Category: Privacy and Anonymity

Categories
Decentralisation and Neutrality Privacy and Anonymity

The proposed VPN ban in India is another security vs freedom debate we should but may never have

A few days ago I learnt about a proposed policy in India to ban VPN services altogether from the country. This puts the county in the august company of China, Iran, Russia and Turkey. So far, it’s a recommendation to the government from a parliamentary committee on home affairs. The Home ministry in India is responsible for internal security.

The intent is to deter criminals from communicating privately without interception. But the collateral damage is vast.

One is to businesses: for the most part, companies have been able to recreate the security of an internal network even with people working from home by having them connect via a VPN. The potential danger to this has been widely reported by the Indian press.

But this is also a blow to personal privacy, and of people’s freedom to choose and run the software they want on systems they own. I haven’t seen much coverage of this angle in print and online press – that discussion has happened mostly on Twitter.

I wrote a short Twitter thread about this, which I’m reproducing here:

Citizens use VPNs to protect themselves from

  • ~ profiling by ISPs via logging traffic
  • ~ profiling by sites via trackers
  • ~ attacks on attention & drain on bandwidth with nonstop ads
  • ~ attacks by scammers over open access n/ws

This must be addressed along with anticrime measures.

Taking away tools for self-protection online from ordinary citizens because criminals could use them is like disallowing anyone from carrying pepper spray because robbers could also use them to attack victims. Everyone is presumed guilty until proven innocent.

Laying the onus of cyber security on citizens loses much its meaning when you also take away tools they can use to protect themselves. Take this post from the government’s ‘cyber dost’ twitter handle:

Imagine if the government itself encouraged citizens to protect themselves online through VPNs, Signal, HTTPS Everywhere, Privacy Badger, tracking- and ad-blockers, educated people about PGP. But around the world they have taken the opposite approach. India is no exception.

These are questions policymakers and citizens going to face over and over again, around the world. The years-in-the-making ban on cryptocurrencies is a similar issue. As is the repeated threats of banning Whatsapp and other end to end encrypted chat services. If security wins over freedom every time, citizens will remain in the pre-internet nineties while most motivated criminals will continue to manage to access all of these.

Categories
Data Custody Decentralisation and Neutrality Privacy and Anonymity The Next Computer

My data backup strategy and tools, 2021

Here’s an overview of how I backup my data across drives and devices.

I was driven to post this because of the recently reported data loss experienced by several people around the world, caused by a malfunctioning, possibly hacked network storage device from Western Digital: “WD My Book NAS devices are being remotely wiped clean worldwide“.

Today, WD My Book Live and WD My Book Live DUO owners worldwide suddenly found that all of their files were mysteriously deleted, and they could no longer log into the device via a browser or an app.

When they attempted to log in via the Web dashboard, the device stated that they had an “Invalid password.”

“I have a WD My Book live connected to my home LAN and worked fine for years. I have just found that somehow all the data on it is gone today, while the directories seems there but empty.

The same device that Western Digital encouraged its customers to ‘Put Your Life On [It]’, lost people’s photos, music, documents, backups, probably more.

Ordinary people like you and me need a better plan for our life’s work and memories than entrusting it to a company and its specialised hardware and software. We need a plan we understand.

This is that plan.

Devices to backup

  • MacBook Pro 1TB SSD
  • iPhone 128GB
  • iPad 256GB
  • External 1TB HDD – archives, old pictures, home movies, other uncategorised data

Laptop, phone, tablet all used daily.

Current backup plan

MacBook Pro

  • Runs Catalina; full weekly disk backup on external 1TB Time Machine HDD.
    • Quarterly restore test on 2014 MacBook Air also running Catalina
  • Backup main document and multimedia folders weekly with rsync, run manually from iTerm2, to external 2TB HDD (redundancy for above). Example: sudo rsync -aP --delete /Users/rahulgaitonde/Documents/ /Volumes/Backups/BackupDocuments

External 1TB drive

WD Elements 1TB drive
  • Backup weekly with rsync, run manually from iTerm2 to external 2TB HDD: same disk as above

iPhone, iPad

2018 12.9″ iPad Pro 256GB and 2018 iPhone XR 128GB
  • iCloud Drive backup, continuous

Other data

  • Email: Gmail and Google Workplace; downloaded locally to Thunderbird on MacBook Pro as Mbox files (which is itself backed up as above)
  • Photos: synced from iPhone and iPad to iCloud; also synced weekly from iPhone to MacBook Pro Photos.app on MacBook Pro
  • Notes: Notes.app and plaintext files; both synced to iCloud
  • Contacts, Calendar, Reminder: synced to iCloud; exported monthly to MacBook Pro
  • Passwords and secure notes: synced to Bitwarden; vault exported monthly to MacBook Pro
  • RSS feeds: synced to Feedly; OPML exported monthly to Macbook Pro
  • Bookmarks: synced to Firefox; HTML exported monthly to Macbook Pro
  • Read Later queue: synced to Instapaper and Pocket; CSV exported monthly to MacBook Pro. Some articles saved locally in Markdown in iCloud Drive

So, here are my tasks:

  • Weekly
    • Run Photos.app to sync iCloud Photos locally to Macbook Pro (turn off storage optimisation) – 10 minutes
    • Backup MacBook Pro to Time Machine external HDD – three hours
    • run rsync on MacBook Pro drive and on external 1TB HDD. Destination for both is external 2TB HDD (distinct from Time Machine). 10 minutes. First run took a long time; subsequent runs take a fraction of the time that Time Machine backups take.
    • Total time: appx. 20 active minutes; 3 hours in background
  • Monthly
    • Export Contacts, Calendar, RSS OPML, Bookmarks, Password Vault, Read Later queue and store locally – 10 minutes
    • Weekly tasks for that week
    • Total time: appx. 10 active minutes + regular weekly backup time
  • Quarterly
    • Test restore on 2014 MacBook Air – about 10 active minutes + 2 hours in background
    • Weekly and monthly tasks
    • Total time: appx. 10 active minutes + 2 hours in background + regular monthly backup time
  • Automated:
    • Downloading mail locally happens throughout the day since Thunderbird is always open
    • iCloud Drive backups happen daily automatically since iPhone charges wirelessly overnight

As you can see, I don’t actually spend a lot of time backing up my data. I last suffered a catastrophic data loss in 2008, and I’m determined to not let that happen again, especially now that storage is cheap and fast, and cloud backups exist.

In the early days of this system, I was tempted to automate large parts of it. I could run an open-source Time Capsule using an unused Raspberry Pi and Netatalk. I could also connect the external 2TB drive and run rsync from my Mac to the remote Pi machine (rsync, or remote sync, was in fact built for this use case).

That way my Time Machine backups would run every hour, not weekly. I could also automate rsync to, say, daily by using MacOS’ cron, a scheduling utility that’s part of almost every unix-based system.

But that frequency of backup seems overkill for my data, especially given that the vast majority of my everyday data, the one that changes daily, is backed up to iCloud. Even if I were to lose data mid-month, between restoring from the latest Time Machine backup and then syncing to iCloud, I’d be able to recover most, if not all, of my data. So that means leaving a computer running, with my backup disks attached, that’s really doing useful work for a tiny fraction of the time. That also means extra wear on the very disks I’m using for backup.

In conclusion

My solution is a mix of cloud sync and manual backup.

The cloud portion – for frequently changing data – uses iCloud, which seems to be the most privacy-centric of all cloud services.

The manual portion – for redundancy and archived data – uses open source tools and doesn’t rely on either an always-on computer, specialised hardware or a connection to the Internet, unlike the Western Digital NAS this post began with.

Finally, the solution doesn’t take a lot of time to run, and can be restored from pretty quickly. The only vulnerability in this system is that all the devices and disks are in my house. If there’s a catastrophic event at my place, the data that’s backed up manually will be lost.

Categories
Audience as Capital Data Custody Discovery and Curation Making Money Online Privacy and Anonymity

Screenshots show Donald Trump’s website is a donations-collecting machine, not a blog

Donald Trump has a new website. A lot of the coverage I have read is about how it is essentially a blog filled with tweet-sized rants (example coverage).

I think the most notable aspect of the website is how transparently and aggressively it is optimised to be a money-making machine.

Here is my experience (I am outside the US). This popup greets you when you visit the site.

Tapping on it leads you to this.

This is the same text and design that led people to unwittingly sign up for repeated donations from their bank accounts – in some cases until their account was empty [1].

The text is endearingly deceptive, panders to ego and assumes lack of attention. For example, “If you step up in the NEXT HOUR, we’ll make sure your name is the FIRST name on the list” with a large timer counting down from one hour. But also in the middle of it all, “The countdown has ended, but you can still donate below”

If you linger too long on the page, you get this other popup informing you that the ex-president wants to see you on the ‘top of the donor list’, whatever that means. Tapping ‘complete my donation’ simply dismisses the popup, but presumably you are now more likely to finish the transaction.

All of this is before you’ve even seen the home page of the site itself.

Anyway. You navigate back to the popup and dismiss it. Here is the actual home page:

There are three buttons on this screenful, and none of them have anything to do with what Trump has to say. They all have to do with money. Scrolling down, you get yet another contribute button.

The focus of the coverage, Trump’s new blog, is behind that tiny ‘Desk’ link at the top. It’s clear what Trump wants his supporters to click on.

So. Since ‘contribute’ is the main call-to-action, let’s tap on it. You’re taken to a page looks very much like the one you were taken to right at the beginning, complete with hard-to-notice default opt-ins.

Donating on the earlier page would put you on the ‘official donor list’. Donating here would put you on the ‘official founding member donor list’.

If you linger here, the same popup as earlier nudges you.

I couldn’t contribute because I am not “a U.S. citizen or lawfully admitted permanent resident”, so I haven’t experienced what happens after.

But if you navigate back and tap on the other major button, ‘Shop’, you’re taken to this store:

This is the checkout page:

When you check out an item, you aren’t buying it. You’re still donating. Even when you’re in the ‘Save American Shop’. I’m not sure if this is standard practice across USA political organisations.

I’m also not sure if the ten dollars for ‘shipping, handling and fees’ is normal. I’ve never bought items on a USA website. Seems somewhat high.

Finally, when you do tap on Desk, that tiny link at the top that is the center of all the coverage about Trump’s new online presence, this:

The first button, the first actionable click on the screen is the ‘Contribute’ button. Right alongside the post. Bolder than the actual text of the posts themselves.

One last thing. The privacy policy makes clear what the organisation can do with your data:

We reserve the right to use, share, exchange and/or disclose to Save America affiliated committee and third parties any of your information for any lawful purpose, including, but not limited to, as described in Section 3.

And what’s in section 3? All this and more:

This gives the organisation the ability to monetise your data, over and above the contributions you make to it.

So.

The site makes no pretence about who it is for. It doesn’t seek to convert; it’s for the faithful. Back in January, we had discussed this when several of Trump’s social media accounts were suspended:

Anyone who engages with Trump and his community on this [then-not-yet-live] website and forums is someone who has joined for that specific reason. No one other than news reporters covering Trump and his network will join.

– Where will the Trump community congregate after the Twitter and Facebook ban?

Because it’s for the faithful, the site doesn’t need to create talking points; the 24×7 news cycle of outrage creates them already. He knows that his opinions will be picked up by news websites and channels and social media personalities even if they are buried deep on his site. Why, those people have probably set up alerts for new posts.

The true utility of the people who actually visit those site, the ordinary right-wing USA citizen, is their money. That is what Trump’s website is for. And it has done a truly outstanding job.

[1] The donations infrastructure is by Winred, which describes itself as “the official secure payments technology designed to help GOP (ie Republican) candidates and committees win across the US.” Winred appears to have a monopoly on online Republican fund-raising.

(Featured Image Photo Credit: Colin Lloyd/Unsplash)

Categories
Privacy and Anonymity Products and Design

Firefox’s assertive privacy intervention

We saw how Firefox implemented measures to block so-called supercookies that misuse how browsers cache images. These caching is to improve performance, but supercookies encode tracking information in images to track people across websites even when cookies themselves are blocked.

It’s a war all right

Today, I learnt that Firefox is taking another, more assertive step to blocking tracking through removing specific parts of the information that sites add to the link when pointing visitors to other websites:

referrer URLs can expose an extensive array of other sensitive info, including but not limited to Internal hostnames for government and enterprise entities that most likely should not be public.

Malicious actors could then pull sensitive info like internal names from their web servers’ access logs or their analytics software if they can trick a target into visiting a site hosted on servers under their control.

– Mozilla Firefox adopts new privacy-enhancing Referrer Policy

Now,

Mozilla has announced that it will introduce a more privacy-focused default Referrer Policy to protect Firefox users’ privacy, starting with the web browser’s next version.

The new user privacy protection feature against accidental leaking of sensitive user data will be introduced in Firefox 87.

With that update, Firefox will apply the new default Referrer Policy to all navigational requests, redirected requests, and subresource (image, style, script) requests, thereby providing a significantly more private browsing experience.

The new Referrer Policy simply drops specific parts of the referrer URL. This sounds simple, but this is the fist time that I’ve seen a browser actually intervene and edit a URL to remove information – not add it.

The Supercookies update was defensive in nature. This is a lot more assertive.

In my view, the time for debating whether a browser should be a neutral application or not is long past. Trackers on the web are widely used and aggressively collect browsing metadata to build visitor profiles. Websites push ads, videos, subscription popups and popunders to the point where they drain your attention. The act of simply browsing the web is an experience akin to harassment and surveillance.

Everyone needs technology that’s on their side, works to protect their privacy and attention. We should start with the web browser. That is what Firefox is doing,

(via Michael Tsai)

Update: I just came across this. The same release also includes “Smart Block”, which

takes an additional step to improve the rendering on pages that embed third-party trackers—instead of just pulling the script and leaving a “hole” where it used to be, Smart Block replaces it with what Mozilla describes as “stand-in” scripts. These stand-in scripts function just enough like the original trackers to restore the intended page-rendering sequence and results without actually leaking data to third parties.

– Firefox 87 is out today, adds Smart Block for improved private browsing
Categories
Privacy and Anonymity Wellness when Always-On

Privacy and the imbalance of power

We explored this in a lot of detail in our three-part series on Alternate Realities, where we dive into how the Internet has made it possible to express safely who we are – often multiple selves – and find others like us.

Alternate realities – Part 1

Privacy, closely related to anonymity, works just like this. We need privacy not necessarily because we are up to something that is criminal or something that causes harm. It is because people differ about what is considered acceptable. The norm for this is always set by those in power. Privacy is the only thing that lets people act in ways considered unacceptable, without incurring censure, ridicule, ostracisation, even harm. Whether by themselves or with people like them.

Categories
Decentralisation and Neutrality Privacy and Anonymity The Dark Forest of the Internet

Decentralisation and criminal activity

A few days ago we discussed how end to end encryption and decentralisation were an inherently political matter.

Signal and Bitcoin are equally dangerous

We saw how Signal’s end to end encryption meant that security agencies can’t simply compel the Signal nonprofit to unscramble users’ messages or monitor them. With Bitcoin, there is no central authority to target, and no easily traceable identities, unless you’re a beginner who’s left their cryptocurrency in an exchange’s account. But it’s because they’re inherently secure, they’re attractive to criminals and terrorists. That in turn attracts the attention – and ire – of law enforcement agencies. And turns it into a political issue.

This article in fact describes the use of Jabber-based messaging apps by criminals in Russia:

Jabber’s federation means that anyone can open a server and run it as they see fit. That’s enormously attractive to criminals worried about companies cooperating closely with governments, especially in the United States. And some Jabber servers are set up specifically to cater to criminals.

– Why Jabber reigns across the Russian cybercrime underground

This isn’t a matter of forcing wiretapping phones, or compelling Apple to unlock iPhones, or forcing a bank to turn over account statements. If traffic on this server is tunneled through a VPN, even locating what Jabber chat server criminals use is a huge problem for security agencies. And unlike Parler or Facebook groups, one can simply set up another Jabber server.

It’s the same reason that sites on the Tor network that sell and list torrents and other contraband are so resilient to being taken down.

(Featured Image Photo Credit: Ricardo Gomez Angel/Unsplash)

Categories
Data Custody Decentralisation and Neutrality Personal Finance Privacy and Anonymity Real-World Crypto The Dark Forest of the Internet

Dalio on Bitcoin – store of value and its threat to governments

Some extracts from the hedge fund manager Ray Dalio’s public note about Bitcoin.

I believe Bitcoin is one hell of an invention. To have invented a new type of money via a system that is programmed into a computer and that has worked for around 10 years and is rapidly gaining popularity as both a type of money and a storehold of wealth is an amazing accomplishment.

Because of what is going on in the world, besides there being a growing need for money or storehold of wealth assets that are limited in supply, there is also a growing need for assets that can be privately held. Because there aren’t many of these gold-like storehold of wealth assets that can be held in privacy and because the sizes of their markets are relatively small, there exists the possibility that Bitcoin and its competitors can fill that growing need.

He does make a counter-argument against supply: that while Bitcoin itself is limited, there is no limit to the number of cryptocurrencies that can be created in the same manner. As untamperable and un-shut-down-able as Bitcoin.

Speaking of untamperable, Dalio recognises that the biggest threat to Bitcoin is not an attack on the chain itself, but in governments restricting access to it in the first place.

I suspect that Bitcoin’s biggest risk is being successful, because if it’s successful, the government will try to kill it and they have a lot of power to succeed… for good logical reasons governments wanted control over money and they protected their abilities to have the only monies and credit within their borders. When I a) put myself in the shoes of government officials, b) see their actions, and c) hear what they say, it is hard for me to imagine that they would allow Bitcoin (or gold) to be an obviously better choice than the money and credit that they are producing.

This is potentially what could happen in India. While the government recognises – rightly – that cryptocurrency isn’t clearly either a currency or an asset and therefore doesn’t fit into existing regulatory frameworks, its approach to it seems to be one of antipathy. A bill that may be tabled and discussed in the coming weeks is described in the current parliamentary session agenda as one that intends to

… create a facilitative (sic) framework for creation of the official digital currency to be issued by the Reserve Bank of India. The Bill also seems to prohibit all private cryptocurrencies in India, however (sic) it allows for certain exceptions to promote the underlying technology of cryptocurrency and its uses.

Categories
Data Custody Privacy and Anonymity Products and Design

On the internet, there’s no such thing as lost forever

Spoonbill snapshots and tracks the changes people make to their Twitter bios, displaying those changes as a timeline. It’s a view into how people express their identity. Especially when that identity needs to be compressed into a couple hundred characters. This article is a good overview of both the service and its implications, using lots of examples such as this one:

The writer says

Spoonbill not only satisfies our tendency for online lurking, but pushes it into voyeur territory; surfacing what’s meant to be hidden is intimate in a way that scrolling a timeline isn’t.

The app isn’t doing anything special in terms of data access. This is an official Twitter API, and it’s how alternative Twitter clients work. What’s special is that it places previously scattered, obfuscated data side by side. That’s what creeps people out.

This is another aspect of privacy isn’t it. We think of it primarily as ‘someone is reading what I type or browse’. It is, but the other aspect is also analysis of data you reasonably expect to be ‘in the wind’.

Say you shopped locally at a grocer’s, a pharmacist’s, a greengrocer’s, your local pub, your barber, and so on. You know that each of them knows what you’re buying. Now imagine they pooled together their receipts and ran a pivot table on them. And now when you visit the greengrocer, (s)he says ‘You bought antacid on Monday? Don’t buy your oranges and kiwis; they might exacerbate it. Here’s some bananas.’ and now you’re freaked out.

Essentially, be aware that most things you put out on the internet that can be seen publicly can also be catalogued, put together and analysed. Just like Spoonbill did. Just because you change something does not mean the previous version is lost forever – no such thing.

Categories
Data Custody Privacy and Anonymity The Next Computer Wellness when Always-On

A no-bullshit look at Facebook’s and Apple’s privacy propositions – Part 2

(Part 1 – How Facebook’s using guilt to get people to voluntarily opt out of Apple’s privacy protections)

There is a kernel of truth in Facebook’s argument that “with the upcoming iOS 14 changes, many small businesses will no longer be able to reach their customers with targeted ads”. Targeted ads work better than generic, non-targeted ones. And facebook is able to provide user targeting like no other for two reasons: because people share very personal information on Facebook, and because outside of that, Facebook aggressively collects information on people through their activities outside of Facebook, both via businesses who themselves install Facebook tracking to understand their customers better and through other companies they call “Audience Data Providers

However, Facebook’s ad targeting can be used by businesses large and small. A small burger joint in a city in theory could use Facebook’s sharp targeting to reach its type of customers in its catchment area. But a nationwide burger chain or its franchisee can use the same targeting software to drive people to its store instead, often outspending the independent small business. Facebook makes no promises to small businesses that this is only about them.

It follows that should a person agree to allow themselves to be tracked, Facebook also makes no claim to its users that that information will only be used by small businesses. Just like Facebook’s ad software is available to businesses large and small, user data once collected is also available to any company with a Facebook ad account.

So while Facebook’s ability to track people in such detail doesn’t really give small businesses any sort of sustainable competitive advantage, it doesn’t give its users any choice about trading their data to support an ostensibly noble cause.

Finally, Facebook’s argument holds weight only because of its dominant position in the online ad business, alongside Google. A small ad network would hardly be taken seriously if it claimed to stand up for small businesses nationwide, leave along globally. It’s disingenuous for Facebook to accuse Apple of using its dominant position to push its own agenda while it does the exact same thing. 

Apple’s position on privacy is simple. As one of its ads says, “What happens on your iPhone stays on your iPhone”. [1] It is a commitment one party makes to another, no one else, and that party proves it by aligning its interests to the others’.

Facebook’s (opposite) position on privacy is more messy and conflicted. It urges one party (its users) to make sacrifices (allow data tracking) in order to benefit a third party (small businesses) whose thriving only it (Facebook) can ensure. That does not sound like a healthy relationship between any of the parties

As we’ve discussed many times on this site, in the Internet we’ve ended up building, the question of privacy is one of data custody – who you trust with your data. And in that regard, I’d much rather cast my lot with Apple that with Facebook.

End note: One could argue that Google’s stance on privacy, while being the opposite the opposite of Apple’s, is also straightforward: give me data, I’ll make your life dramatically better. Search, Gmail, Google Maps, Google Photos, even the much-missed Google Reader. I’d trust Google with my data way before I trust Facebook.

[1] This is in the context of how Apple’s AI to categorise photos and other data works on-device instead of first sending all data to some central server.

Categories
Data Custody Privacy and Anonymity The Next Computer Wellness when Always-On

A no-bullshit look at Facebook’s and Apple’s privacy propositions – Part 1

Facebook is guilting people who use their iPhone app. iOS 14’s App Tracking Transparency now requires app makers to explicitly get people’s assent to be tracked. If the phone user declines, iOS only sends generic information that’s really hard to trace back to any identifiable person.

Obviously, this works against Facebook’s interests. It’s built a seven-hundred-billion-dollar company over fifteen years on the back of a sophisticated, extremely aggressive data collection and ad display business.

Facebook’s tried public pressure and PR to lobby against this intervention, arguing that this opt-in hurts not it, but small businesses, who rely on Facebook ads to target would-be customers.

Now Facebook’s building that argument right into its app, with a full-screen appeal to its users to allow themselves to be tracked in detail, so that small businesses may thrive. First reported by CNBC, here is what the screen supposedly looks like (left, before Apple’s prompt to the right):

Facebook’s CEO has said publicly that the company sees Apple as a competitor because “has every incentive to use their dominant platform position to interfere with how our apps and other apps work, which they regularly do to preference their own… Now Apple may say that they’re doing this to help people, but the moves clearly track their competitive interests.”

Now, Facebook’s straight-up ‘gaslighting’ people into voluntarily overriding Apple’s protections.

(Part 2 – comparing how Facebook and Apple talk about people’s data)