Google censoring searches in China again

Google has a new logo and updating its image – but under the surface it’s still that pre-2010 half-evil censor

Eight years after Google pulled out of the censored Chinese internet, they’re back.  It’s been reported that the company is working on a mobile search app that would block certain search terms and allow it to reenter the Chinese market.

Google has engaged in the China-controlled internet space before: but in 2010 it pulled out, citing censorship and hacking as reasons.  It didn’t pull out completely – it still offered a number of apps to Chinese users, including Google Translate and Files Go, and the company has offices in Beijing, Shenzhen and Shanghai – But the largest of its services – search, email, and the Play app store – are all unavailable in the country.

Google co-founder Sergey Brin told the Guardian in 2010 that his opposition to enabling censorship was motivated to his being born in Soviet Russia.   “It touches me more than other people having been born in a country that was totalitarian and having seen that for the first few years of my life,” he said as Google exited the Chinese market after 4 years of cooperating with the authorities.

But now they’re back, working on a mobile search app that would block certain search terms and black-listed material.  The app is being designed for Android devices.

According to tech-based news site The Information, Google is also working on a censored news-aggregation app too. The news app would take its lead from popular algorithmically-curated apps such as Bytedance’s Toutiao – released for the Western market as “TopBuzz” – that eschew human editors in favour of personalised, highly viral content.

Patrick Poon, China Researcher at Amnesty International, called Google’s return to censorship “a gross attack on freedom of information and internet freedom.”

In putting profits before human rights, he said, Google would be setting a chilling precedent and handing the Chinese government a victory.

This is important because many computer users will set a search site as their homepage and even find content by entering key-words into the url bar of their browser.  Because of Google’s ubiquity, it is frequently set as default search engine on browsers, meaning that millions of users will find that their experience of the internet is that delivered through the lens of Google.  If that lens is smudged or cracked by censorship, all these users’ internet experience is skewed.  So it is essential to highlight the fact that Google is not the neutral, trustworthy agent that many users think it to be.

GreatFire, an organisation that monitors internet censorship and enables circumvention of the “Great Firewall of China”, said the move “could be the final nail in the Chinese internet freedom coffin” and that “the ensuing crackdown on freedom of speech will be felt around the globe.”

EVTOL – the tech to deliver air taxis to the city’s skies

Rolls-Royce EVTOL air taxi concept, launched at Farnborough Air Show July 2018

People have been dreaming of personal flying vehicles since Icarus flew too close to the sun.  But there have been fundamental problems to the concept of air taxis and flying “cars”: noise, pollution and the need for air strips included.  But now the technology to make the dream possible has arrived: EVTOL.

Electric (or hybrid-electric, or electrically-assisted) Vertical Take-Off/Landing means an air vehicle that has the VTOL characteristics of a helicopter but otherwise flies like a fixed-wing airplane.  The VTOL is possible thanks to swivel-wings or swivel engines that are electrically (or hybrid-electrically) powered.  This helps beat the noise problem of helicopters, the pollution that a high concentration of conventionally-fuelled aircraft would cause, and the urban airstrips that fixed-wing vehicles would need.

For example, let’s look at the EVTOL air taxi concept that Rolls-Royce unveilled earlier today (16 July 2018) at the Farnborough Airshow.  The hybrid aircraft, designed to carry four or five passengers, has an M250 gas turbine which delivers around 500kW of electrical power. This is used to drive six rotors that can provide both lift and propulsion, with the wings tilting forward 90 degrees once sufficient altitude has been reached. Four of the rotors can also fold into the wings, leaving two at the rear to provide thrust at cruising altitude while helping to reduce cabin noise. Top speed is estimated at 250mph and range is predicted to be 500 miles. According to Rolls, an onboard battery will bring additional climb power and will be recharged by the M250 engine.

The Blackfly Personal EVTOL

And this is just four days after Opener announced its single-person EVTOL personal aerial vehicle, Blackfly, hailed as the world’s first ultralight, fixed-wing EVTOL  aircraft.  The BlackFly Opener is amphibious and is primarily designed as a small grassy area hopper. It can travel up to 25 miles at 62 mph in the US, or over 80 mph elsewhere.  And in the US anyone can own and operate a Blackfly – there is no need for formal licensing.  And in the pollution stakes: it uses less energy than an electric car, and produces less noise than do petrol-driven cars.

How the Blackfly stacks up on the noise and energy fronts

Unlike Opener, Rolls-Royce produced a concept rather than an actual aircraft.  Nevertheless they claim that the concept is based upon technology that either already exists or is currently under development. If a viable commercial model emerges, the company believes the vehicle could be in service by the early 2020s.  However there will be a lot of competition in this market: Airbus and Uber have both announced plans, Google’s Kittyhawk is taking orders ; and last year, Dubai staged its first autonomous air taxi trial, and authorities there claim personal air mobility could transform the region over the next five years.

In April 2017 after the first Uber Elevate Summit, Electric VTOL News started a catalogue of EVTOL aircraft – it grew at a rate of about one aircraft per week during the first year, but this has now accelerated to an average rate of two aircraft per week as more aircraft are unveiled and new actors join the sector, and now numbers over a hundred aircraft.

As of June 15, 2018, the site had 45 vectored thrust aircraft listed; 12 lift + cruise configurations; 24 wingless multicopter aircraft; and 23 Hover Bikes/Personal Flying Devices.

In addition, the website now hosts more than 100 news articles and in-depth stories on eVTOL aircraft and developments.

This is an exciting sector and brings ever closer to reality the dream of personal air vehicles – your very own airplane! So keep an eye on the skies!

Darknet Part 3: How people got caught

Part 3 of an occasional series of videos about the Darkweb, hidden services, anonymity… all the good stuff that we need, and need to know about!

Excellent Defcon presentation by Adrian Crenshaw detailing how some Tor users got caught.  TL;DR: it’s all down to faulty OpSec.  Be careful all the time, use your common sense, and all well be well.  So long as there aren’t 0days in Tor Browser that the Man knows about and the devs don’t…

But this isn’t too long to watch.  So watch it!  Even if you don’t use the darknet it is hugely informative and entertaining.  And if you do use Tor or otherwise have an interest in anonymity (which means you!), it is doubly informative and entertaining… in fact it is essential for everyone to watch.  So watch it!

There’s a special browser that leads to a secret web…

Free calls, free texts, free everything

I wrote about Globfone recently, but here it is again.  This time I’m writing a dedicated review, as it’s a blinding service and deserves all the publicity it can get!

Globfone.com offers free calls, free SMS, free p2p video calls and free p2p file sharing.  The service is all free, is planned to remain free, no registration or subscription required, the service is sustained completely by ads and sponsors.

On their site they describe their “Free Online Phone Project”:

The idea behind Globfone is to deliver telecommunication services like SMS and international calls for free to users across the globe. At Globfone, we firmly believe that there is ‘Love in Sharing’, therefore we are currently seeking to increase our coverage to more than 90% of major International GSM networks that we currently cover. Globfone WEB is a completely FREE to use internet service that allows you to make free phone calls, send free text messages, make free video calls and a free P2P file sharing service to all your friends and family around the world. This service works without For FREE! And you don’t have to install any special software or go through long registration process – Globfone is completely SAFE and EASY to use.

Their worldwide coverage includes 91% of mobile networks for SMS and 96% for calls.

Most of my experience with Globfone is the SMS service.  It is possible to send messages from just about anywhere in the world, to just about anywhere in the world.  And Globfone claims that it is possible to send texts to the same number repeatedly in close succession so as to have conversations via SMS.  This is something that most services don’t allow, reportedly to prevent spam.  But with Globfone, you can.  Imagine that you have a mobile phone but no credit or messages left from your allowance.  You can text message your friend, she can reply by texting your phone, and then you can reply immediately via Globfone, so carry on a text conversation.   Afreesms.com doesn’t allow this, nor does any other service I have come across in my years of checking out these kinds of sites.  This is something that Globfone is rightly proud of.

As well  as laptops and desktop computers, you can also send SMS from most smartphones.  And there is an app – Globfone SMS Messenger – for Android and iOS.

The free calls is a VoIP service that requires no registration, something you rarely find.  This service, as well as the SMS, there is an upper limit to the number of free calls and SMSes available to a single IP address during a 24 hour period.  When that limit is reached, the user is alerted and asked to wait 24 hours before using the service again.  And there is also a call-specific time limit: when you make a call, you are shown a countdown representing how much time you have left on that call.  The call-specific time limit is a pain in the ass – it seems you can’t make calls longer than a minute – but remember this service is free and you’re not likely to find better.

A good use of the free call service is to find your phone – if you’ve mislaid it somewhere in your home you can use Globfone to call it, the ringtone then helps you locate your handset.  Handy, and unaffected by the call time limit as you don’t need to answer the phone.

The webphone service is truly cross-platform as all you need is a modern browser  – it uses multiple different SIP/media engines including a Java VoIP engine – runs in all java enabled browsers; WebRTC – runs in all modern browsers; and Flash VoIP – for compatibility with some old browsers.  You also need to enable speakers and microphone, and optionally headphones.  And that’s it: as long as your computer has that, you can use the webphone service.  If you have problems, visit this webpage.

You can make free calls from most modern smartphones, but may experience difficulties using older mobile platforms, like Symbian OS.   If your mobile browser doesn’t support Java, Globfone’s FAQ advises using its mobile beta app – but I couldn’t find a link to that app.

I haven’t used the p2p services – file-sharing and video calls.  These services are peer-to-peer, meaning a direct connection is made between 2 computers, rather than using phone networks.  If any readers have experience of these Globfone services, please tell us about it in Comments.

The services are financed by ads and sponsorship.  In the FAQs, if you want to donate to Globfone or support it in any way, it suggests you “like” Globfone in social media, or place a link to the site in your blog.  So that’s what I’m doing here.  And look: here’s the link to Globfone!

Python: Automated login to local hot spot

I’ve been using a BTWifi-with-FON hot spot for internet access.  The way it works is: user clicks on connect in wifi manager, then browses to https://www.btopenzone.com:8443/home, fills in the form with User email address and Password.  This lets the user access the internet for anything between 1 and 3 hours, depending on time of day and day of week.  Then access runs out and the user must sign in again.

If you’re using the hotspot for an extended period of time, having to go through this palaver can be pretty irritating.  Luckily I’ve started learning python, which is an excellent language for automating this kind of procedure.  So this is the script I have written to make my use of the hot spot a little less stressful:

import pymsgbox
import requests
import time
import sys

def log_in():

    url = “https://www.btopenzone.com:8443/tbbLogon”
    values = {“username”: “foo@bar.com”,
    “password”: “foobar”}
    requests.post(url, data=values)

def vpn_check():
    p = requests.get(“http://www.icanhazip.com/”)
    ip = p.text.rstrip()
    if ip == “!!!.!!!.!!!.!!!”:
        # uncomment line below for vpn connection confirmation
        #pymsgbox.native.alert(“Logged into VPN”, t)
        sys.exit(0)

test_url = ‘https://www.btopenzone.com:8443/home’
response = requests.get(test_url)
html = response.content

page_start = str(html[0:1000])

t = time.strftime(“%X”)

if “DANTE” not in page_start:
    vpn_check()
    pymsgbox.native.alert(“Signed OUT, click me to sort it”, t)
    log_in()
    #uncomment following lines for signed-in confirmation
#else:
    #pymsgbox.native.alert(“Signed in”, t)

At the top of the script I import the modules I need. Pymsgbox provides pop-up message functionality. Requests handles the webpage parsing and filling in the online form.  Time enables the script to display the time in the pop-up boxes. And it uses sys so it can drop out of the vpn_check() function.

Next up, it defines the log_in() function.  Although the user navigates to https://www.btopenzone.com:8443/home to sign in, the form url is http://www.btopenzone.com:8443/tbbLogon.  The values to be provided are username (the user’s email address) and password (a password).  According to the ancient custom, here I have used foo@bar.com as user’s email address, and the password is foobar.  Requests delivers these values to the form url.

The script goes on to define the vpn_check() function. As this is a public wifi hotspot I use a vpn service, Invisible Browsing VPN aka ibVPN.  The vpn_check() function checks whether the computer is using a vpn by comparing the public ip address to that used by the vpn service.  Here the vpn ip address is represented by X.X.X.X.  If the ip address is the same as the vpn’s address, the script terminates.

Now the script proper starts.  It checks whether we are already signed in to the BTWifi service.  This is performed by going to a particular url – https://www.btopenzone.com:8443/home and examining the html source code.  If the computer is already signed in, that webpage will redirecte us to http://home.bt.com/bt-wifi-01364197228851.  The first thousand characters of that page’s html source code contains the string “DANTE”.  If the string is present, we know we are signed in and the script terminates.  If the string is not present, the computer is either using a vpn or is not signed in to BTWifi.

 

So the script performs the vpn_check(), using the online service at http://www.icanhazip.com to check the computer’s public ip address.  If this matches the vpn ip address, X.X.X.X we know the computer is signed into BTWifi and using the vpn.  If the public ip address does not match the vpn ip address, we deduce that we are not using the vpn and therefore we are not signed in.  So a pop-up message tells the user that we are not signed in, and if the user wants to sign in he should click the OK button.  If he clicks the button, the script goes on to the log_in() function, to sign in to BTWifi.

With log_in() the script navigates to the sign-in form at https://www.btopenzone.com:8443/TBBLogon, and fills in the form fields with the values.  We are signed in, and the script terminates.

On my computers, which use either Windows 7 or Windows 8.1 operating systems, I have scheduled this script to run every 5 minutes.  It regularly checks the computer’s signed-in status, putting up a message if the computer is no longer signed in. The message box says : “Signed OUT, click me to sort it.” Click the button and the script signs into the wifi.  This is much less stressful than having the palaver of going to the wifi sign-in page and dealing with the form.

This script is very much a work in progress.  Look at the code and you will see a number of lines commented out.  Uncommented, these lines of code provide confirmation when the script finds out it is signed into the wifi or using the vpn.  These were used for testing.  I intend to comment out the message that we are not signed in, and have the script deal with it in the background.  This will allow me to work online or watch a streaming video without interruption – unless a connection problem arises!

I have found that sometimes there is a connection error, python raises an exception and program exception is interrupted. If I’m running the script in IDLE the exception output is printed in the interactive shell, but if it is working in the background, scheduled to run every 5 minutes I won’t get any error info.  I am going to see if a try/except block will deal with it. I plan to have basic error info printed in a pymsgbox pop-up.  I can then investigate what’s up with the connection, whether the problem is with the hot-spot or my own hardware. Sometimes when I’m experiencing connection problems, I run diagnostics on network connection and Windows resets my network adapter and that fixes the problem!

If anyone has any suggestions about this script please let us know in Comments.  Constructive criticism is welcome.  If anyone else finds this helpful (perhaps you also use a BTWifi-with-FON hot spot?), let us know!  And maybe buy me a coffee…?  🙂

The Cypherpunk Manifestos

Reading a lot about privacy and anonymity and cryptography and cryptocurrency and Darknet hidden services and Tor lately.  Something that has caught my attention is the Cypherpunk movement, and their manifestos.

Without anonymous currency, we don’t have real anonymity

The earliest one seems to be The Crypto Anarchist’s Manifesto, written by Timothy C May in 1988.  Here’s a link to it.  Written thirty years ago, but very of the moment even now.  Read how it opens:

Computer technology is on the verge of providing the ability for individuals and groups to communicate and interact with each other in a totally anonymous manner. Two persons may exchange messages, conduct business, and negotiate electronic contracts without ever knowing the True Name, or legal identity, of the other. Interactions over networks will be untraceable, via extensive re-routing of encrypted packets and tamper-proof boxes which implement cryptographic protocols with nearly perfect assurance against any tampering. Reputations will be of central importance, far more important in dealings than even the credit ratings of today. These developments will alter completely the nature of government regulation, the ability to tax and control economic interactions, the ability to keep information secret, and will even alter the nature of trust and reputation.

“A cypherpunk’s manifesto” by Eric Hughes, is also very relevant, even though it is 26 years old.  Here’s a bit:

Cypherpunks write code. We know that someone has to write software to defend privacy, and since we can’t get privacy unless we all do, we’re going to write it. We publish our code so that our fellow Cypherpunks may practice and play with it. Our code is free for all to use, worldwide. We don’t much care if you don’t approve of the software we write. We know that software can’t be destroyed and that a widely dispersed system can’t be shut down.

Cypherpunks deplore regulations on cryptography, for encryption is fundamentally a private act. The act of encryption, in fact, removes information from the public realm. Even laws against cryptography reach only so far as a nation’s border and the arm of its violence. Cryptography will ineluctably spread over the whole globe, and with it the anonymous transactions systems that it makes possible.

This is stuff that could have been written yesterday.  The technologies required for true anonymity have broken out fairly recently: encryption, cryptocurrency, all this has come to a head now.  If we don’t seize this opportunity, maybe we don’t deserve it.

Darknet Part 1: What is the darknet and why should I care?

 

Welcome to Part 1 of my guide to the Darknet.  Well, I say “mine” but it’s actually by many people.  And, just so you all know I’m not trying to pass off this guide as my own words, I’m going to show the words actually coming out of their true creators’ mouths, thanks to the miracle of video streaming over the internet! Thanks be to Youtube,eh!!

Okay, part 1 of this series is a primer on the Deep Web and the Darknet.  It’s a TEDx talk by Alex Winter (of Bill & Ted fame), entitled “The Darknet isn’t what you think”.  There are some misconception about what illegal services were available through the Silk Road website.  For instance child pornography was banned.  Stolen goods weren’t allowed.  Ads for contract killers weren’t allowed.

Anyway, check out the vid.  Enjoy!

Next time: A film about the rise and fall of the Silk Road

 

Apple closes security loophole in iPhones and other iOS devices

Today Apple is closing a security loophole in iPhones and other iOS devices that enabled law enforcement to hack into criminals’ devices, inculding one of the San Bernadino killers.

They have introduced “Restricted USB Mode”, which will stop hackers from extracting data through an iPhone’s lightning port an hour after being locked.  It is believed that this is how the FBI were able to read data from the iPhone belonging to a gunman involved in the shootings in San Bernadino.

Apple says this is part of their usual security reviews, and is not aimed at thwarting law enforcement but is to protect users from criminals.

The GreyKey device that hacks into locked iPhones via its Lightning port

This will protect iPhones from the iPhone hacking tool GreyKey.

The new default settings will have a feature Apple call a “USB restricted mode” which has been present in developer betas for both iOS 12 and iOS 11.4.1. With this feature, all communication through a Lightning port to USB connection will be blocked on unlocked and dormant devices.

US law enforcement uses a tool called a GrayKey, which is a small box with two Lightning cables that can unlock password encryptions on iPhones and extract data from  iPhones.  The Restricted USB Mode will cut off the GreyKey’s access.

The GreyKey device reveals a locked iPhone’s passcode in as little as 30 seconds

Of course the cops believe this is aimed firmly at law enforcement, and will result in criminals and terrorists getting away with serious crimes.

“I think that privacy protections are on a collision course with responsible law enforcement actions to conduct legitimate investigations,” said Ronald Hosko, a former assistant director of the FBI who is now president of the Law Enforcement Legal Defense Fund, which raises money to defend officers accused of misconduct. “Terrorists or other criminal organizations will do something that’s heinous, in a way that is blocked from lawful law enforcement view. They will to some extent get away with it. We will lose lives, we will lose infrastructure in a big way, and then we will be having a different conversation.”

The driverless cars will kill us all!

Wreck of the Tesla that crashed in Mountain View, California, killing its passenger

There has been a spree of auto-pilot errors resulting in Teslas crashing recently. Two drove into emergency vehicles (a fire truck in Utah  a police car in California); and both times the self-driving car maker has put the blame on the drivers.

This is in addition to an accident relating to a self-driving Volvo SUV that was being tested by the ride-hailing service Uber struck and killed a pedestrian in Arizona, part of a secret testing program for self-driving vehicles enabled by governor Doug Ducey.

But Tesla CEO Elon Musk doesn’t think that the press should report on these crashes. It would seem as if Musk’s contention is: “Tesla’s Autopilot system doesn’t kill people. Journalists who write about Tesla’s Autopilot system kill people.”

Musk told writer Will Oreemus: “There are 1.2 million automotive deaths per year,” Musk said. “How many do you read about? Basically none of them. But if it’s an autonomous situation, it’s headline news. And the media fails to mention that actually they shouldn’t really be writing the story. They should be writing about how autonomous cars are safe. But that’s not the story readers want to click on. It’s really incredibly irresponsible of any journalists with integrity to write an article that would lead people to believe that autonomy is less safe,” Musk went on. Because when Autopilot users read those stories, “People might actually turn it off and die.”

Musk blogged about the sport-utility Model X that crashed in Mountain View, California, killing the driver Wei Huang in March, blaming the driver, the highway maintenance authorities – everyone, it seems, except his own company!

And the company has pointed to its manual which warns that the technology cannot detect all objects and that drivers should remain attentive . They say Wei Huang had received several visual and one audible hands-on warning earlier yet didn’t touch the wheel in the 6 seconds before the accident. But it turns out these alerts were made more than 15 minutes before the crash. And, while it’s true that the driver’s hands didn’t touch the steering wheel in those 6 seconds, he had touched the controls on three separate occasions in the 60 seconds prior to the collision.

And now the National Transportation Safety Board (NTSB) say that four seconds before the crash, the Tesla stopped following the path of a vehicle in front of it. Three seconds before the impact, it sped up from 62mph to 70.8mph, and the car did not brake or steer away.

Mark Fong, an attorney for Huang’s family, said in a statement: “The NTSB report provides facts that support our concerns that there was a failure of both the Tesla Autopilot and the automatic braking systems of the car.The Autopilot system should never have caused this to happen.”

And the use of misleading terminology is contributing to the carnage. Regardless of Tesla’s claim that drivers should remain alert and in control at all times, ther simple fact is calling a system “autopilot” is going to make car users think that the car is capable of piloting itself. Experts say the development of autonomous technology is entering a particularly dangerous phase when drivers are lulled into a false sense of security but expected to intervene to avoid crashes and other problems.

And why the hell are these drivers allowed to take part in driverless testing if they have not been trained adequately in the use of the technology?

There’s no real mystery here. Tesla and other manufacturers want the use of self-driving cars to be normalised. And the fastest way to do this is to have normal people using the things. When other people seeing their friends and neighbours in these cars without the need for specialized instruction, everyone will think they’re safe and will want one.

Even though these machines are not ready for the roads, and the roads aren’t ready for the cars. And they may yet kill us all.

The future of self-driving cars?

 

Hack Trump!

 

“You’ll prise my iphone from my cold dead fingers!” Trump will never stop tweeting – luckily for hackers.

The intel is out: we’re on to hack the Don.  The White House staff tried to tell him that bringing a cell phone into the secure area was to bring in his own gaping goatse security hole.  But he insisted: he needed, not one, but two iphones.  One for calls, one for Twitter.  Cos yeah, we all need a special Twitter phone.

But even though that’s a bit against procedure in the White House, it’s not un-doable.  His predecessor Barack Obama was hooked on crack, I mean Blackberries.  He simply could not exist with his poor-excuse-for-a-smartphone.   So allowances were made and he kept his Blackberry.  But he was aware of   the security risks; he had a specially-modified one made up, without microphone, camera or GPS, and even this “military-grade” Blackberry had to be handed over every 30 days to check for tampering, further modification, any chance that it posed any extra danger.

And Trump’s calls-only iphone is issued by White House staff and swapped out “through routine support operations” to check for hacking and other security concerns (well, any extra security concerns over and above the security concern that he is carrying around a bloody listening device!!).  But he refuses to let them have his Twitter iphone, because it would be a nuisance!

I’m sure it would be difficult to hack Trump’s phone(s).  I’m sure his equipment is especially hardened against threats.  But when a target is as juicy as Trump, and you have potentially nation-state actors moving against him, nothing is hack-proof.

The White House banned its employees from using personal phones while in the West Wing in January. A statement at the time said that the “security and integrity of the technology systems at the White House is a top priority for the Trump administration”.  But Trump’s wandering the West Wing (and the rest of the White House), Twitter-phone ready to tweet.

The personal smartphone of Trump’s chief of staff John Kelly was reportedly hacked during the Trump transition.  And he didn’t replace it until October.  And Trump’s Twitter-phone hasn’t even been checked!!

This is the man who criticised Hilary Clinton for her use of a personal email server.  He is so dependant on Twitter that he needs a phone especially to tweet.  Note that he needs this phone (not device, oh no, it has to be a phone) to tweet (not to use for other electronic communication, oh no, he hasn’t used email since he came into office, he needs it only to tweet).

The guy is an idiot.  Don’t know if you’ve noticed that yet.