Updates from cqwww Toggle Comment Threads | Keyboard Shortcuts

  • cqwww 11:41 pm on September 17, 2019 Permalink | Reply  

    Spy Game 

    This is your invitation to the spy game.

    Once you’ve paid, and I have your email address, you will receive your first mission. The game starts next week in Vancouver, so will exist in physical space there initially. If there is someone else who’s a member in your city, the game will likely move to physical space, otherwise your missions may mostly consist of online actions in the interim.

    You will get at least one mission per week, each one with the intention that it will be related to another action or mission needed in the future. This is a dynamic game that will be managed based on your actions, previous actions, and your consistently improving skill level.

    So the only question now is, will you accept the challenge, agent?

    You can either subscribe ($20 USD/month) via paypal:

    or send 0.02 bitcoin to 16zD58dCHH2ASx1oEVbpyPSZNJHWykXBUw and email [email protected] with the transaction ID to get a bonus mission in your first month, and you will be subscribed for a year.

    Not so fine print: The game could end at any time. No refunds. Myself and my company that is hosting this game is not liable for any issues that occur during the game. My intention and hope is this game goes global, and does not end, that would be amazing.


    There is someone else in your city involved, they need a way to speak with you.

    Acquire a USB stick, and hide it in plain sight. It could be in a tree, or between bricks in a wall, but it should be somewhere secure, and easy for you to access, but most people will walk by it and completely miss it. You likely will want to glue in place for many future uses.

    Note: Any messages you receive on this device in the future could be from an enemy, or an imposter. Someone could install a virus on this USB stick, so whatever you connect to it in the future could be hacked, so take all necessary precautions.

    (if someone is in your city, this likely your first mission)

    MISSION EXAMPLE 1 (digital):

    Enter the konami code on this Bank of Canada website. There was a city named after the composer of the song you will hear — find out which city that is, and where it’s located. The next mission will begin in this city.


    Someone else has entered the game, but they don’t know how to reach you. You need to leave them instructions by Thursday at [hotel front desk] for [fake name] with the co-ordinates of your USB stick. They could be malicious, so don’t reveal your real identity or your virtual identity in case you don’t want them to know you, and they could install a virus on your USB stick, so be careful.

    The hotel is not involved, and they don’t anticipate your note, so you’ll have to sort that out through social engineering.

    MISSION EXAMPLE 2 (digital):

    There was an enemy spy spotted via satellite in this park, who then ran across 6 train tracks and ran into the nearest coffee shop. They ran through the coffee shop, and as soon as they go out the other side there was a bus arriving that they quickly hopped on. Find the unique number of that bus stop and email it to your handler, so they can determine likely exit points for the next mission.

    • cqwww 12:10 pm on September 11, 2019 Permalink | Reply  

      Meeting schedulers 

      We often need to schedule meetings, and it can be a lot of work to organize a time that works for multiple people. Here are a few solutions I’ve found. Note that while these all offer a free option, chances are high they are logging the name of your event and participants and that information could be shared or sold. Also make sure you’re using a privacy centric browser, to block any third party privacy trackers.

      The first one worth checking out is called x.ai, which uses AI, and multiple platforms, it’s called x.ai.

      The other notable players:

      Old school interfaces:

      • cqwww 2:08 pm on August 25, 2019 Permalink | Reply  

        Redefining nerds & geeks 

        I think we need a new term for nerds. Nerds & geeks are still derogatory terms, even if said tongue-in-cheek and using them justifies people not learning or remaining ignorant. We need a term that suggests it would be bad to not be someone curious and always learning.

        We need to make wilful ignorance and dogma the derogatory terms.

        • cqwww 11:42 am on August 19, 2019 Permalink | Reply  

          The butterfly effect on the election systems in Georgia 

          If you recall my articles on whowhatwhy.org last November on the state of Georgia’s election systems, there’s an exciting update:

          “U.S. District Judge Amy Totenberg’s order on Thursday prohibits the state from using its antiquated paperless touchscreen machines and election management system beyond this year. She also said the state must be ready to use hand-marked paper ballots if its new system isn’t in place for the March 24 presidential primary election.”

          It’s worth a reminder that Georgia’s governor Brian Kemp, who barely won, refused to have the election systems which appeared to have many vulnerabilities, audited before the election — because he was also the state’s top election official at the time he was running.

          The article also mentions my friend Harri Hursti, who is the person to go to if your government wants an election system audit.

          • cqwww 12:24 pm on August 8, 2019 Permalink | Reply  

            Bitcoin exchanges in Canada 

            This is not an endorsement, but a running list of Canadian cryptocurrency exchanges. There are other exchanges like Coinbase and Kraken that serve Canadians, but they are not Canadian. Here’s the list:

            A couple others, but that have had many reported issues, so tread carefully:

            • Coinsquare will lock you out of access to your funds if/when your account crosses $10k CAD until you provide them even more KYC, and enable 2fa.
            • einsteinexchange it is not uncommon to have to wait weeks, or even months for a transfer. User beware, read the forums first before considering here.
            • cqwww 11:28 am on July 21, 2019 Permalink | Reply  

              Handling sexism and racism from those in poverty and addiction 

              I just read an article by Ian Young in the South China Morning Post called “On a sunny Vancouver afternoon, he called us ‘the g-word’ and told us to go home” which introduces the narrator, and the reader, to the experience of reacting to being told they are not wanted, as well as handling hostile behaviour.

              For those reading it not in Vancouver, the area he speaks about this is a lot different than where I live — in the heart of Chinatown, where I hear these types of things almost daily, and I’m perpetually torn on how to react. I don’t say that to suggest my experience is worse, I’m a middle aged white guy — I’m writing this with privilege and empathy.

              Chinatown, where I live at least, is a few blocks away from the epicenter of poverty and addiction in Canada, the downtown east side.

              I witness people in poverty and addiction yelling racist and/or sexist inappropriate comments almost daily. Yesterday I witnessed an Asian woman get pushed to the ground. When a woman or an Asian person is walking alone, and crossing paths with someone who is mentally unwell, it is common for me to observe or hear something that makes me want to intervene, but I often don’t.

              There are a few reasons I don’t, but I’m open to suggestions. The first one is that my intervention is likely to escalate the issue just by intervening, compounded by my lack of skills in de-escalation, it’s hard not to let emotions over ride, which is what the vulnerable person is seeking — a little taste of power and control, where they live a life as vulnerable.

              Another action I could take is to call the police, but even with an assault, such as the one I witnessed yesterday, the police surprisingly happened to be on the block I was on, so they were forced to join the scene and quickly interact, just enough to de-escalate the tension and then walk off within 2 minutes of the assault. As soon as the police left, it re-escalated. Not to fault the police — what would it take of their time to press assault charges, based on the word of mostly homeless and addicted observers.

              As a result, the tensions continue, the less safe, or in the least the less welcome my Asian and female friends feel walking alone in the neighbourhood, and I’m not sure what we can do to resolve the issue.

              I am still convinced it needs to be done with compassion, and empathy, as no one who is happy with themselves needs to make another feel unwelcome.

              For anyone who identifies as even slightly empathetic, this is a good check in with your capabilities on maturely handling your emotions. Receiving such feedback from someone who is intoxicated, or suffers from mental health & addiction is not unlike receiving it from a child. Choosing to react to it, letting it get to you, or escalating the issue, would likely do nothing productive other than satisfy the antagonist.

              • cqwww 7:50 pm on July 15, 2019 Permalink | Reply  

                Privacy centric browser setup 

                I’m often asked for tech tool recommendations that I use, that are privacy & security minded. If you ever have such a question, don’t hesitate, I love to be of service.
                My browser setup hasn’t changed for years:
                I use the latest version of Firefox as my browser. One of the features, and risks, with modern browsers, is that they allow people to install plugins. It’s worth noting that if you install a browser plugin, the author of that plugin can see every single website you visit, so you really need to trust your browser plugin authors, so install them with caution.

                I’ve chosen to trust 4 browser plugins, the first three I recommend to everyone reading this:

                While you’re reading up on browsers, there’s a lot of misconception about “Private browsing mode” in Firefox or Chrome. The only thing this mode does is remove your tracks from your spouse or other people in your house. If you want truely private browing — say for example you’re looking up a health diagnosis for yourself, or something really sensitive, there’s only one browser option and that is tor browser, which is a highly modified version of Firefox that does onion routing. This is what you would use if you want no evidence of your tracks from your internet provider, or the website you’re visiting.

                If you’re using firefox without tor, even with these plugins, note that your ISP and the website you are going to are monitoring, logging, and tracking you the best they can by logging your digital fingerprints.

                • cqwww 11:49 am on July 9, 2019 Permalink | Reply  

                  Personal Information data is a liability 

                  Most businesses are still in the mindset that they should collect data for big data sake — some day it’ll be valuable. More unscrupulous businesses sell or share your personal information, without your knowledge or consent.

                  I’m writing this for you as a business owner to consider how much of a liability it is for your organization to collect personal information.

                  The most notable starting place is your privacy policy. This applies mostly to online businesses, but you likely have to comply with jurisdictional privacy laws such as Canada’s PIPEDA or the EU’s GDPR. In order to maintain compliance, you must document exactly what personal information you will be collecting, using, and disclosing. Every time you start to collect more information, use it differently, or disclose elsewhere, you need to obtain the consent of your users.

                  Imagine for example, that someone on your web team decides to install a simple tool like Google Analytics to collect information on your website visitors. Seems innocent enough, but now you’re collecting more information on your users than you were before. You’re likely also disclosing that information to a 3rd party, and if you’re not an American company, you’re disclosing personal information to a 3rd party foreign entity.

                  Another example will be in the increasing global financial anti-money laundering (AML) and counter terrorist financing (CTF) surveillance regime. Under the new FATF guidance, a notable change appears where suspicious transaction reports (STRs) are going to require a lot more information — if you collect it. This will likely include a person’s alias, IP address and, notably, the source of funds — again, if you have it. These new changes will also add virtual currencies into the compliance regime.

                  Compliance and regulations are great examples of where personal data is a liability, but I don’t think there is any greater example than privacy breaches. Companies get hacked every day. Most companies are trying to build their own Identity Management (IDM) systems, that meet all of the compliance requirements. Building such a system is not easy, so if your main line of business is not this specific area, consider finding someone who can help you out with this. How much would a privacy breach impact your company? IBM states that as of 2018, it’s $148 USD per person, with the average breach costing a company $3.86 million.

                  What would it take to build a system that companies/vendors/apps wouldn’t have to care about privacy breaches any longer, in that the identities of their users in their systems were not their real names?

                  I haven’t been able to find a platform that will 100% respect my autonomy, giving me full control of my personal information, allowing me to be fully anonymous to all third parties I interact with, while simultaneously maintaining compliance for all applicable laws and regulations. We’re starting in Canada, which means privacy law compliance, FINTRAC (AML/CTF) etc. And on top of that, one where I don’t have to care about privacy breaches any longer for any of them systems I use.

                  As a result of this thinking, I’ve started to bring together a team, and we’ve started to build out a platform called IPVPN.ca — a VPN for your identity. If you’re interested in our offerings, please reach out — [email protected].

                  If you’ve been reading this blog for a while, you know I never make asks, but in this case, if you’ve found value in anything I’ve offered, I could use your help. This could be just by asking me more questions on how to protect the personal information of your users, that’s my passion. If you’ve got some financial resources, we could use your financial investment. If you’ve got some time, skills, and passion, join us! If you can help us get the word out, it would be appreciated.

                  We need to collectively as an industry, a work force, and a digitally connected world start to consider the repercussions of not protecting personal information. It always starts as what appears to be convenience in exchange for privacy, but you will quickly see it’s an asymmetrical data exchange — which means one side becomes more vulnerable, and the other, the predator class.

                  • cqwww 3:50 pm on June 5, 2019 Permalink | Reply  

                    Legal Bitcoin ATMs are not ideal for money laundering 

                    This article is written in response to an article by The Star which alleges “Vancouver considering a ban on Bitcoin ATMs — which police say are ‘ideal’ for money laundering“.

                    I’d like to note that it’s irresponsible journalism to continue printing off press releases without scrutiny or investigative journalism, it’s no wonder print is dying.

                    As for the subject matter at hand, we should start with definitions.

                    Blockchain is the underlying technology behind most cryptocurrencies. Bitcoin uses a blockchain, but there are many types of blockchains that do different things, including things other than cryptocurrency, such as binding smart contracts (a digital version of a legal contract). Cryptocurrencies refers to the entire family of bitcoin, and all of altcoins, of which there are thousands. Bitcoin is one cryptocurrency, and that which is available from most of our local ATMs.

                    It is true that cryptocurrencies can, and are used for nefarious purposes. Bitcoin has a reputation of being anonymous, but this isn’t true technically, or legally. It can be used pseudo-anonymously at best, if an ATM owner chose not to do Know-Your-Customer (KYC) and to do that, would be doing so illegally.

                    To operate a legal ATM, you have to be in compliance with both anti-money laundering (AML) and counter-terrorist financing (CTF) rules. This includes all sorts of rules, such as being legally obligated to report any large cash transactions, or even any suspicious transactions, to the federal government.

                    On top of that, it’s worth noting that most of the ATMs have a hard limit of $1000 CAD per day. If someone appears to coming close to this every day, that would be reported, as structuring.

                    This hopefully explains that since the first Bitcoin ATM ever was placed here in Vancouver, all of the ATM owners have to comply with some of the strictest reporting rules in the country — to ensure they’re not being used for the purposes that Vancouver’s mayor and the police are irresponsibly reporting.

                    Perhaps someone could ask the Mayor, and the police, to provide some evidence to validate their assertion. In the meantime, maybe they could focus on real estate, casinos, and pathways that are proven (with ahem, evidence!) to be related to money laundering.

                    • cqwww 6:45 pm on May 22, 2019 Permalink | Reply  

                      I just saw my first scalped person. 

                      Trigger warning: Not a story for the faint of heart.

                      Walking home through the DTES just now, hundreds of people high, or drunk, passed out, or racing to their next fix. This is all in a 4 block radius, 24 hours a day now. I noticed 3 firefighters talking someone through to standing up, I’m not sure if he was an overdose, or unconscious before I arrived, a standard occurrence, but as I approached he was yelling and swearing that he refused service, and started to walk, or rather stumble, away from them.

                      In B.C, if you’re conscious, not threatening harm to yourself or others, you can refuse medical treatment, and so the three firefighters stood there in amazement as he left and I didn’t know why.

                      But as I walked behind him, I quickly realized why they stood silently, watching him leave. He was freshly scalped. Imagine if you will, someone with long hair, except a reverse mohawk. The notable difference is that the top of his head wasn’t bald with skin as you might expect, it was blood and skull that was visible. I’m not sure if someone literally ripped the top of his head off moments before, or how it might have occurred, but I do know that someone needs to start doing something.

                      Vancouver’s DTES is in a crisis, and very little is being done, other than choosing to let the crisis persist.

                      • cqwww 6:22 am on May 9, 2019 Permalink | Reply  

                        Hacking Strength 

                        If you know me, you know that I’m curious, and love to hack all of the things. I use the term hack in the original sense, not the mainstream media version.

                        Most people start and stop exercise regimes because they over exert, which creates anxiety. The trick is to find your psychological flow state (including all aspects of your life, including work!). While you need to go above boredom, you want to avoid anxiety.

                        Joe Rogan and Firas Zahabi on consistency over intensity in training

                        I got really excited when I found Matt’s Hacking strength: Gaining muscle with least resistance, which if you’re going to go anywhere, leave this article and just read through that. The big take away for those just starting out is just to go 30 minutes of bodyweight exercises, 3 times a week — the intention is to create a habit, not to over exert yourself.

                        • cqwww 10:05 pm on April 15, 2019 Permalink | Reply  

                          The step-by-step guide to legally manipulate the 2019 Canadian election 

                          First, I feel obligated to reference the following quote, as I do when I teach someone how to pick a lock:

                          If a lock, let it have been made in whatever country, or by whatever maker, is not so inviolable as it has hitherto been deemed to be, surely it is to the interest of honest persons to know this fact, because the dishonest are tolerably certain to apply the knowledge practically; and the spread of the knowledge is necessary to give fair play to those who might suffer by ignorance.
                          — From A. C. Hobbs (Charles Tomlinson, ed.), Locks and Safes: The Construction of Locks. Published by Virtue & Co., London, 1853 (revised 1868).

                          Second, I feel obligated to say this is not serious advice, or intended as an operating manual, but it’s intended to demonstrate how easy it would be to manipulate the Canadian elections this year.

                          Third, while I am associated with a political party, I would go under oath stating that I have not participated in any of these steps for them, or myself as a candidate, even knowing that I could.

                          OK so here we go. The biggest loophole to winning the 2019 Canadian elections is to realize that Canadian political parties are not bound by Canadian privacy laws. This is important, as laws like PIPEDA that govern the collection, use, and disclosure, of Canadians personal information, is governed by the Canadian federal privacy commissioner.

                          As an aside, this law isn’t really respected by the private sector today even though it is regulated, as the commissioner doesn’t have order making power even if you are guilty of violating privacy laws — and most relevant, there are no repercussions of consequence. Things are even worse in the public sector in terms of lack of repercussions, but let’s get back to the political arena for today’s post.

                          So the first thing to do to win the Canadian federal election is to register a Canadian political party. Shout out to anyone who registers the “Canadians hacking the election party” or “Canadians legally violating privacy party” to make even more obvious and tongue-in-cheek. Once you have a political party, you are ready to start legally collecting Canadians personal information.

                          As another aside, even if you don’t go any further in terms of the steps below, you can now collect, use, and disclose any information on Canadians you want, and the federal privacy commissioner can’t do anything about it as you’re out of his jurisdiction! You could have access to a database of Canadian’s mental and sexual health, and be selling it on the black market, and as a political party, I don’t see anything that could be done to you. It should be obvious at this stage that the federal privacy commissioner should have jurisdiction to investigate any/all political parties, and on top of that, the ability to administer strict and real penalties for privacy violations. Back to this year’s election:

                          So now you have your privacy law exempt party, and you need to collect some data. The easiest way to do this is to buy it, so you’ll want some money. Think of any government, company, or person who might want full influence with the next political party in power — reach out to them. There are a lot, this should not be challenging with a little creativity. I would say 10mm is an easy low number (in terms of taking control of a country like Canada), but obviously the higher the better. It should be no problem if you send them this article, and the laws haven’t changed by then.

                          So now you’ve got a privacy law exempt political party, 10mm, and are ready to start collecting data. You have to remember, there’s no one that can investigate you today in terms of privacy law, which governs the collection, use, and disclosure of Canadian’s personal information. This means you can ask anyone who has access to any database of Canadians, the bigger the better, and you could offer to pay them for a copy.

                          In the last 5 years, I’ve had a data management head of one of the top 3 political parties tell me he was “given” a health related database. I asked him what he would do with, and he shrugged, “merge it with the rest of our datasets and see how it can help micro-targeting”. This should demonstrate every step in this article has been used by someone, in some capacity, and I expect that each of these steps to be fully utilized over the next few months.

                          We’re headed into the election cycle shortly, so you don’t have much time here, collect all of the data sets you can. Merge them. Sanitize them. Sort them by address.

                          Now is where you prepare your social media strategy. This is where the story of Christopher Wylie and Cambridge Analytica comes in. What they needed to be able to accomplish their goals was an understanding of what the different target demographics of a voter look like.

                          I don’t know the full details, other than speaking to Chris once or twice on this issue, aside from seeing him speak, and what I’ve read online, so this is a mixture of what I recall was done, and what I think should be done.

                          You launch some machine learning (what most people incorrectly call AI) chat bots, to start to create, and infiltrate as many discussions as you can. A basic example would be to start a conversation on anything that raises emotions in Canada, such as a gun registry, abortion, or immigration. It’s pretty easy to guess which side of the political spectrum you’re on based on that. In fact, even if you skipped by the “buy all of the data” step above, collecting data this way would still be quite effective. The power you will have from using machine learning on this data is you can start to see unexpected topic areas based on region. For example, the BC NDP endorse subsidies for LNG/Fracking, where as the AB NDP endorse oil/gas/bitumen/pipelines. That’s at the provincial level. Once your machine learning discovers this, you would prepare different ads and messaging for NDP supporters in each province as a result. “Big data” allows you take this macro concept and break it down into micro-targeting.

                          Micro-targeting means instead of provincial level political beliefs, you could know the hot topic areas of your street, your apartment building, or even amongst a certain friends or family group. This data collection over the next few months is invaluable in two contexts. One is to score every voter, which requires you to know how political parties work. The other, is to now create communities.

                          Whenever a politician canvasses your door, unless they’re new, they’re not there to chat, they only want to know how likely it is you’ll vote for them. For simplicity they’ll give you a score from 1-5 after speaking with you, but each party does is differently. 1 would be that you’d never ever vote for that politician, 2 is likely not, 3 is unknown, 4 is a maybe, and 5 is absolute yes. Why this is done, is so that on election day, each political party starts with their 5s, and makes sure they get to the polls, even offering rides, once that list is gone through, then they go down through the 4s, etc. Until this generation, all of that was done at the door, but with the ability to access application programming interfaces (APIs), as well as website scraping, tools can be written to collect this data at scale. If you don’t have someone knocking at your door this election season, you’ve likely already been scored.

                          The other thing that can be done with this data, and if I recall correctly, this is what Mr. Wylie and team did that was novel. They started to create real communities from digital ones. For example, if I saw that all the people with my political leaning in my neighbourhood were passionate about opiate addiction (We are! 43 overdoses last Friday alone, no joke!) and gentrification, I could start or join an online social group and start talking about these different issues. Now, I wouldn’t make it obvious it’s for a political party, instead it would appear just to be a group of like-minded people who think the same way I do about the same topics. This strategy goes even deeper, and this is what I’ve never heard being done before Mr. Wylie. At some point, he and his team were able to move these digitally created communities of like-minded people, many who didn’t even realize this community was created for political alignment, and he would arrange a physical meetup in the real world. This would have to happen after a certain scale to not be detected, that the event was created by a robot. Let’s say once a community of +1000 people existed, using a pseudonym, he could create an event at the local coffee-shop and say “Let’s talk about these issues that matter in this neighbourhood!”, and no one would realize that the event organizer might not have even been there as the event and group were digitally created!

                          Once you get people in a room talking about passionate topics, in the heat of an election cycle, you’ve activated a machine — or in this case, +100s of groups of people.

                          At that point, you have your data team actively engaged on the digital side of these chat groups, not just in collecting all of the data, but dynamically steering the narrative towards the hot topics at that part of the election cycle that resonate with your voting demographic.

                          It’s also worth noting which mediums are used by different demographics. For example, if you’re looking at +40 year old right leaning Christian Conservatives, that’s a demographic that’s likely still more accessible on traditional television, as opposed to the ‘gram.

                          The ability to shape, and more importantly to create, communities in the digital world is what Mr. Wylie credits to getting Trump elected, and Brexit/Leave.eu’s success.

                          With online advertising, you can now micro-target. This means you could create a Facebook or Google ad that says “We promise electoral reform” which would resonate with me, but you could target women 18-27 in my building with an ad linking to the woman’s right section of their political platform, and a different ad to the people on the top floor talking about airplane noise policy. Being able to micro-target to sway opinion will be huge in 2019, for those with the resources to do so.

                          Even if you don’t follow these instructions, after reading this you will start to see ads that are micro-targeting you, so be aware of them. Anything your friends or neighbours think about SNC Lavalin today, will likely affect the ads you see tomorrow, as we tend to live in echo chambers digitally, and in the real world, sadly. This is one of the challenges in this politically polarized climate, the more passionate you are to the right or the left, makes you more vulnerable to micro-targeting.

                          That’s about it! On election day, you’ll have swayed opinions, created new communities, and you should have almost every voting Canadian in a database, with a rating from 1-5. On the week before election day, create an ad asking the 4s and 5s if they want a ride to their nearest polling station, and work your day down to the 3s and even 2s after that. Your goal is to get as many of your strong voters to the polls as possible.

                          Good luck, and remember me and this advice when you’re in power for the next 4 years!

                          This may sound far fetched, but I’ve already been told I could make 6 figures over the next 6 months if I help a certain top 3 political party with their campaign. Every data expert with real capabilities you know, is likely to be asked to help.

                          I have several recommendations on how the government can minimize or stop this from being possible, as well as how to minimize the impact of your being manipulated as a voter if you want to reach out, otherwise I’ll save those thoughts for another article.For further reading:

                          For further reading:

                          compose new post
                          next post/next comment
                          previous post/previous comment
                          show/hide comments
                          go to top
                          go to login
                          show/hide help
                          shift + esc