Archives For antisocial networking

In a previous episode of “Privacy Claw-back”, I deleted the contents of and removed my Facebook account. That was kind of hard to do at the time as I wasted a whole lot of time on Facebook – it was really fun reconnecting with old friends.

However, I began to think critically about Facebook. This is where all of the problems come in. Facebook’s creation is a tale of amazing scale, ingenuity and engineering prowess. The dark side of the equation is the unprecedented knowledge that can be gleaned from our data about us. The impulse to use this data improperly is probably impossible to resist.

Google is another can of worms. They did not become the biggest search engine for nothing. The amount of information Google has about you, your spouse, your friends, kids, your preferences, likes, dislikes, where you go, who you talk to, what might ail you, political views – it goes on and on and on.

It is time for me to disconnect from Google. Can I do this and still have a positive internet experience? I hope so. I began this process over a year ago when I switched to a PAID email service, pobox.com. It works pretty good. I am fairly confident my email is not datamined, and the web UI is OK – not the best. (That is what Thunderbird is for). However, I kept my GMail accounts and Google-hosted mail service intact (but idle), just in case.

For search, I switched to DuckDuckGo.com well over a year ago. It has gotten really, really good. I have found myself using Google less and less. I even changed my “urlbar keyword” search in Firefox to use DuckDuckGo. (I occasionally use Bing and Yahoo as well).

Twitter is the only hold-out as I feel like Twitter is “not evil yet”. Perhaps someday Twitter will become a protocol. That, I hope, will be inevitable.

Today, as I read about Google’s new non-opt-out privacy policies, it occurred to me that I really don’t rely on Google anymore, I have slowly freed myself from that dependency. I may yet have issues using certain apps on my Android device and I need to figure that out next. (Yay, Boot2Gecko!).

In the meantime, I have taken this experiment up one notch by adding google.com and http://www.google.com to resolve to my local webserver in /etc/hosts – my machine can no longer reach Google or Facebook. (or Google analytics servers for that matter).

The point is, there are many great internet services out there that you can rely on to handle search, email and social that don’t infringe on your privacy, try them out!

When I found out I could choose my own title at Mozilla I was ecstatic.

Of course coming up with a good one is another matter, I thought about it for days and days…

I thought about my “newbie” place at Mozilla and dredged my unconscious memory of all of the movies I had ever seen and chose the title: “Civilian Observer“.

Folks who have seen my business card are aghast – “What the hell does that mean?”

Surely you remember the 1980 movie “The Final Countdown” starring none other than Martin Sheen? (For my millennial readers, that is Charlie Sheen’s old man). His role was that of “Civilian Observer” on board the USS Nimitz.

From Wikipedia:

In 1980, the supercarrier USS Nimitz (CVN 68) takes on a civilian observer, Warren Lasky (Martin Sheen), at the orders of his reclusive and mysterious employer, Mr. Tideman (who helped design much of the ship), just before it departs Pearl Harbor for a training mission in the Pacific Ocean. Out in the Pacific, the ship encounters a strange storm-like vortex which disappears after the ship passes through it.

Naturally, I am not going to spoil it for you, but the Civilian Observer helps try and figure out alternative ideas for the strange place the ship finds itself in.

In working on open source or free software, you know there is a lot at stake. I feel like all of us are observing the growth of the internet and with it the growth of attempts at curtailing the power that this computer network gives us. We are seeing more and more of the growth of surveillance technology, some of which is created in Silicon Valley – technology that is used to prevent and record private communication, help identify and  round up and torture or kill dissidents all over the world.

The battle for the Web and the Internet is a full on war. It will always be that way. The issues of privacy vs. surveillance, open or closed software stacks and walled gardens are here to stay. We must be vigilant and we must create tools that fight and overturn the impulse to control or subordinate and use people and networks of people.

I have felt like the “Civilian Observer” since before I started at Mozilla, its just become more pronounced in the past few years. Take for instance, a smattering of my Twitter feed – tweets and links selected in the past day, mere hours:

a tweet

a tweet

a tweet

a tweet

a tweet - no link

a tweet

a tweet

a tweet

a tweet

a tweet

a tweet

a tweet

a tweet

a tweeta tweet

Sometimes these tweets pop up right after one another:

2 tweets

a tweet

Wow!, right?

Recently, WikiLeaks published a database of surveillance companies that produce tools that provide “Mass interception of entire populations…“.

These tools deployed on a mass scale essentially turn the Internet into a surveillance system.

We need more Countermeasures for this.

Firefox is one of these countermeasures, without it we would really be in a world of pain. I cannot even imagine how craptastic the net would be without Firefox.

Mozilla’s Boot2Gecko project is also a countermeasure. If we pull this off, it will truly be a Coup d’état in the mobile device space. The goal: building mobile phone apps from HTML, JavaScript and CSS! That is the way it should be.

Deuxdrop is another project in Mozilla labs trying to create a secure messaging system – I have high hopes for it. Again, these are the kinds of tools that need more focus.

I have been working on DOMCrypt for a few years now. DOMCrypt provides a Cryptography API in web pages, making it trivial and fast to encrypt data that may be part of a message to another web user or data that should stay private while stored in LocalStorage (amoung many other use cases). I am proud to say we have implementation bugs and plans lined up for both Gecko and WebKit. The W3C is using the API as the strawman proposal for the Web Cryptography Working Group. Web developers will be able to use strong and fast crypto via a DOM API. Exciting stuff.

Web developers are way out in front on this issue – there are several crypto libraries for JavaScript out in the wild, and developers are using them to push the envelop in web apps.

This is great stuff, but we need safer, built-in crypto APIs for browsers to provide a foolproof way to use crypto in the browser, not to mention the speed boost you get when calling native code APIs vs. native JavaScript functions. The other thing we need are new ways to communicate. The Web has won as the default communication channel and developers need to be able to write apps that allow people to communicate without sharing the conversation with a 3rd party.

Not sharing data with a 3rd party is the key issue. This concept destroys a lot of business models, well, one business model – the one everyone seems to think will work long term. I doubt that. Here’s a business model you can try: make a cool product and charge people a small fee to use it while simultaneously preserving their privacy. Novel, isn’t it?

What can you do to help? You can demand privacy and security be a feature of the products you use, not an afterthought. You can help test or help develop “countermeasure” applications.

Wikipedia lists several applications that enhance communications with more security:

https://en.wikipedia.org/wiki/Secure_communication#Programs_offering_more_security

(The link above does not mention  Tahoe-LAFS – please comment if you know of any more notable applications or toolkits)

I hope the future will bring a slew applications and startups that trumpet privacy and security enhanced applications. I hope web developers begin to think about more creative uses of their talents than online coupons and advertising-funded social media. The future of online privacy and security is both bright and bleak. Bright in that we have the CPU power, talent and base algorithms sitting right in front of us. It may seem bleak if you think no one cares about privacy or there is no ‘free lunch/free beer’ business model.

Another thing you can do is support organizations that are “watching the watchers”, the EFF, Privacy International and others. A great resource for this is privacy.org.

The Final Countdown Poster

The Final Countdown Poster

>For some time now I have been playing with the WeaveCrypto service – now a JavaScript module implemented on top of NSS via jsctypes. It is a pretty easy to use module – thanks in large part to the Weave (now Sync) team, Justin Dolske and many others.

I recently dove back into the code to try and distill down an easy to use API that can be attached as a property to any DOM Window.

The WeaveCrypto API was truncated because Sync started using a better encryption system (J-PAKE) for its purposes, so I had to dig through hg log to find the bits I needed:

http://hg.mozilla.org/mozilla-central/raw-file/d0c40fc38702/services/crypto/modules/WeaveCrypto.js

I took the old WeaveCrypto module and created an easy to use front-end component that sticks a ‘crypt’ property on each DOM Window.

My github repo is here: https://github.com/daviddahl/domcrypt 

A demo (with xpi link) page is here: http://mozilla.ddahl.com/domcrypt/demo.html

The 3 methods exposed (so far)  are generateKeyPair(), encrypt() and decrypt()

While I am not sure this is ‘production system’ ready, I am sure that these are the kinds of tools the users of the web need to build secure communications applications, toolkits and libraries.

Perhaps ‘Do Not Track’ can extend to ‘Do Not Datamine’?

>The next wave in web technology should be the inverse of social networking. I wouldn’t want to “brand” it ‘antisocial networking’, since that connotation is a bit negative, but it has a certain ring to it:)

I am amazed by the way that social networking has set aside so many people’s sense of privacy. I was quite hesitant to use Facebook, but started “using” anyway in 2007, (2007?, yeah – late to the game, yadda yadda).

So there I was finally using Facebook, reconnecting with people, wasting a LOT of time. Very cool. Right? Maybe not. This question seemed to enter my mind a lot: who owns this data and what is being done with it? Obviously, it is being datamined and sold and kept forever.

I’d rather my correspondence with my friends and family not be sliced and diced and sold – and kept as a public (or private) record. Forever. Internet users should stop and think hard about how all of this technology impacts us, and how for profit companies are selling and searching and slicing and dicing our thoughts, plans, pictures, ideas, and opinions.

I want to opt out. But, I also want to communicate in a modern, high-tech, fun way.

I use Gmail, and I have to say that it is so easy to use – they even host my personal domain mail for me. I ran my own server for about 5 years, it was not fun. Spammers ruined it for me, I couldn’t afford the bandwidth for the spam. Gmail to the rescue. But, again, my email is datamined, ads are shown, the data is kept forever by a for-profit company.

I want to opt out.

This is the challenge for real “social entrepreneurs”: we need modern, high tech, fun communications channels like Facebook, Twitter, Gmail, GChat, but these tools should be built on top of anonymity, security and privacy, (and be open source).

This is not easy. These “privy-networking” systems have to allow anonymity, security, privacy, and establish that the user owns, can copy, move or destroy the data on a whim. Oh, and they have to be easy to use too.

The fight on the privacy front is not going so well. Researchers have even figured out how to turn anonymous data into names, addreses, and phone numbers: http://www.schneier.com/blog/archives/2009/04/identifying_peo.html

And don’t get me started on “Warrentless Wiretapping”, which appears to continue with gusto under our new president: http://www.eff.org/press/archives/2009/04/05

The last time I checked, you were entitled to a private conversation.