Parental Control – Surveilling your parents … Ew!

There you have it: Parental Control is needed more than ever, in a subtle way (I’d suggest you would do best to re-study The Cyber Effect; as I do), given the ever increasing (sic) risks online for the smaller than you.

But what about the more grown-up than you; your parents …? They either are only now, slowly, coming online, or they have been there already longer and have practiced but now are becoming older and mentally less capable or acute.
Hence, would we need to instate parental control to (also) mean: control over your parents (‘ their online behaviour)? And how would we have to arrange that; the norms for what e.g., appropriate content would be, are, ahem, not so clear. When a child would want to explore a vast portion of the Internet / its traffic, many agree that this would be either to be forbidden or a serious learning opportunity qua acceptability. When the one(s) that taught you about the birds and the bees would want to visit such sites, well, ew! but on the other hand…
Similar, qua gambling sites, hooliganism, et al. — not forbidden for any adult but where do things get out of hand, squared with how the capacity to operate in society may deteriorate with the elderly and where the thresholds might be.

Yes, in Europe, when you die your data (on socmed etc. too!) belongs to the government and your family has no rights over them. By consequence of some weird interpretations of obscure articles, contra reasonable moral and ethical expectations by relatives (either biologically/family-related or qua social media ‘friends’..?).
But for bank accounts et al., there have been practical rules and protocols already a long time, so that children (come of age) slide stepwise into custodianship. Would we need something similar for parents’ online behaviour? What would the rules of thumb look like, and could they be enforced somehow, to protect the weak against abuse ..?

Let’s discuss. And:
[Bridge too far? Cala aging again; Sevilla this time]

Drones with AI; revenge

Heard recently of an airforce that was setting up a drone squadron where the pilots (? might, given the joysticks, better be called ‘gamers’ these days, apart from the euphemistically erasure of the moral and ethical aspects, maybe) would be in that country but the drones would be stationed in some other country because stupid drone flying rules go for the DoD too.
Yes this regarded a European country [would’ve referred to NL outright if it was; ed.], you guessed that correctly from the previous.

At some point in the future, the drones inevitably will get AI because everything will get AI. And, in times of increasing hacking and comms disruptions, some autonomy would be welcome for the drones already. And, what with increasing (sic) hackability, qua security against take-overs / reprogramming / retargeting while already airborne?
By that AI time, smart enough AI to come back and take revenge for the exile on those that wrote / maintained the stupid rules ..?

Anything too outlandish to take into serious regard today, will be daily no longer newsworthy fact tomorrow. ‘Tomorrow’ may vary from tomorrow to five years; no more.

Oh and on a lighter note:[Oh hey look, a street car! Sevilla]

Colluding AI

As more and more grunt work (like, so much that’s done in the intenisve people farms called ‘offices’) is replaced with AI, how soon will we find that some decision by a human, hardly in control anymore but totally reliant on the precooked algorithmic outcome provided by AI, will be contested in court – that will be presided over by a judge, hardly in control anymore but totally reliant on the precooked algorithmic outcome provided by AI, and the two colliding against humans’ interests…

Note that “of course”, there will be humans nominally handing out the final verdict(s), because so many (not yet) fought so hard (not enough yet) to keep a ‘human in the loop’. But having achieved not much more than the nominal thing, and there quickly being far too little humans with enough experience (how would they gain that, when they haven’t gone through the grunt work themselves, including being allowed to err sometimes or how would they otherwise have learned ..?) to be able to usefully overrule the AI. Usefully, in the sense that the AI will have all the better, rational even if outlandish arguments… No more gut feelings … That may be part of what makes us human; whaddabout Kahnemann’s 90% System 1 ..?

And then, still, what when AI finds it rational to re-introduce the death penalty ..? Swiftly executed, to preempt appeals?

Oh how bright is our future! Also:
[There was supposed to be a shut-down button somewhere in one AI/pillar at least… Now they switch each other On again …; Córdoba]

Car disruption

Have governments gone insane?? They penalise anyone (but certainly not everyone) going over some completely [?] arbitrary speed, whereas my car can do double that, easily. This needs to be disrupted! Just drive as fast as you can handle, don’t care about the ‘others’ that stand in the way of you in your fundamental rights to freedom and the pursuit of happiness, and fight government in courts when they go after you – they are the stupid ones! They can’t stand you disrupting the traffic market by being quicker than the stupid sheeple [or is that you disruptor-user ..?] from A to B! People will die in traffic (e.g., by being so stupid as to always stay on the pavement but wanting to cross the road at a pedestrian crossing; fools. Children will veer off onto the streets; too bad. There will always be some less lucky and they take themselves out of the gene pool, just let them not hinder the Winners.

I’m into privacy. Which is of course completely different? from traffic ‘markets’ where the road is a commons, bound by rules (like, one doesn’t have priority but should give it to others when due) to make it reasonably safe for anyone (as a commons: no over-use till Tragedy Of). Just like hotels having to live by all sorts of safety rules (training staff, smoke alarms, hygiene, etc.etc.) for a reason. The same reason (or worse, given casuality of visitors) that goes for the V-sign company?
So, privacy in public space, the more virtual the more so [at least, no bit less so], can one (ab)use it when in breach of laws of common decency – that go much beyond mere laws or constitutions ..?

Not even a personal thing, the above … and:

[Perfect space for street racing…? Wouldn’t even hit too many ‘innocents’ here…; Zuid-As Ams]

Macrodots on your Opsec training card

Already a couple of weeks (month) ago, the whole secret-microdots-ID-your-printer thing came out. Re the leakage of something-TLA in relation to electionhacking [let’s write that as one word, better aligning the construct] or what was it, where the leakster was IDd quickly because the microdot on the published material(s) revealed the printer used.
Here I was, thinking that this microdot thing – Some claim it goes with laser printers only, not inktjet/dot matrix ones; anyone has any definitive confirmation of this? If confirmed, how many non-stupid bad guys will still use laser printers not have switched already …? – was wider known (like, I had yet to meet anyone in the infosec field that didn’t know of them or could not expect them, nor give any canary) but was supposed to not be used for any but the most extreme evidence-requiring circumstances. Like, you let incidental bombers walk because you don’t want to reveal your methods in order to be able to trace networks of them.

But here, a simple case of whistleblowing (is it, or is there more at play, like, Western democracy or even something serious, unfake …?) and everyone knows it now, in the open. Strange.
Tons of good info in the link, BTW.

Also strange that someone with such high clearance wouldn’t be better trained in Opsec, hence a. know about microdots and b. have used more covert leak channels. If training of such critical staff is so poor, there’s more serious troubles than just the demise of democratic institutions forthcoming.

Or maybe pretty-face leakster was ousted for not (falling for blackmail pushing to) providing some kind of services. Who knows. No one, these days of non-non-repudiatable news.

Oh well. And:

[In some relation to the above, that guy on the pole would know much better than to want encryption banned or backdoor’d to counter some moronic attackers like latter-day flat-out lying PMs]

Stay put while moving your address

Lately, there were a number of times I was reminded that for those that still use email (i.e., the overly vast majority of us!), some email addresses have been more stable over time than mere snail street addresses. And, with the different use of email versus the type that it was (derived-)named after, quite some times your ‘stable’ email address is harder to change. Where moving physical home address will easily redirect your mailman’s delivery for a large sway of services (utilities, subscriptions, et al.), such service doesn’t necessarily exist for email.
Not strange. You can move house and then take your email with you. Come to think of it, this is part of the greatness of the OSI model, right?
But strange. Try to ‘move’ (i.e., change) your private email address, that you use for innumerable websites, affiliation subscriptions, socmed profiles, etc.etc., and … you’re hosed. In particular, when you don’t have access to your former email address e.g., when switching employers (wasn’t a good idea to begin with, even in about-all of the world where using company equipment still leaves you with all privacy protection you’d need, excepting the corner of the world that their figurehead took out of the world’s developments so will revert to backwater, developing country-terrain), the confirm-change email may be unreachable as you can’t login to your old mail account… No solution provided anywhere.

So, as easy as it should be to move physically and have your physical address changed in public record systems, as easy it should be to keep some email address(es) that are used to identify you in person even when you’ve moved ISP…
Question to you: Is this covered under the “Must be able to move” hardcore requirement always under the GDPR..? *All* data should be coughed up in a machine-readable format to be processed in similar manner by some other service provider. That goes for email services too, automatically, so how will the (your!) sender/receiver addresses still be valid when you’ve moved ..?
If the latter works, then any service provider ID in your email address must work on any other provider’s systems, or your former is liable for up to 2% of global (sic) turnover. Quite a (damages avoidance) budget, to make things work…

Oh, and:

[Take a seat; not your address of any kind; Dublin Castle]

Chasing the GDPR hippo

As I was reminded of the ‘Kill the Hippo’ meme, I realised its application is valid in specific circumstances, too.
Where the Hippo is of course here. And the application that I was thinking of, is here.
Not this one, that may stay where appropriate (which is much less than always)…

No, your Usual Suspect isn’t the CEO or whatever, and suggesting the CISO is just a pun, but … the lawyer(s) involved…
All you have to do, is take a look at their billing rates. And at the hippo-original abbrev meaning (sometimes, even the original meaning outright qua looks but in the most-expensively-dressed-in-the-room version, hopefully?) — pointing at the need to not listen to them as the most effective way to deal with the issue(s) at hand since they may on occasion (50,1%++) have the least useful insights to bring to the table…

Oh well. I’ll leave you with:

[Dead straight, according to your lawyer. Cromhouthuis Ams]

2FA is illegal!

Just when you thought the solutions to your eternal (not) pwd problems were getting mature enough to deploy – nudged to annoyance by all the vendor FUD – and you forgot the solution is totally easy and already in your infra everywhere, you will find … 2FA is declared illegal …

Oh …, it turns out to concern the party drug kind only, not 2FA but 4-FA. Like, here. Phew!
But stil, kids, don’t rely on 2FA either; help users reduce complexity not hinder ’em!

Oh, and:

[When all sober and straight would have been Boring; Lille]

D-raacdronische maatregelen

Okay, for those of you unable to understand the disastrous (understatement) word-play in the title because it’s in Dutch… It’s about a court case (verdict here) where neighbours were in this vendetta already and now one flew a camera drone over the other’s property succinctly the other shot down the drone.
Qua culpability for the damage to the drone, the Judge ruled that a. the drone pilot was trespassing so put the drone illegally where it was shot down, b. the gunman [an experienced shot, apparently] was not to damage other peoples’ property, both are guitly and should share the damage (and share the legal expense).

Side note: the verdict also states through witnesses, that the damage incurred was to one rotor only (after which the drone made a controlled landing; not such a good shot after all) and it had been flown into a tree before the incident (not such a good pilot in the first place), so the damage amount as reported by an independent expert were doubtful, even more so since the independent expert nowhere indicated in the report how the assessed drone was identified or identifyable, as the drone in question or otherwise.
Stupid amateurs.

Moreover, the Judge stated that a breach of privacy weighed no more of less that a breach of property rights. Now there‘s the Error [should be all-caps] in the assessment of current-day societal ethics which in this case, where the Judge appears to demonstrate a sensibility of the case i.e., the vendetta between the neighbours having dropped to a state where mediation is an option no more, would have called for understanding of the derogation of property rights by the privacy concerns as is prevalent (yes; fact) in society in which the verdict should fit. Apparently, neighbour considered the privacy breach already of more value that the risk to his property otherwise would have abstained from the risk of property damage. And the property rights should be compared with the privacy rights one has when e.g., throwing away printed materials; when discarded in the dumpster, one has surrendered one’s right to privacy-through-property re the dumped information. When voluntarily move into or over another one’s property, certainly without consent and against that other one’s want, does one not surrender one’s [protection of!] property rights to the other one? Of course one can ask one’s property back but what if the other one refuses or uses it as security re exchange for something else?

Legal scholars don’t seem to Always have a “hackers’ mentality” when it comes to finding all the side roads … Most unfortunately!
And:

[From the department of infinitely high control; Ronchamps]

Decision time for informational priv

When discussing Privacy, a lot of attention goes to informational privacy, easily tautologised with person-possibly-indentifying data.
If that reads mixed-up, it’s because it is.
But that’s for another session series. Of series.

What today’s post title is about, is the distinction between the two sides of the house; informational privacy (which is about information about you, or which you generate) versus decisional privacy (commonly defined in terms of your right to freely decide over your body’s integrity). As you read that, clearly the latter needs an update; a heck of a long KBxyzuvw article attached.
Because both the

  • Outright choice limitation through covert or overt profiling and covert or overt automated decision making, sometimes limiting your choice to none when you get rejected (from the ability to even decide) for something, or get no service proposition at all, a.k.a. the Hobson’s choice of socmed,
  • Covert choice limitation through filter bubbles – which would more accurately be called filter fish-trap,

can result from a lack of informational privacy. But both aren’t well covered in the definition of decisional priv whereas that infamous thing with The Freedom of the Pursuit of Happiness or whatsitcalled I don’t care you get it, Freedom, should be guaranteed.
So tightly coupled with all sorts of metaphysics, ontology, and topology of Privacy. Like, the feeling and understanding y’all have when you hear that word. It’s not only ‘bugger off nothing of your interest here’ privacy but also ‘get off my back‘ privacy; no weighing down.

Oh well. This being among my interests but not really my training, so I’ll go read up the latest qua this all. Pointers appreciated. And:
[For no reason whatsoever, totally unconnected; Riga Jugendstil]

Maverisk / Étoiles du Nord