Joined October 2020

Switzerland’s spy chief will leave his post, the government said on Wednesday, after a newspaper reported he had fallen out with the defence minister over his handling of a scandal involving a cryptography firm linked to the CIA.

Jean-Philippe Gaudin, elevated in 2018 to head Switzerland’s NDB intelligence service under then-Defence Minister Guy Parmelin, will be replaced by Juerg Buehler on an interim basis, the government said in a statement.

The Tages-Anzeiger paper reported that tensions developed between Gaudin and current Defence Minister Viola Amherd in part because he waited too long to inform her about the affair involving Crypto AG.

For decades, the Swiss company sold encryption devices while being secretly owned by the U.S. Central Intelligence Agency and Germany’s intelligence service, which could freely read what it encrypted. (https://reut.rs/3eEZwNh)

The NDB gave no reason for Gaudin’s departure, saying only that he would take up a “new challenge” in the private sector.

A spokesman for the intelligence service did not immediately comment on the newspaper report. Gaudin could not be reached for comment.

Reports about CIA involvement in Crypto have circulated in Switzerland for years, in particular after the arrest in the 1990s of one of the company’s salesmen in Iran, which accused him of leaking encryption codes to its Western rivals.

But new details emerged in early 2020 when Swiss authorities said they were investigating reports that the CIA and the German BND spy service had used Crypto’s encryption technology to crack other nations’ top-secret messages, stirring an outcry in officially neutral Switzerland.

Read More

Authoritarianism doesn’t always arrive in grand, sweeping, military-style gestures. In Mauritius, an island of nearly 1.3 million people off the coast of East Africa, it has taken the form of an alarming proposal from the Information and Communication Technologies Authority (ICTA), a government agency. Written in clouded, clunky language, the proposal is, in effect, announcing the implementation of a digital surveillance system. The public has until May 20 to respond, which they can do by sending an email to the ICTA.

Read More

In a recent article on clang-tidy I referenced the fact that we’re doing a huge refactoring regarding char pointers, lifetime, ownership and std::strings. Todays post is another one related to that change, where even though everything compiled correctly, it didn’t work. For a compiled language, that is not something you expect. Next to unit tests, a compiler error is your number one sign that you’ve made a mistake somewhere. In this case however, the code all compiled fine. The issue here was an older part of the code not using override combined with automated refactoring in CLion missing some parts of the code during a change. So, the issue in this case is entirely our own fault, it was spotted in the manual testing, but I’d rather had it not happen at all. In this post I’ll describe the problem including some example code that illustrates what happened. My key point is that even though the code compiles, you should always test it, preferably automated with unit and integrations tests, otherwise manually with a runbook.

Read More

Germany’s leading data protection regulator for Facebook has banned the social network from using data from WhatsApp users.

It follows controversy of the messaging app’s latest privacy terms which the authority believes are illegal.

The move follows emergency discussions in Hamburg after WhatsApp asked users to consent to the new terms or stop using it.

WhatsApp is used by almost 60 million users in Germany.

Johannes Caspar, head of the Data Protection Authority in Hamburg said: “This order seeks to secure the rights and freedoms of the many millions of users who give their consent to the terms of use throughout Germany.

“My objective is to prevent disadvantages and damages associated with such a black-box procedure.”

The regulator suggested that the decision wasn’t just about protecting users’ privacy but also to avoid the use of data “to influence voters’ decisions to manipulate democratic choices”, citing the upcoming 26 September parliamentary elections in Germany,

The regulator will now submit the case to the European Data Protection Committee, the body responsible for enforcing the rules across the EU.

Read More

Like Europeans who ventured into Indian country, Indians who traveled to cities often did so warily. Hostile populations, both Indian and white, might render their journeys perilous, especially in times of war. After the Oneida chief Shickellamy died in 1748, his son John (Tachnechdorus) served as the Iroquois representative in the Susquehanna Valley dealing with Pennsylvania. But the French and Indian War in the mid-1750s shattered earlier patterns of coexistence; now war parties ravaged the frontier and the Pennsylvania government offered bounties on the scalps of Indian men, women, and children. Traveling between the Susquehanna and Philadelphia, John Shickellamy was cursed and insulted by “fearful ignorant people” who told him, “to his face, that they had a good mind to scalp him.” Animosities toward Indians during the American Revolution were so charged that Governor Patrick Henry of Virginia had to order militia companies to protect Cherokee delegates on their way to Williamsburg from “a design of assassinating those chiefs,” and several groups of backcountry settlers planned to murder a Delaware delegation on its way to Philadelphia in 1779. And in the midst of war with the western tribes in 1792, the United States government assigned officers to help get Iroquois delegates safely through the Susquehanna Valley settlements. As if escalating interethnic hostilities did not pose danger enough, travelers on the roads near Philadelphia also faced the threat of highway robbers.

Read More

New foreign-agent filings are finally detailing a massive Beijing propaganda operation that’s fueled a sixfold increase in disclosed Chinese foreign influence efforts in the United States in recent years.

I’ve had a good couple of years in terms of tool discovery. Rather than try to tweet about them in bits and bobs, I figured I would write up a few bits and pieces that I like.

Instagram and Twitter have blamed technical errors for deleting posts mentioning the possible eviction of Palestinians from East Jerusalem, but data rights groups fear “discriminatory” algorithms are at work and want greater transparency.

It came as a long-running legal case over evictions from homes in Sheikh Jarrah has fuelled tensions in Jerusalem where hundreds of Palestinians clashed with Israeli police on Monday.

By Monday, 7amleh, a nonprofit focused on social media, had received more than 200 complaints about deleted posts and suspended accounts related to Sheikh Jarrah.

“On Instagram, it was mostly content takedown, even archives from older stories were deleted. On Twitter, most cases were an account suspension,” said Mona Shtaya, an advocacy advisor at 7amleh.

Instagram and Twitter said the accounts were “suspended in error by our automated systems” and the issue had been resolved and content reinstated.

Instagram said in a statement that an automated update last week caused content re-shared by multiple users to appear as missing, affecting posts on Sheikh Jarrah, Colombia, and U.S. and Canadian indigenous communities.

“We are so sorry this happened. Especially to those in Colombia, East Jerusalem, and Indigenous communities who felt this was an intentional suppression of their voices and their stories – that was not our intent whatsoever,” Instagram said.

Read More

Lobster is a programming language that tries to combine the advantages of static typing and compile-time memory management with a very lightweight, friendly and terse syntax, by doing most of the heavy lifting for you.

While it is a general purpose language, its current implementation is biased towards games and other graphical things, with plenty of “batteries included” functionality.

Encrypted messaging platforms are being used “almost exclusively” by serious and organised crime groups, according to Australia’s national criminal intelligence agency.

The Australian Criminal Intelligence Agency made the extraordinary claim in its submission to a parliamentary inquiry examining the Surveillance Legislation Amendment (Identity and Disrupt) Bill.

If passed, the bill will create three new warrants, one of which will allow ACIC and the Federal Police to take control of a person’s online account to gather evidence about serious offences.

Other warrants will allow for data “disruption”, including the ability to “add, copy, delete or alter data”, and network intelligence gathering.

Read More

When we redesigned the Tutanota client back in 2017, we strictly focused on our mission to liberate everyone from being forced to use Google’s services. That’s why we have published our Android app on F-Droid, making it one of the few email apps available without Google’s push notification service. This was a true challenge; so let’s explain how we succeeded.

Open source audio software outfit Audacity, now under new management, is adding some “basic telemetry”, much to the alarm of many of its community.

The request turned up in GitHub this week, aimed at providing some telemetry, and the author of the request, Dmitry Vedenko, explained:

Universal Google Analytics is used to track the following events:

  • Session start and end

  • Errors, including errors from the sqlite3 engine, as we need to debug corruption issues reported on the Audacity forum

  • Usage of effects, sound generators, analysis tools, so we can prioritize future improvements.

  • Usage of file formats for import and export

  • OS and Audacity versions

A UUID stored on the local machine would be used to identify sessions and web analytics service Yandex Metrica used to estimate daily active users.

“Telemetry collection is optional and configurable at any time,” he added.

The change has not gone down well. At time of writing it had attracted over 2,000 “thumbs down” emojis, while a mere 39 users clicked “thumbs up.” Hardly a ringing endorsement.

Telemetry collection is an area that causes much gnashing of teeth and twisting of knickers in the open source community. While some see it as a pointless invasion of privacy, others find it invaluable for solving issues or identifying how people use a product.

Read More

It may sometimes seem difficult to believe but FreeBSD has been around for almost 30 years, with its initial release in 1993. It has evolved tremendously over the years, with the involvement of a great community, who have contributed to its continuous development and fine tuning. This great community that puts its shoulder to the development of FreeBSD consists of three groups: committers, contributors, and users.

If users only run FreeBSD systems, contributors are those who submit patches for consideration. Committers are the ones who assess these patches and decide what goes in and what doesn’t. Or, in more simple terms, committers are developers with read and write access to the FreeBSD repositories. In this article, we will take a look of the strengths that make FreeBSD a trustworthy choice of OS.

Read More

A series of Instagram ads run by the privacy-positive platform Signal got the messaging app booted from the former’s ad platform, according to a blog post Signal published on Tuesday. The ads were meant to show users the bevy of data that Instagram and its parent company Facebook collects on users, by… targeting those users using Instagram’s own adtech tools.

The actual idea behind the ad campaign is pretty simple. Because Instagram and Facebook share the same ad platform, any data that gets hoovered up while you’re scrolling your Insta or Facebook feeds gets fed into the same cesspool of data, which can be used to target you on either platform later.

Across each of these platforms, you’re also able to target people using a nearly infinite array of data points collected by Facebook’s herd of properties. That data includes basic details, like your age or what city you might live in. It may also include more granular points: say, whether you’re looking for a new home, whether you’re single, or whether you’re really into energy drinks.

Read More

On 23 March 2021, LINX London experienced an outage. As this is one of the very large Internet Exchange Points, this is an interesting case to study in more depth in order to see what we can learn about Internet robustness.

One of the hallmarks of totalitarian systems is the criminalization of dissent. Not just the stigmatization of dissent or the demonization of dissent, but the formal criminalization of dissent, and any other type of opposition to the official ideology of the totalitarian system. Global capitalism has been inching its way toward this step for quite some time, and now, apparently, it is ready to take it.

Germany has been leading the way. For over a year, anyone questioning or protesting the “Covid emergency measures” or the official Covid-19 narrative has been demonized by the government and the media, and, sadly, but not completely unexpectedly, the majority of the German public. And now such dissent is officially “extremism.”

Yes, that’s right, in “New Normal” Germany, if you dissent from the official state ideology, you are now officially a dangerous “extremist.” The German Intelligence agency (the “BfV”) has even invented a new category of “extremists” in order to allow themselves to legally monitor anyone suspected of being “anti-democratic and/or delegitimizing the state in a way that endangers security,” like … you know, non-violently protesting, or speaking out against, or criticizing, or satirizing, the so-called “New Normal.”

Naturally, I’m a little worried, as I have engaged in most of these “extremist” activities. My thoughtcrimes are just sitting there on the Internet waiting to be scrutinized by the BfV. They’re probably Google-translating this column right now, compiling a list of all the people reading it, and their Facebook friends and Twitter followers, and professional associates, and family members, and anyone any of the aforementioned people have potentially met with, or casually mentioned, who might have engaged in similar thoughtcrimes.

Read More

Life in Singapore during the pandemic has become about tracking, tracking, tracking. Wherever one goes, one has to scan QR codes that log entry into malls, restaurants, shops and office buildings. For those who have just arrived on the island, it might seem like an uncomfortable intrusion into people’s daily lives and movements. For most Singaporeans, though, this level of tracking – introduced for the purpose of Covid-19 contact-tracing – has become a “new normal” way of life.

Adjustments have had to be made during extraordinary times, which is why most people, including more privacy-conscious civil-society activists, have been generally compliant with Singapore’s contact-tracing systems. But the ease with which people have adapted to this surveillance also reflects how often privacy is forced to take a back seat to other priorities in the city-state.

There’s no right to privacy enshrined in the Singapore Constitution, even though it’s recognised as a human right in the Universal Declaration of Human Rights. Surveillance and privacy intrusions are not only normalised, they’re sometimes even actively proposed; for instance, a ruling party parliamentarian has been calling for the use of technology to monitor and enforce bans on smoking at the windows and balconies of people’s own homes, as a way of dealing with the harms of second-hand smoke.

Read More

While Emacs proponents largely agree that it is the world’s greatest text editor, it is almost as much a Lisp machine disguised as an editor. Indeed, one of its chief appeals is that it is programmable via its own programming language. Emacs Lisp is a Lisp in the classic tradition. In this article, we present the history of this language over its more than 30 years of evolution. Its core has remained remarkably stable since its inception in 1985, in large part to preserve compatibility with the many third-party packages providing a multitude of extensions. Still, Emacs Lisp has evolved and continues to do so.

Important aspects of Emacs Lisp have been shaped by concrete requirements of the editor it supports as well as implementation constraints. These requirements led to the choice of a Lisp dialect as Emacs’s language in the first place, specifically its simplicity and dynamic nature: Loading additional Emacs packages or changing the ones in place occurs frequently, and having to restart the editor in order to re-compile or re-link the code would be unacceptable. Fulfilling this requirement in a more static language would have been difficult at best.

One of Lisp’s chief characteristics is its malleability through its uniform syntax and the use of macros. This has allowed the language to evolve much more rapidly and substantively than the evolution of its core would suggest, by letting Emacs packages provide new surface syntax alongside new functions. In particular, Emacs Lisp can be customized to look much like Common Lisp, and additional packages provide multiple-dispatch object systems, legible regular expressions, programmable pattern-matching constructs, generalized variables, and more. Still, the core has also evolved, albeit slowly. Most notably, it acquired support for lexical scoping.

The timeline of Emacs Lisp development is closely tied to the projects and people who have shaped it over the years: We document Emacs Lisp history through its predecessors, Mocklisp and MacLisp, its early development up to the “Emacs schism” and the fork of Lucid Emacs, the development of XEmacs, and the subsequent rennaissance of Emacs development.

Read More