Jonkman Microblog
  • Login
Show Navigation
  • Public

    • Public
    • Network
    • Groups
    • Popular
    • People

Notices by Mike Gerwitz (mikegerwitz@social.mikegerwitz.com), page 6

  1. Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Saturday, 02-Feb-2019 10:59:19 EST Mike Gerwitz Mike Gerwitz
    • Alexandre Oliva
    @lxoliva Yes, thank you, "their" was intended to reference "users" not "Apple". If I could edit, I would.
    In conversation Saturday, 02-Feb-2019 10:59:19 EST from social.mikegerwitz.com permalink
  2. Christine Lemmer-Webber (cwebber@octodon.social)'s status on Thursday, 31-Jan-2019 17:36:14 EST Christine Lemmer-Webber Christine Lemmer-Webber

    It's public now! Spritely (and myself) have been awarded a Samsung Stack Zero grant! I'm funded for the next two years to bring ActivityPub and the fediverse to the next level. Secure interactions, object capabilities, p2p content delivery, all that stuff! https://samsungnext.com/whats-next/category/podcasts/decentralization-samsung-next-stack-zero-grant-recipients/

    In conversation Thursday, 31-Jan-2019 17:36:14 EST from octodon.social permalink Repeated by mikegerwitz

    Attachments

    1. Announcing the Samsung NEXT Stack Zero Grant recipients
      from Samsung NEXT
      The Stack Zero Grant was born of our belief that, as an industry, we must support the volunteers and researchers who are building the infrastructure of the future.
  3. Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Friday, 01-Feb-2019 22:35:55 EST Mike Gerwitz Mike Gerwitz
    It doesn't make sense to simultaneously speak out against Apple for their complete control over what users can and cannot do on their devices, and praise them for revoking Facebook and Google's enterprise licenses used to implement deeply disturbing surveillance programs.

    Both are wrong. Facebook and Google shouldn't be doing what they're doing, and users should be able to opt out of Apple being the gatekeeper for their devices. Consequently, Facebook and Google should be able to run whatever apps they want on their own devices without Apple's blessing.
    In conversation Friday, 01-Feb-2019 22:35:55 EST from social.mikegerwitz.com permalink
  4. Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Tuesday, 29-Jan-2019 22:33:02 EST Mike Gerwitz Mike Gerwitz
    EFF files an amicus brief in case involving a search warrant that was issued because an IP address attempted to access a file at a given URL:

    https://social.mikegerwitz.com/url/71303

    This is, frankly, terrifying that someone's life can be upended by something like this. What was missing from EFF's brief was emphasis on the ease with which programs on a user's computer could be directed by third parties to access a particular URL, without any knowledge of the user.

    For example, let's say someone wanted to frame an individual (or group of people). They could just find a link to illegal material and place the URL within an image tag, iframe, etc within an HTML document (webpage), and direct the user to that document. In the case of an image tag: the user's browser would attempt to load the image, not knowing whether or not it was an image until it actually tried to load it. And by the time the browser realizes that it's not an image, the IP address of the victim is already in the webserver logs as having accessed that file.

    That's just one trivial example.

    I use Tor for general privacy protections online (but not strict anonymity, since I use it casually). But situations like these make me think that all users should use Tor or a VPN not only to protect their privacy, but to protect their _lives_.

    Let's be thankful that the EFF is helping to clarify these matters.
    In conversation Tuesday, 29-Jan-2019 22:33:02 EST from social.mikegerwitz.com permalink

    Attachments

    1. Hearing Thursday: EFF Tells Court That Clicking on a URL Isn’t Enough Evidence to Justify A Search Warrant
      from Electronic Frontier Foundation
      Richmond, Virginia—On Thursday, January 31, at 8:30 am, the Electronic Frontier Foundation (EFF) will ask a federal appeals court to find that the act of clicking on a URL or weblink isn’t sufficient evidence for law enforcement to get a warrant to search someone’s home.The hearing involves a child...
  5. Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Tuesday, 29-Jan-2019 22:12:16 EST Mike Gerwitz Mike Gerwitz
    The FaceTime vulnerability is serious and unfortunate, but let's be careful not to try to use it as an argument against proprietary software---serious bugs exist in all software.

    Of course, the difference here is that Apple's the only one that can fix it (rather than anyone in the community), and it's possible (but definitely not certain) that more eyes on the code would have found the problem much earlier.
    In conversation Tuesday, 29-Jan-2019 22:12:16 EST from social.mikegerwitz.com permalink
  6. Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Friday, 25-Jan-2019 22:23:07 EST Mike Gerwitz Mike Gerwitz
    What I've seen missing from prominent cryptographers in discussion of the GHCQ's recent #backdoor proposal is the mention of how such a thing is less effective against free/libre software systems. The proposal involves adding a "ghost" user to E2E-encrypted conversations, which requires that the client silently encrypt to a third party. Such an antifeature couldn't just be committed to the project---it'd be too risky, since anyone could potentially find it.

    Of course, there's still the issue of trusting binary distributions unless their builds are reproducible, and users who blindly download binaries without verifying signatures are also at risk. This emphasizes the importance of reproducible builds: a malicious actor isn't likely to commit code in plain view of the world; rather, they'll probably just distribute a modified binary and be dishonest about the corresponding source code.

    https://www.lawfareblog.com/principles-more-informed-exceptional-access-debate
    In conversation Friday, 25-Jan-2019 22:23:07 EST from social.mikegerwitz.com permalink

    Attachments

    1. Principles for a More Informed Exceptional Access Debate
      from Lawfare
      GCHQ officials outline how to enable the majority of the necessary lawful access without undermining the values we all hold dear.
  7. Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Thursday, 17-Jan-2019 22:54:20 EST Mike Gerwitz Mike Gerwitz
    • Christine Lemmer-Webber
    @cwebber At work I suggest GitLab's WebIDE to users who need to do light editing and may not have a development environment set up (e.g. people in QA or BA roles). We have a self-hosted instance.

    Of course, that's not a useful suggestion unless the users are using GitLab.
    In conversation Thursday, 17-Jan-2019 22:54:20 EST from social.mikegerwitz.com permalink
  8. Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Wednesday, 16-Jan-2019 22:25:27 EST Mike Gerwitz Mike Gerwitz
    EFF: "Device ‘Ownership’ Is a Civil Liberties Issue"

    https://www.eff.org/deeplinks/2019/01/device-ownership-civil-liberties-issue

    > The technology you rely on to interact with the world and express yourself should ultimately obey you, not the company that made it.

    I agree with the article, but even if the DMCA didn't exist, you _still_ wouldn't have ownership over almost all mobile devices on the market. If your device were running free/libre software, then you would. And if a manufacturer created a libre device, then surely they wouldn't exercise the DMCA, as that would effectively make it non-free (and may even violate certain licenses, like the Tivoization clause of the GPLv3).

    I don't mean to downplay the importance of the emphasis on the DMCA, but the article makes a number of points that are central to the issue of software freedom without making so much as a mention of it.
    In conversation Wednesday, 16-Jan-2019 22:25:27 EST from social.mikegerwitz.com permalink

    Attachments

    1. Device ‘Ownership’ Is a Civil Liberties Issue
      from Electronic Frontier Foundation
      We're taking part in Copyright Week, a series of actions and discussions supporting key principles that should guide copyright policy. Every day this week, various groups are taking on different elements of copyright law and policy, and addressing what's at stake, and what we need to do to make...
  9. Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Saturday, 12-Jan-2019 22:25:00 EST Mike Gerwitz Mike Gerwitz
    • codesections
    @codesections If you are an Emacs user (or can tolerate it), I use Org mode for all of my time management, tracking, reporting, and project organization.
    In conversation Saturday, 12-Jan-2019 22:25:00 EST from social.mikegerwitz.com permalink
  10. Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Saturday, 12-Jan-2019 22:15:09 EST Mike Gerwitz Mike Gerwitz
    CNBC: "California bill would curb use of paper receipts to reduce waste, push digital alternative"

    https://social.mikegerwitz.com/url/70688

    This is interesting to me because it supports a cause I'm in favor of (environmental) yet is at odds with another (privacy).

    With that said, I think this is workable. Already, many point-of-sale (POS) systems give the option to print, email, or (more importantly) decline a receipt. Further, perhaps POS systems could take advantage of NFC so that a mobile device could receive the receipt anonymously.

    But what is dangerous about a bill like this is that it provides a compelling legal argument for maliciously gathering consumer data, and many users may not think twice about it.

    This may also be difficult for smaller shops to implement without turning to large services that implement this for them, which is also a privacy nightmare, since those services can easily aggregate mass amounts of consumer data. I think small companies should be exempt from a bill like this (if they aren't already; I didn't read it).

    I'm sure other good solutions exist; I just haven't given this more than a few moments of thought.
    In conversation Saturday, 12-Jan-2019 22:15:09 EST from social.mikegerwitz.com permalink

    Attachments

    1. File without filename could not get a thumbnail source.
      California bill would curb use of paper receipts to reduce waste, push digital alternative
      from CNBC
      A California lawmaker introduced legislation that would make the state the first to bar retailers from giving out printed receipts unless a customer requests them.
  11. Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Saturday, 12-Jan-2019 21:59:25 EST Mike Gerwitz Mike Gerwitz
    Reuters: "Move aside, backseat driver! New tech at CES monitors you inside car"

    https://social.mikegerwitz.com/url/70686

    (Internet Archive link because the article now 404's.)

    This type of tracking of a driver and car occupants can indeed provide useful features---both safety and convenience. But I would only be in favor of this sort of thing if it were free software and the car were under complete control of the user, and the system could be wholly disabled with clearly visible and unambiguous hardware switch, which is also visible to passengers.

    But proprietary systems doing this will be incentivized to sell data to third parties. The article gives some examples of some terrible uses of this type of tracking.

    As we move further and further into the future where these types of things are going to become more commonplace, the goal IMO shouldn't be to resist technological progress---it should be to ensure that it _empowers_ users, rather than making them servants or products.

    #privacy #surveillance #ethics
    In conversation Saturday, 12-Jan-2019 21:59:25 EST from social.mikegerwitz.com permalink

    Attachments

    1. File without filename could not get a thumbnail source.
      Move aside, backseat driver! New tech at CES monitors you inside car
      from U.S.
      As vehicles get smarter, your car will be keeping eyes on you.
  12. Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Thursday, 10-Jan-2019 23:27:25 EST Mike Gerwitz Mike Gerwitz
    The Intercept reports that Amazon Ring gave employees and its Ukrainian-based R&D team access to private cameras:

    https://theintercept.com/2019/01/10/amazon-ring-security-camera/

    This practice is wrong, but any system that makes this type of thing possible is broken by design.

    You can imagine that I love the fact that one of my neighbors down the street at my child's bus stop has one of these devices.

    #privacy #surveillance
    In conversation Thursday, 10-Jan-2019 23:27:25 EST from social.mikegerwitz.com permalink

    Attachments

    1. For Owners of Amazon’s Ring Security Cameras, Strangers May Have Been Watching Too
      from The Intercept
      Sources disclosed troubling privacy practices at a Ring office in Ukraine.
  13. Purism (purism@mastodon.social)'s status on Wednesday, 09-Jan-2019 10:53:53 EST Purism Purism

    2018 was a great year for Purism! 2019 is going to be a great year for those who oppose SurveillanceCapitalism - check out our blog post on what we've been up to for the past 3 months - https://puri.sm/posts/end-of-year-librem-5-update/ #OpposeSurveillanceCapitalism #DefendFreedom

    In conversation Wednesday, 09-Jan-2019 10:53:53 EST from mastodon.social permalink Repeated by mikegerwitz
  14. Purism (purism@mastodon.social)'s status on Thursday, 10-Jan-2019 09:40:35 EST Purism Purism

    Wanna know how we designed the dev kit? Check out this post on designing the librem 5 dev kit with all free software tools - https://puri.sm/posts/how-we-designed-the-librem-5-dev-kit-with-100-free-software/! #DemandFreedom #OpposeSurveillanceCapitalism

    In conversation Thursday, 10-Jan-2019 09:40:35 EST from mastodon.social permalink Repeated by mikegerwitz
  15. Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Thursday, 10-Jan-2019 22:39:05 EST Mike Gerwitz Mike Gerwitz
    • Shamar
    • Adonay Felipe Nogueira
    @shamar @adfeno Ironically, the ezine link you posted greets me with:

    "It appears that you are using Tor anonymizing software

    No Problem! We just need you to enter a Captcha so we can confirm that you are a person and not a bot."

    Which is non-functional for me, presumably because I'm not running JS. I just loaded via the Internet Archive.

    Some sites use CAPTCHAs even for read-only pages, presumably to try to thwart scraping, DOS attacks, and the like. (I fundamentally disagree with this practice.)

    There are many other JS practices that need to change as well, both for security and user freedom. I highlighted what I perceive as many of the major issues a few years ago at LibrePlanet:

    https://media.libreplanet.org/u/libreplanet/collection/restore-online-freedom/

    In particular, I'm really hoping that someone will take up the issue of code signing and the ability to replace specific scripts with user-defined scripts (the latter may be best implemented in LibreJs considering the level of granularity it offers in script detection).
    In conversation Thursday, 10-Jan-2019 22:39:05 EST from social.mikegerwitz.com permalink
  16. Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Tuesday, 08-Jan-2019 22:59:12 EST Mike Gerwitz Mike Gerwitz
    An article detailing some of the ways that cell phone location data (cell tower connections) is made available to third parties:

    https://social.mikegerwitz.com/url/70592

    #privacy #surveillance
    In conversation Tuesday, 08-Jan-2019 22:59:12 EST from social.mikegerwitz.com permalink

    Attachments

    1. I Gave a Bounty Hunter $300. Then He Located Our Phone
      from Motherboard
      T-Mobile, Sprint, and AT&T are selling access to their customers’ location data, and that data is ending up in the hands of bounty hunters and others not authorized to possess it, letting them track most phones in the country.
  • After
  • Before
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

Jonkman Microblog is a social network, courtesy of SOBAC Microcomputer Services. It runs on GNU social, version 1.2.0-beta5, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All Jonkman Microblog content and data are available under the Creative Commons Attribution 3.0 license.

Switch to desktop site layout.