RSS Atom Add a new post titled:

Disclaimer: This is purely fictional, no real persons or incidents were used in making this playbook, etc.

Imagine running a corporation that's funded by venture capital or is being publicly traded. You have an obligation to your investors/shareholders to show some growth quarter to quarter. Your only revenue source is advertising. If your site has too many ads, you drive away users. So, you start making your apps addictive so that users are exposed to more ads. You also start disguising ads as content. Still, there's only so many ads you can show, since your users' time is limited.

Once you've hit the peak number of ads, your only other option is to improve the click-through rates of the ads. You start collecting hundreds of behavioral attributes about your users to be able to serve them the right ads at the right moment. Since profits are more important than people and your users are basically like cattle anyway, you start data-mining their entire lives. You start recording their every online action, recording their private conversations at home and start selling people "smart" video cameras and speakers. Meanwhile, you find yourself spending some of your billions to buy private islands and all the houses surrounding yours!

Your advertisements powered by machine learning algorithms are now getting creepy. People find that they're getting baby ads before they know they're pregnant. They see ads in your apps for words that they uttered in casual conversations. Your messaging apps are now putting words into users' mouths with suggested replies. You start brain-washing your users into believing your lies like "privacy is dead", "you have nothing to hide", "there are no alternatives", "we value your privacy" etc. The fun part is, the same manipulative tactics you use to sell your users stuff they don't need, can be used to brainwash them into believing your lies.

You start ramping up your public relations and lobbying budget now that human rights activists are fighting against you. But governments want in on the manipulative power of the infrastructure you've built. You strike deals with them and use lobbying to crush all competition and legitimize your privacy and human rights violations. You start selling surveillance as a service to law enforcement and put backdoors into all of your proprietary apps while protecting yourself using DRM and DMCA.

Now that you're reasonably safe from legal consequences, you start spending some of your billions to protect yourself from the impending climate crisis which was made much worse by propagandists using your platforms to spread lies and fake news. Your platforms are also being used by big data mercenaries to manipulate elections, so you donate to both the major political parties to be on the safe side.

Meanwhile, mainstream publications start blaming you for the role your platforms played in causing genocides in third-world countries. Though you're a bit shocked by this since you consider yourself to be a good person inside, you recover from this by reading a bit of Ayn Rand, shrugging away your responsibility and starting your own propaganda podcast.

(to be continued...)

Posted Thu Aug 15 14:06:56 2019

tl;dr It's not your biodata that surveillance capitalism is interested in. It's your behavioral data.

Introduction

We hear people saying that they have nothing to hide. Though this argument is obviously misguided in many ways, the most basic thing it gets wrong is the assumption that companies that make money off your data are doing it with your biodata.

Biographical data, also known as biodata is data about you - like your date of birth, details of family members, your home address, your educational qualifications, job history etc. Governments have stored most of this data in one form or the other for decades. A lot of people might even be convinced to not consider this to be private information at all.

Behavioral data is data gathered about your behavior by constantly monitoring you, profiling you and creating models to predict your next move or manipulate you into doing things. For example, this is the kind of data that is gathered during criminal investigations. In some cases, this kind of data collection usually requires legal authorization as well. Techniques include phone-tapping, video surveillance footage, recording audio of conversations etc.

Internet Advertising

Big internet companies, at least in the B2C space in the 90s were going bankrupt as they couldn't figure out ways of making money with their offerings. Advertising though frowned upon by many Silicon Valley founders including Google's was tried as an option of last resort to make money for the companies. But how would you show 100x return on investment to your venture capitalists on advertising revenue alone? It turns out that the better you know your customer, the better you can sell stuff to them. At least for the ad-tech companies, it is not about selling stuff but making people click on ads since that's where the money is for them.

Knowing Your Customer User

Traditional advertising had a few problems. Billboards and newspaper ads were targeted based on where the audience is located. Television ads were based on the kind of programming in channels. It was hard to correlate between advertising and customer buying behavior. With internet ads however, the company knows immediately when their ad is seen or clicked on. Also, ads can be customized to each person since it's all automated and computerized.

With the feedback loop in place, advertising tech could be continuously improved with behavioral data collected on customers. Though some of this data is helpful to draw statistical insights to help improve the products or services, it doesn't provide economic justification for setting up the massive data-mining operations that characterize surveillance capitalism. Publicly available biographical details like age, gender, parents, address etc. are hardly useful to manipulate a person's behavior at an individual level.

A person is most likely to click on an ad when it is most relevant to them. Static biodata is not useful to determine when to show what advertisements. For example, if the customer is a tampon company, knowing that the target user is a woman of a certain age is not enough. The company must read all her messages, do sentiment analysis, run some machine learning to correlate it against known data and figure out when her menstrual cycle begins to sell her tampons.

It is not too late

It is true that information can only be lost, but not recovered. Instead of worrying about the loss of your biodata or trying to protect it, focus on not letting them collect any more behavioral data about you. Stale behavioral data is usually discarded by ad-tech companies since it's not relevant after a few months. Switching to privacy-respecting free software services, self-hosting and digital minimalism are great ways to get back in control of your digital life.

Posted Thu Aug 15 13:44:25 2019

A number of things we take for granted are actually privileges.

The following are a few things I've recently identified as privileges through personal experience:

  • mental health
  • being born without birth defects
  • being cis gender
  • being accepted by society
  • place of birth
  • color of skin
  • supportive parents
  • clean water
  • affordable healthy food
  • electricity
  • internet access
  • technical knowledge
  • free time for hobbies
  • disposable income

The following are more relevant in the Indian context:

  • being born in a higher caste
  • being a follower of the majority religion

I probably wouldn't have thought of a lot of the above as privileges 5 years ago. I might identify some more things as privileges in the coming years.

Posted Tue Jul 2 14:51:01 2019

Demystifying the term Serverless


Server, the physical hardware

When people think of servers, they imagine a big machine or a large stack of them making humming noises and furiously serving millions of requests.

A server can also mean a computer program that is continuously running, listening for client requests and serving them. Think Apache, Nginx or Tomcat.

Apache HTTP server, the software
Apache HTTP server, the software

When someone says that they have gone serverless, what they actually mean is that they are no longer running a software program listening to requests. There should still be a physical computer of some sort serving the requests of the clients.

The premise of serverless is that you don’t have to keep a computer program called a server continuously running to serve your clients’ requests. When a request comes in, a small program (maybe a single function) gets invoked, serves the request and terminates.

What is FaaS then?

Serverless (not running server programs) is the goal and Function as a Service (FaaS) should be considered one of its implementations.

Are microservices and P2P applications serverless too?

Not really. A lot of microservices use HTTP for communication and thus have a server component in them. A P2P application (e.g. Syncthing, BitTorrent) acts as both the client and the server and hence doesn’t need a server decoupled from the client.

Now that you know what serverless actually means, it’s time to learn more about it. I recommend starting with this blog post by Badri Janakiraman.

Posted Mon Aug 13 15:27:47 2018

Block ads on Android using proxy server

Ad blocking on Android is a huge mess. On the Firefox browser for mobile, we have ad-blocking add-ons but for ads in the apps, there’s nearly no good option other than to use ad-blocking proxies. Installing a proxy on the phone itself might drain battery as it has to be running continuously. This article explains how to use an ad-blocking proxy server on your LAN instead of installing one on your phone.

Using Privoxy

Privoxy is an ad-blocking proxy server that can filter ads from web content automatically. It’s also highly configurable.

If you have one Privoxy server running on your LAN, either on your home network on a device like the FreedomBox or on a desktop machine that’s up all the time, then you can use Privoxy to block ads on your Android device.

Set a static ip address for the server running Privoxy on your local network and set it as your proxy in your Android settings as shown in the following screenshot.

Here’s how you reach this screen.

  1. In Android Settings, go to Wi-Fi.

  2. Long press on the Wi-Fi that you’re connected to and click on Modify network

  3. Click on Advanced Options in the pop-up that opens.

  4. Set the Proxy hostname to the static ip address of your Privoxy server. Privoxy’s default port is 8118.

  5. Click SAVE.

Now, your Android device no longer suffers from ads as long as it’s connected to this network.

This was really useful for my tablet at least, since it almost never leaves the house.

You can also use Privoxy as a proxy server in Firefox settings to avoid sites forcing you to whitelist them in ad-blocker settings.

Ad-block proxy on the go

If you want an ad-blocking proxy on your phone, which doesn’t always stay on the same network, you can use the Android apps DNS66 or Blokada.

Posted Mon Aug 13 14:57:53 2018

Of statements and expressions


By Arnold Reinhold [CC BY-SA 2.5 (https://creativecommons.org/licenses/by-sa/2.5)], via Wikimedia Commons

In the beginning there was FORTRAN.
Programming was done line by line with each line printed on a punch card.
There were no conditionals, only GOTOs that pointed to line numbers.
This is where statements in programming came from.

Then there was structured programming (like in C).
Structured programming introduced blocks and kept the statements and GOTOs.
GOTOs were slowly thrown out as they were too troublesome.
Functions and Structs came to be defined in terms of blocks.
Modularity increased with blocks.

Then there was object-oriented programming.
Blocks and statements were kept, and GOTOs were mostly discarded.
State and functions were bundled together into objects.
Modularity increased with objects.

This is the story that most people know. But in the same timeline existed
functional programming which offered modularity on a whole different level.

Before Alan Turing was defeating the Nazis with his legendary computer, his teacher Alonzo Church invented a mathematical formalism known as the Lambda Calculus — a formalism that only consisted of the lambda character (duh!), names and expressions.

Before C with its blocks, pointers and functions was invented, a computer scientist named John McCarthy wrote a paper that axiomatically defined all of programming in terms of just 7 operators. An implementation of these operators on the machine was done and mostly used for List Processing came to be known as LisP. A function in Lisp is a lambda expression bound to a name. Nope, no statements, only expressions. Entire Lisp programs were just expressions.

Then came ML, Haskell, OCaml, Scala, Clojure, F# etc., but the concept remained the same. They used expressions, not statements.

Expressions in programming originated from mathematics, whereas statements in programming exist because we were line-feeding the FORTRAN code of yore and are stuck with our old habits. Old habits die hard and sometimes they last generations, like the QWERTY keyboard layout that makes no sense to use on modern computers. On the positive side, we should probably be happy that we let go of the punch cards that we were writing our statements on.

Disclaimer: This article is written like a story. There’s no guarantee of factual or chronological correctness.

Posted Mon Aug 13 14:57:00 2018

Replacing cloud-based To-Do apps with Orgzly and Syncthing

In the past few years I tried out multiple To-Do list apps like Todoist, Pomotodo, Trello (which was a bit of an overkill for this purpose) etc., and finally settled on Google Keep for personal tasks and Emacs Org-mode for work-related To-Do lists since I do all my work on my work laptop and wouldn’t need mobile synchronization for it.

Recently, I was looking for a non-cloud alternatives for most of my cloud-based apps, basically to reduce my dependence on the entire Google suite of apps. I installed F-Droid and tried a few Free and Open-source (FOSS) apps. One app called Omni Notes looked exactly like Google Keep and I was using it for a while, till I discovered Orgzly.

Orgzly is basically an emulation of Emacs Org-mode on the mobile. This means I don’t have to use two kinds of apps for my To-Do lists. I can write my To-Do lists in Emacs and edit them on the go on my mobile. This sounds a lot like Microsoft Word for Windows Mobile, doesn’t it? Well, I was looking for a FOSS alternative. Now the whole problem is syncing my notes. I could have hosted NextCloud on a Raspberry Pi at my home and set it up with Dynamic DNS and used it to keep these in sync. But that’s a lot of work and needs additional hardware. Instead, I decided to use a peer-to-peer synchronization tool called Syncthing.

Syncthing on Work Laptop

Syncthing is very easy to use and has both desktop and mobile apps. I created a folder called ~/Sync on my laptop and moved my Org-mode lists there. Then, I setup Sycnthing to sync that folder to the mobile device.

Orgzly sync options

Orgzly has a sync feature. I just had to point my Orgzly to use Syncthing’s folder on the mobile device and select “Sync”. Syncthing did its job of getting my notes from desktop to mobile and Orgzly displayed them in Org-mode.

Posted Mon Aug 13 14:56:04 2018

You don’t have to be a geek to setup FreedomBox!

What is this FreedomBox thingy?

See this 4-minute video to learn what it is.

Well, the important concept to grasp here is that, servers that enable communication for a lot of people can be big and expensive, but to serve the needs of one family, all you need is a simple Single Board Computer like Raspberry Pi or OLinuXino-Lime2

Apart from the privacy-enabling stuff, it also has a chat client, web-based bit-torrent client, blogging software, ad-blocking using proxy server, file synchronization, a social networking server, VoIP server etc. It’s a convenient little thing to have, with lots of utilities.

FreedomBox setup on a Raspberry Pi

Disclaimer: I didn’t mean to write a tutorial, but just to explain how I setup my FreedomBox. I felt that there might be a lot of people like me who may find this useful. I’ve used a MacBook and a Raspberry Pi in my setup process. Also, tried it on two different routers. Please take my advice with a pinch of salt. This is neither official nor recommended.

In this setup, the FreedomBox acts as a home server connected as just another device to the router. The FreedomBox can also act as a router which can have some additional benefits.

Download the image for Raspberry Pi from the FreedomBox website. In my case, I downloaded this one — http://ftp.skolelinux.org/pub/freedombox/0.9/freedombox-testing-nonfree_0.9_raspberry2-armhf.img.xz

Put the SD card of your Raspberry Pi into a card reader and connect it to your laptop. There’s a nifty little utility called Etcher which can quickly get the above image installed on the memory card, in just 3 steps. Insert the SD card into the Raspberry Pi. We’re done with FreedomBox installation.

This is where the Wi-Fi router comes in.

Connect your Raspberry Pi to the router using an ethernet cable. Connect to your router’s web interface using some URL like 192.168.1.1 or 10.0.0.1. Try both 1.1 and 0.1 with both the series.

For D-Link routers, the default username is admin and the password field must be left blank. If you’re in Hyderabad and using the ACT FiberNet’s router like me, the default username is admin and password is radinet_admin. Search on Quora if these don’t work for you. There are some other combinations.

See the connected devices on your router and find the FreedomBox’s IP address. Hit that IP address in your browser. You’ll see a warning that the connection is not secure, click the “Advanced …” link and proceed for this time.

Now you’re on the Plinth interface of FreedomBox. You can access the FreedomBox when your laptop is connected to this router, but not from the internet, well not yet.

To access it from the outside, you need to do port forwarding. Follow this process: - Find the static DHCP settings on your router, and define a static IP address for your FreedomBox’s mac address (your router will show the mac address as well). I set it whatever the FreedomBox’s current IP address was. - Next, find the setting called “IP forwarding” or DMZ on your router and add your FreedomBox’s static IP address there. - Then, find the setting called “Port forwarding” on your router and enable port 443 (the port for HTTPS connections).

Now, if you know your public ip address (a simple google search will tell you), you can go to https:// and reach your FreedomBox. But that ain’t as cool as what we’re gonna do next.

Go to FreedomBox’s plinth web interface, login (or create a new account if setting up for the first time) and click on the Configuration tab in the menu bar. You should see an option called Dynamic DNS Client on the left. There you’ll find some instructions, but basically it tells you to go here and register for a dynamic DNS. Choose the domain “freedombox.rocks” for extra awesomeness! Once you register a domain there, like joseph.freedombox.rocks, it might take a few minutes to actually start working. Then you can just use a URL like https://myname.freedombox.rocks and access your FreedomBox from anywhere. This domain name will also be necessary when setting up federated applications on the FreedomBox.

Not just you, but you can create as many user accounts as your Raspberry Pi can support for your friends and family and have secure communications and some cool utilities all hosted on a credit-card-sized computer!

Now is a great time to take a look at all the features of FreedomBox and start using them. FreedomBox/Features — Debian Wiki

Congratulations! You have setup your own FreedomBox and may have turned a bit geeky as a side-effect.

Posted Mon Aug 13 14:54:43 2018

This blog is powered by ikiwiki.