‘I have nothing to hide’ doesn’t mean you are anonymous

nothing to hideIn my post from last week, I addressed some of the concerns in the growing conflict between security and privacy. One of the issues that I didn’t talk about, as several readers reminded me, is the difference between privacy and anonymity. This is often summarized by saying, “I don’t care if someone tracks me, I have nothing to hide.” Well, consider the following scenarios.

Scene 1. You are hiking on a remote trail. As you are enjoying the view, someone is taking pictures with their smartphone and pointing their camera in your direction. flash hiding scarfSo essentially your image is being taken without your consent. At first, you think this is fine: after all, you are anonymous, just some random hiker. But when the photographer posts your image on their social feed, your face is recognized thanks to the site’s software. And now, not only are you identified, but your location is also specified. So you have been tagged without your consent. One way around this is to wear specialized clothing that defeats flash photographs, as shown here.

Scene 2. You maintain a very active Pinterest account and post numerous pictures when you are at various events, or when you travel to distant cities. One consequence of this is that anyone who spent time looking at your account could see where you have been and what you have done.

Scene 3. Beginning in 2007, employees of the UK-based News Corp. regularly hack into celebrities’ voicemail accounts. They are sued and eventually pay various fines. Eventually, things come to boil in 2011 and others are charged, and one staffer is actually jailed. Testimony reveals that thousands of phones were involved and dozens of staffers had access to the collected information.

Scene 4. In the neighborhood where I live in St. Louis, the community monitors nearly 100 cameras that continuously capture video imagery to aid in solving crimes. Several dozen people have been arrested as a result of investigations using these images, which are available to law enforcement personnel. While they don’t have facial recognition software yet, it is only a matter of time. But what if anyone could access the video feeds online and monitor what is going on?

Scene 5. Your online activities are being tracked. One of the stories that I wrote about tracking online fraud recently was how security researchers were able to use machine learning to predict when an endpoint device could be considered compromised. They found a series of common characteristics that were easy to discover, without any sophisticated software. These included freshly made cookies (fraudsters clear their cookies often while regular users almost never do), erased browser histories, 32-bit Windows running on 64-bit CPUs and using few browser plug-ins. While any of these factors taken alone might be from a legit user, combined together they almost always indicated a machine used by an attacker.

Still think you have nothing to hide? Maybe so, but it is a bit creepy to know that your digital footprints are so obvious, and show up in so many places.

Some vendors, such as email encryption software Mailpile, have gone to great lengths to document how they address their users’ privacy. Given their market focus, it isn’t surprising. But still the level of detail in that document is impressive. “People should be able to communicate privately,” as they state in their document. That means no eavesdropping on email content, supporting authentic messages and privacy when it comes to the message metadata and storage too. What I liked about the Mailpile manifesto was their non-goals: “Mailpile is not attempting to enable anonymous communication. Most people consider e-mail from anonymous strangers to be spam, and we have no particular interest in making it easier to send spam.”

So as you can see, there is a difference between being anonymous online and maintaining your privacy. Like anything else, it is a balance and everyone has their own trade-offs as to what is acceptable, what isn’t, and what is just creepy. And expect new technologies to upset this balance and make these choices more difficult in the future.

iBoss blog: Beware of wearables!

As more of our users start literally wearing their own gear to work, the number of threats from these devices, such as Fitbits and Apple Watches, increases. After all, they are just another remote wireless computer that can be compromised to gain access to your enterprise network. I talk about the potential threats and ways to mitigate them, along with other factors. You can read my post here on iBoss’ blog.

Why Uber might win

aaaLast week I took my first couple of Uber rides when I was in Los Angeles. I had resisted the temptation for some time, for several reasons. First, I wasn’t happy with their corporate culture and saw my one-man boycott as something personally meaningful, if a bit useless. Second, ride hailing is illegal here in St. Louis, where we have a Neanderthal taxi commission that has laid a nice featherbed for its own drivers. Finally, I don’t take all that many taxis for the most part, other than to and from the airport, and again, see point #2.

The Uber trips in LA were very enlightening. Both drivers appeared within minutes upon clicking the request on the Uber mobile app. In one case, I was at LAX airport and got to see how efficient the Uber pickups were: in the short time that I was waiting for my driver, about a dozen millennials had met their drivers and zoomed off. Before they got into their cars, I could tell they were Uber customers. They were staring at their screens, watching their cars approach the airport. LAX, unlike St. Louis’ Lambert airport, allows Uber to pickup passengers in a certain spots, in between the terminals. There is no need to queue up like at a “normal” cabstand, because you have already been assigned a driver.

This watching your car approach – or indeed, any nearby Uber car available at that moment – is the real genius idea behind the service. Often I have waited for a taxi pickup, not knowing where the cab is. With Uber, this uncertainly is removed. You have a countdown clock that tells you, quite accurately, when your car is to arrive. You see the name of the driver, the license plate, make and model of the car, and you can directly contact the driver to confirm exactly where you will be. With one ride, for some reason the app displayed a nonsense address for my location, but the driver called me and we clarified where I was actually standing.

Most of the cars that morning at LAX were Priuses and both my rides were Priuses, too. (Cnet has a funny story about how people just assume that all Priuses are Ubers here.) One driver explained the economics of operating even a fuel-efficient car with a Prius, showing me how much more profitable the hybrid can be. The cars were clean, relatively new models. One had a charging cable for my phone, a nice touch. The rides were about 20% less than what a typical cab fare would be too. On my return to the airport, I was told by the Uber app that because of congestion at that moment if I wanted a ride I would have to pay 30% more for it, or I could wait a few minutes for the price to drop. I waited, and was notified by the app when this happened to book my ride. That is another nice touch.

A final benefit is that when you get to your destination, you just get out of the car. There is no need to go through the payment process: that is handled automatically by the app. The driver doesn’t carry any cash: my fare is deducted from my credit card and the driver’s fee is added to his or her bank account. You then get an email receipt within seconds.

Both of my drivers shared that they were making decent livings with Uber, more than $50,000 a year and about $30 an hour. This is more when compared with driving a regular yellow cab in LA. One of my drivers was a former cabbie and told me that he never made as much as he does now with Uber. Both drivers also mentioned to me that they can drive when they want to: one gets up early and covers the morning rush, then takes a few hours off and returns for the afternoon and evenings. Many cabbies don’t have that flexibility because they aren’t working for themselves, they have to make the most of their employer’s cabs.

Granted, my data is just incidental. What about overall trends? Fortunately, the New York City taxi commission data is available for anyone to download and Todd Schneider has done just that. His latest post shows that there are more Uber cars in the city, and not surprisingly that yellow cabs are losing market share in terms of the number of daily riders, even though they take more fares per cab.

Schneider also shows that the market for Uber is becoming more competitive, as the number of cars on the road has rapidly increased. (Lyft, Uber’s main competitor, has a smaller market share.) This could be one reason why Uber is dropping its prices in NYC. Schneider estimates that Uber made about $220 million during all of 2015 in NYC. Given their commission rate, that means they have added about a billion dollars to the city’s economy last year.

I know I am late to the ride hailing party, but these services are certainly changing the economics and the process of taking taxis to be sure. I think they have a lot of benefits, and I certainly will use them more frequently in the future. I hope they can win their legal battles here in St. Louis and elsewhere around the world.

The rise of the anti-vaxxers

A story in the New York Times this past week is about a new documentary film that was originally going to be screened at the Tribeca Film Festival next month. When I first read the piece, I was mad. Turns out I wasn’t the only one. After others complained, the film was pulled from the schedule. Let’s review what happened, and why this is important.

The background is that the film is about the anti-vaccine movement, produced by the doctor who originally wrote papers on the subject many years ago. Thanks to the actions from the festival, Andrew Wakefield is now more infamous on the topic. His paper was initially published in the British medical journal The Lancet and later retracted. But that hasn’t stopped him, and his latest action was to turn to being a filmmaker.

The issue that I see is that the anti-vaxxers, as they are known, is a dangerous group. By refusing to vaccinate their kids, they are putting their lives and their children’s at tremendous risk. “Part of the problem is that our parents have seen polio,” as my friend Dr. Patricia Boiko told me after she read the Times story. Boiko has both an MD and an MPH and is also a documentary filmmaker, so she can speak to several aspects here. By the way, Tribeca rejected one of her films, but let’s talk about the public health aspects of the anti-vaxxers.

My dad actually had a light case of polio when he was a child. And back then, when the vaccines were first introduced, you didn’t have any choice: “We were lined up in school and given the shots. There wasn’t any parental consent, there was such a push to vaccinate everyone back then,” Boiko said. Since the 1950’s, the vaccines have been tremendously effective, and now it is rare to know someone who has contracted any of these diseases.

As a working clinician, she sees numerous kids who haven’t been vaccinated. “It is scary that people aren’t vaccinating their children against Rubella (German Measles). They are correct that children who get Rubella usually do fine. However, if they become pregnant and get Rubella before they even know they are pregnant, their child can be born with deafness, blindness and severe heart problems. I have seen cases of measles with encephalitis that causes brain damage as severe as autism. We saw children in Cambodian refugee camps die from measles. This is why I am especially fond of the MMR (Mumps, Measles and Rubella) vaccine because I hate the associated diseases. Plus, three vaccines in one – what more can you ask for? You can bet that my own kids were immunized against everything.” These days, kids get more than a dozen shots in their first year.

Part of the reason why the anti-vaxxers have taken hold is that “Autism is such a horrible disease, and every parents’ fear that their child may contract this. I get why these parents want to do anything for their kids, and why they don’t vaccinate. We certainly don’t know what causes autism,” she told me.

But as the population of non-vaccinated kids increases – especially in the States and other countries where these diseases have been almost eradicated – the consequences are dire. Disneyland had an outbreak of measles, and now some schools are allowing non-vaccinated kids to attend kindergarten. And if parents travel overseas to countries that don’t have universal vaccinations they could put their kids at further risk.

So that is the science and the medicine. Now what about the film itself? Boiko agrees with numerous other doctors that Wakefield has been so discredited. “Parents are going to get burned if they buy into his propaganda. But there could be some good to come out of all the attention with this film,” she says. “It could spark some interest in autism research. Initially scheduling the film didn’t surprise me as a physician, but it made me mad as a filmmaker. I’m talking to you, DeNiro!” she says.

Apparently she wasn’t the only one. Another documentary filmmaker quoted in the second Times article called the Wakefield film a fraud and “described it as a momentous and significant moment for documentary film making.” Still, I am glad the movie isn’t part of the festival, and maybe now we can focus on the science.

The iPhone camera comes of age

One of my first jobs was working as a professional photographer for the city of Albany documenting the city and its people. While that never morphed into a career, I have always had a love for photography. That is why I was intrigued when I heard that this month’s issue of Bon Appetit magazine comes with an interesting twist: all of its feature stories were shot with iPhone cameras by its professional food photographers.

The edict came from its editorial staff, and it was a smart move. For one thing, it shows just how far the iPhone camera has come: the latest models sport a 12 megapixel rear-facing camera, which is certainly closing in on what the best digital SLR cameras used by today’s pros normally tote around. (You can see below as one example.) And not to be outdone, but some of the Samsung Android phones have 16 megapixel cameras. One thing still lacking from the iPhone is having better control over depth of field, although there are rudimentary finger swipe gestures to help.

Cheese fries never looked as good. (from Bon Appetit)

But this isn’t just how many pixels you can put into a camera, but the fact that an iPhone camera is so ubiquitous that it can function for magazine work.

I started out in my teens with a Pentax SLR that used 35mm film and eventually graduated to first a 120-sized twin lens and then eventually to a 4×5 view camera. This latter beast required cut sheet film and a strong back to carry all the gear around, not to mention corresponding darkroom equipment that could handle the larger-sized film. I still have many of the negatives that I shot with this camera, but I haven’t had a darkroom for decades so I had to take some of them to the lab to get digital scans made.

The editors interview the photographers for the iPhone issue, who have some interesting things to say and recommIMG_1866endations for budding food photographers. First, shoot from above or the side but never at an angle. That makes for more dramatic photos and better compositions. Indeed, composition is key. I realize that many of my own food photos suffer from this issue, such as the one here taken at the Ikea cafeteria.

Second, the camera is just a tool. As one of the magazine’s photographers said,

In the past, the bigger and scarier-looking the camera you pulled out, the more intense and professional you looked. Now, you have to let go of the ego you attach to the tool, and the iPhone is the ultimate expression of that.

Understanding light and exposure helps to make for better pictures. Seems like a truism, but this becomes more important given the limited controls you have from the iPhone.

When in doubt, use a tripod. The pros came with adapters that could fit their phones accordingly, which is always a good idea to get just the shot you want.

Finally, that much-maligned selfie-stick can come in handy, especially for those overhead shots of what is served on the dinner table. One photographer didn’t come with one at their shoot, and had to go buy one to get the right shot. (For the rest of us, please put them away on the street!)

Bitcoin is more than just about the coins

bitcoinI have written a series of stories for the IBM site SecurityIntelligence.com. While many of us think about alternative currencies (like this photo of a rental agency in NYC that will rent you an apartment in Bitcoin), banks are leveraging the blockchain technologies to produce more efficient funds transfer mechanisms, and others are getting involved in blockchain for more mundane and non-financial reasons. And there are even some companies who are paying their employees in Bitcoin because it could be a more stable currency.

Finally, here is a post summarizing some of my beginner mistakes with getting involved in Bitcoin experiments, should you want to avoid them yourself.

Understanding how to better exercise your brain

We all know that we should exercise more to stay fit and maintain muscle mass, but when it comes to exercising our brains we ironically are somewhat stupid about what this means. For this column, I want to describe my own personal journey towards maintaining my brain’s health. It is still ongoing, and still a struggle.

For close to two decades, I have been bothered by a variable ringing in my ears, what the doctors call tinnitus. Actually, I should say, in one of my ears, since I am deaf (and have been so since birth) in my left ear. The sound varies in loudness, and varies by how much it bothers me: early morning and late evening is more noticeable. It is usually with me 24×7.

This ringing in my ear isn’t the only kind of illness that people have where they imagine odd things about themselves or their environment. For example, there are people who suffer from Morgellon’s disease, where subjects literally think their skin is crawling with something, or think that their tongue or other parts of their mouth is burning or experience phantom pain in amputated limbs. The only common elements are that you can’t make these things stop, and  there is no known single cure and the physiological causes are mostly unknown. One school of thought is that all of these afflictions are in the subjects’ heads and not in the ears or mouth or whatnot. If you can figure out how to harness control of these issues with your brain, a subject can  control how much awareness about the malady and ultimately could be trained to ignore it.

This field of study is called neuro-plasticity and refers to research that has found that you can teach an old brain to do new tricks, in some cases actually reorganize its neural pathways. While this sounds like something out of the SyFy channel, it is very real stuff. There is an interesting blog post on Scientific American that is very readable that goes into more detail if you are interested. One area is using mindfulness-based stress reduction meditation techniques to build up more control over your environment and perceptions. Another is in developing better brain exercises.

Like some of you, for many years I have been doing crossword and Sudoku puzzles daily. I like doing them and it is a way for me to relax and get started with the day’s activities. But these aren’t really exercising my brain: think of them as doing arm curls with one pound weights. It might look like “exercising” but it is just movement and not building any real muscles. Or think about just being able to complete the Monday New York Times crossword — the easiest of the week’s puzzles — and not trying to do the Saturday or Sunday puzzles. You are short-changing your brain exercise routine.

To really work out your brain, you need a stronger set of exercises that can build the neural equivalent of muscle mass. A few years ago, I took part in a research study with my ENT doctor. I was part of a group of his patients that were using an early version of a software program that was designed to do these brain exercises. For 30 or 40 minutes every day, I had to use this tool to try to make my brain stronger. It was a frustrating experience for me, largely because it was the equivalent of trying to immediately bench press 400 pounds. Like I said, it was an early version.

Since then, the company has created a SaaS version called Brain HQ and has a freemium model where you can try out a few of the exercises online or using an iOS app here.  I haven’t tried out either yet and will document my experience at a later date. In the meantime, I still struggle with the ringing sounds. Some days are better than others.

When I was first diagnosed with tinnitus I went online and did a lot of my own research. I was lucky enough to find my way to the American Tinnitus Association and a load of help, including local meetups with fellow sufferers. Since then I have gotten more or less used to the ringing.

Feel free to share your own experiences in the comments.