ITS Broadcast App for Android and Privacy Implications

There is a lot of buzz about the new ITS Broadcast Android app, which upon debut has received hundreds of 5-star reviews. I don’t have an Android phone so I won’t comment on the app features or lack thereof, but from my understanding this is a tool that ITS wants to use to broadcast messages to its’ users.

ITS Broadcast is a messaging tool for ITS dept (E-Jamaat).
After installation you will have to provide ITS (E-Jamaat) ID and password to register.
This app can be configured only for Single ITS (E-Jamaat) ID.
Once registered future communication will be made by using this App.

Given that ITS already has a unique identifier for all users and a listed contact email, reviewing the app permissions with the above stated purpose in mind seems to raise some concerns. Importantly, the application asks for permission to Find Accounts on the Device:

Allows the app to get the list of accounts known by the tablet. This may include any accounts created by applications you have installed. Allows the app to get the list of accounts known by the phone. This may include any accounts created by applications you have installed.

Why does the ITS application need to know what other accounts its’ users have on their phones? Is it necessary for ITS to be able to know what Google, Facebook, Twitter, Tumblr, Instagram, Flickr, and other accounts are active on your phone? How will ITS use this data?

Those are some questions to ponder before you go ahead and click the Install button…

Apple Maps Data Sources

The Apple Maps fiasco on iOS 6 needs no introduction, but it’s of interest to note that the data sources that Apple pulls map data from differ not only based on the location being viewed, but also based on where the user is viewing the data from (I don’t know how widely known this is). For example, when I’m in Hong Kong, I get data from an unknown source, but when I’m in China, I get data for the entire world provided by AutoNavi.

Ironically, the maps I get for Hong Kong are better when viewed from China than when viewed from Hong Kong itself!

Here are a few comparison shots (left side view from China/right side view from Hong Kong):

HK High Court rules that Domesic Helpers can gain PR

Hong Kong’s High Court has ruled that foreign domestic helpers can become Permanent Residents of Hong Kong, after staying here for 7 years. This, no doubt will be appealed to the Court of Final Appeal, and possibly even the National People’s Congress, thereby causing yet another constitutional crisis. However, I honestly can’t think of a better way for domestic helpers to shoot themselves in the foot.

The current pay for a domestic helper is HK$3740 per month, and the pay for someone earning the a minimum wage in Hong Kong would be much higher. Foreign domestic helpers are not entitled to a minimum wage. So lets say that one applies to become a permanent resident – they are immediately no longer employable as a foreign domestic helper and need to be paid minimum wage.

As an employer, would one pay them the significantly higher minimum wage, or would they just make such a person redundant and hire a fresh immigrant at the fixed foreign domestic helper contract rates? It’s a no brainer really, especially with the economy in free fall.

I think that domestic helpers will quickly understand that the economics of becoming permanent residents of Hong Kong simply don’t make sense, and excepting the handful who are qualified for other jobs, they would soon find themselves out of work with poor prospects.

Update: It has been pointed out to me (thanks, Taha) that live-in domestic workers are not covered by the minimum wage ordinance. This changes the situation quite significantly, in that there is no economic barrier to taking up PR.

However, I still think that the fearmongering that is being propagated here in Hong Kong is probably unwarranted. According to the current immigration system, there is no right for PRs to bring their family members to live in Hong Kong. I have been through the process three times, and I know from my own experience (and that of others) that in order to bring one’s dependents (including spouse), one needs to show sufficient income to support them, as well as having adequate housing in which the dependents can reside.

The vast majority of domestic helpers would be unable to satisfy those criteria.

Finally, for the avoidance of doubt, I will just mention that no foreign domestic helper will become a PR automatically. This is a status that must be obtained by making an application to do so, having satisfied the relevent criteria.

Hong Kong should explain the aim of National Education

In today’s South China Morning Post, my letter appeared, the text of which is reproduced below:

Explain aim of national education

With the heated debate regarding the government’s proposed national education curriculum, too many people are jumping to knee-jerk conclusions without really understanding what shape a national education programme might take.

Indeed, the government prematurely asks the public for feedback without explaining to the public what, in fact, national education means.

China, as one of the world’s oldest civilisations, has much to offer us from studying its history. A truly comprehensive national education curriculum would not only celebrate this history but also critically analyse it, offering students the opportunity to arrive at their own conclusions and affording them a forum to share these conclusions in a discussion-based setting.

If fostering patriotism is one of the goals of this curriculum, this should be applauded. However, let us be clear that true patriotism creates a desire for continuous review and improvement of governance.

The government must make clear its intentions.

Are we seeking to enrich the next generation and provide them with the necessary tools to become the leaders of tomorrow or is the administration acting on instructions to cultivate conformity in thinking?

The latter will inevitably lead to political regression and intellectual stagnation.

Ali Ebrahim, Mid-Levels

Crack down on telemarketers

In today’s South China Morning Post, a letter of mine appeared in the Letters section (page A12), the text of which is reproduced below (with some links added, for easy reference):

Crack down on telemarketers

Today, with so many different channels of communication, we are deluged with unwanted marketing. I wholeheartedly welcome the news that Hongkong Post is launching an opt-out sticker scheme for certain unaddressed circulars (“One way to stop some of that junk mail”, August 25).

However, the real menace is not mail, but telemarketing calls. Telemarketing is the most inconvenient type of marketing because it requires active participation by the receiver, at a time that is convenient to the caller. Why should the public be expected to adjust to the schedules of telemarketers who are selling a product that they most likely do not want or need – and one which they certainly did not solicit?

A few years ago the telecoms watchdog OFTA launched the “Do-not-call” register for pre-recorded messages. It is now high time that it extended this register to include non-recorded – that is, live – calls.

This is hardly a novel idea: do-not-call registers in other countries typically make no distinction between pre-recorded and live telemarketing calls.

This would cause a hue and cry from telemarketers, who would claim they provide a useful service that brings benefits to consumers. Yet that is nonsense; the only beneficiaries are the telemarketers themselves and the companies they represent.

The theft of property is an offence punishable by a prison sentence. I wonder if telemarketers could provide a convincing argument why we should tolerate the theft of our time.

Ali Ebrahim, Mid-Levels

For those who are interested, I’ve uploaded a scan of the relevant page.

Google Apps – Panacea or Headache?

The email on ebrahim.org is currently hosted on pair Networks, a great webhost, but one whose email solutions are lacking in flexibility. I want to move to a solution where I can sync Email/Contacts/Calendar over multiple devices, for a domain with 7 mailboxes.

I’m considering two options:

Rackspace
Pros: Has all the features I’d ever need, excellent support, even for small customers.
Cons: Relatively small quota, and completely out of budget (at least US$13/user/month), email migration into Rackspace is difficult for large datasets.

As Rackspace is out of budget, I didn’t really spend much time looking into it in too much detail.

Google Apps Premier
Pros: Within budget (US$50/user/year), wide ranging feature set.
Cons: Technical support lacking (mainly DIY), doesn’t care about small customers, only compatible with old software, and import into Google Apps is a nightmare scenario due to lack of compatibility of migration tools.

However, there are significant issues which block my migration to Google Apps at the moment, most of which are shocking, given Google’s desire to capture the enterprise messaging/collaboration market.

Let’s make a list of missing features:

  • Google Apps Sync does not support Outlook 2010
  • Google Apps Migration for Microsoft Outlook does not support Outlook 2010
  • Google Apps Migration for Microsoft Outlook does not support Windows 7
  • There is no supported way to import a mbox format mailbox into Google Apps (there is a workaround where you can use third-party software to import the mbox into Outlook, and then use the Google Apps Migration for Microsoft Outlook, but then the Google migration tool doesn’t support Windows 7 or Outlook 2010, so you’re back to square one)

Sales of Windows 7 began in October 2009, and Office 2010 was made available to volume licensing customers in April 2010. When everybody else already supports Windows 7/Outlook 2010, Google lags far behind and lose all credibility when they claim they are the best solution for enterprise customers.

Enterprise customers rely on predictability, but yet, when asked for a timeline for when the above configurations will be supported, Google replied “we do not have a release date as yet”.

I’m ready to spend money with Google, if only they’d deliver support for modern software. A year in the software world is an eternity, and for Google to not support Windows 7 is akin to a wannabe top-tier airport telling pilots to land using VFR because they’ve not installed an ILS yet.

What to do with an old laptop?

Пост доступен на русском языке via Восстановление на Softdroid: Как вернуть к работе старый ноутбук.

After five long years using my trusted (and now extremely out of date) laptop, I’ve finally moved along to something better.

Old Laptop

Dell Latitude D610, Intel Pentium-M 750 (1.86GHz), 2GB RAM, 60GB HDD (using Truecrypt software FDE), 14.1″ 1400×1050 LCD, Windows XP Professional 32-bit SP3.

New Laptop

Dell Latitude E6510, Intel Core i7-820QM (1.73GHz, with Turbo Boost to 3.06GHz), 8GB RAM, 250GB HDD (using Seagate hardware-based FDE), 15.6″ 1920×1080 LCD, built in 3G HSPA modem for use when travelling, backlit keyboard, Windows 7 Ultimate 64-bit.

Mini Review of Dell Latitude Series

I’m not one to replace my laptop hardware often, but it was time, as I had less than a month of my 5 year warranty remaining and I was out of hard disk space. Plus, the old laptop was breaking down a bit too often for my liking. Motherboard replaced 4 times, LCD replaced 3 times, keyboard replaced 2 times, and HDD replaced once. To Dell’s credit, they never made any fuss and always promptly sent out replacement parts without making me run irrelevant diagnostic tests, but it was all getting a bit too much. I think the main reason I had so many problems was the poor placement of the exhaust vent on the Latitude D-Series chassis, which was on the back and always blocked by the port replicator, causing constant overheating. I was happy to see that on the E-Series chassis, the exhaust vent has been moved to the side instead.

I have yet to try out all of the new features of my new laptop, but I will say that it’s Fast (with a capital F). Especially compared to what I was using before. The screen is amazing and the backlit keyboard is icing on the cake, because these days I use the computer with the lights off a lot, due to having small kids around. Not that I need to look at the keyboard whilst typing, but it’s still cool to have nonetheless.

A Dilemma

However, I now have an old laptop in working condition which is sitting idle, and I don’t know what to do with it. First, I considered repurposing it as a training computer for my 3 year old daughter and installing a netbook OS as those should in theory be pretty basic and easy to use.

First I tried Jolicloud (PreFinal release), a netbook OS that seems to be getting generally good reviews in the blogosphere. I tried the LiveCD and was disappointed to find that the Intel wifi card in my laptop did not work (nor was I able to find any information online about making it work). So I just gave it a look-through offline, enough to get a feel about what it offers.

Then I tried Ubuntu Netbook Edition (version 10.04), where the wifi did work on the LiveCD. Overall a pretty similar experience to Jolicloud, which was not a huge surprise given they share the same foundations. Jolicloud seemed to offer a better out of the box experience (rather it would have, had wifi been working), but Ubuntu’s UI polish was much better.

However, finally, both options seemed somewhat underwhelming and I kept on thinking to myself, “What if I just put XP back on this thing?” After all, XP is now almost a decade old, very stable due to years of bugfixes and patching, and pretty snappy too. Jolicloud and Ubuntu, as netbook-optimised OS’, stand out when dealing with real netbooks which have very limited vertical real estate. However, with 1050 pixels on the Y-axis, the appeal of screen real estate saving features was pretty minimal.

After all this, I also gave up on the idea about using my old laptop as a training machine for my daughter. Makes more sense just to use the home desktop with Windows 7 and a regular keyboard and mouse rather than using Windows XP with a relatively confusing trackpad.

I think most likely, I probably will install Windows XP on the old laptop. The alternatives are underwhelming. Though, I still have no idea what I’ll do with it.

What’s your PAN? Anybody can find out!

Glossary for non-Indian readers: PAN – Permanent Account Number

The geniuses at the Income Tax Department in India have set up a website called:

Know Your PAN

In reality, it should be called Know Anybody’s PAN because that’s what you’re able to do, as long as you know their last name and birthdate, neither of which anybody would consider a secret these days. You don’t even need to know the first or middle name, the website will give it to you.

I can’t fathom why anybody would think that this website is a good idea because it effectively facilitates identity fraud. Besides forgetting one’s own PAN, I cannot think of a single legitimate reason why anybody would need to use this website. And let’s be clear; allowing people to check their own PAN is not a good enough justification to make this information public.

There are plenty of illegitimate reasons why this website would be used. First and foremost would be identity fraud. Knowing someone’s PAN is crucial if you want to engage in fraudulent transactions on their behalf.

While the internet can be a useful tool, sometimes people need to think about why a tool is really necessary and think about the implications before putting it online.

However, I suppose in India, a country where privacy laws don’t exist, and the concept of personal privacy is alien, it should not come as a big surprise that the government itself is facilitating identity fraud.

Just to try out the system, you could look up one of many common Indian personalities’ names and dates of birth on Wikipedia and the website will give you their PAN.

Belorussian Translation provided by PC

UK Government says “No Evidence” IE is Less Secure

A couple days ago I had mentioned that Lord Avebury had asked the UK Government about their usage of IE. The UK Government has now answered and I am reproducing the full text of the question and answer below:

Asked by Lord Avebury

To ask Her Majesty’s Government what discussions they have had with the governments of France and Germany about security risks of using Internet Explorer; and whether they will encourage public sector users to use another web browser. [HL1420]

The Parliamentary Under-Secretary of State, Home Office (Lord West of Spithead): UK government officials and subject matter experts are in regular contact with their counterparts in France, Germany and other countries on both a bilateral and multilateral basis to exchange technical information and opinions on many aspects of cyber security, including software vulnerabilities. For example, the UK’s Government Computer Emergency Response Team (GovCertUK) and Combined Security Incident Response Team (CSIRTUK) are members of the group of European Government CERTS (EGG), as are their French and German equivalents.

Complex software will always have vulnerabilities and motivated adversaries will always work to discover and take advantage of them. We take internet security very seriously and we have worked with Microsoft and other suppliers over many years to understand the security of the products used by HMG, including Internet Explorer. There is no evidence that moving from the latest fully patched versions of Internet Explorer to other browsers will make users more secure. Regular software patching and updating will help defend against the latest threats.

Microsoft issued a patch to fix the recent Internet Explorer vulnerability on 21 January. Prior to this, government departments had been issued with a GovCertUK alert on how to deal with this particular incident and to mitigate vulnerabilities in relation to particular versions of IE.

A government user, operating on government systems, such as the Government Secure Intranet (GSi), will benefit from additional security measures, unlikely to be available to the average home computer user. These include tools which actively monitor for evidence of any malicious attacks.

Source: Lords Hansard text for 26 Jan 2010

While the UK government contends that “there is no evidence that moving from the latest fully patched versions of Internet Explorer to other browsers will make users more secure”, there are many others who would disagree.

Also, although IE8 has significantly improved security models as compared to IE6 and IE7, there is still evidence that IE6 is being heavily used by UK government departments, including the armed forces. I think most people would agree that a “fully patched” IE6 is still relatively more vulnerable to attacks.

Lord Avebury asks UK Government to review use of IE in the Public Sector

Lord Avebury (blog, bio) has tabled a written question in the United Kingdom House of Lords yesterday, which reads as under:

Lord Avebury to ask Her Majesty’s Government whether, in the light of the recent announcement by Microsoft that Internet Explorer was used to carry out the cyber attacks which prompted Google to say it will withdraw from China, they will review the use of Internet Explorer throughout the public sector. HL1505

Source: House of Lords Business (26 January 2010) and Eric Avebury: Internet vulernability

Lord Avebury mentions that the Parliamentary IT authorities are actively discouraging the use of alternative browsers such as Chrome so it is great to see that he is holding the government accountable for their policies.

According to UK parliamentary procedure, the government is obliged to provide a written response to his question on or before 8 February 2010. I think it will be interesting to see what they have to say.

Lord Avebury is an active campaigner for the rights of ethnic minorities in the UK and also those who are British nationals living abroad. He is also a member of the EU Select Committee which considers EU policy on protecting Europe from large-scale cyber attacks.