How To Change Your Facebook Settings To Opt Out of Platform API Sharing | EFF

With the Facebook scandal casting a shadow on anything even remotely tech related, we're not short on opinion. What's surprised me most about the whole situation, is that anyone should be surprised at all. What's more, I can't see how the proposed changes will do much.  The most expedient thing right now would seem to be sharing information like this from the Electronic Frontier Foundation. Locking your profile down, insofar as it can be locked down. While you defintely should — lock it down — sadly the horse has bolted, and with your data.

Over the weekend, it became clear that Cambridge Analytica, a data analytics company, got access to more than 50 million Facebook users' data in 2014. The data was overwhelmingly collected, shared, and stored without user consent. The scale of this violation of user privacy reflects how Facebook's terms of service and API were structured at the time. Make no mistake: this was not a data breach. This was exactly how Facebook's infrastructure was designed to work.

My point exactly, this is how it was designed to work. Nobody should be the least bit surprised at this situation. If you’re similarly cynical about the efficacy of the plan to address the situation, and at the same time caught in a bind like most people on the question of whether to keep using the service. The minimum requirement is another look over those settings.

You shouldn't have to do this. You shouldn't have to wade through complicated privacy settings in order to ensure that the companies with which you've entrusted your personal information are making reasonable, legal efforts to protect it. But Facebook has allowed third parties to violate user privacy on an unprecedented scale, and, while legislators and regulators scramble to understand the implications and put limits in place, users are left with the responsibility to make sure their profiles are properly configured.

Not only should you not have to do it, but you shouldn’t expect that settings will routinely change to such a degree that maintaining the level of privacy you desire requires you to check over it every time Facebook rearranges the furniture.


Alphabet’s ‘Outline’ Homebrew VPN Software Offers Open-Source, Easy Set-Up Privacy You Control

Alphabet's ‘Outline' looks an interesting project. I want to revisit some of the security/privacy recommendations on this site, my own perspective on private VPN companies has shifted since I last wrote about one in particular. I would agree this is not a ‘privacy panacea’, but have every intention of seeing if I can break it.

Jigsaw, the Alphabet-owned Google sibling that serves as a human rights-focused tech incubator, will now offer VPN software that you can easily set up on your own server—or at least, one you set up yourself, and control in the cloud. And unlike older homebrew VPN code, Jigsaw says it's focused on making the setup and hosting of that server simple enough that even small, less savvy organizations or even individual users can do it in minutes

Show and Tell — Friday 23rd February, 2018

Showandtell 23 02 2018.jpg

Some of these links have collected a little dust over the past few weeks. Things have been quiet around here whole I dealt with the little matter of moving from one island to another. If you enjoy the quips, read on. If you only came for the potentially useful links, I’m sure you can find them. Enjoy.

How Not to be Seen

Salon to Ad Blockers: Can We Use Your Browser to Mine Cryptocurrency? | Ars Technica — Salon might think this is clever, but I doubt they think it’s honest. Nor do I think they care. What stands out to me, other than litany of other implications, is yet more massaging of meaning. Salon claims it will take advantage of ‘unused computing power’, then clocks the CPU to ridiculous levels. But the real kicker is clause of ‘one browser session’. People simply don’t close their browsers anymore, so this could go on for a lot longer than what unsuspecting users think it will. In short, not a fan.

Hey Alexa, Is It True a TV Advert Made Amazon Echo Order Cat Food? | Technology | the Guardian — If nothing else, this illustrates what should already be clear. These devices have one function, buy stuff.

Key iPhone Source Code Gets Posted Online in ‘Biggest Leak in History' – Motherboard — I was listening to a popular ‘tech’ podcast 1 a few days ago and heard another proclamation that Apple is more focused on security than anybody ever. Sure, all the evidence supports that. Oh wait, no it doesn’t.

Facial Recognition Software Is Coming to Industries Like Fast Food and Luxury Shopping. | Slate — Sadly, this is now inevitable. It’s still creepy, bordering on terrifying.

Objective-See | Mac Malware 2017 — If you’re still under the illusion there is no such thing on macOS

Chinese Police Are Using Facial Recognition Sunglasses to Track Citizens | the Verge — Say what you like, this is happening

Idle at Work

Numbers | Becky Hansmeyer – If you haven’t yet seen the app, check out Snapthread. This is an interesting insight into the difficulties facing independent developers. It is not unlike running an independent blog.

The Light Entertainment War

Can an App That Rewards You for Avoiding Facebook Help Beat Smartphone Addiction? | Technology | the Guardian  Or, just stay off Facebook

Facebook personal data use and privacy settings ruled illegal by German court | Technology | The Guardian

Heiko Duenkel, litigation policy officer at the VZBV, said: “Facebook hides default settings that are not privacy friendly in its privacy centre and does not provide sufficient information about it when users register. This does not meet the requirement for informed consent.”

The court also ruled eight clauses in Facebook’s terms of service to be invalid, including terms that allow Facebook to transmit data to the US and use personal data for commercial purposes. The company’s “authentic name” policy – a revision of a rule that once required users to use their “real names” on the site, but which now allows them to use any names they are widely known by – was also ruled unlawful.

Early Facebook and Google Employees Form Coalition to Fight What They Built | The New York Times  — Doing anything evenly vaguely related to tech can be disheartening at times. If you can see through all the bullshit, let alone have a desire to present a balance against some of the more disturbing trends, you might find some hope in this project.

The effect of technology, especially on younger minds, has become hotly debated in recent months. In January, two big Wall Street investors asked Apple to study the health effects of its products and to make it easier to limit children’s use of iPhones and iPads. Pediatric and mental health experts called on Facebook last week to abandon a messaging service the company had introduced for children as young as 6. Parenting groups have also sounded the alarm about YouTube Kids, a product aimed at children that sometimes features disturbing content.

The new group also plans to begin lobbying for laws to curtail the power of big tech companies. It will initially focus on two pieces of legislation: a bill being introduced by Senator Edward J. Markey, Democrat of Massachusetts, that would commission research on technology’s impact on children’s health, and a bill in California by State Senator Bob Hertzberg, a Democrat, which would prohibit the use of digital bots without identification.

The Idiot in Society

You Don't Understand Bitcoin, but You Understand Free Money  —  I’m not posting his for what it shares, but for the utterly moronic sentiment in its title. This so-called free money has an economic underpinning, whether people like this idiot want to believe it or not. We could go all the way back to the labour if you like, but let’s talk about energy consumption instead. Bitcoin alone is currently using more than 1m transatlantic flights worth of carbon per year. If we really want to make something of the revolutionary technology that makes bitcoin possible, we'll have to deal with all the snake oil salesmen, and sociopaths first.

Bitcoin’s energy sage is huge – we can't afford to ignore it | The Guardian — Thought I was making up that figure? If you know anything about economics, you know value has to come from somewhere. The next time you hear some idiot banging on about Bitcoin being decoupled from politics, remind them… actually, forget it, who knows what those people are high on.

Could be, Might be useful

Markdown Converter | OU Libraries Tools — A tool like this can help enable an iOS only workflow if you work with Markdown.

10 Hidden Tricks That'll Make Life With Your iPhone X so Much Easier | BGR — If you have one, this is actually useful.

Left by Rekka — If you’re looking for a simple, plain text writing app.

Setting Up GitHub Pages HTTPS Custom Domains Using CloudFront and Lamda@Edge — A while ago I posted a reminder of what education users can get through Github. If you’re already on that train, here is a tutorial for adding ssl to GitHub pages (check)

Tweak Spotify's Recommendation Tech to Create Custom Playlists | Engadget — Yet more fun with the Spotify API

And now, for Something Completely Different

Solo, a Star Wars Story | Kottke — I’m with Kottke, my ongoing love and obsession with Star Wars is embarrassing and irrational. I’m an outlier, in that I feel like the Last Jedi all but redeemed the crimes of Abrams. Not that I really cared in the end, when it comes to a galaxy far far away, I inevitably give in to childish joy. Whatever this ends up being, I intend to enjoy it

Gorgeous 50-Megapixel Panoramas Shot on an iPhone at 20,000 Feet — It’s these capabilities that trap us in the double bind. What you can do with an iPhone now is amazing, especially in photography. Consider these pictures were taken with a phone, and therefore camera, that is already 2 generations old.

Kids Use Data From Space to Make Cool Basslines With a Modular Synthesizer | Synthtopia — Ah space music.

  1. You know, an Apple Cast

Photo by Daniel Cheung on Unsplash

Do Not, I Repeat, Do Not Download Onavo, Facebook’s Vampiric VPN Service

Old news, yes I know. However if anything bears repeating, this is over qualified. If clarification is needed, the Onavo VPN does not enable any kind of new practice from Facebook. No, it simply makes it dramatically more efficient for Facebook to do what they always do, track everything. What’s particularly nauseating in this instance, is how they’re taking advantage of general misunderstanding around security and privacy. To my mind, this meets the modern definition of a lie. Onavo is spyware.

If you’re someone who can’t live without Facebook or simply can’t find the courage to delete it, the Onavo appears under the “Explore” list just above the “Settings” menu. I’d recommend you never click it. Facebook is already vacuuming up enough your data without you giving them permission to monitor every website you visit.

Show and Tell – Wednesday, 10 Jan 2018

Anyone wondering when more content might be added to this site, fear not. Like any sane person with a family, I took a little time away from the desk over the past few weeks. Having returned to task this week I have been feverishly working in the background, putting more permanent fixes in place for some of the things I mentioned last month. Dealing with amateur mistakes I made when both setting up this site initially, and migrating it to WordPress. 1 Even if there is still work to be done, by now the site should be much faster for most users, and in subtle ways it should look nicer. If you are having any trouble viewing the site, please drop me a line here

Now that I am able to get back to the writing, I have a lot to share. In the meantime, here is some of the Show and Tell backlog I have been sitting on.

We Know Where You Live

Amazon wants a key to your house. I did it. I regretted it. | The Washington Post — Never has that subtitle been more apt. Another in case you missed it link, but not for the reason you might think. Sometimes I despair. You’d think this was a critical look at the idea of totalising one’s life with a tech shopping company. Alas, it appears more of a thinly disguised lament that using one place to shop doesn’t allow you to get the best prices. If this is your only concern here, I fear you are lost.

Cryptojacking WordPress | WIRED  — Ordinarily I’m opposed to neologisms, but sometimes somebody nails it. To be fair, I’m much more opposed to Cryprojackers.

Meltdown and Spectre: What Apple Users Need to Know  — By now this is everywhere, and the patches are arriving. This whole issue is remarkable for how long these vulnerabilities have existed. Whenever you hear that crazy relative of yours telling people not to upgrade their OS, remind them of these vulnerabilities.

What Spectre and Meltdown Mean For WebKit | WebKit — More technical insight into how this all works.

Worst Passwords of 2017: From ‘123456' to ‘starwars' | the Independent  — This also did the rounds, but it bears sharing again. I realise how unlikely it is that anyone reading this would engage in such practices, but we all know somebody who needs a little help with this stuff.

Haven: Keep Watch  — This is interesting. I’d like to think we could see it on Apple devices, but that seems incredibly unlikely. In fact, it’s the first development in some time that has me casting an envious eye at the ugly green robot.

Snowden-Backed App ‘Haven' Turns Your Phone Into a Home Security System | WIRED  — See above

Group Madness

Elon Musk Shows Off the Tesla Roadster He's Prepping for Space  — I’m a space fan, but sorry this is fucking stupid. If you look closely you will notice a disturbing ideology that says we need to send junk to Mars, because we have too much junk down here. If we want to become a multi-planetary civilisation, it can’t be so we don’t have to sort our shit out on this planet.
To be clear, I want to see people on Mars, I was once a single digit child who wanted a laser sword. But I don’t want us to go there just so we have two planets to fuck up.

Oh, and by the way, Musk wants to Nuke the joint too, I guess he really is serious about getting it ready for humans. The funniest response to this I have seen was this: “Shouldn't we try to blow up the moon first?”

First Digital Pill Approved to Worries About Biomedical ‘Big Brother' | New York Times  — It says a lot about this historical moment that such a monumental breakthrough should be legitimately accompanied with this kind of suspicion.

The Attention Economy is the Addiction Economy | Medium — That more people involved in tech are starting to wake up to this isn encouraging. If it’s a bit much to suggest articles like this never go far enough, we have to start the conversation one ay or another.

Clean Energy Is a Bright Spot Amid a Dark Tech Cloud | WIRED – An actual example of Blockchain being applied to something other than destructive speculation.

Now Look Here

Panic Blog | the Future of Transmit iOS  — This has been about the wires the past week or so. In case you missed it, Panic will stop updating Transmit for iOS. The app will keep working for sometime, but it won’t be getting any further love unless something changes. This is a shame, but it’s sad to say that by the sounds of things, it won’t affect many people. One imagines — at least one hopes — that the iOS Files app will gradually develop to takeover the crucial functionality that pro users might miss. On top of which apps like Workflow and Pythonista can step in.

Remote Control a Mac From an iPhone via Workflow | Six Colors  — This is probably the year we will learn the fate of Workflow. Here’s hoping this kind of inventiveness adds to the case for its continued development and success, in whatever form that may be.

Marxico | Markdown Editor for Evernote — Having written up a guide for how to leave the green elephant behind, I thought I might engage some irony. This is pretty neat actually, if you’re an Evernote user who wants to use Markdown this is an option. As a bonus, sometime ago I write up intersections for turning web apps into native apps. 2

And Now For Something Completely Different

The Last Jedi Trailer Song in GarageBand iOS | YouTube — I’ve been threatening to write about iOS music apps for some time. The things you can now do on the iPad, even with GarageBand, are incredible.

How BeatMaker Caught the iOS Music Trend Before It Even Started | CDM Create Digital Music  — BeatMaker 3 is one of my favourite iOS apps full stop, let a one music apps. Whether you’re into music making on iOS or interested in development, this is an interesting insight into the history of development on the platform

New App Descript Lets You Edit Audio Like a Word Document –  – If anyone can explain to me how this works?

The Smallest PaaS Implementation You've Ever Seen | Dokku  — This is awesome

Star Wars Episode IV.1.d: The Pentesters Strike Back | CyberPoint International on Vimeo  — Something that brings together two very specific geek spheres. You know who you are.

  1. And all the other amateur mistakes in between. 
  2. So to speak, if you was to split hairs they’re not actually native. 

Ad targeters are pulling data from your browser’s password manager | The Verge

This from The Verge. Not for nothing, I urge the use of a password manager, but I have never been an advocate of the built version from your browser. Even if this method is new, unfortunately browsers are generally under siege,

The researchers examined two different scripts — AdThink and OnAudience — both of are designed to get identifiable information out of browser-based password managers. The scripts work by injecting invisible login forms in the background of the webpage and scooping up whatever the browsers autofill into the available slots. That information can then be used as a persistent ID to track users from page to page, a potentially valuable tool in targeting advertising.


Show and Tell – Thursday, 07 Dec 2017

Fewer links this week, as I get on with other things.

How to Irritate People

Laptop bans in class seem to be topic of the week:

Why I'm Not a Fan of Laptop Bans | Confessions of a Community College Dean — Naturally, I’m not a fan either. Neither can I concede the point about not shining a light on accessibility users. I can’t see a way in which a ban that included an exception for only a few users with different abilities wouldn’t be a floodlight that says ‘this person is not the same’. Here’s an idea, make your class interesting enough for students to pay attention and you won’t have as many on Facebook. Sure, that’s not easy, but banning technology won’t make your material worth absorbing.

Lecture, Attention, Recall … It's Complicated | Just Visiting – I’ve been thinking a lot about attention lately, and very little about teaching. Then again, I have plenty of thoughts on teaching to turn to. One recurring thought is triggered when I hear this nonsense about banning devices I lectures. I know I’m repeating myself. But, when I come across such a proposal, it recalls the overwhelming sense one gets that universities, and their most institutionalised educators are so often of the mind that there is something wrong with the student. The student must be fixed. Indeed they must be saved from attention grabbing technology. I call bullshit, which is why I was so pleased to read this paragraph:

If we’re going to lecture, aren’t we better striving for triggering a mind-blowing experience and not worry so much about recall. Let the mind-blowing experience that sends the student into a vortex of thought and reflection so deep they can’t pay attention to whatever else is happening be our goal.

Nobody Expects the Spanish Inquisition

“I Am Root”: A Retrospective on a Severe Mac Vulnerability | the Mac Security Blog – Some more detailed information on that root bug, and the machinations that caused it. With apologies, this website has some appalling design issues, especially if you’re on an iPad . I advise using reader mode.

Uber Data Hack | Schneier on Security – Bruce Scneiers roundup on Uber’s hack

Idle at Work

Editorial Workflow | post to – This is for a small subset of an already small audience. If you use, and editorial, somebody made a useful workflow for you

And now, for Something Completely Different

Dressing Up as Batman May Help Boost Your Productivity | Gizmodo Australia – And you wonder why Im so sarcastic about the cult of productivity



Personal info of 31 million people leaked by popular virtual keyboard Ai.type

By now you have probably heard this happened. This is a shocking leak, and exactly the kind of thing that proves the point I was making about facial recognition data. There were objections to the headline of the Washington post article about ‘Apple sharing face data with apps’. Objections along the lines that it’s actually you who shares the data. As ever, the truth is in the middle. Decisions are made at the source to make such things possible, but yes, you can opt to not use third-party apps that need private data to operate. There are indeed warnings on the box, as there was in this case.

It made me think of Smile software’s borderline flippant help article about the scary keyboard warning for allowing full access to keyboards. Ultimately, that article explains the need for the warning, although I’m not sure they do themselves any favours with the headline. This keyboard app is case study that makes the point with an exclamation mark. It is a fuck-up of the highest order,

the app’s database server was left online without any form of authentication. This meant anyone could access the company’s treasure-trove of personal information, which totals more than 577 gigabytes of data, without needing a password.

Yes, you read that right. It gets worse,

Some information is worryingly personal. It contains the precise location of the user, their phone number and cell provider, and according to Whittaker, the user’s IP address and ISP, if they use the keyboard while connected to Wi-Fi.

For reasons unclear, it also uploaded a list of each app installed on the phone, allowing the makers to, in theory, determine what banking and dating apps were being used.

Ai.type effectively enumerated the device it was being used on. It also uploaded hundreds of millions of phone numbers and e-mail addresses, suggesting that the keyboard was accessing the users’ contact information.

Apparently this affected mostly free users, which should 1 serve as a good illustration of the adage that if you’re not paying for a product, you are the product.

Here is some more detail. Please — for the love of god — read those permission messages and think about the access an app has to what, and why. Stay safe.

  1. But won’t

Apple is sharing your face with apps. That’s a new privacy worry | The Washington Post

This article from The Washington Post is doing the rounds. It’s impossible to stay away from the implications of this. If you have even the slightest inclination to think critically, the sharing of facial recognition data should raise questions for you. Something that bothers me about a lot of so-called critics in the Apple space, they don’t so much give Apple the benefit of the doubt, as simply overlook critical details in favour of the hype machine. I’m enthusiastic about technology, but I’m much more enthusiastic about thinking for oneself.

I made a throwaway remark about the Warby Parker app, hidden in the show and tell links a couple of weeks back . 1 It has been on my mind since, not least because there seems to be a lack of nuance in a lot of the coverage on this stuff. You either get the cheerleading for what the technology can do, or the fear and doubt clickbait. Neither is helpful. While it’s early days, it’s not hard to see there are some sticky contradictions at play.

Apple has no need of the data for monetisation itself. They make the big numbers from their hardware, but the software is what gives the hardware itself value. 2 Privacy is part of that value. In other words, privacy is important to Apple because they can trade on it. It was a smart decision to make privacy and security a point of difference, regardless of how effective it might ultimately be. Where the lines start to blur is where apps and services operate on a contradictory model. Where data is the thing that Make no mistake, that data is extremely valuable.

Indeed, Apple—which makes most of its money from selling us hardware, not selling our data—may be our best defense against a coming explosion in facial recognition. But I also think Apple rushed into sharing face maps with app makers that may not share its commitment, and it isn’t being paranoid enough about the minefield it just entered.

Navigating these contradictions is vitally important, making mistakes with it now will have serious consequences,

Apple’s face tech sets some good precedents—and some bad ones. It won praise for storing the face data it uses to unlock the iPhone X securely on the phone, instead of sending it to its servers over the Internet.

Less noticed was how the iPhone lets other apps now tap into two eerie views from the so-called TrueDepth camera. There’s a wireframe representation of your face and a live read-out of 52 unique micro-movements in your eyelids, mouth and other features. Apps can store that data on their own computers.

  1. Incidentally, I have no interest in being another ‘called it’ ego tripper. My concern is that people are thoughtful, and careful about what they give access to, and how.
  2. Don’t worry, I know there’s much more to it.

Show and Tell – Tuesday, 28 Nov 2017

We Know Where You Live

Google Collects Android Users' Locations Even When Location Services Are Disabled | Quartz — I’m not part of any holy war, but I’d prefer to have the control that an iPhone gives me

Something is wrong on the internet | James Bridle – Medium — You don’t need to be a parent to find this deeply disturbing. Being a parent makes it doubly so. Buzzfeed reported this week that ‘YouTube Is Addressing Its Massive Child Exploitation Problem’, but this smacks of PR to me. Experience tells us they will do the minimum amount necessary to hush the growing noise.

When Your Kid Tries to Say ‘Alexa' Before ‘Mama' | the Washington Post — If you know anything about socialisation, and/or language development you will recognise what is happening here.

To Save Net Neutrality, We Must Build Our Own Internet | Motherboard — This is an optimistic spin on what looks a shitty situation in the states.

Libraries Look to Big Data to Measure Their Worth–and Better Help Students | EdSurge News — ‘big data’ has become such a catch all. Thankfully for patrons, most libraries tend to value privacy. There are always exceptions

Welcome to the jungle

Amazon Key Flaw Could Let Rogue Deliverymen Disable Your Camera | WIRED — Talk about extreme trade-offs. There has got to be a better way than giving access to your house? Is anyone actually surprised this thing is vulnerable?

Amazon Launches New Cloud Storage Service for U.S. Spy Agencies – the Washington Post — Security is possible, just not for you

Tips and Tricks

Supported Mac Models for Night Shift in High Sierra 10.13.2 | Pike's Universum — If your Mac isn’t supported for night shift, it’s seems that fl.ux is not your only option. This hack is for the brave

iOS 11.2 Beta 3 Introduces Pop-Up to Explain Control Center Wi-Fi/Bluetooth | Mac Rumors – I find this is amusing. Apple changed the behaviour of the Wi-Fi shortcut in control centre in an effort to cut down on the support labour they had to spend to explain it to people. This would suggest that has backfired a little, or not. Either way, it appears people will be confused.

Last Thoughts on Modifier Keys | All This – The doctor continues his philosophical dive on shortcuts and modifier Keys. Like I said, the detail is delightfully nerdy. However, there is something a little obvious I want to point out. I suspect The modifiers are represented as an analogue of their physical location. The Command key is closest to the letter keys, and so on. Not that I care to enter a holy war on programmatic symbolism, it’s more that something’s don’t actually have any real deep meaning. They simply are as they appear to be.

Get Free Private GitHub Repositories Through GitHub Education – Prof Hacker makes a good point, not a lot of people know about GitHub eduction generosity

What Else Floats

Apple Only Wants to Put Its Stores Where White People Live | the Outline — Further to Apple recently deciding it’s stores were the new“the public square” – the white washed square that is. Don’t get me started on the monetisation of the public square. Watch this slide right off. Nothing sticks.

Two Major Cydia Hosts Shut Down as Jailbreaking Fades in Popularity – Mac Rumors – I can understand why interest is waning in jail breaking. The restrictions in iOS are no longer as severe as they once were, and with tools like Workflow it is becoming less and less worth trading off your security for unrestricted access to the file system. Improvements to Android probably have something to do with this too. Android has the ugly but ridiculously powerful Tasker system for automation for those who really want to go nuts

To See Such Fun

LEGO Robots Get Their Jam on | Synthtopia – Seriously cute. Fun.