As countries around the world race to contain the pandemic, many are deploying digital surveillance tools as a means to exert social control, even turning security agency technologies on their own civilians. Health and law enforcement authorities are understandably eager to employ every tool at their disposal to try to hinder the virus even as the surveillance efforts threaten to alter the precarious balance between public safety and personal privacy on a global scale.
Yet ratcheting up surveillance to combat the pandemic now could permanently open the doors to more invasive forms of snooping later.
I think the effects of COVID-19 will be more drastic than the effects of the terrorist attacks of 9/11: not only with respect to surveillance, but across many aspects of our society. And while many things that would never be acceptable during normal time are reasonable things to do right now, we need to makes sure we can ratchet them back once the current pandemic is over.
We know that this virus requires us to take steps that would be unthinkable in normal times. Staying inside, limiting public gatherings, and cooperating with medically needed attempts to track the virus are, when approached properly, reasonable and responsible things to do. But we must be as vigilant as we are thoughtful. We must be sure that measures taken in the name of responding to COVID-19 are, in the language of international human rights law, "necessary and proportionate" to the needs of society in fighting the virus. Above all, we must make sure that these measures end and that the data collected for these purposes is not re-purposed for either governmental or commercial ends.
I worry that in our haste and fear, we will fail to do any of that.
Wat was vandaag in het nieuws over het coronavirus? Een overzicht van de belangrijkste gebeurtenissen.
De centrale eindexamens voor middelbare scholieren gaan dit jaar niet door, heeft minister Slob in overleg met onderwijsvertegenwoordigers besloten. Scholen moeten op basis van de schoolexamens gaan beslissen of leerlingen geslaagd zijn of niet. Ze krijgen tot begin juni de tijd om leerlingen hun schoolexamens te laten maken.
Dat betekent dat sommigen al bijna de vlag uit kunnen hangen, maar het voor anderen nog heel spannend is:
Nederlandse supermarktketens en drogisterijen gaan per direct het aantal klanten in de winkel beperken. Winkels mogen vanaf nu maximaal één klant per tien vierkante meter binnen hebben zodat mensen ten minste anderhalve meter afstand kunnen houden. Een winkelwagentje wordt verplicht.
Wat geldt tot 6 april, wat tot 1 juni?
Gelden de nieuwe maatregelen van het kabinet nu tot 6 april of 1 juni? Er was vandaag veel onduidelijkheid, na de persconferentie maandag van het kabinet. De datum van 1 juni geldt vooral voor grote evenementen, blijkt nu uit een nieuwe Q&A van de overheid. Over andere maatregelen (sluiting van scholen en horeca, verbieden sportwedstrijden) wordt tegen 6 april een nieuw besluit genomen.
Of scholen of kinderopvang weer open kunnen, wordt besloten op basis van nieuw onderzoek van het RIVM. Een mogelijk probleem: dat onderzoek is vandaag van start gegaan en het duurt nog zeker zes weken voordat er resultaten zijn. Dat meldt het RIVM aan Nieuwsuur.
Ambtenaren van de handhaving controleren sinds vandaag actief of alle regels wel worden nageleefd:
63 doden sinds gisteren, hoogste aantal tot nu toe
Het afgelopen etmaal zijn 63 mensen in Nederland overleden aan de gevolgen van het coronavirus, meldt het RIVM. Dat is het hoogste aantal tot nu toe. Het dodental staat nu op 276. Het aantal ziekenhuisopnamen steeg met 265 naar 1495, ook een nieuw dagrecord.
De politie heeft de afgelopen week minder meldingen gekregen van inbraken, fietsendiefstal en zakkenrollerij. Ook waren er minder ongelukken in het verkeer. Er waren echter wel meer geregistreerde gevallen van overlast in wijken. Dat blijkt uit een eerste analyse van de politie sinds het kabinet maatregelen tegen de verspreiding van het coronavirus aankondigde.
China verlicht maatregelen, VS gaat op slot
De Chinese autoriteiten versoepelen het strikte reisregime in de provincie Hubei. Vanaf morgen mogen inwoners die in het bezit zijn van een gezondheidsverklaring weer binnen de provincie reizen, met uitzondering van de stad Wuhan. In die miljoenenstad brak de wereldwijde coronacrisis uit, eind 2019.
In de Verenigde Staten krijgen steeds meer Amerikanen het dringende advies om zoveel mogelijk thuis te blijven, om zo de verspreiding van het coronavirus te remmen. Alleen al in New York zijn er meer dan 25.000 besmette mensen, en die aantallen verdubbelen elke drie dagen volgens gouverneur Andrew Cuomo.
President Trump wil de corona-maatregelen snel weer intrekken, om zo de economie niet te veel te schaden:
When I think about how COVID-19's security measures are affecting organizational networks, I see several interrelated problems:
One, employees are working from their home networks and sometimes from their home computers. These systems are more likely to be out of date, unpatched, and unprotected. They are more vulnerable to attack simply because they are less secure.
Two, sensitive organizational data will likely migrate outside of the network. Employees working from home are going to save data on their own computers, where they aren't protected by the organization's security systems. This makes the data more likely to be hacked and stolen.
Three, employees are more likely to access their organizational networks insecurely. If the organization is lucky, they will have already set up a VPN for remote access. If not, they're either trying to get one quickly or not bothering at all. Handing people VPN software to install and use with zero training is a recipe for security mistakes, but not using a VPN is even worse.
Four, employees are being asked to use new and unfamiliar tools like Zoom to replace face-to-face meetings. Again, these hastily set-up systems are likely to be insecure.
Five, the general chaos of "doing things differently" is an opening for attack. Tricks like business email compromise, where an employee gets a fake email from a senior executive asking him to transfer money to some account, will be more successful when the employee can't walk down the hall to confirm the email's validity -- and when everyone is distracted and so many other things are being done differently.
Worrying about network security seems almost quaint in the face of the massive health risks from COVID-19, but attacks on infrastructure can have effects far greater than the infrastructure itself. Stay safe, everyone, and help keep your networks safe as well.
"I have come to believe that the whole world is an enigma, a harmless enigma that is made terrible by our own mad attempt to interpret it as though it had an underlying truth."
I am not proposing a return to the Stone Age. My intent is not reactionary, nor even conservative, but simply subversive. It seems that the utopian imagination is trapped, like capitalism and industrialism and the human population, in a one-way future consisting only of growth. All I’m trying to do is figure out how to put a pig on the tracks.
Motherboard has a long article on apps -- Edison, Slice, and Cleanfox -- that spy on your email by scraping your screen, and then sell that information to others:
Some of the companies listed in the J.P. Morgan document sell data sourced from "personal inboxes," the document adds. A spokesperson for J.P. Morgan Research, the part of the company that created the document, told Motherboard that the research "is intended for institutional clients."
That document describes Edison as providing "consumer purchase metrics including brand loyalty, wallet share, purchase preferences, etc." The document adds that the "source" of the data is the "Edison Email App."
[...]
A dataset obtained by Motherboard shows what some of the information pulled from free email app users' inboxes looks like. A spreadsheet containing data from Rakuten's Slice, an app that scrapes a user's inbox so they can better track packages or get their money back once a product goes down in price, contains the item that an app user bought from a specific brand, what they paid, and an unique identification code for each buyer.
On June 9, former Google designer turned tech critic Tristan Harris tweeted: “We need a new field of ‘Society & Technology Interaction’ (or STX).” This “new field,” he wrote, would research ways to realign technology so that it worked in the best interests of humanity. But as some academics and social scientists were swift to point out, it is not as if such critical approaches don’t already exist. They responded to Harris’s tweet by noting his apparent ignorance of entire swathes of academic research, including science and technology studies (STS), internet and platform studies, and other various subfields within the social sciences and humanities that have been critiquing design and technological practices for decades. Some replies accused Harris of “Columbizing,” claiming to discover a territory that already exists.
More than merely an amusing Twitter roasting, however, this episode marks a key moment in the emerging discourse of “tech humanism,” which, as Ben Tarnoff and Moira Weigel explain in this essay for the Guardian, is the belief that technology “damages our psychological well-being and conditions us to behave in ways that diminish our humanity.” In other words, technology in their view now compromises the quintessentially human capacity for individual decision making.
The “human” is not a self-evident category
Harris’s tweet was part of a wider discussion among advocates for “humane technology” such as Aza Raskin and Aviv Oyadya, who argue that user-experience (UX) design — the practice of tailoring a product to users’ anticipated behavioral responses, with the aim of making it easy or compelling to use — has led to a general “downgrade” of humanity, evidenced by digital addiction, increased superficiality, and an overall decline of mental health and political and media discourse. A critical approach to UX, they say, would help shed light on its negative effects. Harris’s Center of Humane Technology seems to have been launched with that aim in mind. But as Maya Ganesh, Lilly Irani and Rumman Chowdhury, and others have noted, the idea of humane technology is at best a technical critique of UX design practices and culture that repositions Silicon Valley entrepreneurs, designers, and programmers as the ideal reformers of humanity.
The tech-humanist movement raises important questions about how UX design configures human beings as “users” according to the culture and ideology of the tech sector. This echoes the work of STS scholars like Benjamin Bratton, Tung-Hui Hu, Orit Halpern, and Wendy Chun, who have made similar points. But tech humanism appears to take for granted the fundamental unit that motivates its critique: the “human” subject. For Harris and company, the human subject appears to be a transparent, knowable, monadic unit of being, more or less consistent with the humanist subject of the Enlightenment. They treat what a “human” is and does as self-evident, overlooking the ways that the category of the human has been used to dehumanize certain people and groups who fall outside their limited definition (i.e. women, people of color, non-able bodies, etc.). The “human” is not a self-evident category at all but rather a political and ideological tool that has long been used to maintain existing hierarchies, excluding some people to the benefit of others.
The arch response Harris received to his STX tweet might be read as part of ongoing debates, in STS and elsewhere, regarding who gets to define the “human,” as well as who gets to be considered most fully human in our current techno-social predicament. Our concern is that tech humanism not only underestimates what it takes to comprehend the category of “the human” but that its attempts to reform “humanity” may reinstate humanism’s old hierarchies of power and control.
Traditional humanism defined the “human” as a rational, sovereign agent. In Rosi Braidotti’s estimation, this means “the classical ideal of ‘Man,’ formulated first by Protagoras as ‘the measure of all things,’ later renewed in the Italian Renaissance as a universal model and represented in Leonardo da Vinci’s Vitruvian Man.” Cary Wolfe has explained this idea of the “human” as “the Cartesian subject of the cogito, the Kantian ‘community of reasonable beings,’ or, in more sociological terms, the subject as citizen, rights-holder, property-owner, and so on.” This Enlightenment notion of the human continues to enjoy widespread consensus, carrying with it a reassuring familiarity and appearing as common sense. An attachment to this notion of the human is often asserted as if it were a matter of fact, a given — so much so that, as Braidotti points out, we construct a fundamental notion of rights around it.
It is no coincidence that websites promoting disconnection tools and events often feature striking images of untouched mountains
Though this definition of “human” is often taken and natural and self-evident, it has also been subject to critique. The anti-humanist movements of postwar Europe (associated with figures such as Michel Foucault, Jacques Derrida, Gilles Deleuze, and Jacques Lacan) and the more recent posthuman movement (associated with Rosi Braidotti, Cary Wolfe, Francesca Ferrando, among others) have systematically critiqued this humanist figure for its partiality. As Braidotti summarizes:
Universal “Man,” in fact, is implicitly assumed to be masculine, white, urbanized, speaking a standard language, heterosexually inscribed in a reproductive unit and a full citizen of a recognized polity. How nonrepresentative can you get?
The concept is also critiqued for putting forward the notion of man as the hegemonic and rightfully dominant species.
Tech humanism, in foregrounding the need to preserve “the human,” is in danger of reviving the old humanist approach, only its definition of Universal Man is framed around the ideal user implicit in the protocols of UX design. Humanism’s “unshakable certainty [in] the almost boundless capacity of humans to pursue their individual and collective perfectibility” (as Rosi Braidotti puts it in The Posthuman) is finding new form in the Perfect User: a thoroughly designed, homogenous subject position that one may momentarily step into by engaging in digital healthism and digital well-being practices. Its proximate roots are in Californian wellness culture (described here by Daniela Blei), which attempts to align intentional technology use with self-mastery. Today’s aspirational subject can engage in activities such as intentional eating, intentional house design, and intentional human speaking. And, of course, intentional phone use.
Drawing from wellness culture, tech humanism adopts as one of its central tenets the perfectibility of the subject, pursuable through such activities as mindfulness, digital minimalism, productivity, self-discipline, and intentionality. Inherent in the movement is the elitist assumption that everyone has the time and means to be unconnected. For the Perfect User, retreating from the digital world means attending custom-designed events and festivals, like the Go Brick Phone-Free Getaway and, of course, Burning Man, where being screen-free will have only positive consequences. It is no coincidence that websites promoting disconnection tools and events often feature striking images of untouched mountains, because the Perfect User has the ability to travel in pursuit of self-improvement.
There is also a fundamental assumption that users have, or should have, a dominant, guiding and aspirational intention in ideological alignment with the Center for Humane Technology’s Humane Design Guide. Central to the center’s ideology is the humanist belief that individuals should act in concert with their own intentions. Accordingly, UX design practices can and should enhance the human condition by aligning design to human intention. As part of this determinist, the CHT website (under a header of Take Control) offers tips on, for example, how to temper one’s phone habit, with links to recommended mindfulness or time-management apps like Calm and Moment. These tips reinforce an approach to technology founded in what Adam Fish calls “digital healthism,” which positions the individual as responsible for their digital consumption.
But for tech humanism, the same potent persuasive technology design that is pitched here as the solution was also the source of the problem, fomenting unintentional or unconscious phone use through its irresistible snares. The movement’s ostensible mission is to maintain and protect individual sovereignty and restore intentionality, yet it relies on the same sort of assumption about the conditioning powers of UX design to achieve it.
Tech humanism insists that one be a user to be recognized as human. The fantasy-structure of intentionality encourages an aspirational form of digital consumption
Exactly how does UX design configure the Perfect User? And whose interests does this user serve? Among the apps meant to rescue users from distraction is Siempo, which tries to restore intentionality by redrawing the phone interface and reorganizing the app inventory to make “distracting” features less accessible. During its onboarding process, the app asks, “What’s your intention?” which it then reminds users of every time they unlock their phone or swipe to additional screens. Constantly reminding the user of their intention nudges the user to self-manage their digital consumption and aspire to a healthier, more productive, or otherwise self-optimal modes of living. With Siempo installed, the phone becomes akin to Foucault’s “body-tool,” demanding of the user continuous, intentional behavior. The phone as body-tool prompts the user to engage in self-surveillance and self-discipline, subjugating themselves to the modes of use that have been designed into the app.
Another tool, the Intent Launcher of the Add Intent suite, further reveals the kinds of activities the Perfect User is encouraged to strive for. Although the app’s purpose is presented relatively neutrally as “developing tools that put you back in control,” the overall design promotes a specific lifestyle ideology. Its design is text-only, to counteract “flashy icons trying to get your attention.” It suggests that users organize their phone apps into “Essentials” (it lists Amazon Kindle, Camera, Inbox, Messages, Phone, Slack, and Spotify) and “Distractions” (Facebook, Twitter, Instagram, and YouTube). These lists seem to discourage apps where the user engages more directly with others and with the outside world, and encourage as potentially “enriching” activities like reading and listening to music.
Regardless of how worthy their causes may be, both these apps require the user to enter into a thoroughly designed user-position — the Perfect User — to even be recognized as a subject by the socio-technical apparatus. One cannot function as a user without conforming to the modes of use that have been designed into the system. Put differently, apps like Siempo and Add Intent are actively involved in producing the kind of subject with which they claim to interact. The user of these systems remains a docile subject to be brought under control and disciplined, but the fantasy-structure of intentionality masks the ideological functioning of the apps, not to mention the broader structures of wellness capitalism itself, by encouraging an aspirational form of digital consumption. Tech humanism more or less insists that one be a user to be recognized as human. This move keeps us tethered to classic humanist structures of categorization, whereby some users are considered better than others.
The Perfect User may appear to be a self-evidently superior form of subjectivity well-suited to the pressures of our techno-social age, but that should not blind us to the relational politics and ideological entanglements that lie behind it. Though it seems rooted in wellness and empowerment, it implicitly retains the hierarchies and exclusions of enlightenment humanism by assuming the nature of the “human” subject it requires.
Although the humane tech movement’s attempts to reconfigure a “better” user-subject may be well-intentioned, we also need to acknowledge the political and ideological assumptions underpinning it. This may help to avoid a situation in which a relatively small group of Silicon Valley tech entrepreneurs, developers, and designers are reforming humanity according to a privileged set of values and ideals.
A researcher abused the GDPR to get information on his fiancee:
It is one of the first tests of its kind to exploit the EU's General Data Protection Regulation (GDPR), which came into force in May 2018. The law shortened the time organisations had to respond to data requests, added new types of information they have to provide, and increased the potential penalty for non-compliance.
"Generally if it was an extremely large company -- especially tech ones -- they tended to do really well," he told the BBC.
"Small companies tended to ignore me.
"But the kind of mid-sized businesses that knew about GDPR, but maybe didn't have much of a specialised process [to handle requests], failed."
He declined to identify the organisations that had mishandled the requests, but said they had included:
a UK hotel chain that shared a complete record of his partner's overnight stays
two UK rail companies that provided records of all the journeys she had taken with them over several years
a US-based educational company that handed over her high school grades, mother's maiden name and the results of a criminal background check survey.
Microsoft co-founder Bill Gates has been reflecting on his time at the company when crucial decisions were made over its mobile operating system. During a recent interview at Village Global, a venture capital firm, Gates revealed his “greatest mistake ever” was Microsoft missing the Android opportunity:
“In the software world, particularly for platforms, these are winner-take-all markets. So the greatest mistake ever is whatever mismanagement I engaged in that caused Microsoft not to be what Android is. That is, Android is the standard non-Apple phone platform. That was a natural thing for Microsoft to win. It really is winner take all. If you’re there with half as many apps or 90 percent as many apps, you’re on your way to complete...
"I am among those who think that science has great beauty. A scientist in his laboratory is not only a technician: he is also a child placed before natural phenomena which impress him like a fairy tale."
In what I am sure is only a first in many similar demonstrations, researchers are able to add or remove cancer signs from CT scans. The results easily fool radiologists.
I don't think the medical device industry has thought at all about data integrity and authentication issues. In a world where sensor data of all kinds is undetectably manipulatable, they're going to have to start.
In today's digital age, a large Instagram audience is considered a valuable currency. I had also heard through the grapevine that I could monetize a large following -- or in my desired case -- use it to have my meals paid for. So I did just that.
I created an Instagram page that showcased pictures of New York City's skylines, iconic spots, elegant skyscrapers -- you name it. The page has amassed a following of over 25,000 users in the NYC area and it's still rapidly growing.
I reach out restaurants in the area either via Instagram's direct messaging or email and offer to post a positive review in return for a free entree or at least a discount. Almost every restaurant I've messaged came back at me with a compensated meal or a gift card. Most places have an allocated marketing budget for these types of things so they were happy to offer me a free dining experience in exchange for a promotion. I've ended up giving some of these meals away to my friends and family because at times I had too many queued up to use myself.
The beauty of this all is that I automated the whole thing. And I mean 100% of it. I wrote code that finds these pictures or videos, makes a caption, adds hashtags, credits where the picture or video comes from, weeds out bad or spammy posts, posts them, follows and unfollows users, likes pictures, monitors my inbox, and most importantly -- both direct messages and emails restaurants about a potential promotion. Since its inception, I haven't even really logged into the account. I spend zero time on it. It's essentially a robot that operates like a human, but the average viewer can't tell the difference. And as the programmer, I get to sit back and admire its (and my) work.
Little more than three years ago, Elsevier, one of the world’s largest academic publishers, took Sci-Hub to court.
It was a mismatched battle from the start. With a net income of more than $2.4 billion per year, the publisher could fund a proper case, while its nemesis relied on donations.
Elsevier won the case, including millions of dollars in damages. However, the site remained online and grew bigger. Ironically, the academic publisher itself appears to be one of the main drivers of this growth.
In recent years there has been a major push in academic circles to move to Open Access publishing. Instead of locking academic publications behind paywalls, they should be freely available to researchers around the world as well as the public at large, the argument goes.
There has been some progress on this front, but it’s been slow. Meanwhile, Elsevier and other publishers continue to sell expensive subscriptions to universities. So expensive, that many institutions can’t afford them.
This means that their researchers run into paywalls, so they can’t do their work properly. It’s an absurd situation for the academic world, which is built on the premise that researchers build upon the work of others.
In an attempt to force a breakthrough, the University of California (UC), which includes ten campuses, requested that all its research be made available to the public from Elsevier without cost. This was possible, but only if UC’s authors paid extra publishing fees.
This was not an option for UC, which already had to pay a multi-million dollar subscription, so it cut its ties with Elsevier. The university notes that it doesn’t want to pay the rapidly escalating costs when its own work isn’t freely available.
This isn’t a problem that’s limited to UC, many other institutions can’t or are not willing to pay millions in subscription fees. This has reached a point where it’s pretty much impossible, even for wealthy universities, to access all academic knowledge.
“Make no mistake: The prices of scientific journals now are so high that not a single university in the U.S. — not the University of California, not Harvard, no institution — can afford to subscribe to them all,” says Jeffrey MacKie-Mason, university librarian and economics professor at UC Berkeley.
“Publishing our scholarship behind a paywall deprives people of the access to and benefits of publicly funded research. That is terrible for society,” MacKie-Mason adds.
This issue is not new and Elsevier is not the only publisher to demand high subscription fees. As the largest academic publisher, however, the effects of canceled subscriptions are felt most at Elsevier.
Several universities from Germany, Hungary, and Sweden previously let their Elsevier subscriptions expire, which means that tens of thousands of researchers don’t have access to research that is critical to their work.
This is where Sci-Hub comes into play.
The “Pirate Bay of Science” might just quietly play a major role in this conflict. Would the universities cancel their subscriptions so easily if their researchers couldn’t use Sci-Hub to get free copies?
Without access to critical research, their employees can’t function properly, so this ‘pirate’ backup comes in handy for sure.
Sci-Hub founder Alexandra Elbakyan has always been forthcoming about her goals. Sci-Hub wants to remove all barriers in the way of science. She also made that crystal clear when we interviewed her back in 2015.
“Everyone should have access to knowledge regardless of their income or affiliation. And that’s absolutely legal. Also, the idea that knowledge can be a private property of some commercial company sounds absolutely weird to me,” she said at the time.
While Sci-Hub may not be a permanent solution, its existence definitely pays a major role as a bargaining chip in a changing academic publishing world. While it’s early days, Sci-Hub certainly helped to make the paywalls crumble.
A quick look at some traffic stats shows that the site’s visitors continue to grow at a rapid rate, and with UC’s most recent decision to cancel its Elsevier subscription, this trend is likely to continue.
Honderden websites schenden ongevraagd je privacy, meldde de NOS eerder vandaag. Maar welke sites maken zich daar precies schuldig aan? Hieronder zetten we het op een rij.
Omdat de lijst anders te lang zou zijn, tonen we alleen websites die ten tijde van het onderzoek twee of meer tracking cookies plaatsten, bestandjes die je internetgedrag volgen.
Het onderzoek stamt uit halverwege februari; het kan zijn dat websites inmiddels maatregelen hebben genomen of dat de situatie om andere redenen is gewijzigd.
Onder de websites die ongevraagd tracking cookies plaatsten, zijn ook twee politieke partijen, namelijk PvdA en Forum voor Democratie. De PvdA heeft inmiddels actie ondernomen; volgens de partij ging het om een fout en werd de tracking cookie niet daadwerkelijk gebruikt. Forum voor Democratie was niet bereikbaar voor commentaar.
Zorgverzekeraar CZ bevestigt tracking cookies te hebben geplaatst, maar zegt dat dit is gebeurd zonder dat het bedrijf het wist.
Een van de websites die de meeste tracking cookies plaatsten, is die van RTV Rijnmond. Dat ging om een fout, die inmiddels is rechtgezet, laat de omroep weten. Uit een analyse van de tracking cookies die zijn geplaatst, blijkt dat de cookies afkomstig zijn uit de Verenigde Staten tot China. Ook bezoekers van Linda en Lindanieuws worden blootgesteld aan cookies uit verschillende landen: van Maleisië en Japan tot Polen en Rusland.
Een deel van de websites, zoals Nu.nl en Startpagina, opereert in een grijs gebied en plaatst tracking cookies als je de cookiemelding negeert. Het idee: als je de website blijft gebruiken, ben je blijkbaar akkoord. Maar juristen plaatsen daar kanttekeningen bij. Uiteindelijk zal de rechter zich moeten uitspreken over de vraag of deze praktijk door de beugel kan.
Enlarge / Cinnamon 4.0's new look in Linux Mint 19.1 (credit: Scott Gilbertson)
While Ubuntu and Red Hat grabbed most of the Linux headlines last year, Linux Mint, once the darling of the tech press, had a relatively quiet year. Perhaps that's understandable with IBM buying Red Hat and Canonical moving back to the GNOME desktop. For the most part Linux Mint and its developers seemed to keep their heads down, working away while others enjoyed the limelight. Still, the Linux Mint team did churn out version 19, which brought the distro up to the Ubuntu 18.04 base.
While the new release may not have garnered mass attention, and probably isn't anyone's top pick for "the cloud," Linux Mint nevertheless remains the distro I see most frequently in the real world. When I watch a Linux tutorial or screen cast on YouTube, odds are I'll see the Linux Mint logo in the toolbar. When I see someone using Linux at the coffee shop, it usually turns out to be Linux Mint. When I ask fellow Linux users which distro they use, the main answers are Ubuntu... and Linux Mint. All of that is anecdotal, but it still points to a simple truth. For a distro that has seen little press lately, Linux Mint manages to remain popular with users.
There's a good reason for that popularity: Linux Mint just works. It isn't "changing the desktop computer paradigm," or "innovating" in "groundbreaking" ways. The team behind Mint is just building a desktop operating system that looks and functions a lot like every other desktop operating system you've used, which is to say you'll be immediately comfortable and stop thinking about your desktop and start using it to do actual work.
Someone is flying a drone over Gatwick Airport in order to disrupt service:
Chris Woodroofe, Gatwick's chief operating officer, said on Thursday afternoon there had been another drone sighting which meant it was impossible to say when the airport would reopen.
He told BBC News: "There are 110,000 passengers due to fly today, and the vast majority of those will see cancellations and disruption. We have had within the last hour another drone sighting so at this stage we are not open and I cannot tell you what time we will open.
"It was on the airport, seen by the police and corroborated. So having seen that drone that close to the runway it was unsafe to reopen."
The economics of this kind of thing isn't in our favor. A drone is cheap. Closing an airport for a day is very expensive.
I don't think we're going to solve this by jammers, or GPS-enabled drones that won't fly over restricted areas. I've seen some technologies that will safely disable drones in flight, but I'm not optimistic about those in the near term. The best defense is probably punitive penalties for anyone doing something like this -- enough to discourage others.
There are a lot of similar security situations, in which the cost to attack is vastly cheaper than 1) the damage caused by the attack, and 2) the cost to defend. I have long believed that this sort of thing represents an existential threat to our society.
EDITED TO ADD (12/23): The airport has deployed some ant-drone technology and reopened.
A recent article in the Atlantic asks why we haven't seen a"cyber 9/11" in the past fifteen or so years. (I, too, remember the increasingly frantic and fearful warnings of a "cyber Peal Harbor," "cyber Katrina" -- when that was a thing -- or "cyber 9/11." I madefun of those warnings back then.) The author's answer:
Three main barriers are likely preventing this. For one, cyberattacks can lack the kind of drama and immediate physical carnage that terrorists seek. Identifying the specific perpetrator of a cyberattack can also be difficult, meaning terrorists might have trouble reaping the propaganda benefits of clear attribution. Finally, and most simply, it's possible that they just can't pull it off.
I think there are lots of warning from so-called "experts" who aren't qualified to make such warnings, that the press errs on the side of giving such warnings credibility instead of challenging them.
I think mostly the reason why cyberterrorism doesn't happen is that which motivates violent people is different than what which motivates technical people, pulling apart the groups who would want to commit cyberterrorism from those who can.
These are all good reasons, but I think both authors missed the most important one: there simply aren't a lot of terrorists out there. Let's ask the question more generally: why hasn't there been another 9/11 since 2001? I also remember dire predictions that large-scale terrorism was the new normal, and that we would see 9/11-scale attacks regularly. But since then, nothing. We could credit the fantastic counterterrorism work of the US and other countries, but a more reasonable explanation is that there are very few terrorists and even fewer organized ones. Our fear of terrorism is far greater than the actual risk.
This isn't to say that cyberterrorism can never happen. Of course it will, sooner or later. But I don't foresee it becoming a preferred terrorism method anytime soon. Graham again:
In the end, if your goal is to cause major power blackouts, your best bet is to bomb power lines and distribution centers, rather than hack them.
Since Donald Trump’s rise in 2015, calling his presidency Orwellian has been a kind of shibboleth among critics. After Trump’s first week in January 2017, Adam Gopnikwrote in the New Yorker, “re-reading Orwell, one is reminded of what Orwell got right about this kind of brute authoritarianism.” That same month, when Trump adviser Kellyanne Conway defended the administration’s “alternative facts,” Washington Post media columnist Margaret Sullivan wrote that “we’ve gone full Orwell.” Shortly afterward, sales of 1984surged.
But in one important respect, these commentators are missing something important. When it comes to language, Trump isn’t the kind of person Orwell was worried about. In fact the plain-speaking president represents something closer to Orwell’s imagined solution to a problem that consumed him, the use of public language to hide meaning. If you look at how Trump talks — and the similar rhetoric in Britain around Brexit, and the broader populist wind across Europe — it is proof that Orwell got some big things wrong when it comes to language’s ability to protect us from politicians who would rather have us not know the truth.
If Orwell as a political thinker is known for one thing besides “Big Brother,” it’s his celebrated 1946 essay “Politics and the English Language,” in which he complained of leaders using language not to communicate, but to hide their intentions. “A mass of Latin words falls upon the facts like soft snow,” he wrote, “blurring the outline and covering up all the details…. When there is a gap between one’s real and one’s declared aims, one turns as it were instinctively to long words and exhausted idioms, like a cuttlefish spurting out ink.”
Orwell was confident that simple language itself would be a defense against much of what was wrong with politics. Clarity would make it near impossible for leaders to say stupid and dishonest things, or to fall into lock-step dogma, without realizing that they were doing so — and without exposing the speaker as a fraud or a villain. As he wrote in “Politics and the English Language”: “If you simplify your English, you are freed from the worst follies of orthodoxy. You cannot speak any of the necessary dialects, and when you make a stupid remark its stupidity will be obvious, even to yourself.” His famous six rules for writers, which close the essay, are instructions on how to strip one’s words of such clutter.
Orwell had witnessed the rise of the two great murderous -isms in Europe, fascism and communism. Both turned their violence on their own people with a ferocity that could not be put in plain language. As Orwell put it, a defender of Stalin’s purges can’t just come out and say “I believe in killing off your opponents when you can get good results by doing so.” The same might be said for Hitler’s verschärfte Vernehmung and Endlösung, “sharpened interrogation” and “final solution,” which in plain language are torture and mass murder.
Since Orwell, it has become a common complaint among pundits and commentators that overblown or confusing language stacks the deck against ordinary citizens who just want to know what their government is up to. His notion that plain language will make awful politics unbearable is simple and appealing — and largely wrong. Remember that for people to recognize a falsehood, they need to know the truth. Orwell assumes that once deception is stripped away, the truth will be plain. But populism, or at least the brand of populism represented by Trump and Brexit,proves that Orwell was wrong.
The year 2016 rocked Western politics. First, in June, Britain voted for Brexit: to leave the European Union, against the advice of the overwhelming majority of politicians, economists, academics, business leaders and elite journalists. Then, in November, America rejected a former secretary of state and senator, Hillary Clinton, for a political novice and a billionaire with a habit of saying appalling things, Donald Trump. In both cases, the experts misread the sentiment of a part of their country far away from the big cities where journalists tend to live and work.
And in both cases, those angry voters, ready to vote for change of almost any kind, were seduced not by “cuttlefish squirting out ink,” but by politicians making it perfectly clear what they wanted and how they planned to get it. Without making a statement on whether these voting choices were right or wrong, both Brexit and Trump ran campaigns filled with lies — lies in simple, bold language. When they lied, the lies were often perfectly clear to anyone who cared to learn the least bit about the facts. But either the lies were not recognized as such, or voters didn’t care.
First take Brexit. Its master slogan was simple: “Let’s take back control.” Brussels, the metonym for the European Union, was an undemocratic weight on Britain’s ancient freedoms, its democracy and the “Mother of All Parliaments,” the legislature at Westminster. Brexit’s
proponents toured the country in a bus that featured the slogan “We send the EU £350m a week. Let’s fund the NHS [UK National Health Service] instead. Vote Leave.” The £350m figure was fake; it was a net number that didn’t take into account the money Britain got back from the EU. And no one on the Leave side had any serious interest in putting any big extra sums — much less £350m a week — into the health service. But when supporters of staying in the EU pointed this out, they were dismissed as “elites” with no standing to talk about what the real British people — sick of elites — wanted. There was absolutely nothing wrong with the language on the side of the bus, which obeys all of Orwell’s rules. The problem was voters’ grasp of the facts, or their disregard for them.
The polite faces of the Leave campaign were Boris Johnson, who had just been the Conservative mayor of London, and Michael Gove, the former justice and education secretary. But its real powerhouse was Nigel Farage, the leader of the United Kingdom Independence Party.
Mainstream politicians dismissed Farage as a buffoon — it is hard to find a politician more often photographed with a pint of beer and a cigarette in his hands. But that was part of his appeal. And so was his language — as different from that of a polished politician as they come.
In a typical speech, he said:
So who are we? Who is the typical UKIP voter? I’ll tell you something about the typical UKIP voter — the typical UKIP voter doesn’t exist. When I look at the audiences in those theaters there is a range of British society from all parts of the spectrum. Workers, employers, self-employed. Big businessmen, corner shop owners. Well off, comfortably off, struggling. Young as well as old. Not ideologues. Some left, some right, mostly in the middle. Some activists, some haven’t voted for twenty years. One thing many have in common: they are fed up to the back teeth with the cardboard cut-out careerists in Westminster. The spot-the-difference politicians. Desperate to fight the middle ground, but can’t even find it. Focus groupies. The triangulators. The dog whistlers. The politicians who daren’t say what they really mean. And that’s why UKIP attracts this eclectic support. Because when we believe something — we don’t go “are you thinking what we’re thinking?” We say it out loud.
There are a few clichés in there (“fed up to the back teeth,” “cardboard cut-out”). But by and large, this too is a text that follows Orwell’s rules. It even reads a bit like Orwell: Its sentences are short, as are all of the words; about the fanciest words are “spectrum,” “eclectic” and “ideologue.” And he ends with a macho declaration about political language itself, in the plainest possible English: “we say it out loud.”
What he wanted was perfectly clear, too. In the Brexit of his dreams, as Farage said in the same speech:
We get our money back. We get our borders back. We get our Parliament back. We get our fisheries back. We get our own seat on the bodies that actually run the world. We get back the ability to strike free-trade deals.
“Elites” could cavil at the facts implied here. But the pounding, repetitive phrasing was perfectly clear and punishingly effective. Whatever the causes of the narrow victory for Brexit, obfuscating language was not it.
That same summer, Donald Trump was shifting into general-election mode in the United States, having wrapped up the Republican nomination for president. He had swept away more than a dozen Republican rivals who had tried to belittle him as a newcomer out of his depth. Something about his campaign generated an energy among his voters that none of his rivals could match. And much of it had to do with his speech. He loved to rib Jeb Bush, a former governor of Florida who had raised huge sums for his campaign, as “low energy.” And he was; Bush seemed an owlish, slightly tired professor next to the shouting, staccato Trump.
Trump’s style was successful precisely for being anything but that of a seasoned politician giving an elegant speech. He spoke almost entirely off the cuff:
Look, having nuclear — my uncle was a great professor and scientist and engineer, Dr. John Trump at MIT; good genes, very good genes, OK, very smart, the Wharton School of Finance, very good, very smart. You know, if you’re a conservative Republican, if I were a liberal, if, like, OK, if I ran as a liberal Democrat, they would say I’m one of the smartest people anywhere in the world. It’s true! But when you’re a conservative Republican they try — oh, do they do a number — that’s why I always start off: Went to Wharton, was a good student, went there, went there, did this, built a fortune. You know I have to give my like credentials all the time, because we’re a little disadvantaged. But you look at the nuclear deal, the thing that really bothers me — it would have been so easy, and it’s not as important as these lives are. Nuclear is powerful; my uncle explained that to me many, many years ago, the power, and that was 35 years ago. He would explain the power of what’s going to happen and he was right — who would have thought? But when you look at what’s going on with the four prisoners — now it used to be three, now it’s four — but when it was three and even now, I would have said it’s all in the messenger, fellas. And it is fellas because, you know, they don’t, they haven’t figured that the women are smarter right now than the men, so, you know, it’s gonna take them about another 150 years. But the Persians are great negotiators. The Iranians are great negotiators. So, and they, they just killed, they just killed us.
Unedited transcripts like this rocketed around the internet, forwarded by voters alarmed that anyone could consider voting for a man who produced such a stream of non-sequiturs, the rhetorical equivalent of a bunch of beer cans, potato-chip bags and the odd shiny pool of oil floating down a filthy river. But the effect of passing these excerpts around was not what the people sharing them hoped. The chief result was to blind Trump’s opponents to how effective he was.
Real speech is full of starts and stops, non-sequiturs, ellipses and so on. For example, examine this linguistic 12-car pile-up.
We need to have a much more intentional explicit plan for NATO to engage with African countries and regional organizations, uh, not because the United States is not prepared to invest in security efforts in Africa, but rather to ensure that, uh, we are not perceived as trying to uh, dominate the continent. Rather we wanna make sure that we’re prep-, uh, seen as, uh, a reliable partner, and there are some advantages to some European countries with historical ties, uh, being engaged, uh, in uh, and uh, in ha-, in, taking advantage of relationships. The francophile countries obviously is gonna to be able to do certain things better than we can, uh, and, uh, you know, one of, one of the, uh, things we, we wanna make sure of, though is that, uh, when, when the average African thinks about US, uh, engagement in Africa, I don’t want them to think our only interest is avoiding terrorists from spilling out into, uh, the world stage.
It’s an embarrassing mess: “francophile” substituted for “francophone,” subjects and verbs not matching up, sentences not ending properly, and one “uh” after the other. The speaker is Barack Obama. He was talking to the editor and the foreign editor of The Economist on Air Force One in 2014.
For those passing around similar, unedited transcripts of Trump, the joke was on them. While he could maunder on and get off topic quite frequently, the unscripted and personal way he said nearly everything he said was mesmerizing to many voters who had never heard a politician talk like this.
And these populists were not only successful with their style; they were clear about content, in blunt language meant to shock the audiences into thinking “I’ve never heard anyone say these things.” Farage was explicit, saying that UKIP would not be cowed by taboo: “We say it out loud.”
Trump did the same, hardly hiding his plans. “We are going to build a wall and Mexico is going to pay for it.” “I would immediately start renegotiating our trade deals with Mexico, China, Japan and all of these countries that are just absolutely destroying us.” “I will get rid of gun-free zones on schools and … on military bases.” “We’re going to get Apple to start building their damn computers and things in this country instead of in other countries.”
Say what you like, but Orwell’s heavy snowfall of obscuring language is nowhere to be seen.
Since Orwell’s death, the nature of political speech has changed. In the 1940s, politicians still strove for an elevated register when they spoke in public. Beginning in the 1960s, they began aiming to look more authentic, of the people. On the Democratic side, young voters rejected their elders and tradition, while on the Republican side, Nixon turned the “silent majority” against intellectuals and the cultural elite. In both cases, the result was politicians aiming for a style that was immediate and real rather than polished and perfect. They didn’t go all the way — whether Obama or Bush, most aimed to keep some kind of dignity in their words. But demotic was in, and Demosthenes was out. By Trump, this trend had reached a peak: It was all emotion and plain words, with no hint of aiming for dignity or what used to be called “rhetoric” in the good sense.
Yet despite what Orwell might have hoped, this plain speech did nothing to stop Trump. It may indeed have been his biggest weapon. If he lied, voters either didn’t know, or they gave him a pass. And if he promised something unconscionable, like torturing terrorism suspects — “I’d bring back a hell of a lot worse than waterboarding” — many people either gave him a pass on that, too, or they actively thought it was a great idea. When people want bad things, the man who promises them those things in the plainest possible language is going to win. And beyond those who want bad things, many voters really are ill-informed. So it goes in a big and diverse society in which most people’s job is not politics.
As Trump and Brexit show, the weight of fixing a broken politics can’t fall on language alone. People need facts and arguments to make their case, not just plain talk. A democracy cannot be better than its voters. There is no easy way — linguistic or otherwise — around the hard slog of educating them to make good decisions.
In this paper, we argue that the United States currently lacks a comprehensive overarching strategic approach to identify, stop and punish cyberattackers. We show that:
There is a burgeoning cybercrime wave: A rising and often unseen crime wave is mushrooming in America. There are approximately 300,000 reported malicious cyber incidents per year, including up to 194,000 that could credibly be called individual or system-wide breaches or attempted breaches. This is likely a vast undercount since many victims don't report break-ins to begin with. Attacks cost the US economy anywhere from $57 billion to $109 billion annually and these costs are increasing.
There is a stunning cyber enforcement gap: Our analysis of publicly available data shows that cybercriminals can operate with near impunity compared to their real-world counterparts. We estimate that cyber enforcement efforts are so scattered that less than 1% of malicious cyber incidents see an enforcement action taken against the attackers.
There is no comprehensive US cyber enforcement strategy aimed at the human attacker: Despite the recent release of a National Cyber Strategy, the United States still lacks a comprehensive strategic approach to how it identifies, pursues, and punishes malicious human cyberattackers and the organizations and countries often behind them. We believe that the United States is as far from this human attacker strategy as the nation was toward a strategic approach to countering terrorism in the weeks and months before 9/11.
In order to close the cyber enforcement gap, we argue for a comprehensive enforcement strategy that makes a fundamental rebalance in US cybersecurity policies: from a heavy focus on building better cyber defenses against intrusion to also waging a more robust effort at going after human attackers. We call for ten US policy actions that could form the contours of a comprehensive enforcement strategy to better identify, pursue and bring to justice malicious cyber actors that include building up law enforcement, enhancing diplomatic efforts, and developing a measurable strategic plan to do so.
As mobile phone masts went up across the world's jungles, savannas and mountains, so did poaching. Wildlife crime syndicates can not only coordinate better but can mine growing public data sets, often of geotagged images. Privacy matters for tigers, for snow leopards, for elephants and rhinos and even for tortoises and sharks. Animal data protection laws, where they exist at all, are oblivious to these new threats, and no-one seems to have started to think seriously about information security.
Abstract: Nowadays, cookies are the most prominent mechanism to identify and authenticate users on the Internet. Although protected by the Same Origin Policy, popular browsers include cookies in all requests, even when these are cross-site. Unfortunately, these third-party cookies enable both cross-site attacks and third-party tracking. As a response to these nefarious consequences, various countermeasures have been developed in the form of browser extensions or even protection mechanisms that are built directly into the browser.
In this paper, we evaluate the effectiveness of these defense mechanisms by leveraging a framework that automatically evaluates the enforcement of the policies imposed to third-party requests. By applying our framework, which generates a comprehensive set of test cases covering various web mechanisms, we identify several flaws in the policy implementations of the 7 browsers and 46 browser extensions that were evaluated. We find that even built-in protection mechanisms can be circumvented by multiple novel techniques we discover. Based on these results, we argue that our proposed framework is a much-needed tool to detect bypasses and evaluate solutions to the exposed leaks. Finally, we analyze the origin of the identified bypass techniques, and find that these are due to a variety of implementation, configuration and design flaws.
The researchers discovered many new tracking techniques that work despite all existing anonymous browsing tools. These have not yet been seen in the wild, but that will change soon.
The IAEA has launched a comprehensive, online interactive and integrated digital map of the world’s uranium distribution and deposits. This second edition of World Distribution of Uranium Deposits was developed with contributions from the Saskatchewan Geological Survey, the Geological Survey of South Australia and the United States Geological Survey.
The first big new feature in WPA3 is protection against offline, password-guessing attacks. This is where an attacker captures data from your Wi-Fi stream, brings it back to a private computer, and guesses passwords over and over again until they find a match. With WPA3, attackers are only supposed to be able to make a single guess against that offline data before it becomes useless; they'll instead have to interact with the live Wi-Fi device every time they want to make a guess. (And that's harder since they need to be physically present, and devices can be set up to protect against repeat guesses.)
WPA3's other major addition, as highlighted by the Alliance, is forward secrecy. This is a privacy feature that prevents older data from being compromised by a later attack. So if an attacker captures an encrypted Wi-Fi transmission, then cracks the password, they still won't be able to read the older data -- they'd only be able to see new information currently flowing over the network.
Note that we're just getting the new standard this week. Actual devices that implement the standard are still months away.
Without overlooking the risks of using social networks in adolescence, a study analyzes little known information about cybergossiping among high school students.
Little more than three years ago, Elsevier, one of the world’s largest academic publishers, took Sci-Hub to court.
