Your Software Is Secure – Or Is It?

There’s a quote out there that goes:

If you’re not the customer, you’re the product.

That’s directly applicable to any bit of “Free” software you use.  If there’s an ad being shown, if it asks you to install a different browser or tool bar, if there’s an offer to download 10 free MP3s – You Are The Product.

Fair enough.

There are exceptions to that rule.  There are a lot of excellent pieces of software out there that are free with no strings attached.  No phone home tricks, no advertising, and no other gotchas.   Those typically are called “GPL” or “GNU Software” or “FOSS“.  I do most of what I do on Windows, however off that windows machine, I live in that FOSS world of Linux.  If I want a spreadsheet, I merely download Libre Office and I’m happily counting away my beans.

I guess the fact that there is no support network provided with most of that kind of software means I’m still the product but I’ll ignore that.

Once you leave that world of Windows or Mac OSX where you pay and expect complete discretion (and you would be wrong), or Linux where the power of Open Source means you have thousands of eyes looking at the software and putting out a warning that your operating system might be spying on you (Ubuntu), it gets a bit questionable.

The assumption is that with your shiny iPad or iPhone, Apple is looking into that for you.   It’s not completely clear that that is true, and rumor has it that it isn’t.

On the other hand, Android does warn you when your phone or tablet is being asked to sign away your information.   You can still allow it, but it does warn you.   The idea is that the user is expected to be an educated Android user and actually stop and look at the warnings.   On the other hand, when is the last time you took the time to read an EULA (End User License Agreement)

Exactly, even I just skim them.   If it says it’s GPL, I assume it’s OK, otherwise, you may get one  of those programs that says that if you send an email to a specific address, you “win” 1000 dollars US.   Yes, that happened, once, and it took five years for anyone to find it and collect!

The most egregious use of the person being the product lately is the Jay Z app called “Magna Carta”.  Download and install the app and you get to join in and help to promote his CD of his latest “songs”.

Great, if you like that sort of thing.  On the other hand people did start to read what the app wanted to do to your Android phone.   It basically demanded full control, including your personal details, it wanted to start at start up time, and demanded access to your Facebook and Twitter accounts.  The assumption is that it was going to go out and put postings to those accounts in your name saying how much you were enjoying his “songs”.

Rap.  Bleah.  But he’s making my point for me.   It does not say that Jay Z is doing something with all that information, it merely says that the software has access to it.  He is using people as marketing tools to build the social buzz on Facebook and Twitter.  He may never use any of it, and that access may not ever be used, but it begs the question:

Is that in your benefit?
 
When you go to your app store, look around and ask yourself do you really need it?   That app will probably slow your phone or tablet down whether it is on the iPhone or a shiny new Android Tablet because it will want to start up when you turn the thing on.

Is that in your benefit?

That app may want to know who you called today, and forever.

Is that in your benefit?

That app may want access to whatever is running at any given moment.

Is that in your benefit?

The answer to all of that is no. 

Especially that last one.  If you use a smartphone to do your banking, your banking details are POTENTIALLY exposed to any app that is running at that time.   Want to share your bank account information with me?  I didn’t think so, but would you with an app developer?  That answer should still be no.

The best thing you can do with that phone is to make calls with it and keep it clean of unneeded software.  That includes free or paid apps.  There’s too much risk these days.

Sorry to bring bad news but there are some questionable people out there.

Go Away Priyanka, You Are A Worm.

This Priyanka has cropped up on the tech blogs, just about everywhere that I was reading, so I thought I’d jump on the bandwagon.

Got Android?  Read on.
Got something called “WhatsApp“?  Read on.

WhatsApp is a chat client for SMS or other WhatsApp users.  Yes, Yet Another Chat Client has a worm running through it.  Pretty common these days.

It’s an easy one to avoid, simply don’t accept any messages from Priyanka, don’t friend Priyanka… In short, ignore Priyanka and delete anything from it without opening it.

If you have Priyanka in your contacts, then it goes out and sends invites to all your friends on the WhatsApp platform in order to share in on the fun.

Oooh.

The instructions to get rid of them are pretty simple as well, and you can find them at this link.

I’m an admitted oddball.  I don’t do SMS Texting.  At all.  It’s turned off at T-Mobile, so no matter what I’m safe.

Want to talk to me, call me.  Want to send text?  Email.  Yeah I know, it’s not trendy but I’m in front of a computer from 7AM until 11PM some days.  I’ll leave WhatsApp on the shelf for those who are more “smartphone addicted” than I am.

Bamboo Smartphone and Tablet Docks are all done

A while back a neighbor cut down a stand of bamboo that was as thick as your wrist.  I was able to take some of the scrap and cut it to size for a dock for my smartphones and larger ones for my tablets.

After taking the time to cut the wood and try the things out, I realized I really did want to finish the project by staining the bamboo inside and out with poly-seal.   Two coats later, they actually shimmer in the sunlight.  I may go another step further, but it really is pretty much “Furniture Quality” at this point.

Basically they work like the box that the drivers for your speakers for the stereo are contained in.  Give sound a box to bang around in and you get resonance and a louder, richer, and more directed sound.  More bass and better direction.  Since we’re talking about the tiny little squeakers inside of a tablet, they need the help.

Even the one that cracked worked nicely when I screwed it down to a stand to hold it together.  Now that I have all of these docks, five in total, I’m finding that they have their uses.  Why run ugly wires to the top of the medicine chest in the bathroom for speakers when you already have the phone playing music?  One of the docks lives there perched six feet above the ground.

The trick is to not make the hole where you drop the phone or tablet too large.  If the sound leaks through the top of the dock, it can’t be refocused out the ports on the side.  Since the Android phone I have and the iPhone 3G are almost identical in shape at the bottom, it works for all of my phones.

Other than that, unless I find more scrap bamboo or a reason to make more of these things, I’m probably done.  Nice little diversion of a project.  I got to the point where using mostly hand tools, I could make one in about an hour.  After all, what guy doesn’t want an excuse to do some woodworking and make something “cool”?

Do Not Track – It’s A Start But Only A Start

In the “modern” browsers there’s a setting deep down that tells advertisers that you don’t want to be tracked for advertising purposes.

Internet Explorer sets that on by default.
It is also in Chrome and Firefox.

For Firefox you can set it yourself by:
Click on Tools
Click on Options
Click on Privacy

Under Tracking, there is a tick box that promises to tell advertisers that you do not want to be tracked.

Mine is checked, but I don’t believe it actually works.

You see you’re telling someone that you don’t want to be a source of their income.  That’s how advertising works, they have learned that they can watch what you surf and build a profile of what you’re doing.   They can tell pretty much everything you can do.

You can lower their effectiveness but you can’t eliminate what they’re doing unless you do something that is fairly “heroic” by installing all sorts of software or learning another operating system and surfing from that.  There is InPrivate mode in Internet Explorer but it also breaks sites sometimes.  Better solution than most, but nothing is perfect.

When I set up a computer for myself or anyone else, I immediately install a few pieces of software.

Firefox as a browser.

Then I install an extension that is also available for Chrome called “Adblock Plus“.  That breaks some more of the advertising as well as some of their tracking.   The benefit is that I do not see advertising.  I can also block that sort of thing. 

For me, browsing a website on someone else’s computer is a jarring experience.  Ads blink, flash, and sometimes even scream at me.  On my own computer, it’s a blissful experience.

That and it also speeds up browsing. 

I’ve taken it a step further by adding a hosts file onto computers that I am not doing web development on which simply tells the computer not to search any web pages that are at a certain address. 

I went so far as to add a hosts file to my Android phone and it’s quite nice not having to look at ads.  It’s a great “advertisement” for “Rooting” your Android phone.

The software I use on Android is Adfree to help block advertising by placing that hosts file in the right spot.  Just because I want to be “complete” I also installed a Hosts Editor but strictly speaking I don’t really need that.

Both of the above only work on Rooted Android phones.  If you’re not rooted, you’ll need to find a guide on how to do it for your specific phone, model, carrier.   It gets complex but usually there’s a step by step guide to do the work for you.  Once I found mine, it took about 10 minutes.

They can’t track you if they can’t find you.

What did you do with your old Smartphone

After reading this article on Lifehacker, I was left smiling.

So very much bile and grief.

Ok, so you have a smartphone.  It’s older than your contract.  Get it unlocked.   You can even do that with your AT&T Phones.  Mostly, anyway.  There are some phones that are simply hardwired to be with the company you got it from.

My being the king of electronic repurposing, there area a lot of uses that you can get out of the little beasts.

You will want to remove the SIM.   That’s the little chip that tells the phone to talk to the cell towers.  If you managed to get it unlocked, you still can use it for “Old Times Sake” or just give/sell/pass it on to someone else.  But that SIM is required in the new phone to make it work like a phone.

Some of the things I use my hand-me-down smartphones for are:

One of them is unlocked.   I use it when my “real” phone is dead.  Swap in my SIM and now I’m back on the air.  You can even use it when you’re in a bad neighborhood so you don’t lose the “good phone”.

Load it up like an iPod and walk around listening to the same tracks over and over because I can’t stand having iTunes on my laptop phoning home every couple hours.   At least that is easier to deal with on Android.  Fewer programs to “manage” my music preferences.

Download a copy of Magic Jack for emergencies.  You can make free phone calls in the US using your Wifi and this software.

I keep one on the nightstand for when I wake up.  Since the “regular” phone is on charge, I turn this thing on and use it to check up on Radar/Weather/News/etc. 

Internet Radio is great when you have a wifi-only no-longer phone smartphone.  I use a program called TuneIn and can listen to all those streams or radio stations from outside of the house when I’m tired and want something new.

No, this isn’t earth shattering news.  But it is better than tossing it in a drawer and then in the trash in a few months.  May as well use the thing, after all you paid for it, and really you paid quite a lot for it.

CMAS is a TERRIBLE idea

Have you ever had an idea that sounded good?
You know, something that would be a great benefit but in the end turned out really terribly executed so it basically is like banging your head against the wall. 
Something you stop doing when it ceases to be theraputic?

Read on, McDuff, this is one of those ideas.

Luckily I didn’t make this boneheaded mistake.

CMAS is a piece of software that runs on smartphones.
CMAS is a service that allows you to be warned, here is the wikipedia page.
It gets information from some central server somewhere that is supposed to be keyed on where you are, based on the cell towers you are near.   Yes, even if your GPS doesn’t work on the cell phones, you can find out where your cell phone is at based on the old Triangulation technique.  

If there’s something that happens that is an emergency in your area, a notification is pushed to your phone and …

ALL HELL BREAKS LOOSE.

Last night, in the tail of Tropical Storm Isaac, around 4PM, there were some Flash Flood Watches sounded for this part of the world.  Not like they weren’t expected, we’ve had four days of rain in a row and a Duck and Cover Event called the Tropical Storm Watch.  Or Warning, it’s never quite clear which is which. 

When you live in South Florida, these warnings are literally EVERYWHERE.  You simply can not escape it because a helpful neighbor will ALWAYS tell you about it.

Sitting in the green comfy chair, watching the rain fall, there was a Thunderstorm.   We’re used to that here, the storms can be entertaining in itself.

Right as a lightning strike hits, some drone sitting in a building somewhere decided to make my phone disgorge noise.  First it started to vibrate.  Violently.  So as I reach over to grab the phone before it begins a trip to the floor, it then starts to scream like a siren.  Then back to vibrating.

Figuring it was possessed, my first thought wasn’t Oh Let Me Check For An Emergency Warning, Oh no.  I wanted to Kill it with Fire.  As in accelerate it as fast as I could at the nearest Concrete Block and Stucco Wall to MAKE IT STOP.

Had this happened while I was driving, there would most likely be an automobile accident.  Mine.

Regaining composure I found the settings for this vile software.

I had three levels of Alerts. 

  1. Presidential Alerts
  2. Imminent Threats
  3. Amber Alerts

I was able to immediately turn off Imminent Threats and Amber Alerts.  Helpfully, this evil software said “Presidential Alerts are always presented.”

This piece of software may not be removed.
This piece of software may not be turned off.
This piece of software may not be modified so that the alarm sound is less offensive.
This piece of software may not be modified so that the vibrate can be turned off.

This piece of software will be the reason why I will be “rooting” my phone, then installing another “operating system” so that I won’t have to experience this “feature” in the future.

Cyanogen Mod will be in its future.

You see, this is the problem with software these days.  You have a marketing drone somewhere that says Oooh We Can Give The This Feature And They Will Love It And Pay Us Money.

Remember you can’t uninstall this.  You are locked out from this particular feature.

I can’t even find an example of it in Google Play so that I can explain what it is. 

T-Mobile’s page on this software is here if you want greater detail.  I just want to know how on earth to block this thing.   It is like killing an Ant with a Sledgehammer.

I do know in the future, my purchases of Android hardware will be governed first and foremost by whether or not there is “Locked In” software like this and if I can “root” the device.  

My Device, My Rules.

That unfortunately is a big problem with software these days, whether it be Android or Windows or what have you.  I spend more time removing software from a brand new computer than I do installing operating systems.  Spyware, useless browser toolbars, and games that report back to the writer what you are doing for more pertinent advertising are the norm on Windows.  At least you can remove them there, in the case of my little purple phone, I have to go to the level of wiping it clean and starting over. 

Sad really, because the addition of things like Twitter or Facebook are only useful on a phone if you have an account and use them.   I do not have a Twitter account and do not want one so why can’t I remove the software again?

Oh right that Marketing drone.

Oh well, it will be gone too I hope.   In the meantime, while I fully support President Obama, I’m hoping that he doesn’t send out an order to make the phone do that again.  It was just too much of a shock the first time.  Once in 9 months is enough.  Three times in one night was ridiculous.  Since all it did was scare the living daylights out of me and not provide me with any useful information it really does need to go.  A Cancel Box plus a one line blurb saying that there was a Flood Watch In Effect is simply scaremongering.

CMAS is currently a voluntary service that needs to end.   At least in this particular way of providing the “service”.

Beginning of the end for Flash?

Steve Jobs famously would not allow Flash on his “iDevices” like the iPhone and the iPad.  It used to be a major annoyance.  It slowly became less important as newer technologies replaced it like HTML5 which does not require messy solutions like extra software.

You know, Plugins?

Flash has just been removed for Android.  Today, it no longer shows up on the Google Play store.   There is something called “Open Flash” that promises that it will play flash files on your tablet.

That means that effectively Flash is dead on phones and on tablets.  That’s important because many people really could get away with only ever using a tablet to do their normal computing.

I found myself wondering whether it was a big deal or not.  I reached down and grabbed my tablet, swiped to unlock, then did a little digging.   It turns out that I never bothered to install Flash on the tablet.

At all.

Flash is on my Windows machines.   Flash is on my ancient hand me down Mac in the back room that is gathering dust.  I went through the painful install procedure to get Flash on my Linux machine. 

It’s just not on the tablet or the phones.

I guess it’s not going to make the transition to the “Post PC World”.  It’s always been a minor annoyance on Windows, demanding that it be installed if you go to Youtube to watch a video like the one below of a Golden Retriever in China guarding his owner’s bike from being stolen. 

Totally safe for work, by the way.

So you can consider that as a test, I won’t tell the boss.

Actually it will be nice to not have Flash on my Windows computers.   Flash is constantly demanding to be updated, almost as frequently as Adobe’s other software, the PDF readers are.  It’s at least once a week I get a notice telling me that there was yet another exploit that is being plugged by this particular update so please don’t uninstall the software because we really do want you to use it.  

Now if we could only get Java to actually install correctly on an update, we might have a more pleasant experience.   I just can’t seem to remember why I even keep Java on my machines…