Category: Articles

[Alex Berenson][1]:

> We have treated a whistle-blower like a traitor — and thus made him a traitor. Great job. Did anyone in the White House or the N.S.A or the C.I.A. consider flying to Hong Kong and treating Mr. Snowden like a human being, offering him a chance to testify before Congress and a fair trial? Maybe he would have gone with President Vladimir V. Putin anyway, but at least he would have had another option. The secret keepers would have won too: a Congressional hearing would have been a small price to bring Mr. Snowden and those precious hard drives back to American soil.

This is just the tip of the iceberg — I hope the government decision makers get held responsible for the shitty handling of this so far.

[1]: http://www.nytimes.com/2013/06/25/opinion/snowden-through-the-eyes-of-a-spy-novelist.html?_r=0

When I was [writing about Apple’s privacy statement][1] regarding PRISM, I noted that wording around iMessage was rather vague and that I wanted to know more. I really didn’t get more information, but cryptographer [Matthew Green was also interested and did a little poking around iMessage][2]. His post is a fantastic read about what Apple may or may not being doing — because really we need Apple to reveal at least the high-level methods of encryption they are using before we know any of this for sure.

What does seem clear from Green is that iMessage *is* encrypted, but that Apple controls that encryption — this is an important point. It seems likely Apple *could* turn over at least a few days worth of iMessage content if compelled by a Government order — and highly probably that they store the meta-data for iMessage in a way that is easy to turn over if compelled.

Essentially it comes down to: how much do you trust Apple, and how much do you care about the government reading your iMessages?

[1]: https://brooksreview.net/2013/06/apples-commitment-to-customer-privacy/
[2]: http://blog.cryptographyengineering.com/2013/06/can-apple-read-your-imessages.html?m=1

Let’s start off with Conor Friedersdorf, [with a closing statement that *might* have been shocking only a month ago][1]:

> To sum up, America, the privacy protections you’re afforded are much weaker than you’re being led to believe, and when it comes to destroying communications that concern U.S. citizens, the NSA is either lying to the Senate about its ability to flag those communications, or else misleading the public about how reliably the communications of American citizens are destroyed.

Michael Horowitz, [writing for Computerworld has another unsettling discovery][2] about the security of HTTPS transaction — specifically talking about outlook.com in this passage seems to have some *slightly* more shocking information:

> But every lock has a key and outlook.com has a HUGE MASTER KEY. Anyone in possession of this master key can read the encrypted HTTPS pages. **All of them**. Every single encrypted web page that has ever been transmitted by outlook.com to millions of former Hotmail users can be decrypted with a single master key. 

Horowitz goes on to explain how to get around it — right now only Google and Bloomberg are the ones that employ the best standards for HTTPS transaction. Apparently Google and Bloomberg want to be the *only* ones that can spy on you.

The above seems in line with this post from [Leonid Bershidsky on PRISM and its effectiveness for fighting terrorism][3]:

> The infrastructure set up by the National Security Agency, however, may only be good for gathering information on the stupidest, lowest-ranking of terrorists. The Prism surveillance program focuses on access to the servers of America’s largest Internet companies, which support such popular services as Skype, Gmail and iCloud. These are not the services that truly dangerous elements typically use.

Sounds like the “security theater” that the TSA practices — only a lot more expensive and time consuming.

[‘Digby’ has brought to light a federal program][4] I had not heard of. It’s called the “Insider Threat Program” and designed to have government workers spy on each other to make sure that neither is doing something labeled as “treason” like leaking documents (classified or otherwise) to the media.

Which rather comically (if you can ignore how stupid this program is) leads to:

> When the Department of Education is searching for “insider threats” something’s gone very wrong.

Indeed.

So far we have learned that the U.S. has an awful lot of resources spent spying on U.S. Citizens — and Federal employees.

Which is pretty annoying, but not as concerning as this post from [James C. Goodale on how President Obama is doing his best to reduce the first amendment rights][5]:

> Until President Obama came into office, no one thought talking or emailing was not protected by the First Amendment. President Obama wants to criminalize the reporting of national security information. This will stop reporters from asking for information that might be classified. Leaks will stop and so will the free flow of information to the public.

This to me is one of the worst things I have heard about the current White House — this simply shouldn’t be. We are getting closer and closer to *Minority Report*… and that’s not praise.

Lastly, [in a post on Medium][6], Colin Lee claims to have known Edward Snowden from gaming, and makes a salient point:

> When you grant excessive powers even in limited circumstances, it becomes very difficult to take them back or to limit them. This is how many dictatorships came to power throughout history.

It’s like that old saying (as dumb as it may be): “You don’t boil a frog by tossing him in boiling water, instead put him in cold water and slowly bring the pot to boil.”

The proverbial pot looks to be boiling.

[1]: http://www.theatlantic.com/politics/archive/2013/06/2-senators-say-the-nsa-is-still-feeding-us-false-information/277187/
[2]: http://blogs.computerworld.com/encryption/22366/can-nsa-see-through-encrypted-web-pages-maybe-so
[3]: http://www.bloomberg.com/news/2013-06-23/u-s-surveillance-is-not-aimed-at-terrorists.html
[4]: http://digbysblog.blogspot.com/2013/06/this-really-is-big-brother-leak-nobodys.html?m=0
[5]: http://www.nytimes.com/roomfordebate/2013/05/21/obama-the-media-and-national-security/only-nixon-harmed-a-free-press-morehttp://www.nytimes.com/roomfordebate/2013/05/21/obama-the-media-and-national-security/only-nixon-harmed-a-free-press-more
[6]: https://medium.com/surveillance-state/19c2494940d5

A few days ago I was sent [this link to Alexander Hanff’s blog post about DuckDuckGo][1]. In that post he is claiming that DuckDuckGo is a bit hypocritical about their actions versus words in their Privacy Policy.

The bottom line is that a few things seem to have come out of this:

1. DuckDuckGo does not log your searches.
2. DuckDuckGo potentially *could* be compelled to intercept a user’s traffic, but;
3. DuckDuckGo actually doesn’t set cookies to identify users. Now, Hanff did find a cookie, but it appears to be from an third-party help-desk software provider — which has since been removed. That’s certainly a bit of mud of DuckDuckGo’s face, but compared to other sites I don’t see it as a big deal.

Basically if DuckDuckGo were compelled by legal action they would have very little (if anything) to turn over, and wouldn’t have a way to target a specific user for intercepts — at least not without the user being able to figure that out. ((I really could be wrong here, but that’s my best understanding.))

I think a lot of people that saw me get this link were expecting me to cut out DuckDuckGo, but I just don’t see the major concern here. I would guess there is a concern if you are a terrorist, potentially, but for the average nerd? What’s the problem? None that I can see.

At the end of the day, this statement from the CEO and Founder of DuckDuckGo, Gabriel Weinberg, [says everything I need to know][2]:

> In short, when you search on DuckDuckGo you are anonymous. That’s why it says search anonymously on our homepage. We stand by that statement wholeheartedly.

With any internet company it comes down to trust. Do you trust the people running the company? DuckDuckGo has garnered a large part of their user base by being anonymous and more specifically *not* Google — if they were found to be lying the company would die overnight. From what I can see, there were honest mistakes made, but nothing else of note.

[1]: http://www.alexanderhanff.com/duckduckgone
[2]: https://duck.co/topic/we-have-to-talk-about-ddgs-honesty

[Dan Goodin for Ars Technica reported][1]:

> And that leeway seems to work to the disadvantage of people who take steps to protect their Internet communications from prying eyes. For instance, a person whose physical location is unknown—which more often than not is the case when someone uses anonymity software from the [Tor Project][2]—”will not be treated as a United States person, unless such person can be positively identified as such, or the nature or circumstances of the person’s communications give rise to a reasonable belief that such person is a United States person,” the secret document stated.

Basically, if you are encrypting things the NSA can’t determine you are not a terrorist and therefore can save and try to break into all data they can get their hands on. It’s really no different than if you close your window blinds, the police can then attempt to break into your home and look through your stuff — oh wait — they *can’t* do that.

[Mathew J. Schwartz for InformationWeek adds][3]:

> In the event of an emergency, meanwhile, NSA analysts are allowed to throw the guidelines out the window. “If NSA determines that it must take action in apparent departure from these minimization procedures to protect against an immediate threat to human life force protection or hostage situations and that it is not feasible to obtain a timely modification of these procedures, NSA may take such action,” according to the guidelines. That said, NSA is then required to report its actions to the Office of the Director of National Intelligence as well and to the Department of Justice, which is then charged with notifying FISA.

Basically these secret courts have given NSA analysts carte blanche to do what ever the hell they want to. Stupid.

I guess the only thing to do is add a location flag to encrypted data that says: “Property of a U.S. Citizen, fuck off.”

[1]: http://arstechnica.com/tech-policy/2013/06/use-of-tor-and-e-mail-crypto-could-increase-chances-that-nsa-keeps-your-data/
[2]: https://www.torproject.org/
[3]: http://www.informationweek.com/security/government/want-nsa-attention-use-encrypted-communi/240157089?google_editors_picks=true

Reader Jonathan P. wrote in to ask about getting started with encryption: Specifically he wanted to know what data one should consider encrypting first. The answer depends on who you are. For the purpose of this post, I will assume you are a typical Mac geek with a job that does not deal with highly sensitive information.

In our hypothetical case, we should start by encrypting data to protect against crimes of opportunity (think people trying to sniff data from open networks, or swipe your computer), rather than attempting to prevent an attack specifically targeted at you (think CIA/FBI/NSA investigation, or a hacker that wants to mess with you like in the case of Mat Honan).

In the latter case — an attack directed at you, specifically — you need to encrypt just about everything possible, but for the former (more likely) case, I recommend encrypting everything that can be encrypted easily, and with the least hassle.

The basic things to encrypt are: all of your HDDs/SSDs, your internet connection (when on a public network), your passwords, and any financial information you keep on your Mac.

Your overarching thought should be: “I need to be more secure than the guy next to me.” For most people the concern is not the NSA (thankfully), but the sketchy guy in the corner of Starbucks trying to sniff passwords to your digital life. That guy is (hopefully) going to give up on you if your setup is harder to get into than anybody else in Starbucks. That’s the goal here; not 100% secure but more secure than most.

If you’re wondering how to be more secure than the average Starbucks customer, and reduce the likelihood of being targeted by an opportunist, read on…

HDDs and SSDs

Luckily Apple makes this dead simple with FileVault 2. Unlike its predecessor, FileVault 2 is stable, secure, and minimally invasive. The biggest change most users will notice is that you must type your password when you restart, start, or lock your Mac. Power users may notice a slight drop in read/write performance, but I can tell you I have been using FileVault 2 since day one and I’ve never been bothered by anything speed related.

If you have a portable Mac, I think you’re crazy not to activate FileVault 2 given its simplicity and ease of use. There are, however, a couple of other things you should know:

1. PGP Whole Disk encryption is just about as good as it gets, but you take a serious performance hit.
2. You can, and very much should, encrypt any external drive that you use. Especially backup drives. What good is an encrypted disk if most of your data isn’t living on the encrypted disk? FileVault 2 can encrypt those disks for you too.

Note that in Apple’s installation guide for FileVault 2 you have the option of storing a key with Apple so that you can recover your password if you lose it. This is, needless to say, a less secure method as it essentially allows the Government access if they compel Apple to turn over the key: Unlikely as an attack vector for our hypothetical scenario, but still a threat. The trade off is: less secure but recoverable, versus more secure but not recoverable. For most users, the former is the better option and unless your primary concern is the U.S. Government you’re probably fine storing the key with Apple. But keep an eye on Apple’s security policies and evaluate the precautions they take to secure your key against unauthorized access.

Personally, I chose not to let Apple store my key.

Your Internet Connection

The second most important thing to secure on your computer is the information you send and receive over the Internet. This information, if not encrypted, can easily be swiped by malicious individuals on open networks. (Think: Starbucks, hotels, conferences.) This data is a very easy thing to secure with a Virtual Private Network (VPN).

Services like Cloak, make setting up and using a secure VPN trivial for Mac users. What’s great about Cloak is that it automatically activates itself if it detects you using an unsecured network. That’s great, but you still need to be aware of larger public networks that are “secured” via WPA or WEP but accessible to people you don’t necessarily trust. Cloak is cheap and also works with iOS. At $1.99 a month it’s almost a no-brainer.

For the more technical minded you can create your own secure VPN using Amazon EC2, or your own Mac mini (my solution).

Either way, if you’re accessing the Internet via a network you don’t control it’s a really good idea to encrypt your traffic using a VPN.

There is of course an alternative: tethering. While tethering on a cell network is not the most secure thing, remember that the goal for the average user is just to be harder to hack than the average person. At the very least choose to use your iPhone/iPad to tether instead of connecting to an insecure public network without a VPN. This way the opportunist hacker won’t be on the same WiFi network as you.

Note from James: If you choose to use tethering via an iOS device, be sure to choose your own WPA key, as the automatically generated keys are susceptible to cracking.

Passwords

Ok, so this is where I should advise you to use strong, unique passwords for every site and get yourself a copy of 1Password. Except that’s not really my advice. There’s a couple of issues that aren’t specifically encryption, but that I think are worth going over.

Different Passwords, Different Sites

I first want to address the common badge of honor worn by nerds that they have a different, incredibly complex, password for every site. ((Truly if this is your argument your username should also be random.)) That’s great until you lose the app, and the data for the app that housed your passwords. Then you are hosed. The argument for this technique is that if any one site compromises your password, the rest of your sites are secure.

The argument for strong, unique, passwords is valid and very smart. My problem with this advice is that sometimes bad things happen to your data. So let’s pick on 1Password for a moment, because the only way to actually have unique and strong passwords is to have the world’s best memory, or to use a password manager.

Let’s say that my computer and all of my iOS devices are stolen. Let’s also assume that my Dropbox account was compromised. Now my 1Password database is gone, inaccessible to me, perhaps deleted by the hackers.

Let’s say I want to get into my email account. How do I do that? The password was strong and random and I didn’t remember it by heart. It was stored in 1Password, which is now gone. I can try ‘forgot my password’, but that sends an email to my backup email, which I also don’t know the password to. I’ll have to get a real human on the phone (good luck if you use Gmail) and try to convince them that this is my email, and that I am not actually a hacker.

Because there is a set of accounts that you will need access to if everything goes tits up, you should have a core set of strong passwords, perhaps unique, that you can commit to memory.

Additionally I have concerns with syncing 1Password data over Dropbox, but that’s a post for another day.

My advice is to get a password manager and to use unique, strong passwords for most, but not all, websites. Think about the sites you would be totally lost without access to (if that includes Facebook, never read my site again) and use memorable passwords that are still strong.

If you want to read more about what makes a good, strong password, I recommend this Ars Technica article.

Financial Data

This one is simple. Go to Disk Utility, create a new secure Disk Image, using 256-bit AES as the encryption. Store all your financial data in it — feel free to sync that DMG across Dropbox. If your Mac is encrypted, you can even remember the DMG password in Keychain and rest reasonably comfortably at night. ((This is probably one of those passwords that you want to know by heart though.))

Email, Texts, IM, Phone Calls

Short version: don’t worry about them.

Longer version: it’s possible, but incredibly cumbersome to encrypt this data and requires both sender and recipient to have encryption setup. Essentially you can’t just encrypt an email, one way, as both parties need to be able to deal with the encrypted data. The tools exist but they’re generally unfriendly to install and use.

If encrypted personal communication is really important to you, it seems that a good, user friendly solution is Silent Circle. They have a great FAQ explaining how their encrypted emails work (not secure enough for talking to Snowden I would guess, unless you set up PGP on your Mac as well. Actually their email encryption is the most confusing part of the service to me so I am not sure how this compares to a self-made PGP solution).

I’ve been using Silent Circle. It works well and is generally easy going. The apps are rather ugly, but you aren’t paying for a great user interface experience, you’re paying for encryption. For a more in-depth look at the best options for encrypted communications, this article is a good place to start.

In The End

When you are evaluating how to secure your digital life, the most important thing is to determine what you are most paranoid about. Is it the NSA? Or Bob, the hacker that loves venti Macchiatos and reading your Twitter DMs?

[Jonathan Poritsky,][1] responding to [my Kickstarter post][2], quotes this section from the Kickstarter [apology][3]:

> …we are prohibiting “seduction guides,” or anything similar, effective immediately. This material encourages misogynistic behavior and is inconsistent with our mission of funding creative works. These things do not belong on Kickstarter.

Poritsky follows up with:

> This is not the stuff of a non-apology. This is actual change; a real preventative measure.

This “change” that Kickstarter promises feels like the exact kind of “change” we would see the TSA make. “Oh crap someone used water bottles to smuggle in explosives, OK guys no more water bottles unless you paid $10 for them or they are under 3oz.”

Its “change” is reactionary and punitive to others. It doesn’t change the real problem, which is that Kickstarter had/has no mechanism for pausing a project, so that a proper investigation may be done. A blanket rule against “seduction guides” doesn’t stop or solve the problem. It’s an overreaction.

[1]: http://www.candlerblog.com/2013/06/22/kickstarters-apology/
[2]: https://brooksreview.net/2013/06/good-for-nothing-chickenshits/
[3]: http://www.kickstarter.com/blog/we-were-wrong

Today Kickstarter offered a [full apology](http://www.kickstarter.com/blog/we-were-wrong) for helping fund a manual on sexual assault, saying:

> Let us be 100% clear: Content promoting or glorifying violence against women or anyone else has always been prohibited from Kickstarter. If a project page contains hateful or abusive material we don’t approve it in the first place. If we had seen this material when the project was submitted to Kickstarter (we didn’t), it never would have been approved. Kickstarter is committed to a culture of respect.

That’s great, and a lot of [people](http://daringfireball.net/linked/2013/06/21/kickstarter) have applauded it. I call bullshit.

The excuses, I mean rationale, that Kickstarter offered was that they only had a couple hours to act, and that their bias towards the creators of projects blinded them into inaction.

This is what I call bullshit on, [given their response here](http://caseymalone.com/post/53394156872/hey-everyone-if-youre-here-its-probablye):

> This morning, material that a project creator posted on Reddit earlier this year was brought to our and the public’s attention just hours before the project’s deadline. Some of this material is abhorrent and inconsistent with our values as people and as an organization. Based on our current guidelines, however, the material on Reddit did not warrant the irreversible action of canceling the project.

Kickstarter has owned the fact that the content is “abhorrent” and that they knew this before the project was funded. Yet the project was still funded because, oohhhh, only *hours* to cancel it. Jesus Christ, give me a break.

They were chicken shits and allowed the funding to go through, while knowing it was wrong. Then the story got too big and they coughed up $25k to a great charity, but still allowed a manual on sexual assault to be funded. They have to live with that, I won’t ever fund a project, or promote one, on Kickstarter again.

The trust was broken.

[John Cusack][1] (yes *that* John Cusack) for Boing Boing:

> The Snowden Principle, and that fire that inspired him to take unimaginable risks, is fundamentally about fostering an informed and engaged public. The Constitution embraces that idea. Mr. Snowden says his motivation was to expose crimes -spark a debate, and let the public know of secret policies he could not in good conscience ignore – whether you agree with his tactics or not, that debate has begun. Now, we are faced with a choice, we can embrace the debate or we can try to shut the debate down and maintain the status quo.

There needs to be an open debate about this, at the very least, if you agree — [join up][2].

[1]: http://boingboing.net/2013/06/17/the-snowden-principle.html
[2]: https://optin.stopwatching.us

Since I’m done with KickStarter, I felt the need to show you guys something awesome on Indiegogo — a Tricorder should suffice, [backed][1].

[1]: http://www.indiegogo.com/projects/scanadu-scout-the-first-medical-tricorder/x/1629035

[Bruce Schneier for CNN][1]:

> That’s the key question: How much of what the United States is currently doing is an act of war by international definitions? Already we’re accusing China of penetrating our systems in order to map “military capabilities that could be exploited during a crisis.” What PPD-20 and Snowden describe is much worse, and certainly China, and other countries, are doing the same.

I see a new Cold War approaching on the horizon.

[1]: http://edition.cnn.com/2013/06/18/opinion/schneier-cyberwar-policy/index.html

[Harry Marks on the under-reported scandal][1]:

> I’m pissed. This was not about “freedom of speech” or “First Amendment rights” or “just not reading it if you don’t like it”. This is a permission slip for rape. Plain and simple.

I’m with Marks, I refuse to fund anything else that is on Kickstarter. It’s one thing to defend the project on the basis that you don’t see the harm, but to admit that you see the harm, that you disagree with it — and still do nothing — that’s just fucking spineless.

[1]: http://curiousrat.com/kickstarter-allowed-funding-for-a-sexual-assault-manual

[Daniel J. Solove debating the “nothing to hide argument”][1]:

> Privacy is rarely lost in one fell swoop. It is usually eroded over time, little bits dissolving almost imperceptibly until we finally begin to notice how much is gone. When the government starts monitoring the phone numbers people call, many may shrug their shoulders and say, “Ah, it’s just numbers, that’s all.” Then the government might start monitoring some phone calls. “It’s just a few phone calls, nothing more.” The government might install more video cameras in public places. “So what? Some more cameras watching in a few more places. No big deal.” The increase in cameras might lead to a more elaborate network of video surveillance. Satellite surveillance might be added to help track people’s movements. The government might start analyzing people’s bank rec­ords. “It’s just my deposits and some of the bills I pay—no problem.” The government may then start combing through credit-card records, then expand to Internet-service providers’ records, health records, employment records, and more. Each step may seem incremental, but after a while, the government will be watching and knowing everything about us.

[1]: https://chronicle.com/article/Why-Privacy-Matters-Even-if/127461/

[Alan Sepinwall][1]:

> Tony Soprano was a monster, but an oddly relatable one. He struggled with his family, whether enduring the caustic disapproval of his mother or the misbehavior of his kids, and went to therapy to deal with panic attacks and a wide-ranging feeling of depression. But he also had no compunction about strangling a man to death while taking daughter Meadow on a college tour. He was vulnerable. He was charming. He was cruel and vindictive and angry and practically drowning in self-pity.

Tony Soprano is one of the greatest TV Characters ever concocted and ever acted. Soprano makes Draper look like amateur hour. I always hoped to see Gandolfini appear in more roles, and every time I did see him it made me smile. He never was Tony Soprano again, and that was OK, but he also never made you think the character he was playing at the time was anything but that character.

Gandolfini probably could have made a career playing mobster roles, like Cruise playing super-cop roles, but instead he had roles where he was a gay hit man. Rest in peace, James Gandolfini.

[1]: http://www.hitfix.com/whats-alan-watching/remembering-james-gandolfini-and-tony-soprano

I’ve always been a private person. The guy in the room that didn’t care to speak much about anything that mattered, the guy in the room that heard everything, but disclosed very little. The quiet guy. I wasn’t trying to hide bad things, nor was I trying to hide good things — I just preferred not to talk about *me* to other people. I am private.

At some point in college though, the allure of all of these social services proved too strong and I joined my peers. I became less private and less comfortable. Then, as I began to settle into a new stage of my life in 2010, I noticed that I had given up a lot of my privacy. It was unsettling.

I began a personal campaign to take back some of my privacy and as part of that used only services that treated me as though I was the customer, not the product. Generally speaking only the paid services.

In an [excellent essay for The New Yorker][1], Jill Lepore talks about the difference between privacy and secrecy, making this over arching point:

> The opening of Mazzini’s mail, like the revelations that the N.S.A. has been monitoring telephone, e-mail, and Internet use, illustrates the intricacy of the relationship between secrecy and privacy. Secrecy is what is known, but not to everyone. Privacy is what allows us to keep what we know to ourselves. Mazzini considered his correspondence private; the British government kept its reading of his mail secret.

I urge you to read the entire essay.

I place great value on privacy and also place great value on publicly sharing my thoughts on a website, accessible to anyone. This is not a contradiction.

As a society we hate privacy, but as individuals we cherish it. We hate it when friends keep things from us, or limit what they share online, but we in turn hate sharing everything with our friends. We block someone, while criticizing them for blocking us.

The larger issue is that there are some things that we naturally assume to be private, which turn out not to be. No one thought their emails *were* being read, but likely assumed they *could* be read — unless they were super criminals why else would anyone care about their email? Yet, our emails *are* being read in the sense that they are being cataloged. Not because we are super criminals right now, but because *we just may* become super criminals later on.

In effect, with programs like PRISM, we are being monitored *now* so that we may be stopped *later* if, presumably, we’re among the very small fraction of people that need to be stopped later.

We can argue the legality of this invasion of privacy, force the blame on whomever we wish, but I place the blame squarely at our own feet. For years we have been proving to companies like Google and Facebook that their usage of our data, our secrets, is of little concern to us. Just don’t charge us money to use your stuff.

These companies already share our data with Pfizer to target us for their blue pill ads. What hint have we given them that it’s not OK to share our data with the U.S. Government?

What stance have we taken as a society that the Government should have picked up on where we say: place value *here*. Our actions to date have said one thing: *make it free*, take what you want from us, so long as it’s not **cash**.

And if this is the standard by which so many web companies have been operating, who’s to blame when those companies make the rather logical and rational decision to allow the Government access in the name of *Freedom*?

Of course the problem doesn’t stop with free services, it extends to paid services like Office365, Dropbox, iCloud, etc. What stance have we taken to stop using these services until they respect our privacy? When someone as privacy concerned as me refuses to read most terms of service, and privacy policies, it becomes resoundingly clear that there’s a lack of caring on the part of consumers.

Just make it free and easy, and we’ll use it.

The debate about data privacy is now more complicated than just what is free and what is paid — neither has proven to be trustworthy. The debate now centers around which companies are more worried about protecting their users than they are with protecting ambiguous *bad guys*.

Hollywood has been conditioning us for years to believe that any person with a Mac (logo covered of course) and a few dozen terminal windows can break into any computing device anywhere. Is anybody really shocked that Hollywood wasn’t that far off? The bigger shock is that we’re all potential bad guys in the eyes of the government.

As much as I’d like to place the blame squarely at the feet of the Government, I see little logic in that argument. Let’s step back and look at the U.S. at a macro level: The country we see does not seem concerned about privacy in the least. We blindly turn over troves of marketing data about ourselves, without even reading what will be done with that data, in the name of, well, getting our desired username on the latest and greatest service.

We religiously carry little bits of plastic for each store we shop in so that we may save a few dollars, all the while providing troves of market research and targeting mechanisms to companies. We carry these loyalty cards with so much loyalty, that we often turn around and go back home if we find ourselves at the store without our card. God forbid we miss out on those points.

Given that our society demonstrably does not care about its online privacy, I wonder two things:

1. Wouldn’t it have been out of touch for the U.S. Government to assume we *do* care and check with us before storing all our communication in a big fat database?
2. Even if the government had disclosed the existence of such technology, and the subsequent use of it, would we have even bothered to read the privacy policy?

In that sense, PRISM truly seems to have been made in the image of American internet users.

[1]: http://www.newyorker.com/reporting/2013/06/24/130624fa_fact_lepore?currentPage=all&mobify=0

I’ve never been a person that has been overly interested in the night sky. I can certainly appreciate the beauty of it, but I never cared much beyond that. There’s been a lot of apps out there for iOS that try to teach and show people like me what’s above us. I’ve never paid any attention to them.

And then, in Seattle, the guys behind Fifth Star Labs showed me their latest creation: [Sky Guide][1]. I’ll admit I was prepared to suffer through hearing about just another app about stars. So I asked what set their app apart, and I was told: photography.

Now I am interested.

Sky Guide’s imagery is made up out of 37,000 photographs taken by one of the guys behind the app over the course of a year. And holy crap is it beautiful.

It’s one thing to show those images, but my absolute favorite feature of the app is that you can slide your fingers to dim or brighten the stars — I love that. The entire app is butter smooth and well done.

I’ll tell you what, I may not use this app very much, but I sure appreciate how well done it is.

[The app is Universal and $1.99 on the App Store][2].

Since I know you guys are probably just as curious as I am, [here’s how those photos were shot][3].

[1]: http://www.fifthstarlabs.com/
[2]: https://itunes.apple.com/us/app/sky-guide-view-stars-night/id576588894?ls=1&mt=8
[3]: http://skysurvey.org/survey/

[USA Today has a great interview with three former top NSA officials, who were also Whistleblowers][1] (it’s worth reading the whole thing):

> **Binney: **What it is really saying is the NSA becomes a processing service for the FBI to use to interrogate information directly. … The implications are that everybody’s privacy is violated, and it can retroactively analyze the activity of anybody in the country back almost 12 years.

[Daniel J. Solove, for The Washington Post][2] (I no sooner criticize this paper for crappy content, then they start churning out great stuff):

> When privacy is compromised, though, the problems can go far beyond the exposure of illegal activity or embarrassing information. It can provide the government with a tremendous amount of power over its people. It can undermine trust and chill free speech and association. It can make people vulnerable to abuse of their information and further intrusions into their lives.

[Bruce Schneier on why and how][3], he now believes it plausible/possible that the NSA is actually keeping the content of all calls:

> I believe that, to the extent that the NSA is analyzing and storing conversations, they’re doing speech-to-text as close to the source as possible and working with that. Even if you have to store the audio for conversations in foreign languages, or for snippets of conversations the conversion software is unsure of, it’s a lot fewer bits to move around and deal with.

That’s smart, just store the text of the call — any transcribed conversation with less than 80% certainty (just throwing out a number) you save the audio too. That reduces the data store dramatically — fascinating idea.

And, of course, despite seemingly overwhelming evidence to the contrary, and a metric ton of smoke billowing out of the NSA, [President Obama still insists][4]:

> What I can say unequivocally is that if you are a U.S. person,** the NSA cannot listen to your telephone calls, and the NSA cannot target your emails … and have not.**

Who’s he lying to, the U.S. Citizens that elected him, or himself? At this point I am not sure he even knows. What’d be great is for personal emails and call content from Obama to a friend to leak out, man that would be epic. ((And I don’t typically ever use the word ‘epic’.))

For one moment, [let’s go back to that interview with former NSA employees][5]:

> **Q: Do you think President Obama fully knows and understands what the NSA is doing?**
> **Binney: **No. I mean, it’s obvious. I mean, the Congress doesn’t either. I mean, they are all being told what I call techno-babble … and they (lawmakers) don’t really don’t understand what the NSA does and how it operates. Even when they get briefings, they still don’t understand.
> **Radack:** Even for people in the know, I feel like Congress is being misled.
> **Binney:** Bamboozled.
> **Radack: **I call it perjury.

[1]: http://www.usatoday.com/story/news/politics/2013/06/16/snowden-whistleblower-nsa-officials-roundtable/2428809/
[2]: http://www.washingtonpost.com/opinions/five-myths-about-privacy/2013/06/13/098a5b5c-d370-11e2-b05f-3ea3f0e7bb5a_print.html
[3]: http://www.schneier.com/blog/archives/2013/06/evidence_that_t.html
[4]: http://thenextweb.com/insider/2013/06/17/pres-obama-if-you-are-a-us-citizen-the-nsa-cannot-listen-to-your-telephone-calls-and-the-nsa-cannot-target-your-emails/?utm_medium=Spreadus&utm_campaign=social%20media&awesm=tnw.to_c0ZGR&utm_source=Twitter
[5]: http://www.usatoday.com/story/news/politics/2013/06/16/snowden-whistleblower-nsa-officials-roundtable/2428809/

[Ben Bajarin on the battery life race][1]:

> One thing I will be watching very closely with the fall lineup is the battery life claims from all the new notebooks. I am convinced this is the feature-of-all-features for the PC industry this year.

For me the more interesting thing is going to be seeing what mobile battery life does this fall with expected new iPads and iPhones. If the MacBook Air can have better battery life than my current iPad — what the hell does the next generation iPad get for battery life?

And why can’t my iPhone ever make it through the day? ((iOS beta’s notwithstanding.))

[1]: http://techpinions.com/i-need-a-pc-and-i-know-it/18704

[Chuck Skoda is back with the latest yearly installment of ‘A Week with iOS’, and it’s a must read][1]. Chuck is one of the more level headed people that has a blog, so I always appreciate his thoughts. While his post is longish, it’s the last paragraph that is an absolute must read for everyone.

Take that last paragraph to heart.

[1]: http://chuckskoda.com/entry/a-week-with-ios-seven/

I think, among Mac users, there’s an almost universal hatred for Messages on Mac OS X. Don’t get me wrong, iChat needed an update, and it’s great to have iMessage integration on the Mac, but Messages is not a stable app. It’s an overly annoying app to use 90% of the time.

While Messages works, it should work a hell of a lot better than it does, so when Flexibits told me they made a companion app to Messages called [Chatology][1] I was pretty excited to see it.

Chatology does not replace Messages, and you don’t send things from Chatology to people. What Chatology does do is give you incredibly fast and stable search results of conversations from iChat and Messages.

That alone is pretty cool, but unlike Messages search you get drilled down right to the specific message — the best part about Chatology is that you can filter to just show links or photos too. That’s what I really love about Chatology.

I have a friend, we’ll call him SB for short, and we often send back and forth design comps to get feedback and when I want to pull one up to look at again Messages has a seizure. ((Ok, that’s an understatement.)) So something like Chatology really makes Messages a much more reliable tool when you want the content of your chats to be searchable later on. The bonus to that is that if most of the messages you send on your iPhone are through iMessage, then they also become searchable (easily so) on the Mac — I love that.

This is not an app for everybody, but those that could use an app like this, are really going to love it.

[It’s $19.99 and it’s *not* on the App Store][2].

[1]: http://flexibits.com/chatology
[2]: http://flexibits.com/chatology