wasting bandwidth since 1999

Tag: security (Page 2 of 6)

The Store is Tracking You

Screen Shot 2018 01 23 at 8 30 25 PM

Irony is not dead.

This week Amazon, the 800-pound gorilla of online merchants, opened an actual physical store. From the pictures, it looks like what Whole Foods (which Amazon bought last year) might have come up with if they were designing a Wawa.

However, the unique part of Amazon Go is that there are no checkout lines, cash registers, or cashiers, and the tech press went wild.

On arrival, you launch the Go app, which comes out today for iPhones and Android phones and connects to your Amazon account. It displays a 2D code that you scan at one of several glass security gates. The code identifies you to the store and opens the gate. (You can also check in other people—a spouse, a kid, a friend—whose purchases will be added to your tab.) Once you’re in, AI algorithms start to track you and everything you pick up and keep. You can bag your items as you go if you so choose, and need interact with an employee only if you’re buying alcohol, in which case an associate standing in the liquor area will check your ID.

The article talks about the store using a lot of AI, although I’m not sure this system is all that smart (yet). Really it’s only a couple of steps beyond how I already shop.

At the supermarket I go to most often, I pick up a hand-held device after scanning a loyalty card. As I select the items I want, I scan the bar code and stick it in my bag. At check out, I scan a code on the device, wave my Apple Pay at the register, and leave. Amazon engineers take that semi-manual process and incorporate the scanner into the building itself.

This is only one store, in downtown Seattle, and it’s not clear where Amazon plans to take this concept. But it’s not hard to predict where this general technology is going.

Between the general lust for data by corporations and governments, and the paranoia-fueled push for more “security”, this kind of tracking system will become more powerful. And likely be spread far and wide.

Watch for AI-powered cameras and sensors at your local mall, airport, convention center, wherever lots of people come and go. At your school?

Ok, that’s enough ranting on this topic for now. I have to go work on my sensor-blocking tin foil hat. :)

Tweet by @typesfast, posted January 22.


Sunday Short Takes

A few interesting reads and listens from last week.

The New York Times Magazine’s education edition included a long, very interesting look at education in Michigan where they gambled on charter schools and “Its Children Lost”. It’s a story of lax regulation and oversight, coupled with a concerted effort to privatize public schools, led by the current federal Secretary of Education.

Two podcast episodes that explain in clear language why a do-nothing Congress can actually harm people. Planet Money has three examples our legislators risking the American economy by failing to pass a budget and risking the good credit of the country by playing chicken with the debt ceiling. The third segment addresses immigration and DACA, as does a short edition of DecodeDC, in which they fact check Jeff Sessions. Spoiler: he’s mostly wrong.

In-between watching continuous coverage of Hurricane Irma, read about the men and women who fly aircraft into the middle of those storms to gather crucial information for scientists and forecasters. We often take all this for granted but collecting that data is tricky, dangerous, and very necessary work.

Related to that, the BBC programme (British spelling :-) More or Less explains why the phrase “one in 500 year storm”, used so frequently during the coverage of Hurricane Harvey, has very little meaning. By the way, More or Less does a very good job of explaining those kind of statistical measures used by the media, in a short and very interesting weekly podcast.

With all the stories about data security this week, Motherboard explains why you should never post pictures of your airline tickets or even house keys on social media. Their warning should also extend to any documents that include numbers or barcodes that contain identifying information. If you teach, you may want to explain this to your students as well.

Finally, National Geographic offered a couple of interesting pieces this week, complete with great images, of course. One is a photographic essay of abandoned, decayed resorts in Pennsylvania and New York, side-by-side with post cards of the same scenes. Very creepy. The other profiles a small city in China (where a population of 1.2 million is “small”) that produces “60 percent of the worlds cheap consumable goods”.

I’m Back

This post is going to be long, rambling, and geeky. You may want to skip it.

Many bloggers take occasional breaks from writing. Sometime life just gets in the way. Other times you run out of things to say. The recent almost month long hiatus around here is strictly technical: my site was compromised.

This was the third time this year that someone has injected malicious code into my WordPress files and taking the site off line. In addition, there were other instances that caused problems but not to that extent.

Now, I’ve been online long enough1 to know that some of this is my fault. Website security takes time to do right and I don’t have the time, background, or interest to learn enough about the field. Plus, like 95% of the world, I probably don’t pick very good passwords.

That’s why, if you’re going to own your own presence on the web, you need a good hosting service. They should have the tools and people who can monitor for intrusions like the ones that hit my site. Maybe even block them. At the very least, the company should have support resources in place to help resolve the issues and get a compromised site back up quickly.

With my now former hosting company2 I certainly wasn’t paying enough to get top level, direct communication, personal service. And I never expected it.

However, what no one, even on the cheapest tier (which I wasn’t), should get from support is a dismissive attitude, reflecting all blame back on the client, and working from a one-size-fits-all script. A script that includes pushing “solutions” with a monthly cost that’s more than the product itself. Actually all of this should be true of any company, regardless of what they’re selling.

So this last mess was the final straw, sending me looking for a new web host, which is my fourth or fifth hosting company counting the early free services. There are many, many options out there, with prices and features all over the map. But the choice was actually pretty easy and I’ve now moved everything to Reclaim Hosting for several good reasons.

Reclaim is a relatively small (and somewhat local) company that specializes in working with educators and students. And they emphasize service over pricing, very different from most of the large hosts I’ve looked at that that push low, low prices and rely on volume and upselling. Plus one of the co-founders is a friend, so you can’t beat that.

By the way, you might have noticed that nowhere in this piece do I call what happened to my site “hacking”. My introduction to that concept came from the 1984 book Hackers by Steven Levy. The subtitle was “Heroes of the Computer Revolution” and it’s one of the few paper books still on my shelf. This kind of crap does not rise to the level of “hacking” as I see it, something I’ll expand on in another post.

Anyway, the whole transfer process was very easy (Reclaim also offers a free migration service), much smoother and faster than the last time I did this, nine or ten years ago. And after a few additional bumps, everything seems to be working well around there. Time to spend more time writing and less on the techie end of blogging.

Not What You Would Call “Hacking”

How would you define “hacking”? Probably not like this:

A 14-year-old eighth grader in Florida, Domanik Green, has been charged with a felony for “hacking” his teacher’s computer. The “hacking” in this instance was using a widely known password to change the desktop background of his teacher’s computer with an image of two men kissing. The outrage of being charged with a felony for what essentially amounts to a misguided prank should be familiar to those who follow how computer crimes are handled by our justice system.

The modern use of the term “hacker” originated in the 1960’s and started life as a compliment, used described someone who worked on a tech problem in a “different, presumably more creative way than what’s outlined in an instruction manual.”

But even if you accept the current malicious application, this teenager is no hacker.

Instead blame the boy only for taking advantage of the irresponsible and careless adults working at his school. And a legal system more interested in making a high profile example of a kid’s “misguided prank” than fixing the stupidity of his teachers.

A Very Unbalanced Compromise

Perceived threats to “national security” make politicians and pundits say stupid things, especially about privacy rights. There’s just no other way to put it. Open almost any information source, or Fox “news” if you must, at almost any time of the day for plenty of examples.

Following the recent events in Paris, came another round of those stupid things, including calls to ban communications tools that don’t allow governments to have “backdoor” access to every bit of information sent, including this one from the British Prime Minister.

He said: “In our country, do we want to allow a means of communication between people which […] we cannot read?” He made the connection between encrypted communications tools and letters and phone conversations, both of which can be read by security services in extreme situations and with a warrant from the home secretary.3

We have plenty of high profile people in this country who also want the government to have that backdoor as a tool to keep us “safe” from bad guys. Even though the NSA, our own literal “big brother”, is already hoovering up every bit of communications data they can find.

However, as Cory Doctorow, the EFF and many other smart people have pointed out, “backdoors” won’t just be used for honest law enforcement.

What David Cameron thinks he’s saying is, “We will command all the software creators we can reach to introduce back-doors into their tools for us.” There are enormous problems with this: there’s no back door that only lets good guys go through it. If your Whatsapp or Google Hangouts has a deliberately introduced flaw in it, then foreign spies, criminals, crooked police (like those who fed sensitive information to the tabloids who were implicated in the hacking scandal — and like the high-level police who secretly worked for organised crime for years), and criminals will eventually discover this vulnerability. They — and not just the security services — will be able to use it to intercept all of our communications. That includes things like the pictures of your kids in your bath that you send to your parents to the trade secrets you send to your co-workers.

Plus, as Doctorow also points our, similar requirements and technological solutions haven’t worked in much more restrictive countries like Russia, Iran, and Syria.

Ok, I’m no security expert, although I do have a good basic understanding of the technology involved. This is simply the rant of someone who is tired of being told by an assortment of largely untrustworthy figures that we must give up rights, Constitutional and other, for an uncertain and vaguely defined promise of “security”.

It all seems like a very unbalanced compromise.

« Older posts Newer posts »

© 2021 Assorted Stuff

Theme by Anders NorenUp ↑