Posts by kylerankin@mastodon.social
 (DIR) Post #3271819 by kylerankin@mastodon.social
       2019-01-23T01:45:19Z
       
       0 likes, 0 repeats
       
       The word "security" has long been misused to justify all sorts of measures that conveniently give a company more control and the user less. Now "privacy" is getting the same treatment: https://www.theregister.co.uk/2019/01/22/google_chrome_browser_ad_content_block_change/
       
 (DIR) Post #3272001 by kylerankin@mastodon.social
       2019-01-23T02:00:33Z
       
       0 likes, 0 repeats
       
       @dredmorbius Yours seems like a reasonable definition to me.
       
 (DIR) Post #3338797 by kylerankin@mastodon.social
       2019-01-24T19:12:52Z
       
       0 likes, 1 repeats
       
       Firmware attacks like in this article are why the Heads tamper-evident BIOS is so important. With Heads the *user* is empowered to inspect, reproducibly build and reflash themselves instead of anchoring all trust in a vendor. #infosec https://theintercept.com/2019/01/24/computer-supply-chain-attacks/
       
 (DIR) Post #3481086 by kylerankin@mastodon.social
       2019-01-28T19:38:51Z
       
       0 likes, 3 repeats
       
       Smart TVs not only capture and sell your data like a phone, now they are paid to pre-install crashy spyware apps you can't remove just like a phone. #privacy https://www.theatlantic.com/technology/archive/2019/01/smart-tvs-are-dumb/581059/
       
 (DIR) Post #3542349 by kylerankin@mastodon.social
       2019-01-29T19:25:57Z
       
       0 likes, 1 repeats
       
       Most people don't know that the Evanescence song Bring Me To Life is really about a laptop with poor Linux support that can't resume from suspend. #cantwakeup #devops
       
 (DIR) Post #9g8gJ4x2OuwGArJ6pM by kylerankin@mastodon.social
       2019-02-23T20:24:18Z
       
       0 likes, 1 repeats
       
       The problem isn't the phone, it's the ad-funded, data-capturing apps designed w/ addiction psychologist input specifically *to trigger* addictive behavior. Addiction = engagement = eyeballs on ads, your personal data in databases. #privacy https://www.nytimes.com/2019/02/23/business/cell-phone-addiction.html
       
 (DIR) Post #9gWHHmTNmaarVyl6kS by kylerankin@mastodon.social
       2019-03-06T21:23:30Z
       
       0 likes, 1 repeats
       
       Like with previous FB privacy apology posts, this one is full of promises to #respectprivacy this time, but unless they change how they *make money*, any promises are empty. They'll still have to capture and sell user data to keep the lights on. #followthemoney
       
 (DIR) Post #9hidrj94MWIhQQjae8 by kylerankin@mastodon.social
       2019-04-12T03:45:48Z
       
       1 likes, 2 repeats
       
       This post-mortem of today's Matrix prod compromise is great for its transparency and cautious response. Also a clear demonstration why dev infrastructure (Jenkins or otherwise) should not be allowed to access prod. #keepemseparated #infosec #devops https://matrix.org/blog/2019/04/11/security-incident/index.html
       
 (DIR) Post #9hiexa5f2cIf28Ulua by kylerankin@mastodon.social
       2019-04-12T03:51:09Z
       
       1 likes, 0 repeats
       
       @kylerankin Takeaway 1: Matrix response to take down prod, rebuild from scratch in relatively short order, is commendable and all orgs should be aim to be able to do the same in similar circumstances.
       
 (DIR) Post #9hiexaQZmr1w50HTVo by kylerankin@mastodon.social
       2019-04-12T03:54:29Z
       
       0 likes, 1 repeats
       
       @kylerankin 2: Many #devops orgs deploy to prod straight from CI. Jenkins is red team gold. Always separate dev/prod completely. Dev access should never lead to prod access.
       
 (DIR) Post #9hipj3Mt0I8IzNpMf2 by kylerankin@mastodon.social
       2019-04-12T04:01:02Z
       
       0 likes, 0 repeats
       
       @kylerankin 2a: One approach is CI signing/shipping code to dev repo, admin logs into prod to trigger prod pkgs sync from dev to prod. Make attacker have to backdoor the code itself.
       
 (DIR) Post #9hipj3aiAtBxgGIPD6 by kylerankin@mastodon.social
       2019-04-12T04:05:54Z
       
       0 likes, 0 repeats
       
       @kylerankin 3: Great early post-mortem given circumstances. Affected servers, what attackers did, what Matrix did, what users should do, timelines, promises of more detail later.
       
 (DIR) Post #9hpileZMK2nfNBfpj6 by kylerankin@mastodon.social
       2019-04-15T13:29:29Z
       
       1 likes, 1 repeats
       
       Software engineers are indoctrinated to believe: "People only hate ads when they aren't relevant." This doctrine has led to over 20 years of mass data collection. It's a lie, and if more engineers dared to question it, we'd get a lot further on #privacy.
       
 (DIR) Post #9hwRkT41H90WHlaECm by kylerankin@mastodon.social
       2019-04-18T16:22:54Z
       
       0 likes, 1 repeats
       
       How exactly do you "accidentally" write software that logs into an email account, pulls down the contact list and stores it in a FB database? #privacy https://www.businessinsider.com/facebook-uploaded-1-5-million-users-email-contacts-without-permission-2019-4
       
 (DIR) Post #9i2aavRCzY6HvTiKbg by kylerankin@mastodon.social
       2019-04-21T14:31:43Z
       
       0 likes, 1 repeats
       
       Zuckerberg funded FB engineers to make a "personalized learning" platform for Kansas kids. Besides the educational concerns, how much personal data is this program storing indefinitely? Who gets access to it? #privacy https://www.nytimes.com/2019/04/21/technology/silicon-valley-kansas-schools.html
       
 (DIR) Post #9i2d7ZUBpTBZJ9nqcK by kylerankin@mastodon.social
       2019-04-21T15:37:16Z
       
       0 likes, 2 repeats
       
       Education is moving to a divide along class lines: the rich are taught by humans in a tech-free environment. Everyone else will be taught by computers subsidized by Big Tech in exchange for data and lock-in.
       
 (DIR) Post #9i2d7ZlCoCnS9vlR8i by kylerankin@mastodon.social
       2019-04-21T15:40:44Z
       
       0 likes, 1 repeats
       
       @kylerankin You see this in Silicon Valley today. Tech billionaires send kids to private schools that tout being tech-free and hands-on with human teachers.
       
 (DIR) Post #9z2USWsMHwXMQI9QGW by kylerankin@mastodon.social
       2018-09-12T22:58:17Z
       
       0 likes, 0 repeats
       
       Looking at the current state of tech it's easy to conclude that people don't care about #privacy. I have to remind myself that people *do* care, they just feel powerless to do anything about it.
       
 (DIR) Post #9zDnwm2SVs1G0OZOBE by kylerankin@mastodon.social
       2018-10-29T16:18:46Z
       
       0 likes, 0 repeats
       
       The general public is starting to realize that the multi-billion-dollar ad industry built around targeting and manipulating you to buy stuff you don't need can be used to target and manipulate you to do other things (like vote a certain way).
       
 (DIR) Post #A0Vrm5mXuCUUNiKjpo by kylerankin@mastodon.social
       2018-09-14T20:15:11Z
       
       0 likes, 0 repeats
       
       Google's China search engine features a censorship blacklist that "included terms such as “human rights,” “student protest,” and “Nobel Prize” in Mandarin." and makes it easy to link searches to individuals: https://theintercept.com/2018/09/14/google-china-prototype-links-searches-to-phone-numbers/