Mastodon free social network

Mastodon is a free social network. A decentralized alternative to commercial platforms, it avoids the risks of a single company monopolizing your communication. Pick a server that you trust — whichever you choose, you can interact with everyone else. Anyone can run their own Mastodon instance and participate in the social network seamlessly.

https://mastodon.social/about

— source opensource.com by Seth Kenlon

Most Adults Spend More Time on Their Digital Devices Than They Think

A recent national survey conducted by Common Sense Media, which included nearly 1,800 parents of children aged eight to 18, found that parents spend an average of nine hours and 22 minutes every day in front of various screens—including smartphones, tablets, computers and televisions. Of those, nearly eight hours are for personal use, not work.

Perhaps even more surprising is that 78 percent of parents surveyed believe they are good role models for how to use digital technology. Multimedia are designed to be engaging and habit-forming, so we do not even realize how much time we spend when we heed the siren call of our devices, says Catherine Steiner-Adair, a clinical psychologist and author of The Big Disconnect

— source scientificamerican.com

Encrypted Email Service Once Used by Edward Snowden Relaunches

In 2013, Ladar Levison, founder of the encrypted email service Lavabit, took the defiant step of shutting down the company’s service rather than comply with a federal law enforcement request that could compromise its customers’ communications.

The FBI had sought access to the email account of one of Lavabit’s most prominent users — Edward Snowden. Levison had custody of his service’s SSL encryption key that could help the government obtain Snowden’s password. And though the feds insisted they were only after Snowden’s account, the key would have helped them obtain the credentials for other users as well.

Lavabit had 410,000 user accounts at the time.

Rather than undermine the trust and privacy of his users, Levison ended the company’s email service entirely, preventing the feds from getting access to emails stored on his servers. But the company’s users lost access to their accounts as well.

Levison, who became a hero of the privacy community for his tough stance, has spent the last three years trying to ensure he’ll never have to help the feds break into customer accounts again.

“The SSL key was our biggest threat,” he says.

On Friday, he’s relaunching Lavabit with a new architecture that fixes the SSL problem and includes other privacy-enhancing features as well, such as one that obscures the metadata on emails to prevent government agencies like the NSA and FBI from being able to find out with whom Lavabit users communicate. He’s also announcing plans to roll out end-to-end encryption later this year, which would give users an even more secure way to send email.

The new service addresses what has become a major fault line between tech companies and the government: the ability to demand backdoor access to customer data. Last year when the FBI sought access to an iPhone used by the San Bernardino shooter, Apple couldn’t get into the phone because the security scheme the company built in to the device prevented it from unlocking the phone without the shooter’s password. (Eventually, the FBI found another way to access the phone’s data, ending the dispute with Apple.)

“This is the first step in a very long journey,” Levison told The Intercept prior to the re-launch. “What we’re hoping for is that by the end of this year we’ll be more secure than any of the other encrypted messaging apps out there on the market.”

A number of encryption services and apps make this claim, but Lavabit has a particular claim to fame: It was an encrypted email service that Snowden used before the shutdown.

Snowden told The Intercept that he plans on reactivating his Lavabit account once it relaunches, “if only to show support for their courage.” But he says he can’t speak for the security of the revamped Lavabit before the service is available.

Today’s launch is only for existing users to reinstate their old accounts under the new architecture so they will work with the end-to-end encryption client software when it’s rolled out. Lavabit is asking account holders to log in over IMAP or POP, so their encrypted passwords, usernames, and keys can be regenerated under the new architecture.

Although Lavabit has some 50 million encrypted email messages on its servers belonging to these users, account holders won’t be able to access their old correspondence. Levison isn’t sure if they will migrate old emails to the new platform, since they’re stored in a different data format.

With the new architecture, Lavabit will no longer be able to hand over its SSL key, because the key is now stored in a hardware security module — a tamper-resistant device that provides a secure enclave for storing keys and performing sensitive functions, like encryption and decryption. Lavabit generates a long passphrase blindly so the company doesn’t know what it is; Lavabit then inserts the key into the device and destroys the passphrase.

“Once it’s in there we cannot pull that SSL key back out,” says Sean, a Lavabit developer who asked to be identified only by his first name. (Many of Lavabit’s coders and engineers are volunteers who work for employers who might not like them helping build a system that thwarts government surveillance.)

If anyone does try to extract the key, it will trigger a mechanism that causes the key to self-destruct.

The hardware security module is a temporary solution, however, until end-to-end encryption is available, which will encrypt email on the user’s device and make the SSL encryption less critical.

Once Lavabit becomes open to new users, customers will have three modes of service to choose from: Trustful, Cautious, and Paranoid.

Trustful is aimed at people who don’t have a lot of risk and want ease of use. It works a lot like the old Lavabit, where the email encryption is done on Lavabit’s server.

Users have to trust that Lavabit has designed the system so the company can’t obtain their password and see their communications. For many, Levison’s decision to shut down his business to defy the feds is enough to earn their trust. But Levison and his team have made the code for their server open source, so users can see how it’s designed and verify the architecture prevents the company from learning their passwords.

If someone doesn’t want Lavabit running the server, they can also download the open-source software and install it on a server of their own.

“What other encrypted messaging system allows you to download the server and use it yourself?” Levison asks.

For people who don’t want to trust Lavabit and don’t want to run their own server, Cautious mode will offer end-to-end encryption. This moves encryption off the server and onto the user’s device. It’s designed for people who want more security and the ability to easily use their account on multiple devices, such as a phone, laptop, and desktop computer.

The user installs Lavabit client software on his or her device to generate an encryption key. That key is encrypted using a passphrase the user chooses and is sent to Lavabit where it’s stored. Lavabit can’t access and decrypt it; only the client software on the user’s device can. If the user installs the client software on another device, the client will obtain the encryption key from Lavabit’s server and the user will unlock it with his or her passphrase and import it into the client software, which will use the key to encrypt the user’s email.

Some people who want more security — like activists, journalists, and whistleblowers — might balk at having their key stored on a third-party server. That’s where Paranoid mode comes in. The key for doing end-to-end encryption remains on the user’s device and never goes to Lavabit’s server. But to use another device, the user has to manually move the key to it. And there’s no way to recover the key if the user loses it or deletes it.

All three modes will use another new architecture feature called Dark Mail to obscure email metadata.

Metadata is the transaction data that includes the “to,” “from,” and “subject” lines. It’s generally not encrypted, even when email content is. Spy and law enforcement agencies can draw connections between people and derive information about someone from metadata.

Dark Mail obscures metadata using a design modeled on Tor — the Onion Router. The metadata is encrypted, and the sender’s ISP knows which account is sending the email but not the destination account, only the destination domain. When it reaches that domain, the server there decrypts the “to” field of the email to deliver it to the right account. The destination domain doesn’t know the account that sent the email, only the domain from which it came.

Given the increasingly crowded landscape of encrypted services and apps, it may be hard for Lavabit to stand out. But its most famous one-time user believes it has at least one major advantage.

Lavabit’s greatest offering is “a proven willingness to shut down the company rather than sell out their users, even if a court makes the wrong call,” says Snowden. “That’s actually a very big deal: They might be the only ones in the world that can claim that.”

— source theintercept.com By Kim Zetter

WordCamp Kochi

For your kind information, the first WordCamp of South India, WordCamp Kochi 2017 will be held at Udyan Convention Centre, Kochi, on the 19th of February, 2017 (Sunday).

It is an event conducted by the WordPress Community, WordCamp Kochi will have talks by reputed speakers and WordPress experts from India, and all across the world. It is an event that covers topics on WordPress development, security, design, and more.

The WordCamp phenomenon has also made its presence felt in India. WordCamp Pune, WordCamp Udaipur, and WordCamp Mumbai are some of the other WordCamps that have been/are being held in India, in 2017.

WordCamp Kochi is for everyone who WordPress, and everyone who should use WordPress. The event brings together authors, artists, bloggers, business owners, consultants, designers, developers, entrepreneurs, marketers, non-profits, photographers, software professionals, web developers and more…

In short, there is something in WordCamp Kochi, for everyone!

WordCamp Kochi will have several informative, and entertaining sessions on several topics are revolving around WordPress, conducted by WordPress experts from India, and all across the world. The sessions are not only meant for a technical audience – they will be equally useful for you, whether you are a WordPress user or a WordPress developer.

Another highlight of WordCamp Kochi is the opportunity for networking.

We are expecting around 300 attendees from all across the world, at WordCamp Kochi. It will be an interesting opportunity for you to meet, connect, and network with some of the best WordPress professionals in the world.

So what are you waiting for, get you tickets confirmed — https://2017.kochi.wordcamp.org/tickets/

#WCKochi

Lenders Are Looking at Your Phone Data

Financial institutions, overcoming some initial trepidation about privacy, are increasingly gauging consumers’ creditworthiness by using phone-company data on mobile calling patterns and locations.

The practice is tantalizing for lenders because it could help them reach some of the 2 billion people who don’t have bank accounts. On the other hand, some of the phone data could open up the risk of being used to discriminate against potential borrowers.

Phone carriers and banks have gained confidence in using mobile data for lending after seeing startups show preliminary success with the method in the past few years. Selling such data could become a more than $1 billion-a-year business for U.S. phone companies over the next decade, according to Crone Consulting LLC.

Fair Isaac Corp., whose FICO scores are the world’s most-used credit ratings, partnered up last month with startups Lenddo and EFL Global Ltd. to use mobile-phone information to help facilitate loans for small businesses and individuals in India and Russia. Last week, startup Juvo announced it’s working with Liberty Global Plc’s Cable & Wireless Communications to help with credit scoring using cellphone data in 15 Caribbean markets.

And Equifax Inc., the credit-score company, has started using utility and telecommunications data in Latin America over the past two years. The number of calls and text messages a potential borrower in Latin America receives can help predict a consumer’s credit risk, said Robin Moriarty, chief marketing officer at Equifax Latin America.

“It turns out, the more economically active you are, the more people want to call you,” Moriarty said. “That level of activity, that level of usage is what’s really most predictive.”

The new credit-assessment methods could allow more people in areas without bank branches to open accounts online. They could also make credit cards and loans more accessible and prevalent in some parts of the world. In the past, lenders mainly relied on bank information, such as savings and past loan repayments, to judge whether to let someone borrow.

Some of the data financial institutions are using come directly from interactions with potential borrowers, while other information is collected in the background. FICO’s partner EFL sends psychological questionnaires of about 60 questions to potential borrowers’ mobile phones. With Lenddo’s technology, FICO can check if users’ phones were physically present at their stated home or work address, and if they are in touch with other good borrowers — or with people with long histories of fooling lenders.

“We see this as a good opportunity to explore that type of data for risk assessment, as a viable means of extending financial inclusion,” David Shellenberger, a senior director at FICO, said in an interview.

Juvo’s Flow Lend mobile app uses data science and games — like letting users earn points — to build real-time subscriber profiles, to let C&W personalize lending criteria and provide immediate credit extensions. Prepaid customers can request credit advances for airtime and data. Denise Williams, a spokeswoman for C&W, didn’t immediately return a request for comment.

Getting Permission

In most cases, consumers must grant permission for their telecommunications records to be accessed as part of their risk assessment. One reason it’s taken the credit-risk industry some time to work out agreements with phone carriers or their representatives is because of negotiations over how to best protect client privacy.

Companies are also concerned about making sure they don’t make themselves susceptible to claims of bias. By checking phone records to see if a credit applicant associates with people with a poor track record of repaying loans, for example, lenders risk practicing discrimination on people living in disadvantaged neighborhoods. In addition, to comply with the Fair Credit Reporting Act in the U.S., a data provider must have a process in place for investigating and resolving consumer disputes in a timely manner — something that telecommunications carriers abroad may not offer.

Several large phone companies contacted by Bloomberg declined to comment about whether they share data with financial institutions, and few of the startups or financial companies were willing to disclose their telecommunications partners.
Mirror of Life

Startup Cignifi, which helps customers like Equifax crunch data on who phone users are calling and how often, works with phone companies like Bharti Airtel Ltd.’s unit in Ghana. Cignifi scores some 100 million consumers in 10 countries each month, said Chief Executive Officer Jonathan Hakim. Banks typically use such assessments alongside other evaluations to decide whether to grant a loan. Airtel didn’t respond to requests for comment.

“The way you use the phone is a proxy for the way you live,” Hakim said. “We are capturing a mirror of the customer’s life.” His company collects phone data — such as whom the potential borrower is calling and how frequently — from partners like Airtel Ghana, and crunches it for customers like Equifax, as well as marketers. It scores some 100 million consumers in 10 countries each month, Hakim said. Banks typically use such assessments alongside other evaluations to decide whether to grant a loan. Cignifi always gets customers’ permission to use data, he said.

EFL’s questionnaire approach is already used by lenders in Spain, Latin America and Africa. More than 700,000 people have received more than $1 billion in loans thanks in part to its data, CEO Jared Miller said in an interview.

EFL’s default rate varies by country, from low single digits in India to low double digits in Brazil, Miller said. To account for the risk, lenders in Brazil charge much higher interest rates, he said.

Startups like Lenddo, Branch and Tala have collected several years’ worth of data to prove that their methods of using mobile-phone data work — and that customers flock to them for help. Started in 2011, Lenddo, for instance, spent 3 1/2 years giving out tens of thousands of loans, in the amount of $100 to $2,000, in the Philippines, Colombia and Mexico to prove out its algorithms. Its average default rate was in the single digits, CEO Richard Eldridge said in an interview.

The company stopped offering lending in 2014, and stepped into credit-related services to financial institutions and banks in early 2015. Embedded into banking mobile apps, it can collect data on users with their consent. The company’s revenue is up 150 percent from last year, Eldridge said.

“The market is changing,” Eldridge said. “More and more people are seeing examples around the world of how non-traditional data can be used to enter into new market segments that couldn’t be served before.”

— source bloomberg.com by Olga Kharif

What you should know about the cobalt in your smartphone

Cobalt is used to build lithium-ion batteries found in mobile technology. Much of it comes from Congo, where men, women, and children endure dangerous and unhealthy conditions to satisfy our hunger for new devices. It’s time we paid attention.

You are probably reading this article on a tablet, smartphone, or laptop computer. If so, your device could very well contain cobalt from the Democratic Republic of Congo, an impoverished yet mineral-rich nation in central Africa, that provides 60 percent of the world’s cobalt. (The remaining 40 percent is sourced in smaller amounts from a number of other nations, including China, Canada, Russia, Australia and the Philippines.)

Cobalt is used to build rechargeable lithium-ion batteries, an integral part of the mobile technology that has become commonplace in recent years. Tech giants such as Apple and Samsung, as well as automakers like Tesla, GM, and BMW, which are starting to produce electric cars on a mass scale, have an insatiable appetite for cobalt. But unfortunately, this appetite comes at a high cost, both for humans and for the environment.

An excellent investigative piece by the Washington Post called “The cobalt pipeline: From dangerous tunnels in Congo to consumers’ mobile tech” explores the source of this valuable mineral that everyone relies on, yet knows little about.

“Lithium-ion batteries were supposed to be different from the dirty, toxic technologies of the past. Lighter and packing more energy than conventional lead-acid batteries, these cobalt-rich batteries are seen as ‘green.’ They are essential to plans for one day moving beyond smog-belching gasoline engines. Already these batteries have defined the world’s tech devices.

“Smartphones would not fit in pockets without them. Laptops would not fit on laps. Electric vehicles would be impractical. In many ways, the current Silicon Valley gold rush — from mobile devices to driverless cars — is built on the power of lithium-ion batteries.”

What The Post found is an industry that’s heavily reliant on ‘artisanal miners’ or creuseurs, as they’re called in French. These men do not work for industrial mining firms, but rather dig independently, anywhere they may find minerals, under roads and railways, in backyards, sometimes under their own homes. It is dangerous work that often results in injury, collapsed tunnels, and fires. The miners earn between $2 and $3 per day by selling their haul at a local minerals market.

All of the cobalt goes directly to a single Chinese-owned company, Congo DongFang Mining, which ships the mineral to China, refines it, and sells it to large battery cathode makers. These, in turn, sell cathodes to battery makers that supply major tech companies.

At the same time, in cobalt-producing regions of Congo, child laborers are being employed, women are spending their days washing minerals, and babies are being born with shocking, rarely-seen birth defects.

In 2010, the United States passed a law requiring American companies to source four specific minerals — tin, copper, tungsten, and gold — from Congolese mines that are free from militia control. While this is seen as an attempt to prevent human rights abuses, cobalt has never been added to the list. Analyst Simon Moores thinks this is because “any crimp in the cobalt supply chain would devastate companies.” Essentially it’s too valuable a mineral on which to place any limitations:

“While cobalt mining is not thought to be funding wars, many activists and some industry analysts say cobalt miners could benefit from the law’s protection from exploitation and human rights abuses. The law forces companies to attempt to trace their supply chains and opens up the entire route to inspection by independent auditors.”

Companies don’t want to follow through with promises of improved transparency or ethical sourcing because it comes at a higher cost. Cobalt sourced from artisanal miners is far cheaper than that produced by industrial mines. “Companies do not have to pay miners’ salaries or fund the operations of a large-scale mine. With cheap cobalt flooding the market, some international traders canceled contracts for industrial ores, opting to scoop up artisanal ones.”

Manufacturers don’t have satisfactory answers. Tesla has yet to send someone to Congo, after promising months ago to “send one of our guys there.” Amazon, whose Kindles use Congolese cobalt, declined to comment. LG Chem, a battery supplier to GM and Ford, says its cobalt comes from New Caledonia, despite the suspicious fact that LG Chem “consumes more cobalt than the entire nation of New Caledonia produces, according to analysts and publicly available data.”

Apple says it supports the addition of cobalt to the 2010 anti-conflict minerals law and has promised to treat cobalt as if it were a conflict mineral, requiring all refiners to provide outside supply-chain audits and conduct risk assessments, starting next year.

Lara Smith works for a Johannesburg consultant group that helps mining companies clarify their supply chain. She points out that companies claiming ignorance is ridiculous: “Because if they wanted to understand, they could understand. They don’t.”

The other question to be asking is what our responsibility is, as consumers of the products that drive demand for cobalt. Does an upgrade to the newest Apple product seem less appealing, knowing the human cost involved?

Many analysts do believe these risks can be managed, and perhaps they can; but it will require a complete overhaul of a system that is already deeply entrenched, and that’s a very hard thing to do. In the meantime, while I continue using my old iPhone 4s until it dies, I’ve got my fingers crossed that the Fairphone, made with fair trade-certified minerals, will soon be available in North America.

— source treehugger.com By Katherine Martinko