29 July 2021

Phone security

I was looking at phone security again yesterday, and decided to explore whether it is more secure to go back to a dumb phone. According to my reading, it is safer to use a smart phone, but to dumb it down. That means, in the case of Android, not to sign in to Google, Samsung, or other services, to disconnect it from data services, to install few apps, etc.

I bought my current Samsung phone a couple of years ago. I have never signed in to Google or Samsung. I use only apps downloaded from the free open source repository FDroid or, rarely, added manually (that already means no mainstream social media, no WhatsApp, etc.).

I have never actually felt a need for anything beyond FDroid, but still do quite a lot with my phone. I can check my email and calendar, message over Telegram and SMS, follow the Fediverse, read wordprocessor documents, browse the web, set alarms, listen to music, take photos and videos, authenticate 2FA, check the weather, convert currencies, keep shopping lists, and do many other things if I desired.

Some of those things I don't actually need, as I am close to a computer most of the day. So, for now, I have turned off the phone's mobile data wifi, location and bluetooth connections. One helpful article that I found also pointed out that it is possible to fine tune the permissions granted each app, so I have done that for when I do need to turn on data services.

‘No parallels’: 2,300-year-old solar observatory awarded Unesco world heritage status - The Guardian

The towers functioned as a calendar using the rising and setting arcs of the sun to mark not only equinoxes and solstices but even to define the precise time of year to within one or two days.

Call for Hungarian ministers to resign in wake of Pegasus revelations - The Guardian

‘We will return’: the battle to save an ancient Palestinian village from demolition - The Guardian

Daphna Golan-Agnon, a Hebrew University human rights professor and Lifta activist, said the antiquities authority’s survey – which has taken archaeology, history, architecture, wildlife and ecology into account – showed clearly that Lifta can be preserved.

“It’s amazing that after more than 70 years of abandonment, the village is still standing so beautifully, even with many of the houses’ roofs destroyed. We ask for the buildings to be stabilised and are willing to help fundraise if cost is an issue.”

Countdown to the airstrike: the moment Israeli forces hit al-Jalaa tower, Gaza - The Guardian

Shocking. Helps to put us in the shoes of a person who is awoken with the message that he has to leave his apartment immediately because the building will be imminently destroyed.

New Zealand rated best place to survive global societal collapse | Globalisation | The Guardian

Study citing ‘perilous state’ of industrial civilisation ranks temperate islands top for resilience

30 June 2021

Blogging is logging

Whereas the popular conception of a blogger is that of some guy with important things to say about something, the actual meaning is much more humdrum and ordinary. A blog is just a web log; it's a way of recording our lives, our reality, and our responses to what we are experiencing. It is online in order to share with anybody else who may be interested. But it is not "in your face" like social media. A true blog does not try to thrust itself in front of everyone's eyeballs. That is why I'm no longer publishing full posts through any channel. If somebody wants to read it, let them visit it here in its original form. I will continue to make it accessible by various means: RSS, email, the Fediverse and Twitter. I draw the line only at Facebook.

Thinking about CRMs and other information systems

Another kind of logging is the keeping of organizational records. For our small staff, we still haven't managed to keep our records inside a proper CRM system. I have tried to devise various means to preserve records, but still feel worried that too much of the information is kept only inside people's brains. And humans forget, and pass on in one way or another.

I managed to get CiviCRM working again, but I am not hopeful that anybody is going to use it. CRM systems seem to be created more for organizations that maintain thousands of contacts, record hundreds of thousands of conversations with leads, customers, constituents, volunteers, etc. Our own work is much more less intense, but still it's hard to convince the staff of the need for keeping good records. Forget CRM - I would be happy if they used even simple means. The most I have managed is to make sure that documents are backed up on Google Drive.

Because the staff is using Google Workplace, and they all spend lots of time in their email systems, I have been trying to look at ways to improve the ways in which we use Gmail. One item that is missing from Google Workplace by default is shared contacts. There are ways to mitigate that, such as by using an external LDAP source, or by writing a program that uses a Google API, but the simplest way is to buy a program from Google's Marketplace. Whereas many of the applications there are ridiculously expensive, the Shared Contacts program is relatively cheap; at least if the number of users is small. So I decided to get that, and now Gmail contacts will become much more useful. I spent two or three hours putting together a presentation on how to use the system well. I hope somebody will read it. Ah well.

As for me, while I agree to use these proprietary systems, I will be much happier when I can leave them behind. Today I wrote again to S., who has been organizing a "Hackathon" for positive ventures by young people in the village:

As I wrote to you earlier (I don't think you noticed that email), my own interest has always been to encourage an ethical approach. Technology is an amoral enabler for many good and bad outcomes. A lot of us had high hopes that it could be the foundation for a more open democratic society, and we are seeing more and more that it is undermining our democracies, enabling greater autocracy and new forms of slavery.

Israel is a hi-tech capital where much of the infrastructure and services for autocratic states, surveillance tools and unethical software is being developed. (Companies like NSO, which sell surveillance tools to governments that then use them to assassinate activists and journalists, etc.)

We have many talented young people in the village but some of them are drawn towards non-ethical companies because they can quickly make a lot of money.

I think in the village we should be encouraging our young people to look at the negative sides of unethical software and understand subjects like surveillance capitalism (as described by Shoshana Zuboff) and how it works. I have heard that H. has looked into the ethical side and I'm sure we could find guest speakers on the subject.

In a hackathon, I think you could start by explaining the concept of free open source software (FOSS), and how it can be used to develop tools that can create a better technological environment that is not based on surveillance capitalism or closed source proprietary systems that limit our freedoms.

You could encourage people to look into alternatives like:

Fediverse versus mainstream social media (Mastodon, Peertube, Pixelfed, etc) See https://fediverse.party
Service providers like disroot.org, riseup.net, others, that promote alternatives like Jitsy to Zoom, XMPP to WhatsApp, etc.

Regarding privacy and technology issues, we could encourage them to check out the Electronic Frontiers Foundation, Cory Doctorow, Shoshana Zuboff, Richard Stallman, etc.

With regard to fundraising, I do not work on that side of things at our office - it's a conversation that you should have with our team.

I seem to have difficulty communicating my ideas. I sometimes wonder if by expressing them, I somehow manage to persuade everyone that the opposite is surely true.


Windows 11 | Everything you need to know about Microsoft's new operating system - The Hindu

Silwan explained: How history and religion are exploited to displace Palestinians - Middle East Eye

Explained | Why is the U.S. readying new rules for the tech giants? - The Hindu

Illusions of empire: Amartya Sen on what British rule really did for India - The Guardian

OpenStreetMap looks to relocate to EU due to Brexit limitations - The Guardian

9 April 2021


Duck Duck Go audit and Searx

Thanks to Aral Balkan: https://source.puri.sm/toolauditor/CEAP/-/blob/master/audits/ddg.md
This is crazy; no one should use them.

My default search engine is already Searx (search.disroot.org); though:

  • occasionally Google blocks it;
  • returning to the search page via the browser's back-button produces a "Confirm Form Resubmission";
  • DDG or Google's results are sometimes better;
  • Smart answers, like "$20,000 in Euros" don't give results.

Anyway, I've deleted DDG from my browsers. I will try to do more research on Ecosia, StartPage and others.


I helped behind the scenes with another Zoom event: an interview with the principal and vice-principal of our binational primary school. The only technical hitch was caused by me. S. hadn't set up her Zoom to automatically admit new participants, and she had also allowed people to unmute themselves. There is one special guest user, of a tech guy who had come in to manage the photography and the software; he probably was using mainly OBS, though I didn't ask him. Anyway I accidentally muted him when trying to admit and mute somebody else; so we lost audio for a minute or two in the middle. I know, we should buy the equipment and learn how to do these events myself so we don't need to hire someone.


Birth year palindromes

The birthday of one of my sons the other day produces a numeric palindrome of his birth year (born in '83 and now '37). It's the same for me this year, as I was born in 1956. I think almost everybody has a chance of that happening once; though for those who were born in 1999, though those whose birthday year ends in a 9 are advised to lead a healthy lifestyle.


So many bad things happening around the world right now: the attrocities in Myanmar; a Russian build-up on the Ukraine border; disturbances in N. Ireland; racism in Australia;, Israel's mining of the Iranian ship; settler violence against Palestinians...

Biden restores $200m in US aid to Palestinians slashed by Trump | US foreign policy | The Guardian
"The US will restore more than $200m (£145m) in aid to Palestinians, reversing massive funding cuts under the Trump administration that left humanitarian groups scrambling to keep people from plunging into poverty."
This at least is good. The Trump administration's bid to blackmail the Palestinians into doing Israel's bidding failed. But the US should be wielding its influence on Israel to help solve the problem.

3,000-year-old ‘lost golden city’ of ancient Egypt discovered | Egypt | The Guardian
“Within weeks, to the team’s great surprise, formations of mud bricks began to appear in all directions. What they unearthed was the site of a large city in a good condition of preservation, with almost complete walls, and with rooms filled with tools of daily life.”

17 February, 2021


I can't really complain about the weather in these parts, when the situation is currently much worse over wide areas of the planet. But we have had a day of hard rain, turning to sleet and snow in areas above 1,000 metres. Here in our village it's currently 4 C outside; about the coldest we've had it this year. Jerusalem is seeing snow for the first time in 6 years. Israelis love it and flock to see a few flakes of snow, but not me. One thing I'm pretty sure of is that I wouldn't want to live much further north. I used to hate the hot weather and not mind the cold, but nowadays I'm happier in warmer climes.

In the morning I read a couple of articles about the IndieWeb. I used to be more interested in its POSSE philosophy, before I grew fed up of the commercial services and started not to care about exposure. Daniel Goldsmith's article on free software is also interesting, though by the end of it, I somehow felt a bit out of my depth. I need to read more about what he calls the differences between American and European concepts of libertarianism and understand how this plays out in the development of the free software movement (if he's right). Those of us who lack a good grounding in political thinking, are perhaps unduly influenced by simplistic ideas of a freedom. and suffer from a less developed social consciousness. And then again, it's one thing to know ideas and principles, and quite another to apply them.

Links blog

✭'Spy pixels in emails have become endemic' - BBC News
- Emails pixels can be used to log:
- if and when an email is opened
- how many times it is opened
- what device or devices are involved
- the user's rough physical location, deduced from their internet protocol (IP) address - in some cases making it possible to see the street the recipient is on
#email #privacy

✭The Original Sin of Free Software

"... all positive rights are expressed purely in individual terms. There are no collective rights in these documents, just individual rights. The ideal of the developer as an individual is hard-coded into the DNA of the Free Software Movement and its various children."

"It is important to remember that the American version of Libertarianism, as espoused by Ayn Rand and her ideologues, is nothing to do with the Franco-European tradition of libertarianism, a spectrum of leftist anarchism running from Babeuf through Déjacque to Faure. American Libertarianism should more accurately be described as “anarchist-capitalism”, a strain of pseudo-political thought which idolises the popular concept of the Old West as a high-point of western civilisation, when men were men and justice as dispensed from the barrel of a gun."


✭Aaron Parecki
I'm Aaron, co-founder of IndieWebCamp. I maintain oauth.net, write and consult about OAuth, and am the editor of several W3C specifications. I help people learn about video production and livestreaming.

Social media links for US visa applicants

Trump administration to force US visa applicants to hand over social media details
(Was optional the last couple of years, but will now be required.)


Nearly all travellers to the US will be required to produce details of social media accounts they have used in the previous five years, as well as present and past phone numbers and email addresses.

After the approval of revised visa application forms, the US State Department is now requiring nearly all applicants for US immigrant and non-immigrant visas to list their Instagram, Twitter, Facebook, YouTube and other social media usernames.

The change is expected to affect some 15 million foreigners who travel to the US each year, including those who do so for business or education.

Only applicants for certain diplomatic and official visa types are exempted from the requirements.

Modem Router

I'm returning the shiny new modem-router the phone company sent me and have bought a new one over the counter instead. The phone company's modem came with a long contract that involved agreeing to all kinds of data collection. They can probably gather this anyway, but at least I don't have to agree to it. My sons, who, I'm sure are smarter than me about such matters, say that they are already resigned to the fact that nothing we do online or offline is private anymore. My only response is that at least we should resist, even if our resistance isn't effective. "Like Palestinians," I say. "And where does it get them?" they respond. I suppose freedom is a state of mind. If we make choices, even when they are inconvenient, difficult or even dangerous, we grow in spirit. When we just accept the default options, we are cowed, enslaved, though we may not realise it. The awareness of our subjugation only comes when we begin to resist a system and sometimes get pushed into compromises. But small acts of resistance restore the sense of our integrity.


There's a search engine called searchencrypt.com that claims to be more private than DDG. I took a look. I couldn't find an explanation of where their search results originate from, who they are, what their business model is, where their money comes from, or why they want us to install a browser extention that has access to all our data. I think it's possible to create a default search engine without installing an addon, and the only addon I've installed in Waterfox is PrivacyBadger.

I see from their "about page" only that the company operates out of Limassol, Cyprus and from their "terms of service" page that the software is copyrighted. Without more information, I don't think I will be using this one.


I've eventually chosen searx (about) as my default search engine for my Waterfox browser, using an instance of it hosted by Disroot.org. Steps to do this:
1. opened https://search.disroot.org/
2. clicked on the down arrow next to the search box.
3. chose the option to add SearX to the list of search engines.
4. clicked on "search preferences", (which takes us to the right place in Preferences.'
5. clicked on searx to make that the default search engine.
I also made searx my home page.

Tor has grown easier

For the last couple of days I've been using Tor for general browsing again. It seems to have gotten a little easier. My work email is on Google Apps, and it was previously almost impractical to use Tor with Gmail. I think some people object that it defeats the purpose of Tor to use it for sites like Gmail, but I'm not aiming for total anonymity, just better privacy than I ordinarily have.  Now the Gmail issue has gone away, it's no longer necessary to divide my time between it and another browser.

While updating a website today the exit node I was connecting through was blacklisted, but it was enough to change the Tor circuit in order to overcome that.

Tor has also proved to be fast enough for my needs. Something about it may eventually iritate me; but for now good.