The People Wide Web

The debate around Net Neutrality has taken an interesting spin of late. Just as foes to Net Neutrality have gotten closer to their goal of setting up tollways and traffic controls on the information superhighway, some drivers are beginning to build their own transportation system altogether.

Net Neutrality is a concept that has been the norm on the Internet since its inception: the idea that every website gets equal treatment by Internet Service Providers (ISPs). But of course, media companies and the ISPs could conceivably benefit greatly if surcharges for access to higher bandwidth were allowed on the Net. For example, let’s say that Cable Company A offers priority bandwidth to Media Company X, allowing it to serve super high-def streaming video to users at lightning speed. However, Startup Company Z will then be obligated to compete against Media Company X for that bandwidth in order to provide the same quality service. Same goes for Blogger Y.

Fat chance of that. Indeed, given the pace at which media consolidation continues to go unchecked by regulators, were Net Neutrality abandoned, the Internet would quickly resemble something akin to how Network Television dominated communication in the years before high-speed Internet arrived.

And this is what concerns many people since a free, open web has so clearly promoted innovation. So far, the battle is not lost and Net Neutrality is still the norm. Nevertheless, some are creating back up plans.

This past week, BitTorrent, the people behind the popular torrent app uTorrent, announced they are exploring the creation of a new Internet which takes back control of the web and distributes access to websites across peer-to-peer networks.

Called Project Maelstrom, this torrent-based Internet would be powered by a new browser which would effectively rework the Internet into a much freer network with pretty much no gatekeepers.

Details are sparse at the moment, but essentially access to websites would be served as torrents, and thus not served from a single server. Instead, the sites would exist across the peer-to-peer network, in small, redundant bits living on people’s computers. Essentially, its the same technique used for torrent-based file sharing. When you try to access a site, your computer queries the torrent network and dozens of computers begin sending you the packets you need to rebuild the web page in question on your browser. And even as the web page is partially assembled, your computer then begins sharing what it already has with other people trying to access the site.

The result could likely be a much faster Internet, with much greater assurances of privacy. But technical questions remain and this does sound like it could take some time. But wow, what a revolution it would be.

Of course, this could get tricky to pull off. As you may have heard this week, the infamous torrent website Pirate Bay was taken down by authorities in Sweden this week. Pirate Bay serves up links to torrents allowing people to download everything from freeware applications to Hollywood movies that haven’t even been released yet and so has been targeted by law enforcement for years now. Even on today’s Internet, Pirate Bay could conceivably come back online at any time. But if the BitTorrent’s peer-to-peer Internet were realized, Pirate Bay would be back up instantaneously. Indeed, it would probably never come down in the first place. Same goes for Dark Net sites that sell everything from drugs to human beings, which have also been recently taken offline.

Bottom line is: Project Maelstrom is another example of how a free and open Internet is unlikely to ever go away. Question is, how much freedom is a good thing?

My own personal take is that taking back control of the Internet from media companies and ISPs would, on balance, be a great thing. Bad people do bad things in the physical world and that’s why we have never defeated crime 100%. As long as there is an Internet, there will be those that abuse it.

But even more importantly, innovation, freedom of speech and freedom to access information are core to advancing society. So I welcome Project Maelstrom.

So here’s a toast to the People-wide Web!

Is Apple Pay Really Private?

Apply Pay, the new payment system unveiled by Apple yesterday was an intriguing alternative to using Debit and Credit Cards. But how private, and how secure, is this new payment system going to really be?

Tim Cook, Apple CEO, made it very clear that Apple intends to never collect data on you or what you purchase via Apple Pay. The service, in fact, adds a few new layers of security to transactions. But you have to wonder.

A typical model for data collection business models is to promise robust privacy assurances in their service agreements and marketing even though the long-term strategy is to leverage that data for profit. Anyone who was with Facebook early on knows how quickly these terms can change.

So, when we’re assured that our purchases will remain wholly private and marketing firms will never have access to them, how can we really be confident that this will always remain the case? We can’t. So, as users, we should approach such services with skepticism.

As with anything related to personal data, we should assume that enterprising hackers or government agents can and will figure out a way to access and exploit our information. Just last week, celebrities using Apple’s iCloud had their accounts compromised and embarrassing photos were made public. And while Apple has done a pretty good job at securing Apple Pay, it’s still possible someone could figure out a way in…and then you’re not just dealing with incriminating photos, you’ve got your financial history exposed.

So ask yourself:

  1. Can you think of things you buy that could prove embarrassing or might give people with malign intent a way to blackmail or do financial damage to me?
  2. If my most embarrassing purchases were to become permanently public, can I live with that?
  3. How would such public exposure impact my reputation, professionally and personally?
  4. Does the convenience of purchasing something with my phone outweigh the risks to my financial security?

Depending on how you answer this, you may want to stick with your credit card.

Or just go the analog route and use the most anonymous medium of exchange: cash.

Private Google Search Alternatives

Google NSA skin using Stylish Browser PluginA few weeks back, I dropped Google search in favor of DuckDuckGo, an alternative search engine that does not log your searches. Today, I’m here to report on that experience and suggest two even better secure search tools: StartPage and Ixquick.

The probelm with DuckDuckGo

As I outlined in my initial blog post, DuckDuckGo falls down probably as a consequence of its emphasis on privacy. Whereas Google results are based on an array of personal variables that tie specific result sets to your social graph…a complex web of data points collected on you through your Chrome Browser, Android apps, browser cookies, location data, possibly even the contents of your documents and emails stored on Google’s servers (that’s a guess, but totally within the scope of reason). This is a considerable handicap for DuckDuckGo.

But moreover, Google’s algorithm remains superior to everything else out there.

The benefits of using DuckDuckGo, of course, are that you are far more anonymous, especially if you are searching in private browser mode, accessing the Internet through a VPN or Tor, etc.

Again, given the explosive revelations about aggressive NSA data collection and even of government programs that hack such social graphs, and the potential leaking of that data to even worse parties, many people may decide that, on balance, they are better off dealing with poor search precision rather than setting themselves up for a cataclysmic breach of their data.

I’m one such person, but to be quite honest, I was constantly turning back to Google because DuckDuckGo just wouldn’t get me what I knew was out there.

Fortunately, I found something better: StartPage and Ixquick.

Google but without all the evil

StartPage is a US version of the Dutch-based search engine Ixquick.

There are two important things to understand about StartPage and Ixquick:

  1. Like DuckDuckGo, StartPage and Ixquick are totally private. They don’t collect any data on you, don’t share any data with third parties and don’t use cookies. They also use HTTPS (and no Heartbleed vulnerabilities) for all transactions.
  2. Both StartPage and Ixquick use proxy services to query other search engines. In the case of Ixquick, they query multiple search engines and then return the results with the highest average rank. StartPage only queries Google, but via the proxy service, making your search private and free of the data mining intrigue that plagues the major search engines.

Still some shortcomings remain

But, like DuckDuckGo, neither Ixquick or StartPage are able to source your social graph, so they will never get results as closely tailored to you as Google. By design, they are not looking at your cookies or building their own database of you, so they won’t be able to guess your location or political views, and therefore, will never skew results around those variables. Then again, your results will be more broadly relevant and serendipitous, saving you from the personal echo-chamber that you may have found in Google.

Happily private

It’s been over a month since I switched from DuckDuckGo to StartPage and so far it’s been quite good. StartPage even has a passable image and video search. I almost never go to Google anymore. In fact, I’ve used a browser plugin called Stylish to re-skin Google’s search interface with the NSA logo just as a humorous reminder that every search is being collected by multiple parties.

For that matter, I’ve used the same plugin to re-skin StartPage since where they get high marks for privacy and search results, they’re interface design needs major work…but I’m just picky that way.

So, with my current setup, I’ve got StartPage as my default browser, set in my omnibar in Firefox. Works like a charm!

Ed Sez – Tips from Edward Snowden on Foiling the Snoopers

At the recent SXSW conference, Edward Snowden supplied people with tips to complicate the lives, if not totally block, those that stick their noses in your online business.

Not to be confused with trying to ruin the chances of the NSA averting a nuclear strike by terrorists on my own country, I do feel there are some well-reasoned limits to what the US government should be doing, especially when it comes to figuring out ways to undermine secure Internet protocols. After all, when, as purported by Snowden, the NSA begins devising backdoor hacks into our web browsers, you can be certain that this only makes it easier for others (perhaps dangerous) individuals from doing the same.

In other words, in the name of the War on Terror, the NSA might actually be planting the seeds for the death of the Internet…or at least a 9/11 style assault on the world’s computer infrastructure. Students of the origins of Bin Laden and his connections with the US War on Communism might be right to feel a little déjà vu.

A related threat, of course, is that criminals might stand on the shoulders of the NSA’s good work and do some very bad work against you and your bank account and your identity.

Anyway, that’ my soap box speech on this.

But back to my recent spat of blogs on privacy and how to cover your virtual butts. Snowden did hand out a few treats for the kids at SXSW: two browser plugins that he regards as good ways to enhance your privacy against NSA or NSA-inspired hackers.

The first is Ghostery, which allows you to view what web services are collecting data on you when you visit a given web page. It goes further by letting you (Ad Block style) block, pause or allow such collection.

I’ve been using it for a few days and have found it fascinating just how many scripts are gathering info on me when I land on a given page. Right now, I have everything turned off, so that should take care of that.

I did experience one problem watching an embedded video on a website. In these cases, you can pause all of Ghostery or try to figure out which one of the dozen or so scripts it’s blocking is the required one for the video and then decide if it’s worth it.

The other plugin is called NoScript, which simply shuts down all scripts, including JavaScript, Flash, etc. I haven’t tried this out, but I’m expecting it be something I will only use sparingly given the amount of jQuery and other useful bits embedded in many web interfaces.

 

This Too Shall Pass – Deleting My Facebook Account

Screen Shot 2014-03-15 at 10.18.57 AMI’m killing my Facebook account.

And with it, I’m severing that company’s ability to collect data on my web habits, whereabouts, social connections (including off-Facebook connections) and financial transactions.

Apparently, I’ll also be reducing my exposure to NSA malware, as Mark Zuckerberg revealed in a public thrashing of Obama and the intelligence services that have been spreading malware through imposter Facebook sites.

This really won’t be that hard. Last year, I began experimenting with not using the social network, just to see how that was. This impulse was born from a general annoyance about FB’s murky privacy policies and the general tone of content on FB which had became increasingly irrelevant to my real social connections with people. (Remember when people started to appreciate that group emails were rude and began with the lines, “sorry for the group email!”…That’s how Facebook seems to me now, without the apologetic preface.)

BTW, if you’ve got your own suspicions about Facebook, the Electronic Frontier Foundation has put together a great timeline of Facebook’s shifting privacy policies. Reading their timeline is a great way to get your head around how free Internet services (FB, Gmail, etc.) are really about hooking you in with very clear and considered privacy policies that are planned to be revoked once they’ve got you dependent on them…or at least that’s how the timeline suggests this business model works.

Of course, deleting my Facebook account won’t be without costs.

If you’ve been a rolling stone like me, you have friends in many far-flung places. Facebook did make those connections feel stronger, so that aspect will be missed. But I’m online and quite findable, so if my pals from Japan or Europe want to find me, they only need know my name.

It turns out that completely deleting your account is a two-week process, described quite well on Digital Trends. The trick is that once you delete your account, you cannot log in for two weeks, or your account will be reactivated. That means you should first delete all apps from phones, tablets, etc. before deleting your account. You should probably delete your cookies too, just to be sure you don’t inadvertently reactivate it by triggering all those FB web beacons that mine the Interwebs.

Anyway, I’ll give my FB contacts a few days to run across my post and then I’ll zap it for good.

Better living through anonymity!

Back to Firefox – Update on Sync

This goes out to all you paraoid netizens out there, and if you’re not one, you should be…

As a follow-up to my last post on moving off Chrome and back to Firefox for privacy and security reasons, I wanted to document that I gave Firefox Sync a closer look.

Mozilla, the folks that develop Firefox, has a very detailed information page on Firefox Sync, but to sum up, this feature allows one to share add-ons, bookmarks, passwords, preferences, history and tabs across all your computers and other devices.

Firefox Sync PreferencesDouble-plus-good: you can decide what to sync and what not to. Because I’m trying to be extra careful with my data, I opted for syncing only my add-ons, bookmarks and preferences. One important note on syncing add-ons, this will install your add-ons across your devices, but not necessarily configure them, so you might have to do that part manually.

If you opt to sync your history, it will do so up to 60 days.

Reading over the security details of Firefox Sync, it seems like you’re in pretty good hands since sync uses an encryption key. I consider passwords and history going beyond my tolerance threshold, but these are likely pretty secure for most folks. My rule is to assume that hackers access my sync data: What can I live with leaking out to the public?

Add-ons? okay
Bookmarks? I guess so.
History? Not really
Passwords? Are you kidding?

When I set up sync, I also added Firefox as my default phone browser which I find no problems with yet and it’s nice to know that I’m surfing as privately on Android as on OSX.

A Technophiles Journey Off the Grid

Cookie Monster freaks out over cookies on his computer

Image by Surian Soosay

Okay, so it is likely impossible to actually “use” the Internet without it “using” you back. I get that. Terms of service get changed without clear explanation, cookies get saved, NSA snoops do what NSA snoops do. The whole business model of the Interwebs is set up to trade your info for access.

I’m under no illusions.

But, after the Great Target Hack and Edward Snowden’s revelations regarding the NSA (I think we were all waiting for these things to happen), I’m finding myself rethinking the trade offs I made concerning privacy and online anonymity for online convenience (and laziness).

There was a time, when I used to block cookies and obsess over terms of service agreements. Hell, I even used Tor from time to time.

But, after awhile, it just became easier to stop worrying and learn to accept a level of personally sanctioned data breach. But now with all the stories of identity theft, commercialization of your personal info and multi-governmental and corporate sweeps of such data…it’s time for a little reflection…and retreat.

So, I’ve decided to experiment with reducing my digital footprint and I’ll post updates from time to time on how’s it going, in addition to my occasional posts on library projects.

Among my experiments, I’m planning on moving out of Googlelandia as much as possible, starting with changing the default search in my browser and moving back to Firefox. I’ll cover the Firefox post next time, but for now, let’s look at life without Google Search.

Most people online probably don’t remember a world before Google and those that do, don’t want to remember. Needless to say, Google’s initial search algorithm was so good, that it rapidly conquered the search market to the point that Yahoo! handed over its search to Microsoft and the dozens of smaller search engines were quickly forgotten. Anyone remember Web Crawler? Exactly!

Screen Shot 2014-02-13 at 12.52.53 PMAside from Bing (hack!) and the Bing-lite Yahoo! search, there really aren’t many alternatives worth turning to when one needs anonymity. That is, except for DuckDuckGo, a search engine that uses secure HTTPS, does not use cookies by default and generally does not collect any data linked to you (see their privacy statement for more info).

And the search results are not that bad.

But they aren’t great.

Life on DuckDuckGo will be very reminiscent of the best old-school search tools from the pre-Google 90s. Gone will be the kinds of results that require an analysis of your personal search history, online social habits and analysis of your cookies. Often you’ll get exactly what you’re after, but just as often, you’ll get it a few results lower on the page, just below some commercial sites that are using keyword tricks to rise to the top.

For example, I’m thinking about what color scheme I want to go with for my new flat and used DuckDuckGo to find sites that could help me with that. So I did a search for something like: “paint interior design color tools.” The first result led to a 404 page. The second result was not too bad, a Benjamin Moore paint selecting tool for professional painters. Other results were somewhere between these two extremes, with many of them going to pages that were slightly relevant but failed in the “authoritative” category.

Google expends a lot of effort at weeding out, or drowning out, pages with low street cred, and you’ll probably hardly ever get to a 404 page thanks to their very busy and persistent robots. Something else that will be hard to find in Google is nothing. In Google, the dreaded “Sorry. No results were found” message would be an amazing and rare feat of your talents for obscurity. Not so in DuckDuckGo…these come up from time to time.

DuckDuckGo also lacks an image and video search functionality. For this, they provide a dropdown that lets you search via Google or Bing.

I’d also add, that I’m using DuckDuckGo in a Firefox omnibar plugin, so as I type, I get suggested hits. These are also not as accurate or relevant as the Google version, but I’ve also limited it by not preserving any search history in Firefox.

After a few days of trying this out, I do like DuckDuckGo enough to keep using it, but I have had several lapses of risky searches on Google. This is especially true for professional work, where Google knows my work interests quite well and serves up exactly what I need. But for general searches, DuckDuckGo is a good tradeoff for privacy wonks.

Stay tuned for more journeys off the grid including my return to Firefox and experiments with thumb drive applications…