China’s high-tech tool to fight toilet paper bandits

From the New York Times: China’s High-Tech Tool to Fight Toilet Paper Bandits.

BEIJING — The toilet paper thieves of the Temple of Heaven Park were an elusive bunch.

They looked like most park visitors, practicing tai chi, dancing in the courtyards and stopping to take in the scent of ancient cypress and juniper trees. But hidden in their oversize shopping bags and backpacks was a secret: sheet upon sheet of crumpled toilet paper, plucked surreptitiously from public restrooms.

Now the authorities in Beijing are fighting back, going so far as to install high-tech toilet paper dispensers equipped with facial recognition software in several restrooms. [continue]

Warrantless access in Canada

If you’re a Canadian who is concerned about privacy and digital rights, you’ll want to read the Vice article that shows “…the government is looking to restart a warrantless access program that had been declared unconstitutional.” How annoying is that?

Here you go, from Vice: Warrantless access.

Continue reading

A new kind of DNA evidence

Suppose your cousin leaves DNA evidence at a crime scene… and then police arrive at your door, because your DNA is similar to your cousin’s, and police found your DNA in a genealogical database. Does that seem like a good thing to you, or something from dystopian fiction?

If your DNA profile is in some database, this might happen. From jstor. A new kind of DNA evidence.

It was a high-profile crime in New York City—a jogger was murdered while running in a local park, and detectives had few leads. As the months passed and the crime remained unsolved, the victim’s family began pushing for wider use of familial DNA, or searching DNA databases for partial matches to DNA evidence that might represent a family member of the killer (the technique has been successfully used). Detectives eventually identified a suspect without it, but the idea of familial DNA testing is not going away. [continue]

Secrets from smart devices find path to US legal system

From phys.org: Secrets from smart devices find path to US legal system.

An Ohio man claimed he was forced into a hasty window escape when his house caught fire last year. His pacemaker data obtained by police showed otherwise, and he was charged with arson and insurance fraud.

In Pennsylvania, authorities dismissed rape charges after data from a woman’s Fitbit contradicted her version of her whereabouts during the 2015 alleged assault.

Vast amounts of data collected from our connected devices—fitness bands, smart refrigerators, thermostats and automobiles, among others—are increasingly being used in US legal proceedings to prove or disprove claims by people involved.

In a recent case that made headlines, authorities in Arkansas sought, and eventually obtained, data from a murder suspect’s Amazon Echo speaker to obtain evidence.

The US Federal Trade Commission in February fined television maker Vizio for secretly gathering data on viewers collected from its smart TVs and selling the information to marketers.

The maker of the smartphone-connected sex toy We-Vibe meanwhile agreed in March to a court settlement of a class-action suit from buyers who claimed “highly intimate and sensitive data” was uploaded to the cloud without permission—and shown last year to be vulnerable to hackers. [continue]

How does this make you feel about the electronic devices in your life?

The surprising things algorithms can glean about you from photos

This is an article I’ll be sharing with all my friends, because it’s important for us to understand the consequences one single photo can have.

Even if you do not tag the people in an image, photo recognition systems can do so. Facebook’s DeepFace algorithm can match a face to one that has appeared in previously uploaded images, including photos taken in dramatically different lighting and from dramatically different points of view. Using identified profile photos and tagged photos and social-graph relationships, a very probable name can be attached to the face. (…)

A person pounding the pavement of a city street can be identified and tracked block-to-block by the unique characteristics of her gait. (…)

Taking a photo or video in public isn’t illegal, nor is taking one with a person’s permission. It’s also not illegal to upload the file or store it in the cloud. Applying optical character recognition, facial recognition, or a super-resolution algorithm isn’t illegal, either. There’s simply no place for us to hide anymore. [continue]

That’s from Andreas Weigend’s article, The Surprising Things Algorithms Can Glean About You From Photos, published on Slate. I think you’ll want to read the whole thing.

A note at the bottom of the Slate article says, in part, “Andreas Weigend is the author of Data for the People: How to Make Our Post-Privacy Economy Work for You.” I am grateful for this Slate article – it has super information and will be a handy thing for me to send to friends and post on a certain bulletin board. So I’ve just bought Andreas’ book, as a way to thank him.

Oh, and about laws regarding the taking of photos: we had a house guest from the Netherlands a while ago. He said it’s illegal in the Netherlands to take photos of people without their permission. Really? That’s a great idea. I wish we had a similar law here.

Are any of you saying no when others want to photograph you?

An exaltation of links!

I’ve come across dozens of interesting things to share with you lately, but I’ve also been quite short of time. So here are a whole bunch of things I think you’ll like, all at once, for your weekend reading pleasure.

I’ve thought of doing this for a while now: occasional posts full of linky goodness. But a pleasing name for such postings failed to suggest itself to me, and so I was thwarted. This morning, though, the name arrived in my brain. This is An Exaltation of Links. Because why should the larks have all the fun?

Continue reading

More on the dangers of facial recognition software

This facial recognition stuff gets more chilling at every turn. Did you see this article from the Guardian a few days ago? SXSW panel opens window into dangers of facial recognition software .

He said that his facial recognition system is now so good at recognising races, a challenge in the past, that it can be used as a genealogy tool. “It’s coming back with the percentages of race the person is,” he said, mentioning someone who came up 12% Asian despite looking Caucasian. “Oh, I have a Chinese grandmother,” she said, according to Brackeen.

Brackeen said Kairos has been pushing for regulation, and that although he believes Karios’ conduct is responsible, he could not say the same for some competitors. He mentioned FindFace, for example, the Russian company which made an app that could analyze images of people and match it to their social media accounts.

The app was supposed to be for finding friends, but members of online messaging board Dvach started using it to expose identities, harass porn actors and spam their families with the news of their discovery. [continue]

So here’s how it’s going. You’ll be out having a coffee at the neighbourhood cafe, and anybody with a camera will be able to take your photo, submit it to a facial recognition database, and find out more about who you are. What’s your name? Who’s your mamma? Where did your ancestors come from? And more.

Are you ok with that?

Genetic testing, privacy, and the law

If you have your DNA tested for genetic concerns, should the results be private? Or should you be forced to share that information with insurance companies and your employer? That issue is in the news this week. The USA moved in one direction (Guess what they decided – I know you can!) and Canada did the opposite.

Here’s what the US is doing:

And in Canada:

Over the objection of their own government, dozens of Liberal backbenchers voted Wednesday night in favour of a bill banning genetic discrimination.

In voting for what is known as Bill S-201, the backbench Liberals, along with all Conservative, NDP and Green Party MPs made it a crime for, among other things, insurance companies to demand potential customers provide a DNA test in order to get a policy. Additionally, no company will be able to deny someone a job if they fail to have their genes tested.

Protection from discrimination because of an individual’s genetic makeup will now be written into the Canadian Labour Code and the Canadian Human Rights Act. [continue]

That’s from the National Post article, Liberal backbenchers vote against Trudeau, pass law banning genetic discrimination.

Thank you, Canadian MPs.

Is Gravatar exposing your email address?

Do you use Gravatar to display a custom image next to your comments on various blogs? Or do you have a blog at wordpress.com? If so, Gravatar has your email address, and it might be easy for a hacker to figure out what that address is.

Wordfence explains the problem, and why it matters.

For example: A user may be comfortable having their full name and profile photo appear on a website about skiing. But they may not want their name or identity exposed to the public on a website specializing in a medical condition. Someone researching this individual could extract their Gravatar hash from the skiing website along with their full name. They could then Google the hash and determine that the individual suffers from a medical condition they wanted to keep private. [continue]

2016: the year Facebook became the bad guy

Are people starting to realize what a problem Facebook is? Olivia Solon gets it – this is from her article in today’s Guardian: 2016: the year Facebook became the bad guy.

As the year unfurled, Facebook had to deal with a string of controversies and blunders, not limited to: being accused of imperialism in India, censorship of historical photos, and livestreaming footage of human rights violations. Not to mention misreported advertising metrics and the increasingly desperate cloning of rival Snapchat’s core features. Things came to a head in November, when the social network was accused of influencing the US presidential election through politically polarized filter bubbles and a failure to tackle the spread of misinformation. The icing on the already unpalatable cake was Pope Francis last week declaring that fake news is a sin.

This was Facebook’s annus horribilis. [continue]

For text message privacy, get Signal

From Brian X Chen’s Tech Fix article in the New York Times: Worried About the Privacy of Your Messages? Download Signal.

By the time you finish reading this column, you would be foolish not to download the messaging app Signal onto your smartphone and computer.

The free encrypted messaging service has won the acclaim of security researchers and privacy advocates, including Edward J. Snowden. All have said that Signal goes above and beyond other chat tools in keeping electronic communications private.

And now more than ever, we may need it. That’s because [continue]

I’ve been using Signal for ages now, and recommend it to everybody.

Google Chrome is listening, without your permission

I wish Google would take the lead in respecting privacy, rather than invading privacy. But no, we have news like this. From Privacy Online: Google Chrome Listening In To Your Room Shows The Importance Of Privacy Defense In Depth.

Yesterday, news broke that Google has been stealth downloading audio listeners onto every computer that runs Chrome, and transmits audio data back to Google. Effectively, this means that Google had taken itself the right to listen to every conversation in every room that runs Chrome somewhere, without any kind of consent from the people eavesdropped on. In official statements, Google shrugged off the practice with what amounts to “we can do that”. [continue]

Sigh.

Anonymous is supporting a new privacy-focused social network that takes aim at Facebook’s shady practices

From Business Insider: Anonymous is supporting a new privacy-focused social network that takes aim at Facebook’s shady practices.

As if there weren’t enough social networks out there, here’s another new social network. But this one hopes to attract the likes of online freedom activists, and it even wrangled the attention of Anonymous.

Minds.com is a social network like most others: It lets users share links as well as their thoughts with their followers via the usual status updates.

But Minds, which officially launched both its desktop and mobile apps today, hopes to entice users given its promise of security. The program is completely open source and encrypts all private messages sent between users.

“Our stance is the users deserve the control of social media in every sense,” Minds’ founder Bill Ottman told Business Insider.

This distinguishes itself from Facebook, which has long had questionable privacy practices.

Minds also promises to use a de-mystified algorithm to boost content. [continue]

Interesting. The registration page says Anonymous accounts are fine with us. So, hmmm, I’ll read through the terms of service and see if it might be worth trying. Do any of you use it?

Conservative app puts voter identification in campaign workers’ hands

The CBC brings news on how the Conservative Party of Canada tracks people: Conservative app puts voter identification in campaign workers’ hands.

An unusually talkative Conservative staffer may have inadvertently helped CBC News glean exclusive details of a new mobile technology that will help Prime Minister Stephen Harper’s team collect and sort voter information faster than ever before.

Conservative workers are already using a new smartphone and tablet-friendly app called CIMS to Go, or “C2G”, as party members call it.

CIMS stands for Constituent Information Management System, the Conservatives’ powerful voter information database. Along with voter lists and door-knocking data, anyone who has ever donated to the party, agreed to a lawn sign or even filled out an MP comment card is captured in the system.

The new app lets party canvassers log voter information directly into CIMS as they move door-to-door, [continue]

How do you feel about polital campaign doorknockers entering details about you in a national database used by their party?

Facebook begins mass rollout of free bluetooth business “beacons”

From DailyTech: Facebook Begins Mass Rollout of Free Bluetooth Business “Beacons”.

Facebook announced this week a foray into the embedded wireless advertising market, offering up free Bluetooth beacons for business owners.

For those in New York City this may all sound somewhat familiar as Facebook has been testing the roughly hockey puck sized devices at a handful of partner sites around the city under the “Place Tips” program.

The idea inject items pertaining to the beacon-outfitted business into the News Feed on a user’s smartphone Facebook app to jump to the business’s page, encouraging likes, offering information, and to check out tips from your friends about the business you’re visiting. The beacons will offer:

  • Prompts to like the business’s Page
  • Check in reminders
  • Recommendations from your friends
  • Posts from the business’s Page (…)

In an attempt to assuage users concerns over this new so-called “proximity-based advertising” feature, [continue]

Just when I think Facebook can’t possibly get any worse, they do.

Tutanota for private and encrypted email

Should any snoopy individual or entity be able to read your email, or would you rather have private email? I’m opting for the private approach, myself.

If you’d like to have private and encrypted email, you might want to check out Tutanota. It’s hosted in Germany, where privacy legislation is pretty decent. It’s encrypted, open source, and pretty cool. Get an account for free and try it out!

I’ve been using Tutanota for a while now. It’s not perfect, but it is pretty fine, and is improving all the time. I like it. I’m particularly pleased that it is dead easy to use, even for those those of your friends who aren’t so good at the whole internet thing.

Apple’s Tim Cook on privacy

Apple has risen substantially in my estimation lately. Look at these articles from the Guardian:

And now this, from the Verge: Tim Cook: Silicon Valley’s most successful companies are selling you out.

Hurrah, Tim.

(I still use Linux, though.)

Encryption key to free speech, says UN report

From the BBC: Encryption key to free speech, says UN report.

Encryption software that makes it hard to spy on what people do and say online is “essential” for free speech, says a United Nations report.

Without anonymising tools, many people will find it far harder to express opinions without censure, it says.

Any attempt to weaken encryption software will only curb this ability, it warns.

The report comes as many governments seek to put “backdoors” in encryption software to aid law enforcement.

“Encryption and anonymity, separately or together, create a zone of privacy to protect opinion and belief,” says the report written by David Kaye, a special rapporteur in the UN’s office of the high commissioner for human rights. [continue]

This is awesome.

NSA planned to hijack Google app store to hack smartphones

Will the NSA ever stop trying to invade our privacy? Probably not. This is from The Inercept: NSA Planned to Hijack Google App Store to Hack Smartphones.

The National Security Agency and its closest allies planned to hijack data links to Google and Samsung app stores to infect smartphones with spyware, a top-secret document reveals.

The surveillance project was launched by a joint electronic eavesdropping unit called the Network Tradecraft Advancement Team, which includes spies from each of the countries in the “Five Eyes” alliance — the United States, Canada, the United Kingdom, New Zealand and Australia.

The top-secret document, obtained from NSA whistleblower Edward Snowden, was published Wednesday by CBC News in collaboration with The Intercept. The document outlines a series of tactics that the NSA and its counterparts in the Five Eyes were working on during workshops held in Australia and Canada between November 2011 and February 2012. [continue]

This is why I’d like an open-source alternative to the app store. An open-source app source that is vetted by security professionals, and whose code can be in spected by anyone… well, that is probably our best protection against crap like this.

Signal, an encrypted messaging app for iPhone

From The Intercept: You Should Really Consider Installing Signal, an Encrypted Messaging App for iPhone.

App maker Open Whisper Systems took an important step in this direction today with the release of a major new version of its Signal encrypted calling app for iPhones and iPads. The new version, Signal 2.0, folds in support for encrypted text messages using a protocol called TextSecure, meaning users can communicate using voice and text while remaining confident nothing can be intercepted in transit over the internet.

That may not sound like a particularly big deal, given that other encrypted communication apps are available for iOS, but Signal 2.0 offers something tremendously useful: peace of mind.

Unlike other text messaging products, Signal’s code is open source, meaning it can be inspected by experts, and the app also supports forward secrecy, so if an attacker steals your encryption key, they cannot go back and decrypt messages they may have collected in the past. [continue]

By the way: if you happen to be an Android user, check out the Wickr program.