Monthly Archives: March 2014

Here we go again: another messaging app, more illusions of privacy and security

Posted on by

Post updated — see below.

Simon Davies has an interesting take on the fallout from Facebook’s acquisition of WhatsApp.

In one of the most persuasive displays ever of the market power of consumer privacy, Facebook’s recent $19BN acquisition of the popular messaging app WhatsApp appears to have been given the thumbs-down by millions of users.

While it may be too early to produce a conclusive analysis, there are solid indications that the trend of new sign-ups to messaging apps over the past two weeks has overwhelmingly favoured the privacy-friendly Telegram app and has shifted decisively away from WhatsApp. Telegram has reportedly picked up between two and three million new users a day since the purchase was announced just over two weeks ago.

Davies says that “Telegram has built a range of attractive privacy features, including heavy end-to-end encryption and a message destruct function. As a result, many privacy professionals regard the app as the market leader for privacy.”

Hmmm… Davies points out that a German product test group recently criticised Telegram, on the grounds that

Telegram ist als einzige der getesteten Apps zumindest teil­weise quell­offen. Eine voll­ständige Analyse der verschlüsselten Daten­über­tragung war jedoch aufgrund der nur partiell einsehbaren Software-Programmierung nicht möglich…

…which I interpret as a view that judgement has to be withheld because the Telegram code is not fully open source — and therefore not open to independent scrutiny.

Anyway, intrigued, I downloaded the IoS version of the Telegram App to see what the fuss was about. The download was quick and efficient. The interface is clean. To get started you enter your mobile number and Telegram sends you a code when you then enter to confirm that it is indeed your phone. It then asks for access to your phone contacts which, it tells you, will be stored in the Cloud in heavily encrypted form…

Oh yeah? Can’t you just imagine the hoots of laughter in Fort Meade!

LATER: A colleague who is less linguistically-challenged than me writes:

I’m not sure that Simon Davis or you got the right angle on that test.de report on WhatsApp and alternatives. It’s true that test.de didn’t like it much, but their point about open source in the part you quoted is actually quite positive – it’s saying saying that it’s the only one of the apps they looked at that was even partly open source. A translation of the bit you quoted would be something like , “Telegram is, at least, the only one of the apps we tested that is partly open source. However, because the programming is only partly transparent, a complete analysis of its encrypted data transmission was not possible.” And the next sentence goes on to say, “But the testers can rule out the possibility that it transmits data unencrypted.”

That’s actually more positive than what they say in the corresponding section about any of the other apps, where they generally say they aren’t open source so that the testers can’t be sure that some data are not transmitted in unencrypted form.

Obviously that’s not a killer point for the German testers, however, because the only app they didn’t regard as having important problems is Threema, which isn’t open source.

What they didn’t like about Telegram is that:
* You have to choose explicitly to use encrypted transmission by choosing the “Secret Chat” option.
* The app automatically stores all your address book (contact) entries without asking you or asking the other people in the address book.
* In their conditions of use, users agree that the software house can store the user’s address book entries. No official address details (‘Impressum’) are given for the software house and there’s no contact adrdess where you can ask questions about data protection.

He’s put his finger on the biggest problem, in a way, which is not just that the App’s owners require you to upload your contact information in the Cloud, but that by accepting this requirement you compromise all those contacts without their knowledge or consent. This is the point that Eben Moglen was making in his wonderful Snowden lectures when he pointed out that acceptance of Gmail’s Terms and Conditions allows Google not only to read your own mail, but also that of your correspondents, none of whom have consented to that. (Though no doubt a slick lawyer will try on the argument that anyone who emails someone with a Gmail address implicitly gives his/her consent.)

Oscar Nights

Posted on by

Is it time for the Oscars again? Surely not? How time flies when you’re enjoying yourself. Our research project has been running a little film season on the general theme of ‘conspiracy’ (last week’s was All the Presidents Men) and we had a slight struggle to get them screened because “it’s the run-up to the Oscars” — which apparently meant that The Management thought that every screen under their control should be showing a nominated film, rather than some boring old celluloid film from the Dark Ages before CGA.

Where was I? Oh, yes, the Oscars. I’m not much of a film-goer and I detest awards ceremonies, whether in the UK (the BAFTAs) or the US. So imagine my delight at discovering (courtesy of The Browser) this wonderful essay by Raymond Chandler on the 1948 Oscar ceremony. “It isn’t so much that the awards never go to fine achievements”, he writes, “as that those fine achievements are not rewarded as such.

They are rewarded as fine achievements in box-office hits. You can’t be an All-American on a losing team. Technically, they are voted, but actually they are not decided by the use of whatever artistic and critical wisdom Hollywood may happen to possess. They are ballyhooed, pushed, yelled, screamed, and in every way propagandized into the consciousness of the voters so incessantly, in the weeks before the final balloting, that everything except the golden aura of the box office is forgotten.

[…]

If you think most motion pictures are bad, which they are (including the foreign), find out from some initiate how they are made, and you will be astonished that any of them could be good. Making a fine motion picture is like painting “The Laughing Cavalier” in Macy’s basement, with a floorwalker to mix your colors for you. Of course most motion pictures are bad. Why wouldn’t they be? Apart from its own intrinsic handicaps of excessive cost, hypercritical bluenosed censorship, and the lack of any single-minded controlling force in the making, the motion picture is bad because 90 per cent of its source material is tripe, and the other 10 per cent is a little too virile and plain-spoken for the putty-minded clerics, the elderly ingénues of the women’s clubs, and the tender guardians of that godawful mixture of boredom and bad manners known more eloquently as the Impressionable Age.

And this:

It doesn’t really seem to make much difference how the voting is done. The quality of the work is still only recognized in the context of success. A superb job in a flop picture would get you nothing, a routine job in a winner will be voted in. It is against this background of success-worship that the voting is done, with the incidental music supplied by a stream of advertising in the trade papers (which even intelligent people read in Hollywood) designed to put all other pictures than those advertised out of your head at balloting time. The psychological effect is very great on minds conditioned to thinking of merit solely in terms of box office and ballyhoo. The members of the Academy live in this atmosphere, and they are enormously suggestible people, as are all workers in Hollywood.

Lots more in that vein. Wonderful stuff, which made me laugh out loud and reminded me that there is nothing — but nothing — to beat a good writer in disdainful mood.

Mobile phones: huge industry, no new ideas

Posted on by

This morning’s Observer column.

Leave aside the fact that it was Apple that triggered the most recent explosion in the mobile industry – the smartphone revolution – and ponder what was actually on show in Barcelona. The answer, in the words of one astute and unsentimental observer, Professor Barry Avery, was: “Many phones, little innovation.” (Shades of Yeats’s pithy description of his – and my – native land: “Great hatred, little room.”)

“The message coming out of this year’s event,” wrote Avery, “is that while there are lots of new phones coming, we shouldn’t expect a great technological leap from any of them. Most of the phones are incremental updates, running the latest version of Android’s mobile phone operating system KitKat.”

Avery is too polite. The truth is that the mobile phone industry has run out of ideas. Every single smartphone in the market is basically just a variation on the Apple iPhone theme. And the variations, such as they are, are looking increasingly – and desperately – baroque…