Category: Tech/Computing

WordPress NYC: Enterprise Features for Small Businesses Running WordPress

Earlier this week, the WordPress NYC Meetup group hosted me at their space inside the Microsoft Technology Center. I was there to present some of my recent work on “Enterprise Features for Small Businesses Running WordPress.” I had a lot of fun and really appreciated the opportunity to showcase three projects I’ve been working on recently.

You can find an archive of all recorded sessions that the organizers, Steve and Scott, of the WordPress NYC Meetup have produced at the “WPNYC TV” page on their website. Below, you can find my own presentation from their latest evening, along with a transcript and links to the original presentation materials. This includes my slide deck, presenter notes, and presentation runbook.

>> SCOTT BECKER: Maymay and I just met tonight, but I find what he does fascinating. So, instead of giving you, like, some spiel that, y’know, we’ve written up, I’m just going to read a bit about what we had here at Meetup so you know a little bit about what Maymay’s gonna talk to you about. I find it fascinating.

He’s a Free Software developer and technology consultant who—get this—works without money. Anybody else say that?

>> AUDIENCE MEMBERS: Sometimes.

[laughter]

>> MAYMAY: Good answer!

>> SCOTT BECKER: Instead of owning a home, Maymay lives on the road, traveling wherever I guess he’s needed and wanted, working to help secure and scale small businesses, non-profits, and community groups. He’s on the road and he helps people take advantage of enterprise features through easy to use and easy to understand Free and Open Source Software.

So, with that being said, maymay.

>> MAYMAY: Yeah! Thank you. Thank you so much, Scott and Steve, who I know is not here. And to Microsoft, for the space of course. So, you just introduced a little bit about me. I kinda just want to spend one moment say a little bit more about myself.

People call me “maymay,” that’s the name I prefer. This is a screenshot of my homepage at maymay.net. It’s spelled like the month of May, but twice. Um, I get DDoS’ed occasionally, so if my site’s not up right now, don’t worry about it. It’ll come back in a sec. Apologies if that’s happening, but go there to learn a little bit more about me, and about the work that I do.

In the meantime, I want to talk a bit about what we’re gonna do here. So, I talked a little bit about myself. I won’t bore you more with that. Next we’re gonna quickly spin up a new WordPress Multisite instance, so that we can show some of the demos that I want to show you. I’ll be showing you three WordPress plugins that I wrote that I think you might want to know about. That may be why you’re here. And finally, if there’s time, we can do some Q&A. Hopefully I’ll have some answers to that.

So, all right, let me go ahead and spin up a new WordPress Multisite instance. And, for this, I’m actually gonna go out of the slides, and I’m gonna go to my little demo here. Now, what I am going to do is go to this website that doesn’t yet exist, just to prove that it’s not actually there: W P N Y C dot DEMO. This website doesn’t exist, no one can get to it. It doesn’t yet exist. So we’re going to go ahead and make it!

Can y’all see that, is that big enough? That text is big? Okay.

I’m gonna be using a couple tools that I’m gonna explain in just a second. The one that I want to start with is VV. And, this is gonna basically automate creating an entire new WordPress Multisite install on my machine, and make the site available at WPNYC.DEMO.

So, I’m gonna tell VV to, hey, please create for me a domain called WPNYC.DEMO. And I want the name of this site to be WPNYCDEMO. Is that right? That’s right. And I want it to be a multisite install with a subdomain scheme. You know how WordPress can do subdirectories and subdomains? I want subdomains. I want the admin username to be admin, I want the password to be password, which I know is not a good password, but this is a demo.

>> AUDIENCE MEMBER: Password with five asterisks!

>> MAYMAY: Yeah, and an at-sign!

>> AUDIENCE MEMBER: What is this software you’re using?

>> MAYMAY: I’ll talk about the software in just a sec, I just want to kick this off.

The admin email address is gonna be admin@wpnyc.demo. I want also to remove these defaults. Y’know how sometimes when you install a new WordPress site it installs plugins like Akismet and the Hello Dolly plugin and a bunch of different themes that you almost never use? I wanna remove all those, so I don’t actually want those to be part of the final build. And I’m also going to use the debug flag here because I want to set the WP_DEBUG constant in the wp-config file. This will help me show you some of the output from some of the plugins that we’re gonna demo. Just so that we make sure that’s there.

All right, so I’m gonna go ahead and create that. And VV’s gonna ask me whether or not I want to create a site with a blueprint. I don’t. Whether I want to install a specific version of WordPress. I don’t. I’ll just use the latest version, rather. I’m not going to use any sample content so it’s gonna be totally blank, no users, no nothing. We’re not gonna import any database files. We’re not going to add sample content to any of this. And we’re gonna go ahead and start that off.

Now, VV is gonna go ahead and build me a new server and it’s going to make that site available over on the left-hand side there. And while that’s happening, we can switch back to our presentation and we can talk a little bit about the demos that I’m going to be showing you.

So, very briefly. If you don’t already know about the tools there—

>> AUDIENCE MEMBER: Where’s this site going to be set up?

>> MAYMAY: It’s setting up right on my computer here, in a development environment. And it’s going to be using these things: Virtual Box, which is a virtual machine hypervisor, a type 2 virtual machine hypervisor. That means that I’m gonna have a totally new computer, a Linux server, on my Mac here. That, is being configured using Vagrant, which is a virtual machine hypervisor automation tool. So with Vagrant commands I can tell Virtual Box how to set up that machine; what network interfaces I want, what kind of operating system I want, what kind of ports to use, all that kind of stuff. I’m also using VVV, which is the Varying Vagrant Vagrants project. This is a project originally started by the 10Up company, which is a WordPress development shop. It’s a Vagrant config specific for WordPress development. So, I’ll be using that. And, last one is Variable VV, which is the one that I used that you saw and this is the command that I was using to tell VVV how I wanted it to configure that WordPress setup.

So, all these tools are Free Software, open source. You can grab them on GitHub or these project pages. Variable VV is written by Brad Parbs, who’s an excellent developer and this tool is probably the easiest way to set up a WordPress site I’ve ever seen. I’ve contributed a number of features to it. It’s really, really nice.

Using these kinds of tools makes development a lot easier, a lot more robust, a lot more reliable, ’cause it’s all automated. It takes out human error, and it’s much faster, of course.

So, let’s—

>> AUDIENCE MEMBER: Quick question?

>> MAYMAY: Yeah?

>> AUDIENCE MEMBER: Are you familiar with Local by Flywheel? Is this similar, or are there major differences?

>> MAYMAY: I am only passingly familiar with Local by Flywheel, but if I understand correctly, they’re basically equivalent tools. Right? It’s kind of—again, I’m actually not that familiar with Local by Flywheel. I’ve heard of it. My understanding is that it sets up a development environment for WordPress. Some of you may have heard about XAMP, right? That old thing.

[laughter]

That still exists. It’s kind of like a packaged server in a box. Like an application box. This is using—uh, this is the same effect, but we have virtual machines to do it with instead of putting, like, an Apache server on your laptop. That kind of thing.

All right, so, while that’s all building, we’re here to talk about Enterprise, right? So, I’m gonna assume you all know what WordPress is, and I’m gonna assume you all know what a small businesses are, and what features are, but we’re here to talk about “Enterprise Features for Small Businesses.” So what does, “Enterprise” mean? And some of you may think you already know what this is, and that’s great. Obviously, I’m not here to tell you what to think. That is, or may be, your employer’s job. So instead, I wanna make sure we’re all on the same page by letting you know what I mean when I say “enterprise.”

So what I mean when I say “enterprise” is important capabilities for secure and private collaboration, which utilize multiple tools simultaneously, typically sold to larger corporations that have a lot of money. Right? So, in other words we’re talking about anything that has to do with process or workflow automation, anything that has to do with objectives that touch multiple disciplines at once. Tools, for example, that interoperate between multiple vendors, typically to avoid vendor lock-in so that you don’t have to be beholden to a Facebook or an Amazon or a Google for the rest of your business’s life. Any capability that’s, perhaps, perceived to be super advanced or maybe even unnecessary for small groups, like those zero-to-one employers shops, or sole proprietorships, small businesses of that kind, particularly when they’re security and privacy related. Because those are the kinds of things almost always sold as the “pro” features in add-ons and upgrades that are unavailable to people with not huge budgets.

So, in short, any kind of system or tool that supports truly resilient autonomy. Something you can do yourself. Not this B2B stuff. Right?

So, with that said, I see my role as a Free Software developer to make it more possible for more people to independently access more of those capabilities without needing to have money and without needing to engage in any other form of abusive or coercive relationships in order to do so. I think that’s especially important to do in service to and in solidarity with the specific people whose lives are made dramatically worse by capitalist efforts to do the contrary.

All right, so let’s see where we are with the build of this new website and how far we’ve gotten on creating the server. Okay, there we go. It says here the server URL is wpnyc.demo. Let’s take a look and see if we actually have this available.

There we go, we got a new website up. So this is a pretty standard WordPress site. It’s all empty here, nothing fancy about this at all. We can go ahead and try to log in. And we’ll use our admin and password. And you can see that we have a Multisite install, so we have a Network Admin. We’ve got a users database. It’s all empty. So it’s just a standard, brand-new, WordPress site that we’ve created there.

>> AUDIENCE MEMBER: So, is this replacing what everyone has to do with their hosting company? Making databases, and—

>> MAYMAY: No, this is what your hosting company uses!

>> AUDIENCE MEMBER: Right, okay.

>> MAYMAY: You’re not going to be able to go to this website from, for example, the Starbucks down the street because it’s on my computer. It’s physically here. However, if you were a hosting company and you, for example, didn’t want to go and create a database and install WordPress every time you get a customer request, you’d probably use a tool like this. So, these tools are Free Software, they’re open source, you can do that if you wanted to. They don’t tell you that, but you can.

>> AUDIENCE MEMBER: It sets things up in seconds!

>> MAYMAY: It does. It doesn’t take very long at all. All right! So, we got our website, so we spun up a new WordPress Multisite instance.

>> AUDIENCE MEMBER: Question?

>> MAYMAY: Yeah?

>> AUDIENCE MEMBER: What does Multisite mean?

>> MAYMAY: Multisite means you can have multiple domains, multiple websites, that are running on one WordPress database. You have one database but you have, for example, blog.wpnyc.demo, and test.wpnyc.demo, and maybe even othersite.com, all running on one WordPress installation.

>> AUDIENCE MEMBER: So you can back the whole thing up?

>> MAYMAY: Yeah! It’s all one database, so whenever you backup that database, you backup the whole thing, the whole network.

>> AUDIENCE MEMBER: So you’re managing it from one WordPress site?

>> MAYMAY: Yeah. If Multisite is new to you, definitely check out the WordPress codex, which has a Multisite page. It describes it right there and also tells you how to set it up manually, in case you want to do that. It is good to do that manually at least once or twice so you know what these tools are doing. But once you do know how to set it up manually, using these tools obviously makes the job a lot faster and a lot less error prone.

All right, so we’ve created our new WordPress multisite instance. Let’s move on now. We’ll learn about the Subresource Integrity Manager for WordPress.

So, first, how many of you may already have heard about Subresource Integrity? No? Okay. That’s cool. I really like the Mozilla Developer Network’s definition. It’s pretty clear.

“Subresource Integrity is a security feature that enables browsers to verify that files they fetch (for example, from a CDN [a Content Distribution Network]) are delivered without unexpected manipulation. It works by allowing you to provide a cryptographic hash that a fetched file must match.”

So, what does that mean? For example, let’s say some attacker—or you—want to run cryptocurrency mining JavaScript on hundreds of thousands of users’s Web browsers. You don’t have to actually attack thousands of users’s websites, thousands of websites on the Internet, in order to do that. You could compromise the one website that all those other websites are loading files from. For example, like a [Facebook tracking] pixel, right? Like some sort of web bug. If you can change that and everyone is pulling that site from you, well, there you go. You’re now loading your JavaScript code on multiple websites. So, for example, if I wanted to make the users of USCourts.gov mine Monero or BitCoin for me, then I wouldn’t necessarily have to attack USCourts.gov, I could attack TextHelp.com, because TextHelp.com is serving files for the other sites, USCourts.gov and ICO.org.uk.

Now this isn’t theoretical, either, this happened just last week, with these exact websites—USCourts.gov included—and it’s exactly the sort of scenario that Subresource Integrity is designed to mitigate. So, let’s see how you can prevent this attack against your site’s users for free using the Subresource Integrity Manager for WordPress.

Let’s go back to our demo here. And we’ll switch back to Firefox.

>> AUDIENCE MEMBER: Is this similar to what SSL does?

>> MAYMAY: No. No, SSL would not protect against this because you’re still getting the content and not verifying that what you’re getting is what you expected to get. It just means that no one has listened to what you’re getting on the way. I’ll show you what I mean in just a sec. This will be a lot clearer if you see this in action than if you just see some slides without a demonstration about it.

All right, so the first thing we’re gonna do is, obviously, is we’re gonna go to our Network Admin screen. We’re gonna go to Plugins. We don’t have any. And we need to get one because we need to get the Subresource Integrity Manager, called WP-SRI. I think you can also search for “Subresource Integrity.” Regardless, here it is. We’re gonna go ahead and install this. And there it is.

Now, when you have a Multisite install you can activate plugins for an entire Network all at once or, what we’re gonna do, is we’re going to go to the site itself, our site’s Dashboard—it’s hard to do this backwards. Go to our Plugins, and we’re gonna go ahead and activate the Subresource Integrity Manager for WordPress. That’s it, you’re now protected. By which I mean, if you go to your Tools page, you’ll see a new item called Subresource Integrity Manager, and you see here all the listing of resources that your site’s requesting. Every single one, including the ones on your own site because we set that debug flag—I wanted to make sure there was some content here. Over on the left you see the URL column. That’s the source address of the file you’re loading. So these are JavaScript and CSS styles, etcetera. And over on the right, you’ll see these hashes. And this is the cryptographic hash, this is the one-way mathematical function that proves that the content that’s being served to your site is the content that you expected to get when you first loaded that resource.

So, what do I mean by that? Let’s go to the site itself, and I’m going to go ahead and open up the View Source thing here—and let’s make that a little bit bigger so you can see as well—and let’s just have a look at one of these link elements. Actually, let’s look for stylesheet—style sheet—there we go. So this probably looks familiar to any of you who have seen CSS before, right? Link rel stylesheet. Here’s an href, a reference to the stylesheet itself, but over on the right, you can see crossorigin anonymous and integrity equals SHA-256 dash and then this hash. This hash is the metadata of what was expected to be in that stylesheet. So if some attacker modifies it, it’s not going to load in your browser if you’re using these, if you’re expecting to get this particular hash value.

What do I mean by that? Let’s go a little bit deeper into that. So, let’s close—close? What happened there. There. Let’s close out of this. And I want to create now an example attack on this website to show you how this is actually enforced.

So the very first thing we’re gonna do, I’m going to go to my command line here and I’m going to create a new JavaScript file. This is gonna be going to a CDN that I set up ahead of time, here. CDN dot demo. The important thing about this site is that, again, it’s just a WordPress site, it’s just a different domain. The point being that we have two different domains. One requesting JavaScript sources from another. This is exactly the same thing as you would, for example, do when you do an embed from YouTube and you say, “Hey, YouTube, please load some content on my site.” I’m gonna do the same thing, but it’s gonna be very, very simple. So we’re going to echo some JavaScript, how about alert—whoops, this is hard to do backwards—alert, how about ‘Hello, WP NYC Meetup.’ Right? And we’re gonna go ahead and put this into the root of my CDN demo at htdocs and we can call that test.js for example. And I want that to be output there, whoops! Where did I mess that up? Echo, alert, yup. That’s fine. Uh, that’s not fine? Oh, there’s some other, I can’t see [the full screen on the project] or I mistyped some stuff? I can’t actually see all that. There we go. Nope. It looks like I’m not able to see what is there. Echo alert ‘Hello, WP NYC Meetup.’ Close. Let’s not do this full-screen, because I don’t see what’s over there. Oh! I have another—

>> AUDIENCE MEMBER: Can you explain what you’re doing now?

>> MAYMAY: Yeah! So this is gonna put this text, “alert(‘Hello, WP NYC Meetup’)” into this file. There we go. So if I look at this file, let’s say cat that file out, you’ll see that now that file has “alert(‘Hello, WP NYC Meetup’)” and if we go to our CDN dot demo slash test dot js, we’ll have that file being served in the Web browser.

The next thing I need to do of course is I need to load this JavaScript into the theme that we’re using. So I’m going to go ahead and use Vim to edit wpnycdemo, htdocs, wp content—

>> AUDIENCE MEMBER: And what’s Vim?

>> MAYMAY: Vim is a text editor, like TextEdit, but in a command line. So, like, Notepad or something. WP content, themes, twenty seventeen, because that’s the theme we’re using, and header.php. Right, so this is gonna look pretty familiar to anyone who’s edited a WordPress theme before. You can see here the wp_head hook, function there. And we’re just gonna add another one and it is going to be wp_enqueue_script, and this is gonna be WP-SRI demo, and we’re gonna load CDN.demo/test.js. All right, now our website—we put that embed code, basically, into our website. So now, when we load the WP demo site, we should get an alert that says, hey, “Hello, WP NYC Meetup.” There we go. So we now have that alert. We’re running that JavaScript code.

Here’s the thing. What if I then change that JavaScript code? Well, without Subresource Integrity, if I change that JavaScript code, it’s still gonna run, which means that if some attacker then changes that source code on some other server that you don’t control, that you have no insight into, they’re now running their code on your site. With Subresource Integrity, however, if I change that, so let’s do that, let’s vim this again. This time, let’s vim the CDN site, htdocs, test.js, let’s make something much more malicious happen here. Maybe something like a cross-site scripting attack. With a cross-site scripting attack if I reload this now, if I wasn’t using Subresource Integrity—we’re going to go into Subresource Integrity Manager to see that we have a hash for it—it’s not going to load.

Okay. Why didn’t it load? It didn’t load because, if we look at the Inspector, and go to our Console, you can see, “None of the SHA 256 hashes in the integrity attribute match the content of the subresource.” In other words, the browser says, “Hey, I saw this file, but it doesn’t match what you told me it should contain. And because it doesn’t match, I’m not gonna run it.” Therefore, your users also will not be subjected to that JavaScript. If I—

>> AUDIENCE MEMBER: What will they see? Will they see an error?

>> MAYMAY: No. It just won’t run. So, for example, if you had a personalized resource—Google Fonts does this, where it sends personalized content to each individual user but it’s the same URL, it’s always google.com/fonts/something—that is gonna break this. And so hopefully Google will fix that and will give, like, individual URLs to people. Until then, you have this little Exclude button which just takes out that integrity attribute in case you run into a problem where you’re loading one resource for multiple users but the content of that one resource is different for each user. In that case the integrity attribute won’t be printed, and if I reload this page, we should now have an XSS attack happening. Does that make sense?

>> AUDIENCE MEMBER: Yeah.

>> MAYMAY: All right, so that happens, again, because we did not include the integrity attribute in our test.js script element. If we again go back to Subresource Integrity Manager and re-include it, then when we reload, we will not get the XSS popup because the integrity attribute will be printed and we’ll see in fact the SHA 256 hash was not matching what we expected it to be.

So, let’s return this to the original ‘Hello, WP NYC Meetup’, and we’ll save that. And hopefully, with this, because again, it matches, it’s not excluded, but it does match the content that we’re expecting it to be, we visit the site and we get this back.

So that is Subresource Integrity Manager for WordPress.

>> AUDIENCE MEMBER: Does that add any weight to the site?

>> MAYMAY: It will increase your HTML page sizes, but hopefully you’re using, y’know, HTTP2 for good compression, and it’s not really adding a lot in comparison to the kind of attack that this—the kind of vulnerability that this is for your users is pretty serious. So, this is basically considered a really good thing, it’s been widely developed and deployed.

Some pro-tips for using this. SRIHash.org is a great site to go to if you want one of these one-off. If you have a JavaScript file that you want to insert yourself but you want to include the integrity attribute, go to SRIHash.org, plug the URL into the form there. Hit Hash. It’ll give you the exact code you want to use for that.

>> AUDIENCE MEMBER: That looks like a good password generator.

[laughter]

>> MAYMAY: You can also further harden your site by using the CSP HTTP headers. These are content security policies which tell your visitor’s browsers not to load anything that doesn’t include an integrity attribute if you use the require-sri-for and you can say either script or style, or both. And finally of course, because the free and open Internet is a platform agnostic technology by design you don’t have to be using WordPress to be using this. You can, for instance if you’re using Ruby on Rails, use the sprockets-rails gem. Just use your javascript include tag and add a new parameter there, integrity equals true, and sprockets-rails will take care of it. Similarly, if you’re using any of the NodeJS tools, pick up the SSRI package over on NPM. And again, it’s ssri.fromData or dot fromUrl or something. Give it an algorithm that you wanna use, and the toString method will give you the integrity attribute, what you actually want to print out.

Okay, so that was Subresource Integrity for WordPress.

Yeah?

>> AUDIENCE MEMBER: What happens if I want to change the plugin or the script or whatever?

>> MAYMAY: Yeah!

>> AUDIENCE MEMBER: Do I have to run something again so I can update the hash tags or…?

>> MAYMAY: The easiest thing to do is to go back to your tool, so let’s go back to WPNYC Demo, we’ll go to your tool, and you find the resource you want. So, let’s say, test.js, here. And delete it. Now, the next time it loads, Subresource Integrity Manager will say, “Oh, I don’t know this. I’ll go ahead and fetch it, re-hash it,” and that way basically you’re forgetting the old hash and putting in the new one. So that’s that.

>> AUDIENCE MEMBER: Can you give us an example of how to use this on a site we might already be familiar with?

>> MAYMAY: This is already used on many sites you’re probably familiar with! And it’s used specifically to make sure that there’s no unexpected manipulation from the CDN side. So, for instance, a long time ago—well, not a long time ago but, like, two years ago—there was one of these JavaScript DDoS attacks that happened by Baidu, which was one of the Chinese analytics firms. The Great Firewall of China, evidently, decided to change anyone who was loading Baidu analytics JavaScript that it was sending to DDoS GitHub. As in, to try to get every browser on the planet who was loading Baidu analytics to send a bunch of requests to GitHub.com to take them down. And it worked because, at the time, there was nothing like this. So that, among other reasons is why SRI features became a W3C standard and is now deployed in all these different frameworks.

So, for WordPress, you can use the Subresource Integrity Manager until we get this into core. It looks like it will be into core at some point, but I don’t want to promise about when or how, because I don’t know.

[laughs]

>> AUDIENCE MEMBER: [quiet speaking]

>> MAYMAY: Oh, you just have to hit “exclude.”

>> AUDIENCE MEMBER: [quiet speaking]

>> MAYMAY: Well, I mean, yes. For Google Fonts, or any resource that has the same URL but whose content is different, right? Because, if the content is different, it’s not going to match the hash for all users, it will only match the hash for one user. Probably you, because you’re the first one who has requested it. So you want to exclude those until sites like Google and other CDN providers start making unique URLs per user. All this personalization that happens on just the content and not the URL needs to go away for this to work.

>> AUDIENCE MEMBER: How do I know if I need to exclude a script like that?

>> MAYMAY: See if your site still works.

[laughter]

>> AUDIENCE MEMBER: Oh, just load it again?

>> MAYMAY: Yeah. All right, so, we’re gonna move on to GPG and OpenPGP signing and encryption for WordPress. So, first of all, how many of you are familiar already with GPG or OpenPGP or signing and encryption and technologies? One, two, three, four hands in the back. Okay, cool. Great! Any of you wanna shout out what that is? No? All right.

Well basically, it’s secured email, is the answer to that. In short, GPG or OpenPGP—they’re kind of interchangeable terms—means secure email. But here we have to be pretty careful about what we’re talking about when we say “secured.” What does secured really mean? In a very brief nutshell, ’cause I don’t have that much time, when infosec pros talk about security they’re usually speaking about something that’s known as the CIA triad. It’s called a triad because it has, of course, three parts, and these are confidentiality for the “C,” integrity for the “I,” and availability for the “A.” Now, for the purposes of this presentation we’re only going to concern ourselves with the first two pieces of this triad.

Another common word for confidentiality—you’ll often hear this a lot—is privacy. Much more often used word. And similarly, very similarly to that, another word that’s used for integrity is “authenticity.” So, in the next demo, when I talk about GPG encryption, what I want to be talking about it ensuring privacy: the ability for your website to send a message that only its intended recipient can read. And when I talk about GPG signing, what I’m talking about is ensuring authenticity: the ability for the recipient of that message to verify that it the message was actually sent by your server, not some other imposter, and that the message that they got was unmodified in transit. It’s the actual message that you sent. Very much like the Subresource Integrity thing where you’re hashing stuff. All right, so now let’s see how you can accomplish this with the PGP encrypted emails plugin that I wrote.

So, we’re gonna go back to our demo, and—whoop, there’s my, there it is. And, I want to go to my WordPress site. And, as before, we’re gonna create a new plugin by going to Network Admin, Plugins, Add New, and we’re gonna search for WP PGP Encrypted Emails. That’s the full name of it, but you can also probably search “PGP encrypted emails.” Anyway, we’re gonna hit “Install Now” and there it goes. And we can Network Activate this or we can, again, just go to a site, go to the demo site, go to our plugins, and activate—whoops, no, I don’t want to, I want to do this one—plugins, and activate that. All right, that’s it.

Now, very first thing you’ll notice is that we have one of these admin notices up at the top. It says hold on, you’re not done yet. You’ve got to create or generate an OpenPGP key pair for the website to sign outgoing emails with. In other words, you can’t just send an email. You have to actually stamp that email with the identity of the website, cryptographically. So that’s what we’re gonna do when we generate PGP signing key pair. That’s it, that’s all you gotta do. And this will take you to the Settings screen, with a new item here under Email Encryption.

This email encryption settings will have a number of options. The important one for here is the PGP signing key pair. This is a low-trust, single-purpose key (identity), for the website that you need to distribute any user who wants to make sure that when they’re getting emails from you, it’s coming from the right place. There’s a theme function that you can add to your theme that makes this button, so you don’t have to worry about the code itself, or you can go to or tell your users to go the profile that they have and click on “Download public key” at the very bottom under their personal encryption settings. We’re gonna go ahead and do that. I’m gonna click “Download public key,” and it’s gonna give me this file. I’m just gonna save that, for the moment.

But before we do anything with that, I want to show you what an unsigned and unencrypted email looks like. Regular old email, nothing fancy. This is what you’re doing, probably, right now. And to show you that, I’m gonna go to wpnyc.demo, and I’m gonna go to [port] 1080 here. This is Mailcatcher. This is another one of those development tools that was installed when I did the VV build and what this does is it kind of intercepts any outgoing email from that website and shows it to me in this interface so I can debug it.

You can see that we already have an email in here. This one is the email that was sent when the WordPress site was kicked off and built. Sometimes you’ll see this in the One-click Installers. Y’know, you’ll get an email saying, “Hey, your WordPress site is ready.” That’s what this is. So, this is the source code of that email. You can see the headers up here, and the body down here. And there’s nothing fancy about this, nothing special, nothing cryptographic, no hashes, none of these security features. It’s all just plain text. This is like sending a postcard through the post. Anytime you send a postcard, anyone viewing or handling that postcard can read the contents. That’s what all email, all text messages, all unencrypted HTTP—not HTTPS—traffic is. So we’re now going to add the equivalent of a digital envelope to protect the contents of this message and a digital stamp that says, much like those Game of Thrones, y’know, wax stamps. This definitely came from Jamie Lanister or whoever. We’re gonna add that to our emails. I’m gonna show you how to do that.

Firstly, we have this key that we downloaded. So let’s go ahead and take a look at my Downloads folder. And, or actually, take a look at this here. “To authenticate the emails, download the PGP public key and import it to an OpenPGP-compatible client.” This links to PRISM-Break, which is a fantastic website. If you don’t know about it, check it out. PRISM dash Break dot org. And it lists here all the software that you can use PGP or GPG with. So there’s a vast ecosystem of this. It’s available on Windows, Linux, Android phones, iOS devices, basically any computing device that you have can do this for free already, with either one of these apps if it’s not already built-in. Many Linuxes have this built-in, for example.

So, I’m going to be using GPGTools, or MacGPG for this. That is at GPGTools.org. If you’re on a Mac today and you wanna try this out, go grab this. It’s the best tool for the job I’ve seen. All right, so we’re gonna go ahead and open up this email, I’m sorry, this key, and we’re gonna open it with an application that was installed with the GPGTools package that I installed earlier called GPG Keychain, and we’re gonna import that key, and there we go. Now we have this key.

Now what this means is that we are aware of a cryptographic identify for the website wpnyc.demo. I can now authenticate any emails that are sent there. So let’s go ahead and get an email from there. You could trigger an email by purchasing an order or making a new user account, or you can use the handy “Send me a test email” button, which is what I’m going to do. And when I click this I want you to take a look at the Mailcatcher tab up here, and I want you to take a look at this. This is going to go from 1 to 2. Okay? Ready?

Send me a test email. There it is, now there’s 2. There’s the test email. And now, take a look at how the email is different. We have this “begin PGP signed message” text on top and on the bottom. This is what’s known as a clear signed message. This is saying that this is the, effectively, the integrity attribute, or that metadata for the contents of that message, just like the SRI stuff. It functions very similarly.

If you were using an email client, this would automatically authenticate—

>> AUDIENCE MEMBER: You’d use both?

>> MAYMAY: Use both what?

>> AUDIENCE MEMBER: Use both the GPG and the SRI?

>> MAYMAY: Yeah, they’re separate plugins, they’re separate technologies, but they use the same what are known as cryptographic primitives, which is to say, they use the same mathematics under the hood.

>> AUDIENCE MEMBER: So you’d use one or the other?

>> MAYMAY: No, you can use both, because they do different things. In fact, I would recommend that you use all the plugins I’m gonna demo. [laughs] ‘Cause, they’re all free and they run on any WordPress site of any size. All right.

So, we’re gonna grab this PGP signature here, the contents of this email, and again if you were using an email client like Apple Mail or Microsoft Outlook or something, you wouldn’t have to do this copying-and-pasting, but I’m using a debugging tool so I am. I’m just going to go ahead and open up a TextEdit window and I’m gonna paste this into a new file and we’re gonna say test email, and I’m gonna save it on my desktop—and, sure, you can use the email extension. All right, and now, to verify that this is in fact the—I don’t need this anymore—the message that came from the site, I’m gonna right-click, I’m gonna go to services, and “Verify Signature of File.” See that, there? “Verify Signature of File.”

All right, click that, and we get a verification result: Signed by wordpress@wpnyc.demo. This means, yes, this email came from the site that you think it did and it was unmodified. No one changed the message between the time that the site sent it and the time that you received it. So, to prove that, we can open up this test email again. TextEdit—whoops, come on. Why is it not dragging this over? Drag. Seriously? For real now? All right, let’s do it this way. Other, and we want to use TextEdit, which is here. All right, so now let’s change this email in some way. We’ll just delete some text. We’ll re-save it.

Let’s try to verify again. Now we should get a failed message. This should not verify, because the message was changed. This is really important for things like, for example, security announcements. Apple, Inc, like, the company that makes this computer. They do this, exactly this process for when they send emails to their security announce list because it would be pretty bad if they sent a security announcement to say, “Hey, there’s a new patch available,” and that was actually a fraudulent email. Web hosting providers, DreamHost sends this with their billing emails, with their receipts. Now you can do the same with this plugin. All right, so that is a test email.

So that was signing. Do we have time? Do you think we should do encryption? Do we have time for this?

>> AUDIENCE: Yes!

>> MAYMAY: Yes? Okay. [laughs] Is there a question, there?

>> AUDIENCE MEMBER: [quiet speaking]

>> MAYMAY: I can’t quite hear you. Are you asking if it’s possible, if this works with an external service?

>> AUDIENCE MEMBER: Yes. If you don’t want to use your WordPress server to send the emails.

>> MAYMAY: Yeah. It, um, you will have to do a little bit more work to use an external service because you’ll need to send them pre-signed messages, right? So, for example, a lot of these services will insert things like, you know, “Hello, name,” or, y’know, “who lives at such and such, your account number is such and this.” If you sign the message before they do that, none of these verifications are gonna work, because they’re going to be changing the message on your behalf. On the other hand, there’s many free software plugins for WordPress that can function similarly to MailChimp, for instance, and this plugin is compatible with all of them that I’ve tested, which at this point has been hundreds. So, you could do that, it might take you a little bit more time to send those emails but at least that way you’re actually doing the work on your site, yourself, and not farming that out to a third party that may or may not—and probably is—mining you for data. So, but, y’know, obviously up to you?

All right. What time is it? It is, 8:30. I have until 9, I got a lot of content. You sure you want to see encryption?

>> AUDIENCE: Yeah!

>> MAYMAY: Yeah, y’all are good for that?

>> SCOTT BECKER: Quarter to nine!

>> MAYMAY: Quarter to nine! All right, I don’t have a lot of time, then. Here’s what I’m gonna do—

>> SCOTT BECKER: Well, ten to.

>> MAYMAY: All right. Well, let’s, I’m going to go through this a little bit quicker. So what I’m going to do is I’m just going to create a new key here. This doesn’t really matter. To do encryption we have to do the reverse process. Rather than getting the key from the website, I have to give the website my identity. But to have an identity, I need to make one. So that’s what this is, that’s what the “New” thingy is here. So we’ll do that. Some email dot invalid, none of this matters. The password is password. And password here. And, under advanced options, what’s there? Oh yeah. So I’m just gonna say “this is a test do not use this key.” We’re gonna generate that key. We’re gonna continue with a simple password. And again, all the GPG tools will do this, whether you’re using Windows or Linux, I just happen to be using a Mac. I don’t want to upload the key to the key server, again, because it’s a test.

And what we’ve done is created a new key pair. What’s known as basically a digital lock and a key that opens that digital lock. So if I hit export here, I get a file on this desktop. Let’s go ahead right there, and desktop, and there is my file which just like the other email, this can be opened. Because a key, an identity, a cryptographic hash, is just text, we can open it with TextEdit and you can take a look at what a key looks like. It’s just a really big number, really.

So if I copy this into my—because I’m the admin here, I’m gonna copy it into the Settings, Email Encryption, and Admin Email PGP Public Key textbox here, and hit save. Now, that’s all I gotta do. Now if I get another message, let’s trigger that again. Send me another test email. It’ll go from 2 to 3. And now this was the signed message, now we’ll have an encrypted message. So now we just have this “begin PGP message” block and this is the content that’s gonna be stored, for example, by Google or by Microsoft Live, right? When you are actually using a GMail account, they’re reading all your email. Well that’s because it’s not encrypted. If you use this, and you give the sites that are letting you send encrypted messages your cryptographic identity, Google can no longer read your email because to them it looks like this.

So the question is, how does it look like to you? Well, we’ll go back here, we’ll go to TextEdit, and we’ll just paste this message in again. And, again, on an actual email client this is much, much simpler. I’m just gonna right-click, go to Services, and I’m gonna decrypt selection to new window. And what we should see here is I’m being asked for my password for this identity, which I put before. Right, and say password. Oh, it opened it up over here, so I’m just gonna move this over. Right. This is a test message from wpnycdemo. It’s still signed, right, because the site has a signing key, and it’s decrypted, because I have the matching key to the lock that I gave the website. So that is OpenPGP signing and encryption for WordPress.

Quick pro-tips for making even more use of this plugin. Number one, importantly for small businesses you should know that the WP PGP Encrypted Emails plugin features zero-configuration, out-of-the-box support with WooCommerce. So if you have a WooCommerce store, right, as long as your chosen theme supports the WooCommerce account pages, then all you have to do is install this and your customers will get an out of the way form that looks exactly like this that they can use to opt-in to signed emails or even encrypted emails if they go ahead through the process of making their own identity and uploading a key and giving it to your store. This is an example of what a signed email might look like in Apple Mail. Instead of the Mailcatcher interface it would just look like this. It would say “Security: Signed” and that’s how they would know, yes, this actually came from your store. So this is really important for secured email receipts, for private transfers of communications between, like, tech support. Anything that you basically don’t want other people reading. This is all from a blog post out of New York City called Flora Posidonia: FloraPosidonia.xyz. Check that out at some point if you wanna see this in practice in the wild.

For developers, WP PGP Encrypted Emails features a general-purpose API to cryptographic operations using familiar WordPress plugin hooks. So what I mean by that is that the plugin uses the same hooks that it makes available for other plugins for itself. And that means with as few as about four lines of PHP you actually, as a developer, can build PGP or S/MIME encryption into your own plugins and themes. So you can see here we’re getting the user object, we’re applying the wp_openpgp_user_key filter to that user object to get the key itself, and then we’re using openpgp_encrypt with the message and the public key to get an encrypted message. You can now, using PHP, send this variable over the Internet or in an email or anywhere you want, and it’s that PGP message block instead of the plain text content.

Okay, so that was GPG and OpenPGP signing and encryption for WordPress. I got ten minutes, so I’m going to hold questions. And at this point we’re going to go on to centralized authentication service using OpenLDAP for WordPress.

Now, as before, centralized authentication services with LDAP, anyone use this already? Sound familiar to anybody? No? All right, let’s start with LDAP. So that stands for the Lightweight Directory Access Protocol. It is an open vendor-neutral industry standard application protocol for accessing and maintaining distributed information services. So what that means, for our purposes at the moment, is that an LDAP database, which is called a Directory Information Tree or a DIT, can store user account login details like usernames and passwords and email addresses and phone numbers and this kind of thing, in an application-independent way so that any app that can speak LDAP can actually use the LDAP store as its user database.

Fun fact: LDAP was written by Tim Howes. He was the CTO and founder of a company called Opsware that I worked at for a while and that’s now HP Server Automation suite, HPSA, for those of you actually working in Enterprise.

Let’s take a step back for a moment, though, and talk about what this might look like—a website’s system might look like—without LDAP at all. You have a website. It’s running WordPress. We’ll call it YourSite.com and one of your users, we’ll call them alice, logs into the site. So to successfully log in to that site, WordPress first checks its WP users table for an entry that matches Alice’s account credentials. If those credentials exist and they match the ones submitted by the user, then Alice is successfully logged in, everything is okay, you get the Dashboard, or you get the homepage, it all looks fine. In this setup the user’s account information is stored by WordPress, for WordPress, and is only available to WordPress so we call that application-specific data.

Now let’s imagine that you want to add another app to your network. Maybe you have an intranet, right, and you want to add Nextcloud. This is kind of a Google Docs replacement. You could, and most organizations that I’ve seen typically do just tell Alice that, y’know, they now have two user accounts. They have a WordPress account, right? And they have a completely separate account for Nextcloud. In my experience, this causes a lot of problems. Among other issues, it means that users now must manage two user accounts: two passwords, two user profiles independently. Most users will probably choose the same password and the same profile information on both systems, but once they change their password on one system, the other system isn’t informed, and that leads to confusion, not to mention a lot of help desk tickets.

So this is a classic problem that LDAP is designed to solve. Now, with an LDAP server, you can store account details in a way where you can provide a Centralized Authentication Service, also called a CAS, for any LDAP-capable application that you choose to add to your network. So now, regardless of which app server Alice logs into, their account credentials are always the same. And when they change their password on the one side, say WordPress, they can immediately use their new password to log in to Nextcloud because that authentication check is happening in one central place, which is that LDAP server at the top.

So, let’s see how you can configure this using—whoops, that was too fast—using, WordPress. We’re going to go back to our WordPress demo and I’m going to try to run through this a little bit quickly, I apologize because I’m running a little short on time. But what I have here is another install of Nextcloud. This is a brand-new Nextcloud instance that’s running on the same machine as the other one. And I’m going to go ahead and create a new admin account. If Nextcloud is familiar to any of you this will look pretty familiar because it’s basically just as I did before. It’s a completely blank Nextcloud instance, without anything pre-loaded. So no users, no files, no nothing.

So this is Nextcloud for those of you who haven’t seen it. It looks a lot like Google Docs. Y’know, you can upload files, you can download files, you can open up text files. You can share photos, that kind of thing. You can take a look at the users database here. There’s just one user, the admin, there’s nothing else. And that is just blank Nextcloud. Now we also need, of course, is the wpnyc.demo—oh, yeah, hello—we need the plugin for WP-LDAP, which is…. There are a lot of LDAP plugins, but mine is the one called just WP-LDAP, by me, here. It’s pretty small and pretty new, because it’s not very well-known. But I’m going to go ahead and install it. And what this is going to let me do, when I go to Network Activate it, I will have a new option under my Network Settings called LDAP Settings.

Unfortunately, I need to be using HTTPS to manage it because this is kinda sensitive. So we’re gonna go ahead and do that like this. Password. There we go, LDAP settings. Now, I’m not going to show this because I don’t have time, but I also have a LDAP server running on port 389 on that same machine. Installing an LDAP server, if you’re a server admin, is usually as simple as “sudo apt install slapd” or the standalone LDAP daemon. For the time being, I’m gonna have to skip that.

I set it up so that it has a Bind DN, which is basically like the user account that you’re using to admin the site. This is basically the same as the MySQL user. Y’know how you have a MySQL database and your WordPress website needs to know what the login credentials for the database are? Same exact procedure. In this case, it’s not a MySQL database, it’s an LDAP database. So the syntax is a little bit different. But in general, it looks something like this. DC equals WPNYC, and DC stands for “domain component,” so this is the dots, right? Instead of dot com or dot demo, I’m using DC equals and “CN” is “common name.”

Let’s go ahead and actually double-check that that is correct because I don’t want it to not be. Okay, so we logged in over there, and I’m just going to copy and paste this from my notes to make double-sure that I have this right. So, I’m using an LDAP search tool on a command line, asking for the host, which is localhost in this case, using external authentication meaning the OS itself, to ask for the config common name, and I want the OLC or online configuration root DN. The root DN is basically superuser. You know how WordPress has “Super Admin”? This is Super Admin for LDAP. And sure enough it’s cn admin, dc wpnyc and demo. So that’s right. And then the base is just the end here, the same. WPNYC Demo. You can change this if you want, but it is effectively the same. So, for example, if you wanted to do, a different directory tree you could do OU equals people and this is like, basically choosing the table. Where in the database do you actually want to store what we’re about to put? In our case, ’cause this is a simple demo, we’ll just put it at the root over there. And that’s it. We save that change.

Now your WordPress can talk to LDAP. What does that mean? It means if we create a new user here—let’s say we’re going to make a new user on our Network, and we’ll call it test LDAP and it’s gonna be testldap@wpnyc.demo. We’re gonna add that user. Hopefully, if I got that right—no, I don’t want notifications—if we configure now Nextcloud to add LDAP integration, too. Now, Nextcloud ships with LDAP integration so we don’t even have to write a plugin for this. We’re gonna go to the Apps page on Nextcloud, enable the LDAP user and group backend plugin. We’ll now go to the admin screen for LDAP. We’ll go to LDAP and AD integration, and we’re gonna give it the same details that we gave WordPress. So, 127.0.0.1. Nextcloud has some nice JavaScript that can detect the port. The user DN was cn equals admin, domain component wpnyc, domain component demo, I believe. And the password was password. Let’s see if that, yup. And detect base DN. There we go. And test base DN. We look good.

So we’re gonna hit “Continue.” And now you can see we’ve got three entries available. These are inetOrgPersons. A user account in LDAP is an inetOrgPerson, an Internet organization person. We can verify this, we found 1 user. We’re gonna continue. And here you can say how do you want them to login? Username only, or username and email? We can go with either. This is basically, y’know, log in with your email, log in with your username. Just like WordPress. And if we do testldap here. Yeah, “User found and settings verified.” Continue on, and we’re good. So now, when we go to the users screen, you’ll see another one. And there you go. Now we can log in with this user.

So for instance, let’s say—actually, I can’t log in with this user, because I don’t know their password.

[laughs]

But, if we edit their password and set it, let’s set it to something simple like password. Yeah, confirm that password. We’ll update that. We’ll log out of Nextcloud as the admin, and we’ll log back in as the testldap user. And there we go. We didn’t have to make a user account on Nextcloud because we made on WordPress, and now, no matter how many apps you add to your intranet or your site, you now have one authentication store for all of your users. This is really useful for, for example, employees inside of a company. Taking out one, deleting them from the LDAP store will remove their access to all your apps. It’s also portable so you can transfer it from, y’know, one app to another, as long as the apps you’re using can speak LDAP. And, with WP-LDAP, WordPress can. So that was WP-LDAP on WordPress.

Pro-tips on this: it’s built for Multi-network, not just Multi-site installs. So if you’re not familiar with WordPress Multisite, read about that. Once you’ve read about that, check out the article, again on the WordPres Codex on Multi-network. This is a Network of WordPress Networks, and WP-LDAP works with that, too. You can set different servers, LDAP servers, for different networks so you can do things like network segmentation or perhaps round-robin load balancing, it’s kind of up to you. It’s also already aware of the WP PGP Encrypted Emails plugin, so if you use both of those and your users supply an S/MIME certificate, that will get sent over to LDAP and that will allow you to do transparent email encryption for things that are configured for that, such as iPhones in a BYOD or Bring-Your-Own-Device environment. Microsoft Outlook supports this out of the box as well. All of these features are standard protocols that are for free that you can install on WordPress sites of any size that you never have to pay for, if you don’t want to. You could. I wouldn’t. All of this, of course, is RFC 2798 compliant so any consumer that speaks LDAP—Apple Contacts, iOS, Mozilla Thunderbird Address Book—you can get a people directory and actually have, like, email autocomplete lookups for all of your employees or mailing list subscribers or anything like that.

All right, that was Centralized Authentication Service for LDAP. I don’t know if we have time for Q&A?

>> SCOTT BECKER: We can do a five minute Q&A.

>> MAYMAY: Very short Q&A. I realize that was a lot of information very quickly as well. Yeah.

>> AUDIENCE MEMBER: I run an NGO, a non-profit organization, and we have an account for Google Apps, because they gave us for free. Can I use LDAP instead of Google?

>> MAYMAY: Oh, yeah. Google uses LDAP behind the scenes. So, this is what they’re using. Right, like, there’s not a difference in the technology between Google, Facebook, and this. It’s just a matter of whether or not they put the branding and the sheen on it to make sure that you feel like you’re using their thing, as opposed to the standard thing.

>> AUDIENCE MEMBER: Can you use PGP encryption with Google?

>> MAYMAY: Oh, yeah! I do all the time. Yeah.

>> AUDIENCE MEMBER: Does this address the problem where WordPress sends out emails and it looks like spam? Like, in GMail, it goes to the spam folder, but with Sendgrid and some of these other guys it doesn’t? Does that fix that?

>> MAYMAY: Sadly, no. So the question was if these plugins fix email looking like spam from WordPress. And unfortunately, they don’t. They don’t because of a number of reasons, which we can talk about maybe later if you want, but the short answer is no. The longer answer is they might even make you look a little more suspicious only because they would rather you use their thing.

All right, so, any last question about that? All right.

In case it wasn’t clear, all these plugins are freely available on the WordPress plugin repository today. Here are their permalinks. I’m gonna put up these slides somewhere so you can take a look at them on your time and hopefully we’ve got the recording at some point as well.

Again, my name is maymay. My homepage is maymay.net. It might be down. If it is, try again in a little bit. Again, I get DDoS’ed a lot. At maymay.net the very top link is “Download my digital business card.” Click it to download and import my vCard into your contact app, and that’s all I got. Thank you so much for your time and attention, everyone.

This week, on “Capitalism,” technicians are forced by employment contract to not educate customers.

I just wrote this really long comment elsewhere and after I posted it realized it might actually be useful to many folks here if they are struggling to make ends meet or to pay bills. So, here ya go. May your dependence on capitalism decrease as your experiences increase.

(Context for this is that a lot of people pay cable companies for “bundles” or “packages” or “upgrades” that, on their face, sound like a good deal, but are actually not. Here’s why.)

In most places I’ve been, it’s actually cheaper not to bundle TV with Internet service because the Internet service you get with bundled TV is actually unusable, so the upsell is literally worse than useless.

For instance, a friend of mine was telling me about the recent Time Warner Cable/Spectrum strike in NYC, and from what I hear part of the sticking point is that Time Warner sells this “300Mbps upgrade” for about $40 a month. This is slightly cheaper with a bundled TV package, but not drastically.

What this actually means, for anyone who doesn’t know the technical details of this, is that Time Warner will let you download files at about 300 million bits per second (Mbps), which is something like 37 megabytes per second. So, if you were downloading a file that was 37 megabytes (maybe the PDF of a textbook or something), you would be able to get it on your computer in about 1 second.

The kicker, though, is that most houses which purchase this “upgrade” are connected to the modem using a 100BASE-T Ethernet cable, which has a theoretical maximum speed of only 100Mbps. So this means, even if you’re paying for a 300Mbps “upgrade,” there is still a bottleneck that is only one-third the capacity and no amount of service plan changes will fix it, because the problem is the physical cabling installed in the apartment complex or in the house. You could buy a “fastest Internet in the whole world” package deal and still only get 100Mbps top speeds.

On top of that, most people don’t even use cabling. They use Wi-Fi. And the most ubiquitous form of Wi-Fi is called 802.11g, whose maximum theoretical speed is 54Mbps, or 54 million bits per second. In other words, a quarter of the speed of the super popular “upgrade” package sold by Time Warner. However, unlike physical cable, Wi-Fi is (wireless) radio, which means things like microwaves and other household appliances interfere, further reducing that 54Mbps theoretical maximum. Most of the time, a typical home Wi-Fi setup in a city will see Wi-Fi speeds slow to 34 or even 24Mbps at most.

That’s bad enough, but why the strike? Well, Time Warner contracts with technicians who, of course, know all this stuff. They apparently get called out on so many support calls from customers who want to know “why the Wi-Fi isn’t working well” and there’s literally nothing they can do to improve the situation, because Wi-Fi can’t, by DESIGN function at the speeds Time Warner is selling. But the real kicker is that, according to their contract, the technician is not allowed to tell the customer that this is what’s happening, because anyone in their right mind who understands how this works would immediately cancel their package subscription with the upgrade charges and so on, since it is physically impossible for them to make any use of it. There is no benefit to ever buying it, unless you rewire your building.

And yet people do buy it. Why? Because it’s a “package” deal, it’s sold and marketed as “better! faster! stronger!” and even then, when a customer has “trouble” with something about “the Internet,” the Time Warner Cable/Spectrum support personnel on the phone and whatnot encourage the upsell.

It’s 21st century snake oil.

Anyway, my point is, if you take a closer look at the Internet Service Provider plans in your area with someone who knows what they’re doing (not saying that you don’t know what you’re doing, I’m just writing this for readers and passers-by), it’s very often possible to get identical Internet service for close to half of the price that most people pay for it. I’ve helped some people evaluate this for their households during my travels, and each time, after several months, the answer to “Have you noticed a difference in service or speeds?” is “No.”

And of course that’s the answer. Because that’s how physics works.

Computer People for Peace: Interrupt 14

1984 is here … 13 years early….

The following call has been issued to peace activist groups. In addition we urge all computer people to join us in Atlantic City in May.

Computers are increasingly being used as a means of oppression. They are at the heart of every military and police system. They are at the core of every major corporation and are used to maximize profits with little regard for human needs.

The Spring Joint Computer Conference (SJCC) is an annual trade show-technical conference-public relations gimmick-sales event which brings together representatives of major corporations (IBM, GE, Honeywell, RCA, Litton, Rand, AT&T, etc.), high level representatives of the military and government, and the technocratic elite that serves their interests.

Obviously the event is overwhelmingly dominated by white males.

SJCC is being at Convention Hall in Atlantic City, N.J., on May 18-20. Attendance is expected to exceed 30,000, making the conference one of the largest military-industrial gatherings in the country.

Computer People for Peace proposes a mass multi-issue series of actions, meetings, and demonstrations during the SJCC. The issues to be raised include:

  • US genocide in South East Asia, particularly corporate involvement. (Honeywell is the prime manufacturer of anti-personnel fragmentation bombs.)
  • Repression at home, specifically the use of computer based information systems as a means of social control. (Military Intelligence keeps data banks on civilians–including all of us.)
  • Corporate racism (IBM plans to expand its South African market while the rate of unemployment among Third World people in the US continues to increase.)
  • The present misuse vs. the constructive potential of computer technology (as applied to health, education, welfare, housing, ecology, and urban planning).
  • The role of automation on the rising level of unemployment.

Interrupt, 14

February, 1971

Newsletter of Computer People for Peace

Computer People for Peace
The Dolphin Center
137 West 14th Street
New York, N. Y. 10011

My 2009 essay kinda-sorta about an Anarchist “Internet of Things”

I wrote an essay in 2009 about the Internet of Things, before people were calling it “the Internet of Things.” When I re-read it this afternoon, in 2017, I noticed something rather queer. It wasn’t actually about the Internet of Things at all. It was actually a personal manifesto advocating Anarchism, and condemning techno-capitalist fascism.

Yes, really.

In 2009, despite having barely turned 25 years old, I had already been working as a professional web developer for a little over a decade. (That arithmetic is correct, I assure you.) At the time, I had some embarrassingly naïve ideas about Silicon Valley, capitalism, and neoliberalism. I also had no idea that less than two years later, I’d be homeless and sleeping in Occupy encampments, and that I’d remain (mostly) happily houseless and jobless for the next six years, up to and including the time of this writing.

The story of my life during those two years is a story worth telling…someday. Today, though, I want to remind myself of who I was before. I was a different person when 2009 began in some very important ways. I was so different that by the time it ended I began referring to my prior experiences as “my past life,” and I’ve used the same turn of phrase ever since. But I was also not so different that, looking back on myself with older eyes, I can clearly see the seeds of my anti-capitalist convictions had already begun to germinate and root themselves somewhere inside me.

Among the many other things that I was in my past life, I was an author. I’ve always loved the art of the written word. My affinity for the creativity I saw in and the pleasure I derived from written scripts drew me to my appreciation for computer programming. That is its own story, as well, but the climax of that trajectory—at least by 2009—is that I was employed as a technical writer. I blogged on a freelance basis for an online Web development magazine about Web development. I had already co-authored and published significant portions of my first technical book. And, in 2009, I had just completed co-authoring a second.

That second book was called, plainly enough, Advanced CSS, and was about the front-end Web development topic more formally known as Cascading Style Sheets. But that’s not interesting. At least, no more interesting than any other fleeting excitement over a given technical detail. What’s arguably most revealing about that book is the essay I contributed, which for all intents and purposes is the book’s opening.

My essay follows in its entirety:

User agents: our eyes and ears in cyberspace

A user agent is nothing more than some entity that acts on behalf of users themselves.1 What this means is that it’s important to understand these users as well as their user agents. User agents are the tools we use to interact with the wealth of possibilities that exists on the Internet. They are like extensions of ourselves. Indeed, they are (increasingly literally) our eyes and ears in cyberspace.

Understanding users and their agents

Web developers are already familiar with many common user agents: web browsers! We’re even notorious for sometimes bemoaning the sheer number of them that already exist. Maybe we need to reexamine why we do that.

There are many different kinds of users out there, each with potentially radically different needs. Therefore, to understand why there are so many user agents in existence we need to understand what the needs of all these different users are. This isn’t merely a theoretical exercise, either. The fact is that figuring out a user’s needs helps us to present our content to that user in the best possible way.

Presenting content to users and, by extension, their user agents appropriately goes beyond the typical accessibility argument that asserts the importance of making your content available to everyone (though we’ll certainly be making that argument, too). The principles behind understanding a user’s needs are much more important than that.

You’ll recall that the Web poses two fundamental challenges. One challenge is that any given piece of content, a single document, needs to be presented in multiple ways. This is the problem that CSS was designed to solve. The other challenge is the inverse: many different kinds of content need to be made available, each kind requiring a similar presentation. This is what XML (and its own accompanying “style sheet” language, XSLT) was designed to solve. Therefore, combining the powerful capabilities of CSS and XML is the path we should take to understanding, technically, how to solve this problem and present content to users and their user agents.

Since a specific user agent is just a tool for a specific user, the form the user agent takes depends on what the needs of the user are. In formal use case semantics, these users are called actors, and we can describe their needs by determining the steps they must take to accomplish some goal. Similarly, in each use case, a certain tool or tools used to accomplish these goals defines what the user agent is in that particular scenario.2

A simple example of this is that when Joe goes online to read the latest technology news from Slashdot, he uses a web browser to do this. Joe (our actor) is the user, his web browser (whichever one he chooses to use) is the user agent, and reading the latest technology news is the goal. That’s a very traditional interaction, and in such a scenario we can make some pretty safe assumptions about how Joe, being a human and all, reads news.

Now let’s envision a more outlandish scenario to challenge our understanding of the principle. Joe needs to go shopping to refill his refrigerator and he prefers to buy the items he needs with the least amount of required driving due to rising gas prices. This is why he owns the (fictional) Frigerator2000, a network-capable refrigerator that keeps tabs on the inventory levels of nearby grocery stores and supermarkets and helps Joe plan his route. This helps him avoid driving to a store where he won’t be able to purchase the items he needs.

If this sounds too much like science fiction to you, think again. This is a different application of the same principle used by feed readers, only instead of aggregating news articles from web sites we’re aggregating inventory levels from grocery stores. All that would be required to make this a reality is an XML format for describing a store’s inventory levels, a bit of embedded software, a network interface card on a refrigerator, and some tech-savvy grocery stores to publish such content on the Internet.

In this scenario, however, our user agent is radically different from the traditional web browser. It’s a refrigerator! Of course, there aren’t (yet) any such user agents out crawling the Web today, but there are a lot of user agents that aren’t web browsers doing exactly that.

Search engines like Google, Yahoo!, and Ask.com are probably the most famous examples of users that aren’t people. These companies all have automated programs, called spiders, which “crawl” the Web indexing all the content they can find. Unlike humans and very much like our hypothetical refrigerator-based user agent, these spiders can’t look at content with their eyes or listen to audio with their ears, so their needs are very different from someone like Joe’s.

There are still other systems of various sorts that exist to let us interact with web sites and these, too, can be considered user agents. For example, many web sites provide an API that exposes some functionality as web services. Microsoft Word 2008 is an example of a desktop application that you can use to create blog posts in blogging software such as WordPress and MovableType because both of these blogging tools support the MetaWeblog API, an XML-RPC3 specification. In this case, Microsoft Word can be considered a user agent.

As mentioned earlier, the many incarnations of news readers that exist are another form of user agent. Many web browsers and email applications, such as Mozilla Thunderbird and Apple Mail, do this, too.4 Feed readers provide a particularly interesting way to examine the concept of user agents because there are many popular feed reading web sites today, such as Bloglines.com and Google Reader. If Joe opens his web browser and logs into his account at Bloglines, then Joe’s web browser is the user agent and Joe is the user. However, when Joe reads the news feeds he’s subscribed to in Bloglines, the Bloglines server goes to fetch the RSS- or Atom-formatted feed from the sourced site. What this means is that from the point of view of the sourced site, Bloglines.com is the user, and the Bloglines server process is the user agent.

Coming to this realization means that, as developers, we can understand user agents as an abstraction for a particular actor’s goals as well as their capabilities. This is, of course, an intentionally vague definition because it’s technically impossible for you, as the developer, to predict the features or capabilities present in any particular user agent. This is a challenge we’ll be talking about a lot in the remainder of this book because it is one of the defining characteristics of the Web as a publishing medium.

Rather than this lack of clairvoyance being a problem, however, the constraint of not knowing who or what will be accessing our published content is actually a good thing. It turns out that well-designed markup is also markup that is blissfully ignorant of its user, because it is solely focused on describing itself. You might even call it narcissistic.

Why giving the user control is not giving up

Talking about self-describing markup is just another way of talking about semantic markup. In this paradigm, the content in the fetched document is strictly segregated from its ultimate presentation. Nevertheless, the content must eventually be presented to the user somehow. If information for how to do this isn’t provided by the markup, then where is it, and who decides what it is?

At first you’ll no doubt be tempted to say that this information is in the document’s style sheet and that it is the document’s developer who decides what that is. As you’ll examine in detail in the next chapter, this answer is only mostly correct. In every case, it is ultimately the user agent that determines what styles (in which style sheets) get applied to the markup it fetches. Furthermore, many user agents (especially modern web browsers) allow the users themselves to further modify the style rules that get applied to content. In the end, you can only influence—not control—the final presentation.

Though surprising to some, this model actually makes perfect sense. Allowing the users ultimate control of the content’s presentation helps to ensure that you meet every possible need of each user. By using CSS, content authors, publishers, and developers—that is, you—can provide author style sheets that easily accommodate, say, 80 percent of the needs of 90 percent of the users. Even in the most optimistic scenario, edge cases that you may not ever be aware of will still escape you no matter how hard you try to accommodate everyone’s every need.5 Moreover, even if you had those kinds of unlimited resources, you may not know how best to improve the situation for that user. Given this, who better to determine the presentation of a given XML document that needs to be presented in some very specific way than the users with that very specific need themselves?

A common real-life example of this situation might occur if Joe were colorblind. If he were and he wanted to visit some news site where the links in the article pullouts were too similar a color to the pullout’s background, he might not realize that those elements are actually links. Thankfully, because Joe’s browser allows him to set up a web site with his own user style sheet, he can change the color of these links to something that he can see more easily. If CSS were not designed with this in mind, it would be impossible for Joe to personalize the presentation of this news site so that it would be optimal for him.

To many designers coming from traditional industries such as print design, the fact that users can change the presentation of their content is an alarming concept. Nevertheless, this isn’t just the way the Web was made to work; this is the only way it could have worked. Philosophically, the Web is a technology that puts control into the hands of users. Therefore, our charge as web designers is to judge different people’s needs to be of equal importance, and we can’t do this if we treat every user exactly the same way.6

  1. This is purposefully a broad definition because we’re not just talking about web pages here, but rather all kinds of technology. The principles are universal. There are, however, more exacting definitions available. For instance, the W3C begins the HTML 4 specification with some formal definitions, including what a “user agent” is. See http://www.w3.org/TR/REC-html40/conform.html. []
  2. In real use cases, technical jargon and specific tools like a web browser are omitted because such use cases are used to define a system’s requirements, not its implementation. Nevertheless, the notion of an actor and an actor’s goals are helpful in understanding the mysterious “user” and this user’s software. []
  3. XML-RPC is a term referring to the use of XML files describing method calls and data transmitted over HTTP, typically used by automated systems. It is thus a great example of a technology that takes advantage of XML’s data serialization capabilities, and is often thought of as a precursor to today’s Ajax techniques. []
  4. It was in fact the much older email technology from which the term user agent originated; an email client program is more technically called a mail user agent (MUA). []
  5. As it happens, this is the same argument open source software proponents make about why such open source software often succeeds in meeting the needs of more users than closed source, proprietary systems controlled solely by a single company with (by definition) relatively limited resources. []
  6. This philosophy is embodied in the formal study of ethics, which is a compelling topic for us as CSS developers, considering the vastness of the implications we describe here. []

Defense Against the Dark Arts and Mr. Robot’s Netflix ‘n’ Hack (rebooted) at Recurse Center

Last Saturday, I hosted another Mr. Robot’s Netlfix ‘n’ Hack session at the Recurse Center. I’ve been doing these weekly for three weeks now (here is a link to last week’s), and this time was the first week when the new set of batchlings were in the space. To better include them, we rebooted the series and re-screened the first episode of the show.

Last week was also the national elections in the United States. The outcome of that election was that Donald Drumpf was voted into office as President and over the course of the week he began selecting self-described white nationalists into positions of power in his upcoming administration. In light of these events, I’ve spent most of my waking hours fielding incoming requests for help about “what to do” in a number of different areas.

This election changes very little for me, personally. I have already been aware that we live in a police state, controlled by fascists and white supremacists. I’ve been preparing for worse and prepared for this eventuality for a long time. What this election changed, for me, was the fact that everyone around me was suddenly treating me like the things I was doing made sense, rather than being treated like some overly paranoid weirdo. So, that’s nice.

This also means that I’ve been getting lots of questions about digital security, privacy, anti-surveillance and censorship circumvention techniques. Y’know, commsec, opsec, and security culture stuff. In light of these events, I decided to kick off the new round of Mr. Robot’s Netflix ‘n’ Hack sessions with a whirlwind crash course of the defensive aspects of computer security techniques. Basically, I ran a very compressed CryptoParty.

Someone suggested that we call this a “Defense Against the Dark Arts” session, and I liked the analogy well enough to take the suggestion. Like the other Mr. Robot’s Netflix ‘n’ Hack nights, this one was well attended. We filled the session room to the max. It was probably between 15 or 20 of us to start with, and then it dwindled down to about 10 for the actual screening and post-screening discussion.

In my paradoxical, eternal optimism, I somehow had the idea that we could complete this lightning CryptoParty, which included install fests of Signal and the TorBrowser, within thirty minutes. I was wrong; we went over by about 30 minutes, and the screening of Mr. Robot started late. But so many (all?) of the attendees got set up with Signal and the TorBrowser, and that was really great.

As promised, I wanted to make sure that everyone had links to the reference guides and other resources presented in this defense-focused super quick “Defense Against the Dark Arts” session. To do so, I sent a follow up email with links to those resources. A portion of that email is presented verbatim, here:

In addition to these primers and the links included in them, additional useful resources are:

  • PrivacyTools.io – Simply start at the top and read down the page. This is as guided an introduction to privacy issues and what to do about them as it gets.
  • EFF’s Surveillance Self-Defense Handbook – A thorough treatment of anti-surveillance software, along with tutorials for how to get them installed and working on your system.
    • If you’re feeling overwhelmed by all of this already, consider spending just a little bit of time to walk yourself through the SSD’s Security Starter Pack.
  • PRISM-Break! – An overwhelmingly large digital reference card for all the privacy-enhancing tools available to you for a particular platform, purpose, or protocol. Be cautious here, some of the listed tools are experimental, not audited, or worse.
  • Security in a Box – A slightly dated, but still generally solid, resource website featuring much of the same content as the EFF’s Surveillance Self-Defense guide, but with a regularly updated blog. Created and maintained by the TacticalTech.org collective.

There’s a ton of stuff in there, and learning about how to defend yourself from governments, corporations, or malicious individuals on the Internet is more involved than simply picking up one or two tools. But a few well-chosen tools does give you a really, really good start. Taking some time to familiarize yourself with the above guides will hopefully help you become even more capable.

Following the install fest, we finally screened Episode 1 of Mr. Robot again. I already posted our list of tools, techniques, and procedures from the first week, and this didn’t change much. With a different audience, however, the discussion we had post-show did change quite a bit.

Unlike the first week, when people were interested in Tor onion routing and the dark/deep Web, this time people wanted to know about social engineeering and password cracking. So our discussion focused on sharing resources for social engineering, and books such as Kevin Mitnick’s “Art of Deception” and Robert Cialdini’s “Influence: The Psychology of Persuasion” came up. (So did Freedom Downtime, a documentary about Kevin Mitnick’s persecution by the FBI.)

After that, we also talked about the mechanics of password cracking. I gave an overview of the process from exploitation to data exfiltration, but focused on using the hash-“cracking” (really guessing) tool called Hashcat to demo finding the plaintext of hashed passwords. A lot of time in the discussion was spent showing the practicalities of how hashing (i.e., “trap door functions” or “one-way functions”) works by using md5 and shasum commands on the command line. Then I showed the syntax of the hashcat command to run a dictionary attack (with the infamous “rockyou” wordlist) against simple unsalted MD5 hashed passwords from a very old data dump file (hashcat -a 0 md5sums.txt wordlists/rockyou.txt). Have another look at the SecLists project on GitHub to find wordlists like these useful for password cracking.

We also talked about some common mistakes that application developers make when trying to secure their applications, and that users often make when trying to secure their passwords:

  • Try to generate per-user, instead of per-site, salt.
  • Don’t just double-hash passwords (i.e., hash(hash($password)), because this reduces the entropy used as input for the final result, and increases the chance of hash collisions. Instead, iterate the hash function by concatenating the original input (or a salt, or something) back into the resulting hash as well (i.e., hash($salt . hash($salt . $password))). This iteration also slows down an offline attack, but again, only if done correctly in code.
  • Don’t use multiple dictionary words as a password, even a long one, because these are easy to guess. For instance, contrary to popular belief, “correct battery horse staple” is a bad password, not because it lacks entropy, but because all of its components are likely to be in an attacker’s wordlist. Use a password manager and generate random passwords, instead.

Next week, we’ll return to our regularly-scheduled Mr. Robot’s Netflix ‘n’ Hack format: a demo/show-and-tell/exercise of a tool, technique, or procedure (TTP) featured in Episode 1, followed by a screening of Episode 2, and ending with a discussion about Episode 2’s TTPs. I thought that since we’ve done Onion services already, I would change gears and show an online attack similar to some of the ones Eliot used in the show by demoing a tool called Hydra. Another participant also said they may demo hiding data inside of audio CDs using a steganographic tool called DeepSound, also featured in episode 1.

However, this upcoming Saturday is a number of anti-Trump and anti-surveillance organizing meetings and workshops, so I may have to skip this week’s Mr. Robot’s Netflix ‘n’ Hack myself. If not, we may switch to Sunday just for the week. Time will tell. :)

Self-described activist creator of Cell 411 app weirdly refuses to discuss its closed source tech because of anti-racist Twitter handle of the person asking

About a week ago I published a post cautiously praising the work of Boulder, Colorado based SafeArx, the company behind a smartphone app called Cell 411 claiming to cut down on the need for police:

Let me be clear that I love the idea of a decentralized emergency alerting response platform. I think it’s incredibly important for such a tool to exist. […] I want to see a project with Cell 411’s claims succeed and be a part of abolishing the police and the State altogether. I think there’s real potential there to make headway on an important social good (abolishing the police, dismantling the prison industrial complex, among other social goods) and I want to offer whatever supportive resources I can to further a project with these goals.

In the post, I raised some basic questions about Cell 411 that seemed to have gone unasked by reporters covering it. Chief among them is that the app claims to be a de-centralized alternative to 9-1-1, except that it’s not decentralized at all. I described this discrepancy as follows:

On the Google Play store, Cell 411 describes itself like this:

Cell 411 is a De-centralized, micro-social platform that allows users to issue emergency alerts, and respond to alerts issued by their friends.

The problem is in the very first adjective: de-centralized. To a technologist, “decentralization” is the characteristic of having no single endpoint with which a given user must communicate in order to make use of the service. Think trackerless BitTorrent, BitCoin, Tor, or Diaspora. These are all examples of “decentralized” networks or services because if any given computer running the software goes down, the network stays up. One of the characteristics inherent in decentralized networks is an inability of the network or service creator from unilaterally barring access to the network by a given end-user. In other words, there is no one who can “ban” your account from using BitTorrent. That’s not how “piracy” works, duh.

Unfortunately, many of the people I’ve spoken to about Cell 411 seem to believe that “decentralized” simply means “many users in geographically diverse locations.” But this is obviously ignorant. If that were what decentralized meant, then Facebook and Twitter and Google could all be meaningfully described as “decentralized services.” That’s clearly ridiculous. This image shows the difference between centralization and decentralization:

The difference between centralization and decentralization.

As you can see, what matters is not where the end users are located, but that there is more than one hub for a given end user to connect to in order to access the rest of the network.

Armed with that knowledge, have a look at the very first clause of Cell 411’s Terms of Service legalese, which reads, and I quote:

1. We may terminate or suspend your account immediately, without prior notice or liability, for any reason whatsoever, including without limitation if you breach the Terms.

This is immediately suspect. If they are able to actually enforce such a claim, then it is a claim that directly contradicts a claim made by their own description. In a truly decentralized network or service, the ability for the network creator to unilaterlly “terminate or suspend your account immediately, without prior notice or liability” is not technically possible. If Cell 411 truly is decentralized, this is an unenforceable clause, and they know it. On the other hand, if Cell 411 is centralized (and this clause is enforceable), other, more troubling concerns immediately come to mind. Why should activists trade one centralized emergency dispatch tool run by the government (namely, 9-1-1), for another centralized one run by a company? Isn’t this just replacing one monopoly with another? And why bill a centralized service as a decentralized one in the first place?

Despite this, I was hopeful that Cell 411’s creator, Virgil Vaduva, and his team would be willing to at least address the point, perhaps by discussing their development roadmap. Maybe it’s not decentralized yet, but they intend to decentralize it later on? That would be awesome, and important. Moreover, I asked if they would be interested in combining efforts with me or others with whom I’ve worked, since we’ve been developing an actually decentralized, free software tool with the same goal in mind called Buoy for a few months now. I said as much in my earlier post:

I want to see Cell 411 and Buoy both get better. Buoy could become better if it had Cell 411’s mobile app features. Cell 411 could become better if its server could be run by anyone with a WordPress blog, like Buoy can be.

I sent Virgil Vaduva an email last week, and tweeted at him before writing my post. (My previous post includes a copy of the email I sent him.) I was ignored. So I started tweeting at others who were tweeting about Cell 411, linking them to my questions. It seems that’s what got Mr. Vaduva’s attention, since today I finally got a response from him. And that response is extremely concerning for Cell 411’s supposed target audience: activists. Here’s how Mr. Vaduva “answered” my technical questions:

I’m not entirely sure why technical questions like these were answered by a hyper-focus on the militantly anti-racist Twitter handle I happen to be using right now (it’s actually “Kill White Amerikkka”), unless of course if Vaduva is having some kind of trigger reaction caused by (evidently not-so-latent) internalized white supremacy. Later, he called my original post, which, again, included outright praise for Cell 411 a “shitty hit piece.” I even offered to change my Twitter handle (as if that has any bearing at all on the technical matters?) for the duration of a discussion with him, but again, the only replies were, well, have a look:

The full thread is…well, classic Twitter.

I don’t know about you, but the idea of installing a closed-source app that reports my location to a centralized database controlled by a company whose founder actively deflects legitimate technical questions by objecting to a militantly anti-racist Twitter handle and making immature pro-capitalist statements when asked technical questions doesn’t sit well with me. But even if that were something I could tolerate, it raises even more concerning questions when that very same app is one touted as being built for anti-police brutality activists.

Last week, I would have told my friends, “Go ahead and try Cell 411, but be careful.” With this new information, my advice is: “Don’t trust anything created by SafeArx, including Cell 411, until and unless the technical issues are addressed, the source is released as free software, and its creators make clear that anti-racism and anti-capitalism is a core intention of their development process.”

In my personal opinion, tools like Cell 411 that purport to be “made for activists, by activists” need to be comfortable materially advancing the destruction of whiteness and white identity, as well as standing in solidarity with militant resistance to white supremacy. But even putting aside concerns over Vaduva’s discomfort with anti-racist Twitter handles, any technologist worth his salt who wants his closed-source technology to be trusted should be able to answer some basic questions about it if he’s indeed unwilling to release the source code itself.

Mr. Vaduva and Cell 411 fall short on both counts. The sad thing is that any potentially latent racism in Cell 411’s creator wouldn’t be a technical concern if Cell 411 itself were actually decentralized free software, since the intentions or social beliefs of an app’s creator can’t change how the already-written code works. As I said in the conclusion to my previous post:

It’s obvious, at least to anyone who understands that the purpose of cops is to protect and uphold white supremacy and oppress the working class, why cops would hate a free decentralized emergency response service. Again, I want to use such an app so badly that I began building one myself.

But if Cell 411 is centralized, then it becomes a much more useful tool for law enforcement than it does for a private individual, for exactly the same reason as Facebook presents a much more useful tool for the NSA than it does for your local reading group, despite offering benefits to both.

Cartoon of a protester ineffectually trying to shoot corrupt government officials with a 'Facebook' logo positioned as a gun.

[…]

As long as Cell 411 remains a proprietary, closed-source, centralized tool, all the hype about it being a decentralized app that cops hate will remain hype. And there are few things agents of the State like more than activists who are unable to see the reality of a situation for what it is.

Admiral Ackbar: Proprietary and centralized software-as-a-service? It's a trap!

If you think having a free software, anarchist infrastructural alternative to the police and other State-sponsored emergency services is important and want to see it happen, we need your help making Buoy better. You can find instructions for hacking on Buoy on our wiki.

Cell 411, the “de-centralized” smartphone app that “cops hate” is neither de-centralized nor hated by cops

If you’re following anti-police brutality activists, you might have heard about a new smartphone app that aims to cut down on the need for police. Cell 411 is touted as “the decentralized emergency alerting and response platform” that “cops don’t want you to use.” There’s only one problem: its central marketing claims aren’t true. Cell 411 is not decentralized, and there’s no evidence that cops don’t want you to use it.

Let me be clear that I love the idea of a decentralized emergency alerting response platform. I think it’s incredibly important for such a tool to exist. I’m so committed to that belief that I’ve been building a free software implementation of just such a tool, called Buoy, for a few months now.

Further, I believe it’s equally important that the developers of a tool like this actively eschew the State-sponsored terrorist gangs known as law enforcement, because that mindset will inform the tool’s development process itself. On the face of it and from the research I’ve done to look into Cell 411’s developers, I think there is a lot of welcome overlap between them and myself. Indeed, I’m grateful to them for developing Cell 411 and for dropping their price for it, offering it free-of-charge on the Android and iOS app stores, which is how it should be. Nobody should be charged any money for the opportunity to access tools for self- and community protection; that’s what cops do!

I’ve even reached out both publicly and privately to the developers of Cell 411 through email and Twitter to ask them about a possible collaboration, pointing them at the source code for the Buoy project I’m working on and asking where their source can be found.1 I want to see a project with Cell 411’s claims succeed and be a part of abolishing the police and the State altogether. I think there’s real potential there to make headway on an important social good (abolishing the police, dismantling the prison industrial complex, among other social goods) and I want to offer whatever supportive resources I can to further a project with these goals.

But I am concerned that Cell 411 is not that project. The fact is there are glaring, unexplained inconsistencies between their marketing material, the perception that they encourage the public to have about their tool, and their tool’s legal disclaimers. Such inconsistency is, well, sketchy. But it’s not unfamiliar, because this exact kind of inconsistency is something activists have seen from corporations and even well-meaning individuals before. We should be able to recognize it no matter the flag, no matter how pretty the packaging in which the message is delivered is wrapped in.

On the Google Play store, Cell 411 describes itself like this:

Cell 411 is a De-centralized, micro-social platform that allows users to issue emergency alerts, and respond to alerts issued by their friends.

The problem is in the very first adjective: de-centralized. To a technologist, “decentralization” is the characteristic of having no single endpoint with which a given user must communicate in order to make use of the service. Think trackerless BitTorrent, BitCoin, Tor, or Diaspora. These are all examples of “decentralized” networks or services because if any given computer running the software goes down, the network stays up. One of the characteristics inherent in decentralized networks is an inability of the network or service creator from unilaterally barring access to the network by a given end-user. In other words, there is no one who can “ban” your account from using BitTorrent. That’s not how “piracy” works, duh.

Unfortunately, many of the people I’ve spoken to about Cell 411 seem to believe that “decentralized” simply means “many users in geographically diverse locations.” But this is obviously ignorant. If that were what decentralized meant, then Facebook and Twitter and Google could all be meaningfully described as “decentralized services.” That’s clearly ridiculous. This image shows the difference between centralization and decentralization:

The difference between centralization and decentralization.

As you can see, what matters is not where the end users are located, but that there is more than one hub for a given end user to connect to in order to access the rest of the network.

Armed with that knowledge, have a look at the very first clause of Cell 411’s Terms of Service legalese, which reads, and I quote:

1. We may terminate or suspend your account immediately, without prior notice or liability, for any reason whatsoever, including without limitation if you breach the Terms.

This is immediately suspect. If they are able to actually enforce such a claim, then it is a claim that directly contradicts a claim made by their own description. In a truly decentralized network or service, the ability for the network creator to unilaterlly “terminate or suspend your account immediately, without prior notice or liability” is not technically possible. If Cell 411 truly is decentralized, this is an unenforceable clause, and they know it. On the other hand, if Cell 411 is centralized (and this clause is enforceable), other, more troubling concerns immediately come to mind. Why should activists trade one centralized emergency dispatch tool run by the government (namely, 9-1-1), for another centralized one run by a company? Isn’t this just replacing one monopoly with another? And why bill a centralized service as a decentralized one in the first place?

Virgil Vaduva, Cell 411’s creator, told me on Twitter that the app is not open source but hinted that it might be in the future:

This leaves me with even more questions, which I asked, but received no answer to as yet. (See the Twitter thread linked above.)

Cell 411’s proprietary source code is licensed under an unusual license called the BipCot NoGov license, written by a libertarian group with whom I share distrust and hatred of the United States government. Where we differ, apparently, can be summed up by this Andy Singer quote:

Libertarianism is just Anarchy for rich people.

And that concerns me greatly. Cell 411 originally cost 99¢ per app install on both the Google Play and iTunes app stores. It’s now free, which, again, is a move in the right direction. But by refusing to release the source code, SafeArx holds its users hostage in more ways than one. There are already rumors that the company is intending to monetize the app in the future, perhaps by charging for app downloads or perhaps in some other way in the future. That is fucked. The people who need an alternative to the police most of all are not people with money. That’s why all of Buoy’s code was available as free software from the very beginning; so those people could access the tool. And beyond that, it’s the very people who need an alternative to the prison industrial complex most who are also most in need of safety from capitalism’s exploitative “monetization.”

I hope Virgil chooses to make Cell 411 free software too—i.e., not just free as in no-charge but software libre as in freedom and liberty. A closed-source tool is downright dangerous for activists to rely on, especially for an app that is supposed to be all about communal safety. This has never been more obvious than in the post-Snowden age. If you share our goal of abolishing the State and ending the practice of caging human beings, and you want to dialogue, please do what you can to convince the people running SafeArx and Cell 411 of the obvious strategic superiority of non-cooperation with capitalism.

Which brings me to my next major concern: there is no evidence that cops hate Cell 411, despite the headlines. It’s obvious, at least to anyone who understands that the purpose of cops is to protect and uphold white supremacy and oppress the working class, why cops would hate a free decentralized emergency response service. Again, I want to use such an app so badly that I began building one myself.

But if Cell 411 is centralized, then it becomes a much more useful tool for law enforcement than it does for a private individual, for exactly the same reason as Facebook presents a much more useful tool for the NSA than it does for your local reading group, despite offering benefits to both.

Cartoon of a protester ineffectually trying to shoot corrupt government officials with a 'Facebook' logo positioned as a gun.

I am not saying that Cell 411 is a bad tool. Far from it. My belief is that it is a good tool for individuals and my hope is that it will become a better tool over time. But if Cell 411 is to go from “good” to “great,” then it must actually be decentralized. It must be released freely to the people as free software/software libre. Private individuals who are working to create social infrastructure as an alternative to police must be able to access its source code to integrate it with other tools, to hack on it and make it more secure. This is the free software way, and it is the only feasible anti-capitalist approach. And the only strategically sound way to abolish police is to abolish capitalism, since police are by definition capitalism’s thugs.

It is the explicit intent of police and the State to prevent private individuals from taking their own protection into their own hands, from making their own lives better with their own tools in their own way, by not allowing access to the source of those tools. We, Cell 411 included, should not be emulating that behavior.

I want to be able to run my own Cell 411 server without asking for permission from SafeArx to do so. If Cell 411 were decentralized free software, I would be able to do this today, just as I can publish my own WordPress blog, install my own Diaspora pod, or run my own Tor relay without asking anyone for permission before I do it. This is what I can already do with Buoy, the community-based emergency response system that is already decentralized free software, licensed GPL-3 and available for download and install today from the WordPress plugin repository.

As a developer, I want to see Cell 411 and Buoy both get better. Buoy could become better if it had Cell 411’s mobile app features. Cell 411 could become better if its server could be run by anyone with a WordPress blog, like Buoy can be.

But as long as Cell 411 remains a proprietary, closed-source, centralized tool, all the hype about it being a decentralized app that cops hate will remain hype. And there are few things agents of the State like more than activists who are unable to see the reality of a situation for what it is.

Admiral Ackbar: Proprietary and centralized software-as-a-service? It's a trap!

If you think having a free software, anarchist infrastructural alternative to the police and other State-sponsored emergency services is important and want to see it happen, we need your help making Buoy better. You can find instructions for hacking on Buoy on our wiki.

  1. Here’s the email I sent to Virgil Vaduva, Cell 411’s creator and SafeArx’s founder (the company behind the app):

    From: maymay <bitetheappleback@gmail.com>
    Date: Sat, 27 Feb 2016 20:03:38 -0700

    Hi Virgil,

    My name is maymay. I learned about Cell 411 recently and I’m excited to see its development. It is similar to a web-based project of my own. I am wondering where the source code for the Cell 411 app can be found. I could not find any links to a source code repository from any of the marketing materials that I saw on your website.

    Our own very similar project is called Buoy. The difference is that Buoy is intended for community leaders and intends to be a fully free software “community-based crisis response system,” with the same anti-cop ideology as Cell 411 but built as a plugin for WordPress in order to make it super easy for anyone to host their own community’s 9-1-1 equivalent.

    Our source code is here:

    https://github.com/meitar/better-angels/

    We have focused on the web-app side of things because that’s where our experience lies, but were hoping to create a native mobile app later on. It seems you already made one. Rather than reinvent the wheel, we’re hoping to integrate what you’ve done with Cell 411 with what we’ve already developed in order to facilitate a more decentralized, truly citizen-powered infrastructure alternative to 9-1-1.

    So that’s why we’re interested in looking at Cell 411’s source code.

    Thanks for your work on this so far.

    Cheers,
    -maymay
    Maymay.net
    Cyberbusking.org

    []

Buoy (the first?) anti-policing community-based crisis response system, now available in Spanish

Buoy, (the first?) anti-policing community-based crisis response system, is now available in Spanish.

This is a really, really big deal, because communities of Spanish-speaking residents in the United Snakes of Amerikkka are some of the most oppressively policed communities in this so-called “great” country. These are sometimes families of immigrants, with members who may be undocumented, and for this simple reason they are frequent targets of the xenophobic, racist militarized occupation by the huge number of government-sponsored domestic terror gangs known as “Law Enforcement,” police, or ICE.

With Buoy, residents of these communities finally have the beginnings of a fully community-owned and operated emergency dispatch telecommunication system that does not force or even expect its users to cooperate with 9-1-1, or indeed any other traditional “public safety service” offered by government officials. Buoy users choose people they know and trust in real life and organize “teams” with one another. With the press of a single button, they can then create a private group chat that shows each team member the real-world location of all other team members, allowing team members to share video or pictures and otherwise coordinate appropriate responses to incidents, without the interference of police.

Here is a short video introduction to Buoy’s alert-and-response features:

Of course, there are many other ways social groups of any size can use Buoy. Here’s a list of additional use cases.

If you are interested in helping us crush the monopoly of State-backed so-called “protective services,” if you want to evict the police from your community, if you want to be part of abolishing the police and mercilessly eradicating every reason for their very existence, we want and need you to join this project. Have a look at our “Contributing” guidelines for ways you can help. Liberals, Statists, and cop apologists need not apply.

Kill white supremacy,
-maymay, Buoy developer

P.S. Did you notice how this post has a different tone than my original post announcing Buoy’s prototype release? Guess which one expresses how I really feel.

Technology, the Internet, and Race: Tool for Liberation or Oppression?

Enhanced transcript of panel introductions at the “Technology, the Internet, and Race: Tool for Liberation or Oppression?” session at the recent at 25th annual Computers, Freedom and Privacy conference in Washington, DC held on October 14th, 2015. The transcript is “enhanced” because its links were added by me, the transcriber, and do not mean to imply an acknowledgement or endorsement by the speaker whose words were hyperlinked.

[music]

Singer: iMix! What I like! What I like! What I like! What I like!

Jared Ball (producer @iMiXWHATiLiKE): Good afternoon, everybody.

Audience: Good afternoon!

Jared Ball: A’ight, we wanna keep things moving here. My name’s Jared Ball. It’s an honor and a privilege to moderate the next panel. And I just wanted to say, just very quickly, I appreciate Joe Torres and the work he does with Free Press, and that organization in general. And the efforts around these particular kinds of conversations. Because I think one important value of centering the experience of so called people of color in any question is issues of privacy and surveillance supreme among them, is that doing so immediately forces an immediate focus on the imperial and colonizing of the nature of the State itself. Such an approach lends itself to gaining a view from below, from the among the so called wretched, the subjects of colony of empire. And with that said, I want to welcome our panel.

Alvaro Bedoya: Great intro for that, thank you, Jared. Everyone, I’m Alvaro. I want to talk about two substantive points to answer this question and one strategy point which we can expand on later if it comes to point, is that surveillance technology doesn’t target everyone equally. It disproportionately targets the weak, it disproportionately targets the unpopular, and so we need to look at privacy as a shield for the weak and as a shield for the unpopular. The second point is that surveillance is often beta tested on vulnerable communities, and we need to start explaining how that happens because I think we’ll create broader coalitions. And that’s the third point: how do we act on this to counter surveillance and to stop it?

And so, on the first point, I think, and I’m aware that I’m preaching to the choir in large part here, but I think a lot of Americans, when they think of surveillance of vulnerable people, they might know Martin Luther King and the vicious surveillance of Martin Luther King by J. Edgar Hoover. What they might not know is that J. Edgar Hoover also surveilled Cesar Chavez, and also surveilled the Black Panthers. It was critical in the dismantling of that organization. But before [that], it was Japanese-Americans who were surveilled. Before that, it was a W.E.B. Du Bois who was surveilled for trying to go to Europe while Woodrow Wilson was trying to negotiate some pretty lofty principles, and point out that a major population in Woodrow Wilson’s hometown in the United States was not exactly getting that same fair deal. Y’know, after all this it was LGBT service members, and I guess what I’m trying to say is that when unpopular, powerless people meet the gears of government, they tend to lose. And so what privacy is, it’s a space that allows them to do that work without powerful forces stopping them. And I think this is a framing useful for us.

The second item: surveillance being beta-tested on vulnerable communities. So, quick story. So, I was born in Peru, I came here when I was five. My grandmother is straight out of a Gabriel García Márquez novel, lives in this old, old house—it’s been crumbling—in a little mountain town in Northern Peru called [TK-NAME OF TOWN HERE]. And, um, for years, I think all of us remember when a long distance call was, like, a really big deal. And for years we would call my grandmother, and it would be a really bad connection, it was a really big deal for us. And uh, the fact of the matter is, probably from about 1993 on, every single time my brother and I called our almost centenarian grandmother in a little mountain town in Northern Peru, the Drug Enforcement Administration (DEA) was making a record of it. And this is kind of the secret history of the “215 program” that folks in this room probably know about, but I don’t think the point has been sharpened in this respect. Before 215, the program that allowed the collection of all of our call records all the time, was a Drug Enforcement Administration program that logged international calls. They were not international calls to just anywhere, they were international calls to mostly all Latin-American areas and certain areas elsewhere. And, um, I remember this story coming out, and no one making the second leap in that sentence. The first leap being all international calls were logged, the second leap being that probably means that if you’re a Latino living in the United States, every time you called your mom, or your grandmother, your grandfather, anyone back home, the Drug Enforcement Administration was keeping track of that.

And so, another instance I think you’re going to see this is with facial recognition. The FBI has a fifty-million strong database of faces that State and local law enforcement can use to identify suspects in photos. Before I left Capitol Hill, my boss, Senator Franken, inserted a request, made a request that would include in an audit of the Federal Bureau of Investigation’s facial recognition systems statistics on demographics and on who is in this database. And I suspect what’ll happen if GAO [Government Accountability Office] is able to produce this information is that it won’t be an equal representation of all of our communities in that database. That database is gonna be disproportionately poor, disproportionately Black, and disproportionately Latino. And so I think we need to reckon this fact.

Final point, and then I’ll close because I know we just wanted to do brief statements here. When I was a Senate staffer working on NSA reform legislation, and I know some of you have heard it before because I’ve said it to you, I noticed something very troubling. And it was this: we had so many hearings about NSA. We had so many hearings. We had hearing after hearing after hearing and that’s wonderful and each time the administration had sent people and they get yelled at and they would yell back and it was true sort of exchange of ideas, as much as you can have in an unclassified setting. Um, one thing that I never heard in any of those hearings—and I could’ve missed it, but I’m pretty sure I never heard it—was the name Martin Luther King. Or was the name Cesar Chavez. Or was any bit of this history of disproportionate surveillance of vulnerable communities. And, um, I think that’s everyone’s loss. I think that’s our loss because—I think that’s everyone’s loss because they don’t know, but I think it’s our loss because our coalition could be all the more stronger the more we have the civil rights community activated and moving alongside with us. I’ve said this before to someone and they’ve said, “Well, Alvaro, y’know, we don’t really need the Left. We need the Right. We need the Right to get to 60 [votes].” And this person was exactly right. You need the Right, you need Republicans, and God bless them, God bless folks that are in the Republican party that are with us on this surveillance issue, we need those folks to get to 60. But we need the Left to make sure that what we get out of that 60 is actually worth something. Because there are amendment notes after amendment notes and if your coalition is not strong you will lose those votes and you will get a far worse product because of it.

So, looking forward, we have a debate about Section 702, which allows for the surveillance of communications collected in the United States with one international—I’m sure I’m getting some tiny piece of that wrong—but, um, in those communications collected are some entirely domestic communications, we now know that. But in those communications are going to be awful lot of communications by immigrants. And this program does not affect everyone equally. It disproportionately impacts immigrants, it probably disproportionately impacts Latinos, and I think we need to put that forward and talk about that.

And I think I will close there.

Anika Collier Navaroli: Thank you. Thanks everyone, thanks again for coming. So before I talk a little bit about the surveillance and technology piece, I want to talk a step backwards and I want to talk about the notion of privacy as we currently know it. So the way that we typically think about it in these circles is the philosophical or the legal definition. And in doing that I think that we make certain assumptions. And I want to talk a little bit about those assumptions.

So, first, I think the assumption that we make is that there is agency over one’s own body or one’s own personhood. And I think the second assumption that we make is that privacy is this thing that exists. And in order to do so I think that we create a certain privilege. And to say that, I want to say essentially that there are certain communities within the United States who have never had the privilege of what I’m going to define as privacy.

So, privacy, by “privacy” what I’m talking about is non-surveillance, or a non-monitoring. And so basically what I’m going to talk about a little bit here is the Black community, just because that’s the community that I’m a member of, that’s the one I know the best, and it’s the one that I’ve studied the most.

So, I attended a conference very similar to this a couple of months back hosted by a lot of the same folks and I went to a panel that was about cybersecurity. So it started with the NSA programs Alvaro was just talking about and I think this is one that definitely did it right in discussing the historical impact and the disparities. And what I was shown at the very beginning of this panel was a document that was put up on the screen. And it was a very simple document. This document was stated to be the very first piece of surveillance within the United States. And what that was, was a “slave pass.”

An official "Negro Passport" issued by the Confederate States of America's official War Department in 1865.

And this was, for those of you who don’t know what a slave pass is, it was a piece of paper that was given to Black Americans back in the day. And this allowed them to physically move from one confined plantation to another. And without this pass, there was a serious risk of bodily harm and/or death. So from the very beginning of Black folks being in America, their physical presence has been monitored and surveilled. And this includes folks that were privileged enough to be free. They had Freed Men Passes, and without these, they were not able to move about freely. And as some folks have seen from “12 Years a Slave,” but those didn’t also always work all the time. So just moving back through history we see from the very, very beginning the notion of privacy as we know it never existed for Black folks in America.

And as we move through history, we end slavery, and then we have physical signs that told folks where they could walk, where they could sit, where they could eat, where they could drink, where they could do the very simple things of life. And again, very physical movements of people being monitored, being surveilled, and not following these signs again created a risk of serious bodily harm and/or death. This continued. So we go through what Alvaro was talking about, we know about the civil rights movement of the 1960’s. We know about Assata Shakur, in her book she talks a lot about when she became really big—her autobiography, excuse me—when she became pretty big in the Black liberation struggle, there was a certain point at which she stopped receiving phone bills, but yet her phone was never disconnected.

Audience: [laughter]

Assata Shakur, a Black woman.

Anika Collier Navaroli: And that was the moment that she realized that her phone was in fact wiretapped. And again, now we know what happened. Everything has been declassified, we know about COINTELPRO, we know about J. Edgar Hoover, we know all these things now. But in those movements, not just the physical movements but also the social movements of Black people were being monitored. So, to me, it’s not extraordinary when we think about today’s society. And we think about the fact that the Department of Homeland Security is monitoring Black Lives Matter movement activists at things as simple as concerts. It’s not extraordinary to me that there are allegations in Chicago of Stingray devices being used to monitor the movements of protesters as they move about the streets. These things are not extraordinary in that the existence the privilege of privacy never existed for Black folks in America and to this day is not a notion that is really known.

And so I kinda want to start my thought process there and just realize and ground this conversation in the knowledge that when we talk about surveillance, when we talk about technology, we are talking about brand new tools for a thing that has always been going on.

Hamid Khan: Hi, good afternoon. My name is Hamid. I am from Los Angeles with the Stop LAPD Spying Coalition. I want to start off by just picking up where Anika stopped where, what I gathered was, for many communities historically speaking and even currently as well, privacy is a luxury, it’s not really a right. So I think that’s something that we need to really just at least acknowledge and put it out there. Secondly, since yesterday, if I was not working on the ground on the streets, just organizing out in Los Angeles, one would assume that surveillance is purely a Federal issue whereas the local police is kept completely out of the equation most of the time. And when you look at history, before the FBI came into existence, the police Red Squads were very much in operation. And the police Red Squads didn’t start because the Russians were coming. The police Red Squads started in the 1880s because of the Haymarket strike in Chicago. That was the formation. In 1886 Haymarket happens. In 1888, Chicago police department is the first department to formally incorporate a section which was going to engage in covert intelligence gathering and surveillance of communities. And from there on, we see this rapid escalation of the Red Squads.

So local police is and has always been on the forefront of surveillance, spying, and infiltration. There was a conversation about Stingrays, there was a conversation around automatic license plate readers, the Los Angeles Police Department has all these tools. We talked about Fusion Centers, the Los Angeles Police Department has its own internal Fusion Center as well. New York Police Department works closely with the CIA. So the point I’m trying to raise is that locally law enforcement have been on the front lines of surveillance, spying, and infiltration.

Which brings me to the point then, of how does it impact communities, and particularly communities of color. And most of the time the conversation starts from impact, rather than core concepts. Like, y’know, okay, well, this is what has happened, without us backtracking and seeing what has been the history behind this thing. Another thing that Anika raised was that this is not a moment in time, this is a continuation of history.

So Bill Bratton is known all around the world, not just in the United States, as one of the “top cops.” I mean, as much bogus propaganda as there is. And Bill Bratton is really the one who pushed the “Broken Windows” theory. So I just want to ask Paul, if you could open that Word document from Edward Banfield. So—if you can—Edward Banfield was the intellectual guru of James Q. Wilson who was one of the coauthors of the infamous Broken Windows article in The Atlantic in 1982, which was coauthored by George Kelling, and this is what set the tone for how Broken Windows was informed:

Edward C. Banfield, a white man wearing a suit and tie.

The implication that lower-class culture is pathological seems fully warranted. Rather than waste time and public money implementing policies based on the false notion that all men were created equal, better to just face facts and acknowledge the natural divisions that exist. Members of the lower classes should leave school in ninth grade, to get a jump on a lifetime of manual labor. The minimum wage should be replaced to encourage employers to create more jobs for “low-value labor.” The state should give “intensive birth-control guidance to the incompetent poor.” And the police should feel free to crack down on young lower-class men.

Edward Banfield, mid-century political scientist, University of Chicago

So that “the police should feel free to crack down on young lower-class men.” This is the origin of “Broken Windows” policing.

So this is the tally as of yesterday how many people have been murdered by law enforcement in the United States as of 2015.

The Guardian's "The Counted" data visualization project keeps demographic records of reported police murders.

Nine-hundred and two already. This is a tally that was started by The Guardian. It’s called “The Counted.” And when you do the math, every seven hours and thirty-six minutes, someone is being murdered by law enforcement. I mean, just posit this for a second. Every seven hours and thirty-six minutes. Today, as we sit here, more than three people on average will be killed by law enforcement. And look at the numbers. Los Angeles leads that. Eighteen already in 2015. When you look at per-million, 5.24 Blacks per million. 2.42 Hispanic/Latino per million. 2.1 white. So 250% is the disparate impact on the Black community on how law enforcement is murdering them.

How is the law enforcement responding when we go and protest this? Can you go to the next slide, please?

LAPD Sheriff's Department officers wearing full body armor, face plates, and other extreme military combat outfitting.

This is what we look at. This is what we are facing. This is the intense militarization of the police. This is when we go out onto the street. This is how we are met. This is how we are brutalized. So when somebody talks about privacy and then people talk about “hacking,” the previous slide shows how families are being hacked. How their spirits are being hacked. How trauma is being created. And this is what is going on the streets of Los Angeles.

And the last couple of slides I just want to show, if you wanna go to the third one. This is now happening.

The Daily Beast reports on the first legal "Taser Drones" in the United States.

North Dakota is the first State in the country that is now authorized law enforcement use of drones armed with “non-lethal weapons,” as if tasers and rubber bullets have never killed people. And lastly I just want to show you a slide. This is what we are facing. This is the LAPD’s architecture of surveillance, something that we know now.

Circular diagram depicts how the various component of the United State's domestic surveillance, spying, and infiltration architecture fit together.

From Fusion Centers to Suspicious Activity Reporting (SAR) program, to “See Something, Say Something,” to the Intelligence Gathering Guidelines where they can legitimately now place informers in political groups where they can also, the cops can take fictitious personas and fake identities to Facebook or social media. Then you look at Predictive Policing, then you look at TrapWire technology, which is a street-level camera that picks up your body image and immediately transfers it to the Fusion Centers, to Stingray, and then somebody was saying that Stingray is not going to be used because now they’re using “dirt-boxes,” the Digital Receiver Technology, which is Stingray on steroids. And then we move into the Automatic License Plate Readers (ALPRs), Drones with high-definition cameras. The DHS memo basically, and this is what leads to the how police begin surveillance of poor people, because my work is based out of Skid Row in downtown Los Angeles, where gentrification is running rampant, and one of the things this memo said was it took three small cases of low-level arson and they put a memo out that said if there is any housing rights activists, that if there is any rally or if there is anything going on, that should be considered a suspicious activity, and a Suspicious Activity Report should be filed on housing rights activists. And then we see the militarization, Joint Terrorism Task Force, and the Fusion Centers.

And I want to end by saying that as we are looking at this, who ultimately is going to pay the price? I mean, when we look at the murders on the street, the most recent audit of the Los Angeles Police Department’s Suspicious Activity Reporting, two years ago, came out that—now these are counter-terrorism programs, most of the police now is heading towards counter-terrorism and counter-insurgency—that all the SARs that were sent to Fusion Centers, over thirty-one percent of them were filed on Los Angeles’s Black community, the community that is less than ten percent of the population. A three-to-one disparate impact. In the gender count, fifty percent of these SARs were opened on Black women. These are counter-terrorism programs.

Lastly, the Los Angeles Sheriff’s Department has now become the largest repository of biometrics, they have now a database where they can gather biometrics on fifteen million subjects, and that is an extension of the US military (Navy and Marine) program called the Identity Dominance System, which started in Afghanistan where they had basically taken everything off of the whole population of Afghanistan and now as of this month are launching into the second phase, which is called the IDS-2, Identity Dominance System 2.0, where they are going to start looking at a person’s gait, how you walk, how you move your hands and your arms.

So in essence, what we are seeing is now that speculative policing is going to the next level. Because what this all is, it is speculative policing, and I’ve reached my time, so I’ll stop right there.

Singer: iMiX! What I like! What I like! What I like!

[music]

Pair with David Whitehouse on the disturbingly intimate relationship of policing and schooling.

A Sneak Peek at Better Angels’ Buoy: the private, enhanced 9-1-1 for your personal community

As some of you already know, over the past several months, I’ve been working with a team of collaborators spanning four States and several issue areas ranging from alternative mental health/medical response, to domestic violence survivor support, to police and prison abolitionists. Although we don’t all share the exact same politics, we’ve come together as one group (we’re calling ourselves the “Better Angels”) because we all agree that more has to be done to support communities of people whom the current system fails, regardless of whether that failure is deliberate or not. In the spirit of software development as direct action, we set out to design and implement free software that would have the maximum social impact with the minimum lines of code, as quickly as possible.

Today, I want to introduce you to that software project, which we’re calling Buoy.

Screenshot of the Better Angels Buoy community-driven emergency dispatch system sending an alert to a crisis response team.

What is Buoy

Buoy is a private, enhanced 9-1-1 for your website and community. We call it a “community-driven emergency dispatch system” because everything about its design is based on the idea that in situations where traditional emergency services are not available, reliable, trustworthy, or sufficient, communities can come together to aid each other in times of need. Moreover, Buoy can be used by groups of any size, ranging from national organizations like the National Coaliation Against Domestic Violence (NCADV), to local community groups such as Solidarity Houston, or even private social clubs such as your World of WarCraft guild.

Indeed, the more community leaders who add the Buoy system on their websites, the safer people in those communities can be. One can imagine the Internet as a vast ocean, its many users as people sailing to the many ports on the high seas. Buoy is software that equips your website with tools that your users can use to help one another in the real world; the more buoys are deployed on the ocean, the safer traveling becomes for everyone.

How does Buoy work?

Using Buoy is simple. After a website admin installs and activates Buoy, each user of that website can define their personal response team by entering other users as their emergency contacts. This is shown in the screenshot below.

Screenshot of Buoy's "Choose your response team" page.

The “Choose your team members” page, available under the “My Team” heading in the WordPress dashboard menu, allows you to add or remove users from your response team. When you add a user, they receive an email notification inviting them to join your team.

Screenshot of Buoy's "Team Membership" page.

When you are invited to join someone’s response team, you receive an email with a link to the “Team Membership” page, shown here. On this page you can accept another user’s invitation to join their team or leave the teams you have previously joined.

After at least one person accepts your invitation to join your response team (i.e., they have opted-in to being one of your emergency contacts), you can access the Buoy emergency alert screen.

screenshot-3

You can bookmark this page and add it to your phone’s home screen so you can launch Buoy the same way you would launch any other app you installed from the app store. Pressing the large button nearest the bottom of the screen activates an alert and immediately sends notifications to your response team. Clicking on the smaller button with the chat bubble icon on it opens the custom alert dialog, shown next.

screenshot-4

Using that button with the chat-bubble icon on it, you can provide additional context about your situation that will be sent as part of the notification responders receive.

For some use cases, however, sending an alert after an emergency presents itself isn’t enough. Unfortunately, this is the only option that traditional 9-1-1 and other emergency dispatch services offer. In reality, though, there are many cases where people know they’re about to do something a little risky, and want support around that. This is what the other button with the clock icon on it is for.

Clicking on the smaller button with the clock icon on it opens the timed alert (“safe call”) dialog, shown next.

screenshot-5

Use this button to schedule an alert to be sent some time in the future. This way you can alert your response team to an emergency in the event that you are unable to cancel the alert, rather than the other way around. This is especially useful for “bad dates.” It’s also useful for border crossings or periodic check-ins with vulnerable people, such as journalists traveling overseas.

Regardless of which alert option you select, Buoy will gather some information from your device (including your location and your alert message) and either send your alert to your response team immediately or schedule the alert with the Buoy server. A nice pulsing circle animation provides visual feedback during this process.

screenshot-6

If you pressed one of the immediate alert buttons, the next thing you’ll see when you use Buoy is some safety information. This information is currently provided by the website admin, but we have some ideas of how to make this even more useful. Either way, if it is safe to do so, you can read through this information and/or take one of the suggested actions immediately. In the example screenshot here, Buoy has been installed on the website of a domestic violence survivor’s shelter, so the admin composed safety information that helps DV survivors quickly find and access even more supportive resources, such as hotlines and other nearby services like animal rescuers.

screenshot-7

If you’re in an emergency situation where interacting with your phone isn’t feasible, such as if you are being beaten or chased, you can simply ignore this screen. As long as you don’t lose or shut off your device, your device will send your location to your response team so that they will be able to track and find you, even if you travel away from the spot where the crisis originally began.

If you can interact with your phone, you can also close the safety information window at any time. When you do, you will see that behind the safety information window, a private, temporary chat room has been loaded in the background.

screenshot-8

When one of your response team members responds to your alert, they will join you in this chat room.

In addition to the chat room, behind the safety information window is also a real-time map. (The map can be accessed at any time by clicking or tapping the “Show Map” button. Tapping the same button again hides the map.)

screenshot-9

On the map, a red pin shows the initial location of the emergency. Your avatar shows your current position. As responders respond to your alert, their avatars will also be added to the map.

Buoy is just as easy to use from the point of view of a responder, as it is from the point of view of someone sending an alert. When a responder clicks on a notification from the alert (either by email, SMS/txt message, or whatever other notification mechanism they prefer—we are continually working to add new notification channels as our people-power and resources allow), they will be shown your alert message along with a map. They can click on the red pin to get turn-by-turn directions from their current location to the emergency alert signal. If they choose to respond, they click on the “Respond” button and will automatically be added to the group chat shown earlier.

screenshot-10

When a responder clicks the “Respond” button, they will automatically be added to the same live chat room that the alerter is in. They will also see the same map.

screenshot-11

The alerter and all current responders become aware of new responders as they are added to the chat room and the map. As people involved in the incident move around in the physical world, the map shown to each of the other people also updates, displaying their new location in near real time.

screenshot-12

Clicking on any of the user icons on the map reveals one-click access to both turn-by-turn directions to their location and one-click access to call them from your phone, Facetime, Skype, or whatever default calling app your device uses.

Who should use Buoy? Should it only be used in emergencies?

Although Buoy is designed to be useful in even the most physically high-risk situations such as domestic or dating violence abuses, kidnapping, home invasion, and other frightening scenarios, you can use Buoy however you want. We particularly encourage you to use Buoy when you feel like your situation may not rise to the level of calling 9-1-1 or when you feel like the presence of police officers will not improve the situation.

For instance:

  • If you feel you are being followed as you walk home on campus, use Buoy. Your friends will be able to watch your location on their screens and quietly chat with you as you walk home, ensuring you reach your destination safely.
  • If you or someone you are with feels suicidal, or is having a “bad trip,” and you don’t want cops showing up to your house but need assistance, use Buoy. Responders will be notified of your physical location and will be able to coordinate a response action with you and with each-other in real time without ever notifying the authorities of the situation.
  • If you are with a group at an outing such as a hike or a large amusement park and get separated from your group, use Buoy. Each group member will be able to see one another’s current location on a map, can easily coordinate where to meet up, and can even access turn-by-turn directions to one another’s locations with one tap of a finger.

We’ve designed Buoy with people for whom “calling the cops” is not possible or safe, such as:

  • Undocumented immigrant and homeless populations.
  • Domestic violence victims and survivors.
  • Social justice and social change activists/political dissidents.
  • Freed prisoners.
  • Frequent targets of assault and street harassment (trans/queer people, women).
  • People suffering from a medical or mental health emergency.
  • Especially all the intersections of the above (homeless feminine queer youth of color, for instance).

In other words, these are all demographics who could benefit by having “someone to call” in the event of an emergency for whom “the police” is obviously a counterproductive answer, because when police are involved they are more likely to escalate the situation than de-escalate it.

That said, even if these descriptions don’t fit who you are, you can still use Buoy and if you do, we hope you find it useful.

How can I get Buoy?

Buoy is a bit like a very advanced telephone. Just like a telephone, it’s not very useful if no one else you know has one! For Buoy, or a telephone, to be useful, you have to know someone else who already has it.

Since Buoy is so new and is designed to be used in real-life emergencies, we are only working with a small group of alpha testers in order to ensure that there are no major technical or usability issues before its widespread adoption. However, we are very excited about the possibilities and we are currently looking to include more people in the testing process. If you think this is exciting and want to help put the finishing polish on this tool, please get in touch with someone from the Better Angels collective directly; links to our contact information is posted on the Buoy project’s development site. (Or just email me at bitetheappleback+better.angels.buoy@gmail.com directly.)

That being said, if you are a community leader, and you maintain a WordPress-powered website, you can try out Buoy right now by installing it directly from your WordPress admin screens! It’s just as easy to install as any other WordPress plugin. Similarly, if you yourself are not a “community leader,” but you want to try it out, you can either ask to join our private testing phase or you can tell others in your community about Buoy and see if the group of you can install it on your own group’s website.

If you do that, don’t hesitate to ask for technical or other help of any kind over at the Buoy support forums.

How can I help Better Angels projects?

There’s a lot you can do to help make Buoy better or help the Better Angels collective more generally! Check out our contributor guides for more information! Of course, one of the most immediate things you can do to help is spread the word about this project. (Hint hint, click the reshare button, nudge nudge!) Cash donations are also very helpful! Finally, we’re also trying very hard to get the entire tool translated into Spanish, so if you’re bilingual and want to help, please sign up to be a Better Angels translator here.

We think Buoy is a great tool for building strong, autonomous, socially responsible, self-sufficient communities, and we hope you’ll join us in empowering those communities by making them aware of Buoy.