Not a professional but I play one on TV. #privacy #infosec #random #fun
9741 words

Happy Super Ad Sunday

Happy Super Ad Sunday everyone.  At $5,000,000 for a 30 second spot. this is the marketing event of the year.  The Super Bowl really isn't about football, it's about trying to sell us everything under the sun.  I guess it has been that way for at least 35 years or more.  One of the first major Ad's I can remember during the Super Bowl was the Apple 1984 Ad where the Mac was introduced. I'm sure the marketing phenomena started before that, but for some reason that moment crystalizes it for me.  I can remember watching it with awe.

I wonder what the ROI is for these commercials when compared with an equivalent spend on social media.  I'm willing to bet it would be better on Facebook or Snap.  However, the tradition of it all dictates the marketing.  The Super Bowl is like every brands debutante ball and this year is no different, despite the pandemic.

On a different note. Amanda Gorman's poem was awesome.


Has Facebook Reached Dive Bar Status?

Does anyone else feel like Facebook is reaching the end of a long descent from the happening place in town to a dive bar with a bunch of people sitting around playing remember when?   Once upon a time Facebook was the place to be.  Everyone was just getting on it and it was amazing when you saw yet another person you know had joined and wanted to be friends.  You would poke them and they might poke you back, not to mention the superpokes.  It was starting to blow past Myspace in popularity and everyone was starting to use it. This video hilariously summed up that moment in time.

Fast Forward 12 years and Facebook has now taken a darker turn.  It has become the meeting place for the over 40 crowd and possibly a recruiting ground for all types of extremist groups.  Meanwhile young upstarts like TikTok and Snap have lured a younger demographic.  It has gone from a bar that once hosted the hottest acts to on that now has classic rock playing on the jukebox non stop.

Perhaps this is the lifecycle of a company? Especially in the social media era, where popularity is ephemeral but screw ups last forever.


Why are Tech Companies to Liberal?

With the exception of a few, most of the very large tech companies are very liberal.  That statement probably shocks no one.  The question I ask myself is why?

Is it because tech companies are frequently innovative and forward thinking which leads to a more progressive vibe?

Is it in the company's political business interest to align themself left?

That's not to say that every employee leans left but the overall stance of the company tends to be driven by the employees.


Is Privacy the Domain of the Rich?

It occurred to me the other day that the worry about privacy and encryption may be a first world problem.  That's not to say that there isn't this worry across the economic spectrum.  However, it seems the majority people who feel empowered enough to take charge of their data are generally in higher income brackets.  This could be because they have the money to pay for apps that are more privacy preserving but it also may be because they have more time to worry about these things.  Your average person has many worries that they need to deal with each day (money, family, health, etc).  Something like privacy and and encryption is likely at the bottom of the list of very real and important worries.  While many people in higher income brackets work extremely hard and may very well have the same worries they are generally handled differently.  Knowing that you have decent health insurance and a steady paycheck that can support your family can go a long way.  As will the ability to pay for the latest secure app or more privacy centric iphone, mac, etc (if you believe that Apple has a privacy focus).  

Here is an example. I am currently typing this note out using Standard Notes, which is an encrypted notes app.  Even though the base product is free, a subscription is required to unlock all but the most basic features.  While I have the ability to pony up for a 5 year subscription to a secure notes app, many do not.  Instead people are likely to look for a free option that will accomplish their need (taking notes).  This may be at the expense of some level of privacy or security but not everyone has the disposable income to just spend ~200 dollars on an app like this.

Another example is email.  Encrypted "Secure" email providers like Protonmail and Tutanota have free options but the feature set is somewhat limited.  For the more advanced features we need to pay a subscription fee.  Services like Gmail and Yahoo offer their services completely for free with the big caveat that they may track your data.  People with disposable cash can afford to pay for email but the great majority of people are going to go for the free options without concern of tracking.

There are also some exceptions that are free like Signal and to a lesser extent whatsapp (barf).  On whole though most of the privacy and security preserving services are more accessible to those in higher income brackets than they are in lower ones.

I think the core of the question is how do we make privacy are security more accessible?


Apple's Walled Garden

I'm a big fan of Apple products.  Probably not enough to call me a fanboy but definitely enough to call me an enthusiast.  This post is being typed using Standard Notes on my Macbook Pro.  I then also re-reread it on my Iphone or my Ipad while watching Netflix on my AppleTV, while listening to the dialogue on my Airpods.  In the past, I have tried Chromebooks, Android tablets and Pixel phones but I find their ecosystem to be fragmented and the user experience to be not as fluid as on an apple product.

My attraction to Apple is that everything just works.  They function very much like my toaster functions.  I don't have to think about how it toasts bread, I just put bread in it, push the lever down, set it to how dark I want it and voila, toast.  This is how I have always thought about Apple products.  I don't have to think about how they work or futz with them.  I just open my Macbook or Ipad and start doing my thing.  

Much of this consistency, ease of use and fluidity comes from the fact that apple controls everything about their hardware and software. This even includes the manufacture of the CPU on their iphones, ipads and even the M1 Macbooks, the latter of which I don't currently have.  While this level of control does great things for user experience it is tough when you want to do something unsupported and deemed unacceptable in the Apple kingdom.

This complete control prioritizes stability and user experience over choice.  For example, If I wanted to completely swap out my desktop environment on a Linux system that is completely doable.  On a Mac, no such luck.  This creates a much more generic but consistent operating environment.  Much to power users chagrin.  Techies want choice and Apple does not provide that.  

This lack of choice is both a good and bad thing.  For a general user, it provides guardrails and guarantees a consistent and almost flawless experience.  For a power user, this can be limiting and constrain their ability to customize their system to their particular needs and wants.

Neither one is right or wrong.  It's just a matter of use case.


What the Hell is Going On with People on Twitter

What the hell is going on with people on Twitter?  I do have a twitter account but remain relatively quiet or non-expressive on many things.  That is mainly because of the sheer amount of outrage I see posted there on a daily basis.  Some of this outrage is warranted.  However, much of it is over nothing.  For example, someone posting an opposite view on an issue can frequently reach a death spiral resulting in the original author being called out and harassed.  Worse yet they will receive terrible DM's threatening violence, rape, or just outright lambasting them for their view.  This behavior happens across the political spectrum and extends well into non-political matters.  

Someone I follow posted an innocuous joke that was not politically, racially or sexually charged.  However, the mob decided that the joke was wrongthink and sent threatening DM's of all shapes and sizes.  This type of overreaction is dangerous.  While there is nothing wrong with having opposing viewpoints and debating a point.  It is another thing entirely to threaten someone because you don't like what they said.  

There are several way that this behavior instantiates itself. Some examples: 

  1. Someone posts something deliberately controversial on twitter then claims harassment whenever someone respectfully challenges their viewpoint.
  2. Someone posts something on twitter that angers the mob and they get harassing and threatening responses and DM's
  3. Someone get lambasted for the way they look or other non tweet related issues
  4. Someone posted something controversial on twitter and gets death threats
  5. Guys sending dickpics to female users

One of the things I find very annoying is someone who deliberately tweets a controversial point on twitter and then claims they are being harassed when someone responds with an opposite viewpoint.  Especially when their initial viewpoint is itself calling someone else out.  The level of victimization here is staggering. I often find that the same people who claim this type of harassment are harassers themselves.  Ready to spring into action every time a point THEY disagree with is raised.  Claims of fostering online harassment are met with online harassment by those claiming to be victimized and their allys. 

It's as if the hive mind of twitter users are just poised to spring into outrage at the slightest misstep or errant tweet. As I said earlier, this outrage machine spans the political and ideological spectrum. I see people on the right freak out about people on left.  People on the left freak out about people on the right.  Basically, it seems that everyone is freaking out about *something*.


My Thoughts on Content Creation

I had an epiphany today.  Why are we giving social media our content for free? Some sites like YouTube give you a small piece of the pie but by and large the lions share still goes to them.  It is almost becoming a digital reality show, complete with staged drama.  Especially on Twitter.

In effect, social media makes money because we are willing to share our lives, and created content with them.  Not only that, but we are also giving them a perpetual license to use that content as they see fit.  Twitter, Facebook, Instagram, TikTok, Snap and numerous other social media sites are monetizing our content. They then use this content to draw more people in and gain even more content. This content ecosystem then contributes to the tracking of their user base for better Ad targeting. 

Sure, there is the hope of becoming an "influencer". Becoming an influencer is more the exception than the rule.  I would estimate that no more that 1%-2% of social media users actually become influencers.  Given the size of the collective user base that is also probably a gross overestimation on my part.  It's like chasing the dragon, social media edition. 

Back to my original point though.  Why do we do this?  We are literally handing over the keys to our lives to a third party and saying sure you can have my life.  All for the privilege of using their platform and having our every moved tracked.  I also think it goes deeper than that.  It is our need for acceptance and validation.  Every time someone clicks that like button we get an endorphin hit. They like me, they really like me.  That is what our brains tell us. 

The problem with this is the crash that happens.  We now need another hit so we generate more content to chase the validation.  It's like drugs.  Except the only money changing hands is between the advertisers and the dealer.  We are the ones manufacturing the drugs and also getting high on our own supply.  Let's stop doing it.  I realize that I am saying this while literally posting content to listed but at least they aren't monetizing it.


Howl 2020

I found this poem on medium and found it interesting. It's not artistic in the classic sense and does not conform to the usual poetry style but it's raw and I like it.

I saw the best minds of my generation destroyed by disinformation, believing total fabrications,

dragging themselves through the social media sites at dawn looking for an angry fix,

unable to critically think with reason and understanding while burning for the next conspiracy,

whose vote counts, whose theory mounts, whose truth is in tatters

The president lies, lawyers lie, politicians lie, your parents lie, you lie,

To yourself, your lonely existence pathetically staring at a screen for truth,

That which does not exist anymore, only in the minds of your forebears and even then they were wrong,

quelled by years of daily news delivery on paper and on tv, five o’clock, six o’clock, seven o’clock, eleven o’clock,

News that’s what they called it, an opiate for the masses to keep up with the goings on of their neighbors,

Replaced by Facebook, twitter, instagram, whatsapp, tiktok and thousands of false websites.

All of which amplify the loudest, stupidest voices for racsim, sexism, fascism, materialism, hundreds of isms.

All exist for you to feel better about your small, lonely existence, masturbating alone in your bedroom after posting pictures of your perfect life

A curated, fabricated life full of selfies, photobombs, laughing, smiling, living

A false life, a missing life, with no experience outside the walls of your mother’s basement

You may as well stayed in her womb where it was warm, comfortable and you were a parasite on her body.

You are a parasite on the world, creating nothing, inventing nothing, building nothing, doing nothing, and consuming everything

Presidents, congressmen, senators they are just pitchmen selling their master’s products door to door and on the internet

the internet of things is the internet of shit, the internet is shit, billions of pieces of shit swirling around a virtual toilet bowl

Refusing to be flushed out of your mind, false information stuck in your brain and mixed with porn and advertisements.

Privacy for The Common Person Pt. 3

With the deck stacked so far against the privacy of common people, how do we protect our privacy? The short answer is that we can't. The level of tracking is too pervasive. If you carry a phone, shop in a store, drive a car, or walk in your neighborhood, aspects of your life are being tracked without any way to opt out. However, you can protect the privacy of some of your activities. 

Web Browsing - By virtue of browsing the web are leaving a trail of data. This trail can be minimized (but not eliminated) in several ways.

  • Use a more privacy friendly browser like Brave, Firefox or even Safari. These browsers all have some level of anti-tracking tech that works marginally well. 

  • Use a VPN. This is one for the more tech savvy and is of dubious benefit (funny video) but yes a VPN will help shield your actual IP address. If you are browsing from your home wifi a vpn hides the IP address of your home network, if on a mobile phone it will hide the actual IP address of mobile device.

  • Use an ad-blocker - I don't use ad-blockers but they are also a viable option

Email - Use an email service that protects your privacy.  Gmail and Yahoo mail are not the droids you are looking for here.  Some options are below:

  • Protonmail - Protonmail is an encrypted email service located in Switzerland.  It is the gold standard of privacy protection. They have zero access to your data since it is end to end encrypted. However, your mileage may very when sending emails to non protonmail addresses.

  • Tutanota - Tutanota is also a very popular encrypted email service.  It is located in Germany which is slightly less of a privacy preserving country. They also have zero access to your data due to end to end encryption.

Messaging - Messaging is so pervasive now, having a privacy preserving messenger is almost more important than encrypted email.  Some options are below:

  • Whatsapp - Don't use it.  Screw whatsapp!

  • Slack - If you use it for work use it. For personal use you should avoid it.  They have access to your data.

  • Telegram - Maybe use it.  I do not fully trust it because they have claimed to roll their own encryption instead of using open standards. This makes their service a black box of is it secure or isn't it.

  • imessage - Imessage is end to end encrypted by default and supports normal SMS messaging (green bubble).  This is what many people use and it is probably "good enough" from a privacy perspective.  However, if you don't trust Apple move along.

  • Signal - Signal is the app you want for private and secure messaging. Very similar to Protonmail it is the gold standard of privacy.  It isn't as pretty as imessage but it's userbase is growing daily and it is trusted by most journalists, activists, whistleblowers and unfortunately, criminals.  It also supports unencrypted text messaging.

  • Keybase - Keybase uses an interesting model of social proofs to validate that you are you.  It also uses that buzzword known as blockchain.  Keybase is a very secure service and provides fully encrypted chat and file storage. Think of it as an secure version of slack with fewer features.

There are many other chat apps, email services, and web browsing tips.  These are just a few of my random tips for today. They key point here is to find a service that can be trusted and to stick with it. I could literally go on for hours and hours.  Until next time...


Privacy For The Common Person Pt. 2

When everyone thinks of surveillance capitalism they think of the free model. A service like facebook provides you something for free and captures every bit of data it can. While this is definitely a large part of it, it isn't the end of the story, it is only the beginning. The truth of the matter is everyone is gathering data about you It doesn't matter whether it is a free service or not. Some are more aggressive than others but almost every company does it.

For example, I pay for a subscriptions to a number of news sites. When I fire up my browser and look at the number of trackers loaded by the their main pages, here is what I see:

  • Washington Post - 20 trackers
  • NY Times - 12 trackers
  • LA Times - 11 trackers
  • National Review - 16 trackers

These trackers are applied to me even though I am a paid subscriber and already logged into each site with my account. The product isn't free but I am still the product.

Another example is internet service providers. We pay them (sometimes through the nose) to provide us with internet service. What many people don't know is that many are monetizing people's browsing activity. In many cases this is done via their "custom" service specific DNS services that capture every site you go to. For the tech savvy, there are many ways around this tracking. However, the majority of the world is not tech savvy and is blissfully unaware. This article in Fast Company (39 trackers) gives a decent outline of the issue. Again, our internet is not free and we are still the product.

I could go on and on listing examples. The key point here is the situation is much more nuanced and complex than just free is bad and paid is good. EVERYONE wants our data. The question is, how do we event start protecting it? More on that next time...


Privacy For The Common Person Pt. 1

Privacy has become a buzzword in the last few years. However, does anyone really understand what it means? While I work in the industry, I am neither a trained privacy or security engineer, but I am privacy and security conscious. Lately, I have been having this nagging feeling that I am in the minority. In fact, I also feel like I am fighting a losing battle for both the privacy and security of my data. This is with good reason. There is an entire economy based on hoovering up every last bit of data about us.

It is not just about the big tech players that have been so demonized in the media and politicians. Those same media companies and politicians are in on the data collection scheme. The truth is pretty much EVERYONE wants data about you, buying habits, viewing habits, travel habits, health issues, web browsing habits, etc., etc. It is done for many reasons, some perfectly valid and some that are pretty shady. 

One example is the merger of HBO and AT&T. HBO had historically maintained a very curated and selective library of shows that were perceived as high quality and had very high production values. This was supported through subscription fees that people paid via cable and later on with HBO Now. When AT&T took over, they pushed for more and varied content on HBO's platform. Much of which would be lower quality than HBO's typical fare. The reason being was that AT&T was less interested in the subscription fees than they were about gathering data about the viewing habits of its that was the real market opportunity. That data could then be sold to advertisers and other interested parties. Now, not only do you pay a subscription fee, but the information they gather about represents a whole new way to make money.

Another example is the various shopping club programs people belong like Safeway Club Card, Target Circle Rewards, etc. These are marketed as a way to save money on shopping but has anyone thought of why you save that money? It is because they are making more money using and/or selling the data that is gathered about its members. The more they know about you, the more they can target your specific buying habits with "Special Offers" and targeted advertising.  

Then there is the classic example of social media. It's surprising, but it still comes as a shock how much data various social media companies track. Every post, thumbs up, message, link, and page view, is captured and analyzed to build a profile of you. This data can then be sliced and diced in many ways to create profiles about your demographic, you personally, and about many other things. 

As the saying goes, "if the product is free, YOU are the product." More specifically, your data is the product. That is the devil's bargain you make when signing up for "free" services. However, this devil's bargain is also becoming more and more prevalent in non-free services. More on that next time.....