Connection Problem S03E21: Living with Data in the Face of Adversaries

Sitrep: Home with a bug, but in good spirits. The sun's shining, there's a few days of mini holiday ahead, and the backchannels are running red-hot with good and interesting conversations.

                            April 6, 2018

                Connection Problem S03E21: Living with Data in the Face of Adversaries

                        Sitrep: Home with a bug, but in good spirits. The sun's shining, there's a few days of mini holiday ahead, and the backchannels are running red-hot with good and interesting conversations.
×

×
As always, a shout out to tinyletter.com/pbihr or a forward is appreciated!
×
MC Trust-a-lot
As I shared last time, I've been onboarded successfully to Mozilla's IoT Fellowship program, which is cool, and so I get to spend a little more time than usual on digging into ThingsCon-related stuff and have to balance it a little less brutally against client work. In particular, I get to work out the concept for a trustmark for IoT. But you already know this, so I'll keep it short: I cleaned up my bajillion notes and thoughts a bit and wrapped them up in a presentation that outlines the shape of things to come. You can read the blog post on Medium.
×
Writing/Reading
Writing: Out of purely selfish, nerdy curiosity: What pen & paper do you prefer? I'm pretty much devoted to dotgrid, like Leuchtturm1917's (Moleskine also does a great dotgrid), plus mostly cheap gel writers like the uni-ball GEL IMPACT 1.0 or something similar. I've most found rollerballs to be uncomfortable to write, and so I have a handful of Pretty Nice Pens that I barely use, and a whole bunch of cheap plastic gel pens that I use all the time, and only now has it occurred to me to maybe trying to put gel writer mines in. Let's see if the ones I ordered will fit and solve this once and for all.
Reading: I've been a fan of Offscreen Mag ("The Human Side of Technology") for a long time. So I was very happy indeed when its founder and editor-in-chief Kai Brach reached out and asked me for a contribution for an upcoming issue. So why am I sharing this now? Because that issue (#19, I believe) is about to hit the shelves, it should be out within the next week or two. Grab one, will ya?
×
Smart Cities, Smart Homes, Surveillance
These just all popped up on my radar side by side; any one of them in isolation wouldn't necessarily have caught my eye, but this is... ridiculous.

Smart City Surveillance, part 1: 'Living laboratories': the Dutch cities amassing data on oblivious residents
Smart City surveillance, part 2: Jaywalkers under surveillance in Shenzhen soon to be punished via text messages
Smart Home surveillance: Facebook Delays Home-Speaker Unveil Amid Data Crisis
Smart City Insecurity: A Cyberattack Hobbles Atlanta, and Security Experts Shudder (There's an interesting side angle here besides the obvious point that centralized systems will be targeted and they will fail and we need resilience not efficiency and that is: the pricing of these ransomware attacks. Here it's about $50K to unlock Atlanta. This will be calculated, presumably, against the cost of restoring backups etc etc. How cheap is just cheap enough?)
×
Media literacy won't cut it
Media literacy doesn't stand a chance, says danah boyd. These excerpts from danah boyd's talk from SXSW Edu are very good. danah dives into why media literacy in the traditional sense won't stop fake news and other misinformation campaigns. Spoiler alert: It has a lot to do with bad actors acting in coordination and with high levels of expertise, and asymetric info warfare. Individuals—civilians, if you will—don't stand a chance.
×
Facebook, Data, GDPR
(1)
Facebook: ‘Malicious actors’ used its tools to discover identities and collect data on a massive global scale
WashPo reports that Facebook has been more leaky than assumed. Or maybe rather, they have been as leaky as assume:

Facebook said Wednesday that “malicious actors” took advantage of search tools on its platform, making it possible for them to discover the identities and collect information on most of its 2 billion users worldwide.

In this case it appears to have been scraping of user data using their own platform search, even if they invoke the [drumroll] darkweb. If someone can take practically all of your users' data without outright hacking your servers, then it's not the malicious actors: it's your design decisions.
In fact, this is pretty much what Zuck even states:

“We built this feature, and it’s very useful. There were a lot of people using it up until we shut it down today,” Chief Executive Mark Zuckerberg said in a call with reporters Wednesday.

So yeah, there's that.
(2)
CEO says Facebook will impose new EU privacy rules “everywhere”
Referring to Cambridge Analytica, Zuck says (sheepishly, or briefed well by legal?):

"We didn't think about how people could use these tools for harm as well," Zuckerberg said.

On the other hand, he announced that FB will apply GDPR rules globally:

Notably, Zuckerberg said that Facebook will voluntarily implement the European Union's new privacy rules, known as the GDPR, which take effect in May 2018. "We're going to make all the same controls and settings available everywhere, not just in Europe," he said.

This is super interesting. Because of course

there's nothing voluntary about it, it's the law, and it applies to them. But also...
...it shows that this particular law has enough teeth to make FB apparently not fight it but fall in line right away, which is by no means a given, and good to see. And...
...it shows that the GDPR in fact does raise the overall, global level of data protection even outside Europe, which I imagine the authors of the law very much intended.

It's very encouraging to see FB take that step rather than put up a fight: They are big enough to have standard-setting power, so it's great to see 2 billion users get stronger legal protection. (With this in place, the formerly linked leak of 2 billion users' data would have most likely never happened, as users would probably have given much more granular and limited permissions.) So this is exciting.
In related news, and as a blatant plug, we had a ThingsCon Salon in Berlin this week that covered GDPR at some detail, and we just posted the presentations.
A little GDPR post scriptum:
Digiday quotes a person who oversees newsletter operations at one large publisher:

“Now, we have to go completely out of the way to make sure consent is explicit by not having pre-checked boxes. Users have learned behavior that assumes boxes will be checked, and now we will have to teach them new behavior.”

Well that's cynical isn't it. Forcing those poor saps of users to actually, y'know, give consent rather than just clicking your notifications away. What a state this industry is in.
×
Yours truly,

Peter
PS. Please feel free to forward this to friends & colleagues, or send them to tinyletter.com/pbihr

                            Don't miss what's next. Subscribe to Peter Bihr: