Vitalsecurity.org

Test post...

2009-11-07T00:31:00.001+03:30

Epic publishing / post loss fail, hopefully nothing to worry about...

My thoughts on Lose / Lose

2009-11-04T20:10:00.013+03:30

There's a bit of a wing-ding at the moment concerning a game called "Lose / Lose" that deletes your files while you play it.

The game has been around since at least September, and yet despite this I don't believe I've seen a single complaint about the program. Link:

Lose/Lose is a video-game with real life consequences. Each alien in the game is created based on a random file on the player's computer. If the player kills the alien, the file it is based on is deleted. If the player's ship is destroyed, the application itself is deleted."

"By way of exploring what it means to kill in a video-game, Lose/Lose broaches bigger questions," the game developers say. "As technology grows, our understanding of it diminishes, yet, at the same time, it becomes increasingly important in our lives. At what point does our virtual data become as important to us as physical possessions?"

I don't know about you, but I rather like the concept.

Still, this game has been kicking around for a few months now with no fuss - and then all of a sudden, Symantec are calling it a Trojan and sites abound with pitch forks and hand grenades.

Some observations:

1) The above video is absolutely ludicrous. They note that the game clearly warns you of what it will do if you run it (delete files) and then proceeds to show us the game....deleting files, as if this is somehow something to be shocked by.

Well, duh.

2) Many current references to the game are couched in dangerously obscure terms, as if to make it sound like the researchers talking about it hiked up a mountain, wrestled a bear or two then carried it down on their back for us to prod with a stick. From the Symantec blog:

"Takashi Katsuki, one of our Tokyo engineers, came across just that today."

Came across? Came across where? The official site, that was ALL OVER THE INTERNET when the game was first revealed and marketed as a game that deletes your files should you run it?

"Researchers have discovered a trojan" From ITPro. "Discovered"? Man, that must have been hard work wading through such obscure sources as, er, Wired, Rock Paper Shotgun, The Escapist, Joystiq, Techdirt and half the online gaming press.

As noted by Lose/Lose creator Zach Gage, you now have the surreal situation where a site such as Softpedia simultaneously offers it as a download AND flags it as Malware.

3) Some justification for flagging this is as a Trojan is that "There’s nothing stopping someone with more malicious intentions from modifying it slightly and then passing it on to unsuspecting computers, causing significant damage to a computer."

Firstly, couldn't you say that in relation to just about any program? Seems like a bit of a weak reason for specifically marking it out. Are they also going to flag psDooM , which has allowed you to - quite literally - blow away system processes since 1999 on the basis someone could "modify and do naughty things with it"?

Get it now on Mac, kids!

Second, the game ALREADY causes "significant damage" if you run it in its current state, which is nice enough to give you a great big warning when you run it.

If you cannot understand the plain English warning, too bad. If you have kids who somehow manage to obtain the game, then run it on your Mac and you lose everything like The Guardian suggests - maybe you shouldn't let your kids download whatever they feel like?

4) I'm concerned that the creator of a rather interesting art experiment is now forever to be known as "that guy who made a Mac Trojan, lol". This was someone who made something, fully disclosed what it did and made a credible creation borne out of his ideas and hey, it seemed to go down pretty well. Now? Trojan, lol.

5) I also have an issue with the writeup of the "threat" - at no point that I can see does it mention you have to download the game voluntarily, and that the game warns you in BIG RED LETTERS what it will do if you play it. I'm also faintly alarmed that this game is being called a "Trojan" when everything it does is disclosed both on the homepage and also in the program itself. Compare and contrast with this thing, which pretended to be a safe game then went on to trash your computer via hidden infection files - with no warning.

Not so much a Wooden Horse as one made out of paper?

Marketing fail

2009-10-27T13:03:00.002+03:30

All your Facebook are belong to us!, originally uploaded by Paperghost.

Here is your daily dose of plumbing the depths.

Vkontakte Targeted By SMS Scammers

2009-10-26T13:52:00.000+03:30

Vkontakte Graffiti Spam, originally uploaded by Paperghost.

Vkontakte Scam Windows SMS Hijack, originally uploaded by Paperghost.

Popular Social Networking site Vkontakte.ru is currently under fire by a group of file dropping, password stealing, SMS moneygrabbing bad guys. More here.

When are you beyond all hope?

2009-10-25T18:44:00.003+03:30

"I thought no way - I'm not falling for it, so just to be sure I tried it."

When you say that. Phish victim of the week, bar none.

More on that Kaspersky thing...

2009-10-20T23:26:00.001+03:30

...here. I've added a comment. For the record: I like their products, and use some of them myself. However, I think this is a bad idea and it makes me a sad panda.

Nothankyou.jpg

2009-10-20T12:50:00.006+03:30

Biometrics, identity cards and scanning your face in snappy snaps are all hot topics in the UK, if only because nobody seems to want them yet people who want to take money from you insist on jamming them down your throat anyway.

Well, I saw this earlier today and could feel at least seven or eight brain cells fry in a rage of rageyness.

"UK Ready and willing for biometric fingerprinting".

More than half (56 per cent) of Britons are now willing to give their biometric data to retailers and financial institutions to prove their identity, according to new research from Unisys.

Nearly everyone (95 per cent) was willing to give their fingerprints, while 90 per cent would use iris recognition.

You know, if you're going to put up something that sounds identical to a press release - at LEAST disclose what the people who provided the survey do, because it may well be somewhat relevant to the idea or issue being promoted. Not everybody has the time to go Googling for things in relation to random articles that proclaim biometrics "the best thing ever".

Many will see that piece, assume Unisys are some kind of survey company, or PR firm, or etc etc etc and go about their daily business thinking "Oh well, if everyone else thinks they're awesome these biometrics / ID cards / databases can't be all bad, then".

But even if you don't know who they are, one quick search gives you this:

Unisys, a developer of biometric and security solutions, has announced it has received an extension on its existing contract with the Australian Department of Immigration and Citizenship covering desktop support and biometric services.

And this:

Unisys has worked with the Department of Homeland Security from the start.

And this.

Unisys provides national ID card management and other biometric security systems.

That's right everyone, the UK is ready and willing for biometrics, says someone WHO MAKES BIOMETRIC TECHNOLOGY AND WORKS WITH GOVERNMENTS.

While this might not be news to people working in tech related fields, not everybody knows who Unysis are (and the article certainly doesn't point out this somewhat important bit of information).

Meanwhile, the Government are rethinking DNA data retention, pocket change is being hurled at ID card promotion, the Tories say they'll bin cards and databases should they get into power and only 2,000 Mancunians picked up a voluntary ID card which almost makes up for years of annoying people with that bloody football team.

I can't point you to a big pile of people jumping up and down yelling hooray for biometrics and ID cards; however, I can point you to groups who object to biometrics in schools, and larger entities who pretty much object to the whole shebang.

In conclusion, not only am I not "ready and willing" for Biometrics, I'm hard pressed to point to anybody else I know who doesn't think the whole thing is an excercise in security theatre and a great way for Governments to coin in some extra bling while hooking their grubby paws into every aspect of the daily lives of its wage slaves.

Sorry, "citizens".

Uh, how about "no".

2009-10-17T01:40:00.000+03:30

Ladies and gentlemen, a terrible idea.

ID Cards And Poor Excuses

2009-08-19T00:37:00.004+04:30

You know what sucks? ID cards and poor excuses.

Yes, the clue was in the title.

Something that bugs me about the gradual creep, creep, creep of ID cards is that you just know eventually, they'll tie those stupid bits of plastic to essential services that you simply cannot do without. Sure, they'll be "optional" - if you want to live like a stinky hobo.

You don't, do you?

Well there you go, then. "Optional" is a joke when used in relation to these cards. I've been saying it for a while, and sure enough this popped up on The Register the other day, in relation to a local council offering up a "voluntary" ID card that local people can use to get discounts on numerous services - meanwhile, pesky outsiders get charged a higher price to do stuff...

"There is no obligation on local residents to use this card. However, some services, such as access to the local library or the Household Waste facilities, will only be made available on production of a card."

Naysayers will point to the closing comments of the piece in relation to how the above is a load of rubbish:

In this case, the initiative appears to have less to do with the drive towards a database state, and far more to do with Hillingdon Council finding new ways to fund their services via stealth taxes. Their stated aim is for this scheme to cost nothing overall, as the price of local services will be fixed for residents – but increased for anyone coming in to Hillingdon from outside the Borough.

If other Councils buy in to this approach, then over the long term it might encourage individuals to make greater use of local services, as the price of out of area services becomes relatively more expensive.

Unfortunately, I'm going to have to call shenanigans on this one.

With specific regards to Council services - which are highlighted in the article - how many people go to another council borough to visit a library instead of the one on their doorstep, or use another councils household waste facilities (one county council alone has eleven of the things - is there really a council anywhere in England that doesn't have one such facility?) - or any other number of council services that their own council would logically provide?

Perhaps you might conceivably travel to another council district if you were looking for an obscure copy of Fly Fishing by JR Hartley or something, but if "stealth taxes" on council services for "outsiders" using council services like waste disposal are the overall objective I can't see them pulling in much money from it.

Speaking of which, some 400 businesses have apparently signed up for this scheme. Is this an idiot tax on people unfortunate enough to have to commute to (or through) Hillingdon? Because it doesn't take a genius to work out that people being charged more for being outsiders will simply start taking their business - and businesses - elsewhere.

In essence, Hillingdon just became an inbred shotgun waving outpost of fail. The logical extension of this scheme - if rolled out to everybody - says "Stay in your council area, and never go outside" which seems to be at odds with the rest of the worlds need to, you know, do stuff outside of your own little patch of land.

Oh, and as a final rebuke to the claims of this card being a way to ward off evil outsiders from using council services - here's a map of the London Borough. Harrow, Ealing and Hounslow are next to Hillingdon - and all of those councils are full of "libraries and waste disposal services", two of the services mentioned by Captain Council Flunky.

I'd imagine they all have the rest of the services that the glorious Hillingdon provides too, so what exactly are people going to come into Hillingdon to use that they can't get from their own area? Swimming pools? Pest control? Crackpipes?

Beats me.

"Voluntary" cards that are actually required unless you want to be excluded from what will no doubt be an ever growing list of basic services. Didn't see that one coming, did you.

Wait, you did? Ah...

Gamerscore hacking

2009-07-27T13:51:00.003+04:30

XBox Profile Editing Progam, originally uploaded by Paperghost.

Lots of people are indulging in a little leet hax action where XBox360 profile are concerned, artificially inflating Gamerscores then selling on the accounts to suckers.

Read about how these dubious deeds relate to the underground economy (and how you can pick up stolen accounts with credit cards attached for as little as $4) here.

Write about phishing, get threatened with the FBI

2009-07-15T21:32:00.002+04:30

Some awesome work by Ebay / Paypal yesterday, assuming "writing to someones webhost with lots of threats related to copyright infringement and then running to the FBI all because someone put up a screenshot of a phishing mail with your brand on it" means "awesome" nowadays.

Which is doesn't.

Gigantic amounts of fail can be yours for the taking here.

Some downtime scheduled...

2009-07-14T13:55:00.002+04:30

I'll be messing with things behind the scenes later today, so don't be massively surprised if the site is AWOL for a while. It might even come back online too - bonus...

Smacktalk Fail

2009-07-10T16:17:00.002+04:30

Oh dear.

GMail and IP Addresses

2009-06-30T16:22:00.005+04:30

My pals over at Sunbelt have written about a feature of GMail I didn't know existed:

"Click “Details” and you get an overview of your accounts activity, including whether it’s from POP, a browser, or a mobile phone"

It also gives you IP addresses. Now I'm of the opinion that grabbing the IP address of someone who has hijacked your GMail is an interesting prospect - however, this also means that anybody able to hijack your GMail account has your IP address too, and they'll have yours before you have theirs. To be honest, I think the potentially tiny benefit of having an attackers (potentially fake) IP is greatly outweighed by them having your IP.

Call me paranoid, but is it time to break out proxies and VPNs for GMail now? Perhaps there's a way for Google to implement some kind of password protection that's required to be able to access this information - but of course, if that password is tied to GMail itself then presumably the attacker would have access to that too - so how would you do it?

Suggestions on a postcard to Google, please...

Hackers Target Neopets Users

2009-06-30T11:06:00.002+04:30

Neopets Scam, originally uploaded by Paperghost.

Targeting 12 year old kids with keyloggers?

Oh Lordy. More here.

Save us from these idiots

2009-06-26T17:16:00.009+04:30

So some old guy who clearly knows nothing about computers - or how many internets you can fit into them - is seriously rubbing me up the wrong way.

“You need youngsters who are deep into this stuff… If they have been slightly naughty boys, very often they really enjoy stopping other naughty boys,” he said.”

Wait, what?

Look out, clueless guy ahoy.

Apart from the fact that there's something distinctly pervy sounding about calling them "naughty boys" and "enjoyment" at them "getting caught" - we're not in some sort of boarding school here - this is the biggest heap of crap I've heard since the last time some old guy who knows nothing about computers talked a load of old crap.

Let's go out and hire (nay, REWARD) a bunch of talentless, idiotic script kiddies who haven't done very much of note to defend a country? Oh yeah, that's genius, that is.

Except that they

a) have little to no technical knowledge
b) enjoy cutting and pasting other peoples work (due to the whole lack of knowledge thing) and
c) are idiots, who leave their entire life across ten social networking sites then wonder how come you're waiting outside their house with a baseball bat and a length of cheesewire.

Last time I checked, the SAS was not full of morons. Nor are the SEALs, or any number of dedicated anti-whatever teams. Why should UK cyber security rather predictably be given the bastard children of a thousand leftover takeaway meals to defend it?

Idiots commanding idiots, I love it. I'm going to go out and phish six hundred XBox Live accounts, I might be in Whitehall within six months. Let me tell Old Man McGinty something - I have waded through a crapload of script kiddies, and every now and then even convinced them to do the right thing(TM).

But you know what? In order to get them to do the right thing, more often than not I had to THREATEN THEM WITH HORRIBLE AND EMBARRASSING THINGS. It took time. It took effort. It took pictures of them cavorting with their rather large and thuggish best mates girlfriend. Sometimes I did the cavorting.

It took all of these things and more, to get a TINY percentage of people to stop being morons and play good guy for a while - and only for a while. Where are these magical script kiddies - who really, really want to be good, honest they do - Old Man McGinty is talking about? Can we have some of them to play with?

Oh, right. Didn't think so.

I've said it before, and I'll say it again - UK law enforcement tackling cybercrime is like Stevie Wonder playing Dance Dance Revolution. And all these ancient Government type guys who are older than the telephone need to get out of the way and stop talking about computers, technology and (most of all) script kiddies.

Because they have absolutely no idea what they are talking about.

Oh, the rage.

Also: More sensible takes on this here and here. I'll just stick with the ranting and cheap insults, for those are my boomsticks and I'm happy to deploy them.

Spam of the day

2009-06-16T12:44:00.004+04:30

Rohan Crones, originally uploaded by Paperghost.

...Rohan Crones? Are they old women from Lord of the Rings? If so, I'll have two of those and a Russian bride to go, please.

Remember kids, people lie on the Internet

2009-06-16T12:41:00.002+04:30

Oh dear.

Ten asshole points awarded to the social engineer for decimating an entire gaming clan, I guess.

Pastebins and Botnets

2009-06-15T14:16:00.002+04:30

I loves me some Pastebin action, and I loves me some Botnet action too. If someone were to combine the two and toss around an idea where Pastebins could be used to issue commands to Botnets, would I be interested in taking a look?

You bet. One of the more interesting things I've come across recently.

When will they learn?

2009-06-11T10:53:00.003+04:30

Honestly, when someone waves their arms around in the air and goes "hack me", you can bet someone will turn up minutes later and say "okay".

So it went with the recent Strongwebmail competition, where Lance James pulled a few A Team moves and pocketed a cool $10,000 in return for pwning their supposedly unpwnable CEO email account.

I really don't know why companies offer themselves up for a public gutting where competitions such as this are concerned, but whatever. You can read an interview with Lance here, although he doesn't say if he's Mr T or Hannibal which is a bit of a letdown.

JetKing: They came, they saw, they rocked

2009-06-05T23:53:00.007+04:30

At the height of the "Myspace band hacks" back in 2007, I have to confess to being somewhat underwhelmed by reaction to the problems facing the bands on that social networking site. It seemed most bands were puzzled at best and disinterested at worst by the mass hack attempts on their pages.

However - one band actually took an interest in it, and had been fighting the good fight for some time while I was only just starting to dig into the problem. That band would be JetKing, and they really flew the flag for bands that were getting it in the neck from all the phishing & malware spewing that was going on at the time.

We've kept in touch to this day, and I was flattered when they sent me a copy of their debut album a week or so ago. I'm happy to report that the album is bloody good and well worth investigating (I've had "Smoke and Mirrors" lodged in my brain for a few days now). It's an interesting mix of guitars and electronica, but what caught my eye (ear?) was that neither element was overloaded or overdone - there's a nice bit of breathing space to the tracks and that appeals to me as a one time orchestral bod. And hey, you can rock out to it so +1 for that.

You can check out a few of the songs on their Myspace page and there's a review here that pretty much says what I was thinking about the album myself. Cheers for that, album reviewer guy.

JetKing: flying the flag for music and security.

That's always a good thing, isn't it? Good luck with the album Vaughn, and thanks for being interested in the whole security thing at a time when so many others affected by the same problem weren't. It made a difference :)

If it's not for you, just move on

2009-05-29T19:10:00.004+04:30

It's an unspoken rule of security that anytime a story about something that isn't THE END OF THE WORLD appears, a guy will show up and loudly deride the story / the author / why it isn't important or "newsworthy" or something else he feels like complaining about.

Case in point, a week or so ago people were coming to me worried that their Playstation consoles were "infected with viruses". I looked into it, saw there was nothing to worry about and wrote about it on TechRadar. Sure enough, the very first comment posted was this:

"I'm sorry but anyone who is fooled by this is a complete moron. A picture of XP My Computer and a reference to ‘your PC’, I suppose he thinks those lovely ladies he speaks to on those ‘Hot Babes’ hotlines are real people and really live just a few blocks away. It certainly isn’t newsworthy for a site dedicated to technology. People have been duped by this stuff for years and will continue to be till the end of the net. It’s dumb enough for a PC user to be duped yet understandable as the messages do, quite successfully at times, simulate the user’s day-to-day PC environment. It’s not virus he should be scared of, its woodworm eating away at his head."

Love it. Wannabe holier-than-thou atttitude where security is concerned, combined with derisive scorn at the people who might actually be worried by something regarding hardware that cost them a lot of money.

Thank God for angry security commentators, eh? I mean, I would mention stones in glass houses when a quick check for him on twitter reveals his face, his name (hello, Toby) and what's probably his lovely lady here, or how his Facebook page reveals his location and opens his visible friends up to "fake friend" trolling antics, or how what looks like his EBay page under the same username used for contemptuous and insulting comments leaves him perilously open to aggrieved parties stalking him by buying an item from him, then returning it with an excuse to grab his home address.

But hey, people worried by Playstation virus warnings are idiots. Right?

Look out, it's Angry Apple Guy

2009-05-29T16:58:00.005+04:30

I love a bit of blog rage, but sadly I haven't seen any for a while. As it turns out, you need to simply question the veracity of an Apple Mac advert, retreat to a safe distance and wait for some guy to start going RAAAAARGH RAGE RAGE RAGE all over the place.

Which he is. Cheap shots, contrived logic, ad hominem attacks and a complete lack of understanding with regards how writing a blog that serves the needs of those with a technical bent, computer savvy reporters, those who have no clue whatsoever about IT but want to stay safe and non technical journos who want to learn more about "the whole security thing" operates on a day to day basis can be yours for the taking here.

All because someone said the word "virus", apparently.

Also, here's a stupid song I just made up.

ANGRY APPLE GUY! WOO-OOOO-OOOOO!
HE SAYS A LOT OF STUFF BECAUSE HE'S "IN THE KNOW"!
ANGRY APPLE GUY! WOO-OOOO-OOOOO!
PUTS CANDLES AT YOUR FEET, 'CAUSE WINDOZE BLOWS!

ANGRY APPLE GUY! WOO-OOOO-OOOOO!
WANTS TO GIVE YOU A CLASSIFICATION TEST!
ANGRY APPLE GUY! WOO-OOOO-OOOOO!
HAS A NERD RAGE ABOUT MAC OS X!

/ GUITAR SOLO

OH YES, HE'LL PROVE YOU WRONG!
UNLESS YOU MAKE YOUR COMMENTS TWICE AS LONG!
WATCH OUT FOR HIS MICROSOFT CHEERLEADER BARBS!
CAUSE I'M MARRIED TO BILL GATES, GOD BLESS HIS HEART!

/ SLOW SECTION

I ADDED NOTHING TO THE DISCUSSION!

/ POWER CHORD

EXCEPT A SAD ATTEMPT AT DIVERSION!

(Yes, I am using your own words as the basis for my song. Enjoy)

DOESN'T WANT TO GIVE ME A HUG!

/ POWER CHORD

EVEN THOUGH I OFFERED HIM A FREE WINDOWS MUG!

/ LEATHER PANTS THRUSTING

ANGRY APPLE GUY! WOO-OOOO-OOOOO!
HAS A BIG THING FOR BLOGGERS AND JOURNALISTS!
ANGRY APPLE GUY! WOO-OOOO-OOOOO!
HE PROBABLY SEES NOW I'M TAKING THE PI -

.....is this mike still on?

Location-based information on Twitter

2009-05-28T15:19:00.005+04:30

From Readwriteweb:

"Twitter might soon add location-based information to every tweet. Currently, users can set a location on their profile, but individual tweets are not geo-coded in any way. If Twitter did indeed add a geo-references to every tweet, then that would open up the door to a wealth of new possibilities for developers."

Well, screw the developers. All I want to know is

1) Will there be an opt-out and
2) If there IS an opt-out planned, will they apply geolocational technology to all the messages previously posted to Twitter before you get a chance to hit the "opt-out" button? Of course, in an ideal world opt-out would be selected by default (thus making it an opt-in, but it's all getting a bit confusing now so let's just say we don't want it in the first place and take it from there).

I asked the co-founder and the main Twitter account on, uh, Twitter here, but amazingly enough I haven't had a reply back. Hopefully the answer will be what we want to hear, or else I predict an epic security / privacy fail.

/ Edit - More from Graham Cluley here.

If you've nothing to hide, you've everything to fear

2009-05-26T23:09:00.007+04:30

"The government will have a few more records on me, so what?" Some guy on a forum

You know, I'm still amazed when I see statements like that one regarding the massive boner the UK Government has for compiling a gigantic set of databases on everything you could imagine. It's clearly a "nothing to hide, nothing to fear" way of thinking.

The problem is that it doesn't freaking work like that.

There are two huge problems with "nothing to hide, nothing to fear".

1) It assumes the people in charge (along with the people who have access to the data currently stored on the 11 or so databases with parts of your whole existence stored on them) are all whiter than white.

They're not, as it turns out. They're just like you and me, and just like you and me, they get up to things they don't want everybody to know about. Fancy that.

And the more people you open the data up to, the bigger the risk of idiocy taking place. The ContactPoint database is a perfect example - 300,000+ people from police, to charities(!) to random boobs in councils and God knows where else, and NONE of those people will try to track a kid down for their mate with an estranged spouse or other such shenanigans?

Huh, good luck with that.

As the desire for databases combining their information grows - and ContactPoint is a big step towards that - so the risk increases for huge chunks of data to be lost and used in horrible and as of yet unthought of ways.

2) Put down the groundwork for a "Let's watch everybody" State, and its the easiest thing in the world for a party to come in afterwards and use that system to abuse whoever they feel like. It should certainly give pause for thought when considering how many pieces of your life are constantly being stacked up inside ever growing databases. I can tell you this much - whoever gets into power after the current shower of thugs are fired into the heart of the Sun, it will be the hardest thing in the World for them to kill off some of these databases and monitoring tactics.

It'll be like that guy who really, really wants to keep his terabyte of porno on his external HD but doesn't want the wife to find out. Seriously. They will agonise over it.

Oh, and let's not forget the very people constantly telling us how wonderful these databases will be, and how you can soon go into Snappy Snaps and "Have your face scanned and fingerprints taken" while shopping are the very same shower of idiots who've done their level best to prevent the public from seeing how much they've been screwing over the expenses system.

It seems like everyone, everywhere is constantly being told to watch people, and report them, for anything and everything. If it's not kids as young as eight trained in the ways of reporting their neighbours, its the growing army of "Accredited Persons", or photography of police becoming illegal, or those stupid posters issued by the "anti terror hotline" begging you to report anyone and everyone lest they blow something up, or tourists stopped in London and having their photos deleted in case they're "terrorists", or schoolchildren having their biometrics taken at school without parents permission, or the police posters asking you to report people who wear "too much bling", or the desire for State approved spyware, and on it goes.

I can say with conviction there is something fundamentally broken with this idea that huge reams of data being piled high magically solves everything. It's clear the Government intends to plough on with as many of these idiotic schemes as possible making it that much more difficult to remove the structure should someone else get into power.

But hey, you'll be able to get your face scanned and fingerprints taken at Boots and Snappy Snaps. Great.

How did we even reach the point where people could be going around thinking this is remotely normal?