Month: January 2021

Categories
Decentralisation and Neutrality Privacy and Anonymity Wellness when Always-On

It’s a war all right

In a blog post announcing a security-focused release of the Firefox browser, Mozilla described how ingeniously-constructed ‘supercookies’ work:

[to reduce bandwidth and other overhead] if the same image is embedded on multiple websites, Firefox will load the image from the network during a visit to the first website and on subsequent websites would traditionally load the image from the browser’s local image cache…

Unfortunately, some trackers have found ways to abuse these shared resources to follow users around the web. In the case of Firefox’s image cache, a tracker can create a supercookie by “encoding” an identifier for the user in a cached image on one website, and then “retrieving” that identifier on a different website by embedding the same image.

Constructing trackers with this level of sophistication and building distribution of these shared images across websites is not a trivial effort.

For this effort to make monetary sense, advertising and tracking companies need to collect vast amounts for a vast number of people – including you and me – so that even when a tiny fraction of that is useful, it makes enough money to pay for all the engineering and distribution. That means you’re up against a machine that is as aggressive as it is technically sophisticated.

Likewise, Mozilla. How does Firefox disrupt supercookie tracking without fetching an image afresh every time, even if it’s the same image?

[Firefox] still load(s) cached images when a user revisits the same site, but we don’t share those caches across sites. We now partition network connections and caches by the website being visited. Trackers can abuse caches to create supercookies and can use connection identifiers to track users. But by isolating caches and network connections to the website they were created on, we make them useless for cross-site tracking.

Given the vast number of websites that the average person jumps through over any given week, this is not easy to pull off.

I don’t use the term ‘war’ lightly. But this is absolutely a war on your privacy.

It doesn’t matter whether you value your data or not (you should), it’s that you don’t get to choose. Supercookies show that an immense amount of know-how and engineering being deployed to strip you of your privacy. Firefox in turn put in a similar amount of counter-engineering to neutralise that threat.

Make sure you move to Firefox, an open source project whose only incentive is to protect you. And keep it updated. And donate to Mozilla.

Categories
Life Design Products and Design The Next Computer

This ten year old Macbook Air

A short comment on the incredible durability of my mid-2011 Macbook Air. I bought it shortly after its release, so it’s nearly ten years old and still going strong.

It’s on its second battery, the logic board has had to be replaced [1], and some key combos work either with only the left or only the right shift keys. It’s also the last machine with the Magsafe 1 charging port, so I guard my two chargers with my life. But it runs just fine as an everyday machine. I’ve had more go wrong with me this past decade.

Replacing the logic board led to the unfortunate loss of the serial number and therefore the capability for Mac OS to list the vintage)
The detailed hardware report correctly identifies the machine as a Macbook Air 4,2 – which is the mid-2011 model

This was my first Mac machine and a return to machines with good build quality after a three year gap. My main machine used to be an IBM Thinkpad R51 – pre-Lenovo – until it was stolen in 2008. It had excellent driver support for Linux even back then. In the interregnum I used, unhappily, a series of Dell laptops. The Mac, and Mac OS, was such an improvement that I have stuck to it since.

Speaking of Mac OS, this machine shipped with OS X Lion. It’s since run Mountain Lion, Mavericks, Yosemite, El Capitan, Sierra and High Sierra, which is the last supported OS. That is seven operating system releases over seven years. Mac OS is backwards-compatible enough that the most recent versions of almost all my everyday software runs on High Sierra (it also helps that my software needs are modest and include many open source tools).

Nearly a year ago, I wrote about Apple’s laptops:

These machines appeal to me because they’re such a terrific example of sustainability. Apple may release new laptops and revisions every year but you don’t have to buy them that often. In fact you can go five years, even ten depending on what you use your computer for. The relatively high price you pay up-front translates to many years of trouble-free use. The ‘cost per wear‘ equivalent of Apple’s laptops is extremely low.

Oldie but goodie, April 2020

My everyday machine is a mid-2012 unibody Macbook Pro I got for free as a hand-me-down, which will itself be ten years old next year. That machine is a lot more powerful than this Air, and I’ve upgraded its hardware more than once. It’s clear to me I’d have spent a lot more on Dell laptops over this last decade than I did on these two Macs, even including repairs and upgrades.

To close, no one described better than Terry Pratchett why I love my old, wonky Macbooks:

The reason that the rich were so rich, Vimes reasoned, was because they managed to spend less money.

Take boots, for example. He earned thirty-eight dollars a month plus allowances. A really good pair of leather boots cost fifty dollars. But an affordable pair of boots, which were sort of OK for a season or two and then leaked like hell when the cardboard gave out, cost about ten dollars. Those were the kind of boots Vimes always bought, and wore until the soles were so thin that he could tell where he was in Ankh-Morpork on a foggy night by the feel of the cobbles.

But the thing was that good boots lasted for years and years. A man who could afford fifty dollars had a pair of boots that’d still be keeping his feet dry in ten years’ time, while the poor man who could only afford cheap boots would have spent a hundred dollars on boots in the same time and would still have wet feet.

This was the Captain Samuel Vimes ‘Boots’ theory of socioeconomic unfairness.”

Terry Pratchett, Men at Arms: The Play

Categories
Privacy and Anonymity Wellness when Always-On

What makes the web slow – analytics, ads and compatibility code

This excellent but dense blog post describes how the team from the website performance company catchjs analysed the top one million pages on the web. They logged what these web pages request, what libraries they use, what errors they throw, and how all of these are correlated to performance – that is, how fast your web browsing experience seems.

If you’re familiar with web tech, it’s worth a read in its entirety.

What caught my eye particularly was the use of external libraries:

As the team says

Judging by this top 10, our browsers are mostly running analytics, ads, and code to be compatible with old browsers. 

They then go on to identify which of these slow down web pages the most. JQuery’s right up there, along with WordPress’ Woocommerce.

The writers emphasise clearly that correlation should not be linked to causation: the presence of libraries that load faster than the baseline could simply be because they’re the ones typically used by web developers who optimise many other aspects of web pages for performance.

In any case it’s clear from this analysis that ads and analytics – the very things that hijack your attention and privacy – are also what slow down your browsing, burden your internet bandwidth, sap your device’s battery life and take up screen real estate.

It’s shameful that this is what the web has become. But you can fight this.

For a start, use the open-source ad and tracker blocker pi-hole to reclaim some of this. Pi-hole, even out of the box, will block most common analytics and social media plugins and trackers, and can be extended with block lists available freely over the web.

I wrote about my experience following a guide on how you can set up a pi-hole or yourself – for free – that works on all your devices on all networks, at home or outside.

Running pi-hole on Google Cloud for $0
Categories
Decentralisation and Neutrality Privacy and Anonymity The Dark Forest of the Internet

Signal and Bitcoin are equally dangerous

This article describes the tension at the nonprofit that builds the messaging app Signal – the tension between providing totally private messaging, and the inevitability that such a service will be used by terrorists and criminals to organise.

Privacy was, is and will be political. Governments have always wanted access to information, from intercepting postal mail to eavesdropping on telephone conversations to the USA National Security Agency’s PRISM programme that collected data from nearly every major USA tech company: Microsoft, Google, Facebook, Apple.

Until recently, end to end encryption, like the kind Signal (and Telegram) makes possible, has not been available to people like you and me. With such encryption, not even Signal itself can access the contents of our conversations [1]. This means even if USA or other government spies were to break into Signal’s systems, or obtain its covert cooperation, they wouldn’t be able to see what messages you and I typed to each other.

That means for you and me, the very act of using Signal and other such services is political. Likewise for Signal, providing such a service is a political act.

It is always going to be at the receiving end of governmental efforts, USA and outside, to provide encryption backdoors for their security agencies [2][3].

If you were such a government, you’d use informal private pressure, you’d build a public legal case and you’d discredit the company and private messaging in general by pointing out the danger to national security. This is also the playbook governments the world over have used to deal with cryptocurrency.

I think the only way that the Signal organisation and others like it will be left un-harassed is by reframing the question.

Today it is “What is Signal doing to tackle terrorist activity taking place on your service?”

The much more politically fraught – but correct – question is “Why is the onus of identifying, reporting and shutting down terrorist/criminal activity primarily on Signal?”

Like it or not, Signal is a political organisation. It needs to begin acting like one.

[1] And we don’t need to take Signal’s word for it – the app and server code is available publicly.

[2] Never mind that that kind of backdoor would require explicitly moving to a fundamentally different, less secure encryption algorithm.

[3] PS: And you and I, as Signal users, are going to be suspect.

(Featured Image Photo Credit: Alexandru Zdrobău/Unsplash)

Categories
Data Custody Decentralisation and Neutrality Privacy and Anonymity Wellness when Always-On

Privacy from who? – Part 2

(Part 1 – when you think about privacy, it’s not just about some apps on your phone. We listed and discussed other entities that have access to your data and your online activities: your phone manufacturer, the OS that runs on your computer and phone, your browser, your internet service provider, your phone carrier/operator. The list continues below:)

The websites you visit – This is the Big Tech that people are usually concerned about. Whether Facebook.com or Google.com or Amazon.com, incognito mode protects you somewhat here as long as you don’t log in, but even then trakcers now use digital ‘fingerprinting’ that combines several signals to uniquely identify you between visits. Those trackers often send data to other trackers that consolidate this sort of data.

The apps you use – Also includes Big Tech, but goes well beyond them. As we have seen in the article about whether or not to use Whatsap, apps use ‘SDK’s or software packages from a number of tracking companies that record your activity in the app in great detail. This activtiy data is a lot creepier and a lot more valuable than we usually suspect. Consider Netflix’s analytics for modeling your preferences. It tracks

  • Times when you stop, pause, rewind or fast forward the content.
  • Days and times when you watch certain content such as rom-coms on Saturday night at 7pm, and Family Guy on Tuesdays at 10pm.
  • The specific dates you watch (e.g. what movies are popular on Valentines’ day)
  • Your location when you watch such as your home or at work.
  • What device you use to watch content. (e.g. TV for movies, Laptop for binge watching shows in bed)
  • At what points during the show you stop watching and move on. In addition, they also track whether you resume watching later.
  • What rating you assign a piece of content.
  • Your search history.

And also

  • How you browse and scroll through selections. I.e. Do you pause and read descriptions, or just skim through until you see a title/cover you like?
  • The types of trailers, promotional posters, words, colours and sounds you respond best to i.e. most likely to click on, and follow through.

Similarly, for an ecommerce app, your activity in its app – when you browse, how long you browse, what categories you spend time in, what items you tap preview images for – all this stuff collectively is as valuable as the stuff you actually buy. Same for chat apps. Even if your chat data cannot be decrypted by the company, your behaviour in the app including who you chat with, when, how long, what profiles you tap – all of this builds a picture of you. This The amount of data you can collect on an app – phone make, precise location, contacts – is deeper than websites.

Your DNS provider – DNS is the Internet’s way of translating the internet requests your browser makes and translating them to IP addresses to locate websites, images, CSS stylesheets, fonts and so on. In most cases, your DNS is provided by your ISP. That gives your ISP direct visibility to the sites you visit. If you use another, secure, DNS provider, perhaps one set by your router, or your smart device, or if you change it on your computer/phone/tablet to, say Google or Cloudflare or OpenDNS or some of the others, they now have access to that list. And using a third party DNS provider doesn’t totally hide your web traffic from your ISP either. They may not see the precise DNS request, but they’ll see the reply. You can hide this from your ISP by using a VPN service, but now your VPN provider has access to your traffic [1]

The point of all this is to show that we usually think of privacy in the context of the Big Tech USA companies: Google, Amazon, Facebook and similar. That concern is justified. If anything, it’s under-discussed and poorly understood. But the scope of online surveillance is a lot wider and a lot deeper. And significantly more creepy.

Now that you have some idea of what is watching you online, we can get into how you can protect yourself. We’ll discuss that in the coming days.

(Part 3 – a comment on data custody and open source)

Footnotes

[1] Unless you host your own VPN, but that requires technical capability, and if you’re hosting it in the cloud so you can use it both at home and outside, then you’re paying the cloud provider for all the traffic routed through the VPN.

(Featured Image Photo Credit: Anastasiia Krutota/Unsplash)

Categories
Data Custody Privacy and Anonymity Wellness when Always-On

Privacy from who? – Part 1

When we read about loss of privacy, it’s usually in one of two contexts:

  • Facebook and Google tracking ‘everything’
  • Customer profile and purchase data being stolen from some or the other service that was hacked

And this is true. But they aren’t the only ones who track your activity online:

Other people on a shared computer – this is what incognito mode is for. Now that each of us has a personal phone, tablet, laptop, this isn’t as much an issue as it used to be. Incognito mode is also useful to have websites ‘forget’ you; more later.

Your computer – the operating system that runs on your computer has access to files, note, contacts, calendar, pictures, music, videos – anything that you store on that computer. Even if you encrypt your hard drive, the operating system – Windows or Mac OS – is what does the encrypting.

Your phone – same as above. You’re most likely running iOS/Apple or Android/Google. In the case of Android phones, most phone manufacturers modify Android – for cosmetic reasons and to add phone-specific functionality. Often their apps are the defaults, not Google’s. In any case, that manufacturer also has access to a lot of the data

Your browser – Chrome, Safari, Edge, made by Google, Apple and Microsoft respectively, need to be able to “see” what websites you visit in order to be able to work. Browsers now have you sign in to not just a website but into the browser itself (think Chrome and your Google account) to sync history, bookmarks and extensions across devices – which means the browser not just tracks this information but stores it centrally. Also – the browser sees your activity even in incognito mode or private mode. That mode just means the browser doesn’t save any information.

Your Internet Service Provider (ISP) – all your traffic needs to go through this entity before it connects to the public internet. Your ISP isn’t able to see HTTPS-encrypted traffic, like the contents of your email on gmail.com, but it knows what sites you’re visiting. This isn’t limited just to your computer – any device at home like an Amazon Echo, Google Chromecast, or a Samsung Smart TV (and similar devices from other brands) – that connects to the internet sends data through your ISP. Technically your home router can also see all your data – this is the one that connects your home wifi to your internet service provider – but I don’t know of routers that are known to systematically ‘phone home’ your data. It’s too big a reputational risk.

Your operator/carrier – same as above, when you’re using your mobile data plan. This is true not just of browser traffic, but also when you use apps, like games. Your operator is very likely able to figure out what games you play based on the internet traffic the game generates. Just because you use the Twitter app instead of visiting twitter.com doesn’t mean you’re sending any less data.

(Part 2 – more entities that track you, including the ones you’re concerned about)

(Featured Image Photo Credit: Tolga Ahmetler/Unsplash)

Categories
Data Custody Privacy and Anonymity Products and Design The Dark Forest of the Internet

Are Telegram chats encrypted or not? Here’s what you need to know about encryption, privacy and tradeoffs

A friend sent me this message from one of the groups she was on:

I’ve just found out that chats in Telegram (unlike in Signal) are not encrypted by default (unless started as secret chat) and group chats are not encrypted at all!”

and asked if this was true.

I think terms like “not encrypted”, “end to end encryption” need to be understood better so we can make better decisions about what to use and not. Here’s what I wrote back:

“Yes, Telegram encryption works differently from Signal but it’s just plain inaccurate that Telegram chats are not encrypted. They are. Both “in transit” ie from your phone to Telegram and “at rest” ie on Telegram servers.

So what’s the difference between the apps?

Telegram chats are encrypted by Telegram’s keys, which are stored separately from the data. From their privacy policy:

Telegram is a cloud service. We store messages, photos, videos and documents from your cloud chats on our servers so that you can access your data from any of your devices anytime without having to rely on third-party backups. All data is stored heavily encrypted and the encryption keys in each case are stored in several other data centers in different jurisdictions. This way local engineers or physical intruders cannot get access to user data.

All group chats are also encrypted in the same way:

In addition to private messages, Telegram also supports public channels and public groups. All public chats are cloud chats (see section 3.3.1 above). Like everything on Telegram, the data you post in public communities is encrypted, both in storage and in transit — but everything you post in public will be accessible to everyone.

For 1:1 conversations, Telegram has what it calls ‘secret chats’, where the encryption keys are known only to the two devices – one for each person. Again from Telegram’s privacy policy:

[In secret chats] all data is encrypted with a key that only you and the recipient know. There is no way for us or anybody else without direct access to your device to learn what content is being sent in those messages. We do not store your secret chats on our servers. We also do not keep any logs for messages in secret chats, so after a short period of time we no longer know who or when you messaged via secret chats.

So if you only use Telegram on one iPhone and I use it on iPhone, iPad, and two Macs and I use each of them to chat with you, you will have four distinct ‘secret’ conversations with me on the same phone, and I will have one conversation with you on each of my devices, but all disjointed. In return, no messages are stored on Telegram’s servers.

Signal works this way by default – separate message queue for devices. You can see that the conversion on my iPhone is not synced to my iPad automatically:

But there is a tradeoff. Once again, Telegram’s privacy policy:

For the same reasons secret chats are not available in the cloud — you can only access those messages from the device they were sent to or from.

Without getting into the details, it’s really tough to do all three of the following:

  • a. support perfect message sync between mutliple devices and
  • b. encrypt it on-device and
  • c. not store messages on the server.

With this model,

  • Telegram does b. and c. for secret chats but sacrifices a. Signal works this way by default.
  • Apple iMessage does a. and b. but does store messages on its servers for seven days, after which it deletes them, technically achieving c. but and sacrificing a.
  • Whatsapp does b. and c. but doesn’t do a., which is why Whatsapp Web always needs to connect to your phone.

Hope this helps.”

I’m quite happy with the ongoing conversation around the loss of personal privacy online. There seems to be mainstream coverage of its pervasiveness for the first time, even if it’ll be churned away by the next news cycle.

But this conversation is as vulnerable to being hijacked and derailed by disinformation as any other. I think it’s important for those who can to explain technology and terminology in such a way that people can make educated decisions about reclaiming their privacy.

(Featured Image Photo Credit: Mitchell Ng Liang an/Unsplash)

Categories
Data Custody Privacy and Anonymity Wellness when Always-On

I’m safe; my data isn’t interesting – wrong!

In my post last week, I wrote that simply deleting Whatsapp and moving to Telegram or Signal wasn’t going to make much of a difference to your privacy. There are so many other ways that Facebook collects data from you, your phone and your computer:

Why you shouldn’t delete Whatsapp and move to Signal

The subtext of the article was also that you need to think about your privacy as a whole, not just limited to one app or company.

I won’t pretend that thinking about privacy is straightforward (leave alone appealing), but it’s not impossible either. And since the biggest companies today make money directly or indirectly off your data, it’s worth investing time to understand just how much of your data these companies have, how they get them and how it affects you.

We rest in the fact that we’re just one uninteresting person among hundreds of millions of users of Facebook or Google or Amazon and our particular stream of data isn’t worth much:

If only.

But the algorithms that sift through all this data have little to do with the number of people that they draw conclusions for. You could be a nameless, claimless casualty of an incorrect inference that this algorithm makes: Sir Tim Berners-Lee, one of the fathers of the internet, gives one example:

Just think your insurance gets cancelled because you’ve been searching for cancer online too much. But, in fact, you were looking because a friend of a friend had some form of cancer. However, now the system suddenly decides that it’s worth sending you ads about cancer then also it can decide whether it’s worth increasing your insurance premiums, maybe blocking you from taking on a new insurance policy because they’re worried that you might have an existing condition.

Sir Tim Berners-Lee: The marketing impact of artificial intelligence

Lately with contract tracing apps mandated by governments, you may not have a choice in data being collected about you. Even if there’s location data about millions of people being collected daily, once the central algorithm identifies that someone near you tested positive, you will almost certainly be required to subject yourself to tests, typically at your expense, and be barred from travel until you receive your results.

But today’s geo-location tech can’t identify that the person who tested positive was enclosed in a changing room in a store while you were browsing a clothes rack outside, both masked at the time.

The result? You being inconvenienced unnecessarily in the name of safety because of incorrect conclusions made from data you shared without choice.

Sticking with real life, as an ordinary person among millions of fellow citizens, you may be arrested because surveillance cameras and the associated facial recognition technology misidentified you. This has happened – repeatedly:

The identifications justified Talley’s detention, even though he claimed he had been at work as a financial adviser for Transamerica Capital when the May robbery took place. Talley said he was held for nearly two months in a maximum security pod and was released only after his public defender obtained his employer’s surveillance records. In a time-stamped audio recording from 11:12 a.m. on the day of the May robbery, Talley could be heard at his desk trying to sell mutual funds to a potential client.

How a Facial Recognition Mismatch Can Ruin Your Life

The article from which I’ve taken the quote is an detailed dismal tale of how the person, wrongly identified, had his life turned upside down trying to prove his innocence while struggling to live his life alongside.

The burden of proof, previously solely on prosecutors, has now shifted to an algorithm that doesn’t have to explain itself – another example of how involuntary loss of privacy, this time through surveillance cameras – severely affected an otherwise unremarkable person.

Whether on the Internet or in the real world, it’s easy for your data to be turned against you, even if inadvertently or accidentally. This has nothing to do with how well-known you are, or if someone wants do get back at you.

In this new world, it’s important for you, me, our families – everyone – to understand our loss of privacy and then form our own plan to reclaim it.

(Featured Image Photo Credit: Jermaine Ee/Unsplash)

Categories
Audience as Capital Decentralisation and Neutrality Discovery and Curation The Dark Forest of the Internet

The last Twitter megapersonality – Part 2

(Part 1 – Deplatformization)

What’s new is the Trump episode demonstrated these companies’ herd mentality: first no one could afford to act against his social media accounts because it would mean losing eyeballs. And then all of a sudden no one could afford to keep his account standing. [2]

This means online personalities can’t rely of any of these platforms as an alternative to the others. Now that the platforms have acted in unison once – rather effectively – they’re likely to be more aggressive in the future. It’s like being cancelled, but by entire platforms.

So the next megapersonality isn’t going to be primarily on Twitter or Facebook or YouTube or even Telegram. They are going to own their presence. They may publish and engage on all of these platforms, but their home, their fortress, is going to be an independent online presence.

Two types of such online presences will proliferate among influencers: One, state controlled or state influenced online media for national political leaders. The internet equivalent of state TV and Radio. China leads the world here.

Two, independent online properties. We discussed this earlier in the context of Trump’s options:

Where will the Trump community congregate after the Twitter and Facebook ban?

This Vox article shows how other right-wing personalities like Alex Jones have their own website and online radio show have an audience independent of social media sites. While they also have also suffered in their ability to reach people after being shut out from media platforms, they have survived, even thrived. For Trump, who hasn’t bothered spending any time investing in any platform his own, there is suddenly no way to reach out to his followers. Every political leader, every entertainer, every tech personality has seen this unfold.

Trump may have been the last Twitter megapolemicist, but it’s likely he’s going to run one of the first personal megaplatforms. I’m looking forward to how quickly it happens and what form it takes.

(ends)

[2] The point of this is not about right or wrong. For the record I think Trump’s Twitter account was a disgrace to online decency.

(Featured Image Photo Credit: Harald Arlander/Unsplash)

Categories
Audience as Capital Decentralisation and Neutrality Discovery and Curation The Dark Forest of the Internet

The last Twitter megapersonality – Part 1

‘Deplatformization’ is now a word in the tech world’s vocabulary. It’s what the Tech Giants did to Donald Trump. First one, then another, and then all of the herd followed last week:

“How did you go bankrupt?” Bill asked. “Two ways,” Mike said. “Gradually, then suddenly.”

Ernest Hemingway, “The Sun Also Rises”.

And just like that, Trump’s vast influence was neutered. This site makes the case that after years of hand-wringing, the tech giants took action simply because it had become clear that Trump no longer held political power:

For years Facebook and Twitter were unwilling to enforce their own rules against those inciting violence, in fear of upsetting a substantial part of their userbase… Not only is this [deplatformization] too little too late, but needs to be understood as an admission of complicity… Could it be that after the electoral shake-up what used to be an asset became a liability?

One of the mega trends we explore repeatedly on this site is that of Audience as Capital. You can’t discuss that trend without recognizing the fantastic power now held by social media companies which, if user bases were populations, would be the world’s largest countries:

  • Facebook itself: over 2.5 billion active users
  • Youtube: over 2 billion
  • Whatsapp (Facebook): over 2 billion
  • Instagram (Facebook): well over 1 billion
  • Wechat: ~1 billion
  • Tiktok: ~800 million
  • Twitter: ~300 million
  • Linkedin: over 300 million

Add to this Google Play Store with about 2.5 billion users on Android and Apple’s App Store with over 1.5 billion iOS devices controlling app distribution. They took the right-wing-dominated social network Parler offline.

Further add to this Amazon’s dominance of online commerce, Stripe’s of online payment acceptance, the decades-old Visa-Mastercard duopoly of payments processing [1], and Amazon AWS, Microsoft Azure and Google Cloud Platform’s cornering of the internet applications, including such basic internet plumbing as DNS. AWS took Parler’s infrastructure down too.

We have never before seen such global concentration of attention and distribution.

[1] Not to mention local leaders: China Unionpay and India’s Rupay

(Part 2: so what’s the future?)

(Featured Image Photo Credit: Willian Justen de Vasconcellos/Unsplash)