Mike Gerwitz

Activist for User Freedom

Latest Posts

Writing As a Means to Another End

To anyone who’s looked at the number of posts I’ve made in the past few years on this blog, it may surprise you to learn that I do a lot of writing. It’s just that the majority if it is never read by anyone other than myself. When I write—as I am now—I certainly intend for others to read it. But that’s not usually what happens.

Writing articles is a means to an end. But the end isn’t always the written word. Writing is a journey, and sometimes it leads far from where one may expect.

Posted on 2020-06-30. Read more »

Social Responsibility Amid COVID-19 Outbreak

Most of my posts here relate somehow to software freedom, user privacy, or some other issue driven by technology. As an activist for user freedom, my goal is usually to figure out ways in which to empower people using technology—to put them on equal footing with those that are in a position to exhert control. To make the vulnerable less vulnerable.

But all of that is a focused fight as part of broader goal for social freedom and equality. If we take a moment to look up from out focus on technology to see the bigger picture, we can see that our activism and advocacy follow a moral framework that necessitates certain responsibility during this outbreak of COVID-19 caused by the novel coronavirus.

Posted on 2020-03-15. Read more »

The Surreptitious Assault on Privacy, Security, and Freedom

Watch LibrePlanet 2017 Talk

Older Posts

GHCQ’s “Exceptional Access”, End-To-End Encryption, Decentralization, and Reproducible Builds

Late last November, Ian Levy and Crispin Robinson of the GHCQ (the British intelligence agency) published a proposal for intercepting end-to-end encrypted communications, entitled “Principles for a More Informed Exceptional Access Debate”. Since then, there have been a series of notable rebuttals to this proposal arguing why this system would fail in practice and why it should be rejected. Completely absent from these responses, however, is any mention of existing practices that would prohibit this attack outright—the combination of free/libre software, reproducible builds, and decentralized or distributed services.

Posted on 2019-02-18. Read more »

Webmasters: Please, Don’t Block Tor

Tor is a privacy and anonymity tool that helps users to defend themselves against traffic analysis online. Some people, like me, use it as an important tool to help defend against various online threats to privacy. Others use it to avoid censorship, perhaps by the country in which they live. Others use it because their lives depend on it—they may live under an oppressive regime that forbids access to certain information or means of communication.

Unfortunately, some people also hide behind Tor to do bad things, like attack websites or commit fraud. Because of this, many website owners and network administrators see Tor as a security threat, and choose to block Tor users from accessing their website.

Posted on 2018-10-05. Read more »

When Talking About Mobile Tracking, Don’t Veil Bad Actors With Blanket Statements

It’s difficult to have useful conversations about mobile tracking when someone says “your phone / mobile device tracks you”; such statements don’t often lead to constructive conversation because they are too vague and therefore easily dismissed as sensationalism or paranoia. And they are all too often without substance because, while users do have legitimate concerns, they aren’t necessarily aware of the specific problems contributing to those concerns.

Posted on 2018-04-15. Read more »

Meltdown/Spectre and the Web

The recently-released Meltdown and Spectre CPU timing attacks affect virtually every user in some way; the consequences are profound. There are plenty of good write-ups on the topic, so I don’t feel the need to re-iterate the technical details here. (See an easily digestible one from the Raspberry Pi project, and an in-depth analysis from Project Zero.)

What I do want to draw attention to is that these attacks are exploitable via web browsers.

Posted on 2018-01-08. Read more »

View all posts