Via Bruce Schneier, Ars Technica describes in painful detail how computer repair people snoop and steal people's data all the time:
If you’ve ever worried about the privacy of your sensitive data when seeking a computer or phone repair, a new study suggests you have good reason. It found that privacy violations occurred at least 50 percent of the time, not surprisingly with female customers bearing the brunt.
Researchers at University of Guelph in Ontario, Canada, recovered logs from laptops after receiving overnight repairs from 12 commercial shops. The logs showed that technicians from six of the locations had accessed personal data and that two of those shops also copied data onto a personal device. Devices belonging to females were more likely to be snooped on, and that snooping tended to seek more sensitive data, including both sexually revealing and non-sexual pictures, documents, and financial information.
The amount of snooping may actually have been higher than recorded in the study, which was conducted from October to December 2021. In all, the researchers took the laptops to 16 shops in the greater Ontario region. Logs on devices from two of those visits weren’t recoverable. Two of the repairs were performed on the spot and in the customer's presence, so the technician had no opportunity to surreptitiously view personal data.
In three cases, Windows Quick Access or Recently Accessed Files had been deleted in what the researchers suspect was an attempt by the snooping technician to cover their tracks. As noted earlier, two of the visits resulted in the logs the researchers relied on being unrecoverable. In one, the researcher explained they had installed antivirus software and performed a disk cleanup to “remove multiple viruses on the device.” The researchers received no explanation in the other case.
In all, the findings from the study were:
• Privacy policies and the practice of communicating protocols and controls to protect customers’ data do not exist across service providers of all sizes.
• Service providers largely (10/11) require “all access” to the device, even when it is unnecessary.
• Technicians often snoop on customers’ data (6/16) and sometimes copy those to external devices (2/16).
• Technicians who violate privacy often do so carefully to not generate evidence (1/6) or remove such evidence (3/6).
• A significant proportion of broken devices (26/79, 33 percent) are not repaired due to privacy concerns. For the devices that get repaired, device owners are concerned about threats to their privacy but do not use the proper controls to protect their data.
The results likely confirm what many more experienced computer users already know: that their data is vulnerable to snooping or copying any time they surrender their device to an untrusted or unknown individual, particularly when the individual has their login password. But for a much larger percentage of people wanting to recover crucial data on a broken device, the findings are likely a wake-up call with few, if any, good solutions.
Another way to look at it: do you trust your locksmith?
With only about a week of autumn left officially, we have some great weather today. Cassie is with her pack at day care and I'm inside my downtown office looking at the sun and (relative) warmth outside, but the weather should continue through Friday.
What else is going on?
Finally, I hate to tell you, we will never find any real evidence to support the existence of Noah's Ark.
Josh Barro explains the FTX collapse in simple terms:
[T]his is not a technology story, because FTX was not a technology company. Sure, FTX’s business relied on technology, but so do most businesses. FTX has an app; so does Fidelity, and so does Chipotle, and that doesn’t make them tech companies. FTX was a brokerage, and there were two things that set them apart from a regular brokerage. One is that they dealt principally in nonsense financial products with no underlying economic value, and the other is that the owners either lost or stole the customers’ money and then lied about their resulting insolvency.
Because cryptocurrency assets have no fundamental economic value — unlike stocks and bonds, they do not reflect a claim on the cash flows of some business creating real value in the economy — there can be no such thing as fundamentals-based investing in them. When people invest in crypto, they out themselves as marks for scammers who might believe any nonsense about what something is worth. And therefore it’s the least surprising thing in the world that someone would open up a crypto exchange, offer implausible interest rate terms in order to hoover up billions in customer deposits from the gullible masses, and then misappropriate the proceeds.
He also provides some rules of thumb for dealing with cryptocurrencies, the first being, "any crypto-related business is a scam." Quite so.
Photo number 1: Cassie, from above. (My office is in a loft over the master bedroom, where Cassie has a bed.)
Photo number 2: can anyone give this 1½-meter (5'3") scratching post a good home? I'm keeping it for a friend who went back home to Spain "for 6 weeks" in August 2020. He will come back to Chicago eventually—for a visit.
Photo number 3: a Tweet that made me laugh out loud.
I know that the super-rich in previous eras also had more narcissism than good sense, but watching Musk destroy Twitter in real time makes me wonder if our super-rich are massively stupider than the Gettys and Carnegies, or only significantly stupider.
The new boss of Twitter, who laid off half his workforce and watched as half the remaining employees quit last night, found the silver lining:
And yes, I linked to the Tweet, because I cite my sources. Kind of like putting a bookmark in a scroll in Alexandria as the fire spreads to the next room, I suppose...
While the site still keeps going, check out the #RIPTwitter memes.
Will Twitter last longer than this head of lettuce?
And as I'm typing this, the BBC News Hour presenter just said they'll have a former Twitter vice president on who says Elon Musk has told everyone to "hold his beer," which sounded perfect in RP.
I'm just finishing up a very large push to our dev/test environment, with 38 commits (including 2 commits fixing unrelated bugs) going back to last Tuesday. I do not like large pushes like this, because they tend to be exciting. So, to mitigate that, I'm running all 546 unit tests locally before the CI service does the same. This happens when you change the basic architecture of an entire feature set. (And I just marked 6 tests with "Ignore: broken by story X, to be rewritten in story Y." Not the best solution but story Y won't work if I don't push this code up.)
So while I'm waiting for all these unit tests to run, I've queued all this up:
- House Speaker Nancy Pelosi (D-CA) announced today that she will step down from her party leadership role when the 118th Congress meets on January 3rd.
- This came on the heels of a loser Florida retiree trying to get his old job back. Tina Nguyen looks at who might challenge the loser retiree for the same job. One thing I know: this won't end well for the Republican Party.
- Maybe that's why 12 Republicans in the US Senate crossed party lines to vote on moving the Same-Sex Marriage bill forward?
- Aaron Gordon investigates why American transit projects cost so much more than any other country's (hint: they have stronger anti-corruption laws).
- And yet, Washington got a Metro line to Dulles after waiting only 60 years, just slightly longer than we in Chicago's Ravenswood neighborhood have waited for the inbound Metra platform to open.
- Speaking of corruption, Kelsey Piper got a phone call from Sam Bankman-Fried, the guy who made a couple billion in crypto go *poof* last week, so he could clear the air. On the record. With pending litigation. (Seriously, who's his dealer?)
- For no reason anyone can determine, certainly not the recent dismissal of half its workforce including the only engineers who know where the bolts go, Twitter has experienced some intermittent problems with its multifactor authentication setup. Even better, "a researcher contacted Information Security Media Group on condition of anonymity to reveal that texting 'STOP' to the Twitter verification service results in the service turning off SMS two-factor authentication." Oh my!
- Speaking of that dying company, Elon Musk has done his utmost to hasten the exodus of engineering talent by giving everyone until (checks watch) two hours from now to choose a lifetime of misery or a three-month severance. Because we software engineers do our best work for narcissists with whips. (There simply isn't enough popcorn in San Francisco for this shit show.)
- Sadly, Republican speechwriter and Washington Post columnist Michael Gerson has died at 58. I didn't agree with him much, but he remained one of the sane ones till the end.
Finally, one of Chicago's last vinyl record stores, Dave's in Lincoln Park, will close at the end of this month. The building's owner wants to tear it down, no doubt to build more condos, so Dave has decided to "go out in a blaze of glory."
All right...all my tests passed locally. Here we go...
I mean, why? Just why?
- The XPOTUS, as predicted, announced his run for the 2024 election, despite looking like a total loser in the 2022 election. But narcissists gonna narcise.
- The Illinois Worker Rights Amendment passed, and will now become part of the state constitution. I think this will have a bunch of unintended consequences not beneficial to workers, so I voted against it. We're stuck with it now.
- Boomer Kathleen Parker spends her column today tut-tutting Boomers for not understanding Millennial jobs, picking "influencer" as just one example. I'm an X-er who completely understands "influencer" (i.e., children monetizing their own narcissism) and "change manager" (i.e., operations flunky) just fine, and suggests that the problem lies not with the Boomer parents but with the Boomer executives. (Longer post, maybe?)
- Pushwoosh, a Russian software company that writes spyware has pretended to be an American company, for reasons left as an exercise to the reader. About 8,000 apps use their stuff. As Bruce Schneier has said, supply-chain security is "an insurmountably hard problem."
- Bloomberg laments that "the wrong Americans are buying electric cars."
- Julia Ioffe cautions that Ukraine's re-taking of Kherson could lead to dangerous overreach as the war goes on—and a difficult diplomatic situation for the US.
Finally, the Missouri Department of Transportation proudly announced the 50th anniversary of their engineers killing downtown Kansas City, and the Internet let them have it.
Between my actual full-time job and the full-time job I've got this week preparing for King Roger, Cassie hasn't gotten nearly the time outdoors that she wants. The snow, rain, and 2°C we have today didn't help. (She doesn't mind the weather as much as I do.)
Words cannot describe how less disappointed I am that I will have to miss the XPOTUS announcing his third attempt to grift the American People, coming as it does just a few hours after US Senator Rick Scott (R-FL) announced his bid for Senate Minority Leader. Sad dog, sad turtle, sad party.
Now to walk the dog, pack the bag, and head to the Sitzprobe. But man, my sitz already feels probed.
The Federal Trade Commission, which has become the de-facto enforcer for Silicon Valley shenanigans, has decided the smell coming from Twitter HQ can no longer be ignored after their top privacy and security people have left:
It marked the second time in two days that a federal official has expressed concern about the chaotic developments at the company, coming less than 24 hours after President Biden said Musk’s relationships with other countries deserved scrutiny.
The agency said that it was “tracking the developments at Twitter with deep concern” and that it was prepared to take action to ensure the company was complying with a settlement known as a consent order, which requires Twitter to comply with certain privacy and security requirements because of allegations of past data misuse.
Twitter was first put under a consent order in 2011 and it agreed to a new order earlier this year. If the FTC finds Twitter is not complying with that order, it could fine the company hundreds of millions of dollars, potentially damaging the company’s already precarious financial state.
The FTC is the only government agency that could act through its consent decrees as a check on Musk, whose first two weeks at the helm of Twitter have been chaotic. The federal government has only limited oversight of social media companies, but the FTC has used its oversight of consumer protection and competition to establish itself as the country’s top data privacy regulator. The agency has used consent orders to hold some of the country’s largest tech companies, including Google, Facebook, and Snap, accountable for alleged privacy missteps. In 2019, the agency reached a $5 billion settlement with Facebook for its alleged violation of a prior order.
I wondered if there were a deadpool on Twitter...
Even with Chicago's 1,642 judges on the ballot ("Shall NERDLY McSNOOD be retained as a circuit court judge in Cook County?"), I still got in and out of my polling place in about 15 minutes. It helped that the various bar associations only gave "not recommended" marks to two of them, which still left 1,640 little "yes" ovals to fill in.
Meanwhile, in the rest of the world...
Finally, Chicago gets a new brewery taproom on Thursday when Hop Butcher to the World opens in Half Acre's former Lincoln Avenue space, just over 2 km from my house. Cassie and I might find out on Saturday whether they let dogs in, assuming the forecast holds. (And there it is: a post that literally checks all the boxes for Daily Parker categories!)