FLOSS Weekly 752 Transcript
0:00:00 - Doc Searls
This is Floss Weekly. I'm Doc Searls and this week Katherine Druckmann and I talked with Cooper Quinton of the EFF about how big and awful the stalking business is as such, as the business is that the people that want to follow other people and if you're worried about Google following you, what about the ex-spouse or the future ex-spouse that wants to spy on you? I mean anybody with a motivation to spy on you has a market for this and it's easy to do so, and he's fighting that with the lab at the Threat Lab at the EFF, we touch on so many topics. This is a really great show and it is coming up next.
0:00:43 - VO
Podcasts you love. From People you Trust. This is Twit.
0:00:51 - Doc Searls
This is Floss Weekly Episode 752. Recorded Wednesday, October 4th 2023. Stalkers Beware.
0:00:59 - Leo Laporte
Listeners of this program get an ad-free version if they're members of Club Twit. $7 a month gives you ad-free versions of all of our shows, plus membership in the Club Twit Discord, a great clubhouse for Twit listeners. And finally the Twit Plus feed with shows like Stacey's Book Club, the Untitled Linux show, the GizFiz and more. Go to twit.tv, and thanks for your support.
0:01:29 - Doc Searls
Hello again everybody everywhere. I am Doc Searls and this is Floss Weekly. I don't know if you can hear it here, but you can hear it Katherine. Katherine's our co host today, but somebody just started running a chainsaw or something. I hope you're not being murdered. I'm positioned down here. Yes, I'm being murdered. No, it's a wood chipper. So how are you doing?
0:01:58 - Katherine Druckmann
I'm okay, I'm doing pretty well. I'm pretty excited about today. By the way, I met Cooper at DefCon and we had a short conversation and no details because Vegas and whatever.
0:02:13 - Katherine Druckmann
But I was like oh, we got to get this guy on Floss Weekly.
0:02:18 - Katherine Druckmann
So here we are. I'm pretty excited about this.
0:02:20 - Doc Searls
So what happens to Vegas actually comes on the show.
0:02:23 - Katherine Druckmann
It comes on the show. We just do different topics of conversation, that's all.
0:02:28 - Doc Searls
How did you intersect at Vegas? What was the oh? I can't tell you the detail.
0:02:34 - Katherine Druckmann
It was kind of random. We know the same people, that kind of thing.
0:02:38 - Doc Searls
Excellent. Well, this is. I'm going to hurry up and get into the show because we're off. As always, it's a little bit of a late start. So our guest is Cooper Quinton. He's a security researcher, senior public interest technologist with the EFE threat lab. He is a board member of the Open Archive. His projects have included at least Privacy Badger, canary Watch and analysis of state-sponsored malware campaigns such as Dark Caracal. And I'm sure it gets longer than that, but that's what I copied into my thing here.
0:03:16 - Cooper Quintin
So welcome to the show, quinton Hi, thanks for having me. Yeah, happy to be here, pleasure to be here.
0:03:21 - Doc Searls
So how long have you been at the EFF?
0:03:24 - Cooper Quintin
All right. So I have been with the EFF for nine years now. I started out in 2014 working on Privacy Badger, started developing Privacy Badger from its proof-of-concept state to alpha and beta and up to our first million users, and then moved on from there to start looking at malware state-sponsored malware targeting activists, journalists, human rights defenders, things like that and now I co-run with my colleague, eva Galper, in our threat lab project, which is looking at targeted digital threats to vulnerable populations. So we've looked at everything from again, state-sponsored malware, cell site simulators, things like stalkerware and spouseware, which is malware that is targeted, specifically targeted at abusive partners to install on their victims' devices to keep track of them, and other things like that.
0:04:29 - Doc Searls
Well, I was thinking. You know, when people do their vows, for better or worse, a little ride to their computer could be. I can make it a lot worse actually If I'm technically equipped for it. It's amazing how that goes. Is there a lot of that, that spousal, abusive things that you see?
0:04:50 - Cooper Quintin
Yeah, there is. Unfortunately, it's like you were saying, right, I mean, any sort of abusive relationship is always really bad. It's a really bad and really scary situation, right. But when the abuser is also technically inclined, and especially if the person being abused is not, it can get even more scary, right, like you might feel like your email is unsafe, your devices might be spied on, and, yeah, there's this entire market of malware specifically designed for people to spy on their spouses with, and a lot of it is marketed.
Some of it is marketed as, like to spy on your kids with right, but it's also a lot of it is also directly marketed as to spy on your spouse's with right, and it all does the same thing it all you know, like, collects all of your emails and or, sorry, not your emails it collects all of your text messages and your pictures and your location. Right, it can turn on your microphone all of the things that, like you know, high-end, state-sponsored, you know mobile malware does, right, the only difference is that the way it gets installed, right, like you're not using exploits to install it. You're just using the fact that you have access to your partner's phone and probably know their password to unlock their phone.
0:06:20 - Doc Searls
Wow, it's so people can spy on each other. Does it go into like you've a harassing a spouse who is now technically equipped doing some kind of novel, new forms of harassment, like making weird things appear on their phone and stuff like that? Is that is? I'm just making that up, I have no idea.
0:06:42 - Cooper Quintin
Yeah, I mean, I think it's more used like one of the one of the main aspects of abuse is about maintaining control right and controlling that person's life right, like. That's why, with abusers, a lot of like the pattern that we see is to like remove that, you know, distance that person from their friends, distance that person from their family, distance that person from their support networks right, and this is just more about, like, maintaining that control right, like you know the. You know making sure, like you know the abusive partner, making sure that they're not calling people, that the abusive partner doesn't want them talking to you or sending messages, right, about the abusive partner, it's all about maintaining that control and it's, you know, maintaining that that abusive cycle, right, and it's, yeah, it's. I mean, it's really sick. It's a really sick industry. You know that thrives off of this, but it's, it's pretty prevalent, unfortunately, right, there's a lot of it out there and the you know, at first, for a long time, it wasn't being taken seriously at all.
Right, like antivirus companies weren't even flagging it as malware until until Eva and you know mostly Eva, honestly, until Eva started working on this right, like, they weren't even flagging this as malware. They were, they were, you know, they were like, well, we don't know what the deal is, we can't be sure. Right, maybe you wanted this installed on your phone, or maybe it's for your children, right, like, we can't even call this a potentially unwanted program or a pup. Right, like this is just, we're just not going to touch it, right? And and we were like, no, no, no, no, this is malware. This is straight up malware. So now, now, more antivirus companies flag on it.
Right, but you know that can create additional problems, right, for abuse victims if you find the malware and uninstall it. Right, like that might be a trigger for, you know, stepping up the abuse by your partner, right, so it's, it's a, it's a scary situation, but we overall think that there is no legitimate reason for this industry to exist at all. Right, and that the the spouseware industry needs to be taken seriously by cybersecurity, it needs to be taken seriously by law enforcement and, moreover, it needs to go away.
0:09:05 - Katherine Druckmann
So how much do you do you think the fact that we've basically normalized surveillance? How much does that hinder your work? Because people have accepted that our devices just follow us around and, oh well, we have no privacy, privacy is dead or whatever it is that people like to say, which is totally not true? How much does that get in the way when you're really, when you're trying to get that message across, the danger of the most nefarious example of the tracking that happened?
0:09:35 - Cooper Quintin
Yeah, yeah, I mean privacy nihilism is a big problem, right, and it's a problem I faced throughout my career, from privacy badger to, you know, the sub-science emulators to state-sponsored malware, right, and it comes in two forms, I think, right, there's the like yeah, right, we're already being spied on all the time anyway, so like there's nothing I can do, like I might as well just give up and allow the spying to happen. And the second form it comes in is like, well, I have nothing to hide, so I'm not worried about it. Right, like there's nothing, you know there's I'm not doing anything, so sure they can look at me all they want, right, and I think that both of these are wrong and I try to push back against both of them. Right, and the way to push back against the first one is, you know, which is like, well, there's nothing I can do. Right, and just, well, there are things you can do. Right, there are steps that you can take to increase the amount of privacy you have.
Right, and it also you need to take some time to think about what your threat model is and who you really need privacy from, right now. Right, like there's, like you know if your threat model is your abusive spouse or your abusive parents, right, it doesn't really. You know, like it doesn't matter if Google is spying on you so much at, or Apple is spying on you so much, as if your abuser is spying on you. Right, and like you can take you, can you know there are steps you can take to stop that? Right?
If you're an activist in China, right, let's say like your threat model is not necessarily the NSA, right, your threat model might be the Chinese government instead, right? So like, using something like Gmail might be a better option for you because they have a large security team than using, you know, a smaller open source email server that could be hacked easier. Right, like these are because you don't care about the NSA spying on you through, you know through, by dint of Gmail. Right? You care more about the CCP spying on you. You know through other means, right? So this is all like I encourage people to think about threat modeling in all these situations, right?
And you're never going to get perfect. But the you know, there's a reason that we okay, we all lock our doors in our houses, right, and like, locking your door does not guarantee that somebody isn't going to break into your house. Right, we all use a deadbolt, but somebody can break in through the window, somebody can pick the deadbolt right, but it's all layers of security, right. Like you lock your doors and windows, maybe you have an alarm system. Right, you probably have a thing where you keep the lights on, right, these are not, you know, these are just layers of protection that you build up over time. And as you build up those layers of protection, it makes you a less attractive target. It makes your house a less attractive target.
Right, and if you build up, and you can do the same thing on the internet, right, as you build up those layers of privacy. Right, using ad blockers. Right, using, using, you know, alternative search engines that don't, you know, make their money by spying on you. Right, you know, using open source applications instead of surveillance, capitalist applications. Right, you're building up your layers of protection there, and I think that that's what's important. And then, and then, the other form of privacy now is somewhere like, I have nothing to hide. So what should I worry about, right? Well, everybody has something to hide, right Like. That is, if you think you have nothing to hide, you are not thinking hard enough, right Like?
0:13:36 - Katherine Druckmann
think about Do any banking.
0:13:37 - Cooper Quintin
I don't know. Yeah, exactly Like. Then, okay, give me all your passwords, right yeah? Cool. Let me, let me root around through your emails and your text messages and your Facebook posts from 2010.
0:13:47 - Katherine Druckmann
Yeah, and can I borrow your credit card?
0:13:49 - Cooper Quintin
Yeah, everybody has something to hide, right. And I mean people might say, well, well, yeah, of course those things, but like I'm not breaking any laws, like I have nothing to hide so I'm not breaking any laws. Oh, really? First of all, yes, you almost certainly are, because there are a billion, like there's a book of federal, ridiculous federal laws that, like you are almost certainly breaking one right Also, like what is legal today might not be legal tomorrow. Right, like Supreme Court cases can upend everybody's lives really quickly.
0:14:27 - Katherine Druckmann
So I do live in Texas.
0:14:29 - Cooper Quintin
so, yes, yes, so you understand, yeah, so I would argue that everybody has something to hide and you know everybody has stuff they want to protect. You need to think about, and so I encourage people to do threat modeling and think about what their actual adversaries might be, what they actually want to hide, who they actually want to hide it from, and layer up their protections accordingly.
0:14:58 - Doc Searls
I want to go a bit deeper into threat modeling and this Especially. I was sitting around and I was like how do I do my threat modeling? It's more like you know how do I get to the grocery store, and very different thing but also privacy nihilism it's actually a term I hadn't heard before and really strikes me as deeper than we might think. And we'll do that after this break. Okay, so I'm thinking about you.
You brought up a number of things already and threat modeling for you and me, for ordinary folks, doesn't sound like something that most of us are thinking about, even though and I think in some ways, lots of the topics that are in front of us right now are red hairings, they're false flags in a way, like AI is going to get me and stuff like that, and Google's following me, everybody's following me, and I don't like being followed and you have no idea where the real threat is from. Possibly for somebody who actually has a motive. I mean, google's motive is to push ads at you same with Facebook and not much more than that. If anything and I'm not saying it's eternally acceptable it is relatively innocent compared to somebody who actually has a motive to come after you personally. So I'm looking at the Threat Lab site and we've got a lot of news there. I'm wondering if you have something that says for muggles it says okay.
0:16:32 - Katherine Druckmann
Idiots guide to threat modeling. Yeah, the idiots guide to threat modeling.
0:16:39 - Cooper Quintin
So I would never call people idiots.
0:16:43 - Speaker 2
I did love the.
0:16:46 - Cooper Quintin
For Dummies books when I was growing up the other one.
But no. So first of all, we have our surveillance self-defense website, which is at ssdefforg, and that has many, many guides and specifically one about threat modeling, which I think is really great, and I encourage everybody to go check that out. But a bit more about threat modeling. So threat modeling is actually a thing that we all do every day and we maybe just don't realize it because we sometimes do it self-consciously. Every woman who has walked through a parking lot with her keys sticking out of her in between her fingers is engaging in threat modeling. I think, on the whole, women engage in threat modeling a lot more than men
on a daily basis, but we all engage in threat modeling. When you lock your door, when you leave your house, you're engaging in threat modeling. You're saying, well, there's a threat that somebody will walk in my unlocked door, so I will lock it and that will keep people from easily walking in my unlocked door. They'll have to break a window, which will make a lot of noise. They'll have to pick my lock, which requires certain skills. So you're doing some threat modeling there. So you're saying what are the threats? The things I want to protect are the stuff inside my house. Who do I want to protect it from? Somebody who is going to break in? What am I willing to do? Well, I'm not willing to install unbreakable windows because that's expensive. I don't want to go find and research unpickable locks because that's expensive and it takes time. I'll lock my door because that's going to stop 90% of what I need to stop, and that's threat modeling.
Another example of threat modeling that you can think of is having a house. Pardon, let's say, when you're a teenager and your parents are gone for the weekend, you're trying to throw a house party. What do you want to protect? Well, you want to make sure that your parents don't find out. You're throwing a house party. You want to make sure that your house doesn't get trashed, you want to make sure that the cops don't get called, you want to make sure that nobody gets hurt. And so you think, okay, what steps do I want to take to make sure this doesn't happen? Well, I'm going to wait and make sure my parents are definitely out of town. I'm going to try to keep everybody inside the house so the neighbors don't notice. I'm going to make sure that nobody has any allergies, and if they do, I'm not going to put out any foods with those allergies. I'm going to have a plan for if the police show up, for everybody to run out the back door and scatter into the neighborhood Things like that. And so those are like.
That's another form of threat modeling. You want to plot in your mind how likely something is. Is it likely that the neighbors will find out I'm having a party? Yeah, that's fairly likely, and so how many steps am I willing to go through? What sort of steps am I willing to go through to prevent that from happening, as opposed to like okay, another threat could be aliens show up and crash my party. Like a UFO hovers over my house and they crash my party. That's pretty unlikely and so you're not going to take a whole lot of steps to stop that from happening, because that's not actually a very large concern.
And then you can apply those same things to real life. Like, okay, I want to protect the contents of my emails. Do I want to protect the contents of my emails from scammers? Yeah, that seems pretty likely. Do I want to protect the contents of my emails from, I don't know, nsa, cyber ninjas or whatever? Like, sure, yes, but also I'm going to have a much harder time protecting my emails from the NSA.
And also, is the NSA really my main threat here, unless you're a foreign national, if you're in the US, I don't know, probably not. It's probably your bigger threat is scammers. If you're engaging in specific things, maybe you're more concerned about the NSA than scammers and maybe you need to take different steps to protect your email further against that high level of a threat. But I think for most people you can think about what those threats are. Is my threat more that I will get bad information from a useless search engine? Or is my threat more that the search engine I'm using will record all of my searches and those will be used in a law enforcement case later, because I live in a state where abortion is now illegal. This is these are real concerns, and in that case that might be the same search engine, because Google is getting more and more useless by the day. But that's a that's an aside.
0:22:22 - Doc Searls
I'm wondering if this is a bit of a jump, but it was Mozilla. They came out with this report on cars. It turns out all of our cars and this has been a known thing for years. Just it went a little deeper on it. Every new car you buy has its own cell phone in it. That the car company, that Ford or BMW, whoever bought and pay for they, are paying for a cell phone reporting on all kinds of things about you.
One of the things is they can tell with motion sensors I guess they could accelerometers is something whether people are having sex in a car, that kind of thing. I don't know which maker was behind that, but there's a kind of iron rule that says in tech that what can be done will be done until people freak out and make them stop With the Threat Labyrinth. Are you looking into that as well? I mean because it seems to me like if somebody is really motivated and you could like wait a minute, I want to get into the ODB2 port here or do a parallel port out of that Suck information out of this car, find out where they've been, all that kind of stuff. Is that on your roadmap at all?
0:23:34 - Cooper Quintin
Yeah, I mean, it's definitely a concern, right. The car privacy thing is so bad. Mozilla's report was really like. It was, like you said, right. It's kind of been known for years, but the extent to which they really revealed was just shocking right, and for me it was shocking right, and of course, I had just bought a brand new car. So now I'm like, oh God.
0:24:01 - Doc Searls
I'm keeping an old Subaru, the 2005 Subaru, that knows nothing and it's going to stay that way.
0:24:08 - Cooper Quintin
Yeah, the new car I bought has, like you know, you can turn on the optional in-car Wi-Fi hotspot and I'm like, if you pay us for it, right?
0:24:14 - Doc Searls
And I'm like, oh, oh, oh, oh, we'll give it to you for three months and then all of a sudden it goes useless. Yeah, exactly.
0:24:20 - Cooper Quintin
So you have your cell connection with me, right, if I pay you for it? Right, but you're going to have it on anyway and you're going to use it to steal information from me. Yeah, it's, it isn't big concern, but I'm less concerned in this case about like somebody breaking into the ODB support and siphoning the data than I am just about the general concern of data brokers. Right, all of this data is going to data brokers and mass, right, and that's what's really concerning to me. Right, we have this entire giant industry of data brokers, which is people that are just storing all of this data, right, location data, browsing data. You know all the stuff coming from Facebook and you know all the stuff coming from your web browsing social media, right, and it's. I think it's a huge problem, right, and the reason that it's a really huge problem, right, it's not just bad for it is bad for consumer privacy. But it's not just bad for consumer privacy, right, because, also, law enforcement love to buy this data as a way to get around warrant requirements, right, if I want to get some of these location history, right, that requires a serious warrant, right? Or I, the police officer, can just go buy that from one of these data brokers for a few bucks, right, and I can get all of the information I want. It's like, it's this really wild. You know, surveillance, you know, like the sort of the logical end game of surveillance capitalism, right, and something we've been saying for years, right? Is that, like all of this data that's being siphoned off by all of the you know, trackers and ads, and all of the apps on your mobile phone that are, you know, that have ad libraries, that are collecting your location and all the time, right, all of that's going to end up in these big databases and then that's going to be a perfect place for government surveillance to go next, right, and it turns out that that's true.
Right, you have lots of companies doing this and you have companies, even, you know, scraping social media sites for more data. Right, there's this company, shadow Dragon that was. There was recently a report about them in 404 Media, which is the new. It's a new media outlet started by some former vice journalists, including Joseph Cox, and they wrote about Shadow Dragon. Shadow Dragon is this company that provides open source intelligence feeds and what they do is they scrape social media sites, they scrape Facebook and they say they scrape WhatsApp. I'm not really sure how that works. They scrape Telegram and Twitter and they even scrape some like mommy blogs and like parrot forums and stuff like that, and they get all of this data and they put it into these feeds that law enforcement that can then subscribe to and put into tools like Maltigo, which is like a graphing, like a social network graphing tool, and they can get these feeds and put them into Maltigo to find out, like you know, who's talking to who on social media, right, and get, like all of this social media data to try to, you know, surveil people right, like who is, you know this is a person of interest, so, like, who are their friend networks? Right, what things are they discussing? What pages do they like? Right, and you can and law enforcement could do all this before, but they would have to, like, go to Facebook, get a warrant for the data, right, you know, maybe the warrant gets rejected, right?
Or you know Google. So first of all they have to go to a judge, get a warrant right and maybe the warrant gets rejected. If they do get a warrant, they got to go to Facebook, right, ask for the data. Maybe it takes Facebook a while to do it right. But now they can just go to to this company, shadow Dragon or others like it, and say, hey, we will. You know, we would like your subscription to your Facebook data feed, right? And they're like yeah, here here you go. You know, a couple thousand bucks, right, and you're done. And now you can. And now you, the law enforcement officer, don't have to get a warrant, don't have to do any of this, you can just access all of this data right away.
0:28:57 - Doc Searls
So Shadow.
0:28:58 - Katherine Druckmann
go ahead, katherine, no it's kind of mind blowing. You know it's back in how gosh when was it 2015 or something? Back in our Linux Journal days we had, we had a big article come out because we our some of our URLs came out in this big kind of expose. It was actually first published in Germany about the X key score program and all of this stuff and we're and basically that it was. If you had visited certain URLs on Linux Journal, which is the website I was responsible for at the time, you were flagged potentially for extra surveillance, and you know, and we made t-shirts, but as you do, because what else do you do? What else do you do when you find out you're potentially under surveillance by the NSA? Right?
0:29:40 - Doc Searls
And we were on a list of NSA sites that were yeah, exactly yeah, I mean, we wrote about corn tails but, this is like so much worse than you know.
0:29:49 - Katherine Druckmann
This is like the, you know the, as you say, the logical conclusion of surveillance capitalism. This is like this, the dystopian hell that I don't think we even in in 2015.
0:30:01 - Cooper Quintin
Yeah, yeah it's. It's really wild right Like I you know I I spent years saying that like we're building these amazing tools for a fascist government right. Like you might trust the government right now, but there might come a day when you don't trust the government right, and we're building all of these tools that are. That are amazing, you know surveillance, pent-opticons right.
You are not going to want in the hands of, of, of somebody that you consider an authoritarian right. And and now, at this point I think whatever side of the political spectrum you lean on, right, I think everybody's kind of like oh yeah, I don't want those other people to have these tools right, and yet we still keep building them.
0:30:50 - Katherine Druckmann
Yeah, profitable yeah.
0:30:54 - Cooper Quintin
It turns out, profits are a lot, you know, and handy and convenient.
0:30:57 - Katherine Druckmann
So it's. It's always a question of how much, how much you're willing to trade right? Yeah, they are.
0:31:02 - Cooper Quintin
I mean, look, I love, I love social media, right, like I really do. I think social media is is great. I also hate social media, right, I think social media is terrible, but I think it's important, right. I think that I, you know, I still believe in the promise of, of, of the internet to allow people to communicate over great distances and and find their communities, right, but they wouldn't have been the wise found and you know, I'm I'm really sad about where, you know, capitalism in general has taken the internet in these, in these last, you know, decade or two right, like the, you know the all of, like, you know, there's, there's, you know there used to be a million little forums and a million little blogs, right, and you could, you know, go to all of these sites.
And now there are five major social media websites all sharing content from the other four. Right and like that's, like you have, you know, youtube, tiktok Reels being posted to YouTube right, twitter screenshots being posted to Facebook and Instagram right, instagram Reels being posted to TikTok and like it's all you know, that's that's. And then you know, and then you have WeChat, right, which is kind of just out there standing on its own, but like, that's, that's how it is now. Right, you have these five walled gardens which are controlled by the richest men on the planet and nothing else. And I want to get back to a and those platforms are getting worse and worse. Right, as my colleague, corey Dr O'Coyne, the term my colleague, the term my colleague, corey Dr O'Coyne, is the instantification of the internet. Right, it's. They're just getting worse and worse.
These platforms are getting worse and worse and I want to go back to something like the old web, but better. Right, like I want to get away from surveillance capitalism and have people running. You know I want to get smaller. Right, I want to get re-decentralized, right, so, like I'm really excited about Maslone and Blue Sky for the ideas of decentralization there and open source right, like I love that those protocols are totally open. I think Blue Sky is doing really interesting things with, like you know, open source content moderation. Right, like you can pick your own content moderation feeds. Right, and you can pick your own like algorithms for what feeds show up on your front page. Right, like I'm really excited about Maslone because you know you can pick your own server. Right, you can find your community and go join your own server and if that server you know gets bad or if the admins are untrustworthy or whatever, you can leave and go to another server.
0:33:49 - Doc Searls
So I want to. You just gave us a great list of a whole bunch of things, so let's take a quick break and we'll get to those in a moment. Okay, so I have some questions about his certification. We'll have to be clear that Corey himself is uttered that here. Yeah, I don't want to get an FCC violation. Yeah well, it's a whole other. Just shift that topic somewhere else.
I'm wondering two things. One is do we need the giants and by that I mean there's certain things only giants could do, and I mean it's in a general way. I mean only a certain kind of giant, because I'm looking at a cruise ship out there could build a cruise ship. You need a pretty big company to build a cruise ship and probably to operate a cruise line, but there is actually a competition on that and so that's not a good analog. But you see, we have these five giants and they've all, in their own different ways, gone bad. I mean, the only one that probably hasn't in a very conditional way, is maybe Apple. But if Corey was here and say, no, apple's doing yada, yada, yada, yada, so but what they're doing with Blue Sky, for example, I mean this is what's his name, I'm blocking right now who's you know used to run Twitter. He's basically.
0:35:10 - Cooper Quintin
Twitter 3.0 basically, so he's not super involved with it actually. Like he's on the board but I think he's pretty hands off with their day to day.
0:35:20 - Doc Searls
So I mean, to me the problem is but I use it and, same as Mastodon, I go there every once in a while. Not much happens and I don't bother. And then I went back to Blue Sky a few times because there's a small cabal of people that I know that are there, but for the most part, as a journalist, I'm really not interested in the social stuff at all there. I'm interested in what's news, right, and like, we had a tornado warning in Bloomington, indiana, where I mostly lived at these days, and we went into our basement, which is my office, and there was there were sirens going off. We were notified by our phones.
I tune in all the radio stations that are local. There's nothing. And I go on Twitter and there's all kinds of stuff from local residents about what they've seen and what they haven't seen. And it clearly Musk doesn't want it to be what it was. He wants it to be something else. It's an accessory to his other properties and it's gonna get integrated with the other properties. It's probably gonna be his master property, it's gonna be his meta, I think.
0:36:27 - Cooper Quintin
Well, yeah, he's been trying to make an app called X that does everything for, yeah, he wants it to be everything that happens.
0:36:34 - Doc Searls
And he's willing to just take it, just leave the social part of that being kind of a giant loss leader for him. Yeah, but he but anyway. So it's in shitified and I'm wondering whether or not, like, let's say, let's say, blue Sky gets huge, is it gonna be in shitified. Seem to be that. Actually, dorsey and others of all of the social networks did a better job with Twitter than the others. I mean, they actually had pretty aggressive content moderation where they're trying to keep the bad stuff off and so on.
So we did sort of two parts to this. One is inevitably, are we gonna have giants and how do we use them best and fight their worst and that kind of stuff. And the other is can we really ultimately go back to the web we had? Because I love that web, I love web 1.0. I loved having a server under my desk. I loved having my own IP addresses in my house. I mean, we had a server called Happy that lived under my desk and that was one that had its own IP address and everything I wrote for Linux Journal. There would be a cron job that pushed it overnight and it was great and we only had like under a hundred kilobits of connectivity at the time, as in the late 90s, but it worked and it was mine and I had my own email servers right there. Now that email server did end up getting inhabited by a porn thing at some point, so I gave up on that.
So, but can we drive? I mean, it's kind of like you go on the road in your car, ignoring, for now, the plain fact that you're being spied on in your car and you're driven as much as you're driving in your car, but you have a sense of autonomy and control when you're in your car and you're on the road, right, and we ought to have that on the net. And it's kind of a false sense because I've got my phone and it's in my pocket and it's a distinction of myself that it's me and not just something I'm hiring from Apple or Google. So what do you see? Where do you see this going?
0:38:49 - Cooper Quintin
Yeah, I mean. So first of all, let me say, like I think I want to I don't want to go back to the old internet, because I think that there were I think we tend to have rose colored glasses, and I do this too right About how great the old internet was. There were a lot of things that were a lot better than there were than they are now. Right, like I said, there were a million. We have little blogs and forums, right. There were also Usenet Flamers, right. There was also rottencom, right, like there was. You know, like I feel like you know, 4chan and all the other chans are kind of one of the things to come out of the old internet, right Like which, you know, I would have a hard time arguing the benefits of 4chan to society, right, but that said, I want to. I think that we can build a new internet that's.
The old internet also didn't have any encryption, right Like nobody. Nobody was using HTTPS, right, it was. It was a. It was rife for government's buying right. So I think we can build a new internet that's even better, the, and I don't think we need giants to do it, right, like I actually think that these giant companies often hold back progress, right. Like. A lot of their progress is already built on the, on the. You know shoulders of open, of many, many open source developers, right. To tie this to the theme of the show right, there's that XKCD cartoon, right, and that's that's, like. You know, the the. You know entire tech stack, right, and it's all resting on the. You know one guy who develops open SSL in his basement, right, for the last 20 years, unpaid, right, which we all found out the hard way in somewhere in the 2010s, like I.
I think that I I mean, I'm a firm believer in collective action, right, and and I think that collectively we can do way more amazing things, especially when we're doing those things for the good of our society and for the good of everybody, then, with the motive of making the most profit that we possibly can, right. So you know, I think that and and what you're saying about. You know I go on Blue Sky, I go on on Mastodon, right, and there's just like not that much there yet, right, like the, the all of the. You know the a lot of the interesting content is still on other platforms, right, it's still on, you know, tiktok and it's.
It's still on Twitter, too, to an ever decreasing degree, right, yeah, but that's and and that is true, right, and that is because of network, that's because of network effects. Right, that's because you know everybody's there, so everybody stays there, right, like that's where the interesting things are going on, so that's where you want to post your interesting content, so that people will see it. Right, but we have to remember that those that those companies didn't always have the networks that they do either. Right, twitter used to have you know a bunch of tech weirdos on it and nobody else. Right, and then you know, and then, and then, and, and you know, black Twitter got on and you know, queer Twitter got on right and all these other interesting Twitter subcultures got on, and that's what.
And then, you know, journalists got on, right, and that's what made Twitter really, you know, become what it was in its heyday. Right, you know, you had the same thing with Facebook. Right. At first, it was a sort of hot or not app for Harvard students, right, and then, you know, and then it was an exclusively social network for college students, right, and then they kind of opened it up more, right, and suddenly, you know, everybody got on and it's the hottest place for your aunts and uncle to share the most deranged memes that they have, right, and and poison their brains.
But, like, for example, the youth, like, you know, gen Z or whatever, which is a marketing term, but Gen Z aren't on Facebook at all, right, they don't care about Facebook one bit right, they're all on YouTube and on TikTok, right, so, like, if you're you know like the network effects can change, right, and I think that, like, if we want to see a better internet, right, like, we need to stop feeding these giants, right, and start bringing our good content to the, you know, to the places that we actually like, right, we need to sort of, you know, vote with our feet or vote with our dollar right and like start posting our good content to you, know, mastodon, or to Blue Sky, or to places that reflect our values.
0:43:58 - Katherine Druckmann
I actually find that I find a lot of useful information on Mastodon. You just again, it's the network effect, but you just kind of have to, you have to seek it out. But once you kind of built that you know thing that you've personally curated for yourself, and it starts to just work and it's pretty great. Honestly, it's gonna take a while.
0:44:17 - Cooper Quintin
Yeah, I agree with you. I agree with you, catherine, and I mean I think it's gonna take a while. Right, it's certainly gonna take a while to get like people who aren't extremely online to start using Mastodon. Right, because there's a learning curve, right? Like Mastodon is the Linux kernel of social media. Right, like it's, you know, and I'm you know, as people who formerly worked at Linux Journal. Right, you know, I'm still waiting for the year of Linux on the desktop right, it happened when it was carried around.
0:44:52 - Katherine Druckmann
Yeah, exactly right, it turns out it was. It's a proprietary-ified.
0:44:56 - Cooper Quintin
Turns out, it was the year of Linux in your pocket and yeah, exactly, but, um, but yeah, I do. I do worry. That that's you know how awesome I will go, but I don't want it to go that way. Right, and I think a lot of us don't want to go that way, and I think it's going to take some Unlearning of these patterns, right, like, well, you go to the social media site and you sign up for an account and there you are, Right, and we're gonna have to, you know, teach our friends who are less technically inclined, like why this is important, why this is good, why this is better, right, and like, yeah, I don't know, you got to. Like, you know, decide what servers right for you. Why don't you come, get on my server and you can hang out there for a while and see what you like and what you don't like, right, and then you can, you know, move on if you want. Right, but you know we're gonna have to.
I think that those of us who are Into this right, those of us who are more technically inclined, those of us who are, you know, want to push for this, are going to have to Hold people's hands a little bit right, like get your non-technical colleagues on right, get your journalists colleagues on right, get your. Get your activists you know your friends who are doing really interesting stuff but, like you know, don't want to learn another news or something video thing. Right like, help them, help them figure it out, and I think that that's how we build a better world. Right, it's slow, it's slow work, it's hard work, but I think we can do it. I think, and you know, I think we all can keep pushing for it and the tech giants will continue to. You know, we've their own ropes with which to hang themselves.
0:46:25 - Katherine Druckmann
Yeah, it's an interesting way to put it, but yeah, yeah, it's um. Yeah, I like to. So you know, we've talked a lot about a lot of kind of Scary things. We talked about, you know, the spouse, stalker, wear and stuff, and and I guess, in a way, I see that this sort of decentralized Social social media is being actually it may be a small part of a solution, but I wondered if you could talk to talk about a little bit about other kind of mitigation Efforts for all, basically anything we've talked about. You know, up to this point, what, what's the other side of it? What weird? What do we have to be optimistic about? What tools do we have to empower ourselves?
0:47:06 - Cooper Quintin
Yeah, great question. Um, so I'm, I'm sorry, I'm like. I said I'm, I'm I'm really excited about all these sorts of things. Of course, I am a big fan of ad blockers and tracker blockers, things like privacy badger, which I worked on. I think that you know a lot of people use you block origin. That's a good one too. I think they work really great together to come at different threats, right?
Um, another thing to be excited about is that we have Encrypted almost all web traffic, right, like when I, when I started at EFF, I think something like 20% of web traffic was encrypted, right, oh, like, almost nothing used HTTPS by default. Now it's something like 90%. I think everything uses HTTPS by default, like you would, you would have to try to go find an Unencrypted website in this day, right, and that that is a huge win. That makes Dragnet surveillance so much harder, right? Also, also, billions of people are using end-to-end encrypted messaging every day, often without even realizing it, right? What's that past billions of users. You know signal is is a fantastic application. It's being used by tons and millions and millions of people, right, and I am very excited about that. Right, like, overnight, pretty much. Right, all of our, you know, we went from everybody sending unencrypted plaintext SMS messages or aim messages or whatever, right to now everybody using end-to-end encryption. There are most people using end-to-end encryption by default, right, and that's that's really great. So I'm really excited about you know, I think I mean I love signal a lot. I think everybody should use it. But, you know, whatever, whatever platform your people are on, right, as as long as it's signal, whatsapp or, to a certain degree, I message, right, like, yeah, you're using, you're using encrypted messaging, right, and I think that that's really great and I'm really, I'm really excited for that.
I think that that's, I mean, and I think, partially why we're seeing, you know, this rise of more kind of targeted, state sponsored malware going against activists Is because we've done such a good job of encrypting the web, right, like a drag net, surveillance is is so much harder now, right, you can't you can't be the NSA and just slurp up all of the data that everybody's sending across the web unencrypted, right, you can't slurp up all of the SMS messages and text messages that everybody's sending unencrypted.
So, you know, I think governments are starting to turn toward More targeted things which are more expensive, right, and they're not dragged it. You see, you can't target as many people and they're, you know, they're just harder to do right there, technically a lot more difficult. So I'm, you know they're just tapping the fiber line going out of your country right. So I'm, I'm really excited about this. I think that this is, I think that this is actually a good sign that we're having, that you know that we're seeing this rise in in state sponsored spider because it means that the encryption is working. So I want to get a little further into this.
0:50:28 - Doc Searls
So I want to get a little further into tracking protection and Especially privacy badger. You block barge and stuff like that right after this break. So, cooper, you worked on on privacy badger. I have privacy badger on here. I have other tracking, tracking protection as well. I've had you block barge and I have it on and off. I use a lot of them on and off. How do they work together? You mentioned earlier that those two in particular work well together. What is one doing that the other one is not, and and our? Can they defeat each other? Is it? Is there? Is it a matter of putting more filters in front of something, or is it? Or can they conflict in some way? I don't have a sense of that. I.
0:51:11 - Cooper Quintin
So in my in I don't. So, okay, first of all, the main caveat is that I do not work on privacy badger anymore and have not worked on it for many years it is. It is now being worked on by two of my excellent colleagues who do a fantastic job on it. So, like, one example is Well, so you block origin, does it? Does it has some really great blocking lists, right, for a lot of, like you know, first-party advertisements, for a lot of First-party trackers and things like that. Right, that that privacy badger doesn't catch, because privacy badger is mainly concerned with blocking third-party trackers. That is like a site other than the site that you're visiting Wants to set a cookie and kind of follow you around on the internet. Right, things like Facebook, google or, you know, double-click are sort of the big ones there. Right, but Privacy badger also catches some things that that you block origin doesn't right. It's like I think they each kind of like there's a big overlap, but they also each catch some things that the other one does it.
Privacy badger now also has the the. The latest feature that we've just released on privacy badger is stopping Google's link tracking. So when you Click a link on a good, when you do a Google search and you click a link, the link doesn't actually go to that website. It first goes to Google so that Google can make a record that you click that link and know where you're going, and then it redirects to that site, and so the new feature of privacy badger is Removing that, so that when you click that link it actually just goes straight to the website that you're trying to go to Instead of you know this sort of Google intermediary first and to do that with other things.
0:52:59 - Doc Searls
I mean one of the things that I mean it, for example, with sub stack and Katherine, I have a newsletter on sub stack. By default, every link is not like a real link. It's one of their intermediary links, so they can I mean the innocent side of it as well. You can see how many people clicked on this particular link and stuff like that. But also think of personal. Yeah, can, can. Can these tools Look through to the end point, like you just said, and just say we're gonna go straight there and ignore this, or I, so I think that that's probably.
0:53:32 - Cooper Quintin
It's probably on the roadmap to Expand that to other sites. Right now we're doing it with Google because Google is the you know, probably the biggest one. There would be users every day, right, and I think yes.
I think it's pretty specific to how Google does it. But, yeah, you know, I can't really speak to the, to the, to the, to the roadmap of the privacy badger developers, but like, yeah, I mean, it's definitely something that that happens on a lot of websites, right, and and actually speaking of things that I'm excited about, there's this update. I think Apple mentioned that in iMessage. Now they're going to start stripping the like tracking, like like tracking IDs from URLs that you share within iMessage. So, like, if you share a link to a Twitter Post, right, and it has that, like you know, and t equals, you know, a long hexadecimal string at the end right to Show exactly who you are. They're going to now be stripping that off off the end of the link in iMessage, which I think is great, right, like they're. They're going to be actively foiling some aspects of counters of, of, of sorry, not the counters of Of surveillance of tracking, right, which I think is great, and that's that's something I would love to see more, you know, and and encrypted messages do, right, like I think that'd be a really great thing for for what's happened, for signal to start doing. But, yeah, I mean overall, I think, I think that I think that Tracking protection and ad blockers are super important and I think that they're only getting more and more important as we see.
Like you know, at first it was kind of like oh, you know, these are, you know you're, you're taking money away from the websites, which you know, to a degree, you are, but also, like you know, but, but the ads are annoying, right like. The ads are obtrusive, right, I don't want to see those, and it's still true that they're annoying and obtrusive, but they're also a security issue, right like we're seeing Malvertizing, you know, malware being pushed through ads. Right. We're seeing, you know, ads used. We're seeing the data collected from ads and from trackers used by law enforcement, used by data brokers, right, so like, and you know also, you know things like crypto miners, right, being pushed through ads on websites, right, and just like, generally slowing down the website, slowing down your computer, right. So I think that it's, you know, ad blockers and tracker blockers becoming more and more important, right Like they're not just To, you know, make your web browsing experience less annoying. They're actually an important security tool.
0:56:25 - Katherine Druckmann
So, what about speaking of mitigation and stuff? What about removing your data from data brokers? So we talk about data brokers and there you know there are a lot of reasons, again, you know, not to get political. But regardless of what side you're on, you probably don't want people to have certain information about you right, especially especially today. Um, and maybe your health data, for example? Um, are there? Are there really effective ways of getting Of, of removing any of that data?
0:56:57 - Cooper Quintin
I mean, I know of some, but I just wonder, if they're, how effective it is really yeah so, unfortunately, in the us, it depends on what state you live in, right, if you live in a state with a fairly strong privacy law, like California, right, you can, you know you have, you're protected by caliqba, and you can ask, uh, you know, for a copy of your data from the data broker. Um, I think you can ask, pretty sure you can ask for your data to be deleted, right, and, and you can do all these things. If you live in a state without a strong privacy law, though, uh, unfortunately you can't do any of that, right, um. And so this is we really, really really need a federal privacy law, right, something at least as strong, uh as the California privacy law, if not even stronger, right, um, but that's that is Super important. And we need a federal ban on using a law enforcement, using data from data brokers without a warrant.
Right, like these are, I think, two super important things. Um, that would be. I'm not I'm not generally a a large fan of, you know, waiting for the state to do things, um, because states take far too long to do things and typically, and they'll usually, do them wrong, but this is something that we desperately, desperately need Um, so I'm I'm a big fan of of pushing for federal privacy regulations um.
0:58:25 - Katherine Druckmann
And awareness, yeah, and awareness.
0:58:27 - Cooper Quintin
Right, but, like I mean I, if you're in California, you know, go Go to the experience website and request a copy of your data, because the amount of data that Experian, one of the big three credit providers, has about you is Absolutely nuts. Right, like it is, they have it, you know. It says like, whether, so I requested mine. There's a field about, like, whether I take the bus very often, whether I live in a high-risk neighborhood, right, uh, if I live close to a grocery store or or convenience stores, right, like, if I have, uh, you know, if I'm friends with high-risk people, right, like, the, the whole, the, the people get really worried about the Chinese social credit system, right, and I'm telling you it's already here. Right, like, it's just, it just looks different, right, but like, experian has all this data, right, the data brokers have all that data already and you can be certain that some algorithm is out there making decisions about you based on that data.
0:59:36 - Doc Searls
So we are very close to the end of the show and I'm looking at the list that you gave us and the things we haven't talked about yet biometric privacy review, or XRAR, the tech-type Rift Cycle, the TOR, university Challenge, imsi, catchers, e-carceration that's an interesting one. Oh, the IMSI catcher.
0:59:57 - Katherine Druckmann
Is there any? What are those you want to?
0:59:58 - Doc Searls
visit in like a minute before we go.
1:00:02 - Cooper Quintin
Yeah, I'd be remiss not to plug the TOR University Challenge.
Okay, because this is a project that I'm working on right now. So we, so EFF, along with the TOR project, are trying to get more universities, schools, high schools, even institutions, junior colleges, whatever to run TOR notes. This will help the TOR network grow. It'll help the TOR network be have better speeds, because if there's more long-term you know, universities tend to and colleges and schools tend to have good internet connections, right, and it also thank you, you pulled up the site there it also makes the TOR network, it helps legitimize the TOR network right, and it helps it makes other countries less likely to censor it, because countries rely on, you know, academic collaboration right, and having their institutions be able to talk to one another.
So we can really help the TOR network by having more universities set up these relays. So if you are a professor at a university, if you're a student at a university, you know, if you work at a high school or a college, a junior college, whatever, and you want to set up a TOR relay, please check out TOR challengeefforg and we have some advice there on how you can go set up a relay at your school and keep it running, and if you keep it running for a year, we will send you a fantastic challenge coin. See if I can. I don't know if I can get it to focus. It's got these three cute little onions on the back.
1:01:42 - Doc Searls
Well, most people don't listen anyway, so oh, right, right, this is not a visual medium.
1:01:47 - Cooper Quintin
The podcast yes, it is, and it is, and it is, and it is.
1:01:52 - Doc Searls
But most of us but yeah, but yeah.
1:01:53 - Cooper Quintin
We'll send you a beautiful challenge coin for everybody involved in the process and we'll list your school on the front page of the website, if you want, and you'll, of course, have our undying thanks and the good feeling of knowing that you're helping support the TOR network. So yeah, please check out TOR challengeefforg.
1:02:13 - Doc Searls
Okay, so we always close the show with two quick questions. What are your favorite text editor and scripting language?
1:02:21 - Cooper Quintin
Ah, Vim and Python.
1:02:25 - Doc Searls
Oh, that was. That was by far the quickest answer we've ever had.
1:02:32 - Katherine Druckmann
Easy answers for me, Well is it bash?
1:02:35 - Doc Searls
Or maybe I have to think. Let me look over here and see Very good, listen, we have all so many turns on stone there that we are going to have to have you back soon. Yes, this is really great. And send your buddies from PrivacyBand or anybody toward us. We always need more guests. We'll never run out. This is our 752nd show, I think. So, yeah, we've been at this for a while.
1:03:05 - Cooper Quintin
Well, it's an honor to be on here and, you know, thank you for the many years of Linux Journal, which are definitely a big part of what helped me in my career and got me to where I am today. So thank you Awesome.
1:03:17 - Katherine Druckmann
That's pretty fantastic. Yeah, it is fantastic.
1:03:20 - Cooper Quintin
Oh, I was a huge fan of Linux Journal. Always bought the copy when I would find it in Borders or Barnes Noble or whatever it was yeah, when those existed too, back when. Bookstores and Physical Magazine still existed.
1:03:33 - Doc Searls
Yeah, Well, thanks so much. Cool, this is great, and we'll see you soon, okay, thank you, bye, so, catherine.
1:03:44 - Katherine Druckmann
Is this the post-show part? No, yeah, okay.
1:03:47 - Doc Searls
We're at the post-part, but not the part after the part.
1:03:50 - Katherine Druckmann
I can never remember I know that was fantastic. Yeah, that was everything and more. I would love to have more of these. Yeah just nerd out. Cover all the topics.
1:04:06 - Doc Searls
You don't know, kukuri. You know Mike just got muted sort of robo-automatically because but don't go away.
1:04:12 - Katherine Druckmann
Don't go anywhere. Yeah, yeah, stay there, don't go away.
1:04:16 - Doc Searls
This is a point where Katherine and I get into plugs and stuff anyway. So, catherine, we didn't begin to cover everything on that. That was, I was expecting a lot of you and better. I'm sure. Glad you ran into him at Defcon.
1:04:31 - Katherine Druckmann
I know you never know you might run into a Defcon. That's good stuff. Yeah, plugs, though I think that's what you're about to ask, so I'll just go ahead and try and answer. Yeah, so what you mentioned. We occasionally publish a newsletter and do a. We also do a podcast over at Reality 2.0. A new one, I think, just went up today. Yeah, so so that's a thing. And then I also yep, there's also I do an open at Intel podcast because I am an open source of the analyst over at Intel. And yeah, I hope, if you really love the sound of my voice, especially with my new Elvis microphone, you can hear me in multiple places. Yes, we do.
1:05:13 - Doc Searls
I want to say that this, this last show that we did was with. Is that the one with the Michael Stollarcher?
1:05:19 - Katherine Druckmann
It is.
1:05:20 - Doc Searls
Yeah, so. So it's interesting because he's a guru in the shipping industry and so all of those giant, unidentified, you know, these things that are as big as four Costco's that are near airports and alongside highways, everywhere. These are called flow centers. They're not warehouses at all because everything moves through those things and it's really interesting. There's a there's not much of an open source story there, but there is a weird generosity story there that I had not expected.
So this is a good show. It's a good one, yeah, so, oh, so next week, who do we have next week? I'm not prepared with yet. Okay, here, we go Down here to schedule and roll it down. Okay, errol Balkan. Okay, great, oh, that'll be a good one. Yeah, errol is a hardcore geek, old school, though he's a young guy big into design. He's to the Small Technology Foundation Last I saw him was actually in London Very interesting dude, and so he's coming up next week and I highly recommend that one. We have Mad Dog Hall coming in the week after that, and so I'm looking down the list here, so I'm trying to get ahead of things. So those are coming up and so we'll see you next week.
1:06:51 - Jason Howell & Mikah Sargent
It's midweek and you really want to know even more about the world of technology, so you should check out Tech News Weekly, the show where we talk to and about the people making and breaking the tech news. It's the biggest news. We talk with the people writing the stories that you're probably reading. We also talk between ourselves about the stories that are getting us even more excited about tech news this week. So if you're excited, well then join us. Head to twit.tv and don't forget to subscribe to our channel.