Category: socialware-online

Do I agree to Google’s new privacy terms?

Google's new privacy termsGoogle is making some changes to its privacy terms and is urging us to read them.

We know it’s tempting to skip these Terms of Service, but it’s important to establish what you can expect from us as you use Google services, and what we expect from you.

I’m slowly making my way through the terms but one thing I’m certainly going to do is related to the location of my data in googles data centres.

I’m not down with this part… I understand why they would do it but in the same way I voted to stay within a block of countries with harden data privacy laws. I need to personally do something.

Because of this I’m switching away from Gmail and deleting lots of archived emails. I’m also going to start using encryption more with google drive. I have been a bit lazy with this all, weighing up the balance of convenience and effort. Google provide a lot of useful things to me, but I think its time to move some more critical parts way, starting with email.

So I’m torn between Protonmail and Tutanota but also been looking at others.

Why one client is a bad idea

 

I recently saw this in my email and elsewhere…

We recently fixed a vulnerability within Twitter for Android that could allow a bad actor to see nonpublic account information or to control your account (i.e., send Tweets or Direct Messages). Prior to the fix, through a complicated process involving the insertion of malicious code into restricted storage areas of the Twitter app, it may have been possible for a bad actor to access information (e.g., Direct Messages, protected Tweets, location information) from the app.

We don’t have evidence that malicious code was inserted into the app or that this vulnerability was exploited, but we can’t be completely sure so we are taking extra caution.

We have taken steps to fix this issue and are directly notifying people who could have been exposed to this vulnerability either through the Twitter app or by email with specific instructions to keep them safe. These instructions vary based on what versions of Android and Twitter for Android people are using. We recommend that people follow these instructions as soon as possible. If you are unsure about what to do, update to the latest version of Twitter for Android. This issue did not impact Twitter for iOS.

We’re sorry this happened and will keep working to keep your information secure on Twitter. You can reach out to our Office of Data Protection through this form to request information regarding your account security.

Its clear to me, twitter’s plan to restrict API access to limit the clients and ultimately force people into using their own appis and always was a bad idea!

Jack talks a good game about a decentralised twitter but lets be honest, its not going to truly happen. Their company interests are too tightly wound up in this all. Of course theres already standards for this, just that twitter refuse to support micropub, activitypub, etc… Rosemary mentions this on a twit recently.

 

Twitter is now somewhat back for me… for how long?

cawbird on linux

I pretty much stopped using twitter after the change to their streaming API which broke my Linux client Corebird, meaning the only way to refresh the timeline is to close the app and start it again. Yeah crazy stuff!

On top of this my client on Android, Plume only gets direct messages a few times a day and there’s other messed up things happen which just cause all types of problems.

I refuse to install the twitter app because I’m pretty peed off about Twitter and to be frank I was using Mastodon to connect to twitter in the Indieweb POSSE way.

Then today I saw there is a fork of Corebird called Cawbird. I installed it and its working (currently). However I don’t trust Twitter to not mess with things making it impossible for such a linux app to work without constant changes.

Facebook tries to claw its self back

Screenshot_2019-09-01 (1) Islington Wharf

I noticed Facebook seems to be integrating Instagram into the Facebook web. I don’t have Instagram and refuse to use it due to their terms of use. But I assume their terms match Facebooks? I find the whole thing annoying to be honest but it feels like a very desperate way to claw back users attention.

Screenshot_2019-09-01 (1) Facebook

Talking about desperate, I happened to see this in my newsfeed. I usually don’t look at my newsfeed at all but something has happened with a friend which means I had to browse a bit (don’t worry it won’t become a habit).

Facebook is so full of crap, and stuff like this confirms it to me. Facebook couldn’t give a flying crap about me spending time with friends and family. I was so insulted by this notice I almost laughed out loud.

I almost wanted to look around to see what other treats (nonsense) they had planned for a user who gets in and gets out; only looking at a few groups for events. But theres so much more important things to get angry about right now.

If you are using whatsapp… update now and consider swapping to Signal!

Whatsapp on a mobile phone

Whatsapp, never used it never will. But I know many many of my friends do – please do update! Or even better dump it and use Signal messenger.

A security flaw in WhatsApp can be, and has been, exploited to inject spyware into victims’ smartphones: all a snoop needs to do is make a booby-trapped voice call to a target’s number, and they’re in. The victim doesn’t need to do a thing other than leave their phone on.

The Facebook-owned software suffers from a classic buffer overflow weakness. This means a successful hacker can hijack the application to run malicious code that pores over encrypted chats, eavesdrops on calls, turns on the microphone and camera, accesses photos, contacts, and other information on a handheld, and potentially further compromises the device. Call logs can be altered, too, to hide the method of infection.

The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15.

Airbnb Has a Hidden-Camera Problem – You telling me?

Airbnb monitoring warning
You would never guess it was a listening device from the picture

I was reading a piece in the Atlantic about Airbnb and the camera problem.

Of course this has super relevance to me after my experience of a Airbnb in Barcelona last year.

Airbnb’s rules allow cameras outdoors and in living rooms and common areas, but never in bathrooms or anywhere guests plan to sleep, including rooms with foldout beds. Starting in early 2018, Airbnb added another layer of disclosure: If hosts indicate they have cameras anywhere on their property, guests receive a pop-up informing them where the cameras are located and where they are aimed. To book the property, the guests must click “agree,” indicating that they’re aware of the cameras and consent to being filmed.

I do find it really interesting because Airbnb class listening devices such as Amazon Alexa as cameras too. I did think this would be very difficult to police. The transparency is welcomed, as before you had to search pictures for anything which looked suspicious.

In January, Bigham discovered cameras in his rental that he says were never disclosed. After he reached out to the Trust & Safety team, representatives told him he and his family had in fact consented to the cameras because they were visibly displayed in photos on the listing. After Bigham’s blog post on the ordeal went viral, Airbnb apologized and refunded his money.

But Bigham says customer-service representatives for Airbnb twice sided against him before reversing their original decision, and only after his blog post was widely shared online.

“No one really seems to know what they’re doing,” Bigham said in an email. “And it seems like it’s only going to get worse.”

In a statement, Airbnb said: “We have apologized to Mr. Bigham and fully refunded him for his stay. We require hosts to clearly disclose any security cameras in writing on their listings and we have strict standards governing surveillance devices in listings. This host has been removed from our community.”

As usual the public stink causes Airbnb to actually do something. I wonder how many complaints get shoved under the carpet?

Maybe it really time to drop twitter…

Dead twitter

I use to use Corebird on my laptop for twitter access. Today this was broken and with a quick search found a page explaining all.

As many of you may know, Twitter decided to remove the UserStream API, which many third-party clients use, including Corebird. It’s a vital part of the user experience and is used for real-time timeline updates, DM retrieval, mentions, etc.

The replacement is the Accounts Activity API. I have not looked much into its details since the technical difficulties are enough to make it virtually impossible for me to port Corebird to it, but what I know is that real-time tweet updates aren’t supported and the prices are well beyond what I could possibly pay (“$2,899 per month for 250 users”).

Now, there would be a few ways out, of course. Porting to the Accounts Activity API is off the table, but other protocols exist. Since Corebird has never been anything else than a Twitter client, there is no abstraction for the Twitter API however, so porting to another protocol will be a lot of work again. Since I’m not a student anymore, I can’t promise to do any of that work. The master branch is additionally in a very WIP state with the ongoing GTK4 port and a bunch of other features.

The API removal will take place mid-August, so Corebird will mostly stop working at that point. I do not know of any real alternative that is not twitter.com of course.

If this explanation was too convulted, http://apps-of-a-feather.com/ has one as well.

I’d like to thank everyone who helped me over they years and all the patrons on here especially for all the support.

Seriously… I’m so very very close to dropping twitter, as although I benefited greatly from it in the past. They seriously have over stepped the mark and my alternative Mastodon is growing massively. I already stopped cross posting to Facebook after their decision to drop automated posting.

As Twitter falls a part is it time to double down on Mastodon?

Dead twitter

Twitter is seriously getting up to no good.

Its super clear the openness of twitter is being stopped, told to stand against a wall with hands up and then shot in the head. Its not good and frankly, I don’t know about you but its starting to pee me off. I recently posted something to my facebook timeline about Facebook’s decision to stop automated posting under a persons account. Another frustrating thing as I was practising the POSSE method from the IndieWeb movement..

Facebook is no longer allowing automatically post to peoples profile. Meaning this timeline is going to get very quiet!
If you want to catch up with things check out www.cubicgarden.com and www.twitter.com/cubicgarden

Because of this my facebook interactions are mainly going to be checking my events including Volleyball training.

All this makes me think its time to double down on Mastodon? Of course I’m not the only one thinking this, cue Adrian and Naomia‘s mastodon 101 podcast.

The more I look at the more I think close my twitter account and just use Mastodon. Although the crossposter was helping till Twitter API changes broke that too.

It will be a shame to say goodbye but the more I see what twitter is about and see what Mastodon users are doing like listing the abuses/hate/rule breaks in different Mastodon instances into Github. I think this is the place to be and the whole setup/framework/infrastructure is what makes it all this possible. Heck with a bunch of the new W3C specs like WebmentionsFragmention and Micropub; I can see companies which enable/power their users really making amazing sustainable humane services.

Lessons from Starfish & the Spider, lets make a better internet together!

Multi-account containers for your multiple colourful identities?

Silicon Valley's lost its humanity
Mark Zuckerberg is “deluded” by his own faith in Facebook’s ability to be a force for good in the world.

I never got the chance to write about Facebook and Cambridge Analytica due to being on holiday and to be fair I wrote about them so much before.

Generally I personally think Zuckerberg’s response is just rubbish and far far too late.

Regardless, as expected GDPR was going to force their hand anyway, so they have implicated some of the changes needed to comply.

Regardless, its clear there needs to be changes we use these services if at all!

This is why I found Firefox Multi-Account Containers an interesting idea.

Firefox Multi-Account Containers lets you keep parts of your online life separated into color-coded tabs that preserve your privacy. Cookies are separated by container, allowing you to use the web with multiple identities or accounts simultaneously.

Its the reason I have 4 different browsers on my laptop and 3 on my smartphone. I don’t expect it to catch on but using the paradigm of containers could be quite good for those looking to separate things out a little. However profiles never seem to catch on, but the colour thing could make it much similar.

Beds with USB and Bluetooth

https://www.flickr.com/photos/39908901@N06/8355672587

Theres an advert on UK TV these holidays about a bed with USB ports. Of course this isn’t anything too exciting as there have been beds with Bluetooth for a while. But it got me thinking about a quote (which I can’t find now) but roughly goes…

“The aim of smartphone apps like facebook is to be the first thing you look at when waking up. Levels of success are measured by how long you spend in bed not moving just consuming.” – Power phrased….

Wish I could find the original quote because its sounded even more scary than what I could remember. Ideal ways to never deal with your smartphone addiction.

 

I joined Wire… slightly under peer pressure

Wire on Linux

I looked at Wire a while ago but stuck with Signal. Some friends think I’m insane when I say I’m not using Whatsapp, but I have many reasons.

Herb asked me why I use Signal and not Wire, then a few people at Thinking Digital put the final shot in the social cannon. So I re-looked at it again and installed it alongside Signal.

They are quite different, for example Signal is very tied to a phone number while Wire is but isn’t (well you can only register one phone number which is a shame). I can login with the email across devices and it doesn’t seem to offer its self as a sms/mms client. While Signal does offer to be a sms/mms client if you accept it. But you can’t run Signal on multiple phones as it locks to that phone number.

I originally didn’t see the 64bit Ubuntu/Debian package, so ran it through Wavebox which makes websites act like native apps. But today I saw the deb.

Generally I’m thinking of Wire as something more like Ubuntu, while Signal is more raw like Debian. I’m sure some will hate that comparison but I look forward to seeing where they both go next, both are secure, open and run across all platforms.

Whisper disappearing messages

But as they move forward with features, will they keep the same data ethics (privacy, security, data ownership, identity, permission) in mind? I really hope so..

Updated

Old friend Gabby has been talking to me on Wire and pointed me at this blog post which pretty much sums up the difference I found with Wire & Signal.

Wire vs other intant messeagersOne of the biggest differences compared to other secure messengers like WhatsApp or Signal, is that Wire does not require a phone number to sign up. Anyone can register with an email on desktop or tablet and then decide if they want to use the same account on their phone or not.

I joined mastodon microbloging service, not the rock band!

mastodonI have always been a big fan of Jabber, Laconi.ca and Status.net. All are federated services which go well beyond the centralised and even decentralised ideas. But they all were second fiddle to the centralised services like Twitter mainly down to user experience.

So I’m wondering if Mastondon will be any different? Of course theres only one way to find out, and thats to try it out.

So I am… but what is it?

Mastodon is a fast-growing Twitter-like social network that seeks to re-create the service’s best parts while eliminating its whale-sized problems. The distributed, open-source platform offers better tools for privacy and fighting harassment than Twitter does, but it also comes with a learning curve. Mastodon’s federated nature means there’s no single website to use, and learning how to wade through its timeline of tweets (which it calls toots) takes some time to adjust to.

But for anyone who misses “the old Twitter” — the days of purely chronological timelines, no ads, and an inescapable flood of harassment — Mastodon can feel like a haven

Old twitter was great I’ll be honest but its not that I long for the old days of twitter. Its just I can feel the their business model imposed from their backers/investors infringing on why I originally used twitter. There is a blog drafted which is all about how business models imposed by VC/backers/etc ruins services/products. For example Pebble, Evernote, Twitter, etc.

So I’m cubicgarden on mastodon.cloud, which should federate across to other Mastondon server instances. Feel free to say hi…

Host your own RSS aggregator?

hosting Tiny Tiny RSS

It started with me getting fed up with Feedly trying to up-sell me to their premium subscription. I mean I get it but $5/month to host a simple RSS aggregator? This seems quite a hefty price (even with all the extras it provides, which I never really use).

So I first looked for alternatives to Feedly and found quite a lot. The main thing for me was having a Sync API, so I’m not reading the same stuff across my different devices. My thought was with a standard API, it wouldn’t matter what client or platform I use (although I’m using Linux and Android mainly). Standard I thought… boy was I dreaming.

After a lot of looking and reading I said screw this, I’m self hosting my own copy of tiny tiny rss, which seems very popular with people like myself trying to do the same thing. It seemed quite straight forward and I decided it was time to give rkt or docker a try as there was a docker image for it.

In a evening I had it setup, running and working with my exported feedly OPML file, while watching a film and cooking. Its currently only available to my network but I’ll likely make it externally available (without my VPN) once I got it setup with a SSL cert and 2 factor auth. I did notice my fav RSS reader on Android did support ttrss then somewhere along the line they pulled support for it. So I’ll try out the android app created by the author of ttrss, but the comments are… well.. interesting?

Zoosk data breach? Or something else?

Sell the data?

I recently got a message from you’ve been pwned, suggesting that its likely some of my personal data has been leaked via dating site Zoosk.

In approximately 2011, an alleged breach of the dating website Zoosk began circulating. Comprised of almost 53 million records, the data contained email addresses and plain text passwords. However, during extensive verification in May 2016 no evidence could be found that the data was indeed sourced from the dating service. This breach has consequently been flagged as fabricated; it’s highly unlikely the data was sourced from Zoosk.

I had a idea what fabricated meant, but I had a little read…

What is a “fabricated” breach?

Some breaches may be flagged as “fabricated”. In these cases, it is highly unlikely that the breach contains legitimate data sourced from the alleged site but it may still be sold or traded under the auspices of legitimacy. Often these incidents are comprised of data aggregated from other locations (or may be entirely fabricated), yet still contain actual email addresses of unbeknownst to the account holder. Fabricated breaches are still included in the system because regardless of their legitimacy, they still contain personal information about individuals who want to understand their exposure on the web. Further background on unverified breaches can be found in the blog post titled Introducing “fabricated” breaches to Have I been pwned.

Sold or traded!

People laughed ages ago about the idea of selling user data but lets say dating site z had lost a lot of the market due to new players in the space. They needed to stay a float, prove to their investors they are still profitable? User data would be a useful resource for revenue… Of course this is illegal but you would cover your tracks… right! Make it look like “hackers!”

The example Tony Hunt uses is Justdate.com as a example

There’s a whole other discussion to be had about what causes a bundle of data to be fabricated and called a breach in the first place. Attempts to monetise the data by selling the alleged breach, extortion of the company involved or just simple big-noting by individuals seeking notoriety are all feasible explanations for many of the fabricated breaches I see. For now, the important thing is that if your data is circulating in one of these dumps, there’s now a way to know about it.

To be clear I’m not saying Zoosk is doing this, but someone is certainly pointing the finger.

Dark data experiments?

Untitled - man in the dark
I have a lot of curiosity and one of the things which has consistently got me curious, is the challenges of the hidden. Hidden being the trick, the data, the technique, the place or the knowledge. This is why I’m very interested in Hacker House (it was almost added to my new years resolutions for 2017 even).

Currently data is the hidden which intrugued me the moment, hence my massive interest in data ethics. There’s been 3 experiments which have really got me jumping up and down about this all… thought I’d share while I eat cheese and drink wine on Christmas day

  • Click Click Click
    A perfect and fun demonstration of mouse tracking on websites using just JavaScript. This is the data the likes of Facebook, Google, Amazon, etc use to track users dwell time and implicit actions on the website. Found via some folks on our BBC R&D internal slack.
  • I know what you downloaded (…last summer or even last Christmas)
    This site collects IPs from public torrent swarms by parsing torrent sites and listening to the DHT network. They have more than 500.000 torrents which where classified and have data on peers sharing habits. The slightly twisted feature is the ability to share a link and see what people have been sharing. I promise not to do this but highlights the problem with shortern urls and long query strings you can’t be bother to read or don’t understand how they work (knowledge). Found via Torrentfreak
  • Find my phone
    Man’s smartphone is stolen in Amsterdam, so the same man decides to root another phone and deliberately track the phone. Along with the person who stole it! The results are turned into a video which you can watch on youtube.
    Found via Schneier