SHA2017: hacker conference/camp videos are up

SHA2017: hacker conference/camp videos are up

SHA2017 is on today (it started over the weekend and ends tomorrow) and it is a hacker conference and camp.

Most of the conference videos are up on Youtube and they are very informative and fun. There are a lot of good talks. I’ve picked a few to showcase here but you should check out the whole playlist of SHA2017 videos.

Decentralize! Self-hosting in your own home using Sovereign

In the Decentralize! talk, the software Sovereign is explored and shown to be a good way to set up your own personal cloud and host your own services and data. Sovereign is a set of playbooks that can be run to install the software on a server that you run. It’s similar to the Freedom Box project.

The software you can self-host with Sovereign is:

  • Dovecot, Postfix and Roundcube for email servers and a webmail interface
  • Jabber/XMPP messaging server with Prosody
  • RSS reader
  • VPN server with OpenVPN (FreedomBox also can do this)
  • Git code repository hosting

Continue reading “SHA2017: hacker conference/camp videos are up”

Bitcoin, cypherpunks, a thoughtful perspective on the future

Bitcoin, cypherpunks, a thoughtful perspective on the future

Thought-provoking article in Bitcoin Magazine about a conference that happened at the end of September, the Hackers Congress Paralelni Polis in Prague.

It’s an interview with two crypto-anarchists who explain their views on the direction of society and the possibilities of a future that includes mainstream usage of Bitcoin and encryption technologies.

One of the first questions asked by the interviewer is, “what is cryptoanarchy?”

This is their answer:

Sip: Simply put, crypto-anarchy is the idea that people can govern and organize themselves without governments, by using the tools of cryptography, cryptocurrencies and other means of decentralization.

Lupták: With these tools, we can build a more effective, a more free and a more voluntary society…

This is a nifty idea, and what makes it nifty is that free software and open source developers have been collaborating for decades and have been more effective, more free and all open source developers are contributing voluntarily.

In fact, there was a recent article by Daniel Pink suggesting that the further we are from a problem, the more creatively we will think about it. In open source development, we are close to the problem but when reviewing other people’s code or submitting patches, we are further away from the problem meaning we can be more creative in coming up with solutions.

So at least for software development, a decentralized model can work. Can it work as a replacement for government? That question is still open but we have seen lots of actions to make government more transparent and more accountable to the people. If you’re looking for small-scale examples of “anarchy” in action, you can look at the Workplace Anarchy described by someone who works at Igalia, a software co-operative that sells consulting service and is quite profitable.

In the interview they mention OpenBazaar which is free/open source software that lets you run a peer2peer ecommerce site. The idea there is to reduce transaction costs to whatever the bitcoin transaction costs are and to remove any middlemen that would cut into profits. A thoroughly free-market-oriented concept that is based on market efficiency and accomplished through free/open source software with the BitCoin currency.

Metrolinx provided customer data from transit cards to police

In Ontario, Canada, the Presto card is the transit card that many daily commuters use. The company Metrolinx has provided customer information to the police without requiring a warrant in many cases.

According to the article,

The transit agency has received 26 requests from police forces so far this year and granted 12 of them, according to Metrolinx, which is the provincial transit agency that operates the Presto fare card system used across the GTHA and in Ottawa. It is not known how many requests Metrolinx granted in previous years because the agency only began tracking them in 2016.

The problem in this case is that while it may be legal for them to share information with the police, customers have been entirely unaware of what information is being shared and when and with who. Metrolinx’s privacy policy is not clear enough and they aren’t transparent enough. As one of the largest operators of public transit payment systems, they have to be held accountable and must offer clear information on how they respect customers and their personal data.

This is one of the biggest risks of moving to an all digital payment system that is controlled by one entity. In many cases customers are actively discouraged from using privacy-safe alternatives like cash or tokens.

To bring this back to open source and professionalism. If the transit card systems were open source they could be audited. If the administration software was open source it could be audited and improved to add police data requests as part of the database. Whoever built the system to gather customer data should have been professional and raised the privacy concerns that affect customers.

Google said to be planning a built-in ad blocker for Chrome

https://techcrunch.com/2017/04/19/google-said-to-be-planning-a-built-in-ad-blocker-for-chrome/

This is great news, a lot of web browser users typically do not look for adblockers, by having an adblocker built into the browser and activated by default, those users will be better protected from intrusive ads that slow down their web browsing experience.

However, the more security-minded users will want to audit the open source code for the built in adblocker.

Shazam keeps your Mac’s mic on

http://motherboard.vice.com/read/shazam-keeps-your-macs-microphone-always-on-even-when-you-turn-it-off

This is why I advocate for more software to be free/open source, because in some cases you have no idea what it’s actually doing. When the code is freely available under a free software or open source license, it becomes possible for third parties to do an audit of the code and to see what it actually does.

Shazam’s Mac app is misleading users by defining “off” as “well your mic is still on and we will only listen to what you say when the app is active, we promise”.

Surveillance Self-Defense Software

Check out this article from The Intercept, detailing how to defend yourself from government surveillance.

Here’s a list of the software that is mentioned, and while some of it is proprietary, I thought it would be alright to list it here because it does protect privacy through encryption technologies:

  • Signal (open source)
  • What’s App (proprietary)
  • Semaphor (proprietary), it’s like Slack but encrypted
  • Let’s Encrypt SSL certificates
  • Tor Browser
  • Qubes, a GNU/Linux distribution that runs everything in disposable virtual machines and compartmentalizes to protect you from USB drive viruses and PDF malware

Canadian spy agency, CSIS, uses illegal bulk data collection to subvert Canadian freedoms

On a beautiful Sunday morning, I have to link to this bit of ugliness on the illegal bulk data collection by the Canadian spy agency, CSIS. Only a handful members of government knew about and it was only revealed because of a court case.

From the article:

Many corporations and government agencies are now gravitating toward so-called big data computer analytics that can predict patterns of future behaviour based upon records about what has happened in the past. Spy agencies are no different, and the centre in question appears to be the Canadian Security Intelligence Service’s equivalent of a crystal ball – a place where intelligence analysts attempt to deduce future threats by examining, and re-examining, volumes of data.

Continue reading “Canadian spy agency, CSIS, uses illegal bulk data collection to subvert Canadian freedoms”