Wednesday, 26 November 2014

Bluetooth Blues


Bluetooth technology went a long way over the course of its short lifespan. This geezer remembers the days it was a pain to set up and endure the repetitive pairings one had to go through. I also remember having to deal with external dongles and equipment that, despite all the good intentions, couldn't hold dialog with one another.
Things are different today. I use Bluetooth all the time, literally, for things such as:
  • My smartwatch talking to my smartphone,
  • My car’s hands free and music,
  • The portable Bluetooth speaker that lets me listen to decent quality music wherever I am without the need for headphones,
  • And the Bluetooth keyboard I pack my iPad in, which turns the iPad into a very effective work tool.
With this constant use of Bluetooth comes a new risk: tracking.
You might have heard about it before in the context of wifi tracking: you walk around with your smartphone’s wifi on, and as you go your way hidden wifi trackers talk to your smartphone and gather its unique wifi identifiers as well as the list of wifi networks it normally uses. The latter allows them to know where you live/work, because companies such as Google have already mapped everyone’s wifi networks; the first allows it to easily match you with previous observations so as to keep track of your location over time.
Well, the same story pretty much applies to Bluetooth. Whenever I walk about (or, for that matter, drive) with my Bluetooth devices on, I am exposed to trackers that are able to uniquely identify me and thus build a picture of me and my habits. Things are so bad that the city of New York, for example, started banning such trackers; but what about all the rest of them?
Thing is, there used to be a way around this tracking. Once upon a time, one could set their Bluetooth connection to be on while switching device settings so as not to be discoverable (note this in the above image). You could use your devices, but you can’t be tracked. Nice! But did you notice these settings are not available anymore?
In case you wonder why these settings managed to disappear, here’s the answer. The short, one word answer is: money. The longer one is that companies, companies of the likes of Apple, make a lot of money through selling products such as iBeacons to track and “guide” people around. Primarily to do so at shops, so as to allow you to spend more money. In order for Apple’s product to successfully work, Apple needs your Bluetooth device to be on and to be discoverable; lucky for Apple, it has a lot of control over whether these settings are available to users in the first place. Google, the world's largest advertising company, isn't any better.
I will therefore repeat the conclusion from a previous post: Companies such as Apple may send their overpaid CEOs to announce their commitment to privacy and how much they care for their customers, but the reality is the exact opposite. These companies are more than happy to take an active part in destroying our privacy for the sake of a dollar. Their records speak for themselves.


Image by Intel Free Press, Creative Commons (CC BY-SA 2.0) licence

Monday, 24 November 2014

Manage Thy Passwords

Let me ask you a personal question: what do your passwords look like?
Online passwords stand between your most sensitive stuff and any would be thief out there, not to mention this world’s dubious governments (pretty much all of them). A good, unique, password is pretty one’s first (and often last) line of defence.
Have a look at what a typical password of mine looks like:
5.2_=.|!!*5:~pV56a==-:~^7-K7.u

What do you think?
You might be thinking the above is rather hard to remember. You might also be thinking that if I am following my own advice regarding unique passwords, then this password would be just one of many; how the ****  does I do it, then? How do I manage to remember many such complex passwords?


The simple answer is that I don't. I use a password management tool that does all the hard work for me for me. It both creates passwords and stores them for me so I don’t have to remember much. The only password I do need to remember is my master password, the one password that unlocks my password manager for me to use.
I cannot boast using many password management tools or being able to compare them. What I can say, though, is that I have been using 1Password and I am a very happy user of 1Password. Not only does it have the ability to manage my passwords as per the above, it also lets me access them on any Internet connected computer (not that I recommend doing that on any computer), it stores other sensitive information for me (e.g., credit cards), and with the Chrome/Firefox add-ons installed it will even fill my user names and passwords for me. What can be a rather tedious process of logging in, even when one’s password is “password”, becomes a one click operation with 1Password.
The other week 1Password even went the extra mile for me. I discovered that a cloud service I had used and have presumed to have updated my password for did not really change the password. Since 1Password already had my “new” password, I thought that was the end of my use of that particular cloud service; I thought I could never login with my old password again. Then, however, I discovered that 1Password keeps a log of changes: I was able to go back in time and recover the old password.
Obviously, security is of prime concern with that information managed by 1Password. The application encrypts all of its saved data, which makes it safe for cloud storage (or as safe as anything stored on the cloud can be). The only caveat I can add is to do with Android usage: due to Android’s rather lax application sandboxing (a complex term for describing whether one application is able to access another application’s data), I would advise caution; do read this article to learn whether and how these issues apply to you.

Overall, the whole password concept is one of risk management. When weighing up whether to start using a password manager, one needs to weigh up the added benefits of being able to easily use unique and very complex passwords vs. the risk of storing the whole of one’s passwords in a single basket. I can only attest to my success with 1Password; it genuinely made my use of the Internet much more comfortable.

Added on 26/11/2014:
If you are considering the use of password managers and are contemplating which, have a go reading the papers referenced here. They bring forth further considerations to do with the security of these tools. As far as I can tell, 1Password excels in the parameters mentioned there.
I would also like to note that, at least on the Mac version, 1Password brings with it alerts regarding compromised passwords. It warns you when passwords need replacing because their related website has been compromised (and I can attest to 1Password doing a very good job keeping up to date on compromised websites). And it also warns you when you're about to let your password go through over an unencrypted connection (including cases where the page seems encrypted but the part that asks for your password isn't).


1Password image: AgileBits

Sunday, 23 November 2014

The Religious Brain

You might have even noticed I haven’t been poking at religion lately over these pages, at least not as often as I used to. Religion has acquired the status of old news, and poking at this soft target feels like laying down banana peels in front of a blind person (although I will add that pointing the “virtues” of religion to the blind is analogous to handing them a walking stick, a guide dog and a pair of perfectly functioning eyes).


Which brings me to a new argument against religion, an argument of a type I was unaware of before. To give credit where credit is due, I read it in Sam Harris’ latest book, Waking Up.
It goes like this:
We already know that it is possible to severe the connection between a person brain’s left and right hemisphere. This is a medical technique that is used to reduce the damage resulting from electrical storms in the brain so as to avoid strokes and such. We also know that when this happens, the person displays two separate consciousnesses: one of the left brain and one of the right (with the caveat that the right one lacks the ability to talk; talking is a mostly left brain affair).
Now let us imagine that the left brain’s consciousness is that of a devoted Christian but the right is a rather sceptic atheist. Is this person going to hell or not? Or did this surgical procedure of severing the brain cause the person to have two separate souls?
QED

In case you’re curious, the answer that science indicates at (disclaimer: we do not know that much about consciousness yet) is that what we perceive as consciousness is a multifaceted affair that should not be treated with religion’s blunt and archaic approaches (e.g., its concept of the soul).


Image by TZA, Creative Commons (CC BY-NC 2.0) licence

Thursday, 20 November 2014

My Next Phone

My iPhone 5 is celebrating its second birthday at my service. Although it is still doing a great job at doing whatever I want it to do and doing so well, it does feel like a kid's toy in comparison to its bigger screened mates. I will not deny it, I am craving screen size!
Apple came to my aid, this time around, supplying the iPhone 6 Plus with a 5.5" screen - the phone they should have offered years ago. Alas, they also made sure it cannot be purchased on impulse by giving it a $1130 price tag (for the 64GB version; I do not see much point in the 16GB version). Then there were the stories about the phone bending: while Apple was put in the clear by various official investigations, I think the model does have an inherent weakness just below its volume buttons. Too many otherwise objective reviewers have reported the problem for it to just be "nothing".
Then there are my recent issues with Apple and its approach to privacy (as discussed here and here). Sure, Apple talks the talk, but it doesn't walk the walk in too many ways. Given that for years now I have been an Apple over Android advocate by virtue of the extra privacy that Apple offered, this is quite a blow.
The thing is that Android did not make much of an effort to attract me in its direction. Sure, its smartphones are generally cheaper but not so much when considering total cost of ownership (as in, iPhones last longer and resell for more). Android itself, although more powerful than iOS, requires more attention and is less consistent than Apple's. Then there are the privacy issues: once installed Android apps can do pretty much whatever they want with your smartphone's data, while in the background there is always Google to sip your privacy away.



Recently, however, there came an Android phone that did two things to tilt the equation. The OnePlus One Android phone offers A class components for significantly less than the Samsungs and HTCs it competes with. By running the latest CyanogenMod version out of the box, equipped with facilities allowing the user to control what each app is allowed to access, it also negates a lot of the privacy issues that stand in the way of the Android system. [21/11/2014 update: The OnePlus One comes with a promise to receive CyanogenMod updates for two years.] Reviews (Ars Technica's here, Anandtech's here) have been quite favourable.
Not that the OnePlus is without issues. As the reviews attest, its camera is mediocre, not to mention Android camera and photography apps in general lagging severely behind iOS'. OnePlus' purchasing options are also a pain: if you want to buy one directly from OnePlus, you need to have an American address and you need to prove yourself worthy of the phone by taking active part in the company forums. I'll put it this way: they can go and **** themselves if that's what I need to do in order to give them my money.
One can get a OnePlus more conventionally, though. DWI sells them for $460 (although prices fluctuate by the day). Which brings me to think: at less than half the cost of an iPhone, the cost of converting from iOS to Android pales in comparison to the savings. Sure, the iPhone 6 Plus is a better phone; but is it $670 better? No way, Tim Cook.

So, am I buying a OnePlus? I will not deny craving one. However, as I said, the rational part of me is well aware of this being an exercise in financial irresponsibility. I bought my iPhone 5 under the assumption I will use it for three years, and given that I haven't won the lottery yet (nor could I, given my lack of participation) I should stick with that original plan.
However: in the not so unlikely event of my iPhone 5 dying one me, the OnePlus stands a good chance of coming into my life. More importantly, I consider it a fine option for punters out there contemplating which phone to get without having to bundle another mortgage into the deal.


21/11/2014 update:
Since I know I'm going to be quoted on this post, I would like to add that in my humble opinion iOS still offers significantly superior privacy facilities to the OnePlus. It is still my preferred mobile option; the question is just how much more one is willing to pay extra for that superiority (and, obviously, for the other advantages and disadvantages bundled with it).


Image copyrights: OnePlus

Tuesday, 18 November 2014

Left Foot Forward, Right Foot Back


iOS 8 was released with much fanfare just a couple of months ago. Apple’s CEO, Tim Cook, went on to elaborate on his company’s stand on the side of the privacy of its users. It was an interesting and, in my opinion, a good angle to sell one’s gadgets with; but it was also forced upon him by the recent hijacking of celebrity nude photos from Apple’s own backyard. Then we started hearing the FBI complaining that iOS 8’s fully encrypted smartphones, and the equivalents that Google had promised to deliver, would spell disaster for society as we know it through the freedom they provide.
All this raises questions: between all the hype and the self interest, where are we really with iOS 8 and – for that matter – OS X Yosemite, the latest version of the Mac’s operating system that was released along similar time lines? Have the privacy wars just been won by the users, or are iOS 8 and Yosemite much of the same?
Let’s start by looking at what we know. I will start with the positives.

iOS 8 seems to deliver on one big major promise: it is the first smartphone whose data is owned by its owner by default. In more complicated words, it encrypts its entire contents with a key that is based on the passcode determined by the user. With no one else having knowledge of this passcode, not even Apple, no one can grab hold of the information stored on the smartphone without resorting into hacking. This may not sound like much, but it is a big deal given the wealth of information people store on their phones nowadays.
So far so good; now, let’s look at the negatives.

It only took a few days after iOS 8 was released for us to hear that one of Apple’s major promises in the area of privacy, the ability to evade wifi tracking, was nothing but a blatant lie. Once Apple’s implementation was examined it was found to be, at least by this self proclaimed expert’s opinion, a bad case of bullshit spin.
Along came the Yosemite release to add fuel to the fire. First we heard complaints that, by default, Spotlight searches on one’s Mac now call on the Internet without users being alerted to the fact. Then we heard worse news: we heard that applications saved their data to Apple’s iCloud automatically and intermittently, as in not necessarily when the users click on the “Save” button. The catch here is that users often keep shorthand notes of deeply private stuff as temporary notes that, at best, they would save locally only (on their encrypted by default hard drives). Now, however, Apple will save this information by default to its iCloud services. And thanks to Mr Edward Snowden we know what happens next: the NSA drinks up all the information up there, courtesy of its PRISM program.
As mentioned in my previous post, Yosemite does other nasty things. Things like calling home to Apple to inform it of every search you do in Safari. This one isn’t even an opt out feature, like the automatic iCloud saves; this one is a feature users cannot get away from as long as they use Safari.
[19/11/2014 update: It occurred to me I neglected to mention finding out that under Yosemite, Apple collects the email addresses used in its Mail OS X application, too.]
Learning about the way iCloud behaves under Yosemite made me pay attention to how it behaves under iOS 8. A few paragraphs earlier I mentioned that under iOS 8, your iGadget’s data is safely yours; however, there is an exception to the rule: the data on your gadget is safe, but the date you save on iCloud isn’t. It’s open season to the NSA’s PRISM. And there’s a good chance that, like me, you back your iGadget to iCloud, because – hey – who wants to lose their data?
The catch is that I do not want all my data backed up. If, for example, I have an app for PGP encrypted emails on my iPhone, I do not want my encryption keys to be backed up on iCloud under the NSA’s watchful eye. Apple gives me the option of cancelling this app’s iCloud backup, but only after it was already backed up to iCloud the first time around. By then it was too late for yours truly.

Now that we’ve seen the evidence at hand, what do I make of it all?
Apple should be commended for pioneering the fully encrypted smartphone. However, there are many light years between having that and having a truly secure smartphone: As The Intercept has informed us, there are companies earning their bread by hacking into smartphones to strip their data away. As learnt from recent competitions, it is not all that hard for a hacker worthy of their title to break into the world’s most popular smartphones. Given this knowledge, we can rest assured that when the FBI is crying foul at Apple’s encryption it is simply lying; for an organisation such as the FBI, the question of “can we hack our way into an iOS 8 iPhone” is not a yes/no question but rather a “which of the hundred possible methods for hacking an iPhone are we going to use today?”
The key difference is not in the FBI’s ability to penetrate the device but on the legality of doing so. Whereas before they could slide the phone under the table and ask Apple to do so for them without anybody in the world knowing it, actively hacking into a smartphone carries legal repercussions with it. iOS 8 did not prevent the FBI from hacking into devices; it just forced the FBI to answer to the law while doing so.
All the while, as the FBI is crying foul, the NSA is sucking Apple users’ information away like there’s no tomorrow through iCloud. They don’t even need to make an effort; cloud technology ensures our information is uploaded directly to the NSA servers, thank you very much.

In conclusion, let us go back to Tim Cook’s declarations on Apple and its stand for the privacy of its users. I will call bullshit on those. Sure, Apple made sure that if one iPhone is stolen, there won’t be much the average thief would be able to do with it. However, as far as protecting its users from Big Brother, both in the shape of the governments tracking our every move as well as in the shape of commercial interests wishing to make a buck of the things we hold private?
Through misleading its users with its spin, Apple took us a step backwards.


Image by Mike Lau, Creative Commons (CC BY-NC-SA 2.0) licence

Thursday, 13 November 2014

The Ominous Omnibox


If we were to take the clock back to 2008, when the Google Chrome browser was first announced and released, you may be able to recall one of this browser’s main attractions was the omnibox. Compared with Firefox, the then “browser to use”, it was a nice breakthrough in the field of usability: instead of having one box to type your URL and another to run web searches from, you can now do it all in one box. Why didn’t they think about that before?
Six years later, one cannot avoid noting Firefox still hasn’t figured this out. Mozilla still equips its browser with two separate boxes at an age in which it seems everybody else has adopted the omnibox design. What gives? How come Firefox is so slow to adapt?
The reason for Firefox’ conservatism, if you will, becomes clear once one understands the potential ways in which the omnibox may be abused. At its worst, with Google set as the default search engine, the omnibox will send everything you put in it to Google. Whether you typed a URL or actually did type something for Google to search for, Google will gladly collect all the info you put in the omnibox. Firefox therefore chose to keep two separate boxes in order to signify that this data collection does not happen under its watch. In plain words, Firefox offers a better (but, it has to be said, still compromised) starting point for privacy than Chrome.
There are ways for disabling the omnibox’ damage, my favourite being replacing Google with DuckDuckGo as the default search engine. Unlike that dominant monopoly, the latter does not keep account of its users’ activities.

Which brings me to note the nastiest player in this field thus far. You might have heard of this company, it’s called Apple.
In the latest release of its OS X operating system (the one that runs on Macs), called Yosemite, Apple has introduced the ability to set DuckDuckGo as the default search engine for its built in browser, Safari, and its omnibox. Cool; this means one is no longer at the mercy of the commercial interests of Google, Microsoft or Yahoo.
However, Apple took things one extra step. Regardless of one’s default search engine, anything you type into Safari’s omnibox is sent to Apple. Anything, everything. The official reason is to help create better user experience, but then again isn’t that what we have been told all along from Google? Do yourself a favour and install Firefox on your Mac. You’ll live longer.

More about Apple’s latest shenanigans in the field of privacy in a future post.


Image by Varawut Prasarnkiat, Creative Commons (CC BY-NC-SA 2.0) licence

Monday, 10 November 2014

Audiobooks Revisited


The sharp eyed amongst thee might have noticed I recently published an audiobook's review. Not my best review ever; time limitations ensure that cannot be the case. The more interesting aspect of this audiobook-gate is historical: it wasn't that long ago that I published a guest post here discussing the virtues of audio books, to which I added a rather damning comment expressing my problems with the field of audio booking.
So is this ass here to inform you of another change of mind? Yes. And no.
No, because I still have reservations about audio books. I still do not think I can concentrate enough to derive as much satisfaction out of the format compared to old style reading of the same material. But yes, because not all books deserve that high a level of concentration. Or rather, what if I could use some previously unused time to "read" an audiobook? Better than not reading at all, innit?
Perhaps more interesting, in my view, is the question of why I happened to change my mind at this point in time. To that I will offer a three part answer:
  • First, I have found an audio book worth my time and attention. It's the one I have reviewed.
  • Second, I realised I now have the technology to listen to audio books. That is, I am now the owner of headphones capable of secluding me from the outside world while also generating highly intelligible sounds. Prior to that I tended to own open headphones that were useless for listening at venues such as a crowded street or a train.
  • And third, it occurred to me that my daily commute to work includes significant walking. Pretty much the only thing I can afford to do while walking is listening, so I might as well use this time for audio books from time to time.
Thus you will now find me conducting research so as to find which genres work best with the audiobook format.


Image by Nicola Einarson, Creative Commons (CC BY-SA 2.0) licence

Friday, 7 November 2014

Exhausted

I’ve been trying to analyse why I’ve been having more and longer lasting colds this year in particular. Obviously, there are some crafty viruses out there to blame, but I think I could also point a finger at exhaustion. Or rather, the fatigue that comes with trying to toggle full time work + full time parenthood + having a shred of a life. Just to give you an indication how serious this problem is: I received my copy of Shadow of Mordor almost a week ago, and still haven’t finished the tutorial!


Lately, a lot of the spare time I don’t have has been allocated to officially complaining. As we stand, I have three open complaints raised with Australian bodies. One is dealing with Australia Post’s ongoing mischiefs, another with a medical practitioner’s, and the third with PayPal deciding to take ownership of stuff that’s not theirs.
Each of those requires me collecting all the relevant information, finding out the right avenue to complain through, and phrasing my complaint as per the expectation of the responsible government body’s expectations. Yes, each of these have their own uniquely weird collection of PDFs and online forms to hurdle through. After all this effort, the government bodies step aside and "let" me discuss things directly with the organisations I'm complaining against (yet again, because it's the failure of such discussions that got me to raise official complaints in the first place). Then there’s dealing with the feedback from the organisations I’m been complaining against: at least two out of the three seem to specialise in providing lengthy feedback that completely ignores my arguments. Which sets the wheels rolling yet again for additional rounds.
Complaining is hard and time consuming. No wonder the average Aussie is so indifferent to the world around them; it’s damn hard to take the right action.

In an attempt to finish this post on a positive note, I will list some of the books I have purchased recently but am yet to get to. Knowing that these books that were written by my favourite authors are politely waiting for me on my iPad the minute I can spare some time offers much consolation.
So here they are, in the order they have been purchased. Remember, these are only the top of my pending reading list:
  1. Lock In – John Scalzi
  2. Waking Up - Sam Harris
  3. The Prophecy Con - Patrick Weekes
  4. The Doubt Factory - Paolo Bacigalupi


Image by Adrian Sampson, Creative Commons (CC BY 2.0) licence

Tuesday, 4 November 2014

In His White Room

A bit more than a week later I learned that my favourite bass player, and one of the musicians most influential when it comes to the establishment of my taste in music, has died.
I actually saw Jack Bruce live in early nineties Israel, at a strange live show which I have attended under rather strange circumstances. Bruce seemed like he didn't really want to be there. Luckily, he sure seemed as if he's having a good time in the 2005 Cream reunion whose video I can watch again and again.
Although he's the person behind some big hits like Sunshine of Your Love (and its luring basic beat), my favourite piece of Jack Bruce music is actually in a piece credited to Cozy Powell; he "just" plays bass (and contributes a Cream theme at the end). A few decades back, this song used to serve as the theme for Israel Reshet Gimel radio's equivalent of Top of the Pops:


Rest in peace, Jack Bruce.