Anonymity From The Front Line


Author’s Note: A recent proliferation in claims of anonymity provided in using various messaging apps raises the need to discuss the gravity of making such claims when human life is potentially at stake.


Anonymity from an ontological perspective, and issues revolving around information ethics, are themes I explore in my work as an artist/ontologist. Indeed, my portraits (kevinabosch.com) of the famous and not so famous are explorations into matters of identity and existence.

It had been percolating to the surface for many years, this concept I had become obsessed with, an elegant and discreet communication platform with so little friction or noise as to seem implausible. In 2007 I started a list of “rules” this platform would have to adhere to, which included:

  • Users would not have to use a login/password to send a message
  • No cookies issued under any circumstances
  • IP addresses would be tossed and therefore not connected to any message sent on the platform
  • Messages on the platform would not be stored indefinitely (mostly because I didn’t want to pay to store them)

The goal of such a platform would be to afford the user the opportunity to communicate discreetly and truly anonymously.

I am not of the school of thought that if you have nothing to hide, then you shouldn’t be concerned with maintaining your anonymity. Rather, I believe anonymity requires protection, and can even become an issue of human rights.

Thousands of people across the globe lose their lives every year simply because the words they speak or the words they write were attributed to them. Many never sought attribution, yet in their attempts to remain anonymous they were nonetheless, frequently through digital clues, discovered. These deaths often come in the form of State-sanctioned murder.

I have been a supporter of Amnesty International (www.amnesty.org) for years and have met many who have lost friends and family at the hands of governments who choose to silence voices opposing their agendas.

In November of 2013, I launched Kwikdesk (www.kwikdesk.com), a communication platform that strictly adheres to a privacy-protecting philosophy and employs technology not just to obfuscate, but to truly anonymize its users’ identities.

In the first week KwikDesk saw users flock to the site, but as we intentionally have no analytics on activity other than the number of unique users and the number of page views, we had no idea what was being communicated.

Soon, we would start to see people posting URL’s for various search strings (i.e. https://www.kwikdesk.com/#confession) on other sites like Twitter and Facebook, so we could see that our barebones platform was being used for freeform, asynchronous, topical discussion. The individual messages which we call Kwiks, are not linked to a URL so they cannot be crawled by bots. In interviews with the press I encouraged people to use KwikDesk in another way: for discreet messaging.

You can only search KwikDesk for #hashtags, so unless you know or stumble upon a #hashtag which has already been submitted to KwikDesk, your search results will be empty. You can only submit text to KwikDesk by including a #hashtag, which means that if you submit a message followed by a complicated #hashtag like “ #4ac14f6b60dd99439b7b061b440eb70f”, you essentially have a private anonymous message which can only be retrieved by searching for the same #hashtag. Two or more people who know the complicated #hashtag have a “secure line” of communication, that is unless someone gives up the #hashtag. In this sense, KwikDesk works as an anonymous “dead drop”, waiting for someone to retrieve the message. When messages are created, they are marked to “self-destruct” in either 24 hours or 10 days at the user’s discretion.

While the barebones platform has gained considerable traction in its short existence, we are now also developing a suite of anonymous social tools powered by the KwikDesk platform, and are partnering with other developers working with our API.

In late November 2013 KwikDesk launched a Chinese version of the site (cn.kwikdesk.com) with Wuerkaixi, student leader of the 1989 Tiananmen Square Protests in China. Wuer, whom I met through Amnesty International, is a longtime campaigner for human rights and has helped us reach a Chinese population which includes 591 million netizens. (WIRED 11/27/2013)

Anonymity is touted by many, but I’d advise taking a close look at the terms of service of some of these trendy players in the messaging space. How can you guarantee anonymity, and therefore potentially a user’s safety, when you are throwing cookies at them, running geolocation, and even pixel tracking?!

After a decade of allowing our personal data to be exploited in ways we may sometimes appreciate, but more often do not, or would not if we were aware of its extent, isn’t it time to build a comprehensive social-media experience upon true anonymity and with an entirely user-defined level of attribution ?

Feel free to share this ☺

— Kevin Abosch

Written by

An iPhone Loyalist’s First Few Weeks With Android


Next Story

Editor’s Note: Semil Shah works on product for Swell, is a TechCrunch columnist, and an investor. He blogs at Haywire, and you can follow him on Twitter at @semil

A year ago, I wrote a post titled “Silicon Valley Slowly Awakens To Android.” Recently, I purchased a Nexus 5 as we develop and begin the early tests of Swell for Android, and I wanted to share some of my initial user experiences carrying phones on both mobile platforms. What I want to focus on in this post are the elements of the Android experience I enjoyed and the elements of the iOS experience that I missed — what I don’t want to focus on is the “Android is better” or “Android sucks” debate. Now, with that disclaimer out of the way…The last time I really spent time on Android was in the Spring of 2011. That was a frustrating experience for me. Now with a brand new Nexus, it’s a new world.

Here’s what I like about having a Nexus 5 so far: The larger screen is enjoyable for reading Pocket and watching YouTube videos. Notifications are easier to digest. The integration of Google Services makes things significantly easier. I found it easier to multitask and switch apps on Android. Having Google Now just up and running is obviously nice. I have SwiftKey but haven’t fiddled enough with it yet. My personal favorites so far are products which can only be built on Android: Cover and Aviate. Cover, as many of you already know, is a lockscreen app which leverages sensor data from the handset and predicts which apps users may want at specific times. It’s surprisingly good at presenting me with the app I want to use at a given time. One of the great attributes of Cover is it reduces the time to get into an app and the cognitive load of sorting through apps. While our phones are cluttered with apps we rarely use, Cover intelligently elevates the apps we engage with most-often. As Cover spreads, it will reward apps with organic daily active engagement. Aviate is similarly elegant, a new homescreen interface with tons of cool options. (I’m also excited to try Ingress, Agent, Cogi, and any other apps you could recommend.)

Now, here’s what I missed not using iPhone all the time: The slightly-smaller form factor for typing. The retina screen, of course. The responsiveness of the touchscreen glass. There are many apps (especially from startups) that just won’t be on Android for a while, as it’s more efficient for small companies to build new products and experiences going iOS-first. I also like that there’s no “back button” on iOS — that was a confusing element for me on Android, as I don’t think of going back to a previous screen on mobile (seems more like a browser), though I can see how some may like this.

I’ve been carrying two phones for the last few weeks, largely for work but I’m enjoying experimenting with the new device and operating system. Recently, I started to think — what would it take for me or other iPhone users actually switch, to actually give away or sell my iPhone and just carry around this Nexus 5. Here’s what I came up with: Some will bolt for Android out of curiosity for something new, some will prefer cheaper and/or more flexible data plans, some will find all the apps they need on Android, some will want a bigger screen, or the ease of Google’s integrated services, or and so on.

However, what will get people moving en masse? That’s a trickier question to answer, and it’s also not clear that’s in Google’s best interest.

As killer apps like Google Now improve, these type of native anticipatory services may be enough to bring iOS users into Android. Or, since Android provides developers with more root access and data collection capabilities, app makers may create an entirely new mobile experience that’s both not possible on iOS and also vital to users. (That said, with hardware advancements like M7 and TouchID in iOS, the same could be said of Apple’s mobile platform — and, therefore, what we’re more likely to see is increasing divergence in the type of mobile experiences between Android and iOS.) Now, assume Google Glass becomes a consumer-level success – that entire phone-to-glass experience could end up being better powered by an Android, though Google can continue to write great iOS software and expand their reach across platforms, even if the functionality is limited or not as well-integrated within iOS. On Twitter last night, @robustus suggested Android’s killer app opportunity may be Bitcoin wallets after Apple’s moves to block some Bitcoin apps, though wallets could be open to more attacks. It’s a provocative thought, no doubt, and one that we shouldn’t dismiss. Or, maybe this isn’t about one platform versus another, but more about two platforms peacefully coexisting and preserving choice and competition for the benefit of consumers. Let’s hope that’s the case.

http://techcrunch.com/2014/02/16/an-iphone-loyalists-first-few-weeks-with-android/

Kickstarter gets hacked, tells users to change passwords


3 hours ago

No Comments

Kickstarter
Summary:Kickstarter was hacked earlier this week, the crowdfunding site informed users on Saturday. While the company says the hackers didn’t gain access to credit card numbers and only two users were affected, it advised all users to change their passwords.

Kickstarter was hacked Wednesday night and the crowdfunding site advised users to change their passwords late Saturday afternoon.

The hack appeared limited to just two users’ accounts, Kickstarter said. While the company says that “No credit card data of any kind was accessed by hackers. There is no evidence of unauthorized activity of any kind on all but two Kickstarter user accounts,” the hackers did gain access to other types of information — including “usernames, email addresses, mailing addresses, phone numbers, and encrypted passwords.”

In a blog post, Kickstarter CEO Yancey Strickler offered a Q&A:

“How were passwords encrypted?

Older passwords were uniquely salted and digested with SHA-1 multiple times. More recent passwords are hashed with bcrypt.

Does Kickstarter store credit card data?

Kickstarter does not store full credit card numbers. For pledges to projects outside of the US, we store the last four digits and expiration dates for credit cards. None of this data was in any way accessed.

If Kickstarter was notified Wednesday night, why were people notified on Saturday?

We immediately closed the breach and notified everyone as soon we had thoroughly investigated the situation.

Will Kickstarter work with the two people whose accounts were compromised?

Yes. We have reached out to them and have secured their accounts.

I use Facebook to log in to Kickstarter. Is my login compromised?

No. As a precaution we reset all Facebook login credentials. Facebook users can simply reconnect when they come to Kickstarter.”

Kickstarter said it’s improved its security measures and will continue to do so in coming weeks.

3 hours ago
Like this post? Share it!

Follow @laurahazardowen or @gigaom for more stories like this.

http://gigaom.com/2014/02/15/kickstarter-gets-hacked-tells-users-to-change-passwords/

Kickstarter Hacked, Customer Addresses and Other Info Accessed


Next Story

These days, it really seems we can’t go a week without some big site getting hacked. The latest target? Kickstarter.

Kickstarter announced on its blog (and via an email sent to customers) that hackers had found their way into certain parts of their database.

The good news: No credit card information was accessed — and even if it somehow would’ve been, Kickstarter doesn’t store full credit card numbers.

The not-so-good-news: they’ve detected that the hackers were able to access a database that contained usernames, email addresses, mailing addresses, phone numbers, and encrypted passwords. That “encrypted” bit is a bit of a plus — but given that no encryption is uncrackable with the right resources, you should absolutely change your password anyway.

Kickstarter says they were alerted to the breach by law enforcement officials (which law enforcement group, specifically, wasn’t mentioned) on Wednesday night, that they immediately closed the exploit that allowed the breach to occur, and that the last four days have been spent investigating exactly what was accessed.

Update: Kickstarter has updated its blog to answer a few questions that they were seeing a lot of. Here’s what we can glean from it:

  • Passwords were protected in one of two ways. Old passwords were salted and hashed with the SHA-1 protocol. Newer passwords were hashed with bcrypt
  • The company says it took 4 days to alert customers because they had to wait until they’d “thoroughly investigated the situation.”
  • Two accounts showed (unspecified) unauthorized activity; both of those accounts have been re-secured.
  • If you use Facebook to login to Kickstarter, the company says your FB account hasn’t been compromised. They’ve reset all Facebook tokens, which severs any ties Kickstarter has to your Facebook account until you manually give it permission again.
  • http://techcrunch.com/2014/02/15/kickstarter-hacked-customer-addresses-and-other-info-accessed/

CNN Gets It Wrong — Why We Don’t Really Mind


“This is CNN.” The network’s tagline has a certain swagger, as if to announce its arrival, or more precisely, your arrival at your rightful news home. This is what you’ve been looking for.

Yesterday, however, CNN tripped in the middle of its news strut. And most likely left even James Earl Jones wondering: This is CNN?

It’s been a rough year for the network on air. Last summer, while the country waited for the Supreme Court to rule on the constitutionality of President Obama’s effort to expand health care, CNN — like every other news outlet — sat crouched like an anchor-leg sprinter in a relay, hand extended backward waiting to grab the baton and explode down the homestretch to deliver the news.

Supreme Court decisions aren’t light reading. And in its haste to break the news to a country surely interested in the state of their health care system, but most likely at work and not watching TV, they got it wrong. Not a little wrong. Completely wrong. For more than ten minutes, CNN reported that the law had been, essentially, overturned.

Jon Stewart rejoiced. Pundits weighed in. It was embarrassing, they said. The once proud network’s reputation was tarnished. It was inexcusable. It couldn’t happen again.

On Wednesday, it did. On live news, CNN anchors looking slightly confused in the heat of the moment, reported that an arrest had been made in connection with the Boston Marathon bombing. And then, again, on air, it backtracked.

The mistake set off another round of condemnations. CNN was too Piers Morgan and not enough Christiane Amanpour. Jon Stewart officially declared CNN “the Human Centipede of News.”

CNN got it wrong. Again. But does it matter to CNN?

It certainly matters to media watchers. Getting it right definitely matters in journalism — otherwise non-fiction becomes fiction, which is much easier to report. But, does it matter to viewers? Did Fox News viewers change the channel after the network’s Karl Rove induced election night debacle? Will CNN fans decamp?

It seems like not.

If they did care — if we cared — the networks would place more emphasis on getting the news right, rather than first. Both CNN and Fox’s blunders will be used as an example of the downfall of the modern media. Information moves too fast, the 24-hour news cycle is a corrupting influence. Maybe.

But, the real reason why it won’t matter is that our expectations of TV news have changed. It’s as much reality TV as it is a delivery mechanism of what’s happening. A train wreck attracts spectators. Memes are written, mashups are posted and careen around the internet. It’s better that people have an opinion of you, than don’t care at all, right?

It’s all part of a cable news circus, that is as much about the theater of reporting the news, as it is about what the news actually is. It may not make for good journalism, but it makes for great TV.

If we cared more about the journalism than news theater we’d all be watching PBS. But no one’s talking about NewsHour. There are no meltdowns. The circus, itself, becomes the point — the reason to watch. Youtube videos go viral precisely because they are unexpected, unvarnished — embarrassing. This is CNN.

As newspaper stories became blog posts and then were abridged into Tweet form, we’ve built up a pretty high tolerance for mistakes. And even crave them.

In some ways, it’s an acknowledgment that reporting is difficult and we’d rather have your best guess now, even if you don’t come up with the right answer until later. Blogs update, Tweets are considered provisional.

Why is CNN any different? We’d all like to think that it is. But if you think of a live cable newsfeed as essentially a live televised Twitter feed, then maybe we should temper our outrage, just as we’ve lowered our expectations.

And if we’d like to know what’s actually happening — what’s truly news — maybe we have to wait to read about it in the morning. CNN’s betting that we won’t.

Written by