“Zero Days” – Alex Gibney
A recent national survey conducted by Common Sense Media, which included nearly 1,800 parents of children aged eight to 18, found that parents spend an average of nine hours and 22 minutes every day in front of various screens—including smartphones, tablets, computers and televisions. Of those, nearly eight hours are for personal use, not work.
Perhaps even more surprising is that 78 percent of parents surveyed believe they are good role models for how to use digital technology. Multimedia are designed to be engaging and habit-forming, so we do not even realize how much time we spend when we heed the siren call of our devices, says Catherine Steiner-Adair, a clinical psychologist and author of The Big Disconnect
— source scientificamerican.com
In 2013, Ladar Levison, founder of the encrypted email service Lavabit, took the defiant step of shutting down the company’s service rather than comply with a federal law enforcement request that could compromise its customers’ communications.
The FBI had sought access to the email account of one of Lavabit’s most prominent users — Edward Snowden. Levison had custody of his service’s SSL encryption key that could help the government obtain Snowden’s password. And though the feds insisted they were only after Snowden’s account, the key would have helped them obtain the credentials for other users as well.
Lavabit had 410,000 user accounts at the time.
Rather than undermine the trust and privacy of his users, Levison ended the company’s email service entirely, preventing the feds from getting access to emails stored on his servers. But the company’s users lost access to their accounts as well.
Levison, who became a hero of the privacy community for his tough stance, has spent the last three years trying to ensure he’ll never have to help the feds break into customer accounts again.
“The SSL key was our biggest threat,” he says.
On Friday, he’s relaunching Lavabit with a new architecture that fixes the SSL problem and includes other privacy-enhancing features as well, such as one that obscures the metadata on emails to prevent government agencies like the NSA and FBI from being able to find out with whom Lavabit users communicate. He’s also announcing plans to roll out end-to-end encryption later this year, which would give users an even more secure way to send email.
The new service addresses what has become a major fault line between tech companies and the government: the ability to demand backdoor access to customer data. Last year when the FBI sought access to an iPhone used by the San Bernardino shooter, Apple couldn’t get into the phone because the security scheme the company built in to the device prevented it from unlocking the phone without the shooter’s password. (Eventually, the FBI found another way to access the phone’s data, ending the dispute with Apple.)
“This is the first step in a very long journey,” Levison told The Intercept prior to the re-launch. “What we’re hoping for is that by the end of this year we’ll be more secure than any of the other encrypted messaging apps out there on the market.”
A number of encryption services and apps make this claim, but Lavabit has a particular claim to fame: It was an encrypted email service that Snowden used before the shutdown.
Snowden told The Intercept that he plans on reactivating his Lavabit account once it relaunches, “if only to show support for their courage.” But he says he can’t speak for the security of the revamped Lavabit before the service is available.
Today’s launch is only for existing users to reinstate their old accounts under the new architecture so they will work with the end-to-end encryption client software when it’s rolled out. Lavabit is asking account holders to log in over IMAP or POP, so their encrypted passwords, usernames, and keys can be regenerated under the new architecture.
Although Lavabit has some 50 million encrypted email messages on its servers belonging to these users, account holders won’t be able to access their old correspondence. Levison isn’t sure if they will migrate old emails to the new platform, since they’re stored in a different data format.
With the new architecture, Lavabit will no longer be able to hand over its SSL key, because the key is now stored in a hardware security module — a tamper-resistant device that provides a secure enclave for storing keys and performing sensitive functions, like encryption and decryption. Lavabit generates a long passphrase blindly so the company doesn’t know what it is; Lavabit then inserts the key into the device and destroys the passphrase.
“Once it’s in there we cannot pull that SSL key back out,” says Sean, a Lavabit developer who asked to be identified only by his first name. (Many of Lavabit’s coders and engineers are volunteers who work for employers who might not like them helping build a system that thwarts government surveillance.)
If anyone does try to extract the key, it will trigger a mechanism that causes the key to self-destruct.
The hardware security module is a temporary solution, however, until end-to-end encryption is available, which will encrypt email on the user’s device and make the SSL encryption less critical.
Once Lavabit becomes open to new users, customers will have three modes of service to choose from: Trustful, Cautious, and Paranoid.
Trustful is aimed at people who don’t have a lot of risk and want ease of use. It works a lot like the old Lavabit, where the email encryption is done on Lavabit’s server.
Users have to trust that Lavabit has designed the system so the company can’t obtain their password and see their communications. For many, Levison’s decision to shut down his business to defy the feds is enough to earn their trust. But Levison and his team have made the code for their server open source, so users can see how it’s designed and verify the architecture prevents the company from learning their passwords.
If someone doesn’t want Lavabit running the server, they can also download the open-source software and install it on a server of their own.
“What other encrypted messaging system allows you to download the server and use it yourself?” Levison asks.
For people who don’t want to trust Lavabit and don’t want to run their own server, Cautious mode will offer end-to-end encryption. This moves encryption off the server and onto the user’s device. It’s designed for people who want more security and the ability to easily use their account on multiple devices, such as a phone, laptop, and desktop computer.
The user installs Lavabit client software on his or her device to generate an encryption key. That key is encrypted using a passphrase the user chooses and is sent to Lavabit where it’s stored. Lavabit can’t access and decrypt it; only the client software on the user’s device can. If the user installs the client software on another device, the client will obtain the encryption key from Lavabit’s server and the user will unlock it with his or her passphrase and import it into the client software, which will use the key to encrypt the user’s email.
Some people who want more security — like activists, journalists, and whistleblowers — might balk at having their key stored on a third-party server. That’s where Paranoid mode comes in. The key for doing end-to-end encryption remains on the user’s device and never goes to Lavabit’s server. But to use another device, the user has to manually move the key to it. And there’s no way to recover the key if the user loses it or deletes it.
All three modes will use another new architecture feature called Dark Mail to obscure email metadata.
Metadata is the transaction data that includes the “to,” “from,” and “subject” lines. It’s generally not encrypted, even when email content is. Spy and law enforcement agencies can draw connections between people and derive information about someone from metadata.
Dark Mail obscures metadata using a design modeled on Tor — the Onion Router. The metadata is encrypted, and the sender’s ISP knows which account is sending the email but not the destination account, only the destination domain. When it reaches that domain, the server there decrypts the “to” field of the email to deliver it to the right account. The destination domain doesn’t know the account that sent the email, only the domain from which it came.
Given the increasingly crowded landscape of encrypted services and apps, it may be hard for Lavabit to stand out. But its most famous one-time user believes it has at least one major advantage.
Lavabit’s greatest offering is “a proven willingness to shut down the company rather than sell out their users, even if a court makes the wrong call,” says Snowden. “That’s actually a very big deal: They might be the only ones in the world that can claim that.”
— source theintercept.com By Kim Zetter
Cobalt is used to build lithium-ion batteries found in mobile technology. Much of it comes from Congo, where men, women, and children endure dangerous and unhealthy conditions to satisfy our hunger for new devices. It’s time we paid attention.
You are probably reading this article on a tablet, smartphone, or laptop computer. If so, your device could very well contain cobalt from the Democratic Republic of Congo, an impoverished yet mineral-rich nation in central Africa, that provides 60 percent of the world’s cobalt. (The remaining 40 percent is sourced in smaller amounts from a number of other nations, including China, Canada, Russia, Australia and the Philippines.)
Cobalt is used to build rechargeable lithium-ion batteries, an integral part of the mobile technology that has become commonplace in recent years. Tech giants such as Apple and Samsung, as well as automakers like Tesla, GM, and BMW, which are starting to produce electric cars on a mass scale, have an insatiable appetite for cobalt. But unfortunately, this appetite comes at a high cost, both for humans and for the environment.
An excellent investigative piece by the Washington Post called “The cobalt pipeline: From dangerous tunnels in Congo to consumers’ mobile tech” explores the source of this valuable mineral that everyone relies on, yet knows little about.
“Lithium-ion batteries were supposed to be different from the dirty, toxic technologies of the past. Lighter and packing more energy than conventional lead-acid batteries, these cobalt-rich batteries are seen as ‘green.’ They are essential to plans for one day moving beyond smog-belching gasoline engines. Already these batteries have defined the world’s tech devices.
“Smartphones would not fit in pockets without them. Laptops would not fit on laps. Electric vehicles would be impractical. In many ways, the current Silicon Valley gold rush — from mobile devices to driverless cars — is built on the power of lithium-ion batteries.”
What The Post found is an industry that’s heavily reliant on ‘artisanal miners’ or creuseurs, as they’re called in French. These men do not work for industrial mining firms, but rather dig independently, anywhere they may find minerals, under roads and railways, in backyards, sometimes under their own homes. It is dangerous work that often results in injury, collapsed tunnels, and fires. The miners earn between $2 and $3 per day by selling their haul at a local minerals market.
All of the cobalt goes directly to a single Chinese-owned company, Congo DongFang Mining, which ships the mineral to China, refines it, and sells it to large battery cathode makers. These, in turn, sell cathodes to battery makers that supply major tech companies.
At the same time, in cobalt-producing regions of Congo, child laborers are being employed, women are spending their days washing minerals, and babies are being born with shocking, rarely-seen birth defects.
In 2010, the United States passed a law requiring American companies to source four specific minerals — tin, copper, tungsten, and gold — from Congolese mines that are free from militia control. While this is seen as an attempt to prevent human rights abuses, cobalt has never been added to the list. Analyst Simon Moores thinks this is because “any crimp in the cobalt supply chain would devastate companies.” Essentially it’s too valuable a mineral on which to place any limitations:
“While cobalt mining is not thought to be funding wars, many activists and some industry analysts say cobalt miners could benefit from the law’s protection from exploitation and human rights abuses. The law forces companies to attempt to trace their supply chains and opens up the entire route to inspection by independent auditors.”
Companies don’t want to follow through with promises of improved transparency or ethical sourcing because it comes at a higher cost. Cobalt sourced from artisanal miners is far cheaper than that produced by industrial mines. “Companies do not have to pay miners’ salaries or fund the operations of a large-scale mine. With cheap cobalt flooding the market, some international traders canceled contracts for industrial ores, opting to scoop up artisanal ones.”
Manufacturers don’t have satisfactory answers. Tesla has yet to send someone to Congo, after promising months ago to “send one of our guys there.” Amazon, whose Kindles use Congolese cobalt, declined to comment. LG Chem, a battery supplier to GM and Ford, says its cobalt comes from New Caledonia, despite the suspicious fact that LG Chem “consumes more cobalt than the entire nation of New Caledonia produces, according to analysts and publicly available data.”
Apple says it supports the addition of cobalt to the 2010 anti-conflict minerals law and has promised to treat cobalt as if it were a conflict mineral, requiring all refiners to provide outside supply-chain audits and conduct risk assessments, starting next year.
Lara Smith works for a Johannesburg consultant group that helps mining companies clarify their supply chain. She points out that companies claiming ignorance is ridiculous: “Because if they wanted to understand, they could understand. They don’t.”
The other question to be asking is what our responsibility is, as consumers of the products that drive demand for cobalt. Does an upgrade to the newest Apple product seem less appealing, knowing the human cost involved?
Many analysts do believe these risks can be managed, and perhaps they can; but it will require a complete overhaul of a system that is already deeply entrenched, and that’s a very hard thing to do. In the meantime, while I continue using my old iPhone 4s until it dies, I’ve got my fingers crossed that the Fairphone, made with fair trade-certified minerals, will soon be available in North America.
— source treehugger.com By Katherine Martinko
Last week, two things happened that will have long-lasting impact on American society and the global economy. First, the yield on the 10-year Treasury fell to a record low of 1.366 percent. Second, Nintendo released Pokémon Go, a mobile game that in a matter of days has become a viral sensation.
These two developments are more closely connected than it might seem at first glance. Obviously, it would be ridiculous to claim that Pokémon Go is singlehandedly responsible for recent macroeconomic trends. But technology-based products like Pokémon Go explain a lot about the current state of the global economy.
Pokémon Go is different from 20th-century entertainment options
If you were looking to have fun with some friends 50 years ago, you might have gone to a bowling alley. Maybe you would have hung out at a diner or gone to the movies.
These were all activities that involved spending a certain amount of money in the local economy. That created opportunities for adults in your town to start and run small businesses. It also meant that a teenager who wanted to find a summer job could find one waiting tables or taking tickets at the movie theater.
You can spend money on Pokémon Go too. But the economics of the game are very different. When you spend money on items in the Pokémon Go world, it doesn’t go into the pocket of a local Pokémon entrepreneur — it goes into the pockets of the huge California- and Japan-based global companies that created Pokémon Go.
There are, of course, some good things about this. Pokémon Go can be a much more affordable hobby than going to a bowling alley or the movies. In fact, you don’t have to spend any money on it. And the explosion of options made possible by online platforms creates real value — the average teenager has vastly more options for games to play, movies to watch, and so forth than at any time in American history.
The Pokémon Go economy means growing regional inequality
But the Pokémon Go economy also has some real downsides. One has to do with regional inequality. Nintendo and its partners are rumored to be earning more than $1 million per day from Pokémon Go. That money is flowing away from small and medium cities and toward big technology companies concentrated in big cities.
And obviously Pokémon Go isn’t the only example of this. Amazon is doing something similar in the retail industry, diverting business away from local retailers and sucking cash into its corporate headquarters in Seattle. Companies like Google, Facebook, and Vox Media are drawing ad dollars that previously went to local newspapers and television stations.
Of course, America has always had geographic industry clusters that sold products nationwide — think about the Detroit auto business or the Hollywood movie industry. But there was an important difference: Major 20th-century industries tended to generate a lot of opportunities in communities where their product was sold. A film might be made in Hollywood, but local people all over America had to build and operate movie theaters. Cars might be made in Detroit, but people all over the country had to run auto dealerships and car repair shops.
In contrast, a lot of internet-based businesses are so ethereal that they barely create any jobs in most markets. Smartphone platforms have created some jobs making apps, but app makers don’t have to live in any particular location. In practice, they tend to be heavily concentrated in the same big cities as most other technology jobs.
The result is that the internet economy is increasingly transforming America into two parallel economies. Cities on the receiving end of Pokémon Go–style money gushers are booming so much that acute housing shortages are causing rents to skyrocket. The rest of the country has seen barely seen an economic recovery at all.
The Pokémon Go economy means falling interest rates and slow growth
In the 20th century, new industries tended to create a lot of demand for capital. It took a lot of cash to build assembly lines and movie studios, of course. But beyond that, thousands of people all over the country would go to their local banks to finance the construction of movie theaters, auto dealerships, and so forth.
This meant that people with capital to lend could almost always find people eager to borrow it to finance new business ventures. This, in turn, made the job of America’s central bank, the Federal Reserve, relatively easy. Anytime the Fed wanted to boost growth, it could cut interest rates and get a burst of entrepreneurs starting new businesses.
But the Pokémon Go economy is different. Nintendo and its partners obviously needed to invest some cash in hiring programmers and designers to build the game. But the sums involved here are tiny compared with the cost of building a new car assembly line. And Pokémon Go seems unlikely to produce very many opportunities for complementary local businesses. People play on their smartphones, so there’s no need for Pokémon cyber cafes. Smartphones are too cheap for smartphone repair shops to be a good business.
And this seems to have severed the traditional link between capital accumulation and economic growth. Since 2008, the US economy has been awash in cheap capital. In a few places, especially Silicon Valley, that has created bubble-like conditions where every crazy ideaseems to get funding.
Yet the total sums being invested in these areas are a fraction of the overall capital people have available to invest. And in the rest of the country, people are struggling to find any productive investment ideas. So interest rates keep falling as people increasingly despair of finding ways to get high returns from their savings.
Ultimately, this situation hurts everyone, because it shows up as a shortfall of overall demand. Slow growth outside of big cities means that customers have less money to spend on games like Pokémon Go.
How to make the Pokémon Go economy work for everyone
The success of Pokémon Go points to two big areas where policymakers ought to change their approach.
One is to relax housing policy to allow more people to move to areas where high-tech products are made. While the average resident of Kansas City or Baltimore might not have the skills to create the next great mobile game, he or she probably could find work as a schoolteacher, nurse, or construction worker in San Francisco or New York — but only if he or she is allowed to live within commuting distance of technology workers.
The other is to think harder about managing demand. There may be more that central banks can do to boost demand. If that doesn’t work, then more direct income redistribution may be called for — taxing rich people in high-growth areas to fund expanded government services, wage subsidies, or even cash payments to people in slower-growing parts of the country.
— source vox.com By Timothy Lee
Snowden says its bullshit.
Lots of my self-pub writer friends urge me to sign on with Kindle Unlimited. They tell me I’ll make more money by making my books only available on Amazon.
They’re probably correct… in the short term.
But if you have only one customer, and only one sales channel, that sales channel can destroy yo without warning. And today, Amazon’s scam-fighting techniques are crushing authors guilty of only one thing: trusting Amazon as their sole customer.
Puzzled? It took me a while to figure out how this scam was working, too. And it’s driven home that signing on with Kindle Unlimited is like playing Russian roulette. Eventually, it will burn you.
Understanding why means understanding how Kindle Unlimited works.
An author places a book in Kindle Unlimited agrees that the title will be exclusive to Amazon. You won’t be able to get it on iBooks, Kobo, or sell it on your own store. Authors can place any fraction of their books in Kindle Unlimited.
Readers who sign on with Kindle Unlimited get unlimited access to books in KU for $10/month. Readers can try the service for free for 30 days.
Amazon sets aside a pot of money each month. This money is divided between KU authors each month, based on the number of pages of the author’s books people read. Amazon increases the pool each month, keeping the payout per page somewhat constant.
An author who violates KU’s terms of service gets their publishing account suspended. All of the books published with that account get yanked from sale, and any money Amazon hasn’t paid out is lost.
An a businessman, I have problems with Kindle Unlimited. The price you get paid has nothing to do with how many you “sell”–it’s entirely in Amazon’s control. They can change that at any time, and you have no recourse. The exclusivity clause means that readers who like Kobo or another ereader have no way to legally get your book.
Also as a businessman, Amazon offers little interaction with suppliers. Yes, I write books, but that’s with my author hat on. Once I take off the author hat and put my business hat on, I sell widgets. (Strictly speaking, I sell nothing: I license copyright. That’s a separate discussion, though.) If Amazon has a problem with me, they’ll shut me off with minimal explanation and not give me an opportunity to get back in compliance. They might offer a big publisher a chance to make whole, but not a little company like mine.
I’m a full time author. Yes, my wife works, but she’s not supporting me. Our goal is to be able to live on one person’s income, so that if something happens to one of us we will be okay. If I do not make enough money to realistically contribute to my family, then I need to get a job that does.
By that measure, I’m successful. (Thank you, loyal readers!)
An amount of money sufficient to support my family is small enough that Amazon does not care about me. My business is quite literally not worth an hour of an Amazon support rep’s time.
So: if I screw up, if I anger the 800-kilogram capybara that is Amazon, and Amazon is my sole customer…
I’m out of business. Kaput. Done. Finished.
Most one-person publishing businesses are smaller than mine. And Amazon cares even less about them. I don’t know if you can have negative caring, but if you can it’s in Amazon’s software.
Let’s go back to how Kindle Unlimited works. The rules are simple. The purpose of simple rules is to be abused. Anyone who knows anything about fraud, or anyone with a security background, can come up with half a dozen ways to scam Amazon out of a share of the profits.
Here’s a way that seems to be in play today.
Start a “book-booster” service. The service automatically generates Amazon accounts and signs them up for the free 30-day Kindle Unlimited trial. It can also “read” the books. This can be built out of the same freely-available software used for building web sites.
When an author buys the service for one of his books, the service checks out “reads” the book.
Poof! The book climbs in the bestseller lists.
The boosted ranking makes the book more visible. Perhaps some real humans will notice it.
The author gets money from Amazon’s pool.
This is a clear violation of Amazon’s terms of service. If you get caught, the Amazon Capybara will eat you. You’re out of business.
Depending on how you ask, the current book-boosting algorithm is either naive, or takes advantage of Amazon’s ranking methods. It borrows the books all in one day. In reality, book sales are spread out and erratic, achieving averages only on a quarterly or even yearly basis.
It seems that when Amazon sees a book getting a one-day sales spike, from accounts that act in concert, it concludes that the author has hired a book-boosting service and closes the author’s account.
How do these book-boosting services attempt to hide their customers?
By also boosting Kindle Unlimited authors who have not hired the service. They’re attempting to make this seem like normal activity.
The catch is–again, Amazon does not care. To Amazon, authors are plentiful and of low value.
If Amazon sees this kind of boost on a KU author, they unilaterally close the publishing account. All books, including those not on Kindle Unlimited, are removed from sale.
And this is only one scam among many. Amazon crushes these scams with extreme prejudice. It isn’t looking to crush one-person publishers, but if a few low-value publishers like mine get caught up in scam-fighting software, that’s an acceptable loss.
There’s no way to know when one of these scam-fighting measures is about to hit you. Amazon’s decision-making processes are opaque.
Now, let’s look at life without Kindle Unlimited.
As a publisher who uses Amazon as one of many sales channels: Amazon is about half my income. Losing them would suck.
If I signed on with Kindle Unlimited, I would probably get enough additional reads to more than compensate for the loss of Kobo, iBooks, and so on. But then I’m completely and utterly at Amazon’s mercy.
I’m playing the long game. No, not a year-long game, or a five-year game. Try twenty years, a hundred years.
My ultimate goal is to guide readers directly to my site for everything, providing a disintermediated revenue stream for myself and my heirs. I want to transform Amazon, Kobo, iBooks, and all the other bookstores into billboards that pay me. That directly conflicts with using Kindle Unlimited.
Where do you want to be in twenty years?
— source blather.michaelwlucas.com By Michael Lucas