Apple forces bad user experience on Funambol

I installed Funambol on an iOS device to test it and all went well… until I tried to sync the pictures. I was greeted with the request to allow Funambol to access my location, request that I promptly denied. Why on the planet would Funambol want to know where I am? Smelling that Apple may have to do with this, I asked Funambol developers who confirmed that this is due to the nature of the ALAsset API from Apple.  Apparently I’m not the only one to think that iOS ALAssetsLibrary is broken.

What is broken is not only the user experience, but also the bad habit that Apple is spreading: users should pay attention to the permissions they grant to apps and deny to run those that make unreasonable requests. Mobile phones are computers and everybody should keep in mind that apps have access to personal data stored on the phone. Everybody should check that apps have permission only to access the minimum necessary to operate. Are you installing an app to sync addressbook and pictures? The app should ask permission to read/write addressbook and pictures. Not to read location!

“Bump” and your data go to the cloud

When investigating the design of the FreedomBox app to exchange keys and establish trust between two people I looked at how the Bump App for iPhone and Android solves the issue. From their FAQ:

Q: How does Bump work?

A: There are two parts to Bump: the app running on your device and a smart matching algorithm running on our servers in the cloud. The app on your phone uses the phone’s sensors to literally “feel” the bump, and it sends that info up to the cloud. The matching algorithm listens to the bumps from phones around the world and pairs up phones that felt the same bump. Then we just route information between the two phones in each pair.

So, when you collide two phones with the same app, the data are encrypted and sent to their cloud for matching. No bluetooth, no complicated QRcode. Smart. I don’t think we can we use the same mechanism for FreedomBox, though.

via | Bump Technologies, Inc..

First code project for FreedomBox: the ‘bump’ challenge

Exchanging public keys and signing them is still a complicated matter for normal users. As part of the development of FreedomBox we are thinking of a simple way to establish trust and enable two people talk to each other through secure cryptographic means.

One possible scenario is the following: User Jane meets her friend Ken, they ‘bump’ their phones or scan QRcode and by doing so they exchange not only their private information (vcard, GPG keys) but also establish a high degree of digital identity trust. The updated status of ‘trust’ can be then transmitted back from the phone to their respective FreedomBoxes, securing future communication between Jane and Ken.

I’ve asked for comments and asked for participants on the FreedomBox discuss mailing list. Read the conversation on the archives and consider joining the effort.

East and West coast so far apart: Moglen vs Jobs

June 6th 2011 was a strange day. Facing the Pacific ocean Steve Jobs was describing his perfect plan to know which books you read, what magazines you buy, what music you listen, who you correspond with, who you love and who hates you.  On the Atlantic ocean Eben Moglen, Lawrence Lessig were describing how that kind of technology is threatening the very foundation of our democracy. Moglen’s keynote starts with:

we have 4 forces doing anything they can to eliminate freedom on the net.

  • governments deeply concerned about the possible loss of control that comes from the freedom to tell stories any way we want and escape the framing that power puts around things
  • content owners who believe that their bits are sacred and the risk that those bits may be copied justifies controlling the net down to each endpoint and down to every eyeball and every eardrum
  • data miners, the industry of the future, their job is to know what you want before you know it so that they can sell you to somebody. All that is required is to read your email, check every party that you go to, check the conversations you have with your friends. And they have arranged to make this possible.
  • network operators that are transforming the end-to-end network (as described by Lessig) into the “everything must come to us” and “all your life are belong to us! aren’t you happy, people?”

platforms, devices that won’t allow you to take the ads out of the webpage or prevent you from sharing a song or prevent you from speaking your mind.

[…] We are losing the autonomy of personality. […] The net has turned against us.

Enter the Freedombox and take back the net as we know it. Watch the full video, it’s well worth it.

Watch live streaming video from pdf2011 at

Develop For Privacy Challenge

We live in a world of smartphones and other mobile devices that provide amazing services. But these same devices can also collect and share vast amounts of data that can paint a detailed picture about where we go, who we know, what we do and even what we think.

Protecting this critical information is more important than ever. But too many users lack the tools that would enable them to take advantage of new technology without losing control of their personal information.

That’s where you come in. And that’s why we’re launching the Develop for Privacy Challenge.

Rules, judges and deadline on  Take the Challenge | Develop For Privacy Challenge.

Come evitare di diventare fan della Moratti su Facebook

La campagna elettorale della Moratti si fa coi figuranti vestiti da zingari e tossici nei metrò e con script poco tecnologici su siti civetta per fare crescere i ‘Mi piace’ su Facebook.

La notizia così come l’ha svelata originariamente Claudio Messora e l’ha ripresa senza aggiungere niente (ma li pagano quelli che scrivono sul blog di Wired Italia?). Leggendo qui e pare che l’architetto del trucco sia FBAdvertising di tale Alessandro Gargiulo, autore anche di uno scriptino ingannatore che vende su un forum.

A Gargiulo si arriva guardando i domini coinvolti nel trucco: sono svariati e la maggior parte non espongono i dati del registrar. Però si vede che e, altro dominio coinvolto, hanno lo stesso IP e il registrant del secondo è Alessandro Gargiulo. La sua FBAdvertising vende ‘traffico su Facebook‘. Indizi interessanti. Marco d’Itri su FriendFeed trova anche un altro nome: Flavio Li Volsi di (host sullo stesso IP). E peraltro, non c’è solo la Moratti coinvolta ma si trovano anche altri marchi nella cache di Google (Samsung, per esempio).

Quello che ancora non ho letto è che per evitare di diventare fan di un innominato qualsiasi la seconda cosa migliore da fare è di non andare in giro per la rete senza aver prima fatto il logout da Facebook! Quando esci di casa la chiudi la porta? Fà lo stesso con Facebook: se entri, ricordati di uscire così eviti di cliccare sulle trappole. In ogni caso sappie che tutto quello che fai è tracciato e riportato al cugino Mark (Zuckerberg).

PS la cosa migliore da fare è non usare Facebook 🙂 O installare NoScript.

The horrible Terms of Service in Nintendo 3DS

Free Software Foundation has published a new campaign to inform Nintendo 3DS users that the Terms of Service of the machine are offensive and dangerous.

The 3DS has a videocamera that may be used to take pictures and videos of friends and family: just using Nintendo 3DS you give them the right to do whatever they want with your pictures and videos.

By accepting this Agreement or using a Nintendo 3DS System or the Nintendo 3DS Service, you also grant to Nintendo a worldwide, royalty-free, irrevocable, perpetual, non-exclusive and fully sublicensable license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, perform and display your User Content in whole or in part and to incorporate your User Content in other works, in any form, media or technology now known or later developed, including for promotional or marketing purposes. (Chapter 1, Nintendo 3DS End User License Agreement)

And there is more: the Nintendo 3DS will send the Activity Log to Nintendo when the wifi is connected, share your information and use it to target advertisements to you. Nintendo states that they “may update or change the Nintendo 3DS System or the Nintendo 3DS Service in whole or in part, without notice to you.” Children under 13 should not use their real names to create their game nickname, take pictures with the built-in camera, or participate in any number of ways the 3DS is set up to encourage. Read the details on Brick Nintendo before they brick you! on DefectiveByDesign.

This awful behavior from such arrogant companies cannot be tolerated! Send Nintendo a brick: the campaign crew of Defective by Design wants to flood Reggie Fils-Aime, President and COO of Nintendo of America office with cute bricks to let them know that Nintendo 3DS Terms of Service are unacceptable and that DRM must be dropped. Donate as little as $10 to Brick Nintendo before they brick you.

How anonimity online is being eroded

This is The Economist, not Richard Stallman or the EFF:

But anonymity is freeing. It lets people go online and read about fringe political viewpoints, look up words they are embarrassed not to know the meaning of, or search for a new job without being thought extremist, stupid or disloyal. In America some judges have recognised that browsing habits will change if people feel that they are being watched. In rejecting a government demand for book-purchase data from Amazon, an online retailer, a judge wrote that the release of the information would create a chilling effect that would “frost keyboards across America”. Librarians have long understood this, which is why they keep readers’ files confidential. But many of the new custodians of people’s reading records do not seem inclined to do the same.

Read it all Monitor: Anonymous no more | The Economist and donate to EFF and FSF.

Companies and governments join forces to hassle motorists

Continuing yesterday’s theme about privacy and the relationship between governments and companies,  here is another warning sign that citizens should trust neither. The AD reported:

Satellite navigation system maker TomTom indirectly sells details of motorists’ driving behaviour to the police for use in determining where speed traps should be placed,

The role of police should be that of patrolling the streets to prevent people from speeding. But patrols are expensive and it’s much more efficient to hide speed traps and send hundreds of tickets directly in driver’s mailbox. Who cares if the speeder will cause an accident only a few km after being photographed at 180km/h. It’s awful. Technology is increasingly used to control our lifes, but I agree with my fellow Americans that the most scary threats to privacy come from governments, and that corporations are a secondary threat.

via – Satnav maker TomTom ‘helps’ police set speed traps (update).