Monthly Archives: December 2013

The Rising Trend of Criminalizing Hackers & Tinkerers

Note: This article is also available in Portuguese, translated by Anders Bateva.

There seems to be a rising trend of criminalizing hackers & tinkerers. More and more, people who explore the limits of the equipment, hardware and software they own and use, whether they tinker with it, re-purpose it, or expand its functionalities, are met with unrelenting persecution by authorities. In the last couple of years, the trend seems to be that these things, or things which humans have done for thousands of years, like sharing, expanding and improving upon culture, are persecuted. An example is the recent possibility of making violations of Terms of Service, Terms of Use and other Terms put forward by service providers a crime under the Computer Fraud and Abuse Act (CFAA). The companies that are now (for the most part) in control of our collective culture are limiting the methods of sharing more and more, often through judicial and/or technical means. The technical means for the most part don’t work, thankfully. DRM is still a big failure and never got off the ground, although the content industry is still trying to cling onto it. The judicial means, however, can be very effective at crushing someone, especially in the litigious United States of America. In the U.S., about 95% of all criminal cases end in a plea bargain, because that’s cheaper than trial by jury. These people are forced by financial pressure to enter a plea bargain, even if they didn’t commit the crimes of which they are accused.

Aaron SwartzAaron Swartz

The late Aaron Swartz was persecuted heavily by the U.S. government for downloading millions of scientific articles from JSTOR at MIT, JSTOR being the closed-source library of scientific articles, access to which is commercially exploited by ITHAKA, the entity that runs it. Aaron believed that scientific research paid for by the public, should be available to the public for free. It’s completely logical that research paid for by the public belongs to the public, and not to some company which basically is saying: “Thank you very much, we’ll have that, now we are going to charge for access to the scientific results, and reap the financial benefits.” It is sad that the world lost a great hacker and tinkerer, committing suicide, only 26 years old, unable to bear the pressure brought down upon him any longer, when in the end, according to his lawyer Elliot Peters, he probably would have won the case due to the fact that the U.S. Secret Service failed to get a search warrant for Swartz’s laptop until 34 days after they seized it.

The corporate world is seizing control of content creation

This trend is seen more and more lately. The companies in control of most of our content production, devices and systems don’t want you to tinker with them, not even if you own them. Apple is closing their systems by soon preventing you from installing your own software on OS X. Software installs will soon only be permitted through the Apple-curated App Store. Already there’s software in OS X, called Gatekeeper that’s meant to prevent you from installing apps that might contain malware. If you read between the lines in that previous link you’ll see that it’s only a matter of time before they’re going to tighten the reins, and make Gatekeeper more oppressive. Google is rapidly closing Android, and moving more and more parts of the once open-source system to its own Google Play Services app. Check the permissions on that app; it’s incredibly scary just how much of the system is now locked up in this closed-source binary blob, and how little the actual android system now handles. Recently, text messaging functionality was moved from the Android OS to the Google Hangouts app, so texting with an Android 4.4 (KitKat)-equipped phone is no longer possible without a Google account and being logged into that. Of course, Google will store all your text messages, for easy access by American intelligence and law enforcement agencies. If you now were to install Android, and remove the Google Play Services app, you might be surprised at how much stuff depends on that app nowadays. When you remove Google Play Services, your phone basically becomes a non-functional plastic brick. These companies fail to see that any invention is made by standing on the shoulders of giants and working upon other people’s work, making it better, tinkering and modifying it, using it for other purposes not envisioned by the original author et cetera. This is what makes culture, this is what makes us. We are fundamentally social creatures, we share. The same implementation of control systems happens with e-books as well. The devices used to read them usually aren’t open, like the Amazon Kindle for example, so that is a problem. We humans have been sharing culture for millions of years and sharing books for thousands of years, basically since writing was invented in Mesopotamia. It is as natural to human development as breathing. We are social creatures, and we thrive on feedback from our peers. But there’s something worse going on in e-book land. In the Netherlands, all e-book purchases now have to be stored in a database called Centraal Boekhuis, which details all buyer information, and this central database will be easily accessible by Stichting BREIN, the country’s main anti-piracy & content industry lobby club. This was ostensibly done to prevent e-book piracy, but I would imagine that this database soon will be of interest to intelligence agencies. Think of it: a centralized database containing almost all books and which people read which books. You can learn a lot about a person just from the books they read. Joseph Stalin and Erich Honecker would be proud. We reached a high water mark of society after the adoption of the Universal Declaration of Human Rights at the UN General Assembly on 10 December 1948, but it’s sad to see that here in the Western world, we’ve been slipping from that high pillar of decency and humanity ever since. To quote V from V for Vendetta:

“Where once you had the freedom to object, to think and speak as you saw fit, we now have censors and systems of surveillance coercing your conformity and soliciting your submission.”

The surveillance is now far worse than what George Orwell could have possibly imagined. We need to remind the spooks and control freaks in governments around the world that Nineteen Eighty-Four is not an instruction manual. It was a warning. And we’ve ignored it so far.

NSA is coming to town!

I just stumbled upon this funny video made by the ACLU (American Civil Liberties Union). It fits perfectly, and it’s funny to see that when invasions of privacy gets really personal (Santa photographing your face, recording your conversations and rifling through your smartphone), people really don’t like this and some respond strongly, but when the exact same thing is done by some big, anonymous government agency it doesn’t get such a strong response, which in unfortunate. Anyway, without further ado:

Facebook records self-censorship

Recently I came across an article about Facebook, more specifically, that Facebook wants to know why you self-censor, in other words, why you didn’t click Publish on that status update you just wrote, but decided not to publish instead. It turns out Facebook is sending everything you type in the Post textarea box (the one with the “What’s on your mind?” placeholder), to Facebook servers. According to two Facebook scientists quoted in the article: Sauvik Das, PhD student at Carnegie Mellon and summer software engineer intern, and Adam Kramer, a data scientist, they only send back information to Facebook’s servers that indicate whether you self-censored, not the actual text you typed. They wrote an article entitled Self-Censorship on Facebook (PDF, copy here) in which they explain the technicalities.

It turns out this claim that they only send metadata back, not the actual text you type is not entirely true. I wanted to confirm whether they really don’t send what you type to Facebook before you hit Publish, so I fired up Facebook and logged in. I opened up my web inspector and started monitoring requests to/from my browser. When I typed a few letters I noticed that the site makes a GET request to the URL /ajax/typeahead/search.php with parameters value=[your search string]&__user=[your Facebook user id] (there are more parameters, but these are the most important for the purposes of this article). The search.php script probably parses what you typed in order to find contacts that it can then show to you as autocomplete options (for tagging purposes).Facebook sends data

Now, the authors of the article actually gathered their data in a slightly different way. They monitored the Post textarea box, and the comment box, and if more than 5 characters were typed in, it would say you self-censored if you didn’t publish that post or comment in the next 10 minutes. So in their methodology, no actual textual content was needed. But it turns out, as my quick research shows above, that your comments and posts actually do get send to Facebook before you click Publish, and even before 5 characters are typed. This is done with a different purpose (searching matches in your contacts for tagging etc.), but clearly this data is received by Facebook. What they subsequently do with it besides providing autocomplete functionality is anyone’s guess. Given that the user ID is actually sent together with the typed in text to the search.php script may suggest that they associate your profile with the typed in text, but there’s no way to definitively prove that.

When I read through the article, one particular sentence in the introduction stood out to me as bone-chilling:

“(…) Last-minute self-censorship is of particular interest to SNSs [social networking sites] as this filtering can be both helpful and hurtful. Users and their audience could fail to achieve potential social value from not sharing certain content, and the SNS [social networking site] loses value from the lack of content generation. (…)”

“loses value from the lack of content generation.” Let that sink in. When you stop from posting something on Facebook, or re-write it, Facebook considers that a bad thing, as something that removes value from Facebook. The goal of Facebook is to sell detailed profiling information on all of us, even those of us wise enough not to have a Facebook account (through tagging and e-mail friend-finder functionality).

Big Data and Big Brother

And it isn’t just Facebook, it’s basically every social network and ad provider. There’s an entire industry of big data brokers, with companies most of us have never heard of, like Axciom for instance, but there are many others like it, who thrive on selling profiles and associated services. Advertising works best if it is specific, and plays into users’ desires and interests. This is also the reason why, for this to be successful, companies like Facebook need as much information on people as possible, to better target their clients’ ads. And the best way is to provide a free service, like a social network, enticing people to share their lives through this service, and then you can provide really specific targeting to your clients. This is what these companies thrive on.

The bigger problem is that we have no influence on how our data gets used. People claiming they have nothing to hide, and do nothing wrong, forget that they don’t decide on what constitutes criminal behavior, it’s the state making that decision for them. And what will happen when you are suddenly faced with a brutal regime that abuses all the information and data they got on you? Surely we want to prevent this.

This isn’t just a problem in the technology industry, and business, but a problem with governments as well. The NSA and GCHQ, in cooperation with other intelligence agencies around the world are collecting data on all of us, but without providing us, the people, the possibility of appeal, and correction of erroneous data. We have no influence on how this data gets used, who will be seeing it, how it might get interpreted by others, et cetera. The NSA is currently experiencing the same uneasiness as the rest of us, as they have no clue how much or what information Edward Snowden might have taken with him, and how it might be interpreted by others. It’s curious that they now complain about this same problem that the rest of us have been experiencing for years; a problem that NSA partly created by overclassifying information that didn’t need to be kept secret. Of course there is information that needs to be kept secret, but the vast majority of information that now gets rubber stamped with the TOP SECRET marking, is information that is of no threat to national security if it were known to the public, but more likely information that might embarrass top officials.

We need to start implementing proper oversight to the secret surveillance states we are currently subjected to in a myriad of countries around the world, and take back powers that were granted to them, and subsequently abused by them, if we want to continue to live in a free world. For I don’t want to live in a Big Brother state, do you?