social-hardware – Page 2 – Cubicgarden.com…

Mastodon shows, social data-portability the way it should be

https://mas.to/@cubicgarden/104231400255269868

I recently moved from Mastodon.cloud to Mas.to. My main reason was for some (political?) reason mastodon.cloud was no longer accepted as part of the crossposter accepted domains.

I looked into hosting my own crossposter but decided there might be a reason why mastodon.cloud isn’t supported anymore? I had a look around the fediverse and read quite a few of the terms for each instance/domain. Mas.to looked good.

The actual moving was easily done as per the instructions here.

So easy and quick, if only it was always like this…?

Do I agree to Google’s new privacy terms?

Google is making some changes to its privacy terms and is urging us to read them.

We know it’s tempting to skip these Terms of Service, but it’s important to establish what you can expect from us as you use Google services, and what we expect from you.

I’m slowly making my way through the terms but one thing I’m certainly going to do is related to the location of my data in googles data centres.

I’m not down with this part… I understand why they would do it but in the same way I voted to stay within a block of countries with harden data privacy laws. I need to personally do something.

Because of this I’m switching away from Gmail and deleting lots of archived emails. I’m also going to start using encryption more with google drive. I have been a bit lazy with this all, weighing up the balance of convenience and effort. Google provide a lot of useful things to me, but I think its time to move some more critical parts way, starting with email.

So I’m torn between Protonmail and Tutanota but also been looking at others.

Why one client is a bad idea

I recently saw this in my email and elsewhere…

We recently fixed a vulnerability within Twitter for Android that could allow a bad actor to see nonpublic account information or to control your account (i.e., send Tweets or Direct Messages). Prior to the fix, through a complicated process involving the insertion of malicious code into restricted storage areas of the Twitter app, it may have been possible for a bad actor to access information (e.g., Direct Messages, protected Tweets, location information) from the app.

We don’t have evidence that malicious code was inserted into the app or that this vulnerability was exploited, but we can’t be completely sure so we are taking extra caution.

We have taken steps to fix this issue and are directly notifying people who could have been exposed to this vulnerability either through the Twitter app or by email with specific instructions to keep them safe. These instructions vary based on what versions of Android and Twitter for Android people are using. We recommend that people follow these instructions as soon as possible. If you are unsure about what to do, update to the latest version of Twitter for Android. This issue did not impact Twitter for iOS.

We’re sorry this happened and will keep working to keep your information secure on Twitter. You can reach out to our Office of Data Protection through this form to request information regarding your account security.

Its clear to me, twitter’s plan to restrict API access to limit the clients and ultimately force people into using their own app… is and always was a bad idea!

Jack talks a good game about a decentralised twitter but lets be honest, its not going to truly happen. Their company interests are too tightly wound up in this all. Of course theres already standards for this, just that twitter refuse to support micropub, activitypub, etc… Rosemary mentions this on a twit recently.

Mozilla festival’s 10th anniversary, get your ticket before they are gone!

The word is out… its very likely the last Mozilla festival in London and the UK. Although sad to see, it will go on to be even bigger

After 10 incredible years, 9 of which were in London, MozFest is asking Where to next?

As a community, we have so much to celebrate for this 10th festival. As we reflect on all we have learnt and built together, we invite you to join us in imagining what the next 10 years of growth and experiences for the MozFest community could be — in a new location.

But wait!

Its not over yet! The next Mozilla Festival for 2019 is on for the week of Monday 20th October – Sunday 27th October. Yes a whole week of celebrations for the festival which set the conversation involving tech, policy, law, design and media. It was 2010 when Mozilla created the book Mozilla Learning, Freedom and the Web, which lead the way to the yearly Internet heath report.

For the week of the Mozilla Festival you are going to want to block out your schedule for some great events in the RSA London during the week (especially the Public spaces / private data event). By the end of the week you will be fired up for the start of the last Mozilla festival in London. Then get stuck in for 2 days of incredible sessions given by people from all over the world. The diversity of the talks will blow you away but all based around Mozilla’s internet health report. Quick plug for my two sessions you don’t want to miss… 3D’s – Dating, Deception and Dataportability (GDPR edition) and The Dyslexic advantage

Of course there’s amazing parties every evening and I expect each one will be incredible being the 10th Mozfest and the last one in the UK. After the success of last years werewolf, I’ll be running another space for those who fancy a break free for the full moon. By Sunday who knows I might even get a chance to throw some tunes down on the pacemaker device?

Its a full on week but well worth it and you can like the organisers relaxed on Monday afternoon.

Get your tickets now, and notice 10 pound discount if you attend one of the free Mozhouse events.

Twitter is now somewhat back for me… for how long?

I pretty much stopped using twitter after the change to their streaming API which broke my Linux client Corebird, meaning the only way to refresh the timeline is to close the app and start it again. Yeah crazy stuff!

On top of this my client on Android, Plume only gets direct messages a few times a day and there’s other messed up things happen which just cause all types of problems.

I refuse to install the twitter app because I’m pretty peed off about Twitter and to be frank I was using Mastodon to connect to twitter in the Indieweb POSSE way.

Then today I saw there is a fork of Corebird called Cawbird. I installed it and its working (currently). However I don’t trust Twitter to not mess with things making it impossible for such a linux app to work without constant changes.

Facebook tries to claw its self back

Screenshot_2019-09-01 (1) Islington Wharf

I noticed Facebook seems to be integrating Instagram into the Facebook web. I don’t have Instagram and refuse to use it due to their terms of use. But I assume their terms match Facebooks? I find the whole thing annoying to be honest but it feels like a very desperate way to claw back users attention.

Talking about desperate, I happened to see this in my newsfeed. I usually don’t look at my newsfeed at all but something has happened with a friend which means I had to browse a bit (don’t worry it won’t become a habit).

Facebook is so full of crap, and stuff like this confirms it to me. Facebook couldn’t give a flying crap about me spending time with friends and family. I was so insulted by this notice I almost laughed out loud.

I almost wanted to look around to see what other treats (nonsense) they had planned for a user who gets in and gets out; only looking at a few groups for events. But theres so much more important things to get angry about right now.

My Motiv activity ring

Finally the Motiv ring came…

Nicely packaged and simple to setup although I did find the pairing with my Google Pixel 2 took a long time. I hooked it up to Google Fit but haven’t setup 2 factor auth yet but I just need to get the barcodes for some of my services and create my gesture. Kept meaning to save the barcodes in my password manager.

I did also pair it with my Ubuntu laptop but I’m unsure how to do anything with it except using Bluetooth unlock. The fit is good and the ring feels super light to me.

My only worry is I can’t seem to find another USB power unit for it, as I’d like to have one at home and one I can carry with me when away. I checked Amazon but I can’t find similar. Also not sure I can get another one separately unless I buy the USB Magnetic Charging Dock Keychain and Charging Dock?

So far so good…

If you are using whatsapp… update now and consider swapping to Signal!

Whatsapp, never used it never will. But I know many many of my friends do – please do update! Or even better dump it and use Signal messenger.

A security flaw in WhatsApp can be, and has been, exploited to inject spyware into victims’ smartphones: all a snoop needs to do is make a booby-trapped voice call to a target’s number, and they’re in. The victim doesn’t need to do a thing other than leave their phone on.

The Facebook-owned software suffers from a classic buffer overflow weakness. This means a successful hacker can hijack the application to run malicious code that pores over encrypted chats, eavesdrops on calls, turns on the microphone and camera, accesses photos, contacts, and other information on a handheld, and potentially further compromises the device. Call logs can be altered, too, to hide the method of infection.

The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15.

Airbnb Has a Hidden-Camera Problem – You telling me?

Airbnb monitoring warning — You would never guess it was a listening device from the picture

I was reading a piece in the Atlantic about Airbnb and the camera problem.

Of course this has super relevance to me after my experience of a Airbnb in Barcelona last year.

Airbnb’s rules allow cameras outdoors and in living rooms and common areas, but never in bathrooms or anywhere guests plan to sleep, including rooms with foldout beds. Starting in early 2018, Airbnb added another layer of disclosure: If hosts indicate they have cameras anywhere on their property, guests receive a pop-up informing them where the cameras are located and where they are aimed. To book the property, the guests must click “agree,” indicating that they’re aware of the cameras and consent to being filmed.

I do find it really interesting because Airbnb class listening devices such as Amazon Alexa as cameras too. I did think this would be very difficult to police. The transparency is welcomed, as before you had to search pictures for anything which looked suspicious.

In January, Bigham discovered cameras in his rental that he says were never disclosed. After he reached out to the Trust & Safety team, representatives told him he and his family had in fact consented to the cameras because they were visibly displayed in photos on the listing. After Bigham’s blog post on the ordeal went viral, Airbnb apologized and refunded his money.

But Bigham says customer-service representatives for Airbnb twice sided against him before reversing their original decision, and only after his blog post was widely shared online.

“No one really seems to know what they’re doing,” Bigham said in an email. “And it seems like it’s only going to get worse.”

In a statement, Airbnb said: “We have apologized to Mr. Bigham and fully refunded him for his stay. We require hosts to clearly disclose any security cameras in writing on their listings and we have strict standards governing surveillance devices in listings. This host has been removed from our community.”

As usual the public stink causes Airbnb to actually do something. I wonder how many complaints get shoved under the carpet?

Maybe it really time to drop twitter…

I use to use Corebird on my laptop for twitter access. Today this was broken and with a quick search found a page explaining all.

As many of you may know, Twitter decided to remove the UserStream API, which many third-party clients use, including Corebird. It’s a vital part of the user experience and is used for real-time timeline updates, DM retrieval, mentions, etc.

The replacement is the Accounts Activity API. I have not looked much into its details since the technical difficulties are enough to make it virtually impossible for me to port Corebird to it, but what I know is that real-time tweet updates aren’t supported and the prices are well beyond what I could possibly pay (“$2,899 per month for 250 users”).

Now, there would be a few ways out, of course. Porting to the Accounts Activity API is off the table, but other protocols exist. Since Corebird has never been anything else than a Twitter client, there is no abstraction for the Twitter API however, so porting to another protocol will be a lot of work again. Since I’m not a student anymore, I can’t promise to do any of that work. The master branch is additionally in a very WIP state with the ongoing GTK4 port and a bunch of other features.

The API removal will take place mid-August, so Corebird will mostly stop working at that point. I do not know of any real alternative that is not twitter.com of course.

If this explanation was too convulted, http://apps-of-a-feather.com/ has one as well.

I’d like to thank everyone who helped me over they years and all the patrons on here especially for all the support.

Seriously… I’m so very very close to dropping twitter, as although I benefited greatly from it in the past. They seriously have over stepped the mark and my alternative Mastodon is growing massively. I already stopped cross posting to Facebook after their decision to drop automated posting.

As Twitter falls a part is it time to double down on Mastodon?

Twitter is seriously getting up to no good.

Today, our User Streams, Site Streams, and legacy Direct Message endpoints will begin a brief period of degraded service before being retired entirely.

Developers using these services can learn more and find migration guides on the forum: https://t.co/hedzTXO6as

— Twitter API (@TwitterAPI) August 16, 2018

Its super clear the openness of twitter is being stopped, told to stand against a wall with hands up and then shot in the head. Its not good and frankly, I don’t know about you but its starting to pee me off. I recently posted something to my facebook timeline about Facebook’s decision to stop automated posting under a persons account. Another frustrating thing as I was practising the POSSE method from the IndieWeb movement..

Facebook is no longer allowing automatically post to peoples profile. Meaning this timeline is going to get very quiet!
If you want to catch up with things check out www.cubicgarden.com and www.twitter.com/cubicgarden

Because of this my facebook interactions are mainly going to be checking my events including Volleyball training.

All this makes me think its time to double down on Mastodon? Of course I’m not the only one thinking this, cue Adrian and Naomia‘s mastodon 101 podcast.

The more I look at the more I think close my twitter account and just use Mastodon. Although the crossposter was helping till Twitter API changes broke that too.

It will be a shame to say goodbye but the more I see what twitter is about and see what Mastodon users are doing like listing the abuses/hate/rule breaks in different Mastodon instances into Github. I think this is the place to be and the whole setup/framework/infrastructure is what makes it all this possible. Heck with a bunch of the new W3C specs like Webmentions, Fragmention and Micropub; I can see companies which enable/power their users really making amazing sustainable humane services.

Lessons from Starfish & the Spider, lets make a better internet together!

Multi-account containers for your multiple colourful identities?

Silicon Valley's lost its humanity — Mark Zuckerberg is “deluded” by his own faith in Facebook’s ability to be a force for good in the world.

I never got the chance to write about Facebook and Cambridge Analytica due to being on holiday and to be fair I wrote about them so much before.

Generally I personally think Zuckerberg’s response is just rubbish and far far too late.

Regardless, as expected GDPR was going to force their hand anyway, so they have implicated some of the changes needed to comply.

Regardless, its clear there needs to be changes we use these services if at all!

This is why I found Firefox Multi-Account Containers an interesting idea.

Firefox Multi-Account Containers lets you keep parts of your online life separated into color-coded tabs that preserve your privacy. Cookies are separated by container, allowing you to use the web with multiple identities or accounts simultaneously.

Its the reason I have 4 different browsers on my laptop and 3 on my smartphone. I don’t expect it to catch on but using the paradigm of containers could be quite good for those looking to separate things out a little. However profiles never seem to catch on, but the colour thing could make it much similar.

Beds with USB and Bluetooth

https://www.flickr.com/photos/39908901@N06/8355672587

Theres an advert on UK TV these holidays about a bed with USB ports. Of course this isn’t anything too exciting as there have been beds with Bluetooth for a while. But it got me thinking about a quote (which I can’t find now) but roughly goes…

“The aim of smartphone apps like facebook is to be the first thing you look at when waking up. Levels of success are measured by how long you spend in bed not moving just consuming.” – Power phrased….

Wish I could find the original quote because its sounded even more scary than what I could remember. Ideal ways to never deal with your smartphone addiction.

I joined Wire… slightly under peer pressure

I looked at Wire a while ago but stuck with Signal. Some friends think I’m insane when I say I’m not using Whatsapp, but I have many reasons.

Herb asked me why I use Signal and not Wire, then a few people at Thinking Digital put the final shot in the social cannon. So I re-looked at it again and installed it alongside Signal.

They are quite different, for example Signal is very tied to a phone number while Wire is but isn’t (well you can only register one phone number which is a shame). I can login with the email across devices and it doesn’t seem to offer its self as a sms/mms client. While Signal does offer to be a sms/mms client if you accept it. But you can’t run Signal on multiple phones as it locks to that phone number.

I originally didn’t see the 64bit Ubuntu/Debian package, so ran it through Wavebox which makes websites act like native apps. But today I saw the deb.

@cubicgarden Yes, Linux is experimental and community based – feel free to pitch in! https://t.co/vvbnjIPnBJ

— Wire (@wire) May 16, 2017

Generally I’m thinking of Wire as something more like Ubuntu, while Signal is more raw like Debian. I’m sure some will hate that comparison but I look forward to seeing where they both go next, both are secure, open and run across all platforms.

But as they move forward with features, will they keep the same data ethics (privacy, security, data ownership, identity, permission) in mind? I really hope so..

Updated

Old friend Gabby has been talking to me on Wire and pointed me at this blog post which pretty much sums up the difference I found with Wire & Signal.

One of the biggest differences compared to other secure messengers like WhatsApp or Signal, is that Wire does not require a phone number to sign up. Anyone can register with an email on desktop or tablet and then decide if they want to use the same account on their phone or not.