Monday, 21 September 2020

Lions and Tigers and Bears, OH MY! (Data Security, app bans, and National Security)

Once again, the current US President (No 45, in this case) is making a mountain out of a molehill.

Just, in this case, not much of one, and for one of the small number of instances in his tenure as El Prez, he's actually hitting on a genuine (NOT FAKE! WOW!) issue. 

A Judge in the USA has issued a 'stay' order, preventing the US Government (USG) from denying US internet users the ability to download certain Social Media (SM) platforms, these being of Chinese origin - in this case, specifically WeChat.

Boiled down, the USG has said that the Chinese-operated SM platform, which also routinely censors information that the Chinese Government does not like (such as information on SARS-CoV-2, or COVID-19), threatens US National Security through its "malicious" behaviour of seeking out and downloading user data of many forms, such as network activity, location data, and browsing and search histories.

OK, then can we expect bans for FB, Twitter, Instagram, and all the other SM platforms that apparently regularly dive into user data with apparent freedom?! No? Quelle surprise, mon ami.

Many applications (and there's another misuse of language that I'll get into in another post before long! Watch this space 😉 ) note user data, and it's not just limited to network activity, location data, and browsing and search histories; they'll look for telephone logs, activities, who you're talking to that very moment, your contact lists, and so much more besides.

For YEARS, security analysts and companies have advised users of these packages that they MUST examine the 'permissions' that these things demand access to, in order to allow users to actually use the packages, and deny those that try to overreach the amount of permission that actually need in order to operate. You really should be asking why they need access to all this information, folks. Taking a photo should not generally need, for example, access to your contact listings. Point made?

Now, while acknowledging that There Ain't No Such Thing As A Free Lunch (a.k.a. "TANSTAAFL"), these 'apps' also often allow 'in-app purchases', sometimes only offering the use of a credit/debit card payment system, instead of, for example, GooglePay, or PayPal, or similar (which omission also tends to breach their agreements with the major operator platforms such as Apple and Google, but that's another story).

So, by allowing these prying 'apps' access to your inside leg measurement, you're also giving them the keys to your bank as well. Really smart. Not. Remember, there have been documented cases of peoples bank accounts being plundered by rogue 'apps' (do a search on your preferred internet search engine if you want to see examples of this). Always check those permissions, people. If they are asking for odd and extensive 'permissions', you really MUST be asking "WHY?".

From a National Security angle (and I've been both a Reservist and a Civil Servant in the employ of Her Majesty's Government, so I know whereof I speak), government employees should be required to adhere to a kind of SM limitation agreement, in the form of either requirements under primary law (which we have in the UK with the Official Secrets Act), or Non Disclosure Agreements (NDAs) (which is the only option in the USA, due to the 1st amendment rights to freedom of speech). The idea that users personal data being used by the Chinese is some form of national security issue is not much of a stretch of credulity, but it is a stretch, none the less.

A more realistic threat to US National Security would be those SM users with access to classified information. Far better, I think, to require people with clearances that the USG is concerned about, to restrict them from using SM as much as they do. Enforceable Usage Policies (and specific NDAs for those forms of access) in return for clearances seems to be the best way to approach this: The willing surrender of certain privileges/speech rights in return for access seems to be a fair deal, to me.

So, while the USG and El Prez are doing a Chicken Little, and it actually is an issue, it's just not much of a National Security issue comparatively speaking, and a wholly preventable one if people use a little common sense, by having SM users engaging a few brain cells and asking if an 'app' actually needs those odd and extensive permissions.

Of course, that's another issue too: Common Sense.

Yeeeaaaah. Let's not go there today, eh? 😉

Wednesday, 9 September 2020

Facebook, I've had more than enough of your rubbish.

It's a crying shame that the first post on here in a long time is going to have to be on this topic, but they forced it on us, so they can reap this blant as a direct result.

Facebook, the social media platform, is rolling out a "new and improved" web-based interface, which will replace the "Classic" interface we've been using on desktop machines for a few years now.

They are now apparently calling desktop machines words akin to 'primitive' and 'outdated', which is quite obvious rot and nonsense.

The new interface is designed to work on tablets and mobile devices in general, not desktops (which have much larger monitor sizes and resolution capabilities).

As a result, it looks utterly horrendous on a desktop machine.

Further, in a process to wean us off the Classic interface, it would appear that they're throttling - necking down - the throughput to desktop machines (its an easy task to discover what kind of machine, what operating system, even what screen size a user is using; it's an HTML and CSS 'feature').

How did I discover this? Easy. I was in an IM chat with a mate from the USA, when all of a sudden, facebook got horrendously slow, with server lag much in evidence. No other site I tried when this was happening suffered any form of lag or slowdown, just facebook.

I tried accessing the same facebook IM chat on my smartphone, and lo and behold, through the SAME ISP (WiFi connection), the link to Facebook was at full speed. Just not on my desktop machine. This has been happening a LOT since they said that Classic was going the way of the Dodo, by the way.

This is, in my not-so-humble opinion, the thin end of the wedge; they're levering you all into using their privacy-invading smartphone app. An App that I will NEVER use.

So, I'm suddenly and massively reducing my presence on Facebook as a direct result of this attempt at privacy invasion and user manipulation.

I will find another social media app to use eventually, but in the mean time, I'm minimising Facebook, and will be using this outlet more.

Good luck, people. Don't be sheep, vote with your feet.