Public Service Internet monthly newsletter (Oct 2021)

Behaviour & Reasons

We live in incredible times with such possibilities that is clear. Although its easily dismissed reading what might happen to GDPR in the UK, Russian governments attempts to block other candidates and once again Facebook.

To quote Buckminster Fuller “You never change things by fighting the existing reality. To change something, build a new model that makes the existing model obsolete.

You are seeing aspects of this with seeing Ethiopia building a social network, the password-less future is one step closer and reading the chairman of the BBC’s recent speech.


This can not be the future of social media

Ian thinks: I read this thinking this is not the future of social media, its a future I reject and look elsewhere for a more sustainable/longer term future

New types of social networks

Ian thinks: Talking about the future of social media… I don’t really care about Loot, I do care that people are trying something very different. Our notions of social network is driven by Facebook, Twitter, Instagram, etc.

Wisdom of crowds for Fact checking?

Ian thinks: Following Mozilla’s research into disinformation in Kenya, The study is a positive step for fact checking, but I do wonder how many people you would need to avoid systematic gratification?

A view of BBC R&Ds prototype personal data store

Ian thinks: Having the inside track on this prototype/project, its interesting to see whats highlighted in Wired and the comments from different angles.

The Framework Laptop

Ian thinks: Whats not to love about the framework laptop? DIY, right to repair? The CEO also has a business model behind this all too. I am considering one for my own laptop next year.

Imagine if Crypto was used for more than Capitalism?

Ian thinks: Douglas is somewhat ironically on the money but I’m not certain NFTs are the answer he thinks it is. Worth a read or listen, as the notion is important enough.

Metrics and society

Ian thinks: This video and summary blog, was suggested to me after posting about human values just recently. Its long but spot on with really smart insight.

Human rights are not a software bug to be removed

Ian thinks: I attended this live and found it very useful to explain why infrastructure is a key part in a more fair and equitable internet for all.

The frankly scary ideology of the billionaire technocrats

Ian thinks: Its a thought piece but the lack of originality and care for human kind, makes the link to this philosophy ever so easy and ever so scary.

What are Silicon Values?

Ian thinks: Intelligent conversation about the big players in Silicon Valley and discussion about their real values along side our own.


Find the archive here

Why is Slack storing passwords in plain text on Android devices?

https://mas.to/@cubicgarden/105712244073779967

I posted about Slack’s bug on mastodon. I knew this was going to be a pain the ass changing all those passwords, even with them all sitting in my password manager and most using 2fa.

However some of the users of Mastodon asked the question, why does the Slack app store the passwords on the device at all?

I thought about this and they are right. The app connects to a remote server and should request the user login. Once logged in, it should provide some kind of secure key/cookie/hash on the device not the actual password. On top of this, it certainly shouldn’t be in the form of plaintext.

Mistake, bug or not, this should not happen.

Signal’s catch 22 problem?

I have been introducing Signal to friends as a proper alternative to Whatsapp. Its mainly been ok but my friend Hannah has hit a catch 22 problem, in her own words…

Signal should be a great app. It’s secure, easy to use and even my most skeptical and tech-suspicious friend uses it. But since I forgot my pin, I’ve not been able to get onto the app, not been able to reset my account or even been able to delete my account to start again!

I did email to get some advice about this problem but what I got back (after nudging to get a response) wasn’t really helpful. Apparently, you can reset your pin once you’re in the app but since I don’t know my pin, I can’t get into the app to reset the pin I don’t know. I also need to be in the app to delete my account. So basically, in order to access the information I need, I need the information I need. And yes, I did query the logic of this advice but it was just repeated to me!

This is really frustrating because even after deleting the app and waiting 7 days as suggested, the problem remains. In fact, I’ve done this a few times, waiting longer periods and it still hasn’t worked. Signal is effectively holding my phone number hostage, not allowing me to use it to create a new account or access the numerous messages I’m informed I’m missing (through other less secure – but at least reliable – platforms).

I get that not revealing my pin to me is a security thing but to be honest, it seems daft that I can’t even reset that pin using other means. For example, Signal already texts me a confirmation number when I try to sign in – surely this is enough to know that I’m the owner of the phone? They also have my email address.

If I really can’t reset my account, I would be more than happy to delete the current account and start over again. But until there’s a way for me to do this without entering the app in the first place, I’m stuck in limbo.

I’ve sent one last email to try and sort it out… fingers crossed!

If anyone has a solid answer what Hannah can do, that would be massively helpful. Even I’m lost to what she can do now.

Public Service Internet monthly newsletter (Dec 2019)

Mr Robot: control is an illusion

We live in incredible times with such possibilities that is clear. Although its easily dismissed by looking at the next UK general election or at the endless denial about explainable algorithms.

To quote Buckminster Fuller “You never change things by fighting the existing reality. To change something, build a new model that makes the existing model obsolete.

You are seeing aspects of this happening with the 2019 turner prize cooperatively shared between different 4 artists.

Meet the real Mr Robot

Ian thinks: Listening to Elliot, you can’t help but be quietly impressed with where his curiosity takes him. Which came first Mr Robot or Elliot?

Lancaster University’s Gogglebox of the future

Ian thinks: Lancaster University’s take of the living room of the future is quite something. Really getting into the meat of the smart home data ethics conversation in a fun, accessible but critical way. Look out for their next research

A more generous world?

Ian thinks: Heard Yancey talk a few times, wasn’t convinced but he making the right noises about values. However still not convinced about Bentoism.

Mozilla explains the possibilities of facial recognition

Ian thinks: stealingurfeelin.gs is in a similar vein to do not track, Mozilla expose the effects of facial recognition which the big corps hide in their EULA’s. One reason why I’ve never willingly used snap chat ever.

Are we all to blame for the state we are in?

Ian thinks: I quite like rushkoff’s post-rationalisation, but more importantly his call for us to be adults and make things right.

Roar for the public-interest technologists to unite

Ian thinks: Technologies for the public benefit against asymmetrical power systems that lead to the weaponisation of technologies against vulnerable communities.

What obligation do social media platforms have to the greater good?

Ian thinks: If we are talking about the mainstream ones, then its got to be a big fat zero. How many state their principles and actually back it up with yearly accountability and transparent reports?

Password patterns

Ian thinks: Our passwords say so much about ourselves and its time we stopped using them when possible. Time for the alternatives.

Where the human race needs to be

Ian thinks: Umair’s thoughts about turning money back into life is spot on, as he points at the problems in the metrics we have regarded highly for so long.

Follow up from MyHeritage GDPR request

Shadow profile
I got this from MyHeritage today… after submitting my GDPR request to them to find out the history of my account.
We apologize for this breach and the fact that your email address might have been part of it. The email addresses were included in the breach along with a hashed password – not the actual password (which has been expired and can no longer be used to access the account on MyHeritage). Other than this, there has not been a violation of the data. See our official statement here and an updated statement here.

Please be advised that this incident does not affect the privacy of any sensitive information you have on your online family site, including DNA information and family trees. Only hashed versions of passwords were stolen, which means they cannot be used to log in to your private account on MyHeritage.

There has been no evidence that the stolen information was ever used by the perpetrators. Since Oct 26, 2017 (the date of the breach) and the present we have not seen any activity indicating that any MyHeritage accounts had been compromised.

The privacy and the security of your information is our highest priority and we continually assess our procedures and policies and seek the best methods to secure information. The work on adding two-factor authentication to MyHeritage is completed and you can read the full explanation about this feature here.

In addition to that, I have carried out a search within our system, and I was not able to locate an account using your email address: **********************************

If you had an account using this email address and the account was deleted, we currently do not retain any information from your registered account and therefore, I cannot provide you with any information regarding it as it no longer exists.

However, if you registered to MyHeritage using another email address, please let me know with which so I will be able to locate it. In addition to that, as an extra security measure, if you still have access to this email address would you please be so kind to send us an email using that address?

If you run into any further issues, by all means, please don’t hesitate to reply. I’m here for you.

MyHeritage Support team

Maybe I deleted my account too soon, unfortunately giving them a easy out. I should have done the GDPR request then deleted my account afterwards! I was looking forward seeing proof the account was a shadow profile

Compromised passwords and your idenity online

So I just recently downloaded the Skype 2.0 beta which supports Video chat. And deceided to go try it out, but oh no… I cant login. Whats going on I started to wonder, its not like I got the wrong username and password because I've been using Keepass for quite some time now, plus Skype saves the password if you want it to anyway. So i'm wondering what the hecks going on. 1min of searching later I find Skype Passwords Compromised?

So generally if you registered for share.skype.com then your at risk. Well thats me, after my little dabble with there developers area. Now I cant access my skype address and because I moved house and changed broadband account I cant actually retrieve my changed password. So in other words, the user cubicgarden on skype is not going to be me anytime soon. Yeah I'm pretty bitter about it all.

Something simular happened with my old cubicgarden Bloglines account a while ago and let me tell you about the frustrating emails I sent trying to prove I was the user of that account. It was insane to say the least. If Skype like Bloglines dont accept that as the registered owner of cubicgarden.com I would choose cubicgarden as a username then I'm once again stuck. There has got be a better way to do Identity online? Talking of which Dick Hardt (Sxip identity) talk at web 2.0 is interesting to say the least. I really see the need for something like sxip, as relying on your email or even a url for a id is sucky to say the least. Geez even using a hash in a FOAF file would be better than email and a url.

Can I also just say, this is another example of company's leaking your online identity. Privicy and security online, well what do you make of that improbulus?

Comments [Comments]
Trackbacks [0]