Why NHS’s world-beating app was always a going to be awful but 10+ million!

Contact tracing api
Photo by Mika Baumeister on Unsplash

Even if you forget the thoughts are coming from a ex-googler who has interests elsewhere this blog is pretty damming and I  can imagine how the NHS really bought their own nonsense about it being world beating. Of course in the end they had to back pedal and use the Google & Apple decentralised contact tracing api.

But there are parts even I was shocked at…

It worked 4% of the time.

Thats not even funny, its not just unreliable but a total waste of time. Even if thats exaggerated, double would still be a bad joke at 8%

The British effort did find workarounds that most other developers could not: They used “keepalives” (messages sent by one device to another) to circumvent restrictions on having apps in the background on iOS. Notifications were sent between two Apple devices running the app to keep the connection between the devices alive and therefore having the ability to detect each other’s keys. The NHS tried to develop with a hacker’s mentality and shared its progress through its GitHub page.

There is a reason why keepalives are a bad idea, battery is one of the number one reasons why people find their smartphones deeply frustrating. Having a app keeping the system awake is just a terrible news. Although I assume as most people are staying at home, they will be closer to a charger at least

in May it was reported by the Financial Times that the British government was simultaneously exploring a solution with Apple and Google’s decentralized system as a backup, indicating that, even within the government, there were doubts that the centralized effort could work.

And this is when I heard they were testing both systems, leading to the fact they were going to drop the centralised app soon. This would be fine but…

The development of the app has taken months and cost millions of pounds from taxpayers…

…around $15 million spent…

I have no words to sum how I feel about the UK government throwing this money down the drain in the middle of a pandemic where people are losing their jobs and dying. Its not just wasteful, its incredibly disgraceful and pretty much sums up the UK government right now.

Signal what are you up to?

I love Signal and never used Whatsapp because of many reasons included in this great opinion piece. Its gotten better and better but the recent pin number is a worry. I’m not the only one.

“Notably, things we don’t have stored include anything about a user’s contacts (such as the contacts themselves, a hash of the contacts, any other derivative contact information), anything about a user’s groups (such as how many groups a user is in, which groups a user is in, the membership lists of a user’s groups), or any records of who a user has been communicating with,” Signal wrote in 2016.

That, according to critics, has now changed.

“They should have a dumb network that knows nothing because it can’t be compromised then,” The Grugq told Motherboard. “[Having contacts] is a lot. It isn’t messages, sure. But I don’t like it. I don’t want them to have anything. Make the networks dumb and the clients smart.”

I do understand why they have done it, but I don’t know where its going next. Marlnspike (head dev of Signal) replies.

Marlinspike defended the decision to enable PINs and give users a way to migrate to a new device and keep certain data, and will increase the security of users’ metadata, “new features Signal users have been asking for.”

“The purpose of PINs is to enable upcoming features like communicating without sharing your phone number. When that is released, your Signal contacts won’t be able to live in the address book on your phone anymore, since they may not have phone numbers associated with them,” Marlinspike told Motherboard. “For most users, this also increases the security of their metadata. Most people’s address book is syncing with Google or Apple, so this change will prevent Google and Apple from having access to your Signal contacts.”

Smartphone use
Photo by Gilles Lambert on Unsplash

The changes Signal has made show how there can be a tension between messenger usability and feature set and security. It’s too early to say whether you should stop using the messenger. For most users’ threat models, it’s still one of the best options. But one of the key things that set Signal apart—that it collects almost no information about its users, appears to be changing.

Convenience is the enemy of security and I would say privacy. I wouldn’t be surprised if signal gets forked.

It was always clear to me Twitter direct messages was never secure in anyway, hence why I tried to move private conversations over to another medium. If thats not email or signal what else? Recently I have been looking at a couple others…

Session which is decentralised messaging and Criptext, which is actually secure email. Both need work but have decent security.

Curve cards are temporarily suspended

The Curve Card

Bad news, with all the joy I have had using my curve card. I was slightly shocked to see this email from Curve yesterday. To be fair I thought it was a phishing email till I checked the site myself and looked at the twitter account.

YOUR CURVE CARD IS TEMPORARILY SUSPENDED – PLEASE CARRY A BACK-UP

Dear Curve Customers,

Your Curve card and all associated Curve transaction and money transfer services will be temporarily suspended with immediate effect. Please be assured, we expect to be up and running again shortly but it may take a few days. Your money and card details held at Curve are safe and secure.

This has happened because the Financial Conduct Authority* has this morning suspended its permission for Wirecard Card Solutions Limited (the company who currently issues Curve Cards) to operate, without prior notice. This action is not related to Curve – but Curve currently depends on Wirecard for operation of the Curve card.

We are already well on the way to migrating away from Wirecard but have not fully completed this process. We are now working round the clock to achieve the migration as quickly as possible and therefore expect this disruption to last for only a limited period of time.

We will continue to communicate the details of what this means for you during this interim period.

For now, please carry a backup card.

We’ll be back,
Team Curve

*Curve currently relies on Wirecard Card Solutions Limited for all its financial transactions. Until we fully migrate, we are impacted by this suspension (as are all Wirecard’s other clients to whom they provide financial transaction services).

Hopefully they can get it up and going soon, as I couldn’t remember my pin for my old card.

The Houseparty is over, time for the GDPR to kick in the front door?

houseparty gdpr request email

I requested my GDPR personal data from Houseparty/Epic games over a 2 months ago when I signed up under my spam email and slight social pressure from friends. I read the privacy policy and almost spat out my tea.

However I found I could use houseparty in a clean browser (chromium) – app.houseparty.com. as there was absolutely no way I was going to install the app on my pixel phone. After trying to play a game with friend I found the video worked but not the actual game.

As we moved on to using boardgamearena.com. I decided I wanted to delete my account and got interested to know how much data they had collected about me in my short time in houseparty.

Outcomes my GDPR request, I send it to data-requests@lifeonair.com and nothing. I resend it to support@houseparty.com and get my response. Back and forth then finally…

Houseparty Support

May 08, 2020, 20:46 +0100

Hello Ian,

Thank you for your response.

I’m glad that you’ve reached us regarding your request. We received your data request. Our team is working on pulling the data, and you will receive your data within 30 days.

Please feel free to contact us if you need any further assistance.

Regards,
Romeo Tango

As you see can see the date of May 8th was 34 days ago and yes I get Covid19 but I’m not expecting the much data back. Unless there is a ton coming my way?

Either way I’m annoyed at being messed around at the start and also them not taking it seriously. I’m still not convinced Romeo Tango is real to be honest.

ICO submission

So enough, I’ll let the ICO deal with it all.

 

Immediate Action Required! Your SpiderOak One account will be canceled?

Spideroak logo

I received an email the other day. It looked like a classic phishing attack, except there was no link to fix the problem…

Your account is in violation of our terms of service

Hello. This is ************* from SpiderOak’s support team. I’m writing to inform you that your account is in violation of our Terms of Service immediate action is needed on your part.

Because of the amount of data stored in your account or the type of data you are storing, your account is negatively affecting the accounts of other SpiderOak users. Because of this it will be necessary to close your current account.

We realize this is sudden and we want to do what we can to help you.
We have two options to offer to help you move forward:

1. A 5 TB account at the same price as your existing account. If you choose this option a member of our support team will help you set up a new account, transfer your billing information, and place the new account on a 5 TB plan at the correct price.

2. Cancellation and a full refund of your most recent payment. If you choose this option our support team will set up a refund as soon as we hear from you.

If we don’t hear from you by the end of this week we will lock your account while retaining your data for a grace period of 14 days. At the end of the grace period if we still have not heard back from you your account will be canceled.

You can contact us by replying to this email, or by writing to support@spideroak.com. Please contact us as soon as possible so we can help you move to one of the options I mentioned.

Thanks,
**************
Customer Success

The first thing I did was check my account directly and then replied with this…

Hello ************* and support

To check this isn’t a phishing attack can you tell me the name of the device and how much data is currently stored?

I’m keen to resolve this but it strikes as a phishing attack.

It felt like a phishing attack and since I have seen a bunch of new data dumps, you could hardly blame me.

But once I could verify everything I suggested removing some of my older computer backups after seeing this. This fell on deaf ears.

Unfortunately that isn’t an option. Your account has been using excessive resources, which has caused issues for a number of other users on the same server cluster as you. Because of the No Knowledge nature of our product we can’t tell you exactly what is causing the issue. I’m sorry that I don’t have more details for you.

The two options I can offer you are moving to a new 5 TB account (at your current payment price, normally it is a $320 / year plan) or cancellation and a refund. You won’t be able to keep your current account.

Spideroak account

Note in option 1,  if I pay more money I could still upload the same files to Spideroak!!! Something is fishy here. Either theres a problem with my files or not. I get the zero-knowledge issue but something doesn’t add up.

Frankly I’m pretty peed off about this all. I’m not the only one either, a few searches later I found others who have had similar emails.

Spideroak a while ago stopped their unlimited option and it feels like this the nail in the coffin by removing all the unlimited users?!

I guess its been a good but I have been thinking about switching since Spideroak is American based, the change to the warranty canary and finally something which has always bugged me – No two factor auth!

Suggestions for places to store my backup data which is also zero-knowledge or I could client side encrypt it before uploading if needed.

Motiv ring sold to the corporate world

My Motiv ring on my hand

This was a surprise…Motiv smart ring gets bought – and will stop selling to consumers

It seems the world of consumer wearables has lost Motiv – the smart ring company that’s been an underdog hit in the world of wearable technology.

The company isn’t dead – but it’s being bought by Proxy – a digital authentication start-up that sees potential in using Motiv’s technology in enterprise. As a result of the buyout, Motiv will cease selling its smart ring device through consumer channels, and there’s no word of how long devices will be supported.

Motiv started life back in 2017 as an activity tracking smart ring that put its focus on active minutes rather than simple step counting, with a heart rate sensor on board.

But its feature set widened over the years. In 2018 a second generation landed that put its focus on biometric security – and these are the features that will have interested Proxy.

Likely explains why they returned the full price of my ring a while?

I lost all trust for Zoom yesterday…

British PM on Zoom
Wonder how many people have tried to dial into that zoom id?

Yesterday I was on a zoom call which was hijacked or zoombombed with something not just horrible but totally illegal. Because of this I have pretty much lost all trust in zoom.

This is of course very difficult as its what we use at work and of course being in the middle of the covid19 lockdown, makes things tricky. Because of this, I’m going to still use it but with much more caution and I’m going to be a lot more forceful about the hosting side of it.

Its clear war-dialers for public Zoom meetings is so easy and well used by inscrutable groups of people. Zoom could make sharable links much more difficult to war dial, similar to the way Google docs uses combinations of characters and numbers to make a much longer url, a lot harder to war-dial.

The defaults of Zoom, is setup for a semi trusted corporate environment. I understand the covid-19 pandemic changed everything but there has been many updates and only now is the defaults only just safe. Their share prices have rocketed but they are only now focused on security ahead of more features?

Their idea of end to end encryption is a total dump on top of the security findings saying some calls are being routed via China.. Today they announce you can choose your routing but you need to pay for it. More governments and companies are blocking zoom because they just don’t trust it.

Likewise neither do I… but I will use it… with caution.

I have been thinking about an equivalent, and thought about two.

  1. I lost trust in Facebook a long while ago but still use it for volleyball events and the occasional post about something I feel could be important for friends, family and the public who don’t read my blog (as its posted on the internet already, I post publicly adopting the indieweb Posse approach, much to the surprise of some friends). For example I posted what happened on zoom yesterday there today.
    Facebook was hardly trustworthy to start with and over and over again they took the living daylights with our data.
  2. There was a point when Windows Vista pushed as the step/edition of Windows XP and I didn’t like what Microsoft had done to it. To be fair I didn’t trust them and saw shadows of where things were heading. So I switched to Ubuntu.I know the new Microsoft is quite different of course but the damage was done.

If you are hosting a Zoom call, please do lock it down theres a number of guides to help including this one.

Only 5 months later and face unlock is fixed

Its one of those things which I wasn’t happy about with my Pixel4. Who on earth over looked the fact you could use the face unlock without your eyes open! It doesn’t take a lot to think about the abuses including spouses with trust issues.

Finally over the last few days Google rolled out a fix which requires your eyes open if you enable it! Only 5 moths later

It was the first thing I did when I installed the update. Till that point I’ve been enabling lockdown mode when going through sensitive areas like airport security

My last pebble smart watch… again?

Broken pebble

Today my pebble 2 smartwatch broke while playing with the diabolo in the garden. The screen came straight out the frame. Not sure why but I did put it back but found the screen was dead.

As I thought my smartphone was still connected to the watch via bluetooth and was responding to the button presses and battery charge.

However without a screen I’m forced to use my very last pebble smartwatch. The Pebble time kindly donated from Ahmed, who got a Apple watch. This is why although I did say the previous pebble was my last, I luckily had this backup. However this is the last. Lets hope the hybrid smartwatches are better than Fossil’s attempt.

Broken pebble with last one

Sharing is caring with plex server

My current plex stats over 90days
The last 90 days on my plex server

I always expected an increase in my plex server usage from my friends as the UK enter the Covid-19 lockdown. Especially when I heard all the streaming services dropping back to SD  To be fair its not been as big a demand as I expected but its noticeable compared to last few months of 2019.

Most popular clients

The most popular clients seem to be Chrome & Chromecasts (not sure if Chromecasts sometimes report themselves as Chrome). Thankfully the Xbox has dropped because that client requires everything to be transcoded unlike Tizen which will happily if theres enough bandwidth send the original file and not require any transcoding.

plex concurrent users

I have however hit 3 concurrent streams again, keeping an eye out to see if I can hit 4 or even more. No idea what it would do to my AMD based Plex server? I do have the Intel Xeon based HP Z800 which I recently bought a Nvida Quadro K620 GPU hoping to get hardware accelerated streaming finally working on the HP Z800.

Thats a task for Easter maybe…

Update 13/4/2020

4 concurrent users finally

I noticed my plex server finally reached the 4 concurrent users over the last weekend.

New kid on the block Joplin for notes

Joplin clientsI have a bit of history with note taking apps, having started with Evernote back when I had a Windows Pocket PC and moving to a bunch of different apps till I finally settled on Standard Notes.

Its really good and been using the listed feature for a my gratitude diary. However I checked out Joplin recently and quite like some of the features.

Evernote import works perfectly, meaning I get my rich evernotes back complete with attachments, Actually the way it handles attachments is a lot closer to Evernote. Syncing is done in a number of different ways including Dropbox, Webdav, etc and all done with encryption meaning its using the service as a file container like how I use keepass right now.I had tried to setup a standard notes sync server in the past but didn’t really put the effort in.

Standard note uses markdown which is good and quick but I like Joplin’s hybrid of markdown and html. This pushed further with web clippers in Firefox and Chrome. Making Joplin extremely useful for capturing online resources.

I like both but will find it tricky to use both although I noticed for example Joplin is really painful to use on my ereader, while standardnotes is super smooth. They are build for different purposes but working what do with each is a bit of a dilemma right now. Currently I have my evernote backup and standardnotes in Joplin thanks to export/import. Of course theres lots of duplicate notes which I really need to go through and delete, as I already imported my evernote into standard notes previously.

/e/OS: The beauty of open source

/e/os on a phone

I was quite impressed with the /e/OS project. I hadn’t really heard of it before but as I’m considering the balanced of google service and data in my life; especially with the plans to move UK citizens data/accounts outside the EU.

Taking the AOSP Android Open Source project and removing all the google parts is quite impressive. A real testament to the power of open source.

The interview with itsfoss is a good read, starting off with the question of what and why

Why did you create this Eelo or /e/ project in the first place?

Gael: In 2017, I realized that using Android and iPhone, Google and many mobile apps was not compatible with my personal privacy.

A later study by a US University confirmed this: using an iPhone or and Android phone sends between 6 to 12 MB of personal data to Google servers, daily! And this doesn’t count mobile apps.

So I looked for reasonable alternatives to iPhone and Android phones but didn’t find any. Either I found options for hobbyists, like Ubuntu Touch, that were not compatible with existing apps and not fully unGoogled either. Or there were alternative ROMs with all the Google fat inside, and no associated basic online services that could be used without tweaking the system.

Therefore, an idea came to mind: why not fork Android, remove all the Google features, even low level, such as connectivity check, DNS…, replace default apps with more virtuous apps, add basic online services, and integrate all this into a consistent form that could be used by Mum and Dad and any people without tech or expert knowledge?

I’d be interesting in what apps run on the operating system, as Google really have embedded Play services into everything now. When I first got my recent e-reader, it came with its own app store till you enable play services. That store was super small but it doesn’t have to be that way if you look at F-droid for example.

If I still had my Nexus 5x, I would likely give /e/os a try. I could run it on my Nexus 5 I guess but the screen is maybe too broken.

I have been thinking, following my use of Firefox multiple account containers use. Maybe something of a mashup of Blackberry’s Android profiles (anyone remember this?) and Firefox containers.

This certainly feels like a design challenge which could be massively beneficial to many, and showcase the beauty of opensource

Hey google, read me this page out for me?

I won’t lie, I’m pretty impressed again with Google when it comes to text to speech and speech to text. Like Robby, my use of Google Assistant may also sky rocket.

My regular, daily use of the Google Assistant is likely to skyrocket with this new feature that was just rolled out: the ability to read any web page aloud. Whether or not this sounds awesome to you in this moment, just go with me for a second as we unpack what is going on here and why it will likely be incredibly useful for many.

At its most basic, this new feature does exactly what you expect. It allows the Google Assistant to simply read web pages aloud to you in a natural-sounding voice with a nice cadence. Pauses for commas and periods are dictated the way you’d expect and the decidedly-digital voice sounds very natural. The Assistant reads off the title, the author, and then begins to read through the entire article, highlighting each word spoken along the way.

But it gets better. Way better. When you start a reading session, the entire thing happens in a dedicated media player that gives you options to play/pause, skip ahead or back, and change the playback speed from 0.5x all the way up to 3x. On top of that, the player behaves just like any other media player in that it provides the ability to continue playing when the screen is locked and gives you a rich notification with playback controls as well. This allows you to start up the reader for a long article and go about doing something else while the Assistant reads the entire thing to you. I will 100% start using this for my daily walks or when driving to ingest news that I would otherwise put off in hopes of finding time to read later.

Even better is the fact that websites don’t need anything special in place to take part in all this. No extra code, no tags, no meta data: the Assistant can read any web page unless the web developer for that site has included the proper meta tag that disallows this. I’m sure there are fringe cases where this would be needed, but I’d assume most sites you visit will be readable by the Google Assistant out of the box.

Its very impressive, and my only issues are not being able to read text out of other apps like wallabag or tiny tiny rss. Not being able to playlist a number of pages for reading. Also using Chrome is a bit of a pain (I tried to do this in Firefox for example)

 

Is the pixel 4 worth it?

My Google Pixel 4 battery stats

I was reading through my feed and saw this review of the Pixel4 4 moths later.If I was to write a review of the Pixel 4 months later, I would have some choice words to say. Many more than what I originally wrote.
BatteryThe Pixel 4 battery is weird. For example I’m on 43% and it will last till 9:30am tomorrow morning. However a few weeks ago I looked at my phone and noticed it was on 5% and I have no understanding why?
Generally I only charge it when I’m sleeping, but its only been 4-5 months. I think it might be one of the only phones I might need to replace the battery of in 18 months.There is hope of a ultra low power mode, which if its like Doze could be a game changer.SoliI have to echo the reviewer, as its sums it up and I turned it off except when using the Face ID.

For several years, Google has been working on Project Soli: a radar-based sensor system allowing a device to sense gestures with utmost precision. Fancy videos of the system in action show how virtual dials and buttons can be controlled effortlessly by the snap or flick of a finger. No touching the phone required.

The Pixel 4 and 4 XL are the first two phones to ship with Google’s radar-based system – and it’s bad on so many levels. First of all, its use is extremely limited. With a wave over the screen you can skip songs, mute alarms, or play with your Pokemon live wallpaper. That’s it, really.

To make things worst I turned off active edge and other sensing things as its just not important for me. Weirdly enough every few times I pick up my Pixel4 it vibrates.

Is it worth it?

Well its a good phone but a lot of the features have made it down to the Pixel 2. The Cameras are great but should I have waited for the Pixel 5 or 4A? I do feel I maybe should have replaced the battery on my Pixel 2 and maybe waited…

And where the **** is my Chromebook, Google?!pixeloffer chromebook statusI’m pretty annoyed about the Pixel4 chromebook offer. It was meant to come a little later after buying the Pixel4 but its been 4-5 months!