Congressional “theater” is happening right now and our ‘Congress Critters’ are all seemingly outraged at the privacy violations by Facebook, Google, and all the other tech companies we all use every day. Some even want to break them up as do various Democratic presidential candidates.
But I’d like you to notice that there is not a *peep* from any of them about all the other tracking companies out there, especially ones like Palantir.
Those tracking or “secondary surveillance network” companies are the REAL privacy threats. Literally everything you do digitally is tracked including:
- Buying anything either online or offline as your credit card data can be purchased by tracking companies and combined with other data
- Emailing and texting metadata is captured (the content is protected as a warrant is needed to search within an email)
- Moving around with your smartphone in your pocket provides tracking data of your movements
- Everything you do (or your devices do automatically) through your internet service provider is tracked now that net neutrality is dead (ISPs can sell your data)
- Everywhere your face is “recognized” by a camera connected to an increasing number of systems without any regulation since your public persona can be photographed
- And much more.
Want to See How Bad It Is?
Palantir is one company that has always scared the beejeezus out of me out of me as I’ve personally analyzed this completely opaque and secretive organization. But it wasn’t until I read this article Revealed: This Is Palantir’s Top-Secret User Manual for Cops did I say HOLY SHIT THIS IS BAD!
Turns out Motherboard obtained this Palantir user manual through a public records request, and it gives unprecedented insight into how the company logs and tracks individuals and their system goes far beyond what I ever imagined as a worst-case scenario:
“Palantir is one of the most significant and secretive companies in big data analysis. The company acts as an information management service for Immigrations and Customs Enforcement, corporations like JP Morgan and Airbus, and dozens of other local, state, and federal agencies. It’s been described by scholars as a “secondary surveillance network,” since it extensively catalogs and maps interpersonal relationships between individuals, even those who aren’t suspected of a crime.”
In addition, this article 300 Californian Cities Secretly Have Access to Palantir shows how hard various law enforcement and other agencies are hiding the fact that even use Palantir:
Motherboard obtained documents via public record requests which reveal that the scope of Palantir’s influence in California is significantly larger than previously documented. Payment records indicate that between January 2012 and March 2017, about three hundred cities, collectively home to about 7.9 million people, had access to Palantir’s Gotham service through the Northern California Regional Intelligence Center (NCRIC), which is run through the Department of Homeland Security.
Why use Palantir’s Gotham service instead of licensing the software outright?
Gotham is one of Palantir’s two services, and the other service is Palantir Foundry. These 300 police departments could request data from Palantir, and an NCRIC agent would retrieve this data and provide it to local police. Per this arrangement, none of these departments have to disclose the fact that they have access to Palantir.
Read these articles and go scan the manual and you’ll see that it is trivial for any user of their system — whether directly with Palantir or one of their “service” companies — to obtain a HUGE ARRAY OF PERSONAL DATA on any one of us!
Again, notice how Palantir is not even in the conversation any Congress Critters or presidential candidates are having? Also, where is the mainstream media in all of this?
These secondary surveillance network/tracking companies are already out of control. Congress must act now but they won’t unless you tell them to do so and vote accordingly going forward.
Want to know more and/or take action like I have?
Ask your Congressperson and Senators to pay attention to and regulate these tracking/secondary surveillance network companies:
- More on Palantir
- More on Secondary Surveillance Networks
- Find your member of Congress and contact him or her:
Since I care (as we all should) about privacy, security, government surveillance, third-party trackers, and all the other downsides that have already happened to this thing we love called the internet, WE ALL need to stand up and make our voices heard about the recent bill passage to gut net neutrality. That's why I just donated (and have continued to donate) to the Fight for the Future cause and will be watching the livestream next Tuesday, June 11th, to see what is happening and to leverage social media to bring attention to it.
One year ago, Big Cable’s dream came true: they killed net neutrality, giving ISPs like Comcast, Verizon, and AT&T control over what we see and do online. Millions of people demanded that Congress restore net neutrality. In response, the House of Representatives passed the landmark Save the Internet Act. But Senate Majority Leader Mitch McConnell — who has taken over $1 million in campaign donations from Big Cable — is refusing to allow his branch of Congress to vote on this popular bill. So on June 11th, net neutrality supporters in the Senate will try to force a vote using a procedure called “Unanimous Consent.”
How can you help?
We’re organizing an epic livestream so that millions of everyday people just like you can watch their lawmakers, and hold their lawmakers accountable for their actions … or inaction. Fill out the form above and tell Congress why you support net neutrality. We'll make sure your comment gets hand-delivered to Congress, and we'll be reading our favorite comments during the livestream on June 11th. You can also spread the word on social media to make sure everyone knows what's happening.
Watch the livestream on June 11th
Remember when Apple’s Tim Cook wouldn’t put in a backdoor to iOS so the FBI could gain access to the San Bernardino terrorist’s iPhone? THIS IS WHY!
If the NSA can’t control software as destructive as this, how can any government guarantee a compromised operating system won’t get in to the wild? (One guess: they cannot and Tim Cook was 100% right).
Read this article in The New York Times as it tells the story of the NSA’s software loss well.
We must have end-to-end encryption on our devices. Period.
I have to admit that I get irrationally angry when a major internet service provider like Cox does not allow true and complete management of one’s internet service online.
It’s easy to add a Cox service in my account, like I did when our son’s internet use threatened to push us over our 1 terabyte “cap” on our internet use (1 terabyte = 1,024 GBs). So I chose Cox’s “add-on” of 500GBs additional data. Doing so ensured I wouldn’t have to pay their $10 per 50GBs overage cost.
We were on a run-rate to be closer to 1,400 GBs and it was much cheaper to pay the add-on cost of $29.99 for 500 GBs, instead of the $75 it would have cost as an overage for the possible 376 GBs additional data we would likely have used.
But now that our son has moved to Santa Monica for a job, our data use has plummeted and is well under that 1 terabyte ceiling.
So this morning I went online to Cox and discovered — just like Comcast did in the State of Minnesota we left last June — the only way to cancel or remove an add-on or service is … you guessed it … to call a human in their respective billing departments.
Yes, I know this is so they have an opportunity to convince us to keep the service or add-on. To have a chance to upsell us on new services. BUT I AM SICK OF THE GAME and just want to do what I do with my Schwab brokerage accounts, Wells Fargo banking accounts, and the myriad of other services I use that “get it” when it comes to allowing FULL MANAGEMENT OF ONE’S ACCOUNT ONLINE.
So Cox, Comcast and others … quit the bullshit games and pretend like you understand the internet, the web, and how it works. All you do is piss off people like me who see right through your veiled attempts.
Do you use social login? How about for remote access to your home WiFi router when you’re not at home? Unless you have good password practices and multi-factor authentication, I recommend you do NOT enable remote access of any kind, and maybe consider never using social login ever again.
I am very pleased with our Amplifi Mesh Wi-Fi System installation but have one security-related issue: For remotely logging in to the router from my smartphone, the remote-access, social login credentials are only ones from two providers: Google and Facebook.
While implementing social login is far easier for developers than building a custom login solution — and social login is often assumed by them to be the path of least resistance since these big companies can protect user credentials better than a smaller company — that “big company is more secure” assumption has been proven false and highly risky:
- KREBS: Facebook Stored Hundreds of Millions of User Passwords in Plain Text for Years
- WIRED: The Security Risks Of Logging In With Facebook
- MEDIUM: It’s time for brands to reconsider social login
- TOM’S GUIDE: 100 Million Quora Accounts Hacked: What to Do
Use of social login also assumes that the user has excellent password practices and/or uses multi-factor authentication, which is usually not the case. So if the user doesn’t implement those best-practices when it comes to protecting their Google or Facebook logins, then Amplifi’s parent company, Ubiquiti, may feel they are off-the-hook in the event of a breach?
I would argue that a blackhat hacker obtaining a social login email and password is trivial (e.g., I can name twenty-five friends and family that have had social accounts hacked in to).
Unless the user has implemented multi-factor authentication, then those social login credentials could be used to gain access to a home WiFi router that use social logins for remote access.
I’ve added this suggestion on the Amplifi community forum to ask the company to have a Ubiquiti-driven login with multi-factor authentication, and in it asked these questions:
- What is your position on security and privacy where it comes to enabling Google and Facebook to potentially monitor outbound traffic from an IP address?
- As such, do you have a security/privacy white paper that outlines how you use the Google and Facebook social APIs, and specifically what you allow Google and Facebook to monitor? (like router IP address).
While I appreciate that our Amplifi Mesh Wi-Fi System is focused on simplicity first and granular level detail on security and privacy second, I’d like to see a public/private key, encrypted, Ubiquiti-delivered remote access login (where I hold both keys) along with multi-factor authentication … at a minimum.
Baseball is a good metaphor for predicting the future. Sometimes you hit a home run, often a single or double, and too frequently a swing-and-a-miss.
This morning I was digging through an old research folder on my computer and came across something I’d downloaded from CompuServe‘s news headlines from March 1, 1996. This “internet forecast” was vague enough to get some things right, but otherwise was wrong on many accounts.
I’d been on CompuServe since the early 1990s and was eager to learn everything I could about this new thing called the “Internet.” I followed every single tidbit of information, leading up to The Big Trip to Germany that I took with my father in the summer of 1997 when, on that trip, publishing to the internet changed the course of my career and life in ways I never expected.
What I think is accurate in the 1995 press release below:
- Internet had to be mainstream
- Had to be intuitive and easy to use
- Connective advertising did grow exponentially
What was missed:
- Web site consolidation? Um…not really. In 1996 websites began to explode on to the web.
- Phone companies were NOT a good bet for delivering the internet.
- Self-regulation almost never works since companies are out for themselves and their shareholders.
Other than that it was a pretty solid vision and worth a read, but it illustrates how any prediction of the future should always be taken with a grain-of-salt. Enjoy and check out the bonus video below.
Headline: INTERNET FORECAST FOR 1996: COMMENTS BY NEW MEDIA …
Wire Service: PR (PR Newswire)
Date: Fri, Mar 1, 1996
INTERNET FORECAST FOR 1996: COMMENTS BY NEW MEDIA VISIONARY AL SIKES
NEW YORK, March 1 /PRNewswire/ — This week, at Jupiter Communications’ Consumer Online Services III, Al Sikes, President, Hearst New Media & Technology, presented his future vision for the Internet. This keynote speech kicks off a briefings campaign between Mr. Sikes and the press regarding the future of the Internet. In his remarks, Mr. Sikes outlined the demise of the World Wide Web as we know it today and predicted the rise of a “sensory-led” medium, one that is driven by creative people who will push multimedia artistry to new heights. His major points are highlighted below.
- Easy access and customized solutions will drive success. While today’s Internet is primarily populated by techno-savvy “early adopters,” its future depends on attracting mainstream Americans. “Early adopters are prepared to work for what they want,” explained Mr. Sikes. “Later adopters will demand that it be easy.” To survive, companies must hone their editorial vision and provide added value services through “smart” software and personalized applications. “At HomeArts, Hearst’s popular Web network for the home and home life, our challenge is to give every HomeArts user a personal experience. If we are to earn that trust, our evolution must include ‘intuitive software’ that will shape users’ daily package of news, information and entertainment,” explained Mr. Sikes.
- “Connective” advertising will grow exponentially. The explosion of company Web sites and commercial content providers spells huge opportunities for the advertising community. “In virtually all media, there is a symbiotic relationship between telling stories and advertising; this medium will be no different,” explained Mr. Sikes. In response, advertising agencies must adjust. “The industry will become tiered,” predicted Mr. Sikes. “There will be a tier that ‘gets it’ and a tier that doesn’t.”
- Web sites will consolidate. In 1995, a handful of commercial content sites built a following. In 1996, there will probably be some consolidation among content providers, with the number of small niche sites dwindling or seeking strategic hot links with the larger ones.
- Phone companies will deliver digital technology to the home. Spurred by the advent of “cable modems,” the phone companies will begin to deliver on their long but dormant promise to bring digital technology to the home. “While I am rooting for both phone and cable companies to contemporaneously shower us with bandwidth, I am more inclined to bet on the phone companies, or maybe phone-cable combinations,” predicted Mr. Sikes. The eleven largest telephone companies’ 1995 cash flow approached $30 billion. The cable industry’s cash flow, while significant, is small by comparison.
- Constructive self regulation will override government intervention. In 1995, the top industry debate in Washington was censorship. In 1996, the issue will be privacy. And just as the industry fought censorship initiatives, it too will oppose overarching government restrictions in the privacy domain. “Nothing hurts entrepreneurial industries more than an enforced, day-by-day partnership with the government,” said Mr. Sikes. Instead, the industry will push for constructive self-regulation. “The increasing importance of the Web points to the need for an industry approach.”
About Alfred C. Sikes
Prior to joining Hearst New Media & Technology in 1993, Al Sikes served as Chairman of the Federal Communications Commission. From 1986 to 1989, Mr. Sikes was Assistant Secretary of Commerce and Administrator of the National Telecommunications and Information Administration (NTIA), responsible for the NTIA TELECOM 2000 report, a seminal U.S. communications policy assessment. Mr. Sikes is a graduate of Westminster College, Fulton, Missouri and the University of Missouri Law School.
About the Company
HomeArts (http://homearts.com) is owned by New York-based Hearst New Media & Technology, a division of Hearst Corporation. In business since 1993, Hearst New Media & Technology builds online networks and multimedia CD-ROM titles. These products leverage the company’s existing brands and expertise to create new audiences valuable to advertisers and other content providers. In addition to the HomeArts network, Hearst’s current releases include In Full Bloom: Great Home Gardens, Country Living Style, Chapman’s Hands-On Powerboating, Popular Mechanics Car Guide, Comic Creator and Multimedia Newsstand (http://mmnewsstand.com).
Hearst New Media & Technology is located at 4 Columbus Circle, 3rd Floor, New York, NY 10019. Phone: 212-649-2700; fax 212-977-3845. -0- 3/1/96 /
Copyright 1996 PR Newswire. All rights reserved
Here is another 1995 vision video from one of those phone companies, AT&T:
This morning the U.S. Supreme Court ruled that police must obtain a search warrant in order to get access to cellphone location information.
This is HUGE and a big win for anyone who cares about intrusive, mass, warrantless surveillance that is, by any measure, illegal searches and (data) seizures.
Chief Justice John Roberts sided with the “liberal” justices (ones I instead use the adjective “strategic” to describe). This National Public Radio (NPR) story In Major Privacy Win, Supreme Court Rules Police Need Warrant To Track Your Cellphone put it succinctly:
The majority declared that the Fourth Amendment guarantees an expectation of privacy and that allowing police to obtain moment-by-moment tracking of an individual’s cellphone location is a kind of surveillance that the framers of the Constitution did not want to occur without a search warrant.
The chief justice said that this sort of tracking information is akin to wearing an electronic ankle-bracelet monitoring device and that the citizens of the country are protected from that kind of monitoring unless police can show a judge that there is probable cause of a crime that justifies it.
After the 2014 Edward Snowden revelations about mass, warrantless surveillance of U.S. citizens — which was being performed by the signal intelligence focused National Security Agency (NSA) — was an enormous concern both domestically and internationally as the NSA’s clear mission was to focus only on foreign signal intelligence while excluding spying on American citizens. The outcry domestically and internationally reached a fever pitch…but little was revealed on what was being done to stop mass, warrantless surveillance.
Then some of Snowden’s document releases were published and it was revealed that all of this vacuumed-up data had a “Google-like search engine” that could be used to scour all data for an individual or group. Somehow the Drug Enforcement Agency (DEA) and other law enforcement agencies were being provided with data that couldn’t be challenged in court due to “national security concerns” so the extent of data being swept-up has never been completely understood.
The bottom line? The accelerating “surveillance State” was already out of control and Congress seemingly turned a blind eye toward it and extended its capability.
Though it has taken too many years for the Supreme Court to weigh in on the Constitutionality of warrantless surveillance, the explosion in law enforcement’s use of cellphone tracking devices like Stingray, meant that warrantless tracking by police agencies was low-hanging-fruit for the court to address.
In my mind it’s too little, too late…but it’s a start.
Can’t help but think that “Norton by Symantec” is trying to scare the beejeesus out of website owners with something that sure smells like a scam to me…or at least a really spammy marketing effort to bolster their contact lists.
One of my businesses, Innov8Press, recently began rebuilding a long-time client’s new website. Before the rebuild started we moved the client to a new webhost as their existing one wasn’t up to handling what the new site will require for technical resources.
This is a site we had built (but were not managing at the time) and is one we cleaned up after a hack two years ago and it has been clean ever since. FOR THE LAST TWO YEARS Google says it is clean. Sucuri says it is clean. The premium Wordfence security suite says it is clean.
So imagine my surprise that, after we’d moved the site, we saw this at the new webhost’s dashboard:
Then I go back to Sucuri — which again, had shown the site to be clean for TWO YEARS until we just moved it last week — and now this appears:
We’ve now invested a couple of hours:
- Creating an account at Norton Safe Web
- Interacting on the community forum (basically to ask, “WTF?”)
- Downloading the verification file
- Uploading it to the site’s server
- Requesting a verification as the “site owner”.
SCAM OR JUST SPAMMY MARKETING?
Every fiber in my being tells me this is a spammy attempt to get website “owners”, whether the actual owner or developers like us, to signup for their services. At the very least it’s an attempt to identify website owners so they can email the shit out of us.
If Norton starts spamming us I’ll create a filter in Gmail to instantly set all their emails to “spam.” They’d better not think they can market to us in this fashion like some no-scruples startup, and basically waste the time of website owners like this.
Need to tell you about a very cool Mac app (Windows version coming soon) that has transformed how I manage my online work and even social media interactions.
The app is called Coherence, now in version 5, which I hadn’t heard about until I stumbled across it this past week and downloaded the trial version. I liked it so much I purchased the Family License 20 minutes later!
The app allows you to create site-specific web browsers that function as their own self-contained Chrome browser application. Why would I want to have a bunch of separate web browser apps on my Mac instead of just opening up 10, 15 or 20 tabs in my Chrome browser? Besides slowing down Chrome and using up lots of my computer’s memory, I have a need to keep things separate:
- MANAGING ACCOUNTS: With four GSuite accounts (a personal one and three for our various businesses) I could just log in to all of them in my main Chrome browser, but that would mean choosing accounts before going in to Google Drive, calendar, or other GSuite apps, a huge pain in the butt and often confusing. Having one site-specific browser for each GSuite account is fabulous and makes managing all of those accounts a breeze!
- DEVELOPMENT: With our Innov8Press business I’m constantly logged in to multiple accounts and like to keep everything contained as I work, especially since I’m often logged in to a client’s web services (e.g., Mailchimp; Salesforce; Dropbox) and using a Coherence-made browser makes it simple to not have to login and logout over-and-over again as I go through my workday.
- KEEP TRACKING TO A MINIMUM: Rather than use a plugin to keep Facebook (and others) from tracking my activities all across the web, Facebook has its own browser and everything runs within it. I even have a “Media” browser with bookmarks to publications I view in order to again, make it harder for third-party tracking companies to follow me around while I browse and use the web.
- UNIQUE, DISCRETE APPS: I often play Pandora in a browser on my desktop so it’s really nice to be able to do so in a separate browser app vs. having to have the highly insecure Adobe Flash installed so I could run Pandora’s Adobe Air app. I also have a browser app for YouTube/Netflix/Hulu streaming apps as well as one to use with UberConference. Again, it makes my workflow so much more manageable.
- EXTENSIONS: One last, highly useful aspect of of Coherence 5 is being able to load extensions. For example, in most of the Coherence browser apps I’ve created I’ve included my LastPass password manager extension. That way I can login to a client’s sites (or my own) as needed. Since sometimes I also need to view a client’s site from the standpoint of a user in the U.K. or countries in the E.U., being able to connect a given site-specific browser via the Private Internet Access (PIA) VPN to one of the PIA servers in one of those countries really helps (especially being able to perform Google searches in those countries in order to tweak SEO).
There are lots of other use-cases I’m sure you can think of, or will soon discover, on your own and, at the very least, it’s definitely worth considering. You will find the pricing here:
- Coherence 5 for macOS 10.10 and Above – Single License $4.99
- Coherence 5 for macOS 10.10 and Above – Family License (5 Licenses w/ 10 Activations) $24.99
NOTE: I should mention that I have used FluidApp for several years, the site-specific browser creator which makes a Safari-like (i.e., WebKit) browser. There are some features in it I like, but it’s not as flexible as Coherence 5 and I find being able to add extensions and use a Chrome-foundation browser meets my needs better.
Is this deal too good to be true? Nope.
US Mobile is offering unlimited inflight internet service through the huge global provider iPass for only $10 per month using either the GoGo or Panasonic inflight networks. Yep…you can use it on several U.S. and international airlines but it gets even better as you’ll see below.
As a point of comparison, here is what GoGo charges for a single airline plan:
GoGo is still much more expensive (2 devices will cost $60 per month) and you’re still limited to a single airline. If you fly more than one airline — or even choose your single, favorite one — this new US Mobile offering will save you $40 per month if you only use a single device like your laptop. If you want to add your phone or tablet it will still be a lot cheaper at $20 per month and also offer you more flexibility with multiple airlines.
Here’s where this deal gets even better though. What happens when you land and want to use Wifi in the airport? Once you’re in the city and want to stop in to a coffee shop or restaurant? Or get online when you get to your hotel?