Turning facebook and the internet into surveillance society?

As I was reading on Pusha's "what's hot" today, I noticed a youtube video highlighting the integrity issues associated with Facebook which I'd like to recommend to people:

Regardless of whether the somewhat far-fetched associations between facebook and the Central Intelligence Agency and the Information Awareness Office are accurate or not, it's a fact facebook is a data miner's or marketers wet dream. Also, I am becoming more and more convinced that authorities or illicit players won't be the major concern on the Internet of tomorrow - instead everyone will be so closely knit together on the Social Internet and through what's essentially Sousveillance (webcams, microblogs, whatever) that anything done outside this essentially volontary cage will be looked upon suspiciously... except if you manage to create yourself a double life, or build your unabomber hut.

The Internet will be this huge conservative village where everyone must strive to show only their most normal faces. And you can't move away from the Internet village with the pretense of going to college or anything. In that village, no-one dares to come out as gay, or maybe, just maybe... that can be a somewhat better and more humane village than the ones we have today. What do you think?

Two days on facebook - 128 connections

After only two days on facebook, I've made 128 connections. Mind you, I don't call them all friends, I've essentially contacted everyone I found and recognized, and it sorted added up. I still probably have a ton of contacts which are not approved. Also, considering social network theory such as Dunbar numbers, I'm not a fool, it's not feasible to search through all friend's lists just to recognize someone new. Except for people I've thought of, this has essentially grown by itself and anyone who recognize me should feel free to add me.

I am really curious about how facebook optimizes the network finding, if it makes clusters of people etc, but generally I think it should speed up all that connection making by for example providing clusters of some dozen people, asking you "do you recognize five or more of these people?" and then be accepted into clusters by some voting as well. One thing I fell for righ away is the application "Friend Wheel" which you see an example of above. It analyzes the connections between your friends and attempts to cluster them around the perimeter of a circle. As you can see, I have five clearly distinguishable clusters (or meta-clusters, since some are bigger than what would make sense for the computational model) and some random people. I went ahead and made an animation of the development of my friend wheel during my first two days at facebook, just watch the beauty grow! For obvious integrity reasons I've scaled it down to unreadable, but email me if you want the fancy version:

PS. Much of the time, facebook feels kind of like a noisy room of all the people you have ever known... it's quite exhausting!

PPS. I love it how more than a hundred people with connection to my home village Gnosjö have joined that group and are discussing online, this may be the first time since the dawn of telivision Gnosjö-people are actually communicating with each other!

PPPS. I spend more time than is justifiable on this... I consider it studying, mind you! :-)

The farse of BankID

The Swedish Administrative Development Agency (Verva) released has released a report suggesting to expand the concepts of electronic identification in Sweden. IDG writes how your cellphone will be used for e-identification, how e-identification will look in the future, everyone will have eID within two years and how the BankID company is optimistic about the future. What bull.

"BankID is an incompatible ugly hack the Swedish banks threw together to give Persson something to brag about during the EU-chairmanship"
... I quote from a renowned bank security specialist who must remain unnamed. The Swedish BankID really is terrible technology which attempts to fill the void the national ID-card should have, and could have filled long ago. Polisen writes (my emphasis): "På id-kortet finns ett kontaktchipp som i framtiden kan bli bärare av elektronisk information, så kallade eID-tjänster, som till exempel elektronisk legitimation". ("On the ID-card there is a contact-chip which in the future may be the carrier of electronic information, so called eID-services, for example electronic identification") Not only have they got backward what eID-services are and there is no such thing as a "contact-chip" if we are to be picky about device terms (which I think we should), they seem to not have any infrastructure, technical plan or even room to create a functioning hardware electronic identification.

The BankID-service is bad primarily because it is software carried ("BankID på fil") and because it requires service providers to chip in to the business model in a way which is just unfeasible. I have been told service providers avoid providing more services through BankID because the licensing is so expensive, whereas actually everyone could benefit and save money from using it more. Great success... I just realized that clunky BankID client which never works properly probably does embed standard PKCS#12 certificates (X.509) and keys (RSA) but I have not yet to peek into exactly what they are. The fact remains BankID chose to step beside existing infrastructure for hardware, software and protocols existing in browsers and other clients. Also, unless you're communicating with a BankID licensed organization, the BankID you have been issued is worthless. It may not matter much to most people, but principally it is strange not to be able to verify identity without going through a government.

Oh, and this story about Swedish bureucracy is just hilarious, according to March 2008 - "Due to the fact that the Swedish Administrative Development Agency (Verva) has no longer been assigned to manage the national eGovernment portal and that no other Government agency was handed this task over, the portal ‘’ closes down." Yippie kay-yay...

In contrast, the Estonian ID card implements a regular PKI smart card much like the US DoD CAC. It ties into the OpenID project and anyone can implement services based on it using standard software and the government-provided LDAP directories. Oh and we already have Mobiil-ID using cellphone SIMs (using cellphone to pay for parking is a different but also very elementary thing done in all cities by most car owners for years).

To be fair though, the Estonian ID-card drivers are sometimes also messy to install, non-Estonian language support is failing in some points, the cards are pretty expensive to issue and since two cards have failed for me (I used to sit on my wallet) I've had to experience the failing support organization behind it. Probably Estonia can be said to have benefited from being a small country, not because there are few end-users (above a million is never a small number) but a limited number of market players which are able to cooperate and without too much involvement of Statskontoret framework agreements to stand in the way of pushing sensible technology.

My eToken PRO All this is of course pretty complex things and it cannot be expected of the layman to distinguish what is good or bad technology. Myself I've gotten a proper eToken PRO through Danish it2trust on which my keys are stored, to be able to encrypt, sign and authenticate while knowing that the key can practically (as far as I know) never be stolen unless the physical token is stolen. That feels really good, and even if I don't have that sensitive information myself, at least I know how to do it, and what software is capable or not to do these things properly.

Actually I recently found myself in a war-of-blogs regarding inferior banking security where the pretty large Swedish blogger "TKJ" spreads some confusion on what is the real problem and the cause for credit card frauds persisting. I'd like to say that I don't mind TKJ contributing to the discussion, on the contrary, and he's generously complimented the expert critique he's received. In my opinion also security experts should dare to step up and discuss these things openly, or media and consumers surely won't know where to push the market. So my $0.02 are that the reason swedes are still getting skimmed is the emberassing fact that Swedish banks and payment systems still use primarily copiable magnetic strips instead of the more secure "for electronic use only" smartcards. In the competition between nations for using the greatest technology, this is one area where Sweden is definitely suffering from having to carry it's legacy and being stuck with old solutions.

Buy bye privacy - I have joined facebook

So finally I have given in, I have joined facebook. One friend too many mentioned collaborating through a facebook app, and considering my revised view of integrity I have finally decided to give in and join this borg. Because, on today's internet, everyone know's you're a dog and you might as well be somewhat in control of it:

My name is Carl-Johan Sveningsson, I was born in Gnosjö, Sweden on the 25th of January 1981, my email address currently is cj.sveningsson(a), my S/MIME fingerprint is D1:50:3A:C3:76:FD:37:95:58:4D:A4:F1:A9:1E:D4:F9:49:0C:8C:95 and my OpenID is . This is me

On the other hand, I have a fascination with sousveillance and neoism pseudonyms, have just tried out FiSH IRC encryption (bulky and works so-so), I discuss encryption with #basvrak @ EFnet and have just signed up to So I think I'll be fine anyway... I hope.

Sleepless with Spotify

Tonight I can't sleep, nose being stuffed and running at the same time, the cough has started, you sneeze and muscles you didn't know you had cramps and you lay asleep breathing slower and slower through one nostril until realizing you're not falling asleep, you're suffocating. So I got up and make myself some tea and share some creativity. Do you have any other good suggestions, what do you do when you have a cold? Don't tell me about the garlic or the vodka socks, I have realized that what I hate besides having a cold is having a cold with the aftertaste of garlic, and I know other uses of vodka which are much less superstitious.

The gates to a world of music are green Anyway, through friends of friends, I have just received an invitation to beta-test the much haussed music service Spotify (and this time I won't let it go to waste! :-P ). All friends who have tried it have gone Spotify-crazy, and maybe, just maybe I can understand why. Essentially it can rightfully be summarized as a crossbreed of Skype,, iTunes Store and Bittorrent (indeed they have hired the original creator of μTorrent who happens to be my old school-mate who surely won't remember me). And it's legal!

The cool features I notice right away are dual - first, you have access to a ton of music legally, for free in a light client, and you can play any of it with the ease of a few clicks. I've seen several of those things done before, but not all at once, for obvious reasons :-). Secondly, you can share and attach music with friends and and on the web without transmitting any files, just make a link like such: "Right now I am listening to Johnny Cash - American V". The social internet will have to give way to the musical internet! More updates as soon as I discover anything cool.

(Update: Another very pleasant thing about Spotify is the very clean interface. No fuss, just a very simple and good interface, except it is unfashionably black, but what the heck. One thing I'm curious about is whether they expect to actually catch the long tail of music and not just the hits? They seem to have somewhat of such an ambition, but I notice they have only one of the three Kjell Höglund albums I have, that's weak!

Oh and that's so cool, since noticing this blog post my university mate mentioned above got in touch over Skype. An extremely cool dude and great fun to get in touch with! I also noticed in the invitation letter from Spotify that I was requested to not post screenshots, but since they're already here and there over Google, I'll just hope they don't complain at me if I keep my head down. Sorry, it was a mistake, honestly)

(Update 2: Don't miss my candid pictures from the Spotify office, or my other posts about Spotify)

(Update 3: it24 has a particularly interesting article (translated here) though they're claiming "Spotify is [primarily?] living off the hype")

(Update 4: It's quite funny how Buzz Out Loud (CNET article here) labels Spotify as "a service available to everyone else [than the USA]" now they finally notice it. Also, thanks go to Judith and Martin for linking to this post)

Young Scientists in the news - and I want to hear more about it!

Today, except for playing around some with a camera flash to see if I do want to buy one (do you have one to sell?!), I have been thinking some about locality and microblogging.

It just so happens that my good friends the Young Scientists were in the editorial debate page of NyTeknik (in Swedish). That's really cool, and I think they should be heard more in the education debate. But my point right now is that I didn't know about it, because as it happens, FUF's news feed is broken and I am not really in touch with any active members anymore (except now I've found one, but he's in the board like everyone else...). We've been trying to tempt people to join the IRC chat, with little success, and I'm just craving communication with the sort of cool kids which FUF members usually are.

Back in the day, we used to communicate with people through IRC - you chose one or a few rooms of like-minded, and that's where you'd stay, sometimes for years and it was tricky to find new places where you'd want to hang out. Lately, in microblogging platforms like Jaiku I've become excited by the "virtual rooms" continuously created as your friends participate in interesting discussions with their friends, and you may choose to follow the posts of a new acquaintance. No-one expects you to listen to all the conversations, but you end up shaping your "flow" of conversations towards what people and topics you are interested in.

Actually, currently this shaping of the flow is pretty blunt. You can select people (which by the way are few of my IRL friends so far) and channels (which are infrequently used), but not keywords, or most importantly, location. By combining keyword and location, my motorbike-riding brother could get all messages on the topic of "co-biking" in the Småland area if he'd feel like it, and myself, like a child playing with the walkie-talkie, I would just love to be able to watch the "buzz" of people in my own city. Somewhere dwells also the dream of resurrecting the concept of local communities and villages - if you could select to listen to the (public) messages of your neighbours, maybe they could start to matter to you again...

twitter,, FriendFeed and Voolife - except for Jaiku, Twinkle for iPhone is the only such service which currently truly excites me. Do you disagree? Tell me why!

I'll end this blog post with the thought that "On the Internet, nobody knows you're a dog", and the social internet version of it which now reads "If you as much as touch a keyboard, everybody kows you're a dog". It's extraordinary to compose an impression about someone from all the tracks he leaves online, somewhat like the guy who has gathered an amazing collection of material on Pink Floyd and Syd Barrett which I watched today...

International Talk Like a Pirate Day - September 19th

Arr! Today, nerds all over the world celebrate International Talk Like a Pirate Day. Myself I have a great interesting in issues of "piracy" and privacy and even though I'd like to be more level-headed than most prominent members of the Swedish Pirate Party, their achievements are really impressive. So, as the old expression goes:

"To err is human, but to arr is Pirate!"

Picture from the ingenious service which seems temporarily down... See you on Towel Day (May 25th)!

Piracy Monday!

I got remarks on yesterday's creative commons post that I didn't include some also very significant films / clips, so to better myself here's another bunch of clips, this time focused more on actual piracy and filesharing, not so much enabling creativity. What I consider the so far most groundbreaking work in this category is probably Piratbyrån Walpurgis 2007: Four Shreddings and a Funeral (also available in Swedish). There's a video for it too, but it's not as good by far, the text is really thoughtworthy.

The videos can by their very nature be downloaded for free, but I chose to link to youtube below. Enjoy! :

Good Copy, Bad Copy:

(part 1, part 2, part 3, part 4, part 5, part 6)

Steal this film I:

(part 1, part 2, part 3, part 4)

Steal this film II:

(part 1, part 2, part 3, part 4, part 5)

Creative Commons Sunday!

As friends of me may have noticed, I'm a big fan of Joichi Ito since I met him in Tallinn and lately also his Creative Commons friend and collegue Lawrence Lessig. So here goes, a dense series of videos related to CC. Thanks to Hax here and here. Note that I know CC-licensing is not the abolishing of copyright, nor necessarily requiring share-alike to produce a special family of components like the GPL-fanatics like Richard Stallman argue for.

PS. Does anyone know rules regarding performance royalties and amateur recording of a live concert like I encouraged in one of my recent blog posts from the R.E.M. concert? I would like to think that the artist can at least explicitly allow recording and redistribution of a concert, but in Estonia, that seems to be mandatory to go through also the royalty collecting agency and the idea of a song may anyway be tied to the original song writor and composer. I have no idea...

Selling using the Black Swan

I've been reading The Black Swan recently, an exciting book by Nassim Nicholas Taleb. In its essence, it reminds us how fooled we may be in the way we describe reality, history and future, and possibly it may assist us to make much better decisions and being ready for the unexpected.

Taleb sums this down as being due to two primary ways of assessing things in the human mind:

  • System 1 - the experiential. Rapid decisions according to experience and habit, the "gut feeling" and prejudice (in the true sense of the word)

  • System 2 - the cogitative. Thinking rationally and logically about things, involving experience but also assessing the influence of abstracts such as statistics
The problem is of course that the experiental system can frequently be wildly inaccurate but you don't notice it unless you knowingly bring in the cogitative system to actually assess things. Using the cogitative system is both energy consuming and tricky as you don't always know when it would make a difference. I myself experience that I everyday think a certain way about things, but when you stop to think about how you actually should act, sometimes it seems that your direction has drifted way off target.

Anyway, the book also recently taught me a little clever thing about sales, especially if you're selling something obscure. Essentially if consider the probability of a generic situation A, compared to a more specific situation B whichas a consequence will result in A happening. Even if mathematically the likelyhood of A must be greater than that of B (and thus A) since other situations than B may also cause A, if B feels rational and A more complicated, people will generally think experientally and inaccurately think that B feels much more probable than the complex situation A.

So how to use this in sales? Well, describing the situations you want your customers to use your product for will make them seem more likely. Maybe this is very basic to anyone in sales, but for me it was a realization. I'll make an example below, and as a hint, A as described above is someone stealing and your email password and abusing it because you don't use SSL and B is computer wiz-kid stealing your password while you're working in the same café:
Rather than just talking about the importance of using encrypted POP and SMTP email (that's just a matter of ticking a box in the email program) tell the story of the university computer security student who has a hobby to run a network sniffer and log anything interesting when he's working from cafés. Your email program is checking the email every few minutes and the young student captures your username and password every time. Every now and then he takes a look in the logs and checks out the people of which he's got the accounts of, emptying his nets so to say.

In a couple of months, he's soon gathered some thousand accounts and realizes that besides playing pranks on his clueless victims (they had really given him their passwords!), he can make a little bit of extra money from monitoring the gossip or business pages and matching them to his secret lists. It is easy for the guy to be very safe from getting caught, every now and then he will get his hands on some very valuable information, and the people he sells it to can create a world of trouble for the victims. And all this because they didn't use secure email connections. Please use secure email connections and don't become a victim yourself. Tick that one box, check it now.

Young Scientists in the Physics Olympiad, prepare to beat them this year!

Already back in June this year (section down, here in google cache instead or the page at fysikersamfundet), two members of the Swedish Federation of Young Scientists, Gunnar Peng (1st place) and Karl Larsson (4th place), qualified for the Swedish team for the International Physics Olympiad. Yay guys, congratulations! (Actually, the finals were 20-29th of July... so how did they do? - Well, Carl Andersson got an honoruable mention whereas Estonia got one silver and two bronze medals!)

Gunnar Peng receiving his 7000 SEK price The funny thing though, Gunnar (who's from the same school as Karl, Katedralskolan in Linköping) was already qualified also to the finals of the International Mathematical Olympiad just like last year so was replaced for the physics team, supposedly by the runner up, Petter Säterskog who replies to the question whether he will go to the physics finals in Hanoi: "I'm not sure since I am already qualified for the biology olympiad in India. Not sure if they run at the same time. I am better at physics than biology". He did participate in India, and together with Emelie Sandberg and Martin Van from Sweden and Rudolf Bichele, Marit Puusepp and Kärt Must from Estonia got bronze medals! Tomas Kesek from Sweden and Kai Tiitsaar from Estonia got silver medals!

Karl Larsson measuring... a balloon? But... just say WHAT?! Not to say that Gunnar and Petter are not probably brilliant guys, but that just makes me think the whole Swedish participant community of the international science olympiades must be really tiny and inbred. In his Sommar i P1 program, Stavros Louca (mathematics teacher in celebrated "Klass 9A", download his Sommar i P1 program here or here) told of how he stimulated his students by challenging them to these olympiades, and they were successful! So, my contributon to remedy this situation, and for the benefit of everyone involved, is to help all everyone who can to compete in the olympiade.

So, generally the olympiades are for students in last year in high school (Swedish gymnasium third year) i.e. roughly 17-19 years old. The competitions seem to start qualifications during winter-spring (so you've got a couple of months to decide that you want to participate), national qualification finals early summar and international finals during the summer. The topics you can compete in are according to wikipedia:

  • The International Mathematical Olympiad (Matematikolympiaden and Skolornas Matematiktävling - which starts already in November, and Gunnar Peng got a silver in Madrid this year! - "för [alla] gymnasister ... grundskoleelev i årskurs 9 kan beviljas dispens att deltaga")
  • The International Physics Olympiad (Fysiktävlingen - "för tredje årets gymnasister som har avslutat A-kursen i fysik och läst större delen av B-kursen i fysik")
  • The International Chemistry Olympiad (Kemiolympiaden)
  • The International Biology Olympiad (Biologiolympiaden has no info since 2005)
  • The International Olympiad in Informatics (Programmeringsolympiaden are clever, they help you participate if your school doesn't make sure. Though I don't believe this, Gunnar Peng also won a finals silver in the Informatics Olympiad finals in Egypt!)
  • The International Philosophy Olympiad (Sweden is not represented yet)
  • The International Astronomy Olympiad (Rymdstyrelsen should arrange Astronomiolympiaden but haven't update the page since 2005)
  • The International Geography Olympiad
  • The International Linguistic Olympiad (Lingolympiaden)
  • The International Junior Science Olympiad
  • The International Olympiad on Astronomy and Astrophysics
  • The International Earth Science Olympiad

As a final note, I would like to share with everyone that the Federation of Young Scientists' chairman blog (in Swedish) is up and running again, and that LinkedIn now has discussions for groups, including for the funnny group of O-Unga Forskare (sw. "Non-young Scientists").

New iTunes 8, and why you should start using it

Rumor has it that Apple will be releasing both a new major iTunes version and a new minor version of the iPhone firmware during their "Let's Rock" event (Tuesday) September 9th.

It is still curious how even releases of just software updates from Apple still manage to stir some excitement. However, when Apple releases a new version of iTunes for example, it usually indicates some pretty big new feature somewhere in the Apple product family. iPod video, iPhone, movie rentals through iTunes and other big announcements from Apple have all been accompanied by a feature update of iTunes. So if iTunes 8 is released tomorrow, at least I am curious about what will come with it. My best bet is that Apple is moving towards the location aware-market with the GPS iPhone, I suspect they will have some cool location-related feature.

Even with how great iTunes is already today, there are several of you out there who haven't realized it, so here goes my favourite features of the current iTunes:

  • DAAP / iTunes server using (the free!) Firefly on my home server gives me seamless access to all of my music archive. Now I'm just missing iTunes remote speakers in software, but I guess I can live without it (Yay, there exists, cool now I will have to try it! - Umm... no "The key stored in iTunes has been extracted by Jon Lech Johansen, enabling 3rd party software to stream music to an Airport Express. However, the key stored in the AirPort Express is not yet known, and 3rd party software that mimics an Airport Express is thus not possible"):

  • iTunes party shuffle is very nice to keep track of the playlist not only during parties. You see what next bunch of songs will be played and can modify it, you can add tracks manually or let them fill automatically as you play. Unfortunately DAAP / iTunes servers doesn't offer a party shuffle:

  • iTunes manages my podcasts and syncs them to my iPod, including displaying which I have listened to. Very convenient:

  • scrobbler plugin logs what music I listen to and keeps track of it in my online profile. Besides providing a great smörgåsbord of music, as I have previously written also keeps a great track of upcoming events:

These great features aside, iTunes is nifty for cleaning up the ID3 tags and filenames when you're an compulsive order nut like me, and of course it's simple and convenient for mom to rip her CDs in iTunes.

(Update: So that's it (on IDG here and here) indeed iTunes 8 was released, and except as I said, another version of an already great program, it's got some nice new shuffle function and a closer connection to the iTunes Music Store. Cool. iTunes is still the only program which cares and does justice to your cover art)

So you thought your OS was secure?

When looking for information about the IDA disassembler (anyone who knows it and can give me a few hints?) I found an interesting video at Google Videos. Alex Sotirov discussed how he found a very applicable "ANI" exploit in WinXP and Vista, including showing his best IDA tricks. Quite academic and extremely technical. As food for thought he ends the lectures with this diagrams about what OS provides what security measures:

We Mac users sometimes brag about how secure OS X is, while in reality it probably has a pretty solid base in Darwin and provides a reliable development environment with Cocoa... but when bugs and exploits are found, OS X is standing there almost absolutely naked and defenseless.

Of course, Windows drags a larger pile of legacy code behind itself, but it also is a lot more under fire, it makes a lot more sense to produce exploits and viruses for Windows.

My advice (which I hope will soon be published at are still simple: 1) use good, secure software which throws away popups and spam 2) install system updates as they become available 3) run some sort of firewall and maybe free antivirus software . You, or if someone does it for you, need to keep your computer reasonably clean and well-oiled. Don't blame a virus if it's you who's filled up your disk. By these simple principles, my systems have been essentially perfectly free from virus trouble for at least five years. Knock on wood :-)

A little PS about that dangerous Internet hole which recently was "discovered" by Anton Kapela and Alex Pilosov. Experts are saying that indeed the "hole" is there, but everyone concerned were already aware of it and will not have much problems with it. If anything it is a small reminder that whenever you transmit passwords or any sensitive data over the Internet, you should not make any assumptions that the network is not wiretapped.

First exciting thing about Google Chrome - Gears

This morning I went to download the new Google Chrome browser. A lot of noise had been made about it, releasing a cute comic explaining the high-tech features of the new browser one day before releasing the browser.

Once I try it out it looks nice. Very nice, making the tabs part of the window bar and stripping away a line or two of menus and status bar makes the browser feel very slimmed.

Though the first and most fascinating thing I discover is features provided by Gears. My Google Reader can now download and provide me articles offline, nice! As I understand it, Gears is an interface to easily expose advanced browser functions to programmers in a unified way. It's with great anticipation I am looking forward to what great user experiences and features web applications using Gears can bring.

PS. Ashish has the head-start of time zones, but I find more interesting things :-)