2014 Montreal Anarchist Bookfair

Happy to announce we will have a table at the Montreal Anarchist Bookfair this summer! (Salon du livre anarchiste de Montréal | Montreal Anarchist Bookfair)

More details: http://www.anarchistbookfair.ca/



Awesome Privacy Tools in Android 4.3+

Update 2013-12-13: it turns out this feature was removed in the recent Android 4.4.2 release :(. You can still get it if you install cyanogenmod or if you have a rooted device, but mainstream Android users are out of luck.

To date, there has been no way to run apps on Android with real and reliable privacy controls. Android version 4.3 and higher take a huge step in the right direction, letting users install apps while denying some of the apps’ attempts to collect the user’s data.


Android was built from scratch to have quite a sophisticated and strongly enforced system of per-app permissions. But many of the privacy-sensitive permissions are poorly delineated and confusing. And the way the OS and Google’s Play Store worked, users could not install an app but say “no” to that app’s demand that it be able to read their address book, track their location, or grab their phone number or IMEI.


This turned out to be the fundamental problem with the previous Android model: installing an app was an all-or-nothing proposition, and there were few practical ways to protect yourself against the apps you’d installed, or even really see what they were up to.


In the early days, that model was at an improvement on its major competitor, Apple’s iOS, which didn’t even have a permissions model. But after various privacy scandals, Apple started forcing apps to ask for permission to collect data: first location and then other categories, like address books and photos. So for the past two years, the iPhone’s app privacy options have been miles ahead of Android’s.

This changed with the release of Android 4.3, which added awesome new OS features to enhance privacy protection. You can unlock this functionality by installing a tool like App Ops Launcher. When you run it, you can easily control most of the privacy-threatening permissions your apps have tried to obtain. Want to install Shazam without having it track your location? Easy. Want to install SideCar without letting it read your address book? Done.

Despite being overdue and not quite complete, App Ops Launcher is a huge advance in Android privacy. Its availability means Android 4.3+ a necessity for anyone who wants to use the OS while limiting how intrusive those apps can be. The Android team at Google deserves praise for giving users more control of the data that others can snatch from their pockets.


On Writing, Funding, and Distributing Software to Activists Against Authoritarian Regimes

Writing software to protect political activists against censorship and surveillance is a tricky business. If those activists are living under the kind of authoritarian regimes where a loss of privacy may lead to the loss of life or liberty, we need to tread especially cautiously.

A great deal of postmortem analysis is occurring at the moment after the collapse of the Haystack project. Haystack was a censorship-circumvention project that began as a real-time response to Iranian election protests last year. The code received significant levels of media coverage, but never reached the levels of technical maturity and security that are necessary to protect the lives of activists in countries like Iran (or many other places, for that matter).

This post isn’t going to get into the debate about the social processes that gave Haystack the kind of attention and deployment that it received, before it had been properly reviewed and tested. Instead, we want to emphasize something else: it remains possible to write software that makes activists living under authoritarian regimes safer. But the developers, funders, and distributors of that software need to remember that it isn’t easy, and need to go about it the right way.

Here are a few essential points:

  1. Secure communications tools need a clearly defined model of the privacy threats they defend against, and the way the design addresses those threats needs to be clearly and rigorously specified.
  2. Careful thought needs to be put into user interface design, so that the end users of the system (who may not speak English, nor be sophisticated computer users) have some hope of understanding what threats the software is and isn’t defending against. This is hard to do right, but it’s very important: in some cases, if a dissident is a major target for a sophisticated government, they probably shouldn’t be using networked computers at all.
  3. Writing secure software is much harder than just writing software; it requires a different mindset and a whole extra set of skills and experience. Unless a project includes experienced, competent security engineers, it is almost certain to include bugs that threaten users’ privacy (actually, all complex codebases include security bugs, but good security teams will be able to make them rarer and do a better job of mitigating the damage).
  4. Tools need to be thoroughly tested by the computer security community before they are distributed to activists whose lives and liberty are at stake. Fortunately, plenty of well-tested tools are available to provide privacy and circumvention of censorship, including Tor, ssh, VPNs, or Gmail over HTTPS. All of these tools have their own limitations, and need to be used for the correct purposes, but they are the best choices for activists in at least some situations.
  5. Until you’re familiar with the extensive research literature on privacy-preserving communications systems, it’s probably best to get involved with (or fund) one of the many existing projects that are trying to defeat Internet censorship, before starting your own. The Tor Project is the largest and most organized of these, and is a good place for developers and funders to find work that needs to be done. There are numerous academic groups doing high-quality research, and some of them also build invaluable privacy tools. There are also some small projects that still need a lot of extra work and security auditing, but which may one day provide extremely important tools for dissidents; the “T(A)ILS” project is one good example.

For further reading on good security practices and the tools available for activists living under authoritarian regimes, see EFF’s Surveillance Self-Defense International whitepaper. For more advice on how to evaluate the quality of censorship-circumvention software, see the Tor Project’s article, “Ten things to look for in a circumvention tool”.

The Hacker Manifesto

+++The Mentor+++
Written January 8, 1986

Another one got caught today, it’s all over the papers. “Teenager Arrested in Computer Crime Scandal”, “Hacker Arrested after Bank Tampering”…

Damn kids. They’re all alike.

But did you, in your three-piece psychology and 1950’s technobrain, ever take a look behind the eyes of the hacker? Did you ever wonder what made him tick, what forces shaped him, what may have molded him?

I am a hacker, enter my world…

Mine is a world that begins with school… I’m smarter than most of the other kids, this crap they teach us bores me…

Damn underachiever. They’re all alike.

I’m in junior high or high school. I’ve listened to teachers explain for the fifteenth time how to reduce a fraction. I understand it. “No, Ms. Smith, I didn’t show my work. I did it in my head…”

Damn kid. Probably copied it. They’re all alike.

I made a discovery today. I found a computer. Wait a second, this is cool. It does what I want it to. If it makes a mistake, it’s because I screwed it up. Not because it doesn’t like me… Or feels threatened by me.. Or thinks I’m a smart ass.. Or doesn’t like teaching and shouldn’t be here…

Damn kid. All he does is play games. They’re all alike.

And then it happened… a door opened to a world… rushing through the phone line like heroin through an addict’s veins, an electronic pulse is sent out, a refuge from the day-to-day incompetencies is sought… a board is found. “This is it… this is where I belong…” I know everyone here… even if I’ve never met them, never talked to them, may never hear from them again… I know you all…

Damn kid. Tying up the phone line again. They’re all alike…

You bet your ass we’re all alike… we’ve been spoon-fed baby food at school when we hungered for steak… the bits of meat that you did let slip through were pre-chewed and tasteless. We’ve been dominated by sadists, or ignored by the apathetic. The few that had something to teach found us willing pupils, but those few are like drops of water in the desert.

This is our world now… the world of the electron and the switch, the beauty of the baud. We make use of a service already existing without paying for what could be dirt-cheap if it wasn’t run by profiteering gluttons, and you call us criminals. We explore… and you call us criminals. We seek after knowledge… and you call us criminals. We exist without skin color, without nationality, without religious bias… and you call us criminals. You build atomic bombs, you wage wars, you murder, cheat, and lie to us and try to make us believe it’s for our own good, yet we’re the criminals.

Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for.

I am a hacker, and this is my manifesto. You may stop this individual, but you can’t stop us all… after all, we’re all alike.