The rise of tech-worker activism

Video by Chris Schodt, production by Justin Wolfson. (video link)

In this episode of Ars Technica Live, we spoke with Leigh Honeywell, a security engineer who has worked at several large tech companies as well as the ACLU. She's been at the forefront of worker organizing in the tech industry, organizing protests against data-driven profiling and founding Hackerspaces in both Canada and the United States. Recently, she founded the company Tall Poppy to protect tech workers from abuse online.

We began by talking about how she created the Never Again pledge, signed by hundreds of tech workers, which was a direct response to President Trump's openness to tracking Muslims in the US using big data. She said it was a turning point when tech workers realized that the systems they built weren't just helping people. These systems could also be weaponized and used for surveillance and racial profiling. People signing the pledge promised to quit their jobs before designing a database for tracking Muslims or any other vulnerable group.

Read 6 remaining paragraphs | Comments

Bay Area: Join us 1/9 to talk about personal data security in 2019

Askhan Soltani has worked with the FTC and as an independent researcher, exploring data privacy issues. Recently, he testified about Facebook's privacy policies before the US and UK governments.

Enlarge / Askhan Soltani has worked with the FTC and as an independent researcher, exploring data privacy issues. Recently, he testified about Facebook's privacy policies before the US and UK governments. (credit: Ashkan Soltani)

The Cambridge Analytica scandal. Data breaches at hotels, banks, rideshare companies, and hospitals. Facial recognition. DNA databases. We're living through the data privacy apocalypse and now it's time to figure out what happens next. Here to discuss that with us at the next Ars Technica Live is Ashkan Soltani, an independent researcher and technologist who specializes in data privacy.

Recently, Soltani testified before the US and UK governments about Facebook's privacy practices and how they make user data available to third parties. Soltani also authored the California Consumer Privacy Act of 2018, which regulates large companies that make more than 50 percent of their revenues from selling California residents' personal information. The CCPA was signed into law earlier this year.

Soltani will be in conversation with Ars Technica editors Cyrus Farivar and Annalee Newitz.

Read 4 remaining paragraphs | Comments

How to make elections secure in the age of digital operatives

Video by Chris Schodt, production by Justin Wolfson (video link)

In our latest episode of Ars Technica Live, we talk about election security. My guest was Alex Stamos, a researcher at Stanford who just happened to be the CSO at Facebook when the company discovered Russian operatives meddling in the US presidential election. He told us about that experience, and what's worrying him about the future of UU democracy.

It was odd for technical experts like Stamos and his team at Facebook to find themselves at ground zero of a political propaganda war. Stamos explained that infosec researchers are not typically trained to deal with things like weaponized memes. "We had ignored that the vast majority of human harm caused online has no interesting technical component," he said wryly. "It's a technically correct use of the products we build."

Read 26 remaining paragraphs | Comments

Ars puts new Master Lock hack to the test—and succeeds

Yesterday, our own Dan Goodin covered a clever new hack that uses a bit of calculation to reduce a well-known Master Lock exploit from 100 maximum attempts to just eight. Today, we put the hack to the test. Is cracking a Master Lock as simple as hacker Samy Kamkar makes it look if you have absolutely zero experience?

I bought a new Master Lock from a local drugstore last night and sat down with it this morning to see if I could pop it open without looking at the combination first. Using Samy's instructional video and a basic Web tool he designed, I timed my attempt at opening the lock.

The first few minutes seemed promising. I watched the video and began to replicate its instructions on the lock in my hands, but two of the steps proved trickier than they looked. The first and second "locked positions" were simple to find, but the third number I needed was a "resistant location" that was far more subtle. While I was supposed to note the one place where the lock caught each time as I spun the dial, it seemed to catch in multiple places even as I varied the pressure on the shackle. I took a guess and used the Web tool, which generated 16 possible lock combinations.

Read 7 remaining paragraphs | Comments