Category: Links

Categories
Links

iMessage apps offer more layers of encryption, but do you need one?

Macworld:

Adding encryption you control inside an iMessage transmission can provide more assurances that your messages remain unreadable to others, but there a whole lot of provisos you need to consider before accepting this as a higher level of security.

It’s nice to see reviewers of applications present the concerns, first, before what might be nice about new ‘security’ apps. Namely that crypto is hard to do, not all crypto is the same, and there are basic questions concerning the reliability of the companies providing the security assurance.

More broadly, that applications can route double-encrypted messages through Apple Messages will not necessarily enhance security but, instead, mean that comunications are only as secure as the application applying the second layer of security. Apple is a great big target that everyone wants to penetrate and so Apple hires terrific technical and legal staff to keep government and others at bay. Can we expect that app developers selling encryption apps for a dollar or two will possess an equivalent commitment and competency?

Categories
Links

Why wearable fitness trackers offer no weight-loss ‘advantage’

CBC:

Both groups had significant improvements in body composition, fitness, physical activity and diet, with no significant difference between groups, they said.

In total, 75 per cent of participants completed the study.

Estimated average weights for the group wearing trackers were 212 pounds at study entry and 205 pounds at 24 months, resulting in an average weight loss of about 7.7 pounds.

In comparison, those in the website group started out at 210 pounds when the study began and weighed in at 197 pounds at 24 months, for an average loss of 13 pounds.

Still, Jakicic said in an email: “We should not send the message that these wearable technologies do not help with weight loss — there were some in our study for whom it made a difference.

I would argue that the ‘advantage’ that the trackers offer is to motivate people who otherwise might be less mindful on a regular basis to increase their daily activity. The headline of the article directly contradicts the point made by the study’s author: that the message should not be that wearables do not help with weight loss.

Perhaps one of the broader issues is that weight loss is predominantly associated with dietary changes. Fitness trackers focus on activity. As such, meeting fitness tracker goals (absent food monitoring) can lead to reduced weight losses as compared to those engaged in more comprehensive health and diet tracking.

Categories
Links

NYPD can’t count cash they’ve seized because it would crash computers

From Ars Technica:

The New York City Police Department takes in millions of dollars in cash each year as evidence, often keeping the money through a procedure called civil forfeiture. But as New York City lawmakers pressed for greater transparency into how much was being seized and from whom, a department official claimed providing that information would be nearly impossible—because querying the 4-year old computer system that tracks evidence and property for the data would “lead to system crashes.”

Even with the system, however, the NYPD’s Assistant Deputy Commissioner Robert Messner told the New York City Council’s Public Safety Committee that the department had no idea how much money it took in as evidence, nor did it have a way of reporting how much was seized through civil forfeiture proceedings—where property and money is taken from people suspected of involvement in a crime through a civil filing, and the individuals whom it is seized from are put in the position of proving that the property was not involved in the crime of which they were accused.

So NYPD has spend millions on an expensive database that prevents them from conducting accountability queries on seized evidence? That’s an interesting design choice.

Categories
Links

Coffee & Power – The best coffee shops to work from when you travel.

This is one of the most amazing websites that I’ve come across: for those of us who routinely work from coffee shops, it lists whether or not there are plentiful power outlets as well as passwords for wifi.

Categories
Links

That sinking feeling: Why the bankruptcy of shipping giant Hanjin has so many companies worried

Salon:

Hanjin accounts for about 3 percent of shipping containers globally. It’s big enough that U.S. retailers are worried that delays will shorten the busy holiday shopping season as they wait for goods to arrive. And U.S. exporters now anticipate a 50 percent hike in shipping fees, according to Peter Friedmann, executive director of the U.S. Agricultural Transportation Coalition.

There are lots of reasons for the bankruptcy – including lots of extra ships being in the water right now and a slowdown in the global economy – but this should be cause for concern if only because it showcases the magitude of some of the world’s economic issues right now.

Categories
Links

IMSI Catcher Report Calls for Transparency, Proportionality, and Minimization Policies – The Citizen Lab

IMSI Catcher Report Calls for Transparency, Proportionality, and Minimization Policies:

The Citizen Lab and CIPPIC are releasing a report, Gone Opaque? An Analysis of Hypothetical IMSI Catcher Overuse in Canada, which examines the use of devices that are commonly referred to as ‘cell site simulators’, ‘IMSI Catchers’, ‘Digital Analyzers’, or ‘Mobile Device Identifiers’, and under brand names such as ‘Stingray’, DRTBOX, and ‘Hailstorm’. IMSI Catchers are a class of of surveillance devices used by Canadian state agencies. They enable state agencies to intercept communications from mobile devices and are principally used to identify otherwise anonymous individuals associated with a mobile device and track them.

Though these devices are not new, the ubiquity of contemporary mobile devices, coupled with the decreasing costs of IMSI Catchers themselves, has led to an increase in the frequency and scope of these devices’ use. Their intrusive nature, as combined with surreptitious and uncontrolled uses, pose an insidious threat to privacy.

This report investigates the surveillance capabilities of IMSI Catchers, efforts by states to prevent information relating to IMSI Catchers from entering the public record, and the legal and policy frameworks that govern the use of these devices. The report principally focuses on Canadian agencies but, to do so, draws comparative examples from other jurisdictions. The report concludes with a series of recommended transparency and control mechanisms that are designed to properly contain the use of the devices and temper their more intrusive features.

I’m not going to lie: after working on this with my colleague, Tamir Israel, for 12 months it was absolutely amazing to publicly release this report. What started as a 1,500 word blog post meant to put defense lawyers on notice of some new legislation transmogrified into a 130 page report that is the most comprehensive legal analysis of these devices that’s been done to date. It’s going to be interesting to see what the effects of it are for cases currently being litigated in Canada and around the world!

Categories
Links

National security review tries to tackle needs of law enforcement in digital world | Toronto Star

The Toronto Star:

Lawful access is “a real thorny issue,” said University of Ottawa law professor Craig Forcese, a national security law expert, in an interview with the Star.

“For years I’ve been saying we’ve got to deal with it, and you can’t deal with it without investing people in a discussion, because the best-organized civil liberties organizations in Canada right now are privacy groups,” said Forcese.

“And if you go ahead unilaterally and start tabling stuff in Parliament, you’re going to have a replay of the disaster of the last decade in Parliament where nothing ever got passed, except the cyberbullying bill which didn’t address all the issues.”

Parliament did a lot over the last decade. Including passing lawful access legislation following more than 10 years of public debate that included numerous public consultations (i.e. not just with civil liberties organizations).

That civil liberties groups – which by definition argue hard against infringements of constitutional rights – did their jobs is to be congratulated not smeared.

Categories
Links

Ants are destroying your plants by nurturing perfect aphid colonies

Ars Technica:

The results were stark. All but one of the aphid colonies that were not tended by ants went extinct. Of the surviving aphid colony, only one aphid remained. Without ants to protect them, the aphids were eaten by predators like ladybug larvae and parasitoid wasps. Apparently, ants remove these predators from their herds when they come to milk the aphids for honeydew. The ants win, the aphids win, but the mugwort suffers. A version of this scenario plays out all over the world, where ant invasions often mean aphid invasions, too.

Ants: the protectors of the aphid world, apparently.

This also explains a lot about the challenges I’ve experienced dealing with aphid infestations in the past!

Categories
Links

Two critical bugs and more malicious apps make for a bad week for Android

Ars Technica:

It was a bad week for millions of Android phone users. Two critical vulnerabilities were disclosed but remain unpatched in a large percentage of devices, while, separately, malicious apps were downloaded as many as 2.5 million times from Google’s official Play Marketplace.

The vulnerabilities, which are similar in severity to the Stagefright family of bugs disclosed last year, have been fixed in updates Google began distributing Tuesday. A large percentage of Android phones, however, aren’t eligible to receive the fixes. Even those that do qualify don’t receive them immediately (the September updates are currently not available as over-the-air downloads for either of the Nexus 5X devices in my household). That gives attackers crude blueprints for exploiting vulnerabilities that remain unpatched on millions of devices.

The bag of hurt continues unabated.

Categories
Links

Location Privacy: The Purview of the Rich and Indigent

Krebs on Security:

In Texas, the EFF highlights how state and local law enforcement agencies have free access to ALPR equipment and license plate data maintained by a private company called Vigilant Solutions. In exchange, police cruisers are retrofitted with credit-card machines so that law enforcement officers can take payments for delinquent fines and other charges on the spot — with a 25 percent processing fee tacked on that goes straight to Vigilant. In essence, the driver is paying Vigilant to provide the local cops with the technology used to identify and detain the driver.

“The ‘warrant redemption’ program works like this,” the EFF wrote. “The agency is given no-cost license plate readers as well as free access to LEARN-NVLS, the ALPR data system Vigilant says contains more than 2.8-billion plate scans and is growing by more than 70-million scans a month. This also includes a wide variety of analytical and predictive software tools. Also, the agency is merely licensing the technology; Vigilant can take it back at any time.”

That’s right: Even if the contract between the state and Vigilant ends, the latter gets to keep all of the license plate data collected by the agency, and potentially sell or license the information to other governments or use it for other purposes.

Another case of the private surveillance sector overcoming state institutions, and to the detriment of citizens’ rights to privacy.