1 note

Recentralizing the Internet

A few weeks ago I was minding my own business, flicking through twitter on my phone. Someone had linked to the appalling government surveillance story of the day and I was preparing to feel disgusted and helpless. Only this time, my mobile data provider took offense before I had a chance to.

This site contains offensive content

Well, that’s one way to keep the people in line! I let the linker know that the entire privacysos.org site was blocked by my service provider, but it turns out the blockage was a little more complicated than that. Most people using T-Mobile weren’t having problems. And when I tried the same site using Chrome instead of Firefox, it loaded normally. What gives?

Working in Chrome

I figured that parental control settings were the differing factor between me and other customers, and indeed that seems to be the case. Though I never turned on a filter for my account, my phone company assumes I’m a “young adult” at that special age 17-18 when one must be sheltered from information about civil rights. Pre-paid customers are presumed to be juveniles, while grownups who pay more for traditional subscriptions get unimpeded net access (for now).

At that point I could have adjusted my account settings, but I still wanted to know why the site wasn’t blocked in Chrome, and why an ACLU site was considered “offensive content” in the first place.

Digging into the Chrome question, I found one clue: the site was blocked in incognito mode, but not otherwise. A significant feature of incognito mode is that browser cookies from other sessions are not sent with requests — could it be that some cookie, like a login cookie for the T-Mobile account management site, caused the filterware to back off?

That shouldn’t have been the case, since cookies are only sent for the domains they belong to. A T-Mobile login cookie shouldn’t be sent with a request to privacysos.org, so how would the filter know to handle the request differently? Still, this was the best guess I had. I wanted to know exactly what Chrome was sending with those requests, and since they weren’t passing through wifi or any other network under my control, I couldn’t use Wireshark. Instead, I set up Chrome remote debugging.

And finally, in the network inspector, I spotted the gremlin: Google’s Data Compression Proxy.

via:1.1 Chrome Compression Proxy, 1.1 Chrome Compression Proxy

Aha. T-Mobile had been cut out of the web traffic filtering business as a side effect of Google’s own web traffic optimizing business. To test this theory, I looked for a switch to turn off Google proxy. But surprisingly, it just wasn’t there.

Google has started to seed this option into the Android Chrome application as a split test and most likely I did agree to turn it on at some point, but in my case the settings toggle which should appear afterwards, didn’t. I spent some time clearing app caches, uninstalling, and reinstalling — nothing caused the option to appear. Eventually I installed Chrome Beta, where the proxy option does reliably appear under the oblique label “Reduce data usage”. In addition to reducing data usage, I was able to confirm that it handily circumvents T-Mobile’s primitive content filtering.

But don’t break out the champagne just yet, 17-18 year olds! While I appreciate that Google’s proxy is engineered to improve performance generally (like other proxies before it), it would be foolish to ignore that it is also a filter.

Help us help you

All I can really do here is change masters, from one single point of control to another. Indeed, Google’s proxy is disabled when in incognito mode — how is a “secure” mode unsuitable for private browsing?

Ultimately this isn’t a choice between different levels of privacy, but a choice between different vectors of exposure.

A lot of people still trust Google, with some justification. But as with any transfer of power we should consider its implications not just for the current regime but to the next one that will presume to inherit it, and the one after that. If Google is slightly more “evil” every year, how do we feel about Google having full knowledge and control over our web browsing in n years?

Google’s proxy stands to control increasing portions of web traffic, eventually majorities. We can chuckle (and I do) at how it thwarts a crusty old phone company’s content filter without even trying, but there will a come a day when a carrier refuses to allow Chrome as a default browser on their crapware phones unless their own content filtering is integrated with Google’s. And then what?

Having solved the mystery of Chrome, I went back to my phone company and asked why they were blocking an ACLU web site as “offensive.” They of course asked me to email some blackhole instead of making my requests in broad daylight. So I did that.

To: [email protected]
Subject: unblock request

Hi, I noticed that this site is blocked from “young adults” for its “offensive content”: http://privacysos.org/

The site is published by the ACLU of Massachusetts and has information about privacy rights online. It does not have any offensive content that I have been able to discover. Could you correct this?

Nathan

No one replied to my email, and privacysos.org remains blocked to 17 year olds — or more specifically and ominously, it is not considered to be “content suitable for age 17 and up”. As such it’s likely blocked for far more people in the and up category, normal old people who haven’t taken a deep dive into their account settings to assert their adulthood multiple times.

Having satisfied my curiosity I finally did turn off T-Mobile’s sex/ACLU filter, but to do so I had to “prove” I’m at least 18 unwholesome years old by giving my name, address, and part of my social security number. So much for “you restrict access to adult web content on your family’s T-Mobile phones” — this step’s only purpose is to prevent young account holders themselves from disabling the filter.

Like all censorship schemes T-Mobile’s is ruled by prejudice rather than consensus — it is “not foolproof”, in their cute phrasing. The first and only thing it has blocked for me is information that 17 year olds ought to know as they prepare to accept the responsibility to vote: their basic rights as citizens.

[Web] [Filtering] [T-Mobile]



7 notes

Twitter Engineering: Improving performance on twitter.com

The first thing that you might notice is that permalink URLs are now simpler: they no longer use the hashbang (#!). While hashbang-style URLs have a handful of limitations, our primary reason for this change is to improve initial page-load performance.

Back to the future.

[Web] [Rendering] [URLs] [Performance] [JavaScript]



3 notes

robot-vision 0.0.1 - implicit.ly

Robot Vision Control (RVC) is an embedded unfiltered web server allowing remote control over the host machine similar to RDP and VNC, except control is handled at the http transport layer.

The client is a Chrome extension. This is rad.

[Scala] [Web] [Unfiltered] [Remote Desktop]



4 notes

Custom email domains for Kindle delivery :: Readability Ideas

I have an idea for building on the Kindle digest service, but I need to be able to pre-process the digest to implement it. If I could enter a free-form domain as an alternative to kindle.com and free.kindle.com, I could target my own email server, manipulate the contents, then send them on to my Kindle address.

Vote for me, e-ink hackers!

[Readability] [Publishing] [eInk] [Web]



6 notes
“An SBT plugin for dangerously fast development turnaround in Scala”

spray/sbt-revolver - GitHub

[sbt] [Scala] [Web] [github] [sirthias]



20 notes

Every Project Needs a Home - Hacking Scala

Recently I created home page for my project Scaldi. I wanted to make it for a long time, but from the other hand I don’t want to spend much time finding some hosting and maintaining its infrastructure, making page design, etc. Github page is nice, but still I would like to have somethng more simple and unique as a project’s front page.

I think Scaldi is the first non-n8han project to use Pamflet–It’s always nice to watch a hobby project clamber over that hump. (And if I have overlooked a site that Brian Clapper produced with his fork of Pamflet, I apologize!)

[Pamflet] [Scala] [Documentation] [Markdown] [Web]



7 notes
“The goal behind the project is to create a global darknet, a decentralized web of interconnected wireless mesh networks that operate independently of each other and the conventional internet. In a wireless mesh network, individual nodes can relay data for other nodes, ensuring that the routing of data remains robust as nodes on the network are added and removed. The idea behind TDP is that such a network would be resistant to censorship and shutdown because there would be no central point of control over the infrastructure.”

The Darknet Project: netroots activists dream of global mesh network

[Decentralization] [Internet] [Cryptography] [Web] [Software Freedom]



5 notes
“I never invested in the Google Reader API. If my users had asked me to do it I would have said no. If they asked why, I would have told them that I knew what just happened would eventually happen. They might have used another product, but I don’t want to build on shaky foundations.”

Dave Winer comments on “The Long-Term Failure of Web APIs”

[Internet] [APIs] [Web] [Google] [RSS] [Feeds]



18 notes
“We have noticed as well that the flagship ‘Books’ app has not implemented text selection, and by the images split across pages in landscape mode, we thought perhaps it is using a WebView as well? (Very pretty page turning though…) Help? :)”

Issue 4549 - android - In webkit/webview touchmove/touchstart/touchend events get queued and don’t fire until touch ends

[Glaring Bugs] [Android] [Web] [Mobile]



12 notes

The Art of Surprise

Artist Kyle McDonald installed a program on computers in two New York Apple Store locations that automatically takes a photo every minute. Now his personal computers have been confiscated by the U.S. Secret Service.

Apple Store Sets Secret Service on Spy Camera Artist

What’s this, government police seizing property at the legally dubious behest of an embarrassed Apple Inc? It’s only the second time in two years.

If the last time is any guide, popular opinion about the incident will be determined firstly by how comfortable people are with the idea of a secrecy-obsessed government protecting a secrecy obsessed-corporation, and secondly by how people feel about the accused. Is he an okay fella or a creep? And that is really a question of whether you can identify with him–Wouldn’t you have just taken the prototype iPhone to the bartender, etc? But we aren’t supposed to be raiding homes and threatening to imprison people based on feelings of personal identification; we’re supposed to apply those most intrusive and dangerous government powers based on actual laws, decided in advance, to provide the public some measure of fairness and predictability.

This reader comment on the Mashable writeup provides some food for thought:

As a customer you have [no] right to install software on store computers.

What is a right? What is software? What is it to install software?

You might think of rights as explicit limits on government power; in the set of all things that are not illegal, rights would the innermost core, the public’s last line of defense. But this statement, made in support of the police action, must be defining rights as the entire set of permitted actions. Effectively and casually, then, the claim is that “As a customer it is illegal to…”.

To do what? With practically every web page you visit on a borrowed computer you are running software of your own choosing. You are running it in JavaScript, or with even more potential for hijinks, in Flash. Flash can take pictures and movies using built in cameras. Could it be illegal to run Flash on Apple Store computers, as a customer? The Secret Service would have a lot more doors to break in tonight.

It’s safe to assume that you can run software on store computers, since everybody does it. What about “installing” it? It’s such an arcane concept, these days! And ironically, the meaning of “install” has always been vague on Apple computers. Did I install it when I dragged the icon from the disk onto the desktop? Or does it need to be in /Applications to be installed–potentially illicitly? Imagine the highly trained government agents, watching the screen with a telescope, waiting for the moment an app icon is released over the “Applications” hot zone! Just another episode of CSI: Apple Store.

But seeing as things like web software and Flash exist these days, we have to think of “installing” more broadly. You might install software by changing your home page, or your browser’s search provider. You might add a link to the bookmarks toolbar that says “Google” but goes somewhere else. You might leave a tab open in some unobtrusive place. The possibilities are endless!

Where do we imagine the line to be drawn between what most people are doing at the Apple store–checking their email and other interesting web sites–and criminal activities that justify the police seizure of property? Just doing something that surprises and upsets the computer’s owner?

That is a strange and unusual power granted to computer owners, but I’ll take it. What if I loan you my laptop to send an email, but later I discover you set my home page to, I dunno, that rick-roll thing. Can I have the Secret Service seize any computers in your possession?

Alas, no. Because there is no principle here. The exhibited use of power depends on whose computer it is, plus some other subjective criteria decided after the fact. You know, Feudalism.

~~~

Is the intervention of a secret police force unjustified in instances of unwanted application preference altering? Should computer makers just figure out how to maintain control their own machines in their own stores? If so, the corollary is that we have been handling “hacking” wrong since the beginning.

Buffer overflows are no different from changing preferences. At every level, computers just follow instructions. Sometimes people use them to produce results other people don’t want. The only way to prevent that is to more creatively anticipate potential instructions. But rather insanely, our reaction has been to punish and often imprison the people who demonstrate the greatest ability to creatively instruct computers.

As if now, because Kyle McDonald’s personal computers have been seized in an effort to build a case against him, Apple Store customers are safe from anyone else doing the same thing. Ha. It’s probably happening all the time, except not as an art project. Rather, a project to phish, sniff, and spoof one’s way into critical accounts of unfortunate users.

Do they plan to lock up everyone capable of configuring Safari?

[Web] [Security] [Apple] [Let's go Shopping] [Nice Hacks]

Page 1 of 3

}