web analytics

A bill introduced in parliament this week aims to tackle extremist content.

The Films, Videos, and Publications Classification (Urgent Interim Classification of Publications and Prevention of Online Harm) Amendment Bill introduces new criminal offences. It hands power to a chief censor who can make immediate decisions to block content.

It also allows the government to create and deploy internet filters. The filters would screen out material the chief censor decides is objectionable.

Response to Christchurch terror live-streaming

The bill matches the proposal first tabled in cabinet last December by Internal Affairs Minister Tracey Martin.

It aims to update the Films, Videos, and Publications Classification Act 1993 after last year’s live-streaming of the Christchurch terror attack.

The focus is on stopping the people or organisations from livestreaming objectionable content. It does not target companies who provide the infrastructure used to distribute content.

Take down notices and filters

Yet carriers and hosts will need to acknowledge government imposed take-down notices. This includes removing links to objectionable content. Failure to do so could result in civil action and fines.

The legislation will allow the Department of Internal Affairs to create internet filters. The DIA must consult with internet service providers before it launches a filter.

InternetNZ opposes the filter plan. In a media statement CEO Jordan Carter says there can be dangerous side effects from a filter.

He also says: “The proposed filters would work at the network level, in a way that is a mile wide and a millimetre deep.

“People who want to get around these filters can easily do so by using a VPN, technology that many Kiwis have been using when working from home recently.”

Filters can be ineffective

As Carter points out, the problem with filters is that they often don’t work as intended. Determined people who want to see or distribute objectionable material can workaround them. Everyone else may suffer a degraded internet experience.

Internet filters are, by their nature, blunt tools. There’s a trade off between failing to block bad material and blocking harmless content.

The same goes for artistic content. Filters are incapable of drawing lines in the right place.

False positives, false negatives

In the past researchers have found that filters designed to shield young people from pornography might block 90 percent of adult content. At the same time they can block up to a quarter of inoffensive pages.

Tinker with algorithms to permit more inoffensive material generally means letting more porn through.

Filter advocates talk about artificial intelligence helping, but that often makes matters worse. Filters don’t understand context or nuance. AI is usually terrible at context or nuance.

Risks elsewhere

Much of the focus with internet filters is on dealing with web pages. These days they account for a fraction of online material. Peer-to-peer networks, instant messaging and social media platforms are a bigger problem.

There are other issues with filtering. Protecting children might be straightforward, but teenagers are often more tech-savvy than adults.

Filtering can create a false sense of safety. It’s the same when not-very-tech-savvy people install security software. They feel safe from malware threats but can relax and fall victim to phishing or other scams.

While filters they are often set up with good intent, they can be used for broader censorship, even shutting down political opponents.

On the positive side

In practice, the slippery-slope argument doesn’t wash. New Zealand already has successful voluntary filters blocking child abuse material. That appears to be working well. There has been no slippery slope effect.

Determined viewers can bypass these filters. Yet they stop everyday users from stumbling over the objectionable material.

New Zealand’s child abuse filter gives service providers the option to opt-in. There is independent oversight.

The planned filter in the new legislation would be compulsory. There is no mention of formal oversight.

Huawei p40 pro

In March Huawei launched the P40 Pro. It is the company’s latest flagship Android phone.

Going by the reviews, the hardware is as good as it gets for Android.

It could have been a contender for 2020’s best phone.

Yet there is more to a phone than hardware. If anything the software and services are more important. So is the way these two integrate with the phone hardware.

Android, not Google

This is a problem for the Huawei P40 Pro because it is the first major Android phone from a top brand that doesn’t include Google Mobile Services.

Last May the Trump Administration placed heavy sanctions on Huawei. The company is not allowed to licence or otherwise use US-made technology.

Which means Huawei’s new phones can only use the open source version of Android.

Moreover, new Huawei phones can’t offer Gmail, Google Maps or You Tube. Huawei is cut adrift from the Google Play Store. You can’t pay for stuff using Google Pay.

Clever, up to a point

Huawei has found one clever workaround the problem. It has re-released versions of earlier phones that are still allowed to use these services. The Huawei P30 Pro recently appeared complete with everything Android.

That works if customers don’t mind buying what could be thought of as old technology. Not that 99 percent of users would ever know the technology is old, it still feels modern enough. As my P30 Pro review says, you get a lot of camera.

Homegrown ecosystem

P40 Pro buyers are stuck with Huawei’s own homegrown ecosystem. You get Huawei’s unexciting EMUI 10 operating system wrapped around Android and a handful of substitute apps. The apps might get the job done, but while some buyers may be satisfied others may not warm to them.

Huawei also offers its own App Gallery. The company said it was going to, or maybe that is will, spend a billion US dollars on the gallery. It has 3,000 software engineers working on it.

Whatever the claims, it’s like entering an Eastern Bloc shop in the bad old Cold War days. There are gaps everywhere and many apps are limp, pale copies of the real thing.

Even the included email app is, well, not a patch on Gmail. Huawei really ought to have poured some resources into making that one sing and dance.

If you are hooked on Facebook, there is no app. In fact you won’t find any of the most popular apps.

A brave decision

You’ve got to really want a Huawei P40 Pro to get one. Or you have to be extra keen to stick-it-to-the-man.

For a start, the P40 Pro isn’t listed in the Spark or Vodafone online stores at the time of writing. You could buy it from 2degrees at NZ$1500 a pop or on a plan.1

Then the challenge is making it work the way you’d want an Android phone to work. A lot of geeky folk are attracted to Android precisely because it does offer more scope for tinkering that Apple’s iPhone.

No doubt some of these will enjoy the P40 Pro challenge.

Security melt-down

You can use third-party app stores. If you work for a corporation your IT security people will probably have a melt-down at the thought. There are downloadable and published hacks and so on. Android is already a minefield for malware and scams, heading into this territory is not for the faint hearted.

Patching security updates is likely to be troublesome and P40 Pro owners may even be violating the terms and conditions for services like online banking using such risky software.

Huawei has made some great phones over the years. In another world, the P40 Pro would probably be among them. But it isn’t. Whether its handicap is fair or reasonable is one thing, but regardless of those matters, it would not be wise to sink $1500 of your own money into a crippled phone.


  1. The marketing material at the 2degrees site doesn’t go anywhere near mentioning the phone is not like other Android phones. This could be grounds for getting your money back if you feel duped. ↩︎

Laurence Millar:

I do all my banking, travel booking, shopping and communicating online.  Surely in the 21st century, I should be able to vote online? If you are voting to elect the president of your sports club, then online voting is convenient and easy. But it should never be used to elect our government[…]

Source: Online voting? No thanks! – NZRise

It’s comforting to see someone as knowledgable and experienced in government computing as Laurence Millar choses to speak out about the dangers of online voting.

He makes all the points you might expect: the risks are too high and the rewards for ratbags are too tempting. We know for certain that criminals and unfriendly governments have intervened in election campaigns. Some even boast about it. So it’s realistic to assume they will turn their attention to an actual vote.

The reality is almost no computer system is foolproof. And few are immune from attackers who are prepared to throw enough resources at breaching security.

But there’s more. Millar writes:

…the chimera of manipulated votes is in itself sufficient to undermine confidence in the result of the election.

And this is just as likely to be the goal of those who would attack elections. Yes, they’d love to manipulate the vote. But they also want to undermine the very idea of a democratic vote.

This suits their purposes almost as much.

Millar’s other points are all valid. It’s worth reading the original post.

Yet something else bothers me about the idea of an online election in New Zealand. Typically projects of this nature are put out to tender and awarded to the lowest bidder.

Tender writers may talk about how the project won’t just go to the cheapest bid, but also about the values, privacy, security and yada, yada, yada that need to be embodied in the system.

We all know the reality. Lower prices win.

We’ve seen this time and time again. Tender responses may be full of piety and goody two-shoes language about protecting this and respecting that.

Words are cheap.

When push comes to shove, saving a few bucks here and there will impress the organisation issuing the tender more than anything else.

It always does.

And even if money is no object and the first tender goes to a first class bidder who does everything right, when it comes up for renewal someone else will be purchasing.

Or the next time. Or the time after that.

Sooner or later cheapskates or, just as bad, companies that are better at lobbying governments than delivering on promises will get the job.

Before you know it there will be an argument for, say, using an overseas cloud provider or a well known brand that hasn’t done a sterling job managing its own digital security in the past.

It is in the nature of these things. Sooner or later we are disappointed.

Y2K bug has 2020 echoThe millennium bug is back with a vengeance, after programmers in the 1990s simply pushed the problem back by 20 years.
Source: A lazy fix 20 years ago means the Y2K bug is taking down computers now | New Scientist

The New Scientist reports on problems with software caused by an echo of the Y2K bug that had every excited in the late 1990s.

It turns out one of the fixes then was to kick various software cans down the road to 2020. In theory that gave people 20 years to find long term answers to the problems. In some cases they might have expected software refreshes to have solved the issue.

As the New Scientist reports:

Parking meters, cash registers and a professional wrestling video game have fallen foul of a computer glitch related to the Y2K bug.

The Y2020 bug, which has taken many payment and computer systems offline, is a long-lingering side effect of attempts to fix the Y2K, or millennium bug.

Both stem from the way computers store dates. Many older systems express years using two numbers – 98, for instance, for 1998 – in an effort to save memory. The Y2K bug was a fear that computers would treat 00 as 1900, rather than 2000.

It turns out that as many as 80 percent of the quick fixes in the 1990s used a technique called ‘windowing’. This meant treating all dates from the 00s to 20s as 2000 to 2020 instead of 1900 to 1920.

In one case people selling cars got acknowledgements from the UK Driver and Vehicle Licensing Agency dated in the early years of last century. That’s not going to cause havoc, but you can get an idea of the problem.

There’s another problem in the offing. The year 2038 problem.

This happens because Unix time started on January 1 1970. Time since then is stored as a 32-bit integer. On January 19 2038, that integer will overflow.

Most modern applications and operating systems have been patched to fix this although there are some compatibility problems. The real issue comes with embedded hardware, think of things like medical devices, which will need replacing some time in the next 18 years.

To my knowledge no-one in New Zealand has come across similar 2020 problems. Or have they? If you know of any please get in touch.

A virtual private network has its uses. But only in limited and narrow cases.

Most people don’t need a VPN. That won’t stop advertisers barraging you with scare stories.

The Electronic Frontier Foundation points out in Why public Wi-fi is a lot safer than you think. It says widespread use of HTTPS encryption means a virtual private network is often overkill.

“In general, using public Wi-Fi is a lot safer than it was in the early days of the Internet. With the widespread adoption of HTTPS, most major websites will be protected by the same encryption regardless of how you connect to them.”

If you are still scared of public Wi-fi, use a mobile data connection. They are far more secure and it works out far cheaper in the long term.

Digital snake oil

VPNs are often sold to people who don’t need them. For most users they are digital snake oil. You might as well buy a charm to ward off evil spirits.

Companies selling virtual private network services charge a lot for not much. They are cheap to set up. Which means VPN margins are high. It’s a lucrative business.

If you are tech savvy you could build your own. It isn’t hard.

Although most people don’t need VPNs most of the time, a minority do.

Helpful when government is repressive

Say you live in or travel to a place where the government restricts internet activity. A VPN can help. In effect it digs a tunnel for your data to pass through firewalls and other digital obstacles.

At least, they do that until the government concerned cracks down on VPNs.

On my first visit to China a VPN helped me get around internet restrictions.

With a VPN I could use Gmail and Outlook.com to send mail. It let me connect to Google and popular social networks. I used it to connect to my WordPress account. There was no problem using iCloud or OneDrive with the VPN switched on.

None of this worked if I switched off my VPN.

What happens in China stays in China

By the time I returned two years later, China was better at frustrating the VPN.

My VPN’s activity was erratic. It disconnected again and again. Some of the time it didn’t work at all. It’s reasonable to assume governments have now figured out their VPN workarounds.

That’s not to say a VPN isn’t useful in these circumstances. Governments tend to be more concerned about restricting their citizens. Overseas visitor are not the main target, the governments may tolerate some use.

Although I couldn’t use my VPN on public networks on my last China trip, I could use it from my hotel room.

Big end of town

You may also need a VPN if you work for a large corporation. They may insist you use a VPN when connecting to the digital mothership. Corporations can be targets for online criminals. Insisting on a VPN may reduce the threat.

HTTPS encrypts data end-to-end. People watching don’t know what’s going on in your messages, but they can view your metadata.

In other words, they know which sites you visit, but not the pages on a site. Metadata may be all a criminal need to find vulnerabilities if they have other parts of the jigsaw.

This argument doesn’t apply when you use your device to check your bank balance or read Gmail. Knowing you’ve connected to Westpac or Gmail isn’t that helpful to a criminal.

Geo-blocking

A second practical VPN application is bypassing geo-blocking.

Bypassing a block doesn’t have to be illegal. There are legitimate reasons to do this. And there are activities that are, well, let’s say ambiguous.

Services like Netflix negotiate content rights on a territory by territory basis.

Say your favourite TV show to is available to US Netflix customers but not New Zealand.

A VPN can make your connection appear to be coming from wherever you choose. To Netflix, a New Zealand customer may appear to be in the US.

Using a VPN terminating in the US makes it look as though you live there. Some streaming services don’t ask questions if you use a New Zealand credit card to subscribe. Others do. There’s a wealth of expertise around the subject of getting past geo blocks1.

Pirates, criminals, persons of interest

Pirates use VPNs to hide their illegal activities from authorities. There is no grey area here, piracy is illegal. By using a VPN their ISP has no idea what is going on, nor do the authorities.

There are worse criminal online acts where a VPN can cover the tracks, up to a point. One thing to keep in mind is that anyone looking hard enough can tell a VPN is being used.

Not all VPNs are create equal. Some are trustworthy even if the sales pitch might be a touch insincere. Take extra care with free VPNs. They are often data gathering exercises. It may hide your information from your ISP and the authorities but it is being stored elsewhere. These ratbags then share your data with other companies.

Some free VPNs are criminal in intent. As is often the case, the worst examples are in the Android world. Some Android VPNs push malware on to your computer. .

“In 2017, researchers from Australia, the UK, and the US studied 234 VPN applications available on the Google Play Store. They discovered that more than a third of these apps used malware to track users’ online behaviour.”

Ciso Magazine.

See also 29 VPN Services Owned by Six China-Based Organizations.

Virtual private network overview

At this point there’s little practical advice to offer readers other than “be wary of free VPNs”. If you are squeaky clean, don’t deal in secrets and don’t travel to locked down countries you don’t need a VPN. If you think you do need one, take care. It’s a minefield out there.

 


  1. Go and look elsewhere. It’s not hard to find ↩︎