Who else is reading my messages to you?

I have never been a Facebook user. I think that surprises a lot of people, but it’s true. I heard about Facebook around 10 years ago in the midst of an intercontinental move and a big career change. It sounded too much like the high school snobs invading my refuge of online communities, and so I didn’t pay any attention. When it caught on among pre-teen and post-fifties users, and everyone in between, we took a look and decide it was way too ugly to spend any time with. Then privacy concerns started to arise:

  • intensely personal stuff leaking out onto advertisers’ radar, or into public view
  • drastic revamps of data collection policies in quick succession
  • user-unfriendly opt-out mechanisms

A lot has changed, of course. Facebook hold-outs are the exception now, not the norm. Just so we’re clear: I’m not judging anyone. 1 It’s got broad appeal and usefulness for a lot of people, and I miss out on a fair amount of social info by staying away from it.

I am not TedMy Facebook abstinence may seem on the surface like just one step down the kooky road to technology paranoia. I’m interested in the technology of communication primarily, but secondarily uncertain about the implications of big companies and their privacy policies. And the recent purchase of WhatsApp by Facebook doesn’t leave me with a warm fuzzy feeling of trust that you and I are the only ones reading the messages we exchange.

What have I got to hide?

I am sure I don’t have any need to hide my communication from any foreign or domestic government agency. I’m not running a spy ring or acting as a go-between for any freedom fighters resistance movements, terrorist cells … um, dubious third parties. But I’m not sure I trust those big companies (Facebook, Google, Microsoft, Apple) and also smaller ones (Dropbox, LinkedIn, Xing, perhaps Twitter)

  1. to handle my data with MY best interests in mind, and
  2. to keep my stuff2 safe from external prying eyes

What’s in it for me?

Who benefits when their machines read my stuff? They suggest new professional contacts or funny tweeters to follow or car rental agencies for that next vacation we’re thinking about. To a rather limited extent, Clippy letterI guess that’s a perk for me. More often though, when I want more, I seek it out myself. I tend to get annoyed when a real, live person pigeon-holes me directly — I find such behavior by a machine intensely disturbing. But I think they stand to gain a lot a lot more than I do. Maybe that’s the cost of using those otherwise-free services. I read somewhere that when a profit-oriented company offers you a free product or service, YOU are the commodity being exchanged. At least Clippy gave you the option to tell him to take a hike. Buying a license to use that software resolves any qualms I might have about that.

What am I going to do about it?

I’m not turning into a recluse or a vigilante or an rms-accolyte (despite my choice of selfie above and the recent beard). But I am considering my choices of technology providers perhaps more carefully than I or others have in the past. Using Threema instead of WhatsApp is part of that.

I read a couple of good articles on this topic recently:

Threema keeps your short messages encrypted all the way from your mobile device (Android or iOS) to the recipient. It’s a tiny company making smart choices about the technology they use to ensure that. They can’t turn over your message contents to any other party (governmental or hacker), because they can’t.

  1. They don’t log them.
  2. Even though the messages temporarily reside on of their servers while awaiting retrieval by the recipient, they are in an encrypted state, and only the recipient can decrypt them.

Yeah, but what about email?

Another part of that security-conscious electronic communication is using email in an encrypted way. That’s much harder to implement: effective security is not simple, and vice versa. 4 While you can use Threema to send short text messages or videos or pictures from your phone (or iPod touch, though I haven’t tried that yet) à la WhatsApp, you can’t use it to send just any file securely. Encrypted email is a really good choice for that.

Other apps and services?

Skype (owned by Microsoft), Facetime (owned by Apple), Google Talk (owned by…you know), LinkedIn, Last.fm, Spotify also potentially capture stuff about me. And I have explicitly signed up for that. Do I mind? Yes, but not enough to not use their services. When it’s pure text, written by/to me, I see a bigger risk of invasion of my privacy than what could come of

“We noticed you like Led Zeppelin. How about this Allman Brothers Band playlist?”

If Facetime or Skype starts parsing my phone calls with my parents (is that even possible? Let’s ask Siri.), you can be sure I’ll find another way. I don’t use the other social networking services much. I peek in there every now and then to see if I’m missing something. So far, so good.

And the Regensblog? Twitter?

Those are intended for public consumption, but the content is supplied by the end user. 5 We’re conscientious about not revealing more about ourselves via those services than our comfort levels allow. So extra layers of technical security seem pretty useless there.

Does this mean I’m not going to use WhatsApp anymore?

Not really. It means I’m going to prefer other means — Threema for now, but if something better comes along, I’d consider that, too — but I’m not ready to cut myself off from the majority of WhatsApp users. The bottom line is that this topic doesn’t stick in everyone’s craw, but that doesn’t mean I want to lose touch with them. If you have my mobile phone number, you can still reach me on WhatsApp, but be prepared for me to suggest we keep it just between you and me.

What’s your take on all this?

Am I way off-base here? Idealistic beyond any realistic expectation? How have you managed to reconcile your own sense of privacy with the desire to stay in touch with friends and family? I would love to hear another perspective. Let’s chat. Right here, out in the open.

  1. Except Facebook, and similar companies with too much interest in my details, I guess. []
  2. What kind of stuff? Travel plans, insurance policies, bank statements — super boring stuff, unless you’re perpetrating identity fraud, right? []
  3. German for “Threema: an app to annoy the NSA” []
  4. Still, if you would like to exhange email with me and guarantee that no one else can read it — neither a governmental agency nor a hacker infiltrating a mail server — let me know that I am happy to help you set it up. It can work nearly seamlessly in email programs on Windows, Mac OS or Linux alongside plain old email traffic. For a lot of people, the big catch is that encryption is hard or impossible to implement on top of webmail systems like Gmail or Yahoo! mail, but the barrier to entry is much lower on stand-alone mail clients like Apple Mail, Microsoft Outlook or Mozilla Thunderbird. []
  5. It stings when you accidentally confuse a public tweet and a direct message, but an ID-10T error can happen to anyone. []

External USB 3 drive unmounts on OS X Lion when the iPhone is plugged in

Sarah noticed something weird today — might be related to her recent upgrade of her iPhone 4’s OS to iOS 7-point-something. Or maybe not.

Ours looks like this.
Ours looks like this.
Our aging Mac mini is what we’re keeping around for iTunes purposes. It’s how Sarah gets her stuff (apps, podcasts, music, etc.) onto her iPhone.

The mini model we have only has an 80GB drive, so our collection of music and apps and stuff has to reside on an external drive, a 1TB USB 3 external drive we snagged in Hong Kong a couple years ago. Up until this week, that drive worked great even through a powered USB hub. We plugged it in after bringing home, migrated our iTunes music library onto it, and forgot about it.

Hers has a few more scratches.
Hers has a few more scratches.
…until it started making ominous clicky noises this week. That started the beachballing in the Finder. I thought for sure the drive must be kaputt, but after unplugging it and replugging it and running the diagnostics on it via Disk Utility, everything still seemed hunky dorey. I even ran Apple Jack to see that would help with anything. Sarah mentioned that it only made the clicky noises when her iPhone was plugged in, and that it might have been around the same time that she was applying an update to iOS7.

USB 3But this all seemed pretty strange to me. Could an iOS update really influence the mounting behavior of external USB drives? Sure enough, while the drive was making the clicky noise, I unplugged her phone and the drive mounted itself normally, ready for use.

What the heck?

I googled some for it but couldn’t find any direct hits immediately, or even anything close. I saw other people with newer computers and external drives discussing voltage differences through USB hubs and overheating problems, but nothing that seemed applicable to our situation.

But on a whim, I tried plugging the USB drive into the last remaining available USB port on the Mac mini — skipping the USB hub completely.

And it seems to have worked. iPhone and USB drive are both plugged in and working normally. Hope it stays that way.

Mac OS X Mavericks: disabling App Nap and What Happened to Disk Usage from the Activity Monitor

Apple’s OS X Mavericks (10.9) software came out recently — FOR FREE. I installed it today on our Macs young enough to hang ten with the big boys and discovered a couple quirks — and work-arounds. Continue reading Mac OS X Mavericks: disabling App Nap and What Happened to Disk Usage from the Activity Monitor

Mac OS X 10.8.5 update breaks Skype video

Apple_logo_black.svgSkype_logo.svgI updated to the most recent version of the operating system on our Mac laptop a day or two ago. Suddenly, Skype stopped recognizing our built-in Facetime video camera.

I googled around for a bit and quickly found that other users were reporting the same symptoms.

Here‘s where I found the fix. Continue reading Mac OS X 10.8.5 update breaks Skype video

Pseudo-Random Observations

I’ve been building a password generator the past few days. It takes words from the dictionary at random* and then combines them with punctuation and numeric characters.

I have elaborated on a few methods of personal information security before (here and here). I still prefer to

  • never use a password for more than one site/service/login, and
  • not even know most of my passwords, and
  • let software generate them for me

But I guess I can see a need for passwords that are memorable, or at least easy to visually read and type in on another screen (perhaps a miniature one, or a computer you don’t own). Continue reading Pseudo-Random Observations

Offline Google Maps: what to do when downloading hangs

This was my first work phone (nominally also a smart phone, but practically -- not very usable as such). That is not my hand.  I got the image from here.
The Nokia E50 from 2006: nominally also a smart phone, but practically — not very usable as such. That is not my hand. I got the image from here.
I finally got a new phone for the first time since 2006 this month. It’s my first smart phone for work (I’ve used other portable devices — iPod touch, Nokia E61i, Palm Treo, Handspring Visor + Visorphone) on my own dime, and my first foray into the Android operating system. It’s got two SIM card slots, which makes it particularly convenient for both work and personal use. With that in mind, I was pleased when I read about Google Maps for Android becoming available offline — so you can see your position on map tiles downloaded in advance without using a roaming data connection, which is very expensive. Continue reading Offline Google Maps: what to do when downloading hangs

My favorite cheapo web host probably just got cheaper!

I just saw this blog post from NearlyFreeSpeech.NET. NearlyFreeSpeech.NETI love being a customer of this company — they are happy to host smaller sites and are constantly working to bill only for services actually used. This blog post addresses a bunch of feature requests from their customers that have been open for years and some other potentially advantageous changes. Continue reading My favorite cheapo web host probably just got cheaper!

Command line on-the-go with mosh, the mobile shell

Warning: this post is intensely technical, bordering on arcane. It’s about improving your user-experience as a command-line user on remote Unix-like systems. As such, it’s probably not intended for you, but my hope is that someone else will find it useful. The usual geeky stuff (food, travel, language, etc.) will follow again soon.

If you ARE the someone else, score!

Ours is a pretty geeky apartment. But we don’t always just stay there at home; often our geekery needs to travel with us. Continue reading Command line on-the-go with mosh, the mobile shell

2-step verification for Google Accounts

Information security is a PITA. But less so than not having any. What measures do you take to keep your online stuff safe?

I’ve written about some simple steps I’ve taken to improve the security of my online stuff before. The video below describes an extra step you can take if Google is a provider of a service you use (Gmail, Google Documents, Google Maps, etc.). Tons o' AppsMy thanks to @Yellifers for tweeting about this article, which called my attention to these options. Apparently Google has offered these for over a year, but I’m just now hearing about them. I’m using them now to try to reduce the odds of nightmarish Google Mail filter manipulation to hide someone’s nefarious online activities about me from me. Continue reading 2-step verification for Google Accounts