and some may have tagged my on a photo. Even if I use the RequestPolicy to block the like button now, they may have already created shadow profiles for me.

Finally there is another big threat due a single huge social network. Have you noticed that each company, organisation, star, etc. must get their own Facebook site like facebook.com/SomeBrand to keep visible? It’s not sufficient to have a website SomeBrand.com to keep visible. And because every good marketing campain must have a Facebook link, they do free advertising for Facebook. And if you don’t have an account you can’t see a huge part of the internet. So Facebook is basically a private network within the Net.

This threats the very idea of the internet: Connect anybody with anybody using open and standardized protocols. While there are APIs allowing third party applications for Facebook they are controlled by a single party and can be changed whenever needed to keep control. Only standardized and open social networking protocols can ensure data ownership. Imagine you can connect to friends and communicate with them, provide status and control which personal data the others should be able to see. And still keeping control where your data is, because it’s your data. You install a piece of software on your server. Or if this is to complicated just choose a hoster of your choice. This is the very idea behind the Diaspora Project .

I’m not the only one thinking this way: The Seven Realities of Social Networking

posted at: 23:53 | path: /net | permanent link to this entry

As the IPv4 addresses are a scarce good that runs out in 2011 we should really start switching to IPv6.

Probably this song helps to motivate this move!

posted at: 21:39 | path: /net | permanent link to this entry

Microformats are a simple, but genial and usefull idea.

The Idea is to use normal (X)HTML with standardize CSS class names. The class names are not just used for layout but add context information about the data they contains. This allows to simplay search through the page looking for a tag with a defined class name and parse this part of the HTML tree to get the information in a computer readable way.

See http://microformats.org/ for further informations.

posted at: 13:16 | path: /net | permanent link to this entry

Fine, D-Link managed to hardcode Stratum 1 NTP Server into their firmware. This stupidity leads to massive problems on those servers and immense costs for their carrier.

Read this open letter for full informations: http://people.freebsd.org/~phk/dlink/

posted at: 23:07 | path: /net | permanent link to this entry