kai_mactane: (Default)

The more stuff you have open (or habitually leave open) in an application, the more it becomes part of your consciousness, an extension of your mind. For many of us, the question “What are you doing right now?” could best be answered by, “Here’s a list of the tabs I have open in my web browser.”

Hackers* use the word “state” to describe “information being maintained in non-permanent memory”, whether that memory is in a human skull or a computer’s RAM chips. In fact, that ambiguity over exactly where the state is being maintained is one of the word’s strengths — as the browser-tabs example shows, there’s getting to be less of a distinction between the two. The stuff in my browser’s tabs is a reflection of what’s in my own brain, and a nearly-seamless extension of it.

Like every other web developer, I recently got a message from Firefox saying it needed to upgrade. (Because security researchers found yet another hole in Adobe Reader.) Despite the fact that I had over a dozen tabs open, I knew I wouldn’t have to worry about performing the upgrade, because Firefox would remember all my tabs and reopen them after restart. It’s basically a momentary hiccup in my workflow; I can start the upgrade and then use that 30-second break to refill my teacup or go to the bathroom. Come back, sit down, close the spare “You’ve just successfully upgraded Firefox” tab, and just keep working.

Compare that with Windows Update.

Read the rest of this entry »

Originally published at Coyote Tracks. You can comment here or there.

kai_mactane: (Default)

So, Palm was recently caught spying on its users. Major kudos, by the way, to Joey Hess, who initially broke this story. For those who haven’t kept up, various other news outlets and blogs have also been reporting on it.

Palm’s response to this problem is a single paragraph of corporate PR-speak:

Palm takes privacy very seriously, and offers users ways to turn data collecting services on and off. Our privacy policy is like many policies in the industry and includes very detailed language about potential scenarios in which we might use a customer’s information, all toward a goal of offering a great user experience. For instance, when location based services are used, we collect their information to give them relevant local results in Google Maps. We appreciate the trust that users give us with their information, and have no intention to violate that trust.

The problems with this statement are:

  1. There is no indication of how to turn off this particular piece of data collection. Not on Palm’s web site, not in the user manual that came with the Prē, and not in the Prē’s user interface.
  2. For all the “detailed language” in Palm’s privacy policy, there is no slightest indication — anywhere — that they collect information about what applications the user runs.

It’s particularly interesting to look at the “On-Device Services” part of the privacy policy: It mentions types of data that will be collected “If you use services we provide” (emphasis added). For example, they say, “When you use a remote diagnostics or software update service, we will collect information related to your device (including serial number, diagnostic information, crash logs, or application configurations)”. This is the only mention of collection data about a user’s applications, and it clearly starts with “when you use a diagnostic service”.

It doesn’t say “once per day, no matter what”.

Other items under “On-Device Services” start with “When you use a back-up and restore service…” and “When you use location based services”.

All of this suggests that users have some sort of control over what gets sent and when. The Palm Prē’s “Location Services” preferences item has a control labeled “Background Data Collection”, with the caption: “Allows Google to automatically collect anonymous location data to improve the quality of location services.” (This is after other controls labeled “Auto Locate”, “Use GPS”, as shown at right. If you turn on Auto Locate, you also get a control labeled “Geotag Photos”.)

It doesn’t say that Google (or anyone else) will collect data on what apps a user is running. And it strongly implies that this data will only be collected when I actually run an app that uses location services — for example, Google Maps, or OpenTable (which wants to know where I am so it can try to find nearby restaurants).

And it blatantly claims that if I turn off that switch, it won’t send my data off to big corporations any more.

So far, I’ve verified a few things:

  1. The application data log includes installs, uninstalls, and launch and close times for all apps, not just Palm’s official ones. Homebrew and third-party apps are included.
  2. Flipping the Background Data Collection switch does not turn off the contextupload process that’s responsible for sending the information to Palm’s servers.
  3. Nor does it stop logging application launch and close times. I’ll repeat that: My Prē is still logging application launch and close times into /var/context/contextfile, even though I have Background Data Collection turned off.

We in the technology business have a technical term for what Palm is doing when it claims that it “offers users ways to turn data collecting services on and off” in the context of this particular data. That term is: lying. Palm is lying to us, pure and simple.

Originally published at Coyote Tracks. You can comment here or there.

kai_mactane: (Default)

My latest software project is now available… where “latest” means “the latest thing I’ve launched, even if I actually wrote it over a year ago.”

The story is simple: I was tired of seeing “failed password” messages from sshd cluttering up my logs. I was also annoyed at the constant flow of dictionary attacks, even if I knew they’d never get in. So I whipped up a quick Perl script that acted as some glue between Swatch and iptables, and which would also give me some amount of reporting and history on who and what it was blocking.

Then I posted about it in my online journal, and a friend said it sounded useful. So I started getting it ready for release as a package that anyone could use…

And promptly realized that doing a decent, professional job of it would take more time than I had available. Fast-forward to now, when I’m unemployed and can only spend so many hours per day job-hunting — the result is that the world gets more software!

Originally published at Coyote Tracks. You can comment here or there.

Profile

kai_mactane: (Default)
kai_mactane

July 2011

S M T W T F S
     12
3456789
101112 13141516
17181920212223
24252627282930
31      

Syndicate

RSS Atom

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated Jul. 21st, 2017 06:50 am
Powered by Dreamwidth Studios