Note: this post has been updated to fix a mistake in the knot-resolver configuration. The earlier version would not have provided the privacy it purported to. I regret the error.
Until yesterday I hadn’t thought too much about DNS metadata leakage. Here’s how it works: your computer sends out a request to resolve a DNS hostname, let’s say “topsecretwebsite.example,” and your DNS server responds back with its IP address in a way that’s easy to eavesdrop on. It’s wild that the Internet works like this by default.
What happened yesterday is a company called CloudFlare (a popular and free content delivery network) announced a new DNS service at the IP address 1.1.1.1. (Yes it launched on April 1, no it’s not a joke.) The service supports a couple of interesting privacy protecting options: DNS-over-HTTPS and DNS-over-TLS. Those technologies don’t guarantee your DNS lookups are accurate (check out DNSSEC for that), or that the DNS provider won’t someday betray you, they just make it’s harder to collect metadata by listening in on DNS’s cleartext port 53.
I am awash in thoughts and feelings this week. Donald J. Trump will very likely be our next President. This fact has already emboldened hate groups, leaving us to contemplate what the next four years could mean—especially for friends who will likely become targets of bigotry.
Should we go outside and protest? Should we turn inward and lean on our support networks? Do we start thinking about the 2018 midterms? Yes. Yes to all of it. If you need time away from this divisive election, you’ll be welcome to join us when you’re ready. I completely understand, especially if you worked on a 2016 political campaign.
For my part, I am regrouping, considering how I can do more, do better. Some friends have asked me about strategies for resisting surveillance. Digital privacy will become even more important in the coming years, and we should all collectively get better at protecting ourselves.
A very short answer is: switch your texting over to Signal, use a password manager. Start today.
The premise driving the people writing encryption software is not exactly that we’re giving people new rights or taking some away: it’s the hope that we can enforce existing rights using algorithms that guarantee your ability to free speech, to a reasonable expectation of privacy in your daily life. When you make a credit card payment or log into Facebook, you’re using the same fundamental encryption that, in another continent, an activist could be using to organize a protest against a failed regime.
In a way, we’re implementing a fundamental technological advancement not dissimilar from the invention of cars or airplanes. Ford and Toyota build automobiles so that the entire world can have access to faster transportation and a better quality of life. If a terrorist is suspected of using a Toyota as a car bomb, it’s not reasonable to expect Toyota to start screening who it sells cars to, or to stop selling cars altogether.
The problem is not that these companies will fail (may they all die in agony), but that the survivors will take desperate measures to stay alive as the failure spiral tightens.
These companies have been collecting and trafficking in our most personal data for many years. It’s going to get ugly.
The prognosis for publishers is grim. Repent! Find a way out of the adtech racket before it collapses around you. Ditch your tracking, show dumb ads that you sell directly (not through a thicket of intermediaries), and beg your readers for mercy. Respect their privacy, bandwidth, and intelligence, flatter their vanity, and maybe they’ll subscribe to something.
One way I could see publishers phasing in this more-respectful business model is through existing web browsers’ do-not-track differentiation. Every modern browser has privacy settings that let an individual user opt out of online tracking. That do-not-track preference gets included with each and every web request, but it’s up to the website operator to act on it. As far as I can tell, all adtech companies seem to ignore this preference completely.
Firefox privacy preferences
Okay, so are you ready for my idea for how publishers can escape the adtech bubble? Stay with me here, because this is a crazy suggestion: if I’ve signaled through my preferences that I prefer not to be tracked, then … I dunno, maybe don’t track me.
A typical ad-driven website relies on dozens of companies to show me slow loading, poorly-customized advertising. But there’s nothing stopping the website itself from simply not letting those companies’ code onto the page.
I would say just switch to dumb (non-tracking) ads for everyone, but I know how this would play out: “it’s too extreme, we can’t afford it!” But here’s the thing, if you think this adtech spaghetti business is going to collapse, you’ll have to start switching traffic over to something else eventually. Why not start out with current and future subscribers (aka “users”) who’ve already indicated they prefer not to be tracked by the adtech industry? Just do what we’ve been asking for in the first place.
Here’s how: if a given visitor has checked the do-not-track box, you’ll be able to detect it. Adjust your ad libraries and CDNs to detect the DNT: 1 HTTP header and then show a small message congratulating yourself, and set aside those ad spots for “artisanal” ads. Once things are rolling along you can ditch the old bloated, crappy ads for everybody else.
You can already tell what proportion of visitors have do-not-track enabled, it’s there in the traffic stats if you look for it. You could pitch this to the higher ups with real numbers, and spin it as a Premium Advertising Experience, like organic fair trade traffic without all the slow bandwidth-bloat and creepy surveillance.
The big challenge, of course, is this type of effort involves cooperation between many departments that may not currently get along well. But getting the ad sales people and the ad tech people and the web developers to get along is important.
Nobody likes working on ads, and I know it’s hard to just get buy-in, let alone actually launch a new thing. But an adtech collapse might be an existential threat, better to get in front of this now rather than wait for it to happen.
Update: since this was written, the letsencrypt-auto script has improved significantly. When I tried it again today (December 8, 2015), the process was basically just cloning the GitHub repo and running ./letsencrypt-auto. I’ll leave the original (outdated) information here for posterity.
As of today phiffer.org is being served using SSL encryption thanks to a free certificate from Let’s Encrypt. It’s a recently launched service, sponsored by Mozilla and the Electronic Frontier Foundation (among others), intended to make HTTPS encryption ubiquitous on the web.
Hooray for [Let's Encrypt!](https://letsencrypt.org/)
Let’s Encrypt is very new, and there are still some rough edges, but overall I’m impressed by how smoothly the process went. I wanted to document my experience, in case it’s helpful to others (and future-me). This post is a bit more technical than usual and, because the service is new, much of it may not be relevant very long into the future. That said, I hope this might offer some clues for folks trying to get up and running on HTTPS.
Here’s Maciej Cegłowski giving a talk on the hazards of Big Data.
The current model of total surveillance and permanent storage is not tenable.
If we keep it up, we’ll have our own version of Three Mile Island, some widely-publicized failure that galvanizes popular opinion against the technology.
At that point people who are angry, mistrustful, and may not understand a thing about computers will regulate your industry into the ground.
Does your lifestyle prevent you from qualifying for insurance discounts?
Do you lack sufficient time for exercise or have limited access to sports facilities?
Maybe you just want to keep your personal data private without having to pay higher insurance premiums for the privilege?
Unfit Bits provides solutions. At Unfit Bits, we are investigating DIY fitness spoofing techniques to allow you to create walking datasets without actually having to share your personal data. These techniques help produce personal data to qualify you for insurance rewards even if you can’t afford a high exercise lifestyle.
Facebook recently filed a rather unsettling patent application describing (among other things) a hypothetical social-graph-based credit scoring system. What level of freaked out would be an appropriate response?
Facebook makes its money by encouraging people to have large friend networks and create lots of content for it to show ads against. And given that that’s the primary profit driver for Facebook, as a practical manner, it would really surprise me if they decided to get into the credit-scoring business, just because I think that’s going to make people feel panicked and uncomfortable. If I were them, I would not be in a giant rush to do that.
This makes me wonder if a lot of people suddenly started blocking ads, would companies like Facebook move quickly to adopt more dystopian business models? Or would they be more likely to start embracing those business models much earlier—quietly, secretly, mischievously—in anticipation?