Issue 96

"Do you like solar companies?"

Delivered on 18 January 2021 by Justin Pyvis. About a 7 min read.

Markets are hot right now. Very hot. All the usual warning signs are flashing red, from soaring asset prices to unsolicited stock advice from cleaning ladies:

When you see all this stuff coming out and all these people talking about penny stocks and pushing them higher, it's got to make you wonder, where is the top? Is it too frothy? Is there too much exuberance out there?" said Ryan Nauman, market strategist at Informa Financial Intelligence's Zephyr. "That's my concern -- the fear of missing out is driving stock prices."
...
Cromwell Coulson, the president of OTC Markets, says there's a simple explanation for all the buying. "It's clearly a bull market," he said. "I would be very careful. We're definitely in a market where my cleaning lady is asking me 'Do I like solar companies?' Because she bought a solar company that's a NASDAQ stock through Robinhood. And it's tripled."

The cleaning lady analogy draws from an old story about Joe Kennedy (JFK's father), who:

...decided to stop to have his shoes shined before he started his day's work at the office. When the boy finished, he offered Kennedy a stock tip: "Buy Hindenburg." Kennedy soon sold off his stocks, thinking: "You know it's time to sell when shoeshine boys give you stock tips. This bull market is over."

A similar quote has been attributed to Bernard Baruch, who made a fortune in the 1920s US bull market but sold well prior to the crash in 1929:

Taxi drivers told you what to buy. The shoeshine boy could give you a summary of the day's financial news as he worked with rag and polish. An old beggar who regularly patrolled the street in front of my office now gave me tips and, I suppose, spent the money I and others gave him in the market. My cook had a brokerage account and followed the ticker closely. Her paper profits were quickly blown away in the gale of 1929.

The lesson is timely, given some are now suggesting we may be entering "a second 'roaring Twenties'".

Many markets have either recovered or are above where they were pre-coronavirus, despite the huge loss in economic output due to self perseveration (voluntary social distancing) and government-mandated lockdowns:

Asset prices - stocks, houses, crypto, commodities (copper and nickel are up around 30% since the first coronavirus case was declared, iron ore nearly 90%) - have all soared in the last several months due to unprecedented monetary and fiscal support. While the bottom quartile is struggling, lots of people have actually done quite well working from home, accumulating savings while their respective governments thrust even more cash at them:

“The damage from COVID-19 is concentrated among already challenged groups,” Brainard said in a speech Wednesday. “The K-shaped recovery remains highly uneven, with certain sectors and groups experiencing substantial hardship.”

At a time when the national unemployment rate has come down from the pandemic peak of 14.7% to the current 6.7%, Fed economists estimate the jobless rate for the lowest quartile of earners is “likely above 20%,” Brainard said.

Much of the global stimulus has flowed not to businesses and individuals who have suffered legitimate hardship but into assets, which are now easier than ever to speculate on thanks to micro-investing app such as Robinhood. Just look at what happened to an obscure stock called Signal Advance Inc. when everyone's favourite salesman, Elon Musk, tweeted "Use Signal":

Signal Advance is, of course, completely unrelated to Signal Messenger, which I've been recommending for years and is what Musk was tweeting about following the WhatsApp debacle. But a sufficient cohort of people are so cashed up and enthused they don't care: just buy, buy buy!

I'm not going to pretend I know how long this euphoria will continue. But price surges and corrections will probably hit different markets at different times, given the interconnectedness of the global financial system.

Take China, which last year embarked on a massive credit-fuelled, infrastructure-led stimulus programme. Its credit growth eased slightly in December, but given how centrally directed much of China's economy still is, the outlook will depend heavily on the policy stance adopted in its 'Two Sessions' in early March. Xi Jinping will have learnt from the 2014-15 taper and will also want to maintain an appearance of strength on the world stage with a new US President, so I expect Chinese-driven demand to slow but remain relatively buoyant at least until the second half of 2021.

In the US and other more market-oriented economies, the outlook depends on vaccine efficacy and rollout (long lasting social distancing and on-again, off-again lockdowns will keep activity subdued), how long central banks decide to keep their feet firmly pressed on the liquidity pedal and how much debt governments are willing to accrue to continuously hand out cash to many who simply don't need it.

But I find it hard to believe earnings will ever live up to the current lofty expectations for many companies, so when the hot money eventually dries up, a decent reality check is in order. Tread carefully!

Google flexes on Australia

Google is flexing against the Australian government’s proposed News Media and Digital Platforms Mandatory Bargaining Code. Sorry, I mean “experimenting”:

Google has confirmed it is burying links from traditional media outlets in some of its search results, as an ongoing spat between publishers and the tech giant continues to escalate.

The company told The Australian in a statement that the move was part of a “short term experiment”. It means that for some users, news stories from commercial media outlets, are hidden by the company’s algorithms.

Australia's Treasurer, Josh Frydenberg, wasn't happy:

Google, Facebook, other digital giants should focus not on blocking users in Australia accessing domestic content, they should focus on paying for it.
...
It [the Code] has been acknowledged, not just by other regulatory agencies but by other governments around the world, it’s going to have a final arbitration model in place and it’s going to be a very significant advance for our domestic media businesses.

Well why didn’t you say so earlier Josh! It must be great if regulators and governments around the world like it so much. But what about businesses outside of the legacy Australian media (no doubt generous political donors)? Or more importantly consumers, who may soon have to use a VPN to find the news they want?

For those interested, I wrote about the proposed Code back in December.

Trust us, we're from the government

AUSTRAC, an Australian government agency “set up to monitor financial transactions to identify money laundering, organised crime, tax evasion, welfare fraud and terrorism financing”, “accidentally” told:

…Parliament that the Vatican transferred $2.3 billion to Australia over seven years when the actual amount was less than $10 million… and blamed software for the bungle.

Wow. It’s not as if AUSTRAC isn't well funded or staffed - it had its budget more than doubled last year (+$100m, +67 staff) and its management is well compensated, with its CEO alone taking home $392,048. The other 11 executives on its books pocket between $117,358 and $308,039.

A private company's CEO and responsible executive(s) would have resigned after such a major gaff. AUSTRAC will probably get even more funding in this year's federal budget.

But believe it or not, it could be worse! In the UK, a "software error" apparently caused the police to delete:

...150,000 arrest records and thousands of other pieces of information. In another blunder in October, the Police National Computer (PNC) went down for several hours after reportedly being accidentally unplugged.

Better increase their IT budget to ensure it doesn't happen again!

An anti-trust zealot fires a parting shot

Makan Delrahim, the US Justice Department’s outgoing antitrust chief, said:

In markets where you have network effects which lead to a winner-take-all, you want to ensure there is continued competition, continued innovation… [the Federal Trade Commission and Congress] are right on the money in taking a close look.

Winner-take-all at a particular point in time. Network effects aren’t enough to fend off potential competition unless the incumbent continuously improves and innovates. Just ask Hi5, MySpace, Friendster, Yahoo, Netscape or even Nokia (and soon WhatsApp?).

Then there's TikTok, which went from zero to around a billion users in just a few years. That kind of growth shouldn't have been possible in Delrahim's framework, given the dominance and network effects possessed by Facebook. But when all you have is a hammer...

That was then, this is now

UK plan to shun EU vaccine scheme ‘unforgivable’, say critics, was the title of a Guardian article back in July:

In response to the UK government’s decision to walk away from the latest initiative, Munira Wilson, the Liberal Democrats’ health spokeswoman, said: “When coronavirus is such a threat to people’s lives and livelihoods, ministers should leave no stone unturned in their bid to end the pandemic.

“This government’s stubborn unwillingness to work with the European Union through the current crisis is unforgivable.

“The crisis does not stop at any national border. It is about time the prime minister started showing leadership, including fully participating in all EU efforts to secure critical medical supplies and a vaccine.”

It turns out shunning the giant, bureaucratic (read: slow) vaccine procurement process that the EU implemented was one of the UK's best decisions so far this pandemic.

On a per capita basis, the UK is currently fourth in the world in terms of vaccinating its population behind Israel, the United Arab Emirates and Bahrain.

Meanwhile in the United States - which is still doing better than every EU nation - thousands of doses are being thrown in the garbage because vaccine administrators are too afraid to give unused, expiring doses to vulnerable patients or non-hospital employees in violation of state rules. Depressing.


Issue 95

It's time to uninstall WhatsApp

Delivered on 11 January 2021 by Justin Pyvis. About a 5 min read.

If you use WhatsApp it's probably because it works well, is easy to use and best of all it's end-to-end encrypted (WhatsApp is encrypted with the Signal protocol - but Facebook holds the encryption keys). But you might want to consider changing.

Facebook has in the past denied that it uses the data captured by WhatsApp. However, it recently announced that on 8 February that will all change, with WhatsApp updating its privacy policy to allow Facebook to collect:

  • user phone numbers;
  • anything stored in your phone's address book;
  • profile names and pictures;
  • status messages, including when a user was last online;
  • diagnostic data collected from app logs; and
  • share that data with other Facebook companies.

The weaknesses in WhatsApp's implementation of the Signal protocol mean that Facebook will now have enough information to build comprehensive profiles of anyone who uses it, even if they're not on Facebook. That's because other than the list above, WhatsApp already captures unencrypted metadata such as group names and descriptions, when you add a new member or remove an existing one, all images, who talks to whom, how frequently and at what times.

In addition, I've written before about WhatsApp's automatic backup feature, which uploads all of your content to its servers without client-side encryption, meaning anything backed up is fully available to Facebook (why do you think they prompt you to enable it every month?).

The good news is that there's an alternative: Signal. It's also encrypted with the Signal protocol, is open source (so you can be sure there are no backdoors) and has all of the functionality of WhatsApp. Here's a look at the two side-by-side, using Apple's privacy report, with Signal up first:

Now here's WhatsApp:

Please don't give Facebook any more information: it's time to uninstall WhatsApp! If you have any friends that refuse to switch, forward them this email or send them a link to it on the website.

Platform or Publisher, take 3

Are the likes of Facebook, Twitter, Reddit and YouTube platforms or publishers? I've asked the question twice before (2019, 2020), concluding that while "there is no debate that social media began as a platform. [But] by moving in a direction so far beyond the content moderation threshold dictated by social norms they have laid the groundwork to one day be forced to surrender their platform status".

Twitter and Facebook have increasingly been moderating the content of their users, culminating in Twitter's permanent suspension of Donald Trump's account last week. It's important to clarify that Twitter is free to ban - sorry, 'permanently suspend' - whomever it wants. Twitter owns Twitter and no one has a 'right' to use it; this is not a free speech issue. But that hasn't stopped lawmakers such as Lindsey Graham misreading the situation and doubling down against Donald Trump's pet peeve, Section 230:

To be clear, removing Section 230 - which protects social media platforms from the content their users post - will not do what Lindsey Graham thinks it will do. Had Section 230 not existed during the Trump Presidency, Twitter would have been liable for his tweets and he would have been banned many years ago (or Twitter would have been sued into oblivion). In fact, removing Section 230 will result in more Republicans being banned from Twitter, not less.

I do worry that Twitter's actions and its gradual shift towards being a publisher will eventually bite it in the backside. It's on a slippery slope of content moderation that will be hard to stop. Facebook and even Apple and Google are also on the slope, with the latter two last week suspending 'free speech' social media platform Parler from their respective app stores due to a failure to remove "egregious content"... in other words, by being too much like a platform and not enough of a publisher? To add insult to injury Amazon withdrew its web hosting service, knocking the entire platform offline.

I'm not sure how this is going to play out. Where do the creators of "egregious content", such as Donald Trump, vent their frustrations? Left-leaning platforms such as Twitter will ban them, and Google and Apple are gatekeeping Wild West alternatives such as Parler.

Could this be the Fediverse's moment to shine? How about a blockchain-based social media platform? What about a revival of blogs or newsletter platforms such as Substack (is Donald Trump capable of writing more than 280 characters at a time)? There's now enough latent demand out there to support something outside the status quo, I just don't know what form it will take.

Meet the world's new richest man

Elon Musk is now wealthier than Jeff Bezos. On paper, anyway. The story of Tesla has been nothing short of remarkable. Fuelled by record low interest rates, government cash handouts and other forms of demand stimulus, lockdowns limiting people's ability to spend on consumption, and micro trading apps such as Robinhood, Tesla stock has found itself as the pre-eminent speculative asset of choice:

It now has a price/earnings ratio approaching 2,000 (well above the S&P 500's historical average of around 15), meaning people are betting not just on future growth but gargantuan future growth.

I just cannot see a world in which that is possible (Godzilla wiping out Toyota?). Enjoy it while it lasts, Elon!

Singapore misuses COVID-19 tracing data

Most governments around the world 'guaranteed' that COVID-19 tracing app data would not be misused. Guess what? It's being misused:

To encourage people to enrol, Singaporean authorities promised the data would never be used for any other purpose, saying "the data will never be accessed, unless the user tests positive for Covid-19 and is contacted by the contact tracing team".

But Minister of State for Home Affairs Desmond Tan told parliament on Monday that it can in fact also be used "for the purpose of criminal investigation".

There was just no way that politically influential groups such as the police would be able to resist the honey pot that is coronavirus tracing app location data. I expect this to start happening in many other countries (if it hasn’t already).

Politically legislated protections and guarantees can and will be undermined. Only install fully transparent, ideally open source contact tracing apps.


Issue 94

Musk's Starlink, China's tech crackdown, Summers on the stimulus, Yglesias on S230

Delivered on 04 January 2021 by Justin Pyvis. About a 7 min read.

Announced in the run-up to the 2007 election with an estimated taxpayer contribution of $A4.7 billion, Australia's still-incomplete National Broadband Network (NBN) has so far cost taxpayers more than $A51 billion. The Parliamentary Budget Office now estimates its fair value is just $A8.7 billion (as of June 2019).

I expect that's an optimistic estimate, given that competition is going to intensify in the next decade. 5G is rapidly rolling out and then there are wild cards such as Elon Musk's internet satellite project, Starlink (itself a recipient of nearly $US900 million in US government subsidies), already reporting speeds of more than 200 megabits per second:

Musk plans to take Starlink to other places in the world, including Europe, in 2021... In total, SpaceX plans to fly as many as 42,000 Starlink satellites into orbit. The goal is to provide high-speed internet to nearly any location on Earth, and generate $US30 billion to $US50 billion in annual revenue.

Compare that to the NBN, where 70% of homes and businesses are on a maximum of just 50 megabits per second. Australia still ranks well behind most of its OECD peers in terms of speed and take-up (but it performs quite well in mobile broadband, a sector in which the government has largely avoided 'investing').

The only way the NBN becomes remotely viable from here is if the government grants it a monopoly over not just fixed line services but also wireless and satellite broadband. Doing so would condemn Australians to sub-par internet for another few decades so let's hope common sense prevails and the NBN is allowed to simply fade into the annals of history as yet another failed government 'investment'.

In China, never forget who's the boss

Alibaba co-founder Jack Ma (who is currently missing) is perhaps China's most well-known billionaire but he might have drawn a bit too much attention from the Communist Party, which on Sunday "ordered Ant to reexamine its fintech businesses -- spanning from wealth management to consumer credit lending and insurance -- and return to its roots as a payments service".

That comes just over a month after Chinese regulators forced Ant to cancel its long-awaited IPO, which was set to be the world's largest ever. In its 'nightmare' scenario, Bloomberg theorises that:

China’s leaders have grown frustrated with the swagger of tech billionaires and want to teach them a lesson by killing off their businesses -- even if it means short-term pain for the economy and markets.

China’s private sector has maintained a delicate relationship with the Communist Party for decades, and has only recently been recognized as central to the nation’s future. Many commentators have attributed the recent crackdown on fintech companies to remarks Ma made at a conference in October, when he decried attempts to rein in the burgeoning field as short-sighted and outmoded.

Between them, Alibaba, Ant and Tencent commanded a combined market capitalization of nearly $2 trillion in November, surpassing state-owned behemoths such as Industrial & Commercial Bank of China Ltd. as the country’s most valuable companies.

In China, the Communist Party is the boss. If a sector, company or individual is becoming too influential it will come down on them hard, regardless of the consequences. Where will China's next Jack Ma immigrate before growing their new trillion-dollar business? The United States (Texas or Miami rather than California, of course)? Singapore? The now EU-free United Kingdom? I would say Australia but its politicians are anti-tech and I don't think the broadband is up to scratch.

Larry Summers on those stimulus cheques

There's a lot I don't agree with when it comes to Larry Summers but he's right to be alert to the risks of the latest stimulus payments, which are equivalent to throwing gasoline on the COVID fire:

The data are striking. Total employee compensation is now running only about $30 billion per month behind the pre-Covid baseline. Measures in the congressional stimulus bill to strengthen unemployment insurance and to support business will add about $150 billion a month to household income in order to replace all this loss.

The question is whether there is a rationale for further tax rebate of more than $200 billion a month over the next quarter. This would represent additional support equal to an additional seven times the loss of household wage and salary income over the next quarter.
...
But the existing stimulus bill is sufficient to elevate household income relative to the economy’s potential to abnormally high levels — unheard of during an economic downturn. With President Donald Trump’s add-on, we are in completely uncharted territory, with household incomes more than 15% above their normal level relative to economic potential. We frankly have no confident basis for judging how much and how fast this excess, and the pre-existing backlog of saving from the Cares Act, will be spent. There is the possibility of some overheating, particularly if the economy’s potential supply remains constrained by Covid protection measures.

As I've written before, governments seem to have responded to the COVID recession, which has so far been mostly a supply shock, by:

...trying to stimulate demand. That has caused asset prices to go ballistic, in large part because much of the stimulus is finding its way to relatively affluent people working from home, consuming less (i.e. saving more) and able to borrow significantly more.

People are cashed up, they just can't or won't spend it due to pandemic-related restrictions or uncertainty. What they can spend it on are assets (look at property prices, Bitcoin and the Nasdaq Composite for examples), but as soon as they can, expect some of it to start trickling into consumer goods prices. Risk has been mispriced and resources are being misallocated, but by the time the central bankers and politicians realise their error the greedy capitalists' error, it'll be too late.

Yglesias goes off the deep end

Former Vox economics/politics writer Matthew Yglesias had a few choice tweets on Section 230, essentially agreeing with Donald Trump who has long lambasted the protections it provides to social media platforms.

For someone who purports to write about economics those are extremely naïve comments. Essentially, Yglesias is arguing that:

  • the government should concern itself with advertising revenue flows, despite no evidence of monopoly (i.e. become extremely interventionist in picking winners and losers); and
  • Facebook - with a market capitalisation of $775 billion and annual revenue over $70 billion - generates "essentially none" of the societal value created by Silicon Valley and the IT industry.

I personally don't like Facebook but unlike Yglesias I'm wise enough to know that it creates enormous value for millions of people around the world, evidenced by the fact they use it more than the many alternatives available to them, including print media. Destroying Facebook and the value it creates would therefore ipso facto be bad for the country.

But it gets worse. If Yglesias gets his way and cripples Facebook, it will not accomplish his goal of redirecting revenue flows to journalism companies or individuals such as himself. Most of the advertisers on Facebook are small businesses - there are more than 8 million of them - with less than 20% of Facebook's advertising revenue coming from its top 100 clients. If Facebook can no longer offer targeted, localised adverts, how likely is it that your local baker, jewellery maker or coffee shop will simply "redirect" their Facebook advertising spend to journalism companies such as Vox or the New York Times? Facebook's top 100 clients, certainly, but not the remaining 7,999,900, who would all be harmed by no longer having Facebook adverts as an option.

Crippling Facebook by removing Section 230 is bad policy, not because Yglesias' stated goal of of wanting to support journalism companies is bad but because it's an ineffective, socially and economically destructive way to achieve that goal.

AstraZeneca COVID-19 vaccine approved

For all of its mishaps in its handling of the pandemic, the UK is at least leading the way in terms of ending the crisis (how long until the EU bureaucrats get moving?):

AstraZeneca Plc and the University of Oxford’s Covid-19 vaccine won U.K. clearance, marking the first approval worldwide.

The shot can be deployed swiftly because it’s easier to transport and store than the Pfizer-BioNTech one, requiring only refrigerator temperatures rather than deep freezing.

A first dose of the AstraZeneca-Oxford vaccine will be given to as many people as possible, followed by a second dose four to 12 weeks later. A government advisory group said the priority should be to vaccinate large numbers as quickly as possible rather than completing a two-dose regimen right away.

👏👏👏 The AstraZeneca vaccine, if effective, is important as it's a key part of many countries' vaccination plans (see the dark blue bars in the image below, courtesy of the FT).

Of course, none of that matters if the vaccine cannot be properly administered. Israel is the clear leader in that regard, with 10% of its population already vaccinated. By contrast, the US has vaccinated just .95% of its population with the UK at about 1.4%.


Issue 93

The best privacy tools of 2020

Delivered on 28 December 2020 by Justin Pyvis. About a 6 min read.

I trust everyone had a Merry Christmas! To wrap up 2020 I thought I'd provide a summary of some privacy-friendly software I use on a regular basis, just in case anyone felt the need to improve their risk profile in the new year.

Password management

Getting (and using) a password manager is the single biggest step you can take to improve your digital privacy and security. A password manager will generate a unique password for every service you use up to 128 characters long. You only need to remember one password* (or better yet, a passphrase) to unlock everything. That means if a company gets compromised - which happens far, far too often - at least all your other accounts are safe.

*Note that ideally you should combine your password/phrase with 2-factor authentication, such as an app like andOTP or Authy Aegis.

In terms of which password manager to use, look no further than Bitwarden. It's open source, has a very usable free option and will automatically sync with all of your devices. Here's a sample 32-character password I generated:

RNgs%BY7!*zu^HHPiHQsK$56iZLf!zgR

And here's a random 5-word passphrase I asked it to cook up:

excavate-daredevil-bobsled-sheep-ritalin

If you were really keen you could use KeePass but I find Bitwarden's simplicity and ease-of-use impossible to beat, except perhaps by 'premium' managers such as 1Password, which are closed source so drop down my list a bit.

File synchronisation and cloud storage

Dropbox, iCloud and Google Drive are great but not only do they scan and index your files, employees (and governments) can come snooping too. There are two clear privacy-friendly alternatives, one is free and requires a bit of technical nous while the other involves forking out a bit for a premium service.

The free option is Cryptomator. It's open source and encrypts all of your data locally, meaning whichever mainstream cloud provider you use will only see gibberish when they scan your files.

The downside of using Cryptomator is that it makes collaboration impossible, including sharing file links. It also adds an element of risk - if you lose your passphrase or somehow corrupt your Cryptomator folder, you lose your data (always use a password manager!).

That downside can be resolved by using a paid service such as Tresorit, Sync.com, Mega or ProtonDrive. I haven't tried ProtonDrive as it's only in beta but the other three work at least as well as the big mainstream cloud providers. Note that Mega and Sync are based in New Zealand and Canada respectively, which are both members of the 'five eyes' and so should be avoided where possible. That leaves Tresorit, which has been around quite a while now and is based in Switzerland (with relatively good privacy laws). However, as with the other three its source code is not open, meaning there's still an element of trust involved.

The only other options that tick all the boxes are Nextcloud or Seafile. But those are self-hosted solutions so require a bit of technical ability and either a paid virtual private server (VPS), a dedicated server in your home or someone else to manage it.

Email

This is an area where I have flip-flopped a few times over the years. I have found that encrypted email - e.g. ProtonMail, Tutanota - might sound good on paper, but you usually have to sacrifice too much for limited gains.

The ability to sync contacts to your phone's address book? Someday, maybe. Properly formatted emails? Occasionally. Calendar invites? If you're lucky!

While end-to-end encrypted email sounds nice, it's better in theory than in practice. Aside from the relatively limited features, just about every email you send or receive will have Apple, Google or Microsoft on the other end of it anyway, meaning they already have a copy of most of your emails. That means there's very little point to end-to-end encrypted email; it's simply not the right medium for privacy.

However, you should still try to avoid the Google's of the world where you can. Despite the pitfalls, encrypted services such as ProtonMail are good in the sense that you can be sure they do the basics well, including zero-access encryption at rest and 2-factor authentication. They're also good if you regularly email someone else willing to use PGP, such as a spouse or colleagues.

I personally have accounts with Swiss-based ProtonMail and Iceland-based Runbox, using the open source clients Thunderbird (Desktop) and K-9 Mail (Android beta version) with the latter as its web interface leaves much to be desired. Other options I have dabbled with over the years include mailbox.org, Soverin, Mailfence and StartMail. YMMV, so make sure to use your own domain name (@yourname.com) to make switching providers easy should the need arise.

Messaging

While the email protocol was not built for privacy, messaging was. The standout is the Signal Protocol, which is what secures the Signal Messenger and a bunch of other major encryption implementations from WhatsApp to Skype chat.

However, of the available encrypted messaging options only Signal Messenger is open source. Facebook claims that WhatsApp uses the Signal Protocol but there is no way to guarantee it's actually working, or that it hasn't subsequently backdoored it.

To keep a long story short, try to use Signal Messenger whenever possible. It only has two weaknesses, namely that:

  1. it's centralised, meaning there's a single point of failure in the Signal Foundation's servers; and
  2. it requires a mobile phone number, which may not be practical for some people.

If either of those two weaknesses are a major issue for you, consider using Element, which provides end-to-end encrypted chats over the decentralised, federated Matrix network.

Social media

There's no good answer here. All of the mainstream networks - Facebook and Instagram, Twitter, SnapChat, TikTok, WeChat - are in fact advertising companies masquerading as social media platforms. They don't charge you anything because you're the product, not the client. Privacy is non-existent on these services so other than abstinence, there's no easy way to avoid having all of your information gobbled up by them.

While you could sign up for an account on the Fediverse, good luck convincing anyone to join you (incidentally I run my own Pleroma node).

All I can say here is that if you must use the likes of Facebook and Twitter, at least use an open source client on your mobile such as Twidere or Frost for Facebook (the latter requires F-Droid, an app store containing only free and open source software on Android), which will prevent these companies from listening in on your microphone and harvesting everything else you might have on your phone.

Podcasts

I use AntennaPod, an open source podcast manager that can index podcasts from all of the popular websites or RSS feeds.

Note taking

For mobile and desktop note taking I use Standard Notes, which is open source and end-to-end encrypted. It's simple but does the trick and will automatically sync with all of your devices.

Web browser

The best of a bad bunch is Firefox with the uBlock origin add-on (make sure to also check the option to prevent WebRTC from leaking local IP addresses). I say a bad bunch because Firefox has been horribly mismanaged by the Mozilla Foundation, which for whatever reason prioritises myriad of side projects at the expense of its most important product, Firefox. Even if you wanted to donate specifically to improve Firefox, it goes into general revenue so there's a good chance the Mozilla Foundation will instead use it to increase its CEO's pay or finance some whacky side project, such as the creation of an AI division.

VPN

You should use a VPN whenever it's convenient to do so. The most important features are that it doesn't keep logs and is based in a country that you do not reside within. You generally get what you pay for with a VPN and I'd recommend the Sweden-based Mullvad (or if you use ProtonMail for email, bundle it with ProtonVPN).

Have a Happy New Year!


Issue 92

Neobanks, SolarWinds and the US Army

Delivered on 21 December 2020 by Justin Pyvis. About a 3 min read.

Is this the beginning of the end for the so-called neobanks? Australian neobank Xinja last week closed all of its bank accounts, issued refunds and handed back its banking licence. It was burning cash trying to acquire customers but didn't have anything to sell them. Sounds like a bit of a Ponzi:

Corporate documents, obtained by The Age and The Sydney Morning Herald, show Sydney-based firm Grant Thornton ceased to be Xinja’s auditor in April, with its last financial statement warning the neobank temporarily breached its minimum capital requirements.

Grant Thorton said Xinja’s cash flow relied on “injections of additional capital” to maintain a buffer above Australian Prudential Regulation Authority’s requirements to continue operating lawfully. The report also noted the group needed to cut costs and expand products to stay afloat.

“Should the above transactions or assumptions not materialise, there is a material uncertainty whether the group will continue as a going concern,” Grant Thornton’s auditors warned.

Seven days later, Grant Thorton ceased to be Xinja’s auditor and was replaced by big four auditing firm PwC.

I know words like 'neobank' tend to get people excited but there's really nothing 'neo' (new) about them, other than the lack of a physical branch. It would be like Amazon branding itself a 'neoretailer'; i.e. pure marketing BS. In their current form, neobanks are just boring old banks. End of discussion.

That's not to say neobanks don't exist. But they're being built on the blockchain - stablecoins and DeFi, or decentralised finance, are where the neobanks will be. Dressing up the same old traditional banks sans retail branches with some expensive marketing, a decent app and a fancy card just doesn't cut it, especially when you need to offer above-market rates to attract deposits that you can't properly utilise.

Please, use a decent password (manager)

Twice in the past week it was reported that critical systems were "hacked". But it's a generous use of the word - in both cases, it was simply a case of human error. Namely, using a sh***ty password.

First there was Donald Trump's twitter account, which was kind of a big deal because it's how he conducts everything from diplomacy to policy:

Dutch prosecutors have confirmed that Donald Trump’s Twitter account was hacked in October despite denials from Washington and the company, but said the “ethical hacker” would not face charges.  The hacker, named as Victor Gevers, broke into Trump’s account @realDonaldTrump on 16 October by guessing the US president’s password, Dutch media reports said... Gevers, 44, disclosed the hack immediately, saying the password he guessed was “maga2020!”, referring to the Trump slogan “Make America Great Again”.

Next up was the SolarWinds breach, a US company that "develops software for businesses to help manage their networks, systems, and information technology infrastructure". It turns out SolarWinds does a lot of work for, and has a lot of access to, the networks of key US government bureaucracies including the Treasury, Department of State, Department of Commerce, Department of Energy and even the National Nuclear Security Administration.

The "hack" occurred because SolarWinds used the super secure password solarwinds123 (yes, all lowercase), which once discovered allowed the attackers to push an update to their clients loaded with malware, in many cases granting them full network access.

Insanity? You might think so. But if you've ever worked in a large organisation or government entity, stupid passwords are the norm. Rather than requiring a password manager, hardware token or two-factor authentication (or some combination of the three), management at these organisations - themselves technically illiterate - seem content to use the default Microsoft corporate security policy, which amounts to forcing people to append their stupid password with an ever-increasing number of digits every few months.

Microsoft, by the way, is also a big client of SolarWinds.

Speaking of slow moving organisations...

It took the US Army nearly a year to develop a... cloth face mask. Apparently that was a good effort - it was accomplished on an “expedited timeline”.

U.S. Army soldiers will soon be wearing a new face mask designed to protect them from COVID-19. The Army developed the Combat Cloth Face Covering (CCFC), which is visibly no different from commercial masks designed and brought to market within days of the pandemic, on what the service calls an “expedited timeline.”

But the glacially slow development is yet another dysfunctional procurement program from a service that takes years to purchase something as simple as a handgun.

You could not make this up. Meanwhile, “[private sector] clothing designers and personal protective equipment manufacturers quickly came up with designs that were immediately put into mass production. Within weeks, millions of people worldwide could easily obtain effective masks”.

I sure am glad the military has nothing to do with vaccine development.


View more