Author: Christopher Parsons

Policy wonk. Torontonian. Photographer. Not necessarily in that order.

Categories
Quotations

Phone hacking, for the most part, depends on remote access. Hackers obtain unprotected phone numbers from a variety of sources – Facebook must be a favorite – or by social engineering. PINs, for the most part, are easy to guess. Hacking typically takes place in the legitimate user’s absence.

Unless Apple or Google plans to bar remote access to devices, facial recognition security surely only solves a small part of the problem. Back to the drawing board.

~Kim Davis, from Internet Evolution

Categories
Videos

Lessig Interviews Abramoff

Curious about the inner workings of Congressional and Senate corruption? Then set some time aside and watch this video. It’s a bit long – it goes for about 90 minutes – but is well worth your time.

Categories
Humour

Security Measures

Security Measures – Ric Stultz    2012

The security systems are aware, armed, and not taking prisoners.

Categories
Aside Links

iOS is a Security Vampire

I’m sorry, but what Path did is (in some jurisdictions, such as my own) arguably a criminal offence. Want to know what they’ve been up to?

When developer Arun Thampi started looking for a way to port photo and journaling software Path to Mac OS X, he noticed some curious data being sent from the Path iPhone app to the company’s servers. Looking closer, he realized that the app was actually collecting his entire address book — including full names, email addresses, and phone numbers — and uploading it to the central Path service. What’s more, the app hadn’t notified him that it would be collecting the information.

Path CEO Dave Morin responded quickly with an apology, saying that “we upload the address book to our servers in order to help the user find and connect to their friends and family on Path quickly and efficiently as well as to notify them when friends and family join Path. Nothing more.” He also said that the lack of opt-in was an iOS-specific problem that would be fixed by the end of the week. [emphasis added]

No: this isn’t an ‘iOS-specific problem’ it’s an ‘iOS lacks an appropriate security model and so we chose to abuse it problem’. I cannot, for the life of me, believe that Apple is willing to let developers access the contact book – with all of its attendant private data – without ever notifying the end user. Path should be tarred, feathered, and legally punished. This wasn’t an ‘accident’ but a deliberate decision, and there should be severe consequences for it.

Also: while the Verge author writes:

Thampi doesn’t think Path is doing anything untoward with the data, and many users don’t have a problem with Path keeping some record of address book contacts.

I think that this misses a broader point. You should not be able to disclose mass amounts of other people’s personal information without their consent. When I provide key contact information it is for an individual’s usage, not for them to share my information with a series of corporate actors to do whatever those actors want with it. The notion that a corporation would be so bold as to steal this personal information to use for their own purposes is absolutely, inexcusably, wrong.

Categories
Links Writing

The rules of a creators life

Creative Something: The rules of a creators life

I’d suggest that these 9 principles are essential to guiding me through daily life. I would want to add a tenth item though:

10. Be willing to fail, and fail often, and just be sure to learn a little from each failed project.

Categories
Humour

I’ll Call you ‘An Ambulance’, OK?

fuckyeahgenderneutralstem: Siri, please help me when i’m dying.

Siri and voice recognition gone horribly, horribly wrong (in tragically comedic ways).

Categories
Links Writing

MegaUpload’s Shutdown: Financial Implications for Artists

Mike Masnick points out something that a large portion of the media missed in initial discussions surrounding the MegaUpload seizures:

There’s a key point in all of this that we missed in our earlier analysis about paid accounts at Megaupload. In the indictment, the government seems to assume that paid accounts are clearly all about illegal infringing works. But that’s not always the case. In fact, plenty of big name artists – especially in the hip hop world – use the paid accounts to make themselves money. This is how they release tracks. You sign up for a paid account from services like Megaupload, which pay you if you get a ton of downloads. For big name artists, that’s easy: of course you get a ton of downloads. So it’s a great business model for artists: they get paid and their fans get music for free. Everyone wins. Oh… except for the old gatekeeper labels.

There were certainly a large number of files that were potentially infringing – with the ability to ascertain whether something is or isn’t infringing being impossible to conduct automatically using digital systems because of legal ambiguities – but there were also many clearly non-infringing files. Those that were directly uploaded by artists for download were amongst this latter category.

While some artists who have already made it big might suffer a decrease in revenue/earnings, but still enjoy a life dedicated to creating new works, those who have yet to ‘break through’ will suffer disproportionately from losing an easy-to-use service that could generate some revenue. The smallest artists lose, the largest lose, and consumers lose. I’m not even certain that the labels themselves ‘win’, insofar as generating bad will likely hinders their ability to establish strong (positive) brand relationships with prospective consumers.

Categories
Links

Skype, the FBI, and MegaUpload

In the aftermath of the MegaUpload seizures we’ll hopefully learn more about how the FBI gained access to Skype transcripts. As reported by CNet:

The FBI cites alleged conversations between DotCom and his top lieutenants, including e-mail and Skype instant-messaging logs. Some of the records go back nearly five years, to MegaUpload’s earliest days as a cyberlocker service–even though Skype says “IM history messages will be stored for a maximum of 30 days” and the criminal investigation didn’t begin until a few months ago.

Sources told CNET yesterday that Skype, the Internet phone service now owned by Microsoft, was not asked by the feds to turn over information and was not served with legal process.

The U.S. Department of Justice told CNET that it obtained a judge’s approval before securing the correspondence, which wouldn’t have been necessary in the case of an informant. “Electronic evidence was obtained though search warrants, which are reviewed and approved by a U.S. court,” a spokesman for the U.S. Attorney for the Eastern District of Virginia said.

Skype saves chat records with contacts in a directory on the local hard drive, which could be accessed by FBI-planted spyware.

While it wouldn’t necessarily be surprising if spyware was used, it would be interesting to see more details of this come to public light. Moreover, was the spyware/electronic access authorization acquired in the US and then the malware implanted on computers in foreign jurisdictions, or did it target local (American) computers? If it was implanted on foreign computers, were local authorities aware of what was going on and did they have to give their approval?

Categories
Links Writing

It’s Time to Stop Buying the Capacity Crisis Myth

From DSL Reports,

As usual though, actually bothering to listen to and look at the data tells a different story. Nobody argues that spectrum is infinite, but buried below industry histrionics is data noting that there really isn’t a spectrum crisis as much as a bunch of lazy and gigantic spectrum squatters, hoarding public-owned assets to limit competition, while skimping on network investment to appease short-sighted investors. Insiders at the FCC quietly lamented that the very idea of a spectrum crisis was manufactured for the convenience of government and industry.

Burstein correctly reminds us that there’s nothing to fear, and with modern technology like LTE Advanced and more-than adequate resources, any wireless company struggling to keep pace with demand is either incompetent or cutting corners (or both). The idea that our modern networks face rotating oblivion scenarios lest we not rush to do “X” is the fear mongering of lobbyists, politicians, and salesmen. All of them use fear by trade, but the key failure point when it comes to capacity hysteria seems to continually be the press, which likes to unskeptically repeatwhatever hysterical scenario gets shoveled their direction each month.

I think that this really strikes to the heart of things: while all parties recognize the (literally) physical differences between different physical layers that are used to deliver broadband services, hysterics (on both sides) have stifled rational discussion. We really need to have the engineers come forward to talk about things in a manner that lets them evade corporate ‘loyalties’. Moreover, we need to acknowledge that spectral bandwidth is one component of data transmission, not the entirety of it. New codecs, new compression algorithms, and new efficiency protocols can all enable much higher bandwidth volumes and throughput while using identical amounts of spectrum as older, less effective, means of using spectral resources. We need to holistically look at these resources, and get away from as much FUD as we can.

Categories
Links

Precious Fragmentation: Nokia Windows Phone Fragmentation

preciousfragmentation on Nokia device fragmentation:

In the autumn, they announced the Lumia 800. It was beautiful, powerful, and unique looking, very European. Then, at CES this year, they announced the Lumia 900, essentially the same as the 800, but bigger, and with LTE functionality, built for North American hands. Now, there’s a rumour about…

The point that customers can ‘trust’ Apple because of the fairly predictable development and release cycle is key. It’s hard to develop an ‘aspirational’ brand if as soon as someone actually possesses one of your branded items they feel like they made a bad decision. In effect, you run the risk of becoming just another parts manufacturer, one that the consumer doesn’t want to trust with their emotional reserves.

They might still buy your products, they might talk about neat things about your products, but they won’t aspire to own or preach about your product or business. What’s worse, they won’t necessary be able to explicitly state why they have a grudge, but it will come through in the discussion with other prospective consumers.

The effect of these rapid ‘upgrade’ products? Word of mouth advertising is semi-poisoned from the get-go, which undermines your brand and your company’s most effective means of generating product awareness and interest.