The Slippery Slope of Encryption and Terrorism

encryption photoThis is really bugging me: Two nights in a row, on major news outlets reporting on the horrific attack on Paris, I have heard the reporters say things like, “the terrorists used encryption technology to ‘go dark’.”

I heard that on CBS evening news tonight (slightly paraphrased).

Last night on CNN, Poppy Sanchez (or whatever her name is) said that encryption was used to hide all of their communications, and that it was very concerning.

They are alluding to encryption as a bad thing because the terrorists used it to coordinate their attacks. They may have used automobiles too, but they didn’t seem concerned about that.

Why this attention to encryption irks me is because there has been a concerted effort by governments of the world (ours in the forefront) to get major tech companies (Google, Amazon, Facebook, more) to build so-called “backdoors” into encryption technology.

That means that if you send an encrypted message to someone, otherwise unreadable by anyone except the person you sent it to, it can still be read through this “backdoor” by the governments who are in cahoots with the tech companies, allegedly to be able to monitor communications amongst the bad guys.

You’d think that’s a good idea, right? Well, it’s been proven over and over again that backdoors get found and exploited by people who are not supposed to find them.

That is what hackers do, for better or for worse, and it’s usually for the better. You heard me correctly. Hackers find exploits and tell people about them so that they get fixed, and make everyone safer.

That is what my day job involves, actually. Sure, there are evil hackers who like to exploit these things for nefarious purposes, but that’s why we continue to find vulnerabilities and fix them.

The news outlets are pushing this idea that encryption is some dark arts majik that terrorists are using, while no one else would ever dare need such a thing. I worry that this will give the general public the wrong idea: that encryption = terrorism, so we need to do something about it.

What better time to push this idea than after a terrible tragedy?

I will link to my favorite article about encryption. It’s short, and it makes sense, and you should read it. For now, a quote:

Today, we are seeing government pushback against encryption. Many countries, from States like China and Russia to more democratic governments like the United States and the United Kingdom, are either talking about or implementing policies that limit strong encryption. This is dangerous, because it’s technically impossible, and the attempt will cause incredible damage to the security of the Internet.

–Bruce Schneier, in Why We Encrypt


Edit (9:4pm): I missed the story circulating about this exact topic, confirming everything above.

Photos by Encryptomatic,

What Does Facebook Know About You?

More than you probably thought possible.

A recently released study shows that computer-based personality judgements are more accurate than those made by humans.

This study compares the accuracy of personality judgment—a ubiquitous and important social-cognitive activity—between computer models and humans. Using several criteria, we show that computers’ judgments of people’s personalities based on their digital footprints are more accurate and valid than judgments made by their close others or acquaintances (friends, family, spouse, colleagues, etc.). Our findings highlight that people’s personalities can be predicted automatically and without involving human social-cognitive skills.

spy photoBy analyzing 150 of your “Likes” on Facebook, a computer can figure you out with more accuracy than your closest family members. Maybe it’s time to go back and see all the things you’ve chosen to “Like” on Facebook.

This is more important than it seems at first glance. You may think that it doesn’t matter what Facebook thinks about you. While that is debatable (and probably wrong), it’s what this data can be used against you for that is concerning.

Per a Newseek article about this study, one of the study’s authors talks about it:

…there are also dangers to having machines that can judge people’s personalities and emotional states, says Kosinski. “Like any other technology, this technology is morally neutral, but it can be used for a bad purpose,” he says. “For example, knowledge of psychological traits can help me exert influence over you.” The risk, he says, is that people will lose trust in cellphones and online environments, which is why he believes people should be given control over their own data and the authority to decide whether it will be shared with certain companies.

What you “Like” is only one aspect of the data that Facebook collects about you. It’s easy to overlook the fact that Facebook is watching and learning about you when you are not even using Facebook. Considering that millions of people don’t even know that Facebook is part of the Internet, this is quite profound.


Photo by JeepersMedia

NordVPN’s Bait and Switch

The old bait and switch: promise you one thing and sell you another. That’s what happened when I signed up for a year of VPN service through NordVPN. Their website said:

Easiest VPN Ever. To get on NordVPN, just click and go. NordVPN’s secure VPN software takes care of all the hard stuff so you can focus on fun stuff. And work stuff, if you have to.”

Their imagery showed multiple devices running their software, including phones and laptops.

I had read about their service and took the plunge. After I had paid, I found out they do not have an app for Mac OS X or Android. Those apps are supposedly coming soon, but not yet. For now, you have to download a third-party app for each device, download a bunch of configuration files, install said configuration files, configure a bunch of things, remember your username and password for each configuration file, and then figure out what is going on and whether or not you are actually connected.

To be fair, they do have instructions on how to do all of this, but it is far from “Easiest VPN Ever.” Every other VPN app I have used is a simple app you download and click a button to get going with.

I chatted with NordVPN’s technical support guy, “Dave,” who informed me that of their refund policy, which states that unless their product did not work for a fault of their own, I could not get a refund for my money. All he could do was extend my subscription by 3 months.

(01:30:40) David: if the service does not work we will issue a refund.
(01:31:17) Visitor 34392357: that is my point – it doesn’t work as you advertise it. it only works through a lengthy process of installing other software.

I would argue that their product does not work as advertised and I am entitled to a refund. In fact, it’s not even their product I am using — I am using something called “Tunnelblick” on my Mac, and an app called OpenVPN on my Android phone to connect to the NordVPN servers.

In summary, the bait was the promise of an easy to use VPN app. The switch was not even having an app for me to use.

Spies Like Us

We have one network in the world today. Either we build our communications infrastructure for surveillance, or we build it for security. Either everyone gets to spy, or no one gets to spy. That’s our choice, with the Internet, with cell phone networks, with everything.

How true. Violates the CAN-SPAM Act

Update 4.23.15: I received a promotional email (spam) from today, even after I was assured that they had unsubscribed me! I let them know by responding to their tweet from 3.31. They asked me to DM them about it, and they requested me to forward the email I received so that they could investigate an apparent “bug” in their system. The person on the other end of the twitterator said they I was indeed unsubscribed, so they weren’t sure what was going on. I’ll keep you all posted!

Update 3.31.15: TrueCar tweeted me today, saying that the issue I describe below is a display issue of some sort. They assured me that I was in fact unsubscribed from their email communications.

Thanks for looking into the matter,!


I run across this sort of thing all the time: companies that violate the rules of the US CAN-SPAM act, the law that is intended to protect consumers from unwanted email. If I have time, I stop to email companies I find violating the law to kindly point out what they are doing wrong. Call it some sort of self-satisfaction, Robin Hood vigilantism, or pure geekish annoyance, but I can’t help myself sometimes. Here’s one I sent today to

Subject: True Care website feedback

Hi, I noticed that when I go to “Subscriptions” in my profile, there is an issue with unsubscribing from emails.

If I uncheck all subscription options, then check “Unsubscribe from all,” then click the Save Changes button, it says my options have been saved.
However, if I go to another page and return to “Subscriptions,” the “In-stock offers from your dealers” button is checked again. How is that “Unsubscribing from all?”
You guys might want to fix that, as it violates the US CAN-SPAM act.
Sneakily re-subscribing me to a category of emails, after I have specifically opted not to be a part of it anymore, is blatantly in violation of the CAN-SPAM act. Particularly, the part that says, “You may create a menu to allow a recipient to opt out of certain types of messages, but you must include the option to stop all commercial messages from you.”
Yes, they include that option, but it doesn’t seem to fully work.
I will let y’all know if I hear anything back.