Find Local Classifieds browser hijacker removal instructions

What is Find Local Classifieds?

Find Local Classifieds browser hijacker is designed to promote the findlocalclassifiedstab.com address, a fake search engine. Like most apps of this type, it promotes it by changing certain browser's settings. Usually, browser hijackers not only modify settings but also collect various (mostly browsing-related) information. Since users often download and install apps like Find Local Classifieds unintentionally, unknowingly, they are categorized as potentially unwanted applications (PUAs).

CapitaSearch browser hijacker removal instructions

What is CapitaSearch?

CapitaSearch is a piece of software, classified as a browser hijacker. Following successful infiltration, it modifies browser settings in order to promote search.capita.space - a fake search engine. Additionally, CapitaSearch adds the "Managed by your organization" feature to Google Chrome browsers. Most browser hijackers spy on browsing activity. Since most users download/install CapitaSearch unintentionally, it is also considered to be a PUA (Potentially Unwanted Application). One of the dubious methods used to distribute CapitaSearch is via illegal software activation ("cracking") tools. It is noteworthy that these tools are often used to proliferate malicious content as well (e.g. ransomware, trojans and other malware).

Since the outbreak of COVID-19, face masks have been in high demand. One company decided to take an eco-friendly approach to manufacturing and supplying the public with protective masks. The Professional Association of Diving Instructors (PADI) partnered with the sustainable sportswear company Rash’r to turn plastic pollution found in the ocean into face masks.

All proceeds from the masks go directly back into the manufacturing of more masks to help recycle plastics from the ocean. The masks feature a number of ocean-themed designs and include special sizes for kids. The company has received more than 15,000 mask pre-orders in just a few weeks—which has helped recycle more than 1,300 pounds (590 kg) of ocean pollution. The U.S. Centers for Disease Control and Prevention (CDC) now recommends that people wear cloth face masks to prevent the spread of COVID-19 in public places. The masks made by PADI offer a sustainable alternative to the N95 respirator masks being reserved for health care workers.

One of the barriers to abuse in the BSA's Youth Protection Program is the Criminal Background Check (CBC) ...

A team of scientists has observed, for the first time, the presence of warm water at a vital point underneath a glacier in Antarctica--an alarming discovery that points to the cause behind the gradual melting of this ice shelf while also raising concerns about sea-level rise around the globe.

Several groups of reptiles persisted in Jurassic Africa even as volcanism ruined their habitat

Examining the factors that affect the number of females being harvested during the bear hunting season will help Pennsylvania wildlife officials manage population.

SLAC scientist Siqi Li works on new methods to allow researchers using LCLS, our X-ray laser, to observe the motion of electrons or do high-resolution imaging. When she's not working to create more efficient and advanced X-ray lasers, Li likes to unwind with yoga.

When you spend a lot of time on your own, as I do, you tend to notice things more, perhaps earlier. 
I think it was maybe early February when I started to feel quite concerned about a new virus from the same family as common colds but worse than influenza. I watched a documentary in February on the “Spanish Flu” and I learnt that we don’t know for sure where it originated. The reason it was coined Spanish Flu is because Spain was neutral in WWI and so they weren’t trying to hide the truth of their experience with this…

  I am looking for someone who can help me find and clear out excess data on one of my...

The problem: if you publish any document as PDF, in print, etc. and the text contains URLs, there is a chance that one day those URLs won't work anymore. There's nothing to do about that, it happens.

Luckily, this is a solved problem. The solution is to link to a stable and trustworthy website, that is, one that you maintain and host (of course, you're trustworthy!). Then in the document you link to that website, and the website redirects visitors to the actual location.

An example: my book contains a link to https://enjoy.gitstore.app/repositories/matthiasnoback/read-with-the-author. When I moved that repository to a new organization on GitHub, this link resulted in a 404 Page not found error. The proper URL is now https://enjoy.gitstore.app/repositories/read-with-the-author/read-with-the-author. Chris from Gitstore was able to save the day by setting up a redirect on their site, but I wanted to make sure this kind of problem would never be a problem for me again.

The ingredients for the solution:

• A domain name (I registered advwebapparch.com)
• A simple website that can redirect visitors to the actual locations

I wanted to hook this new website into my existing Docker-based setup which uses Traefik to forward traffic to the right container based on labels. It turns out, with a simple Nginx image and some custom setup we can easily set up a website that is able to redirecting visitors.

The Dockerfile for such an image:

FROM nginx:stable-alpine
COPY default.conf /etc/nginx/conf.d/default.conf

Where default.conf looks like this:

server {
    listen 80 default_server;
    index index.html;
    root /srv;

    error_page 404 /404.html;

    rewrite /repository https://enjoy.gitstore.app/repositories/read-with-the-author/read-with-the-author redirect;
}

This already works, and when I deploying the resulting image to the server that receives traffic for advwebapparch.com, a request for /repository will indeed redirect a visitor to https://enjoy.gitstore.app/repositories/read-with-the-author/read-with-the-author using a temporary redirect.

Generating the Nginx configuration from a text file

When I'm working on my book, I don't want to manually update a server configuration file every time I'm adding a URL. Instead, I'd like to work with a simple text file. Let's name this file forwards.txt:

/repository https://enjoy.gitstore.app/repositories/read-with-the-author/read-with-the-author
/blog https://matthiasnoback.nl

And then I want the Docker image build process to add rewrite rules automatically, So I wrote a little PHP script that does this runs during the build. Here's what the Dockerfile looks like. It uses a multi-stage build:

FROM php:7.4-alpine as php
# This will copy build.php from the build context to the image
COPY . .
# This will generate default.conf based on template.conf
RUN php build.php

FROM nginx:stable-alpine
# Copy the default.conf from the php image to the nginx image
COPY --from=php default.conf /etc/nginx/conf.d/default.conf

Here's what happens inside the PHP script:

function insertRewritesInNginxConf(string $conf): string
{
    $rewrites = [];

    foreach (file('forwards.txt') as $line) {
        $line = trim($line);
        if (empty($line)) {
            continue;
        }

        $rewrites[] = '    ' . 'rewrite ' . $line . ' redirect;';
    }

    return str_replace(
        '%INSERT_URL_REWRITES_HERE%',
        implode("
", $rewrites),
        $conf
    );
}

/*
 * Generate the Nginx configuration which includes all the actual
 * redirect instructions
 */
file_put_contents(
    'default.conf',
    insertRewritesInNginxConf(file_get_contents('template.conf'))
);

We should add a bit of validation for the data from the forwards.txt file so we don't end up with a broken Nginx configuration, but otherwise, this works just fine.

Generating an html page which can be crawled for broken links

I don't want to manually check that all the links that are inside the "link registry" still work. Instead, I'd like to use Oh Dear for that, which does uptime monitoring and checks for broken links as well.

For this purpose I added another function to the PHP script, which, based

Truncated by Planet PHP, read more at the original (another 1844 bytes)

Have you heard of Heath Freeman? He's a thirty-something hedge fund boss, who runs "Alden Global Capital," which owns a company misleadingly called "Digital First Media." His business has been to buy up local newspapers around the country and basically cut everything down to the bone, and just milk the assets for whatever cash they still produce, minus all the important journalism stuff. He's been called "the hedge fund asshole", "the hedge fund vampire that bleeds newspapers dry", "a small worthless footnote", the "Gordon Gecko" of newspapers and a variety of other fun things.

Reading through some of those links above, you find a standard playbook for Freeman's managing of newspapers:

These are the assholes who a few years ago bought the Denver Post, once one of the best regional newspapers in the country, and hollowed it out into a shell of its former self, then laid off some more people. Things got so bad that the Post’s own editorial board rebelled, demanding that if “Alden isn’t willing to do good journalism here, it should sell the Post to owners who will.”

And here's one of the other links from above telling a similar story:

The Denver newsroom was hardly alone in its misery. In Northern California, a combined editorial staff of 16 regional newspapers had reportedly been slashed from 1,000 to a mere 150. Farther down the coast in Orange County, there were according to industry analyst Ken Doctor, complained of rats, mildew, fallen ceilings, and filthy bathrooms. In her Washington Post column, media critic Margaret Sullivan called Alden “one of the most ruthless of the corporate strip-miners seemingly intent on destroying local journalism.”

And, yes, I think it's fair to say that many newspapers did get a bit fat and happy with their old school monopolistic hold on the news market pre-internet. And many of them failed to adapt. And so, restructuring and re-prioritizing is not a bad idea. But that's not really what's happening here. Alden appears to be taking profitable (not just struggling) newspapers, and squeezing as much money out of them directly into Freeman's pockets, rather than plowing it back into actual journalism. And Alden/DFM appears to be ridiculously profitable for Freeman, even as the journalism it produces becomes weaker and weaker. Jim Brady called it "combover journalism." Basically using skeleton staff to pretend to really be covering the news, when it's clear to everyone that it's not really doing the job.

All of that is prelude to the latest news that Freeman, who basically refuses to ever talk to the media, has sent a letter to other newspaper bosses suggesting they collude to force Google and Facebook to make him even richer.

You can see the full letter here:

Let's go through this nonsense bit by bit, because it is almost 100% nonsense.

These are immensely challenging times for all of us in the newspaper industry as we balance the two equally important goals of keeping the communities we serve fully informed, while also striving to safeguard the viability of our news organizations today and well into the future.

Let's be clear: the "viability" of your newsrooms was decimated when you fired a huge percentage of the local reporters and stuffed the profits into your pockets, rather than investing in the actual product.

Since Facebook was founded in 2004, nearly 2,000 (one in five) newspapers have closed and with them many thousands of newspaper jobs have been lost. In that same time period, Google has become the world's primary news aggregation service, Apple launched a news app with a subsription-based tier and Twitter has become a household name by serving as a distribution service for the content our staffs create.

Correlation is not causation, of course. But even if that were the case, the focus of a well-managed business would be to adapt to the changing market place to take advantage of, say, new distribution channels, new advertising and subscription products, and new ways of building a loyal community around your product. You know, the things that Google, Facebook and Twitter did... which your newspaper didn't do, perhaps because you fired a huge percentage of their staff and re-directed the money flow away from product and into your pocket.

Recent developments internationally, which will finally require online platforms to compensate the news industry are encouraging. I hope we can collaborate to move this issue forward in the United States in a fair and productive way. Just this month, April 2020, French antitrust regulators ordered Google to pay news publishers for displaying snippets of articles after years of helping itself to excerpts for its news service. As regulators in France said, "Google's practices caused a serious and immediate harm to the press sector, while the economic situation of publishers and news agencies is otherwise fragile." The Australian government also recently said that Facebook and Google would have to pay media outlets in the country for news content. The country's Treasurer, Josh Frydenberg noted "We can't deny the importance of creating a level playing field, ensuring a fair go for companies and the appropriate compensation for content."

We have, of course, written about both the plans in France as well as those in Australia (not to mention a similar push in Canada that Freeman apparently missed). Of course, what he's missing is... well, nearly everything. First, the idea that it's Google that's causing problems for the news industry is laughable on multiple fronts.

If newspapers feel that Google is causing them harm by linking to them and sending them traffic, then they can easily block Google, which respects robots.txt restrictions. I don't see Freeman's newspaper doing that. Second, in most of the world, Google does not monetize its Google News aggregation service, so the idea that it's someone making money off of "their" news, is not supported by reality. Third, the idea that "the news" is "owned" by the news organizations is not just laughable, but silly. After all, the news orgs are not making the news. If Freeman is going to claim that news orgs should be compensated for "their" news, then, uh, shouldn't his news orgs be paying the actual people who make the news that they're reporting on? Or is he saying that journalism is somehow special?

Finally, and most importantly, he says all of this as if we haven't seen how these efforts play out in practice. When Germany passed a similar law, Google ended up removing snippets only to be told they had to pay anyway. Google, correctly, said that if it had to license snippets, it would offer a price of $0, or it would stop linking to the sites -- and the news orgs agreed. In Spain, where Google was told it couldn't do this, the company shut down Google News and tons of smaller publications were harmed, not helped, but this policy.

This surely sounds familiar to all of us. It's been more than a decade since Rupert Murdoch instinctively observerd: "There are those who think they have a right to take our news content and use it for their own purposes without contributing a penny to its production... Their almost wholesale misappropriation of our stories is not fair use. To be impolite, it's theft."

First off, it's not theft. As we pointed out at the time, Rupert Murdoch, himself, at the very time he was making these claims, owned a whole bunch of news aggregators himself. The problem was never news aggregators. The problem has always been that other companies are successful on the internet and Rupert Murdoch was not. And, again, the whole "misappropriation" thing is nonsense: any news site is free to block Google's scrapers and if it's "misappropriation" to send you traffic, why do all of these news organizations employ "search engine optimizers" who work to get their sites higher in the rankings? And, yet again, are they paying the people who make the actual news? If not, then it seems like they're full of shit.

With Facebook and Google recently showing some contrition by launching token programs that provide a modest amount of funding, it's heartening to see that the tech giants are beginning to understand their moral and social responsibility to support and safeguard local journalism.

Spare me the "moral and social responsibility to support and safeguard local journalism," Heath. You're the one who cut 1,000 journalism jobs down to 150. Not Google. You're the one who took profitable newspapers that were investing in local journalism, fired a huge number of their reporters and staff, and redirected the even larger profits into your pockets instead of local journalism.

Even if someone wants to argue this fallacy, it should not be you, Heath.

Facebook created the Facebook Journalism Project in 2017 "to forge stronger ties with the news industry and work with journalists and publishers." If Facebook and the other tech behemoths are serious about wanting to "forge stronger ties with the news industry," that will start with properly remunerating the original producers of content.

Remunerating the "original producers"? So that means that Heath is now agreeing to compensate the people who create the news that his remaining reporters write up? Oh, no? He just means himself -- the middleman -- being remunerated directly into his pocket while he continues to cut jobs from his newsroom while raking in record profits? That seems... less compelling.

Facebook, Google, Twitter, Apple News and other online aggregators make billions of dollars annually from original, compelling content that our reporters, photographers and editors create day after day, hour after hour. We all know the numbers, and this one underscores the value of our intellectual property: The New York Times reported that in 2018, Google alone conservatively made $4.7 billion from the work of news publishers. Clearly, content-usage fees are an appropriate and reasonable way to help ensure newspapers exist to provide communities across the country with robust high-quality local journalism.

First of all, the $4.7 billion is likely nonsense, but even if it were accurate, Google is making that money by sending all those news sites a shit ton of traffic. Why aren't they doing anything reasonable to monetize it? And, of course, Digital First Media has bragged about its profitability, and leaked documents suggest its news business brought in close to a billion dollars in 2017 with a 17% operating margin, significantly higher than all other large newspaper chains.

This is nothing more than "Google has money, we want more money, Google needs to give us the money." There is no "clearly" here and "usage fees" are nonsense. If you don't want Google's traffic, put up robots.txt. Google will survive, but your papers might not.

One model to consider is how broadcast television stations, which provide valuable local news, successfully secured sizable retransmission fees for their programming from cable companies, satellite providers and telcos.

There are certain problems with retransmission fees in the first place (given that broadcast television was, by law, freely transmitted over the air in exchange for control over large swaths of spectrum), and the value they got was in having a large audience to advertise too. But, more importantly, retransmission involved taking an entire broadcast channel and piping it through cable and satellite to make things easier for TV watchers who didn't want to switch between an antenna and a cable (or satellite receiver). An aggregator is not -- contrary to what one might think reading Freeman's nonsense -- retransmitting anything. It's linking to your content and sending you traffic on your own site. The only things it shows are a headline and (sometimes) a snippet to attract more traffic.

There are certainly other potential options worth of our consideration -- among them whether to ask Congress about revisiting thoughtful limitations on "Fair Use" of copyrighted material, or seeking judicial review of how our trusted content is misused by others for their profit. By beginning a collective dialogue on these topics we can bring clarity around the best ways to proceed as an industry.

Ah, yes, let's throw fair use -- the very thing that news orgs regularly rely on to not get sued into the ground -- out the window in an effort to get Google to funnel extra money into Heath Freeman's pockets. That sounds smart. Or the other thing. Not smart.

And "a collective dialogue" in this sense appears to be collusion. As in an antitrust violation. Someone should have maybe mentioned that to Freeman.

Our newspaper brands and operations are the engines that power trust local news in communities across the United States.

Note that it's the brands and operations -- not journalists -- that he mentions here. That's a tell.

Fees from those who use and profit from our content can help continually optimize our product as well as ensure our newsrooms have the resources they need.

Again, Digital First Media, is perhaps the most profitable newspaper chain around. And it just keeps laying off reporters.

My hope is that we are able to work together towards the shared goal of protecting and enhancing local journalism.

You first, Heath, you first.

So, basically, Heath Freeman, who has spent decade or so buying up profitable newspapers, laying off a huge percentage of their newsrooms, leaving a shell of a husk in their place, then redirecting the continued profits (often that exist solely because of the legacy brand) into his own pockets rather than in journalism... wants the other newspapers to collude with him to force successful internet companies who send their newspapers a ton of free traffic to pay him money for the privilege of sending them traffic.

Sounds credible.

You may have seen the news reports this week that German prosecutors have issued an arrest warrant for Dmitry Badin for a massive hack of the German Parliament that made headlines in 2016. The reports about the German arrest warrant all mention that German authorities "believe" that Badin is connected to the Russian GRU and its APT28 hacking group.

The folks over at Bellingcat have done their open source intelligence investigation thing, and provided a ton of evidence to show that Badin almost certainly is part of GRU... including the fact that he registered his 2018 car purchase to the public address of a GRU building. This is not the first time this has happened. A few years back, Bellingcat also connected a bunch of people to the GRU -- including some accused of hacking by the Dutch government -- based on leaked car registration info.

There's much, much more in the Bellingcat report, but the final paragraph really stands out. Bellingcat also found Badin -- again, a hacker who is suspected in multiple massive and consequential hacks, including of email accounts -- didn't seem to be all that careful with his own security:

The most surreal absence of “practice-what-you-breach” among GRU hackers might be visible in their lackadaisical attitude to their own cyber protection. In 2018, a large collection of hacked Russian mail accounts, including user name and passwords, was dumped online. Dmitry Badin’s email — which we figured out from his Skype account, which we in turn obtained from his phone number, which we of course got from his car registration — had been hacked. He had apparently been using the password Badin1990. After this, his email credentials were leaked again as part of a larger hack, where we see that he had changed his password from Badin1990 to the much more secure Badin990.

Yes, the password for at least one of his email accounts... was apparently his own last name and the year he was born. The cobbler's kids go shoeless again.

Given all we know about facial recognition tech, it is literally jaw-dropping that anyone could make this claim… especially without being vetted independently.

A group of Harrisburg University professors and a PhD student have developed an automated computer facial recognition software capable of predicting whether someone is likely to be a criminal.

The software is able to predict if someone is a criminal with 80% accuracy and with no racial bias. The prediction is calculated solely based on a picture of their face.

There's a whole lot of "what even the fuck" in CBS 21's reprint of a press release, but let's start with the claim about "no racial bias." That's a lot to swallow when the underlying research hasn't been released yet. Let's see what the National Institute of Standards and Technology has to say on the subject. This is the result of the NIST's examination of 189 facial recognition AI programs -- all far more established than whatever it is Harrisburg researchers have cooked up.

Asian and African American people were up to 100 times more likely to be misidentified than white men, depending on the particular algorithm and type of search. Native Americans had the highest false-positive rate of all ethnicities, according to the study, which found that systems varied widely in their accuracy.

The faces of African American women were falsely identified more often in the kinds of searches used by police investigators where an image is compared to thousands or millions of others in hopes of identifying a suspect.

Why is this acceptable? The report inadvertently supplies the answer:

Middle-aged white men generally benefited from the highest accuracy rates.

Yep. And guess who's making laws or running police departments or marketing AI to cops or telling people on Twitter not to break the law or etc. etc. etc.

To craft a terrible pun, the researchers' claim of "no racial bias" is absurd on its face. Per se stupid af to use legal terminology.

Moving on from that, there's the 80% accuracy, which is apparently good enough since it will only threaten the life and liberty of 20% of the people it's inflicted on. I guess if it's the FBI's gold standard, it's good enough for everyone.

Maybe this is just bad reporting. Maybe something got copy-pasted wrong from the spammed press release. Let's go to the source… one that somehow still doesn't include a link to any underlying research documents.

What does any of this mean? Are we ready to embrace a bit of pre-crime eugenics? Or is this just the most hamfisted phrasing Harrisburg researchers could come up with?

A group of Harrisburg University professors and a Ph.D. student have developed automated computer facial recognition software capable of predicting whether someone is likely going to be a criminal.

The most charitable interpretation of this statement is that the wrong-20%-of-the-time AI is going to be applied to the super-sketchy "predictive policing" field. Predictive policing -- a theory that says it's ok to treat people like criminals if they live and work in an area where criminals live -- is its own biased mess, relying on garbage data generated by biased policing to turn racist policing into an AI-blessed "work smarter not harder" LEO equivalent.

The question about "likely" is answered in the next paragraph, somewhat assuring readers the AI won't be applied to ultrasound images.

With 80 percent accuracy and with no racial bias, the software can predict if someone is a criminal based solely on a picture of their face. The software is intended to help law enforcement prevent crime.

There's a big difference between "going to be" and "is," and researchers using actual science should know better than to use both phrases to describe their AI efforts. One means scanning someone's face to determine whether they might eventually engage in criminal acts. The other means matching faces to images of known criminals. They are far from interchangeable terms.

If you think the above quotes are, at best, disjointed, brace yourself for this jargon-fest which clarifies nothing and suggests the AI itself wrote the pullquote:

“We already know machine learning techniques can outperform humans on a variety of tasks related to facial recognition and emotion detection,” Sadeghian said. “This research indicates just how powerful these tools are by showing they can extract minute features in an image that are highly predictive of criminality.”

"Minute features in an image that are highly predictive of criminality." And what, pray tell, are those "minute features?" Skin tone? "I AM A CRIMINAL IN THE MAKING" forehead tattoos? Bullshit on top of bullshit? Come on. This is word salad, but a salad pretending to be a law enforcement tool with actual utility. Nothing about this suggests Harrisburg has come up with anything better than the shitty "tools" already being inflicted on us by law enforcement's early adopters.

I wish we could dig deeper into this but we'll all have to wait until this excitable group of clueless researchers decide to publish their findings. According to this site, the research is being sealed inside a "research book," which means it will take a lot of money to actually prove this isn't any better than anything that's been offered before. This could be the next Clearview, but we won't know if it is until the research is published. If we're lucky, it will be before Harrisburg patents this awful product and starts selling it to all and sundry. Don't hold your breath.

The government loves its secrets. It loves them so much it does stupid things to, say, "secure the nation..." or "protect the integrity of deliberative processes" or whatever the fuck. We should not trust the government's reasoning when it chooses to redact information from documents it releases to FOIA requesters. These assertions should always be challenged because the government's track record on redactions is objectively awful.

Here's the latest case-in-point: Emma Best -- someone the government feels is a "vexatious" FOIA filer -- just received a completely stupid set of redactions from the Secret Service. Best requested documents mentioning darknet market Hansa, which was shut down (along with Alpha Bay) following an investigation by US and Dutch law enforcement agencies.

The documents returned to Best contained redactions. This is unsurprising given the nature of the investigation. What's surprising is what the Secret Service decided to redact. As Best pointed out on Twitter, the Secret Service decided public press releases by the DOJ were too sensitive to be released to the general public.

Here's one of the redactions [PDF] the Secret Service applied to a press release that can be found unaltered and unedited at the Justice Department's publicly-accessible website:

And here's what the Secret Service excised, under the bullshit theory that a publicly-released press statement is somehow an "inter-agency or intra-agency memorandums or letter which would not be available by law to a party other than an agency in litigation with the agency."

“This is likely one of the most important criminal investigations of the year – taking down the largest dark net marketplace in history,” said Attorney General Jeff Sessions. “Make no mistake, the forces of law and justice face a new challenge from the criminals and transnational criminal organizations who think they can commit their crimes with impunity using the dark net. The dark net is not a place to hide. The Department will continue to find, arrest, prosecute, convict, and incarcerate criminals, drug traffickers and their enablers wherever they are. We will use every tool we have to stop criminals from exploiting vulnerable people and sending so many Americans to an early grave. I believe that because of this operation, the American people are safer – safer from the threat of identity fraud and malware, and safer from deadly drugs.”

Um. Is Jeff Sessions being Yezhoved by the Secret Service? Does the agency consider him to be enough of a persona non grata after his firing by Trump to be excised from the Secret Services' official recollection of this dark web takedown? This insane conspiracy theory I just made up makes as much sense as anything the Secret Service could offer in explanation for this redaction. The redaction removed nothing but the sort of swaggering statement Attorney Generals always make after a huge bust.

Needless to say, Emma Best is challenging the Secret Service's redactions. Pithily.

I am appealing the integrity of the redactions, as you withheld public press releases under b5, which is grossly inappropriate.

Yeah. That's an understatement. The Secret Service has no business redacting publicly-available info. Even if this was a clerical error, it's so bad it's insulting. And that's why you can't trust the government on things like this: when it's not being malicious, it's being stupid.

A couple of months ago, a records request revealed a private surveillance contractor had access to nearly every piece of surveillance equipment owned and operated by the state of Utah. Banjo was the company with its pens in all of the state's ink. Banjo's algorithm ran on top of Utah's surveillance gear: CCTV systems, 911 services, location data for government vehicles, and thousands of traffic cameras.

All of this was run through Banjo's servers, which are conveniently located in Utah government buildings. Banjo's offering is of the predictive policing variety. The CEO claims its software can "find crime" without any collateral damage to privacy. This claim is based on the "anonymization" of harvested data -- a term that is essentially meaningless once enough data is collected.

This partnership is now on the rocks, thanks to an investigation by Matt Stroud and OneZero. Banjo's CEO, Damien Patton, apparently spent a lot of his formative years hanging around with white supremacists while committing crimes.

In grand jury testimony that ultimately led to the conviction of two of his associates, Patton revealed that, as a 17-year-old, he was involved with the Dixie Knights of the Ku Klux Klan. On the evening of June 9, 1990 — a month before Patton turned 18 — Patton and a Klan leader took a semi-automatic TEC-9 pistol and drove to a synagogue in a Nashville suburb. With Patton at the wheel, the Ku Klux Klan member fired onto the synagogue, destroying a street-facing window and spraying bullets and shattered glass near the building’s administrative offices, which were next to that of the congregation’s rabbi. No one was struck or killed in the shooting. Afterward, Patton hid on the grounds of a white supremacist paramilitary training camp under construction before fleeing the state with the help of a second Klan member.

If you're wondering where the state of Utah's due diligence is in all of this, there's a partial explanation for this lapse: the feds, who brought Patton in, screwed up on their paperwork.

Because Patton’s name was misspelled in the initial affidavit of probable cause filed in Brown’s case — an FBI agent apparently spelled Damien with an “o” rather than an “e” — any search of a federal criminal court database for “Damien Patton” would not have surfaced the affidavit.

Now that his past has been exposed, the state of Utah has announced it won't be working with Banjo.

The Utah attorney general’s office will suspend use of a massive surveillance system after a news report showed that the founder of the company behind the effort was once an active participant in a white supremacist group and was involved in the shooting of a synagogue.

The AG's office can only shut down so much of Banjo's surveillance software. Other government agencies not directly controlled by the state AG are making their own judgment calls. The University of Utah is suspending its contract with Banjo, but the state's Department of Public Safety has only gone so far as to "launch a review" of its partnership with the company. City agencies and a number of police departments who have contracts with Banjo have yet to state whether they will be terminating theirs.

And the AG's reaction isn't a ban. The office appears to believe it might be able to work through this.

“While we believe Mr. Patton’s remorse is sincere and believe people can change, we feel it’s best to suspend use of Banjo technology by the Utah attorney general’s office while we implement a third-party audit and advisory committee to address issues like data privacy and possible bias,” Piatt said. “We recommend other state agencies do the same.”

It's refreshing to hear a prosecutor state that it's possible for former criminals to turn their lives around and become positive additions to their communities, but one gets the feeling this sort of forgiveness is only extended to ex-cons who have something to offer law enforcement agencies. Everyone else is just their rap sheet for forever, no matter how many years it's been since their last arrest.

The other problem here is the DA's office's tacit admission it did not take data privacy or possible bias into account before granting Banjo access to the state's surveillance equipment, allowing it to set up servers in government buildings, and giving it free rein to dust everything with its unaudited AI pixie dust.

These are all steps that should have taken place before any of this was implemented, even if the state had chosen to do business with a company with a less controversial CEO. This immediate reaction is the right step to take, but a little proactivity now and then would be a welcome change.

The EARN IT Act is dangerous. It threatens speech on the internet and tech companies' ability to provide secure communications for their users. There may not be anything about encryption in the dry text of the bill, but the threat is there all the same. No one knows what "best practices" the law will demand from online services, but the bill's focus on child porn strongly suggests any platform that "allows" this information to be transmitted using encrypted communications will be targeted by the government.

Bill Barr and Chris Wray have made it clear encryption is the enemy. Both have advocated for encryption backdoors, even if they're both too cowardly to use that term. No one thinks the government and service providers shouldn't do all they can to prevent the sharing of child porn, but undermining encryption isn't the solution. It may shield some child porn producers and consumers from detection, but the government's efforts in this area show encryption hasn't posed much of a problem to investigators and prosecutors.

Encryption protects people who aren't criminals. As Runa Sundvik explains for TechCrunch, targeting encryption via the EARN IT Act also threatens some of the foremost beneficiaries of the First Amendment: journalists.

[T]echnology experts warn the bill not only fails to meet the challenge, it creates new problems of its own. My job is to enable journalists to do their work securely — to communicate with others, research sensitive stories and publish hard-hitting news. This bill introduces significant harm to journalists’ ability to protect their sources.

Strip communications platforms of their encryption and you make it that much easier to expose journalists' sources and snoop on their communications. This isn't an existential threat. It's an actual threat. The FBI has spied on journalists and several successive presidential administrations have made rooting out leakers a priority.

But it does more than harm journalists. It also harms the people they're trying to reach: readers. Encryption protects readers who visit news sites utilizing HTTPS. That's almost all of them at this point. This ensures their connection is shielded from people trying to snoop on their web activity. More importantly, it ensures the sites they reach are legit and the content originating from the journalists the site says it is.

If EARN IT becomes law, whistleblowers and other sources will see their secure options disappear. Tor, Signal, etc. will be considered nothing more than aiders and abettors of criminal activity. Anything secured by encryption will be treated as a virtual dead drop for criminal content.

Protecting children from exploitation is important. But the tradeoff legislators are demanding isn't actually a tradeoff. The American public will receive no net benefit from this tangential attack on encryption. Very often we're first informed about serious government misconduct by journalists. Destroying this outlet works out well for the government so often exposed as untrustworthy, but it does nothing for the governed.

Lots of people are very confused about the topic of Forgiveness in the Bible. This study looks at what the book of Acts teaches about forgiveness, and in this way, we see a glimpse of what the Bible teaches about forgiveness. This study is an excerpt from from my Gospel Dictionary online course.

I interviewed Lucas Kitchen today about his book Naked Grace. In this book, he tells the story of how he discovered the truth about grace, and why it is so important for you and I to learn these truths as well. If you have questions about eternal life, the message of the gospel, what it means to follow Jesus as a disciple, or how grace helps us defeat sin in our lives, listen to this interview.

I recently travelled to Pittsburgh, USA, to present the paper “From Playing Games to Committing Crimes: A Multi-Technique Approach to Predicting Key Actors on an Online Gaming Forum” at eCrime 2019, co-authored with Ben Collier and Alice Hutchings. The accepted version of the paper can be accessed here. The structure and content of various underground … Continue reading From Playing Games to Committing Crimes: A Multi-Technique Approach to Predicting Key Actors on an Online Gaming Forum →

There have recently been several proposals for pseudonymous contact tracing, including from Apple and Google. To both cryptographers and privacy advocates, this might seem the obvious way to protect public health and privacy at the same time. Meanwhile other cryptographers have been pointing out some of the flaws. There are also real systems being built … Continue reading Contact Tracing in the Real World →

Recent advancements in Machine Learning (ML) have taught us two main lessons: a large proportion of things that humans do can actually be automated, and that a substantial part of this automation can be done with minimal human supervision. One no longer needs to select features for models to use; in many cases people are … Continue reading Three Paper Thursday: Adversarial Machine Learning, Humans and everything in between →

People have tried to develop many different attack vectors on cryptocurrencies, from codebase flaws, cryptographic algorithms, mining processes, consensus protocols and block propagation mechanisms to the underlying network layer. Most attacks could be patched quickly by modifying the source code, but preventing attacks that exploit the network layer remains a non-trivial problem as the network … Continue reading Three Paper Thursday: Attacking the Bitcoin Peer-to-Peer Network →

Just as in other types of victimization, victims of cybercrime can experience serious consequences, emotional or not. First of all, a repeat victim of a cyber-attack might face serious financial or emotional hardship. These victims are also more likely to require medical attention as a consequence of online fraud victimization. This means repeat victims have a … Continue reading Three Paper Thursday: Exploring the Impact of Online Crime Victimization →