277 stories
·
4 followers

Is Your Privacy An Illusion? (Taking on Big Tech) - Smarter Every Day 263

1 Comment
From: SmarterEveryDay
Duration: 15:00

Please Support the Kickstarter:
https://www.kickstarter.com/projects/4privacyapp/4privacy-app

Aerial footage captured in accordance with FAA regulations under Part 107 guidelines by a licensed and insured UAS service provider.
Professional Drone Services (PDS.Media)

Read the whole story
LinuxGeek
3 days ago
reply
The first in a new video series from a guy who is good at explaining things.
Share this story
Delete

CIA, NSA Block Ads Network-Wide To Protect Agencies. Ron Wyden Says Rest Of Gov't Should Do The Same.

1 Comment

Not everyone uses an ad-blocker. But most people do. And no matter how much online publications claim ad blocking is the same thing as stealing, it really isn't. If they're bent out of shape about it, it's because they assault users with ads, burying content behind a wall of uncurated virtual salesmen. If it bleeds, it leads, the old saying goes, but now it refers to readers' processing power and data allotments.

Far too many online publications consider processing the check on the ad buy to be the end of their responsibility. But ad servers get hijacked. Other ad companies get purchased by ad pushers with more malleable morals. Everyone collects reams of data on every site visitor. The end user of sites seems to be the last concern for ad brokers and the people who sell to them, so it's no surprise more people are deploying ad blockers, seeing as readers of even supposedly-reputable sites have been hit with malware, spyware, and auto-playing video when just trying to access some content.

Ads can be dangerous. They can compromise systems and hijack browsers. The general public definitely knows this. Enjoy this shade thrown at ad saturation and website design overcompensation:

The government knows this as well. And it should, although it really shouldn't be a trailing indicator on abusive ad deployment. The spyingest agencies of the Intelligence Community don't just suggest employees should use ad blockers. It mandates them. Here's Joseph Cox for Motherboard:

Lots of people who use ad blockers say they do it to block malicious ads that can sometimes hack their devices or harvest sensitive information on them. It turns out, the NSA, CIA, and other agencies in the U.S. Intelligence Community (IC) are also blocking ads potentially for the same sorts of reasons.

The IC, which also includes the parts of the FBI, DEA, and DHS, and various DoD elements, has deployed ad-blocking technology on a wide scale, according to a copy of a letter sent by Congress and shared with Motherboard.

The letter [PDF], written by Senator Ron Wyden, suggests the rest of the federal government follow the NSA's lead and implement "network-based ad-blocking technologies" at all federal agencies.

While the intelligence community has acted to protect its personnel and computers from malvertising based threats, many other federal agencies have not, and are unlikely to until they are required to do so. To that end, as OMB [Office of Management and Budget] finalizes its recently released draft Federal Zero Trust Strategy, detailing the specific actions that OMB is requiring federal agencies to take to secure their systems from hackers, I urge OMB to also require agencies to implement the CISA and NSA guidance to block ads.

"Zero trust." That sounds like an accurate court of the trust most online advertisers have earned. It's a cesspool out there and publications looking for the easiest way to convert readers to dollars have proven willing to splash around in it under the assumption they'll always be able to blame the foul odors on their ad partners. But that assumes people will be willing to forgive continuous abuse as long as they can access "free" content. That's a risky assumption.

And it doesn't have to be this way. Techdirt has experimented with a blend of ads and direct connection with readers to pay the bills. As ad providers have become less trustworthy and old standbys (like Google's AdSense) have become increasingly erratic with their policy enforcement, Techdirt has dropped ads completely. There are no Google ads on Techdirt and no analytics trackers logging reader info for data brokers who not only help serve up "targeted" ads but also sell data in bulk to government agencies. Techdirt runs clean and is almost entirely reader-supported. Very few sites are willing to give up money to ensure the safety and privacy of their readers and that's why ad blocking has never been considered a threat to Techdirt's business model.

Ad blocking is a must-have these days, even for the federal government. Too much abuse and too little oversight has turned a nicety into a necessity. And if online publications don't like the current state of affairs, they really have no one but themselves to blame.

Read the whole story
LinuxGeek
24 days ago
reply
I recognize that our 'free' internet is largely funded by advertising, but they are a huge risk in the current implementation. We need to go back to simple banner ads. No multimedia, javascript, tracking, etc.
freeAgent
19 days ago
I also wish micropayments were more successful. That's why I signed up for Scroll. It's now been acquired by Twitter and they stopped new subscribers but have kept existing ones on. Hopefully Twitter is planning to roll it out more broadly.
Share this story
Delete

Why you need a personal laptop

1 Comment
The ThinkPad X1 Carbon Gen 9 closed, seen from above.
Yep, if my employer gave me a ThinkPad X1 Carbon, I’d want to use it all the time too. Don’t do it! | Photo by Amelia Holowaty Krales / The Verge

It’s a decision that may seem like a no-brainer. You’ve got a new job, and they’ve just given you a brand-new ThinkPad. Perfect, you think to yourself. It’s about time I got rid of that 10-year-old MacBook Air.

I’ve been there. Surveys have shown that over half of workers use work-issued devices for personal tasks — whether sending personal messages, shopping online, accessing social media, or reading the news. The prospect of using your work laptop as your only laptop — not just for work, but also for Netflixing, group chat messaging, reading fanfiction, paying bills, and emailing recipes to your mom — is understandably tempting, especially for folks who work from home. Keeping work tasks and personal tasks in one place may feel like...

Continue reading…

Read the whole story
LinuxGeek
34 days ago
reply
This advice applies to phones too. Do not use work devices for your non-work activities, and do not use your personal devices for work purposes. Both scenarios can give your employer much more control and visibility into your private life than they should have.
Share this story
Delete

The best electric lawn mowers of 2021 - CNET

1 Comment
We tested the most popular electric lawn mowers on the market in 2021. When the grass clippings settled, we decided these are our top picks.

Read the whole story
LinuxGeek
41 days ago
reply
Nope. Battery powered lawn mowers have too many drawbacks for me. They're heavier and harder to push. They have less power than corded mowers. The battery takes too long to charge, possibly leaving you with a half-mowed lawn. The battery will lose capacity over time, eventually requiring replacement. If you don't have the mental capacity to manage an electric cord, maybe you shouldn't be operating a lawn mower at all.
Share this story
Delete

Riot Will Use Windows 11’s TPM 2.0 Requirement to Ban Cheaters From Valorant

1 Comment

(Image: IGN)
Riot’s new game, Valorant, has already come under criticism for its anti-cheating methods, but the company plans to further tighten its requirements. According to the Twitter account @AntiCheatPD, Valorant now requires a TPM to be installed if a player is running Windows 11:

Using TPM to enforce anti-cheating provisions is an interesting idea, but it could come with some significant downsides for user privacy and anonymity. Riot can do more than ban a user’s account or IP address. It can ban the actual, physical PC. Each TPM has a burned-in RSA key that cannot be changed. Ban the RSA key, and you ban the entire machine. Riot also requires Secure Boot to be enabled on all Windows 11 installations.

In theory, some desktop systems could avoid this problem by swapping out the physical TPM module. It might still be possible for some desktop users and enthusiasts to regain access to the game by decrypting their drives, disabling Secure Boot, replacing the TPM module, and then re-enabling Secure Boot and the new TPM module, but this exercise must be approached with care.

While disabling Secure Boot will not wipe a PC, removing an existing TPM module will make a drive unreadable unless it is decrypted first. Additionally, this “workaround” is only possible on motherboards that support a separate TPM header/module. If the end-user’s TPM support is built directly into the UEFI, as is typical, you’d need a new physical UEFI chip (assuming it can be swapped) or an entirely new motherboard.

We’re no fans of online cheating, but cheaters are not the only people potentially being watched here. Forcing every computer to authenticate through a hardware module whose authentication key cannot be changed may stop cheaters, but it also provides a much more effective method of monitoring what people say and do online. China, for example, is now heavily restricting the amount of time children can game in part by requiring game developers to implement facial recognition software. It’s implemented a social credit spying system that monitors and grades what citizens do and say online.

Microsoft’s TPM 2.0 requirement in Windows 11 ties your system to a single encryption key that can be read to identify that PC, specifically. It can theoretically be used as part of a DRM authentication scheme to confirm you have the right to access content. While a TPM module is not DRM in and of itself, it can absolutely be used as part of DRM systems. A TPM module is not the only way to track a machine’s activity online — MAC addresses can also be used for this purpose — but companies like Apple have implemented MAC address randomization in iOS devices when they scan for networks. It’s not clear a TPM 2.0 key can be obfuscated in a similar way.

This scheme hearkens back to Intel’s decision to include a unique identifier flag inside the Pentium III or Microsoft’s proposals for Palladium nearly 20 years ago. The problem is made more complicated by the fact that TPM modules and Secure Boot both have legitimate security uses. It would be easier to declare this a unilaterally bad development if MS didn’t have a cogent security argument to make.

But just because a company has an argument doesn’t mean end users are required to accept it. Our concern at this point isn’t for cheaters who get banned from games they cheat in. It’s for the way this capability will likely be abused by corporations and governments in the future. It would be naive to pretend this will not happen.

As the 2016 paper “Privacy Concerns of TPM 2.0” discusses, the Trusted Computing Group that created the TPM 2.0 standard has attempted to address privacy concerns around the technology, but it has done so in a way that may exacerbate future problems. The authors note:

The privacy concerns of TPM 2.0 are due to the way privacy is defined by TCG. In the specifications of trust requirements for TPM 2.0, TCG excludes the manufacturers of TPM chips and computing platforms from the set of potential privacy threats. This assumption is unrealistic for corporate and private users of computing platforms especially in the post-Snowdon [sic] world we live in, where we know that (secret) state sponsored tracking and mass surveillance is a reality. (Emphasis Original)

The paper claims that the TCG’s privacy model for TPM 2.0 “models remote transaction parties as the sole potential threat to end users’ privacy. It remains silent about potential threats from TPM manufacturers and law enforcement entities.” The authors also note that privacy is supposed to be central to the goals of the TCG and TPM 2.0, writing, “It is therefore surprising to read in the TPM 2.0 specifications that end-user privacy has been partially traded off to give TPM manufacturers the power to identify and trace end-user computing platforms.”

TPM 2.0 is good for companies and governments that want more control over how someone can use their own hardware and what services they’re allowed to access. It’s hard to argue with the idea that manufacturers should crack down harder on cheating in video games if it guarantees a better experience for their players. Just be aware that the same technology that protects the system also functions to control it. This control will be abused by some governments and corporations and it’ll be used to justify yet more data gathering.

How one feels about Microsoft requiring a TPM 2.0 chip in Windows 11 is a matter of personal opinion, but be aware that the company’s talk of improved security comes at the cost of decreased user control. TPM 2.0 doesn’t just provide increased security, it also exposes every PC to potentially increased surveillance.

Microsoft has announced it will support Windows 10 until October 15, 2025. Hat-tip to THG for surfacing this one.

Now Read:

Read the whole story
LinuxGeek
46 days ago
reply
So... TPM 2.0 brings new risks to buying used hardware. Is that eBay deal going to get a machine that won't run software because it was once used by a bad person? This story is only talking about blocking games, but the ability could easily be used by other software companies.
Share this story
Delete

Game studio CEO ousted after tweeting he’s “proud” to support Texas abortion ban

1 Comment
Screenshot from a violent, bloody video game.

Enlarge / Killing Floor 2. (credit: Tripwire Interactive)

Over Labor Day weekend, a social media firestorm began when Tripwire CEO John Gibson tweeted his endorsement of a recent Texas anti-abortion law that prohibits abortions at six weeks. The controversy ended with Gibson's swift departure from his company, following disavowals from multiple associated studios.

Tripwire Interactive, the Georgia-based studio and publisher responsible for games like Maneater, Chivalry 2, and the Killing Floor series, confirmed Monday that CEO John Gibson has been replaced by Vice President Alan Wilson, who will lead the company as it searches for a new head executive.

"The comments given by John Gibson are of his own opinion and do not reflect those of Tripwire Interactive as a company," the developer said in a statement. "His comments disregarded the values of our whole team, our partners, and much of our broader community. Our leadership team at Tripwire are deeply sorry and are unified in our commitment to take swift action and to foster a more positive environment."

Read 13 remaining paragraphs | Comments

Read the whole story
LinuxGeek
46 days ago
reply
What relevance does his opinion on abortion have to do with his job? Is it fair to be fired because of a statement you made that had nothing to do with your employment?
acdha
46 days ago
If he was Joe Sixpack, sure, but there is a risk for a C-level executive who makes policy when wading into a potent political argument. There is a history of companies meddling with things like health coverage, parental leave, etc. and a board of directors is likely to look at that from the perspective of how many customers might stop buying, the impact on hiring, and whether this could prove expensive if an employee sued alleging harassment or unfair treatment — no, it's not a given that it would cost them but it's also easy to replace someone with a more prudent candidate who will likely perform just as well.
Share this story
Delete
Next Page of Stories