Donating to Security and Privacy Advocating Organizations & Projects Pt. 2

Recently the developer behind an alternative YouTube front-end that I regularly use to avoid actually using YouTube announced that he’s calling it quits. Although his blog post that clarified his intentions of shutting down said he’s not quitting because of costs, he did break down all the costs associated with the project and approximately what he pulled in monthly from donation (which was equal to roughly $5 per month). This developer was eating a ton of cost to keep the website going. Granted if I were in his shoes, I would place the call-to-action to donate in a more obvious position instead the bottom of the page, but nonetheless it reminded me that if we have an extra few dollars each month we should use them to support open source projects.

I know I’m in a privileged position to be working when so many people have gone unemployed due to the COVID-19 pandemic, but I feel that donating to free and open source projects is important now more than ever. For example. the TOR Project recently laid off a third of their team and just today Mozilla had to let go of 250 employees working on Firefox.

Below are some projects I’ve made some donations to. With the exception of andOTP, all donations were done via Bitcoin. I personally don’t make that much money, but I’m trying to get into a pattern of behavior of donating small portions of my monthly income to FOSS and non-project projects I use regularly or generally support.

GrapheneOS – is an Android-based, security-hardened, privacy focused, free and open-source, mobile operating system I’ve been using on my Pixel 2 XL for the last several months. And the lead developer behind the project Daniel McCay is renown in the privacy and security community.

PrivacyToolsIO – This website has been a valuable resource for me as I transitioned from using Google and other privacy invasive services to more secure and privacy-centric tools. The team behind PrivacyTools thoroughly vets and provides recommendations for digital tools and services so long as they’re FOSS and have a solid reputation among other things.

Free Software Foundation – This non-profit organization was founded by Richard Stallman in the 1980’s to support the free software movement and promote the freedom to study, distribute, create, and modify computer software. The FSF is also the organization behind the GNU General Public License and continues to advocate the use of free and open source software.

NewPipe – is an alternative YouTube front-end for Android that is essentially a replacement for the YouTube android application but without the advertisements and tracking.

andOTP – this is a two-factor authentication application that’s free and open source. The app is maintained by a small team, but the current main developer is active.

It’s been a long time since I’ve donated to a non-technical cause. I think I’ll change that next month.

Getting Linux to Remember a Bluetooth Mouse After Reboot

I’ve had this issue that has plagued me for the past couple of years that I never truly spent more than an hour trying to solve. When using a bluetooth mouse on distros like Manjaro, LMDE, and Linux Mint, I’ve ran into this problem where whenever I reboot my machine, I would have to repair my bluetooth mouse every single time. The only time I didn’t have this issue with running Debian 10 and Windows.

I recently stumbled across a post in r/ArchLinux where someone was complaining of the exact same problem. I tried one of the recommended solutions and it surprisingly fixed my problem.

Open a terminal and launch bluetoothctl, run the commands agent on and default-agent before trust <MAC>, pair <MAC>, and connect <MAC>. The MAC address can be found by opening up your bluetooth manager and searching for the device in question. Note that I had to unpair my device from my bluetooth manager and repair it with bluetoothctl. It took a couple attempts, but was eventually successful.

After completing those steps, open up /etc/bluetooth/input.conf and add the line #UserspaceHID=true. Reboot your machine.

Violà! After rebooting my machine, my mouse automatically connects every time. I also discovered a handy new tool I can use in the terminal!

Why Use Encrypted Messaging & Email?

I’ve come to realize that it’s actually pretty difficult persuading friends and family to switch to an encrypted messaging service. From my personal experience it really boils down to two things: 1) most people don’t care about (or necessarily understand) digital privacy and verbatim will often state the “I have nothing to hide” or “you’re being monitored anyway” argument; and 2) they don’t want to go through the trouble of installing another app on their phone – oftentimes Facebook Messenger is the app that they and all their friends use and anything with a word like “encryption” sounds hard.

Why We Need Encryption

We live in an age where normal people believe the government in spying on you and giant internet companies collect every piece of data about you, and it’s crazy to believe that they’re not doing these things. Using an encrypting communications services is one way to mitigate this for anyone who still believes they have a fourth amendment right. If any company, state, or simply a bad actor intercepts your communication that is end to end encrypted all they will see is random blogs of garbage since your intended recipient is the only one with they key to decrypt it. This type of communication is absolutely vital for journalists and people under oppressive governments, but normal everyday people as well. Now my threat model isn’t that of a journalist or someone living in an oppressive country, but being in the United States, I’m personally more concerned about surveillance capitalism.

This isn’t to say there’s other ways to intercept communications on your device. For example, an adversary could install a malicious application on your device without your knowledge that records everything you do on your device – or simply stand over your shoulder and read your messages.

Facebook – The Advertising Behemoth

Facebook collects information not just about what you “like”, what you watch, who you engage with, and what you’re doing online even when you’re not using their services – they also collect data from your personal messages on Facebook Messenger. This information combined into a neat advertising profile in which Facebook sells the keys to the highest bidder, namely advertisers. This profile is essentially a score about what you’re likely to engage with (ie a click, like, comment, share, etc).

Advertising by it’s very nature is a means to manipulate you into performing an action (in this case clicking/viewing) with the ultimate goal of buying a product or even swaying you who to vote for. I should note that I’m not saying that Facebook directly shares your entire message with advertisers (at least not to my knowledge), but by scanning your conversations they’re able to further build an advertising profile about you which is then shared with advertisers. Of course we all agreed to this type of data collection when we signed up for the service, but I’m willing to bet that you (like me) didn’t read through the Terms of Service.

I’m picking on Facebook here, but other messaging services will often do the same thing.

Why not revert back to SMS?

This is pretty straight forward. First of all, wireless carriers have begun implementing encryption into SMS, though every carrier is different and I for one wouldn’t trust carriers with the keys to my personal data.

Secondly, we have become accustomed to rich messaging services where we can send higher resolution photos, videos, GIFs, stickers, read receipts, voice messages, and seeing when the other person is writing a reply, it’s a hard task to convince people to go back to the limitations of SMS. With Signal, my preferred encrypted messaging app, your account is essentially your phone number which makes it significantly easier to transition as most of my friends still have each others numbers. However you also get the added benefit of not only rich messaging but also end-to-end encryption.

Conclusion

When people (ie normies) hear the word “encryption”, then tend to lose interest and run the opposite direction because it sounds complicated. The reality is that it’s far from being complicated especially with services like Signal and Protonmail at our disposal and are completely free for anyone to use. With these services we are not the product. Signal happens to be a non-profit and has received a large donation from the co-founder of WhatsApp (which is a very interesting story and I recommend you read up on it). Protonmail has paid tiers for more storage, more customization, the use of custom domains, and more. Do yourself a favor by checking out these tools and maybe take back control of your privacy.

Donating to Security and Privacy Advocating Organizations & Projects

After recently paying off my student loans, I have been giving some thought to making regular monthly donations to various organizations. Specifically to non-profit organizations, services, and tools that advocate privacy, security, and open source.

Also, I’m privileged to have a job that has only been minimally impacted by the COVID-19 pandemic. With the recent stimulus check from the US government, I decided to donate a portion of it to two organizations: the Signal Foundation and the Electronic Frontier Foundation.

Signal Foundation
I use the encrypted messaging service Signal everyday. Using an end-to-end encrypted messaging service that doesn’t collect my data, read my message, or serve me advertisements based on my messages/usage is a breath of fresh air in the current technological climate we’re living in. I’ve managed to convince getting my girlfriend, my family, and my group of friends to exclusively communicate on it, which I consider a huge win – it’s actually fairly difficult to convince all of your friends and family to install an app on their phone. Signal has an interesting background with the co-founders having strong moral code. Signal is, of course, free and open source software.

Electronic Frontier Foundation
I’ve been a long time supporter of the EFF so my college days. The Electronic Frontier Foundation’s core mission is to focus on digital rights and provides funds for legal defense, defends individuals and new technology from abusive legal threats, works to expose government misconduct (ex: government mass surveillance), supports new technologies which preserves personal freedoms and online civil liberties (ex: TOR), challenges potential legislation that could infringe on personal liberties and fair use (ex: net neutrality), among other things.

Some organizations I plan to donate to in the future the Free Software Foundation, the Linux Mint team, Mozilla, Privacytools.io, the TOR Project, and LibreOffice.

The End of Ownership in a Digital Age

I was an early adopter to Google’s Daydream VR product. What drew me to Daydream as a platform was how easy and cheaper it was to experience VR (albeit not nearly as high end as other VR platforms like the HTC Vive or Facebook Oculus). I spent around $100 on Daydream applications and games throughout it’s life. I was okay with it at the time because I wanted to support the platform and developers because in my mind, this platform was the most cost-effective way to bring virtual reality to the masses. Unfortunately, Google being Google, they decided to kill Daydream in 2019.

One of the last purchases I made on the platform Blade Runner Revelations about a year ago which was launched just after the Bladerunner 2049 film. It was one of the better Google Daydream VR experiences available and I’m also a fan of the original film. However, I recently picked up a used Pixel 2 XL and wanted to try out the slightly larger display only to discover that Blade Runner Revelations has been completely pulled from the Play Store! Here’s the link where the app should be. I tried numerous ways to obtain the original APK, but unfortunately I wiped my 2016 Pixel XL so transferring the the application wasn’t an option.

What I find particular odd and alarming was also the fact that the original transaction was removed from my Google Play transaction history. I am the type that practices inbox zero, so I wasn’t able to pull up my receipt because I deleted the original purchase confirmation email (note to self: don’t delete receipts). The only way I was able to pull up any proof of the original purchase was scouring my bank statement.

The story here is that the company and developer Alcon Interactive pulled the game about a year after the I made the purchase, then Google removed the transaction record from my Google Play Order History. This is a very shady business practice by not only the developer, but by Google as well.

The sad thing about this situation is that this has happened to me at least half a dozen times with other games and applications I’ve purchased from the Google Play Store throughout the years. This is one of the reasons I deleted my Google account and no longer use any of Google’s services (except under certain circumstances for work).

We live in an age where we no longer own the things we purchase. The difference between buying content now versus 20 years ago is when we purchase digital content today, we do not own anything – we obtain a license to consume the content temporarily, that is until the platform, company, or developer decides it’s no longer making them any money. The content gets pulled from the service and you and I, the customer, have to eat the cost.

This may not come as much of a surprise if you’re a user of Netflix or Spotify, but there’s other digital distribution services like Amazon, YouTube, or Steam where you “purchase” a book, movie, or a game from their platform, but consumers are seldom aware that they’re not actually purchasing property – they’re purchasing a license that don’t hold their best interests. Additionally, software vendor can delete it from your device at anytime without any warning or explanation.

At the end of the day, where does this leave us? In the situation I shared above, the developer has completely pulled the game I paid for and Google has completely erased the transaction record. Ultimately, this has strongly encouraged me to try and find a pirated version of the game – which is copyright infringement despite the fact that I already paid money to access the game. I believe creators should get paid for their work, but if it means I have pay for a license that could be revoked at anytime, I will more than likely pirate the content instead. On the other hand, this also means finding content on sketchy websites which is especially an issue when it comes to software. Installing a random APK from a sketchy website is not something I’ll do or encourage anyone else to do. At this point, I’m simply considering it a loss.

While writing this, I did some searches and found the book called ‘The End of Ownership‘ which I haven’t read yet but intend on checking out. The authors share the story similar to mine (but much more ironic) where Amazon deleted George Orwell’s 1984 from Kindles several years ago. Like most of us, these readers thought they owned their digital copies of 1984… until they didn’t.

Getting My Data Back From Google

Over the last year or so, I’ve been in the process of  weening my digital life off of Google’s services. There’s a variety of reasons why I began doing this such as privacy concerns, the fact that Google routinely kills products, and the risk of losing access to my account (this would especially be problematic as I was heavily invested into the Google ecosystem) – however, I’ll probably get into all these reasons another time.

This post is mostly a rant, but also a warning to anyone else out there trying to get your data back from Google’s services. This has not been a fun experience I’ll share another post about what I’ve switched to in place of these services, but ultimately I believe in privacy, security, diversification, and compartmentalization when considering an alternative.

Google Play Music
Using Google’s Music Manager, I was able to download all the music I had uploaded to Google Play Music. Unfortunately, I had a series of issues like having some songs missing, albums and artists being split into multiple folders, and even “clean” versions of songs being downloaded rather than the original mp3 with “dirty” lyrics – I’m not exactly sure how this happened. Additionally, any file that had a name longer than 25 or so characters were shortened. For example a Boards of Canada song with the file named “A Beautiful Place Out In The County.mp3” would be downloaded as “A Beautiful Place Out In .mp3”. This becomes especially annoying if you have files of songs with guest artists.

Google Drive
This was a bit more simpler than the other services, although I was missing roughly 10% of my files when I had downloaded in bulk, especially folders with a large number of files. I used the web version of Google Drive for the most part, but I remembered Google’s Sync tool. I was able to use Sync to download the rest of my files, unfortunately it’s only available on Windows and Mac (no Linux support).

Google Photos
This has been by far the most frustrating experience of all and I believe that this process is intentionally difficult to make it harder to switch. This whole experience would have been a lot simpler had Google kept the Photos integrated into the Sync tool or if they still made it possible to manage/view your photos from Google Drive. The only way to get all of your photos at once is to use Google’s Takeout tool which takes quite a while since I had around 80+ gbs of data in total and came out to 32 separate 2gb zip files.

  • All of the metadata (ie the time, date, location, device, etc) have been stripped out of the original image and into a separate .json file. I’m still trying to figure out how to merge this file back into the original image, but there’s no way to tell when the photo was taken other than the folder which only identifies the year.
  • There’s almost no organization to the photos and they’re scattered into multiple folders.
  • There are folders but missing data. For example, I had uploaded a folder titled “2005”, but the only file in the folder is a .json.
  • Some photos are not their original resolution and are basically the size of a thumbnail.

I’m still trying to figure out to get all my data exported intact from Google Photos. I’m considering going through the process again as it’s possible one of the issues is a 2gb zip not being properly exported.

Google Play Books
I’d say about half of the books I had uploaded could not be downloaded – this includes both PDF and ePub file format. There didn’t seem to be any rhyme or reason as to why I wasn’t able to download them. Some would download after 3 or 4 attempts but anything beyond this I just gave up. After dealing with Google Photos, I simply downloaded what I could and then deleted everything.

At the end of the day, I suggest against relying heavily on Google services. Their services are certainly easy and convenient, but I don’t believe in sacrificing freedom and control for the sake of convenience. I’ve since opted to store my files locally with a redundant cloud backup of everything just in case my laptop explodes. I will write another post soon about replacements.