Skip to content

Howto: Delete old Docker containers

I’ve been working quite a bit lately on a secure deletion tool for Docker containers. Here are a few notes on basic delete methods, without security, which hints at the problem.

  • List all current containers
  • $ docker ps -a

    CONTAINER ID  IMAGE        COMMAND   CREATED             STATUS                        PORTS  NAMES
    e72211164489  hello-world  "/hello"  About a minute ago  Exited (0) About a minute ago        ecstatic_goodall
    927e4ab62b82  hello-world  "/hello"  About a minute ago  Exited (0) About a minute ago        naughty_pasteur       
    d71ff26dbb90  hello-world  "/hello"  4 minutes ago       Exited (0) 4 minutes ago             hungry_wozniak        
    840279db0bd7  hello-world  "/hello"  5 minutes ago       Exited (0) 5 minutes ago             lonely_pare           
    49f6003093eb  hello-world  "/hello"  25 hours ago        Exited (0) 25 hours ago              suspicious_poincare   
    6861afbbab6d  hello-world  "/hello"  27 hours ago        Exited (0) 26 hours ago              high_carson           
    2b29b6d5a09c  hello-world  "/hello"  3 weeks ago         Exited (0) 3 weeks ago               serene_elion          
  • List just containers weeks old
  • $ docker ps -a | grep “weeks”

    CONTAINER ID  IMAGE        COMMAND   CREATED             STATUS                        PORTS  NAMES
    2b29b6d5a09c  hello-world  "/hello"  3 weeks ago         Exited (0) 3 weeks ago               serene_elion          
  • List all containers by ID
  • $ docker ps -a | grep ‘ago’ | awk ‘{print $1}’

  • List all containers by ID, joined to one line
  • $ docker ps -a | grep ‘ago’ | awk ‘{print $1}’ | xargs

    e72211164489 927e4ab62b82 d71ff26dbb90 840279db0bd7 49f6003093eb 6861afbbab6d 2b29b6d5a09c          
  • List ‘hours’ old containers by ID, joined to one line, and if found prompt to delete them
  • $ docker ps -a | grep ‘hours’ | awk ‘{print $1}’ | xargs -r -p docker rm

    docker rm 49f6003093eb 6861afbbab6d ?...

    Press y to delete, n to cancel

Posted in Security.

Today in History: Antoine de Saint-Exupéry Disappears

On July 31 in 1944 Antoine de Saint-Exupéry flew a Lockheed Lightning P-38 on a morning reconnaissance mission, despite being injured and nearly ten years over the pilot age limit. It was the last day he was seen alive. A bracelet bearing his name was later found by a fisherman offshore between Marseille and Cassis, which led to discovery of the wreckage of his plane.

Saint-Exupéry was an unfortunate pilot with many dangerous flying accidents over his career. One in particular was during a raid, an attempt to set a speed record from Paris to Hanoï, Indochine and back to Paris. Winning would have meant 150K Francs. Instead Saint-Exupéry crashed in the Sahara desert.

Besides being a pilot of adventure he also was an avid writer and had studied drawing in a Paris art school. In 1942 he wrote The Little Prince, which has been translated into more than 250 languages and is one of the most well-known books in the world. Saint-Exupéry never received any of its royalties.

It brings to mind the rash of people now posting videos and asking their fans to pay to view/support their adventures.

Imagine if Saint-Exupéry had taken a video selfie of his crash and survival in the Sahara desert and posted it straight to a sharing site, asking for funds…instead of writing a literary work of genius and seeing none of its success.

Posted in History, Security.

Convert Kali Linux VMDK to KVM

I was fiddling around in Ubuntu 14.04 with Docker and noticed a Kali Linux container installation was just four steps:

$ wget -qO- | sh
$ docker pull kalilinux/kali-linux-docker
$ docker run -t -i kalilinux/kali-linux-docker /bin/bash
# apt-get update && apt-get install metasploit

This made me curious about comparing to the VM steps. Unfortunately they still only offer a VMDK version to play with. And this made me curious about how quickly I could convert to KVM.

On my first attempt I did the setup and conversion in eight (nine if you count cleanup):

  1. Install KVM
  2. $ sudo apt-get install qemu-kvm libvirt-bin ubuntu-vm-builder bridge-utils virt-goodies p7zipfull

  3. Download kali vmdk zip file
  4. $ wget

    (Optional) Verify checksum is 1d7e835355a22e6ebdd7100fc033d6664a8981e0

    $ sha1sum Kali-Linux-1.1.0c-vm-amd64.7z

  5. Extract zip file
  6. $ 7z x Kali-Linux-1.1.0c-vm-amd64.7z
    $ cd Kali-Linux-1.1.0c-vm-amd64
    $ ll

    -rw------- 1 user user 3540451328 Mar 13 03:50 Kali-Linux-1.1.0c-vm-amd64-s001.vmdk
    -rw------- 1 user user 1016725504 Mar 13 03:50 Kali-Linux-1.1.0c-vm-amd64-s002.vmdk
    -rw------- 1 user user 1261895680 Mar 13 03:50 Kali-Linux-1.1.0c-vm-amd64-s003.vmdk
    -rw------- 1 user user 1094582272 Mar 13 03:50 Kali-Linux-1.1.0c-vm-amd64-s004.vmdk
    -rw------- 1 user user  637468672 Mar 13 03:50 Kali-Linux-1.1.0c-vm-amd64-s005.vmdk
    -rw------- 1 user user  779747328 Mar 13 03:50 Kali-Linux-1.1.0c-vm-amd64-s006.vmdk
    -rw------- 1 user user 1380450304 Mar 13 03:50 Kali-Linux-1.1.0c-vm-amd64-s007.vmdk
    -rw------- 1 user user    1376256 Mar 13 03:50 Kali-Linux-1.1.0c-vm-amd64-s008.vmdk
    -rw------- 1 root root        929 Mar 13 02:56 Kali-Linux-1.1.0c-vm-amd64.vmdk
    -rw-r--r-- 1 user user          0 Mar 13 05:11 Kali-Linux-1.1.0c-vm-amd64.vmsd
    -rwxr-xr-x 1 root root       2770 Mar 13 05:11 Kali-Linux-1.1.0c-vm-amd64.vmx*
    -rw-r--r-- 1 user user        281 Mar 13 05:11 Kali-Linux-1.1.0c-vm-amd64.vmxf
  7. Convert ‘vmdk’ to ‘qcow2′
  8. $ qemu-img convert -f vmdk Kali-Linux-1.1.0c-vm-amd64.vmdk -O qcow2 Kali-Linux-1.1.0c-vm-amd64.qcow2

  9. Change ownership
  10. $ sudo chown username:group Kali-Linux-1.1.0c-vm-amd64.qcow2

  11. Convert ‘vmx’ to ‘xml’
  12. $ vmware2libvirt -f Kali-Linux-1.1.0c-vm-amd64.vmx > Kali-Linux-1.1.0c-vm-amd64.xml

    (Note this utility was installed by virt-goodies. An alternative is to download just vmware2libvirt and run as “python vmware2libvirt -f Kali-Linux-1.1.0c-vm-amd64.vmx > Kali-Linux-1.1.0c-vm-amd64.xml”)

    (Optional) Create some uniqueness by replacing default values (e.g. mac address 00:0C:29:4B:9C:DF) in the xml file

    $ uuidgen

    mac address
    $ echo 00:0C:$(dd if=/dev/urandom count=1 2>/dev/null | md5sum | sed ‘s/^\(..\)\(..\)\(..\)\(..\).*$/\1:\2:\3:\4/’)

    $ vi Kali-Linux-1.1.0c-vm-amd64.xml

  13. Create VM
  14. $ sudo ln -s /usr/bin/qemu-system-x86_64 /usr/bin/kvm
    $ virsh -c qemu:///system define Kali-Linux-1.1.0c-vm-amd64.xml

  15. Edit VM configuration to link new qcow2 file
  16. Find this section

    driver name='qemu' type='raw'
    source file='/path/Kali-Linux-1.1.0c-vm-amd64.vmdk'

    Change raw and vmdk to qcow2

    driver name='qemu' type='qcow2'
    source file='/path/Kali-Linux-1.1.0c-vm-amd64.qcow2'

  17. Start the VM
  18. $ virsh start Kali-Linux-1.1.0c-vm-amd64

  19. Delete vmdk
  20. $ rm *.v*

Posted in Security.

Howto: Install GPG on Jolla Sailfish OS

A Finnish start-up, Jolla, announced at the end of 2013 that it was producing a free and open source Sailfish OS, with an open hardware smart phone.

Here is a quick three-step guide to getting GPG installed.

STEP 1) install pinentry

You have three options:

  1. compile from source
  2. install pinentry-0.8.3-1.armv7hl.rpm
  3. use warehouse app to search for “pinentry” in OpenRepos, add “veskuh” repository and install gnupg-pinentry

STEP 2) open the terminal and install the GnuPG software

[nemo@Jolla ~]$ pkcon install gnupg2

Currently this installs version 2.0.4 with a home of ~/.gnupg

Supported algorithms:

    Pubkey: RSA, ELG, DSA
    Hash: MD5, SHA1, RIPEMD160, TIGER192, SHA256, SHA384, SHA512, SHA224
    Compression: ZIP, ZLIB, BZIP2

STEP 3) use the terminal to create a key

[nemo@Jolla ~]$ gpg2 –gen-key

Please select what kind of key you want:
   (1) DSA and Elgamal (default)
   (2) DSA (sign only)
   (5) RSA (sign only)
Your selection? [Enter]
DSA keypair will have 1024 bits.
ELG-E keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) [Enter]
Requested keysize is 2048 bits
Please specify how long the key should be valid.
         0 = key does not expire
        = key expires in n days
      w = key expires in n weeks
      m = key expires in n months
      y = key expires in n years
Key is valid for? (0) [Enter]
Key does not expire at all
Is this correct? (y/N) y
You need a user ID to identify your key; the software constructs the 
user ID from the Real Name, Comment and Email Address in this form:
    "Heinrich Heine (Der Dichter) "
Real name: Davi Ottenheimer
Email address:
You selected this USER-ID:
    "Davi Ottenheimer"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O

x Enter passphrase                            x
x                                             x
x                                             x
x Passphrase _***********_____________________x
x                                             x
x       OK           Cancel                   x

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.

gpg: key XXXXXXXX marked as ultimately trusted
public and secret key created and signed.

gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
pub 1024D/XXXXXXXX 2015-07-29
uid Davi Ottenheimer
sub 2048g/YYYYYYYY 2015-07-29

STEP 3.5) verify key

[nemo@Jolla ~]$ gpg2 -k

pub 1024D/XXXXXXXX 2015-07-29
uid Davi Ottenheimer
sub 2048g/YYYYYYYY 2015-07-29

NOTE: you may want to move and keep your secret key on a removable storage card

Posted in Security.

We Need a Digital Right to Repair

Dan Lyke asked me a good question today, in response to my Jeep of Death blog post and tweets about patching:

So yay for sharing, but we shouldn’t normalize getting your car patches from random Internet users.

On the one hand it would be easy to agree with Dan’s point. Randomness sounds scary and untrustworthy.

On the other hand, reality says doing safe business with random people might be a reasonable and normal state of affairs. I mean imagine getting a car chip update from a random vendor, or a part to fix your suspension or brakes. Imagine getting fuel from a random vendor.

Can trust or standards of care be established to allow randomness? Yes, obviously. Hello FTC.

My response to Dan was more brief than that response, because, well, Twitter:

why not? we get other “after market” fixes for cars all the time

This does not convince Dan, unfortunately. He asks an even scarier question:

would you run random executables emailed to you by internet strangers? On your car?

I try to explain again what I said before, that we enjoy a market full of randomness that our cars execute already (e.g. gasoline, diesel…steam, vegetable oil). And that is a good thing.

YES. because i have a digital right to repair, i would. i have been doing this on my diesel chip and motorcycles for a decade.

As far as I can tell Ducati was the first to allow after-market software patches on their engines, more than fifteen years ago. I owned a 2001 motorcycle that certainly allowed for it as I patched the ECU about every year, always after-market and sometimes with a random mechanic.

The idea that we should allow any patching process to be wholly controlled by vendors and not at all by consumers or independent mechanics sounds to me like a very dangerous imbalance.

Allow me to explain in more than 140 characters:

Having the right to repair is actually an ancient fight. Anyone familiar with American political history knows horror stories about Standard Oil, Ma’ Bell, let alone GM and Ford; monopolies that have tried to shut-down innovators. Or maybe I should invoke the angry Bill Gate’s hate letter to hobbyists?

Lessons learned from history can be plenty relevant to today’s dilemmas. Consider for example the Right to Repair legislation, that that I last blogged about in 2005, pushed by the late great Senator Wellstone.


The argument made in 2001 by Senator Wellstone was manufacturers established “unfair monopoly” by locking away essential repair information, which prohibited independent mechanics from working on cars.

Wellstone’s ‘Motor Vehicle Owners’ Right to Repair Act’ Gives Vehicle Owners the Right to Choose Where, How and by Whom To Have Repairs and Parts of Their Choice. […] This legislation allows the vehicle owners — and not the car manufacturers — to own the repair and parts information on their personal property, this time their vehicles. It simply allows motoring consumers to have the ability to choose where, how and by whom to have their vehicles repaired and to choose the replacement parts of their choice — even to work on their own vehicles if they choose.

Opposition to the legislation was not only from the big companies that would have to share information with customers. Some outside the companies also argued against transparency and self (or at least independent) services. Believe it or not, for years statements were being made about protecting “high-tech” car security (e.g. passive anti-theft devices such as smart-key and engine immobilizer) with obfuscation.

Of course we know obfuscation to be a weak argument in information security, right? Put recent news about electronic key thieves in perspective of ConsumerReports arguing in the mid 2000s that obfuscation of key technology would better protect consumers from threats…

Well the fight against consumer right to repair cars dragged on and on until Massachusetts politicians broke through the nonsense in 2012 and passed H. 4362, a Right to Repair, which was seen as a compromise that car manufacturers could swallow.

Nearly thirteen years after Wellstone introduced his bill, an important federal step was taken towards normalizing random patches.

The long fight over “right to repair” seems to be nearing an end.

For more than a decade, independent car repair chains such as Jiffy Lube and parts retailers such as AutoZone have been lobbying for laws that would give them standardized access to the diagnostic tools that automakers give their franchised dealers.

Automakers have resisted, citing the cost of software changes required to make the information more accessible.

It was because of a mostly external benefit (consumers), with mostly internal cost (automakers), that regulators had to step in to balance the economics of repair information access. Wellstone was wise to recognize consumer safety from access to information, lower-cost and faster repairs to things they own, could be more beneficial to the auto industry than higher margins.

I attempted to translate this political theory into today’s terms by Tweeting at people for a Digital Right to Repair on Android phones.


Perhaps I see the parallels today because I ran security programs at Yahoo! for mobile a decade ago and noticed parallels back then.

Phone manufacturers were slow to push security updates. Consumers were slow to pull updates. It seemed, from a cost-effective risk management view, that allowing Right to Repair to hundreds of millions of consumers we essentially would grease the wheels of progress and improvements. We anticipated patches would roll sooner and where innovation was available, because knowledge.

In other words rules that prevented understanding internals of devices also stalled understanding how to repair. To me that is a very serious security calculation.

What industry needs to discuss specifically is whether the rules to prevent understanding will unreasonably prevent safety protections from forming. Withholding information may push consumers unwittingly into an expensive and dangerous risk scenario that easily could have been avoided. Who should be held responsible when that happens?

Looking forward, the economics of IoT patching (i.e. trillions of devices needing triage) begs why not enhance sharing to leverage local resources for partnership and innovations in self-defense. As we move towards more devices needing repair, I certainly hope we do not lose sight of Wellstone’s legacy and the lessons his Act has taught us.

Posted in History, Security.

Jeep WordPress Edition

Jeep unveils WordPress Edition for DevOps market segment “ready for Internet adventure”

The 2015 Jeep WordPress exemplifies Jeep on-line capability with a distinctive, aggressive shell, backed up by Jeep Internet Rated software, resulting in the most capable mid-size thing in the new you-have-to-be-crazy-to-connect-to-a-network devops automobile segment. The Jeep WordPress includes aggressive service and connectivity options, complements of the unique clear-text lua scripts, one-time factory install, Jeep on-line single-user unlocked file system, logs disabled and signature open USB ports. The unlocked file system is easily configurable with no integrity, but will apply access controls automatically when in certain modes, such as “OMFG,” to maximize on-line on-road threat interactions for the devop that can handle it. Comes with “Freedom isn’t DOM” sticker.

jeep wordpress edition

Posted in Security.

Jeep Software Patching: You and UConnect

Lately I have heard people complaining about their friends and family who can not or will not patch the Jeep software.

I suspect the more people that look at the process for patching Jeeps the more the process will improve and increase the likelihood of patching. So here are a few quick steps that might be helpful.

First, you need a Vehicle Identification Number (VIN). You can ask your friends or family for their VIN. You can walk into a parking lot, especially a Jeep dealer’s, and look at the VIN. Or you can search craigslist for a VIN. I used the SF bay area site but you can search anywhere using a simple URL modification:

Mine brought up a good candidate to check almost immediately, and you can see the VIN (1C4RJFJT9EC145897) right at the top:

Second, copy the VIN number and enter it into the Uconnect Software Update page. If the vehicle with the VIN you found needs an update, you will see the success window:

Speaking of vulnerabilities and missing patches, you probably will have to use IE. Chrome errors out and UConnect is up front about the fact it does not support Firefox after version 37 (current Firefox is 39).

You also should note that attempting to use HTTPS reveals UConnect has an horribly insecure setup — a mis-configured service far behind on critical fixes.

I believe I was the first person to point the UConnect flaws out but again this whole process really should be something many people are assessing on a frequent basis. POODLE vulnerability shouldn’t have to be “discovered” by me months after it was announced.

Anyone else find a big red F for car manufacturer site safety less than confidence inspiring? I really should insert a graphic here of a crash-test-dummy flying out the window…

Third, now comes the tricky part because of the browser support issues I mentioned earlier. UConnect tries to force you into using a convoluted and slow graphical process to reach the update file.

UConnect seems to want to make some sort of case to install Akamai software before you can download the patch. Someone must have thought that is a good way to deal with a rush by 1 million owners suddenly trying to grab a 380MB file. In reality that is nothing compared to the number of people downloading larger files (e.g. movies) all the time through caching services invisible and compatible with any browser.

The Akamai client really doesn’t make any sense and just slows down the process so I avoided it by downloading from Microsoft a virtual machine running IE (e.g. Windows7 with IE 10 is a 3.5GB VM) and clicking through the UConnect “Tutorial” pages quickly until I was able to get to the end. That is where a direct download link finally appeared.

When I tried first with Chrome I was greeted with this warning:

IMPORTANT: The Akamai NetSession Interface is not compatible with your current browser. You can download software updates by clicking the direct download link for each available update.

And then, instead of any direct download link at the end of a bunch of clicks, Chrome fails with this warning:

An unexpected error has occurred. Please try refreshing your browser and entering your VIN again. If the issue persists, please contact UConnect customer care center at 1-877-855-8400, and press # to reach a customer support technical specialist. Canadian residents , call 1-800-465-2001 (English) or 1-800-387-9983 (French).

It probably would save a lot of time if UConnect just said at the start IE is the only supported browser; because really the UConnect site is designed only to work with old insecure versions of IE.

I was basically wasting time trying to get safer and newer browsers to work with the interface. Chrome stalls out at the end and Firefox doesn’t even get off the ground. If you try wget…LOL

Anyway, back to trying to actually get a patch, IE reveals a fancy button graphic as well as an actual link to an actual file.

Fourth, after all that wasted time trying to get through the UConnect web interface quagmire, I finally clicked on a link. Notice at the bottom left of the page a tiny URL reveals a token has been generated:

This URL can be copied from IE into Firefox or Chrome and the download works fine. And the token seems to expire so you can’t use the same one I generated. I would have to post the file for you to download from a file sharing site instead of just giving you the authoritative source.

It all really begs the question of why there is so much fluff, obfuscation, client software and tutorials instead of a simple download link via an invisible caching service compatible with everything.

Fifth, once the 390MB “MY13_MY14_RA3_15_26_1.exe” file is downloaded you may notice it is just a 7zip self-extracting archive. So use 7zip to unpack the archive and you have a 580MB “swdl.iso” file. Simply use 7zip again to extract the iso. This results in a manifest file from June 23, 2015 and four folders:

  • bin
  • etc
  • lib
  • usr

At this point you’re in the position to post the ISO to a file sharing site and invite people on a Jeep owners forum to install it from your source. Apparently that is already happening, which is easy to understand given how painful it is for owners to go through the above process.

Or you can read the files and learn more about how to help your friends and family stay safe.

For example, use a text editor to open the manifest file and scroll to the bottom. Here you should see options that indicate you can set the patch to autoupdate (no human intervention):

reset = “bolo”, — what type of reset is required
autoupdate = false, — automatically invoke the update (no HMI needed)

As another example, navigate to the usr/share/SKINS/ directory and you can find the “swf” (flash) themes available:

Abarth, AlfaRomeo, Chrysler, Dodge, Ferrari, Fiat, Jeep, Lancia, Maserati, Ram, SRT, Viper

Or move deeper into usr/share/SKINS/fontSwfs and read the file called “EVALUATION USE LICENSE AGREEMENT.doc”

1. You may install and use the bitmap fonts contained within the Evaluation Font (“Fonts”) internally for the sole purpose of evaluating the functionality of MONOTYPE products.
2. You may not rent, lease, distribute or sublicense the Fonts without first obtaining a written license from Monotype Corporation.

We have to assume a written license was obtained, while leaving the evaluation license anyway. Maybe Monotype requires the eval license to ship with the fonts? Still I feel like I have opened the hood of a car and found foam packing material that was meant to be removed.

Have a look into /usr/share where you will find “” with some interesting commands and comments

# File must be less than 2K bytes for security reasons!

What happens if the file grows larger?

I found a few network scripts yet none that offered firewall or service port options. “STATIC_IP=″ shows up in a template while “STATIC_IP=″ is in a shell script.

And I found a spelling error. This is Line 13 of

echo “mouting desktop…..”

A peek into /usr/share/scripts/update/installer will bring you to a compiled “system_module_check.lua” file that the car trusts to help prevent the wrong update being used.

It’s trivial to decompile lua and look closer. Grab the latest unluac.jar file and run it against the file you want to read. For example:

java -jar unluac_2015_06_13.jar system_module_check.lua > decompiled.lua

With this you can read the error levels and checks in the new decompiled.lua file

L8_9 = “Model Year Not set in ISO”

Also have a look into /usr/share/MMC_IFS_EXTENSION/bin because this is where you find more scripts and binaries of interest. Here is the check_temperature.lua:

require "service"

resp,err = service.invoke("com.harman.service.OmapTempService", "getOmapTemperature", {} )

if (err == nil) and (resp.omapTemp ~= nil) then
-- print("Temperature is ", resp.omapTemp)

if(resp.omapTemp > -20) then
os.exit(0) — temperature is acceptable
os.exit(-1) — temperature is NOT acceptable

Temperature “NOT acceptable” level seems like something that should not be easily modified. The obvious question I have with these files:

Is Chrysler ok with people editing/improving the files and delivering their own patch to the Jeep community (as already may be happening), to encourage after-market service and support options? Could we reasonably expect independent auto mechanics to also fix code?

In conclusion I found the process of getting a patch unnecessarily complicated. A download link should not be so obscure to find and incompatible with the latest/safest browsers. Also I found the patch strangely lacking integrity protections. And so you may want to consider the details of this patching process and have a closer look in order to help friends and family update their software and stay safe.

Updated to Note: Good news! Earlier one of my big questions, as I had wondered aloud, was whether an algorithmic method was used to verify the ISO file. I found the answer is yes, by looking in /usr/share/scripts/update/isochk.lua

openssl rsautl -verify -inkey /etc/keys/ -in /tmp/a -pubin -out /tmp/b
hashFile sha256 /fs/usb0/swdl.iso /tmp/c

Posted in Security.

The <69 words you’re no longer allowed to use in Infosec

Per Dan Kaminsky’s suggestion in a twitter thread about GM, as well as the famous George Carlin “Seven Dirty Words” skit, I humbly present for your consideration (and collaboration):

The <69 words you’re no longer allowed to use in Infosec

risk, SDLC, ROI, metrics, data, heartbleed, poodle, goto, 0day, faulty, cracked, cruftsmanship, deathcode, rooted, rootkit, pwn, bot, backdoor, fireworksmode, DIAF, borked, FUBAR, imminent, kludge, overflow, overrun, deadwhale, telnet, vapor, jelly, dirty, reality, segfault, spaghetti, stale, worm, zombie, trojan…

Posted in Security.

Airbnb Privacy Policy Changes

This is something of a buyer beware post. Skip below to the next section if you just want to read the Privacy Policy edits.

To be clear I am a huge fan of refactoring and breaking down systems. I obviously a proponent because it is what I do for a living. Dismantling systems of bias or ineffective control is desirable not least of all because justice.

When looking into Airbnb I would love to find that thread of social justice. Instead I find a troubling lack of transparency coupled with an ostentatious, even oligarchical, attitude. Airbnb has been grabbing headlines as venture vultures circle and smell profit. On the ground I hear and read about an unapologetic startup, blithely rejecting social protections to foment revolution.

Straight to the point, progress is what we all are after. Progress should not have to be with the wrong partner, where values fall out of line with our own. Reform runs the risk of being get-rich quick scheme, built by and for the reformers, because that alone motivates some for reform. For others we have to ask why aspire only for self-enrichment, especially where clearly there is harm to others?

It is a complicated topic of ethics, for sure, which needs investigation. That is why I say Airbnb begs the question of whether we can celebrate a software company in the hospitality industry for having a clue about the value of security and privacy.

Sometimes people tell me Airbnb has no property or rooms that they “own” in the same way that Uber has no drivers and no cars. However Uber fires drivers and takes back cars on lease. Take a moment to think about this dissonance.

Uber can fire drivers it doesn’t hire and take back cars it doesn’t own; so with all the power and none of the risk how exactly does Uber get hailed (no pun intended) as driverless and carless?

Can Airbnb achieve the same dissonance? This is where we must seek answers to ownership carefully; do security and privacy of owning a property have to be lost to achieve the progress that benefits the funders of Airbnb?

Perhaps it helps to look at the example of radio, a decades old sharing economy of music. Record companies through radio built a platform for sharing that kept musicians at arms length. Early on there are abundant sad examples of those musicians being abused by platform managers. Perhaps historic lessons here are to be minded?

For Airbnb let us say you believe you have protection against unlawful searches of “your” property. You then allow Airbnb monitoring of “your” property and allow your private information to be stored and shared at their sole discretion. Is it still your property when you grant anonymous others control over its fate?

I am working through these sorts of Airbnb risk scenarios from three levels of analysis.

First, I used Airbnb twice (or more) and had totally surprisingly horrible experiences (e.g. six people head-to-feet crammed onto cots in a small low-income room, with apparently no money going to the organizations subsidizing the room); versus being a non-Airbnb guest around the world for decades.

Second I have talked with neighbors about their hosting habits and problems they have faced; versus my non-Airbnb hosting for decades.

Third and finally I started to hear from tech industry peers about serious risks in Airbnb information security; whether it is wise to allow data into an environment that is anti-consumer protection, let alone one designed to be mined for the benefit of ad agencies:

Some Australian customers using Airbnb are worried about their privacy being breached, with the company confirming it shares people’s personal information for “marketing purposes”.

In order to test whether fears are well founded, and to challenge my conclusions, I have taken a deeper dive. I searched for evidence of things going right at Airbnb, signs of customer security and privacy.

Airbnb recently released two sections of policy, one after the other, to notify customers of major changes.

The effective date of the new privacy policy is August 06; expiration of the old is September 06. They say they will delete the old policy in September and in the meantime leave both on their site.

Although having both is great to compare, the format they chose does not instill any confidence that they want you to see what exactly changed. It is not what I would consider reasonable disclosure, although it is better than no comparison at all. A software company claiming to be a leader easily could offer a markup option/view.

I have created below the diff that I would like to have seen Airbnb publish, hopefully making it clear how much has changed.

Hint: section 12 gives “sole discretion” to Airbnb to decide whether your property data can be considered exclusively theirs to disclose to law enforcement.

We will use commercially reasonable efforts to notify users about law enforcement requests for their data unless we, in our sole discretion, believe harm or fraud could be directed to Airbnb, its Members, the Platform, or Services.

And what methods are used to prevent abuse of sole discretion over your property data? How should a property data ownership model work with a company seen as having no ownership while retaining sole discretion over your property?

Going back to my earlier radio example, for reference, here are the latest privacy terms provided by Pandora:

…we may share your information, including personally identifiable information, in order to (i) protect or defend the legal rights or property of Pandora, or the legal rights of our business partners, employees, agents, and contractors (including enforcement of our agreements); (ii) protect the safety and security of Pandora users or members of the public including acting in urgent circumstances; (iii) protect against fraud or to conduct risk management; or (iv) comply with the law, legal process, or legal requests. Additionally, we may share your data, including any personally identifiable information, with our successor in interest in the event of a corporate reorganization, merger, or sale of all or substantially all of our assets.

Have a look yourself at the Airbnb privacy terms update, as here are the old and new policies merged into a clear diff:

Additions are in bold
Deletions are in strike

Last Updated: April 7, 2014July 6, 2015


Airbnb (hereinafter referred to as “Airbnb”, “we”, “us” or “our”) operates a platform and community marketplace that helps people form lasting offline experiences and relationships directly with one another, where they can create, list, discover and book unique accommodations around the world, whether through our website or our mobile applications (“Platform”). Airbnb refers to Airbnb Inc. if you reside in the USA, and to Airbnb Ireland if you reside outside of the USA.

This Privacy Policy is intended to inform you about how we treat Personal Information that we process about you. If you do not agree to any part of this Privacy Policy, then we cannot provide the Platform or Services to you, and you should stop accessing the Platform and deactivate your Airbnb account. You can find out more about how to deactivate your Airbnb account at


Where the definition of a term does not appear in this Privacy Policy (such as “Listing”, “Accommodation”, “Content,” “Services” etc.), it shall be given its definition as outlined in our Terms of Service (

“Aggregated informationInformation” means information about all of our users or specific groups or categories of users that we combine together and which does not include the users’ Personal Informationso that it no longer identifies or references an individual user.

“Data Controller” means Airbnb, the company responsible for the use of and processing of Personal Information.

“Personal Information” means information relating to a living individual who is or can be identified either from that information or from that information in conjunction with other information that is in, or is likely to come into, the possession of the Data Controller.


1. Information that you give us

We receive, store and process information that you make available to us when accessing or using our Platform. and Services. Examples include when you:

  1. fill in any form on the Platform, such as when you register or update the details of your user account;, or when you supply ID verification information;
  2. access or use the Platform, such as to search for or post Accommodations, make or accept bookings, pay for Accommodations, book or pay for any associated services that may be available (such as but not limited to cleaning), post comments or reviews, or communicate with other users;
  3. link your account on a third party site (e.g. Facebook) to your Airbnb account, in which case we will obtain the Personal Information that you have provided to the third party site, to the extent allowed by your settings with the third party site and authorized by you; and
  4. communicate with Airbnb.

2. Mobile Data

When you use certain features of the Platform, in particular our mobile applications we may receive, store and process different types of information about your location, including general information (e.g., IP address, zip code) and more specific information (e.g., GPS-based functionality on mobile devices used to access the Platform or specific features of the platform). If you access the Platform through a mobile device and you do not want your device to provide us with location-tracking information, you can disable the GPS or other location-tracking functions on your device, provided your device allows you to do this. See your device manufacturer’s instructions for further details.

3. Log Data

We may also receive, store and process Log Data, which is information that is automatically recorded by our servers whenever you access or use the Platform, regardless of whether you are registered with Airbnb or logged in to your Airbnb account, such as your IP Address, the date and time you access or use the Platform, the hardware and software you are using, referring and exit pages and URLs, the number of clicks, pages viewed and the order of those pages, and the amount of time spent on particular pages.

4. Cookies, and other Tracking Technologies

Airbnb uses cookies and other similar technologies, such as mobile application identifiers, on the Platform. We may also allow our business partners to use their cookies and other tracking technologies on the Platform. As a result, when you access or use the Platform, you will provide or make available certain information to us and to our business partners.
While you may disable the usage of cookies through your browser settings, we do not change our practices in response to a “Do Not Track” signal in the HTTP header from your browser or mobile application. We track your activities if you click on advertisements for Airbnb services on third party platforms such as search engines and social networks, and may use analytics to track what you do in response to those advertisements.

We may, either directly or through third party companies and individuals we engage to provide services to us, also continue to track your behavior on our own Platform for purposes of our own customer support, analytics, research, product development, fraud prevention, risk assessment, regulatory compliance, investigation, as well as to enable you to use and access the Platform and pay for your activities on the Platform. We may also, either directly or through third party companies and individuals we engage to provide services to us, track your behavior on our own Platform to market and advertise our services to you on the Platform and third party websites. Third parties that use cookies and other tracking technologies to deliver targeted advertisements on our Platform and/or third party websites may offer you a way to prevent such targeted advertisements by opting-out at the websites of industry groups such as the Network Advertising Initiative ( and/or the Digital Advertising Alliance ( You may also be able to control advertising cookies provided by publishers, for example Google’s Ad Preference Manager ( Please note that even if you choose to opt-out of receiving targeted advertising, you may still receive advertising on or about the Platform – it just will not be tailored to your interests.

Third parties may not collect information about users’ online activities on the Platform except as described in this policy and our Cookie Policy.

5. Third-party social plugins

Our Platform may use social plugins which are provided and operated by third-party companies, such as Facebook’s Like Button.
As a result of this, you may send to the third-party company the information that you are viewing on a certain part of our Platform. If you are not logged into your account with the third-party company, then the third party may not know your identity. If you are logged into your account with the third-party company, then the third party may be able to link information about your visit to our Platform to your account with them. Similarly, your interactions with the social plugin may be recorded by the third party.
Please refer to the third party’s privacy policy to find out more about its data practices, such as what data is collected about you and how the third party uses such data.


We use, store and process Information about you for the following general purposes:

1. to enable you to access and use the Platform;

2. to operate, protect, improve and optimize the Platform, Airbnb’s business, and our users’ experience, such as to perform analytics, conduct research, personalize or otherwise customize your experience, and for advertising and marketing;

3. to help create and maintain a trusted and safer environment on the Platform and Services, such as fraud detection and prevention, conducting investigations and risk assessments, verifying the address of your listings, verifying any identifications provided by you, and conducting checks against databases such as public government databases;

4. to send you service, support and administrative messages, reminders, technical notices, updates, security alerts, and information requested by you;

5. where we have your consent, to send you marketing and promotional messages and other information that may be of interest to you, including information sent on behalf of our business partners that we think you may find interesting. You will be able toabout Airbnb or general promotions for partner campaigns and services. You can unsubscribe or opt-out from receiving these communications in your settings (in the “Account” section) when you login to your Airbnb account;

6. to administer referral programs, rewards, surveys, sweepstakes, contests, or other promotional activities or events sponsored or managed by Airbnb or our business partners; and

7. to comply with our legal obligations, resolve any disputes that we may have with any of our users, and enforce our agreements with third parties.


We may, either directly or through third party companies and individuals we engage to provide services to us, review, scan, or analyze your communications with other users exchanged via the Platform for fraud prevention, risk assessment, regulatory compliance, investigation, product development, research and customer support purposes. For example, as part of our fraud prevention efforts, the Platform may scan and analyze messages to mask contact information and references to other websites. This helps to prevent fraudulent actors from asking Guests to send them money outside of the Platform, such as by bank transfer or other money transfer methods. We may also scan, review or analyze messages for research and product development purposes to help make search, booking and user communications more efficient and effective, as well as to debug, improve and expand product offerings.

We will not review, scan, or analyze your communications for sending third party marketing messages to you. We will also not sell these reviews or analyses of communications to third parties. We will also use automated methods to carry out these reviews or analyses where reasonably possible. However, from time to time we may have to manually review some communications. By using the Platform, you consent that Airbnb, in its sole discretion, may, either directly or through third party companies and individuals we engage to provide services to us, review, scan, analyze, and store your communications, whether done manually or through automated means.


IMPORTANT: When you use the Platform, your data may be sent to the United States and possibly other countries

We may transfer, store, use and process your information, including any Personal Information, to countries outside of the European Economic Area (“EEA”) including the United States. Please note that laws vary from jurisdiction to jurisdiction, and so the privacy laws applicable to the places where your information is transferred to or stored, used or processed in, may be different from the privacy laws applicable to the place where you are resident.

If you are located in the EEA or in Switzerland, please also see our Safe Harbor Notice (

Your Personal Information may be disclosed as follows:

1. Parts of your public profile page that contain some Personal Information may be displayed in other parts of the Platform to other users for marketing purposes. or to the extent necessary to operate and manage referral and rewards programs.

2. Your public Listing page will always include some minimum information such as the city and neighborhood where the Accommodation is located, your listing description, your calendar availability, your public profile photo and your responsiveness in replying to Guests’ queries. Your public Listing page may also include aggregated demand information (such as number of page views over a period of time). Parts of your public Listing page may be displayed in other parts of the Platform to other users for marketing purposes. The Platform may also display the Accommodation’s approximate geographic location on a map, such that a user can see the general area of the Accommodation.

3. The Platform allows your public profile and public Listing pages to be included in search engines, in which case your public profile and public Listing pages will be indexed by search engines and may be published as search results. This option is enabled by default, and you may opt out of this feature by changing your settings on the Platform. If you change your settings or the information on your public profile or public Listing pages, third-party search engines may not update their databases quickly or at all. We do not control the practices of third-party search engines, and they may use caches containing outdated information, including any information indexed by the search engine before you change your settings or the information on your public profile or public Listing pages.

4. When you submit a request to book an Accommodation, your full name will become visible to the Host. In addition, if you agree to be contacted by the Host by phone when submitting your request and the Host decides to do so, Airbnb will call your phone number first, before connecting you with the Host. We will not share your phone number unless there is a confirmed booking.; if there is a confirmed booking, your phone number will become visible to the Host/Guest, who may call you directly.

5. When your request to book an Accommodation is accepted by the Host or when you accept a Guest’s request to book your Accommodation, we will disclose some of your Personal Information to the Host or Guest. However, your billing and payout information will never be shared with another user.
6. When a Guest stays at your Accommodation or when you stay at a Host’s Accommodation, we will ask you to review the Guest or the Accommodation. If you choose to provide a review, your review may be public on the Platform.

7. You may link your account on a third party social networking site to your Airbnb account. We refer to a person’s contacts on these third party sites as “Friends”. When you create this linkage:

  • some of the information you provide to us from the linking of your accounts may be published on your Airbnb account profile;
  • your activities on the Platform may be displayed to your Friends on the Platform and/or that third party site;
  • other Airbnb users may be able to see any common Friends that you may have with them, or that you are a Friend of their Friend if applicable;
  • other Airbnb users may be able to see any schools, hometowns or other groups you have in common with them as listed on your linked social networking site(s); and
  • the information you provide to us from the linking of your accounts may be stored, processed and transmitted for fraud prevention and risk assessment purposes.

The publication and display of information that you provide to Airbnb through this linkage is subject to your settings and authorizations on the Platform and the third party site.

8. We may distribute parts of the Platform (including your Listing) for display on sites operated by Airbnb’s business partners and affiliates, using technologies such as HTML widgets. If and when your Listings are displayed on a partner’s site, information from your public profile page may also be displayed.

9. We may allow our related entities such as our subsidiaries, and their employees, to use and process your Personal Information in the same way and to the same extent that we are permitted to under this Privacy Policy. These related entities comply with the same obligations that we have to protect your Personal Information under this Privacy Policy.

10. We may also engage third party companies and individuals, who may be located outside of the EEA, to provide services to us, including but not limited to technology services and services to help verify your identification or, to conduct checks against databases such as public government databases (where legally allowed), to otherwise assist us with fraud prevention and risk assessment, to assist us with customer service, and to facilitate the payments or reimbursements you request (such as Concur and American Express). We may provide Personal Information about you to these third parties, or give them access to this Personal Information, for the limited purpose of allowing them to provide these services. We will ensure that such third parties have contractual obligations to protect this Personal Information and to not use it for unrelated purposes.

11. For any jurisdiction in which we facilitate the Collection and Remittance of Taxes or Opt-in for Host Remittance of Taxes as described in the “Taxes” section of the Terms of Service, Hosts and Guests expressly grant us permission, without further notice, to store, transfer and disclose data and other information relating to them or to their Transactions, Bookings, Accommodations and Occupancy Taxes, including, but not limited to, personally identifiable information such as Host or Guest’s name, listing addresses, transaction dates and amounts, tax identification number(s), the amount of taxes received by Hosts from Guests, or allegedly due, contact information and similar information, to the relevant Tax Authority.

11.12. You acknowledge, consent and agree that Airbnb may access, preserve and disclose your account information and Collective Content if required to do so by law or in a good faith belief that such access, preservation or disclosure is reasonably necessary to (a) respond to claims asserted against Airbnb; (b) to comply with legal process (for example, subpoenas and warrants); (c) to enforce and administer our agreements with users, such as the Terms of Service, (, this Privacy Policy, and the Host Guarantee Terms and Conditions (; (d) for fraud prevention, risk assessment, investigation, customer support, product development and de-bugging purposes; or (e) to protect the rights, property or personal safety of Airbnb, its users or members of the public. We will use commercially reasonable efforts to notify users about law enforcement requests for their data unless prohibited by law or by the government request, or if doing so would be futile or ineffective.:

  • providing notice is prohibited by the legal process itself, by court order we receive, or by applicable law; or
  • based on information supplied by law enforcement, we, in our sole discretion, believe: (a) that providing notice could create a risk of injury or death to an individual or group of individuals, (b) that the case involves potential harm to minors, or (c) that harm or fraud could be directed to Airbnb, its Members, the Platform, or Services.

We may also publish, disclose and use Aggregated Information and non-personal information for industry and market analysis, demographic profiling, marketing and advertising, and other business purposes.


If Airbnb undertakes or is involved in any merger, acquisition, reorganization, sale of assets or bankruptcy or insolvency event, then we may sell, transfer or share some or all of our assets, including your Personal Information. In this event, we will notify you before your Personal Information is transferred and becomes subject to a different privacy policy.


You may review, update, correct or delete the Personal Information in your Airbnb account by logging in to your account.. If you would like to correct your information or cancel your Airbnb account entirely, you can do so by logging in to your account. Please also note that any reviews, forum postings and similar materials posted by you may continue to be publicly available on the Platform in association with your first name, even after your Airbnb account is cancelled.


We have implemented reasonableare continuously implementing and updating administrative, technical, and physical security measures to help protect your Personal Information against the unauthorized access, destruction or alteration of your information. However, no method of transmission over the Internet, and no method of storing electronic information, can be 100% secure. So, we cannot guarantee the absolute security of your transmissions to us and of your Personal Information that we store.


The Platform will contain links to other websites not owned or controlled by Airbnb. Airbnb does not have any control over third party websites. These other websites may place their own cookies, web beacons or other files on your device, or collect and solicit Personal Information from you. They will have their own rules about the collection, use and disclosure of Personal Information. We encourage you to read the terms of use and privacy policies of the other websites that you visit.

Some portions of the Platform implement Google Maps/Earth mapping services, including Google Maps API(s). Your use of Google Maps/Earth is subject to Google’s terms of use (located at and Google’s privacy policy (located at, as may be amended by Google from time to time.


Referral service and requesting for references

The Platform provides a referral service that allows you to invite your friends and contacts to use the Platform. The Platform also allows you to ask your friends and contacts to write a reference for you, to be published on your Airbnb profile.

We may integrate the Platform with third party sites such as Facebook, so that you can send invitation messages or requests for references via the third party site itself. These messages will be sent by the third party site, and Airbnb does not collect or retain the contact information that is used to send them.
You may also send invitation/request emails via the Platform itself, in which case we will ask you for the email addressescontact information to which to send these emails to.your invitation/request. You can type in the email addresses or other contact information manually, or you can request Airbnbchoose to import the contacts in your email account address book(s). In both cases, we willmay use theand store this information sent to us for the sole purposepurposes of sendingallowing you to send your friends and contacts a one-time email, inviting him or her to visit the Platforman invitation or to writerequest for a reference for you, and for fraud detection and prevention. With respect to referrals, we will also store the email addresses of your invitees to track if your friend joins Airbnb in response to your referral.

If you request us to import your contacts, we will collect, but not store, the username and password for the email account you wish to import your contacts from. We will use this information only for the purpose of importing your contacts.

Affiliate Program

If you are allowed to join Airbnb’s Affiliate Program (see and you sign up for it, you will have to provide us with certain Personal Information to enable us to provide the Affiliate Program to you.


The Platform may allow registered account holders to organize, search for or participate in offline events (“Meetups”) in selected cities.

If you organize a Meetup or indicate that you will attend one, this information, together with some of your public information (such as your profile picture and public profile page) and any messages that you post about that Meetup, will be visible to users who browse the event. However, Airbnb will never disclose where you are staying to another meetup user.


The Platform may allow registered account holders to participate in online discussion forums (“Group(s)”) in selected cities.

If you join a Group, then your membership in the Group as well as some of your public information (such as your profile picture and public profile page) will be visible to users who browse the Group. If you publish postings in a Group, then your postings will be visible to such users as well. The ability to browse the Group will depend on the Group settings, and it may or may not be limited to members of that Group.


We may change how we collect and then use Personal Information at any time and without prior notice, at our sole discretion.

We may change this Privacy Policy at any time. If we make material changes to the Privacy Policy, we will notify you either by posting the changed Privacy Policy on the Platform or by sending an email to you. We will also update the “Last Updated Date” at the top of this Privacy Policy. If we let you know of changes through an email communication, then the date on which we send the email will be deemed to be the date of your receipt of that email.

It’s important that you review the changed Privacy Policy. If you do not wish to agree to the changed Privacy Policy, then we will not be able to continue providing the Platform and Services to you, and your only option will be to stop accessing the Platform and Services and deactivate your Airbnb account. You can find out more about how to deactivate your Airbnb account at


Your opinion matters to us! If you’d like to provide feedback to us about this Privacy Policy, please email us at


If you reside in the EU or Japan, you may request in writing copies of your Personal Information held by us. We will provide you with a copy of the Personal Information held by us as soon as practicable and in any event not more than 40 days after thereceiving a valid request in writing. There may be a charge to access your personal data (which will not exceed €6.35 in Ireland and £10 in the United Kingdom). We may also request proof of identification to verify your access request. All requests should be addressed to our Data Protection Compliance Officer, Airbnb Ireland, Watermarque Building, South Lotts Road, Ringsend, Dublin 4, Ireland.

We endeavor to keep your information accurate, complete and up to date. If your Personal Information that we hold is inaccurate, please let us know and we will make the necessary amendments, erase or block the relevant information and notify you within 40 days of your valid request that the relevant action has been taken.

You may also request the erasure of your personal data if you believe we are otherwise in breach of relevant data protection legislation. All requests should be addressed to our Data Protection Compliance Officer, Airbnb Ireland, Watermarque Building, South Lotts Road, Ringsend, Dublin 4, Ireland. There is no charge for making such a request.


Airbnb uses “cookies” in conjunction with the Platform to obtain information. A cookie is a small data file that is transferred to your device (e.g., your phone or your computer) for record-keeping purposes. For example, a cookie could allow the Platform to recognize your browser, while another could store your preferences and other information.

Your browser may allow you to set how it handles cookies, such as declining all cookies or prompting you to decide whether to accept each cookie. But please note that some parts of the Platform may not work as intended or may not work at all without cookies.

Airbnb cookies and third party cookies

Airbnb may place our cookies on your device via the Platform. Accordingly, our Privacy Policy will apply to our treatment of the information we obtain via our cookies.

We may also allow our business partners to place cookies on your device. For example, we use Google Analytics for web analytics, and so Google may also set cookies on your device. As further explained below, third parties may also place cookies on your device for advertising purposes.

There are two types of cookies used on the Platform, namely “persistent cookies” and “session cookies”.
Session cookies will normally expire when you close your browser, while persistent cookies will remain on your device after you close your browser, and can be used again the next time you access the Platform.
Other technologies

The Platform may also use other technologies with similar functionality to cookies, such as web beacons and tracking URLs to obtain Log Data about users. We may also use web beacons and tracking URLs in our messages to you to determine whether you have opened a certain message or accessed a certain link.
Uses for Airbnb cookies

Airbnb uses cookies for a number of purposes, such as the following:

1. to enable, facilitate and streamline the functioning of the Platform across different webpages and browser sessions.
2. to simplify your access to and use of the Platform and make it more seamless.
3. to monitor and analyze the performance, operation and effectiveness of the Platform, so that we can improve and optimize it.
4. to show you content (which may include advertisements) that is more relevant to you.

Uses for third party cookies

Our partners’ cookies are intended to obtain information to help them provide services to Airbnb. For example, third party companies and individuals we engage to provide services to us may track your behavior on our Platform to market and advertise Airbnb listings or services to you on the Platform and third party websites. Third parties that use cookies and other tracking technologies to deliver targeted advertisements on our Platform and/or third party websites may offer you a way to prevent such targeted advertisements by opting-out at the websites of industry groups such as the Network Advertising Initiative ( and/or the Digital Advertising Alliance ( You may also be able to control advertising cookies provided by publishers, for example Google’s Ad Preference Manager ( Please note that even if you choose to opt-out of receiving targeted advertising, you may still receive advertising on the Platform – it just will not be tailored to your interests.

In addition, Facebook places a cookie via the Platform that allows Facebook to obtain aggregated, non-Personal Information to optimize their services. For example, if a user clicks on an advertisement for the Airbnb mobile app on Facebook and subsequently installs the app, this cookie will inform Facebook that a user (who is not personally identified) has installed the app after clicking on the advertisement. This cookie may also inform Facebook that a user is using the app, without identifying the specific actions taken by the user in the app.

Disabling Cookies

Most browsers automatically accept cookies, but you can modify your browser setting to decline cookies by visiting the Help portion of your browser’s toolbar. If you choose to decline cookies, please note that you may not be able to sign in, customize, or use some of the interactive features of the Platform. Flash cookies operate differently than browser cookies, and cookie management tools available in a web browser will not remove flash cookies. To learn more about how to manage flash cookies, you can visit the Adobe website ( and make changes at the Global Privacy Settings Panel (
Changes to this Cookie Policy

We can change this Cookie Policy at any time. If we make material changes to the Cookie Policy, we will let you know either by posting the changed Cookie Policy on the Platform or by sending you an email.
It’s important that you review the changed Cookie Policy. If you do not wish to agree to the changed Cookie Policy, then we cannot continue to provide the Platform to you, and your only option is to stop accessing the Platform and deactivate your Airbnb account. You can find out more about how to deactivate your Airbnb account at

Posted in Security.

The Little Can That Could

Part three in a three part series about the history of the Jerry can; this page is a reprint of a first-person account to support parts one and two.

Written by Richard M. Daniel and published in Invention and Technology, Fall 1987, pages 60-64

During World War II the United States exported more tons of petroleum products than of all other war matériel combined. The mainstay of the enormous oil and gasoline transportation network that fed the war was the oceangoing tanker, supplemented on land by pipelines, railroad tank cars, and trucks. But for combat vehicles on the move, another link was crucial—smaller containers that could be carried and poured by hand and moved around a battle zone by trucks.

Hitler knew this. He perceived early on that the weakest link in his plans for blitzkrieg using his panzer divisions was fuel supply. He ordered his staff to design a fuel container that would minimize gasoline losses under combat conditions. As a result the German army had thousands of jerrycans, as they came to be called, stored and ready when hostilities began in 1939.

The jerrycan had been developed under the strictest secrecy, and its unique features were many. It was flat-sided and rectangular in shape, consisting of two halves welded together as in a typical automobile gasoline tank. It had three handles, enabling one man to carry two cans and pass one to another man in bucket-brigade fashion. Its capacity was approximately five U.S. gallons; its weight filled, forty-five pounds. Thanks to an air chamber at the top, it would float on water if dropped overboard or from a plane. Its short spout was secured with a snap closure that could be propped open for pouring, making unnecessary any funnel or opener. A gasket made the mouth leakproof. An air-breathing tube from the spout to the air space kept the pouring smooth. And most important, the can’s inside was lined with an impervious plastic material developed for the insides of steel beer barrels. This enabled the jerrycan to be used alternately for gasoline and water.

Early in the summer of 1939, this secret weapon began a roundabout odyssey into American hands. An American engineer named Paul Pleiss, finishing up a manufacturing job in Berlin, persuaded a German colleague to join him on a vacation trip overland to India. The two bought an automobile chassis and built a body for it. As they prepared to leave on their journey, they realized that they had no provision for emergency water. The German engineer knew of and had access to thousands of jerrycans stored at Tempelhof Airport. He simply took three and mounted them on the underside of the car.

The two drove across eleven national borders without incident and were halfway across India when Field Marshal Goering sent a plane to take the German engineer back home. Before departing, the engineer compounded his treason by giving Pleiss complete specifications for the jerrycan’s manufacture. Pleiss continued on alone to Calcutta. Then he put the car in storage and returned to Philadelphia.

Back in the United States, Pleiss told military officials about the container, but without a sample can he could stir no interest, even though the war was now well under way. The risk involved in having the cans removed from the car and shipped from Calcutta seemed too great, so he eventually had the complete vehicle sent to him, via Turkey and the Cape of Good Hope. It arrived in New York in the summer of 1940 with the three jerrycans intact. Pleiss immediately sent one of the cans to Washington. The War Department looked at it but unwisely decided that an updated version of their World War I container would be good enough. That was a cylindrical ten-gallon can with two screw closures. It required a wrench and a funnel for pouring.

That one jerrycan in the Army’s possession was later sent to Camp Holabird, in Maryland. There it was poorly redesigned; the only features retained were the size, shape, and handles. The welded circumferential joint was replaced with rolled seams around the bottom and one side. Both a wrench and a funnel were required for its use. And it now had no lining. As any petroleum engineer knows, it is unsafe to store gasoline in a container with rolled seams. This ersatz can did not win wide acceptance.

The British first encountered the jerrycan during the German invasion of Norway, in 1940, and gave it its English name (the Germans were, of course, the “Jerries”). Later that year Pleiss was in London and was asked by British officers if he knew anything about the can’s design and manufacture. He ordered the second of his three jerrycans flown to London. Steps were taken to manufacture exact duplicates of it.

Two years later the United States was still oblivious of the can. Then, in September 1942, two quality-control officers posted to American refineries in the Mideast ran smack into the problems being created by ignoring the jerrycan. I was one of those two. Passing through Cairo two weeks before the start of the Battle of El Alamein, we learned that the British wanted no part of a planned U.S. Navy can; as far as they were concerned, the only container worth having was the Jerrycan, even though their only supply was those captured in battle. The British were bitter; two years after the invasion of Norway there was still no evidence that their government had done anything about the jerrycan.

My colleague and I learned quickly about the jerrycan’s advantages and the Allied can’s costly disadvantages, and we sent a cable to naval officals in Washington stating that 40 percent of all the gasoline sent to Egypt was being lost through spillage and evaporation. We added that a detailed report would follow. The 40 percent figure was actually a guess intended to provoke alarm, but it worked. A cable came back immediately requesting confirmation.

We then arranged a visit to several fuel-handling depots at the rear of Montgomery’s army and found there that conditions were indeed appalling. Fuel arrived by rail from the sea in fifty-five-gallon steel drums with rolled seams and friction-sealed metallic mouths. The drums were handled violently by local laborers. Many leaked. The next link in the chain was the infamous five-gallon “petrol tin.” This was a square can of tin plate that had been used for decades to supply lamp kerosene. It was hardly useful for gasoline. In the hot desert sun, it tended to swell up, burst at the seams, and leak. Since a funnel was needed for pouring, spillage was also a problem.

Allied soldiers in Africa knew that the only gasoline container worth having was German. Similar tins were carried on Liberator bombers in flight. They leaked out perhaps a third of the fuel they carried. Because of this, General Wavell’s defeat of the Italians in North Africa in 1940 had come to naught. His planes and combat vehicles had literally run out of gas. Likewise in 1941, General Auchinleck’s victory over Rommel had withered away. In 1942 General Montgomery saw to it that he had enough supplies, including gasoline, to whip Rommel in spite of terrific wastage. And he was helped by captured jerrycans.

The British historian Desmond Young later confirmed the great importance of oil cans in the early African part of the war. “No one who did not serve in the desert,” he wrote, “can realise to what extent the difference between complete and partial success rested on the simplest item of our equipment—and the worst. Whoever sent our troops into desert warfare with the [five-gallon] petrol tin has much to answer for. General Auchinleck estimates that this ‘flimsy and illconstructed container’ led to the loss of thirty per cent of petrol between base and consumer. … The overall loss was almost incalculable. To calculate the tanks destroyed, the number of men who were killed or went into captivity because of shortage of petrol at some crucial moment, the ships and merchant seamen lost in carrying it, would be quite impossible.”

After my colleague and I made our report, a new five-gallon container under consideration in Washington was canceled. Meanwhile the British were finally gearing up for mass production. Two million British jerrycans were sent to North Africa in early 1943, and by early 1944 they were being manufactured in the Middle East. Since the British had such a head start, the Allies agreed to let them produce all the cans needed for the invasion of Europe. Millions were ready by D-day. By V-E day some twenty-one million Allied jerrycans had been scattered all over Europe. President Roosevelt observed in November 1944, “Without these cans it would have been impossible for our armies to cut their way across France at a lightning pace which exceeded the German Blitz of 1940.”

In Washington little about the jerrycan appears in the official record. A military report says simply, “A sample of the jerry can was brought to the office of the Quartermaster General in the summer of 1940.”

Richard M. Daniel is a retired commander in the U.S. Naval Reserve and a chemical engineer.

Go back to part one or two in this series.

Posted in Energy, History, Security.