Security

*Any* Backdoor in to Encrypted Devices Will Not Work!

UPDATE July 23, 2019

February 14, 2019: President Trump congratulates his new Attorney General, William Barr

TechCrunch reported today that US attorney general William Barr says Americans should accept security risks of encryption backdoors and this idea is a very, very bad one. There is NO FUCKING WAY that I will allow my devices to have a backdoor in them … ever … and please note: this is NOT about me maintaining my social media, email or chat privacy. This is about protecting MY data and MY personal and client accounts.

If the U.S. Department of Homeland Security, Medicaid, Army, Office of Personnel Management, Department of Defense — and companies with their business and reputations at stake — can’t keep hackers out of their systems, how will the government protect a backdoor?

Check out this list of breaches on Wikipedia which starts out with this in the opening paragraphs, and scroll down to see how many companies and governmental organizations have been breached:

It is estimated that in the first half of 2018 alone, about 4.5 billion records were exposed as a result of data breaches. In 2019, a collection of 2.7 billion identity records, consisting of 774 million unique email addresses and 21 million unique passwords, was posted on the web for sale.

If a backdoor is legislated to be put in our smartphones, tablets and computers, I can absolutely guarantee that it will get out in to “the wild” and be used by blackhat hackers, regardless of what NON-TECHIES like Barr and Trump spout off about in rallies or articles.

Like CGPGrey has said, “There’s no way to build a digital lock that only angels can open and demons cannot. Anyone saying otherwise is either ignorant of the mathematics or less of an angel than they appear.” I submit that most leaders are not only ignorant of both the math and why it is not technically feasible to put a backdoor in to encryption, they only care that we can keep governmental (and hacker!) prying eyes out of our most sensitive information.

One glance at my iPhone shows that there are numerous apps that could destroy me financially and potentially provide access to my LastPass password manager … allowing subsequent access to nearly 2,000 passwords for clients and every website I’ve signed in to in the past. For example these apps being compromised:

  • Charles Schwab with access to my entire portfolio
  • Wells Fargo with access to my wife and my accounts
  • My Bitcoin wallet
  • My Apple Wallet with multiple credit cards and Apple Store cards with money in them
  • Signal communication app — which protects our communications when my wife, kids or myself are traveling overseas
  • My LastPass app with connections to my password vault…
  • …and too many more.

I could go on and on but let me have John Oliver amusingly inform you about the realities of having the government put a backdoor in and defeat encryption:

Tracking Companies Are The Real Threat To Our Privacy And Congress Is Doing Nothing About These Secondary Surveillance Networks

Congressional “theater” is happening right now and our ‘Congress Critters’ are all seemingly outraged at the privacy violations by Facebook, Google, and all the other tech companies we all use every day. Some even want to break them up as do various Democratic presidential candidates.

But I’d like you to notice that there is not a *peep* from any of them about all the other tracking companies out there, especially ones like Palantir.

Those tracking or “secondary surveillance network” companies are the REAL privacy threats. Literally everything you do digitally is tracked including:

  • Buying anything either online or offline as your credit card data can be purchased by tracking companies and combined with other data
  • Emailing and texting metadata is captured (the content is protected as a warrant is needed to search within an email)
  • Moving around with your smartphone in your pocket provides tracking data of your movements
  • Everything you do (or your devices do automatically) through your internet service provider is tracked now that net neutrality is dead (ISPs can sell your data)
  • Everywhere your face is “recognized” by a camera connected to an increasing number of systems without any regulation since your public persona can be photographed
  • And much more.

Want to See How Bad It Is?

Palantir is one company that has always scared the beejeezus out of me out of me as I’ve personally analyzed this completely opaque and secretive organization. But it wasn’t until I read this article Revealed: This Is Palantir’s Top-Secret User Manual for Cops did I say HOLY SHIT THIS IS BAD!

Turns out Motherboard obtained this Palantir user manual through a public records request, and it gives unprecedented insight into how the company logs and tracks individuals and their system goes far beyond what I ever imagined as a worst-case scenario:

“Palantir is one of the most significant and secretive companies in big data analysis. The company acts as an information management service for Immigrations and Customs Enforcement, corporations like JP Morgan and Airbus, and dozens of other local, state, and federal agencies. It’s been described by scholars as a “secondary surveillance network,” since it extensively catalogs and maps interpersonal relationships between individuals, even those who aren’t suspected of a crime.”

In addition, this article 300 Californian Cities Secretly Have Access to Palantir shows how hard various law enforcement and other agencies are hiding the fact that even use Palantir:

Motherboard obtained documents via public record requests which reveal that the scope of Palantir’s influence in California is significantly larger than previously documented. Payment records indicate that between January 2012 and March 2017, about three hundred cities, collectively home to about 7.9 million people, had access to Palantir’s Gotham service through the Northern California Regional Intelligence Center (NCRIC), which is run through the Department of Homeland Security.

Why use Palantir’s Gotham service instead of licensing the software outright?

Gotham is one of Palantir’s two services, and the other service is Palantir Foundry. These 300 police departments could request data from Palantir, and an NCRIC agent would retrieve this data and provide it to local police. Per this arrangement, none of these departments have to disclose the fact that they have access to Palantir.

Read these articles and go scan the manual and you’ll see that it is trivial for any user of their system — whether directly with Palantir or one of their “service” companies — to obtain a HUGE ARRAY OF PERSONAL DATA on any one of us!

Again, notice how Palantir is not even in the conversation any Congress Critters or presidential candidates are having? Also, where is the mainstream media in all of this?

These secondary surveillance network/tracking companies are already out of control. Congress must act now but they won’t unless you tell them to do so and vote accordingly going forward.

Want to know more and/or take action like I have?

Ask your Congressperson and Senators to pay attention to and regulate these tracking/secondary surveillance network companies:

Watch the Net Neutrality Senate Livestream on June 11th

Since I care (as we all should) about privacy, security, government surveillance, third-party trackers, and all the other downsides that have already happened to this thing we love called the internet, WE ALL need to stand up and make our voices heard about the recent bill passage to gut net neutrality. That's why I just donated (and have continued to donate) to the Fight for the Future cause and will be watching the livestream next Tuesday, June 11th, to see what is happening and to leverage social media to bring attention to it.

What’s happening?

One year ago, Big Cable’s dream came true: they killed net neutrality, giving ISPs like Comcast, Verizon, and AT&T control over what we see and do online. Millions of people demanded that Congress restore net neutrality. In response, the House of Representatives passed the landmark Save the Internet Act. But Senate Majority Leader Mitch McConnell — who has taken over $1 million in campaign donations from Big Cable — is refusing to allow his branch of Congress to vote on this popular bill. So on June 11th, net neutrality supporters in the Senate will try to force a vote using a procedure called “Unanimous Consent.”

How can you help?

We’re organizing an epic livestream so that millions of everyday people just like you can watch their lawmakers, and hold their lawmakers accountable for their actions … or inaction. Fill out the form above and tell Congress why you support net neutrality. We'll make sure your comment gets hand-delivered to Congress, and we'll be reading our favorite comments during the livestream on June 11th. You can also spread the word on social media to make sure everyone knows what's happening.

Watch the livestream on June 11th

[UPDATED] There is a Dangerous Problem with the Honda Clarity

UPDATE July 23, 2019
This problem has not yet reappeared, even with my personal testing. I was close to zero on a Palm Springs-hot day (was 108º F) and the engine raced when at 0 battery, but I didn’t lose power. I’ve been working with American Honda’s customer support for a few weeks now. They kept steering me back to the dealership but they have found nothing. The Clarity does not log any data so I purchased an OBD II connector with an iPhone app, so am keeping an eye on any aborrent behaviors (like the check engine light coming on and staying on for 36 miles but no errors were seen). Will update again if need-be.

My wife and I had a terrifying loss of power in our new 2019 Honda Clarity yesterday AND we were in rush hour traffic on CA-73 (a toll-road that runs from Newport Beach to I-5 in Laguna Niguel, California) driving along at 70MPH.

Here is what happened and how we discovered afterwards that this is an isolated, but seemingly common, quite dangerous issue with the Honda Clarity PHEV.

LOSS OF POWER IN RUSH-HOUR TRAFFIC

It’s late afternoon yesterday (May 31, 2019) and we are headed home from an appointment up in Huntington Beach, CA. We are driving on CA-73 in the Clarity’s HV Mode. When the battery drops to two bars — the baseline where the car’s computer stops the drainage from the battery to power the car — the engine is supposed to kick-in but it began REVVING and then lost ALL POWER.

Since we were going up a hill, the Clarity immediately dropped from 70mph to 40mph in seconds and kept dropping. Pushing the accelerator to the floor did nothing except redline the engine and it gave NO POWER TO THE WHEELS TO MAKE THE CAR GO.

Due to the rush-hour traffic on all sides (and cars coming up behind us at 70mph or greater), we *barely* are able to make it to the shoulder with cars honking and speeding around us! It was a truly terrifying experience. No matter what I did, I couldn’t get the car to power itself. I had to turn the car off, then back on, put it in “Sport” mode, and then we were able to drive it like it should work when the battery is depleted.

Just so you know, the Clarity Plug-In Hybrid has 3 modes: ECON, Sport and HV. ECON is battery-only. Sport is what you’d expect: it uses the battery and ICE (Internal Combustion Engine) to power the car simultaneously. HV mode uses the engine and the electric motor to power the Clarity as efficiently as possible in order to achieve the highest possible MPG.

In seconds I was switching between these modes in an attempt to get SOME power to safely get the car to the shoulder. My wife suggested turning on the hazard flashers which I did, and fortunately several cars slowed down so we could coast over to the side of the road and turn the car off.

After the adrenaline rush subsided, I was stumped that the car wasn’t smart enough to either warn me or, more importantly, to simply self-correct and not put us in to such a dangerous situation.

FOUND OUT I’M NOT THE ONLY ONE

Returning home, I find DOZENS of postings showing this is an issue many people have experienced. I concur with most that this is a DANGEROUS situation and HONDA HAS BEEN SILENT on this major issue.

CAR COMPLAINTS
I’ve found about 15 places where people have described the exact issue we experienced, but some also discuss other situations where the car had this revving-no-power problem (revving is also euphemistically called “angry bees”) even without a depleted battery. At CarComplaints.com there are several, including many like these:

January 15, 2019: “3 days after purchase I was driving on an interstate when the car suddenly lost all power. I managed to pull to a slow lane but the lack of power continued for another 5 minutes. It had been running on battery just prior and I had 2 bars of power left. The outside temperature was about 15 degrees. The internal combustion engine began to race but only began to give adequate power to the wheels after 5 minutes. A terrifying experience. Honda checked out the car and said nothing was wrong. I am hearing of other cases being reported like mine.”

Steve Borsch note: This is what happened to us, but the outside temperature was approximately 67 degrees. In the next two CarComplaint’s posts I’ve bolded specific items of note:

January 09, 2019: “Car revs up when driving down the highway but drops speed to 10mph. It has done this 2 times once in town and once on US-23 while driving 70mph. There are several complaints about the car doing the same thing to other Clarity owners and this is a highly dangerous situation that Honda should take care of! Reineke Honda in Findlay Ohio had my car for about 3 weeks and while test driving it the car did the same thing for the service manager Mike Stevens. They took a control box off a brand new Clarity per Honda’s suggestion and I am driving the car and had no new problems so far. They were not sure this would fix the issue but so far it hasn’t happened again. This is a dangerous failure in the car and I am lucky I wasn’t driving in Columbus, Ohio the 2nd time the car did it or I would have been rear ended! Honda needs to make sure this problem is fixed!!!”

February 09, 2019: “On approx 6 occasions, when EV power is used up, the car switches to ICE mode with issues. When traveling up hill, it feels like the transmission is not engaging. The vehicle losses power, and does not accelerate. The ICE revs extremely high without speed gain. Have also experienced a downhill situation with nearly full EV in EV mode. Vehicle feels like it disengages drivetrain. When pressing the accelerator, there was no response. One feels helpless when this occurs. Most of the time, the car had switches from EV to HV automatically, without issue. But, the above phenomena has happened 6 times in the last year this is unsafe. The vehicle was sold as an EV, with a gas engine to take over when EV runs out. At no time was there any explanation regarding potential situations that would cause the vehicle to become unsafe and lose power. One should not have to ensure reserve EV power for potential power loss situations. When these situations have occurred, upon shutting off the car and exiting, there is a strong smell of burning rubber and other material similar to transmission and brakes, or hot metal. Clearly something is overheating, and if the vehicle was not shutdown and allowed to cool, a reasonable person might conclude that significant damage to the engine, electric motors, EV battery, or transmission would take place. I am no longer driving the vehicle as a pure EV for city driving. The fear of power loss without control is extremely upsetting, and consequently, not getting the value of vehicle. My spouse will not drive the vehicle as driver or passenger if the trip is to exceed 20 miles in one direction. My gas savings has dropped considerably as I am unable to risk running out of EV before my trip ends. This vehicle has been taken to the dealer 3 times, and inspected by Honda of America. They deny there is anything wrong with the vehicle.

WHAT’S NEXT, HONDA?

What do I do next? More importantly, what do YOU do next, Honda? Almost all postings I’ve read say that dealer investigations turn up nothing and are a waste of time. I suspect it’s because the fundamental software code is at fault, something a dealer cannot fix.

HONDA: This is clearly a software issue since the switchover from HV Mode’s battery/engine, to only the engine, does not happen correctly. You must fix this before someone (or multiple people) die in a horrific crash and you are found to be at fault for not addressing this issue.

WHERE IT HAPPENED: Here is where it happened to us yesterday — we were headed southbound on CA-73 up a hill and the ‘shoulder’ we had to pull over on was on a bridge over El Toro Road, with cars racing by at top speed:

WHY A TWEET AND THIS POST: The primary reason I tweeted Honda today and am writing this post (and will tweet it too), is to document what happened, where it happened, and to have an audit trail in case something happens to me or my family while driving this car … or Honda does nothing to fix this issue and puts an unknown number of Clarity PHEV owners in continued jeopardy.

ProtonMail Continues To Be The Safest, Most Secure, and Private Email Provider

Last evening I saw this article link from Steiger Legal, on a blog run by Swiss lawyer Martin Steiger, in which he published a damning allegation that my beloved ProtonMail, the end-to-end encrypted email provider, was:

Email service provider ProtonMail, based in Switzerland, offers assistance for real-time surveillance: Voluntarily!

Steiger goes on with writing a factually incorrect article about ProtonMail on his blog, alleging, among other things, that “ProtonMail voluntarily offers assistance for real-time surveillance.

Fortunately ProtonMail responded with, in part, this clear statement:

So that there can be no ambiguity: ProtonMail does not voluntarily offer assistance as alleged. We only do so when ordered by a Swiss court or prosecutor, as we are obligated to follow the law in all criminal cases. Furthermore, ProtonMail’s end-to-end encryption means we cannot be forced by a court to provide unencrypted message contents.

That’s crystal clear in my view. Just to restate that last sentence, even if a prosecutor was able to scrape metadata about which user emailed to another person(s), the contents of the email could not be decrypted by ProtonMail and provided (and a government or intelligence service could not as well without massive computing power and a lot of time!

Unfortunately I had seen this article but not ProtonMail’s rebuttal before emailing their support and tweeting it to @ProtonMail, they responded to my tweet:

Hi Steve, these allegations are false, and have also been refuted by the Swiss public prosecutor earlier this week. We have responded on our blog here with more details: https://t.co/xdz2xfF4pu

— ProtonMail (@ProtonMail) May 31, 2019

I then responded and apologized for being rash and not investigating fully before tweeting:

Thank you for the clarification! Had not yet read the HN thread nor your post. Should have gone there first … apologies for that.

Note: With all the recent breaches and revelations that mobile apps are “phoning home” with metadata, my paranoia is accelerating. https://t.co/7XAkEEKD8B

— Steve Borsch (@sborsch) May 31, 2019

The “recent breaches” and “phoning home” items I referred to in my reply to ProtonMail were:

  • Washington Post article about how their privacy experiment showed 5,400 hidden app trackers guzzled our data — in a single week on the reporter’s iPhone.

Is it no wonder I rushed-to-judgement for a secure email service I rely upon to keep my emails to family and friends — and the PDFs, Word docs, and Excel spreadsheets with vital data in them — secure from prying eyes?

Thank you, ProtonMail team, for helping to keep us safe and secure!

NSA Loses Control of THEIR Hacking Software and Apple’s Tim Cook Was 100% Right

Remember when Apple’s Tim Cook wouldn’t put in a backdoor to iOS so the FBI could gain access to the San Bernardino terrorist’s iPhone? THIS IS WHY!

If the NSA can’t control software as destructive as this, how can any government guarantee a compromised operating system won’t get in to the wild? (One guess: they cannot and Tim Cook was 100% right).

Read this article in The New York Times as it tells the story of the NSA’s software loss well.

We must have end-to-end encryption on our devices. Period.

Here is what I believe is the *best* backup solution money can buy

It happened again this morning: A friend reached out to tell me their PC’s 1TB hard drive had crashed and could I help? Of course you guessed it, they did not have it backed up, the drive was toast, and they have either lost everything or could pay close to $2,000 to have the drive recovered!

I have a hard time feeling any sympathy for them, especially since he and I have discussed backup numerous times. I’ve always encouraged him to buy one of inexpensive backup drives that exist, which makes backing up so simple that anyone can do it, even him. So I’ll implore you to backup just like I did him but he is serious about it now after it is too late: PLEASE back up all of your systems and, especially, your main PC or Mac. It’s not IF your hard drive will fail, but rather WHEN it will fail.

WHY I DON’T BACKUP TO CHEAP DRIVES
For me, however, a cheap backup drive won’t do it which is why I use the ioSafe G3 drives:

The ioSafe Solo G3 is fireproof and waterproof external hard drive engineered to keep data safe during fires and floods and to protect to from theft. Designed for optimal reliability, the G3 hard drive is the easiest way to protect your photos, videos, documents and other irreplaceable data.

I’ve written about these drives before here and here and I own two of them. My iMac has a 1TB solid state drive in it and I have one external 3TB ioSafe G3 drive which is nearly full of music, photos, and files. Both my iMac’s drive and my external 3TB drive are encrypted with FileVault, so I needed a 4TB external drive to use for a Time Machine backup drive. So I purchased that second ioSafe drive — this time in a 4TB size — to back them both up (and yes, everything is encrypted there too).

In fact, today I ordered another ioSafe G3 drive but this time in a 6TB configuration. Why? Because my Time Machine backups only go back 30 days and I want them to go at least 30 days further back and maybe longer, so an extra 2TBs of storage will enable me to do that (and I’ll wipe my 4TB drive and connect it to my wife’s iMac).

WHY I DON’T BACKUP TO THE CLOUD
Consider me paranoid, but unless I control the private encryption key I don’t feel my data is safe. Anyone with that key can unlock my data and view it (e.g., Dropbox can, in theory, read all of your files).

The only one I would consider is SpiderOak’s personal One backup plan, a solution that encrypts your data before it is backed up and sent to their servers. As good as SpiderOak is, there are a few “fatal flaws” I see with using it (or any cloud service) as my primary backup solution:

  • My data is in the cloud on someone else’s servers.
  • It takes forever to transfer large data files so backing up is time consuming. Moving huge files can also hammer on your internet service provider’s data caps (which are becoming more common now that TV streaming is ubiquitous and used by more people than ever before) so you’ll have to pay more for data.
  • The 5TB service I’d need is $29 per month ($348 per year) which would buy an ioSafe G3 drive itself!

WHY I USE IOSAFE DRIVES & BELIEVE THEY’RE THE BEST

Look … you can go ahead and backup to cheap drives. But lets say your house catches on fire and the fire department arrives to put it out. If the area near your computer burns your PC is melted and so are your backup drives and everything will be lost. Even if it doesn’t burn and melt, the water used to put out the fire will most likely compromise the backup drives and make them unrecoverable.

The features that make it “the best” backup solution money can buy include:

  • The ioSafe drives can withstand temperatures up to 1550°F for 30 minutes per ASTM E119 (PDF).
  • They can be completely submerged in fresh or salt water up to a 10′ depth for 72 hours (which is so much more than a firehose would douse them with in a house fire).
  • The drives can be secured to either the floor or a hard-to-move object to prevent the drive, and the data it holds, from being stolen (I bolted my drives to my desk when our house was up for sale so no one could grab one and run off with it!).
  • These drives are very, very quiet and, with USB 3, they are fast.
  • They are a “set it and forget it” backup solution. If you have a Mac, use Time Machine to back up your computer. If you have a Windows PC, buying an ioSafe drive includes a license to Genie Timeline Professional: easy to use backup software for Windows that can protect your data with military-grade 256-AES encryption.

Living here in southern California makes drives like these even MORE important for my wife and for me. With earthquakes, wildfires, and more humans than most places on earth (so more likelihood of theft), having these drives as my backup solution give me peace of mind.

HOW AND WHERE TO BUY
Though you can buy these drives directly from ioSafe, here are a few places to pick up a 2TB, 3TB or 4TB drive less expensively:

WHATEVER YOU DO … BACK UP!!
Borsch, you’ve told me I need to back up … I get it!” OK, OK … but I thought my buddy didn’t want to hear me pontificate about backing up either and he didn’t … and now he’s lost all his photos, videos, emails and other data.

Don’t be like my buddy … back up now.


Disclaimer: I receive absolutely nothing from ioSafe or anyone else for my enthusiasm for their incredible hard drives. Yes, I do think they’re the best and just want everyone to back up!

Get Secure *Before* You Get Hacked

As I’ve been dubbed “Mr. Security” by my friends, family and clients (I pay significant attention to, and use, cybersecurity, privacy and software measures) but my pleadings with them to be secure often are ignored…until they get hacked. Then they plead with me to help them out and get their digital life on track. Usually it’s too little, too late, and the work to recover is enormous.

You should care deeply about your digital life and its security, especially since the risk of getting hacked is exploding! The World Economic Forum in its 2018 report (PDF) said blackhat hackers are gaining the upper-hand in cyber warfare…and they are coming after you…and even the experts can’t keep up:

“Offensive cyber capabilities are developing more rapidly than our ability to deal with hostile incidents.”

Here’s the good news: if you haven’t yet been hacked it’s likely you will at some point, so lets get you cyber secure NOW!

SECURITY CHECKLIST

I was delighted this morning to discover this Security Checklist, “An open source checklist of resources designed to improve your online privacy and security. Check things off to keep track as you go.

The Security Checklist is very comprehensive, easy to follow, and one you should look at and implement as quickly as possible. It gives you the “why” and specific resources to use for each category, making this pretty brain-dead-simple to follow and implement:

  • Password Manager
  • Create a strong device passcode
  • Use two-factor authentication
  • Set up a mobile carrier PIN
  • Encrypt your devices
  • Freeze Your Credit
  • Use 1.1.1.1 for DNS resolution
  • Use a VPN
  • Cover your webcam
  • Use a privacy-first web browser
  • Use a privacy-first search engine
  • Review app permissions on your devices
  • Review your social media privacy settings
  • Educate yourself about phishing attacks

Go to Security Checklist

Google’s Motto ‘Do The Right Thing’ is for Them and Not Us — Especially with Chrome 69

UPDATE on September 25, 2018
Looks like Google blinked since so many of us were SO upset about what they were doing. While this is good news, I’ll be sticking with Firefox for the foreseeable future:

“Chrome 70 Will Allow Users to Opt-Out of Controversial Automatic Sign-in Feature”


For years I’ve been a staunch supporter and trusted Google, loved their services like Google Suite, Gmail, Google Voice, and others, all while admiring their machine learning and artificial intelligence research. One thing I specifically trusted was Google’s Don’t Be Evil motto which was baked in to their Code of Conduct for the company.

Then, back in May, I became troubled when they removed Don’t Be Evil and replaced it with Do The Right Thing. At the time I joked with a friend of mine asking him, “Is ‘do the right thing’ for us, or for Google?

It appears the motto change was focused on Google.

The biggest shift away from that “Don’t Be Evil” motto that Google has ever done just happened. Though this thread started on Hacker News a few weeks ago, a cryptographer and professor at Johns Hopkins University whose blog I follow, Matthew Green, wrote a post entitled, Why I’m Done with Chrome. In it he said:

A few weeks ago Google shipped an update to Chrome that fundamentally changes the sign-in experience. From now on, every time you log into a Google property (for example, Gmail), Chrome will automatically sign the browser into your Google account for you. It’ll do this without asking, or even explicitly notifying you.

Green also sees this move as having serious implications for privacy and trust. Do you think!?! My trust-level in Google has plummeted. So much so that I have now shifted 100% back to Mozilla’s Firefox browser and away from Chrome. I will no longer use Chrome until they change the way they infiltrate my privacy.

SO WHAT EXACTLY DID GOOGLE DO?

Google’s recent update to Chrome (browser version 69) has done something unprecedented in their history:

a) Once you login to Chrome as a user, Google can (and does) track EVERYTHING you do in the browser. Every site you view, every login. The change? If you login to any Google service in the Chrome browser, Google will log you in to that browser to give them access to everything you’re doing within Chrome.

b) As a user you can no longer delete ALL the cookies in your browser. Google’s cookies remain no matter what you do. (Hat tip to Christoph Tavan for discovering this breach)

c) Google is increasingly using “dark pattern” user interfaces in their services to hide or obfuscate what something does when you check, uncheck or choose an option. In ExtremeTech’s article Chrome 69 Is a Full-Fledged Assault on User Privacy, they describe how Google’s dark pattern user interfaces obscure their intent to get you to enable them to do the right thing for Google:

These changes are all part of what’s known as a dark pattern. If a pattern is defined as a regularity in the world (designed or naturally occurring) that repeats in a predictable manner, a dark pattern is an attempt to trick users by designing interface options that look like the options users expect to see.

I, for one, don’t want to research, study or figure out how a company I trust might be trying to trick me in to do something that is in THEIR best interest…and not mine. I’d rather pay for offerings and am growing tired of “being the product“.

FOR MORE

Supreme Court Rules Police Need a Warrant to Track Our Mobile Phones

This morning the U.S. Supreme Court ruled that police must obtain a search warrant in order to get access to cellphone location information.

This is HUGE and a big win for anyone who cares about intrusive, mass, warrantless surveillance that is, by any measure, illegal searches and (data) seizures.

Chief Justice John Roberts sided with the “liberal” justices (ones I instead use the adjective “strategic” to describe). This National Public Radio (NPR) story In Major Privacy Win, Supreme Court Rules Police Need Warrant To Track Your Cellphone put it succinctly:

The majority declared that the Fourth Amendment guarantees an expectation of privacy and that allowing police to obtain moment-by-moment tracking of an individual’s cellphone location is a kind of surveillance that the framers of the Constitution did not want to occur without a search warrant.

The chief justice said that this sort of tracking information is akin to wearing an electronic ankle-bracelet monitoring device and that the citizens of the country are protected from that kind of monitoring unless police can show a judge that there is probable cause of a crime that justifies it.

After the 2014 Edward Snowden revelations about mass, warrantless surveillance of U.S. citizens — which was being performed by the signal intelligence focused National Security Agency (NSA) — was an enormous concern both domestically and internationally as the NSA’s clear mission was to focus only on foreign signal intelligence while excluding spying on American citizens. The outcry domestically and internationally reached a fever pitch…but little was revealed on what was being done to stop mass, warrantless surveillance.

Then some of Snowden’s document releases were published and it was revealed that all of this vacuumed-up data had a “Google-like search engine” that could be used to scour all data for an individual or group. Somehow the Drug Enforcement Agency (DEA) and other law enforcement agencies were being provided with data that couldn’t be challenged in court due to “national security concerns” so the extent of data being swept-up has never been completely understood.

The bottom line? The accelerating “surveillance State” was already out of control and Congress seemingly turned a blind eye toward it and extended its capability.

Though it has taken too many years for the Supreme Court to weigh in on the Constitutionality of warrantless surveillance, the explosion in law enforcement’s use of cellphone tracking devices like Stingray, meant that warrantless tracking by police agencies was low-hanging-fruit for the court to address.

In my mind it’s too little, too late…but it’s a start.