Category: Privacy

Ben still has all the Ayes

There is no end to the need to repeat the, somewhat but simply never sufficiently, quote by the Ben you know best:
Those who surrender freedom for security will not have, nor do they deserve, either one.

How valid today. How utterly moronic in comparison all that would allow crypto-backdoors (for other reasons, too), and covert catch-all dragnet surveillance. Etc.   Etc…

Oh and for the few that are still interested in the United States Constitution, they shall refer to article 1, section 7, clause 2 , that has not ayes and nays but yeas and Nays. Just wanted that off my plate.

Leaving you with:
[You’ll be naked and that will not be pretty; Barça]

All fine, for whom?

Just to be clear: Where do all the fines that will rain like hail from heck once GDPR comes into force, go to ..? Yes the supervisory authority may levy the fines, but it isn’t clear to whom the payment should go. Certainly leading to huge differences in compliance chasing: When the auth may keep them for themselves, they’re a. richer than the king since b. sure to penalise each and every futile infringement to the max; when the money goes to government’s coffers, that chasing not so much because who’d care?
You don’t believe me, right? Just wait and see. And weep.

Plus:
[Where the coffers are kept ..? Segovia]

Mastodon as a grassy patch

Just one of those things, questions, that swirl into my mind every so (too) often: What if, when, Mastodon is the Woodstock of social media ..? Wouldn’t that be grand. All pick your own Hendrix in this. Suggestion: him ;-|
On the serious side; the festival itself was hardly in mainstream news at the time, but (helped) triggered major societal changes. Let’s hope Big M (not with ac but on AC/DC) does the same, in these times of need. For such change.

Oh, and:
[No, this is not doctored or otherwise edited. Zuid-As, Ams]

Learn you will… Recover, you might.

When your countries largest retailer (primarily F&B but non-F only recently growing as well), has finally heard about something-something-smart-fridge. And wants to do it Right and starts off with a pilot. Of, drumroll, a smart fridge magnet with a mic and barco scanner for adding stuff to your on-line grocery list (on-site self-service pick / pick-up, or delivery to follow separately). Didn’t kno that existed already.
Nice idea, to include not (only) a barco deliberate-scanner (no creepy auto-scans) but also a mic when you don’t have the product at hand (and fresh veggies wouldn’t make it; for a long time already not stickered but weighted at the (vast majority) non-selfscanned check-out).

But what security ..? For fun, e.g., putting reams of alcohol stuff on the to-pickup lists of unsuspecting meek middle-classmen that won’t understand but come home with some explanation to do (bonus for taking the stuff off the list once procured so ‘no’ trace on the shopping list). For less fun, snooping off people’s shopping habits and get rich (by ultra-focused ads or selling off the data, or by extortion-light once you get the Embarrassing Items in view). For even less fun but lulz (grow a pair) when changing the list to violate some family member’s med-dietary choices into harmful variants. And don’t forget the option to (literally) listen in on very much that is said in the vincinity of the fridge. Could be anything, but probably privacy-sensitive.
But what security? The press release point to other countries’ supermarkets already offering the Hiku sensors. Nothing is unhackable. Exploit searches must be under way. People never learn. Reputational (corp) and personal-integrity (clients) damages may or may not be recoverable, at huge expense.

I’m not in, on this one. No need. Plus:
[Where you can learn; Zuid-As Ams]

Full cite of important stuff

This being a complete citation of important stuff, on various subjects in one – meaning, that the brillantly brief once more applies to various trades and aspects, for your information:
With the sound off or on?
If you watch a well-directed film with the sound turned off, you’ll get a lot out of it. On the other hand, it takes practice to read a screenplay and truly understand it.
It’s worth remembering that we lived in tribes for millennia, long before we learned how to speak. Emotional connection is our default. We only added words and symbolic logic much later.
There are a few places where all that matters is the words. Where the force of logic is sufficient to change the moment.
The rest of the time, which is almost all the time, the real issues are trust, status, culture, pheromones, peer pressure, urgency and the energy in the room.
It probably pays to know which kind of discussion you’re having.

By Seth Godin, as you may have derived from the style and profundity. (As per here, which is literally the same text – told you so – but also add the Head to your daily reading list! [Noticed that Head thing, intended to refer to a List structure, is a pun when you see the image to click on his blog…].)

Which all relates to a. Privacy [yes it does, just think it through] and b. your IAM ideas, ever in renewal since … decades; plus c. the ‘GRC’ eager beavers — that at last are pushed back, softly and hardly noticably, by counterforces-undetermined that want their space to innovate back. And d. <fill in yourself and colour the pictures>.

Oh, and:
[Marketing -, or was it Design, Department at some Toronto institute]

Fake your news

So this is your future, part II:
Fake news is (to be – timeframe in question is ..?) battled by platforms that have full control over just about everything out there. By whatever algorithm these might bring to bear, most probably with a dose of ill-aligned AI creating a filter bubble of the most beneficial to the platforms kind for sure which is the most profitable one to their *paying* customers which is the ad industry which hence is by definition detrimental to the users, the global general public (sic).
Thus suppressing Original Content by users that isn’t verifiable against the ever narrowing ‘truth’ definitions that benefit the platforms.
Thus installing the most massive censorship ever dreamt of.
And despite some seemingly (!) benign user support in this

In the olden days, anything of such ubiquity that it was factually (sic) a (inter)national utility, was nationalised to bring it under direct control of the People.
May we now see the appropriation of Fb by the UN due to exactly the same reason ..?

One can hope..? Plus:
[Rosy window on the world ..? Not even that; Zuid-As Amsterdam]

Right. Without -s

So, we’re into this era of giving up control over our lives. Where we’re either dumb pay-uppers, or (also) victims. Which in turn leads to questions regarding who will have any income at all, to pay for the service of being allowed to sit as stool pigeon until shot anyway.
Because the latter is what follows from this here nifty piece; Tesla not giving your data unless they can sue you. The EU push for human-in-the-loop may need to be extended considerably, but should, must. Possibly similar to the path of the Original cookie directive, from weak opt out to strong double opt in plus all privacy requirements (purpose / functional necessity, minimalisation, etc.etc.).

Do we recognise here again the idea that though your existence creates it and would be different for every human on earth (plus orbit), your data isn’t yours ..? Quod non! When someone takes what you produced (however indirectly! – inferred and metadata and all) without payment, that is theft or worse in any legal environment.
Is there anywhere a platform where the consequences of this global delineation are more clearly discussed, between Your Data Isn’t Yours Because We Process It, versus My Data’s Mine Wherever ..?

I’d like to know. And:
[Your fragile fortress…; Barça]

The Sixties, rehashed ..?

Quo vadis; society ..? This now has an answer: We’ll have a rehash of the 19-30s and -60s (/-70s) in one.
When the 1%ers slash Military-Industrial Complex slash totalitarians claim to want unfettered market economies for all even when they pursue an absolute, complete Big Government / monopoly society, even pushing IoT for the purpose of providing Big Brother with total surveillance capabilities under the guise of ‘citizen’-supporting ambient intelligence Oxford, and pushing VR as a tool for mind control (sucking everyone (?) into the blue pill illusions of the Matrix),
And on the opposite end we have a continued strive for the Commons-Arcadia of small businesses (not much beyond mom-and-pop freelance gigs) everywhere on a level playing (sic) field where Experiencing Nature in te Great Outdoors (soon trampled by the masses, and not too wild and Unknown), with IoT as tool for healthy slash sustainable living for all and VR as just a small-scope tool,
The Sixties / Ealy-Seventies are back. Much more transparent (also qua disruptors’ identities, whereabouts, and culpability vv the Law…), much more (yes indeed) ground to cover, to loosen up societies’ structures much more extensively — due to backlog, backfire and backlash since the last Aquarius rush (80s-10s). Even in business, seeing a return away from totalitarian-bureaucratics towards enterpreneurial freedom (“actual” leadership contra übernacissistic CEOs).
The Thirties are back. With the income distribution being more skewed than ever (!) in history, so with more argument pro (…) Revolution … [Despite the latter having proven throughout history to fail or rather, in the end to not work out the way it was intended!] But also the Junker that babble alternative facts (US) and pretend to rule (Europe) but have no clue about their overly apparent airheadedness, leading duces to be able to grab power.
Noting that in some conglomerate of nominally independent states, the division or even separation between the Poor in the middle and the Elites on either coast, is more clear (worse) than in the Thirties now.

Pendulum swings everywhere. And throw in China and Russia, plus some India into the mix…
What have we learned from the past; can we deal with extremes in a better way now ..?

Plus:
[Absolute rulers, Nature in the back; Salzburg again]

Customers, users, they aren’t the same

Yet another recent article in an otherwise wise mag tripped over the not even remotely subtle distinction between customers and users, when it comes to bragging rights of social media platforms.
User, users everywhere … But even by the billions they aren’t providing any subscription income… Because they’re just the product. Would mr Musk brag about how many Model S3X cars can run off his new factory’s assembly lines [errr…, yes he may], or would he be happier when there’s some out there that actually pay for the products? [that’s why he may]
At least, here we can still (sic) speak of actual products and clients. Where already clients and (‘all’) users are not the same thing. Buried in the above-linked article is passing reference to skew in ad revenue. Yes indeed. With the end kicker being the achievement of so-and-so-many billions of users again, to bury the fact that ad revenue points at what Facebook is all about: Lift, shift and retention of ad (selling) companies that are the actual users-customer-clients that bring in the dough.

So, wouldn’t it be better business reporting to stratify the users by ad generation ..? Wouldn’t it be better to point out all developments in revenues per ‘active’ user? Wouldn’t it be honest to report how little per user the ultimately advertising company makes in additional renevue by sales of (near-)physical products ..?

I’ll leave you with:
[The Salz’ worth going all the way up there, the ‘user’ down below made to feel on top of it…]

Pwds, again. And again and again. They’re 2FA-capable ..!

Why are we still so spastic re password ‘strength’ rules ..?

They have been debunked as being counterproductive outright, right? Since they are too cumbersome to deal with, and are just a gargleblaster element in some petty arms’ race with such enourmous collateral damage and ineffectiveness.

And come on, pipl! The solution has been there all along, though having been forbidden just as long …:
Write down your passphrases! The loss of control by having some paper out there, e.g., on your (Huh? Shared workspace, BYOD anyone?) monitor (Why!? Why not have the piece of paper in your wallet; most users will care for their money and those that don’t, miss some cells due to the same you wouldn’t want them at your workplace anyway) is minute, certainly compared to the immense increase in entropy gains i.e., straight-out security gains.
And … when you keep your written-down pwd to yourself (e.g., against this sort of thing), it becomes the same thing any physical token is and you created your own Two Factor Authentication without any investment other than the mere org-wide system policy setting change of requiring pwds of at least, say, 25 characters. (And promulgating this but that shouldn’t be too hard; opportunity to show to make life easier for end users, for once, and great opportunity for collateral instructions on (behavioural) infosec in general…)

What bugs me is that alreay a great string of generations have been led astray while all along the signs were on the wall – not the passwords on them, but the eventual inevitable collapse of the system, by users that demonstrated this security measure was too impractical to stick to par excellence as evidenced in the still-strong and practiced practice of writing down pwds. If people do some specific thing despite decades of instruction … might we consider the instruction to not fit the humans’ daily operations ..? so the ones seeking to Control [what pityful failures, those ones …; ed.] will have to rescind?

So, written-down passphrases it is. Plus:
[Easy sailing to new lands, beats being stuck on Ellis; NY]

Maverisk / Étoiles du Nord