Rubénerd!

Eager to capitalise on the concerns we share regarding Google's decision to "officially" drop Do No Evil, Frank X. Shaw from Microsoft has responded with a posting on the TechNet blog. Seriously!

I had an MSDN subscription in high school

During the last week or so, there has been a fair amount of discussion about how Google is making some unpopular changes to some of its most popular products. You can see some of the concerns and worries about lack of choice and so on in these links.

I no longer link to Gawker or Murdoch publications on principle; but otherwise that was the introduction. You have my attention Mr Shaw!

When we read the coverage last week, it was clear people were honestly wrestling with the choices that had been made for them and were looking for options or alternatives.

This is definitely true. I can only speak from my elitist circle of snobby tech nerds on Twitter and newsgroups, but the number of threads and tweets concerning Google alternatives has been exploding of late. There's even evidence average folk are paying a little more attention; I've overheard several conversations in coffee shops and trains saying their "tech friends" or "smart people" have told them to look elsewhere.

But enough about my thoughts, lets wrap up Mr Shaw's comments.

The changes Google announced make it harder, not easier, for people to stay in control of their own information.

That's it in a nutshell. Mmm, nuts.

Now for our alternatives

From then on, Mr Shaw goes on about how we should be using Hotmail, Bing, Office 365 and Internet Explorer, and how Microsoft wants "to give [us] control over [our] data". A little ironic given they were once the poster child for vendor lock-in, and that Office still has sketchy support for their own ISO standards. It also doesn't help that I can't try IE because I'm not on Windows on my production machines ;).

Still, under the IE subheading Shaw points out something:

The world’s most popular browser, now with Tracking Protection, offering controls over your privacy as you browse.

Previously their "implementation" of tracking protection seemed needlessly different given the world had standardised on DNT headers, but according to Microsoft they've included this starting with IE9. I would still advice people not to use it, but nice to know those who have no choice have this feature.

And to help remind people of these alternatives, we’re placing a series of ads in some major newspapers this week.

Them fighting words. I expect there's going to be a heated debate in Google PR over this, in which case I find myself thanking Microsoft. It hasn't been the first time lately; I praised their progressive stance on same sex marriage, and gave kudus to the Windows Phone team for developing their own UI rather than just robotically copying the iPhone, if you will.

Hell is freezing over, I tell you! Well, kinda.

Suzanne Tindal writing for ZDNet.com.au:

The Australian and Music Feeds this morning flagged a spreadsheet, containing around 1500 BigPond email addresses, postal addresses and telephone numbers, that was freely accessible online. [.. Telstra] believed that the spreadsheet had been created by a consultant to use in training, and not for a malicious purpose.

It's often the case privacy and security breaches occur as a result of unwitting users, rather than someone malicious on the outside. In any event, at least they didn't display cleartext passwords again, right?

Detailed information about Telstra's customer accounts - including usernames and passwords - has been found to be sitting on the open web for anyone to access via a Google search. ~ Sydney Morning Herald

Inexcusable. No database should be storing passwords as plaintext. If people forget their passwords, they should be reset.

No doubt we'll read a press release saying they've learned a lot from their mistake, and have changed their system. Here's hoping they do learn from it, and implement some basic security protocols. They can start by ditching their revised coloured logos and going back to their retro orange one. It looks more serious, and classy.

Speak of the devil, security research firm Sophos performed a study on fifty USB keys they purchansed from a New South Wales RailCorp lost property auction. Personally, I didn't find the results too shocking.

(Starting in 2009 I got into the habit of always taking tech hardware photos with Yuki in them. This time I tried to use really harsh light to make her look sinister, did it work?)

Report rhymes with... port. That was inspired.

From the report on Sophos Naked Security, a must read blog that you must read.

Lost USB keys have 66% chance of malware
by Paul Ducklin on December 7, 2011

We ended up with Lots 671, 672 and 674: bags containing a motley assortment of 20, 21 and 16 keys respectively. For this rag-tag collection of 57 USB sticks, we paid $409.96 once the auctioneer's 16.5% fee was added in. We could have bought brand-new for slightly less than half that price.

The data on drives are more valuable than the drives themselves now. Not surprising.

Five of the keys were broken, including the two novelty items in the set (a car and a Lego-like block). Two of the rest were unreliable, so we excluded them, although one gave up just enough data to reveal an Autorun worm but little else.

That left a conveniently-round number of 50 devices in the test.

The study revealed that two-thirds were infected with malware, and quickly uncovered information about many of the former owners of the devices, their family, friends and colleagues.

Disturbingly, none of the owners had used any sort of encryption to secure their files against unauthorised snoopers.

In perhaps a socioligically optimistic way, the Sophos team in Sydney were "surprised" at the prevelence of malware. To be honest, I would have been more surprised if fewer of the memory keys contained malware.

Professor Mal Ware of some dodgy uni thing

As I've reiterated here many times, Windows itself can be a usable operating system provided it's thoroughly patched and well maintained. Unfortunately, for most people the chore of doing so is simply still too great, and those who think otherwise are kidding themselves. Nerds are not typical users.

These findings can also be seen as further proof that despite the increased prevalence of network attacks, sneakernet infections are still alive and well. I can still remember the first time I brought home an infected floppy disk from school and our McAfee AntiVirus for Windows 95 had a fit. Chernobyl W32, I'm looking at you. Hey, that rhymed.

Pointless nostalgia aside though, the prevelence of these worms on memory keys only adds further evidence for their effectiveness as an attack vector. Stuxnet is but one contemporary example of malware using this system, which conveniently avoids firewalls and other such network intrusion detection.

He would be Professor Person Aldata

As for the personal data they contain, it's also no surprise to me people are so cavalier, and don't use encryption of any sort. I use TrueCrypt and/or GnuPG on my memory keys and external hard drives I intend to use for anything other than media transfer (ahem), but again I'm not a typical use case, and assuming you're reading my blog, you're probably not either.

Either everyone becomes more adept at understanding the need for encryption and how to use it, or people stop losing things, or encryption software becomes easier/more transparent for users. I can predict which of the three already is more feasible, but will it happen?

Finally, it appears we can also draw some other conclusions. Those who take public transport in New South Wales — trains in particular — lose infested memory keys on a regular basis. Is it the fact they take train that's the cause of them having malware on their memory keys? I report, you decide!

If you'll be travelling through Malaysia, what can you be expecting over the coming months for security theatre and whatnot?

(Screenshot is from my FreeBSD MacBook Pro when I was using it with the airport's WiFi. It was January 2007 and I was obsessed with the Haruhi Suzumiya anime, as I'm sure many of us were!)

So here's the problem

We start our flight on SpringWise, the blog for entrepreneural ideas. As George W. Bush said, its a shame the French don't have a word for those types of people

Travelers around the world are familiar with the delays caused by airport immigration checks, and Kuala Lumpur International Airport’s Low-Cost Carrier Terminal (LCCT) is no exception, with wait times of over 45 minutes long during peak periods.

The understatement of the Millennium, so much so I think Robbie Williams even sang a song about it. The few times I flew ValueAir and AirAsia when we lived in KL and I'd visit folks in Singapore, I had to use the terminal. Aside from almost missing a flight because it's nigh impossible to find the transit bus you need to take from KLIA, I remember one time sitting in that massive departure hall for an hour and a half.

So here's the solution

Anyway, how will you be solving this? Let's proceed to The Star, the English rag I used to read over there that managed to have a picture of Pak Lah on the front page of every single issue.

KUALA LUMPUR: The Immigration department will introduce on-board checks in planes to ease the passenger load at the counters at the Low-Cost Carrier Terminal (LCCT) in Sepang, especially during peak travel seasons.

On-board cheques? Where can I get some of these? :D

The on-board biometric checks claimed by the department to be the first of its kind in the world is one of its long term measures to improve operations at the LCCT.

Uh oh, we've experienced a sudden loss of cabin pressure and have to make an emergency landing.

I assume my biometric data will be kept on an ultra secure medium that could never leak out, right? Because that's the problem with biometrics, I can't change the password on my finger. Funny how often people forget that.

Will be keeping an eye on this. I'd very much like to avoid the low cost terminal there at all costs, but one can assume once the government has declared the trial a raging success they'll introduce it across all flights arriving and leaving the country. Selamat Datang ke Creepyness!

Now that Australia is the 51st state of the United States, I'll be expecting my American Amazon account to become active any day now. I'm proud of this post!

The Obama

Firstly, after many aborted attempts to visit us in the land where things are upside down, where kangaroos are the primary form of transport, and where steep Alpine slopes take tourists down a breathtaking ski run to a Germanic cabin where hot chocolate is served, President Barack Obama visited Australia. To minimise the disruption for commuters, he eschewed (gesundheit) the more populated areas in favour of vising the the new regional Amercian capital of Australia in Darwin, and the former one in Canberra.

Speaking in the newly constructed Capitol building in Darwin where a large military base is being assembled, details of the scope of the new occupation force began to emerge. From SBS World News:

Referring to joint plans to base 250 US marines in the Top End next year, rising to 2500 in five years, he said Darwin would write the next chapter in the "proud history of our alliance".

Marines were chosen over other military personnel for the occupation force, to prevent waves of Australian refugees from fleeing on small boats to Indonesia.

The PRC

Confusingly, while the United States takes on the roll of administering Australia from the largely ineffective minority government led by Alan Jones, China remains the primary supplier of Australian economic aid which has helped former politicians including John Howard and Peter Costello to claim successes for their policies.

Speaking at a conference in Bali to escape the heat in the ACT, Julia Gillard assured the Chinese government that the new administrators weren't a threat to Chinese hegemony, and downplayed the words of the new President. From SBS World News:

"We have in Australia made an announcement with president Obama about the rotational deployment of marines into the Northern Territory for the purpose of exercising [because they're were getting fat], that having the US engaged in our region is a force for stability, that having those marines training alongside the ADF in Australia enables us to have a strengthened capacity to respond to regional contingencies including things like natural disasters.

While also taking a swipe at the Singapore government's treatment of Australia as a dumping ground for helicopters, Gillard took the opportunity to provide some much needed perspective.

[..] during the last Australian summer of flood and bushfires, Singapore offered use of helicopters to assist in relief operations. That was possible because Singapore has military helicopters on Australian territory for long-term training.

The Convenience

Meanwhile, back on Australian American soil, ZDNet Australia reported on how the annexation of Australia would have long term security benefits.

As part of US President Barack Obama's visit to Australia, a raft of new accords have been agreed upon to strengthen the national security of the two nations, [..]

Not "theoretically" strengthen, or "allegedly", but straight out strengthen. Certainty is critical in these matters.

[..] including a memorandum that will see US law enforcement agencies score access to the names, aliases, DNA and fingerprint information of suspected criminals and terrorists.

Following in the footsteps of draconian global copyright treaties that would see suspected file sharers have their internet revoked, in this scenario merely being a suspect without conviction would be enough to have your personal details sent to the United States.

While drastically securing everything because they say so, this would allow travelers who have never even been to the US to have their personal information transported there and stored. From a convenience perspective, its a win-win. I'm sure Bruce Schneier would wholeheartedly agree, if someone stuck a gun in his back, or something.

Conclusions

Now that the United States is administering Australia, I am looking foward to having their laws implemented here, which will facilitate me opening Amazon and Apple Store accounts without the messy overseas cards I'm currently using.

Peter Fleischer on the Official Google Blog on Monday:

We're introducing a method that lets you opt out of having your wireless access point included in the Google Location Server. To opt out, visit your access point’s settings and change the wireless network name (or SSID) so that it ends with "_nomap." For example, if your SSID is "Network," you‘d need to change it to "Network_nomap."

This has got to be a hoax.

UPDATE: @Sebasu_tan of A Lonely September has brought to my attention a video statement about the issue.

With Facebook and Google, we're the product. Is this a new phenomena, or something that has existed with all advertising sponsored media? No prizes for guessing my POV ;).

POV: @perryodd's vehicle

I had a fascinating conversation with @quietdiscourse this afternoon on Facebook and traditional media. His point, and it was a valid one, was that it was unfair to single out Facebook as a company that sells us (well not me anymore, I don't use Facebook) to advertisers, because everything from newspapers to commercial TV uses this model. He asserted the difference between Facebook and traditional media was one of scale, and that we're more offended by Facebook because of the different kind of information they know about us.

While I agree with all he said, I think there's also more to it.

Oh, do tell

He's right that Facebook knows different information about us, but the big ethical question we face (sorry, bad pun) with Facebook is their pervasiveness, and how they perform their business.

The internet has afforded companies an entirely new generation of behavioural tracking that traditional media outlets like commercial television could only dream of. Companies like Google have mostly been on the ethical side of this, though their refusal to bundle DNT by default in Chrome and DoubleClick relying on us maintaining cookies instead of simply respecting our stated intentions also demonstrates their priorities.

Facebook is another kettle of sheep. Wait, got my metaphors mixed there, that's baaaaaaad.

One need only research the Beacon controversy from a few years ago, to the use of their databases by American border controls and the FBI, to the logged out information tracking scandal playing out now to see the issue is far more problematic than the advertising based business models of their predecessors.

Mmm, disclaimers

As I conceded on The Twitters, I'm a developer who happens to write, I'm not a media expert. Still, while I agree we need context when discussing the issues surrounding Facebook, we also need to keep in mind they're an entirely new class of advertising-sponsored service which requires further scrutiny, and I fear we risk trivialising the new issues Facebook introduces by saying all advertising media has similar issues. It's not just what they know, and the scale of their operations, but how they're getting our data and how they're being disseminated and used.

I've argued against the Federal Government's media enquiry on the basis that all media is biased, and time and resources would be better spent on educating people how to objectively analyse what they read. Perhaps education and transparency are the key here too?

Westfield Group, one of the largest shopping centre operators in the world, has launched a find-my-car iPhone app. The system uses a series of license plate reading cameras dotted throughout their multi-level car parks. Westfield said police could also use it to find stolen or unregistered vehicles. (Hello, slippery slope.)
~ skegg on Slashdot

I take public transport, so people track me with my purchased tickets. In Singapore with proximity stored value cards, this is even easier. As a kid I went all the way out to Jurong East and Pasir Ris just to muddy and confuse their "downtown expat" profile of me. I was a wild, out of control teen ;).

As to this Westfield story, it rubs me the wrong way but I suppose it was only inevitable.

Lobbying exposing ninja Alex Sadleir made a comment on Google+ today demonstrating just how much Google knows about our interests. Curiously, I didn't get anything back.

Approaching the oracle... wait, bad choice of words

From http://www.google.com/ads/preferences/view/ in my Google account, on every machine I've tried it on:

Your categories
You have opted out of Google's interest-based advertising. No interest categories are associated with your browser.

Your cookie
Google stores the following information in a cookie to associate your ads preferences with the browser you are currently using:
id=OPT_OUT

Come again?

Opting out of this stuff sounds like something I'd do, but I don't remember doing it. I'm not sure which of the following reasons caused me to not have any information with them, but throwing them all out there as suggestions.

• Had DNT enabled in NoScript, then later in Firefox mainline
• Used TACO and Beef Taco for years
• Disabled personalised search when it was announced
• "Paused" my web history, whatever that means
• Deleted old messages from Gmail, relegated it to junk mail
• Employ userscripts like this to strip out tracking from links

Finally, it goes without saying that I don't use Google Chrome or Android, though I do use their Google Search app, Google Maps and on occasion YouTube on my iTelephone. Whoops ;).

Most likely these reasons are placebos and are merely evidence of my paranoia; Alex would be the first to point out this doesn't mean Google doesn't know anything about me. One could assume they do gather information, but they just don't make it public.

Either way, I'm impressed that Google at least acknowledges I don't want them following me... as much. Right?