This Blog Is Not For Reading

A blog, just like any blog, only more so

  • Subscribe

  • Categories

  • RSS Bob Jonkman’s Microblog

    • New note by bobjonkman 22 April 2019
      #ScienceFiction Authors. Started with "asimov", "bradbury", "clarke", got all the way to "zelazny", recently did "aldis" and "bujold"; yesterday's laptop build was "capek".
    • Favorite 22 April 2019
      bobjonkman favorited something by lnxw37d2: @amic For years, my hostnames were Star Wars characters. Currently, my SBCs (RasPi/BananaPI/OrangePi/BeagleBone) are named after animals: pigeon, lizard, and so on.
    • bobjonkman repeated a notice by lnxw37d2 22 April 2019
      RT @lnxw37d2 @amic For years, my hostnames were Star Wars characters. Currently, my SBCs (RasPi/BananaPI/OrangePi/BeagleBone) are named after animals: pigeon, lizard, and so on.
    • Favorite 21 April 2019
      bobjonkman favorited something by thor: If they ever make a 24-hour mathematics TV channel, they should name it Al Jabr.
    • New note by bobjonkman 21 April 2019
      Can somebody please name this the Pig Snout Nebula? https://gs.jonkman.ca/attachment/136110
    • New note by bobjonkman 21 April 2019
      ...and thanx for the playlist! I usually go for @hardmous archives from #aNONradio https://archives.anonradio.net/
    • New note by bobjonkman 21 April 2019
      I do like the way you work. It's #PsyTrance for me.
    • Favorite 21 April 2019
      bobjonkman favorited something by geniusmusing: @brandon It varies as to what I am doing. Design: Silent mental concept design (I do the full design in my head) and them 80's-90's industrial music (KMFDM/Ministry/Etc) for the actual modeling. Code: 80's-90's Dance/club music. Headphones/ear buds are required as well as phone on silent/DND and sign on door, […]
    • bobjonkman repeated a notice by geniusmusing 21 April 2019
      RT @geniusmusing @brandon It varies as to what I am doing. Design: Silent mental concept design (I do the full design in my head) and them 80's-90's industrial music (KMFDM/Ministry/Etc) for the actual modeling. Code: 80's-90's Dance/club music. Headphones/ear buds are required as well as phone on silent/DND and sign on door, "Disturb at your […]
    • New note by bobjonkman 10 April 2019
      #TIL about the #RationalWiki in reading one of @indi's articles on Religious Articles Ban. https://www.canadianatheist.com/2019/04/religious-accessories-bans-1-what-are-religious-accessories-bans/ The part that got me started down the #RationalWiki rabbithole was #FractalWrongness: https://rationalwiki.org/wiki/Fractal_wrongness Thanx, @indi!

Shutting down ServiceOntario kiosks could be Considered Harmful

Posted by Bob Jonkman on 9th November 2012

Service Ontario kiosk with "Temporarily shut down" notice

ServiceOntario kiosk

The Ontario government has announced it is shutting down the ServiceOntario kiosks.

Closing the kiosks won’t do any good if the web site is no better secured. ServiceOntario had control over the hardware and software running on the kiosks, but they have no control over the computers people use to access the ServiceOntario web site. User PCs will have all sorts of malware running on them, and malusers can far more easily spend time breaking into a web site than a kiosk. Unless ServiceOntario has much better security on their web site, it is far more vulnerable than a kiosk.

In his article Government to discontinue ServiceOntario kiosks, Sameer Vasta asks if the ServiceOntario web site is ready to pick up the slack. His conclusion is yes, and although the web site user experience could be improved, he considers closing the kiosks a prudent move. But if the kiosk interface was so much easier to use, then the web site could use that interface too. Security isn’t created by the user interface — security needs to be built into the servers. Malusers are unlikely to use the web interface to launch their attacks; they’ll have more sophisticated tools to try to break into the servers.

Of course, since the ServiceOntario web site was already in place while the kiosks were operational it has been a potential vector for attack all along. Closing the kiosks doesn’t increase that vulnerability. And the vulnerability that prompted the government to shut down the kiosks was card skimming, which is not an issue on a Web site accessed from home. But shutting down a fully managed kiosk to be replaced by home users’ PCs that are full of malware does not look like a prudent move to me.

However, it should be cheaper to manage security on one web site than on 72 kiosks. The government reports that shutting the kiosks will save taxpayers about $6.3 million in one-time upgrading costs and $2.2 million in annual maintenance costs. The Star reports that Minister of Government Services Harinder Takhar says the kiosks cost $4 million to deploy, and it will cost $250,000 to remove them.

And shutting down the kiosks has one other benefit: If a security breach occurs as a result of using our own computers then ServiceOntario has successfully shifted blame, hasn’t it? Surely there will be a disclaimer in the fine print on the website somewhere!

–Bob.


ServiceOntario kiosk "Permanently Closed" notice

“Permanently Closed” notice Service Ontario kiosk.

The picture above shows a ServiceOntario kiosk with a notice indicating the kiosk is temporarily shut down. A new notice has been posted, which reads:

ServiceOntario Kiosks Are Now Permanently Closed.

After a thorough investigation into the safety and security issues surrounding ServiceOntario kiosks, it has been decided to permanently shut down the network.

All former kiosk services are conveniently available online, including:

  • License plate sticker renewal
  • Address change
  • Driver abstract

Fermeture permanente des kiosques ServiceOntario.

À la suite d’une enquête approfondie sur les problèmes de sécurité survenus dans les kiosques ServiceOntario, il a été décidé de fermer le réseau de façon permanente.

Tous les services anciennement founis dal les kiosques son offerts en ligne, notamment les suivants:

  • Renouvellement de la vignette d’immatriculation
  • Changement d’addresse
  • Résumé de dossier de conducteur.

We look forward to serving you.
For these services, and more than 40 other online services, or for a complete list of our locations and available services, please visit ServiceOntario.ca

Au plaisir de vous servir.
Pour ces services, et plus de 40 autres services en ligne, ou la liste complète de nos centres et de leurs services, visitez ServiceOntario.ca

Images courtesy of lothlaurien.ca used under a CC BYCreative Commons Attribution 2.5 Canada License license.

Thanx to my friend RW for the idea for this post, and her contributions.

Tags: , , , , , , , , , , , , , , , , , , , , , , , , ,
Posted in considered harmful, Politics, security | 4 Comments »

Google Spyware considered harmful

Posted by Bob Jonkman on 16th April 2012

Google wordmark in a "No" symbol

No Google

One day I was asked:

Hi IT Peeps,

I was wondering if I would cause major havoc if I downloaded google chrome? Will it mess anything up? Any recommendations?

My answer:

What problem are you trying to solve? What’s the question that gets answered “Install Google Chrome”?

Google the company is becoming ever more pervasive in our Internet lives. Google’s business is not providing a search engine for free; Google’s business is to sell our demographic information to advertisers. They gather that demographic data by luring us in with relevant search results, free e-mail and slick looking browsers.

Google collects personal information, including information that was voluntarily given to Google (for instance, by signing up for GMail or Google Plus; posting a video on YouTube), information that was collected anonymously (eg. when you perform a Google search or watch a YouTube video and Google records the search terms, your IP address, and leaves a cookie on your computer), and information that Google collected as it does its web indexing (comments you’ve left on a newspaper site, Tweets you’ve made, messages you’ve posted to public mailing lists). Google then correlates all this data based on IP address, cookies, e-mail addresses, your name, geo-location (finding out where you are based on your WiFi connection or IP address).

As of 1 March 2012 Google changed its privacy policies to combine data mining from all its holdings – the search engine, YouTube, Picasa, Google Maps, Google Plus, Google Mail, &c. I didn’t think too much of that, since I had thought that Google had always aggregated its data. According to an article I read[1] that’s actually a new development. Google used to keep all its data mining separate, in fact, kept it so separate that it didn’t even correlate its adwords between different messages in GMail. With the new privacy policy that’s all changed, and everything is now aggregated, correlated, and retained to be sold to the highest bidder. Google says we’ll never sell your personal information or share it without your permission, but you grant that permission every time you agree to the Terms of Service and Privacy Policies when you sign up for Google’s services.

Remember the Google Toolbar? Every search request, every URL, and every local file you opened in a browser with the Google toolbar installed was sent to the Google servers. There was a report of someone who opened confidential company documents with IE and the Google toolbar, only to find those reports cached on Google’s servers. Google Chrome is far more invasive than a mere toolbar.

Google Chrome does not have the same set of security-related add-ons that Firefox offers. For your best privacy protection and security, use Firefox with the NoScript, AdBlock Plus, HTTPS-Everywhere and Force-TLS extensions. See my article on Browser Security for details on installing and configuring them.

–Bob, who will be getting fitted for a new tinfoil hat at lunch…

Footnote 1: I wish I knew what article that was. To my recollection, the author said he wouldn’t trust Google with his data again. He had visited the Googleplex some years earlier, and was told how Google kept the data from its different projects in separate silos, so that profile aggregation was next to impossible. Data silos were so extensive that although one GMail message might trigger certain AdWords, there was no tracking between messages. I read the article in March of 2012; if you can provide me with a link let me know in the comments.

Update 8 Nov 2012: A similar quote about data silos from Google’s Vic Gundotra appears in the CNN article Google exec: We won’t break users’ trust.


Tags: , , , , , , , , , , , , ,
Posted in considered harmful, Google, Google Free, Internet, privacy | 2 Comments »

The Verdict on Google Plus: Mostly Harmless

Posted by Bob Jonkman on 13th October 2011

Don't Panic, They're Only Vogons

Don't Panic, They're Only Vogons by Patrick Hoesly

After dissing Google Plus I was persuaded to try it out for a while before rendering a verdict. So now it’s been over two months, and my verdict is: Mostly Harmless.

When I get home after a hard day of working with a computer, I sit down for a pleasant evening of relaxation with a computer. I read my e-mail, read the news, and read the microblogs. I subscribe to 55 people on Identi.ca, and I follow 84 people on Twitter. Those 139 people generate sufficient 140 character messages to keep me reading until bedtime and beyond.

But on my Google Plus account, I have 27 people in my circles. Those 27 people create a lot of large messages. In fact, they generate a lot more content than my 139 Identicats and Tweeple, since Google Plus puts no limit on the size of messages.

22 of the 27 people are in my Tech Circle. But instead of receiving only technical content from these people, they’re posting messages about vacations, favourite bands, philosophy, and yes, pictures of cats.  Now, this happens on the microblogs too, but on a microblog it’s limited to 140 characters, and I can ignore them.  On Google Plus the posts are much longer, have pictures attached, comments from other people, and those ubiquitous “John Q. Public originally shared this post” and “Click to +1 this post”.  Google Plus does not have the tools to filter messages by content, or even a method to collapse a conversation thread.

There’s no Atom/RSS feed, so I can’t use my preferred feed reader to analyze, sort and organize my Google Plus message stream. And I don’t know of any third-party applications to read, write and manage content on Google Plus. Google Plus does allow the export of all its content, under Account Settings, Data Liberation. Contact info is in the standard vCard format, suitable for importing into addressbooks.

Kudos to Google for giving users useful control of their data. Still, Google also has access to that data, and continues to collect ever more. In the past I’ve recommended Google Mail as a preferred no-cost e-mail host. Recently Google has taken to verifying new users by requiring them to supply a phone number. Google then sends a text message for the user to enter into the registration form. This is a level of data collection that I find creepy, and so I no longer recommend Google Mail.

Finally, to top it all off are the Google Nymwars. Much has been written about why Google’s policy of requiring real names is wrong-headed. Some people whom I might follow have stopped using Google Plus because of the nymwar controversy. I think I’ll be joining them in disdaining Google Plus.

  • Google Minus: Banality of user content (not Google’s fault)
  • Google Minus: Lack of management tools
  • Google Plus: User control over data
  • Google Minus: Google control over data
  • Google Minus: Nymwars

I think that Google Plus is not the Facebook Killer the folks in Mountain View want it to be.



The image 740 – Towel Day – Pattern by Patrick Hoesly is used under a Creative Commons Attribution 2.0 Generic (CC BY 2.0) license.

Tags: , , , , , , , , , , , , , , , , ,
Posted in considered harmful, Google, Google Free, Microblogging, Social Media | Comments Off on The Verdict on Google Plus: Mostly Harmless

Google Plus considered harmful

Posted by Bob Jonkman on 29th June 2011

Google Plus login screen, with errors

Google Plus Screenshot

Google Plus is available.

I won’t be using it. Google has too much of my data already.

For gushing, sycophantic reviews see Mashable and Techcrunch.


Update 8 July 2011: Someone pointed out that I should probably investigate Google Plus before dissing it, so I’m licking the Google salt block. There will another blog post with the results of this investigation… In the meantime, Circle Me!


Update: 13 October 2011: The Verdict on Google Plus: Mostly Harmless

Tags: , , , , , ,
Posted in considered harmful, Google, privacy | Comments Off on Google Plus considered harmful

 
Better Tag Cloud