https://jvns.ca/
Not a tech. company blog. Explains technical concepts clearly and top notch technical posts. Fits 1,2, 3 criteria of what you ask, though not the 4th one.
Totally. She has a fearless approach to learning complex topics (my favourite quote is simply "Computers are knowable", though I couldn't find it — I think she said it on some podcast?) that doesn't shy away from acknowledging ways in which stuff is genuinely hard (e.g. https://jvns.ca/blog/2024/03/22/the-current-branch-in-git/ is among the best usability/learnability dissections I've seen).
Yes! Julia is fantastic at explaining concepts, and creating ways to learn about them. She produces a great series of “zines” summarizing a bunch of technical topics, her blog archives are really fascinating, and she’s created really useful tools like Mess With DNS (https://messwithdns.net) which gives you your own DNS subdomain and the means to update records so you can try things out in an easy, harmless way.
Strong recommend! Julia's posts are always really engaging and educational.
She also publishes a number of technical topics as ZINES. I bought her "Oh Shit, Git!" zine and learned a ton of useful info, despite having decades in the industry.Zines are a great way to encourage book-allergic coworkers into learning great material.
What you are proposing is too sweeping, it is not just privacy that suffers. Making a single ID (whose attributes can't be changed) an entire identity of a person is a very risky one. This makes it a single point of failure and in cases like an ID theft, misuse the affected person suffers gravely, and onus will be on them to prove who they are, a Kafkaesque nightmare it would be.
There are several countries which use a single ID for all government interfacing. For that matter, Aadhaar is almost there already. I am not suggesting that private companies should use it, or should be allowed to use it. But a single ID will limit babudom arbitrariness a bit.
> whose attributes can't be changed
Many IDs (outside India) have similar issues, options to change attributes, and various redressal mechanisms.
I don't know of how digital IDs are used etc. in other countries and how ubiquitous there usage is. (One ID I'm aware of is social security numbers (SSN) is U.S, but that is considered as PII data and usually companies take steps to protect/mask them). But citing that this is how it is done elsewhere is just an appeal to tradition/common practice and not necessarily addresses the points I had made.
Not op,I agree that hotels doesn't do any face matching.
However for getting a new mobile connection the flow is similar to what op has mentioned. It seems one can get a mobile connection by not opting for face recognition, but the process is cumbersome. Similarly for property registrations fingerprints (atleast in some of the states) of the concerned parties is matched against the ones that are associated with their Aadhar.
Yes, because Telcos are designated as AUAs, and expected to do a full KYC under DoT regulations. Hotels are not.
I have two SIMs, and I surprisingly got the newer of them in 20 minutes at a remote village in India without an Aadhaar. Telcos do a Liveness check with their phone instead these days.
I think this point is bit orthogonal. The current outrage was largely because the app has to be pre-loaded and there wasn't an option to disable or uninstall it.
In the later incarnations, if this is an app which you need to access government services that is less of an issue, though I'm not advocating that this is completely fine. There are already apps like these CoWin (during Covid time), or Digiyatra (despite some of the privacy concerns around it [1]) which many are using. I hope if at all this app gets introduced (in the form you mention) there are larger discussions about permissions and the data access the app would need,and it can be disabled, uninstalled.
The only upshot of this whole saga seems to be an increased awareness (though a small bit) in general public about importance of privacy in the digital world. Most of the media outlets (both English and regional language newspapers) provided a prominent coverage of this news.
It was Apple's pushback that lead to the DoT backing down [0], but they will most likely either try to push this again if they are able to assuage Apple (eg. drop the $38B anti-trust bill [1]), or will potentially adopt China- and Vietnam-style data sovereignty regulations.
English speaking urban Indians are loud on English media but ultimately don't matter for political decisions because they can't actually flip an LA or LS election. You need to either be a significant voting bloc or a major economic bloc to become a veto player in any country.
After Snowden, the single illegal U.S. surveillance program he leaked was shut down, the browser vendors essentially forced https everywhere, companies encrypted their WANs, and E2EE became popular in consumer applications. That's just off the top of my head.
tell that to salt typhoon who collected copious amounts of data on all of us.
https still uses unencrypted client hello's (ECH) across the vast majority of the internet, showing which domain the client is visiting in plaintext for multi-site servers to do SNI. DNS is still plaintext on most consumer routers/models provided by ISPs, stingray technology exists in the wild and is widely used to mimic cell towers. E2EE is not popular in consumer applications, even Telegram isn't E2EE and the main ones that claim they are like X's new Chat they have the keys on; Matrix having E2EE still shows meta data in plain text, room names in plain text.
While iMessages, RCS, Signal are mostly mainstream, most people are unaware of the need for E2EE. RCS is its own set of issues.
Pegasus, Cellbright, I can go on and on with the spyware companies that can just send a text message and infect devices with 0click exploits.
We can have E2EE but if they can just see the screen or hook in to the messaging app's memory doesn't mean much.
Pick up your cell phone, is it connected to Wifi? Can it see other Wifis? Apps track those nearby SSIDs and report to major databases to have accurate geo-location data down to the spot we stand.
Don't get me started on Ad-Tech.
The EU wants to install backdoors on everybody's devices and get rid of encryption entirely.
Zero Trust Technologies are a fun thing to read in to, especially the need for them.
> tell that to salt typhoon who collected copious amounts of data on all of us.
That is not a US government program.
You also brought up ECH, DoH, DoT, Android's fake cell tower detection, and Android's NEARBY_WIFI_DEVICES permission that also demonstrate a strong industry-wide push to limit mass surveillance, contributing to my argument that GGP's assertion that nothing has changed is incorrect.
> The EU wants to install backdoors on everybody's devices and get rid of encryption entirely.
No, it doesn't. Just because someone proposes something doesn't mean the EU wants it, especially when the EU completely removes that proposal from the table.
You're right, it isn't. It's a foreign one (allagedly) and they used the tools telecoms and agencies use to monitor data, sms, call logs with IMEI/IMS mapping. Those, do belong to government agencies.
> You also brought up ECH, DoH, DoT, Android's fake cell tower detection, and Android's NEARBY_WIFI_DEVICES permission that also demonstrate a strong industry-wide push to limit mass surveillance, contributing to my argument that GGP's assertion that nothing has changed is incorrect.
This sounds more like you want to be correct; data brokers and mass surveillance are at an all time high, with platform providers requiring biometrics, ID uploads, data being sold, re-sold, re-sprinkled.
Android devices that can not utilize the latest Android OS (16+) to my knowledge can not access these features, by default DoH, DoT are not enabled by default. Whether the device itself can show if a fake cell tower is being used is only one step. The telecom and infrastructure companies that provide 5g have more tech layered on top of it that is indeed vulnerable, salt typhoon sat dormant in major telecom and internet backbone devices for over a year before being discovered.
We don't know whos cyber campaigns or who's involved in surveillance. I'll often get customers sharing the same stories where they call their ISPs and the ISP operator will list all the websites the customer viewed in casual conversation over the phone; which is scary.
> No, it doesn't. Just because someone proposes something doesn't mean the EU wants it, especially when the EU completely removes that proposal from the table.
Yes, it does. Many countries are in favor of it in the EU and even if it fails, they keep proposing it until it'll pass.
The U.N. just signed a multi-nation treaty with 72 countries, including Russia, China, and Iran to swap data with other intelligence and law enforcement agencies with the data its collected as its joint mission to, on paper look like a good thing but broaden surveillance and share that data among countries.
https://vp.net/l/en-US/blog/72-Nations-Create-Global-Surveil...
The U.S. isn't involved with that, but here in the U.S. states are just now proposing VPN bans and requiring logging for major AI providers.
Most things are walled gardens.
The claims that it's getting better need all of us to put in a lot more work. Security, privacy, data integrity all go hand in hand.
Those SSIDs have among them, tracking that tracks MAC addresses, which can also be scanned out of the air using basic tools like aircrack-ng
A simple 'Share Your Location with this website' popup on a browser is more than enough to geo-locate you and provides enough information to geo-locate others on the same network.
It getting better is just not true. I wish that were the case, but it's going to take a lot of work for all of us.
> they used the tools telecoms and agencies use to monitor data, sms, call logs with IMEI/IMS mapping.
Telecoms use that data for billing. The government, notably, is not allowed to request this data en-masse post-Snowden.
> data brokers and mass surveillance are at an all time high, with platform providers requiring biometrics, ID uploads, data being sold, re-sold, re-sprinkled.
On the contrary, after GDPR, sharing of this data has become severely restricted, limiting this information to first parties.
> Android devices that can not utilize the latest Android OS (16+) to my knowledge can not access these features, by default DoH, DoT are not enabled by default
This permission was added in Android 13, also post-Snowden, representing a change limiting mass surveillance. DoH rolled out as the default to all Firefox and Chrome users in the U.S. in 2020.
> Yes, it does. Many countries are in favor of it in the EU and even if it fails, they keep proposing it until it'll pass.
Speculation. Mass surveillance is more difficult now than it was pre-Snowden, as I asserted. Maybe in 100 years, it will be different, but I made no claims about mass surveillance in the 22nd century.
> Those SSIDs have among them, tracking that tracks MAC addresses, which can also be scanned out of the air using basic tools like aircrack-ng
Android has defaulted MAC address randomization since version 10 and iOS since 14. This is yet another feature that made mass surveillance harder since Snowden.
Why you think so, pls elaborate. In the current form governments all over the world are increasingly having massive power over what citizens can do, don't and increasing it by degrees day after day.
You are confounding intent with the implementation.It might be a garbage app to start with, but there is no opt out for the users. Given the payoff and endless iterations resources will be thrown at it and it would eventually get better.
> Given the payoff and endless iterations resources will be thrown at it and it would eventually get better.
Allow the user to download and install it if it turns out to be great. Do not shove things down people's throat against their wishes, like an authoritarian govt. Otherwise you start to resemble Stalin's Soviet Union.
Right! It's a known fact that good rulers are creating death camps, doing multiple acts of genocide and multiple unprovoked military invasions to the neighbors.
Are saying Kim Jong Un is a good ruler as well? He ruled country during nuclear missile production.
You should praise Hitler as good ruler as well as stalin.
The nuclear missile was developed under Khrushchev, who was actually decent.
Stalin brought back the Czarist internal passport system, Russian chauvinism, racial discrimination and prison slavery, enriched a new oligarchy, his police killed most of Lenin's politburo and thousands of other good Communists on false charges, and he almost lost Moscow to a fascist incel armed with Panzer IIs, despite the superiority of the Red Army. Also he sold out revolutions in Spain, Greece, China etc. in pursuit of trade deals with capitalist countries that hated the USSR. The great achievements of the Soviet people and their planned economy were made in spite of Stalin's corrupt and oppressive mis-leadership.
On the matter of India. Stalin also betrayed the Indian revolution by trying to sabotage Bose, ordering the CPI to collaborate with British imperialism, and murdering founders of the CPI like Virendranath Chattopadhyaya, Abani Mukherji and GAK Lokhani.
Stalin ended socialist affirmative action programs (Korenizatsiya) that benefited Soviet minorities in education and local leadership. Russification policy and Cyrillization of local languages were enforced under him. Local Communist leaders who resisted the Russian chauvinist policies, like Fayzulla Khodjayev (the "Uzbek Lenin") and even the leaders of independent Mongolia, were dragged to Moscow and executed, which was a complete violation of socialist legality. Numerous Soviet minorities, from Chechens to Koreans, were forcibly deported to barren lands in Central Asia to make room for Russian settlers. NKVD records show that hundreds of thousands of forcibly migrated peoples died due to lack of food and shelter in the resettlement areas.
Stalin also said "I drink in the first place to the health of the Russian people because it is the most outstanding nation of all the nations forming the Soviet Union"
