Oct 21

Anonabox – online security, privacy and anonymity

The recent Kickstarter campaign for Anonabox proved to be insanely popular but ultimately unsuccessful after the campaign was suspended by Kickstarter. If you’re unfamiliar with it, it was a small network device that you could plug into an existing network connection and then either use the provided Wi Fi hotspot, or plug in another network cable all traffic routed through the device would go over Tor. The idea behind the device is to make it dead easy for people to use Tor holistically, preventing software from making direct requests to the internet. The other advantage is that it would work without particular applications having to be aware of Tor or configured to use Tor. Just plug it in an go.

I think the intent behind this device is great but there’s a bunch of things people forget and confuse when it comes to online privacy, anonymity and security. I think the danger with a device like this would have been lulling users into a false sense of security, or illusion that they couldn’t be traced / tracked / monitored / discovered / whatever it is they thought they were achieving by using this. This prompted me to think about a bunch of things and following is my brain dump on what some of the differences are between privacy, anonymity and security – why you might want to pursue any or all of these online. This is stuff I’ve been mulling over for months after reading books like Black Code, No Place To Hide and following the details of the Snowden revelations as well as the metadata collection debate currently happening in Australia.

Security

Let’s start with online security. This covers your basic approach to doing things securely on the internet – ensuring you use a password manager to enable strong, unique passwords on each and every site you use; using anti-virus software and personal firewalls; enabling two-factor authentication and using extensions such as HTTPS Everywhere to enforce the usage of https on websites. You make a conscious effort to avoid using insecure websites and applications that do dumb things like email you your password, don’t use https, having stupid password restrictions and so on.

More advanced approaches to security include encrypting communications (instant messaging, text messaging, emails), encrypting files and whole drives (computer, smartphone).

Why do we do these things? We do these things to avoid having our accounts compromised, money stolen, identity revealed (more on this later), personal information leaked – including nude selfies. The consequences of these things ranges from pain in the arse to major impact on our lives.

Privacy

Privacy is about controlling information about yourself – consenting to provide that information understanding how it will be used, your rights regarding deleting that information and how long it is stored for. Clearly a major trend in the last decade is the erosion of our privacy in the online world through constant mishandling of our personal information leading to leaks.

This is not to be confused with scenarios where we opt in to applications to receive a benefit – providing personal information when there is a net benefit in applications like Facebook. These systems work because without opting in and providing your information you won’t be able to establish the connections with your friends. Essentially you get to use this application for free because you’re providing personal information. That the application aggregates all of this personal information and uses it for marketing purposes is something (most of us) are consciously aware of and acknowledge. The benefit we receive is worth it to us.

What complicates privacy are the many different facets of information about ourselves and who we want to reveal them to is very granular.

Anonymity

Anonymity is about the right to pursue your life anonymously without having to provide identifying information. In an online world this means the ability to use pseudonyms and non-identifying information when interacting with applications and other users on the internet.

A disturbing angle relating to anonymity is the practice of having your online habits tracked across multiple sites over a period of time through advertising networks. While we can read and agree to privacy statements of individual sites and receive a pretty obvious benefit in return for providing some information to the Facebooks of the world, it’s less obvious the benefit we get from being tracked. ‘More targeted advertising’ is usually the result, but for most people that’s a pretty dubious benefit. It’s great for business, but not the individual.

Trying to be anonymous on the internet can include trying to opt out or actively block this kind of tracking (if you’re interested, check out Disconnect.Me). Modern browsers have privacy modes that attempt to limit some of this but it’s really only a quick and convenient way of browsing a few sites you don’t want to appear in your local history. They’re not known as porn mode for nothing. These browser modes do nothing to prevent your requests from being monitored by your ISP, tracked by the servers your requesting information from and more.

So what about Anonabox?

Anonabox seemed to be popular because it makes using Tor easier. Tor enables you to cloak details about your web requests. Requests are routed through the Tor network rather than straight out from your ISP. The Tor network is a series of nodes around the internet that bounce requests between them. The idea is that you’re making it harder for people at the remote end to trace back to you, and you’re also disrupting people who may be monitoring your traffic (ISP, government, local Wi Fi snoop).

I think the main demand for this box (in the campaign) has come from people who are aghast at the Snowden revelations and want to stymie mass surveillance of the internet by governments. But I think that’s flawed – in that I don’t think the Anonabox is the panacea it seems.

The accusations against the five eyes governments involve mass surveillance of the internet with the (begrudging?) cooperation of telcos and internet companies who provide these services. Using Anonabox or Tor only scrambles your network traversal. They still have access to your information either straight from the pipe or from the company itself. Furthermore, using a normal browser with Anonabox still means you’re subject to the same advertising based tracking and so you’ve defeated nothing. (To be fair they recommended using the Tor Browser Bundle in conjunction with Anonabox).

Whistleblowers and people who face persecution in their country (for sexual orientation, political or other reasons) are pretty serious about security, privacy and anonymity. In order to keep themselves safe they have probably already researched effective ways to keep their identities hidden. While Anonabox is trying to make this easier, without the proper education of users there is still a risk that they make mistakes that reveal their identity or personal information.

I don’t think there’s a single easy solution to trying achieve anonymity, maintain full privacy and security online. Anonabox looks like a step in the right direction but seems to be at risk of giving people a false sense of security that they are totally anonymous and private on the internet.

Oct 17

Driverless cars

As the technology for driverless cars continues to improve we inevitably approach the point where we want this amazing technology to go mainstream. There will be resistance to allow these cars on our roads on a number of fronts though.

At some point in the future people will die or be seriously injured as a result of a driverless car accident. To think that this will never happen is ridiculous. However this shouldn’t be the first thing we think about. People seem to be afraid of introducing driverless cars because they don’t know who to blame, or hold accountable when this happens.

At the moment we have a system where drivers are licensed and held responsible for their actions. Car owners must register their car and meet regulatory requirements to ensure their car is roadworthy. Car manufacturers are accountable for the quality of the cars they produce in regards to meeting safety standards and legislated requirements. And governments are accountable for the system of road rules and safety standards that cars must meet. Obviously the only thing that changes in the driverless car scenario is the removal of the driver.

A driverless car is still owned and registered by someone – they are the ones who would be accountable for the actions of their car. Manufacturers could provide some kind of surety / guarantee about the quality of their car, and perhaps provide liability insurance or protection on behalf of the owner in an attempt to sell the car and assure them it was safe.

The frustrating thing is that this ‘problem’ which will delay the introduction of driverless cars is a problem of skewed perception. I am confident that the introduction of driverless cars will dramatically reduce the number of deaths and injuries on our roads. We don’t need these cars to be perfect, they only need to be better than the current system of human driven cars.

Currently we measure the number of people who die on Australian roads each year in the hundreds. This is way too high, and doesn’t mention the thousands of people who are seriously injured as a result of road accidents. If the introduction of driverless cars cuts this in half – wouldn’t that be amazing?

 

Oct 15

Why use Dynamics CRM as a platform for xRM development?

For a few years now, COTS based solutions have been all the rage – taking an existing off the shelf product and configuring and customising it to meet your organisation’s needs rather than build from scratch. Stand on the shoulders of giants! This article does a pretty good job of articulating the pros and cons of using Microsoft Dynamics CRM 2011 / 2013 as that platform for your organisation’s needs.

Aug 19

Squeegee

What started as an exercise in skills refresh for me has finally grown into a side-project that went live today: Squeegee

A personal finance software SaaS product. Yes there’s a thousand of those out there already, but I used this as an exercise in learning how to take an idea all the way to fruition. There’s clearly more work to be done, but it’s a satisfying milestone to reach.

It would be great if you could check it out and let me know what you think!

 

Aug 05

Government announces Operation Sovereign Data

Prime Minister Tony Abbott and Attorney-General George Brandis today announced a new government initiative known as Operation Data Protect. This nationwide program will act as a data backup service for the nation, relieving the millions of Australians with connections to the internet from having to worry about safeguarding their data.

Mr Abbott reveal that the scheme would be rolled out later this year and would retain 2 years worth of data for every internet connected Australiaa. “People are afraid. Their precious memories are only a dropped laptop or stolen mobile phone away from being lost forever.”

Senator Brandis told the media contingent that after reviewing commercial services currently available, the Government had decided to step in. “Some of these services aren’t even located in Australia. There was a real risk that data was being sent to ‘the cloud’. That’s not even a country.”

“We simply could not stand by while a generation of Australians lost their documents through a lack of a backup” added the Prime Minister. In addition to backup, the service will index all the data stored so that users can easily find their files when they need to. “Handily this helps copyright owners check their records of ownership against the backed up data so we can ensure that they have received every last cent they are owed” confirmed Senator Brandis.

A glossy brochure was distributed at the press conference, listing some of the other benefits of the service. In the future, people applying for public service positions will be able to let the government simply refer to their indexed backup instead of having to complete arduous selection criteria. When asked about the whereabouts of Communications Minister Malcolm Turnbull, Prime Minister Abbott informed the press conference that he was “out negotiating a great deal on the hard drives required. Malcolm practically invented hard drives in Australia and knows a fair price when he sees it.”

Questioned about the security of the data stored on behalf of Australians, Senator Brandis said he would use a really strong password – “with those funny characters and everything” and would keep this written inside the cover of a random book on his parliamentary bookshelf. “I can’t give away which one, but it rhymes with twine-teen gatey-floor” said the winking Senator.

Aug 04

Ditching GoDaddy

I have a number of domains I originally registered with GoDaddy and I’ve finally dumped them. I’ve transferred both the DNS hosting and the Registration over to DNSimple. I got sick of trying to be sold dumb shit, piss poor web interface, and just sleazy marketing with GoDaddy. They were damn cheap I’ll give them that.

 

If you want to do something similar, here’s an overview:

  • You can change just your DNS hosting
  • You can also move over your Registration (I recommend going the whole hog)
  • You can do it without any downtime

 

The general process is:

  • Create an account with DNSimple
  • “Add’ domains to them
  • Export your Zone file from GoDaddy
  • Import the Zone file into DNSimple
  • Verify that the DNSimple servers are resolving your site
  • Change over the root nameservers for your domain(s) to DNSimple and await for propagation – this might take 24 hours
  • Cancel any domain privacy you have with GoDaddy, and ‘Unlock’ the domain (to allow transfer)
  • Transfer the Registration to DNSimple (using an Authorisation code from GoDaddy per domain)
  • Click ‘Confim’ in a few email links
  • Delete your GoDaddy account
  • Crack open a beer and put on a smug smile.

 

It is that simple. But why DNSimple? Nice, clean UI. Simple pricing structure (yes dearer than GoDaddy but it’s worth it). Two-factor authentication. You can still have WHOis privacy to obscure your details from the public registers.

 

DNSimple provide a guide to the process here. And if you are thinking about signing up, it’d be nice if you went via my referral link.

 

Jul 28

Why Free-to-Air TV matches are not HD

In the ultimate of first-world-problems, free to air NRL matches in Australia are broadcast in standard definition (SD), much to the annoyance of anyone with a decent pair of eyes. At the same time as a big game of footy is being broadcast, Channel 9 are bound to be utilising their High Definition (HD) channel for something really spectacular – like a re-run of an old Elizabeth Taylor movie from 19 diggity 8. No disrespect to Liz, but the fast paced action of sport is better suited for the HD channel. So why is it like this?

The main reasons are:

  • Government legislation
  • Government standards
  • Money

Firstly the legislation. With the introduction of Pay-TV in Australia, laws were introduced that are known as ‘anti-siphoning’ laws that prevented all the major sporting events Australians love to watch from being sucked up and only shown on Pay TV providers. Ensuring these major sporting events (Rugby League, AFL, Cricket etc) stayed on free to air TV was a great win for sports fans. The Pay TV providers can show additional events from these sports codes but as long as there is a minimum shown on free to air everything is cool.

Now for the standards. With the introduction of digital TV in Australia and then the switchover which would see the end of analogue television the government decided that the minimum digital TV standard would be Standard Definition (SD), or 480p. With all the short-sightedness of Mr Magoo, SD became the minimum standard digital TV broadcast experience for free to air TV. Additional HD channels came along as broadcasters were allowed to expand their free to air offerings. But these are essential ‘bonus’ channels because they are not required to show anything on them.

And of course money. There’s two factors for this – by offering to show sports in HD on Pay TV, there’s money to be made from people who want to cough up the cash to enjoy the sport they love in glorious HD. The problem is, the HD games they show are not the ones that are shown on free to air TV – or they are delayed if they are. The other money angle relates to ratings. Why don’t the TV stations just simulcast the games and show them on SD (as required) and in HD? The way TV ratings are calculated sees these as separate shows and so instead of ratings of “800,000″, you’d end up with ratings of “500,000″ and “300,000″. TV stations love ratings and need them to be as high as possible so they can charge higher advertising rates.

So there we have it. The possible solutions are to change the way TV ratings and advertising rates are calculated. Change the anti-siphoning laws and run the risk of losing access to these sports on free-to-air TV altogether, or to change the minimum standard for digital TV broadcast. I can’t see any of these changing any time soon, so I guess the situation we have now is one we’re stuck with. Well, at least you now know what it is the mess that it is.

 

 

Jul 22

Azure website – how to change web hosting plan

In Windows Azure Websites Microsoft have introduced a concept called a web hosting plan. This allows you to control a group of websites all at once and makes for changing their hosting settings easier. The problem is, they haven’t yet introduced a way through the Portal to change the web hosting plan for a website.

 

So if you’ve got a bunch of free websites and want to promote one of them to shared hosting, you’ll find that changing one changes them all – because hosting options are now configured at the web hosting plan, not the individual websites. When they introduced this change they created a default group for all your existing websites and you’ll find they are all grouped together.

 

If there’s no way to change this through the Azure Portal UI, how do you do it? Time to crack out the PowerShell. Open a Windows Azure PowerShell session and run through the following.

Login

Add-AzureAccount

Switch to Azure resource mode

Switch-AzureMode AzureResourceManager

Create dictionary to represent the new web hosting plan (note the fact that we’re setting the ‘serverfarm’ property here)
$whp=@{"serverfarm" = "<newplan>";}

Apply the changes
Set-AzureResource -name <sitename> -ResourceGroupName <groupname> -ResourceType Microsoft.Web/sites -apiversion 2014-04-01 -PropertyObject $whp

 

So the above works if you’ve already got a second web hosting plan to change the website(s) into. How do you create a new web hosting plan? The non-PowerShell way is described over at this article. Essentially – creating a new website, and specify to create a new hosting plan when creating it.

Microsoft have published an In Depth Overview of Azure Web Sites Hosting Plans if you want more detail on the above.

 

Jul 21

HTC One

My HTC One is the first Android phone that I have stuck with the original ROM for a prolonged period of time, which is remarkable given there’s even a ‘pure’ Android ROM available for it. In the past I’ve been happy to upload custom ROMs for my original HTC Hero, my Samsung Galaxy S II and even my Galaxy Nexus. Going from the Galaxy Nexus back to the HTC One I thought I might want to change the ROM because I didn’t think I’d like (going back to) HTC Sense. But these days it’s not very offensive, and the CPU of the phone just handles anything you throw at it.

In the past I’ve changed ROMs because I wanted access to cooler new features or to mitigate performance problems. Even though there’s a lag with the time a new version of Android is released and the time HTC get it out to my phone, I’ve found the incremental feature upgrades to either be minor and not worth worry about, it not of interest to me.

Long live the HTC One M7!

Jul 14

15 months with a FitBit One

I’ve owned a Fitbit One for 15 months now and it’s great fun. Has it helped me lose weight? Yes and no. Have I definitely walked further and been more active than I would have been without it? Hell yes.

The FitBit One is basically a fancy pedometer that can sync up with an appropriately Bluetooth enabled phone, or a PC wirelessly via dongle that comes with the device. It has great web based software that can give you all kind of amazing details about your activity during the day – and night. This is meant to make ‘being active’ more fun and motivate you to achieve your goals – whether they be walking a certain number of steps a day, having a certain number of ‘active’ minutes per day and of course weight loss. It even comes with an elastic sleeve you strap around your wrist so you can wear it at night to track how long, and how well you slept for.

Overall the device works really well – I’ve found it consistent and accurate with regards to steps. If you want to nit pick, yes you can shake it and falsely get the step count higher than you walked. But really, why bother? It’s meant to be acting as a guide so you know if you’re kidding yourself about how much exercise you actually do.

When it comes to weight loss I’m in the camp of Input – Outputs = Net Result. That is, Food, Minus Activity = Gain or Loss. The FitBit is only doing the Outputs, or Activity side of things. If you want to track food you can use the FitBit software, but not if you’re outside the US. Booo. However, you can use the excellent MyFitnessPal website. You can link your accounts so that the food tracked is seen against your activity levels so you get nice little graphs like the one below.

 

FitBit Charts screenshot

Walking around and being active was definitely more fun when I first got the device. But after a while it got a bit less exciting. I’m pretty sure a Canberra winter kicked in and my activity levels drop and my weight loss enthusiasm also waned. So I fell off the bandwagon. I kept wearing the device and have worn it pretty much every day since I bought it. I haven’t been as serious about measuring my sleep and had a few months there where I didn’t wear it at night.

For this device to work for you, you need to be obsessive about checking it’s still strapped to your belt as it can be easily lost. Either the holder that it is encased in pops off your belt, or you bump against something and it pops out of the holder. I’ve lost it a few times but thanks to detecting it pretty soon after the event I’ve found it again. I’d buy another one if I lost it.

One great thing – the support behind the product is great. I contacted them after a few months because I lost the rubber holder and wanted to buy the accessory replacement in Australia. They said “don’t be silly”, and FedEx’d me a new one. Pretty great stuff and another reason I’ll be loyal to them.

So if you’re interested in a Pedometer in general, and you’ve got a smartphone and can afford it, I recommend buying the Fitbit One. It’s going to help you achieve your activity (and maybe weight loss) goals if you use it correctly and stay motivated.

Older posts «