Baidu Security Holes

A recent article and report on privacy security issues with the Baidu browser raised questions around government influence that encourages the release of unsafe software into the hands of consumers, and the related issues of encryption, and data collected by search engines more broadly. In the U.S., the debate around encryption has put producers, who are generally pro-encryption, and government law enforcement agencies, who are fighting encryption, against one another. This is the most visible part of the debate around consumer security, but we also know companies comply with government orders (such as national security letters) and it seems well within the realm of possibility that ordinary citizens do not know the extent to this compliance. Finally, the report highlights how little I and most people know about the way our activity on the internet is tracked and mediated, by search engines but also by many sites we visit, for monetary gain.

The intent behind the security holes in Baidu is unclear: “China requires local companies like Baidu to retain and share user data without much of any kind of due process, transparency, or public accountability. Did Baidu build their browser to hoover up all of this personal information at the request of the Chinese authorities? Did they do it for commercial reasons? Did they do it because of over zealous engineering choices? …Whether poor design, or surveillance by design, it is the same effect: users are at risk.”

A certain level of privacy is considered a human right. Governments around the world, but more visibly since legislation passed as a result of the September 11th terrorist attacks, have challenged technological measures and legal procedures intended to protect personal privacy under the name of increased security. Whether or not weakened encryption is an effective tool for law enforcement and counter-terrorism is an open question, although there’s evidence that terrorists hide their communications in other ways. I’m inclined to think that governments should be on the side of their law-abiding citizens who could be at risk of disclosing personal information to more malicious third parties and criminals using deliberately inferior software.


NYC Garbage Distribution and Disposal

Link to map.

Data Sources

I used this GeoJSON of NYC Community Districts and Joint Interest Areas from I did not include “Joint Interest Areas, a/k/a JIAs, are public parks, waterways, major governmental installations and similar land uses which are not located within bounding community districts. Examples are Central Park, Van Cortlandt Park, LaGuardia and JFK Airports” and these areas did not have DSNY collection data.

I also included NYC borough geographic data, to include outlines of these areas, and state geographic data for New Jersey, Pennsylvania, Ohio, Virginia, Kentucky, and South Carolina, so it would be more apparent which states had markers when the map was zoomed out.

Collection and Disposal Network data are from the NYC Department of Sanitation, released through NYC Open Data, last updated in February 2016. When I found this map from the Newton Creek Alliance, I figured transfer stations and disposal centers were different language for different centers, but I’m actually not sure. For the purposes of my map, I aggregated Tonnage Collection data from the district-month level to the district-level for 2015. I used Mimi’s code for adding these data to the community-district geojson.

I attempted to verify as many landfill/disposal locations as possible based on this list which was the most up-to-date of two lists I found, the other being from 2002. Based on the broad distribution discovered by the MIT trash tracker project, I suspect it is an incomplete list. After googling to find company websites and for all the addresses, I found one case of duplicates, and a few cases where I think the location listed on google or the website was the company’s office rather than the landfill itself. I included these for now anyway, since I think they are still demonstrative of the distance NYC trash is transported.

User Testing

This week I tested my paper prototype of my counter application, which I did iterate once based on one person’s feedback. I realized as I tested that I probably should have made empty screens, since the pre-populated ones that showed functionality seemed to confuse people.

I asked three of my coworkers and my parents to help me. I learned that my parents need to wear glasses to interact with their iPhones. Through the conversation I also realized my mom has trouble with the iPhone keyboard, which reminded me of testing button size, which was mentioned in class. It was challenging to not continually converse with everyone, since I know them so well, and they kept on looking to me to give guidance or answer questions.

Everyone was asked the same introductory and task questions. First, I just asked everyone about their routine, to try to get an idea of things they might keep track of. Then, I asked how they like to keep organized, to see what tools came up. A few people joked that they don’t keep organized, but also nearly everyone mentioned a calendar application and to-do lists, either on their phone or on paper. The tasks were:

  • Create a new item to keep track of the number of times you go to the gym this week. You want to go four times.
  • Create a new item to count down to your friend’s wedding on April 2nd.
  • Increment the number of days you want to go on vacation down one.

Continue reading User Testing