Weekly Axis Of Easy #52
Every week I’ll post a quote, first person to correctly post the attribution below in the comments gets their next domain or hosting renewal on us. (Do it without Googling it, on your honour)
This week’s quote: “The future is here, it’s just unevenly distributed”. —by ????
Extended to June 4th, get 6 months free web hosting when you register or transfer in a new domain. Click here for more info
In this issue:
- Canadian CRTC goes “all in” toward Internet regulation and taxation
- Google’s “Selfish Ledger” dystopian vision of techno-future
- Google cancels military drone program after employee backlash
- Papua New Guinea imposes month long Facebook ban
- CitizenLab sounds alarm on Canadian Censorship-As-a-Service outfit
- DHS confirms rogue cell sniffers used in vicinity of White House
- Ticketfly still offline after security incident
- Cloudflare’s 18.104.22.168 latest victim of BGP hijack
- Those phishy looking “URGENT” emails from us are real (*sigh*)
If you’re Canadian, or any interested observer with a macabre fascination with watching bureaucrats profoundly misunderstand technology, you need to read Michael Geist’s coverage of the CRTC’s recommendations to basically “tax everything” remotely related to Canadian Internet usage under the guise of preserving “Canadian Content”. However, as Geist shows, “CanCon” is not endangered, and is in fact thriving in this new media reality. Perhaps this is one of the few areas where Canada still “punches above its weight” (because that hasn’t been the case in politics or diplomacy for generations).
Belatedly as this surfaced the week before last, a two-year old video made by X head of design and co-founder of Near Future Laboratory Nick Foster outlines a world in which the search giant attains Total Information Awareness of its users and uses that ability as “an adaptive force” to nudge them in the direction they want and to literally breed follow-on behaviour within predetermined policy tracks (to wit: “What if the ledger [ that’s all the data they aggregate about you] could be given a volitional purpose?”)
X is Google’s semi-secret, self-described “moonshot factory” that Google hopes will someday “make the world a radically better place”.
Watch Selfish Ledger here: https://www.theverge.com/2018/5/17/17344250/google-x-selfish-ledger-video-data-privacy (8m41s)
Speaking of Google, after coming to light that the company had deliberately understated the magnitude of its joint venture with the US DoD to supply military drones with AI (they initially dismissed it as a 9 million dollar contract but it was revealed to portend an ongoing relationship worth at least 250 million annually), and then tried to cover it up; the company has reportedly cancelled Project Maven after a backlash from employees.
Keep in mind by “cancel” means it won’t renew the contract after it ends, but it won’t preclude itself from signing future contracts with the military. In other words, I won’t be surprised if Google keeps working on AI for military drones after a suitable hide-the-salami exercise buries the details in some subsidiary under some other DoD contract. Maybe they’ll just kick it over to the aforementioned X.company (“Moonshots with missiles”).
The country of Papua New Guinea has imposed a one-month ban on all Facebook usage while it endeavours to clean up “fake accounts” and adult content to “allow genuine people with real identities to use the social network responsibly” according to that country’s Communications Minister. He elaborated that “The time will allow information to be collected to identify users that hide behind fake accounts, users that upload [inappropriate] images, users that post false and misleading information on Facebook to be filtered and removed.”
The Canadian-based CitizenLab watchdog group issued a report detailing their findings on fellow Canadian company Netsweeper, which bills itself as an “Industry Leading Software Based URL Filtering”. On its own, nothing wrong with organizations creating and enforcing policies around URL filtering, especially as a line of defense against spear-phishing and malware.
However, Citizenlab’s findings indicate systemic misuse or over-filtering of Netsweeper in some countries can have serious ramifications with regard to civil rights and specifically LGBTQ rights in certain countries. Namely: that Netsweeper is:
“filtering content for national-level, consumer-facing ISPs in ten countries of interest: Afghanistan, Bahrain, India, Kuwait, Pakistan, Qatar, Somalia, Sudan, UAE, and Yemen”
“to a wide range of digital content protected by international legal frameworks, including religious content in Bahrain, political campaigns in the United Arab Emirates, and media websites in Yemen”
and more specifically that the system is “over-filtering” and blocking access to searches and resources associated with LGBTQ news and resources. The CitizenLab team forwarded their findings to Canada’a Special Advisor to the Prime Minister on LGBTQ Issues.
We previously reported on the discovery of a rogue network cellphone interception towers deployed inside the beltway throughout Washington DC, the DHS has confirmed that some of these were near the White House and could have, at least in theory, been used to eavesdrop on President Trump’s non-secured iPhones. Zerohedge article traces the history of these developments, including legislators’ concerns going back to at least 2014. Turns out the network was discovered during a three-month trial of equipment designed to detect illegally deployed ISMI catchers (“Stringrays”). I guess it worked.
Video on ISMI detection: https://www.rsaconference.com/videos/project-overwatch-multinational-effort-to-combat-imsi-catchers
This is every tech CEOs nightmare scenario, including mine: a hacker took control of TicketFly’s website and obtained their full database which he then released into the wild after demanding a 1 bitcoin ransom. TicketFly, an Eventbrite subsidiary, took down the website out of “an abundance of caution” when the hack was revealed last week. As I write this Sunday morning the website is still offline. Ouch. I don’t know how the website was originally hijacked.
Last week Cloudflare’s nascent 22.214.171.124 resolver service suffered a brief BGP leak, which is when another party begins announcing route updates for your address space without authorization. The event lasted under 2 minutes, and this thread on Hacker News suggests it was a mistake and not a malicious hack, like the MyEtherWallet / Amazon Route 53 DNS hijack last month. Nevertheless, I still personally predict that for the next while, BGP hijacks will become increasingly disruptive and costly. The best defense right now, is to monitor your routes if you’re running your own ASN and sign your zones with DNSSEC.
Event detail: https://bgpstream.com/event/138295
Our new DNSSEC system v2 is now live for users with their beta features enabled (under user info settings. It also has a tool to migrate your existing signed domains to the new system. Please start with something non-critical and if nothing explodes we can all get a little bolder together.
Those phishy looking “URGENT” emails from us are real (*sigh*)
Yes, after we outlined last week why we think GDPR is essentially moot for non-Euro companies, our clients began receiving emails with the subject “URGENT: Review and update your data use preferences”. It’s probably the worst possible email subject line if you actually want anybody with a clue to respond. As we mentioned in our post, because we use the Tucows/OpenSRS registry stack on the backend we are largely confined to do what Tucows does, and that’s where these messages are coming from. We’re updating the subject line and content today to try and make it less phishy and more ….easy-ish..
The key takeaway is: they’re real, it is safe to follow the directions therein (provided of course that they lead you to https://approve.easydns.com), and alas, given that we live in a world where faceless unelected technocrats in a far off land design to set rules for everybody else, it may even be necessary. We’ll let you know. Happy Monday.
Extended to June 30st, get 6 months free web hosting when you register or transfer in a new domain. Click here for more info