Wow…today is the day my wife and I decided to complete our vote and now we’ll drive it to the Orange County Registrar of Voters to deliver it personally (vs. using the on-purpose-slowed-down U.S. Postal service).

We love our country and democracy and take our voting right as sacred, regardless of the FUD (Fear, Uncertainty & Doubt) cast on this election by that temporary occupant in the White House.

What a difference voting out here in California has been though. There were 12 Propositions on the ballot, each of which required a lot of study and consideration. The tough part is most, if not all of them, have some sort of unintended consequences which are very difficult to see in advance.

Hope everyone who votes here in CA considers these as carefully as we have, all while deeply appreciating the profound responsibility we all share in making the best decisions we can when voting.

Wherever you live in the United States, please vote…no matter what it takes to do so. If your state supports it, vote as early as you can. It’s a privilege, a right, and a duty.

We are living in a time where the lines between free speech, and hate/fake news type speech, are blurring. Increasingly it seems that the arbiters of free speech are for-profit social media and search companies. As such, I now find myself deeply troubled by where we’re headed with what is, and is not, considered a free speech, press and peaceable assembly, as protected by the United States Constitution’s First Amendment:

Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances.

Throughout the Trump presidency, I have railed against The Donald’s bloviating, lying and complete misstatement of facts as well as his constant attempts toward stirring up hate and the speech surrounding it. I am so weary of him that I want to puke whenever I listen to his lies, outright anti-pandemic rhetoric, his inflating accomplishments, and specifically his child-like rantings.

My biggest issue, besides his failed leadership (especially on the pandemic), is that he also constantly provides de facto permission for his base to openly display racist, prejudiced, anti-immigrant, misogynist and “America First!” rhetoric — alongside outcries that social media and search companies are intentionally stifling ‘conservative’ speech when those posts are flagged or removed.

Though I hate to admit it, maybe Trump and conservatives have a point about that implied and expressed stifling of conservative tweets, posts and search results (NOTE: I’m intentionally not using the word “censorship” as I don’t think the flagging or removals are to that extent yet, or whether there is any truth to their belief that search results for their published missives are not displaying).

Whether they’re right, or that we detest conservative’s extreme positions so much that most of us think it doesn’t matter if that objectionable speech is stifled, we at least all need to think about whether or not there is any truth to Trump and his minion’s belief. Why? That belief could affect us all where free speech is concerned if we don’t address this now — and consider those outcries seriously and figure out how to manage our online ‘assembly’ as quickly as possible.

Read More

You are probably like me right now: torn over the “should we or should we not?” question to open up our country during this pandemic. That question made me think deeply about my own views and what are my pros and cons:

PRO SHUTDOWN

On the one hand there were, and still are, so many unknowns. But we do know that the shutdown did “flatten the curve” of infection and it’s potential to spread:

1) There was no way the U.S. healthcare system could have handled potentially 2-5 million cases with hundreds of thousands of hospitalizations and the projected best case death rate of 100,000 to 200,000. Overwhelming the healthcare system was not an option.

2) The U.S. was not (and still isn’t) prepared for a pandemic with testing or even antibody testing. How many are infected is just a guess so estimating herd immunity (and even if that immunity is long-lasting) is unknown.

3) We also don’t know how many strains there are. Five have been genetically identified so far, and the Center for Disease Control and Prevention (CDC) has indicated that — like coronaviruses are known to do — mutations *will* accelerate and, God forbid, one of those mutations will spike the mortality rate.

4) Imagine that the mortality rate did spike and the virus’ virulence becomes substantially stronger. The likelihood that, pre-vaccine over the next 12-18 months, these sorts of mutations could see death rates climb in to the low to middle single digits.

5) Those dangers are obvious, but the one we can’t get cavalier about is opening up too fast, getting complacent, and causing an exponential increase in infection. If we do, #3 and #4 above will happen (and may anyway this winter season) since we don’t have a vaccine yet.

CONS ON THE SHUTDOWN

On the other hand the shutdown is devastating the economy which is bad for everybody.

1) According to the Wall Street Journal yesterday, the U.S. economy shrank at its fastest pace ever as GDP dropped 4.8%. If we don’t start to open up parts of the economy and fast, we will slip in to a depression (and are already in a recession).

2) But beyond that statistic, this one is the real issue: searching Google on “U.S. living paycheck-to-paycheck” turns up dozens of articles that outline that 49% to 80% of Americans live paycheck to paycheck (some articles are from ‘news’ outlets that have political agendas, in my view).

3) Fortunately people aren’t spending as much money and are saving more (incomes are down but savings rate is the highest in 39 years, according to MarketWatch) so hopefully that will help.

4) Unfortunately, we don’t really know the current 2020 state of American’s finances. Why? The Federal Reserve performs this Survey of Consumer Finances every three years, and the last one was done in 2016 (the 2019 survey results will be published “in late 2020” according to this press release by Fed Chairman Jerome Powell).

SO WHAT TO DO NEXT?

There are a number of really smart proposals out there about how to open the economy but *very, very carefully* so that asymptomatic people don’t exponentially infect others and spike the mutations and possibly the mortality rate. Do a Google search on “proposals to open the U.S. economy” to see more.

Most people have become quite knowledgeable on how to protect themselves, even though the instructions about how to stay protected are seemingly all over the map (and Trump’s goofy and rally-like briefing outbursts don’t help). That means that most of us will instinctively know how to stay relatively safe and either not be spreaders of the virus or catch it ourselves.

We do need to get the economy back up and running but cautiously. As Morgan Stanley biotechnology research analyst Matthew Harrison put it in an April 6 op-ed, “Hope that…the U.S. has not reached crisis levels…will be shortlived, as the reality sets in that the path to reopening the U.S. economy is going to be long, and marred by stops and starts. It will be fully resolved only when vaccines are widely available in spring 2021, at the earliest.

I do wish we had smarter and more savvy leadership without personal aggrandizement as the primary goal. But this is the hand we were dealt by the Electoral College in the United States, so we’ll have to push to help our current ‘leadership’ move toward the best strategy.

Good luck to us all and stay safe.

Check out the speed of our Cox Gigablast service in the image above. The speedtest on the left was a server on the Cox network close to my home, and the one on the right is a connection to a test server all the way across the country in New Jersey. This kind of speed is incredibly useful for us, especially during this time with us all working and staying in our homes. If you can get this kind of speed as well, it might be worth it to upgrade your internet connection now.

My wife and I were fine on our previous Cox internet speed (300Mbps down and 30Mbps up) but then the pandemic hit. Our online usage spiked dramatically and then our son moved home for the foreseeable future and was online all the time. Then his work figured out how to let him perform his analysis work from home, and that word “dramatically” became two words, “Oh-oh!”

That “oh-oh” was because our son would need to download HUGE files (300-600GB in size) as well as be consuming tons of bandwidth every work day. As such, I knew we’d need significantly faster speeds and a lot more bandwidth. Fortunately Cox fiber to the home was available in our brand new development, so even my slower speed was brought to the curb with fiber. But I discovered that it wasn’t simple to get upgraded to Cox’ Gigablast service, a broadband tier which promised speeds and throughput close to 1 gigabit per second download speeds and nearly the same for uploading.

An example of an optical network
terminal on the exterior of a house

Now that we knew significantly faster speeds and bandwidth was needed, I upgraded online in my Cox account. I was puzzled that, after several hours and multiple reboots of my modem and router, the speeds were the same. I then called in to technical support and discovered that I needed an optical network terminal (ONT) which would replace my modem in order to achieve these speeds.

This need for an ONT was puzzling as a Cox fiber expert had to come out a couple of months after our internet was installed as we had an outage (a crimped optical connector by the original tech cracked) and this expert indicated that I could simply go online and upgrade to get Gigablast. My expectations were then set but, after talking to customer support folks on the phone didn’t really know what was needed and why it wasn’t working, and couldn’t help me figure out what was needed. Read More

I’m seeing so many people struggling with understanding why our nation (and other nations) are essentially in lockdown, especially when “more people die of flu” and “just a tiny few have been identified so far“.

Do you understand how quickly the growth of a virus can move throughout humans? The wheat and chess board problem below is a great illustration of how exponential growth works — similar to how a virus spreads in a human population — and why the governmental reaction is happening to restrict our movements at this point in time.

THE CALIFORNIA EXAMPLE
As of yesterday, all non-essential services in my current State of California are shut down and people are mandated to “shelter in place” so as not to communicate the novel coronavirus to others. But why is this happening now?

According to How overwhelmed is California’s health care system about to be? California may not even be able to handle the surge of COVID-19 cases with the current hospital beds:

“Projections by state health officials have indicated that California hospitals could handle a surge — right now, statewide — of about 10,000 patients. But given the potential for the virus to spread so far and so fast, some models project the state could need twice that, closer to 20,000 extra hospital beds.”

A few facts about the State of California and the death rate and the state’s ventilator need is in order:

  • As of the end of 2018, the population of California is 39.56 million people.
  • Approximately 3.4% of people 60+ years of age are dying from the virus. Others in multiple younger age ranges are ending up with lung damage and both require ventilators to survive or minimize that lung damage.

Yesterday California Governor Newsom made announcements and sent a letter to the Trump administration stating that 56 percent of the state’s population — 25.5 million people — is projected to be infected with the coronavirus over an eight-week period.

With California’s citizenry being left to move about as before the virus emerged, the projection is that within two months a whopping 25.5 million people would have COVID-19 and therefore 3.4% of 25.5 million = 850,000 dead (and an unknown number of younger people with lung damage).

THE WHEAT AND CHESS BOARD – A LINEAR VS. EXPONENTIAL GROWTH EXPLANATION
The reason for the lockdowns is that the deaths are caused by acute respiratory failure requiring ventilators for those afflicted. If there aren’t enough ventilators the death rate goes way up.

The spread of a virus, especially one as communicable as this novel coronavirus, is exponential…and that’s the problem. Left unchecked (i.e., we were NOT locked down) the virus would spread exponentially.

You maybe saying, “Steve…I still don’t get how or why it would grow so fast and why the government’s numbers of people infected are so high.” It’s not your fault if you don’t understand since your brain understands linear growth easily, but your brain is NOT good at understanding exponential growth.

Linear growth is always at the same rate, whereas exponential growth increases in speed over time. If the coronavirus spread at a linear growth rate the numbers are larger than most people can understand since they are so enormous.

To understand both types of growth, let’s look at a chess board which has 64 squares on it and is one where you place grains of wheat on each square.

1) Linear growth is always at the same rate, so this is easy when you put one grain of wheat each day for 64 days. At the end of 64 days you have 64 grains of wheat.

2) How many grains of wheat would be on the chessboard when you finish with exponential growth? Since exponential growth increases in speed over time — just like a virus would spread — let’s see what happens when you double the number of grains each day for 64 days like you would if you were at the mall, in a restaurant, and moving about as you did normally before the virus hit:

  • FIRST DAY: You place one grain of wheat on the first square on the chess board
  • SECOND DAY: You double the grains of wheat on the second chess board square … so now there are two grains on that second square
  • THIRD DAY: You double the grains again and now you have four grains on the third chess board square
  • FOURTH DAY: You double the grains again and now you have eight grains on the fourth chess board square
  • FOURTH THROUGH 64TH DAY: For the next two months continue to double the grains each day and place them on each subsequent square.

At the end of 64 days you would have 18,446,744,073,709,551,615 quadrillion grains of wheat! (NOTE: A quadrillion is a thousand trillion).

THAT is why we are in lockdown and trying hard to flatten the curve, performing social distancing, and trying to stop the exponential spread of this virus until a vaccine (and other mitigation strategies) can be found.

Here’s an interesting video to give you an idea on how quickly exponential growth occurs:

UPDATE on 02/07/2020 at 6:38pm PST
Looks like Google is adamant that they do NOT track this way: Google denies Chrome tracking allegation, explains use of ‘X-Client-Data’

As I take steps to extract myself from Google (and others) ubiquitous tracking, I’ve been paying attention to anything related to Google’s Chrome browser. In my news feed yesterday, I came across this threaded discussion in Hacker News:  Google tracks individual users per Chrome installation ID.

I was stunned to learn that every install of Chrome generates a unique ID just for you and it’s possible that Google is using this install ID to track us. As soon as you log in to any Google account with that new installation of Chrome, it’s also likely linked directly to your individual Google profile.

Not only is this completely “evil” on Google’s part if true and they’re using this ID for browser fingerprinting, but it also means it is a complete violation of Europe’s General Data Protection Regulation (GPDR) and would result in massive fines for the company.

In order to get a deeper sense of what was going on, I went out and did a bunch of online searching (using my now preferred search engine, DuckDuckGo, of course). There are dozens of developer and tech site articles and posts that helped me fully understand what is going on, and why developers (and those of us who care about security and privacy) are so upset, concerned, and making a huge fuss to get an answer out of Google.

From LongRoom News:

On Tuesday, Arnaud Granal, a software developer involved with a Chromium-based browser called Kiwi, challenged a Google engineer in a GitHub Issues post about the privacy implications of request header data that gets transmitted by Chrome. Granal called it a unique identifier and suggesting it can be used, by Google at least, for tracking people across the web.”

Even the adblocker software company, Magic Lasso, shared this insight on their blog about the controversy and explained the problem and how this potential tracking occurs:

Each and every install of Chrome, since version 54, have generated a unique ID. Depending upon which settings you configure, the unique ID may be longer or shorter.

Irrespective, when used in combination with other configuration features, Google now generates and retains a unique ID in each Chrome installation. The ID represents your particular Chrome install, and as soon as you log into any Google account, is likely also linked directly to your individual Google profile.

The evil next step is that this unique ID is then sent (in the “x-client-data” field of a Chrome web request) to Google every time the browser accesses a Google web property. This ID is not sent to any non-Google web requests; thereby restricting the tracking capability to Google itself.”

Google needs to address this and quickly. Just about every developer I know has abandoned Chrome and are using Firefox exclusively (as am I).

President Trump tweeted this morning that “Apple will not be given Tariff waiver, or relief, for Mac Pro parts that are made in China. Make them in USA, no Tariffs!Perhaps he doesn’t know that every time he does something like this we all laugh at him?

Unfortunately, Trump’s basic understanding of technology — and which country has the manufacturing capability to even make the required components for the new Mac Pro — is laughingly ignorant.

According to CNBC, Trump says Apple will not be given tariff waivers or relief for Mac Pro parts made in China:

Apple asked for waivers on tariffs on the Mac Pro. Apple said it wanted to be exempt on some parts it uses for the new Mac Pro, including a power supply unit, the stainless-steel enclosure, finished mice and trackpads and circuit boards.

“There are no other sources for this proprietary, Apple-designed component,” Apple said in a filing.

Apple said in June that tariffs on its products will reduce its contribution to the U.S. economy. In a letter to U.S. trade representative Robert Lighthizer, Apple said tariffs would “also weigh on Apple’s global competitiveness” since Chinese companies compete with the products Apple builds. Trump met with Apple CEO Tim Cook in June to discuss trade.

Just a suggestion, @realDonaldTrump, but before you tweet would you at least ask someone in the White House — who has above a grade-schooler’s understanding of technology, manufacturing, and who can even make certain stuff in the USA — what is feasible and what isn’t?

Congressional “theater” is happening right now and our ‘Congress Critters’ are all seemingly outraged at the privacy violations by Facebook, Google, and all the other tech companies we all use every day. Some even want to break them up as do various Democratic presidential candidates.

But I’d like you to notice that there is not a *peep* from any of them about all the other tracking companies out there, especially ones like Palantir.

Those tracking or “secondary surveillance network” companies are the REAL privacy threats. Literally everything you do digitally is tracked including:

  • Buying anything either online or offline as your credit card data can be purchased by tracking companies and combined with other data
  • Emailing and texting metadata is captured (the content is protected as a warrant is needed to search within an email)
  • Moving around with your smartphone in your pocket provides tracking data of your movements
  • Everything you do (or your devices do automatically) through your internet service provider is tracked now that net neutrality is dead (ISPs can sell your data)
  • Everywhere your face is “recognized” by a camera connected to an increasing number of systems without any regulation since your public persona can be photographed
  • And much more.

Want to See How Bad It Is?

Palantir is one company that has always scared the beejeezus out of me out of me as I’ve personally analyzed this completely opaque and secretive organization. But it wasn’t until I read this article Revealed: This Is Palantir’s Top-Secret User Manual for Cops did I say HOLY SHIT THIS IS BAD!

Turns out Motherboard obtained this Palantir user manual through a public records request, and it gives unprecedented insight into how the company logs and tracks individuals and their system goes far beyond what I ever imagined as a worst-case scenario:

“Palantir is one of the most significant and secretive companies in big data analysis. The company acts as an information management service for Immigrations and Customs Enforcement, corporations like JP Morgan and Airbus, and dozens of other local, state, and federal agencies. It’s been described by scholars as a “secondary surveillance network,” since it extensively catalogs and maps interpersonal relationships between individuals, even those who aren’t suspected of a crime.”

In addition, this article 300 Californian Cities Secretly Have Access to Palantir shows how hard various law enforcement and other agencies are hiding the fact that even use Palantir:

Motherboard obtained documents via public record requests which reveal that the scope of Palantir’s influence in California is significantly larger than previously documented. Payment records indicate that between January 2012 and March 2017, about three hundred cities, collectively home to about 7.9 million people, had access to Palantir’s Gotham service through the Northern California Regional Intelligence Center (NCRIC), which is run through the Department of Homeland Security.

Why use Palantir’s Gotham service instead of licensing the software outright?

Gotham is one of Palantir’s two services, and the other service is Palantir Foundry. These 300 police departments could request data from Palantir, and an NCRIC agent would retrieve this data and provide it to local police. Per this arrangement, none of these departments have to disclose the fact that they have access to Palantir.

Read these articles and go scan the manual and you’ll see that it is trivial for any user of their system — whether directly with Palantir or one of their “service” companies — to obtain a HUGE ARRAY OF PERSONAL DATA on any one of us!

Again, notice how Palantir is not even in the conversation any Congress Critters or presidential candidates are having? Also, where is the mainstream media in all of this?

These secondary surveillance network/tracking companies are already out of control. Congress must act now but they won’t unless you tell them to do so and vote accordingly going forward.

Want to know more and/or take action like I have?

Ask your Congressperson and Senators to pay attention to and regulate these tracking/secondary surveillance network companies:

Last evening I saw this article link from Steiger Legal, on a blog run by Swiss lawyer Martin Steiger, in which he published a damning allegation that my beloved ProtonMail, the end-to-end encrypted email provider, was:

Email service provider ProtonMail, based in Switzerland, offers assistance for real-time surveillance: Voluntarily!

Steiger goes on with writing a factually incorrect article about ProtonMail on his blog, alleging, among other things, that “ProtonMail voluntarily offers assistance for real-time surveillance.

Fortunately ProtonMail responded with, in part, this clear statement:

So that there can be no ambiguity: ProtonMail does not voluntarily offer assistance as alleged. We only do so when ordered by a Swiss court or prosecutor, as we are obligated to follow the law in all criminal cases. Furthermore, ProtonMail’s end-to-end encryption means we cannot be forced by a court to provide unencrypted message contents.

That’s crystal clear in my view. Just to restate that last sentence, even if a prosecutor was able to scrape metadata about which user emailed to another person(s), the contents of the email could not be decrypted by ProtonMail and provided (and a government or intelligence service could not as well without massive computing power and a lot of time!

Unfortunately I had seen this article but not ProtonMail’s rebuttal before emailing their support and tweeting it to @ProtonMail, they responded to my tweet:

Hi Steve, these allegations are false, and have also been refuted by the Swiss public prosecutor earlier this week. We have responded on our blog here with more details: https://t.co/xdz2xfF4pu

— ProtonMail (@ProtonMail) May 31, 2019

I then responded and apologized for being rash and not investigating fully before tweeting:

Thank you for the clarification! Had not yet read the HN thread nor your post. Should have gone there first … apologies for that.

Note: With all the recent breaches and revelations that mobile apps are “phoning home” with metadata, my paranoia is accelerating. https://t.co/7XAkEEKD8B

— Steve Borsch (@sborsch) May 31, 2019

The “recent breaches” and “phoning home” items I referred to in my reply to ProtonMail were:

  • Washington Post article about how their privacy experiment showed 5,400 hidden app trackers guzzled our data — in a single week on the reporter’s iPhone.

Is it no wonder I rushed-to-judgement for a secure email service I rely upon to keep my emails to family and friends — and the PDFs, Word docs, and Excel spreadsheets with vital data in them — secure from prying eyes?

Thank you, ProtonMail team, for helping to keep us safe and secure!

Remember when Apple’s Tim Cook wouldn’t put in a backdoor to iOS so the FBI could gain access to the San Bernardino terrorist’s iPhone? THIS IS WHY!

If the NSA can’t control software as destructive as this, how can any government guarantee a compromised operating system won’t get in to the wild? (One guess: they cannot and Tim Cook was 100% right).

Read this article in The New York Times as it tells the story of the NSA’s software loss well.

We must have end-to-end encryption on our devices. Period.