Posts by doublelayer

Re: But..

How is it any different? Well, they're too different bad things. Facebook's collection is unwarranted and should be illegal everywhere. There's a good case that it is illegal in some places based on how the GDPR specifies they're supposed to do this stuff, but that hasn't yet been tested. Elsewhere, it's legal though extremely odious. NSO's is clearly illegal everywhere, and there is no openness about what they're doing, which we at least have a little bit for Facebook. They both deserve to be fixed. Ideally, my schedule would look like this:

May 2020: NSO finally brought into court.

June 2020: NSO found guilty, made to pay a heavy bill.

July 2020: NSO goes bankrupt.

August 2020: Facebook simultaneously pursued with legal action by those who never agreed to data collection and by data protection authorities.

September 2020: Fines build up to catastrophic levels for Facebook.

October 2020: Facebook files for restructuring bankruptcy.

November 2020: Judge rules against petition to restructure because of illegal activity.

December 2020: Facebook starts dissolution bankruptcy process.

Unfortunately, the legal process doesn't go that fast. I can still hope, can't I?

Re: This is more than a little disturbing...

Xiaomi has some positives and some negatives. Among their negatives are that their variant often comes with a lot of bloatware and has advertising throughout most of the included apps. This tracking would be another one to add to that list, and it wouldn't surprise me all that much that one of the bloatware apps they installed is doing it. I usually consider Xiaomi because I'm planning to put Lineage OS on it, rather than for the included software.

Re: Missing the point

I'm afraid your comment misses the point more than does the article, and although your comments lead to the same conclusion, they're well off the mark on how each step got there.

"ICANN org is strictly constrained. The ICANN community would cry bloody murder if it tried to make policy."

The community was informed because that was required, and the community immediately cried bloody murder. ICANN tried to ignore it, then rationalize it, then downplay it. Even though that didn't work, they soon hid any further comment from the public to try to keep the yelling down. And they eventually released the required document to move the approval process along. You will please note that community pressure against the sale started strongly right at the beginning of this fiasco, and yet ICANN only stopped when under legal pressure.

And yet, you say "In this case, it listened to the community.". No, they didn't. They didn't at all. They eventually did what the community wanted, for now, but they didn't do it because they listened to us. They tried to ignore us and they would have continued to cheerfully ignore us had we not gotten legal assistance from someone outside the community.

Your comments about ISOC, though, are completely accurate. They also deserve to be under a blade that neatly sheers off the topmost layers of any organizational chart.

Re: And google/android will get the flack

I'm usually quick to jump on the bandwagon of complaining about Android's security model and the way Google has delayed any improvements, but in this case, they really can't be blamed unless they fail to find it when someone eventually pushes it to them. An app using this functionality will have at least five security warning screens. The screens can't be bypassed. The screens are very clear what is going on, with no technical language or waffling. At this point, the users have quite a lot of responsibility if they read this and click yes.

If Google lets this into the Play Store, they will have blame to take. There are other things we can attack them about for which they are completely blameworthy. In this case, there's little more they can do other than block it from their store--there is pretty much no change to Android that can cure stupid user syndrome.

Re: I splashed out on a Keyboardio, and love it

When I read this, I was quite excited as I have recently been attempting to find a keyboard that has a programmable firmware layer (as in I can write code in a complete programming language to run on it natively*). This sounded perfect. Then, I went to the site and read this:

"The default layer is where you'll find your letters and most of your standard punctuation. Tap or hold the Fun key and your Atreus will shift to the Fun (Function) layer, where you'll find numbers, arrow keys, and the rest of your symbols. From there, press the Upper key to get to the Upper layer, where you'll find media keys, F keys, and other similar stuff."

Uh, no thank you. I'm out. I want my arrows and numbers right where they were before, because I'm planning to write things like "for (int i=0; i<10; i++) {" a lot. Then, press shortcuts using the function keys to run the build scripts. The search continues.

*I want to run a complete program on a keyboard because I'd like to have it read certain series of keystrokes and pass characters along, but not on a one-to-one relationship. For example, intercepting certain strings and replacing them with characters less traditionally found on keyboards. A macro keyboard can do that, but in a less convenient manner than can one where I can upload and run Turing-complete firmware.

But that smartphone doesn't have to be a new one. You already basically had to have one for many services in the cities, so this is not really a driver of more smartphone purchases unless the battery on an old one keeps dying. Maybe it will sell more backup batteries, but probably not new phones.

Re: all they got to do now is....

Well, the Pixel is larger than the iPhone. The case is only a bit larger (14 mm longer and 3 mm wider), but for people for whom the original SE is good, that's still large. The screen is much larger because there are smaller bezels, meaning that this device has a 5.6-inch screen (142 mm) as compared to the iPhone's 4.7-inch one (119 mm). If someone desires a small phone for a small screen (for example, to use with one hand), that might be a feature. My personal requirement for smallness only concerns how small the physical device is, although this is probably as large as I could take.

In other details, there are various differences. The iPhone is water resistant, while the Pixel isn't at all. The Pixel has a headphone jack, as you've noted. The iPhone's storage can go up to 256 GB, while the Pixel's is stuck at 64 (no card slot on it). If you want to shoot video, the iPhone can record 4K at 60 FPS, while the Pixel can only do so at 30 FPS.

For nearly any user, there are probably only two of those specs they care about. It really depends which two. For me, it's basically only size that matters, so these both seem basically fine. I'll see what the market looks like when my older but smaller phone finally breaks.

Re: HP printers

There might be, but if I had a printer, I wouldn't trust it. I'd figure that that option would be similar to the "don't collect my location" option for Google Mobile Services (where there are several switches in different places without documentation and only one combination actually results in the requested behavior). Alternatively, it could be one that flips itself back when power fails or the cartridge is changed. It only takes one firmware update from demonstrably untrustworthy manufacturers to render a stock of cartridges useless. If I had to put it online, I'd have a Raspberry Pi attached to do that part, with the printer's own network isolated. Manufacturers, this is what your untrustworthiness does to us. Cut it out.

Re: An open letter to Google

You are correct. I don't own a Pixel. And I evidently misinterpreted part of the article. But not the part where random code was pushed to all Pixels, without an icon, for one company's devices. Do other manufacturers push their device-control apps? No, they don't. They make sure to tell their users to install those apps. It works great.

Re: end user

Well, this needs some analysis. We'll start with the easy part:

"Your original post makes no mention of NSO, only knives, nukes, and exploits/malware."

Well spotted. I was referring to spyware. The article referred to spyware too, wouldn't you know. And the group making it was NSO. The original comment in this thread was making an analogy about holding NSO responsible. My reply was making a counter-analogy to that. I figured that link was obvious, but evidently not. For clarity, the rest of this comment will be discussing NSO and the legality of its spyware.

Now, let's talk about tanks. Lots of considerations. The first one is easy: making a tank causes no damage to anybody. Operating it might, but creating one is not much different from manufacturing some other type of vehicle. Malware creation often involves finding vulnerabilities in a system through penetration, which happens to be illegal. So manufacturing a tank has no intrinsic criminal elements but manufacturing malware does. For the analogy, manufacturing nukes or nerve gases may not in themselves be dangerous activities, but they would be contrary to various laws in most nations, including, for the nerve gases, the Geneva protocols.

Now, when tanks are made for militaries, they are made at the specific request of the military, under a contract. Sometimes it's a contract from an international military and the laws permit this. This means the production of the tank can be attached for determining responsibility to the manufacturer and the military that is on the other side of the contract. If the manufacturer does something illegal that the military has the right to allow them to do, the military can essentially make that legal. NSO did not create their products under contract, and they can claim no such immunity.

Certain countries may modify the laws allowing them to create and use malware. That does not make it legal in the way you're arguing. If Israel wrote a law allowing their government to create malware, which they have done, it doesn't give NSO the permission to do so unilaterally--only places controlled by or under contract to certain parts of the Israeli government have the special permission. If Israel's government did allow NSO to make the malware under that special legislation, which they don't appear to have done, it wouldn't make it legal for them to sell it to other governments or individuals. And if Israel's laws allowed NSO to do anything they wanted including break into systems to create malware for any purpose, which is not at all the case, it would not stop those actions from being illegal in other countries such as the U.S., which they are. If I start my own country, and my laws say that I can hack into your bank account and steal all the contents, I can still be arrested should I ever leave my country, because bank theft isn't legal where you are.

Re: What's next?

While it's not word's decision to make, let's try it.

do we really need capitalization to tell words apart? even proper nouns are clear enough that it's not needed. punctuation makes a clear separation in sentence parts, so we have no need of capitalization to start them. the only problem i can see is distinguishing acronyms that someone has made use the same letters as an actual word from that word would be tricky, but since most of those acronyms involve tortured word choice, that might actually be a benefit.

Yeah, it looks weird to me too. I'm not going to do it again, but maybe we could do without capitalization.

"If only separate peripherals was a thing"

It is a thing. It's one of the things people to whom these devices appeal are trying to avoid. Extra keyboards can be convenient, but not all the time. There are obvious downsides, such as having two batteries to check and two devices to carry, but there can be other problems as well. For example, try finding a good portable bluetooth keyboard. There are many available, but they often fall into a few categories without a good middle ground. There are full-sized ones that you cannot carry with you in your jacket. There are some folding ones that are quite large for a pocket, but are usually good, but which don't fit well when unfolded in a low-space situation. Then there are tiny ones with weird key placement. If someone wants to do a lot of typing but doesn't necessarily expect to have much of a surface to place a keyboard on, it's possible none of those categories will work well for them.

Re: Let me see

The description above is no different. It still relies on storage on a phone. Now that may use a shorter passcode, relying on a phone's hardware to maintain control on how many attempts you have before an unstoppable erasure. If you trust this, there is a simple answer: get a phone, configure it for the security you can withstand, get a password manager on it, set the master key to "a". If you don't have complete trust in the phone's hardware to maintain access controls, then you remember a longer password and trust to much more provable encryption. This service does not have any more trustable security than that. It might be more convenient, but it also comes with negatives as detailed above.

Re: A Good Step

"So a Delaware corporation needs to have a "registered agent" for service of subpoenas, etc."

Great. Except we can't start sending out subpoenas, because we aren't a court. Even if they are breaking a law, we can't subpoena them. We could file complaints, but that doesn't necessarily mean anything will happen. In this situation, though, it doesn't matter about that either because we're after transparency, not enforcement of a law. The corporate subpoena-receiver has no legal duty to tell us things we want to know, such as who put the money in the bank account and who took the money out again to get an ad released. They won't tell us, and there's no requirement for them to do so. So we will get pretty much nothing from this.

Re: No surprise then

I don't think running Windows was one of their primary considerations. It was enough of one that they made Bootcamp, but they did that quite a while after making the transition. I think it was mostly about getting a faster laptop that neither ate through a battery in an hour nor caused burns, given the power requirements of the G5 PowerPC chips.

However, even if Windows was one of their primary considerations then, it doesn't necessarily mean that it is one now. There's a discussion further down about whether an iPad is similarly capable as a laptop. While I've been arguing that it isn't, my arguments have been for specific use cases. For many users, the applications they need do function at a certain level on an iPad. Most of the time, that's not because the writers have decided IOS is great and they want people to switch to it, but instead that many companies either put resources into cross-platform applications or have switched to web ones. In either case, they will probably have something that works fine on Mac OS. I bet Apple doesn't think their users care much about running Windows on their hardware, and they're probably right for quite a lot of their users. They'll be wrong about some, just as there will be some people who need an Intel-compiled binary which doesn't get emulated right or just never gets updated, but I have this feeling that Apple doesn't really care about those people.

Re: "Cops, Feds, and ISPs have been vocal opponents of the technology"

I suppose that makes sense, but you have to trust at least one group with it. No matter how far you push your own DNS setups, something has to make the queries and those queries are going to be sent through an ISP. If you set up your own resolver, then you can still be tracked based on its queries. The benefit of using someone else's resolver is that, as long as you trust them not to spy, nobody who watches their traffic knows what you're doing because your data is mixed in with everyone else's. So if you don't trust them, do you have someone you do?

Re: Big Brother Watch

I think these organizations are well worth supporting, but at the risk of seeming quite cynical, I have to ask whether they have an effect. Oh, they do incredibly useful work in looking at and protesting and in some cases launching legal attacks at surveillance programs. But their efforts haven't seemed to stop any of the major abuses being passed, nor have they managed to get increased public support. The legal cases seem to keep coming out on their side without getting anything changed. I hope that, with sufficient support, they can get more public interest and action such as protests together because that seems like the only method that hasn't really been tried yet. Sadly, it seems very difficult to organize and with a tenuous hope of success as well. My major hope is for some political group to start to realize the importance of this, as I haven't seen anything above a single politician understanding the importance of privacy, so my vote is pretty much pointless on this issue.

Re: Single Point of Failure?

It's not quite as single a point of failure as it seems. There are many protocols that are not affected by this--if these keys expire, many parts of the DNS root system continue to run like clockwork.

But, let's assume that all the people who do this are killed at once by some type of internet-hating terrorist group. What would happen is that IANA would get in a locksmith and break into the safe again. They might need more time, and they might need to do a bit of trial and error if there are any passwords involved, but they can handle that.

Let's assume the terrorists also take out the facility where the safe is. IANA just moves over to Virginia where there is a second copy of the safe and breaks into that one, then probably copies the contents and reestablishes the two-locations system again.

Let's assume that both locations and all participants are destroyed. In this case, IANA are a little stuck, but that's assuming they have no backups of the system somewhere (and nobody managed to copy the keys for a laugh). Given how secure they want this to be, it's possible they don't have them, but I wouldn't be surprised if that weren't the case. But if that happened, the problem would eventually fall down to the next set of servers. For a while, cached results from the root servers would be fine and nobody would have a problem. That's why attacking the DNS root servers, even if it works, doesn't immediately bring down the internet. During this time, users continue to act as normal while IANA and other DNS operators decide what needs to be done.

Let's assume they fail to do it. They don't have the ability to create a new key and have it trusted implicitly, and nobody has an idea of a quick way out of this. What happens then is that people have to fall back to other DNS information without authentication. It has problems, but it has also worked for quite a while. We're just back to that. Many places will have to change their system configurations. We'd see a lot of annoyed users. We technical folk would get a large helping of blame we don't really deserve. But life, the internet, and everything would continue to exist. IANA might get a lot of bad consequences for that, but that's where it'd end.

Re: Dedicated device

"This should be a tiny disposable wearable."

That's a bad idea pretty much whatever you think about the plan. Please consult the following list and choose the rebuttal based on what you think about the idea of tracking contact.

Tracking's great and everyone should do it: With a small disposable device, people will forget to check that it's charged. When they do charge it, it will be away from them and they might do something without it. It might break. In order to sync keys out, it will need a connection to something, probably either WiFi or Bluetooth, which makes it tricky to set up. You have to get one to everybody which is harder than digital delivery of an app.

Tracking's terrible and we should disobey en masse: With a small dedicated device, it becomes easy to verify if someone is complying with tracking. Police could ask to look at it and make it a crime not to have one on you. If the device has a connection, they will know any time you don't have it on. If it doesn't have a connection, there will be the ability to suggest random enforcement checks. With a hardware device, most likely with completely closed firmware, it won't be easy to investigate it, either to understand what it's doing or how to get around it.

Tracking is bad, but in this case a necessary evil: The small device has many downsides compared to a mobile app, see the rebuttal for "tracking's great". It also may lead to additional surveillance afterward, see the rebuttal for "tracking's terrible".

I have to live with tracking: This works in addition to any other opinions you have selected in this list. If we do need to do tracking, and it's done with a device, you need to remember to charge it. To check whether it's working. To not wear it in a place where it gets wet when you wash your hands (I'm assuming they don't make it waterproof because they want them cheap and disposable). To sync it with the key storage place or the key-retrieval-and-checking program on your computer or phone.

Re: IPXE's CX protocol solves this

Sure, it sounds nice. However, I note a few problems. First, there aren't those apps yet, though it is stated they'd be easy to create. Second, there are no providers of dangerous seeds (which would have to be set up by health providers), so it'd be useless even if there were such apps.

The third problem concerns this quote from their documentation. This is how you find out that you've been in contact with someone:

"The healthcare provider publishes a notification list of hazardous seed values corresponding to positive diagnoses. Each participating device downloads this list and compares the hazardous contact identifiers against its own record of observed contact identifiers."

Or, in simpler terms:

1. Device creates a seed at some time.

2. Every [short amount of time], it uses that to generate a new identifier. The page doesn't say how long, so I'm going to guess twenty minutes.

3. That identifier is broadcast for that [short amount of time].

4. The user tests positive.

5. Their seed is uploaded to a database which is region or country-wide.

6. Everyone downloads a list of seeds and uses them to generate the identifiers.

7. Identifiers match, and alerts can be generated.

The problem is that generating a bunch of identifiers from random seeds when they change so frequently is intensive from a processing perspective. If a seed is generated a month ago, then to check the identifiers for that seed means my device has to generate 2160 identifiers and check 1008 of them against my list. Also, I need to know when that seed was generated. I have to do this for every person in the country who tests positive. Every day. Probably most of that would get done while I sleep and the phone charges, but it could cause battery drain and slow processing if the phone is trying to do that while I'm using it. The severity of this would depend on the extent of the outbreak and of testing. In Australia, I'd have to generate and check about 82000 identifiers per day. In Germany, it'd be about 7.79 million.

Is the system gravely flawed? No. It's been thought through with some care from the look of things. But it has some flaws, and they may be severe enough that it doesn't get adopted elsewhere. I'd be happy to add this to the list of possible ways to do this, but it won't solve any of the major problems still facing the concept, including these:

1. The concept only works with thorough adoption.

2. The concept only works with thorough testing.

3. The concept only works with comprehensive support from health authorities.

4. The concept does not have much time to start to be useful before it ends up being too late and mostly useless.

5. The concept can promote anxiety if it is too broad.

6. The concept can promote complacency if testing is insufficient or contacts are not correctly logged.

7. The concept could be modified to add additional surveillance which would undermine confidence. (Yes, this approach slightly mitigates that concern, but if seeds can be collected by some means including a government-created app implementing the rest of the protocol, it would still allow surveillance).

Re: Respect

The only possibility is people wishing to use bitcoin like a currency but frustrated about not having many people willing to accept it. True, they could exchange the crypto for cash and use that, but that requires either a physical trip to wherever the exchange is or a bank account (and many people interested in cryptocurrencies don't like banks). So it could theoretically be used for legitimate purposes in the same way that most other tools primarily used by criminals could. I'm doubting most of their business was intense crypto-promoters though.

Re: Wot, no Sammies?

From the Lineage OS supported devices list, it doesn't seem like Samsung is terrible. Of every manufacturer on the list, Samsung has the highest number of supported devices (71 versus 33 for the next highest, LG). However, I note that Samsung's list has quite a few old devices and that some of their devices are listed many times for carrier-specific variants. I think it's a constantly-moving target in that a manufacturer can either be magnanimous with bootloader access or make mistakes that make it easy with one model and then turn around and change their tune quickly, similar to how Huawei locked its bootloaders a couple years back and have fallen of the list of good devices for replacement firmware.

The other side of that coin is that a device can have a completely open software stack and still not get much attention. Only if the phone is owned by enough people will the work get done. At one point, I had found a device where basically everything was open (even most of the hardware, strangely), but it was not found by anyone else because it didn't even have a brand name (I still don't know who made it), it was intended as a very cheap device with poor specs, and by the time the previous owner gave it to me for erasure and I figured out how open it was it was three years old.

True, but if you publish them where the general public can read them, then you'd better hope that you and everyone else have protected against what it says. What would be useful is to create a closed group of organizations that distribute them internally when they are obtained (and if they can be obtained by theft or without completing a payment I'm all in favor) and another public site where the pathetic wrong ones get released publicly. Anyone who finds that public site won't be able to complete a fraud with the instructions, and we avoid funding the how-to-commit-fraud industry.

An alternate suggestion is that we create some guides of our own, which we submit to the reviewers on these sites until they let us on, then we send all those who purchase it a PDF of that guide but with extra malware inserted. Bonus points if the malware can be written to turn these people in.

Perhaps I should clarify my policy. An app can ask for location permission and need it to work (E.G. navigation), and I will grant that permission. An app can ask for location for a clearly-identified feature, such as adding geotagging to photographs, and I will deny it, but if it still works, it can stay. If an app asks for location and does not have either of the previous two excuses, including where I don't know why it wants location, then I will decide the app is untrustworthy and I will discard it entirely. It doesn't matter to me if it works without the permission--if it asked for that, it might be doing other things it didn't ask about but I don't trust.

Re: Only took Apple 2 years...

There are a few, but they're not necessarily what you want. For example, the Unihertz Atom XL was reviewed here not that long ago and has a small screen. However, you would then be dealing with a relatively unknown manufacturer, so there are provisos if you decided to buy it. It seems the general public has decided that they don't need to fit their phone anywhere and will take massive screen real estate over compactness; I don't understand why either, but somehow the majority has decided against us.