Meanwhile, in “we already knew” land, AT&T proves exactly why big companies can’t be trusted to stand up to government bullies.
(This is the first part of a series about trust and technology.)
Technology plays a big part in modern Western society. Despite 20% of American households not having access to the Internet at home or in their community, many companies have simply gotten rid of paper job applications: you apply online or not at all. And as this need increases, so too does the use of devices by minors.
In 2013, a Pew Research poll found that 37% of teens in the United States have a smartphone. Of those 12–17-year-olds, half of them used the Internet primarily using a smartphone. That means 18.5% of U.S. teens access the Internet primarily using their smartphone.
These devices hold an incredible amount of information, and that’s another reason that trustworthy computing is so important. Trustworthy computing means different things to different people, but in this case I mean the trust between a user and the systems they use. It covers security, privacy, reliability, and consent.
Legally speaking, minors cannot be bound to contracts, including Terms of Service. When you first start using software, the license agreement and terms of service that users are prompted with cannot be applied to them. However, the device doesn’t know that they aren’t adults, and those terms will be skipped by teenagers (not that adults are better!) and they will agree to them without reading them.
It’s a bad habit to get into, especially when most people don’t read the contracts they sign for phone service, social media, or employment. Inside that legalese is more than just standard limitation of liability or a class-action suit waiver. There are privacy terms that most adults wouldn’t be comfortable agreeing to, much less agreeing on behalf of their children.
Let’s consider for a moment everything you can use a smartphone for. There is a camera and microphone, a calendar, an address book, a Web browser, thousands of apps from Facebook and YouTube to Instagram and Snapchat, a GPS receiver which has assistance from cellular networks and Wi-Fi, notes, email—there is a lot of information about ourselves that we put on our phones. And you may not know it or consent to it, but Google, Apple, and Microsoft may be storing or sharing that information.
Now, I’m not saying that you should freak out. These are useful services, mostly trustworthy, that are not inherently bad. The problem is that most people don’t fully understand what they are consenting to, or if they even consented at all. This is a bigger problem when it comes to the data of minors. Without a full sense of what happens to the data they put in their phone that they may believe is private, information could be given to people who should not have it.
If an identity thief gets ahold of private information, parents/guardians could have a huge mess to clean up. If an abuser gets ahold of it, it could put kids in danger. And just imagine if an angsty teen’s journals get intercepted by the NSA: they could end up in trouble for making “terroristic threats”.
And as devices start to collect and store more information about you, like fingerprints for unlocking a device, your location history, and private health data which should be protected under HIPAA but currently is not, we really need to be taking a proactive stance on both our own privacy and security and that of teenagers and children.
So talk to your yutes. Make sure they’re educated about how significant the information is. Don’t discourage them from being creative and using their devices; they are genuinely useful and can be perfectly safe. Instead, encourage them to understand what happens to their information, the importance of privacy, and to read agreements. There are many resources to help you and yours understand the law, privacy, industry terms, and to advocate for you.
Windows 10 is coming. Here’s what you should do to make the transition from Windows 7 or Windows 8 as smooth as possible.
I wanted to make a few notes to those developers who want their apps to have the same brand-overpowering ‘custom’ experience across operating systems.
First, you’re creating an experience for a specific operating system. Each OS has their own specific, special interaction model. For example, all three mobile OSes implement the ability to go back in an application, but they each do it differently.
You’re building for the user, not your brand. 99% of users will not have an iPhone, Nexus, and Lumia next to each other comparing each platform’s app. In fact, it’s probably just you, as a developer, and you shouldn’t be doing interface comparisons on completely different systems anyway. It’s bad practice.
Developers need to stop making their applications about them when it’s about the user. Your experience should not be vastly different from the rest of the device. There’s probably a reason they chose to use that device, so you’re basically giving them the shaft. That’s not a way to make users happy.
The Web has made developers think they can customize their native applications to the point they’ve been removed from the OS itself and what the user is expecting. Once again, the Web is not native, and native apps are not Web sites.
So, in summary:
Not every mobile operating system is built equal. It’s not just their look or the size of their app stores. Let’s take a look at something you might not think is different: the ‘back’ button. It’s one of the most fundamental interface components for mobile devices, where space is limited.
iOS has a per-app back button in the top left corner, along with a left-to-right swipe gesture. If you open a Web page from an email message, you can only get back to the email message and its app by opening the app switcher.
Windows uses a system-wide back button that handles navigation inside an app and between apps. So, if you open a Web page in an email message, you can just press the single back button to close the page and go back to the message. Pressing and holding the back button opens up the list of apps in the order of interaction. It also allows a user to cancel an operation: a dialog can be dismissed by pressing the system’s back button instead of adding another button—cancel—in the mix.
Android has a strange combination of the two. It has two mechanisms for traversing both interaction paths. The primary path is the trail of interaction: you open one app, navigate through it, open a link in a browser, and the trail includes all of those. That means when you press the system’s back button, it goes back to the previous item in the user’s action history: a previous Web page, the email message you opened a link from, etc.
Android’s secondary path, used much less often, is the app’s own navigation layout, which is traversed using an arrow in the top left corner. This path is independent of a user’s actions, and will neither leave the current app nor traverse the interaction path. A usage example would be if one app opens another app to a specific item. Pressing the system’s back button at this point will go back to the previous app. If a user wants to stay in the app but go to a parent view, like a list containing that item, they would use the top-left back button within the app.
I know it’s been a while since I posted, but I felt the need to say something today about a piece of news.
Once again, the American justice system has failed.
Ross Ulbricht, the now 31-year-old founder of the anonymous online marketplace Silk Road, known chiefly for its illegal drug trade, was sentenced to life in prison without the possibility of parole by Judge Katherine Forrest.
Life imprisonment of a 31-year-old for a non-violent crime. Forrest: You should be ashamed.
The only good news from this: what cash the Feds obtained from selling his Bitcoins at auction will count towards his fines. Fines that are insult to injury. Fines that, despite said sale, still amount to $17,837,921. He and his family are already struggling monetarily to handle his appeal process. How is he going to pay these fines while in prison for the rest of his life, Katherine Forrest? He likely cannot eliminate the debt through bankruptcy, either, so that’s out.
Here’s hoping that the appeal will fare better. Despite his crimes (which, according to available information, didn’t actually hurt anyone), he doesn’t deserve to have the rest of his life taken away from him. At this point, it’s about 50 years, ignoring how awful prison conditions are. If I had the option to not pay for the Feds’ continuing gross miscarriage of justice, I would absolutely opt out. But, as it stands, the United States’ Department of Vengeance continues to believe that imprisoning an intelligent person for his entire life is appropriate punishment for a non-violent crime. Even the domestic terrorist from Norway who killed dozens of children isn’t in prison for life. He wasn’t given the death penalty. That’s because the Norwegian justice system isn’t primitive and tyrannical like the American system.
A life sentence for a crime which only carries such a massive penalty because the Feds wanted to deal with organized crime kingpins whose organizations were violent and who couldn’t be arrested or convicted on other charges? It’s not American. It’s not a fitting punishment. It won’t rehabilitate him. It’s simply keeping prisons in business and the Feds’ power unchecked.
I seriously don’t understand why Coca-Cola doesn’t use sugar in the US/CA. It tastes so much better than corn syrup. Customer experience is what gives you more profit, not cutting corners. And if it doesn’t, at least you have the decency to care.
Posted from WordPress for Windows Phone. Because I’m cool like that.
Let’s talk about something that affects you. It’s called CVE-2014-0160. You probably know it by Heartbleed. It is a security problem which affects at least 60% of the Web, including Facebook. Here’s how Heartbleed works.
While sysadmins panic (which did include me for a short time), here’s what you should do:
When you receive communication from an affected Website saying that they have fixed the problem, change your password on that site immediately. If they only acknowledge the problem exists but don’t mention a fix, do not change your password: their site is still vulnerable. If a few weeks pass with no confirmation the problem was fixed, you should change your password anyway.
Going forward, keep an eye on your financial statements for fraudulent activity and use unique passwords for every account. (Here’s why: if a vulnerability appears on site A but not site B, it won’t compromise your account on site B since they only have your personal information from site A.)
You can keep track of your passwords, and generate more secure passwords, using password tools like LastPass. If you want to control where your encrypted passwords are, you can use 1Password or KeePass. You can also use a notebook or special password journal (any office supplier will have either).
Whichever option you choose, make sure you keep your passwords somewhere safe and keep a copy outside your home in case of disaster. A safe deposit box or trusted friend/relative’s house, depending on your level of trust/paranoia, are both good options for most people.
Oh, and a report from Bloomberg says the NSA has known about this vulnerability for years and has exploited the bug. Articles with other commentaries and statements from the NSA (dishonestly) denying their exploitation of Heartbleed are available on MSN, CNET, and The Huffington Post.
For more information about Heartbleed, go to Heartbleed.com, or for more technical information visit Heartbleed’s entry in the Common Vulnerabilities and Exposures database, maintained by The MITRE Corporation.