Profile cover photo
Profile photo
Tinfoil 2.0
Since 2004
Since 2004
Tinfoil 2.0's posts

@tfoil2 sez: "NOTICE: As a result of Google building walls around GTalk, my GTalk will be going dark soon. My status msg there points to my new home #XMPP"

Post has attachment
The motivation for my prior post ( was to establish a baseline of Facebook's app permissions pre- Facebook Home. Now that Facebook has released Home and disingenuously stated on the Home app permissions page (in ALL CAPS) that "This application requires no special permissions to run", what has changed?

Well, the base Facebook app is the trojan horse for Home app surveillance.

What's new in Facebook Android app permissions since a week ago, in addition to the already massive data collection capabilities the prior version contained?

Allows the app to call phone numbers without your intervention. This may result in unexpected charges or calls. Note that this doesn't allow the app to call emergency numbers. Malicious apps may cost you money by making calls without your confirmation.

Allows the app to retrieve information about currently and recently running tasks. This may allow the app to discover information about which applications are used on the device.

Allows the app to move tasks to the foreground and background. The app may do this without your input.

Allows the app to draw on top of other applications or parts of the user interface. They may interfere with your use of the interface in any application, or change what you think you are seeing in other applications.

Allows the app to have itself started as soon as the system has finished booting. This can make it take longer to start the tablet and allow the app to slow down the overall tablet by always running. Allows the app to have itself started as soon as the system has finished booting. This can make it take longer to start the phone and allow the app to slow down the overall phone by always running.

Allows an application to read the current low-level battery use data. May allow the application to find out detailed information about which apps you use.

So now we have an always-running app, that runs at startup, that knows where you are at all times, who your contacts are, what accounts you have on your device, what wi-fi and other networks you connect to, who you call and get calls from, what apps you use, and has permission to modify all kinds of system-level stored information on your phone.

Think about the running apps permission for a moment. Facebook can now know:
• where and how often you bank
• what games you play, and when
• if you use apps tailored to special health conditions
• if you use apps tailored to privacy, such as Tor-based browsers

Give your installed apps a good, long look. What might you be able to discern about yourself given the knowledge of which apps you run, when, how often, and for how long? If you're like most people, this alone provides quite a detailed profile of your interests and behaviors.

BTW, Hacker News comments on the Retrieve Running apps permissions are here:

"They 'trust me'. Dumb fucks."
April 14, 2013 Facebook Android App Permissions
3 Photos - View album

Post has attachment
This is why I will never run a Facebook app on any of my devices. Don't people ever read this stuff?

Could you really ever trust all of this highly personal data to a company controlled by the guy who said:   "They 'trust me'. Dumb fucks."?

If you are a US resident, push for Facebook to give you access to your Facebook dossier, a right EU residents have BY LAW.
Click on the "Permissions" tab.
(and don't forget to click the "Show all" link at the bottom of the Permissions)
Facebook Android app permissions
3 Photos - View album

Post has attachment

Post has attachment
James Bond
Booze, bonks and bodies
The various Bonds are more different than you think

Post has attachment
Apple iCloud (like any full-service cloud) is inherently complex for users to understand:

Image #1 shows how portrays iCoud:

• iTunes in the Cloud
• Photo Stream
• Documents in the Cloud
• Backup
• iBooks
• Apps
• Mail
• Calendar

If you click through for features, you get Image #2, a more detailed graphic, the same one that is shown on

• iTunes in the Cloud
• Photo Stream
• Documents in the Cloud
• Apps
• iBooks
• Calendar, Mail, and Contacts
• Backup
• Find My Friends and Find My iPhone

Meanwhile, at, we get different, simpler picture, Image #3:
• Mail
• Contacts
• Calendar
• Find My iPhone
• iWork

From iOS, the story gets quite complex... Images #4 - #7:

• Mail
• Contacts
• Calendars
• Reminders
• Bookmarks
• Notes
• Photo Stream
• Documents and Data
• Find My iPhone
• Storage & Backup

Within Storage & Backup, iCloud Backup is a separate toggle. But... if you use iCloud backup, it kills your local backup process (USB/wi-fi). Why not allow both?

On the Mac, Image #8, we have controls for:

• Mail (not shown)
• Contacts
• Calendars & Reminders
• Notes
• Safari
• Photo Stream
• Documents & Data
• Back To My Mac
• Find My Mac

So many problems with this.

I can't sync Reminders and Calendars separately? And why can Reminders and Notes ONLY be sync'ed via iCloud? Mountain Lion breaks with tradition and DOES NOT allow sync'ing of Notes or Reminders locally, using USB or wi-fi.

Documents & Data? It's not at all obvious what all gets included in this. I have tons of data, some of which I would absolutely never want to send to the cloud. BTW, why doesn't Apple encrypt and decrypt all iCloud data at the client? There's really no reason we should have to trust Apple, or any cloud provider, with our personal data. But for some reason, there are precious few zero-knowledge cloud storage services.

Also, Reading List is a nice feature in Safari, but it also will not sync locally via USB or wi-fi. It will only sync via iCloud.

Please Apple, data that belongs on my devices should ALWAYS have local sync prioritized over cloud sync. I want to own and control my own data locally across my devices, and if I am to use the cloud, I want very granular and customizable controls to let me upload some things but not others.

There are so many different views of what iCloud is, and so many inconsistencies and gaps in functionality. I think it clouds Apple's marketing image for the service, and it makes it confusing for users.

Music (iTunes in the Cloud), Apps, iBooks, and otherr objects you purchase or download through the stores are a separate category. These aren't backups or things to sync. They are simply things you've bought, that you are allowed to (re-)download to any of your devices

I can only hope that Apple realizes that it's a bit of a mess right now and has plans to clean it up and provide (and restore) missing functions to users.
8 Photos - View album

Since when is a Google+ account necessary for viewing a public Google+ post?

Virtually every statement in the +IAB - Interactive Advertising Bureau Response to “Do Not Track” Set to “On” By Default in Internet Explorer 10 [] is at best disingenuous, and at worst an outright lie:

"Today, Microsoft announced that the newest version of Internet Explorer, packaged with the Windows 8 Release Preview, will have a so-called "Do Not Track" flag set to “on” by default. This represents a step backwards in consumer choice, and we fear it will harm many of the businesses, particularly publishers, that fuel so much of the rich content on the internet."

...Given that the online ad industry has given consumers virtually no information and virtually no choice in having their online behavior collected, stored, aggregated, assimilated, and mined, I really have to wonder how this would be a step backwards. Why is the industry so opposed to having the default business model be to not collect, and let businesses persuade their users of the value of data collection?

"IAB is committed to empowering consumers with meaningful choice when they have legitimate privacy concerns. As a founding member of the Digital Advertising Alliance (DAA), the industry-wide self-regulatory body that covers more than 90 percent of the ecosystem and is delivering transparency and choice to consumers, we believe the only workable policy is to educate consumers and allow them to control how data is collected for certain purposes, including interest-based advertising. A default setting that automatically blocks content violates the consumer’s right to choose."

...The IAB, DAA, and the bulk of the online ad industry want us to somehow believe that by "opting out" of targetd ads, our privacy is assured. Nothing could be further from the truth. The ONLY way to assure consumer privacy is to have an option where personal, personally-identifying, device-identifying, and deanonymizable data and behaviors ARE NOT COLLECTED in the first place. Industry has demonstrated that it cannot be trusted, continually pushing the boundaries (and crossing the lines) of acceptability in how intrusively it surveilles online users.

"Earlier this year the DAA joined with the White House and Federal Trade Commission in endorsing this approach, stating that the DAA would "immediately begin work to add browser-based header signals to the set of tools by which consumers can express their preferences under the DAA Principles." Furthermore, this commitment requires that consumers have "affirmatively chosen to exercise a uniform choice with the browser-based tool.""

"We agreed with the White House and FTC then, and we agree with them now. Moreover, the DAA program is a proven success; it is already protecting the privacy of millions of American consumers; identifying violators of the principles and prompting them to become more transparent and respectful of consumers’ privacy expectations; and allowing for the ongoing growth and evolution of the interactive industry."

...It gets really deep here in the prior two paragraphs. The FTC has made it clear that un-targeting is not acceptable as the end-all and be-all of privacy protection. Do Not TRACK must be strong enough to prohibit collection, to prohibit storage and aggregation, and to prohibit the ubiquitous and opaque commercial surveillance that has increeasingly become the norm on the web and in the mobile app ecosystem. Untargeting is pure smoke-and-mirrors, and does nothing for consumer privacy.

"We do not believe that default settings that automatically make choices for consumers increase transparency or consumer choice, nor do they factor in the need for digital businesses to innovate and thrive economically. Actions such as these will undermine the success of our industry's self-regulatory program. Such actions also will constrain the flow of ad-supported digital content that informs, educates, entertains and delights consumers across the U.S. and the world."

..."Success of our industry's self-regulatory program"? So-called "self-regulation" has been an abject failure, and has done nothing to actually improve real privacy for users. Consumers don't trust the ad-supported ecosystem. Digital business are using increasingly privacy-intrusive business models. Why don't they innovate new models that are actually privacy-protective for their users? Why don't they innovate new models that treat their users like customers rather than like cattle being fattened for the slaughter? The current trajectory only takes us on a path where more users block ads and trackers because that's the only way to "opt out" of the truly objectionable aspects of commercial surveillance.

Post has shared content
One of Lauren's comments:

"When Google IPO'd it took special care to help make sure that ordinary investors could get a piece of the pie if they wanted. The raw material of Google is the world's information, but the raw material of Facebook is literally 100% their users. And it's increasingly clear that FB views them as meat through a grinder."

Post has attachment
My GMail interface still has no link to GDrive, not even in "More" or "Even More" O_o

Also: Why are all of these toolbars still so inconsistent?
4 Photos - View album
Wait while more posts are being loaded