Category: Cryptoeverything (page 1 of 2)

GAFA: time to ‘ignore and withdraw’?

Last week, Motherboard reported that an unannounced update by Apple meant that third-party repairs of products such as the MacBook Pro would be impossible:

Apple has introduced software locks that will effectively prevent independent and third-party repair on 2018 MacBook Pro computers, according to internal Apple documents obtained by Motherboard. The new system will render the computer “inoperative” unless a proprietary Apple “system configuration” software is run after parts of the system are replaced.

As they have updated the story to state, iFixit did some testing and found that this ‘kill switch’ hasn’t been activated – yet.

To me, it further reinforced why I love and support in very practical ways, Open Source Software (OSS). I use OSS, and I’m working on it in my day-to-day professional life. Sometimes, however, we don’t do a good enough job of explaining why it’s important. For me, the Apple story is a terrifying example of other people deciding when you should upgrade and/or stop using something.

Another example from this week: Google have announced that they’re shutting down their social network, Google+. It’s been a long-time coming, but it was only last month that, due to the demise of Path, my family was experimenting with Google+ as somewhere to which we could have jumped ship.

Both Apple’s products and Google+ are proprietary. You can’t see the source code. You can’t inspect it for bugs or security leaks. And the the latter is actually why Google decided to close down their service. That, and the fact it only had 500,000 users, most of whom were spending less than five seconds per visit.

So, what can we do in the face of huge companies such as Google, Amazon, Facebook, and Apple (GAFA)? After all, they’ve got, for all intents and purposes, almost unlimited money and power. Well, we can and should vote for politicians to apply regulatory pressure on them. But, more practically, we can ignore and withdraw from these companies. They’re not trillion-dollar companies just because they’re offering polished products. They’re rich because they’re finding ever more elaborate ways to apply sneaky ways to achieve vendor lock-in.

This affects the technology purchases that we make, but it also has an effect on the social networks we use. As is becoming clear, the value that huge multi-national companies such as Google and Facebook gain from offering services for ‘free’ vastly outstrips the amount of money they spend on providing them. With Google+ shutting down, and Facebook’s acquisition of Instagram and WhatsApp, the number of options for social networking seems to be getting ever-smaller. Sadly, our current antitrust and monopoly regulations haven’t been updated to deal with this.

So what can we do? I’ve been using Mastodon in earnest since May 2017. It’s a decentralised social network, meaning that anyone can set up their own ‘instance’ and communicate with everyone else running the same OSS. Most of the time, people join established instances, whether because the instance is popular, or it fits with their particular interests. Recently, however, I’ve noticed people setting up an instance just for themselves.

At first, I thought this was a quirky and slightly eccentric thing to do. It seemed like the kind of thing that tech-literate people do just because they can. But then, I read a post by Laura Kalbag where she explained her reasoning:

Everything I post is under my control on my server. I can guarantee that my Mastodon instance won’t start profiling me, or posting ads, or inviting Nazis to tea, because I am the boss of my instance. I have access to all my content for all time, and only my web host or Internet Service Provider can block my access (as with any self-hosted site.) And all blocking and filtering rules are under my control—you can block and filter what you want as an individual on another person’s instance, but you have no say in who/what they block and filter for the whole instance.

You can also make custom emoji for your own Mastodon instance that every other instance can see and/or share.

Ton Zylstra is another person who has blogged about running his own instance. It would seem that this is a simple thing to do using a service such as masto.host.

Of course, many people reading this will think so what? And, perhaps, that seems like a whole lot of hassle. Maybe so. I hope it’s not hyperbolic to say so, but for me, I see all of this as being equivalent to climate change. It’s something that we all know we need to do something about but, for most of us, it’s just too much hassle to think about what could happen in future.

I, for one, hope that we’re not looking back from (a very hot) year 2050 regretting the choices we made in 2018.

A portal into a decentralised universe

You may recognise Cloudflare’s name from their provision of of ‘snapshots’ of websites that are currently experiencing problems. They do this through what’s called ‘distributed DNS’ which some of the issues around centralisation of the web. I use their 1.1.1.1 DNS service via Blokada on my smartphone to improve speed and privacy.

The ultimate goal, as we seek to move away from proprietary silos run by big tech companies (what I tend to call ‘SaaS with shareholders’), is to re-decentralise the web. I’ve already experimented with this, after speaking at a conference in Barcelona on the subject last October, and experimenting with my own ‘uncensorable’ blog using ZeroNet.

Up to now, however, it hasn’t been easy to jump from the regular ‘ol web (the one you’re used to browsing using https) and the distributed web (DWeb). You need a gateway to use a regular web browser with the DWeb. I set up one of these last year and quickly had to take it down as it was expensive to run!

I’m delighted, therefore, to see that Cloudflare have launched an IPFS gateway. IPFS stands for ‘InterPlanetary File System’ and is a “peer-to-peer hypermedia protocol
to make the web faster, safer, and more open”. It does lots of cool stuff around redundancy and resilience that I won’t go into here. Suffice to say, it’s the future.

Today we’re excited to introduce Cloudflare’s IPFS Gateway, an easy way to access content from the InterPlanetary File System (IPFS) that doesn’t require installing and running any special software on your computer. We hope that our gateway, hosted at cloudflare-ipfs.com, will serve as the platform for many new highly-reliable and security-enhanced web applications. The IPFS Gateway is the first product to be released as part of our Distributed Web Gateway project, which will eventually encompass all of our efforts to support new distributed web technologies.

As I mentioned above, one of the issues with having a decentralised blog or website is that people can’t access it on the regular web. This changes that, and hopefully in a way where we don’t just end up with a new type of centralisation:

IPFS gateways are third-party nodes that fetch content from the IPFS network and serve it to you over HTTPS. To use a gateway, you don’t need to download any software or type any code. You simply open up a browser and type in the gateway’s name and the hash of the content you’re looking for, and the gateway will serve the content in your browser.

We’re thinking about how IPFS could be used with the MoodleNet project I’m leading. If we’re building a decentralised resource-centric social network it makes sense for those resources to be accessed in a decentralised way! Developments such as this make that much more likely to happen sometime soon.

Source: Cloudflare blog

(Related: The Guardian on the DWeb, and Fred Wilson’s take on Cloudflare’s IPFS gateway)

Assassination markets now available on the blockchain

I first mentioned so-called ‘assassination markets’ in one of my weeknotes back in 2015 when reporting back on a dinner party conversation. For those unfamiliar, the idea has been around for at least the last twenty years.

Here’s how Wikipedia defines them:

An assassination market is a prediction market where any party can place a bet (using anonymous electronic money and pseudonymous remailers) on the date of death of a given individual, and collect a payoff if they “guess” the date accurately. This would incentivise assassination of individuals because the assassin, knowing when the action would take place, could profit by making an accurate bet on the time of the subject’s death. Because the payoff is for accurately picking the date rather than performing the action of the assassin, it is substantially more difficult to assign criminal liability for the assassination.

Of course, the blockchain is a trustless system, so perfect for this kind of thing. A new platform called Augur is a prediction market and so, of course, one of the first things that appears on there are ‘predictions’ about the death of Donald Trump in 2018:

Everyone knew that it was inevitable that assassination markets would quickly pop up on decentralized prediction market platform Augur, but that doesn’t make the fact that users are now betting on whether U.S. President Donald Trump will be assassinated by the end of the year any less jarring.

Yet this market exists, and, though not the most popular bet on Augur, more than 50 shares have been traded on it as of the time of writing. Similar markets, moreover, exist for a number of other public figures, allowing users to gamble on whether 96-year-old actress Betty White and U.S. Senator John McCain — who has been diagnosed with brain cancer — will survive until Jan. 1, 2019.

This is why ethics in technology are important. There is no such thing as a ‘neutral’ technology:

Now that assassination markets are here, a fierce debate has emerged in cryptocurrency circles over what — if anything — should be done about them, as well as who should be held responsible for these clearly-illegal death markets.

The core issue stems from the fact that, in addition to the pure revulsion that these markets should engender in any decent human being, they also create a financial incentive for someone to place a large bet that a public figure will be assassinated and then murder that person for profit. Consequently, the mere presence of these markets makes it more likely that these events will occur, however slim that increase may be.

Interesting times, indeed.

Source: CCN

Blockchain was just a stepping stone

I’m reading Adam Greenfield’s excellent book Radical Technologies: the design of everyday life at the moment. He says:

And for those of us who are motivated by commitment to a specifically participatory politics of the commons, it’s not at all clear that any blockchain-based infrastructure can support the kind of flexible assemblies we imagine. I myself come from an intellectual tradition that insists that any appearance of the word “potential” needs to be greeted with skepticism. There is no such thing as potential, in this view: there are merely states of a system that have historically been enacted, and those that have not yet been enacted. The only way to assess whether a system is capable of assuming a given state is to do the work of enacting it.
 

Back in 2015, I wrote about the potential of badges and blockchain. However, these days I’m more likely to agree that’s it’s a futuristic integrity wand.

The problem with blockchain technologies is that they tend to all get lumped together as if they’re one thing. For example, some use blockchain technologies to prop-up neoliberalism, whereas others are seeking to use it to destroy it.

As part of my research for a presentation I gave in Barcelona last year about decentralised technologies, I came across MaidSafe (“the world’s first autonomous data network”). I admit to be on the edges of my understanding here, but the idea is that the SAFE network can safely store data in an autonomous, decentralised way.

Last week, MaidSafe announced a new protocol called PARSEC (Protocol for Asynchronous, Reliable, Secure and Efficient Consensus). It solves the Byzantine General’s problem without recourse to the existing blockchain approach.

PARSEC solves a well-known problem in decentralised, distributed computer networks: how can individual computers (nodes) in a system reliably communicate truths (in other words, events that have taken place on the network) to each other where a proportion of the nodes are malicious (Byzantine) and looking to disrupt the system. Or to put it another way: how can a group of computers agree on which transactions have correctly taken place and in which order?

This protocol is GPL v3 licensed, meaning that it is “free for anyone to build upon and likely prove to be of immense value to other decentralised projects facing similar challenges”. The Bitcoin blockchain network is S-L-O-W and is getting slower. It’s also steadily pushing up the computing power required to achieve consensus across the network, meaning that a huge amount of electricity is being used worldwide. This is bad for our planet.

If you’re building a secure, autonomous, decentralised data and communications network for the world like we are with the SAFE Network, then the limitations of blockchain technology when it comes to throughput (transactions-per-second), ever-increasing storage challenges and lack of encryption are all insurmountable problems for any system that seeks to build a project of this magnitude.

[…]

So despite being big fans of blockchain technology for many reasons here at MaidSafe, the reality is that the data and communications networks of the future will see millions or even billions of transactions per second taking place. No matter which type of blockchain implementation you take — tweaking the quantity and distribution of nodes across the network or how many people are in control of these across a variety of locations — at the end of the day, the blockchain itself remains, by definition, a single centralised record. And for the use cases that we’re working on, blockchain technology comes with limitations of transactions-per-second that simply makes that sort of centralisation unworkable.

I confess to not having watched the hour-long YouTube video embedded in the post but, if PARSEC works, it’s another step towards a post-nation state world — for better or worse.

Source: MaidSafe blog

Blockchain as a ‘futuristic integrity wand’

I’ve no doubt that blockchain technology is useful for super-boring scenarios and underpinning get-rich-quick schemes, but it has very little value to the scenarios in which I work. I’m trying to build trust, not work in an environment where technology serves as a workaround.

This post by Kai Stinchcombe about the blockchain bubble is a fantastic read. The author’s summary?

Blockchain is not only crappy technology but a bad vision for the future. Its failure to achieve adoption to date is because systems built on trust, norms, and institutions inherently function better than the type of no-need-for-trusted-parties systems blockchain envisions. That’s permanent: no matter how much blockchain improves it is still headed in the wrong direction.

Fair enough, let’s dig in…

People have made a number of implausible claims about the future of blockchain—like that you should use it for AI in place of the type of behavior-tracking that google and facebook do, for example. This is based on a misunderstanding of what a blockchain is. A blockchain isn’t an ethereal thing out there in the universe that you can “put” things into, it’s a specific data structure: a linear transaction log, typically replicated by computers whose owners (called miners) are rewarded for logging new transactions.

It’s funny seeing people who have close to zero understanding of how blockchain works explain how it’s going to ‘revolutionise’ X, Y, or Z. Again, it’s got exciting applicability… for very boring stuff.

[H]ere’s what blockchain-the-technology is: “Let’s create a very long sequence of small files — each one containing a hash of the previous file, some new data, and the answer to a difficult math problem — and divide up some money every hour among anyone willing to certify and store those files for us on their computers.”

Now, here’s what blockchain-the-metaphor is: “What if everyone keeps their records in a tamper-proof repository not owned by anyone?”

This is the bit that really grabbed me about the post, the blockchain-as-metaphor section. People are sold on stories, not on technologies. Which is why some people are telling stories that involve magicking away all of their fears and problems with a magic blockchain wand.

People treat blockchain as a “futuristic integrity wand”—wave a blockchain at the problem, and suddenly your data will be valid. For almost anything people want to be valid, blockchain has been proposed as a solution.

It’s true that tampering with data stored on a blockchain is hard, but it’s false that blockchain is a good way to create data that has integrity.

[…]

Blockchain systems do not magically make the data in them accurate or the people entering the data trustworthy, they merely enable you to audit whether it has been tampered with. A person who sprayed pesticides on a mango can still enter onto a blockchain system that the mangoes were organic. A corrupt government can create a blockchain system to count the votes and just allocate an extra million addresses to their cronies. An investment fund whose charter is written in software can still misallocate funds.

When, like me, you think that humanity moves forward at the speed of trust and collaboration, blockchain seems like the antithesis of all that.

Projects based on the elimination of trust have failed to capture customers’ interest because trust is actually so damn valuable. A lawless and mistrustful world where self-interest is the only principle and paranoia is the only source of safety is a not a paradise but a crypto-medieval hellhole.

Source: Kai Stinchcombe

Blockcerts mobile

I still don’t really see the need for blockchain-based credentials (particularly given the tension between GDPR and immutability) but this is good to see:

Learning Machine is proud to introduce the new Blockcerts Wallet mobile app (iOS/Android) for people to easily receive, store, and share their official records. These might include electronic IDs, academic records, workforce training, or even civic records.

Blockcerts are compatible with the Open Badges specification. What I do like about Blockcerts is the idea of ‘Self-Sovereign Identity’ (which I actually think you can do without blockchain):

Blockcerts is the open standard for how to create, anchor, and verify records using any blockchain in a format that is recipient owned and that has no ongoing dependency upon any vendor or issuer. This is what we mean by Self-Sovereign Identity, the ability for people to control their own identity records without paying rent to central authorities for transmission or verification. Instead, people can receive their records once, then share them online or directly with third parties like employers whenever needed. Even if vendors or institutions cease to exist, people never lose the ability to use their official records and prove their identity.

Just as it makes sense for Facebook to try and get everyone to use it as their only social network, it totally makes sense for a startup like Learning Machine to be focusing on the Blockcerts Wallet being the single place for people to store their official records.

The Blockcerts Wallet is positioned to be a lifelong portfolio of official records, a personal repository from across disparate institutions in one convenient location. This means that individuals can become their own lifelong registrar of learning and achievement. So, it’s critical that the Wallet remain free and friendly to use, with plenty of accommodation for people who may lose or transition devices.

The good thing, of course, is that Blockcerts is an open standard. So anyone can build a wallet.

Source: Learning Machine blog

Telegram cryptocurrency

I come across so many interesting links every day that I can only post a handful of them. Right now, and only a couple of months after starting this approach to Thought Shrapnel, I’ve got around 50 draft posts! This was one of them, from early January.

Telegram is great. I’ve been using it for the past couple of years with my wife, for the past year with my son and parents, and the past three months or so with Moodle. It’s an extremely useful platform, as it’s so quick to send messages. Reliable too, which my wife and I found Signal to struggle with sometimes.

The brothers behind Telegram made their billions from creating VKontakte (usually shortened to ‘VK’ and known as the ‘Russian Facebook’). They’ve announced that Telegram will raise millions of dollars through an ‘ICO’ or Initial Coin Offering. This uses similar terminology to an Initial Public Offering, or IPO, which comes through a company becoming publicly listed on a stock exchange. An ICO, on the other hand, is actually more like equity crowdfunding using cryptocurrency:

Encrypted messaging startup Telegram plans to launch its own blockchain platform and native cryptocurrency, powering payments on its chat app and beyond. According to multiple sources which have spoken to TechCrunch, the “Telegram Open Network” (TON) will be a new, ‘third generation’ blockchain with superior capabilities, after Bitcoin and, later, Ethereum paved the way.

It could lead to some quite exciting features:

With cryptocurrency powered payments inside Telegram, users could bypass remittance fees when sending funds across international borders, move sums of money privately thanks to the app’s encryption, deliver micropayments that would incur too high of credit card fees, and more. Telegram is already the de facto communication channel for the global cryptocurrency community, making a natural home to its own coin and Blockchain.

Whereas the major social networks kowtow to governmental demands around censorship, that doesn’t seem to be the gameplan for Telegram:

Moving to a decentralized blockchain platform could kill two birds with one stone for Telegram. As well as creating a full-blown cryptocurrency economy inside the app, it would also insulate it against the attacks and accusations of nation-states such as Iran, where it now accounts for 40% of Iran’s internet traffic but was temporarily blocked amongst nationwide protests against the government.

I don’t pretend to understand the white paper they’ve published, but:

The claim is that it will be capable of a vastly superior number of transactions, around 1 million per second. In other words, similar to the ambitions of the Polkadot project out of Berlin — but with an installed base of 180 million people. This makes it an ‘interchain’ with so-called ‘dynamic sharding’.

Exciting times. As I was explaining to someone recently, Telegram are taking a very interesting route into user adoption. They couldn’t go with the standard ‘social network’ approach as Facebook, Instagram, and Twitter mean that market is effectively saturated. Instead, they started with a messaging app, and are building out from there.

Source: TechCrunch

Platform censorship and the threat to democracy

TorrentFreak reports that Science Hub (commonly referred to as ‘Sci-Hub’) has had its account with Cloudflare terminated. Sci-Hub is sometimes known as ‘the Piratebay of Science’ as, in the words of Wikipedia, it “bypasses publisher paywalls by allowing access through educational institution proxies”:

Cloudflare’s actions are significant because the company previously protested a similar order. When the RIAA used the permanent injunction in the MP3Skull case to compel Cloudflare to disconnect the site, the CDN provider refused.

The RIAA argued that Cloudflare was operating “in active concert or participation” with the pirates. The CDN provider objected, but the court eventually ordered Cloudflare to take action, although it did not rule on the “active concert or participation” part.

In the Sci-Hub case “active concert or participation” is also a requirement for the injunction to apply. While it specifically mentions ISPs and search engines, ACS Director Glenn Ruskin previously stressed that companies won’t be targeted for simply linking users to Sci-Hub.

Cloudflare is a Content Delivery Network (CDN), and I use their service on my sites, to improve web performance and security. They are the subject of some controversy at the moment, as the Electronic Frontier Foundation note:

From Cloudflare’s headline-making takedown of the Daily Stormer last autumn to YouTube’s summer restrictions on LGBTQ content, there’s been a surge in “voluntary” platform censorship. Companies—under pressure from lawmakers, shareholders, and the public alike—have ramped up restrictions on speech, adding new rules, adjusting their still-hidden algorithms and hiring more staff to moderate content. They have banned ads from certain sources and removed “offensive” but legal content.

It’s a big deal, as intermediaries that are required for the optimisation in speed of large website succumb to political pressure.

Given this history, we’re worried about how platforms are responding to new pressures. Not because there’s a slippery slope from judicious moderation to active censorship — but because we are already far down that slope. Regulation of our expression, thought, and association has already been ceded to unaccountable executives and enforced by minimally-trained, overworked staff, and hidden algorithms. Doubling down on this approach will not make it better. And yet, no amount of evidence has convinced the powers that be at major platforms like Facebook—or in governments around the world. Instead many, especially in policy circles, continue to push for companies to—magically and at scale—perfectly differentiate between speech that should be protected and speech that should be erased.

We live in contentious times, which are setting the course for a digitally mediate future. For every positive development (such as GDPR), there’s stuff like this…

Sources: TorrentFreak / EFF

Puertopia

Dudes make millions (or billions) of dollars via cryptocurrency. Hurricane hits Puerto Rico. They decide to build a new state.

They call what they are building Puertopia. But then someone told them, apparently in all seriousness, that it translates to “eternal boy playground” in Latin. So they are changing the name: They will call it Sol.

Oops.

Puerto Rico offers an unparalleled tax incentive: no federal personal income taxes, no capital gains tax and favorable business taxes — all without having to renounce your American citizenship. For now, the local government seems receptive toward the crypto utopians; the governor will speak at their blockchain summit conference, called Puerto Crypto, in March.

Of course it does. But look at what they’ve got planned:

Some are open to the new wave as a welcome infusion of investment and ideas.

“We’re open for crypto business,” said Erika Medina-Vecchini, the chief business development officer for the Department of Economic Development and Commerce, in an interview at her office. She said her office was starting an ad campaign aimed at the new crypto expat boom, with the tagline “Paradise Performs.”

Others worry about the island’s being used for an experiment and talk about “crypto colonialism.” At a house party in San Juan, Richard Lopez, 32, who runs a pizza restaurant, Estella, in the town of Arecibo, said: “I think it’s great. Lure them in with taxes, and they’ll spend money.”

Andria Satz, 33, who grew up in Old San Juan and works for the Conservation Trust of Puerto Rico, disagreed.

“We’re the tax playground for the rich,” she said. “We’re the test case for anyone who wants to experiment. Outsiders get tax exemptions, and locals can’t get permits.”

Interesting times.

Source: The New York Times

The NSA (and GCHQ) can find you by your ‘voiceprint’ even if you’re speaking a foreign language on a burner phone

This is pretty incredible:

Americans most regularly encounter this technology, known as speaker recognition, or speaker identification, when they wake up Amazon’s Alexa or call their bank. But a decade before voice commands like “Hello Siri” and “OK Google” became common household phrases, the NSA was using speaker recognition to monitor terrorists, politicians, drug lords, spies, and even agency employees.

The technology works by analyzing the physical and behavioral features that make each person’s voice distinctive, such as the pitch, shape of the mouth, and length of the larynx. An algorithm then creates a dynamic computer model of the individual’s vocal characteristics. This is what’s popularly referred to as a “voiceprint.” The entire process — capturing a few spoken words, turning those words into a voiceprint, and comparing that representation to other “voiceprints” already stored in the database — can happen almost instantaneously. Although the NSA is known to rely on finger and face prints to identify targets, voiceprints, according to a 2008 agency document, are “where NSA reigns supreme.”

Hmmm….

The voice is a unique and readily accessible biometric: Unlike DNA, it can be collected passively and from a great distance, without a subject’s knowledge or consent. Accuracy varies considerably depending on how closely the conditions of the collected voice match those of previous recordings. But in controlled settings — with low background noise, a familiar acoustic environment, and good signal quality — the technology can use a few spoken sentences to precisely match individuals. And the more samples of a given voice that are fed into the computer’s model, the stronger and more “mature” that model becomes.

So yeah, let’s put a microphone in every room of our house so that we can tell Alexa to turn off the lights. What could possibly go wrong?

Source: The Intercept