#AxisOfEasy 185: Merkel: Everyone Agreed That We Need A Digital Vaccination Certificate

Weekly Axis Of Easy #185

Last Week’s Quote was   “I’m convinced that you never have to give up liberties to be safe. I think you’re less safe when you give up your liberties,” many of you guessed Ben Franklin, who said “Whomever would trade freedom for security will get neither.” Close, but this particular quote, in its exact form was Dr. Ron Paul, winner was Tony King, again.

This Week’s Quote:  “The law of unintended consequences is the only real law of history”… by???

THE RULES: No searching up the answer, must be posted to the blog – the place to post the answer is at the bottom of the post, in the comments section.

The Prize: First person to post the correct answer gets their next domain or hosting renewal is on us.


In this issue:
  • Widely used Node.js package has code injection vulnerability
  • Merkel: Everyone agreed that we need a digital vaccination certificate
  • Gab has been hacked
  • Oops! Youtube nukes Coindesk’s entire channel. By mistake.
  • Digital Ocean and Coinbase file S1’s to go public
  • Myanmmar junta enforcing nightly internet shutdowns
  • Lastpass mobile clients have multiple embedded trackers
  • Confessions of a censorship machine developer
  • China’s APT31 cloned NSA hacking tools
  • No harm no foul: US says MSB approved Khashoggi hit.
  • Why Amazon is lobbying hard for higher minimum wages
  • EVENT: What do Canadians want from their Digital Government Platforms?
  • Canada’s Bill C-10 is unconstitutional according to former-Justice dept senior counsel
  • Trigger Alert: I went on Steve Bannon’s show to talk Transhumanism (yes, really)
  • AxisOfEasy Salon 38: Should Social Media networks be open source public utilities?

Widely used Node.js package has code injection vulnerability 

If you’re using Node.js you should check that they’re using the latest 5.3.1 version of the “system information” package. This package is used to gather information on the local system such as CPU speed, RAM, system clock, etc and was found to be vulnerable to a code injection vulnerability outlined in CVE-2021-21315.

If you can’t upgrade for any reason, there is a workaround as reported by the BleepingComputer piece:

“”As a workaround instead of upgrading, be sure to check or sanitize service parameters that are passed to si.inetLatency(), si.inetChecksite(), si.services(), si.processLoad() … do only allow strings, reject any arrays. String sanitation works as expected,” reads the associated npm security advisory.”

The system information package reportedly receives 800K downloads per week and has a total installation base of around 34 million.

Read: https://nvd.nist.gov/vuln/detail/CVE-2021-21315

And: https://www.npmjs.com/advisories/1628

Merkel: Everyone agreed that we need a digital vaccination certificate

Last week, a virtual meeting among EU leaders was held  about so-called “vaccination passports.”

The outcome was that the majority of them agreed that some kind of “vaccine certificates” will be required to travel even within the EU member states (remember, citizens within the Schengen Zone of the EU could, at least until now, travel from country to country as freely as crossing provincial or state lines here in North America).

“Commission President Ursula von der Leyen warned that unless they hurry Apple Inc. and Google will step into the vacuum.”

The concern here is that if a digital passport is implemented, they want it to be an EU designed solution in order to protect the data privacy of the citizenry. So far the WHO says they are pursuing a “software neutral” approach and that neither company is involved in the process thus far (although, as reported in AoE 144, Google and Apple came out of the gate fast with hooks for COVID tracking apps, so I imagine they’ll be on the forefront of immunity passports).

Meanwhile, Oxford sociologist Melinda Mills wrote an op-ed via The Financial Times on how vaccination passports will be a “technical and ethical minefield.” It’s behind a paywall but Zerohedge covered it here.

Welcome to The New Normal.

Gab has been hacked

It appears as though the controversial “free speech” platform Gab, which was until Parler, the place where everybody who got kicked off of Twitter went to vent, has been hacked (Parler was also hacked back when they were kicked off of Amazon’s AWS).

A data dump of 70GB of platform data including  “70 GB of Gab public posts, private posts, user profiles, hashed passwords for users, DMs, and plaintext passwords for groups in SQL format, along with over 70,000 messages in more than 19,000 thats with over 15,000 users in plaintext format.” have been released via Distributed DDoS, a Wikileaks type platform that specializes in data dumps.

Distributed DDoS is saying that because of the inflammatory nature of Gab and the personal details contained therein, they are only making the dump available to researchers and journalists.

Read: https://ddosecrets.com/wiki/GabLeaks

Oops! Youtube nukes Coindesk’s entire channel. By mistake.

Coindesk is among the most well respected, venerable commentators on Bitcoin and the crypto-asset economy in the world. I personally listen to their Breakdown podcast featuring NLW every day (it’s produced by Let’s Talk Bitcoin alumni Adam B Levine).

So it was a bit jarring when I got word that their entire YouTube channel had been deleted for the ole “repeated violations of community standards,” whatever The Fsck that means these days. The channel was deleted in the midst of their daily Coindesk TV livestream “All About Bitcoin.”

The Coindesk staff received no elaboration other than the notice and Youtube did not respond to inquiries until finally taking a second look after a backlash ensued.

‘We’re pleased to let you know that we’ve recently reviewed your YouTube account, and after taking another look, we can confirm that it is not in violation of our Terms of Service,” the platform said in an email.

Coindesk is pleased not to offend Youtube.’

Recall, as we reported in AoE 146, Youtube deplatformed CoinTelegraph’s live-streaming coverage of the 2020 Bitcoin halving event in mid-transmission.

Read: https://cointelegraph.com/news/youtube-cancels-cointelegraphs-btc-halving-livestream-for-being-harmful-content

Myanmar junta enforcing nightly internet shutdowns

Since the military coup in Myanmar on Feb 1st, the ruling junta has been resorting to regular internet shutdowns to stem the flow of communications from amongst the populace. Netblocks first reported on the outage on the eve of January 31st, hinting that something was in the offing even before the news of the overthrow had become widely known the next day.

This Wired article cites reports via Netblocks of internet outages “like clockwork” for the last 12 nights running, between 1am and 9am local time. Civil rights groups monitoring the situation fear that the outages occur during times of overnight mass arrests.

Also being reported by Netblocks, internet outages in Chad, and Iran, and Armenia during an attempted coup attempt there.

Lastpass mobile clients have multiple embedded trackers

We used to use Lastpass as our password manager, but we wanted to move away from it, not because of any particular failing in their part – there was a security breach a few years ago which I thought they did a decent job handling, but because we generally dislike solutions where our data is inside somebody else’s system.

So for the same reason we moved from Slack to Mattermost, where we use our own backend data storage, some time ago we moved from Lastpass to Bitwarden, same deal.

In this piece a security researcher named Mike Kuketz put out a report for a non-profit research firm called Exodus. In it he details how he found no less than seven tracking beacons embedded within the LastPass app for Android.  (By contrast, 1password and Keepass have none).

This may not be nefarious intent unto itself but merely be another instance we’ve outlined before where application developers will use third party SDKs in order to fast-track their development cycles, with the tradeoff being that those third-party SDKs have embedded trackers because their business model is to broker the data.

Read: https://reports.exodus-privacy.eu.org/en/reports/165465/

Confessions of a censorship machine developer

A pretty riveting story of censorship and coding from a former developer at Bytedance, the parent company to Tik-Tok, allow me to quote at length:

“It was the night Dr. Li Wenliang struggled for his last breath in the emergency room of Wuhan Central Hospital. I, like many Chinese web users, had stayed awake to refresh my Weibo feed constantly for updates on his condition. Dr. Li was an ophthalmologist who sounded the alarm early in the COVID-19 outbreak. He soon faced government intimidation and then contracted the virus. When he passed away in the early hours of Friday, Feb. 7, 2020, I was among many Chinese netizens who expressed grief and outrage at the events on Weibo, only to have my account deleted.

I felt guilt more than anger. At the time, I was a tech worker at ByteDance, where I helped develop tools and platforms for content moderation. In other words, I had helped build the system that censored accounts like mine. I was helping to bury myself in China’s ever-expanding cyber grave.

I hadn’t received explicit directives about Li Wenliang, but Weibo was certainly not the only Chinese tech company relentlessly deleting posts and accounts that night. I knew ByteDance’s army of content moderators were using the tools and algorithms that I helped develop to delete content, change the narrative and alter memories of the suffering and trauma inflicted on Chinese people during the COVID-19 outbreak. I couldn’t help but feel every day like I was a tiny cog in a vast, evil machine.”

The biggest fear among tech platforms in China, especially those aggregating user-generated content, is not deleting material fast enough that is critical of, or cast the Chinese authorities in an unfavourable light.

China’s APT31 cloned NSA hacking tools

Fascinating account over on Dark Reading on how security researchers are tracking and analyzing the use of a hacking tool that originated with the US NSA and is now also being used by an Advanced Persistent Threat (APT) actor associated with China.

When I first saw the article, I thought it could be part of, or another example of a previously leaked NSA toolset being appropriated by foreign threat actors, like DoublePulsar which we reported on back in AoE…. #2? Wow

But this one is different, as security researchers theorize that this tool, originally crafted and used by a threat actor dubbed The Equation Group, discovered by Kaspersky researchers in 2015. The Equation Group tool is referred to as “EpMe” by researchers, while the suspected Chinese one is dubbed “Jian”. It is not believed the latter had access to the source code and may have possibly captured and reverse engineered it after encountering it on a target compromised by both parties.

It reads like a real Spy vs Spy narrative.

No harm no foul: US says MSB approved Khashoggi hit.

This isn’t really tech news, but since we have reported on the murder of Jamal Khashoggi here before, specifically as it involved his mobile phone being hacked with NSO spyware, I thought we’d make a quick mention that the US Office of the Director of National Intelligence (ODN) has made the determination that the assassination was approved by the Saudi crown-prince MBS, something the CIA already concluded a mere weeks after the event.

The New York Times reports, the Biden administration will not penalize the Saudi regime. Possibly because there is so much fscking money involved that they can’t even pretend to have moral stance on this. Which proves that if you’re rich and powerful enough, you literally can get away with literal murder (Trump was just as soft on the $audi’s. They all are).

Why Amazon is lobbying hard for higher minimum wages

Lately Amazon has been pushing hard in favour of a national minimum wage of $15/hour. As this Vice piece reads, this isn’t out of some benevolent embrace of the working class in a tough economy. Rather, it’s an anti-unionization move, a PR move, a hiring tactic and a bludgeon against the competition in one move. I’ll add that’s also another salvo in the war against small business in that pathological Big Tech obsession with capturing all the marbles.

“For the past few years, Amazon has increasingly pushed data-driven quotas and warehouse and delivery efficiencies that workers say are dangerous and inhumane, while at the same time actively lobbying Congress to increase the federal minimum wage to $15.”

The Vice piece also cites a Bloomberg article from last year that showed how Amazon swooping into an area and paying the $15 minimum wage in a new warehouse actually drove the average wages in the area down.

Read: https://www.bloomberg.com/news/features/2020-12-17/amazon-amzn-job-pay-rate-leaves-some-warehouse-employees-homeless

Also, it wouldn’t surprise me if Amazon has some Alexa enabled workplace automation initiative in rapid development ready to swoop in and displace millions of minimum wage workers.

EVENT: What do Canadians want from their Digital Government Platforms?

On March 4th (this Thursday), the Internet Society Canada Chapter (of which I’m a director) will be hosting an online event to discuss the results of an Angus Reid poll of Canadians asking them about their experiences around government digital services and their expectations around digital transformation within the government.

The event will be moderated by iPolitics’ Heather Bakken with introductory comments by the Hon Joyce Murray, the Minister of Digital Government. Panelists will include her Parliamentary Secretary Greg Fergus, Shachi Kurl from Angus Reid, Nicole Foster from AWS Global and Accenture’s Managing Director of Public Service Strategy for Canada, Dave Telka.

Learn more about the event and sign up here:


Canada’s Bill C-10 is unconstitutional according to former-Justice dept senior counsel

To give you an example of the type of thing Internet Society CC works on, this submission from another ISCC director, Phillip Palmer about Canada’s looming Bill C-10 is a good example. Palmer is a former Senior Legal Counsel to the federal Justice department, focusing on communications’ law.  Bill C-10 is Canada’s attempt to bring the internet under the Broadcasting Act opening it to regulation along the same lines as television and radio.

It also seeks to levy licensing fees against Big Tech platforms in a similar manner to Australia, who recently attempted to do the same thing only to find themselves blocked from sharing or reading news on Facebook (we covered the “snake eating its tail” aspect of Big Tech duking it out with Big Gov in last week’s edition)

This morning Michael Geist, the University of Ottawa law professor who specializes in telecom and internet policy, posted Palmer’s submission to his site and offered a lengthy commentary on it.


“Bill C-10 is unconstitutional since on-demand streaming services such as Netflix are not inter-provincial undertakings and therefore are not subject to the federal government’s jurisdiction over broadcasters.”

Legislators and proponents of C-10 are making the faulty assumption that:

“That this is all one system, that the Internet is the same system as broadcast or television and radio, and that we can have the same rules apply. The problem is that it isn’t. The long-standing policies we’ve had in broadcasting, for the long-standing broadcaster, have been premised on scarcity of spectrum, the privilege of having those licences and the requirement to give back.”

Both Palmer’s submission and Geist’s commentary are worth setting some time aside to read.

Read: https://www.michaelgeist.ca/2021/03/is-bill-c-10-unconstitutional/

Palmer’s submission: https://www.michaelgeist.ca/wp-content/uploads/2021/03/PalmerConstitutional-Issues-Submission-.pdf

Trigger Alert: I went on Steve Bannon’s show to talk Transhumanism (yes, really)

If you recall, last summer I wrote a piece talking up my next book on the dangers of techno-utopian thinking. In it I proposed that in a world driven largely by scientism and radical material reductionism, the vacuum created by the vanquishing of religion and spirituality from the zeitgeist would be filled by Transhumanism.

It was one of the most viral pieces I’ve ever written, and most recently none other than Steve Bannon came across it and said “whoever this guy is, get him on the show!“

Bannon thinks the debate around “transhumanism” will be the defining issue of the next few years. Love him or hate him, he does tend to have a pulse on these things.

So, far be it from me to refuse the opportunity to talk about my next book to millions of viewers, I went on the show and I have to admit, it was a great and stimulating conversation. (He also called me the night before and we talked for nearly half an hour about this stuff. This guy is, in word, intense).

View the clip:


(It’s on the Canadian based Rumble, because Bannon is banned from Youtube )

AxisOfEasy Salon 38: Should Social Media networks be open source public utilities?

Last week Jesse, Charles and I “reimagined” social media platforms and wondered if they would be more effective and less detrimental to public discourse if they were a mosaic of decentralized, open-source public utilities. Apologies for some of the sound, we had a post-production technical glitch that had us having to stitch together a couple of different audio streams.

In parallel to this episode, I was contacted by one of the principles behind Plan Systems, a US based non-profit working on decentralized social apps, accessed via 3D user interfaces and it seemed to fit in with what we were talking about so I wanted to stick a pin in it here.

Watch: https://axisofeasy.com/podcast/salon-38-should-social-media-platforms-be-open-source-public-utilites/

3 thoughts on “#AxisOfEasy 185: Merkel: Everyone Agreed That We Need A Digital Vaccination Certificate

  1. Quote by Niall Ferguson, however, as Satan put it in the late Oliver Postgate’s treatise on the subject, it is less of a law and merely an ‘observable phenomenon’.

Leave a Reply

Your email address will not be published. Required fields are marked *