Why Do We Care So Much About Privacy? | The New Yorker:

Possibly the discussion is using the wrong vocabulary. “Privacy” is an odd name for the good that is being threatened by commercial exploitation and state surveillance. Privacy implies “It’s nobody’s business,” and that is not really what Roe v. Wade is about, or what the E.U. regulations are about, or even what Katz and Carpenter are about. The real issue is the one that Pollak and Martin, in their suit against the District of Columbia in the Muzak case, said it was: liberty. This means the freedom to choose what to do with your body, or who can see your personal information, or who can monitor your movements and record your calls—who gets to surveil your life and on what grounds.

I like changing the argument to liberty. There’s a ton of Founding Fathers materials on the topic.

Of course, in my professional capacity there’s a different argument to make but one that still applies to the individual.

As we are learning, the danger of data collection by online companies is not that they will use it to try to sell you stuff. The danger is that that information can so easily fall into the hands of parties whose motives are much less benign.

New Data Privacy Regulations:

Surveillance is the business model of the internet. It’s not just the big companies like Facebook and Google watching everything we do online and selling advertising based on our behaviors; there’s also a large and largely unregulated industry of data brokers that collect, correlate and then sell intimate personal data about our behaviours. If we make the reasonable assumption that Congress is not going to regulate these companies, then we’re left with the market and consumer choice. The first step in that process is transparency. These new laws, and the ones that will follow, are slowly shining a light on this secretive industry.

(Via Schneier on Security)

Warning

There are potential issues with web site functionality, ethics, and breaking your OS if you follow the below steps. Your Mileage May Vary. If you break something or find yourself in existential anguish over the moral implications of this recipe (see Ethics, &c. below), they are totally on you.

Recipe

I take a “defense in-depth” approach to security. While I use ad blocking add-ons in my web browsers and often use text-only browsers to reduce the attack surface, they don’t help for other apps. Here is how I keep my hosts file updated for another layer of ad blocking on my hosts.

First, we need to get the latest version of an ad blocking hosts file. I get mine from winhelp2002.mvps.org.

cd ~/Downloads
wget http://winhelp2002.mvps.org/hosts.txt

Then we need to calculate the difference between the system’s current hosts file and the one we downloaded.

diff -ud /etc/hosts hosts.txt > hosts.patch

Let’s back up the hosts file including permissions in case we make an error.

sudo cp -p /etc/hosts hosts.bak

Next, we apply the patch to the hosts file as root.

sudo patch -b /etc/hosts hosts.patch

Finally, we need to refresh the DNS cache to reflect the changes.

sudo killall -HUP mDNSResponder && echo macOS DNS Cache Reset

If you find something is wrong with your host or your soul, you can revert the change.

sudo cp -p ~/Downloads/hosts.bak /etc/hosts

… and then re-execute the DNS cache refresh command just above.

For Windows hosts, download the hosts.zip file from the above link. It includes a batch file to automate the process.

For GNU/Linux, BSD, and Unix hosts something similar to the macOS instructions will work for you.

Ethics, &t.

Many will argue that this type of system-wide ad blocking is unethical up to and including theft. This is a valid argument. However, I do subscribe to the sites and services I value the most, such as the New York Times & Japan Times for home delivery(!), magazines like the Atlantic, and websites like the Brooks Review.

There are security risks, privacy concerns, and system performance issues that are equally valid. And some ads (auto-playing videos, anyone?) consume an inordinate amount of bandwidth at additional cost to me when I am on a metered network. These tip the scales toward blocking, in my humble opinion.

Once ad networks and the sites that use them prove their commitment to effective security practices, exhibit proper security hygiene, and respect users’ privacy by default I will reconsider my approach.

Please feel free to comment constructively. Don’t be evil.

Also on:

From BoingBoing.net:

So please #DeleteFacebook, but then remember that your ISP is the original creeper, and your Congressjerk is probably in their pocket, and make that a midterm election issue. We can’t win all the really important fights — climate, racial justice, sexual and gender justice, inequality — without an internet to organize with, so we must take the net back to secure those other victories.

Setting aside the name calling, this is definitely true in the US. I’m not sure about other countries.

From motherboard.vice.com …

All the encryption in the world is not going to help if someone can read over your shoulder

https://motherboard.vice.com/en_us/article/8xvwmz/carles-puigdemont-catalan-independence-signal-messages-opsec-fail

Using a secure messaging app to communicate with your political allies is a great idea in this day and age, where government hackers actively try to break into the email accounts of high-profile politicians and staffers in order to plaster them online. But all the unbreakable encryption in the world isn’t going to save you if you read the supposedly secret messages in front of a camera.

Sometimes you can’t make this stuff up.

I’m in the process of reevaluating my news feeds. The method is much the same as evaluating Cyber Security threat intelligence feeds. Is it:

  • Timely?
  • Accurate?
  • Actionable?
  • Updated?
  • Adding value?

I categorize my information intake in several ways:

  • News
  • Analysis, Editorial & Opinion (most blogs, podcasts, and personal social media feeds)
  • Technical
  • Press releases

With all of this, I find myself overwhelmed with data. Much is redundant and not adding value. Some adds value but isn’t timely. Some opinion is fopped of as news. Branded content permeates.

What sources do you use? How to you consume them? How do you value them?

I am a big fan of planning for “the Big Dark”, where the power is out for more than 3 days. Analog systems, like printed and hand-written records, will be more useful. 

Remember: Emergency preparedness isn’t only for you. it is also so others can contact you when something bad happens to them.

There are drawbacks, mostly around family dynamics this article assumes are moot when emergencies happen.

Note: These are my recommendations. Your mileage may vary. I look forward to constructive input on how best to prepare in the digital age.

Keep an off-line list of emergency info & numbers with you

There was a time where people either knew important numbers and information or carried a address book – a printed out, dead tree address book – and a much of change to use a pay phone (remember those?) to call people. We need to embrace at least a subset of that.

Your health insurance information should be in here. Insurance providers, policy information, doctors information, and maybe prescriptions information should be included.

In certain countries you may need your ID number as well (though US residents should NOT carry their Social Security card or number).

How about this: keep the numbers of your family and close friends in case your phone dies. I could not call anyone except my children if my phone failed, and they don’t often answer their phones – especially from an unknown caller.

As I’m living in a foreign country I carry a card or two that I can use to get me home. In case you’re traveling, disoriented, or inebriated having a card or two to help you get home can be a life saver.

Carry a bit of cash with you, too, in your wallet.

Keep an off-line list of emergency info & numbers at home

This should be a superset of what you carry with you. Your actual cards and birth certificates and stuff (if they are not in a safe deposit box already) should be in a ready-to-carry locked fireproof box in case of emergency. Bank account information, other financial records, and whatever else needed to rebuild after a disaster should be in here.

Throw some currency in the box, too. While it is in there it isn’t working for you, gaining interest or buying food. But if the power goes out no credit or debit card will help. Having cash will help.

[iOS] Enable Emergency Bypass in iOS 10:

I’ve used the Do Not Disturb feature in iOS since it was introduced. This feature allows you to set “quiet times” when your device won’t alert you with notifications, including phone calls and text messages. It can be activated manually or set to activate at recurring times. I have my set to activate from 10:00 p.m. – 6:00 a.m. each day, mainly to avoid “wrong number” calls at all hours of the night.

You have always been able to set a specific group of people you want to exclude from the Do Not Disturb settings. This can be a group you designate in your Contacts or your iPhone’s Favorites list. For years I’ve created a contacts group called “VIP” that I had excluded from Do Not Disturb that included family and a few close friends and other important numbers. While this is handy, it may not cover everyone you want to be able to reach you in the event of an urgent matter. With iOS 10, you have more granular control and can now set contacts on an individual basis to bypass the Do Not Disturb Settings.

To activate the feature select the contact card you want to exclude, edit the contact and select ringtone. At the top of the ringtone menu you’ll now see a toggle for “Emergency Bypass”.

… This is a segment of an article that first appeared in the November Issue of ScreencastsOnline Monthly Magazine. ScreenCastsOnline monthly magazine is packed with hints, tips, articles and links to streamable versions of ScreenCastsOnline tutorials and delivered monthly on the iPad. You can find out more at https://www.screencastsonline.com/membership_benefits/

(Via KatieFloyd.me)

I am not sure if Android offers a similar feature.

[Android] Use Google’s Trusted Contacts App

Trusted Contacts runs on top of a pretty simple concept, with the tap of a button an approved list of people can request your location from wherever they may be. Users will need to manually approve who can request their location, and once a request is sent, the user will have 5 minutes to approve or decline the request before the app automatically approves and sends it.

This app takes things up a notch as well by adding offline support, in a sense. If a user heads outside of active cell service and internet access, the app will report the last known location for that user 5 minutes after a request is sent. Contacts can also “walk each other home,” virtually. This essentially enables one user to keep track of another user’s location as a live feed.

… Before you can share your location, though, you first have to go through the process of adding contacts to the application…

How to add contacts:

  1. Open the Trusted Contacts application
  2. If this is the first time setting up the application, Trusted Contacts will walk you through adding contacts
  3. To set up new contacts, either tap on the Add contacts button found at the bottom of the home screen or open the menu by selecting the Menu button in the upper left-hand side of the screen and tap on the Add contacts option
  4. Here you can search through the contacts on your device and select Add next to the individual to send them an invitation to be a trusted contact

(Via 9to5google.com)

i am not sure if iOS offers a similar feature.

Set up lock screen emergency information

This is a old tip but still useful.

Basically take a picture of contact information and make it your device’s lock screen. Tailor the content to provide what is needed without going overboard. Imagine you are passed out on the sidewalk and the only thing people can get to is your phone’s lock screen. What is the critical information you can provide on there that doesn’t open you up to identity theft?

I find this more useful than the login banner message most devices support. One doesn’t have to wait for the message to scroll, where almost all users put the contact email or phone number.

What else?

What other things, simple and inexpensive and effective, that folks should do?

Also on:

I’m unlikely to recommend Android devices until Google and the hardware providers get the upgrade situation under control. I might make an exception for the Nexus and Samsung devices, but as I write this I have no faith in the rest of the Android ecosystem.

As I often do, let me tell you a story to illustrate this opinion:

When I started with IBM I chose the Motorola Droid Maxx over other Android phones and Apple iPhones.

My choice wasn’t arbitrary. I did my research.

The decision of iOS versus Android wasn’t a fair fight. KitKat made it easier to be effective. Sharing data between apps was not just easier, it was POSSIBLE on Android. iOS could copy and paste, but not much else.

The Maxx offered excellent battery life (I easily get through a full day on a single charge), a decent screen, an adequate amount of storage, and a rugged build according to my research. Two other major reasons I went with it was that Motorola was a part of Google (at the time) and they listed it as on the upgrade path to Android Lollipop.

14 months later and the only thing still true is the battery life. The screen cracked easily and repeatedly with regular use, the 16GB storage barely keeps up with my minimal workload, and it quickly becomes sluggish unless I close apps and/or reboot.

As for the upgrade to Lollipop, Motorola changed tack yesterday:

We apologize that we will not be upgrading DROID Ultra/Mini/Maxx to Android Lollipop, as we had hoped. We know how important software upgrades are to our customers, and we’re very sorry that we are unable to provide the upgrade.

The Maxx is still on 4.4.2 while Marshmallow (version 6) is the release du jour on Nexus. Verizon released few updates (and they’re complicit in the upgrade mess) but not at the cadence required. I’m sure my Maxx is vulnerable to many issues long since fixed on other platforms. Corporate mandates and enforces robust mobile security, yet I only use my corporate issued phone for email, calendar, tasks, and internal instant messaging. I don’t trust the phone to do much more. I’ve removed almost all non-stock applications.

My personal phone, the older OnePlus One with the Cyanogen Android flavor at 5.1.1, sees vastly more attention than the Motorola. On the 1+1 I do my social media and podcasts and RSS feeds and whatnot, much of which is work related or adjacent.

The funny thing: I used to carry a second phone to protect me from my benevolent corporate overlords. Now my personal phone protects my clients.

iPhones receive regular updates – some better than others, but Apple updates viable phones for a long time (the iPhone 4S, anyone?). Apps have to keep up, for better or worse. Newer iOS versions addressed the data sharing issue, making Apple  devices more useful to me as productivity tools.

The moral of my story is that I’m going through the process to replace the Maxx with an iPhone, but it’s a bureaucratic mess that takes time. Now that Motorola came clean, the upgrade path theoretically eases.

What about you? What are your experiences in this space? Have you standardized on iOS or Android or Windows? Or do you struggle with the mercurial nature of the vendors and your users? What about when vendors pull the rug out from under you? Are you considering alternate platforms like Microsoft Windows Mobile and Ubuntu?

Full Disclosure: I work for IBM. IBM and Apple are partners (who would have thought that in the 80’s?). My opinions are mine alone.

Also on:

The new reality, in a post “Safe Haven” world and more specifically a world where politicians & police clamor for back doors, consists of companies moving data and data centers into certain jurisdictions.

I find the data escrow concept an interesting development:

Microsoft officials previously said that they will be operating in the second half of 2016 two new German datacenters, located in Magdeburg and Frankfurt. These datacenters, which will offer users Azure, Office 365 and Dynamics CRM Online, will offer users the option to have their data-access controlled by a trusted third party, not Microsoft. Officials said that access to customer data stored in these new datacenters would be under the control of T-Systems, a Deutsche Telekom subsidiary, that would act as a data trustee.

Source: Microsoft details more on its German datacenter data-access lockdown plan | ZDNet

Let me know your thoughts in the comments!

I don’t often agree with Mark Cuban. When I do …

Billionaire entrepreneur Mark Cuban has criticized the Securities and Exchange Commission for holding up efforts to reform decades-old email privacy laws.
In a letter to members of Congress’ judiciary committees, the startup investor accused the SEC of “bad public policy” by “continuing to lead the charge in objecting to legislation” that would reform existing legislation.
The Electronic Communications Privacy Act (ECPA), signed into law in 1986, currently allows federal agents in the majority of cases to read emails that are older than six months, without needing a warrant signed by a judge.

Source: Mark Cuban slams SEC for blocking email privacy reform effort | ZDNet

That the SEC can impact something with such broad roach outside of their jurisdiction is a topic for debate elsewhere. That Congress keeps trying to change what is arguably a bad law is encouraging.

I don’t know if Mark Cuban should be the flag bearer on this, but I’m happy for the press.

Also on: