Concerns about Dept. of Education’s “Primary Online Database”

Digital Rights Ireland Simon McGarr speaks about the Dept. of Education Primary Online Database by Bernard Tyers on Mixcloud

The recording can be downloaded for reference.

Simon McGarr from Digital Rights Ireland speaks on Drive Time, Irish national radio, about the privacy, and misuse of data concerns with the Department of Educations’ proposed Primary Online Database programme to collect sensitive, and nonsensitive data about primary school children until at least their 30th birthday.

Simon has written about it already, and has created an online form where parents can express their concerns.

The proposed database has been covered in Irish media.

Installing Trisquel GNU/Linux on a MacBook Pro

If you try to install Trisquel 7.0 1)Trisquel Operating System website: https://trisquel.info/en on a MacBook Pro using Virtual Box 3)Virtual Box website: https://www.virtualbox.org/, you’ll run into a problem.

When you configure the VM, and go to start it, you’ll get the following error:

This kernel requires the following features not present on the CPU: pae.
Unable to boot – please use a kernel appropriate for your CPU.

Error with Trisquel on a VirtualBox VM

This is due to Trisquel kernel requiring PAE 2)Physical Address Extension wikipedia article: https://en.wikipedia.org/wiki/Physical_Address_Extension, to be enabled.

The solution is to enable it in settings –

Settings->System->Processor

Trisquel running on Virtual Box VM - System VirtualBox Manager

This option “Extended features: Enable PAE/NX” must be enabled. Restart the VM and you can continue installing Trisquel GNU/Linux.

References   [ + ]

1. Trisquel Operating System website: https://trisquel.info/en
2. Physical Address Extension wikipedia article: https://en.wikipedia.org/wiki/Physical_Address_Extension
3. Virtual Box website: https://www.virtualbox.org/

Digital Rights Ireland comment on Ireland’s state sanctioned phone and e-mail tapping laws

Digital Rights Ireland Simon McGarr speaks to Today FM about Ireland’s phone and e-mail tapping laws by Bernard Tyers on Mixcloud

Digital Rights Ireland’s Simon McGarr has written a good post with thoughts on the FISA-style secret court hearings.

It looks like the law falls short of covering “Information society services” such as Google, Facebook, and Twitter. Those International services that are based in Ireland, and would run for the hills if it were to cover them.

I’d suggest also reading the original Irish Times article by Karlin Lillington which broke the story.

Mainstream Internet comes to Tor – who’s next?

A couple of years ago I started a list of organisations I thought should run Tor relays or exit nodes.

I found it again this weekend.

Organisations who should run Tor nodes (exit or relay):

(ordered by likelihood of it happening)

  • Mozilla
  • EFF
  • Amnesty International
  • Privacy International
  • Reuters (for their journalists and correspondents and for provision of news services)
  • LibreOffice (they provide open source content creation tools)
  • Internet hosting companies (Gandi.net, Greenhost)
  • national government of Iceland, Switzerland, the Netherlands, Ireland (Ireland is now Europe’s user data protection base for Facebook, Twitter, and Google)
  • Télécoms Sans Frontières (TSF)
  • Twitter
  • Reddit
  • all hackerspaces who’s members are able to contribute to the running
  • Apple
  • Dell
  • IETF
  • the United Nations (or some part of..)
  • the European Parliament (or some part of..)
  • MIT, Stanford (universities who have a history in the advancement of the Internet and technology)
  • Google
  • Youtube
  • mobile phone network operators (Vodafone, 3, o2)
  • Internet Service Providers (BeISP in UK, XS4ALL in Netherlands and others)
  • British Broadcasting Corporation (for provision of news services in countries where access to news restricted)

Scores on the doors

I guessed one correctly. Not a good result.

Mozilla

Mozilla have announced they will run relay nodes as part of “Polaris”, their new privacy initiative.

It is a collaboration between Mozilla 1)Mozilla privacy blog announcing launch, the Tor Project 2)Tor Project blog post announcing launch&lt and the Centre for Democracy and technology.

This news is fantastic. It truly is. Such a large, and user-focused Internet entity putting it’s resources behind Tor middle relay nodes is great news. I would have expected Mozilla to fund and operate exit nodes as this is the main difficulty for small or single entities. Running exit nodes can attract the wrath of legal departments, law enforcement agencies and ISPs. Still, give them credit.

The dark horse

But I totally missed the other major name.

I did not expect Facebook to be (the first?) the major Internet service to be present on the Tor network 3)Facebook announcement made on Facebook.com, never mind launch a hidden service 4)BBC article covering Facebook Tor service, with an associated SSL cert.

And then my friend Alec Muffet caused me a few weeks of head scratching and repeated “what nows?” when he tweeted:

It seemed to totally go against the “BUT FACEBOOK IS TRACKING ME AND WANTS TO KNOW MY EVRY THOUGHT” argument. And yes, that thought had crossed my mind.

It also confused a lot of people when they thought, “BUT I HAVE TO LOG INTO FACEBK SO I LOOSE MY ANONYMITY!”.

In the case of Facebook, unless you created an account which does not use your real name and does not have any photos of you uploaded, you weren’t anonymous.

What accessing Facebook as a hidden service inside the Tor network does do is hide your actual location. This may not be beneficial to some users, but will be very beneficial for others.

Why did Facebook do it?

I have some guesses and they can all be summed up by: to give access to their website to as many potential users as possible.

Go back to Nokia’s awesome 22 year old mission statement (first thought of by Ove Strandberg) “Connecting people”. The Nokia slogan “effectively portrays the company’s mission, which is to connect people without barrier and distance” 5)famouslogos.net description of the Nokia slogan.

Facebook want to make their service available to as many people as they can.

DuckDuckGo

DuckDuckGo, the “privacy enhancing” search engine, is available as a Tor Hidden service.

It would be good to know if they also run exit relays.

Wikimedia

The other big name on the Internet that has been running Tor network middle relays is Wikimedia.

It would be very interesting to see them launch a hidden service. I think this could have a similar affect, in terms of access to information, as Facebook could have for enabling people to connect.

Who else?

As a result of their place in the publiction and handling of the Snowden files, I want to see the Guardian newspaper running a hidden service, or at least exit nodes.

Over the weekend I read an interesting article about the “right” relationship between technology companies and journalism ((Guardian article by Emily Bell, written by Emily Bell. She made a good comment:

“….at news organisations the central organising principle is usually to produce something with social impact first ahead of utility or profit”.

I agree, which is why I think The Guardian should look at making their content available as a Tor Hidden Service. It would produce something with social impact and provide utility.

Who do you want to see creating a Tor Hidden Service, or running relay nodes?

References   [ + ]

1. Mozilla privacy blog announcing launch
2. Tor Project blog post announcing launch&lt
3. Facebook announcement made on Facebook.com, never mind launch a hidden service ((BBC article covering Facebook Tor service
4. BBC article covering Facebook Tor service, with an associated SSL cert.

And then my friend Alec Muffet caused me a few weeks of head scratching and repeated “what nows?” when he tweeted:

It seemed to totally go against the “BUT FACEBOOK IS TRACKING ME AND WANTS TO KNOW MY EVRY THOUGHT” argument. And yes, that thought had crossed my mind.

It also confused a lot of people when they thought, “BUT I HAVE TO LOG INTO FACEBK SO I LOOSE MY ANONYMITY!”.

In the case of Facebook, unless you created an account which does not use your real name and does not have any photos of you uploaded, you weren’t anonymous.

What accessing Facebook as a hidden service inside the Tor network does do is hide your actual location. This may not be beneficial to some users, but will be very beneficial for others.

Why did Facebook do it?

I have some guesses and they can all be summed up by: to give access to their website to as many potential users as possible.

Go back to Nokia’s awesome 22 year old mission statement (first thought of by Ove Strandberg) “Connecting people”. The Nokia slogan “effectively portrays the company’s mission, which is to connect people without barrier and distance” ((famouslogos.net description of the Nokia slogan

5. famouslogos.net description of the Nokia slogan.

Facebook want to make their service available to as many people as they can.

DuckDuckGo

DuckDuckGo, the “privacy enhancing” search engine, is available as a Tor Hidden service.

It would be good to know if they also run exit relays.

Wikimedia

The other big name on the Internet that has been running Tor network middle relays is Wikimedia.

It would be very interesting to see them launch a hidden service. I think this could have a similar affect, in terms of access to information, as Facebook could have for enabling people to connect.

Who else?

As a result of their place in the publiction and handling of the Snowden files, I want to see the Guardian newspaper running a hidden service, or at least exit nodes.

Over the weekend I read an interesting article about the “right” relationship between technology companies and journalism ((Guardian article by Emily Bell

Open Rights Group London: Myles Jackman – Criminalisation of Extreme Pornography talk

ORG London October meeting: Myles Jackman – Criminalisation of Extreme Pornography (releveled) by Bernard Tyers on Mixcloud

This is my recording of the Open Rights Group London October talk on the criminalisation of extreme pornography. The talk was a fascinating of the criminalising of sexual material.

Myles Jackman – @ObscenityLawyer – will be talking about how criminalising possession of extreme pornography victimises sexual minorities. We have seen recent cases of young people being prosecuted for owning and sharing images of themselves.

Myles will highlight how the laws around possession of sexual images are (mis)used by the police.

My notes on today’s BBC Radio 4 Digital Human episode on “risk”.

Digital Human: Risk (Series 6 Episode 1) by Bernard Tyers on Mixcloud

Today’s Digital Human 1)BBC Radio 4 Digital Human Programme with Aleks Krotoski covered human perception of risk in the “online age”.

“Our brains are still running security software designed to protect us against lions, tigers and bears and we haven’t run an update for about 200,000 years. Aleks Krotoski explores how well it works when faced with the risks of the digital world.”

It was a very interesting programme. They also didn’t mention the words “threat modelling” once. 🙂

My notes from the programme

  • What’s the riskiest thing you’ll do today?
    • Cycle on the street? Clicking on the attachment?
  • Scientiest says our risk perception system works, “we’re still here!”
    • The problem is it has developed over time, when the risks we had to deal with were much simpler: lions, tigers bears in the dark
    • We have an “inconvienent mind” when it comes to more modern complex risks
    • Because of this, we are getting some risks wrong
    • Our brains’ run the same security software against all risks we come into contact with
      • it hasn’t been updated for over 200,000 years
  • How does our brain handle more modern risks, and
  • Programme introduces “Jersey Lifts”
    • young people give and receive lifts home from a night out, for free (money does change hands…) while living on the island of Jersey
    • most people would not pick strangers up and give them lifts
    • people post they are giving lifts/or that they need a lift on facebook/the website
    • one girl mentions she prefers to get lifts from friends as opposed to taxi drivers
      • that’s the first problem with our risk perception: our decisions are not always rational
    • If the girl is giving a lift to only her friends on the island, whats wrong with that?
      • She is posting her number, availability and location to a public forum of people she couldn’t possibly know
    • Jersey Lifts operates on a “cognitive trick” humans have used offline
      • the girl only gives lifts to people who she already knows directly, or has a “friend” in common
      • the girl contradicts herself by saying she having given a lift to “a friend of a friend”, and this is good as it “increases the connections between young people on the island”
        • she uses this criteria as a was of rationalising that she can then get a benefit of knowing mroe people, and so increase her chances of getting a lift when she needs one
  • Risks have characteristics that make it feel more or less scary
    • “Natural” risks feel less “scary” than human made risk
    • Risk that is imposed on us feel less “scary” than risk we have chosen voluntarily
  • Our level of trust makes us feel more or less afraid
    • It is a powerful risk perception factor to a social animal like us humans
    • Offline if we feel we need to trust someone, we will gauge that trust by finding a common connection and ask them
    • If we don’t have a common connection, we will still trust them, but only based on the information we know about them, what we heard about them, or what we’ve seen them do
    • We trade in social capital which we would have earned by being part of organisations; boy scouts, church groups
      • if someone from your church group asked you for a lift, would you give it to them? (Probably, since you were part of a common entity…)
      • Jersey Lifts exists in a microcosm, small organisation
      • The journalist mentions she has received lifts in microcosms (Isle of Skye) where she was able to introduce an element of consequence (person can’t get away easily) which she has used to accept to take that risk, and make her decision easier
          • Jersey is so small, so if someone did something bad, they would be negatively affected in terms of social capital
          • The girl is taking a calculated risk
            • people “do lifts” in 2 or 3s
            • “It’s a mutual relationship”

        Her Mum doesn’t like her giving lifts, but doesn’t have a problem with her receiving lifts…?

  • Our brain is a survival machine, it is to get us through the day
    • the brain is hardwired to respond with instinct first and conscience objective reasoning second
      • you have a fight or flight response
      • historically this is a good response (think about meeting a snake and instead of running away, you “considered” it. This dangerous response would be “bitten and poisoned out of the gene pool”)
  • Risk is the chance that something bad could happen
    • risk is the probabilty of..
    • something bad being the outcome.
      • “the probability that something bad will happen to us”
  • When we cross the road, we don’t think about the road death statistics (i.e. use our rational thought processes), we do it “when it feels right” (i.e. our instinctive responses)
    • Emotions on judging that risk are contextual; they depend on the circumstances;
      • what would we do if we were crossing the road with a child
  • We are told there are so many unknown risks
    • risks to children scare us more than any risk to adults
      • The media exaggerate the Internet and its risks to children due to this
      • “the risk to children is played up WAY greater than it is, at least statistically in the US. In part because of this instictive, excessive emotional fear we have of any risk, that threatens our kids”
    • There is still a big public, moral panick agenda from the media about the Internet
      • They’ve associated all manner of bad things with the Internet
      • “The Internet does bad things to children, irrespective of who they are or how they use it”
        • Research was carried out with children to understand their usage of the Internet
    • Risk is not the same as harm
      • Crossing the road is risky, but does not mean they will be knocked down.
      • Humans try to apply those real world risks to the online world
        • Most children won’t come to harm when they use the Internet
        • “Even when kids see bad things, like pornpgraphy, they are not necessairly harmed”
      • The researcher wants to answer, 1) what are the conditions that lead to kids using the Internet in risky ways, and 2) what are the conditions that then might lead that to them being put at harm, 3) what are the protections needed in each case
        • The answers may be education of the child or regulation of the Internet (not always the same)
    • Our fears of humans being corrupt is amplified online
      • Threats online are slightly different as the Internet obscures a lot of the ways humans make judgements about trust online and online we are having to work them out. The Internet changes so often, that we have to continuously work out new ways to deal with them; the ways to trust that we use to gauge risk.
    • Risk depends on the point of view
      • Jersey lifts from the point of view of the person giving the lift is different than a taxi driver who has “more to loose”
      • Money does change hands on the Jersey Lifts service; maybe this is the most risky thing of all
      • It has been proven that the most risk comes from those inside your social group, so in fact the Jersey Lifts service, “focusing” on your friends, is more risky; even a gamble
  • The suggestion that using your real name online for an online profile, for example on Facebook, is better for other users to trust your profile
    • We’ve always been scared of strangers
    • Our 200,000 approx. year old  security software in our heads is coming up against the same risks, just in different contexts; judging risk online is more difficult as we have to take into account so many more pieces of data
    • Our security software is very much out of date when we come up against totally new risks
  • Abstract risks are harder for our brains to make correct decisions
    • e.g. climate change
    • viruses that can travel around the world
    • Our instinctual risk perception system is coming up against more complex risks that require reason and logic, and that is not how we react
    • If a risk “feels” like it isn’t going to happen to me, then it doesn’t matter what the facts say abstractly
    • If the abstract risk is harder to see that it applies to you then you are less worried
  • The place where we encounter the most abstract risk, is online
    • Someone with OCD and chronic fatigue syndrome talks about his fear of online security
      • They wiped their PC, and reinstalled their OS at least 3 times a week in the hope that it would give him the confidence to use it for the things he wanted without his anxiety taking over
      • His OCD started with a typical fear of contamination; taps, toilet, etc
        • the fear of computer viruses was a continuation of the fear of contamination
      • He was afraid of risks online
        • His mind was working overtime worrying about people doing bad things, and this was debilitating
      • He knows the fears are feasible but are not likely to happen
  • “White-hat hacker” mention of AUVs and drones
    • Most people can’t concieve that devices in their pockets would leak their personal information
    • They can’t concieve a drone in the sky could be intercepting the data from people’s phones
    • Jersey Lifts can put a face on the person giving/taking the lift:  the known unknown
    • The unseen drone hovering intercepting information: the unknown unknown
    • It’s easy to conceptualise physical risks (car crash) but not abstract risk (being hacked)
  • When risks are more abstract and require more thought; we get them wrong
    • When there is no emotional element; humans often forget about them
  • Society is unaware of a huge risk: the risk of getting risk wrong
    • i.e. that our perceptions don’t match the facts
    • Post Septermber 11 bombing
      • Humans looked to take control of their travel and their safety and so they chose to travel by car/road
      • In the 6 months post sept11, between 500 and 2000 people died in road traffic accidents
  • Taking risks actually is good for humans, it propels us forward
    • The key thing with risk is not that how we choose to manage the risk not if we do or don’t engage with it
    • This applies online as much as offline
  • If we become risk adverse; children will not become resilient online; and they will not meet other people whjo share the same interests
    • They will loose their self control, we make them more risk adverse, and at danger
      • when you cross the road yourself, you become self-sustaining
    • All of the security and public safety work in the physical world over the past 100 years has been to protect humans, and allow them be self-reliable
      • We are not doing this online and so we risk making children less self-reliant
      • We are not using our common-sense like we have been doing it in the offline world
    • “We cant be expected to think of every risk that can exploit us, but we have the knowledge that we can be exploited, and we can demand protection” (questionable)
    • Ambrose Beerson “The brain is only the organ with which we think, we think.”
      • We are subjective, but let’s try and be more rational by building policies and structures that save us from getting in to trouble when our emotions take over decision making
    • The girl doing Jersey Lifts rationalises how she decides on to give lifts to
      • Jersey Lifts tries to digitally verify identites in order to keep herself safe
  • Drones and spy software don’t fit into any compartments in our human minds (not true..but difficult)

References   [ + ]

FOSDEM 2015: Call For Papers on Open Source Design

For the first time ever, FOSDEM 1)What is FOSDEM has accepted an Open Source Design devroom proposal!

It is a full day of talks about design work on free, libre and open source projects taking place Sunday, February 1st, 2015, in Brussels 2)Where is FOSDEM taking place?.

The devroom is open to all who are involved in open source design – user researchers, interface and interaction designers, graphic designers, and developers. Proposal submission deadline is December 1st.

Below is the full Call For Papers, including all the information you need. 3)Open Source Design Call For Papers on FOSDEM mailing list

If you need more, contact one of the co-ordinators, or leave a comment below!


From: belen barros pena
Date: Sat, Oct 11, 2014 at 12:23 PM
Subject: Open Source Design Devroom: Call for Participation
To: fosdem@lists.fosdem.org

This is the Call for Participation for the FOSDEM 2015 Open Source Design devroom. We invite you to send in your  submissions about design work on free, libre and open source projects.

FOSDEM is the Free and Open source Software Developers’ European Meeting, a free and non-commercial two-day weekend event that offers open source contributors a place to meet, share ideas and collaborate.

For the first time this year, there will be a design devroom at FOSDEM: a full day of talks around design work on free, libre and open source projects. The Open Source Design devroom will take place on Sunday, February 1st.

We mean ‘design’ in the broadest sense, from user research, to interface and interaction design, typography, and usability testing – all in the context of open source projects, which we believe introduces unique challenges. Designers, and developers working with designers (or on a design-minded project) are welcome to submit proposals.

What and how to submit
====================

RECORDING AND LICENSING:

It is quite likely that the talks in the Open Source Design devroom will be audio and video recorded. By submitting a proposal you consent to be recorded and agree to license the content of your talk under a Creative Commons Attribution-ShareAlike (CC BY) license.

FORMAT:

30-minute presentations (we are leaving 15 minutes for questions and discussion).

SUBMISSION DEADLINE:

1st December 2014

HOW TO SUBMIT:

All submissions are made in the Pentabarf event planning tool at

https://penta.fosdem.org/submission/FOSDEM15

When submitting your talk in Pentabarf, make sure to select the ‘Open source design devroom’ as the ‘Track’.

If you already have a Pentabarf account from a previous year, please reuse it: create an account if, and only if, you don’t have one from a previous year. If you have any issues with Pentabarf, do not despair: contact belenbarrospena at gmail dot com

WHO COORDINATES THIS OPEN SOURCE DESIGN DEVROOM THING?

Belén Barros Pena
Jan-Christoph Borchardt
Felix Niklas
Lewis Nyman
Dani Nordin
Hylke Bons
Lisa Rex
Roy Scholten
Philipp Sackl
Bastian Ilsø Hougaard
Mikael Korpela
Bernard Tyers


 

References   [ + ]

Technology and humans

There are deeper fears, people are afraid technology will make them less free, make them less powerful in a personal way.

And that’s entirely possible. And in fact there are lost of good examples of that, the defence industry being a major one.

Technology can also empower. You can take that argument all the way back and say that the first apelike humanoid who used a tool, was the guy who put the first nail in our coffin. It’s not my arm it’s a hammer! Does that mean I’ve lost power to the hammer? Or does that mean I can build a cathedral?

The question is not is the medium intriensically evil or scary, the question is whether or not we have a culture, and a society and a group of artists who can rise to the occasion of using it in a way that enhances us.”

Dr. Brenda Laurel
42m 20s, Cyberpunk: 1990

Somewhere, this is true.

We all know some horrible software application, some horrible website where this password policy is enforced.

Death to stupid password policies.