The Daily Parker

Politics, Weather, Photography, and the Dog

Facebook and surveillance

Consumer Reports released a paper last month detailing how many companies track the average Facebook user:

Using a panel of 709 volunteers who shared archives of their Facebook data, Consumer Reports found that a total of 186,892 companies sent data about them to the social network. On average, each participant in the study had their data sent to Facebook by 2,230 companies. That number varied significantly, with some panelists’ data listing over 7,000 companies providing their data.  The Markup helped Consumer Reports recruit participants for the study. Participants downloaded an archive of the previous three years of their data from their Facebook settings, then provided it to Consumer Reports.

One company appeared in 96 percent of participants’ data: LiveRamp, a data broker based in San Francisco. But the companies sharing your online activity to Facebook aren’t just little-known data brokers. Retailers like Home Depot, Macy’s, and Walmart, all were in the top 100 most frequently seen companies in the study. Credit reporting and consumer data companies such as Experian and TransUnion’s Neustar also made the list, as did Amazon, Etsy, and PayPal.

The data examined by Consumer Reports in this study comes from two types of collection: events and custom audiences. Both categories include information about what people do outside of Meta’s platforms.

In the report, Consumer Reports calls for a number of policy proposals covering data collection practices, some of which could be part of a national digital privacy law, something that the organization has long advocated for.

We need a European Union-style regulatory regime to protect our privacy. The companies won't do it without regulation.

Finally replacing an elderly desktop machine

The computer I'm using to write this post turns 8 years old on April 6th. It has served me well, living through thousands of Daily Parker posts, two house moves, terabytes of photographs, and only one blown hard drive.

So I have finally broken down and ordered a new one: a Dell Precision 3460 that will sit on my desk instead of under it, and will run Windows 11 with TPM 2.0 instead of warning me that it doesn't have the right hardware to get the latest OS.

The new computer will have an 13th Gen Intel Core i5-13600 processor with burst speeds up to 5 GHz, an nVidia T1000 graphics card with 3 DP outputs right on the chassis, a 512 GB SSD as a boot drive, and a pair of 32 GB 4800 MHz DIMMS that I ordered separately. Plus, instead of decrypting and re-encrypting my 4 TB, 7200-RPM data drive, I'm just going to get a 4 TB M.2 2280 SSD, because they're actually less expensive and use less power than the one in my 2016 box.

Unfortunately I'll need to completely replace my 14-year-old Dell monitor, and get an HDMI-to-DP conversion cable for my newer (2018-vintage) monitor, but neither of those things is terribly expensive these days.

I've also updated the math on the March 2016 post announcing my previous computer, to show the progression of computing technology over the past 8 years:

Bought Config, Processor, Ram, HDD $ then $ 2024
Jan 2024 Desktop, Core i5 5.0 GHz, 64 GB, 512 GB SSD + 4TB SSD Data $2009 $2009
Mar 2016 Desktop, Xeon 6C 2.4 GHz, 40 GB, 512 GB SSD + 2TB Data $3406 $4406
Dec 2013 Laptop, Core i7 2.4, 12 GB, 512 GB SSD $1706 $2247
Nov 2011 Laptop, Core i5 2.2 GHz, 8 GB, 256 GB SSD $795 $1078
Nov 2009 Laptop, Core 2 Duo 2.66 GHz, 4 GB, 250 GB $923 $1309
Oct 2008 Desktop, Xeon 4C 2.0 GHz, 8 GB, 146 GB $1926 $2728
Feb 2007 Laptop, Centrino 2.0 GHz, 2 GB, 160 GB $2098 $3163
Jun 2005 Laptop, Pentium M 2.8 GHz, 2 GB, 60 GB $1680 $2650
Oct 2003 Laptop, Pentium M 1.4 GHz, 1 GB, 60 GB $1828 $3031
Oct 2002 Laptop, Pentium 4 1.7 GHz, 512 MB, 40 GB $2041 $3453
Mar 1999 Desktop, Pentium 3 500 MHz, 256 MB, 20 GB $2397 $4457
May 1995 Desktop, Nx 586 90 MHz, 32 MB, 850 MB $2206 $4446
Oct 1991 Desktop, 80386 33 MHz, 4 MB, 240 MB $2689 $6003

I mean, wow. I fully expect to be amazed at the speed—and the video.

I will say that my hope that the computer I bought in March 2016 would last at least 4 years came true twice over. In fact, from 1991 to 2016, I upgraded my main computer about every 2.7 years on average. Only two made it past 5 years, but only by 4 and 6 months.

It's been a really great machine. And I'm sure I'll discover that it can do one or two things that my new box can't, just like this one lost a couple of features I still sometimes miss. (My 2008 desktop could make mix CDs. I've never set this one up to do that.)

You'll get there in a few millennia

An Ottawa judge told the Crown Prosecution Service to return a suspect's mobile phones after prosecutors failed to unlock them after trying 175 million passwords:

The police seized the phones in October 2022 with a warrant obtained based on information about a Google account user uploading images of child pornography. The contents of the three phones were all protected by complex, alpha-numeric passcodes.

Ontario Superior Court Justice Ian Carter heard that police investigators tried about 175 million passcodes in an effort to break into the phones during the past year.

The problem, the judge was told, is that more than 44 nonillion potential passcodes exist for each phone.

To be more precise, the judge said, there are 44,012,666,865,176,569,775,543,212,890,625 potential alpha-numeric passcodes for each phone.

In his ruling, Carter said the court had to balance the property rights of an individual against the state’s legitimate interest in preserving evidence in an investigation. The phones, he said, have no evidentiary value unless the police succeed in finding the right passcodes.

The article helpfully describes how dictionary attacks work, but doesn't attempt to figure out how long it would take to brute-force them. (I'm not going to attempt that, either, but I expect it's a while.)

My car is watching me do what, now?

Via Bruce Schneier, your car does not respect your privacy anymore:

Mozilla recently reported that of the car brands it reviewed, all 25 failed its privacy tests. While all, in Mozilla's estimation, overreached in their policies around data collection and use, some even included caveats about obtaining highly invasive types of information, like your sexual history and genetic information. As it turns out, this isn’t just hypothetical: The technology in today’s cars has the ability to collect these kinds of personal information, and the fine print of user agreements describes how manufacturers get you to consent every time you put the keys in the ignition.

Companies claim ownership in advance, so that you can’t sue if they accidentally record you having sex in the backseat, for example. Nissan claimed in a statement that this is more or less why its privacy policy remains so broad. The company says it "does not knowingly collect or disclose customer information on sexual activity or sexual orientation," but its policy retains those clauses because "some U.S. state laws require us to account for inadvertent data we have or could infer but do not request or use." Some companies Engadget reached out to — like Ford, Stellantis and GM — affirmed their commitment, broadly, to consumer data privacy; Toyota, Kia and Tesla did not respond to a request for comment.

This gets even more complicated when you think about how cars are shared. Rental cars change drivers all the time, or a minor in your household might borrow your car to learn how to drive. Unlike a cell phone, which is typically a single user device, cars don’t work like and vehicle manufacturers struggle to address that in their policies. And cars have the ability to collect information not just on drivers but their passengers.

Consumers are effectively hamstrung by the state of legal contract interpretation, and manufacturers are incentivized to mitigate risk by continuing to bloat these (often unread) agreements with increasingly invasive classes of data. Many researchers will tell you the only real solution here is federal regulation. There have been some cases of state privacy law being leveraged for consumers' benefit, as in California and Massachusetts, but on the main it's something drivers aren't even aware they should be outraged about, and even if they are, they have no choice but to own a car anyway.

Note to self: no more don't start having sex in my Prius.

Why am I indoors?

It's 22°C and sunny right now, making me wonder what's wrong with me that I'm putting together a software release. I probably should fire off the release, but I'm doing so under protest. I also probably won't get to read all of these things I've queued up:

Finally, Stan's Donuts will open a new store just three blocks from the apartment I moved out of one year ago today. I might have to stop in soon. I will not, however, wash them down with CH Distillery's latest abomination, Pumpkin-Spice Malört.

Busy work day

Other than getting a little rained on this morning, I've had a pretty good day. But that didn't leave a lot of time to catch up on any of these before I started a deployment just now:

  • Heather Cox Richardson examines US history through the lens of a never-ending conflict between "two Americas, one based in religious zeal, mythology, and inequality; and one grounded in rule of the people and the pursuit of equality."
  • Josh Marshall ponders the difficulty of covering the XPOTUS's increasingly ghastly behavior in the "both-sides" journalism world we inhabit.
  • James Fallows zooms out to look at the framing decisions that journalists and their publishers make that inhibit our understanding of the world. Like, for example, looking at the soon-to-be 4th time Republicans in Congress have shut down the Federal government and blaming all of Washington.
  • Fallows also called attention to Amna Nawaz's recent interview with authoritarian Turkish president Recep Erdogan in which she kept her cool and her focus and he...didn't.
  • Speaking of the impending Republican torching of the US Government (again), Krugman looks at the two clown shows in the party, but wonders why "everyone says that with the rise of MAGA, the G.O.P. has been taken over by populists. So why is the Republican Party’s economic ideology so elitist and antipopulist?"
  • The Supreme Court has once again told the Alabama legislature that it can't draw legislative maps that disenfranchise most of its black citizens. Which, given the state's history, just seems so unlike them.
  • The Federal Trade Commission and 17 US States have sued Amazon for a host of antitrust violations. “A single company, Amazon, has seized control over much of the online retail economy,” said the lawsuit.
  • Monica Hesse dredges all the sympathy and understanding she can muster for XPOTUS attorney Cassidy Hutchinson's memoir. NB: Hutchinson is 27, which means I am way overdue for starting my own memoir.
  • Chicago Sun-Times columnist David Roeder complains that the CTA's planned Red Line extension to 130th Street doesn't take advantage of the existing commuter rail lines that already serve the far south side, but forgets (even as he acknowledges) that Metra and the CTA have entirely different missions and serve different communities. Of course we need new regional transport policies; but that doesn't mean the 130th St extension is bad.
  • Software producer Signal, who make the Signal private messaging app, have said they will leave the UK if the Government passes a "safety" bill that gives GCHQ a back door into the app.
  • Molly White shakes her head as the mainstream press comes to terms with something she's been saying for years now: NFTs have always been worthless. Oh, and crypto scored two $200-million thefts this week alone, which could be a new record, though this year has already seen $7.1 trillion of crypto thefts, hacks, scams, and other disasters.
  • After almost 20 years and a the removal of much of an abandoned hospital in my neighboorhood, the city will finally build the park it promised in 2017.

Finally, I rarely read classical music reviews as scathing as Lawrence Johnson's evisceration of the Lyric Opera's Flying Dutchman opening night last Friday. Yikes.

Perfect early-autumn weather

Inner Drive Technology WHQ cooled down to 14°C overnight and has started to climb up into the low-20s this morning, with a low dewpoint and mostly-clear skies. Perfect sleeping weather, and almost-perfect walking weather! In a few minutes I'm going to take Cassie out for a good, long walk, but first I want to queue up some stuff to read when it's pissing with rain tomorrow:

Finally, my indoor Netatmo base station has picked up a funny mid-September thing: cicadas. The annual dog-day cicadas have only a few more days to get the next generation planted in the ground, so the remaining singletons have come out this morning instead of waiting for dusk. As you can see, the ones in the tree right outside the window closest to the Netatmo have been going at it since dawn:

The predominant species in my yard right now are neotibicen pruinosus, or "scissor-grinder" cicadas. But we also have our share of other species in Northern Illinois. And, of course, next May: Brood XIII comes out. That'll be fun (especially for Cassie)!

Friday lunchtime reading

It never stops, does it? And yet 100 years from now no one will remember 99% of this:

  • A group of psychiatrists warned a Yale audience that the XPOTUS has a "dangerous mental illness" and should never get near political office again. Faced with this obvious truth, 59% of Republicans said they'd vote for him in 2024.
  • Timothy Noah looks at the average age of the likely nominees for president next year (79) and the average age of the US Senate (60-something) and concludes our country needs a laxative. (Literally so in millions of cases.) Good thing US Representative Nancy Pelosi (D-CA) said she'll run again next year, after she turns 84. Unfortunately, while I agree in principle with Andrew Sullivan's desire to see President Biden "leave the stage," all the alternatives seem worse to me.
  • Senate Majority Whip Dick Durbin (D-IL, age 78) has gotten some pushback from an even bigger dick, Justice Samuel Alito (R-$), because the Senator said it would look unethical if the Justice participated in a case involving a reporter who interviewed the Justice about his unethical behavior. But Samuel says he was ethical; and, sure, he is an honourable man.
  • Adolescent narcissist Elon Musk cut Internet coverage to the Ukrainian armed forces just as it started a surprise attack against Russia's Black Sea fleet, apparently at the behest of a Russian official. Josh Marshall calls this clear and convincing evidence that "[y]ou simply can’t have critical national security infrastructure in the hands of a Twitter troll who’s a soft touch for whichever foreign autocrat blows some smoke up his behind. But that's what we have here."
  • The Federal Transit Administration has finally committed $2 bn to expanding Chicago's Red Line subway to 130th St., a project first proposed in (checks notes) 1969. And who says the United States has the worst public transit funding in the developed world, other than all the urbanists who have ever studied the problem?
  • What do you get when you cross ChatGPT with Google Assistant (or Alexa or Siri)? Don't worry, Bruce Schneier says we'll find out soon enough.
  • "Boundaries" has a specific, limited meaning in psychology, not even close to the way most people use the word: "while the proliferation of therapeutic terms has given people access to necessary mental health tools, people may overgeneralize concepts such as boundaries and triggers, and use them to rationalize certain behaviors."

Finally, Guinness set the opening date for its new brewery in Chicago's Fulton Market district: Thursday September 28th. The Brews and Choos Project will visit soon thereafter.

Recycle all your creds in LastPass

Via Molly White, thieves made off with data from LastPass containing the encrypted passwords from 25 million users. They still have to crack the vaults to get at the data, which takes a long time, but Brian Krebs worries they have already succeeded in cracking a few of them:

In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. Since then, a steady trickle of six-figure cryptocurrency heists targeting security-conscious people throughout the tech industry has led some security experts to conclude that crooks likely have succeeded at cracking open some of the stolen LastPass vaults.

Armed with your secret seed phrase, anyone can instantly access all of the cryptocurrency holdings tied to that cryptographic key, and move the funds to anywhere they like.

Which is why the best practice for many cybersecurity enthusiasts has long been to store their seed phrases either in some type of encrypted container — such as a password manager — or else inside an offline, special-purpose hardware encryption device, such as a Trezor or Ledger wallet.

[Security researcher Nick] Bax said the only obvious commonality between the victims who agreed to be interviewed was that they had stored the seed phrases for their cryptocurrency wallets in LastPass.

If you use LastPass, MetaMask's lead project manager Taylor Monahan urges you to update your credentials now:

According to MetaMask’s Monahan, users who stored any important passwords with LastPass — particularly those related to cryptocurrency accounts — should change those credentials immediately, and migrate any crypto holdings to new offline hardware wallets.

“Really the ONLY thing you need to read is this,” Monahan pleaded to her 70,000 followers on Twitter/X: “PLEASE DON’T KEEP ALL YOUR ASSETS IN A SINGLE KEY OR SECRET PHRASE FOR YEARS. THE END. Split up your assets. Get a hw [hardware] wallet. Migrate. Now.”

If you also had passwords tied to banking or retirement accounts, or even just important email accounts — now would be a good time to change those credentials as well.

Another idea: don't hold your assets in crypto, which, unlike real banking, has no protection against theft and few ways to recover stolen funds.

Last hot weekend of 2023, I hope

The temperature has crept up towards 34°C all day after staying at a comfortable 28°C yesterday and 25°C Friday. It's officially 33°C at O'Hare but just a scoshe above 31°C at IDTWHQ. Also, I still feel...uncomfortable in certain places closely associated with walking. All of which explains why I'm jotting down a bunch of news stories to read instead of walking Cassie.

  • First, if you have tomorrow off for Labor Day, you can thank Chicago workers. (Of course, if you have May 1st off for Labor Day, you can also thank us on the actual day that they intended.)
  • A new study suggests 84% of the general population want to experience an orchestral concert, though it didn't get into how much they want to pay for such a thing. (You can hear Händel's complete Messiah on December 9th at Holy Name Cathedral or December 10th at Millar Chapel for just $50!)
  • An FBI whistleblower claims Russian intelligence co-opted Rudy Giuliani in the run-up to the 2020 election—not as a Russian agent, mind you, just as a "useful idiot."
  • Rapper Eminem has told Republican presidential (*cough*) candidate Vivek Ramaswamy—who Michelle Goldberg calls "very annoying"—to stop using his music in his political campaign.
  • The government of Chile has promised to investigate the 3000 or so disappearances that happened under dictator Agosto Pinochet, though they acknowledge that it might be hard to find the ones thrown out of helicopters into the sea, or dropped down mine shafts. And with most of the murderers already dead of old age, it's about time.
  • Julia Ioffe wonders when the next putsch attempt will get close to Moscow, now that Prigozhin seems to be dead.
  • About 70,000 people continue to squelch through ankle-deep mud at Black Rock City after torrential rains at Burning Man this weekend. (I can't wait to see the moop map...)
  • University of Michigan Law Professor Nicholas Bagley had a cogent explanation of why pharmaceutical companies don't want to negotiate drug prices with Medicare. (Hint: record profits.)
  • Switching Chicago's pre-World War II bungalows from gas to electric heating could cut the city's GHG emissions by 14%.
  • Molly White's weekly newsletter starts off with some truly clueless and entitled behavior from Sam Bankman-Fried and gets weirder.
  • Zoning laws, plus the inability of the Portland, Ore., government to allow variances in any useful fashion, has condemned an entire high school to send its kids an hour away by bus while the building gets repaired, rather than just across the street to the community college many of them attend in the evenings. (Guess what skin color the kids have. Go on, guess.)
  • A group of hackers compromised a Portuguese-language "stalkerware" company and deleted all the data the company's spyware had downloaded, as well as the keys to the compromised phones it came from, then posted the company's customer data online. "Because fuck stalkerware," they said.
  • Traffic engineers, please don't confuse people by turning their small-town streets into stroads. It causes accidents. Which you, not they, have caused.
  • Illinois had a mild and dry summer, ending just before our ferociously hot Labor Day weekend.
  • James Fallows talks about college rankings, "which are marginally more encouraging than the current chaos of College Football."

Finally, I'll just leave this Tweet from former labor secretary Robert Reich as its own little monument to the New Gilded Age we now inhabit: