A library of snippets
xxx
“Banks face a raft of new regulation over the next 2-3 years with identification and verification at their heart. This includes the second Payment Services Directive (PSD2), the fourth EU Anti-Money Laundering Directive, the General Data Protection Regulation (GDPR) and provisions around open banking.”
via DIGITAL IDENTITY: AN OPPORTUNITY FOR FINANCIAL SERVICES? – Payments Cards & Mobile
xxx
xxx
Why tout a private, distributed-ledger currency as an agent of liberation when it amounts to a complicated, software-backed, company-town store?
From Cryptocurrency Might be a Path to Authoritarianism – The Atlantic
xxx
A decade ago I remember writing that one of the problems with QR codes is that there is no security. Some years later I wrote an article pointing out that NFC ought to be safer than QR codes because NFC included a standard for digitally-signing tags (although I did also note that no-one used it) whereas anyone could easily create bogus QR codes.
Well, I might not go so far as to call [QR codes] evil, but they certainly have the potential to enable person or persons unknown to act with evil intent.
I suggested, in connection with a couple of projects we were working on at the time, that the mobile operators do something about this by creating a digital signature standard for QR codes so that phones could be set by default to ignore unsigned codes. None of this happened, as I’m sure you are aware and QR codes became popular precisely because any app could read any code anywhere.
The security problem never went away though. I notice in the South China Morning Post that in March 2017 some 90m Yuan was stolen via QR code scams in Guangdong alone (a suspect in the case replaced merchants’ legitimate bar codes with fake ones that embedded a virus to steal personal information) and that in China as a whole, a quarter of viruses and trojans come in via QR. Despite the incredible success of QR there, we need to do better.
Even the man who invented QR codes says that they are an interim technology.
From Never mind the last mile, what about the last millimetre? | Consult Hyperion
Now, also back in the day, I had originally assumed that Apple would add NFC to the iPhone. I was wrong about this for years, so eventually I assumed that they were going to bypass the technology and go to Bluetooth. Yet what I said at the time still holds: NFC is undeniably convenient.
NFC is a convenience technology, and Apple loves convenience
I was drawing on Consult Hyperion’s early experiences with NFC (remember the Nokia 6131?) of tag reading and writing. I also noted surveys that showed that NFC generated better results for merchants, but only once consumers could get it working. As my good friend Osama Bedier, then head of Google Wallet, pointed out, this is was some barrier because of the amount of “futz” it took to get NFC working.
But there was another reason that I was so interested in NFC as QR alternative back in this days. Let’s go back to that standard for adding digital signatures to NDEFs (the “NFC Signature RTD Technical Specification”) to build a safe tag infrastructure. After hawking this around a few different projects, to general disinterest, I figured that the telcos weren’t interested in using it to deliver secure infrastructure, so I said…
“Someone else will build this business (Apple? They seem to be getting all sorts of NFC-related patents at the moment) and then the operators will once again complain about being pipes. Is Tom Noyes right to say that “…Apple and Google will be further ahead in coordinating value in new networks”
Well, well. Tom was right as usual, even if it took a few years for the hand to play out. At WWDC, Apple announced that IOS11 will indeed include the ability to read NDEF data from tags.
“Using Core NFC, you can read Near Field Communication (NFC) tags of types 1 through 5 that contain data in the NFC Data Exchange Format (NDEF).”
via Apple adds support for NFC tags to iPhone 7 and Apple Watch • NFC World
So now both IOS and Android can read standard tags and action them. I want to make a couple of quick points about this before I head off down to our Hyperlab and see what our developers make of the new toolkit…
First of all, this technology will inevitable be used for triggering in-app payments that work in a very convenient way for consumers. Instead of having to open your Tesco Payqwiq app and then scan a code from the POS, the POS will write a dynamic tag on the fly: then you just tap the phone on the POS and the operating system will automatically open the Payqwiq app and route the data to it.
Secondly, since tags are inexpensive, they will be used for a wide variety of different applications. Tickets for pop concerts, information about products, name badges, all sorts of things that can be read by a phone rather than by a specialist reader, Therefore I expect new standards for NDEF content to spring up. One of our favourite apps, back in the day, was the phone number tag that men could put in their back pocket at a nightclub: admirers could wave their phone in an appropriate area to get the number and send a text message.
Lastly, note that NFC tags can be read through packaging. Unlike QR codes that need to be printed on the outside of a box, tags can be inside. Where would this matter? Well, take a current UK example. Cigarettes now have to be in plain packaging. Tobacco companies don’t like this – for obvious brand reasons – but they do have a point: plain packaging makes like easier for counterfeiters. So suppose packs had a cheap tag inside: then your phone could tell you whether you’ve got real Marlboro or a knock off. You download the Marlboro app, then from then on when you tap a pack if the app doesn’t pop up with a big green tick you know you’ve been done.
Note, however, that IOS11 also includes ARKit to add augmented reality. So, when you look at your pack of plain cigarettes through your app (after you’ve tapped, so the phone reads the tag and knows that they are real Marlboro) you don’t see plain packaging any more you see… well whatever.
All in all, Apple’s announcement – whether the culmination of a clever plan or a response to Android market share – is a big deal. I found a whole bunch of blank NFC tags in my desk drawer so I’m off to start programming them now.
xxx
“On April 19, Guangzhou police unveiled an identity authentication app that enables citizens to prove their identities via their mobile phones. To date, the city has authorized 20 offices to help citizens register for the service. Once they register, they can use facial recognition technology, available via the app, to prove their identities whenever and wherever necessary.”
Guangdong police release nation’s first ID authentication app
xxx
xxx
“Apple Pay Cash will be slow to take off for next 5 yrs (under $20M TPV 2018). The REAL Apple Pay future will be in app, and in browser.”
xxx
xxx
“Clarence Barron, owner of the Wall Street Journal and founder of the financial magazine that bears his name, realized Ponzi must have been a huckster and went on the offensive. While Barron conceded that there probably was a way for a person to make a small amount of quick cash on the postal reply coupon scheme, he figured that Ponzi would have to be moving 160 million coupons around to raise the cash he needed to support the business. Since there were only 27,000 postal reply coupons circulating in the world, Ponzi’s story didn’t check out.”
xxx
Given British Prime Minister Theresa May’s remarks about the “internet giants” allowing safe harbour for terrorists and the British Home Secretary Amber Rudd’s remarks about needing the ability to access terrorist communications, there is a debate raging between technologists who understand encryption and politicians who don’t. So I thought I’d try to help both of them to communicate more effectively by updating something I wrote back in 2008 to explain the issue.
I used the “Cod Wars” between Britain and Iceland as a backdrop. It is diverting to remember those Cod Wars and the key contribution of the Icelandic people to the story of cryptography. I was reminded of that story when I read a splendid book by Mark Kurlansky called “Cod: Biography of the fish that changed the world“. Within its pages it a lovely story of the neverending struggle between security and new technology.
The Anglo-Danish Convention of 1901 gave the British permission to fish up to three miles from the coast of Iceland, a state of affairs that the volcanic colony was most unhappy about. By the late 1920s, the Icelandic Coast Guard had started to arrest British (and German) trawlers found within what it saw as its territorial waters. However, the British trawlers got smart and got harder to catch because from 1928, they were equipped with radio and started passing coded messages between themselves to alert each other when Coast Guard vessels were in and out of harbour. “Grandmother is well” meant that the Coast Guard were in port, for example.
In an early example of governments attempting to legislate new communications technology, the plucky Icelanders made it illegal send coded wireless messages. This had no impact whatsoever, of course: British seafood companies simply devised new code systems for the trawlers to use. Think about it: how on Earth would an Icelandic wireless operator know whether “Tottenham Hotspur are the pride of North London” was a coded message or gibberish?
Then came World War II. Iceland got independence from Denmark in 1944, by which time the British trawlers had been requisitioned for the war effort, so Iceland found itself with the only fishing fleet in Northern Europe and Britain’s “sole” supplier (tee hee).
Things were quiet for a while, until the First Cod War in 1958 when the might of the Royal Navy was deployed against the Icelanders. Then, in 1972, the Second Cod War started. Iceland extended its territorial waters to 50 miles and the British once again sent the fleet. But in the intervening period, the Icelanders had developed and deployed a secret weapon (literally: it was a closely-guarded secret until first use). The Icelandic Navy could never outgun the British Navy (and in any case didn’t want to actually shoot at us) so they assembled a fiendish alternative: a net cutter. When they found a British trawler, they would sail behind dragging a net cutter and the trawler’s net (worth a lot of money) would head for Davy Jones locker while the fish made for the underwater hills.
(Things did turn nasty — with ships getting rammed and live shells being fired, the Icelandic government refused to allow injured British seamen treatment — until eventually NATO made Britain back down.)
The moral of the story is that, as they used to say over at the EFF, when cryptography is outlawed, only outlaws use cryptography. The Icelandic ships couldn’t use coded wireless transmissions, but the bad guys (in this instance, us) ignored the law and were able to operate successfully beyond it. What defeated us was intelligence and economics, not the ban on coded wireless transmissions.
Making our messages open to access by the government, however well-meaning the protagonists, makes our messages open to terrorists as well. When the secret key code or backdoor code or whatever is eventally leaked on the Internet then we’re all screwed. It’s a difficult issue, I’ll admit, but on balance it’s better that the terrorists can’t read police e-mails even if that mean the police can’t read the terrorists e-mails. Of course, if I start sending a lot of WhatsApp messages to a cave in the Bora Bora mountains, then I would have thought that that might engender additional scrutiny from the security services whether they can read the messages or not.
xxx
“Say you’re driving down the road and see a car crash. Of course you look. Everyone looks. The internet interprets behavior like this to mean everyone is asking for car crashes, so it tries to supply them.”
‘The Internet Is Broken’: @ev Is Trying to Salvage It – The New York Times
xxx
xxx
“While the blockchain originally sought a foothold in financial services, and digital currencies attracted early attention from investors, now interest in using the technology in the public sector is growing.”
Land grab: Governments may be big backers of the blockchain | The Economist
xxx
xxx
“In all, applicants that the government deems suspicious would be required to disclose (PDF) their previous passport numbers, five years of social media handles, telephone numbers, and e-mail addresses.”
Trump administration rolls out social media vetting of visa applicants | Ars Technica
How will the US government know that the Lord Tantamount Horseposture who kept posting abuse about the Chancellor of the Exchequer in The Daily Telegraph is actually me? Conversely, how will they know I was joking when I told Watson that I wanted overthrow the US government and replace it with a workers and peasants’ collective? Surely any sane terrorist will maintain a social media account with pictures that will go down well at US immigration?
If they ask to disclose social media handles,
Snippings