I hear frequently about how Facebook or LinkedIn or some other corpocentric site forces something on their users, despite the users’ loudly-expressed desire not to have that happen. I’m sorry, but if LockedOut’s actions are that offensive, delete all your posts, disconnect from all your contacts, and close your account.

“But everyone I know is using Facebook. I hate it, but I stay because that’s the only way they communicate.”

Yeah, I can understand that. When you leave the site, it may happen that no one you know will choose to contact you another way. But if that is the case, what it proves is that they were not contacting you because you matter. They were contacting you because you were a captive in the same place they were a captive. If you matter to them, and if they matter to you, then you and they will find other ways to interact.

I have not done much with them yet, but I did start using the RPi to share an external hard drive across my network, actually staying pretty close to Kevie’s instructions. I’m also messing around a little bit with Node.JS on the BBB.

I’m hoping to try some more things, and to write about them, soon.

• That the person who refuses to allow police to enter his home without a warrant is protecting our freedoms;
• That violating the Constitution in the name of protecting it is utter nonsense;
• That it is not only our right, but our duty, to encrypt our electronic communications;
• That complacently declining to defend our individual rights and declining to protest the encroachment upon them must eventually lead to their loss.

Background

I had set up someone I know in real life’s computer. Hid Internet Explorer, installed Firefox and Opera, and set things up to generally block things from domains other than the one the person had gone to. You know, just the basics that everyone’s computer should be set up to do.

I get called over because “Gmail doesn’t work.” They did a site redesign, but I never see the site because I don’t use webmail. It turned out that part of the problem was that Google added more domains, and downloading an attachment caused it to be sent from a different domain, which was blocked. The rest of the problem was that the new layout is not friendly to those users who have both high volumes of current messages and large backlogs of stored messages.

This sparked thought about the problems that webmail causes, which those of us that use clients do not see.

Not My Problem: I Do Not Use Webmail

In Thunderbird or Claws-mail, I don’t have to deal with tactical support for ad servers. Attachments are downloaded with the messages that they are attached to, and able to be opened at my leisure.

Because I use clients instead of webmail, I don’t have to be concerned with someone limiting the number of messages I can view at once in order to push me to search instead of organizing and cleaning up messages. I can immediately receive messages from multiple accounts without the long log-in and wait for a ton of Javascript to load, so it can download and render the page that characterizes webmail.

I did discover that I still had some Yahoo Mail accounts from as far back as 1997. Since Yahoo does not support client access (except for paid accounts, I believe), I have no reason to ever use them, so I’ve closed 75% of them and have started clearing out all connections to the last one.

Best of all, I can use GPG signing on the one account that I still remember my passphrase.

Encryption Important

If you read yesterday’s entry and followed the link to Thistleweb’s original post, you’re starting to understand that encryption is foundational to the establishment and preservation of computer and online freedoms. I do not have any inside information, but I assume that there is some government agency which can, with reasonable effort, crack any encryption you and I might use. Encrypting your communications may dissuade most agencies from “fishing expeditions,” but once you’ve gotten priority attention, they’ll know in an hour or two what you’ve been saying.

One reason we should be encrypting our communications is that the corporations who act as hubs for our data typically offer to handle that data for zero-price, in exchange for advertising. Advertisers, in turn, want more and more of your personal information, sometimes including the content of your communications, in order to target their ads at people who are going to be interested. Personally, I do not believe it works very well. An ultra-targeted advertisement is spooky, and tends to chase people away. Be that as it may, once all the sporting goods chains have a copy of your plan to go skiing next December, you have no clue what they will do with that information. As privacy policies may be changed at any time without notice, they are not worth the paper they are written on.

Now imagine if you and your friends use PGP or GPG in your client, so that your mail service cannot read your messages. That means that the mail service cannot sell or rent that information to their advertising partners, and that sporting goods stores and home security alarm companies won’t be calling you with their offers. It means that the mail service’s director’s nephew won’t show up and ask your boss to “temporarily” assume your job during a trip that your boss does not yet know about. It means that the Keep Snow Pretty Coalition will not show up at your door (and your workplace) to protest your plan to fill some snow with ski tracks.

Now, that is all exaggerated, but the fact is, any information an organization collects will eventually be stored; any information an organization stores will eventually be misused. Encryption is your tool to help prevent the misuse or abuse of your information, and webmail is not designed for end-to-end encryption, but instead to allow the service provider to access, utilize, and present your data as they see fit.

I should add that most proprietary instant messaging services have similar issues. First of all, many of them are presented inside the service provider’s webmail service. That means that everything you send may be subject to monitoring (even after-the-fact monitoring, depending on how long the service stores messages), just like your e-mail. Their client applications are likewise advertising tools, although I’ve never seen any indication that IM contents are being fed to advertisers for targeting purposes.

Instead, I’ve found that I prefer to use Jabber / XMPP. XMPP does not have a central service provider, although Gmail / Google Talk instant messaging and Facebook’s IM are both said to be powered by XMPP. There are plenty of public providers, such as Jabber.org, Tigase.im and comm.unicate.me. One of the most important things you should do is ensure the client software you use supports both encrypted connections to the server and especially OTR. With OTR, you have some assurance that your messages are going to the correct person, with no one else reading them.

Special thanks to DuckDuckGo. When writing these posts, working the duck really helps my research.

Tech is increasingly a huge part of everyones lives. Twenty years ago, a PC was an expensive investment for a family, it's abilities were limited, and the internet wasn't widespread or affordable enough to really be a threat. One generation on, and most people in the developed world are online all day with multiple devices, connecting to and feeding data into a myriad of corporations our governments routinely go on fishing expeditions to.

The business model where the user IS the product is also a product of now. It’s inevitable that governments want to use the same tools and ideas to get a fine tuned control over their populations.

Now is the time to start fighting back against this practice, as a normal day to day thing. In the days of posses, a gun was a deterrent and protection from those who would abuse you, now that abuse comes from the devices we use every day. We need to apply that same thinking to IT.

“Thistleweb” nails this one. I encourage you to go read the whole thing. Computer and online privacy is as fundamental to freedom as guns were in the 1700s.

In a time when drones can blow up a building without the occupants ever suspecting they were targeted, your grandfather’s old peashooter isn’t much help in preserving US-ian freedom. But your computer is, if you’ve taken proper precautions not to leak data everywhere. If you want to change society (and who doesn’t?), you’re going to be far more effective using the computer to organize and propagate your message than holing up in a cabin in Idaho like some unabomber wannabe.

I know what you're thinking; it's all tinfoil hat bullshit. You’ve done nothing wrong right? Why would anyone be after you right? Read this post, then reassess that evaluation.

Your private data isn't a physical product. If someone steals your laptop, you can get a new laptop, or get it returned. It may have sentimental value, but it's just a replaceable physical item. Information is not something that can be returned.

The value is not in the laptop, it's in the private data contained within it. Do you have images or videos only meant for your eyes or your partners? If your laptop is stolen, count on those being shared online, count on the fact that anyone you see in your day-to-day life may have seen them, and recognize you from them. Still think that can be reversed and no harm done if you get your laptop back or get a replacement?

Seriously, go read the article, then think about all the information you’ve given to $BIG_CENTRALIZED_SOCIAL_NETWORK for them to sell. Full name, date of birth, age, address, preferred e-mail address, photo, place and industry of employment, the username and password you use on the main sites you go to, the person or persons you’ve been romantically involved with, and the names, dates of birth, and photos of your children. Oh, and a list of all the people you interact with online.

You gave them all that in exchange for “re-connecting” with the person who tormented you in junior high and the chance to play Farm Wars.

Signing & Encrypting Email In Thunderbird

Email security isn’t just for the experts, or the rich. It’s for you too. It’s a bit of an enigma at first, but once it’s set up it’s pretty easy to use. This post is about the basics of how to set it up and use it, but first a look at why it’s important and what benefits you get from doing it. You can sign and / or encrypt your email. This has a variety of benefits and limitations.

Recommended reading for all.

I have been watching this health care bill with both anticipation and some dread. I have to say that the dread now tops the anticipation.

It all starts about sixteen years ago. William J. Clinton was President, and a commission led by his wife Hillary R. Clinton was working on a proposal to bring health coverage to nearly all Americans. There was a loud roar, “let the market solve the problem, private industry will do a better job for a lower price”. Clinton’s health bill collapsed, and we got the medical insurance industry of today.

Did this solve anything? Not really. You see, health care insurance is generally too expensive for those who are not covered under an employer-sponsored plan. Those who are covered find that their insurer’s cost-control processes are illogical. There are a number of Americans who are no longer with us whose demise should be blamed on insurance company “death panels”.

The health bill, as covered in the press, has these characteristics:
(1)No “government option”. This means that only the same companies whose incompetence and greed keeps 1/3 of Californians away from medical care are going to be the sole beneficiaries of this policy. Unlike the right-wing, who think this is “socialized medicine”, I recognize this as 1940s-style fascism. Requiring people to patronized a favored group of privately-owned businesses is not only wrong, it is scary. What industry will be next? Will we soon be required to buy automobiles, even in places like DC, where it makes no sense to drive? Will the dairy industry require us to buy milk products?
(2) Mandatory insurance. One would think that our experience with mandatory auto insurance would show people that this is a bad idea. Lower-income employees, including younger workers, will face the choice of whether to pay their rent and buy food or pay their insurance. Unless they are already in poor health, most of them will make the (wise) choice to pay their rent and buy food. Using the IRS to punish the young and the lower-income worker is not an acceptable answer when coverage for some level of “BasiCare” should be be available without any direct reference to the patient’s wallet.
(3) Insufficient attention to preventive care. Sixteen years ago, insurance companies promised that “health maintenance organizations” would focus on preventing illnesses, that this would be the way they would ration care… by making much of our medical care unnecessary. I ask you, where is the emphasis on diet, exercise programs, addiction-management (including smoking, prescription drugs, recreational drugs, and so on), management of chronic illnesses (e.g., diabetes, obesity, hypertension), psychological counseling (which can help avoid domestic violence and other violent crime)?
(4) Leaves up the dividing line between on-the-job medical coverage (worker’s compensation, disability insurance) and off-the-job coverage. As long as that line is there, people on both sides will continue to try and cheat the other side’s coverage. It is said that people come to work concealing an injury in order to “get hurt at work” and get treatment. It is also common for someone who really has been hurt at work to use their personal medical coverage because they fear retaliation by their employers. What is needed is a single, overall coverage.
(5) No workplace / classroom ergonomics requirement. Have you seen the little seat-desks that have a little area for a right-handed student to write upon? How often have you seen a lefty dealing with a seat that isn’t designed for him / her? What about office chairs and desks whose height cannot be adjusted properly for the employee assigned to them? When this kind of design violation affects workplace machinery, it can cause killing or maiming accidents. Even when such accidents don’t occur, human-centered design can reduce the number and severity of repetitive strain injuries.
(6) Exemptions galore. There are exemptions from the national plan for members of Congress, for those covered under government employee plans, for those covered under Medicare and Medicaid. There needs to be a single plan that provides “BasiCare” to everyone. Extended coverage (beyond what is contained in BasiCare) can be handled by today’s dizzying array of medical payment solutions (e.g., privately-owned or government sponsored health insurers or even Visa / MasterCard) separately from BasiCare, but some basic level of care, including preventive and chronic illness care, should be handled through a central BasiCare system.
(7) Constitutional violation. No, I’m not a lawyer. But I can read, which is more than can be said for most judges, congress-members, or presidents. Continuing to overload the interstate commerce clause of the Constitution can subject us to easy takeover by a “Roman emperor”-style tyrant. Instead, this should be something where Congress approves of a “joint operating agreement” by the states, territories, DC, and the Commonwealth of Puerto Rico, but without any direct federal involvement.

In this, I see echoes of Massachusetts’ failed plan. Their plan was based on persuading “I’m invincible” young and healthy workers to pay premiums, so that older and sicker workers’ costs would be lower. The problem was that younger workers don’t avoid joining health insurance plans because they don’t believe they’ll be hurt. They avoid joining health insurance plans because they find it difficult enough to pay for all the things they need (food, clothing, housing, transportation, tuition), plus all the things they don’t need but are required to pay for anyway (auto insurance). Adding another “you hafta pay me” to their overstretched budgets didn’t work for MA, and it won’t work for USA.

Is this the best we could do? A massive giveaway of your income and mine to the insurance companies? This could have been such a boon to our economy. Think about your co-workers who are coming to work sick and in pain, and how much more productive they could be if they received medical / dental / vision / hearing care.

Here are some things that a national health care plan should have included:
(1) All other insurers off the hook. Anything covered under BasiCare should be only covered by BasiCare. Other insurers shouldn’t collect premiums for anything within that area. This would both reduce premiums and reduce insurance company costs.
(2) Medical price parity. Right now, if you walk in and pay for your treatment with your credit card, you pay the most of any patients. In effect, you are subsidizing the discounted rates received by insurers. Medical care providers should have one rate for everyone who pays for a particular treatment.
(3) Direct and speedy patient recourse against medical payment organizations (that is, insurers and other payment intermediaries). This would help avoid situations such as a transplant recipient whose insurer refuses to pay for regular liver enzyme tests or the person whose insurance is canceled once she is diagnosed with cancer.
(4) Treatment incentives: A person’s need for care will be influenced by his / her lifestyle choices. I’d rather pay for someone to get a free slow-cooker and healthy menu choices / healthy cooking classes now than pay for treatment later. I’d rather see someone joining an exercise program now than having to be carried on a flatbed truck to the hospital. We have to ensure that cost is not an obstacle to healthy living, and that someone who chooses to live unhealthily despite the availability of assistance doesn’t use up all our treatment resources.
(5) Centralize payments. There should be one third-party payer for all BasiCare treatment. This doesn’t mean that direct patient payment will be prohibited, although they should get the same prices and payment terms as BasiCare does and that payment should be accepted as full payment, just as with BasiCare. (That is, no double-billing. Fraud should subject a treatment provider to permanent ineligibility for payment, including ineligibility to directly bill individual patients.)
(6) Universal coverage. Every individual in the country, whether young or old, male or female, citizen or not, should be covered for BasiCare. No exceptions or exemptions. This includes congress-members, military, state / federal employees, and even certain employees of religious organizations who are (for some curious reason) exempt from Social Security.
(7) Non-federal organization. It is time to start following the Constitution. States are closer to the voters, and present a more dispersed target for those who would corrupt the process (such as the major health care insurance providers).
(8) Premiums paid through state taxes, not federal taxes, and not directly by the covered patients.
(9) Co-payments encouraged. If it costs you nothing to go see the doctor, you’ll be there when you get a scratch or when your toenail is about to come off.
(10) Personal responsibility. When you refuse to care for your new piercing, you should have to reimburse BasiCare for the treatment of your infection, or even better, be made to pay some portion of it up front and to repay whatever you didn’t prepay. Personal choices have consequences, and you should pay for those, not everyone else.

Somehow, I doubt that the imperial Congress will hear my voice. They are too busy listening to big insurers and centralized government advocates. But they should be listening to me and millions of others like me, because we’re the ones who will get stuck paying for their mistakes if they fail to hear our voices.

When is a door not a door? When the government shuts it and keeps you from using it.

Maybe I’m weird, but I’m not here because of the cool design (more like in spite of it if you think about #single_post_view). I use #Diaspora and other #federated #socnets because of #federation.

Control Your Info

To me, federation is a way to restore control of one’s information and communications to that person. The promise of federation is that one day soon, you and I and our friends and families will either host our own (social network, instant messaging service, mail server) or we’ll be able to have someone we know in our local communities host it for us.

Perverse Incentives

Right now, big, centralized networks get more attractive when they have more of the people you know (or would like to know) using them. And so, big networks get bigger and more intrusive and invasive, and they collect more and more data to sell to advertisers and government agencies, and yet, because all your contacts are using those networks, you more or less have to use them. Economists would call this a perverse incentive, because it motivates people to do things that are not in their best (long term) interests.

There are a number of federated social network projects that have foundered along the way. #GNUSocial, for example, appears to have never gotten enough people contributing code to make it happen. #Appleseed appears to have failed to attract either coders or funding. OneSocialWeb has only two known sites, and development is “on hiatus” right now. #6d has only two developers, and their site’s internal navigation is broken.

They did not fail because they lacked good ideas, or because their projects were unworthy. Their failure may not have even been related to the quality of their code. They failed because most of us just want a cooler, prettier Facebook clone. Most of us do not want to give up present convenience in order to build a better future, and it shows.

Goal Of Federation

The goal, as I see it, is for services such as this one (and #friendica, #buddycloud, #identica / #statusnet, #onesocialweb, #rstatus, #jappix, #libertree) to eventually be fully interfederated, so that by having one account on one server/tree/pod/site, a person can fully communicate with people who are using an account on any of the others.

Thus, in my eyes, federation, #privacy, and #control_of_your_own_data are of much greater importance than visual layout. Not that appearance means nothing, but if it looks good but does not work correctly, people will be chased off as surely as they will be if the design is unappealing.

Conclusion

I’d like to encourage everyone to try out as many of the above services as possible and others that have made federation a priority. Not just try out, but contribute in some way. It could be code, it could be design skills, it could be money, it could be skill in organizing more people to help out. It could even be helping create a user community or promoting the project.

One day, when $BIG_CENTRALIZED_SOCNET finally upsets enough users, those users may suddenly flock to the network of small, locally-controlled sites that results from our efforts.

Reposted from JoinDiaspora.com. Note: the above text contains hashtags which may require a D* login to view. However, you may also view the original posting at the JoinDiaspora link.