My fellow Virginians, please install the COVIDWISE app. Now, thank you.

As the United States continues to flail away at the novel-coronavirus pandemic, my part of it has done one thing right. Wednesday morning, Virginia’s Department of Health launched COVIDWISE–the first digital contact-tracing app shipped in the U.S. on the privacy-optimized Exposure Notifications framework that Apple and Google co-developed this spring.

What that means is that COVIDWISE, available for iPhones running 13.5 or newer and most Android phones running Android 6.0 or newer, requires none of your data–not your name, not your number, not your e-mail, not even your phone’s electronic identifiers–to have it warn that you spent a sustained period of time close to somebody who has tested positive for COVID-19.

COVIDWISE and other apps built on the Apple/Google system instead send out randomized Bluetooth beacons every few minutes, store those sent by nearby phones running these apps, and flag those that indicate sufficiently extended proximity to allow for COVID-19 transmission as doctors understand it. That’s the important but often misunderstood point: All of the actual contact matching is done on individual phones by these apps–not by Apple, Google or any health authorities.

If a user of COVIDWISE tests positive and alerts this system by entering the code given them by a doctor or test lab into this app, that will trigger their copy of the app to upload its record of the last 14 days of those flagged close contacts–again, anonymized beyond even Apple or Google’s knowledge–to a VDH-run server. The health authority’s server will then send a get-tested alert to phones that had originally broadcast the beacons behind those detected contacts–once the apps on those devices do their daily check-ins online for any such warnings.

The U.S. is late to this game–Latvia shipped the first such app based on Apple and Google’s framework, Apturi Covid, in late May. In that time, the single biggest complaint about the Apple/Google project from healthcare professionals has been that it’s too private and doesn’t provide the names or locations that would ease traditional contact-tracing efforts.

I’m not writing this just off reading Apple and Google’s documentation; I’ve spent a lot of time over the last two months talking to outside experts for a long report on digital-contact-tracing apps. Please trust me on this; you should install COVIDWISE.

Plus, there’s nothing to it. The pictures above show almost the entire process on my Android phone: download, open, tap through a few dialogs, that’s it. At no point did I have to enter any data, and the Settings app confirms that COVIDWISE has requested zero permissions for my data. It uses the Bluetooth radio and the network connection; that’s it, as I’ve confirmed on two other Android phones.

If I’m curious about how this app’s working, I can pop into Android’s Settings app (search “COVID” or “exposure”) to see when my phone last performed an exposure check. But I don’t expect to get any other sign of this app’s presence on my phone–unless it warns me that I stood too close to somebody who tested positive, in which case I may not enjoy that notification but will certainly need it.

Updated 8/6/2020 with further details about the app’s setup and operation.

Warning: Election work may be habit-forming

For the third time this year–and the second time in three weeks–I woke up at 4 a.m. to start a workday that wouldn’t end until after 8 p.m.

I had thought at the time that the almost 16 hours I spent March 3 staffing the Democratic presidential primary would be my one-and-done immersion in the field. I’d learned firsthand about voter identification rules, the importance of a simple paper-ballot user experience, and the intense care taken to verifying the process and the results, and a second round didn’t seem that it could teach me much more.

But then the novel-coronavirus pandemic led many older poll workers to opt out, while my freelance work has yet to fill up my schedule in the way it did a year ago. After reading enough stories about electoral debacles in other states, I had to re-up when my precinct chief e-mailed to ask if I could work the June 23 Republican primary and the July 7 special election to fill an Arlington County Board seat.

I also figured that I wouldn’t see much of a crowd on either day. That was especially true for the GOP primary, when only 41 voters showed up (all of whom I appreciated for doing so) for the election that determined Daniel Gade would run against Sen. Mark Warner. I was glad that I’d brought a book to read, and that my colleagues for the day proved to be good company.

Tuesday saw 114 voters cast ballots to help put Takis Karantonis on the County Board. It also featured better protective gear for poll workers, in the form of comfortable cloth face masks with nicely-official-looking “Election Officer” labels as well as acrylic shields for the poll-book workers checking in voters.

Tuesday was also the last election to feature the photo-ID requirements that the General Assembly repealed this spring. This time, with voters consistently wearing their own masks, looking at tiny black-and-white thumbnail portraits on driver’s licenses was even more of a formality compared to the older and simpler method of asking each voter to state their name and address and then matching that to their entry in the poll book.

One of the other people working this election made a point of saying “see you in November!” to each voter. The resulting enthusiastic responses ranged from “You bet!” to “hell yes” to “I’ll be here at 4 a.m.”

That’s going to be a big deal and a lot of work. Friday morning, the precinct chief e-mailed Tuesday’s crew to thank us for the work and express his hope that we’d be on to help with the general election in November… and, yes, I think I see where this is going for me.

Things I learned from working a primary election

After more than 15 years of writing about voting-machine security, I finally got some hands-on experience in the field–by waking up at 4 a.m. and working a 16-hour day.

I’d had the idea in my head for a while, thanks to frequent reminders from such election-security experts as Georgetown Law’s Matt Blaze that the best way to learn how elections work is to work one yourself. And I finally realized in January that I’d be in town for the March 3 Democratic primary and, as a self-employed type, could take the whole day off.

I applied at Arlington’s site by filling out a short form, and about two hours later got a confirmation of my appointment as an election officer. (My wife works for Arlington’s Department of Technology Services but has no role in election administration.) A training class Feb. 11 outlined the basics of the work and sent me home with a thick binder of documentation–yes, I actually read it–and on March 3, I woke up two minutes before my 4 a.m. alarm.

After packing myself a lunch and snacks, as if I were going to grade school, and powering through some cereal, I arrived at my assigned polling place just before the instructed start time of 5 a.m. I left a little before 9 p.m. Here are the big things I learned over those 16 hours:

  • Yes, having people fill out paper ballots and scan them in works. I saw 500-plus voters do that while I tended the scanner in the morning, and none had the machine reject their ballot. There was confusion over which way to insert that ballot, but the scanner accommodated that by reading them whether they were inserted upside down, right-side up, forwards or backwards. (I wish more machines were that tolerant of human variances in input.) And at the end of the day, we had a box full of ballots that will be kept for a year.
  • The technology overall appeared to be of higher quality than the grotesquely insecure, Windows-based Winvote touchscreen machines on which I voted for too many years. This scanner was an offline model running a build of Linux, while the poll-book apps ran on a set of iPads.
  • The “vote fraud” rationale for imposing photo ID requirements is not only fraudulent, but photo IDs themselves are overrated. The state allows a really broad selection of public- and private-sector IDs—unavoidable unless you want to make it obvious that you’re restricting the franchise to older and wealthier voters—and our instructions required us to be liberal in accepting those. I didn’t see or hear of anybody getting rejected for an ID mismatch. (The one surprise was how many people showed up with passports; I quickly grew to appreciate their larger color photos over the tiny black-and-white thumbnails on drivers’ licenses.)
  • Asking people to state their name and address, then matching that against voter-registration records, does work. That also happens to be how voter check-in used to work in Virginia before Republicans in the General Assembly shoved through the photo-ID requirement that’s now been reversed by the new Democratic majority in Richmond.
  • You know who really loves high turnout? Election officers who otherwise have some pretty dull hours in mid-morning and then mid-afternoon. At one point, the person in charge of the ballot scanner busied himself by arranging stickers into a bitmapped outline of Virginia, then added a layer of stickers on top of that to represent I-95 and I-66. Fortunately, precinct 44 blew away past primary-turnout records with a total of 1,046 in-person votes.
  • The attention to detail I saw was almost liturgical. Every hour, the precinct chief did a count of voters checked in and votes cast to ensure the numbers matched; every record was done in at least duplicate; every piece of paper was signed by at least two election officers, and the overall SOR (statement of results) bore the signatures of all eight of us. We closed out the night by putting documents and records in specified, numbered envelopes, each locked with a numbered zip-tie lock; each number was recorded on a piece of paper on the outside of each envelope that was itself signed by two election officers.
  • Serving as an election officer isn’t physically demanding work, but it does make for a long day. We did have coffee delivered, but it didn’t arrive until 9 a.m., and nobody had time for dinner during the rush to close out things after the polls closed.
  • It’s also not the most lucrative work ever. My paycheck arrived Friday: $175, amounting to an hourly wage of $10.94. The value of seeing the attention paid to make democracy work and then watching more than a thousand people show up to exercise their rights: priceless.

Updated 3/23/2020 to fix some formatting glitches.

Android 10 first impressions: location, location, no you can’t have my location

A dozen days after installing Android 10 on my Pixel 3a, this operating-system update’s major accomplishment has been helping me to chain down a bunch of my apps.

That’s good! The location-privacy improvements in Android 10–starting with the ability to deny an application access to your location when it’s not running in the foreground–more than justify the roughly seven minutes I spent installing this release.

I expected that after seeing Google’s introduction of Android 10, then named Android Q, at Google I/O this May.

But I didn’t know then that Android would actively warn me when individual apps checked my whereabouts when I wasn’t running them, in the form of “[App name] got your location in the background” notifications inviting me to take the background-location keys from that app.

I was already planning on limiting most of the apps on my phone to foreground location access only, but these reminders have sped up that process and helped spotlight the more obvious offenders. (Facebook Messenger, go sit in the corner.) This is an excellent case of Google borrowing from Apple.

There’s much more that’s new in Android 10–if you’re curious and have an hour or so free, Ron Amadeo’s novella-length review at Ars Technica exceeds 2,000 words on the first of nine pages–but its other changes have made less of a difference in my daily use.

• The battery, WiFi and signal-strength icons are now simple outlines, and when swiped down the notifications area shows your remaining battery life in human language instead of a percentage: “1 day, 2 hr.” Less attractive: The text of notifications doesn’t appear in Android’s usual Roboto font, which bugs me to no end.

• The array of icons in the share sheet no longer painstakingly paint their way onto the screen. And the one I employ most often–the copy-to-clipboard icon–always appears first and at the top right of this list.

• The switch to gesture navigation (for instance, swiping up to see all open apps) hasn’t been as confusing as I’d feared… because Android 10 didn’t touch my previous “2-button navigation” system setting, which keeps the back and home buttons one swipe away. I guess I should try the new routine now.

• I still think dark mode is an overrated concept, having had that as my everyday screen environment on too many DOS PCs, but I get that it can be less distracting at night. And on phones with OLED screens, dark modes also extend battery life. So now that dark theme is a supported Android feature–hint, edit your Quick Settings sheet to add a “Dark theme” tile–I would like to see more apps support it. Starting with Google’s own Gmail.

Finally, I have to note that my phone has yet to crash or experience any impaired battery life since updating it to Android 10. I hope I didn’t just jinx this update by writing the preceding sentence.

 

This is the most interesting conference badge I’ve worn

LAS VEGAS–I’ve spent the last two days wearing a circular circuit board topped with a slab of quartz, which is not just normal but required behavior to attend the DEF CON security conference here.

DEF CON 27 badgeI had heard upfront that DEF CON badges–available only for $300 in cash, no comped press admission available–were not like other conference badges. But I didn’t realize how much they differed until I popped the provided watch battery into my badge (of course, I put it in wrong side up on the first try), threaded the lanyard through the badge, and soon had other attendees asking if they could tap their badges against mine.

These badges designed by veteran hacker Joe Grand include their own wireless circuitry and embedded software that causes them to light up when held next to or close to other badges. As you do this with other attendees of various classes–from what I gathered, regular attendees have badges with white quartz, press with green, vendors with purple, and speakers with red–you will unlock other functions of the badge.

What other functions, I don’t know and won’t find out, as I’m now headed back from the event. That’s one way in which I’m a DEF CON n00b, the other being that I didn’t wear any other badges soldered together from circuit boards, LEDs and other electronic innards.

(Update: Saturday evening, Grand, aka “Kingpin,” posted detailed specifics about his creation, including source code and slides from a talk I’d missed.)

You might expect me to critique the unlabeled DEF CON badge for flunking at the core task of announcing your name to others, but forced disclosure is not what this event is about–hence the restriction to cash-only registration. And since I have mini business cards, this badge met another key conference-credential task quite well: The gap between the circuit board and the lanyard was just the right size to hold a stash of my own cards.

Bookmarks for a Web privacy tune-up

I talked at length about privacy when I spoke this morning at the Washington Apple Pi user group’s general meeting–but I realized halfway through that I was keeping too much documentation to myself. As in, I hadn’t remembered to put together a set of links for the privacy settings I discussed.

That’s where this post comes in.

Ad preferences: If you don’t want giant Web platforms to target you with ads based on your browsing history–or if you want to correct some inaccurate targeting–these settings will let you do that.

  • At Amazon, selecting “Do Not Personalize Ads from Amazon for this Internet Browser” will stop the retailer from retargeting you across the Web with reminders of things you searched for. But you’ll have to remember to adjust this in every browser in which you shop at Amazon.
  • Facebook provides more control, allowing you to set “Ads based on data from partners” and “Ads based on your activity on Facebook Company Products that you see elsewhere” to “Not allowed.” You can also see what interests Facebook thinks you have and check which advertisers and businesses have targeted you on the social network with their own uploaded contact lists.
  • At Google, you can see what interests the Web giant has discerned in you and opt out of its ad personalization; taking that step will reward you with the image of the sleeping robot shown above.

Tracking protection: If you use Apple’s Safari, you’re already protected from ad networks’ attempts to follow you around the Web to build a model of your interests. New installs of Mozilla Firefox include a comparable level of default tracking protection, as I wrote at USA Today two weeks ago, but you may need to change these settings yourself. Select “Content Blocking” from the menu, click “Custom” and set it to block trackers “Only in Private Windows” and block only cookies identified as “Third-party trackers.”

You may also want to install the Facebook Container extension to shut down Facebook’s attempts to track you on other sites, although I’m not totally clear on what this adds over the newest tracking protection.

Limit Google’s memory: While Google’s ability to remind you of where you’ve been can be useful, that doesn’t mean it should have unrestricted access to that information. Fortunately, you can now set Google to automatically erase your Web and app activity after three or 18 months. You can also take advantage of the lesser-known of option of setting a sync passphrase for your copies of Google Chrome that will encrypt your browsing history, leaving Google unable to use that data in building a profile of your interests.

First impressions of 1Password

After several years using the same password-manager service–and then paying for its premium version–I’ve spent the last few weeks trying an alternative.

I can credit a sales pitch that included the italicized phrase “completely free” for this departure: 1Password’s offer of a free membership to journalists, in celebration of World Press Freedom Day this May 3. But I was also overdue to spend some time in a password manager besides LastPass.

So far, I’m impressed by the elegance of the interface but a little put off by how persnickety 1Password can be to set up. You don’t just create a username and password, you also have to type in a complex and random secret key to get going.

Having read this Toronto-based firm’s documentation of how this extra step helps ensure that a successful guess of your password still won’t compromise your account, I get where they’re coming from. But I’m not sure I’d recommend it to just anybody, especially not when LastPass’s free version suffices for many casual users.

Further time with 1Password’s Mac, Windows and Android apps has revealed other things I like:

This time has also surfaced one thing I don’t like: an incomplete approach to two-step verification that seems to require choosing between running an authenticator app on your smartphone or employing a weird Yubikey implementation that requires running a separate app instead of just plugging a standard USB security key. That’s no better than LastPass’s inflexible notion of two-step verification.

I’d like to see 1Password improve that and support the WebAuthn standard for security-key confirmation. But I’m prepared to give them some time, based on everything else I’ve seen so far.

AirDrop apologists have some opinions

Who knew suggesting that an Apple interface enabled undesirable outcomes and ought to be changed would be so controversial? Me–I’ve been critiquing Apple’s products since before the company was doooomed in 1996.

But even so, the level of enraged techsplaining that greeted last weekend’s Yahoo post about AirDrop file-sharing has been something else. To recap that briefly: While AirDrop’s default contacts-only setting is safe, accepting a file transfer from somebody not in your contacts requires setting it to “Everyone”–a setting that does not time out but does automatically display a preview of the incoming image. The predictable result: creeps spamming strangers who had set AirDrop to Everyone and then forgot to change it back, and by “spamming” I mean “sending dick pics from iPhones with anonymous names.”

AirDrop settings screen on an iPhone.(For more details, see my Aug. 2017 USA Today column or this Dec. 4 post from the security firm Sophos.)

Suggesting that Apple have the Everyone setting time out or not auto-preview images did not go over well the people–most apparently men–who filled the replies to my tweet Sunday sharing the post. Let me sum up the major points these individuals vainly attempted to make, as seen in quotes from their tweets:

“It’s contacts only by default.” Yes, and if nobody ever interacted with people who weren’t in their contacts and offered to use this handy feature to share in a file, you would have a point. As is, this request comes up all the time–my wife saw it from Apple Store employees–as I explained in the post that these techbros apparently did not finish reading.

“Still trying to make a big deal of something I’ve never experienced.” Thank you, sir, for proving my exact point about the problems of having development teams dominated by white men. As writing about “Gamergate” made obvious, things are often different for the rest of humanity, and “I don’t have this problem” is not a valid defense of a social feature without confirmation from people outside your demographic background. Sorry if asking you to acknowledge your privilege is so triggering, by which I mean I’m not sorry.

“At some point, you have to take some goddamn responsibility.” Ah yes, the old blame-the-customer instinct. I hope the multiple people who expressed some version of “why are you coddling people too dumb to turn Everything off” don’t and never will work in any customer-facing role.

“you don’t have to accept every airdrop item that comes in.” What part of “automatically display a preview” don’t you understand?

“What I don’t understand is why these creeps aren’t reported by the receivers to authorities.” What part of “iPhones with anonymous names” don’t you understand? And before you next resort to victim blaming like this, you should really read up on the relevant history.

“There are far worse UX issues in iOS if that is what you are concerned about.” News flash, whataboutists: I write about problems in the tech industry all the time. Stick around and you’ll see me take a whack at a company besides your sainted Apple.

And that brings me to the annoying subtext beneath all these aggrieved responses: The notion that questioning Apple’s design choice is an unreasonable stretch, so we should look anywhere else for solutions to what even most of my correspondents agreed was a problem. Well, if that’s your attitude, turn in your capitalist card: You’re not a customer, you’re a supplicant. And I don’t have to take your opinion here seriously.

Here’s my Web-services budget

The annual exercise of adding up my business expenses so I can plug those totals into my taxes gave me an excuse to do an extra and overdue round of math: calculating how much I spend a year on various Web services to do my job.

The result turned out to be higher than I thought–even though I left out such non-interactive services as this domain-name registration ($25 for two years) and having it mapped to this blog ($13 a year). But in looking over these costs, I’m also not sure I could do much about them.

Google One

Yes, I pay Google for my e-mail–the work account hosted there overran its 15 gigabytes of free storage a few years ago. I now pay $19.99 a year for 100 GB. That’s a reasonable price, especially compared to the $1.99 monthly rate I was first offered, and that I took too long to drop in favor of the newer, cheaper yearly plan.

Microsoft Office 365

Getting a Windows laptop let me to opting for Microsoft’s cloud-storage service, mainly as a cheap backup and synchronization option. The $69.99 annual cost also lets me put Microsoft Office on one computer, but I’ve been using the free, open-source LibreOffice suite for so long, I have yet to install Office on my HP. Oops.

Evernote Premium

This is my second-longest-running subscription–I’ve been paying for the premium version of my note-taking app since 2015. Over that time, the cost has increased from $45 to $69.99. That’s made me think about dropping this and switching to Microsoft’s OneNote. But even though Microsoft owns LinkedIn, it’s Evernote that not only scans business cards but checks LinkedIn to fill in contact info for each person.

Flickr Pro

I’ve been paying for extra storage at this photo-sharing site since late 2011–back when the free version of Flickr offered a punitively-limited storage quota. This cost, too, has increased from $44.95 for two years to $49.99 a year. But now that Yahoo has sold the site to the photography hub SmugMug, the free tier once again requires serious compromises. And $50 a year doesn’t seem that bad, not when I’m supporting an indie-Web property instead of giving still more time to Facebook or Google.

Private Internet Access

I signed up for this virtual-private-network service two years ago at a discounted rate of $59.95 for two years, courtesy of a deal offered at Techdirt. Absent that discount, I’d pay $69.95, so I will reassess my options when this runs out in a few months. Not paying for a VPN service, however, is not an option; how else am I supposed to keep up on American news when I’m in Europe?

LastPass Premium

I decided to pay for the full-feature version of this password manager last year, and I’m already reconsidering that. Three reasons why: The free version of LastPass remains great, the premium version implements U2F two-step verification in a particularly inflexible way, and the company announced last month that the cost of Premium will increase from $24 a year to $36.

Combined and with multi-year costs annualized, all of these services added up to $258.96 last year. I suspect this total compares favorably to what we spend on news and entertainment subscriptions–but that’s not math I care to do right now.

2018 in review: security-minded

I spent more time writing about information-security issues in 2018 than in any prior year, which is only fair when I think about the security angles I and many of other people missed in prior years.

Exploring these issues made me realize how fascinating infosec is as a field of study–interface design, business models, human psychology and human villainy all intersect in this area. Plus, there’s real market demand for writing on this topic.

2018 calendarI did much of this writing for Yahoo, but I also picked up a new client that let me get into the weeds on security issues. Well after two friends had separately suggested I start writing for The Parallax–and after an e-mail or two to founder Seth Rosenblatt had gone unanswered–I spotted Seth at the Google I/O press lounge, introduced myself, and came home with a couple of story assignments.

(Lesson re-learned: Sometimes, the biggest ROI from going to conference consists of the business-development conversations you have there.)

Having this extra outlet helped diversify my income, especially during a few months when too many story pitches elsewhere suffered from poor product-market fit. My top priority for 2019 is further diversification: The Parallax is funded by a single sponsor, the Avast security-software firm, which on one hand frees it from the frailty of conventional online advertising but on the other leaves it somewhat brittle.

I’d also like to speak more often at conferences. Despite being half-terrified of public speaking in high school, I’ve become pretty good at what think of as the performance art of journalism. This took me some fun places in 2018, including my overdue introduction to Toronto. (See after the jump for a map of my business travel.)

My focus on online security and privacy extended to my own affairs. In 2018, I made Firefox my default browser and set its default search to DuckDuckGo, cut back on Facebook’s access to my data, and disabled SMS two-step verification on my most important accounts in favor of app or U2F security-key authentication.

At Yahoo, it’s now been more than five years since my first byline there–and with David Pogue’s November departure to return to the New York Times, I’m the last original Yahoo Tech columnist still writing for Yahoo. My streak is even longer at USA Today, where I just hit my seventh anniversary of writing for the site (and sometimes the paper). Permanence of any sort is not a given in freelance journalism, and I appreciate that these two places have not gotten bored with me.

I also appreciate or at least hope that you reading this haven’t gotten bored with me. I’d like to think this short list of my favorite work of 2018 had something to do with that.

Thanks for reading; please keep doing so in 2019.

Continue reading