SHA2017: hacker conference/camp videos are up

SHA2017: hacker conference/camp videos are up

SHA2017 is on today (it started over the weekend and ends tomorrow) and it is a hacker conference and camp.

Most of the conference videos are up on Youtube and they are very informative and fun. There are a lot of good talks. I’ve picked a few to showcase here but you should check out the whole playlist of SHA2017 videos.

Decentralize! Self-hosting in your own home using Sovereign

In the Decentralize! talk, the software Sovereign is explored and shown to be a good way to set up your own personal cloud and host your own services and data. Sovereign is a set of playbooks that can be run to install the software on a server that you run. It’s similar to the Freedom Box project.

The software you can self-host with Sovereign is:

  • Dovecot, Postfix and Roundcube for email servers and a webmail interface
  • Jabber/XMPP messaging server with Prosody
  • RSS reader
  • VPN server with OpenVPN (FreedomBox also can do this)
  • Git code repository hosting

Continue reading “SHA2017: hacker conference/camp videos are up”

Advertisements

Metrolinx provided customer data from transit cards to police

In Ontario, Canada, the Presto card is the transit card that many daily commuters use. The company Metrolinx has provided customer information to the police without requiring a warrant in many cases.

According to the article,

The transit agency has received 26 requests from police forces so far this year and granted 12 of them, according to Metrolinx, which is the provincial transit agency that operates the Presto fare card system used across the GTHA and in Ottawa. It is not known how many requests Metrolinx granted in previous years because the agency only began tracking them in 2016.

The problem in this case is that while it may be legal for them to share information with the police, customers have been entirely unaware of what information is being shared and when and with who. Metrolinx’s privacy policy is not clear enough and they aren’t transparent enough. As one of the largest operators of public transit payment systems, they have to be held accountable and must offer clear information on how they respect customers and their personal data.

This is one of the biggest risks of moving to an all digital payment system that is controlled by one entity. In many cases customers are actively discouraged from using privacy-safe alternatives like cash or tokens.

To bring this back to open source and professionalism. If the transit card systems were open source they could be audited. If the administration software was open source it could be audited and improved to add police data requests as part of the database. Whoever built the system to gather customer data should have been professional and raised the privacy concerns that affect customers.