About trust and the Norwegian contact tracking app

The Norwegian government is doing their best to combat the pandemic. Well, mostly. The digital contact tracing initiative, in the form of an app called “Smittestopp”, from the institute of public health is a clear exception. Dear government, a question arises: how do you expect to gain trust when at each important turn your decisions, actions and elusiveness only creates distance, suspicion and speculation ?

You keep the source code closed. And defend this decision with arguments to the likes of security by obscurity, commerical interest, “we are not used to open sourcing” and an unsubstantiated fear of tech leakage to other not so nice governments. Weak at best !

Be open, honest, collaborative and willing to share, gain trust.

You pollute what should be the maximally important purpose: contact tracing. By use of centralized (and foreign) storage of detailed GPS tracking data for research purposes. (Then also failing to describe how exactly the anonymization process will work.)

Keep it to the point, do privacy by design, gain trust.

You release the app with permanent user identifier broadcasting. Leading to real world security issues in production.

Respect privacy, listen to expert advice, gain trust.

The CEO of Simula Aslak Tveito calls for shame in a public letter. On those who elect not to install a voluntary and heavily criticised application., April 21 2020

Be humble, understanding and generous, gain trust.

I can only hope there will be a new simpler version of the app made solely for the purpose of contact tracing. Open source and with privacy by design.


Why you should use Mozilla Firefox

Recently, Microsoft announced that it will base future versions of its Edge browser on the Chromium web engine (Blink, which also powers Google Chrome). The linked blog post states:

Making the web better through more open source collaboration

I will not argue against open source collaboration being a good thing, but the web will not be a better place with less browser diversity on the market. Instead, it will likely give Google Chrome an even more dominating position, because Edge will just become another boring Chrome clone. The situation gives much power to just one browser engine, which in turn will cause web development to focus more on this single implementation and less on compatibility and standards-compliance. I think standards are hugely important to keeping the web open and accessible for all, and I strongly dislike browser engine monopolies. Web publishing needs diversity in applications which consume, process and present the data, as a force that pulls it towards agreed upon and open standards.

Sometimes I encounter web applications and sites which are developed solely to work with Chrome, because “everybody uses Chrome” (or it’s just pure developer ignorance). That’s very unfortunate and takes us right back to the Internet Explorer web domination period, years ago. Now it’s called Chrome instead. Future Edge users will be using the Chrome engine under the hood, not even realising they will be giving more power to Google.

I’ve used the Mozilla Firefox browser for many years on the desktop, and in recent years also on mobile devices. It’s a personal preference based mostly on the fact that I really appreciate its features, and I dislike Chrome and its close ties to Google. I’ve also realized the importance in supporting diversity through my choices, and supporting independent market players as forces against monopoly.

If you’re a Chrome or Edge user, I encourage you to try Mozilla Firefox, or any other Firefox-based browser. It has a healthy focus on user privacy, and it is not developed by Google or Microsoft. It works great on mobile platforms as well. By using it, you are contributing to keeping the web open and accessible.

Final note, I am not in any way sponsored by the Mozilla Foundation, the opinions expressed here are solely my own.


Wasteful coinputing

The Bitcoin network consumes a significant portion of world’s energy to produce nothing but hot air and lucky winners. What a waste.

Stop right there, OMG block chain is cool right ?! Sure, I find the concept of a transparent distributed block chain, cryptographic verification and decentralized consensus interesting theoretically, but this post has less to do with theory and more to do with unfortunate consequences of applying the tech in practice. The system just isn’t good enough when a huge energy waste is an important aspect of maintaining network trust, security and integrity.

So, what’s up with all those electrons driving the Bitcoin* business ? In short, Bitcoin mining nodes compete to produce the next valid global block of transactions by hashing some random number along with other permutable details. There are specific requirements to what makes the resulting hash number valid (level of difficulty), which makes the process computationally expensive. In other words, making a valid next block that the network can accept requires effort and time (typically a fixed average amount of time is targeted). So when a miner presents her shiny new block, its validity is proof of work (and proof of wasted energy). Checking for validity is easy, producing a valid block is hard. This throttles the rate at which new transaction blocks can be created, which is important to prevent hostile take-overs, spamming, etc. Defining the next block of facts cannot be free, otherwise, anyone could claim to hold the truth in a much too easy manner.

*..or whatever-coin with similar properties, really.

So, for the network to agree on new blocks, a lot of energy is required.  Clean energy ? Hardly, with over half of the world’s energy production coming from coal, oil and gas. Bitcoin mining is consuming power at the scale of entire countries. Terawatt-hours worth per year. Close to 500 kilowatt-hours per transaction, at the time of writing. And transactions are slow. And most of the computation being performed just goes to waste, as only one valid block will be the next on the chain, and all the losers just get a higher electricity bill.

A Norwegian company was called out in the media for terrorizing a whole neighbourhood with cooling machinery noise from a mining operation data center. Statements given by this useless business showed little respect for the people living nearby, a business driven by prospects of financial gain in the crypto coin market using subsidized electrical power. The same business is of course complaining about the Norwegian government considering exclusion of coin mining activities from data center power subsidization. The government absolutely should stop subsidizing such operations.

Stop the madness. If you’re in participating in this crypto currency scheme in the hope of becoming rich and “happy”, think about all the negative consequences and evident shortcomings of current applications.

Just /quit #Bitcoin.