Things To Watch In 2015

If 2014 was the year of security breaches, I believe 2015 may well be the year security and privacy catch up with our needs.

There are three things in the pipeline that look promising for 2015, but first, you might be wondering something...

Politics Blog?

You may not have noticed, but this is a blog posting under the Politics tag.

Predictions for the year ahead about technology are not, generally, classified as political posts, so I will take a moment to explain why this post does not follow the norm.

Over the last few years we have learned that governments and secretive departments have been spying on us, weakening security, and assassinating and silencing people.

The 2014 (31st) CCC (Chaos Communications Conference), commonly shortened to 31c3, had yet more news about the NSA and Snowden, and I am currently watching the just posted Security Now 488: The (In)Security of 2014 (TODO: Add hyperlink).

The design of this site means I am restricting each article/post to a single category, and a single tag. Although this post would be suitable for Security Articles, the style of writing is more akin to a blog posting and the subject matter is likely to include references to political issues (well, it already has - the spies).

As these predictions are related to security and privacy, politics obviously comes into it. So, here are my predictions for 2015...

SQRL

SQRL is "Secure QR code Login", and pronounced "Squirrel". It is a way to authenticate to a Web site without the need for a username or password.

I expect to see uptake of it as soon as smartphone clients are around for the major (iOS/Android) mobile operating systems, just like happened with OpenID logins.

One of the major advantages will be that it will allow the possibility for pseudo-anonymous commenting on a Web site without having to supply personally identifiable information (although I expect most sites will continue to require PII).

The reason why I expect to see uptake is because it is simple. See code, scan it on your phone, tap to confirm you want to authenticate to the encoded domain, logged in. Unlike early adopters, I need an iOS client before I dabble with it. With Steve Gibson saying an iOS client is in development, and a demonstration of SQRL (although probably not using iOS) is a couple of weeks away, I expect to be testing it in the next month or so.

As a lot of the large data breaches in 2014 have involved usernames and passwords (among more sensitive information), implementing something that does away with the need for passwords (and thus removing the possibility of password reuse) is something that I think security conscious people will be keeping an eye on.

Let's Encrypt

As someone that extensively uses free TLS certificates, the ability to create domain-verified certificates quickly and easily with a Certificate Authority that is widely trusted is something I think will have huge potential.

Again, Let's Encrypt also sounds simple because the complex need-to-know stuff will likely be done behind the scenes unless the person wanting to encrypt a Web site wants to do something a bit more customimsed.

For example, at present every time I create a CSR with StartSSL I have to wait for it to be manually authorised. If an API exists that allows near instant creation of a TLS certificate, for free, signed by a CA that is widely trusted, it is something that I will likely use.

I expect if it is as simple as it purports to be then more sites will have encryption enabled as a result, although there will undoubtedly be the issue of browsers that don't support SNI.

heml.is

Hemlis means "Secret" in Swedish

Hemlis is a messaging app that is currently in closed beta. As with SQRL, I am waiting for an iOS app to be available (i.e. not beta) before testing it.

One thing that may aid in adoption among those that message me is the fact that some of them use iOS and that the combination of me moving my e-mail to different domains and my mobile number to a modem (specifically so I can relay SMS messages to/from my mobile) means it is now pretty much impossible for those that know how to contact me to do so using iMessage.

Without iMessage, that means texting me may cost money. This is where things fall down because most people I know have not opted to go down the pay-as-you-go (PAYG) route for mobile phones nor dove in the deep end (a swimming anology from a non-swimmer?) and switched mobile network (for the SIM in their mobile) based on a guesstimate that shows at best they will be spending the same as previously.

Alas, because text messages are typically included in pay monthly mobile plans the "cost" of sending me text messages a few times a month at most probably won't entice anyone I know to switch to Hemlis. Although I could try to force them by making a claim like "I will only communicate by text using heml.is" my ported mobile number will still receive text messages because that is the reason I kept it - to receive messages from those stupid companies that require you receive SMS codes/messages.

Other 2015 Predictions

As much as I'd like to make predictions for the year ahead, such as the Tories staying in power being about as likely as the Bodymedia Core 2 being released (or Half Life 2: Episode 3, or is that Half Life 3 now?), or what the weather is going to be like, SIP and IPv6 adoption, iNum reachability, et cetera, I don't see any point.

I am just going to stick with what I believe has a good chance of happening in the year ahead. Bitcoin price, broadband speeds (a Virgin upload speed boost, perhaps?), vulnerabilities found and exploits discovered... one could make an educated guess about these sorts of things, just like you could about flooding.

SQRL, Let's Encrypt, and Hemlis. Those are the 3 things that I believe have potential for 2015, although I could be way off. But there is a general election, so I suppose I could look at it this way: my predictions are dependant upon the public thinking in a similar way to me about privacy and security, in a not so different way to political parties relying on the public thinking like they do. Given that the EU public didn't appear to feel anything about the upcoming restrictions on electronic cigarettes, however, I am probably going to be way off on how the public think.

Actually, I change my mind. The general public will think like the spies and politicians want them to think, and 2015 will be the year they line up for brain implants that rewire thinking patterns. We are probably reaching the point where there are three groups of people. Those that say what we should think, those that say we should become like them and think how we are supposed to, and those of us that think we should stop believing everything being spoonfed to us.

Standing Up For Those We May Disagree With

There is one problem if this is the way we are heading, however, and the likes of Anonymous, Lulzsec, et al is possibly some evidence of this. When your thought patterns don't completely disagree with the "bad guys", even though you may disagree with their methods, whose side are you on? What group are the spies classifying us as?

A couple of weeks ago I filled in two questionairres for my psycholgist that deal with AQ (Autism Spectrum Quotient) and EQ (Empathy Quotient). Now, I was probably answering the "difficult" EQ questions in the wrong way by using logic and deduction, and the fact there was no "neither" or "don't know" answer (strongly/slightly agree/disagree) meant I slightly disagreed that seeing an animal that looked like it was in pain made me sad (looking like it is in pain does not necessarily mean it is in pain) and that I slightly/strongly (can't remember) disagreed that I would never break a law no matter what.

Law Abiding?

That second answer is the one I wanted to highlight, but feel the other question may show my actual thought process (on the third attempt at answering the "difficult" questions). If a law is irrational and does not make sense, would I break it? It is possible. I probably have unknowingly broken archaic laws still on the statute books because of ignorance (which is supposedly no excuse).

Would I break a law if I disagreed with it? In all liklihood I would use a loophole to get around having to comply with the law. If the rich can do it, why can't I? Take, for instance, the Tobacco Products Directive (as renamed). I have stocked up for when the e-liquid nicotine strength limits come into force (whenever that will be). As for privacy, security, and surveillance...

What I write on the Web is limited by the restrictions in what is permitted speech (technically, the permitted exceptions to freedom of expression in the European Convention of Human Rights). Now, one might be surprised given the EQ score I got that I have a low level of "empathy", yet have strong morals. Like freedom of speech, I cannot explain what my moral code is, but the two would be entwined were I to write a thorough article on them. In fact, I have probably exposed some of them in my still-to-be-ported differences of opinions to the English Democrats et al.

So, my moral code and "expression" are linked. The reason for the quotes around expression is that I have great difficulty expressing feelings however I can at times express my thoughts in writing - expression without expressions in the form of written speech? Meh. Anyway...

I may have posted a lot of tweets, but I have probably not posted more than have actually made it to twitter. I have deleted some after posting them because of typos, errors, or the occasional bad judgement. The problem with insomnia/circadian rhythm disorder is that most people should not write things when tired yet I am almost always tired. So if I get annoyed, I may well express myself in a way I would not were I moderating everything I post online.

The fact of the matter is that most of the time my moral code means I stop myself from posting things. There have been times where I have dreamt something or had a thought and almost posted something but then thought better of it because it might be misconstrued as a comment on a current event or disaster. I'm fairly sure I have posted some tweets that I have given myself clues how to decode at a later date that have since gotten lost in all the noise, but that is generally how I would approach posting something - redact/obscure and leave a breadcrumb trail of thought processes so I may (hopefully) later reconstruct the originally intended tweet.

This is a rather long tangent already, so I will end at this: the Sony hack. North Korea say they didn't do it, and some experts agree. The US say North Korea did it without any real evidence. Russia believe North Korea. The US and EU (but not Russia) are discussing TISA (a global trade agreement) in secret, with it purportedly being part of the agreement that it shall remain a secret 5 YEARS after it becomes legally binding. Russia say they didn't shoot down MH17, but the US and Germany say they did. I don't think a single country is currently being 100% honest about everything, so who to trust? Trust no one?