My Motiv activity ring

My Motiv ring on my hand

Finally the Motiv ring came

Motiv Ring pack

Nicely packaged and simple to setup although I did find the pairing with my Google Pixel 2 took a long time. I hooked it up to Google Fit but haven’t setup 2 factor auth yet but I just need to get the barcodes for some of my services and create my gesture. Kept meaning to save the barcodes in my password manager.

I did also pair it with my Ubuntu laptop but I’m unsure how to do anything with it except using Bluetooth unlock. The fit is good and the ring feels super light to me.

Motiv USB power charger

My only worry is I can’t seem to find another USB power unit for it, as I’d like to have one at home and one I can carry with me when away. I checked Amazon but I can’t find similar. Also not sure I can get another one separately unless I buy the USB Magnetic Charging Dock Keychain and Charging Dock?

So far so good…

If you are using whatsapp… update now and consider swapping to Signal!

Whatsapp on a mobile phone

Whatsapp, never used it never will. But I know many many of my friends do – please do update! Or even better dump it and use Signal messenger.

A security flaw in WhatsApp can be, and has been, exploited to inject spyware into victims’ smartphones: all a snoop needs to do is make a booby-trapped voice call to a target’s number, and they’re in. The victim doesn’t need to do a thing other than leave their phone on.

The Facebook-owned software suffers from a classic buffer overflow weakness. This means a successful hacker can hijack the application to run malicious code that pores over encrypted chats, eavesdrops on calls, turns on the microphone and camera, accesses photos, contacts, and other information on a handheld, and potentially further compromises the device. Call logs can be altered, too, to hide the method of infection.

The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15.

Airbnb Has a Hidden-Camera Problem – You telling me?

Airbnb monitoring warning
You would never guess it was a listening device from the picture

I was reading a piece in the Atlantic about Airbnb and the camera problem.

Of course this has super relevance to me after my experience of a Airbnb in Barcelona last year.

Airbnb’s rules allow cameras outdoors and in living rooms and common areas, but never in bathrooms or anywhere guests plan to sleep, including rooms with foldout beds. Starting in early 2018, Airbnb added another layer of disclosure: If hosts indicate they have cameras anywhere on their property, guests receive a pop-up informing them where the cameras are located and where they are aimed. To book the property, the guests must click “agree,” indicating that they’re aware of the cameras and consent to being filmed.

I do find it really interesting because Airbnb class listening devices such as Amazon Alexa as cameras too. I did think this would be very difficult to police. The transparency is welcomed, as before you had to search pictures for anything which looked suspicious.

In January, Bigham discovered cameras in his rental that he says were never disclosed. After he reached out to the Trust & Safety team, representatives told him he and his family had in fact consented to the cameras because they were visibly displayed in photos on the listing. After Bigham’s blog post on the ordeal went viral, Airbnb apologized and refunded his money.

But Bigham says customer-service representatives for Airbnb twice sided against him before reversing their original decision, and only after his blog post was widely shared online.

“No one really seems to know what they’re doing,” Bigham said in an email. “And it seems like it’s only going to get worse.”

In a statement, Airbnb said: “We have apologized to Mr. Bigham and fully refunded him for his stay. We require hosts to clearly disclose any security cameras in writing on their listings and we have strict standards governing surveillance devices in listings. This host has been removed from our community.”

As usual the public stink causes Airbnb to actually do something. I wonder how many complaints get shoved under the carpet?

Maybe it really time to drop twitter…

Dead twitter

I use to use Corebird on my laptop for twitter access. Today this was broken and with a quick search found a page explaining all.

As many of you may know, Twitter decided to remove the UserStream API, which many third-party clients use, including Corebird. It’s a vital part of the user experience and is used for real-time timeline updates, DM retrieval, mentions, etc.

The replacement is the Accounts Activity API. I have not looked much into its details since the technical difficulties are enough to make it virtually impossible for me to port Corebird to it, but what I know is that real-time tweet updates aren’t supported and the prices are well beyond what I could possibly pay (“$2,899 per month for 250 users”).

Now, there would be a few ways out, of course. Porting to the Accounts Activity API is off the table, but other protocols exist. Since Corebird has never been anything else than a Twitter client, there is no abstraction for the Twitter API however, so porting to another protocol will be a lot of work again. Since I’m not a student anymore, I can’t promise to do any of that work. The master branch is additionally in a very WIP state with the ongoing GTK4 port and a bunch of other features.

The API removal will take place mid-August, so Corebird will mostly stop working at that point. I do not know of any real alternative that is not twitter.com of course.

If this explanation was too convulted, http://apps-of-a-feather.com/ has one as well.

I’d like to thank everyone who helped me over they years and all the patrons on here especially for all the support.

Seriously… I’m so very very close to dropping twitter, as although I benefited greatly from it in the past. They seriously have over stepped the mark and my alternative Mastodon is growing massively. I already stopped cross posting to Facebook after their decision to drop automated posting.

As Twitter falls a part is it time to double down on Mastodon?

Dead twitter

Twitter is seriously getting up to no good.

Its super clear the openness of twitter is being stopped, told to stand against a wall with hands up and then shot in the head. Its not good and frankly, I don’t know about you but its starting to pee me off. I recently posted something to my facebook timeline about Facebook’s decision to stop automated posting under a persons account. Another frustrating thing as I was practising the POSSE method from the IndieWeb movement..

Facebook is no longer allowing automatically post to peoples profile. Meaning this timeline is going to get very quiet!
If you want to catch up with things check out www.cubicgarden.com and www.twitter.com/cubicgarden

Because of this my facebook interactions are mainly going to be checking my events including Volleyball training.

All this makes me think its time to double down on Mastodon? Of course I’m not the only one thinking this, cue Adrian and Naomia‘s mastodon 101 podcast.

The more I look at the more I think close my twitter account and just use Mastodon. Although the crossposter was helping till Twitter API changes broke that too.

It will be a shame to say goodbye but the more I see what twitter is about and see what Mastodon users are doing like listing the abuses/hate/rule breaks in different Mastodon instances into Github. I think this is the place to be and the whole setup/framework/infrastructure is what makes it all this possible. Heck with a bunch of the new W3C specs like WebmentionsFragmention and Micropub; I can see companies which enable/power their users really making amazing sustainable humane services.

Lessons from Starfish & the Spider, lets make a better internet together!

Multi-account containers for your multiple colourful identities?

Silicon Valley's lost its humanity
Mark Zuckerberg is “deluded” by his own faith in Facebook’s ability to be a force for good in the world.

I never got the chance to write about Facebook and Cambridge Analytica due to being on holiday and to be fair I wrote about them so much before.

Generally I personally think Zuckerberg’s response is just rubbish and far far too late.

Regardless, as expected GDPR was going to force their hand anyway, so they have implicated some of the changes needed to comply.

Regardless, its clear there needs to be changes we use these services if at all!

This is why I found Firefox Multi-Account Containers an interesting idea.

Firefox Multi-Account Containers lets you keep parts of your online life separated into color-coded tabs that preserve your privacy. Cookies are separated by container, allowing you to use the web with multiple identities or accounts simultaneously.

Its the reason I have 4 different browsers on my laptop and 3 on my smartphone. I don’t expect it to catch on but using the paradigm of containers could be quite good for those looking to separate things out a little. However profiles never seem to catch on, but the colour thing could make it much similar.

Beds with USB and Bluetooth

https://www.flickr.com/photos/39908901@N06/8355672587

Theres an advert on UK TV these holidays about a bed with USB ports. Of course this isn’t anything too exciting as there have been beds with Bluetooth for a while. But it got me thinking about a quote (which I can’t find now) but roughly goes…

“The aim of smartphone apps like facebook is to be the first thing you look at when waking up. Levels of success are measured by how long you spend in bed not moving just consuming.” – Power phrased….

Wish I could find the original quote because its sounded even more scary than what I could remember. Ideal ways to never deal with your smartphone addiction.

 

I joined Wire… slightly under peer pressure

Wire on Linux

I looked at Wire a while ago but stuck with Signal. Some friends think I’m insane when I say I’m not using Whatsapp, but I have many reasons.

Herb asked me why I use Signal and not Wire, then a few people at Thinking Digital put the final shot in the social cannon. So I re-looked at it again and installed it alongside Signal.

They are quite different, for example Signal is very tied to a phone number while Wire is but isn’t (well you can only register one phone number which is a shame). I can login with the email across devices and it doesn’t seem to offer its self as a sms/mms client. While Signal does offer to be a sms/mms client if you accept it. But you can’t run Signal on multiple phones as it locks to that phone number.

I originally didn’t see the 64bit Ubuntu/Debian package, so ran it through Wavebox which makes websites act like native apps. But today I saw the deb.

Generally I’m thinking of Wire as something more like Ubuntu, while Signal is more raw like Debian. I’m sure some will hate that comparison but I look forward to seeing where they both go next, both are secure, open and run across all platforms.

Whisper disappearing messages

But as they move forward with features, will they keep the same data ethics (privacy, security, data ownership, identity, permission) in mind? I really hope so..

Updated

Old friend Gabby has been talking to me on Wire and pointed me at this blog post which pretty much sums up the difference I found with Wire & Signal.

Wire vs other intant messeagersOne of the biggest differences compared to other secure messengers like WhatsApp or Signal, is that Wire does not require a phone number to sign up. Anyone can register with an email on desktop or tablet and then decide if they want to use the same account on their phone or not.

I joined mastodon microbloging service, not the rock band!

mastodonI have always been a big fan of Jabber, Laconi.ca and Status.net. All are federated services which go well beyond the centralised and even decentralised ideas. But they all were second fiddle to the centralised services like Twitter mainly down to user experience.

So I’m wondering if Mastondon will be any different? Of course theres only one way to find out, and thats to try it out.

So I am… but what is it?

Mastodon is a fast-growing Twitter-like social network that seeks to re-create the service’s best parts while eliminating its whale-sized problems. The distributed, open-source platform offers better tools for privacy and fighting harassment than Twitter does, but it also comes with a learning curve. Mastodon’s federated nature means there’s no single website to use, and learning how to wade through its timeline of tweets (which it calls toots) takes some time to adjust to.

But for anyone who misses “the old Twitter” — the days of purely chronological timelines, no ads, and an inescapable flood of harassment — Mastodon can feel like a haven

Old twitter was great I’ll be honest but its not that I long for the old days of twitter. Its just I can feel the their business model imposed from their backers/investors infringing on why I originally used twitter. There is a blog drafted which is all about how business models imposed by VC/backers/etc ruins services/products. For example Pebble, Evernote, Twitter, etc.

So I’m cubicgarden on mastodon.cloud, which should federate across to other Mastondon server instances. Feel free to say hi…

Mozfest retreat in Tallinn?

Tallinn Mozretreat

Mozfest the festival I have been in involved with for the last 6 years; is a collaborative event and of course there is some overhead to the collaboration. But Mozilla have ways to work through the usual issues with collaboration; be it collaborative tools first or subverting github to manage the open calls. Its quite amazing…

But sometimes you need to bring people together across the many different timezones we inhabit. 2 years ago it was Scotland, last year it was Berlin and this year its Tallinn.

Of course I was wondering like many others. I heard some great things about the place but it wasn’t hot on my list of places to go. But some more research has turned up some great stuff including the e-resident which I first heard about from Alex DS.

Ahead of Brexit, statistics reveal that almost 1,000 Brits have now applied to be e-residents of Estonia. Applications from the UK are being made twice as frequently as before the referendum, following an initial surge from three to 51 applications per week. More than half of all applications from the UK, 534, have arrived since the vote, while 231 arrived in the same period beforehand. Based on current trends, it is likely the 1,000th British application for e-residency will arrive this week, as Article 50 is due to be triggered.

Elsewhere, a website has been set up by the e-residency programme for British entrepreneurs called howtostayin.eu which explains how startups, established businesses and freelancers can use Estonian e-residency to continue their operations in the EU without leaving the UK.

I wish I had done it earlier, as I’ll be doing this for sure now

Interestingly I also found the p0rnhub insights for estonia while searching, which was fancinating but slightly , so you were warned! I was going to send it around to some of the Mozfest orginaisers but couldn’t find a way to explain why it was interesting or relavent.

Host your own RSS aggregator?

hosting Tiny Tiny RSS

It started with me getting fed up with Feedly trying to up-sell me to their premium subscription. I mean I get it but $5/month to host a simple RSS aggregator? This seems quite a hefty price (even with all the extras it provides, which I never really use).

So I first looked for alternatives to Feedly and found quite a lot. The main thing for me was having a Sync API, so I’m not reading the same stuff across my different devices. My thought was with a standard API, it wouldn’t matter what client or platform I use (although I’m using Linux and Android mainly). Standard I thought… boy was I dreaming.

After a lot of looking and reading I said screw this, I’m self hosting my own copy of tiny tiny rss, which seems very popular with people like myself trying to do the same thing. It seemed quite straight forward and I decided it was time to give rkt or docker a try as there was a docker image for it.

In a evening I had it setup, running and working with my exported feedly OPML file, while watching a film and cooking. Its currently only available to my network but I’ll likely make it externally available (without my VPN) once I got it setup with a SSL cert and 2 factor auth. I did notice my fav RSS reader on Android did support ttrss then somewhere along the line they pulled support for it. So I’ll try out the android app created by the author of ttrss, but the comments are… well.. interesting?

Zoosk data breach? Or something else?

Sell the data?

I recently got a message from you’ve been pwned, suggesting that its likely some of my personal data has been leaked via dating site Zoosk.

In approximately 2011, an alleged breach of the dating website Zoosk began circulating. Comprised of almost 53 million records, the data contained email addresses and plain text passwords. However, during extensive verification in May 2016 no evidence could be found that the data was indeed sourced from the dating service. This breach has consequently been flagged as fabricated; it’s highly unlikely the data was sourced from Zoosk.

I had a idea what fabricated meant, but I had a little read…

What is a “fabricated” breach?

Some breaches may be flagged as “fabricated”. In these cases, it is highly unlikely that the breach contains legitimate data sourced from the alleged site but it may still be sold or traded under the auspices of legitimacy. Often these incidents are comprised of data aggregated from other locations (or may be entirely fabricated), yet still contain actual email addresses of unbeknownst to the account holder. Fabricated breaches are still included in the system because regardless of their legitimacy, they still contain personal information about individuals who want to understand their exposure on the web. Further background on unverified breaches can be found in the blog post titled Introducing “fabricated” breaches to Have I been pwned.

Sold or traded!

People laughed ages ago about the idea of selling user data but lets say dating site z had lost a lot of the market due to new players in the space. They needed to stay a float, prove to their investors they are still profitable? User data would be a useful resource for revenue… Of course this is illegal but you would cover your tracks… right! Make it look like “hackers!”

The example Tony Hunt uses is Justdate.com as a example

There’s a whole other discussion to be had about what causes a bundle of data to be fabricated and called a breach in the first place. Attempts to monetise the data by selling the alleged breach, extortion of the company involved or just simple big-noting by individuals seeking notoriety are all feasible explanations for many of the fabricated breaches I see. For now, the important thing is that if your data is circulating in one of these dumps, there’s now a way to know about it.

To be clear I’m not saying Zoosk is doing this, but someone is certainly pointing the finger.

Dark data experiments?

Untitled - man in the dark
I have a lot of curiosity and one of the things which has consistently got me curious, is the challenges of the hidden. Hidden being the trick, the data, the technique, the place or the knowledge. This is why I’m very interested in Hacker House (it was almost added to my new years resolutions for 2017 even).

Currently data is the hidden which intrugued me the moment, hence my massive interest in data ethics. There’s been 3 experiments which have really got me jumping up and down about this all… thought I’d share while I eat cheese and drink wine on Christmas day

  • Click Click Click
    A perfect and fun demonstration of mouse tracking on websites using just JavaScript. This is the data the likes of Facebook, Google, Amazon, etc use to track users dwell time and implicit actions on the website. Found via some folks on our BBC R&D internal slack.
  • I know what you downloaded (…last summer or even last Christmas)
    This site collects IPs from public torrent swarms by parsing torrent sites and listening to the DHT network. They have more than 500.000 torrents which where classified and have data on peers sharing habits. The slightly twisted feature is the ability to share a link and see what people have been sharing. I promise not to do this but highlights the problem with shortern urls and long query strings you can’t be bother to read or don’t understand how they work (knowledge). Found via Torrentfreak
  • Find my phone
    Man’s smartphone is stolen in Amsterdam, so the same man decides to root another phone and deliberately track the phone. Along with the person who stole it! The results are turned into a video which you can watch on youtube.
    Found via Schneier

A new bitcoin wallet needed

Bitcoin

I caught wind of ChangeTip closing down Reddit. Then later today received this email.

As you may have heard, ChangeTip will be discontinuing services soon 🙁

You are receiving this email because you have money in your wallet, and we want you to get it back before we close our doors.

BTC balance: *************
USD balance: $************

Please login to your account and withdraw your funds. If you like, you may also log in and donate remaining funds to charity when you close your account.

I heard they were changing things up but this news is a shame. So I’m looking for somewhere to move my bitcoins. Bitcoin wallet looks popular and well I don’t know how long ChangeTip will enable the feature to transfer bitcoins (thank goodness for Dataportability eh?)

I found the micropayment side interesting and its a shame its gone of course there are others which I’ll check out in the future.