Unlocking the Bootloader: A Critical Step for Effective DMA Enforcement

Smartphones have become an indispensable part of our lives. Apple, a company known for its tight integration of hardware and software, has created a monopoly on the software that runs on its devices. This limits consumer choice and control, and Apple claims the DMA (Digital Markets Act) puts users at risk. They are further entrenching their control by limiting consumer choice. A fair and long summary of this issue can be found in The Home Screen Advantage.

…

We live in a rapidly evolving world. Technology and science intersect with every aspect of our lives, leading to extremely personalized AI assistants to become interwoven in most of what we do (as the internet has). Shifting balances between returns to violence, the ability to tax individuals, and the rise of decentralized cryptocurrencies are about to change the geopolitical scene.

Bitcoin, the first thermodynamic currency, is both a battery for energy as well as the best intersubjective clock we currently have. Energy and time, though, are not the sole commodities our society requires to prosper. Knowledge is important as well. Science serves as a unifying element, revealing a ‘winner takes all’ dynamic prevalent in macro theories. Maxwell’s equations, for instance, are validated in every microscopic interaction with our electronic devices, underscoring the universality of scientific principles. However, the application of science to highly specific cases, is much more complicated. One example of this is Larry Page’s throat condition (an extremely rare disease with not enough cases to be studied efficiently) or the COVID-19 vaccines, whose efficiency varies greatly from individual to individual, illustrating the challenges of dealing with limited data points and the need for reproducibility on a local scale. The future of medicine is personalized, based on individual genetic profiles and locally-harvested databases for privacy-respecting research.

…

In the age of hyper-personalized software, code becomes ubiquitous and everyone gets to create interfaces tailored to their preferences. This personalization extends beyond interfaces, encompassing AI-assisted automation for tasks such as organizing files, handling incoming messages, scheduling meetings, processing information, consuming news, and coordinating gatherings.

As the future unfolds, software will become responsible for much of this automation, eliminating the need for humans to manually sort files into folders or transfer data between spreadsheets. Users will still need to maintain their systems, communicating with them to ensure they remain up-to-date and aligned with user preferences.

…

1. The privacy of end users and the amount of data their phones leak to unknown numbers of third parties is at its highest point. Accepting or rejecting cookies really doesn’t matter: the headers browsers send on every request to any website, and the AS from which you are communicating are likely to be enough to uniquely identify who you are. With Javascript available, there is no chance: the mere combination of width and height your screen display has, your language preferences, and which fonts are installed on your phone are more than likely to provide the 33 bits of entropy required to uniquely identify you as a human being. We are very new to this concept, it’s really unprecedented that we are able to collect and analyze so much data about our global village. For example, just a few seconds of using a VR headset are enough to uniquely identify you, but smarter techniques can be much more efficient at knowing who you are.

   …

Hidden in plain sight, the importance of full text search is extremely relevant to our day-to-day lives in the information age. We rely on search engines, both web and in-app, to navigate through haystacks of information, and we don’t necessarily have first-hand access to that data.

The Search Prompt

The web search engine that we use everyday is super critical and relevant for our information consumption. Giants like Google and Amazon understand this really well. The search box is one of the most important elements of any user interface, and in some cases, it’s a product out of itself. Operating systems also generally provide an interface to search through your local files, but this is generally not really well crafted nor optimized – it’s generally slow or incorrectly indexed.

…

“Make social networks more humane”

I’m motivated by this goal of making social networks more humane. I usually try to explain it from three angles:

• Rebalance power to the humans, not towards platforms

Platforms should never have the power to de-platform users, and users should be able to modify and personalize the software they use to access the platform. This will only be achievable through malleable systems, a modern reincarnation of the Free Software movement: software should be easy to use, easy to change, and easy to share with others.

…

What information do we need on our phones to enable the communication systems and social exchange of data and resources viable?

• Most of the world runs on SAP and Excel.
• SMS and Whatsapp are also critical in business
• Emails!
• Catalogs of information
• Video calls and in-real meetings
• Calendars and rolodexes embedded on our phones
• Trellos and boards for multimedia management
• Papers, science publications

What kinds of mechanisms have been lost from the early days of BBS?

…

It’s been well known for a while that fingerprinting is an extremely useful mechanism for personally identifying users using javascript techniques. The most recent variations of “cookies” from Google have been “privacy sandbox” and “Federated learning of cohorts”. But little has been discussed about the use of server-side fingerprinting.

I browse the web without javascript. I use uBlock Origin’s advanced feature to turn off not just ads, but also images or media larger that 50kb, and fonts. Font usage has been known to easily identify unique users, but also it leaks network information such as your IP by linking to an external site.

…

In computer trust, there are a few “roots of all evils” or “seed of the poisonous tree”. For some, that’s Djikstra’s “early optimization”, but for most (defensive) security researchers it’s that annoying reminder in your head that, unless you’re the daughter or son of Magnetto and an AI, you won’t know what code is the CPU running. Because your TODO list to be certain of the code that’s running is exhausting:

…

There is a lot of cruft and unnecessary abstraction in the code and programs that we use every day.

Most of the data that is shown to a user is irrelevant; a fraction of the information stored in RAM is actually “readable as usable” for the person in front of the screen. That’s probably OK; to take an example from real life, we don’t need to understand how DNA works in order to grow or live our daily lives. But when it comes to computers, we are responsible for representing and managing data efficiently.

…