Hiding in Glass Houses

You’re building glass houses on the sand
Then you stand around and shake your head
When they all fall down
From Glass Houses by Steel Magnolias

So the big tech and style news this month, in case you missed it, was Apple’s hyperbole laden and new(ish) iPhone 4s and iOS5. This baby boasts everything better, faster and smarter (Siri notwithstanding) than the old school iPhone 4. Including this swell new(ish) app called Find My Friends which is described in Slashgear thusly [emphasis mine].

The free app, which uses GPS to locate your friends and family and, if the privacy settings mash correctly, display them on a map in real-time, can be found here.

But as Aahz the Pervect was wont to say “Therein lies the story”. That deal about privacy settings should be a clue [hint – turn them all off]. There’s even an interesting thread on MacRumors making it’s way around the blogosphere with a tale to make divorce lawyers weep. In agony or ecstasy depending on which side they represent.

I got my wife a new 4s and loaded up find my friends without her knowing. She  told me she was at her friends house in the east village. I’ve had suspicions  about her meeting this guy who live uptown. Lo and behold, Find my Friends has  her right there.

Regardless of the veracity of the post, I posit the following question: Who really thinks it’s a good idea to have everyone know exactly (within 10 meters) where you are at all times? I can think of a number of folks, in addition to suspicious spouses, who love this idea including:

  1. Law Enforcement – rounding up the usual suspects has never been easier
  2. Burglars who prefer victims to be elsewhere than the location being burgled – saves all that unpleasantness associated with being surprised by irate property owners.
  3. Employers who want to verify that employees are actually working from home – or really at the dentist instead of interviewing for another job.

Now certainly there might be situations where this feature would have a non-nefarious or even beneficial usage, like say finding a missing child. I’m just doubtful that would work in a serious situation like say kidnapping. Unless the kidnapper was stupid enough to keep the phone,  like say users of Find My Friends.

You see, here’s the deal – owning a smart phone or other GPS-enabled mobile device is like hiding in a glass house. Unless you take extraordinary measures anyone can find you. At any time.  Problem is most users of the aforementioned devices have no idea how exposed they are by default – not to mention what happens when they use an app like Find My Friends.

About now you may be thinking, “Yeah, well maybe that’s true, but everybody knows that privacy has been dead since 1999 so deal with it”,  channeling Scott McNealy’s infamous comment. Or even “You shouldn’t be worried about privacy unless you have something to hide”.

And that, my friend, is what concerns me. When everyone accepts this truism and becomes willing to trade their privacy – and ultimately their liberty to disagree with whatever authority is currently watching – for slick but useless diversions there will be serious consequences.

We may not be able to do anything about our modern life in glass houses. But at least we can try to hide without constantly screaming our location.

Security For All is three years old!

Happy Birthday, now your one year older.
Happy Birthday, your life still isn’t over.
Happy Birthday, you did not accomplish much.
But you didn’t die this year i guess that’s good enough.
From Funny Happy Birthday Song by Adam Sandler

Hard to believe that last month marked the third anniversary of Security For All. Actually the really hard thing to believe is that I actually found time to do this post. Whining aside, this last year has been a corker for everybody. A whole bunch of wild, wacky, wonderful, wasteful, woeful and wicked things happened during the last 13 months. I ‘ll leave it as an exercise to the reader to assign the appropriate W-word to the items in the following list. In no particular order:

  • Steve Jobs, co-founder, chairman and former CEO of Apple passed away on October 5th, 2011 after a long struggle with pancreatic cancer. He was just 56 years old. It’s hard to imagine anyone who had a greater impact on technology and society. He will be sorely missed.
  • Britain’s Prince William announced his intention to marry long-term girlfriend Kate Middleton on November 16, 2010 , and subsequently followed through on that threat on April 29, 2011 where it was described thusly by USA Today: More than a billion eyes were on Kate Middleton as she stepped out of the queen’s 1977 Rolls-Royce Phantom VI in front of London’s Westminster Abbey on Friday wearing a wedding dress of fairy-tale princess-esque proportions — a dress that will be immortalized in fashion history. There were at least as many spammers and phishers rejoicing over the joyous event.
  • Nasa discovered a new lifeform, a bacteria they christened the GFAJ-1 strain, that apparently substituted arsenic for phosphorus, sparking all sorts of extra-terrestrial bacterial visitation speculation. Would have been game-changing if only it had been accurate. Oh well another study for the The Journal of Irreproducible Results.
  • The United States Senate voted to repeal the U.S. military’s ‘Don’t Ask, Don’t Tell’ policy of officially sanctioned homophobia. While the law has been in effect for several months now apparently a number of right wing politicians and military cheeses haven’t gotten the memo. Or maybe they just can’t figure out how to use the Reality distortion field that worked out so well for President Bill Clinton and Apple CEO Steve Jobs. The more plausible possibility is that they can’t find anyone on their staff able to read something as complex as a memo.
  • U.S. Rep. Gabrielle Giffords was shot in the head by a lone wack-job after being included on Sarah Palin’s ‘Hit List’. But the craziness didn’t stop there. Sales of semiautomatic Glock pistols like that used in the shooting spiked in Arizona and across the nation in the days following the attack. Fortunately Ms. Giffords was able to overcome the staggering odds and appeared in person at her husband, Astronaut Mark Kelly’s retirement from the Navy. Not sure what the moral of this story is but I’m a little reluctant to hang out anywhere near people who disagree with Ms. Palin.
  • The now aptly monikered Arab Spring began in January of 2011 with the president of Tunisia being driven from power by violent protests over soaring unemployment and corruption. In the following months Egypt and Libya have seen regime changes with  Bahrain, Syria, and Yemen also seeing civil uprisings. If Desert Storm (U.S. vs. Iraq episode 1) was the first made-for-TV conflict, Arab Spring must certainly count as the first made-for-social-media revolution. Whoever said “The Revolution will not be tweeted” was dead wrong [apologies to Gil Scott-Heron, who also died in 2011, and is maliciously mis-quoted here]. It’s also been argued, debated [no – scratch that – since real debate requires some level of basic knowledge and understanding of the topic which is simply not available in this case] and pontificated on, via traditional and the newly enfrancised social media. Speaking at the e-G8 Internet Forum in Paris, Facebook CEO Mark Zuckerberg downplayed Facebook’s role in places like Cairo, Homs and  Tunis, saying “It’s not a Facebook thing, it’s an Internet thing,” when asked about his site’s influence on the Middle East’s popular uprisings. “There’s no value to Facebook in invading the privacy of folks in those places.” [I made that last quote up – but I’m sure that’s what he meant to say].
  • A tsunami rammed the coast of Japan following a powerful 9.0-magnitude earthquake causing widespread devastation and essentially shutting down some of Japan’s largest manufacturers including Honda and Toyota. But by far the greatest damage that resulted from this disaster was the meltdown of the Fukushima Dai-ichi nuclear power station in northeast Japan. This part of the tale just kept getting worse each day as the Japanese government and Tokyo Electric Power Co (TEPCO) kept trying to reassure the public and the world that things were under control. Some would argue that it’s still not entirely under control as there have been elevated levels of radiation detected in the Pacific waters as far away as the west coast of the U.S. So now a tsunami caused by a monster earthquake has turned into the worst nuclear crisis since Chernobyl in 1986, costing TEPCO 1.1 trillion yen. So far.
  • Osama bin Laden, the mastermind of the 911 attack, was killed in a firefight with [actually he was terminated with extreme prejudice by] United States forces in Pakistan. Turns out he’d been living in relative comfort in Abbottabad. Right under the noses of our Pakistani “allies”. Pakistani officials were “Shocked, Shocked! To find Osama bin Laden living in Pakistan”. [OK, I made that last quote up too].
  • On May 22, 2011 a massive EF5 rated tornado tore through Joplin, Missouri, killing over 120 people, carving a mile-wide path of destruction through the city and leaving fully a third of the population homeless. Somehow the people of Joplin, with the help of many other Americans, managed to rebuild enough of the devastated city to open all schools on time for the fall semester. It’s stuff like this that keeps my scant faith in my fellow citizens alive.
  • Former Illinois Gov. Rod Blagojevich was found guilty on 17 out of 20 federal corruption charges — including all charges tied to allegations that the Chicago Democrat tried to trade an appointment to fill the U.S. Senate seat vacated by President Barack Obama. Guilty! Thank You, That is all. [Apologies to Mr. Toad’s Wild Ride]
  • In a frenzy not seen since the televised O.J. Simpson trial, Court TV became the latest reality-TV-cum-spectator-sport. Complete with announcers and color commentators like Nancy Grace. First we had the trial of Casey Anthony, who allegedly murdered her daughter Kaylee, which got better ratings than any Soap Opera and triggered widespread protests when she was acquitted (much to the chagrin of the aforementioned Ms. Grace) and pitted Floridians against each other, some restaurants even refusing to serve jury members. Those jury members later whined that had they been allowed to listen to Nancy they would surely have reached the right decision. Then we had Warren Jeffs, a particularly egregious polygamist, child pornographer, prophet of doom and leader of strange religious cult centered, apparently, around him getting it on with very young girls being tried for that lifestyle choice. This trial was so salacious that even I was taken aback when Dr. Drew Pinsky insisted that it was the right, yea even the duty of the court TV “journalists” to show the videos of the nasty Rev. Jeffs deflowering his youngest “brides”, video apparently being a sacrament in this cult. I’m guessing that the CNN lawyers were offering up their own prayers that the FCC would ignore Dr. Drew’s apparent journalistic fervor and not go after them for child porn. And finally we have the ongoing show trial of Dr. Conrad Murray who allegedly administered the fatal dose of propofol that killed Michael Jackson. This trial is hardly worth the nightly hystrionics of Dr. Drew and Nancy Grace (tag teaming this one) since the worst that can happen to Dr. Murray (other that the fact that the king of pop died before he could get paid) is that he can get probation. He’s already lost his medical license not to mention his credibility with anyone other than celebrities with nasty prescription drug habits. If you don’t think Mark Mothersbaugh was right about ‘de-evolution‘ you should tune in some time.
  • Then we had the ‘Spectaular Summer Debt Ceiling Crisis’ starring the U.S. Congress with special guest stars Pres. Barack Obama and Timothy Geitner. This long running polical theater farce, based on the hit ‘Nero Fiddling’ had them rolling in both aisles to the disgust of viewers all over the world. This amazing display of gridlock and political brinksmanship resulted in Standard & Poor’s downgrading the creditworthiness of the U.S. government to AA+ from AAA. What a show.
  • In tech and business, Google acquired Motorola Motility, AT&T attempted to acquire T-Mobile but was slapped down by the DOJ. HP released the TouchPad, announced it’s killing the product line, sold the few they had built at a fire sale which was so popular they ramped up for another TouchPad fire sale. WTF? Apparently the notoriously quick on the fire-the-CEO trigger HP board had the same reaction and dumped Leo Apotheker for Meg Whitman of (GOP and E-Bay fame). But not before the stock did a swan dive.
  • The Sony Playstation Network (PSN) was well and truly pwned. Fingers were pointed everywhere but in the end it was just good old bad engineering and security hubris that proved their undoing. That and trying to piss off PS3 modders.
  • Then there was Anonymous whose DDoS-in-the-name-of-protest efforts were alternately lionized and villified in the media and political circus and managed to annoy pretty much everybody at sometime or another. They didn’t like Sony either and were early scapegoats in the ongoing Sony CYA efforts. Their 15 minutes is waning fast, but those Guy Fawkes masks are totally bitchun.
  • Security Bloggers were busy little beavers with Dr. Anton Chuvakin taking a new job at Gartner, Martin McKeay and Josh Corman taking jobs at Akamai,  Ben Tomhave taking a job at LockPath, Jack Daniel moving into a new gig at Tenable after they acquired Astaro and Kai Roer and Mourad Ben Lakhoua editing a great book with articles by Dr. Anton Chuvakin, Margaretha Eriksson, Alistar Forbes, Brian Honan, Alex Hutton, Javvad Malik, Wendy Nather, Rob Newby, Kevin Riggins, Eric Schwab and  Lori Mac VittieThe Cloud Security Rules: Technology is your friend. And enemy. A book about ruling the cloud.
  • Finally Captain X-Ploit went completely off the rails with two spectacular holiday specials. The Halloween Special consisting of four posts: The Devil Walks Among Trustonians, Movies Can be Fun, Nightmare on Dream Street and  28 Stores Later which spoofed the classic horror films Halloween, The Ring, Nightmare on Elm Street and Dawn of the Dead respectively. The good Captain faced crazed mass murderers, lethally cursed movies, dream demons and spam distributing zombies and prevailed with great and hilarious feats of hacking. The Amazing Cross Dimensional Christmas Special was a heartwarming mashup of Fox’s “Fringe”, Dr. Suess’s “How the Grinch Stole Christmas” and Tim Burton’s “Nightmare Before Christmas” where David and President Ted save Christmas. Sort of.

So stay tuned. Maybe we’ll be a bit more concientious about blogging at Security For All. Or not. But it will probably be pretty funny and borderline informational.

Oh and be sure to actually go to the Security For All blog site and check out our annual swell theme change.