Tag Archives: security

How did Google get so big?—60 Minutes

May 22, 2018

Daring Fireball linked to an excellent 60 Minutes report yesterday, covering how Google got so big, and the likelihood that there’s a lot of anti-competition going on there.
In addition to 60 Minutes’ excellent report, I’d like to point out that Google makes most of the products that people use to interact with the internet on a daily bases. Here are the ones I could think of off the top of my head.

  • Google Search: the most used search engine in the world.
  • Android: the operating system of choice for 80% of the world’s population. This gives access to phone calls, SMS texts, what apps and games are installed, and the location of everyone who uses it.
  • Chrome: the web browser that most people use most of the time.
  • YouTube: by far the biggest social video service.
  • Google Maps: the most used mapping service in the world.
  • Gmail: one of, if not the most used email system in the world.
  • Hangouts, Chat, etc: huge communications platforms. I’ve lost track of all the different apps they have like this.
  • Doubleclick & Adwords: probably the first and second biggest ad platforms in the world (besides maybe Facebook).
  • Adsense: a service for putting ads on web sites other than Google’s.
  • Google Analytics: the most used web traffic statistics and analysis framework.

Google has access to every endpoint on the internet and a whole lot more. I’ve been moving further and further from using their services and software for personal activity, but as a web developer, I can’t avoid it professionally. If I can make one recommendation, try DuckDuckGo for search. I use it for everything and am quite happy with it. DuckDuckGo famously don’t track people and their searches, and still manage to get great search results. With the recent breaches from Facebook and their Cambridge Analytica fiasco, I shouldn’t have to explain how our online activity and personal information can be used in nefarious ways.
Note: I don’t use Google Analytics (or any other analytics on my personal websites), but I am fully aware that the YouTube videos embedded on this site report back to Google. I try to avoid that kind of thing, but it’s nearly impossible right now.

Standing Up for Security and Privacy

February 17, 2016

Yesterday Tim Cook, the CEO of Apple posted a letter to their customers on Apple.com. It details how the FBI wants to Apple to create a way to investigate an encrypted iPhone, and the dilemma Apple is facing in doing so.
If Apple is forced to comply with the order to create a backdoor through their security there will be no way to ever ensure again, that your digital security and privacy is protected.
If you’re an American and reading this you might be thinking that you don’t have anything to hide from the US government. Maybe you’re not ashamed of anything you’ve ever done, that’s fair. But if you said that, I would quickly point out that in June of 2015 all my personal identity information was hacked and stolen from the US government along with 21 million other Americans’ personal identity information (presumably by the Chinese government, though that’s not confirmed). That includes my Social Security Number, the address of every house I’ve ever lived in, my entire work history, and even my fingerprints. Yes, all my identity information that was used to grant me security clearance by the FBI (the same FBI that wants access to iPhones) was leaked from the US government into the hands of some hackers. Here is the letter that the US government sent me regarding the issue.

Dear David Mead:
As you may know, the Office of Personnel Management (OPM) was the target of a malicious cyber intrusion carried out against the U.S. Government, which resulted in the theft of background investigation records.
You are receiving this notification because we have determined that your Social Security Number and other personal information was included in the intrusion. As someone whose information was also taken, I share your concern and frustration and want you to know that we are working hard to help those impacted by this incident. The Federal government will provide you and your dependent minor children with comprehensive identity theft protection and monitoring service, at no cost to you.
Since you applied for a position or submitted a background investigation form, the information in our records may include you name, Social Security number, address, date and place of birth, residency, educational, and employment history, personal foreign travel history, information about immediate family as well as business and personal acquaintances, and other information used to conduct and adjudicate your background investigation.
Our records also indicate you fingerprints were likely compromised during the cyber intrusion. Federal experts believe the ability to misuse fingerprint data is currently limited. However, this could change over time as technology evolves. Therefore, we are working with law enforcement and national security experts to review the potential ways fingerprint data could be misused now and in the future, and will seek to prevent such misuse. If new means are identified to misuse fingerprint data, additional information and guidance will be made available.
While we are not aware of any misuse of your information, we are providing a comprehensive suite of identity theft protection and monitoring services. We are offering you, and any of your dependent children who were under the age of 18 as of July 1, 2015, credit monitoring, identity monitoring, identity theft insurance and identity restoration services for the next three years through ID Experts, a company that specializes in identity theft insurance and identity theft protection. The identity theft insurance and identity restoration service coverage has already begun. You have access to these service at any time during the next three years if your identity is compromised.
To take advantage of the additional credit and identity monitoring services, you must enroll with ID Experts using the PIN code at the top of this letter. To enroll go to https://www.opm.gov/cybersecurity. You may also call 800-750-3004 to enroll in or ask questions about these services. I hope you will take advantage of these services.
Please take not that OPM and ID Experts will not contact you to confirm any personal information. If you are contacted by anyone asking for you personal information in relation to this incident, do not provide it. For additional resources such as information you may share with people listed on your forms, sample background investigation forms, types of information which may have been taken, and tips on how to protect you personal information, visit https://www.opm.gov/cybersecuity.
Sincerely,
Beth F. Cobert
Acting Director
Office of Personnel Managment

Image of the letter.
Now I’ll ask you again, do you still want the US government to know everything you’ve ever done? Every message you’ve ever sent? Every photo you’ve ever taken? This is not paranoia, these are real threats. Breaches have already happened, and there’s no way to ensure they won’t happen again. And once that door is opened for the FBI, there won’t be much in the way of anyone else opening that same door.
If Apple loosens security, terrorists will use other forms of encryption. In most cases they probably already are, it’s not rocket science to set up. So by Apple loosening security, the FBI won’t even accomplish their goal of more transparency into acts of terror.
Yes, the attack in San Bernardino was terrible. Yes, people will continue to do horrible things and hide behind encryption. But encryption is just a tool. It helps defend us much more often than attack us. A hammer can be used as a weapon too, but they aren’t made for that purpose. Hammers are made build houses, houses to shelter us and keep us safe. Encryption was made to keep our information safe. I’ve already illustrated one example if how the US government is not reliable in that regard. I for one am glad Apple and Tim Cook have my back.

[Note]
Shortly after writing this I read Rene Richie’s article on iMore about the same subject matter. He shares a similar view as I do, but dives at it from different angles. If you’re interested in this subject matter, you should read that too, it’s great.

I have copied the entire text of Tim Cook’s letter below for posterity:
Continue reading

Breaking Encryption Will Not Keep Us Safe

August 1, 2015

Mike Rogers wrote an opinion piece that was published on CNN today arguing that the encrypted networks should have a master key that would make warranted searches into private networks easier for the government. I wrote the following email to him in response, but I thought his staff shouldn’t be the only ones to read it.

Dear Mr. Rogers,
I read your article about encryption on CNN today and I can’t believe that you are unable to see the remarkable holes in your argument for having a master key in communication networks. I’ve been a professional web developer for seven years and can’t stress enough how important tight security is.
First, encryption without a master key is the first line of defense for average citizens to keep their data safe. If there was a backdoor designed in our communications systems, hackers would find it and exploit it. With that key they would be privy to all the information for all the users on the given network. One big hack would break the entire system. Without a master key, in a well designed system, they have to break each account individually and that helps keep us safe.
Second, it’s not hard to create a private encrypted network. If terrorists know that all the major companies like Apple, Google, Microsoft, etc, have a key that can uncover all their info, they will simply move to a new service that has not been compromised, or even create their own. The problem is average, law-abiding citizens won’t go out of their way to make sure that their communications are kept private, like terrorists surely will, even though it’s in their best interests.
Third, taking away the rights of the many to punish the few hasn’t worked out well for America in recent years. At every turn, we’ve seen the systems abused over and over again. From mass surveillance by the NSA, to more general abuses of the Patriot Act, where law enforcement agencies have used it as an excuse to skip the warrant process, we’ve seen the laws that were meant to protect Americans turned on their head and hurt the innocent. Even worse, those abuses have been shown to be ineffective in stopping terrorism.
It’s time to stop punishing the law-abiding citizens of the United States, and take a more targeted approach against terrorism. Breaking encryption for the masses won’t stop a single determined terrorist, but it will infringe on the privacy and security of every American.
Thank you for your time and consideration,
David G. Mead