Author: Christopher Parsons

Policy wonk. Torontonian. Photographer. Not necessarily in that order.

Categories
Writing

parislemon: This Is Why We Can’t Have Nice Things

I agree with parislemon’s general take on the targeting of Apple and labour: Apple isn’t alone, and we can’t ignore the role of local government in (not) regulating the state of affairs at Foxconn (or other large manufacturing) plants. This said, language like the following in unacceptable and intentionally uncritical:

 While this report brings such an issue to the forefront, similar pieces and stories surface quite frequently, actually. Guess what changes? Nothing. It’s shitty to say, but it’s the truth. And we all know it.

The fact of the matter is that we live in a world that demands amazing technology delivered to us at low costs and at great speed. That world leads to Foxconn.

We say we care about the means by which the results are reached when we read stories such as this one. But then we forget. Or we chose not to remember. We buy things and we’re happy that they’re affordable. And then we buy more things. And more. With huge smiles on our faces. Without a care in the world.

In the above quotation, Siegler obfuscates the real role that our governments could have in shaping the supply chain. Imagine: if there were a requirement  that certain imported products (e.g. electronics) had to be certified to meet standardized ethical and human rights requirements. Would that increase the price of goods/prevent some from coming to market, initially? Certainly. As a result Chinese (and other foreign national) companies would dramatically increase labor standards because it would no longer be a competitive advantage to have such incredibly low standards. Prices would stabilize and we could buy iPhones, Blackberry devices, and the rest without sleepless nights.

What must happen, however, is that the West must see beyond itself. Citizens must recognize that they can shape the world, and refuse to just give up on the basis that change would threaten the existing, ethically bankrupt, neo-liberal economic practices that surround our lives. If the EU and North America refused to import ethically suspect electronics and gave significant preferential advantage to companies that were ethical in the production and disposal of goods, then significant change could occur.

It is our choice to adopt, or refuse, to enforce basic human rights in the economic supply chain. Technology – it’s production, usage, and disposal – is rife with ethical quandaries. We have to serious address them if we are to remedy intolerable behaviours the companies like Foxconn perpetuate.

Categories
Links

Weapons-Grade Data

Cory Doctorow being brilliant in sprucing up the metaphor that personally identifiable data is like nuclear waste. While the metaphor isn’t new, Doctorow does a great job as only a novelist can.

Every gram – sorry, byte – of personal information these feckless data-packrats collect on us should be as carefully accounted for as our weapons-grade radioisotopes, because once the seals have cracked, there is no going back. Once the local sandwich shop’s CCTV has been violated, once the HMRC has dumped another 25 million records, once London Underground has hiccoughup up a month’s worth of travelcard data, there will be no containing it.

And what’s worse is that we, as a society, are asked to shoulder the cost of the long-term care of business and government’s personal data stockpiles. When a database melts down, we absorb the crime, the personal misery, the chaos and terror.

 

Categories
Links

An Open Letter to Thorsten Heins

I’ll let Mr. Vida explain, in his own words, why you should go and read his open letter:

Why listen to yet another open letter?

I helped build PlayBook. My team designed the PlayBook OS. We spent the better part of a year sequestered in secrecy working on what we believe to be a tablet OS experience at least as good as an iPad and, in many ways, better. We are immensely proud of our work there. We view the PlayBook OS as our baby. We want to see it succeed. We know the potential it has.

Seriously: go read the letter. It’s more personal, and richer in experience, than any of the analyst accounts of Heins, RIM, or the PlayBook. It’s also short, succinct, and well written. Read it.

Categories
Links

Android & iPhone Update History

calmscape: Android & iPhone Update History

The seriousness of Android’s (lack of) security updates cannot be overstated. Phones that do not receive security updates can be subject to many of the most serious security attacks – such as man in the middle attacks, certificate-based MITM attacks, browser-based attacks, and so forth – and users remain ‘locked’ to their phones because of years-long contracts.

In essence, Android users on lengthy contracts with carriers are forcibly, contractually, linked to long-term security sinkholes.

This is an absolutely inexcusable situation, and one that Google, phone vendors, or carriers should be legislatively mandated to remedy.

Categories
Links

Will Android lead to RIM’s Security ‘Death Knell?’

Bloom reports:

…[Graham Thompson, president of Ottawa-based Intrinsec Security Technologies] cautions that RIM’s plans to tap into the Android marketplace could place a serious security burdern on the beleaguered company.  An Android adherent himself, he nevertheless says the potential for breaches with Android apps threatens the core of RIM’s business strategy.

“I don’t understand why an [Android] application, for example, like a flashlight, requires Wi-Fi access or Internet access. It just makes no sense to me. Yet people are willing to say, ‘Yeah, go ahead. I don’t care about the privileges that this application is looking for. I just want my flashlight.’ And what impact does that have on corporate data is one of the main questions.”

I’m not exactly happy with the (impoverished) state of Android or iOS security. I’m happier (though I refrain from the full on “happy”) with RIM’s approach to data sharing with their app market (I’ve documented here some of the highly technical, and unwieldily, means that RIM notifies customers of security concerns). That said, I would wait before pronouncing that RIM’s integration of Android will lead to doom.

Specifically, those who have dealt with the RIM/Android integration have reported that Android apps do not get free reign on the device. This means that key Android ‘hooks’ are not always available, thus limiting the ‘damage’ they can do to a particular security profile.

Moreover, we cannot look at the integration without also considering the role of BlackBerry fusion, a system that intentionally hives off professional and personal ‘sections’ of the device. This segregation (in theory) should mean that even if an Android app breeches the RIM personal security protections, that the app should not have access to the professional side of the device and data contained in this element of the device.

Does this necessarily save the end-consumer, buying the device from Rogers, O2, or other wireless firm? No. Does it save businesses (a key market, and most zealous for, security assurance)? Much more likely.

Categories
Links

Primer on GPG in Mac OS X

Robert Sosinski has a good walkthrough of setting up GPG in OS X. Hopefully we’ll see some non-console-based instructions sometime in the near future to help those who are gun-shy when presented with a command prompt!

Categories
Writing

Browsing on Your Mobile Should Not Disclose Your Phone Number

In the past day or three, it’s come to light that O2 – a major mobile phone provider in the UK – made the very serious error of disclosing its users’ phone numbers in HTTP headers (i.e. the headers that are part of every single communication with a website). The researcher who discovered this – Lewis Peckover – has made available a site that will check whether your phone is disclosing its phone number when visiting websites. You don’t need to be an O2 customer to double check that your mobile provider is doing things (im)properly.

This significant release of information occurred because:

“Technical changes we [O2] implemented as part of routine maintenance had the unintended effect of making it possible in certain circumstances for website owners to see the mobile numbers of those browsing their site,” the company wrote.

However, the company added that it had previously disclosed this information, but only when “absolutely required by trusted partners”.

“When you browse from an O2 mobile, we add the user’s mobile number to this technical information, but only with certain trusted partners.”

The company said this was needed to manage “age verification, premium content billing, such as for downloads, and O2’s own services”.

However the technical glitch meant the sharing went further it said: “In addition to the usual trusted partners, there has been the potential for disclosure of customers’ mobile phone numbers to further website owners.”

In light of this ‘glitch’ I would hope that a more secure way of confirming age/purchasing credentials is rapidly rolled out. Significantly, not only every website visited had access to mobile phone numbers but every advertising server potentially had access to this information as well. This would include Google, Quantcast, and so forth.

It will be incredibly curious to see how the ICO treats this data leak. I think that core failures like the O2 phone leak demonstrate just how linked many of our communications systems and identifiers are, and speak volumes to the need for significantly better evaluation of network upgrades before they are rolled out to live environments.

Categories
Links

The stranger danger: Exploring Surveillance, Autonomy and Privacy in Children’s Use of Social Media

A really terrific paper on social media and ‘stranger danger’. You should read it.

Categories
Aside

Hayles, Visualized

An image that immediately (for me) brings Hayles’ critiques of cybernetic visions of the human to mind.

Categories
Links Writing

Piracy as Saving History?

I haven’t seen this argument before. It’s clever: stripping DRM (and/or transforming files to be cross-compatible with a variety of software readers) means that (in theory) those files will be accessible for longer periods of time, thus letting us preserve our (digital) history. From the article:

Piracy’s preserving effect, while little known, is actually nothing new. Through the centuries, the tablets, scrolls, and books that people copied most often and distributed most widely survived to the present. Libraries everywhere would be devoid of Homer, Beowulf, and even The Bible without unauthorized duplication.

The main difference between then and now is that software decays in a matter of years rather than a matter of centuries, turning preservation through duplication into an illegal act. And that’s a serious problem: thousands of pieces of culturally important digital works are vanishing into thin air as we speak.

At issue: I’m really not sure that a total archive of everything digital is actually something that we want, or necessarily need. A LOT of books, games, poems, and so forth were lost to the mists of time, and it’s not entirely clear to me that our world has fallen apart because of such losses.

History is a patchwork that is contingent on us perceiving certain items as more or less important from a partial and retrospective position. Moreover, it should be noted that truly significant texts/poems/artifacts have historically been replicated and distributed because of their value/importance at the time. Do we necessarily need a campaign of mass piracy – under the auspice of ‘preserving history’ – to ensure that similar efforts are made to secure the most critical elements of our past? I’m not so sure.