Notices by Mike Gerwitz (mikegerwitz@social.mikegerwitz.com), page 6
-
Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Saturday, 02-Feb-2019 10:59:19 EST 
Mike Gerwitz
@lxoliva Yes, thank you, "their" was intended to reference "users" not "Apple". If I could edit, I would. -
Christine Lemmer-Webber (cwebber@octodon.social)'s status on Thursday, 31-Jan-2019 17:36:14 EST 
Christine Lemmer-Webber
It's public now! Spritely (and myself) have been awarded a Samsung Stack Zero grant! I'm funded for the next two years to bring ActivityPub and the fediverse to the next level. Secure interactions, object capabilities, p2p content delivery, all that stuff! https://samsungnext.com/whats-next/category/podcasts/decentralization-samsung-next-stack-zero-grant-recipients/
-
Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Friday, 01-Feb-2019 22:35:55 EST
Mike Gerwitz
It doesn't make sense to simultaneously speak out against Apple for their complete control over what users can and cannot do on their devices, and praise them for revoking Facebook and Google's enterprise licenses used to implement deeply disturbing surveillance programs.
Both are wrong. Facebook and Google shouldn't be doing what they're doing, and users should be able to opt out of Apple being the gatekeeper for their devices. Consequently, Facebook and Google should be able to run whatever apps they want on their own devices without Apple's blessing. -
Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Tuesday, 29-Jan-2019 22:33:02 EST
Mike Gerwitz
EFF files an amicus brief in case involving a search warrant that was issued because an IP address attempted to access a file at a given URL:
https://social.mikegerwitz.com/url/71303
This is, frankly, terrifying that someone's life can be upended by something like this. What was missing from EFF's brief was emphasis on the ease with which programs on a user's computer could be directed by third parties to access a particular URL, without any knowledge of the user.
For example, let's say someone wanted to frame an individual (or group of people). They could just find a link to illegal material and place the URL within an image tag, iframe, etc within an HTML document (webpage), and direct the user to that document. In the case of an image tag: the user's browser would attempt to load the image, not knowing whether or not it was an image until it actually tried to load it. And by the time the browser realizes that it's not an image, the IP address of the victim is already in the webserver logs as having accessed that file.
That's just one trivial example.
I use Tor for general privacy protections online (but not strict anonymity, since I use it casually). But situations like these make me think that all users should use Tor or a VPN not only to protect their privacy, but to protect their _lives_.
Let's be thankful that the EFF is helping to clarify these matters. -
Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Tuesday, 29-Jan-2019 22:12:16 EST
Mike Gerwitz
The FaceTime vulnerability is serious and unfortunate, but let's be careful not to try to use it as an argument against proprietary software---serious bugs exist in all software.
Of course, the difference here is that Apple's the only one that can fix it (rather than anyone in the community), and it's possible (but definitely not certain) that more eyes on the code would have found the problem much earlier. -
Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Friday, 25-Jan-2019 22:23:07 EST
Mike Gerwitz
What I've seen missing from prominent cryptographers in discussion of the GHCQ's recent #backdoor proposal is the mention of how such a thing is less effective against free/libre software systems. The proposal involves adding a "ghost" user to E2E-encrypted conversations, which requires that the client silently encrypt to a third party. Such an antifeature couldn't just be committed to the project---it'd be too risky, since anyone could potentially find it.
Of course, there's still the issue of trusting binary distributions unless their builds are reproducible, and users who blindly download binaries without verifying signatures are also at risk. This emphasizes the importance of reproducible builds: a malicious actor isn't likely to commit code in plain view of the world; rather, they'll probably just distribute a modified binary and be dishonest about the corresponding source code.
https://www.lawfareblog.com/principles-more-informed-exceptional-access-debate -
Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Thursday, 17-Jan-2019 22:54:20 EST
Mike Gerwitz
@cwebber At work I suggest GitLab's WebIDE to users who need to do light editing and may not have a development environment set up (e.g. people in QA or BA roles). We have a self-hosted instance.
Of course, that's not a useful suggestion unless the users are using GitLab. -
Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Wednesday, 16-Jan-2019 22:25:27 EST
Mike Gerwitz
EFF: "Device ‘Ownership’ Is a Civil Liberties Issue"
https://www.eff.org/deeplinks/2019/01/device-ownership-civil-liberties-issue
> The technology you rely on to interact with the world and express yourself should ultimately obey you, not the company that made it.
I agree with the article, but even if the DMCA didn't exist, you _still_ wouldn't have ownership over almost all mobile devices on the market. If your device were running free/libre software, then you would. And if a manufacturer created a libre device, then surely they wouldn't exercise the DMCA, as that would effectively make it non-free (and may even violate certain licenses, like the Tivoization clause of the GPLv3).
I don't mean to downplay the importance of the emphasis on the DMCA, but the article makes a number of points that are central to the issue of software freedom without making so much as a mention of it. -
Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Saturday, 12-Jan-2019 22:25:00 EST
Mike Gerwitz
@codesections If you are an Emacs user (or can tolerate it), I use Org mode for all of my time management, tracking, reporting, and project organization. -
Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Saturday, 12-Jan-2019 22:15:09 EST
Mike Gerwitz
CNBC: "California bill would curb use of paper receipts to reduce waste, push digital alternative"
https://social.mikegerwitz.com/url/70688
This is interesting to me because it supports a cause I'm in favor of (environmental) yet is at odds with another (privacy).
With that said, I think this is workable. Already, many point-of-sale (POS) systems give the option to print, email, or (more importantly) decline a receipt. Further, perhaps POS systems could take advantage of NFC so that a mobile device could receive the receipt anonymously.
But what is dangerous about a bill like this is that it provides a compelling legal argument for maliciously gathering consumer data, and many users may not think twice about it.
This may also be difficult for smaller shops to implement without turning to large services that implement this for them, which is also a privacy nightmare, since those services can easily aggregate mass amounts of consumer data. I think small companies should be exempt from a bill like this (if they aren't already; I didn't read it).
I'm sure other good solutions exist; I just haven't given this more than a few moments of thought. -
Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Saturday, 12-Jan-2019 21:59:25 EST
Mike Gerwitz
Reuters: "Move aside, backseat driver! New tech at CES monitors you inside car"
https://social.mikegerwitz.com/url/70686
(Internet Archive link because the article now 404's.)
This type of tracking of a driver and car occupants can indeed provide useful features---both safety and convenience. But I would only be in favor of this sort of thing if it were free software and the car were under complete control of the user, and the system could be wholly disabled with clearly visible and unambiguous hardware switch, which is also visible to passengers.
But proprietary systems doing this will be incentivized to sell data to third parties. The article gives some examples of some terrible uses of this type of tracking.
As we move further and further into the future where these types of things are going to become more commonplace, the goal IMO shouldn't be to resist technological progress---it should be to ensure that it _empowers_ users, rather than making them servants or products.
#privacy #surveillance #ethics -
Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Thursday, 10-Jan-2019 23:27:25 EST
Mike Gerwitz
The Intercept reports that Amazon Ring gave employees and its Ukrainian-based R&D team access to private cameras:
https://theintercept.com/2019/01/10/amazon-ring-security-camera/
This practice is wrong, but any system that makes this type of thing possible is broken by design.
You can imagine that I love the fact that one of my neighbors down the street at my child's bus stop has one of these devices.
#privacy #surveillance -
Purism (purism@mastodon.social)'s status on Wednesday, 09-Jan-2019 10:53:53 EST 
Purism
2018 was a great year for Purism! 2019 is going to be a great year for those who oppose SurveillanceCapitalism - check out our blog post on what we've been up to for the past 3 months - https://puri.sm/posts/end-of-year-librem-5-update/ #OpposeSurveillanceCapitalism #DefendFreedom
-
Purism (purism@mastodon.social)'s status on Thursday, 10-Jan-2019 09:40:35 EST
Purism
Wanna know how we designed the dev kit? Check out this post on designing the librem 5 dev kit with all free software tools - https://puri.sm/posts/how-we-designed-the-librem-5-dev-kit-with-100-free-software/! #DemandFreedom #OpposeSurveillanceCapitalism
-
Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Thursday, 10-Jan-2019 22:39:05 EST
Mike Gerwitz
@shamar @adfeno Ironically, the ezine link you posted greets me with:
"It appears that you are using Tor anonymizing software
No Problem! We just need you to enter a Captcha so we can confirm that you are a person and not a bot."
Which is non-functional for me, presumably because I'm not running JS. I just loaded via the Internet Archive.
Some sites use CAPTCHAs even for read-only pages, presumably to try to thwart scraping, DOS attacks, and the like. (I fundamentally disagree with this practice.)
There are many other JS practices that need to change as well, both for security and user freedom. I highlighted what I perceive as many of the major issues a few years ago at LibrePlanet:
https://media.libreplanet.org/u/libreplanet/collection/restore-online-freedom/
In particular, I'm really hoping that someone will take up the issue of code signing and the ability to replace specific scripts with user-defined scripts (the latter may be best implemented in LibreJs considering the level of granularity it offers in script detection). -
Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Tuesday, 08-Jan-2019 22:59:12 EST
Mike Gerwitz
An article detailing some of the ways that cell phone location data (cell tower connections) is made available to third parties:
https://social.mikegerwitz.com/url/70592
#privacy #surveillance
All Jonkman Microblog content and data are available under the