I’m posting this since I’m becoming increasingly concerned about the growing negative attitude toward immigrants. Unless you are a native American, everyone else is an immigrant (though it could be argued that, since Columbus ‘discovered’ America, we were conquerors). Be nice, kids and adults.
According to a 2008 Hakes auction, this superhero item was released as a school book cover in 1949 and was distributed by the The Institute for American Democracy Inc.:
I came across two fascinating articles today that actually make me even more concerned about what kind of world we will be leaving to our children and future generations:
“Last month, deep in a 500-page environmental impact statement, the Trump administration made a startling assumption: On its current course, the planet will warm a disastrous 7 degrees by the end of this century.”
“A tangible shift over the last two years is sharpening among the world’s biggest oil companies, including in America, to more readily acknowledge and address climate change.
The bottom line: The trend, fueled by investor and lawsuit pressure, is underway regardless of, and partly in response to, President Trump’s retreat on the matter.”
As sea levels rise, coastal areas slowly become uninhabitable, crop yields mean food shortages, economic losses accelerate and a global refugee crisis unfolds, the climate change naysayers will surely forget their short-term denials.
It’s likely too late already to reverse the changes by the end of this century, but if we don’t continue to discover ways to stop the burning of fossil fuels we can guarantee we’ll make this planet uninhabitable itself.
For Further Reading
- NASA Global Climate Change:
- Washington Post: One of the most worrisome predictions about climate change may be coming true
- National Oceanic and Atmospheric Administration: Global Warming and Hurricanes: An Overview of Current Research Results
This country belongs to whomever shows up. And do you know who shows up for every election? Old people. But only 46% of people 18-34 years old voted in the last election.
For years I’ve been a staunch supporter and trusted Google, loved their services like Google Suite, Gmail, Google Voice, and others, all while admiring their machine learning and artificial intelligence research. One thing I specifically trusted was Google’s Don’t Be Evil motto which was baked in to their Code of Conduct for the company.
Then, back in May, I became troubled when they removed Don’t Be Evil and replaced it with Do The Right Thing. At the time I joked with a friend of mine asking him, “Is ‘do the right thing’ for us, or for Google?”
It appears the motto change was focused on Google.
The biggest shift away from that “Don’t Be Evil” motto that Google has ever done just happened. Though this thread started on Hacker News a few weeks ago, a cryptographer and professor at Johns Hopkins University whose blog I follow, Matthew Green, wrote a post entitled, Why I’m Done with Chrome. In it he said:
A few weeks ago Google shipped an update to Chrome that fundamentally changes the sign-in experience. From now on, every time you log into a Google property (for example, Gmail), Chrome will automatically sign the browser into your Google account for you. It’ll do this without asking, or even explicitly notifying you.
Green also sees this move as having serious implications for privacy and trust. Do you think!?! My trust-level in Google has plummeted. So much so that I have now shifted 100% back to Mozilla’s Firefox browser and away from Chrome. I will no longer use Chrome until they change the way they infiltrate my privacy.
SO WHAT EXACTLY DID GOOGLE DO?
Google’s recent update to Chrome (browser version 69) has done something unprecedented in their history:
a) Once you login to Chrome as a user, Google can (and does) track EVERYTHING you do in the browser. Every site you view, every login. The change? If you login to any Google service in the Chrome browser, Google will log you in to that browser to give them access to everything you’re doing within Chrome.
c) Google is increasingly using “dark pattern” user interfaces in their services to hide or obfuscate what something does when you check, uncheck or choose an option. In ExtremeTech’s article Chrome 69 Is a Full-Fledged Assault on User Privacy, they describe how Google’s dark pattern user interfaces obscure their intent to get you to enable them to do the right thing for Google:
These changes are all part of what’s known as a dark pattern. If a pattern is defined as a regularity in the world (designed or naturally occurring) that repeats in a predictable manner, a dark pattern is an attempt to trick users by designing interface options that look like the options users expect to see.
I, for one, don’t want to research, study or figure out how a company I trust might be trying to trick me in to do something that is in THEIR best interest…and not mine. I’d rather pay for offerings and am growing tired of “being the product“.
- GOOGLE NEWS COVERAGE: FIND IT HERE (yes, I’m aware of the irony)
- THE VERGE: Google criticized for Chrome change that logs users in without telling them The latest version of the browser, Chrome 69, is pushing users into sharing more data, say critics
- WIRED: A Seemingly Small Change to Chrome Stirs Big Controversy
- THREAT-POST: Google’s Forced Sign-in to Chrome Raises Privacy Red Flags
- INQUIRER: Chrome 69 secretly logs you in to Chrome Sync when you visit a Google site
- SECURITY RESEARCHER S. BÁLINT: Chrome is a Google Service that happens to include a Browser Engine
Catching up on news and information this weekend I was intrigued when I came across this new 2018 Millennial Survey by the consulting giant Deloitte. It confirms many of the things about the Millennial generation that I’ve been observing, especially amongst those I know personally. Almost without exception the Millennials I know are exhibiting enormous distrust in business and bemoan the lack of ethics, morals, values and the increasing despair they feel when it comes to both business and government.
Add to that the low wage growth globally — all while the top earners accumulate most of the wealth like those here in the United States — and that adds to the despair. Who wouldn’t be angry if you had accrued huge student debt, housing prices had exploded so high that you couldn’t even afford to buy your first home, and you watched as bankers, business leaders and others raked in most of the monetary spoils in the economy?
While you can download and read the report yourself — which is focused on business and not government but is a fascinating read nonetheless — the executive summary sums up the essence of the survey and its results:
Following a troubling year, where geopolitical and social concerns gave rise to a new wave of business activism, millennials and Gen Z are sounding the alarm, according to Deloitte’s seventh annual Millennial Survey. Millennials’ opinions about business’ motivations and ethics, which had trended up the past two years, retreated dramatically this year, as did their sense of loyalty. And neither generation is particularly optimistic about their readiness for Industry 4.0. Their concerns suggest this is an ideal time for business leaders to prove themselves as agents of positive change. The findings are based on the views of more than 10,000 millennials questioned across 36 countries and more than 1,800 Gen Z respondents questioned in six countries. The survey was conducted 24 November 2017 through 15 January 2018.
Millennials recognize that we’re all in this together and that cooperation is key to our survival, growth, peace, and brings meaning to our lives.
This survey was across 36 countries but thinking just of the United States of America, democracy doesn’t work if it’s every person for his or her self. When business regulations mean it’s OK to do just about anything if it means increasing the bottom line. When our country’s leader moves in the opposite direction on climate change, the environment, while lying like a rug and disparaging our intelligence agencies, journalism, other countries, and everything else but himself.
Millennials are done with this crap (as is 50% of the country) but they are in the driver’s seat when it comes to affecting change: They’ll inherit this country and are the ones who can remake it. They will demand business puts on their big-boy pants and realizes we’re all in this together, and act like it in all dealings. I do believe this next generation will make America great again by demanding we bring back compassion, truth, ethics, values, and a vision of global cooperation.
This morning the U.S. Supreme Court ruled that police must obtain a search warrant in order to get access to cellphone location information.
This is HUGE and a big win for anyone who cares about intrusive, mass, warrantless surveillance that is, by any measure, illegal searches and (data) seizures.
Chief Justice John Roberts sided with the “liberal” justices (ones I instead use the adjective “strategic” to describe). This National Public Radio (NPR) story In Major Privacy Win, Supreme Court Rules Police Need Warrant To Track Your Cellphone put it succinctly:
The majority declared that the Fourth Amendment guarantees an expectation of privacy and that allowing police to obtain moment-by-moment tracking of an individual’s cellphone location is a kind of surveillance that the framers of the Constitution did not want to occur without a search warrant.
The chief justice said that this sort of tracking information is akin to wearing an electronic ankle-bracelet monitoring device and that the citizens of the country are protected from that kind of monitoring unless police can show a judge that there is probable cause of a crime that justifies it.
After the 2014 Edward Snowden revelations about mass, warrantless surveillance of U.S. citizens — which was being performed by the signal intelligence focused National Security Agency (NSA) — was an enormous concern both domestically and internationally as the NSA’s clear mission was to focus only on foreign signal intelligence while excluding spying on American citizens. The outcry domestically and internationally reached a fever pitch…but little was revealed on what was being done to stop mass, warrantless surveillance.
Then some of Snowden’s document releases were published and it was revealed that all of this vacuumed-up data had a “Google-like search engine” that could be used to scour all data for an individual or group. Somehow the Drug Enforcement Agency (DEA) and other law enforcement agencies were being provided with data that couldn’t be challenged in court due to “national security concerns” so the extent of data being swept-up has never been completely understood.
The bottom line? The accelerating “surveillance State” was already out of control and Congress seemingly turned a blind eye toward it and extended its capability.
Though it has taken too many years for the Supreme Court to weigh in on the Constitutionality of warrantless surveillance, the explosion in law enforcement’s use of cellphone tracking devices like Stingray, meant that warrantless tracking by police agencies was low-hanging-fruit for the court to address.
In my mind it’s too little, too late…but it’s a start.
There is a new tool for hacking in to an iOS device (i.e., iPhone or iPad) you should be aware of and why you should change your password NOW…but also make it a strong one.
A Motherboard investigation has found that law enforcement agencies across the country have purchased GrayKey, a relatively cheap tool for bypassing the encryption on iPhones, while the FBI pushes again for encryption backdoors.
According to Matthew Green, assistant professor and cryptographer at John Hopkins Information Security Institute, said on Twitter that GrayKey has an exploit that disables Apple’s passcode-guessing protections (i.e., SEP throttling) AND that a 4-digit passcode can be cracked in as little as 6.5 minutes on average, while a 6-digit passcode can be calculated in roughly 11 hours:
Guide to iOS estimated passcode cracking times (assumes random decimal passcode + an exploit that breaks SEP throttling):
4 digits: ~13min worst (~6.5avg)
6 digits: ~22.2hrs worst (~11.1avg)
8 digits: ~92.5days worst (~46avg)
10 digits: ~9259days worst (~4629avg)
— Matthew Green (@matthew_d_green) April 16, 2018
Another Motherboard article emphasized that you should immediately Stop Using 6-Digit iPhone Passcodes and yes, you should.
Why a Long, Secure Password Now?
Security and convenience are always a trade-off. But I’ve set up a password for my devices that, according to this password checker, will take 44 thousand years to crack BUT it is easy for me to remember, and to use, as my iOS “custom alphanumeric code.” This password has numbers, upper/lower case letters, along with a few special characters (e.g., !@#$%^&*()).
Do I have something to hide? Nope. But the reason I lock my front door, have security cameras and alarm system, and don’t invite random people in to dig through my drawers or important-papers in filing cabinets, IS THAT MY STUFF IS *MY* STUFF AND PRIVATE! I intend to keep it that way so I protect the shit out of things I want to keep private AND SECURE.
If you travel outside the U.S. like my wife or I do and come back in with your device, TURN IT OFF. That is because U.S. Customs is increasingly grabbing traveler’s devices and disappearing with them to a back-room, apparently to hook them up to a device to suck off all the data. While this hasn’t yet directly affected U.S. citizens, there is nothing stopping other countries from doing the same thing.
Plus, once all of your data is captured, there are enough cracking resources available to government agencies to be able to take their time to crack your device data they have previously stored. It might take them a year or, after quantum computing becomes a reality (if it isn’t already real) in the next several years, those times to crack may be reduced to minutes instead of days or years.
Police agencies within the United States may also be less adherent to the U.S. Constitution and Bill of Rights when it comes to the gray area surrounding digital search and seizures, even though in 2014, the U.S. Supreme Court addressed two cases, Riley v. California and United States v. Wurie, dealing with cell phones searches and the search incident to arrest exception to the warrant requirement. During searches incident to arrest, the high court has not required warrants under certain circumstances where protecting officer safety and preventing evidence destruction are at issue. For more, read this at FindLaw.
The U.S. Border Patrol also could be in a position to do whatever they damn well please — within 100 miles of the U.S. border — as you can see from this article at the American Civil Liberties Union (ACLU):
Why Can You Do?
- How to Create a Password You Can Remember
- Four Methods to Create a Secure Password You’ll Actually Remember
- Know Your Rights is a good primer you should read it now at the Electronic Frontier Foundation and download their printable “pocket guide” here.
The Department of Homeland Security (DHS) is doing something unprecedented for a tactical government bureau: they just released a draft request for companies to bid on their “Media Monitoring Services.” This request from DHS seeks a firm that could build them a searchable database that has the ability to monitor up to 290,000 global news sources:
Services shall enable [the DHS’s National Protection and Program’s Directorate] to monitor traditional news sources as well as social media, identify any and all media coverage related to the Department of Homeland Security or a particular event. Services shall provide media comparison tools, design and rebranding tools, communication tools, and the ability to identify top media influencers.
They’re claiming “standard practice” but DHS is NOT an intelligence service and global monitoring is what the National Security Agency performs as does the Central Intelligence Agency. WTF is DHS going to do with this sort of database? Why do they need “media influencers” and “bloggers”? The request specifically requests:
24/7 Access to a password protected, media influencer database, including journalists, editors, correspondents, social media influencers, bloggers etc.
Most troubling was their intent to have this database indicate what the coverage “sentiment” is:
[The database shall have the] ability to analyze the media coverage in terms of content, volume, sentiment, geographical spread, top publications, media channels, reach, AVE, top posters, influencers, languages, momentum, circulation.
Why am I concerned and bringing forth a story like this one? Because our Department of Homeland Security potentially has an enormous tactical advantage set forth in the Constitution that could allow them to subvert our protections under that very Constitution and our Bill of Rights. Don’t believe me or think I’m paranoid? Then read this about our Constitution and the 100-mile border zone that DHS could essentially do whatever they damn well please within, like searching our “sentiments” when within a border zone and restricting our movements if we’re deemed a threat to homeland security.
To say the shit-hit-the-fan after this release is an understatement. Here is a Google search that has articles from Forbes, Bloomberg, CBS News, CNN, Chicago Sun-Times, and a host of others. Here is a Twitter search to allow you to read thousands of tweets questioning why in the world DHS needs such a database.
Many of we “bloggers” also leapt on this story as it is clearly easier for DHS to level suspicions at us. It’s also significantly easier to intimidate an individual than it is an institution filled with journalists like CBS News or CNN.
That said, other government agencies, like the FBI, have adopted secret rules to spy on journalists who publish classified information and hunt down their anonymous sources.
While all the articles I read were questioning the ‘why’ behind having this database, DHS’ spokesperson, Tyler Q. Houlton, had this to say in response to their sh*t hitting media’s fan:
Despite what some reporters may suggest, this is nothing more than the standard practice of monitoring current events in the media. Any suggestion otherwise is fit for tin foil hat wearing, black helicopter conspiracy theorists. https://t.co/XGgFFH3Ppl
— Tyler Q. Houlton (@SpoxDHS) April 6, 2018
My gut tells me that the “why” behind this database is that DHS wants to have a searchable one so they can perform quick lookups for those crossing our borders, being stopped at checkpoints, and potentially for those of us who happen to be within 100 miles of any border.
Read the bid yourself below or download it here:RNBO-18-00041_SOW_-_Draft (1)
We are living in a time when the President of the United States calls any news organization whose reporting he doesn’t like “fake news.” When news organizations struggle to remain relevant when the internet enables that news to travel around the planet in milliseconds. With all the options for news, few are willing to spend any money to support them.
This morning I donated $50 to The Guardian, a paper headquartered in London with a major U.S. presence in New York and is one I read almost every day. Their journalism is top-notch and they’ve revealed numerous important stories like the National Security Agency’s PRISM program and the Panama Papers.
My support has also been continual for my local paper, the Minneapolis StarTribune, but also to the phenomenal New York Times and The Washington Post, organizations that have continued to demand truth from the powerful, report on them when they go astray, and help keep us on track as a nation.
I absolutely believe that a free press is vital to our democracy and freedom. The founders of the United States of America knew how important freedom of the press was to democracy, so they made the very first amendment to the Constitution one that would protect it.
Without the press — and I’m including television and internet-based news too — who would hold accountable those who would seize power? The ones in power who seemingly delight in telling us untruths, make up their own facts, and lie to our faces like our current administration does?
It made me realize that I have to vote with my pocketbook. Think about the news organizations you read often and make a donation or subscribe. You don’t want to rely on some blog or, God forbid, what some government mouthpiece wants you to believe. You want the truth. We all need the truth.
Democracy will die without truth. Take a moment right now to choose one or two news organization and donate something to them.
Photo courtesy Electronic Frontier Foundation
Though I’ve been following this story at the Electronic Frontier Foundation’s website (see Geek Squad’s Relationship with FBI Is Cozier Than We Thought) it was today’s Ars Technica article that really got my blood boiling (see Best Buy defends practice of informing FBI about child porn it finds).
“In a statement sent to Ars on Tuesday, Best Buy wrote that it continues to “discover what appears to be child pornography on customers’ computers nearly 100 times a year. Our employees do not search for this material; they inadvertently discover it when attempting to confirm we have recovered lost customer data.”
While I’m the last guy to defend anyone who has child porn they’ve gathered and stored on their computer or device the big issue is this: Best Buy **must be** using forensic tools to actively search the entire hard drive — including cached images — and then Geek Squad humans ARE ACTIVELY VIEWING every .jpg, .png, or raw image on the computer or device and getting paid to do it!
Otherwise, how else could they possibly determine something is “child porn” without looking at it?
On my main computer (and external hard drives) I have nearly 50,000 images I’ve taken, scanned, or my family has taken and I’m storing them in a central location (and, before you ask, there is NO porn…child or otherwise). If you were a Geek Squad worker, there is no way you could be recovering one of my hard drives and have a clue what those images are, unless you looked at them OR had a forensic tool that enabled you to find every image on a computer or device so you could skim through them.
That EFF article had this to say about Geek Squad using forensic tools (my emphasis):
But some evidence in the case appears to show Geek Squad employees did make an affirmative effort to identify illegal material. For example, the image found on Rettenmaier’s hard drive was in an unallocated space, which typically requires forensic software to find. Other evidence showed that Geek Squad employees were financially rewarded for finding child pornography. Such a bounty would likely encourage Geek Squad employees to actively sweep for suspicious content.
Even if a computer owner inadvertently ends up on a website that has such images — by following some link and then takes their computer in for Geek Squad service — those images are in the browser cache so that person could be instantly branded a child porn lover or pedophile and turned over to the FBI. Unless you are smart enough to use FileVault on the Mac or TrueCrypt for Linux or PC and encrypt your drives (like I do), they can see anything-and-everything once recovered.
What if a rogue Geek Squad person looked at your important documents? Maybe copying down account or social security numbers, poking through email text files, or otherwise digging through all your digital files when your computer or device was in there for repair?
Remember: Defending against illegal searches and seizures means forcing law enforcement to abide by the Constitution and get a warrant. Not pay-off or otherwise coerce a company’s employees to do the FBI’s illegal forensic for them.
Especially when everyone knows that if an illegal search and seizure is labeled an investigation in to “child porn” or “terrorism” then the stupid usually rollover and let law enforcement do whatever they want unless you, like I do, find this practice and Best Buy collusion an illegal search and seizure (especially since the FBI paid them to do it) and get mad about it and take some action.
For more see these:
- Washington Post article: If a Best Buy technician is a paid FBI informant, are his computer searches legal?
- If you don’t know what law enforcement can-and-cannot do, take a look at this: Searches and Seizures: The Limitations of the Police