Freemors Blog

Musings of an East Coast Techie
Posts tagged as privacy

Divorcing My SmartPhone

2017-08-28 by Freemor

So, I came to the realization that I was in a broken relationship. One in which my attention was often demanded for petty reasons. A relationship where interacting with the other party failed to fill any deep or meaningful need despite a promise that it would be more fulfilling.

The other party was my smartphone. So it was time for a divorce.

Put in less whimsical terms I recently and increasingly realized I was spending far too much time on my device. I'd find myself reaching for it in any idle moment, as many do. And I never left such events feeling rewarded or fulfilled.

I think that part of what has cause this increased awareness is that in all my other computing I work in an almost completely text centric environment. Bowing to the need for the occasional use of a GUI based browser is about the only non-text interactions I have. But even with browsing most of what I do is done with a text only browser.

Also all my other computing devices are not always on/always connected devices.

This disparity between my normal computing devices and my smartphone I think really highlighted the differences. A growing frustration with the direction that Android is going is also in the mix. As many may know I De-Googled my life a while back and have been very happy for it. So my smartphone runs a Google free version of AOSP. With only apps from F-droid on it. So I'm heading in a more free (as in freedom) direction and every new version of Android that comes out does more and more to lock Android and to lock it to Google.

One of the first thing I noticed is that when working in a non-GUI environment I was more focused, more productive, and more task oriented. Where as on the phone everything felt muddled, unfocused and often meaningless.

I also do not like the treacherous nature of smartphones. As anyone who reads my blog will know privacy is a huge issue for me and smartphones simply leak far too much personal information.. So I had already been mulling what I would do when it was time to replace my current device. I did not want to get another smartphone.

So with all this going on and me recently building myself a small mobile computing device.. Much more of a MID then a smartphone and Linux based not Android based. I decided it was time to start saying good-bye to my smartphone.

Now there were some minor considerations that might have mean that I would have to keep the phone. At least for a while. But I wanted to minimize my use of it.

The first thing I did was transfer as much of the non-communication things I did on it over to my new MID (BTW also text centric), and even a few of the communication functions like Instant messaging.

That went well and I felt no real pain in doing so. Mostly what it did is give that overly attached part of me a mental safety net. "OK, phew, I still have all that, just on the other device"

The next step was turning off all non-critical notifications. If it wasn't something that absolutely required my immediate attention off went the notification. This step was amazingly successful. I quickly stopped looking at my phone all the time. Even the amount of checking it in the idle times dropped. I even started to lose the desire to keep it with me all the time.

After that came A big one. Pull every attention sucking, non-critical communication thing off the phone. All social media things gone from the phone. All games, gone. All those random interesting but ultimately time wasting apps, gone. Calendar, gone (have it on my MID now). Even the browser, Youtube player, etc.. gone.

This sounds rather radical but it was necessary if I was to say good-bye to my phone.. All that was left were things that deal directly with real time communications, and privacy enhancements. So basically phone, SMS (encrypted), GPS navigation, and contacts. Plus a few enhancements like firewall, ConnectBot and F-driod.

And. I didn't go nuts.. In fact my routines changed in pleasant ways. I no longer reached for the phone as soon as I woke up. No reason to. It often lay forgotten until I was about to head out for the day. I still check my social media but it is a much more intentional type of interaction which happens on my laptop while having my morning coffee, and ends once I'm caught up. Same with e-mail.

After another purge further stripping the phone down to nothing but basic phone features, and turning off WiFi, which went far better then I thought it would. I was ready to take the plunge. I ordered a $70 feature phone to replace my smart phone.

The phone arrived quickly and despite myself and others being concerned that I would end up ultimately being unhappy with the phone, quite the opposite has happened. Other then some initial pain learning how to TXT with T9 style input again, life is fine.

Although I can no longer easily do encrypted SMS only a few people ever got on board with that and most of what I send via SMS isn't anything that needs encryption. I don't really care if the powers the be see me asking my wife if we need bananas. For anything that requires encryption I can use the Instant Messanger on my MID.

I am actually loving the flip phone. It is smaller, lighter, better on battery, has a replaceable battery, feels and acts more phone like, and still is able to play my music and podcasts through my Bluetooth headphones. I do not need more. And best of all I got my life back. I'm no longer tied to a hugely expensive, privacy sucking, attention sucking, thing that is doomed to the landfill because the battery can not be replaced.

I even now turn the hone off when not in use. Imagine that. A life where I only get bugged by the outside world when I chose to. A world where I control how and when I talk to people or people talk to me. A world where I watch all the way through a TV show (or several) without ever two screening. A world in which when I'm with fiend I'm with them not split between them and my annoying smart thing.

I'd strongly suggest that other should try to follow in my path. Even if you only got as far as pairing back what is on the phone and limiting notifications to only the important ones I suspect you'd notice a large difference in your life. I certainly did.

He who controls the server and software 'owns' the device

2016-04-05 by Freemor

With recent articles like this and this, I felt it was important to point out the golden thread running through these. Which boils down to one thing. "He who controls the software and/or server controls the device" at least in devices like these.

When buying a product that is Internet ready or Internet connected it is very important for people to ask the question "What happens if the Internet part goes away?"

For some products it's no biggie, like say a media player that downloads from a specific site, but also let you put your own music on. In this case the Internet part is more of a "Value added" piece then an mandatory one.

Then there are things like the Google Chromecast. If the Internet back end goes away because Google decides to move to ChromeCast V3.0 and not support earlier ones, then the device will become a brick. useless. And due to the lack of software freedom in these devices there is nothing the owner can do.

This same thing is true of an ever increasing number of products. Especially as we move into the whole "Internet of Things" (IoT) world. One of the reasons that businesses are so hot on the IoT idea is the reach it gives them over the product. This was seen with Kindle when amazon reached into thousands of devices and Erased the book 1984.

There are two separate issues at play here:

The "ownership" of the device hinges on these two things. Lets look at each of them.

Who controls the software

If you do not control the software on the device, then it controls you. You do not own that device. The person that controls the software owns it.

When I talk about control I am not talking about how "Usable" the software is. I'm talking about the users ability to Change, modify, study, etc. the software on the device.

If you can't change the software at all them you have absolutely no control.

If you can swap one opaque mass of software for another opaque mass of software you have the limited illusion of control

Only when you can Study the software to see how it works, Change it to work the way you want it to, Share the changes you've made and have the freedom to use the software in any way you choose do you truly control the device.

Sadly an ever decreasing number of devices fall into this category. Even many devices that appear free, like the Raspberry Pi, are actually Not truly so due to the fact that they can not work without some opaque bit of software. In the case of the Raspberry Pi it is impossible to boot the device without software that is not in your control.

Who controls the server

This question is either of slightly less or equal importance to the "ownership" of the device based on what the server bit does.

If the server bit is strictly "Value added", as in the device will continue to function completely without the server. Then the question is a minor one.

However increasingly, and by design, devices will not function if the server is gone.

Now if you have freedom in the software as mentioned above. It wouldn't be an issue. You or someone else could study the software, change it to use a different server or to not need the server and then share that change to the world. Problem solved.

Sadly as mentioned above it is a rare device where that can be done. Partly because most software licenses prevent you from doing any of those and thus from using the software any way you want

So lacking freedom in the software and being tied to a server that you don't control means that not only can you not fix, or modify the device, you are now entirely at the whim of the person that controls the server. What if the server says to delete all your stuff? Nothing you can do. The device wont work without the server so you can't prevent it from connecting and once it does bang your stuff is gone.

It goes well beyond just deleting your stuff. The server could push out an update that kills the device. Now it wont even turn on. Or they could just shut down the sever, Again you're stuck with a useless device. It is also important to remember that the connection to the server is a two way street and can be used to spy on anything you do with or near the device, as Windows 10 does and it looks like Occulus Rift will.

As the whole IoT thing takes off this is going to become a huge issue and one that customers need to pay attention to. An IoT fridge that you do not control could be remotely told to not keep food cold anymore when the manufacturer decides it is time for you to buy a new one.

Think that is far fetched? There have been printer out there for years now that decide to stop working based on a software counter in the printer. There is absolutely nothing mechanically wrong with them the software just decides "Sorry I'm done.. go buy a new printer". If manufacturers are willing to screw with you like this how much more so when they can reach over the network and do what ever they like to your device?

So the next time you buy an electronic device ask, Who controls the software? Is the server part "Value added" or mandatory? Can I change the software? Can I run my own server? And ultimately, Do I want to buy a device I will not "own or control".

A Phone is not a House

2016-04-01 by Freemor

With the ongoing debate about strong encryption on mobile devices, I'd like to take a moment to clear up a misconception that I've seen tossed around and sadly accepted by too many people.

To be clear anyone that reads my stuff will know that I fall well inside the "must have strong crypto" camp. So the views expressed here will clearly be coloured by that.

The point I want to clear up is this new comparison of cell phones to physical spaces. The argument tends to go like this: "Peoples homes are private but the government can get a warrant to search them. So the government should be able to do the same for Phones."

On the surface that may seems to make sense and I suspect that is why people are buying into it, but the truth is much closer to saying: "Peoples homes are private but the government can get a warrant to search them. So the government should be able to do the same for private conversations."

What the government is seeking is not access to a physical space but rather retroactive access to private conversations. The government has never had the ability in the past to compel you to divulge what you said to your friend last Tuesday. Especially if such might be incriminating.

By wanting all encryption breakable the government is trying to do an end run around your right to remain silent, or plead the 5th, or what ever the equivalent is in your country.

Cell phones are by definition communication devices, not dwellings, not safes, not a place of business. Cell phones store and transmit conversations, which is speech, which has special safe guards when talking privately with another individual.

Yes there are wiretaps and police can get a warrant to get a wiretap. But wiretaps have never been retroactive. Remember it's "You have the right to remain silent, anything you say may be used against you in a court..."

How safe do you feel knowing that by breaking into your phone and having retroactive access to your speech, "anything you say" now includes much of what you said for the last 2, 3, 5 years. Did you have an indiscretion that they can blackmail you with? Did you joke with a friend about robing a bank? Did you talk with someone about the possibility of fudging your taxes a bit? Did you get really drunk after a break-up and text something that could be considered a threat? And on, and on.

One of the reasons that speech is protected is because it is so easy to twist and use against someone. As the famous quote goes "If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him."

We can not, we must not allow governments and police to have easy unfettered retroactive access to our speech going back years. It removes too many safeguards and tips the balance of power dangerously to the side of the already powerful.

Keep private conversations private. Say No to big brother.

The Ad-Blocking Lie

2015-03-31 by Freemor

I have heard it stated over and over that people shouldn't uses ad-blocking software because if they do websites wont be able to make money, and the entire Internet will implode into a cash vacuum. OK, I added the imploding part, but it is always the implied outcome.. Use ad-blockers and the Internet will go away.

As someone that has been "on-line" since before there was a public Internet I can tell you this is patently untrue and the people that are telling you this are lying to you, or misinformed.

First I'd like to point out that a huge number of sites and services on the Internet do not rely on advertising for their income. Do you really think amazon.com is going to disappear if everyone started using ad-blocking? I think not. Wikipedia.org does not and will not have ads. IRC servers have been around since the early days of the Internet and do not rely on ads. Same for most XMPP servers. Services that use a "Freemium" model like DropBox will still be around. Usenet providers switched years ago to being a paid service. Some torrent trackers may disappear but other wont, and besides there are other P2P file sharing options that do not rely on "tracker" sites. So the whole P2P thing won't go away.

E-mail might have a transition period but this is only because too many people have been conned into using big centralized E-mail servers who are in the business of selling all the information that they can harvest from peoples E-mail instead of just providing an E-mail service. Luckily there are many (currently less popular) E-mail providers that are solely in the business of providing E-mail and nothing else. If the ad-blocking apocalypse came to pass ISPs could easily go back to running their own E-mail servers like they did in the old days. Also I am sure many, many, non-advertising based mail servers would spring up to fill the void and make some cash while doing it.

The fact is that the things most at risk of disappearing if we hit peak ad-block would be exactly the services that are most hurtful to your privacy. To me this seems like a win.

The current layout of the Internet is far from what it's creators envisioned. They saw an Internet where every computer was a potential server, and many where. They envisioned an Internet that empowered people, not one that made people slaves to huge central servers especially not to huge central servers that were in the business of robbing people of their privacy.

The Internet is still based and run on the open architecture that the original creators put in place. Thus the Internet is what WE make it. I for one run my own mail, XMPP and other servers. You can to. It's not hard, it can even be fun. It is most definitely liberating.

So if Internet stores will still be around, and many,many, other Internet services will be around what are we really talking about losing in this supposed ad-blocking apocalypse? What would we loose? Twitter? (I doubt it, They have proven to be very agile and I'm sure they would adjust), Google, Facebook, and their lot? To that I say good riddance. To me and others these companies are a cancer on the Internet that we'll be glad to see the back of. Instant messaging? Nope. Many, Many, open, free and privacy respecting options that aren't based on advertising revenue. Plus it is trivial to set up an XMPP server these days and all XMPP servers can talk to other XMPP servers (if not messed up like FaceBook and Google did with theirs). So That'll still be around.

As far as I can see the only thing we would loose is services that are in the business of plundering your data to make money off of you. Would this really be a loss? I say no. I personally think everyone should run ad-blocking software, for two reasons. The current onslaught of advertising on the Internet makes many web pages close to unusable. And second, since the advertisers have all decided to ignore the "Do Not Track" header standard why the hell shouldn't I ignore them. Blocking ads protects my privacy and yours. If you decide to use ad-blocking, it will make websites load faster and browsers crash less often. It will save you bandwidth, and other computer resources. (which actually makes it a greener option). Why shouldn't you reclaim you privacy, your screen, your speed, your sanity? Because of some non-existant threat that the Internet will go away? I think not.

To help you get started here is a list of ad-blocking options. Find the ones that are right for you and start enjoying your privacy and browsing again.

UBlock - A faster more advanced blocker. Released under the GPLv3 License. It can use blocklist from Adblock Plus/Adblock Edge. AdBlock Plus - A GPL'd (freedom respecting, Copyleft ) plug-in for Firefox, Chrome and an Android app. It allows "acceptable" ads by default but you can easily turn that off.
Privoxy - A GPL'd, highly configurable http proxy that you can use to protect all devices in your home. A little more technical to set up then the plug-in but once up and running all you have to do is set all your devices to use it as their proxy and they are protected.
AdAway for Android - GPL'd, Requires a rooted device. I prefer it to Adblock Plus on my Android devices.
How To Block Ads via your HOSTS file - Technique works for Linux, Windows, Mac, Android, Etc. The page is geared towards windows users but the principal is the same on almost all platforms. There are links towards the bottom of the page for Linux,Mac, etc. Also there are many tools available that use this method. (AdAway above is one) So you can just DuckDuckGo around to find one you like.