Tag: privacy

Categories
Uncategorized

Email clients as web browsers

But also, the original conception of email is that messages are plain text. No fonts, no styles, just plain text, with optional attachments. But those attachments are embedded in the message, not pulled from a server when the message is viewed.

Once we allowed email clients to act as de facto web browsers, loading remote content from servers when messages are viewed, we opened up not just a can of worms but an entire case of canned worms. Every privacy exploit for a web browser is now a privacy exploit for email. But it’s worse, because people naturally assume that email is completely private.

John Gruber’s Daring Fireball, “Superhuman and Email Privacy

Categories
Uncategorized

Cars as private spaces

In Japan, a survey of people who rented cars revealed that

one out of every eight users rented automobiles for purposes other than transportation.

An overwhelmingly large number of respondents said they slept or rested in vehicles, followed by customers who said they used cars as spots to talk with friends, family and business clients on the phone.

People also rented vehicles to watch TV in, get dressed up for Halloween, practice singing, rapping and English conversation, and even do facial stretches said to reduce the size of their face, NTT found.

A car may be one of the last truly private spaces left.

Categories
Uncategorized

Raspberry Pis as low-footprint single-purpose machines

I’m excited about the new, more powerful Raspberry Pi. This Hacker News thread describes several interesting hardware projects that the people have used the Pi for. And the Raspberry Pi website positions the new, more powerful Pi 4 as a Linux desktop machine.

I’m interested in its use as a low-power, low-footprint single-purpose machine, and having a few of them across the house.

For instance I have a privacy-focused Pi that’s physically tied to my router and serves as a network-wide ad- and tracker- blocker via pi-hole. It also runs cloudflared to encrypt my DNS lookups over HTTPS. I’m also setting it up as an OpenVPN server.

Another one is about to enter service as a XBMC/Kodi machine for movies and TV shows. This lives behind the TV. I’m also considering a third to serve as a Time Machine via netatalk and general-purpose backup machine via Syncthing. This will probably be behind my desk.

Taken together they’ll draw less power and run quieter than a desktop machine that does everything, and will be near-invisible too. It’s a new class of personal computer.

Categories
Uncategorized

On declaring your social media presence in a visa application

Someone asked me my opinion on US visa applications now asking for social media handles:

“It’s complicated, and a lot depends on execution and timely review.

If there were a 9/11 style attack planned in the future, you can be sure the attackers would have some evidence of their ideologies on their public social media.

Similarly if you’re looking for a long-term visa but have an publicly anti-american philosophy, you’re probably going to be more trouble than it’s worth. There are probably other cases not obvious to us.

  • But the potential for misuse is vast. The system is opaque to the applicant and there is little/no way to appeal:
  • You could be prevented from traveling to participate in a protest if you have publicly written about it
  • Or from speaking at a conference on a topic the current administration does not encourage (climate change?) if it’s found you’re a better-known person in the community than is commonly known
  • Or you could be a victim of insensitivity about cultures. I can easily imagine someone who publicly posts ayats about life/temperance from the Quran, maybe typing in nastaliq, that to the average low-pay ICE employee look like extremist ideology even after translation
  • Similarly, if you’re a rockets/space enthusiast and post your photos of PSLV/GSLV launches because you’ve travelled there to watch the lift-off, you could be mistaken for a dangerous nutjob
  • Worse still is that lack of a social media presence (I don’t have Facebook or Instagram accounts) could be grounds for rejection. There have been cases of people who have wiped their phones because they did not want to hand over their passwords and their photos at the US border, who were detained for hours and pressured to hand everything over. There are tools made just for this and they invite more trouble than they solve.

It’s conceivable that there are regular review processes within the Homeland Security department for rejections, but the broader the review is (ie public) the better it will be. I certainly know that the DHS has incredibly powerful tools at its disposal, including Palantir.

But because I don’t know anything about the actual technologies and review policies, I don’t have a position on this.

  • ps:
    • The most common argument in favour of these is that if you don’t have anything to hide why do you have anything to fear. This is easily refutable: because I don’t know how you will judge me. My browsing history, my credit card purchases, my salary, my movements around the city on a given day – they’re all secret because there are real world consequences to people around me – my employer, my friends, the police – and in this case the DHS – knowing about them even if I have not broken laws.”
    Categories
    Uncategorized

    Owning your data, offline

    Google’s services including Gmail, Drive etc went down for over 4 hours. I did not even know about this until now, nearly 24 hours after the incident; most of my documents are available offline, including email. Which made me articulate what I have long realised:

    This incident should be a wakeup call for owning your data and certainly having offline access to it. If you can’t even ‘reach’ your data because it’s in the Cloud, having perfect sync between all your devices does not mean much. Even if it’s a rare event – what if you need your own information right then?

    The other risk of having all your data on the Cloud without a pure-offline copy (such that files are first-class citizen – offline google docs files that need the docs.google.com Chrome client or app to open, do not count) is that you could be locked out of your own account. The journalist Mat Honan had his accounts broken into and held hostage/wiped out in 2012. Even if you’re not digitally attacked, it’s easy to be locked out.

    Maybe it’s worth giving up cross-device syncing and moving to a single-device setup like Jason Fried of Basecamp all the way back in 2010. He does not have a work computer and a home computer:

    > One powerful, portable, fast, machine with a high-rez screen and a clean desktop. I don’t really believe in dreams when it comes to hardware. These are the tools you use to do your job – you should have the best you can afford.

    If you must have multiple machines, sync them peer-to-peer using something like Resilio Sync, or its open source alternative SyncThing, both based on BitTorrent. Back up using Time Machine (if you’ve got Macs) or if you are even slightly technically inclined, via unidirectional rsync to an external hard drive connected to your machine.

    Above all, keep your data in open formats. Using a single backed up machine is no use if all your files live in, say, Evernote or OneNote. Can your files be read natively by open-source equivalents? Can they be _conveniently_ exported in bulk? There is no shortage of open formats for multiple types of data: CalDAV, CardDAV, Markdown, ogg, mobi, PDF, mbox – even Microsoft Office is a mostly known format. Do you store your data in a simple folder-tree structure instead of in a proprietary library – your photos may all be PNG but they may be in Apple Photos’ binary library format.

    You’ll give up the glamour and some ease of cloud-based, real-time collaborative, unstructured write-anywhere apps, but what you’ll gain is a lot more valuable – the ability to have anytime anywhere access to your own data, for years on end, worry-free. No one will be able to force you to continue using their software, pay a subscription, lock you out from your own files, leak them in a security breach, or ‘go down’ in an outage.

    When it comes to your files, your memories, your life, sticking to the basics is a good idea.