Sunday, 12 August 2018

Top Crab reminder

Just a reminder that over at Crab Juice, my reviews blog, I recently picked my favourites of the year (for the 12th time!).
Click the link to see what my favourite movie, video game, podcast and others are.

Monday, 6 August 2018

Follow the Apps

Most people take mobile apps for granted and never stop to consider the implications of using them. Well, there are implications, and privacy is one of them: when you use an app, you are - effectively - giving up on your ability to know what this app is doing on your behalf.
One very common thing for apps to do is to share your information with various players who make their money by collecting and harvesting our information. I’m talking Google, I’m talking Facebook, but I’m also talking about thousands of other companies most people have never heard of who make billions by selling our data. And, almost exclusively, they do so behind our backs (because we wouldn’t let them do it if we were aware of what was really going on).

There are ways for one to check on one’s apps.
One free and all conquering tool is Wireshark. You set it up on a computer in your network and it will tell you of everything going in and out; you can then examine it to see, in detail, what goes in and out of your phone when you use certain apps. The problem, however, is that for the laymen it can be pretty hard to identify the relevant from the irrelevant. Or, for that matter, it could be pretty hard to set Wireshark up in the first place.
Another way to check what’s going on in your internet connection is to use deep pocket inspection facilities available on some routers and switching equipment, particularly the more professional ones. For the purpose of the current discussion, I will assume this is either unavailable or is too technically demanding.
The easier and accessible for all way to see what apps are doing is to use a proxy app on your mobile device. When it’s running, all outgoing network traffic will go through that proxy app, and if it is designed for that purpose then it will allow you to peek into that outgoing traffic: where it is going, how much of it is going, and what is it that is going (as in, the actual contents). With regards to the contents, things are getting harder to assess given most apps use encryption (a much welcomed positive!), but the metadata at one's disposal is usually sufficient to make some educated assessments. For example, you can tell if an app of yours is uploading your photos to an online server.
My proxy app of choice for iOS is called Charles Proxy. I can attest that aside of having a lovely name and a lovely icon, it delivers when it comes to overseeing one’s apps.
Regardless of tool, the first thing you will see when examining traffic going in and out of an iOS device is just how often your phone calls home to Apple (and I assume the situation is very similar with Android phones calling Google home). It’s all encrypted, so you can’t tell what it is, exactly, but it does looks like Apple keeps track of opened and closed apps (probably for the purpose of assessing app popularity and such). The problem is, it’s all done behind closed doors so one cannot really tell what’s going on; regardless, we should all be aware of the fact our phones report a lot of stuff about us to the powers that be. It is something we all need to be aware of when we use our phones: you are not alone; someone is watching behind your back.
For now I will note that, given I ran my tests below on iOS, I have ignored mentioning whether apps call on an Apple service. It comes down to the fact that if you are using an Apple phone, you cannot hide from Apple. The same applies to Google and Android phones; Apple and Google’s surveillance is only limited by how far they are willing to go. In Apple’s case, it claims to be quite pro privacy (e.g., it offers navigation facilities using Apple Maps that don’t record where you are) yet it lacks in transparency. Google’s case is vastly different, with the company making its money out of its users’ data, causing it to often cross what’s acceptable (examples include tracking users’ location using cell tower data even when the user disables location services; there’s plenty more). I will put it this way, there are very good reasons why I happily pay Apple the inflated prices it charges for its devices.

Once you do start looking into apps’ behaviour, you’d be able to detect a pattern. Apps tend to come in one of the following flavours:
1. Apps that work just fine without calling any external party or any user tracking.
2. Apps that call home to Google.
3. Apps that call home to Facebook.
4. Apps that call home to a slew of other trackers, advertisers, and data harvesters.
I will note the above order of app escalation is not random. That is to say, apps that call Facebook seem to unanimously call Google, too. Similarly, apps that call on “other” trackers will not leave Google or Facebook behind.
It’s worth mentioning there are legitimate reasons for apps to call on the external resources of companies such as Google and Amazon. For example, Signal, one of the most secure and private messaging app out there, uses Amazon’s services. Similarly, there are apps that use Google’s storage facilities. However, part of the Google “contract”, if you will, says that they provide services in return for tracking. Similarly, Amazon Web Services is the engine that runs a lot of our internets, but Amazon is also a retail company running pretty sophisticated operations in the tracking and data harvesting department.

To demonstrate my point regarding apps and the tracking they come bundled with, I will point out real life examples for apps that behave differently to one another when it comes to respecting their users’ privacy. Obviously, there are a lot of apps to go through (in the millions!), but for now I will stick with three popular use cases of mine.

Camera apps:
Halide: Doesn’t call anyone.
Camera+ for iPad: Doesn’t call anyone (but do note there is a newer iteration of that app).

Photo editing apps:
Darkroom: Calls the dev’s home, a couple of analytics tools (Heap Analytics, HockeyApp), Apple’s iCloud (probably because that’s where my photos are stored).
Affinity: Calls the dev’s home and Amazon’s AWS.
Enlight: Calls Google, Facebook, and numerous others. Guess that's one app that quickly gets deleted off my phone.

Video playback apps:
VLC: As can be expected (?) from an app of such noble origins, VLC doesn’t call anyone.
Infuse: Doesn’t call anyone, but I will note I am using the old Pro version 4.
PlayerXtreme: Despite me paying for the premium app (there is also a free version), the app calls Google, Facebook, and numerous other trackers. It’s hard to tell what it is, exactly, that is shared; however, since I am not sure I would like to share what videos I watch with such entities, I’d rather stick with the likes of VLC.

PDF annotation apps: (I will add I grouped here several apps offering significantly different, yet overlapping, functionality)
GoodReader: As per its own statements, GoodReader does not share your information.
Notability: While this app offers superior annotation facilities (e.g., OCR, Apple Pencil support), it does calls home to Google.
GoodNotes: Very similar to Notability in form and function (though it had OCR years earlier), GoodNotes calls home to both Google and Facebook.
LiquidText: This otherwise incredible app for studying texts is also quite productive in the tracking department. It calls home to liquidtext.net looking for something called ad-pack.zip (does the name tell us all we need to know here?). It also calls Facebook and various analytics/trackers like Apptentive, Crashlytics, and AppsFlyer.

I will add I find the above findings odd. In the case of Halide I actually communicated with the devs, who told me their apps don’t send anything, but then again my device clearly shows some [yet little] mobile data use by the app. It could have been a one off or a bug.
In the case of Camera+, I distinctly remember the iPhone version calling home with each use. Perhaps the iPad version is different, or maybe they changed their approach.
I guess my point is, if you see an app sending your information away then you know it does it; if you don’t, that does not preclude the app from sending information away at some later point in time. That said, I highly recommend Halide as my favourite camera app on the iPhone, and I think it is clear the developer has all the right intentions.

You might have noticed I did not include games in this survey. Which is rather odd, given games are known to be some of the worst offenders when it comes to tracking users. Especially the free ones, some of which are pretty blatant platforms for not much more than tracking their users.
My answer there is rather simple: Sure, there are plenty of ethical games out there that do not track their users. Regardless, given that the bulk of games do not need the internet to run (I will add: given the better games do not need the internet to run), the easiest way of dealing with their user tracking is to simply go offline when playing them.
Sometimes, the crude “old style” solution is the best solution.

Yet another solution for bypassing the tracking imposed on users by apps is to use a good old browser instead. That is, instead of using an app to perform an action (say, buying an item on eBay), go to the eBay website and perform the exact same action.
The reason for choosing the browser over the app is simple: on a browser, you can take control over who can track you or not by using ad blockers and numerous other tools that are widely available out there. On a desktop browser you can install add-ons such as uBlock Origin (ad blocker), Ghostery and Privacy Badger (tracker blockers that utilise different approaches to the blocking).
On iOS Safari, on the other hand, you can utilise ad blockers such as Firefox Focus, AdBlock, or one of the flavours available from Disconnect. The Firefox iOS browser itself comes with ad blocking built in, to various degrees, but it is not on by default. Then there is my favourite iOS browser, Brave, which comes with idiot proof tracker blocking built in and even offers script blocking for the more advanced user. Indeed, Brave has become my go to recommendation whenever the layman asks me for the easiest way to avoid tracking; it is, literally, idiot proof.
Sure, nothing here can completely solve the tracking problem, but this approach lets us, users, take some initiative.

If there is a way for me to summarise this post, it will be by stating that, the way things currently are, there is no way for a user to know whether or not certain apps come with user tracking or not without (a) paying for them first, and (b) testing them yourself while, at the same time, letting the harvesters harvest by virtue of your testing. Given the above examples, it is clear I would have never bought certain apps given the availability of others that do the same (more or less) but come without that extra burden of user tracking.
With the caveat of never knowing for sure before you actually bought the app, I will add there are certain indicators that can help. Some apps “smell” right while others don’t. Take VLC as an example: it’s open source, it’s a free download and has been for eternity, and therefore I wasn’t surprised to learn it doesn’t try to track me.
In contrast, all the apps that make a living through advertising are clearly prime time suspects, if only because of the fact those same advertising companies whose contents they show are also (usually) data trackers/harvesters. Clearly, this makes paid apps less likely to use trackers than free apps (with the notable exception of the ideologically driven apps, of the likes of VLC and Signal). It’s probably worth noting that trackers do not stop tracking even after you pay the extra fee to remove the adds, as is often an option.
Bottom line, probably the most effective way of assessing whether an app will exploit you for your data’s worth or not - other than paying and testing the app for yourself - is to try and figure out how, exactly, is the app developer planning to finance their operation. In most cases, us users can tell that in advance; sure, it takes time and effort to do this research, but on the other hand it is always worthwhile to ensure you’re installing quality stuff on your devices in the first place. For the same reasons you don’t pick garbage from the street to put in your house, don’t do it with any odd garbage you find at your nearest App or Play Store.
One last thing: If you do stumble upon an ethical developer that does the right thing, do support them! Give them some of your money, because they deserve it. And try to point to your friends and colleagues the virtues of those developers. The biggest problem a developer faces is obscurity, and if we can help the good guys with that then we are actively improving the world we live in.

Monday, 28 May 2018

Now broadcasting in HTTPS

You might have noticed this blog and my other blog are now using secure HTTPS connections (as opposed to the so previous decade HTTP). Then again, you might have not, given how rarely I’m posting anything these days.
Still, it’s good to know you are more securely accessing my blogs nowadays.

I would like to add a short clarification to explain what you gain and what you do not gain by using an encrypted HTTPS connection as opposed to the open communication of HTTP.
Essentially, when using a well implemented HTTPS connection (in this case, as it is organised by Google, we can safely assume it is), you’re making it way harder for third parties (that is, everybody other than you and the site[s] you’re connecting to) to know what it is that you’re doing at the site.
However, you do not gain anonymity through the use of an encrypted connection. That is to do with many factors. For example, your internet provider has the ability to know who your first port of call is by virtue of providing you with that access. The main point, however, is that most of the rest of the world can tell, too, if they really want, by virtue of the mechanism with which your computer finds the location of the website you are after. That mechanism is called DNS (which stands for Domain Name System, in case you cared), which acts like a the phone book of websites: you want to go somewhere, say, to Google in order to run a search? Your computer will head to the DNS directory assigned to it in order to find out where this Google thing that you are after is. And the problem, on the anonymity side of things, is that those DNS queries are (but for a tiny few exceptions) always done in the open and without encryption.
And the lesson is: an HTTPS connection is likely to improve your security, but that by itself may not have benefits for your privacy.

Monday, 30 April 2018

Employable We

Questions about the way we tend to unquestionably accept society’s assumptions regarding work trouble me on a regular basis. As I have stated before, I consider the 8 hour working day my biggest enemy [at this stage of life, when health is not yet an issue]. Simply put, I fail to understand why at this, humanity’s most affluent time ever, the majority of us are still working for such a large portion of our lives. Worst, I question why those of us that are no longer able to participate in the work game get treated like scum (pay a visit to an old people’s place near you for a demonstration of what I am talking about; or just pay attention to the way the unemployed or the homeless are being treated by our government).
All these questions were amplified by the ABC’s recent reality TV series Employable Me. The series, in case you’ve missed it, follows a series of people with various neuro-diverse conditions (usually young, usually autistic) as they search for a job and as they keep bumping into solid brick walls while searching for a job.
Although Employable Me suffers from the regular fallacies of reality TV, there are a lot of repeated motifs in the stories it depicts that we should probably pay attention to. For example, one by one our challenged job seekers are telling us how bad their school years have been, and how they were the favourite prey of their schools’ bullies. Why we continue accepting that, and why society fails all autistic people to such a degree as to traumatise them for the rest of their lives (while glossing over the fact) is beyond me.
For now, I would like to focus on the jobs/work side of the equation, rather than the deficiencies of our education system. Basically, I want to ask - why is it so important for these kids to find a job in the first place, especially given all the other problems their lives are forcing them to deal with?
Oh, I hear you say, the answer is very simple. They need money, and the easiest way for a person to make the money they need for a living is to work for it. As in, a person - most persons - writes off a huge chunk of hours from their lives in order to “make a living”.
It’s not just that, though, is it? I do not question the need to have money to live with; that is a much bigger matter than the one I am eluding to here. What I am pointing a finger it is the fact none of us regards work as simply a means to an end, a tool with which we can get a roof above our heads, dinner on our plates, and a smartphone in our pocket. Fact of the matter is, we derive a large part of our identity through the work we do.
I will put it this way: when someone asks you “what do you do?”, you do not answer with an “I’m a sleeper, I sleep 7.5 hours a day”, “I’m a runner, I run 10km three times a week”, or “I’m a reader, I read science fiction books”. Your answer will almost always be a rather flattering description of the paid work you do for a living.
Noticed that expression, “for a living”, as if your life has little meaning on its own without that work that you do? I refuse to take the company line on this one; I am not defined by what I do in order to acquire money. I am many things: I am a parent, I am a person who likes to tinker with computers and gadgets, I am a person who likes spicy food, I am a hummus aficionado, and yes, unlike most of the rest of us I also spend a significant portion of my life engaged in activities I do not necessarily love and would have otherwise preferred to avoid and play the latest video game instead if I could but I can’t.
I bet you are more than your job. I also bet the vast majority of the people of this world, engaged as they are in mundane, boring, and often unhealthy jobs would agree with me on this one.

As a “further reading” point, I would like to add that acquiring our identity from the job we do for money is dangerous in other respects. Take, for example, the good old perception that it is the father of the family that is supposed to be its main bread winner. For better or worst (clearly worst), this is the standard society still goes by; it is for this reason that single mothers are generally treated with utter contempt by the authorities.
Now, consider a male “father” who has lost his job and is thus reliant on the income made by his female partner: Consider the mental harm that failing to live up to the stereotype by which the rest of society judges him can have on that person in addition to the fact he is out of a job and is therefore likely to endure financial hardship

Thursday, 26 April 2018

Times Are Tough

Just wanted to apologise for the lack of posting, and leave you with a relevant material to study in the mean time:

Saturday, 3 March 2018

Modern Reading

It is no secret the general reading habits of the well read have changed over this past decades or so. I do not count myself a well read person, but I recall the likes of Sam Harris noting how the frequency of finishing books went down over the past few years and how the task of reading a thick book seems way more daunting than it used to be just a few years back.
And I agree. On one hand I am reading more than I ever had, but on the other the number of books I have been reading has been decreasing from the paltry to the shameful. It’s actually quite a simple equation: between my RSS feeds (yes, I’m old style, I use RSS rather than social media to drive my feeds; I get to choose what comes in, rather than a commercially interested algorithm) and my podcast listening, I get to spend the bulk of my leisure time reading short articles and the bulk of my non leisure commute time listening to stuff of, frankly, not too dissimilar a nature.
Whatever time is left for books is rather minimal. More interestingly, the books I choose to pick and read in the first place are usually books that I have read about in my feed or books I have heard about in those podcasts that I listen to. Not surprisingly, given the nature of my feeds and my favourite podcasts, these tend to narrow on the non fiction category.
Yet there is much amiss here. I noticed, for example, how reading those non fiction books cover to cover does not tend to enlighten me significantly more than that article I already read or that podcast I’ve listened to already did. Given how valuable my book reading time has become, and given the value I still credit book reading with (despite my actions saying the contrary), I concluded it’s time to change.
So I’m thinking of an overhaul. Instead of focusing my book reading on the non fiction department, I will leave non fiction [mostly] to articles and podcasts and focus my book reading on fiction instead. To kick this off, I am looking at some of the books I loved the most as a child: we are talking science fiction books, mostly, but also fantasy, from an era when books did not have to weigh a ton and a book did not have to be a part of a trilogy. I’m hoping this would let me over the ditch I find myself stuck in with contemporary science fiction.
We’ll see how it goes. Preliminary reports indicate that a great book can work wonders on my mojo, but a meh book can work the same way - albeit in the opposite direction.

Monday, 5 February 2018

A Tale of Headphones

When asked, I openly admit to keeping my distance from fellow Israelis. Unlike other Israelis I know in Australia, who lead a life identical to that they had in Israel in everything but the physical location copied many thousands of kilometres across, I shy from the Israeli.
It has been very hard for me to explain why, though. However, the following story might shed some light. It does not offer an explicit explanation, but it does say most of what there is for me to say on the matter. I call it: a tale of headphones.

Last time I left Israel from a family visit on my way back home, I sat on board an El Al 747 jet. I wore my wired Bose QC25 headphones, which I greatly admired for their noise cancellation (on which I counted for the long flights ahead) and comfort, but generally disliked for their sound quality (admittedly not the biggest of problems in the noisy environment that is the inside of an old jet crowded with Israelis). All of this took place shortly after Bose had announced their then latest model, the QC35 headphones, which were essentially the same headphones with slightly better noise cancellation and - the Crown Jewels - wireless operation via Bluetooth.
Anyway.
As the plane was getting ready to take off, a guy I never saw before and will almost certainly never see again walked across the aisle and stopped by my seat. I looked up to see him staring at me, and took my headphones off so I could hear what he was trying to say to me.
“Oh, best headphones in the world. For wired headphones”, he said in Hebrew.
And he walked away.