Public Service Internet monthly newsletter (July 2022)

Re:publica 22, is this the real life

We live in incredible times with such possibilities that is clear. Although its easily dismissed reading about how Conti ransomware has issued in a new era and as always the sorry state of social in the Scientific America and the FT.

To quote Buckminster Fuller “You never change things by fighting the existing reality. To change something, build a new model that makes the existing model obsolete.

You are seeing aspects of this with Mozilla rolling out total cookie protection worldwide, EU making USB-C the standard for mobile and the recent gains in Quantum technology.


The silence is deafening on Roe vs Wade

Ian thinks: America’s decision on Roe vs Wade is deeply shocking but can you hear the silence from the tech companies who are on the very sharp end of this all. Very few public announcements, even today.

Those scams are always there

Ian thinks: The new griftonomics podcast is something wotth subscribing to. In this episode there is a genuine discussion about how laws must catch up with the new range of cyrpto based ponzi schemes.

Re:publica is always worth the wait

Ian thinks: Re:publica is one of those conference full of thoughtful conversations. Its mainly in German but most have been translated into English and captured in a playlist.

The real issue is open vs closed

Ian thinks: The consistent bashing of RSS in podcasting has recently gotten pretty bad. Dave cuts right to the heart of debate and outlines the advantages of ownership.

Ending a monopoly is almost always a good thing

Ian thinks: I’m always interested in how the mainstream picks up subjects like tech monopolies. Jon Oliver would have made Cory Doctorow pround with well thought out arguments, many we could use.

W3C’s Ethical web principles

Ian thinks: I was not aware of this till someone pointed it out during a meeting. Really positive to see it develop and who is on board with these core principles.

Google is never far from controversy when it comes to AI

Ian thinks: What is it with Google and AI? LaMDA is a curious tale but there is a much deeper problem of AI Bias which hasn’t been picked up by the other outlets in connection with the story.

Enough of the Web 3, its all about Web 5 now

Ian thinks Jack Dorsey’s raves about Web 5 is quite something. Although easily ignored as bluster, there is tiny bit of sustenance which shines some light on other community efforts. Just ignore the crypto stuff and focus on the decentralisation.

All about DIDs

Ian thinks: Talking about Web5 and other community efforts, Decentralized identifiers or DIDs is something the W3C have been working on for years. Explaining them is difficult but this does a good job trying to covering most questions.

The W3C become a public interest non-profit?

Ian thinks: Its a mouthful and I did wonder whats broken? But then reading through the future changes from a speed and adaptability point of view. It all started to make a lot more sense.


Find the archive here

The BBC R&D human values podcast series

Human Values Framework

Its rare when everything comes together like this but I have another thing I wanted to share.

Myself and Lianne Kerlin in mid summer interviewed a number of well respected people about the human values framework. Its something I blogged about previously.

BBC Research & Development is examining how core human values relate to digital media use, in order to enhance service design and improve impact measurement. Empirical research has identified fourteen core values, all underpinned by human needs and psychological drivers. These are the basis of the Human Values Framework, a new approach to the design of online services.

In this series of podcasts Lead Researcher Lianne Kerlin is joined by Senior Firestarter Ian Forrester to discuss the Human Values Framework from different contexts. They are joined by experts in design, social impact of technology and other disciplines.

Originally it was meant to be done live for Re:publica 2020 but the material we got was so good and of course covid19 ruled out republica, we decided to  turn them into 5 separate edited podcasts.

Number one is about the human values framework, with Alexandra Deschamps-Sonsino, Solana Larson, Katja Bego, Paulien Dresscher, David Jay and Brian Suda

#cccccc; line-break: anywhere; word-break: normal; overflow: hidden; white-space: nowrap; text-overflow: ellipsis; font-family: Interstate,Lucida Grande,Lucida Sans Unicode,Lucida Sans,Garuda,Verdana,Tahoma,sans-serif; font-weight: 100;">#cccccc; text-decoration: none;" title="2LO rebooted" href="https://soundcloud.com/2lorebooted" target="_blank" rel="noopener noreferrer">2LO rebooted · #cccccc; text-decoration: none;" title="The Human Values Framework: Episode 1" href="https://soundcloud.com/2lorebooted/the-human-values-framework-episode-1" target="_blank" rel="noopener noreferrer">The Human Values Framework: Episode 1

 

Number two: Is about applying the human values framework, with Alexandra Deschamps-Sonsino,  Katja Bego, Paulien Dresscher and Solana Larson

#cccccc; line-break: anywhere; word-break: normal; overflow: hidden; white-space: nowrap; text-overflow: ellipsis; font-family: Interstate,Lucida Grande,Lucida Sans Unicode,Lucida Sans,Garuda,Verdana,Tahoma,sans-serif; font-weight: 100;">#cccccc; text-decoration: none;" title="2LO rebooted" href="https://soundcloud.com/2lorebooted" target="_blank" rel="noopener noreferrer">2LO rebooted · #cccccc; text-decoration: none;" title="Human Values Framework: Episode 2" href="https://soundcloud.com/2lorebooted/human-values-framework-episode-2" target="_blank" rel="noopener noreferrer">Human Values Framework: Episode 2

Keep an eye on the human values podcast playlist on 2LO’s soundcloud account for parts 3, 4 and 5. RSS feed is here if you are old skool like me. But in the meanwhile I’d like to thank my co-host Lianne Kerlin. Our guidance and podcast expert Bill Thompson and of course our gracious experts who without them it wouldn’t be the series its turned out to be… Massive thanks to…

All wonderful people, so what are you wanting for? Get listening and the news announcements don’t stop there…

Looking back at Republica 2019 and IndieWebCampBerlin

A personal view from republicamp

It was a while ago now since I was in Berlin for both IndieWebCampBerlin and Republica19. As I needed to report back to BBC R&D, I created a slide deck which I finally gave today at work. It would have been earlier in the month if I wasn’t sick when it was arranged.

I posted a modified version of the slide deck on slideshare, but its pretty much there. Of course like most of my presentations, its better with me delivering it but you can get a sense of what I found interesting and why.

The slides are divided into 2 parts. Indiewebcamp is slides 4-23 and Republica is slides 24-73.

Enjoy!

Google Titan key security problem?

I was sure I tooted/tweet a thank you to the Google team in Berlin’s Re:publica conference. But it looks like it never quite happened due to connectivity issues with the wifi at certain points of the day.

So first of all I want to say thanks for giving me a titan security key for spending time listening to what changes Google had made to their security as announced in Google IO 2019.

I was surprised to see Google there with all the ill feeling about the 5 stacks, their monopoly and business practice.

But before I could get home try the key/system, I saw a bunch of problems with the key.

Google Titan Bluetooth Security Key Can Be Used to Hack Paired Devices

Titan-ic disaster: Bluetooth blunder sinks Google’s 2FA keys, free replacements offered

Obviously I was a little concerned, although I had not added the titan key to my google 2 factor auth yet.

After a bunch of reading, it seems its not completely flawed. The Google security blog confirms my research.

The problem is with the Bluetooth fob which to be honest is super convenient wasn’t the most secure idea in the world. The bluetooth stack is limited in its range but because of that, its not got as much security as most things on the net.

Due to a misconfiguration in the Titan Security Keys’ Bluetooth pairing protocols, it is possible for an attacker who is physically close to you at the moment you use your security key — within approximately 30 feet — to (a) communicate with your security key, or (b) communicate with the device to which your key is paired. In order for the misconfiguration to be exploited, an attacker would have to align a series of events in close coordination:

When you’re trying to sign into an account on your device, you are normally asked to press the button on your BLE security key to activate it. An attacker in close physical proximity at that moment in time can potentially connect their own device to your affected security key before your own device connects. In this set of circumstances, the attacker could sign into your account using their own device if the attacker somehow already obtained your username and password and could time these events exactly.

Before you can use your security key, it must be paired to your device. Once paired, an attacker in close physical proximity to you could use their device to masquerade as your affected security key and connect to your device at the moment you are asked to press the button on your key. After that, they could attempt to change their device to appear as a Bluetooth keyboard or mouse and potentially take actions on your device.

This all being a big mistake, Google has offered a replacement key. However because my key hasn’t been added to my account yet, I get a message saying no action is required but a email to override this. However after double checking my key is a type T3 meaning it wasn’t effected.

Good work Google…