Recent Updates Page 2 Toggle Comment Threads | Keyboard Shortcuts

  • cqwww 11:49 am on July 9, 2019 Permalink | Reply  

    Personal Information data is a liability 

    Most businesses are still in the mindset that they should collect data for big data sake — some day it’ll be valuable. More unscrupulous businesses sell or share your personal information, without your knowledge or consent.

    I’m writing this for you as a business owner to consider how much of a liability it is for your organization to collect personal information.

    The most notable starting place is your privacy policy. This applies mostly to online businesses, but you likely have to comply with jurisdictional privacy laws such as Canada’s PIPEDA or the EU’s GDPR. In order to maintain compliance, you must document exactly what personal information you will be collecting, using, and disclosing. Every time you start to collect more information, use it differently, or disclose elsewhere, you need to obtain the consent of your users.

    Imagine for example, that someone on your web team decides to install a simple tool like Google Analytics to collect information on your website visitors. Seems innocent enough, but now you’re collecting more information on your users than you were before. You’re likely also disclosing that information to a 3rd party, and if you’re not an American company, you’re disclosing personal information to a 3rd party foreign entity.

    Another example will be in the increasing global financial anti-money laundering (AML) and counter terrorist financing (CTF) surveillance regime. Under the new FATF guidance, a notable change appears where suspicious transaction reports (STRs) are going to require a lot more information — if you collect it. This will likely include a person’s alias, IP address and, notably, the source of funds — again, if you have it. These new changes will also add virtual currencies into the compliance regime.

    Compliance and regulations are great examples of where personal data is a liability, but I don’t think there is any greater example than privacy breaches. Companies get hacked every day. Most companies are trying to build their own Identity Management (IDM) systems, that meet all of the compliance requirements. Building such a system is not easy, so if your main line of business is not this specific area, consider finding someone who can help you out with this. How much would a privacy breach impact your company? IBM states that as of 2018, it’s $148 USD per person, with the average breach costing a company $3.86 million.

    What would it take to build a system that companies/vendors/apps wouldn’t have to care about privacy breaches any longer, in that the identities of their users in their systems were not their real names?

    I haven’t been able to find a platform that will 100% respect my autonomy, giving me full control of my personal information, allowing me to be fully anonymous to all third parties I interact with, while simultaneously maintaining compliance for all applicable laws and regulations. We’re starting in Canada, which means privacy law compliance, FINTRAC (AML/CTF) etc. And on top of that, one where I don’t have to care about privacy breaches any longer for any of them systems I use.

    As a result of this thinking, I’ve started to bring together a team, and we’ve started to build out a platform called — a VPN for your identity. If you’re interested in our offerings, please reach out — [email protected].

    If you’ve been reading this blog for a while, you know I never make asks, but in this case, if you’ve found value in anything I’ve offered, I could use your help. This could be just by asking me more questions on how to protect the personal information of your users, that’s my passion. If you’ve got some financial resources, we could use your financial investment. If you’ve got some time, skills, and passion, join us! If you can help us get the word out, it would be appreciated.

    We need to collectively as an industry, a work force, and a digitally connected world start to consider the repercussions of not protecting personal information. It always starts as what appears to be convenience in exchange for privacy, but you will quickly see it’s an asymmetrical data exchange — which means one side becomes more vulnerable, and the other, the predator class.

    • cqwww 3:50 pm on June 5, 2019 Permalink | Reply  

      Legal Bitcoin ATMs are not ideal for money laundering 

      This article is written in response to an article by The Star which alleges “Vancouver considering a ban on Bitcoin ATMs — which police say are ‘ideal’ for money laundering“.

      I’d like to note that it’s irresponsible journalism to continue printing off press releases without scrutiny or investigative journalism, it’s no wonder print is dying.

      As for the subject matter at hand, we should start with definitions.

      Blockchain is the underlying technology behind most cryptocurrencies. Bitcoin uses a blockchain, but there are many types of blockchains that do different things, including things other than cryptocurrency, such as binding smart contracts (a digital version of a legal contract). Cryptocurrencies refers to the entire family of bitcoin, and all of altcoins, of which there are thousands. Bitcoin is one cryptocurrency, and that which is available from most of our local ATMs.

      It is true that cryptocurrencies can, and are used for nefarious purposes. Bitcoin has a reputation of being anonymous, but this isn’t true technically, or legally. It can be used pseudo-anonymously at best, if an ATM owner chose not to do Know-Your-Customer (KYC) and to do that, would be doing so illegally.

      To operate a legal ATM, you have to be in compliance with both anti-money laundering (AML) and counter-terrorist financing (CTF) rules. This includes all sorts of rules, such as being legally obligated to report any large cash transactions, or even any suspicious transactions, to the federal government.

      On top of that, it’s worth noting that most of the ATMs have a hard limit of $1000 CAD per day. If someone appears to coming close to this every day, that would be reported, as structuring.

      This hopefully explains that since the first Bitcoin ATM ever was placed here in Vancouver, all of the ATM owners have to comply with some of the strictest reporting rules in the country — to ensure they’re not being used for the purposes that Vancouver’s mayor and the police are irresponsibly reporting.

      Perhaps someone could ask the Mayor, and the police, to provide some evidence to validate their assertion. In the meantime, maybe they could focus on real estate, casinos, and pathways that are proven (with ahem, evidence!) to be related to money laundering.

      • cqwww 6:45 pm on May 22, 2019 Permalink | Reply  

        I just saw my first scalped person. 

        Trigger warning: Not a story for the faint of heart.

        Walking home through the DTES just now, hundreds of people high, or drunk, passed out, or racing to their next fix. This is all in a 4 block radius, 24 hours a day now. I noticed 3 firefighters talking someone through to standing up, I’m not sure if he was an overdose, or unconscious before I arrived, a standard occurrence, but as I approached he was yelling and swearing that he refused service, and started to walk, or rather stumble, away from them.

        In B.C, if you’re conscious, not threatening harm to yourself or others, you can refuse medical treatment, and so the three firefighters stood there in amazement as he left and I didn’t know why.

        But as I walked behind him, I quickly realized why they stood silently, watching him leave. He was freshly scalped. Imagine if you will, someone with long hair, except a reverse mohawk. The notable difference is that the top of his head wasn’t bald with skin as you might expect, it was blood and skull that was visible. I’m not sure if someone literally ripped the top of his head off moments before, or how it might have occurred, but I do know that someone needs to start doing something.

        Vancouver’s DTES is in a crisis, and very little is being done, other than choosing to let the crisis persist.

        • cqwww 6:22 am on May 9, 2019 Permalink | Reply  

          Hacking Strength 

          If you know me, you know that I’m curious, and love to hack all of the things. I use the term hack in the original sense, not the mainstream media version.

          Most people start and stop exercise regimes because they over exert, which creates anxiety. The trick is to find your psychological flow state (including all aspects of your life, including work!). While you need to go above boredom, you want to avoid anxiety.

          Joe Rogan and Firas Zahabi on consistency over intensity in training

          I got really excited when I found Matt’s Hacking strength: Gaining muscle with least resistance, which if you’re going to go anywhere, leave this article and just read through that. The big take away for those just starting out is just to go 30 minutes of bodyweight exercises, 3 times a week — the intention is to create a habit, not to over exert yourself.

          • cqwww 10:05 pm on April 15, 2019 Permalink | Reply  

            The step-by-step guide to legally manipulate the 2019 Canadian election 

            First, I feel obligated to reference the following quote, as I do when I teach someone how to pick a lock:

            If a lock, let it have been made in whatever country, or by whatever maker, is not so inviolable as it has hitherto been deemed to be, surely it is to the interest of honest persons to know this fact, because the dishonest are tolerably certain to apply the knowledge practically; and the spread of the knowledge is necessary to give fair play to those who might suffer by ignorance.
            — From A. C. Hobbs (Charles Tomlinson, ed.), Locks and Safes: The Construction of Locks. Published by Virtue & Co., London, 1853 (revised 1868).

            Second, I feel obligated to say this is not serious advice, or intended as an operating manual, but it’s intended to demonstrate how easy it would be to manipulate the Canadian elections this year.

            Third, while I am associated with a political party, I would go under oath stating that I have not participated in any of these steps for them, or myself as a candidate, even knowing that I could.

            OK so here we go. The biggest loophole to winning the 2019 Canadian elections is to realize that Canadian political parties are not bound by Canadian privacy laws. This is important, as laws like PIPEDA that govern the collection, use, and disclosure, of Canadians personal information, is governed by the Canadian federal privacy commissioner.

            As an aside, this law isn’t really respected by the private sector today even though it is regulated, as the commissioner doesn’t have order making power even if you are guilty of violating privacy laws — and most relevant, there are no repercussions of consequence. Things are even worse in the public sector in terms of lack of repercussions, but let’s get back to the political arena for today’s post.

            So the first thing to do to win the Canadian federal election is to register a Canadian political party. Shout out to anyone who registers the “Canadians hacking the election party” or “Canadians legally violating privacy party” to make even more obvious and tongue-in-cheek. Once you have a political party, you are ready to start legally collecting Canadians personal information.

            As another aside, even if you don’t go any further in terms of the steps below, you can now collect, use, and disclose any information on Canadians you want, and the federal privacy commissioner can’t do anything about it as you’re out of his jurisdiction! You could have access to a database of Canadian’s mental and sexual health, and be selling it on the black market, and as a political party, I don’t see anything that could be done to you. It should be obvious at this stage that the federal privacy commissioner should have jurisdiction to investigate any/all political parties, and on top of that, the ability to administer strict and real penalties for privacy violations. Back to this year’s election:

            So now you have your privacy law exempt party, and you need to collect some data. The easiest way to do this is to buy it, so you’ll want some money. Think of any government, company, or person who might want full influence with the next political party in power — reach out to them. There are a lot, this should not be challenging with a little creativity. I would say 10mm is an easy low number (in terms of taking control of a country like Canada), but obviously the higher the better. It should be no problem if you send them this article, and the laws haven’t changed by then.

            So now you’ve got a privacy law exempt political party, 10mm, and are ready to start collecting data. You have to remember, there’s no one that can investigate you today in terms of privacy law, which governs the collection, use, and disclosure of Canadian’s personal information. This means you can ask anyone who has access to any database of Canadians, the bigger the better, and you could offer to pay them for a copy.

            In the last 5 years, I’ve had a data management head of one of the top 3 political parties tell me he was “given” a health related database. I asked him what he would do with, and he shrugged, “merge it with the rest of our datasets and see how it can help micro-targeting”. This should demonstrate every step in this article has been used by someone, in some capacity, and I expect that each of these steps to be fully utilized over the next few months.

            We’re headed into the election cycle shortly, so you don’t have much time here, collect all of the data sets you can. Merge them. Sanitize them. Sort them by address.

            Now is where you prepare your social media strategy. This is where the story of Christopher Wylie and Cambridge Analytica comes in. What they needed to be able to accomplish their goals was an understanding of what the different target demographics of a voter look like.

            I don’t know the full details, other than speaking to Chris once or twice on this issue, aside from seeing him speak, and what I’ve read online, so this is a mixture of what I recall was done, and what I think should be done.

            You launch some machine learning (what most people incorrectly call AI) chat bots, to start to create, and infiltrate as many discussions as you can. A basic example would be to start a conversation on anything that raises emotions in Canada, such as a gun registry, abortion, or immigration. It’s pretty easy to guess which side of the political spectrum you’re on based on that. In fact, even if you skipped by the “buy all of the data” step above, collecting data this way would still be quite effective. The power you will have from using machine learning on this data is you can start to see unexpected topic areas based on region. For example, the BC NDP endorse subsidies for LNG/Fracking, where as the AB NDP endorse oil/gas/bitumen/pipelines. That’s at the provincial level. Once your machine learning discovers this, you would prepare different ads and messaging for NDP supporters in each province as a result. “Big data” allows you take this macro concept and break it down into micro-targeting.

            Micro-targeting means instead of provincial level political beliefs, you could know the hot topic areas of your street, your apartment building, or even amongst a certain friends or family group. This data collection over the next few months is invaluable in two contexts. One is to score every voter, which requires you to know how political parties work. The other, is to now create communities.

            Whenever a politician canvasses your door, unless they’re new, they’re not there to chat, they only want to know how likely it is you’ll vote for them. For simplicity they’ll give you a score from 1-5 after speaking with you, but each party does is differently. 1 would be that you’d never ever vote for that politician, 2 is likely not, 3 is unknown, 4 is a maybe, and 5 is absolute yes. Why this is done, is so that on election day, each political party starts with their 5s, and makes sure they get to the polls, even offering rides, once that list is gone through, then they go down through the 4s, etc. Until this generation, all of that was done at the door, but with the ability to access application programming interfaces (APIs), as well as website scraping, tools can be written to collect this data at scale. If you don’t have someone knocking at your door this election season, you’ve likely already been scored.

            The other thing that can be done with this data, and if I recall correctly, this is what Mr. Wylie and team did that was novel. They started to create real communities from digital ones. For example, if I saw that all the people with my political leaning in my neighbourhood were passionate about opiate addiction (We are! 43 overdoses last Friday alone, no joke!) and gentrification, I could start or join an online social group and start talking about these different issues. Now, I wouldn’t make it obvious it’s for a political party, instead it would appear just to be a group of like-minded people who think the same way I do about the same topics. This strategy goes even deeper, and this is what I’ve never heard being done before Mr. Wylie. At some point, he and his team were able to move these digitally created communities of like-minded people, many who didn’t even realize this community was created for political alignment, and he would arrange a physical meetup in the real world. This would have to happen after a certain scale to not be detected, that the event was created by a robot. Let’s say once a community of +1000 people existed, using a pseudonym, he could create an event at the local coffee-shop and say “Let’s talk about these issues that matter in this neighbourhood!”, and no one would realize that the event organizer might not have even been there as the event and group were digitally created!

            Once you get people in a room talking about passionate topics, in the heat of an election cycle, you’ve activated a machine — or in this case, +100s of groups of people.

            At that point, you have your data team actively engaged on the digital side of these chat groups, not just in collecting all of the data, but dynamically steering the narrative towards the hot topics at that part of the election cycle that resonate with your voting demographic.

            It’s also worth noting which mediums are used by different demographics. For example, if you’re looking at +40 year old right leaning Christian Conservatives, that’s a demographic that’s likely still more accessible on traditional television, as opposed to the ‘gram.

            The ability to shape, and more importantly to create, communities in the digital world is what Mr. Wylie credits to getting Trump elected, and Brexit/’s success.

            With online advertising, you can now micro-target. This means you could create a Facebook or Google ad that says “We promise electoral reform” which would resonate with me, but you could target women 18-27 in my building with an ad linking to the woman’s right section of their political platform, and a different ad to the people on the top floor talking about airplane noise policy. Being able to micro-target to sway opinion will be huge in 2019, for those with the resources to do so.

            Even if you don’t follow these instructions, after reading this you will start to see ads that are micro-targeting you, so be aware of them. Anything your friends or neighbours think about SNC Lavalin today, will likely affect the ads you see tomorrow, as we tend to live in echo chambers digitally, and in the real world, sadly. This is one of the challenges in this politically polarized climate, the more passionate you are to the right or the left, makes you more vulnerable to micro-targeting.

            That’s about it! On election day, you’ll have swayed opinions, created new communities, and you should have almost every voting Canadian in a database, with a rating from 1-5. On the week before election day, create an ad asking the 4s and 5s if they want a ride to their nearest polling station, and work your day down to the 3s and even 2s after that. Your goal is to get as many of your strong voters to the polls as possible.

            Good luck, and remember me and this advice when you’re in power for the next 4 years!

            This may sound far fetched, but I’ve already been told I could make 6 figures over the next 6 months if I help a certain top 3 political party with their campaign. Every data expert with real capabilities you know, is likely to be asked to help.

            I have several recommendations on how the government can minimize or stop this from being possible, as well as how to minimize the impact of your being manipulated as a voter if you want to reach out, otherwise I’ll save those thoughts for another article.For further reading:

            For further reading:

            • cqwww 10:44 pm on April 8, 2019 Permalink | Reply  

              Tinder, but for books 

              Or more accurately, Bumble, but for media you’ve consumed lately.

              You’re likely aware of Tinder and Bumble, popular dating apps where you choose a potential date based off images of a person. The suggestion is, you should usually keep the photos of yourself within the last 3 months, as you don’t want to meet the person and look different than was in your photos.

              Enough about that — that’s boring. I like people who read books, I’m always interested to hear what books you’ve read recently, be it a friend, or more. Which led me to the idea of a better tinder — one where instead of profile photos of yourself, it’s a list of the books you’ve consumed over the last 3 months.

              I’ll take it a step further, as an old friend visiting town last week reminded me of an app I had built over 5 years ago called mymediamemory. The intention of that app was to be your memory of media you’ve consumed, in 4 categories — books, movies, tv shows, and video games. He mentioned he was upset it went away, as it had a lot of his memory of these media in an easy to use format. Last week I posted on social media:

              When I posted it, I got a few comments in the various places I posted it, that there just might be something there. Some said they also had the idea, some say they would use it. So here we are, let’s see if there is interest in building this thing. I would love an excuse to revive my mediamemory, and this seems like the perfect excuse, and a tool that would be perfect for such a platform.

              If you’re interested, I’m going to host an open discussion on jitsi, which is an open source alternative to Skype or Zoom. If you’re going to join the discussion, please bring to the conversation where you’d like to see the project going, and what you’re willing and able to contribute.

              Date: April 28, 2019 (Kiss your mate day!)
              Time: 13:00 Pacific Time
              (please test your webcam and microphone in advance on this website!)

              • cqwww 9:33 am on April 2, 2019 Permalink | Reply

                idea: A dating app like tinder, but instead of a recent selfie, it’s a pile of the books you’ve read in the last 3 months.

                • cqwww 5:19 pm on March 27, 2019 Permalink | Reply  

                  It’s time to think about jurisdictional data sovereignty 

                  There are many ways to think about where your data is stored. The most popular today are centralized vs decentralized, and the other is where the borders are. Today, I’ll only discuss the latter.

                  Here in Canada, this became prominent back when British Columbia added section 30.1 to B.C’s public sector privacy law, “Storage and access must be in Canada”.

                  The intent here was the early realization, in a US PATRIOT ACT world, that countries are starting to collect all of the data they legally can on foreigners. Hence in the information age, where people are collecting data for big data sake, this is not only useful for profit in terms of sharing and selling the data, governments will also now be able to use this data, forever.

                  Let’s use a relevant example here in Canada. I live in B.C, where cannabis is legal. I live above Washington state, also where cannabis is legal. But if the U.S. government ever collects evidence as to my participation in cannabis, I can be rejected entry, as it’s currently against federal U.S. law even though many states have legalized it.

                  So as we think about where the data rests in this case, the easiest way to legally purchase cannabis online is through the various provincial government stores. What is not clear is what their process is in terms of using American tech or digital services. For example, if you buy cannabis with a Mastercard or Visa, those American companies can now provide the government a list of cannabis purchasers in Canada.

                  This is not just a risk to Canadians today, but it could be a greater risk tomorrow, or in 15 years from now under a different political regime, as long as the data is still stored there.

                  While I’ve talked about this risk for over a decade, the political climate change between Obama and Trump makes it easy to understand this: If you were a Muslim or Mexican who visits the U.S, which data the American government has of yours now vs 4 years ago has changed a lot.

                  Even more recent, is the current discussions around the sale of Grindr, which describes itself as the world’s largest social networking app for gay, bisexual, transgender and queer people. If you are in that demographic, you are likely aware that the company’s majority changed hands from Joel Simkhai to Kunlun Group Limited, a Chinese company. If you’re in a vulnerable population such as this one, where your data is stored and can be accessed, this can affect your life and/or your livelihood.

                  In the last year, we’ve seen two notable laws pass here in the 5EYES region, most popular being the Australian AA Bill which passed last December, and with less attention, the US CLOUD Act before it. Under the Australian bill, their police can force companies to install a technical backdoor that would give them access to encrypted messages without a user’s knowledge. This means you can no longer trust Australian employees, or Australian software. I professionally brought up jurisdictional sovereignty last year when explaining that the new US CLOUD Act which states that:

                  • Primarily, the CLOUD Act amends the Stored Communications Act (SCA) of 1986 to allow federal law enforcement to compel U.S.-based technology companies via warrant or subpoena to provide requested data stored on servers regardless of whether the data are stored in the U.S. or on foreign soil. [source]
                  • § 2523. Executive agreements on access to data by foreign governments. 

                  This means that you can no longer trust American tech companies as custodians of your data, and who knows which other countries have partnered with them on this.

                  This is no simple feat. If you do anything related to technology, you likely use some type of Google services, or Atlassian, but even more broad is to evaluate which of those products are storing your data on an American “cloud” server somewhere, or using an Australian chat software.

                  I’m working on solving some of these issues with PGKYC, where all of our data is stored in Canada only for our Canadian deployment, and it’s architected with jurisdictional sovereignty in mind. In each country we deploy to, the data will only be stored on that country’s soil.

                  This is a lot more expensive, as we can’t use Amazon’s AWS for example, or any cloud related products, except for our American users in the American deployment.

                  I haven’t touched on centralized vs decentralized yet, as that’s a deeper topic for another day, but my surface perspective is I like decentralization better, as long as it’s using PKI and the user controls the private key. That’s a long way from being trusted by first world governments, so I think centralized models are still the near future.

                  In the meantime, if you’re looking for alternatives to American or Australian tech services, like an alternative to Gmail or Google docs for example, I’m always happy to share my ideas on Twitter, as well as engage in constructive dialogue on topics such as this, especially in the solution space.

                  • Mark 10:31 am on March 28, 2019 Permalink | Reply

                    Very nice perspective. The discussion of where data is stored is epically important not only to Canada but personally. Although this discussion highlights the important distinction in privacy by design, between data minimisation and removing the need for data protection. The lack of standards or discussion about default privacy expectations for Canadians in the context of PIPIDA, as oppose to that of the US based services. I think ultimately, this is a Canadian governance issue and the government needs to step up.

                • cqwww 2:23 am on March 12, 2019 Permalink | Reply  


                  There’s a great SXSW quote from (the internet’s) new girlfriend, AOC,

                  “We should be excited about automation, because what it could potentially mean is more time educating ourselves, more time creating art, more time investing in and investigating the sciences, more time focused on invention, more time going to space, more time enjoying the world that we live in,” she said. “Because not all creativity needs to be bonded by wage.”

                  This is counter to common political narrative in commonwealth countries, where jobs are the marker of success, as well as growth. As Canada heads into an election season, let’s pay attention to this narrative, as a successful leader in 2019 will be documenting what their plan is for when your job is automated, not forcing your job to exist because you’re in a powerful union.

                  Unions are not focused on a guaranteed livable income (GLI), mincome, or basic income projects. They want you to work for most of your life.

                  Politicians are currently focused on jobs and growth, which they manipulate metrics to make you think that lucking out on a minimum wage job is a marker of success for a country.

                  The most successful country this century will be the country that goes back to the old adage that your country’s success should be measured on how it treats its most vulnerable.

                  Consider the most wealthy people you know — they likely make their money from having their money work for them, not from trading time for money, which is the antiquated model of the oppressed.

                  Yet when you rely on time for money as most of the planet’s population, or you die, your best option sounds like jobs and unions. Unions were great 50 years ago, but like cable television, fossil fuels, ad companies, or first-past-the-post election systems, the only people supporting these systems are oppressive dinosaurs.

                  Do a little research into universal basic income (UBI). Anywhere that has implemented it, most notably Denmark, has been listed at the happiest place on earth for over a decade. Also pay attention to where trials exist, and are being taken away.

                  There’s nothing more notable and noble in 2019 than creating a world where your peers don’t have to work, automating everything, and building a world where we have new and exciting problems.

                  Your work should be about your purpose. Your selfless contribution. Your give.

                  What would it take to make a world where no one had to work for an oppressor ever again?

                  • cqwww 11:01 am on February 27, 2019 Permalink | Reply  

                    Be careful what you allow to access your bank account 

                    There are a lot of interesting things happening on the bridge between tech and finance, or FinTech. If you’ve observed what the EU’s GDPR did for privacy around the world in a short time, it’s time for you to take a look at the EU’s PSD2 which is going to have a similar affect to FinTech.

                    What is PSD2? The Revised Payment Service Directive allows private/tech companies to manage the bank accounts of both consumers and businesses. I don’t know how to hit home how relevant this is in terms of privacy, but if you’re aware that your web surfing habits are actively bought, sold, and traded in the background, this can legally now happen with your bank account information.

                    This means there will be a new wave in short order of FinTech apps that are offering you services to make your financial life easier — and the question will be the same as your web surfing and free email service choices — will you accept the convenience of what they offer, in exchange for your privacy? For example, there will be apps that can help you improve your credit score, or help you invest smarter, or automatically increase your credit card size, or shop for you. All of these will be common within a year or two. They’ll likely even be “free”, just as Google is an advertising company that offers a free search engine and free email service you likely use. In the background these companies will sell, share, or broker your data. In many cases even some of those broker deals might also offer you better service delivery than you have now.

                    There’s one notable distinction — your search engine data offers plausible deniability, and unless published is really hard to tie to you as a person, especially in increments. This is different than your financial transaction history. This is not a dynamic list that often changes — once it’s out there, it can be used against you for the rest of your life.

                    What would a privacy breach of your financial history do to you?

                    This is an issue that will become real, and in the short-term.

                    This is not unique to the EU. In Canada, the Department of Finance as released an OpenBanking 101 document, and just closed a consultation on the merits of OpenBanking. Not only are all of the big 5 banks actively in discussions on this, the Canadian Credit Union Association is on tour to all of the credit unions in the country on this.

                    I have several concerns about this.

                    1) There have been no in-depth study as to the repercussions of a FinTech financial transaction history data breach. The closest we have is the resultant of the Equifax breach, which opens the doors to ID fraud for your lifetime, at a minimum. Again, this is different than your shopping habits at one given store — if your transaction history is breached, this is a disclosure of all of your past shopping habits, out there for ever. I would propose this needs a massive re-think on access control lists for your transaction history.

                    2) It’s not clear what the repercussions of a breach will be. In Canada, we have good (not great) privacy laws, but we have little to no repercussions for violations. The federal privacy commissioner does not have binding power. This means that companies don’t really care if they violate your privacy, or if their data is breached, there are little repercussions to them. There needs to be strong financial penalties for any breach of privacy, but this is especially important before Canadian’s financial histories are on the line to exposure.

                    3) The above two are compounded with the growth of a new industry. The creation of this new wild-west FinTech OpenBanking industry will introduce anyone looking to make a quick buck. This means instead of building in strong risk management regimes, strong compliance regimes, as we have with our banks and credit unions, all will be out the window as my fellow tech entrepreneurs race for “first mover advantage” to collect your bank records.

                    The average consumer to date hasn’t been willing to fight for their right to privacy, and as such, it will continue to be eroded like any human or civil right that isn’t fought for. People are still choosing free, over paying for products that will protect their privacy.

                    If you’re interested and willing to put time and/or money into protecting the privacy of yourself and others in terms of FinTech and OpenBanking, I’d love to start a dialogue.

                    • cqwww 1:36 am on February 18, 2019 Permalink | Reply  

                      Getting your ham radio licence in Canada 

                      If you’re interested in getting your amateur (ham) radio licence in Canada, you can start with Industry Canada’s website. I would start on the radio exam generator page which has two important links. Obviously you should start with Basic, and there are two notable things on this website.

                      When you go to write the actual basic exam, the examiner is randomly pulling 100 multiple choice questions from a 500 question bank. The above link gives you direct access to the 500 question bank, as well as a tool to randomly pull 100 questions from that bank, emulating the real exam experience. Once you can confidentially get 80/100 questions correct, contact a local examiner to have them give you the free exam. Once you pass it, you have your callsign for life!

                      The other website worth checking out is the Radio Amateurs of Canada ( website.

                      If you have any questions about the process, please reach out! It’s a nerdy hobby that few appreciates, unless you’re in a state of emergency or when the phone system breaks. I’ve been in the situation twice in my life (IceStorm ’98 and Eastern Blackout 2003), and when you’re the only person in your network capable of communicating outside your network, they appreciate your ability to do so.

                      73 de VE3URL/VE7BNE

                      • cqwww 9:27 am on January 28, 2019 Permalink | Reply  

                        Open source self-hosted small business tools 

                        I’ll start by listing some of the tools that most if not all of my businesses use:

                        Nextcloud — Not only is this a dropbox replacement for file management, it is a platform with many features I recommend like Collabora/ownpad, and Calendar and Contact syncing (I don’t use or endorse any Google products, ever). Use this to replace Dropbox, and Google Drive/Calendar/Contacts/Sheets/Docs.

                        Signal – This is for secure video and voice calls, as well as messaging. You might also check out Use this to replace Skype/WhatsApp/Messenger.

                        Jitsi – This can be used for group video chats as a replacement for Zoom/

                        Postfix+gnupg+Enigmail+Thunderbird (K9-Mail on Android) – This is how we use email. For contractors, I ask them to use Tutanota or Protonmail. Use this to replace Gmail/Yahoo/Hotmail. Which tools are your organization using?

                        compose new post
                        next post/next comment
                        previous post/previous comment
                        show/hide comments
                        go to top
                        go to login
                        show/hide help
                        shift + esc