• Shortcuts : 'n' next unread feed - 'p' previous unread feed • Styles : 1 2

» Publishers, Monetize your RSS feeds with FeedShow:  More infos  (Show/Hide Ads)


Date: Monday, 15 Apr 2013 05:03

There is a lot of buzz about the new ITS Broadcast Android app, which upon debut has received hundreds of 5-star reviews. I don’t have an Android phone so I won’t comment on the app features or lack thereof, but from my understanding this is a tool that ITS wants to use to broadcast messages to its’ users.

ITS Broadcast is a messaging tool for ITS dept (E-Jamaat).
After installation you will have to provide ITS (E-Jamaat) ID and password to register.
This app can be configured only for Single ITS (E-Jamaat) ID.
Once registered future communication will be made by using this App.

Given that ITS already has a unique identifier for all users and a listed contact email, reviewing the app permissions with the above stated purpose in mind seems to raise some concerns. Importantly, the application asks for permission to Find Accounts on the Device:

Allows the app to get the list of accounts known by the tablet. This may include any accounts created by applications you have installed. Allows the app to get the list of accounts known by the phone. This may include any accounts created by applications you have installed.

Why does the ITS application need to know what other accounts its’ users have on their phones? Is it necessary for ITS to be able to know what Google, Facebook, Twitter, Tumblr, Instagram, Flickr, and other accounts are active on your phone? How will ITS use this data?

Those are some questions to ponder before you go ahead and click the Install button…

Author: "aebrahim" Tags: "Other, Personal"
Comments Send by mail Print  Save  Delicious 
Date: Wednesday, 10 Oct 2012 10:04

The Apple Maps fiasco on iOS 6 needs no introduction, but it’s of interest to note that the data sources that Apple pulls map data from differ not only based on the location being viewed, but also based on where the user is viewing the data from (I don’t know how widely known this is). For example, when I’m in Hong Kong, I get data from an unknown source, but when I’m in China, I get data for the entire world provided by AutoNavi.

Ironically, the maps I get for Hong Kong are better when viewed from China than when viewed from Hong Kong itself!

Here are a few comparison shots (left side view from China/right side view from Hong Kong):

Apple Maps China vs Hong Kong Comparison Image 1/5 Apple Maps China vs Hong Kong Comparison Image 2/5 Apple Maps China vs Hong Kong Comparison Image 3/5 Apple Maps China vs Hong Kong Comparison Image 4/5 Apple Maps China vs Hong Kong Comparison Image 5/5
Author: "aebrahim" Tags: "Apple, Google, iPhone, autonavi, maps"
Comments Send by mail Print  Save  Delicious 
Date: Friday, 30 Sep 2011 04:41

Hong Kong’s High Court has ruled that foreign domestic helpers can become Permanent Residents of Hong Kong, after staying here for 7 years. This, no doubt will be appealed to the Court of Final Appeal, and possibly even the National People’s Congress, thereby causing yet another constitutional crisis. However, I honestly can’t think of a better way for domestic helpers to shoot themselves in the foot.

The current pay for a domestic helper is HK$3740 per month, and the pay for someone earning the a minimum wage in Hong Kong would be much higher. Foreign domestic helpers are not entitled to a minimum wage. So lets say that one applies to become a permanent resident – they are immediately no longer employable as a foreign domestic helper and need to be paid minimum wage.

As an employer, would one pay them the significantly higher minimum wage, or would they just make such a person redundant and hire a fresh immigrant at the fixed foreign domestic helper contract rates? It’s a no brainer really, especially with the economy in free fall.

I think that domestic helpers will quickly understand that the economics of becoming permanent residents of Hong Kong simply don’t make sense, and excepting the handful who are qualified for other jobs, they would soon find themselves out of work with poor prospects.

Update: It has been pointed out to me (thanks, Taha) that live-in domestic workers are not covered by the minimum wage ordinance. This changes the situation quite significantly, in that there is no economic barrier to taking up PR.

However, I still think that the fearmongering that is being propagated here in Hong Kong is probably unwarranted. According to the current immigration system, there is no right for PRs to bring their family members to live in Hong Kong. I have been through the process three times, and I know from my own experience (and that of others) that in order to bring one’s dependents (including spouse), one needs to show sufficient income to support them, as well as having adequate housing in which the dependents can reside.

The vast majority of domestic helpers would be unable to satisfy those criteria.

Finally, for the avoidance of doubt, I will just mention that no foreign domestic helper will become a PR automatically. This is a status that must be obtained by making an application to do so, having satisfied the relevent criteria.

Author: "aebrahim" Tags: "Politics, hong kong"
Comments Send by mail Print  Save  Delicious 
Date: Friday, 16 Sep 2011 05:06

In today’s South China Morning Post, my letter appeared, the text of which is reproduced below:

Explain aim of national education

With the heated debate regarding the government’s proposed national education curriculum, too many people are jumping to knee-jerk conclusions without really understanding what shape a national education programme might take.

Indeed, the government prematurely asks the public for feedback without explaining to the public what, in fact, national education means.

China, as one of the world’s oldest civilisations, has much to offer us from studying its history. A truly comprehensive national education curriculum would not only celebrate this history but also critically analyse it, offering students the opportunity to arrive at their own conclusions and affording them a forum to share these conclusions in a discussion-based setting.

If fostering patriotism is one of the goals of this curriculum, this should be applauded. However, let us be clear that true patriotism creates a desire for continuous review and improvement of governance.

The government must make clear its intentions.

Are we seeking to enrich the next generation and provide them with the necessary tools to become the leaders of tomorrow or is the administration acting on instructions to cultivate conformity in thinking?

The latter will inevitably lead to political regression and intellectual stagnation.

Ali Ebrahim, Mid-Levels

Author: "aebrahim" Tags: "Politics, education"
Comments Send by mail Print  Save  Delicious 
Date: Friday, 27 Aug 2010 02:48

In today’s South China Morning Post, a letter of mine appeared in the Letters section (page A12), the text of which is reproduced below (with some links added, for easy reference):

Crack down on telemarketers

Today, with so many different channels of communication, we are deluged with unwanted marketing. I wholeheartedly welcome the news that Hongkong Post is launching an opt-out sticker scheme for certain unaddressed circulars (“One way to stop some of that junk mail”, August 25).

However, the real menace is not mail, but telemarketing calls. Telemarketing is the most inconvenient type of marketing because it requires active participation by the receiver, at a time that is convenient to the caller. Why should the public be expected to adjust to the schedules of telemarketers who are selling a product that they most likely do not want or need – and one which they certainly did not solicit?

A few years ago the telecoms watchdog OFTA launched the “Do-not-call” register for pre-recorded messages. It is now high time that it extended this register to include non-recorded – that is, live – calls.

This is hardly a novel idea: do-not-call registers in other countries typically make no distinction between pre-recorded and live telemarketing calls.

This would cause a hue and cry from telemarketers, who would claim they provide a useful service that brings benefits to consumers. Yet that is nonsense; the only beneficiaries are the telemarketers themselves and the companies they represent.

The theft of property is an offence punishable by a prison sentence. I wonder if telemarketers could provide a convincing argument why we should tolerate the theft of our time.

Ali Ebrahim, Mid-Levels

For those who are interested, I’ve uploaded a scan of the relevant page.

Author: "aebrahim" Tags: "Personal, Politics, annoyances, scmp, sp..."
Comments Send by mail Print  Save  Delicious 
Date: Thursday, 26 Aug 2010 03:09

The email on ebrahim.org is currently hosted on pair Networks, a great webhost, but one whose email solutions are lacking in flexibility. I want to move to a solution where I can sync Email/Contacts/Calendar over multiple devices, for a domain with 7 mailboxes.

I’m considering two options:

Rackspace
Pros: Has all the features I’d ever need, excellent support, even for small customers.
Cons: Relatively small quota, and completely out of budget (at least US$13/user/month), email migration into Rackspace is difficult for large datasets.

As Rackspace is out of budget, I didn’t really spend much time looking into it in too much detail.

Google Apps Premier
Pros: Within budget (US$50/user/year), wide ranging feature set.
Cons: Technical support lacking (mainly DIY), doesn’t care about small customers, only compatible with old software, and import into Google Apps is a nightmare scenario due to lack of compatibility of migration tools.

However, there are significant issues which block my migration to Google Apps at the moment, most of which are shocking, given Google’s desire to capture the enterprise messaging/collaboration market.

Let’s make a list of missing features:

  • Google Apps Sync does not support Outlook 2010
  • Google Apps Migration for Microsoft Outlook does not support Outlook 2010
  • Google Apps Migration for Microsoft Outlook does not support Windows 7
  • There is no supported way to import a mbox format mailbox into Google Apps (there is a workaround where you can use third-party software to import the mbox into Outlook, and then use the Google Apps Migration for Microsoft Outlook, but then the Google migration tool doesn’t support Windows 7 or Outlook 2010, so you’re back to square one)

Sales of Windows 7 began in October 2009, and Office 2010 was made available to volume licensing customers in April 2010. When everybody else already supports Windows 7/Outlook 2010, Google lags far behind and lose all credibility when they claim they are the best solution for enterprise customers.

Enterprise customers rely on predictability, but yet, when asked for a timeline for when the above configurations will be supported, Google replied “we do not have a release date as yet”.

I’m ready to spend money with Google, if only they’d deliver support for modern software. A year in the software world is an eternity, and for Google to not support Windows 7 is akin to a wannabe top-tier airport telling pilots to land using VFR because they’ve not installed an ILS yet.

Author: "aebrahim" Tags: "Google, Web Hosting, email, google apps"
Comments Send by mail Print  Save  Delicious 
Date: Monday, 05 Jul 2010 08:41

After five long years using my trusted (and now extremely out of date) laptop, I’ve finally moved along to something better.

Old Laptop

Dell Latitude D610, Intel Pentium-M 750 (1.86GHz), 2GB RAM, 60GB HDD (using Truecrypt software FDE), 14.1″ 1400×1050 LCD, Windows XP Professional 32-bit SP3.

New Laptop

Dell Latitude E6510, Intel Core i7-820QM (1.73GHz, with Turbo Boost to 3.06GHz), 8GB RAM, 250GB HDD (using Seagate hardware-based FDE), 15.6″ 1920×1080 LCD, built in 3G HSPA modem for use when travelling, backlit keyboard, Windows 7 Ultimate 64-bit.

Mini Review of Dell Latitude Series

I’m not one to replace my laptop hardware often, but it was time, as I had less than a month of my 5 year warranty remaining and I was out of hard disk space. Plus, the old laptop was breaking down a bit too often for my liking. Motherboard replaced 4 times, LCD replaced 3 times, keyboard replaced 2 times, and HDD replaced once. To Dell’s credit, they never made any fuss and always promptly sent out replacement parts without making me run irrelevant diagnostic tests, but it was all getting a bit too much. I think the main reason I had so many problems was the poor placement of the exhaust vent on the Latitude D-Series chassis, which was on the back and always blocked by the port replicator, causing constant overheating. I was happy to see that on the E-Series chassis, the exhaust vent has been moved to the side instead.

I have yet to try out all of the new features of my new laptop, but I will say that it’s Fast (with a capital F). Especially compared to what I was using before. The screen is amazing and the backlit keyboard is icing on the cake, because these days I use the computer with the lights off a lot, due to having small kids around. Not that I need to look at the keyboard whilst typing, but it’s still cool to have nonetheless.

A Dilemma

However, I now have an old laptop in working condition which is sitting idle, and I don’t know what to do with it. First, I considered repurposing it as a training computer for my 3 year old daughter and installing a netbook OS as those should in theory be pretty basic and easy to use.

First I tried Jolicloud (PreFinal release), a netbook OS that seems to be getting generally good reviews in the blogosphere. I tried the LiveCD and was disappointed to find that the Intel wifi card in my laptop did not work (nor was I able to find any information online about making it work). So I just gave it a look-through offline, enough to get a feel about what it offers.

Then I tried Ubuntu Netbook Edition (version 10.04), where the wifi did work on the LiveCD. Overall a pretty similar experience to Jolicloud, which was not a huge surprise given they share the same foundations. Jolicloud seemed to offer a better out of the box experience (rather it would have, had wifi been working), but Ubuntu’s UI polish was much better.

However, finally, both options seemed somewhat underwhelming and I kept on thinking to myself, “What if I just put XP back on this thing?” After all, XP is now almost a decade old, very stable due to years of bugfixes and patching, and pretty snappy too. Jolicloud and Ubuntu, as netbook-optimised OS’, stand out when dealing with real netbooks which have very limited vertical real estate. However, with 1050 pixels on the Y-axis, the appeal of screen real estate saving features was pretty minimal.

After all this, I also gave up on the idea about using my old laptop as a training machine for my daughter. Makes more sense just to use the home desktop with Windows 7 and a regular keyboard and mouse rather than using Windows XP with a relatively confusing trackpad.

I think most likely, I probably will install Windows XP on the old laptop. The alternatives are underwhelming. Though, I still have no idea what I’ll do with it.

Author: "aebrahim" Tags: "Microsoft, Technology, dell, jolicloud, ..."
Comments Send by mail Print  Save  Delicious 
Date: Wednesday, 12 May 2010 10:29

Glossary for non-Indian readers: PAN – Permanent Account Number

The geniuses at the Income Tax Department in India have set up a website called:

Know Your PAN

In reality, it should be called Know Anybody’s PAN because that’s what you’re able to do, as long as you know their last name and birthdate, neither of which anybody would consider a secret these days. You don’t even need to know the first or middle name, the website will give it to you.

I can’t fathom why anybody would think that this website is a good idea because it effectively facilitates identity fraud. Besides forgetting one’s own PAN, I cannot think of a single legitimate reason why anybody would need to use this website. And let’s be clear; allowing people to check their own PAN is not a good enough justification to make this information public.

There are plenty of illegitimate reasons why this website would be used. First and foremost would be identity fraud. Knowing someone’s PAN is crucial if you want to engage in fraudulent transactions on their behalf.

While the internet can be a useful tool, sometimes people need to think about why a tool is really necessary and think about the implications before putting it online.

However, I suppose in India, a country where privacy laws don’t exist, and the concept of personal privacy is alien, it should not come as a big surprise that the government itself is facilitating identity fraud.

Just to try out the system, you could look up one of many common Indian personalities’ names and dates of birth on Wikipedia and the website will give you their PAN.

Belorussian Translation provided by PC

Author: "aebrahim" Tags: "Technology, identity fraud, india, pan, ..."
Comments Send by mail Print  Save  Delicious 
Date: Thursday, 28 Jan 2010 04:00

A couple days ago I had mentioned that Lord Avebury had asked the UK Government about their usage of IE. The UK Government has now answered and I am reproducing the full text of the question and answer below:

Asked by Lord Avebury

To ask Her Majesty’s Government what discussions they have had with the governments of France and Germany about security risks of using Internet Explorer; and whether they will encourage public sector users to use another web browser. [HL1420]

The Parliamentary Under-Secretary of State, Home Office (Lord West of Spithead): UK government officials and subject matter experts are in regular contact with their counterparts in France, Germany and other countries on both a bilateral and multilateral basis to exchange technical information and opinions on many aspects of cyber security, including software vulnerabilities. For example, the UK’s Government Computer Emergency Response Team (GovCertUK) and Combined Security Incident Response Team (CSIRTUK) are members of the group of European Government CERTS (EGG), as are their French and German equivalents.

Complex software will always have vulnerabilities and motivated adversaries will always work to discover and take advantage of them. We take internet security very seriously and we have worked with Microsoft and other suppliers over many years to understand the security of the products used by HMG, including Internet Explorer. There is no evidence that moving from the latest fully patched versions of Internet Explorer to other browsers will make users more secure. Regular software patching and updating will help defend against the latest threats.

Microsoft issued a patch to fix the recent Internet Explorer vulnerability on 21 January. Prior to this, government departments had been issued with a GovCertUK alert on how to deal with this particular incident and to mitigate vulnerabilities in relation to particular versions of IE.

A government user, operating on government systems, such as the Government Secure Intranet (GSi), will benefit from additional security measures, unlikely to be available to the average home computer user. These include tools which actively monitor for evidence of any malicious attacks.

Source: Lords Hansard text for 26 Jan 2010

While the UK government contends that “there is no evidence that moving from the latest fully patched versions of Internet Explorer to other browsers will make users more secure”, there are many others who would disagree.

Also, although IE8 has significantly improved security models as compared to IE6 and IE7, there is still evidence that IE6 is being heavily used by UK government departments, including the armed forces. I think most people would agree that a “fully patched” IE6 is still relatively more vulnerable to attacks.

Author: "aebrahim" Tags: "Microsoft, Mozilla, internet explorer"
Comments Send by mail Print  Save  Delicious 
Date: Tuesday, 26 Jan 2010 09:32

Lord Avebury (blog, bio) has tabled a written question in the United Kingdom House of Lords yesterday, which reads as under:

Lord Avebury to ask Her Majesty’s Government whether, in the light of the recent announcement by Microsoft that Internet Explorer was used to carry out the cyber attacks which prompted Google to say it will withdraw from China, they will review the use of Internet Explorer throughout the public sector. HL1505

Source: House of Lords Business (26 January 2010) and Eric Avebury: Internet vulernability

Lord Avebury mentions that the Parliamentary IT authorities are actively discouraging the use of alternative browsers such as Chrome so it is great to see that he is holding the government accountable for their policies.

According to UK parliamentary procedure, the government is obliged to provide a written response to his question on or before 8 February 2010. I think it will be interesting to see what they have to say.

Lord Avebury is an active campaigner for the rights of ethnic minorities in the UK and also those who are British nationals living abroad. He is also a member of the EU Select Committee which considers EU policy on protecting Europe from large-scale cyber attacks.

Author: "aebrahim" Tags: "Microsoft, Mozilla, internet explorer"
Comments Send by mail Print  Save  Delicious 
Date: Tuesday, 28 Jul 2009 07:37

Today I tried to complete an online purchase using my HSBC Visa Card (issued in Hong Kong), and when the merchant redirected me to HSBC for the Verified by Visa page, instead of the password prompt I used to receive, I saw the following:

Thinking that this must be an error (since it used to work fine before), I called up HSBC’s customer service hotline to find out what was going on.

I was shocked to hear that HSBC now officially only supports IE, and no other browsers are supported for Verified by Visa. I asked them what I’m supposed to do if I have a Mac and don’t have IE, and they responded that I’m supposed to use IE or nothing at all.

I asked why Firefox is unsupported since it used to work fine before and they gave a vague response that Firefox cannot exchange data with Visa properly (which does not make sense at all). They also said that their entire online platform is “built for Internet Explorer”.

The message from HSBC Hong Kong is clear: if you’re not using IE, don’t bother making online purchases with our Visa card.

My message to HSBC is this: if you’re not going to support Firefox, don’t count on me using your Visa card to make any purchases (online or offline).

In case anyone wants to comment on this, this is where the complaints need to go:

HSBC
Attn: Credit Card Services
8 Floor, Block 2 & 3
HSBC Centre
1 Sham Mong Road
Kowloon
Hong Kong

Author: "aebrahim" Tags: "Mozilla, firefox, hsbc, vbv, visa"
Comments Send by mail Print  Save  Delicious 
Date: Thursday, 09 Apr 2009 03:14

No doubt many of my readers will be aware of the horrendous debacle at India TV which resulted in them broadcasting a report with a fake photo of Syedna Mohammed Burhanuddin (TUS) “performing” the nikah of the Taleban terrorist, Baitullah Mehsud in Afghanistan.

Of course, Syedna Mohammed Burhanuddin (TUS) never performed this nikah and during the time of the said nikah, Syedna Mohammed Burhanuddin (TUS) was in Mumbai, not Afghanistan.

The TV channel has published an apology and also aired an apology for the indicident which can be seen here:

Source: Youtube

The source image and the doctored image can also be seen below:

India TV Source Image

India TV Source Image

India TV Fake Image

India TV Fake Image

Without making any attempt to justify what is obviously abhorrent or non-existent editorial control, I do have a suspicion regarding how this came to pass. Rather than a deliberate attempt to slander Dawoodi Bohras, it is more likely the case that the “reporter” (and I use this word in the loosest term possible) did a Google Search on “nikah”, and found these results:

Google Search Results for nikah

Google Search Results for "nikah"

The first usable photo became the “source” for the doctored “news report”. While this in no means justifies what happened and it should never have happened to begin with, it does mean that objectively, there was likely no intended malice towards Dawoodi Bohras.

Does it excuse the event? Absolutely not. Does it mean that it’s acceptable for news stations to doctor images to fake news events? No way. Everything that happened here should never have happened. But I think it does provide an insight into how it came about.

Also of interest to some readers may be the search engine referral statistics for Planet Bohra on 8 April, 2009. I’ve made these available as a PDF.

Author: "aebrahim" Tags: "Other, bohra, fake, india tv"
Comments Send by mail Print  Save  Delicious 
Date: Monday, 02 Mar 2009 10:24

Yesterday I piloted a Boeing 737-800NG simulator. It was my first attempt at a flight from Hong Kong’s new airport Chek Lap Kok to the now out of service old airport Kai Tak. I control the yoke (steering) and yaw. My co-pilot controls the thrust, flaps and trim (and generally gives me some helpful directions since he’s a pilot and I’m not).

The 737 NG has some pretty sophisticated navigational equipment which is very helpful. One of the nice things was an indicator that shows your turn trajectory and projects it onto a runway extension – very useful for landings at Kai Tak.

Of note is that pilots who landed at Kai Tak back in the day had no such help, making those landings all the more impressive.

My landing is not on the runway centreline, but on the runway and close to where one should hope to land, so I’m happy with that for a first attempt at flying a 737 in a proper sim.

Link to video: Chek Lap Kok to Kai Tak in B737-800NG (Cockpit View)

Author: "aebrahim" Tags: "Uncategorized"
Comments Send by mail Print  Save  Delicious 
Date: Saturday, 31 Jan 2009 07:19

I just upgraded Zainab’s iPhone 2G (purchased from an Apple Store in the US) today from OS version 2.1 to 2.2.1. Originally this iPhone was unlocked using iJailBreak on 1.1.4 and then was jailbroken/unlocked on 2.0/2.1 using PwnageTool.

The instructions I read were to upgrade to 2.2.1 using iTunes and then run QuickPwn to jailbreak/unlock the iPhone 2G. Interestingly, after I upgraded to 2.2.1 using iTunes (without any custom IPSW – downloaded the release from Apple) the phone upgrade went without a hitch and the iPhone remained unlocked after the upgrade. That was a surprise.

Of course the phone is not jailbroken but I have no interest in that and it seems that once an iPhone 2G is unlocked there are at least some circumstances where it will remain so after a normal upgrade using the official IPSW.

So right now she’s using an iPhone 2.G with 2.2.1 OS without any jailbreaks or custom hacks, but with a non AT&T SIM. That’s from my POV ideal and a pleasant surprise.

Author: "aebrahim" Tags: "Apple, iPhone, jailbreak, unlock"
Comments Send by mail Print  Save  Delicious 
Date: Wednesday, 17 Dec 2008 09:23

I am responsible for overseeing the IT infrastructure of an office with about 40 Windows-based computers. We always keep the OS and relevant software patched, though sometimes even keeping Windows/Office/IE patched to the most current level is not enough.

The workarounds provided by Microsoft for this issue are frankly, not acceptable because website functionality with security set to ‘High’ is unacceptable and generate user complaints (and doesn’t even solve the problem completely).

Events like this give me cause to consider a company-wide deployment of Firefox as the default browser. We have no internal applications that rely on IE so this is not a sticking point for us as it is for many corporations. Plus, Firefox has far fewer “vulnerable days” as compared to IE (and when Firefox is vulnerable the potential risk to the system is usually lower).

However, there are a couple of blockers that stop me from taking this step. These include:

  • Lack of an automated/scriptable way to deploy Firefox that is supported by Mozilla (though bug 231062 has been filed for an MSI install package – almost 5 years later there is still no resolution).
  • Lack of any way to force Firefox product/security upgrades upon users. Without this, Firefox is arguably even more insecure than IE because at least with IE we can be reasonably sure that updates are being pushed out on schedule.
  • Lack of any centralised way to make sure plugins are up to date (I will concede that IE is not up to par on this front either).

There are probably a few other points that I can’t think of at the moment. However, our company is an SME with less than 100 computers and I find these issues troubling. Imagine a Fortune 500 company – the problem for them would be multiplied many fold.

I am unhappy about the latest problems with IE and unhappy that there is no patch yet for an exploit that is so clearly in the wild and unhappy that there isn’t even an acceptable way to mitigate the risk.

Having said all this – at the moment I don’t see that switching to an alternative browser is an acceptable solution to this problem for enterprise users for the reasons above.

If work was done to make Firefox more enterprise friendly, this would go a long way towards adoption in the workplace. As it stands, there are just too many reasons not to deploy even though the product is clearly superior from an end user standpoint.

Author: "aebrahim" Tags: "Mozilla, enterprise, firefox, internet e..."
Comments Send by mail Print  Save  Delicious 
Date: Monday, 10 Nov 2008 10:26

My religious community, numbering approximately one million worldwide has a centralised system for almost everything (both religious and non-religious). One of the non-religious centralised systems that has really irked me over the last couple of years has been the eJamaat system which is maintained by the religious administration.

The eJamaat system contains personal biodata (name, DOB, address, education, business details, levels of religious learning, blood type, family trees/relationships) of almost all community members worldwide. This system is mainly used to gather data about the community and also to perform registration for attendance of reglious events or sermons. Now – the administration seeks to make entering passport information mandatory as well.

Why does it irk me? It’s not because the system is not needed or because it performs no useful functions. In reality, there is a real need for this system and it is effectively used to manage registration for events. It irks me because of the administration’s compulsion for collecting data that is not required just for the sake of collecting it. Further, there is no disclosure as to how the information is used and no information about what steps are being taken to secure our personal data. For starters, communication is unencrypted because SSL is not used to secure HTTP conversations so any data entry is inherently insecure, especially if you do so over a public wifi signal.

When this system was first set up, I requested a copy of eJamaat’s privacy policy. It is not publicly listed anywhere and I never got a response. From this I can infer that either they don’t have one, or that it is not available for public viewing. In some jurisdictions the collection of this kind of personal data without a published privacy policy that meets certain guidelines is actually outright illegal (see below for details on relevant legislation within the UK).

I am genuinely concerned that if this data was to fall into the wrong hands, it would be a treasure trove for individuals seeking to engage in identity theft. With information including full name, father’s name, mother’s name (including maiden name), DOB, passport information, photographs, address, blood type, information about health conditions, business details, educational qualifications it is frankly quite scary to imagine what could happen if this information was stolen by a third party or misused by those with access to the data. Identity theft would be the tip of the iceberg.

It would be reassuring to the community if important information was disclosed (and more importantly followed) regarding what steps are taken to secure the data, under what circumstances data will be shared with other parties, if users will be informed in the case of a data breach, and also why data like passport information is required (personally, I can’t see a legitimate reason for this).

I think it would be naive to think that feeding all this information into a black box with no accountability is a good idea and that there will never be a major breach of confidentiality. With the scope of data contained, it is quite plausible that someone could call a bank and successfully obtain account information and effect transfers, or apply for a library card by post in someone else’s name.

I hope someone can demonstrate that my concerns are unfounded, but I doubt that will happen.

For those who are interested, the Data Protection Act 1998 is the most relevant piece of legislation in the United Kingdom to this discussion (and other countries may have their own equivalents). Accoring to the ICO, there are eight basic principles, which is to make sure that personal information is:

  • Fairly and lawfully processed
  • Processed for limited purposes
  • Adequate, relevant and not excessive
  • Accurate and up to date
  • Not kept for longer than is necessary
  • Processed in line with your rights
  • Secure
  • Not transferred to other countries without adequate protection

[Source: Personal data, Personal rights - Data Protection Act (DPA) - ICO]

The page on legal obligations imposed on data controllers is also interesting:

  • Do I really need this information about an individual? Do I know what I’m going to use it for?
  • Do the people whose information I hold know that I’ve got it, and are they likely to understand what it will be used for?
  • If I’m asked to pass on personal information, would the people about whom I hold information expect me to do this?
  • Am I satisfied the information is being held securely, whether it’s on paper or on computer? And what about my website? Is it secure?
  • Is access to personal information limited to those with a strict need to know?
  • Am I sure the personal information is accurate and up to date?
  • Do I delete or destroy personal information as soon as I have no more need for it?
  • Have I trained my staff in their duties and responsibilities under the Data Protection Act, and are they putting them into practice?
  • Do I need to notify the Information Commissioner and if so is my notification up to date?

[Source: Personal privacy, legal obligations - Data Protection Act (DPA) - ICO]

Update 16 November 2008: I have been requested by a legal advisor to Dawat to temporarily remove this post while some issues are being worked on. Certain representations have been made which paint a positive picture of what is going on behind the scenes and if this is followed through it will be a very positive development for all eJamaat users.

Update 23 September 2009: eJamaat now has a privacy policy in place (see also locally archived copy dated 23/09/2009) which addresses many of the concerns stated above. It is good to know that positive steps are being taken and users are being told why data is being collected, why, and who will process it, and also how to opt out, and it is also being made clear that the entering of passport information is optional and not mandatory. The privacy policy is not perfect, it does not address how the data is being kept secure, but it is a step in the right direction.

Given that I was requested to remove the post only temporarily until action was taken, I am quite comfortable to put the entire post back online in the knowledge that action has already been taken (and there was ample opportunity to do so) and I hope that the privacy policy will be vigilantly enforced and that steps will continue to be taken to protect the privacy of eJamaat users.

One further step that I would like to see taken is for eJamaat to publish a list of organisations that they share our data with. In the privacy policy they mention that they only share information with organisations affliated with Dawat-e-Hadiyah but this could be a very extensive list and sometimes the distinction between being affiliated or not is an obscure one.

For example, the site Malumaat.com requires users to register with an eJamaat number and says that if incorrect information is entered then an account is liable to deactivation. This is interesting because it means that any one of the following cases must be true:

  1. Malumaat is able to access eJamaat records in order to verify that the numbers provided are correct. In this case, eJamaat is in violation of their own privacy policy because Malumaat is not an organisation which is affliated with Dawat-e-Hadiyah or Alvazaratus Saifiyah.
  2. Malumaat is not able to access eJamaat records in which case Malumaat is purporting to collect eJamaat numbers for a purpose otherwise than what they state and users have no guarantee about the privacy of their data provided (and in any case should be wary of providing unique personal identifiers to a site which has not issued them in the first instance).

Another point worth mention is that eJamaat, according to their privacy policy, does provide information to third parties. In this case it is legally incumbent upon eJamaat to ensure that the third parties they provide data to are also processing it in accordance with the protections that eJamaat is subject to otherwise the provision of said data to third parties may be unlawful.

One more easy improvement that could be made is to encrypt all website transactions using SSL (preferably EV SSL). At the moment all information entered by users on the eJamaat website is not encrypted and in this day and age there is no legitimate justification for this.

In short, the situation today is much better than it was a year ago, but data privacy is an aspect of data retention that needs to be continually addressed at every step of data processing and data sharing. A “write a privacy policy and forget about it” approach will not yield the correct result. The more users are reassured that their data is being sensibly and lawfully processed, the more comfortable they will be to provide sensitive data.

Author: "aebrahim" Tags: "Personal, Politics, Technology, data ret..."
Comments Send by mail Print  Save  Delicious 
Date: Friday, 26 Sep 2008 03:08

Is Hong Kong the first market in the world to get an iPhone 3G which is both officially unlocked at the time of purchase and not tied to a carrier plan? According to the Apple HK iPhone store page, quite possibly:

iPhone 3G purchased at the Apple Online Store can be activated with any wireless carrier. Simply insert the SIM from your current phone into iPhone 3G and connect to iTunes 8 to complete activation.

They’re not cheap though. The 8GB phone costs HK$5400 (approx US$700) and the 16GB is HK$6200 (approx US$800).

Author: "aebrahim" Tags: "Apple, iPhone"
Comments Send by mail Print  Save  Delicious 
Date: Friday, 12 Sep 2008 14:49

I just upgraded to iPhone OS 2.1. Hope that this solves some of the problems I mentioned earlier.

iPhone OS 2.1 (5F136)

iPhone OS 2.1 (5F136)

UPDATE (13/09/2008): Seems that there’s no improvement in signal quality. On my way to work today, twice the phone dropped into a “No Service” area. This was in areas that most definitely should have had coverage.

Author: "aebrahim" Tags: "Apple, iPhone"
Comments Send by mail Print  Save  Delicious 
Date: Thursday, 21 Aug 2008 02:23

There are a lot of reports out there that Apple’s 2.0.2 OS update for the iPhone fixes reception issues with 3G. Now I don’t know whether the issues are hardware, firmware, or software related (maybe all?), but I do know that the 2.0.2 update does not do anything to fix them, at least not for me here in Hong Kong.

In a city that has mobile coverage everywhere, including on underground trains, the iPhone sometimes shows 1 bar only for network strength in downtown Hong Kong, where most other phones show full signal strength. In areas where other phones have no problems getting reception, iPhone can show “No Service”.

I hope that iPhone OS 2.1 has a solution for these problems. The iPhone is a great computer, but it is lacking as a reliable mobile phone.

Author: "aebrahim" Tags: "Apple, iPhone"
Comments Send by mail Print  Save  Delicious 
Date: Thursday, 31 Jul 2008 05:53

I came across this limit today while trying to download an application from the iPhone App Store. Apparently, if an application is over 10MB, the iPhone will not allow you to download it over the celluar data network, requiring you to either download over wifi, or via iTunes on your computer.

This seems like a pretty brain-dead limit, since 10MB is not a lot of data and they’re hyping up 3G so much as being as fast as broadband. Well, what’s the use if you’re artificially disallowed from downloadling more than 10MB?

Chalk one up for the bean counters at AT&T who no doubt convinced Apple to include this “feature”.

Author: "aebrahim" Tags: "Apple, iPhone"
Comments Send by mail Print  Save  Delicious 
Next page
» You can also retrieve older items : Read
» © All content and copyrights belong to their respective authors.«
» © FeedShow - Online RSS Feeds Reader