Well meaning but…

By | | , , , , , ,
Comments Off on Well meaning but…

I work in IT and I’m sure I’ve made decisions that have puzzled people or made them wonder what sort of special idiot I am. Fortunately for me most of what I’ve done hasn’t really had significant real world consequences. The same can not be said of the new surveillance detecting tool from Amnesty, Privacy International and the EFF. This new spyware detecting tool is called Deteckt and is aimed at people who fear they may be at risk of targeted surveillance. Now I’m sure that the people that wrote it are both very clever and well meaning, however if you’re subject to targeted surveillance and the sort of tools that government agencies might deploy then you’re up against people who are also very clever and not very well meaning. To be honest they quite probably down right hostile with no good intent towards you at all. Now if you think you’re or interest to such people you hopefully have reasonable security and are already running tools to detect the normal run of the mill spyware and malware programs and of course an anti-virus program. Detekt therefore we can I think assume is aimed to detect the kind of nastiness that those usual tools can’t spot.

Well except it isn’t, not really. According to their intentions the main aim is to “raise awareness“, actually detecting spyware is just the secondary aim. They are also according to their information mainly targeting known commercially available (well available to governments at least) software and they expect the people making it to start working to avoid Detekt really quickly.

So this awareness raising tool is expected to be actively worked against and yet the install instructions tell you to turn off your antivirus programs and then run it as Administrator!

How to shaft yourself

Now as it’s aimed to run on windows machines they don’t actually have much choice about this. But they are advising people who thing they are the target of serious hostile action to disable their existing security measures to run a bit of software downloaded from the internet as a privileged user. Yes they advise you to be disconnected from the internet at the time, but still this is not usually considered clever. Anti-virus and other anti-malware tools normally avoid this problem but having a digital signature that you can check and that the program itself can check. From the install instructions this is not the case with Detekt and the earlier releases didn’t even have a signature to verify if you new how to (well except for some unknown format digital signature)
What no checksum

This is really not following best practice, and it’s good to see that the latest release does come with checksums you can check, though the installation advice doesn’t so much as suggest you do such a thing. There are already a lot of very good tools and advice out there for whistle blowers and the like – which don’t generally advise you to turn off your security to run an unverified bit of software.

Whilst I’m sure that the “resistsurveillance.org” site is run by the people that it claims to be, that also can’t be verified as the domain registration registration information is all obfuscated. Of course if it was set up by a malicious actor I’m sure Amnesty and co would be shouting from the roof tops that it wasn’t them but really that’s hardly the point.

All of which means that the people behind Detekt (whoever they may actually be) are advising people at risk from serious and advanced surveillance threats to abandon good practice, download a bit of software from an open source site and run it as Administrator with all security turned off without first verifying it’s in anyway genuine. This strikes me as a rather counterproductive way to “raise awareness”. Unless of course having a few people disappeared is an acceptable awareness raising technique these days. I’m hoping that the software actually just puts up a big image which says “don’t be stupid next time”. However given the size of the program it could be doing almost anything and there’s plenty of space there for malicious parties to hide something nasty if they got the chance.

If they wanted to raise awareness in a way less likely to shaft the most at risk, they could have pointed to the vast amounts of good advice out there. Including any of the various portable secure Linux systems which let you start from a clean secure system every time. Hell they could even rebadge it with their funky awareness logo, as long as they also told people how to verify it was genuine, provided a method to verify that the people behind it were actually the people behind it and maybe provided multiple download paths so that it was at least slightly harder for the ungodly to target the download site.

It’s nice that they want to raise awareness, and unless you’re being paranoid the risks are really fairly small – except of course if you think you’re the subject of state sponsored targeted surveillance then paranoid is the very thing you need to be.

-2

Independence articles round up

By | | , , ,
Comments Off on Independence articles round up

As we enter the final few hours before voting starts I thought I’d round up some of the better articles from my point of view, so if nothing else I can refer to them when the dust starts settling. so in no particular order:

That’s almost quite enough links, so to finish up two articles about how great the Union actually is, because somehow talking about the best aspects of the Union has been cast as jingoistic and the wrong kind of nationalism where as Scottish independence is the right kind of nationalism which really ham strings talking about the Union in a positive way.
Tim Stanley and Andew Lilico both have a few words on how great the Union is, probably many other people I’ve missed as well.

-6

Scottish Campaigning

By | | , , ,
Comments Off on Scottish Campaigning

With the Scottish independence campaigns drawing to an end and both sides having run really not terribly inspiring campigns (to be generous) I thought a quick contrast of negative techniques was in order.

 

FUDLiesBribesIntimidationviolence
Better together 
Yes Scotland

On the FUD* front, Better Together have been “scaremongering” about businesses leaving, currency collapse and the rest of it, meanwhile Yes Scotland have been talking about the NHS being destroyed and the imperial English tory boot crushing Scottish freedom. I think I’ll just skip the lies as really there are so many to choose from and even more statistical slights of hand. Bribe wise we have Better Together promising increased spending, more autonomy and I think the moon on a stick, Yes Scotland have also promised more spending, more free stuff, a political Scotland that will be a utopia of your imagining bearing no resemblance to how it is today and I think a free unicorn for everyone (I may be wrong about the last bit for both campaigns). Then things get interesting and the last two tactics seem by all reports to be only employed by “Yes Scotland”. If the reports are true then it should probably be referred to “Yes for else Scotland”.

News drifting south report of Better Together signs and other property being vandalized, campaigners mobbed and harassed and of course senior Yes Scotland campaigners (amongst others) promising “a day of reckoning” for those that support the No vote. This could be dismissed as just a few hot heads, if we ignore the senior figure, but Mr Salmond didn’t exactly deny it. Now in a modern democracy how anyone campaigns or votes really shouldn’t invoke any sort of threat, but instead of saying that such threats had no place in campaigning or in a new revived Scotland he said there wouldn’t be a day of reckoning because they’d be “magnanimous”. Now it could be me but talk of magnanimity rather implies that repercussion for loosing are indeed reasonable but are only not happening because of your generosity, that you’d be quite entitled to inflict retribution on those that held a different point of view but are only refraining from doing so because you’re in a good mood. This isn’t exactly the kind of behavior expected in developed countries, and really can’t help anyone to have an open and honest debate. Finally there are also reports of Yes Scotland supporters planning marches to the polling stations with banners and flags. This is the sort of behavior we’re more used to seeing in less democratic regions were people are encouraged how to vote by the presence of large mobs of supporters of the ruling party hanging around polling stations to make sure people vote the “right way”. Historically the west has viewed such activity as not allowing for free votes and have sent observers along to prevent such actions.

If the vote for independent Scotland carries the day then it would seem more than likely that people who believe that violence and intimidation have a part to play in the ballot will be the ones building the foundations of the newly independent Scotland. This really doesn’t bode well for the ability of Scotland to build a new country that responds to the demands of all it’s people.

* Fear uncertainty and doubt – just in case you didn’t know

“Friday will not be the end of this poisonous atmosphere.”
– A worryingly true comment made elsewhere.

-9