In the December issue of Computer Fraud & Security, an article by Prof Steven Furnell – ‘Assessing password guidance and enforcement on leading websites’ – presents some fascinating original research into the password practices of various leading websites – and also paints a somewhat…
Whenever I read about bad passwords, I’m reminded of XKCD’s comic on password strengths.
Surveillance is not itself sinister any more than discrimination is itself damaging … there are dangers inherent in surveillance systems whose crucial coding mechanisms involve categories derived from stereotypical or prejudicial sources.
~D. Lyon. (2003). Surveillance as Social Sorting: Privacy, Risk and Digital Discrimination. New York: Routledge. Pp. 2.
We must go further [than simply demanding transparency] and inject public values into development cycles while also intentionally hobbling surveillance technologies to rein in their most harmful potentialities.
Transparent Practices Don’t Stop Prejudicial Surveillance
This is possibly the most insane remote I’ve ever seen. God help the traditional television makers if Apple ever produces a real TV.
Google “Surveillance” Monster
Of course, we do need to remember that surveillance in and of itself isn’t necessarily sinister: it’s when a surveillance practice’s coding mechanisms involve categories derived from stereotypical/prejudicial sources that we most need to worry.
On the whole, I really like my PlayBook. That said, there are certain UI decisions that make absolutely no sense and are in desperate need of being cleaned up. One example: the URL bar in the default browser.
Lauren has a cogent framing of the legislative hurdles that might lead to SOPA getting through the House and Senate. I think that the ‘lets put up banners’ is a cruddy way to inform the public of SOPA’s implications. I agree that full-on blackouts of majors sites is a poor public relations tactic and unlikely to positively raise public (and legislative) awareness).
What might work, however, is highly targeted blackouts. Why not prevent the Congress, Senate, and White House, along with all other government bodies throughout the US, from accessing key sites such as Google, Facebook, Wikipedia, and so forth. This would make legislators realize what they’re about to do, its implications, and create a large enough media event that the public might wake up to what’s going on in Washington. Companies needn’t target the public themselves but just create a focusing event that brings SOPA and its problems to the public’s attention and legislators’ attention at effectively the same time.
Now, would political organizations get around ‘blockades’? Sure. The aim wouldn’t be perfect enforcement of a blockade but to capture real attention on SOPA and its harms, and make those harms tangibly real to the folks responsible for voting (or not) on this POS bill.
While Agrawal’s article argues that those in Silicon Valley are developing for people who’re as saturated as they are, I think that he’s really missing what makes the Valley what it is. For decades, we’ve seen interesting ideas and products come out of California that are absolute flops. They’re not flops because the products are necessarily bad but because the deliverables don’t identify a real problem or offer a real solution. That’s not a bad thing, and critiques along grounds of ‘flops’ (and crafting products for the future, rather than the past) misses what’s important about the Valley’s function as a thought incubator: ideas are crafted and honed, underlying principles and technical challenges are ironed out, and eventually some bits and pieces of “failed” ideas and products tend to be integrated into the future’s successful product lines.
Innovative development, much like scholarly work, is often intellectually exciting and vibrant while lacking a direct market output. It’s because we can test, experiment, and play that cool things ultimately come out of the ether. If we demand that most, or all, of Silicon Valley’s (and academia’s) projects meet existing problems, and avoid dreamlike solutions to undefined issues, we’re going to see a lot less interesting and novel things that (seemingly) pop out of nowhere.
Paul Thurrott reports that Microsoft is no longer guaranteeing that mobile updates will be delivered to end-users and will no longer give guidance about when/if those updates will come.
I suspect that Microsoft’s actions are the result of carriers not caring one lick about security and actively opposing performance updates to “old” phones. Carriers aren’t themselves affected by security deficiencies that they are largely responsible for prolonging, and if new cool features are automatically provided in a smartphone update then the customer is less likely to rush out and buy a new phone with the same features. Carriers need to be held accountable: if they know there are security updates and refuse to let them go out to customers, then customers’ contracts should be broken with those same carriers. If customers experience actual harms, then the carriers should be legally – and financially – liable.
Microsoft, and the other mobile OS vendors, need to realize that the most important customer base is the people buying phones, not the device manufacturers or carriers. The latter two groups are important, yes, but if Microsoft can’t convince end-customers to pick up their phones and be happy about the choice a few months later then Microsoft is going to turn into an Android-like OS manufacturer. We already have one too many of those.
An instance of non-security theatre?
Excited Pixels