The Market Ticker
Commentary on The Capital Markets- Category [Technology]
2017-07-22 07:00 by Karl Denninger
in Technology , 201 references
[Comments enabled]  

As is allegedly claimed you can buy nearly anything on the so-called "Darknet", a network of web sites linked by Tor that supposedly makes you "anonymous."

Well, not really anonymous -- if you want to transact anyway.

Two "newer" sites for drugs were recently shut down.  That's not all that new; the infamous Silk Road went down a good time back and the operator got busted.

But this time the cops did it differently.  They took over the site and ran it for long enough to finger a bunch of people on both the supplier and buyer sides of transactions.

There's no defense against that, of course.  And not only will there be some prison sentences coming from this latest little escapade but more to the point, this probably marks the end of that particular area of "commerce."

There's literally no way for a buyer or seller to know if the "intermediary" is really some random person running the site and making a commission or the cops, who are simply collecting all the information in the middle, waiting until they get plenty of it to identify the people on both ends (in order to transact in something, of course, you have to send it from somewhere to somewhere in meatspaceand then bust everyone on both sides.

I don't see how you defend against this one.... and sowing the fear that the next site you try to use if your favorite just "disappeared" might in fact be run by the cops is probably enough to destroy the attraction for this particular little path for "illicit commerce" -- at least where physical goods have to change hands.

View this entry with comments (opens new window)

2017-07-21 15:20 by Karl Denninger
in Technology , 196 references
[Comments enabled]  

Good God, this is the dumbest and most dangerous - thing I've seen yet.

A Facebook message pops up on my phone screen. “What’s going on in your world?”

It’s from a robot named Woebot, the brainchild of Stanford University psychologist Alison Darcy.


This "bot" looks at what you do and then decides it thinks you're depressed.

Ok, who owns that "deduction" and what happens when it's wrong?

See, here's the problem -- this doesn't require an "app" that you load.  Facebook looks at everything you do that it can link back to your id on their site now.

Is the company doing this now -- and selling it to whoever wishes to buy, such as, for example, your health insurance company?  Your employer?  A recruiting company (that in turn has quite a bit of influence over whether you find future employment)?  A prospective landlord?  Never mind the government.

Look folks, you have some deep thinking to do.  It is exactly this sort of "app" that leads me to say "Advertise on Facebook or any other Zuckerberg property and I will never buy from you again."

The simple fact of the matter is that today this sort of privacy invasion is legion.  Simply loading Facebook Messenger on your phone immediately correlates with ads that Facebook could only know you're interested in by mining what you do on said phone and sending it back to Facebook.  Note that nowhere did you consent to the app snooping around in your process list, yet what happens could only be determined in that way.

Therefore you must assume it does.

Then there are the myriad reports of people who suddenly start seeing ads for something they discussed orally with someone while their phone was on but idle and locked.  Again -- they had a conversation, not a text message exchange or an email, but a verbal conversation with someone, and suddenly.... "it knows."  How does it know other than by snooping using the microphone in the device in your pocket or on the table?

It doesn't even have to be your device, since nowdays people are "voiceprinting" folks -- if you friend manages to "donate" your conversation because his device is on and snooping you get tagged automatically.

Folks, you can't sit for this sort of ****.  Not only is this "AI" unreliable and nothing more than a pattern match it is a fact that you are disadvantaged financially by it in an amount sufficient to pay for all of it and whatever someone pays to "advertise" using it otherwise there would be no market for it and it would disappear.

So it is a fact that you are being screwed.  You probably can't identify exactly how and when you are being screwed but that you are is a fact.

You either put a stop to this or we will quite-soon find the nightmare scenario happening all too often -- you don't get the job, you don't get the loan, your auto insurance is suddenly canceled because "you're just not a good risk" (but they won't tell you why) and more.

The EU has figured out that this is a severe and unconscionable intrusion into your life.  That is, you can't possibly give informed consent because you have no idea what sort of "out of scope" use the people who collect the data will put it to and thus a huge amount of this sort of crap there will be banned as of the first of next year.

We had better ban it here and the market way to do it is that for every organization you see that advertises on these "platforms" boycott them immediately, permanently and tell them why.

Further, if you want to have a conversation with someone -- an actual conversation where you can speak freely and roll things around between you -- then you need to first insure that all electronic devices within range of your voices are turned off.  If you can't do that and prove it up then worthless platitudes are all that remain safe to discuss, and this in turn means that your real interactions with other people in real life have just become entirely worthless as well.

Think about that folks -- are you willing to sacrifice all of the value of your personal interactions with others so you can have "Face****er" in your pocket -- or any of your "friends" can and do?

Stop it now -- by market power if you can and by force if you must -- or lose what's left of the value in human interaction.

View this entry with comments (opens new window)

2017-07-16 07:00 by Karl Denninger
in Technology , 189 references
[Comments enabled]  

What the hell is this garbage?

Lawmakers in almost two dozen state capitols are considering ways to bolster consumer privacy protections rolled back with Trump’s signature in April. The proposals being debated from New York to California would limit how AT&T Inc., Verizon Communications Inc. and Comcast Corp. use subscribers’ data.

Ok, as far as it goes.

Now why doesn't it apply to companies like Facebook considering they are based in California?

See how simple that was?

As I've pointed out the real problem is out-of-scope data use.  Nobody expects their ISP to track their web surfing and sell it to health insurance companies.  But they might do that.

Ditto on your Facebook views.

Nobody gets all cranked off about advertisers using your preferences to bring you "better ads."

The problem is that "better ads" doesn't mean discriminating for (or against) you in buying health insurance, or rating you when you buy a homeowner's or auto policy, or for that matter screwing you on price based on the fact that you just drove past a WalMart and thus won't duck in and buy whatever it is there instead!

That is where the problem lies.

It's not using collected data for its intended purpose and on the terms you were given and with the choice to not participate.

It's using it for other reasons, including building a detailed dossier on who you are, where you go to church, what your job and income look like, who your friends are, whether you spend an hour a day in a bar and more.  It's the lie that the data collection is not tied to you personally and on an identifiable basis when it very clearly is.  It's the outrageous second-by-second record-keeping that both Android and IOS do with "location" and the sale of that data to anyone who shows up with a wad of money, along with the same collection of said data by mobile phone companies over which you have no control.  In short it's the inability to say no by inherently tying that collection and out-of-scope use to things that have become essential for modern life, such as (for example) Internet access when you have a kid in the house and part of their homework requires access to the Internet, inherent storage and sale of data by cellular and cable providers and more.

Do not be deceived -- these so-called "state actions" are both incomplete and discriminatory.  Proof of this is that California, which is one of the states involved, is not targeting Zucker****er for the very same level of enforcement.

View this entry with comments (opens new window)

2017-07-13 10:04 by Karl Denninger
in Technology , 862 references
[Comments enabled]  

The last couple of days have been so-called days of action on so-called "Net neutrality" and now a veritable trove of large "consumer" corporations have joined the fray -- Amazon, Facebook and (of course) Netflix among them.

It's time to cut the crap on all of this -- every one of these firms simply wants to shove their costs down your throat, whether you use their services or not.

That's what this is really about, you see.

It's obvious with Netflix, of course, but less-so with the others.  Facebook, for example, has to deliver advertising -- including high-bandwidth video advertising -- to make money.  To do that someone has to pay for the transport of the data from their servers to your computer or phone.

Who pays?

They think it ought to be you.

That's ugly enough but it gets uglier -- you see, all these firms have to have transport to service their applications (e.g. movie viewing, etc) for anyone who might buy their service.  This means that network providers must build out capacity to serve that.  Who gets that bill?

Again, they want the answer to be you, whether you use their service or not!

It should be you who gets the bill if you use the service.  But what if you don't?  What if you have no interest in Netflix?  What if you have no interest in Facebook's ads?  What if you don't want to use Amazon's movie service, or streaming music?  Why should those firms be able to shove off their infrastructure build and operating costs on you if you don't use the service?

Let's take a "closer to you" example.  You are a homeowner.  You have no interest in Netflix but you do have an interest in Internet service.  Your daughter, on the other hand, who lives with you, does like Netflix.  Let us assume for a moment that you're independent entities living in the same house, sharing household expenses, but she's an adult and paying her own way.  Who gets the bill for her Netflix addiction?

You do under a net neutrality paradigm because your "shared" internet connection must be faster and lower-latency to serve her even though she is the only one who requires that.

What if there was no Net Neutrality?

Then your ISP (cable company, probably) would tell Netflix that they must locate a server at each of their head ends and feed it with their own circuits or they'll be charged back the cost of the infrastructure build to serve them.

What happens then?  Netflix's prices go up but your cable internet bill goes down.

The cost gets shifted to the actual user and the forced, literally at gunpoint by power of law, extraction of those costs from people who have no interest in the services in question ends.

Folks, I'm a former Internet ISP CEO; I ran MCSNet in Chicago at the "dawn" of the consumer Internet age.  I have no dog in this hunt other than an interest in only paying for things I want to use.  Being forced to pay some percentage of my monthly cable Internet bill (or for that matter my monthly cellphone bill) to build infrastructure to support a company's service that I find worthless (Netflix) is an outrage.  If the market was left alone this would not happen because in a competitive market there would be choices -- and those who did try to cross-subsidize in this manner would fail.

As soon as you make it a matter of law then choice vanishes and so do those market forces.  My Internet bill is materially higher than it should be, and my daughter, who likes Netflix, is paying less than she should be -- she is able to effectively shift her costs to me.

There is another problem, and it's equally-serious: What is the valuation of Netflix if the cost is not $8 or $10 a month but $20? How many subs do they lose if only their actual customers pay for their infrastructure buildout instead of every Internet user in America?  I don't know -- but I bet that number is substantial, which means that company and all others lobbying for the same thing are stealing from every single American who has no interest in their service.

Theft is a crime, and these people need to go to prison -- all of them.

View this entry with comments (opens new window)

Yes, all of you.

I wish for an asteroid to impact all your campuses and every last one of your executive's homes.  I will pray for it this evening and every day forward until it happens.

I've pointed out many of the stupid, allegedly "independent" decisions of American tech companies in the past, many of which look intentional.  But the current set of not-funny things I've found of late is so far beyond the pale of reason that it can only be characterized as intentional on a collusive basis.

Let me start with Micro****you Windows.

It includes a VPN client.  There's a problem with it -- it proposes 3DES as the encryption by default for key exchange.  3DES hasn't been secure in a very long time.  What's equally bad is that it also proposes a payload (ESP) encryption that is also not secure. Let me point out that our government uses it for allegedly-secure things, which means this has to be able to be overridden or every single DOD related machine on the so-called "secure" network would be a bad joke.

As it turns out it can be overridden -- here's how.  I've known about this for quite a while but I'm now pissed-off enough to make sure you know about it too.  So if you are actually using Windows VPN client go fix that right damn now.

But, it gets better: If you have Windows Phone (and probably on a tablet too) you can't fix it.  Why not?  Because to actually fix it for VPNs you have to be able to modify the routing, which Windows 10 changed without notice so the default isn't on the secure network.  Windows phone has no way to get into that screen at all -- it doesn't exist.  On Windows 10 it does, if you go into the adapter properties (which is difficult to find, but there.)  So now you know -- Microsoft intentionally crippled VPN support on Windows 10 to make your data insecure on purpose unless you catch and fix it because they changed the defaults in this regard and if you don't catch it much of your data won't route down the VPN at all.

Specifically, you have to go into the Control Panel, click "Network and sharing center", then select change adapter settings (left side.)  You will see your VPN in that list as a "WAN Miniport".  You must right-click that, choose Properties, then the Networking tab, Internet Protocol Version 4 and select advanced once again.  There under IP settings you will find that the "Use default gateway on remote network" box is not checked.  Check that box!

 by tickerguy

Let me make this clear: If you don't catch this yourself all Windows 10 machines have no secure transport actually operating even though they appear to have it working and yes, fixing it is that far hidden down in the options pages.

That path is not available on a Windows Phone.  The good news is that Windows 10 (including Windows phone) will apparently honor some rather baroque proprietary DHCP options (no, not the standard default gateway announcement that all DHCP servers send down!) but the odds of your stock-standard DHCP server that is in basically every VPN gateway ever made having that particular Micro****you option in it is zero.  In other words for the big corporate or government guys they did in fact put a way in there for it to autoconfigure when their "road warriors" connect but for everyone else you're ****ed unless you know about this and manually fix it.  The only good news is that once you fix it the settings will stay fixed -- at least so far they have in my experience (since Win10 first showed up.)

I'm just getting started, however -- Redmond is just the first place I wish for an asteroid to impact.

The second is Google.

Android is deliberately coded so that all hotspot or tethered connections will not route down an active VPN.  In fact if you try it what you'll probably find is that nothing works at all while your VPN is up because the DNS servers are all hosed.  But even if you get around that you'll find it doesn't matter -- the traffic is going down the non-VPN'd link.

There is no way around this without root and no, BlackBerry did not fix it in their phones.  So **** you BlackBerry, you just went on my **** list and you're staying there until you force those **********s at Google to either stop this **** or stop selling allegedly-secure phones entirely.

Why is this important?  We'll get to that in a minute, but understand this -- you can use the StrongSwan app on Android to set up an extremely secure VPN that even the NSA probably cannot break.  However, you can't then tether a device off that phone and have it protected as well because Google decided to route tethered data down the non-VPN interface and you can't change that.  Of course that's not obvious either which means you will probably think you're secure when you're not.

May Google and everyone who works there be hit by an asteroid: In my opinion this is an intentional and malicious decision as it forbids you from protecting tethered devices with a very solid and secure VPN with no known work-around.

Now we get to the cherry on top of the above horse****.  Windows, as noted above, has a built-in VPN client and if you know what you're doing you can make it reasonably secure (it's definitely not "out of the box".)  But the latest outrage, which belongs to Comcast, Cocks, the various mobile carriers and others, is what data network folks are doing inside their networks.

They are dropping fragmented packets.

Let me explain why this matters.  When you have a VPN during the setup process you must exchange certificates if you wish to use said VPN in a secure manner.  Passwords are never sufficiently secure simply because they're tiny and almost-always insufficiently random.  Certificates are very secure if properly generated; they are nearly impossible to break.  The problem is that a certificate will not fit in a single packet with the other data that has to be there to set the connection up.  This means a fragmented UDP packet -- at least a couple of them -- must pass for the connection to come up.

Block fragments and you block secure VPNs - such as IKEv2, unless the client knows to ask for fragmentation on the initial connection.  Oh by the way, IKEv2 is not only secure it is capable of IP hopping and renegotiates keying automatically, which not only makes it even more-secure it means it can be nailed up while you move around where your address may change (e.g. on a phone that is actually moving.)  Once the VPN comes up the protocol can internally handle all of this and there's no problem but during the negotiation it doesn't know what it needs to do because it hasn't set up the connection yet.

Guess who's IKEv2 client can't handle that and doesn't ask?  Windows, again -- and by the way, this very same limitation has been there since Windows 7.  Microscrewyou has not seen fit to update their gateway software since 2009; it is now almost eight years later and IKEv2 fragmentation is still not supported on Windows.  At all.

The effect of this outrage if you have a Windows machine if any ISP or device in the middle between you and your VPN server drops fragments the connection won't come up at all.

On Android I can work around this because the StrongSwan client can have the server's certificate loaded locally and then it can be told to not ask for it, and the client knows how to do fragmentation.  The former requires you to trust that the server's key has not been compromised since it bypasses revocation and signature (by the Certificate Authority) checks but it also avoids the need during setup to send the massive packets and thus the problem doesn't occur.  But see above for why this can't protect your other machines -- Google intentionally prevented you from protecting them behind your active VPN!

Since Windows won't similarly negotiate a connection without getting the machine certificate from the server (it always asks and if it doesn't get it the client throws up; it refuses to look in the local certificate store) this means that any ISP that blocks fragments also blocks all secure connections at the same time from said Windows machines with no work-around.

Congratulations America.  By sitting on your ass and not giving a **** about privacy and data security for two decades, along with allowing Zuckerpig and the rest to data mine you to oblivion the marketers and everyone else in the Internet and device business have gotten together and slowly strangled the ability to actually secure your data.  They are of course doing this so they can sell your data which they collect without your knowledge or consent.

You can bet their communication channels have workarounds for some or all of this.

Yours do not.

Welcome to the Hell that you built with your heads buried in your damn smartphones.

Now let me tell you how you get around this, because I've figured out a way.  It's somewhat of a pain in the ass but it works.

1. On your Android phone download PDANet.  Pay June Networks their one-time license fee.  It's worth the money.  Download their desktop software plug-in for your Windows machine.

2. Get a USB cable for your Android phone.  Set up StrongSwan on said Android phone and get it working to your VPN.  Start said VPN and connect it with a nice, strong and secure link.

3. Use PDANet to tether via USB.

Now your tethering routes down the the VPN you have set up on the phone.  **** you Google, **** you Microsoft, and **** you all the ISPs and others who are dropping fragmented packets.

I win, you lose; the only thing lost by doing this is network browse if you have an internal network of windows machines due to how addressing works in this configuration but you can still mount resources by name -- you just can't register with the WINS server so network browse doesn't operate.

View this entry with comments (opens new window)

Main Navigation
MUST-READ Selection:
A One-Sentence Bill To Force The Health-Care Issue

Full-Text Search & Archives
Archive Access

Legal Disclaimer

The content on this site is provided without any warranty, express or implied. All opinions expressed on this site are those of the author and may contain errors or omissions.


The author may have a position in any company or security mentioned herein. Actions you undertake as a consequence of any analysis, opinion or advertisement on this site are your sole responsibility.

Market charts, when present, used with permission of TD Ameritrade/ThinkOrSwim Inc. Neither TD Ameritrade or ThinkOrSwim have reviewed, approved or disapproved any content herein.

The Market Ticker content may be sent unmodified to lawmakers via print or electronic means or excerpted online for non-commercial purposes provided full attribution is given and the original article source is linked to. Please contact Karl Denninger for reprint permission in other media, to republish full articles, or for any commercial use (which includes any site where advertising is displayed.)

Submissions or tips on matters of economic or political interest may be sent "over the transom" to The Editor at any time. To be considered for publication your submission must include full and correct contact information and be related to an economic or political matter of the day. All submissions become the property of The Market Ticker.