Private company can now hack into Apple iPhones. Who wants to buy an #iPhone now?

The dispute between Apple and the FBI has come to a conclusion. The FBI wanted to break into the San Bernadino gunman’s phone, but couldn’t because of Apple’s protection system. The FBI demanded that Apple break it open, or create a “backdoor”. Numerous privacy advocates immediately saw just how horrible the FBI request was and launched into an international campaign to stop to stop the FBI (EFF, Fight for the Future, Freedom of the Press, HuffingtonPost, SaveSecurity). The problems were that if one person could break into an iPhone, then every single iPhone can also be hacked. Since every single iPhone shares the same security features, all iPhones are now vulnerable. The BBC news has announced that the FBI got a private Isreali company to find a way to break into iPhones (BBC, Fight for the Future).

iPhone. CC Toshiyuki Imai, 2014. From https://flic.kr/p/pUpfPM

iPhone. CC Toshiyuki Imai, 2014. From https://flic.kr/p/pUpfPM

The FBI claimed that only they will have access to this technology and method of getting into iPhones, so we should trust them. This is still wrong-headed thinking. It is still true that now all iPhones are vulnerable, and now there are threats to our security (EFF, NYTimes, Vice). Now repressive governments know two things: It is ok to intrude on people’s privacy, and that iPhones can be broken into. Criminals now know two things: iPhones can be broken into, and it took a security company a week or so to do it. Security companies know two things, iPhones can be broken into, and governments (and criminals) are willing to pay.

Secure Cloud Computing. CC FutUndBeidl, 2012. From https://flic.kr/p/cvNwF3

Secure Cloud Computing. CC FutUndBeidl, 2012. From https://flic.kr/p/cvNwF3

Being able to break into an iPhone has major repercussions. Firstly, the FBI, other government organisations, rogue individuals with authorised access behaving improperly, and criminals, can access everything. That means, your emails, photos, iCloud, your contacts list, your calendar, your social media accounts (Twitter, FaceBook, Google+, etc), all of your apps, and more. If they can access your email, they can change your email access and social media passwords, locking you out. Your whole digital life can be either hijacked or deleted. The flip side is, it’s also now possible for police to plant evidence on your digital life. Police do act illegally, which is why there are internal affairs units set up to catch police acting badly. Also, repressive governments can act against human rights (BBC), including targeting and jailing people who oppose an unpopular government action. Criticism of the Abe administration has already had a few Japanese journalists fired.

Apples for Steve. CC  Mark Kriegsman, 2011. From https://flic.kr/p/atzyvh.

Apples for Steve. CC Mark Kriegsman, 2011. From https://flic.kr/p/atzyvh.

May be not today or tomorrow, unless Apple upgrades their iPhone security immediately there will be two major problems. Firstly, the prospects of sales of the new, yet to be released, iPhone SE is now in jeopardy. The phone itself seems amazing, and I really needed to upgrade, and this was probably it. However now, I’ve been creeped out by the FBI’s actions, and so I won’t be buying one. How much loss of revenue will Apple suffer in the short term now? Secondly, who will want to buy an iPhone or iMac in the future now that trust in Apple and the American government isn’t just tarnished, but destroyed?

28th Jan is Data Privacy Day

I didn’t know there was such a thing called “Data Privacy Day” until I got an email from the CEO from Tresorit, sent to all his service’s users. What is interesting is that privacy’s such an important concept that ensures freedom of speech and democracy, but Data Privacy Day has never been talked about in the media, at least, I’ve never seen it in the media, and so today was the first time I’ve heard of it.

Why is data protection and privacy important? It protects journalists who wish to report on corrupt politicians, or wish to inform the public of the illicit deals politicians make. It protects journalists and allows them to inform us of significant events that affect the quality of our democracy. And it’s not just journalists who need protection, it’s us too.

HackNY Spring 2013 Student Hackathon. CC Matylda Czarnecka 2013. https://flic.kr/p/edufZT

HackNY Spring 2013 Student Hackathon. CC Matylda Czarnecka 2013. https://flic.kr/p/edufZT

George Bush junior used the phrase that if you’ve done nothing wrong, then you’ve got nothing to hide. An American friend of mine echoes this saying, “I’ve got nothing to hide, so if it helps to catch terrorists, then great”. However, not one single terrorist has ever been caught from a dragnet mass surveillance programme. Not one single terrorist plot, we know of, has ever been prevented. We see that terrorist groups are still able to recruit members openly on the internet and spread their propaganda. We see journalists and their sources arrested. Instead of an erosion of our enemies, we see an erosion of our freedoms and democracies (see The Guardian, The Hill, Wired). So, safe, secure access to information and communication is important.

It’s not just an issue with a belligerent government; criminal groups do exploit unsecured communications. Consider your Amazon account, your bank’s online access, your eBay account, too. I’d like to bet you use an email service like Gmail, Hotmail, Yahoo and the like, or even the Apple iCloud system. All of which have been hacked, and passwords obtained and identities stolen (BBC, The Guardian). Thus allowing the criminals to spend your money, or just steal information that may be damaging to your reputation. Consequently, a secure internet is important.

Credit Card Theft, CC Don Hankins 2007, https://flic.kr/p/3qTLZW

Credit Card Theft, CC Don Hankins 2007, https://flic.kr/p/3qTLZW

How can the internet be secured? http://fried.com/privacy/ has a long list of over 150 tools you can use to secure your interaction with the internet and keep you safe. In short, you really must have at least these:

  • Encrypted email (like ProtonMail), especially to protect your SNS passwords
  • Encrypted cloud storage (like Tresorit, TeamDrive)
  • Encrypted messaging service (like Threema or CryptoCat)
  • Avoid Facebook
  • Use Firefox with Blur and HTTPS Everywhere (I think not all of these are compatible with each other).
  • A Virtual Private Network (VPN)
  • Avoid using your real name on most social networks like Twitter, Tumblr, Instagram, and others.

Why avoid FaceBook? I’ve written before that it’s just the most creepy organisation there is. The CEO of Tresorit reminds us of this with this simple quote (https://tresorit.com/data-privacy-day):

Facebook conducted a massive psychological experiment on 689,003 users, manipulating their news feeds to assess the effects on their emotions. – Forbes, 2014

I hope you don’t want to be controlled in the future. They also see your data to companies, which results in targeted advertising.

Browsing the internet is not private, but as public as window shopping

We used to believe that surfing the internet, in the privacy of our own homes, was private. Nowadays, browsing the internet is a public act. Research by Tim Libert has found that 9 out of 10 websites either leak or share your data (TNW UK, Libert, 20015). In addition, 1 in 5 websites are possibly hackable by spy agencies. In effect, it’s like having the police and spy agencies watching what you do all day long. This includes watching what books you look at (on sites like Amazon), and what books you actually buy; what your credit card is used for (what products you buy, and subscriptions); and websites you’ve spent money on. In addition, spy agencies want to have “backdoor access” to apps and websites (TNW). This is a huge problem, because it then is a huge security risk, which, as TNW reports, has already been exploited by criminal groups.

Webcam shot. CC paul.klintworth, 2008. https://flic.kr/p/4TpERP

Webcam shot. CC paul.klintworth, 2008. https://flic.kr/p/4TpERP

Information, like your web browsing habits and purchase history, allows you to be profiled. This information could be used by advertising agencies to push interesting products onto you. Police agencies will be able to do psychological profiling of you, and make certain assumptions about you. These assumptions can include your political tendencies, which can be used by politicians for their own advantage.

References

Libert, T. (2015) Exposing the Hidden Web: An Analysis of Third-Party HTTP Requests on One Million Websites. International Journal of Communication, 9, 3544 – 3561. http://ijoc.org/index.php/ijoc/article/view/3646.

Privacy tools on the internet: what and why

It’s not often I get direct emails, and much less often form me to blog about it either. Fried.com has sent me an email with a rather comprehensive article on Privacy (on the internet). I have to admit, the article looks good, comprehensive, easy to read, and well worth a look: http://fried.com/privacy/. They list over 150 tools, services, and methods of maintaining your privacy.

Person on Apple Laptop. CC 2014, https://www.pexels.com/photo/person-apple-laptop-notebook-1171/

Person on Apple Laptop. CC 2014, https://www.pexels.com/photo/person-apple-laptop-notebook-1171/

However, nobody ever asks, “Why is privacy on the internet important?” It’s simple, you have locks on the door of your house to keep people out, and you don’t distribute the key to your house to corporations, advertising companies, or to the police. Currently, if the police come, they have to knock on the door first. If the police wants to come into your house, they have to ask, or get special permission to enter from a court. Currently, without privacy tools, anyone, theives and police, can look at your internet traffic, see your emails, your online shopping history, your online bank accounts, see your web browsing history, and even see your chats. They can even watch you talk to a friend on Skype. They can hear, see, and read all your comments, complaints, and opinions against companies, governments, politicians, and more. Without adequate privacy, you’re at risk of being victim of identity theft, as well as facing accusations or arrest for having views that are not in-line with corporations’ or government’s views. Has any of this happened before? Yes. See these searches, “Government hacked email“, “Internet identity theft“, “Spy on journalists“, among many other cases. Finally, for your information, I mainly use Duckduckgo.com for private web searches these days.

So please, in the same way that you have locks on the doors of your house and restrict who has the keys; you need to do the same with your computer and internet habits. It is not actually difficult, and a lot cheaper and easier than having discovered that someone has pilfered your bank account because you didn’t hide your IP address and didn’t encrypt your connection.

Digital Citizenship: the 9P’s students need to know, from @Edutopia

I’ve been concerned about the future repercussions students may have from studying with us (Blyth, 2011; and Blyth, 2015; at publications). Then Edutopia.org publishes this lovely, succinct, info graphic that is easily accessible by students and teachers. Now, there’s no excuse for low-internet literacy. Also, a special thanks to Edutopia for letting me repost their info graphic (post), from their original Twitter post, and their blog post with lots more information. Maybe it’s time I get a graphic artist to turn my key concepts into an info graphic, too.

Digital citizenship from Edutopia.Org. http://www.edutopia.org/blog/digital-citizenship-need-to-know-vicki-davis?utm_source=twitter&utm_medium=socialflow

Digital citizenship from Edutopia.Org. http://www.edutopia.org/blog/digital-citizenship-need-to-know-vicki-davis?utm_source=twitter&utm_medium=socialflow

Dear @Microsoft, I DON’T want Windows 10, and here’s why

I’ve seen this often enough, but typically once, maybe twice a week. However, this is the third time today I’ve had this pop-up message today. The answer is NO, NO, and NO! Windows 10 is a huge problem for a lot of people.

Microsoft keeps pushing Windows 10 onto consumers.

Microsoft keeps pushing Windows 10 onto consumers.

Firstly is the privacy issue. Windows 10 apparently uploads all your personal data, including passwords, to the Microsoft servers in the US (The Guardian). The issue here is the sovereignty of data. I’m not in the US, I’m not American, I do nothing wrong and no threat to humanity, but yet the NSA collects all my data, and will undoubtedly collect all my computer usage details, including passwords.

Secondly, it’s just too creepy. Not only does MS want to make a mirror copy of my PC onto their servers, and the NSA will be able to look into it. The creepy pop-ups like this is unnerving. I got this Windows 8 tablet before Windows 10 was even announced. Now my W8 is telling me W10 is a thing. This can only happen if MS has been loading onto my current computer their advertising, and they have. Each day, the advertising / prompts are slightly different. Last week they were saying that 100 million computers are now infected with W10. To me MS has entered a slippery slope of advertising. I’m sure soon Operating Systems will start to have advertising on them, much in the same way as you see advertising on your favourite website like Dilbert. I guess it won’t be long until you see unwanted advertising pop-ups interrupting your concentration and your work. Currently, my computer is an advertising free-refuge… well, my Linux Ubuntu is. W8 currently has started to advertise W10, so this ad-free experience is now ruined.

So Microsoft, please stop pushing W10 onto me. The constant interruptions will just make me hate it more, and frankly, it makes you look desperate.

Future of privacy and safety on the internet

It is widely understood by about 90% of the population that the future of our societies will be internet based. Companies are talking of an “Internet of Things”, which means a lot of our devices will be connected to the internet, and thus allowing us to control them remotely. Imagine being able to run a hot bath whilst you’re on your way home from work, and being able to turn on a heater to warm your place before your arrival in the depths of winter. Already, people have pet cams, that allow them to monitor their pets, whilst they’re at work.

However, there is an atavistic, Luddite reaction to the internet. They, politicians and company managers, clearly do not understand what they are proposing, and the consequences. For instance, currently in the UK some politicians are proposing to ban encryption (Wikipedia). Such a ban would make all of your communications vulnerable to access by anyone. All your phone and computer access to people, to websites, information, and even your contacts, photos, videos, and documents. It’s like banning locks and walls on houses, allowing only windows and open spaces.

Already now, internet literacy is important, but sadly, it seems many Japanese adults are clueless about this (Murray and Blyth, 2011). Here are two websites that talk about privacy on the internet, and how to protect yourself from online bullies, online gangsters, and intrusive governments: New Matilda, and Edutopia. In short, they say these things, among others (see the original sources for details).

CC Renee Aquirre, 2013, https://flic.kr/p/gwF5CH

CC Renee Aquirre, 2013, https://flic.kr/p/gwF5CH

Passwords: Have a unique password, and a unique one for each website. The password can be broken by a computer trying multiple combinations often starting with easy (dictionary words) to more difficult keyboard combinations, so a ‘strong’ password is a must. For example, choose your favourite movie quote, use only the first letters of it, and your lucky number (not your date of birth, or house number), and the first letter of the website you use, like Twitter. For instance, “Frankly, my dear. I don’t give a damn” from Gone with the Wind (1939), would be: FMDIDGAD8T. So, you could use this for most of your websites, and it will be a little unique to each website. However, this is not a foolproof method. So invent your own system.

Internet browsing: Use something like Firefox. It is far safer than Windows Internet Explorer, and you should set it to never remember your passwords, and to clear your browsing history automatically after closing it. It’s also faster, and lets you install security features like HTTPS Everywhere (EFF). Also use Blur to block tracking. There are companies and other groups that want to know what websites you are looking at, and the information you send and receive. If you’re really worried, use TOR for slow, but safe internet browsing (Wikipedia).

Personal information: Only share it face to face, never over the internet. Where possible, don’t use your real name, but a pseudonym. Facebook might seem alluring, but don’t over-share things. There are parents out there who already prohibit people from sharing photos, and even the names of their children on Facebook and other SNS (Blyth, 2015). Only store your credit card information on the most reputable websites (like Amazon), but still expect that Amazon will one day lose control of this information.

Photographs: Say no to selfies. Don’t post them on websites willy-nilly, simply because current face recognition software exists, is good, and is used by Facebook and Google+ (Blyth, 2015). I avoid sharing my photo anywhere, unless I really must. Otherwise, I use degraded versions, or avatar-like photos. All your photographs should be listed as “Copyright”, so people cannot use them as they like. If you take photos of friends, classmates, or family, and really want them to be Creative Commons, ask permission first; and if you’re asked, look at the photo and choose wisely.

Webcam shot. CC paul.klintworth, 2008. https://flic.kr/p/4TpERP

Webcam shot. CC paul.klintworth, 2008. https://flic.kr/p/4TpERP

Hardware: Disconnect things you don’t need like your webcam and microphone when you don’t need them. There is software that can remotely easily turn on your webcam  and record what you are doing in your bedroom (Google Search).

Online chats: Don’t use Skype, as it can be easily hacked into. Anything you say over the mic, or show over the webcamera, can be viewed and recorded by a third (unknown) person. So use Signal, or CryptoCat. Also consider using Virtual Private Networks (VPN; Wikipedia).

Free apps are not free: It’s true. If you are using a free app on your phone or tablet, then the app maker is making money from you (The Guardian). How? They gather information from you, like your contacts list, browsing history, the products you click on on Amazon, and so on. They then sell this information to advertisers. Ever wondered why you suddenly started to get spam for home insurance, not long after you Googled “Home Insurance”? Or how about memory pills after you messaged something about “exams” to a friend. You are being spied on by companies who want to sell you things. Only use apps you pay for, and only from reputable makers.

Get Educated: The Australian minister for parliament, Scott Ludlum, says that we should “get educated” regarding how to safeguard ourselves. The technology is always changing, and so we need to keep upto date. For more information, take a look at Fried.com/Privacy/, Privacy Tools, and EFF Twitter feed.

Facebook becomes even more creepy with their camera identifying tech

I have complained about Facebook before being both creepy and unreliable from a privacy perspective (Blyth, 2011; and 2015). Facebook does not allow duplicate, alias accounts, or pseudonyms. This is a problem for people in minority groups that can be subjected to violence, and to journalists and political opposition members. The company has already endangered minority groups by outing political journalists in Syria and Vietnam, and outing gay and transgender people in the United States.

The company now plans to use software technology to uniquely identify your camera using certain physical characteristics that are displayed in your photos (PetaPixel). This is problematic for people who wish to maintain two seperate lives: a professional and a personal life; or personal life and an alternative life. Facebook seems to be aiming at “fraudulent accounts”. However, the term fraudulent seems to be not yet defined. Does that mean that a lesbian woman who has an ordinary account, and her second one for her lesbian side of life is illegitimate and therefore ‘fraudulent’? Or can it mean that Facebook can link a political journalist’s account to his personal account and identify his or her name. If the journalist has photographed opposition activists, Facebook can then link those people to the journalist. Thus allowing police warrants to be issued and real people to be persecuted.

Me and my 542 bestest friends (on Facebook). CC Terry Chay, 2007, https://flic.kr/p/3EUfgw

Me and my 542 bestest friends (on Facebook). CC Terry Chay, 2007, https://flic.kr/p/3EUfgw

Microsoft defends our privacy and its future

Recently, Microsoft released Windows 10, which aims to upload and store everything on your computer to its servers in some remote location (this blog). I thought that location was in the US, but I just learnt they also have data centres in Ireland, under EU legal jurisdiction. The EU has strict privacy laws regarding privacy rights.

A story on the BBC reveals that the US government is demanding access to emails on MS’s Irish data servers (BBC).  What is surprising is that Microsoft is battling against this. They say, “If the US government is permitted to serve warrants on tech companies in the United States and obtain people’s emails in any country, it will open the floodgate for other countries to serve warrants on tech companies for the private communications of American citizens that are stored in the United States in a data centre owned by a foreign company,” says MS’s lawyer Brad Smith according to the BBC. Another motivation for wanting to protect their customer’s privacies might also be to do with market share. MS has lost a lot of ground, and their products are no longer the default or go to device for consumers. Many of the younger generations are growing up with smartphones in their hands instead of a Windows OS in front of them, at least in Japan (Murray and Blyth, 2011). They need to maintain some market share, and losing such a case would turn even more people away from their OS, tablets, and any MS smartphone they might try to make in the future. MS tablets are really really good.

A Microsoft Surface 2 tablet, in front of an Apple. CC Kārlis Dambrāns  https://flic.kr/p/kEAMZk

A Microsoft Surface 2 tablet, in front of an Apple. CC Kārlis Dambrāns
https://flic.kr/p/kEAMZk

In my personal opinion, the MS Surface is much, much better than the Apple iPad. The iPad has a stripped down OS that is more oriented for entertainment. Whereas the MS Surface tablet has a full Windows operating system on it (Wikipedia), so you can run specialised desktop programs like SPSS, Nvivo, Office (including Word and PowerPoint), the full Adobe Photoshop, and more. The MS Surface sales have been quite lacklustre (Wikipedia/Surface#Sales), perhaps it was exactly the right product, but released whilst everyone is still hypnotised by another. Regardless of which is better, the fact is, MS is now in a weaker position, and public trust in them is low.

Since it was revealed that the US government are creepily collecting all our emails, and data from FaceBook and other services, it is using its technological hegemonic position, which could damage US companies reputations. Trust in not just MS is waning, but all US tech companies (NY Times, Time). MS needs to win this fight for the credibility of Silicon Valley. A loss would open the way for rival and neutral country-based tech companies to gain trust and an upper hand. I know I’d rather my emails be stored in a German or Swiss data centre.

Don’t update to Windows 10

Normally , I would not give any strong opinions on anything. However, this does raise a whole lot of concerns and worries. I’ve seen reports of privacy violations with Windows 10 (Computer World, Slate, TechRadar, Tech Republic). I am a pragmatic person, and not easily shaken or swayed by things.

Photo: CC Raymond Shobe, 2015, https://flic.kr/p/wHCzQP. Windows 10 upgrade.

Photo: CC Raymond Shobe, 2015, https://flic.kr/p/wHCzQP. Windows 10 upgrade.

For an example. If I do a research project with students, I have to ask for their permission to collect data and information about them. If they say ‘no’, I simply cannot collect data or information. It’s the law in Australia, the US, the UK, and international laws of human rights. If someone first agreed, and then later withdrew from the project, I must stop collecting data from that person. If that person also says they don’t want me to retain any data, and that it must be destroyed or deleted, I simply must. It’s the law.

However, Microsoft’s new Windows 10 violates this principle of permission, and right to withdraw, and the ability to demand that data about me is or is not collected, or that data about me is destroyed. Ars Technica reports that despite all the privacy settings being switched on, the new OS still phones home, some times with identifiable information (The Guardian, 13th Aug 2015).

It was already reported about the creepy advertisements on the OS, where people playing Solitaire receive personalised advertisements (The Guardian, 31st Jul 2015). Also, how much personal data is uploaded to MS, including wifi passwords (The Guardian, 31st Jul 2015). This has got to be bad for a lot of people. With thanks to Edward Snowden and Julian Assange, we know about the mass collection of people’s personal information by the US government. This mass collection is done regardless of my rights, permissions, law, of innocence or guilt. I’m not American, I don’t care about the US, and have no interests there. So, of course I would object to a foreign government collecting my personal information. What American would feel comfortable having all their personal information collected by the Chinese government? However, the collection of my personal information by a foreign government is surely going to happen by default as soon as my new Windows 10 OS is installed, and despite what my privacy settings are on. This is bad for journalists, political activists (regardless of their allegiances), and even for legitimate human research. Even if you say, “I have nothing to hide”, police forces are still staffed by humans who have their own personal agendas, and will eventually have access to that information about you. That is to say, they can look at your personal data and make deliberately false assumptions about you. Consider your internet browsing history, and the automatic pop up ads you sometimes get. What story could someone make up about you?

Update 31st March 2016: If you have Windows 10, and want to fix the privacy problems, Tech Radar offers some help, and Slate give a great guide on how to install Windows 10 and organise the privacy settings as you go.