Referral links

Unlike other ads on this page, the two links below are to services I use - if you're looking for a new SIM or broadband connection I can personally recommend them, and these are specific referral links that I can get bonuses from if you sign up, so please use them :-)

Get a free giffgaff Sim Broadband from £5.99 a month with an included wireless router when you sign up to Plusnet - terms apply

Sunday, 28 September 2014

"Being watched by google" and missing the point of Facebook's messenger scandal

[Short link to this article if you need it - http://goo.gl/pVdsoM - or retweet me. This article is a useful collection of links I've gathered for myself as much as being a blog article for others!]

The Facebook messenger app that was introduced appears to have generated quite a bit of controversy. Facebook split out the messaging functionality into a separate app from the main one and blocked the main one's ability to manage private messages, this effectively forcing people to install the new app to keep their existing functionality.
Not inherently a problem in itself, but it seemed to stir up a bit of controversy about the permissions that the application had. It wanted access to your camera and microphone. How could that be. The level of outrage seemed to reach fever pitch on some parts of the internet about how having acces to that meant that they could spy on you and record everything you're doing. It got ridiculous, and the media didn't help - I saw this appearing via a share in my facebook feed:






HOW TERRIBLE. WE SHOULD ALL STOP USING FACEBOOK!!!


Well, yes there are plenty of reasons to stop using facebook which I'll get into later, but this really isn't one of them. And if he's a "tech expert" he needs to be fired for scaremongering. In fact the issues raised in there are applicable to the permissions that the original facebook app already had, so you'd better stop using that and several others too if you're going to avoid messenger:

 Let's use a common sense critique:
  1. These permissions are requested for the app because facebook allows you to take pictures/video and send them with your messages. In the case of the main facebook app, there's a recent new - OPTIONAL - feature that allows it to listen in the background to detect and post what you're watching/listening to. Even the scandal-inducing Daily Mail didn't really seem to have a problem with it. I use a separate app that does something similar to post what I'm listening to to last.fm when I'm at a venue playing music. It's a nice thing to have.
  2. Facebook are quite open about the function that makes use of the camera/microphone (if you're still wondering why, then here's the - entirely reasonable - official response to the concerns), but what about other apps that you use? Do you know the company behind them? If there's a chance they're a scammer or have other sinister intentions do you check them out in the same way you would when criticising a large company like Facebook? Surely that's where the real danger is - with the lone developer who might be trying to steal your identity or take other things from you.
  3. If Facebook really was trying to snoop in on your microphone or send pictures back to base, you'd see a significant amount of background data usage in the app (other than any auto-playing videos). This simply doesn't happen, so the scare stories are just that.
  4. So we established in point 1 that there are legitimate features in apps that require use of those device features, but what if you didn't want to use those features and wanted to block access to, say, the microphone, or your photos stored on the phone? Apps tend to be installed with an "all or nothing" way of operating. The current Android app permission groups are here. What worries me is that Google tested an Android feature for selectively blocking app permissions via an "App Ops" setting menu in Android 4.3 but then pulled it (actually they claimed they'd put it in accidentally) but if you want to find someone to really have a go at about security and potentially allowing spying, maybe the OS vendors such as Google should be your target... (NOTE: With a rooted Nexus 5 you can put it back, or possibly also on other rooted devices). Or maybe you should consider getting hold of a device which can run the Cyanogenmod variant of Android which has such a function called "Privacy Guard". iOS already has such functionality built in so that's a win for Apple, as nothing should be able to sneakily use your microphone unless you allow it. And in fact with the newly released iOS8 they've has gone so far as to say "The authorities can't access your data" with Android about to follow suit (reference), although whether that'll be a good thing when a high profile court case comes out where evidence couldn't be obtained from such a device is questionable.
I know many disagree, but I still can't help feel that the demise of Flash on mobile has encouraged platform-specific apps in a way that makes the permissions aspect worse. If the manufacturers or community had managed to write a more secure, lightweight Flash implementation maybe all of this wouldn't be an issue ... But it would've been less lucrative for the app stores ...

I think the hype over the messenger app is just scaremongering because people like to think that Facebook is evil. In reality, they're just adding new cool features in their app. Yes there are people who will say "But I'll never use them" but ithis is the technology industry, and it's going to move forward. It's called progress - without it they would struggle to remain dominant in the social media space. And if you're really concerned about the Facebook app, uninstall it and use the mobile web page which cannot access the things you're worried about, and does give you access to Messages. It's your choice. I have to admit I was a bit surprised when thumbnails of my newly taken photos showed up within the app and it offered to add them, but (I believe) that is all being done on the device and not sent to the servers (Unless it's sending thumbnails of course - if you want a conspiracy theory!)

Google, and increasingly Facebook, make their money out of targeted advertising and knowing things about you to enable the ads to be more useful. To a certain extent I don't have a problem with that (I don't use AdBlock as I'd rather vote with my feet on such issues and avoid the sites if they're too intrusive) and I'd rather ads were of interest to me than not) but for those who do the best answer is not to use them. Stop using Google and switch to a search engine such as duckduckgo instead which won't track you in the same way. The problem is that Google's data collection means that their results will generally be superior. They have access to a lot of information to use to give you the best results, and other search engines aren't quite there. But they're worth trying ...

My other big concern regarding Google Android is the "Android OS" data usage on cell connections on Android devices. It's not a huge amount - a few Kb each week, but I do wonder what exactly it's doing. It could be a measurable cost for some very low data users if it's using some data every day with some pay-as-you-go deals offering a certain amount of data per-day for a fixed price. Any expected data usage is counted under specific apps or the play services, and I have app updates disabled unless on WiFi. So what is my phone doing talking to Google in the background? I've got location data switched off, so it can't be sending the (frighteningly accurate as it happens! Try switching GPS off and you'll see) WiFi-based location mapping back to to Google in there ... This is from my device's cell data use in the last week:


Maybe they're the ones sending my photo thumbnails back to Google for the NSA ...

My real concerns about Facebook.

Maybe the above publicity about Messenger is a good distraction for Facebook, as it diverts attention from some of the real issues with their client apps. The mobile web page is great, but in terms of data use it's relatively inefficient. The calls made through the APIs by the Facebook app are far less of a data hog. So you might think another option might be to use a third-party Facebook client that doesn't give so many permissions. But there are two problems with this:
  1. Firstly, the feed is filtered differently. Actually through the APis it doesn't appear to be filtered at all so your "Close friends" and "Acquaintances" don't get the prominence you've asked for in your feed. If you're not familiar with those options they are a great way to increase/decrease the prevalence of friends in your stream - and if you really want to "stalk" a friend then there's also the "Get Notifications" option so you get a notification for everything from them. All of these are available when you click the "Friends" button on someone's profile on the web site, in addition to the asynchronous "Follow" option for those who allow it. There are many who think that Facebook filters the feed too much, and for them using another app might be a good idea ... Except for the second problem with third party apps...
  2. Many people have (understandably) set their privacy options (Settings -> Apps -> Apps Others Use) to prevent access to their posts and photos etc. (NOTE: Some experimentation I've done suggests it may not always work...although you can kill off the platform app entirely from Settings->Apps->"Apps, websites and plugins" which does seem to work but stops you using FaceBook logins anywhere) It's to stop games and other rogue apps from being able to access their "friends only" information, but it also prevents "real" third-party facebook clients from seeing their posts. Maybe there needs to be two classes of app - and perhaps the "anonymous login" option for apps is enough - although there's little incentive for Facebook to do quite enough to make "real" third party clients work as it's generally easier to inject ads in their own clients the way they want...
  3. I wrote about a bunch of other concerns a couple of years ago, and although some things have changed since then, I did mention the app permissions thing in there. and why people would choose to restrict app permissions.
And I'll be honest, those "lock-ins" meaning you get reduced functionality with third party apps is a big part of the reason I sometimes consider leaving Facebook. I am using a third party app, and so I know I'm often missing people's posts at the moment. But then on a positive, Facebook does provide a lot of control over the access if you know what your way around the options, but it's good to see Facebook's new "Privacy Check up" wizard being presented to users now (Did they know I was about to publish this blog?)



There are also articles on topics such as "How to lock down your facebook account for maximum privacy" but I honestly think that doing a lot of what those articles say reduces the effectiveness of a social media platform. Most people post things on twitter without where followers/followes are all visible, so why lock down your facebook account so much that such information is lost? Sure there are some scams involving acquisition of those lists, but I'd rather we lived in a world where people were educated on security and keeping their wits about them online rather than artificially let them believe that a checkbox on one site will make them secure/immune ... I'd really like to see schools teach good online security habits since such knowledge should be essential for all online users. Let's not be overly paranoid about one site.

Social moving forward - is there any hope?


Anyone trying to get into the social media space will have a very hard time competing with Facebook. Even Google are struggling to do it with their initial "Buzz" offering and now Google+, which has recently been changed so that all Google Mail users don't have to have a Google+ account. The critical mass of people who use Facebook is huge, and nothing else is at a level where it's a substitute. I suggested an alternative to Google search earlier, but it's much harder for one person to choose to use a different network. Twitter just isn't the same as Facebook, the recently launched "ad-free" Ello has potential issues:
Diaspora's "pod" concept where there's no central hosting server is interesting - they started by charging users for the service in order to support it without advertising which wasn't a bad idea in theory, but they're not getting the wide adoption they need either, and they had some issues with their reputation amongst early adopters. But there's an option if you want to break away from Facebook.

But Mikko Hypponen of F-Secure recently had an interesting perspective. He, like quite a few people I suspect, would be willing to pay for such "essential" services as Google if it was an option to do so and not have all the data collection in place. But he argues quite strongly that from where Google are now it actually wouldn't be of benefit to them to offer it, as we're far more valuable to them when they can hold our data than a token amount of money would be. The tracking of us is what let's the world move forward to the sorts of ideals that Microsoft's vision of the future has predicted, and things like Google Now, if you let it, are moving us towards that. And facebook's revamped Atlas advert platform is widening its scope to rival Google Ads, but while introducing that they're adding anonymous logins and encouraging privacy checkups. The question that many people didn't ask at the time of Microsoft's vision video was: Who pays for it? The answer is you, by handing over your details so Google potentially knows more about who you really are than you do. It's up to you if you're happy with that, but the important thing is to know what you're doing. And if you want to see who's getting your info in practice, install the extremely enlightening the Lightbeam (Formerly Collusion) plugin for FireFox, or the third-party Ghostery one, and remember that it's your choice to allow web sites to set cookies .. They all prompt you for it now although that's possibly missed the point since the tracking is often just done via javascript instead. I've also seen a comment recently about how Facebook pick up on things you've viewed on external sites (as does Google) but in reality that's not so much Facebook spying on you as the retailer sending your details back to Facebook. Arguably a more realistic way to look at it.

But if you really value you're privacy, I suspect that LinkedIn, also known as "The Creepiest Social Network", is probably the one to avoid ..

NB The quote in the title of this article is from Kasabian's Eez-eh single

Thursday, 18 September 2014

Scotland #indyref: All that's bad about politics

[Short link to this article if you want it - http://goo.gl/WFPIzm - or retweet me]

I'm a bit late in posting this but what the hell ...

The Scotland independence referendum is coming up to it's climax. I've finished drafting this just after midnight - voting will commence in a few hours. The question is simple:

"Should Scotland be an independent country"


That's it. Yes or No. I currently live in England after living in Scotland until I was 22 therefore I don't get to vote in this. Scotland has been part of the United Kingdom for many years, and there are plenty of arguments on both sides. The white paper is available here if you want to see what's being proposed. And some of the things that would still be shared at least to begin with are covered in this article. But I'm more concerned with how the arguments are being put forward. There have been two significant televised debates: One on STV (for some ridiculous reason they didn't broadcast it UK-wide and the online stream couldn't cope) and another on the BBC between Alex Salmond, leader of the SNP (Scottish National Party) looking for a "Yes" vote and Labour party politician Alastair Darling who is the leader of the "Better Together" campaign who want a "No" answer to the above question.

Both of these debates seem to have been quite "lively" but have been characterised by people talking over one another. There seems to have been a lack of listening and straight answers to the questions - they are politicians after all - but we should use this as an opportunity for a fresh start... In the first debate, Alex seemed to take a naive "I don't have a plan B because I'm only focussing on plan A" on the currency debate. It's such a critical point that it's unbelievable to me that he didn't just quote what's in the whitepaper given there were so many people who seemed to want that question cleared up. Assuming the whole public have read through the whitepaper seems utterly naive, so treat the public like adults who and just quote what's in the white paper so people can make an informed decision about the possibilities:

Four currency options were examined by the Fiscal Commission
– the continued use of Sterling (pegged and flexible), the
creation of a Scottish currency and membership of the Euro.

Concern answered, move on. And while he gave that answer in the second debate I think it wasted a lot of time that could have been better spent on something more useful in such a widely broadcasted debate.

Another similar point was when Alex asked of Alastair "Could Scotland be a successful independent country?" As far as I can tell (and I think the second/third time he asked he got a yes answer, but continued regardless) that is a bit of a non-question. "Could" is simply an indication of a non-zero possibility that it might be successful. Of course it could, that doesn't mean it's likely to, so the question was purely to elucidate a sound-bite that could be used answer, not an intention to draw out any useful debate, disappointingly.

There also seems to have been a lot of negative campaigning and personal attacks by the "Yes" campaign. Taking pot shots at Alastair's previous work in government (not really relevant to the debate) and references to bullying/fear tactics from  the other sides. There seems to be a constant stream of trying to smear their opponents instead of producing coherent messages and factual evidence to counter the arguments presented. It's the worst possible kind of politics. If Scotland wishes to truly start afresh, then starting from a point of politicians point-scoring against each other in the worst possible way doesn't sound like a good way to start a government of a new country. Does that really sound like a change from the past? Or will Scotland just end up with the same distrust of politics, just with a different set of people? Yet that's what Alex is promising: if you vote "Yes". You won't be ruled by the politicies of the politicians in Westminster.

True, you'll be ruled by policies created by politicians in Edinburgh instead. They'll still have to make similar decisions based on similar facts - are they really likely to come to significantly different conclusions and different compromises compared to what the can with the separate parliament they have just now? They will still be fairly remote from where most people are, just slightly closer. Is there any real reason to believe that a separate Scottish government will be able to make better decisions and make people's lives better? They'll have a smaller pot of money to play with. Will more politicians being employed to make decisions be worth it? Well you've already got a lot of what the "Yes" campaign is promising so that seems a case of trying to make promises of delivering some snow to the eskimos, although oddly the "No" campaign hasn't capitalised on that fact as much as they probably should have:
It astonishes me that the "Yes" campaign hasn't managed to negotiate secure answers on currency, EU membership etc. The fact that people are being asked to vote on a basis of "Let's make ourselves independent, then we'll sort out the details later" just seems like voting for a fantasy. It's relying on passion. The heart over the head. The practicalities of being able to produce the ideal view which is visible through rose-tinted glasses is by no means certain.  But the fact that it "could" be that rosy view is what the "Yes" campaign appears to be based around. But is "could" worth the risk? JK Rowling tweeted a link to a Guardian article on the subject:
There are a lot of extremely vocal people, particularly on the "Yes" side (Tommy Sheriden springs to mind) but you'd expect that. The people who want to change the status quo are the ones who shout the loudest in most situations - and they should. The tabloid newspapers and the twitter echo chamber can make strong polarised views, and seemingly scandalous facts, spread very quickly. This is a long term decision that should really be taken on less emotional responses, and that makes it harder to choose independence. It seemed clear to many people that switching the UK voting system to something other than "First Past The Post" made sense, but ultimately that wasn't what the public actually chose. How will this second significant referendum in the UK go?

So to summarise: Is politics, and more importantly, people's quality of life, really going to be better in an independent Scotland? It certainly could be, and that's what the SNP's Raison d'ĂȘtre (so what does Alex do if it fails?) but I personally haven't seen enough concrete evidence to convince me it's likely enough to be worth the risk. And it's certainly not convinced me the politicians involved are likely to be any better than those in Westminster. But regardless of what I think, it's in the hands of those living in Scotland.

I'm glad I had my passport renewed recently, maybe I'll need it to visit Scotland soon:

If nothing else we are looking like we're going to get a potentially world record turnout at the polling booths.(EDIT: It was 84.6%) Here are some other figures for comparison:


I watched this episode of Question Time live - this guy in the audience cracked me up so I'll leave him with the last word - if he has his way then it's not going to happen: