Month: November 2014

Trevor Paglen presents “Code Names of the Surveillance State,” a video installation in Metro Pictures’ upstairs gallery composed from more than 4,000 National Security Agency (NSA) and Government Communications Headquarters (GCHQ) surveillance program code names. Projected onto four walls as an endlessly scrolling series of columns, the code names are deliberately nonsensical, often droll and sardonic words or short phrases without discernable connection to the programs they designate. “Bacon Ridge” is an NSA installation in Texas, “Fox Acid” an NSA-controlled Internet server designed to inject malware into unsuspecting web browsers, and “Mystic” a program to collect every phone call from the Bahamas.

Paglen’s works are not explanatory documents of his subjects; instead, they are revealing and eerie evidence of the US government’s vast secret surveillance apparatus. His installation is as enigmatic and seductive as is his photographs of drones, black op programs, spy satellites and military “black sites.” Within the installation the code names are subtly suggestive of the clandestine programs they represent, just as Paglen’s photographs, shot from great distance using specially devised photographic equipment, reveal isolated facilities and distant objects in the sky as untethered and dreamlike aberrations.

If you’re in New York City and you don’t go see this — it’s on until December 20 — I will be deeply saddened. This looks incredible. It’s the kind of thing that makes me wish I had more time to devote to art making.

Julia Angwin, Pro Publica:

AT&T says it has stopped its controversial practice of adding a hidden, undeletable tracking number to its mobile customers’ Internet activity.

“It has been phased off our network,” said Emily J. Edmonds, an AT&T spokeswoman.

Here we have a case of AT&T actually doing the right thing. They get criticized so frequently for so many reasons, so I think it’s important to point out when they do something good and ri—

*mimes touching earpiece*

What’s that? Oh.

Edmonds said AT&T may still launch a program to sell data collected by its tracking number, but that if and when it does, “customers will be able to opt out of the ad program and not have the numeric code inserted on their device.”


Sarah Mcbride, Malathi Nayak, and Alexei Oreskovic, Reuters:

After two years of popping up at high-profile events sporting Google Glass, the gadget that transforms eyeglasses into spy-movie worthy technology, Google co-founder Sergey Brin sauntered bare-faced into a Silicon Valley red-carpet event on Sunday.

He’d left his pair in the car, Brin told a reporter.

Bet he didn’t leave his phone in the car, though.

Ryan Smith, AnandTech:

[It] has become clear that with A8X Apple has once again thrown us a curveball. By drawing outside of the lines and building an eight cluster GPU configuration where none previously existed, the A8X and its GXA6850 GPU are more powerful than even we first suspected. Apple traditionally aims high with its SoCs, but this ended up being higher still.

The numbers here are just off the charts. The iPad is aching for software features that can really take advantage of performance like this.

From Microsoft TechNet:

This security update resolves a privately reported vulnerability in the Microsoft Secure Channel (Schannel) security package in Windows. The vulnerability could allow remote code execution if an attacker sends specially crafted packets to a Windows server.

This security update is rated Critical for all supported releases of Microsoft Windows.


When this security bulletin was issued, Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers.

No time to gloat; this is properly scary. This remote code execution vulnerability exists in pretty much all versions of Windows since 95, and it requires almost no user interaction beyond using Internet Explorer to go to the wrong website. And it’s about to get scarier because that last line — the bit about it not being used in the wild — has just changed.

Patch up.

Reuters recently turned off comments on their articles, perhaps realizing that they’re not exactly a bastion of considered thought. However, there was a curious paragraph in executive editor Dan Colarusso’s announcement:

We value conversation about the news, but the idea of comments on a website must give way to new realities of behavior in the marketplace.The best place for this conversation is where it is open to the largest number of participants possible.

Translation: the best place for this conversation is as far away as is possible from Reuters properties.

Yoree Koh, Wall Street Journal:

[Twitter CFO Anthony] Noto, who led and emceed most of the all-day event, also read out Twitter’s new strategy statement, which he admitted was a mouthful: “Reach the largest daily audience in the world by connecting everyone to their world via our information sharing and distribution platform products and be one of the top revenue generating Internet companies in the world.”

“I struggle to read it every time,” Noto said.

There are word salad mission statements, and then there’s this jumbled pile of meaningless spew. Let’s take this bit-by-bit:

Reach the largest daily audience in the world…

It reads as though they were forced to jam into the statement the worldwide, real-time intent of Twitter, so that’s why this phrase has every buzzword.

…by connecting everyone to their world…

Two instances of the word “world” separated by just five words makes my head whirl.

…via our information sharing and distribution platform products

What the hell is a “platform product”? Why both? What separates these “platform products” from other “information sharing and distribution platform products” like email?

…and be one of the top revenue generating Internet companies in the world.

My guess is that they wrote the first bit of the statement, then realized their investors might get a bit testy when they didn’t include money. Also, another “in the world”? Was this statement written by Jeremy Clarkson?

It’s also 80 characters longer than a tweet, which should be the new benchmark for mission statements, especially Twitter’s.

Judging by Ron Amadeo’s review, it seems that this update is a big refinement across the board. As iOS 7 was to iOS 6, Android 5 is to Android 4.x: a universal revision, aiming to provide consistency and structure across the OS. And, as iOS 7 took cues from Android at the time, Lollipop takes some cues from iOS: the lock screen, in particular, looks like a lightly-skinned version of iOS’.

But who cares? All mobile OSes are basically converging towards the same point, each taking inspiration (and often more) from their competition. Until something brand new in either software or, more likely, hardware comes along to really shake things up, we’re probably going to be seeing more of the same push towards refinement, not revolution. And that’s okay.

Kate Knibbs, Gizmodo:

Corporations can be just as tyrannical as corrupt federal administrations, and we have been in danger of ISPs controlling and corroding the flow of information through the internet in a way that would be detrimental to everybody. This is not a case of government scope creep. This is a case of the executive branch of the government taking a stand in an attempt to preserve an endangered freedom.

The only thing net neutrality would slow down is the speed at which you’re getting fucked, and that’s something everyone in Congress should agree on.

Yeah, yeah: Gizmodo. But this is a perfect response to Sen. Cruz’s bile.

From the President’s prepared remarks:

The rules I am asking for are simple, common-sense steps that reflect the Internet you and I use every day, and that some ISPs already observe. These bright-line rules include:

  • No blocking. If a consumer requests access to a website or service, and the content is legal, your ISP should not be permitted to block it. That way, every player — not just those commercially affiliated with an ISP — gets a fair shot at your business.

  • No throttling. Nor should ISPs be able to intentionally slow down some content or speed up others — through a process often called “throttling” — based on the type of service or your ISP’s preferences.

  • Increased transparency. The connection between consumers and ISPs — the so-called “last mile” — is not the only place some sites might get special treatment. So, I am also asking the FCC to make full use of the transparency authorities the court recently upheld, and if necessary to apply net neutrality rules to points of interconnection between the ISP and the rest of the Internet.

  • No paid prioritization. Simply put: No service should be stuck in a “slow lane” because it does not pay a fee. That kind of gatekeeping would undermine the level playing field essential to the Internet’s growth. So, as I have before, I am asking for an explicit ban on paid prioritization and any other restriction that has a similar effect.

This isn’t in any way about changing the way the internet works; it’s about retaining the way the internet has always worked in the face of increasing corporate influence.

Unfortunately, it seems as though some people have got it into their heads that the internet should be regulated not by the government but by corporate interests. These uncompromising beliefs have polarized an issue that, frankly, is something that should be immune to polarization. The overarching principles of net neutrality are generally agreeable and not something most people would debate; it is the idea that government would set rules around this that seems to frighten people, which is unfortunate. The government already sets rules that prohibit other utilities from discrimination; why would the internet be any different?

More unfortunate is the unlikelihood of any regulations being passed on this extremely important issue. Now that Republicans — overwhelmingly those who not only disagree with net neutrality regulations due to a market solutions-based philosophy, but who summarily reject anything the Obama administration proposes — control both the House and Senate, the likelihood of a bill becoming law is extraordinarily slim. If such a bill were to be proposed, it’s likely that it would become a watered-down, corporate-influenced version of such a bill that doesn’t actually set net neutrality boundaries, but rather reinforces the ability for ISPs to jerk their customers around. Though, that’s probably true regardless of the party in charge — telecom companies routinely donate large amounts of money to candidates from both parties.

Remember, too, that though this debate is taking place largely in the United States, its effects will be felt worldwide. The US exerts massive influence on the way other countries will follow. As Voltaire reminds us, this power doesn’t come without responsibility.

David Sparks:

I don’t know what to think about Apple and the cloud at this point. I think this is really important to Apple’s success (and my ability to get the most out of their products). Nevertheless, they keep stumbling. I know what they are doing at this massive scale is hard. However, Apple’s secretive nature combined with these obvious problems makes it appear they just don’t care, which I don’t think is true but nonetheless frustrating when it interrupts my flow. I suspect the truth is that the iCloud team is pedaling like mad and don’t want to publicly acknowledge these problems but instead just fix them.

I want to believe that iCloud’s reliability is getting to a point where us nerdier types can comfortably recommend it to our friends and family. But the bungled launch of iCloud Drive combined with quiet changes and backwards incompatibility puts at risk much of the cloud services goodwill Apple has been trying to salvage.

I don’t know how long it’s going to take iCloud to become reliable, but it will almost certainly be shorter than the amount of time it will take me to feel comfortable relying upon it. And I should be able to rely upon it. While I may feel that my local storage is more secure, the truth of the matter is that it cannot compete with server farms mirrored worldwide. Though I could pick up some Amazon storage or use Dropbox, an OS-integrated solution makes far more sense to me if it were done right.

When I was a little younger, I used to spend an awful lot of time hanging out on IRC in small rooms of like-minded people. I’ve made a lot of acquaintances and a few friends in that way. Over time, those relationships moved over to Twitter. While the friendships continue, it’s more passive, and a little harder to keep a discussion going. While I’m not one to hope Twitter goes away, I see the value in a platform more tailored to conversations.

For the past week, I’ve been testing an interesting new app called Wulu that promises that and, for the most part, seems to deliver. They describe it this way:

WULU is a place for real people and real conversation.

Just pick a trending topic and we’ll pair you with other people looking to talk about the same thing.

Which makes sense, but I like to think of it as short, real-time conversations among four like-minded people. Just four: no more, no less.

Now, full disclosure: one of the creators of the app, Andrew Turnbull, emailed me to tell me about it, and to inquire about purchasing sponsorship space on the site. I get loads of emails like this, and I ignore most of them, but Wulu seemed interesting. I declined the sponsorship, but told him I’d check out the beta and see if it interested me. And it’s earned a space on my first home screen, so I think that tells you all you need to know.

The app also has another interesting angle: it was developed right here in Calgary. So I met Andrew for coffee (well, tea) yesterday and got to know a little more about the intent of the app. He reiterated that the real-time aspect was very important, so that’s why there’s no archived chats. He explained that double-tapping on a comment in a thread would “nod” that comment — sort of like a thumbs-up; each nod equates to a point, and there’s a leaderboard to see how many nods you and others are getting. Andrew explained to me that this encourages productive conversations, rather than spam. (There’s a “report inappropriate” button on each user’s profile to combat the latter.)

To reiterate: I wasn’t paid for this post, and not even encouraged. I’m just a fan of the app and wanted to let you, my dear readers, know about it. It’s definitely a 1.0; there are some things that aren’t entirely sorted out. Topics, for example, are currently set manually by the founders, with Google News, and trending Facebook and Twitter topics as guides. But it’s a really good start. You should check it out.

Cabel Sasser:

Unison — our excellent OS X app for accessing Usenet Newsgroups and the many wonders and mysteries contained within — has reached the end of its road after years of faithful service.

Unison’s end is bittersweet. The market for a Usenet client in 2014 isn’t exactly huge. But if you know Panic, you know we do our very best to never drop things awkwardly — we like to leave our apps in a good place for our (very) valued users.

Frankly, I’m surprised that Unison has survived this long. How many people — aside from a few nerds like myself — actually use Usenet in a year beginning with “2”?1 And, yet, it soldiered on, until now. This is a textbook example of how to discontinue an app in a way where nobody really loses.

  1. There are two major ISPs in Calgary, and I deliberately chose the one that offers Usenet access. Because, of course, I totally like talking to people in a 1980s way. That’s why. ↥︎

Dustin Curtis:

People buy hardware that fits into their lives, and becomes part of how they identify themselves to the world. If you want to sell hardware, you have to be in fashion, like Samsung was two years ago, or like Apple has always been. Amazon is incapable of understanding fashion, because it has no taste, and its hardware is completely unfashionable and tasteless.

Darrell Etherington, TechCruch:

Amazon has a new product that doesn’t really have any current equivalent form any other tech company – a connected speaker called Echo that’s always-on, listening for commands that its virtual assistant can then respond to with information or by triggering a task.


Amazon notes that it only listens when you say the activation word, which appears to be “Alexa” by default.

So it’s always listening, then.

And I wonder if this, like the Fire Phone, will simply be a conduit to buying stuff from Amazon. If it can be hooked up home-wide and it’s not pushy about filling your Amazon cart, it could be a slick Jarvis-esque product. If it’s just gonna suggest new albums to buy when you tell it to play music, it sounds pretty weak. In either case, I’m not sure I’d buy one; Amazon simply isn’t a great hardware company.

Marco Arment:

Google’s use of their Android sharing icon in their iOS apps has nothing to do with “open” nonsense and everything to do with Google asserting that they know better.

Apple shamelessly pulls the same move — see, for instance, every Windows app they’ve ever made — but they don’t patronize us with bullshit justifications.

I went to art school. I’ve seen people dream up some conceptual nonsense to fit whatever piece they threw together the night before. I can smell bullshit.

If you want to stay “on brand”, just say so. That’s why the new Google Maps looks the same on iOS and Android: all Roboto all the time, “material” design, and a vertical ellipsis to denote “more” in the toolbar.

(And by “their Android sharing icon”, Arment means Alex King’s sharing icon.)

Jemima Kiss, reporting for the Guardian:

[Former NSA general counsel Stewart] Baker said encrypting user data had been a bad business model for Blackberry, which has had to dramatically downsize its business and refocus on business customers. “Blackberry pioneered the same business model that Google and Apple are doing now – that has not ended well for Blackberry,” said Baker.

He claimed that by encrypting user data Blackberry had limited its business in countries that demand oversight of communication data, such as India and the UAE and got a bad reception in China and Russia.

That’s the best you’ve got, Baker?

Encrypting user data was and, in fact, has always been one of the highlights of the BlackBerry product range. It’s why the Pentagon has ordered boatloads of them, as recently as earlier this year. It’s one of the features former NSA chief Micheal Hayden praised:

Mr. Hayden said the BlackBerry has “baked in a heightened level of security from the beginning” and has an “inherent advantage” over other devices, but: “I bought an iPhone. What more can I say?”

So the US government and its most secretive factions praise the BlackBerry’s ability to encrypt data and have showered them with impressive contracts as a result.

Let’s look at Baker’s other claim: that this level of secrecy has resulted in limited adoption in places that demand less encryption, and that the increased security on iPhones and Android phones will cause their demise. Like Baker, we’ll start in India, where the iPhone has just had its best year of sales yet:

Apple has sold more than a million iPhones in India since its current fiscal year started in October, a major milestone for a company that wasn’t serious on the South Asian market until a couple of years ago.

The company didn’t reveal its India sales data, but industry research agencies put it at 1.02 million between October 2013 and August 2014. Sales are likely to reach 1.1 million units by the time Apple’s fiscal year ends on September 30.

A million phones in a country of a billion people doesn’t sound like much, but India is a developing nation. A majority of those phones are the 5S model, too — this report came out before the iPhones 6 were released there — which support more robust encryption that previous models.

How about the United Arab Emirates? While some iPhone functionality, like FaceTime, is disabled there, iPhones occupy three of the top five most-used smartphones in the country. A third-party company also launched a gold-plated iPhone in Dubai, which allegedly made Justin Bieber cry.

But back to Baker’s premise: was BlackBerry killed by too much encryption? No. They simply failed to keep up with the iPhone and, subsequently, Android phones that had big multitouch displays and a much better user experience. People simply bought the better product.

Intelligence agencies sure are scared shitless that they can’t read our text messages, though, aren’t they?

Not content with ruining journalism, Verizon has decided to put some effort into maintaining the shitty reputation of ISPs and cellular carriers. Jacob Hoffman-Andrews, of the EFF:

Verizon users might want to start looking for another provider. In an effort to better serve advertisers, Verizon Wireless has been silently modifying its users’ web traffic on its network to inject a cookie-like tracker. This tracker, included in an HTTP header called X-UIDH, is sent to every unencrypted website a Verizon customer visits from a mobile device. It allows third-party advertisers and websites to assemble a deep, permanent profile of visitors’ web browsing habits without their consent.

Unfortunately, by signing the extremely long Verizon service agreement, you’re also agreeing to the very long privacy policy, of which a subsection does enable Verizon to be this creepy (emphasis mine):

We collect information about your use of our products, services and sites. Information such as call records, websites visited, wireless location, application and feature usage, network traffic data, product and device-specific information and identifiers, service options you choose, mobile and device numbers, video streaming and video packages and usage, movie rental and purchase data, FiOS TV viewership, and other similar information may be used for billing purposes, to deliver and maintain products and services, or to help you with service-related issues or questions. In addition, this information may be used for purposes such as providing you with information about product or service enhancements, determining your eligibility for new products and services, and marketing to you.

This is buried way down in Verizon’s sub-sub-agreement, almost as though they hope nobody reads these things. Worse still, as the EFF points out, the header is part of all your traffic over their network, is specific to your device, and can be sniffed by anyone. Creepy.