taxevader69:The CIA secretly bought a company that sold encryption devices across the world. Then…


While the US is conveniently turning spying focus to Huawei, this came out yesterday (11 February 2020).

The account identifies the CIA officers who ran the program and the company executives entrusted to execute it. It traces the origin of the venture as well as the internal conflicts that nearly derailed it. It describes how the United States and its allies exploited other nations’ gullibility for years, taking their money and stealing their secrets.

Amazon threatened to fire two tech workers who spoke about climate and Amazon’s business, then 357 more workers joined them


Last October, two Amazon employees – Maren Costa (UX designer) and Jamie Kowalski (software engineer) spoke on the record to the Washington Post about their employer’s complicity in the climate crisis, including the provision of cloud computing services to energy company in search of new sources of fossil fuels.

Amazon threatened to fire them. Rather than shutting up, the two employees recruited fellow members of Amazon Employees for Climate Justice to publish 357 on-the-record, attributed condemnations of Amazon’s climate policies from current Amazon tech workers.

It’s the latest installment in the tech worker uprising in which tech workers are realizing that the high demand for their skills and massive talent shortage gives them incredible leverage over their employers. Tech workers are a critical part of the fight for a better world, because they can both hold their employers to account and provide accurate assessments of the culture, choices and decisions that feed into our current tech landscape.

#1yrago How Facebook tracks Android users, even those without Facebook accounts


Facebook provides a suite of turnkey app-building tools for Android that are widely used among the most popular Google Play apps, with billions of combined installs; naturally, these tools create incredibly data-hungry defaults in the apps that incorporate them, so that even before you do anything with an app, it has already snaffled up a titanic amount of data, tied it into your Google Ad ID (which is recycled by Facebook to join up data from different sources) and sent it to Facebook.

Needless to say, the GDPR made these practices radioactively illegal, but despite two years’ warning that the GDPR was coming into effect last spring, Facebook dragged another six months out before updating its tools, and these updates still have propagated to all the apps in Google Play.

The data harvested from phones – including, for example, which Bible verses you read using a King James Bible app, and which searches you made on Kayak – is added to your “shadow profile”, and no one (outside of Facebook) knows for sure how that’s used.

You can practice a little self-defense, but it’s cumbersome: root your phone and you can block all network traffic to *; you can also reset your Ad ID and disaggregate the data coming off your phone. I’ve had a poke around but can’t find a tool that resets the Ad ID every 10 seconds – please leave a comment if you know of one.

Frederike Kaltheuner and Christopher Weatherhead from Privacy International gave an outstanding talk on the subject at the Chaos Communications Congress in Leipzig last month; an accompanying paper gives more detail, including methods.

Kaltheuner and Weatherhead were able to gain insight into the apps’ behavior by rooting an Android phone and installing a man-in-the-middle proxy that used forged certificates to intercept and decrypt data on its way to Facebook. Ominously, none of the apps they tested used certificate pinning (let alone certificate transparency) to detect/prevent this kind of man-in-the-middle activity.

It’s not clear whether the same conduct is present in apps in Apple’s App Store; Apple uses unique Ad IDs that are similar to Google/Android’s and could be exploited in the same way. However, Apple’s DRM is designed to make this kind of research much harder. I hope the Privacy International researchers take a crack at it: perhaps they could use simulated, cloud-based Ios devices used for developer testing.

How to beat AI facial expression software for screening job seekers: “smile with your eyes”


If you are trying to find work in South Korea, you are likely to be interviewed by a bot that uses AI to scan your facial expressions to determine whether or not you are right for the job. To make sure you are displaying the kind of facial expressions, you can hire a consultant.

Art installation uses science to age e-waste in geological time


Nathaniel Stern writes, “The World After Us: Imaging techno-aesthetic futures (Flickr set) is an art exhibition that asks, ‘What will — and what can — happen to our gadgets over geological time?’ For the last few years, I have been working scientists to artificially age phones and computers in different ways, growing plants and fungi in watches, phones, laptops, and more, and turning phones into ink (via blenders and oils), iMacs into tools (melting down the aluminum, and shaping it into a wrench, hammer, and screwdriver), and otherwise spiking electronic waste onto 12 foot towers and/or ‘growing’ them (intermingled with botanicals) across 1000 square feet of wall space. Here I want people to think and act differently in and with their media devices, their electronic waste, and the damage it does to create both in the first place.”