Privacy (by )

I have a looser attitude towards privacy than most people, but I have began to reconsider that lately.

Generally, I believed (and still do) that anything I do in public is pretty much exempt from privacy. I have no privacy objection to pervasive CCTV, because if I do anything in a public place, somebody could be watching me anyway. The fact that my enemies can now just consult massive archives of CCTV to find me rather than having to get somebody to follow me around isn't, in my view, a huge deal. Indeed, I quite like the idea of sousveillance, having my own recording of what happens around me. It might be inappropriate to be doing that in circumstances that the people around me consider "private", so I'd turn it off for their comfort when it seemed right to do so, but I would still assume that anything I do in the presence of other people is basically recorded to some extent - after all, it's in their memory, at least!

Likewise with monitoring my network traffic at my ISP; I have never had any illusion of privacy there. I encrypt traffic that matters, and accept that the existence and destination/origin of encrypted traffic might be used by my enemies for traffic analysis.

So, I didn't really have any objections to mass surveillance; I had far more objection to the facts that encryption is far from ubiquitous and that information security is not taught in schools. My feeling was that if I can't stop an enemy that doesn't abide by the law (eg, organised criminals) from performing traffic analysis on me, then I can't assume it's private; I can stop them reading my stuff or impersonating me by using public key cryptography, so as long as the law doesn't hinder that, I'm content.

As such, I always wished that Web browsers would just include some kind of unique user ID in the headers, ideally backing it up with a public-key signature of the entire HTTP request. Then we could dispense with session cookies, logins, and even things like OpenID; we'd just authenticate to our browser by supplying the keypair in some browser-dependent way, and then head out onto the secure-single-sign-on Web. There's no loss in privacy compared to the current status quo that people are happy to identify themselves to web sites with email addresses, but it'd be a whole lot simpler for users and for developers. And so that, basically, is the security model I developed for ARGON.

However, I am starting to change my mind.

I've always felt that the "hole" in my approach to privacy was that it depended on my own knowledge of security and my enlightened use of encryption; I wanted sufficient education to bring everyone to that level. Encryption tools are generally a bit clunky, but if more people wanted to use them, that would create demand for better tools (or, more pertinently, better integration into the tools they already use). I felt that if we could just get people to encrypt and sign their communications, and encrypt their storage, and use Tor for things where the cost is worth the protection against traffic analysis, everything would be fine.

However, what has made me start to change my mind is the move towards storing one's data on third-party servers. By which I mean, living your life through Facebook, or letting Google store your email and your documents. People are moving away from having a computer full of their stuff, and communicating semi-directly with their peer's computers, towards letting third parties hold all their stuff. Often third parties they don't pay money to and are in no contract with, so they have little or no leverage over.

It's easy to say that educating people in computer security would make them realise that's a bad idea, but I use many of these services despite not trusting them one bit; I do it because network effects force me to. I could run my own StatusNet server on my own hardware, but instead I use Twitter in order to make it easy for people to communicate with me. I use Facebook because it's the easiest way to keep up with my many peers that do, and sometimes because I am forced to; an organisation I am a member of uses a Facebook group for important announcements. Many people do not publish an email address, but instead require me to contact them through various third-party services.

In effect, we are being forced to hand our information to third parties, and to trust them with it. Variations on these services that store your information on hardware you control exist; variations on those services where you actually pay a service provider to store it on their hardware (in exchange for them looking after maintenance, amortizing up-front costs, and so on for you, and where they are more incentivised to keep your stuff secure so you trust them than to try and find ways to make money out of it) also exist.

But they are not popular, as the big "free" providers have the vast majority of the users, and the value of these services is in all your peers already being on them. Now that worries me.

I'd really like to see more push-back against this. If enough people used decentralised software like Diaspora or ran their own mail systems, then the network effects would benefit those, rather than centralised commercial outfits. Clearly, some large incentive needs to be found to push people over, and an unpleasant transition period where everyone needs to be on both. Eventually, organisations like Facebook, Twitter and Google would find themselves forced to interoperate with the decentralised protocol or lose their place in the market, and then would find themselves having to compete on points such as "privacy" when the same ease-of-use and functionality can be had elsewhere for little cost.

But, we need technical measures as well. Build sensible public-key infrastructure into the core of applications (including Web browsers). Ditch cookies, and replace them with explicit authentication: provide a system of public-key-signing HTTP requests as I suggest, but turn it off by default, and force web servers to request it with a status code, as is already done for HTTP authentication (not that that is used for web applications, alas). Let browsers seamlessly support multiple identities, and when a web site requests identification, let the user choose which identity to use; and then colour the border of the Web page according to the identity in use so they don't forget. And while providing identity management through that (controlled) mechanism, try as hard as possible to remove all other means of identification - don't send headers leaking lots of information about the user-agent and its capabilities and settings, and disallow Javascript from querying that sort of thing. Bundle Tor with browsers, so it can be turned on and off with the click of a button, as part of the "private browsing mode" found in many browsers.

I still don't think there's much point in trying to fix this with making information gathering and retention illegal (the recent PRISM scandals suggest that legitimate authorities will find ways to work around limitations on their information gathering, and organised criminals simply won't give a damn anyway); we need better technology that makes us anonymous by default and pseudonymous when we want to be. But there may be some value in legislation helping to break the stranglehold on the social software market held by big centralised organisations!

I'm updating the ARGON security model to work like this (not that that makes a difference to the Real World, mind...)

Soup (by )

I've had a bit of a rough day with nappy leaks and kittens chucking up and a Jeany who is still not quiet eating right etc... so we decided to do an easy dinner and I was getting the tins of soup down from the cupboard when Mary ecstatically started asking for the soup and pointing - specifically the tomato soup.

She finished the first bowl and asked for more, then finished that - I took a vid of me giving her her third bowl! She had a fourth as well!

Vomo-matic and Splotchy (by )

Alaric is officially a medical mystery with his splotchy legs as the three main contenders are all things you wouldn't expect him to still be walking around with/not have a sky high temperature. Also they don't quiet look like any of them but sort of like all of them. So it could be Lymes disease, cellulitis or meningitus (or blood poisoning). They took bloods and his GP has prescribed antibiotics. The blotches are already reducing but the skin over the affected areas is all shinny and a bit well sort of dead looking if I'm honest :/

But it does seem to be responding well to treatment.

The other two things it could be are spider and snake bites though that has not been suggested by the medical people he's seem but by a wider group of 'services' friends ie police, nurses and the like who have had to deal with such things. What ever it is the treatments seem to all be antibiotics.

Also because this didn't make our lives interesting enough....

Yesterday Jeany woke up and said she felt sick but then perked up and ate breakfast and this is often the case with her in the mornings anyway. She went on an outing with friends were she proceeded to spew up all over the cafe and her friends mum's foot - ewww!

It was very hot and heavy yesterday with the impending thunder storm and she seemed fine after cooling down with head bands and what not. So we had dinner and she went to bed and covered herself up in her dovet! And so at about midnight there was the splatty sounds followed by a pathetic 'Mummy!'

So I ended up cleaning sick out of hair, jet washing the road rug and making her stand outside in the cool air outside whilst daddy cleaned the carpet in the girls room and constructed a floor bed with only a sheet to put over her. We also added a cool foot bath and a wet flannel into the mix - not all at once as you don't want to shock the system cold.

However though she seems alot better it may not be heat exhaustion and so if she throws up again today I can't take her with me to my workshops at the weekend for health and safety reasons 🙁 ie don't spread the plague!

So fun and games here! Plus I am sort of running on no sleep now.

Manky Bites Got Mankier (by )

Friday the bites that Al had had the 'I can't walk' reaction too seemed to be under control if he took antihystimine to stop his calfs swelling but they started to get red swellings around them. We thought they might be a bit infected from scratching or something and went off for our busy weekend of travel putting savlon on them. Saturday though Al wouldn't dance at the wedding as the legs felt 'heavy' and they didn't look too good and I was worried they were getting bigger so I drew a line around one of the areas. Then today (Sunday) on the way home from London Al started to complain that there were shooting pains in his legs. This is what they looked like when we got home.

Alaric's legs with infected bites

They are so hot and mottled and have yellow/white rings in the middle of them.

Manky insect bite

So I have sent him off to A&E on his own as I am here with kids. I am quiet worried about him. It may well be an over reaction on my part but I really think he needs antibiotics.

Shelters in the Woods (by )

Last night we went to the woods and built shelters with the cubs for their last meeting of term, it was a huge success and everyone including Mary seemed to enjoy it.

Mary's house in the woods

I have also been finishing off some songs and putting them on Bandcamp. I am tending towards the arty side here as in one of them I wanted to sound like discordant fragments that stick in you mind and that sort of thing! Over the last few days I've uploaded four new songs.

WordPress Themes

Creative Commons Attribution-NonCommercial-ShareAlike 2.0 UK: England & Wales
Creative Commons Attribution-NonCommercial-ShareAlike 2.0 UK: England & Wales