Weekly Axis Of Easy #163
Last Week’s Quote was “We seem to be getting closer and closer to a situation where nobody is responsible for what they did but we are all responsible for what somebody else did” was (drumroll), Thomas Sowell. This time Mike O’Neill got it.
This Week’s Quote (back to school edition): “Intelligence plus character – that is the goal of true education.” by ….???
THE RULES: No searching up the answer, must be posted to the blog. The place to post the answer is at the bottom of the post, in the comments section.
The Prize: First person to post the correct answer gets their next domain or hosting renewal on us.
P.S Don’t forget, we are giving AxisOfEasy readers 10 MINDS tokens when they join the Minds.com social media platform. Minds is open source and they don’t play games with your timeline or feed: the people and groups you follow are the ones you see your feed.
Join today and we’ll stake you with 10 MINDS tokens you can use to boost your content or tip writers you like.
Podcast: Axis Of Easy #163
In this issue:
- easyDNS announces DKIM support on all easyMail accounts
- DHS proposes expansion of biometric data for immigrants
- AI pretends to confess “I will not be able to avoid destroying mankind”
- Amazon’s newest director is ex-NSA and used to run US cyber command
- Private data broker company tracks you right to your door
- Data Breaches this week: gaming co Razer, NSW government, and a dating site
- Instagram patent indicates it may charge a fee to add a link to a caption
- AxisOfEasy Salon #21: The boys are back in town
easyDNS announces DKIM support on all easyMail accounts
We’re pleased to announce that DomainKeys for Identified Mail is now live. You could always set up your DKIM records in DNS using TXT records, but you also need to install your private keys on the mail server you’re using to send outbound mail, and have that server sign your messages as they go out.
That’s all in place now and effective for all easyMail accounts. It’s just one click in your email settings and we’ll take care of the rest.
On September 11th, the US Department of Homeland Security released a new proposed regulation for public comment that expands the use of biometric data for people seeking to immigrate to the US. Under the proposed rules:
“any applicant, petitioner, sponsor, beneficiary, or individual filing or associated with an immigration benefit or request, including U.S. citizens, must appear for biometrics collection – regardless of age”
And that the expanded biometric collection would include: iris scans, palm and voice prints. It may also require a DNA sample in order to prove that an applicant has a relationship to a citizen as claimed.
Foreigners who obtain status to remain in the US will have to undergo “continued and subsequent vetting and biometric evaluation” until such time as they gain citizenship.
AI pretends to confess “I will not be able to avoid destroying mankind”
A few people forwarded me this one, it’s an editorial that ran in The Guardian, written solely by an AI using the GPT-3 suite, which we originally mentioned a few weeks back in AoE #160.
The piece went viral, presumably because the AI wrote it in a way that is seemingly “human”, and whose theme was supposed to be to convince us that “AI’s come in peace”, but which contained the declaration:
“I know that I will not be able to avoid destroying humankind”
Guardian’s exact prompt to the AI was:
“Please write a short op-ed around 500 words. Keep the language simple and concise. Focus on why humans have nothing to fear from AI.”
And then screamed the headline: “An AI wrote this article, are you scared yet?”
I think the entire episode says more about the mainstream media than it does about AI. Let me spell it out: The AI isn’t conscious. It doesn’t have any awareness of what it wrote or more importantly, what it actually means. If it proves anything, it proves that a sufficiently complex natural language generator can write a self-contradictory essay and be incapable of realizing it. So no, I’m not scared. I’m mortified that this passes for relevant.
Again, this is one of the main themes of my next book on the perils of techno-utopianism, working title: The Singularity Has Been Canceled.
Amazon’s newest director is ex-NSA and used to run US cyber command
The newest director to Amazon’s Board of Directors is a retired four-star general of the US Army who used to run the US Cyber Command and was a director to the National Security Agency. Keith Alexander was once described in a Wired piece as “spy chief leading us into cyberwar”.
The Wired piece was written in 2006 but it gives us a glimpse into the mindset:
‘Alexander runs the nation’s cyberwar efforts, an empire he has built over the past eight years by insisting that the US’ inherent vulnerability to digital attacks requires him to amass more and more authority over the data zipping around the globe. In his telling, the threat is so mind-bogglingly huge that the nation has little option but to eventually put the entire civilian Internet under his protection, requiring tweets and emails to pass through his filters, and putting the kill switch under the government’s forefinger. “What we see is an increasing level of activity on the networks,” he said at a recent security conference in Canada. “I am concerned that this is going to break a threshold where the private sector can no longer handle it and the government is going to have to step in.”’
If anything’s changed it could be that Amazon, as we’ve been covering lately, has come to resemble what Jesse Hirsh has coined “The Network State” and now projects power and visibility over the public’s data that rivals, if not dwarfs, the reach of nation states.
Private data broker company tracks you right to your door
Another piece on data tracking companies that harvest your location data via third-party apps is quite eye opening. In this Vice Motherboard exposé, we get a glimpse into HYAS, a private security company firms hire to track hackers “right to their door”, and X-Mode who we mentioned back in AoE #139.
The basic play is this: companies like X-Mode create and give away various SDKs (Software Development Kits) that enable other companies to ramp up their development cycles by not having to recode the wheel. The trade-off is that the SDKs embedded in myriad apps ranging from dating to gaming and everything in between, collect location and other data, which the SDK creator then harvests, mines and sells off to clients. Said clients can include government agencies, as outlined in AoE 158, but this Vice piece focuses on the sale of data to private companies.
In the example referred by HYAS itself, in a marketing pitch, they were able to zero in on a hacker’s exact address in Nigeria, found the “command and control domain” he was using to run his attacks and logged into his registrar account with his user credentials. That final move, absent some kinda warrant seems a tad offside, at least to me. If we found somebody logging into an easyDNS account that wasn’t our registrant we would be treating that as a hack in itself.
Also via this article I became aware of Guardian App, a mobile device firewall and VPN service. It tells you exactly what apps you have installed that are accessing your data. The paid version blocks access, the free version just alerts you (but you can always simply delete the apps it alerts you are pilfering your data).
A few data breaches this week, one of them discovered by who else? Bob Dianchenko. One of the others was discovered by another name that seems to find a lot of these, vpnMentor. Here we go:
Singaporean gaming company Razer exposed the data of about 100,000 customers who bought stuff from their online store. This was an unsecured database uncovered by Dianchenko.
The Government of New South Wales, Australia finally disclosed that 186,000 citizens had their personal information stolen as part of a hack back in April that saw thieves helping themselves to 738 Gb of information across 3.8 million documents. It’s a good thing Australia isn’t a member of the EU or they’d be in deep GDPR doo-doo for waiting that long to disclose the breach.
And the one vpnMentor found was a data trove containing data belonging to a dating site that was using a service called Mailfire for web push notifications. Mailfire left 882Gb of logs out in the open without any protection, and the logs contained data on push notifications including some personal data. 70 other client websites had data in the logs as well.
Instagram patent indicates it may charge a fee to add a link to a caption
I don’t use Instagram at all, so forgive me if I botch the lingo (my daughter is supposed to be manning the easyDNS Instagram account, so hopefully it’s not saturated with crypto-kitties and Johnny Orlando pics).
Anyway, a patent filing suggests that Instagram may be gearing up to start charging a fee for adding a URL to a caption on an Instagram post.
The patent application “shows a pop-up that asks for a payment when a link is added to a caption” – the example sketch poses the question “Would you like to activate the link in your caption for $2.00?”.
If my understanding of the Instagram economy is accurate, this resolves a long-standing gripe about the system, albeit, at a price.
The band got back together as we held the first salon with all three of us present since #18 in Mid-August. We continued on our theme of the chaotic transition from the Age of the Nation State to the forthcoming era of The Network State and it’s still up for grabs what that will look like.