Author: Christopher Parsons

Policy wonk. Torontonian. Photographer. Not necessarily in that order.

Categories
Writing

Making Dropbox a Little Safer

Research conducted by Christopher Soghoian demonstrated that Dropbox lacks a security model that genuinely protects user data. As a consequence, while Dropbox is a convenient service it isn’t one that can really be trusted. Regardless, individuals around the world do, and will, continue to use the service.

Recognizing the user-constrains around cloud file-storage solutions, BoxCryptor has provided the tools to encrypt files before they are sent to Dropbox. This lets users rely on Dropbox for convenient storage while also reducing their risk profiles. All in all, it’s a win-win for the consumer.

The instructions are for OS X, Leopard, Snow Leopard, and Lion, and are relatively easy to follow. If you want to secure yourself a little bit better than you likely are right now you’d be well served to set up automatic encryption now. As an added bonus, the instructions will let you also choose Microsoft’s or Google’s cloud services so long as you point the “EncFS Raw Path” to the file path of these other services (don’t worry: it’ll be super clear what that refers to as you go through the instructions!).

Categories
Links

Nice Overview of Encryption Tools

While it’s certainly not definitive, and it doesn’t walk you through using each and every tool, Edwards has a good high-level overview piece that is worth reading.

Categories
Links Writing

Former GCHQ Head Calls for Greater Social Media Surveillance

There genuinely are bad people in the world, individuals and agents who largely exist to cause serious harm to citizens around the world in democratic states. These individuals cannot, however, be permitted to destabilize an entire population nor operate as reasons for totalizing mass surveillance. In the UK an incredibly senior and prominent security and intelligence expert, Sir David Omand, has nevertheless called for the following:

In a series of recommendations to the government, Sir David – the Cabinet Office’s former Security and Intelligence co-ordinator – said out-dated legislation needed to be reformed to ensure an ethical and legal framework for such intelligence gathering, which was clear and transparent.

The report recommends that social media should be divided into two categories, the first being open source information which public bodies could monitor to improve services while not identifying individuals without permission.

On the more contentious category of monitoring private social media, Sir David said it needed to be properly authorised – including the need for warrants when it was considered “genuine intrusion” –  only used as a last resort when there was substantial cause and with regard to “collateral damage” to any innocent people who might have been in contact with a suspect.

It must repeatedly, and emphatically, be stated that ‘transparency’ in the intelligence world does not mean that citizens will actually know how collected data is used. Neither does codifying surveillance practices in law minimize citizens’ concerns around surveillance. No, it instead operates as a legal shield that protects those engaged in oft-times secretive actions that are inappropriately harmful to innocent citizens. Such changes in law must be incredibly carefully examined by the public and opposed or curtailed whenever there is even the slightest possibility of abuse or infringement of citizens’ reasonable normative expectations of privacy from state intrusion and surveillance.

Categories
Quotations

2012.5.1

[The programmer type is] often egocentric, slightly neurotic, and he borders upon a mild schizophrenia. The incidence of beards, sandals, and other symptoms of rugged individualism or nonconformity are notably greater among this demographic group. Stories about programmers and their attitudes and particularities are legion, and do not bear repeating here.

Richard Brandon, “The Problem in Perspective.” In Proceedings of the 1968 23rd ACM National Conference, 332-334. New York: ACM Press, 1968.
Categories
Links Writing

The Nature of UK Rendition Processes

The Guardian has an excellent bit of coverage on UK-led rendition practices. These practices entailed collaborating with Libya and China to turn over members of the Libyan Islamic Fighting Group, an anti-Gaddafi organization. Ian Cobain, the journalist, precisely notes the kinds of experiences that UK and American agents subjected members of the organization to during their capture and transit to Libya.

It’s a harrowing read, but important, as it details the significance and associated dangers of the state’s secret extension of powers. It also recognizes that states will ‘turn’ on individuals and groups that they had once supported on the basis of building economic relations with a new ‘friend’. Perhaps most ominously, the article outlines how the secret court processes – where neither the accused nor their counsel are permitted to view or argue about evidence against the accused – have had their rulings ignored. Even the judges in these secret cases cannot impose their power on the state, indicating that arms of the government are entirely divorced from the accountability required for democratic institutions to (normatively) survive.

The only way to stop these kinds of practices is for the public to stop quietly ignoring the erosion of their democracies, civil liberties, and basic freedoms. It remains unclear how this can be done, but given the expansion of the state’s perception of its executive powers, it is imperative that citizens vigorously and actively begin protecting their democracies before the last shreds of democracy are truly lost.

Categories
Links

Guide to Hardening iOS 5

The Australian Department of Defence, Intelligence and Security division, has produced a particularly good walkthrough for hardening the iOS environment (.pdf). I’d recommend it to the curious and for system administrators who are interested in evaluating/contrasting their own iOS deployments.

Categories
Aside

How LEAs Would Get Information On You

An infographic that depicts surveillance creep under Bill C-30

Categories
Aside Links

Valve’s Handbook for New Employees

Valve’s Handbook for New Employees has made its way to the Internet. While such handbooks are normally incredibly dull – I mean, really, who hasn’t almost fallen asleep or committed suicide to escape reading one? – Valve’s is excellent.

It lays out corporate culture, modes of engaging with other employees, identifying tasks worth doing, and how the company actually functions. It doesn’t take itself too seriously and is scattered with jokes. Valve has, effectively, created a whimsical and useful document that embraces employees. Employers could learn from what Valve has done.

Categories
Links

Fixing Some of Gmail’s Design Problems

I’ve used Google Apps for years and absolutely despise the new UI changes. Jason Crawford has some suggestions about undoing some of the horror. If you use Gmail, and hate the changes as I do, his walkthrough will likely be of interest.

Categories
Aside

When lobbying government, it helps if your high-level staff were well-placed government staffers and officials