"privacy" entries

Four short links: 21 January 2016

Four short links: 21 January 2016

Hidden Networks, Dissolving Sensors, Spies Spy, and Redirected Walking

  1. Big Bang Data: Networks of London (YouTube) — guide to the easy-to-miss networks (fibre, CCTV, etc.) around Somerset House, where an amazing exhibition is about to launch. The network guide is the work of the deeply talented Ingrid Burrington.
  2. Sensors Slip into the Brain and then Dissolve When Done (IEEE Spectrum) — pressure and temperature monitors, intended to be implanted in the brain, that completely dissolve within a few weeks. The news, published as a research letter in the journal Nature, described a demonstration of the devices in rats, using soluble wires to transmit the signals, as well as the demonstration of a wireless version, though the data transmission circuit, at this point, is not completely resorbable. The research was published as a letter to Nature.
  3. GCHQ Proposes Surveillable Voice Call Encryption (The Register) — unsurprising, but should reiterate AGAIN that state security services would like us to live in the panopticon. Therefore, don’t let the buggers anywhere near the reins of our communication systems.
  4. These Tricks Make Virtual Reality Feel RealScientists are exploiting the natural inaccuracies in people’s own proprioception, via a technique called “redirected walking,” to create the perception of space where none exists. With redirected walking, […] users can sense they are exploring the twisting byways of a virtual city when in reality they are simply walking in circles inside a lab. Original Redirect Walking paper.

Four short links: 5 January 2016

Four short links: 5 January 2016

Inference with Privacy, RethinkDB Reliability, T-Mobile Choking Video, and Real-Time Streams

  1. Privacy-Preserving Inference of Social Relationships from Location Data (PDF) — utilizes an untrusted server and computes the building blocks to support various social relationship studies, without disclosing location information to the server and other untrusted parties. (via CCC Blog)
  2. Jepson takes on Rethink — the glowingest review I’ve seen from Aphyr. As far as I can ascertain, RethinkDB’s safety claims are accurate.
  3. T-Mobile’s BingeOn `Optimization’ Is Just Throttling (EFF) — T-Mobile has claimed that this practice isn’t really “throttling,” but we disagree. It’s clearly not “optimization,” since T-Mobile doesn’t alter the actual content of the video streams in any way.
  4. qminer — BSD-licensed data analytics platform for processing large-scale, real-time streams containing structured and unstructured data.
Four short links: 15 December 2015

Four short links: 15 December 2015

Barbie Broken, JSON Database, Lightbulb DRM, and Graph Database

  1. Crypto is Hard says Hello BarbieWe discovered several issues with the Hello Barbie app including: it utilizes an authentication credential that can be re-used by attackers; it connects a mobile device to any unsecured Wi-Fi network if it has “Barbie” in the name; it shipped with unused code that serves no function but increases the overall attack surface. On the server side, we also discovered: client certificate authentication credentials can be used outside of the app by attackers to probe any of the Hello Barbie cloud servers; the ToyTalk server domain was on a cloud infrastructure susceptible to the POODLE attack. (via Ars Technica)
  2. Kinto — Mozilla’s open source lightweight JSON storage service with synchronisation and sharing abilities. It is meant to be easy to use and easy to self-host.
  3. Philips Blocks 3rd Party Lightbulbs — DRM for light fixtures. cf @internetofsh*t
  4. gaffer — GCHQ-released open source graph database. …a framework that makes it easy to store large-scale graphs in which the nodes and edges have statistics such as counts, histograms, and sketches. These statistics summarise the properties of the nodes and edges over time windows, and they can be dynamically updated over time. Gaffer is a graph database, rather than a graph processing system. It is optimised for retrieving data on nodes of interest. IHNJH,IJLTS “nodes of interest.”
Four short links: 14 December 2015

Four short links: 14 December 2015

Design for the Surveilled, Concept Learning, Media Access, and Programming Challenges

  1. Please Stop Making Secure Messaging Systems — how to design for the surveilled, and the kinds of tools they need BEYOND chat.
  2. Human Level Concept Learning through Probabilistic Program Induction — paper and source code for the nifty “learn handwriting from one example” paper that’s blowing minds.
  3. Access Denied (The Awl) — media had power because they had an audience, but social media gives celebrities, sports people, and politicians a bigger audience than media outlets. So, the media outlets aren’t needed, and consequently, they’re losing “access.” A reporter that depends on access to a compelling subject is by definition a reporter compromised. A publication that depends on cooperation from the world that it specializes in is likewise giving up something in terms of its ability to tell the truth about it. And nearly the entire media as it exists today is built around these negotiations.
  4. Stockfightera series of free, fun programming challenges […] suitable for programmers at all experience levels.
Four short links: 8 December 2015

Four short links: 8 December 2015

Open Source ZeroDB, HTTP Statuses, Project Activity, and Database Readings

  1. ZeroDB is Open Source — end-to-end encrypted database goes open source (AGPL, *ptui*).
  2. Choosing an HTTP Status Code — or “an alternative to engineers duelling.”
  3. Open Source Monthly — views of open source projects through their GitHub activity.
  4. Readings in Database Science (5ed) — HTML and PDF versions of the papers.

Ari Gesher and Kipp Bradford on security and the Internet of Things

The O’Reilly Hardware Podcast: Evolving expectations for privacy.

Subscribe to the O’Reilly Hardware Podcast for insight and analysis about the Internet of Things and the worlds of hardware, software, and manufacturing.

350px-CCTV_Alexandre_Dulaunoy

In this episode of our newly renamed Hardware Podcast, I talk with Ari Gesher, engineering ambassador at Palantir Technologies, and Kipp Bradford, research scientist at the MIT Media Lab.

Gesher is the co-author of The Architecture of Privacy: On Engineering Technologies that Can Deliver Trustworthy Safeguards. Bradford is co-author of Distributed Network Data: From Hardware to Data to Visualization, and he’s spoken twice at Solid.

Discussion points:

  • The difference between security and privacy
  • Ari’s notion of what it means to be “polite” in a world where everything is recorded
  • The need and rationale for standards and protocols for IoT devices

Read more…

Four short links: 24 November 2015

Four short links: 24 November 2015

Tabular Data, Distrusting Authority, Data is the Future, and Remote Working Challenges

  1. uitable — cute library for tabular data in console golang programs.
  2. Did Carnegie Mellon Attack Tor for the FBI? (Bruce Schneier) — The behavior of the researchers is reprehensible, but the real issue is that CERT Coordination Center (CERT/CC) has lost its credibility as an honest broker. The researchers discovered this vulnerability and submitted it to CERT. Neither the researchers nor CERT disclosed this vulnerability to the Tor Project. Instead, the researchers apparently used this vulnerability to deanonymize a large number of hidden service visitors and provide the information to the FBI. Does anyone still trust CERT to behave in the Internet’s best interests? Analogous to the CIA organizing a fake vaccination drive to get close to Osama. “Intelligence” agencies.
  3. Google Open-Sourcing TensorFlow Shows AI’s Future is Data not Code (Wired) — something we’ve been saying for a long time.
  4. Challenges of Working Remote (Moishe Lettvin) — the things that make working remote hard aren’t, primarily, logistical; they’re emotional.
Four short links: 23 November 2015

Four short links: 23 November 2015

Elasticsearch SQL, App Privacy, Ad Bubble, and LLVM Fortran

  1. Elasticsearch SQLQuery elasticsearch using familiar SQL syntax. You can also use ES functions in SQL. Apache2-licensed.
  2. In Communist China, Tinder Screws YouChinese Tinder clone Tantan is endangering young women and men by failing to use encryption and exposing private data like that made public in the Ashley Madison hack.
  3. The Advertising Bubble (Maciej Ceglowski) — This is an article-length ad (1) targeted at companies selling software (2) to advertising startups (3) sellling their own ads (4) God knows where, possibly to some publishing startup burning through your grandmother’s pension fund (5,6,7,8). There’s an ad bubble. It’s gonna blow.
  4. Fortran for LLVMThe U.S. Department of Energy’s National Nuclear Security Administration (NNSA) and its three national labs today announced they have reached an agreement with NVIDIA’s PGI® software to create an open source Fortran compiler designed for integration with the widely used LLVM compiler infrastructure. Rumor has it the nuclear labs will defer implementation of READ DRUM to later generations.
Four short links: 18 November 2015

Four short links: 18 November 2015

Crypto Comms, Science Funding, Geo DB, and AI Ambitions

  1. If The Paris Hackers Weren’t Using Crypto, The Next Ones Will (Cory Doctorow) — But the reality is that criminals will be using crypto soon, if they aren’t already, for the same reason they’re using computers. Using crypto is the best way to communicate.
  2. Google $50M Heart Disease Effort — instead of taking bids for $250K chunks of the money, they will fund one team for five years. Applications close Feb 14.
  3. Pyro (Usenix) — This paper presents Pyro, a spatial-temporal big data storage system tailored for high-resolution geometry queries and dynamic hotspots. Pyro understands geometries internally, which allows range scans of a geometry query to be aggregately optimized. Moreover, Pyro employs a novel replica placement policy in the DFS layer that allows Pyro to split a region without losing data locality benefits.
  4. Inside Mark Zuckerberg’s Bold Plan for Facebook (FastCompany) — “One of our goals for the next five to 10 years,” Zuckerberg tells me, “is to basically get better than human level at all of the primary human senses: vision, hearing, language, general cognition.”
Four short links: 4 November 2015

Four short links: 4 November 2015

Data Dashboard, Feature Flags, Email Replies, and Invisible Bias

  1. re:dash — open source query editor, visualisations, dashboard for data from all sorts of databases (SQL, ElasticSearch, etc.)
  2. Feature-Flag-Driven Development — one of the key pieces of modern development systems.
  3. Gmail Suggesting RepliesIn developing Smart Reply, we adhered to the same rigorous user privacy standards we’ve always held — in other words, no humans reading your email. This means researchers have to get machine learning to work on a data set that they themselves cannot read, which is a little like trying to solve a puzzle while blindfolded — but a challenge makes it more interesting!
  4. The Selective Laziness of ReasoningAmong those participants who accepted the manipulation and thus thought they were evaluating someone else’s argument, more than half (56% and 58%) rejected the arguments that were in fact their own. Moreover, participants were more likely to reject their own arguments for invalid than for valid answers. This demonstrates that people are more critical of other people’s arguments than of their own, without being overly critical: They are better able to tell valid from invalid arguments when the arguments are someone else’s rather than their own.