22 Mar 2018

Review: Future crimes

The title of this book is a bit misleading, as the crimes described therein are happening right now. For example:
These are just a few of the examples that I have saved in the two months since I finished the book, and I haven't even tried to look for more as I've been focussing on taking steps to reduce my digital vulnerabilities. Put differently, Goodman's book (subtitle: "Everything Is Connected, Everyone Is Vulnerable and What We Can Do About It") was so shocking that I -- someone who's worked with computers for 35 years -- decided that I needed to act (see below) rather than continue with business as usual.

In this review, I will go over some highlight from the book, but I will also give some advice on what you should do to prepare yourself and protect yourself, even if you do not read the book.

Some highlights and thoughts
  1. Governments and businesses, hackers and criminals are relentlessly innovating to use technology to accomplish their goals. In most cases, these goals are not your goals, so you may be victimized as they exploit their power.
  2. Anti-virus software misses 95 percent of malware. Your computer may say "green" even when it's compromised.
  3. Greater connectivity means greater vulnerability. Systems that were secure for decades may be compromised by adding VOIP phones. Internet-connected printers might send your scans to China, etc.
  4. Multiple over-lapping software and hardware installations in houses and cars mean multiple points of vulnerability, especially when these systems need to communicate with each other. "All of these software bugs and security flaws have a cumulative effect on our global information grid, and that is why 75 percent of our systems can be penetrated in mere minutes. This complexity, coupled with a profound laissez-faire attitude toward software bugs, has led Dan Kaminsky, a respected computer security researcher, to observe that today `we are truly living through Code in the Age of Cholera'" [p 353].
  5. The Internet of Things promises to enable unprecedented levels of crime, mischief and just plain failure, as vendors are far more focussed on capturing market share than on protecting consumers from vulnerabilities. "Goodman’s law says that the more data you produce and store, the more organized crime is happy to consume" [p 86]. Frank Abagnale (both above and in this book) says that it's 100x easier today to commit the crimes he did 50 years ago.
  6. Google has no 800-number for users, as they are the product. Their 800-number is reserved for advertisers because Google makes 90 percent of its money from advertisements. (Facebook, likewise, was far more interested in $100,000 from Russian agents than in protecting the integrity of American elections.)
  7. Google was charged with violation of privacy when its "Streetview" cars grabbed private wifi codes, emails and photos as well as taking photos of the street. Facebook is tracking you across all websites with the Facebook like button, even when you're not logged in, even if you have no Facebook account. LinkedIn owns your data, your network, your CV, in perpetuity.
  8. All this data is sold, combined with other data and re-sold by data brokers: "Acxiom, Epsilon, Datalogix, RapLeaf, Reed Elsevier, BlueKai, Spokeo, and Flurry -- most of us have never heard of these companies, but together they and others are responsible for a rapidly emerging data surveillance industry that is worth $156 billion a year" [p 66]. 
  9. Free dating websites (OKCupid, Tinder) are not trying to find you love. They are selling your private information to anyone with a credit card. "Data brokers make money when they sell data, not when they protect it" [p 90].
  10. US privacy laws will not protect you, as social networks are considered "public spaces." Facebook has 2 billion users. Of these, 600,000 accounts are compromised every day. Kids are 50x more likely to be victims of identify theft. Their credit may be ruined years before they turn 18.
  11. Mobile devices are extra-vulnerable because users do not want to read fine print and apps can easily access other data on the phone. It only takes one rogue app ("Free game!") to open the door to your bank accounts or your company's "secure" wifi system. "Today 89 percent of employees are accessing work-related information on their mobile phones, and 41 percent are doing so without permission of their companies... more and more corporate information is at risk thanks to point-and-click spyware attacks against mobile devices" [p 111]
  12. Thieves and terrorists can use the GPS coordinates in photos to target you or your house (as happened in Afghanistan). Governments can use your phone's IMEI-identifier to penalize you for participating in a protest (as happened in Ukraine).
  13. Yelp, eBay, Amazon and TripAdvisor are not only allowed to change ratings for companies that  pay (good ratings) or not (bad ratings), but their sites are filled with fake ratings designed to rip you off. (Another reason to ban adverts.)
  14. Automated banking and air traffic control systems can be spoofed or hacked to steal your banking credentials and crash planes, respectively.
  15. China's 2 million "online propaganda workers" direct online discussions where the party wants them. Facebook's algorithms serve the same function: to push your attention where its profitable, not where you would want it, if you were in charge of your online life. How would you know you're being manipulated? You don't.
  16. Cyber criminals are not lacking opportunities but footsoldiers. With more people, they could steal 1,000x more. Underemployed but entitled youth are thus vulnerable to recruitment. (The guy behind Cambridge Analytica's theft of 50 million Facebook accounts, above, was 24 at the time.)
  17. Technology makes it easier to recruit: "Crime, Inc. uses freemium pricing, gamification, crowdsourcing, crowdfunding, reputation engines, just-in-time manufacturing, online training, and swarms for distributed project management in pursuit of the long tail of crime victims around the world" [p 193].
  18. Technology is making it easier for hackers to go after thousands millions of people at a time. In the past only banks needed to worry about robbers because a robber needed a big reward to justify their risk and expense. Now it's possible for someone to "rob" millions with a few clicks and network of bots to attack. "The computing and Internet crime machine has been built. With these systems in place, the depth and global reach of Crime, Inc.’s power mean that crime now scales, and it scales exponentially. Yet for as bad as this threat is today, it is about to become much worse, as we hand Crime, Inc. billions of more targets for them to attack as we enter the age of ubiquitous computing and the Internet of Things" [p 221]
  19. RFID identity cards and credit cards can be hacked, duplicated and used within minutes. At the moment, victims are often protected by fraud insurance, but that won't last if losses mount.
  20. Don't use the "public cable" to charge your phone. Hackers have already created cables that will inject a virus into your phone.
  21. Your laptop will not be attacked as it's not the weakest point in your home network. "Baby cameras, thermostats, toilets, lamps, and bathtubs [and other IoT devices bring] privacy and security risks. Many such systems use no authentication or encryption when communicating between an appliance, your mobile device, and the home system... attackers can now use the weight and strength of our own overgrown connections to defeat us. In effect, we’ve wired the world but failed to secure it—a decision we may well come to regret, especially as we begin connecting the human body itself to the Internet." [p 248&260]
  22. The technology already exists to build cheap drones that can target and kill people based on biometric identification. The video at the link is fiction, the technology is not.
  23. The "2008 Genetic Information Nondiscrimination Act makes it illegal for employers to fire or refuse employment based on genetic information. Though GINA applies to health insurance, it does not protect against insurance companies’ using genetic testing information to discriminate when writing life, disability, or long-term-care insurance policies" [p 336].
  24. It's possible to fabricate genetic evidence based on stored DNA data. Even worse, criminals can  recreate polio, ebola or Spanish Flu for around $1,000. WMDs at a discount.
  25. There's a need to re-align incentives. "The engineers, coders, and companies that create today’s technologies have near-zero personal and professional responsibility for the consequences of their actions. It’s time to change that...  These overreaching, entirely one-sided “agreements” [terms of service] should not absolve the companies that author them of all liability pertaining to how they keep and store our data. If they choose to keep every single bread crumb they can possibly gather on our lives, then they should be responsible for the consequences" [p 354-6].
  26. "A cyber CDC [Centers for Disease Control] could go a long way toward counteracting the technological risks we face today and could serve a critical role in improving the overall public health of the networks driving the critical infrastructures of our world [p 370]. The US government's US Digital service is trying to help, but they cannot protect you.
To sum it up, we have Carl Sagan:
We have arranged things so that almost no one understands science and technology. This is a prescription for disaster. We might get away with it for a while, but sooner or later this combustible mixture of ignorance and power is going to blow up in our faces. [p 317]
So, now that you've made it past a delude of fear (most of it justified), what can you do?

First of all, don't think that your innocence or obscurity will help you. 

Some people are optimistic that man and machine can cooperate in symbiosis, but plenty of corporations are using machines to profit from you. Google and Facebook are giving "free" services in exchange for our data. Do you know how much they are collecting, and how much privacy and choice you are giving up? Read Weapons of Math Destruction to learn how the algorithms can ruin your life by putting you in the "wrong box" or giving you the wrong information. Forget spam, how about facing a computer that sets price to exploit your (assumed) income, a program that blocks your visa because you are in the "wrong club," or a denial of medical coverage because of who you slept with (your phone "slept" with theirs)?

Remember how an innocent Mr Buttle was arrested
because a fly fell into the arrest warrant for Mr Tuttle?
National Geographic Magazine recently published on the surveillance that surrounds us. Perhaps it's for our own good, but how would you defend yourself against a mistake?

Governments can easily deny your rights in the name of "public interest," e.g., "If I were going to move the American people into a condition where they might accept restrictions on their encryption, I would first engineer the wide-spread deployment of a key escrow system on a voluntary basis, wait for some blind sheik to slip a bomb plot around it and then say, `Sorry, folks this ain't enough, it's got to be universal.'"

The (most recent) Facebook abuses have put a lot of attention on the EU's General Data Protection Regulation (GDPR), which will do far more than any US law to protect EU citizens. It goes into force on 25 May, and I look forward to seeing it enforced. The Dutch, meanwhile, [appear to] have voted against the SleepWet (Dragnet) law that will permit its intelligence services to monitor internet and mobile phone traffic without notifying anyone. That referendum vote is NOT binding, so the government plans to implement the law anyway. It's time for ALL people to switch to encrypted email (see PGP below), text messaging (see Telegram below), and TOR for internet browsing.

Second, don't assume "someone is taking care of it"

"Our legacy institutions are struggling, whether in education, health care, or law enforcement; technology is far outpacing the ability of government to respond. Until this point, much of the government’s approach to technological security has been merely window dressing and missed opportunities... Regrettably, the immune system protecting this global nervous system is weak and under persistent attack. The consequences of its failure cannot be overstated. As a result, it is time to start designing, engineering, and building much more robust systems of self-protection -- safeguards that can grow and adapt as rapidly as new technological threats are emerging into our world. Though it’s easy to focus solely on the abundant benefits technology brings into our lives, we ignore the accompanying risks at our own peril. -- p 350 and 378

So what can you do to protect yourself as well as reduce your contribution to the problem?

Follow the UPDATE protocol:
  • Update your software frequently (After years of "let me decide," I switched mine to auto-update. I now use a Mac, which is more secure than Windows or Android because Apple puts more controls on   what's available and how it's installed.
  • Use a password manager and two-factor authentication for sensitive accounts (your email, bank, etc.)
  • Download software from trusted sites. Beware of "free" software as well as torrents.
  • Do not use your computer as the Administrator, to reduce the risk your "click" will compromise your system. I created an administrator account and removed admin privileges from my main account.
  • Turn off wifi, bluetooth, etc. when you're not using them, as those services are like an open door.
  • Encrypt your hard drive, phone, wifi connections
In addition to these steps, I have:
  • Reduced my footprint: deleting old accounts, uninstalling old software and apps
  • De-socialized: I quit Facebook last year and switched from WhatsApp (Facebook owned) to Telegram. I'm still on reddit and Twitter.
  • Turned off monetization on YouTube and unlisted my personal videos
  • Removed Google trackers from all my sites (except blogger, which hosts this one), as those cookies compromised people's privacy without giving me anything.
  • Installed PGP [Pretty Good Privacy] if/when I want to communicate via encrypted email. I find that few people do this now, but I'll be ready for the future: "Any number of citizens armed with PGP and such of its relations as digital cash and anonymous Net remailers can simply vanish from the governmental radar... they can effectively resign from the community of the governed and enter a condition in which their actions ordered by conscience and culture alone."
Looking for more?
Bottom line: I give this book FIVE STARS for clearly explaining why we're vulnerable to "future today's crimes" and what to do about it. You don't have to read the book to protect yourself, but you do have to act. Go now and set-up a password manager. Go now and set up two-factor authentication. Better now when you have some time than in the future when it will be too late.

For all my reviews, go here.

21 Mar 2018

Links of interest

  1. A nice discussion of libertarian economics
  2. A simulation of how the 1% emerged (it misses corruption/crony capitalism, a major political driver)
  3. Will Xi's grab for power result in his dictatorship over China... or his defenestration?
  4. A guide to meeting with the Chinese army. (We all better get used to these dynamics, as China will pass the US, and then the rest of the world will have to constrain China outside its sphere of influence, i.e., goodbye Taiwan. Trump will hasten that switch.)
  5. OCCRP has a big series on "golden visas" -- selling citizenship to the rich. I favor a second passport for everyone. This is more about corruption than rights to me, but some rich folks claim it will trickle down:
    And it may not be immediately apparent, but you can actually see, if you look close enough, if you feel with your heart and with some empathy, you will see that wealthy migration can support things like refugees and the like.
    Malta and Montenegro are players, and this Portuguese politician is trying to end the practice.
  6. The culture wars: "there is a war on, and except for the low level of actual killing, it is a real war, not an allegorical or metaphoric one."
  7. Republican supermarkets? Democratic gas stations? They are coming...
  8. "How Amsterdam gave bike-sharing to the world" and "Los Angeles and the great American streetcar scandal"
  9. Lakes around the world are drying and dying due to over-use and climate change
  10. Water Alternatives has an issue on community engagement and governance, including:
Happy Spring!

20 Mar 2018

Review: Overview

Olives, Greece
I bought this coffee-table book after seeing some of the images at the "Despu├ęs del fin del mundo" exhibition in Barcelona. (It's still on, you should go.)

The book comes from a blog/instagram account that's been showing top-down photos of human impacts on the environment for the past few years. The photos are amazing, and they also help you understand, a little better, how varied and massive are our impacts on the planet. (The largest impacts, via climate change, are mostly invisible, which is unhelpful when it comes to motivating people to act on climate change.)

Here is how they explain themselves:
Our project was inspired, and derives its name, from an idea known as the Overview Effect. This term refers to the sensation astronauts have when given the opportunity to look down and view the Earth as a whole. They have the chance to appreciate our home in its entirety, to reflect on its beauty and its fragility all at once. That's the cognitive shift that we hope to inspire.

Niagara Falls, US/CA
From our line of sight on the earth's surface, it’s impossible to fully appreciate the beauty and intricacy of the things we’ve constructed, the sheer complexity of the systems we’ve developed, or the devastating impact that we’ve had on our planet. We believe that beholding these forces as they shape our Earth is necessary to make progress in understanding who we are as a species, and what is needed to sustain a safe and healthy planet.

Sun Lakes, Arizona
As a result, the Overviews (what we call these images) focus on the places and moments where human activity—for better or for worse—has shaped the landscape. Each Overview starts with a thought experiment. We consider the places where man has left his mark on the planet and then conduct the necessary research to identify locations (and the corresponding geo-coordinates) to convey that idea.

The mesmerizing flatness seen from this vantage point, the surprising comfort of systematic organization on a massive scale, or the vibrant colors that we capture will hopefully turn your head. However, once we have that attention, we hope you will go beyond the aesthetics, contemplate just exactly what it is that you're seeing, and consider what that means for our planet.
Bottom line: I give this book FIVE STARS for its beauty and message. If you don't get the book, then at least browse the site... and think a little of how to reduce our impacts on this beautiful -- and quite useful -- earth.

For all my reviews, go here.

Free idea! Refugee bikes!

Add wheels and you can really Gogh!
I thought of this idea a few years ago when the "refugee crisis" was at its peak in Europe.

The main problem was (and probably still is) that refugees cannot work legally while they are waiting for their legal status to be decided.

Nothing will drive someone crazy than sitting on their hands with nothing to do.

So here's the idea:
  1. Buy a bunch of used/broken bikes at auction (in Amsterdam you can get 20 bikes for €800 from the "bike prison")
  2. Give the bikes to refugees to repair and paint white.
  3. Some of the white bikes are then painted in the shop's "brand colors."
  4. The rest are given to other refugees to paint as unique art pieces.
  5. Sell the finished bikes one-by-one in an auction.
  6. Use the cash to buy more bikes, tools and materials, but also to throw a party, pay for education or other items needed in the community.
If you want to use this idea, then feel free!
Related: How the Germans are sorting refugees from economic migrants

19 Mar 2018

Race is just plain stupid

NB: National Geographic Magazine just published a full issue on race. Here is their mea culpa on perpetuating racist images and thinking.

We know that "All men are created equal," but the men who wrote those words were slave-owners who institutionalized inequality by counting slaves as 7/10 of a human. (Let's not even get started on the equality of women.)

This example -- and you can provide your own -- is part of a problematic definition that interferes with our social, political and economic relations.

"Race," in other words, interferes with:
Jesus washed feet in this book too!
Race is a silly hang-over from a primitive time when strangers meant conflict, we married into our tribe [pdf], and people tried to justify their cruelty towards others based on a "God-given right" they had written into their holy books.

Besides my intellectual perspective on this topic, I also have personal experience. I am "white" (or Caucasian, a word that's even more stupid) because I say so, but my DNA shows that 1/6th of me comes from South Asia.

What does this all mean?
  • We need to stop thinking of ourselves as from a "race" when we are all humans.
  • We are too complex to sort into neat buckets, as our DNA is mixed from everywhere.
  • "Black" or "White" means nothing because it's subjective. I just talked to a girl who said she was "black" in the Netherlands but "white" in Tanzania. 
  • What really matters is a person's education, their cultural background and -- above all -- their socioeconomic status, as I am pretty sure that rich people have more in common than poor people, American have more in common than Germans, and so on.
  • Going further, it's more important to focus on someone's community as a source of their identity, strength and limitations than their skin color.
Bottom line: Race and color are easy to identify but wrong to focus on. Governments (and people) should focus on the factors that matter and stop discriminating (positively or negatively) on superficial appearances that have nothing to do with someone's mind, intentions, contributions or potential.

Monday funnies!

Bitcoin! It's so simple!

Want more? Watch John Oliver on Cryptocurrencies... and be craeful!

16 Mar 2018

Cryptocurrencies in one figure

Pretty cool:

The bliss of disconnection

Gaucho with a smart phone
I've felt a lot more relaxed since I quit Facebook,* shut down several twitter accounts, and deleted all the "traffic loggers" that I had running on various sites. I have fewer updates to track, no "missed messages" to regret, and more time to think without pings, alerts and other cues pushing me to be a good social animal.

I suggest that you look into the same type of action, if you're feeling stressed and behind all the time.

As positive side effects, you will have better conversations with friends and family (assuming they can also "put down that app"), more time for actions you pull to yourself (rather than having actions pushed to you in the "feed"), and perhaps even more time to comment here!

When we were lost in Uruguay a few summers ago, we stopped to ask a gaucho for directions. He said "no hay GPS-ay?" and I said no. We had an amusing conversation in my bad Spanish, and he even introduced me to his son, by phone, who was studying in London. It was a nice side effect of lacking GPS.

Bottom line: Take the time to talk with people (or write a decent email). It will let you focus and build clearer communications with other people.
* A consultant told me this morning how "login with Facebook for free wifi" hotspots grab your IMEI code (off your phone) and then track you in the store and all other spots where you might walk (without using wifi), so those stores can target ads at you based on the your Facebook profile (did you read all the details of "I agree"?)

15 Mar 2018

The "plastic-free market" is no big deal

A few weeks ago, there was a huge small wave of news reports on the "plastic free" aisle installed in a Dutch health foods store.

That store (Ekoplaza) happens to be 5 minutes away from my house, so I rode by to check it out.

As you can see, the "aisle" (in what used to be a bike parking garage) is just a collection of foods packaged in glass, "bio-plastic" or nothing at all. That's not revolutionary.

What's worse, the "plastic free aisle" also has a "Bluewater" kiosk outside that is supposed to reduce the use of single-serve plastic bottles by giving you a place to fill your reusable (plastic or metal) bottle. Although this is a nice idea, I think that the kiosk probably represents a negative environmental impact, given Amsterdam's excellent tap water quality. It seems to be there as a giant advertisement for "buy our water filtering product." Fail. Update: It's gone! Yay!

Bottom line: The best way to reduce plastic use is to tax its source (oil, via a carbon tax). The best way to reduce pollution from plastic water bottles is to add deposits to their price, to pay for recycling and re-collection. After these simple actions, then you need to consider the total costs/benefits of switching to plastic from paper or glass. In many cases, plastic has a smaller environmental footprint than its "virtuous" replacement.