[Plura-list] Twitter's Project Blue Sky; Brazil's world-beating data breach; Evictions and utility cutoffs are covid comorbidities
Cory Doctorow
doctorow at craphound.com
Tue Jan 26 12:42:42 EST 2021
_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_
Join me this Thursday for the launch of the print edition of my 2020
book HOW TO DESTROY SURVEILLANCE CAPITALISM!
https://medium.zoom.us/webinar/register/WN_GfnYHzZCSY-cCMVL5ZCDBw
_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_
Today's links
* Twitter's Project Blue Sky: Fix the internet, not the platforms.
* Brazil's world-beating data breach: More than 100% of the population
doxed.
* Evictions and utility cutoffs are covid comorbidities: 143,000 covid
deaths due to economic precarity.
* "North Korea" targets infosec researchers: Third party collection,
taken to the logic endpoint.
* This day in history: 2006, 2011, 2016, 2020
* Colophon: Recent publications, upcoming/recent appearances, current
writing projects, current reading
_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_
🦹🏽 Twitter's Project Blue Sky
It's been more than a year since Jack Dorsey announced Project Blue Sky,
inspired by Mike Masnick's "Protocols, Not Platforms," paper - a
critical work explaining how walled gardens can be transformed into open
protocols.
https://knightcolumbia.org/content/protocols-not-platforms-a-technological-approach-to-free-speech
There hasn't been much (visible) progress on Blue Sky since the 2019
announcement, but Twitter just published an "ecosystem review" analyzing
the distributed systems out there as a kind of lay of the land.
https://matrix.org/_matrix/media/r0/download/twitter.modular.im/981b258141aa0b197804127cd2f7d298757bad20
The idea of a distributed social media landscape may seem unlikely but
consider how heartily sick the public has become with the big platforms'
moderation choices (both what they moderate and what they don't).
And also how unlikely it is that the platforms will ever be able to make
the kinds of situational calls about acceptable and unacceptable speech
for each country, community and context.
https://www.eff.org/deeplinks/2021/01/twitter-and-interoperability-some-thoughts-peanut-gallery
Indeed, if things are so dire, why are any of us even sticking around?
The problem is:
* Network effects (the more people there are on a platform, the more
reason there is to join)
* High switching costs (if you leave, you give up all those people)
And those lead to:
* Lock in (you don't leave because you don't want to give up everyone
else, and they don't leave for the same reason - we're all holding each
other hostage)
But there's a way to unwind all of this - break the lock in, lower the
switching costs, and undo the network effects.
Think of East Berlin. People who wanted to leave didn't just face The
Wall, they also faced permanently abandoning their friends and worldly
goods.
Today, Berliners can hop a train to Paris and scope it out. If they like
it, they can move their stuff, and still go back whenever they want.
They can call their friends back home and read the German papers.
The low switching costs mean that hundreds of millions - billions - of
people have tried another city and settled there, or changed their minds
and moved home, or moved to a third city. They have friends come to
stay, or go back for the holidays.
Using Facebook - or any walled garden - is like getting trapped in East
Berlin. FB legally terrorizes anyone who dares make a tool that creates
interoperability between its service any its rivals.
And just like the East German politburo (who said The Wall wasn't to
keep its citizens in, but rather to keep envious westerners *out*),
Facebook swears it sues these companies to protect its users' privacy
(as we all know, FB is a company that really cares about privacy).
There's a lot of energy to fix the big platforms, and this is a laudable
goal.
But the reality is that wise kings are few and far between.
We don't just need the platforms to clean up their act, we also need to
make it easier for us to leave when they get it wrong.
Interop will do that - but at a price. The trade-off we make when we
decentralize the internet is that we can no longer hope to improve
hundreds of millions of peoples' lives just by convincing Zuck or Jack
to change their policies.
But honestly, when was the last time you managed to do that?
In a decentralized internet, neither the good nor the bad decisions of
the platforms will carry the reach they do now. It will be harder to
silence the people whose (legal) speech makes you angry.
But it will be easier to find a community whose definition of what Neil
Gaiman calls "icky speech" matches your own - and to send messages from
there to other communities who have different definitions.
https://journal.neilgaiman.com/2008/12/why-defend-freedom-of-icky-speech.html
Social media companies make errors just like we do - they are made up of
fallible people. The problem is that when they screw up, their bad
decisions redound to millions - even billions - of lives.
By all means, we should try and make these companies less error prone.
But far more important is to make their errors less consequential.
As I wrote for EFF: "Interoperability moves power from corporate
board-rooms to tinkerers, co-ops, nonprofits, startups, and the users
that they serve."
_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_
🦹🏽 Brazil's world-beating data breach
Brazil's public health agency has suffered what is arguably the worst
data-exposure in world history, losing 243m+ records in a country of
211m people (the excess represents dead peoples' records).
https://www.cpomagazine.com/cyber-security/brazils-health-ministrys-website-data-leak-exposed-243-million-medical-records-for-more-than-6-months/
For more than six months, the HTML for the website for the Sistema Único
de Saúde included the login and password to access the database as an
administrator; the credentials were obscured through Base 64 encoding, a
trivially detected measure that is just as easy to bypass.
It was the second grave security error at SUS in less than a month (last
month, a SUS techie posted a spreadsheet with the system's database
keys, logins and passwords to Github, exposing 16m records).
Another leak exposed records in the country's covid tracing data.
The exposed records include the most highly sensitive information:
names, dates of birth, full health records, addresses and phone numbers.
Included in the breach are many officials, including the Brazilian
dictator Jair Bolsonaro and his junta.
The insecure systems were built by an IT contractor called Zello
(formerly MBI Mobi), which has billed the Brazilian state $8.5m since 2017.
The vulnerabilities were discovered by the NGO Open Knowledge Brasil,
who sounded the alarm. The breach puts every Brazilian at risk of
identity theft and many other forms of cyberattack.
_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_
🦹🏽 Evictions and utility cutoffs are covid comorbidities
"Public health" isn't just about vaccinations, clinics and urgent care:
it's a holistic discipline that encompasses all the contributors to
health outcomes, which include things like housing, employment,
transportation, pollution and more.
A new working paper from the National Bureau of Economic Research
estimates the number of US covid deaths that could have been prevented
with a coherent, effective eviction moratorium and a ban on utility
cutoffs: 164,000.
https://www.nber.org/system/files/working_papers/w28394/w28394.pdf
The paper, written by a multidisciplinary group of Duke researchers from
medicine and economics, found that housing precarity (a risk of losing
your home) drove risky behavior that increased the spread of the disease
and the resulting deaths.
For example, it forced people to double-up on lodgings, making social
distancing impossible, to say nothing of self-isolating after an
exposure. It also drove people to tolerate high-risk workplace
conditions, including illegal conditions.
The authors used regression techniques to control for confounding
variables, and used like-for-like counties with different utility and
eviction policies to estimate the effect that these had on infection rates.
"Public health" is a notion that challenges the very foundation of
neoliberal ideology, which says that all outcomes are the results of
your individual choices - that your right to swing your arm ends at the
tip of my nose.
Public health says that our decisions about treating covid (and other
health issues) affect all of us - that the system matters more than
individual choices.
Public health says that we're all in the same swimming pool. Neoliberal
choice theory says that if some of us want to piss in the pool, we can
just create a "pissing" and a "no pissing" end.
And that the answer to the yellowing of both ends is to make the pool
longer, and that the market opportunity is to charge people who want to
swim in the no pissing end to use the toilets and fine them if they
can't afford the charge.
Because here's the kicker: although covid mostly kills poor, racialized
and otherwise marginalized people, it doesn't do so exclusively. Even
people who can afford high quality care and thus recover face unknown,
long-term health consequences.
Keeping rentiers' income streams intact by allowing evictions made us
*all* sicker, put us *all* at risk. Even the landlords.
Treating system problems as a matter of personal choice is like telling
people to recycle harder to avert the climate emergency.
The parochial gains to the minute class of landlords came at the expense
of mass-scale, social costs - human lives, human misery, widespread
infection, and traumas and waste that will drag us down for decades to come.
_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_
🦹🏽 "North Korea" targets infosec researchers
One of the most fascinating revelations from the Snowden documents was
the story of "fourth party collection," which is when the NSA hacks the
spy agency of a friendly nation to suck up all the spy data it has
amassed on its own people.
https://www.spiegel.de/international/world/new-snowden-docs-indicate-scope-of-nsa-preparations-for-cyber-battle-a-1013409.html
It's a devilishly effective spying technique and it surfaces a major
risk of mass domestic surveillance - if your internal police get hacked
by another nation, then that country can get all of your data. The
secret police say they're spying to protect you - some protection!
Even more mind-blowing is the existence of "fifth-party collection"
(spying on a spy agency that's spying on another spy agency) and
"*sixth*-party collection" (spying on a spy agency that's spying on
another spy agency that's spying on another spy agency) .
It's also fascinating because it's so obvious in retrospect. Willie
Sutton robbed banks "because that's where the money is." Spooks spy on
other spooks because that's where the kompromat is: gathered, sorted,
filed and analyzed.
This week, Google's Threat Analysis team published a warning to security
researchers to be vigilant about a sophisticated threat-actor that is
targeting the infosec community.
https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/
Google says the attacker is working from North Korea (which strongly
implies that they are working on behalf of the DPRK itself).
An analysis of the attack recounts how the hackers would ingratiate
themselves to infosec professionals, ask them to collaborate on
interesting problems, and then slip them a poisoned software library
that would take over their systems.
https://norfolkinfosec.com/dprk-malware-targeting-security-researchers/
Like fourth-party collection, this is a highly leveraged attack.
Security researchers tend to have a lot of proof-of-concept malware,
notes on vulnerabilities, and other juicy tools and intel that could be
weaponized to attack high-level systems.
_,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,__,.-'~'-.,_
🦹🏽 This day in history
#15yrsago How the malicious software on Sony CDs works
https://freedom-to-tinker.com/2006/01/26/cd-drm-attacks-disc-recognition/
#15yrsago Censorship: Comparisons of Google China and Google
http://blogoscoped.com/censored/
#10yrsago DHS kills color-coded terror alerts
https://web.archive.org/web/20141008015850/https://www.wired.com/2011/01/threat-level-advisory-death
#5yrsago Charlie Jane Anders’s All the Birds in the Sky: smartass,
soulful novel
https://memex.craphound.com/2016/01/26/charlie-jane-anderss-all-the-birds-in-the-sky-smartass-soulful-novel/
#1yrago Banks have returned to the pre-2008 world of automatic
credit-limit increases for credit cards used by already indebted people
https://www.bloomberg.com/news/articles/2020-01-23/banks-are-raising-credit-card-limits-without-asking-customers
#5yrsago Profile of James Love, “Big Pharma’s worst nightmare”
https://www.theguardian.com/society/2016/jan/26/big-pharmas-worst-nightmare
#1yrago Fatal car wrecks are correlated with stock-market fluctuations
https://www.sciencedirect.com/science/article/abs/pii/S0167629619301237
#1yrago Andrew Cuomo’s naked hostility drives out MTA president Andy
Byford, the “Train Daddy” who has transformed the world’s rail systems
https://www.railwayage.com/passenger/you-blew-it-andrew-cuomo/
#1yrago Two years after a federal law banning shackling women during
childbirth was passed, prisoners in America are still giving birth in
chains
https://www.theguardian.com/us-news/2020/jan/24/shackled-pregnant-women-prisoners-birth
Colophon (permalink)
Today's top sources: Bruce Schneier (https://schneier.com/), Naked
Capitalism (https://nakedcapitalism.com/), The Grugq
(https://twitter.com/thegrugq).
Currently writing:
* My next novel, "The Lost Cause," a post-GND novel about truth and
reconciliation. Yesterday's progress: 502 words (103096 total).
* A short story, "Jeffty is Five," for The Last Dangerous Visions.
Yesterday's progress: 289 words (1366 total).
Currently reading: Analogia by George Dyson.
Latest podcast: Someone Comes to Town, Someone Leaves Town (part 29)
https://craphound.com/news/2021/01/25/someone-comes-to-town-someone-leaves-town-part-29/
Upcoming appearances:
* Launch for the print edition of HOW TO DESTROY SURVEILLANCE
CAPITALISM, Jan 28,
https://medium.zoom.us/webinar/register/WN_GfnYHzZCSY-cCMVL5ZCDBw
* Launch for the young adult edition of Edward Snowden's memoir
PERMANENT RECORD, Feb 9,
https://www.eventbrite.com/e/edward-snowden-in-conversation-with-cory-doctorow-tickets-136734968973
* Boskone, 58, Feb 12-15, https://boskone.org/
* Keynote, NISO Plus, Feb 22-25,
https://niso.plus/cory-doctorow-to-keynote-at-niso-plus-2021/
Upcoming appearances:
* Launch for the print edition of HOW TO DESTROY SURVEILLANCE
CAPITALISM, Jan 28,
https://medium.zoom.us/webinar/register/WN_GfnYHzZCSY-cCMVL5ZCDBw
* Launch for the young adult edition of Edward Snowden's memoir
PERMANENT RECORD, Feb 9,
https://www.eventbrite.com/e/edward-snowden-in-conversation-with-cory-doctorow-tickets-136734968973
* Boskone, 58, Feb 12-15, https://boskone.org/
* Keynote, NISO Plus, Feb 22-25,
https://niso.plus/cory-doctorow-to-keynote-at-niso-plus-2021/
Recent appearances:
* Monocle Reads
https://monocle.com/radio/shows/meet-the-writers/monocle-reads-87/play/
* Hedging Bets on the Future (Motherboard Cyber):
https://play.acast.com/s/cyber/hedgingbetsonthefuturewithauthorcorydoctorow
* Applying the Pandemic Mindset to Climate Change:
https://hbr.org/podcast/2020/12/applying-the-pandemic-mindset-to-climate-change-with-cory-doctorow
Latest book:
* "Attack Surface": The third Little Brother novel, a standalone
technothriller for adults. The *Washington Post* called it "a political
cyberthriller, vigorous, bold and savvy about the limits of revolution
and resistance." Order signed, personalized copies from Dark Delicacies
https://www.darkdel.com/store/p1840/Available_Now%3A_Attack_Surface.html
* "How to Destroy Surveillance Capitalism": an anti-monopoly pamphlet
analyzing the true harms of surveillance capitalism and proposing a
solution.
https://onezero.medium.com/how-to-destroy-surveillance-capitalism-8135e6744d59
* "Little Brother/Homeland": A reissue omnibus edition with a new
introduction by Edward Snowden:
https://us.macmillan.com/books/9781250774583; personalized/signed copies
here:
https://www.darkdel.com/store/p1750/July%3A__Little_Brother_%26_Homeland.html
* "Poesy the Monster Slayer" a picture book about monsters, bedtime,
gender, and kicking ass. Order here:
https://us.macmillan.com/books/9781626723627. Get a personalized, signed
copy here:
https://www.darkdel.com/store/p1562/_Poesy_the_Monster_Slayer.html.
This work licensed under a Creative Commons Attribution 4.0 license.
That means you can use it any way you like, including commercially,
provided that you attribute it to me, Cory Doctorow, and include a link
to pluralistic.net.
https://creativecommons.org/licenses/by/4.0/
Quotations and images are not included in this license; they are
included either under a limitation or exception to copyright, or on the
basis of a separate license. Please exercise caution.
How to get Pluralistic:
Blog (no ads, tracking, or data-collection):
Pluralistic.net
Newsletter (no ads, tracking, or data-collection):
https://pluralistic.net/plura-list
Mastodon (no ads, tracking, or data-collection):
https://mamot.fr/web/accounts/303320
Twitter (mass-scale, unrestricted, third-party surveillance and
advertising):
https://twitter.com/doctorow
Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):
https://mostlysignssomeportents.tumblr.com/tagged/pluralistic
"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy"
DeVilla
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: OpenPGP digital signature
URL: <http://mail.flarn.com/pipermail/plura-list/attachments/20210126/4072ffd1/attachment.sig>
More information about the Plura-list
mailing list