Stop Google recording your chats

Many Gmail users also use Gchat to talk to their buddies. Why not – the Gchat window is right there, next to their emails and very easy to use.

Problem is, Google automatically analyzes everything Gmail users are emailing or chatting about. It’s obvious that Google stores your emails, but if you’re sceptical about how much of your chats Google records, just go to any of your Gchat contacts and click “More” -> “Recent Conversations”.

Bringing up your recent chats with another Google user

You can now see the contents of all conversations you’ve had with this user. This should make it obvious that everything you type in Google Chat is recorded and stored.

Why is Google recording our chats?

But why do Google record all this? Because by knowing everything you talk about, Google can perfect your “behavioural profile”. The better this profile, the higher its market value.  Remember, if you’re not paying for it, you’re not the customer, you are the product! And everything you say or do while logged on to Google services is used to make you a higher-yield product. Google then charges marketing companies (Google’s real customers) for access to this massive data set. Marketers are aching for an opportunity to directly target the more than 350 million Gmail users (as of Jan 2012) with personally targeted, customised ads. Of course this is done automatically with software, and Google is not the only ”free services” provider to sell your data for profit. Facebook follow the same business model, and it appears to be working out quite well for them. Facebook recently reported $3.7 bn (yes, that is billions of US dollars) in revenues. There is a lot of money to be made for companies that turn our entire lives into sellable products.

This is one of the two reasons you would want to stop Google recording your chats.

Why is this dangerous?

The second reason why Google recording your chats is not a good idea is that Google hands over this information (your emails, chats, things you have searched for, YouTube videos you have watched) to the law enforcement agencies of your country. They have no choice – they have to. Google provides a ”Transparency Report“, which is commendable. Unfortunately it falls short of giving us a clear view of just how much personal information has been handed over to government agencies due to the way the numbers are presented.

The following table attempts to answer the question:

“For how many user accounts was Google asked to hand over data to government agencies between January – June 2011″?

Country	# of users (approximate)
USA	11,057
UK	1,444
Spain	709
Italy	1,263
India	2,439
Germany	1,759
France	1,552
Brazil	1,822

You can look up your country by following any of the links in the table.

Given just how much Google knows about us, our friends, and our friends’ friends, it is a troubling thought that all this data, all of our contacts, the videos we have been watching, our chat messages, things we +1′ed, services we use from other service providers (Flickr etc) are recorded by Google and therefore being handed over to government agencies all over the world at this unprecedented rate.

If you believe that nothing you ever type or click on will be of interest to any law enforcement agency, government or court around the world until you and your entire family pass away (but what about your grandchildren? Think 40 years ahead. Could someone in 2052 dig up a record of an internal joke with one of your buddies back in 2012, cast it as proof of extremism and use it to harm your family?), AND you subscribe to the “I have nothing to hide, therefore I have nothing to fear” camp, you can stop reading here.

If you are genuinly uncomfortable with how your online life is harvested and recorded and wish to take steps to protect what little parts of it you can, read on.

Going “Off the record” in Google Chat

Google provide a mostly-hidden feature on their Gchat client that allows you to indicate you want to go “Off the record”. You can see it under the “Actions” menu when you are chatting with someone on Google Chat.

Google say that going “Off the record” means that “Chats [...] aren’t stored in your Gmail chat history…” which sounds good, but does not actually promise your chats are not being recorded.

Google Chat: You are now off the record

Given that Google ”will share personal information with [...] organizations [...] outside of Google if [...] preservation or disclosure of the information is reasonably necessary to meet any [...] enforceable governmental request“, it is a safe assumption that Google Chat’s “Go off the record” option does not really buy you any privacy.

Getting some real privacy for Google Chat

We will use Free Software tools that allow you to be reasonably confident that Google is not recording what you say over chat.

Before you continue, please understand:

1. To have a private chat, both you and the person you wish to privately chat to, need to follow these steps.
2. If you use multiple computers to chat (e.g. a work computer and a home laptop), you have to repeat these steps in every computer before you use it to chat. You will only have to “prepare” every computer once.

First, download and install the Pidgin instant messaging software

Get the software from http://pidgin.im and install it on your computer.

Done installing Pidgin? Great. Continue to the next step.

Download and install the OTR plugin

The Off The Record (OTR) plugin allows Pidgin users to encrypt their communications. Get it from http://www.cypherpunks.ca/otr/ and install it on your computer.

Configure Pidgin for Google Chat

The first time you start Pidgin you will see this:

Click on “Add…” – a new window comes up. (this may happen automatically before you even press “Add”)

Adjust the settings as shown, using your Google username and password:

Pidgin Google Chat settings – basic

Click on the “Advanced” tab and adjust the settings as shown:

Pidgin Google Chat settings – advanced

Almost there! Now click on “Add” to complete setting up your account.

You should now be connected to Google chat! A list of your online contacts (or “Buddies”) will come up right away:

Pidgin buddy list when logged onto Google Chat

If you see something like the above, congratulations – you are successfully connected to Google chat.

If you get error messages, likely causes are:

1. You didn’t type all settings exactly as shown above
2. You are using Google’s two-step authentication. In that case your “main” Google password is not accepted. You need to create an application-specific password for Pidgin on the computer you’re currently setting up. Why?
3. Your (corporate or national) network firewall is blocking the chat protocol XMPP. It may be possible to bypass it with Tor.

Activate and configure the OTR plugin

From the Pidgin “Buddy List” window go to Tools -> Plugins as shown here:

Scroll down the list until you find “Off-the-Record Messaging”. Tick the box next to it – this will enable the plugin:

Now click on the “Configure Plugin” button:

In the new window that comes up, configure the default OTR settings as follows:

Congratulations! You can now chat privately with buddies who also use the OTR plugin.

You have just made it very difficult for Google or anyone else to eavesdrop or record what you say. Just point your Google chat buddies to this page and get them using the OTR plugin!

Start a private conversation

Note: You can communicate privately only if the chat buddy you’re communicating with has followed the above steps, or is using other software that uses the OTR plugin.

Double-click on a buddy’s name to bring up the Conversation window. Notice the “Not private” button on the bottom right?

This means you have not activated the privacy features yet. But you’re about to!

Click on “Not private” and ask Pidgin to “Start private conversation”:

Pidgin will now attempt to create a secure channel and should display the following:

This is the result we want. “Unverified” is not a problem (but see Improvement 2 below). Pidgin tells us that it has established a secure channel to the other end, and you can use it to chat with your buddy without Google being able to read & record your messages.

Remember to always check the bottom-right OTR status icon. If it says “not private”, you should assume that Google is recording everything you type in that window.

Improvements (optional)

Improvement 1: Ask OTR to always try to initiate private messaging

You can ask OTR to always try to “automatically initiate private messaging” from the OTR plugin configuration menu you used above. Here’s the option you need to tick:

Improvement 2: Verify the identity of people you chat with

You have stopped Google reading, analysing and recording what you discuss with your buddies. But if you have reason to believe someone might be trying to read what you say (e.g. if you’re a whistleblower, journalist, activist,  lawyer, live in the wrong country etc) you can not yet be 100% certain that the person you are talking to, is indeed your buddy and not an impostor, pretending to be your buddy.

To rule out this possibility you should always verify the people you chat with. You only need to do this once for every buddy you wish to chat with.

To do this, click on the “Unverified” button:

Encrypted, but not authenticated. You are talking to someone through a protected channel, but you don’t know yet who that “someone” is.

This brings up the following menu, allowing you to “Authenticate Buddy”:

Asking Pidgin to authenticate the buddy you’re chatting with

You are now presented with the easiest option to authenticate your buddy – asking them a question, and checking that they know the right answer. There are other methods as well, like entering a secret passphrase you have agreed on in advance.

Go ahead and type a question and its answer. It should be something obvious to your chat buddy (example question: “what’s the name of my dog?” or “who did we discuss about last time we met?”) but not to potential impostors. (If you have reason to believe someone is targetting you specifically, using a pre-shared secret is the best way to ensure you are talking to your real friend. After all, any serious adversary can find the name of your dog without too much hassle.)

Example of a question/answer pair

After you click on “Authenticate” you will have to wait for a few moments for your friend to answer the question using his computer:

Waiting for response to authentication challenge

Once your friend successfully answers the question you set, you will see this message:

If you get a “Authentication failed” message instead, your friend probably mistyped something. Please remember (and remind your friend too!) that the answer is CaSe SenSiTive – so in this example the answer “Maxx” is correct, but “maxx” is wrong!

Congratulations! You can now be confident you are talking to the right person! This is an additional benefit to what you achieved already - stopping Google (or anyone else) from monitoring & recording what you say!

A private & authenticated conversation over Pidgin. You know the person you’re talking to is who they say they are, and you know that noone else can eavesdrop on your conversation.

Next time you wish to talk to this person, you will just need to click on the OTR button on the bottom right and the conversation will immediately switch to “Private”. No need to re-authenticate,  unless you or they are using a different computer.

Now the only thing Google knows is

• Who you chat with
• When you chat with them

…which is a significant improvement from before.

What, you still don’t like that? What are you doing chatting on Google Chat then?! Go use CryptoCat over Tor, or if your enemies are pros (and you trust your hardware), TAILS.

Improvement 3: Use Google’s two-step verification & an application-specific password for Pidgin

It’s a good idea to use Google two-step verification. This means that Google will ask you for two pieces of proof that you are the legitimate owner of your account whenever you log in from an unrecognised device. This is an improvement in security, but means that external applications (like Pidgin) can not access your Google account.

Google’s solution is application-specific passwords. These are passwords that only work for one designated application and can not provide full access to your Google account (e.g. to change your account settings).

See Getting started with Google 2-step verification and after you’ve activated it, create an application-specific password for Pidgin on your device.

Then, on Pidgin’s main ”Buddy List” window go to Accounts -> USERNAME@gmail.com -> Edit Account, input the password you just created, ask Pidgin to remember it, hit “Save” and you should be all done.

Now starting Pidgin will automatically log you into Google Chat, without asking for your password.

Tor relays in the Amazon cloud: usage charges

I recently found out about Tor Cloud and think it’s a great idea.

In a nutshell, you can strengthen the Tor network with a few clicks and a small amount of money paid to Amazon.

But how much does it actually cost to run a Tor relay on Amazon’s EC2 service?

Here is what I’m paying after one month of running some Tor relays in the Amazon cloud:

Data Centre (location)	EC2 instance running time		Bandwidth used			Total running cost per instance for one month (USD)
	Hours	Cost (USD)	GB in	GB out	Cost (USD)
California	744	18.60	2.774	2.457	0.29	18.89
Oregon	742	14.84	0.517	0.194	0.02	14.86
Sao Paulo	741	19.85	37.644	21.603	5.40	25.25
Singapore	744	18.60	0.853	0.596	0.11	18.71
Tokyo	744	0	11.873	11.267	2.26	2.26
Virginia	744	14.88	0.828	0.543	0.07	14.95

Remember that there is a “free usage” tier – this probably explains the $0 running cost charged for my Tokyo instance.

Conclusions from the above:

1. Maximum bang for the buck if you can’t spend money on this: Run only one instance, preferably in a high-traffic area like South America. Expect to spend less than $10 per month.
2. Expect to spend approximately $20/month/instance if you’re running more than one instances.
3. I’ll kill all instances but Sao Paulo and Tokyo – at the moment all other instances seem to be receiving so little traffic they’re not worth the hassle.

Stop Facebook recording your chats

Chatting on Facebook is great, but has one major drawback: Facebook records and keeps everything you say. If you think that’s not a problem (e.g. because you subscribe to the “I have nothing to hide, therefore I have nothing to fear” camp), you can stop reading here.

But…

• If you believe privacy is a basic human right
• If you are discussing business confidential information
• If you are a journalist having a confidential discussion with a source
• Or if you’re just having an intimate conversation with a family member

… and you’re not comfortable with Facebook, Facebook’s partners and law enforcement agencies around the world being able to read your conversation at their leisure (even years after it happened!), please read on.

“How can I have a private, unrecorded conversation on Facebook?”

By not using the built-in chat feature from within the Facebook webpage. Instead, we’ll use software that encrypts your messages, so that even Facebook cannot read them.

To do this, you need to know your Facebook username. Note that this is different from your real name, or your Facebook “screen name” (i.e. the name your friends see). If you already have a Facebook username, you can see it by clicking on this link (you need to be logged in to Facebook). If you haven’t set one up, you will see this message:

Facebook General Account Settings: You have not set a username.

Don’t worry – you can get a username right away!

Click on the “Edit” link on the right. It will ask you which username you would like to use, and confirm your Facebook password:

Facebook: Setting up a user name

After clicking “Save Changes” you should be all ready to go with  your shiny new Facebook username:

Your Facebook username

Please note it down – you will need to use your Facebook username (just once!)  it in a bit.

To make sure your new Facebook username is activated, do the following:

• Log out of Facebook (closing the window does not automatically log you out!)
• On the Facebook login page, type your new username instead of the email you have been using for the “Email or phone” field
• Type your usual password for the “Password” field.
• Click “Log In”

I don’t understand why Facebook force people to do this, but this logout & re-login seems to be required to get your new username activated.

You are now ready to setup a private chat system.

Before you continue, please understand:

1. To have a private chat, both you and the person you wish to privately chat to, need to follow these steps.
2. If you use multiple computers to chat (e.g. a work computer and a home laptop), you have to repeat these steps in every computer before you use it to chat. You will only have to “prepare” every computer once.

First, download and install the Pidgin instant messaging software

Get the software from http://pidgin.im and install it on your computer.

Done installing Pidgin? Great. Continue to the next step.

Download and install the OTR plugin

The Off The Record (OTR) plugin allows Pidgin users to encrypt their communications. Get it from http://www.cypherpunks.ca/otr/ and install it on your computer.

Configure Pidgin for Facebook

The first time you start Pidgin you will see this:

Click on “Add…” – a new window comes up.

Adjust the settings as shown, using your Facebook username (Don’t know your username? See above) and password:

Click on the “Advanced” tab and fill in the “Connect Server” field as shown:

Almost there! Now click on “Add” to complete setting up your account.

You may receive a prompt to accept a certificate from chat.facebook.com – this is normal, since it’s the first time Pidgin connects to Facebook from your computer. Accept it:

You should now be connected to Facebook chat! A list of your online friends will come up right away:

If you see something like the above, congratulations – you are successfully connected to Facebook chat. If you get any error messages, modify your account settings and make sure you have typed everything as shown above. Remember, your Facebook username is not your real name!

Activate and configure the OTR plugin

From the Pidgin “Buddy List” window go to Tools -> Plugins as shown here:

Scroll down the list until you find “Off-the-Record Messaging”. Tick the box next to it – this will enable the plugin:

Now click on the “Configure Plugin” button:

In the new window that comes up, configure the default OTR settings as follows:

Congratulations! You can now chat privately with friends who also use the OTR plugin.

You have just made it very difficult for Facebook or anyone else to eavesdrop or record what you say. Just point your Facebook friends to this page and get them using the OTR plugin!

Start a private conversation with Pidgin and OTR

You can communicate privately only if the Facebook friend you’re communicating with has followed the above steps, or is using other software that uses the OTR plugin.

Double-click on their name to bring up the Conversation window. Notice the “Not private” button on the bottom right?

This means you have not activated the privacy features yet. But you’re about to!

Click on “Not private” and ask Pidgin to “Start private conversation”:

“Start private conversation” with OTR on Pidgin

Pidgin will now attempt to create a secure channel and should display the following:

This is the result we want. “Unverified” is not a problem (but see “Improvements” section below). Pidgin tells us that it has established a secure channel to the other end, and you can already use to chat if you wish.

Is this not working? Does your request to “Start private conversation” seem to do nothing? Here is a possible reason. You may need to “enable apps” on your Facebook profile.

Improvements (optional)

With an “Unverified” OTR status you can not yet be 100% certain that the person you are talking to, is indeed your friend and not an impostor, pretending to be your friend.

To rule out this possibility you should always verify the people you chat with. You only need to do this once for every friend you wish to chat with.

Verify the identity of your chat friends

For technical reasons Facebook users have to verify the identity of their friends manually, by comparing so-called “fingerprints“.

On the main “buddy list” Pidgin window, go to Tools -> Plugins, then select “Off-The-Record Messaging” and click “Configure Plugin”. (Yes, you were here earlier)

In the “Off-the-Record Messaging” window click on the second tab “Known fingerprints”.

Then select your unverified friend and click the “Verify fingerprint” button.

You will now be presented with both yours and your friend’s fingerprints. After you have verified that you both see the same fingerprints on your screens, you can change this to “I have…”

This is annoying, as it requires you to use another communication channel with your friend (perhaps telephone or email, depends on who your enemies might be) to confirm each other’s fingerprint, but as of April 2012 this is the only option Facebook users have.

That was the hard part done.

After you click “OK”, you don’t have to worry about this again. Next time you wish to talk to this friend, you will just need to click on the OTR button on the bottom right and the conversation will immediately switch to “Private”.

A private & authenticated conversation over Pidgin. You know the person you’re talking to is who they say they are, and you know that noone else can eavesdrop on your conversation.

Optionally, you can tell that your messages are encrypted by having the Facebook chat window open in your browser. You should only see messages like these:

Congratulations!

Now the only thing Facebook knows is

• Who you chat with
• When you chat with them

…which is a significant improvement from before.

What, you still don’t like that? What are you doing chatting on Facebook then?! Go use CryptoCat over Tor, or if your enemies are pros (and you trust your hardware), TAILS.

Tell websites you do not want to be tracked

 It’s called “web tracking” and “behavioural profiling”, but the result is the same. Every search you make, every email, every chat message and every page you visit is combined by e-commerce giants (Facebook, Apple, Google, Amazon etc) to create an accurate profile of… you! This is then sold to the advertisers who want to better target you as a consumer.

For more background on online behavioural tracking see the Wall Street Journal’s “What They Know” project and EFF‘s Do Not Track page. 

Here’s two of the most obvious ways one of these giants (Google) perfect their profile of you:

1. They automatically record & analyze everything you do with the services they provide to you for “free” – every email you read or write with Gmail, your Google chats, your Google searches, online purchases and so on and
2. They record any other websites you visit and what you do in them (where you click, how long you spend in a page etc). This is true of most websites, even those not directly affiliated with Google.

(I don’t want to single out Google as particularly evil - just using them as an example. Facebook does exactly the same - e.g. tracking which NHS pages people read and of course governments across the globe also want to know everything you think)

There is little you can do about #1. I avoid using Google for search, relying on the privacy-conscious DuckDuckGo search engine instead – which promises not to share my searches with Google. I log out of Gmail and Facebook as soon as I’m done using them. I close my browser and delete my cookies. But even if you do all that, they and their partners still know a lot about you.

For #2, there is something you can do. Due to the work of some good people, you have a way of telling them you do not want to be tracked: Enable the “Do Not Track”  (DNT) feature of your web browser.

Visit http://donottrack.us/ to check if DNT is enabled in your browser and if not, enable it now – it will only take 2 minutes. As of March 2012 DNT is supported by all major browsers except -unsurprisingly- Google Chrome.

This is where you can enable it in Firefox (on Windows):

Step 1: Fire up Firefox's "Options" menu

Step 2: Click the "Privacy" icon on the top row and then check the "Tell web sites I do not want to be tracked" box.

Please note that enabling Do Not Track (DNT) does not stop websites from tracking you. It merely indicates that you do not wish to be tracked.

This is important, because it approaches the practice of web tracking from two sides: Technology and policy. Solely relying on technological solutions to supress/evade web tracking could never be fully successful – marketers would always find ways around your techical defenses, while publicly arguing that web users want to be tracked because it provides a better online (purchasing) experience.  But DNT has a policy side as well: It allows regulatory bodies like the FTC to nudge marketers to honour the DNT setting. The result is much more effective than a mere technological workaround: If consumers use DNT to clearly indicate “I do not want to be tracked” and the FTC has ruled that marketers must respect this choice (which has not happened as of March 2012), marketers take a lot of risk by ignoring DNT and tracking you. Such behaviour would expose them to lawsuits, fines from the FTC, harm to their brand, public image etc.

 Think of DNT as the “Do Not Call” registry for the World Wide Web. By subscribing, you’ve just made DNT stronger and the Web a better place for all.

Thank you!

PS: For the sceptics who worry DNT might kill “free” online services via hurting online advertising revenue, Stanford Law School’s Center for Internet and Society has a good analysis of why this is unlikely to happen here.

PPS: As Harvard Law professor Jonathan Zittrain put it: “If what you are getting online is for free, you are not the customer, you are the product.” You have to decide if you are comfortable being commodisised like this.

PPPS: I recently asked Mozilla’s Tom Lowenthal what good DNT is, if users don’t even know it’s there. Even if they do, how many real people will choose to venture 6 clicks deep in computer-gibberish settings pages to enable DNT? Tom re-stated that the Mozilla people do not want DNT “on” by default, therefore making it an “opt-in” feature, the cost of which should be obvious by the mere existence of this blog post.

BT, you really don’t want people to read your terms of service, do you?

As of March 2012, BT’s terms of service for broadband customers are officially too complicated for human beings.

BT seem to recognise that even they can’t come up with a consistent set of terms within this avalanche of documents, so they included a catch-all term that reads:

“If any of these documents contradict each other [...]“

Really, BT? Really?

Book review: “Liars and Outliers” by Bruce Schneier

I recently read Bruce Schneier’s latest book – Liars and Outliers: Enabling the trust that society needs to thrive

It’s a good book, of potential interest not just to technology people, but also to anyone wishing to understand more about the way the world works. Schneier uses a wealth of examples to demonstrate that without implicit trust towards pretty much everyone around us, society falls apart.

Reading this book convinced me once more that calls for more surveillance and a more extensive police state must be resisted. The underlying assumption (that crime can be brought down to 0% if only we give up most of our liberties) is a false one. Schneier convincingly argues that the cost of wiping out crime is too high for society – we should therefore stop the hysteria about “total security” and get on with our lives.

Some excerpts I liked from the book:

Why perfect uniformity/efficiency is a bad thing:

It has been convincingly argued that one of the reasons sexual reproduction evolved about 1.2 billion years ago was to defend against biological parasites. The argument is subtle. Basically, parasites reproduce so quickly that they overwhelm any individual host defense. The value of DNA recombination, which is what you get in sexual reproduction, is that it continuously rearranges a species’ defenses so parasites can’t get the upper hand. For this reason, a member of a species that reproduces sexually is much more likely to survive than a species that clones itself asexually—even though such a species will pass twice as many of its genes to its offspring as a sexually reproducing species would.

Interesting factoid about the human body:

Only 10% of the total number of cells in our human bodies are us—human cells with our particular genome. The other 90% are symbionts, genetically unrelated organisms.

On a societal level, the common cold is more dangerous than Ebola:

Being a parasite is a balancing act. Biological parasites do best if they don’t immediately kill their hosts, but instead let them survive long enough for the parasites to spread to additional hosts. Ebola is too successful, so it fails as a species. The common cold does a much better job of spreading itself; it infects, and in the end kills, far more people by being much less “effective.”

Spectacular exceptions to honest commerce:

We engage in honest commerce, although Enron and AIG and Countrywide are some pretty spectacular exceptions.

On how religious fear keeps people in line:

They found no difference in cheating behavior between believers and non-believers, but found that people who conceived of a loving, caring, and forgiving God were much more likely to cheat than those who conceived of a harsh, punitive, vengeful, and punishing God.

There is no such thing as “I have nothing to hide”. 100% conformance to any set of rules is extremely rare:

People vary in their individual behaviour . Sure, most people will cooperate most of the time, but some people will defect some of the time, and almost everyone will defect once in a while.

A mass murderer’s view on the paradox of how we perceive tragedy.

Joseph Stalin said, “the death of one man is a tragedy, the death of millions is a statistic”

Companies renaming themselves to escape their tainted “brands”:

Philip Morris renamed itself Altria, because who would want to buy their Kraft Mac and Cheese from a cigarette company? ValuJet, its brand ruined after Flight 592 crashed in the Everglades in 1996, now operates as AirTran Airways. Blackwater, the defense contractor notorious for numerous Iraq war abuses, is now Xe Services. The School of the Americas, implicated in training many human rights–abusing military staff in Latin America, rebranded itself as Western Hemisphere Institute for Security Cooperation.

How the nudge effect increases voting participation:

In the U.S., voter turnout is so low in part because there’s no legal requirement to vote. In countries where voting is required by law—Australia, Belgium, Bolivia, etc.—turnout is much higher. This is also true in countries that don’t have explicit voting laws, but have laws that raise the cost of not voting in other ways. For example, in Greece, it’s harder for non-voters to get a passport or driver’s license. If you don’t vote in Singapore, you’re removed from the electoral rolls and must provide a reason when you reapply. In Peru, your stamped voting card is necessary to obtain some government services. And in Mexico and Italy, there are informal consequences of not voting.

Fighting back against predatory insurance premiums:

One report demonstrated that uninsured drivers in the UK are capable of doing the math, and will remain uninsured if the expected penalty for doing so is less than the cost of insurance.

It doens’t matter what you say – it matters how you say it.

For this reason, signs featuring anti-littering slogans like “Don’t Mess with Texas” are more effective than signs that only warn, “Penalty for Littering: $100”; and “smoking in hotel rooms is prohibited” signs are more effective than signs that read “$250 cleaning penalty if you smoke.” In one experiment with day care providers, researchers found that when they instituted a fine for parents picking their children up late, late pickups increased. The fine became a fee, which parents could decide to pay and assuage any moral resistance to defection.

How the law messes up people’s ethics:

Financial advisors exhibit this unconscious bias in favor of their clients. In one experiment, analysts gave different weights to the same information, depending on what the client wanted to hear. An obvious societal pressure system to address this problem would be to require advisors to disclose any conflicts of interest; but this can have the reverse effect of increasing the number of defectors. By disclosing their conflicts, financial advisors may feel they have been granted a moral license to pursue their own self-interest, and may feel partially absolved of their professional obligation to be objective.

On how children nowadays can’t write:

Between the ubiquity of keyboards and the tendency for teachers to focus on standardized tests, cursive is not being taught as much in schools. The result is that signatures are more likely to be either printed text or illegible scrawls, both easier to forge.

Poor given less breaks than rich:

The poorer the job is—the less well-paying, the less personally satisfying, the more unpleasant, etc.—the more restrictive the security measures tend to be. Minimum-wage employees are often subject to rigorous supervision, and punitive penalties if they defect. Higher-level employees are often given more latitude and autonomy to do their job, which comes with a greater ability to defect.

On how hefty-sounding fines for criminal conduct are sometimes just a joke:

The DeCoster family egg farms, responsible for the huge salmonella outbreak in 2010, had been repeatedly fined for health violations for over ten years. In 2011, the large pharmaceutical company Merck Serono agreed to pay a $44.5 million fine for illegally marketing the drug Rebif. That sounds like a lot, until you realize that the annual sales of the drug were $2.5 billion and the misconduct occurred over an eight-year period. It’s no wonder the firm was a repeat offender; the fines were just a cost of doing business.

Why “Too big to fail” is a propaganda term that should not be used as an excuse for anyone:

Any company that is too big to fail—that the government will bail out rather than let fail—is the beneficiary of a free insurance policy underwritten by taxpayers.

Crimes you can get away with if you’re powerful enough:

No one in the U.S. government is interested in taking the National Security Agency to task for illegally spying on American citizens (spy agencies make bad enemies). Or in punishing anyone for authorizing the torture of—often innocent— terrorist suspects. Similarly, there’s little questioning legislatively about President Obama’s self-claimed right to assassinate Americans abroad without due process.

How the current tax rules in the USA create an incentive to cheat (and how the poor haven’t even got the chance to try):

These days, if you’re making a 5% return on your investments, you’re doing really well. With the top federal tax rate at 35%, the money you can save by cheating is a pretty strong motivation. These are not people who can’t afford to pay taxes; the typical tax cheat is a male under 50 in a high tax bracket and with a complex return. (Poorer users, with all their income covered by payroll taxes, have less opportunity to cheat.) The current situation creates an incentive to cheat.

On how the taxation system in the USA benefits the rich:

And make no mistake, industries, professions, and groups of wealthy people deliberately manipulate the legislative system by lobbying Congress to get special tax exemptions to benefit themselves. One example is the carried-interest tax loophole: the taxation of private-equity-fund and hedge-fund-manager compensation at the 15% long-term capital-gains tax rate rather than as regular income. Another is the investment tax credit, intended to help building contractors, that people used to subsidize expensive SUVs.

On being careful what you measure – you might just get presicely that, and nothing else:

Currently in the United States, standardized student testing has incredible influence over the future fates of students, teachers, and schools. Under a law called the No Child Left Behind Act, students have to pass certain tests; if they don’t pass, their schools are penalized. In the District of Columbia, the school system offered teachers $8,000 bonuses for improving test scores, and threatened them with termination for failing. Scores did increase significantly during the period, and the schools were held up as examples of how incentives affect teachers’ behavior. It turns out that a lot of those score increases were faked. In addition to teaching students, teachers cheated on their students’ tests by changing wrong answers to correct ones. There’s a societal dilemma at work here. Teachers were always able to manipulate their students’ test scores, but before the No Child Left Behind law, the competing interests were weak. People become teachers to teach, not to cheat… until their jobs depended on it.

On the current state of politics in the USA:

We’re all better off if national policy debates are factual, honest, and civil, but it’s easy to resort to spin, distortions, smears, and lies. But if enough people do that, you get the circus that characterizes far too much of current American politics.

On the New York Times putting political agendas before peoples’ right to know:

In mid-2004, the New York Times learned about the NSA’s illegal wiretapping of American citizens without a warrant, but delayed publishing the information for over a year—until well after the presidential election.

You get what you measure.

On the problems fast technological changes create – too many new possibilities too quickly, and society hasn’t figured out how to adapt yet:

In 2011, science fiction author Charles Stross gave a talk on the ubiquity of data that’s coming in the near future, from technologies like genetic mapping, “lifeblogging”—the audio and video recording of everything that happens to you—sensors on everyone and everything. Nothing he said required anything more than mild extrapolation. And then he talked about the issues that society is going to have to wrestle with once this data exists: Is losing your genomic privacy an excessive price to pay for surviving cancer and evading plagues? (Broad analysis of everyone’s genetic data will result in significant new understanding about disease, and a flurry of medical results that will significantly benefit everyone. At the same time, an individual’s genetic data is both personal and private—even more so when companies start using it to prejudge people.) Is compromising your sensory privacy through lifeblogging a reasonable price to pay for preventing malicious impersonation and apprehending criminals? (Lifeblogs have the potential to be a valuable police tool, not just by allowing victims to record crimes, but in the incidental recording of events in the background that later could be instrumental in identifying criminals.) Is letting your insurance company know exactly how you steer and hit the gas and brake pedals, and where you drive, an acceptable price to pay for cheaper insurance? (Once insurance companies have all of this data, they could more easily offer differing insurance policy to different types of drivers.) These are all societal dilemmas about how to balance group interest with selfinterest.But before figuring out what kind of societal pressures to deploy to solve the problem, society first has to agree what the group interest is. We can’t start talking about what kind of societal pressures to set up to prevent people from keeping their genome secret, or protecting the privacy of their lifeblog, or limiting access to their car’s “black box” data, until we agree on what it means to cooperate and what it means to defect in these situations. It’s difficult to solve societal dilemmas while society itself is changing so quickly.

On the danger of concentrated power and the usefulness of people going against the norm:

+ Reduce concentrations of power. Power, whether it’s concentrated in government, corporations, or non-government organizations, brings with it the ability to defect. The greater the power, the greater the scope of defection.7 One of the most important things society can do to reduce the risk of catastrophic defection is to reduce the amount of power held by individual actors in key positions.
+ Require transparency—especially in corporations and government institutions. Transparency minimizes the principal–agent problem and ensure the maximum effect of reputational pressures. In our complex society, we can’t monitor most societal dilemmas directly. We need to rely on others—proxies—to do the work for us. Checks and balances are the most powerful tool we have to facilitate this, and transparency is the best way to ensure that checks and balances work. A corollary of this is that society should not suppress information about defectors, their tactics, and the overall scope of defection.

The reason we still have the illusion of control of our digital lives and data:

Remember, parasites need society to be there in order to benefit from defecting; and being a parasite is a successful strategy only if you don’t take too many resources from your host.

On the importance of trust in society:

Philosopher Sissela Bok wrote: “…trust is a social good to be protected just as much as the air we breathe or the water we drink. When it is damaged the community as a whole suffers; and when it is destroyed, societies falter and collapse.”

On the importance of troublemakers:

Society needs defectors. Groups benefit from the fact that some members do not follow the group norms. These are the outliers: the people who resist popular opinion for moral or other reasons. These are the people who invent new business models by copying and distributing music, movies, and books on the Internet. These are people like Copernicus and Galileo, who challenged official Church dogma on astronomy. These are the people who—to take a recent example—disrupt energy auctions to protest government inaction on climate change. They’re also people living on the edge of society: squatters, survivalists, artists, cults, communes, hermits, and those who live off the grid or off the land. In 2011, U.S. Marine Dakota Meyer received the Medal of Honor for saving three dozen of his comrades who were under enemy fire. The thing is, he disobeyed orders in order to do so. Defection represents an engine for innovation, an immunological challenge to ensure the health of the majority, a defense against the risk of monoculture, a reservoir of diversity, and a catalyst for social change. It’s through defection from bad or merely outdated social norms that our society improves.

How not conforming is necessary to improve our society:

Sometimes a whistle-blower needs to publish documents proving his government has been waging an illegal bombing campaign in Laos and Cambodia. Sometimes a plutonium processing plant worker needs to contact a reporter to discuss her employer’s inadequate safety practices. And sometimes a black woman needs to sit down at the front of a bus and not get up. Without defectors, social change would be impossible; stagnation would set in.

Google 2-step verification – a usability note

Google’s two-factor authentication system (they call it “2-step verification“) is a good safeguard against online criminals hijacking your account.*

After enabling 2-step verification, whenever you login to your Google account (e.g. for Gmail) you get a text message on your phone. Unless you provide the numeric code of that text message to Google, you cannot access your account.

This is classic two-factor authentication in that it ensures

1. You know the password for your account and
2. You have your phone in your possession

As this would quickly get annoying for people who login/out of their Google profile all the time, there is an option to “Remember this computer for 30 days”. This means that Google will not require two-factor authentication for a month for that particular computer & browser if the user says so.

But how does Google know that this computer is one to be trusted? This information is stored in a cookie. To safeguard my privacy I always setup my browsers to delete all cookies (and LSOs). But this wipes out the Google cookie that “remembers” my machine as well, which means I am asked again and again for 2-factor authentication. This situation quickly gets annoying. Isn’t it possible to tell my browser (Firefox) to delete all cookies EXCEPT the necessary Google cookies every time it exits?

Luckily it is. You need the following settings in Firefox:

• Accept cookies from sites
• Keep until: I close Firefox
• Exceptions…: accounts.google.com – “Allow”

This is what your Firefox Preferences window should look like on Ubuntu Linux:

…and the exception window that does the trick – this is how the critical cookies from accounts.google.com will NOT be deleted. Instead they will be preserved across browser sessions and you will not have to do two-step verification every time you login to Gmail with computers you trust:

For Windows users, the same options work just fine – here is what the options window need to look like on Windows 7:

…and the exception rule:

Try it. Shut down Firefox, start it up again and have a look in the stored cookies from the main settings panel under Privacy -> Show Cookies. There should only be cookies from “accounts.google.com” and perhaps from your browser’s homepage there – nothing else.

You now have

• Better security of your Google account due to 2-step verification
• Better usability because you don’t need to perform 2-step verification all the time on your trusted computers
• Decent privacy & lack of tracking because Firefox deletes almost all cookies every time it exits.

This is the tip of the iceberg (think malware, LSOs, unique browser fingerprints etc), but hey, it’s better than nothing.

* Unfortunately it doesn’t really help when the attacker is the government. As Wikileaks and Privacy International have pointed out with the “Spy Files” project, when it comes to government surveillance Gmail users are screwed.

The financial services industry view on cybercrime

I recently attended Jim Oakes’ “Cybercrime, Global Underground Economy Developments and Challenges” talk. All the hype about his 30-year service for the police, anti-fraud teams, financial services organisations yada yada made me very sceptical to begin with, but the session turned into a quite useful overview of the (depressingly many) ways you can be ripped off by criminals while doing business with/through your bank.

…

I let this draft lie for a few months now, as I wasn’t sure how to digest the hordes of information in Jim’s presentation into a more friendly, easily digestable message. Shall we just say it’s pretty bad out there?

Practical advice:

• DO NOT use the same password for different websites. Use something like Oplop to generate passwords and a password manager to store them.
• DO NOT do eBanking from your smartphone just yet. I have some reservations about the iPhone, but Android phones can certainly currently not be trusted.
• If you need to do eBanking using a computer (laptop, desktop etc) then start the computer with a bootable CD or USB disk and then do your eBanking. Unless you are personally targeted by law enforcement or criminals, this should give you a computer you can trust. Don’t take my word for it – take Krebs‘ word for it. Computer security is in *such* a sad state.

The myth of the pimples-ridden malware author

Overheard in an Internet Cafe recently:

(guy storms in and purposefully walks towards the counter)

Distressed guy: “Hi, I have a virus on this USB stick and I can´t use it, can you clean it for me?”

Internet Cafe attendant: “…”

Distressed guy: “Look, I didn´t do anything funny, just because some little c*** has nothing better to do but write a virus I can´t access my files now!”

I take issue with this statement. It regurgitates the popular misconception that malware (also known as a virus, a worm, a trojan) is software written by someone who hates mankind. It is their effort to take blind revenge on the world, to mindlessly harm everyone for no real reason other than malice.

Er… no.

Malware takes effort to create. This means skill, patience, equipment and time. All this means money.

Slightly paraphrasing Mikko Hypponen, most malware is created for three reasons:

1. Money via criminal activities. See Peter Gutmann’s figures in his “The Commercial Malware Industry” from years ago to glimpse at just how much money is involved in this global underground market.
2. Idealism – which creates the composite term “hacktivism”. Groups like Anonymous fall in this category.
3. Control – this is state-level information warfare waged either against other nation-states or against the state’s citizens.

Some years ago, malware might have been an annoying prank of kids who had a gripe against the world.

This is no longer the case. Things are far more serious now.

Cleaning malware while travelling: A case study

I have been on the road for the past few months and using plenty of Internet Cafes for all my digital endeavours. As I result the USB sticks I use to save my pictures, documents etc while I travel have been infected with all sorts of malware.

Malware that is obvious is the least dangerous kind. It means its creators are not organised or skilled enough. The truly worrisome malware is invisible. You don´t know you have it, but it quietly monitors all your actions.

So I was intrigued when my USB stick started displaying typical silly malware behaviour. The folder icons in Windows changed – they were not “shortcuts to folders”, but really they pointed to executables somewhere deep in System32 that would do its nastiness and then show you the contents of the intended folder. Other than that, everything looked normal.

Well, it was obvious malware was there and the USB stick was infected. Antivirus software installed in public Internet Cafe PCs could not detect or clean it, so I had the pleasure of doing it manually. Here is how:

1. Get a system you can trust not to lie to you – to show you the absolute truth and nothing but the truth. A pristine Linux installation does just that, and unless you happen to have a netbook with Linux installed with you while travelling, creating a bootable Ubuntu Linux CD or USB stick is your best bet. The computers I had access to were ancient and could not boot (start) from a USB stick, so I had to create a bootable Ubuntu CD following the steps detailed at http://www.ubuntu.com/download/ubuntu/download
2. Now you are using a computer you can trust. Plug in the infected USB stick. You will probably see all sorts of new files there, stuff you haven´t put there. Delete it one by one. In my case I had filenames starting with “._”, others starting with dot-space, all sorts of tricks that will make files harder to view and control in Windows or Macintosh machines. After you have deleted all files that don´t belong to you, check for an autorun.inf that tries to execute the malware when the USB is connected to a computer. If it´s there, either edit out the malware items or simply delete it (which is what I did).
3. Next, I had a surprise waiting for me as I connected the now clean USB stick to a Windows computer – I could still not see my original folders! The reason is that the malware had hidden the folders by changing their attributes to /system and /hidden – so Windows Explorer does not display them by default. This can be corrected from a Command Prompt (Start -> Run -> cmd) by changing directories onto the USB stick and using the “attrib” command. My original folders were “pics”, “stuff”, “maps”, “portable”, “truecrypt”  etc so I issued the following commands to mark them as NOT hidden and NOT system folders:

• attrib -H -S /D /S pics
• attrib -H -S /D /S stuff
• attrib -H -S /D /S maps
• attrib -H -S /D /S portable
• attrib -H -S /D /S truecrypt

Et voila! All was visible, usable and normal again.

Goodbye silly piece of malware!