post

Chrome & Firefox Users Are Leaking Their IP Address…Even While Using a VPN

conf-com-usrThe only way you can guarantee your privacy while using a computer or mobile device, is to just disconnect them from the network. Or become a security expert. But if you must be online and want (or need) to be as secure as possible, you won’t want to use Google’s Chrome or Mozilla’s Firefox browsers until you make some changes since your IP address can be easily discovered.

You may know about (and already use, as I do) AdBlockPlus or Ghostery. These browser add-ons are used to block advertisements and also let you control who can track you by blocking services and advertisers from doing so.

So imagine how stunned I was to learn that the very cool and new WebRTC technology (for using video, audio and screensharing right inside your web browser) can leak your internet (IP) address.

Advertisers, and tracking services, love to set tracking cookies that map to your IP address. Then they can follow you around as you use that browser to surf the internet. Intelligence agencies love to discover the IP address of someone since they then can go right to the spot from where they’re connecting.

This flaw in WebRTC is especially troublesome since it would compromise someone whistleblowing, in a country with an oppressive regime in power, businesses communicating online with WebRTC, or anyone legitimately wanting their online activities to be private…especially when they believe they are safe while using a VPN.

Using Chrome or Firefox? Click here to check and see if you are vulnerable.

That IP address leakage is bad enough, but what is worse is that your IP address leaking is NOT able to be detected by any current plugins (e.g., Ghostery) or even the developer tools in Google’s Chrome or the Mozilla Firefox browsers (the primary ones that support WebRTC currently).

ThreatPost has this excellent article on this leak problem:

A recently publicized hole in WebRTC, a protocol for web communication, is revealing the local IP addresses of users, even those who go to extra lengths to hide theirs by using a virtual private network.

Daniel Roesler, a San Francisco-based researcher who’s dabbled in encryption, posted a demonstration on GitHub last week to illustrate how the vulnerability works.

Roesler’s proof-of-concept shows how websites make requests to STUN servers. STUN – or Session Traversal Utilities for NAT, servers – send a ping back that contains the IP address and port of the client–from the server’s perspective. The local and public IP addresses of the user can be gleaned from these requests via JavaScript.

So basically an advertiser, tracking service or intelligence agency can easily setup a STUN server and all requests to a page on that server—with special javascript code loading in a Chrome or Firefox browser—would reveal the IP address of the visitor and allow that page to set a tracking cookie.

Of course, you shouldn’t be doing anything online—even if using a VPN—that’s illegal like pirating movies or music, or buying stuff from a drug ecommerce site like Silk Road. But be especially careful if you are in a country, or situation, that means your life might be in danger if you are caught communicating using something like WebRTC.

How to Disable WebRTC

In Firefox:

  • To disable WebRTC, go to about:config and click-to-toggle media.peerconnection.enabled to false.
  • Or install this Firefox add-on

In Chrome:

  • Bad news? You CAN’T turn off WebRTC on desktop version of Google Chrome.
  • Good news? Install this Chrome Extension: WebRTC Block
post

Still Denying Climate Change?

bb-climate2I get so weary of climate deniers who seem to think climate change is some sort of liberal agenda item. I’ve tried hard to change minds, but it’s very hard to do. So I hold out little hope that yet *another* pro-business, pro-conservatism publication, Bloomberg Business, will get the deniers to understand. Bloomberg Business takes the data NASA released last week and presents it in these neat little interactive charts. Ones that climate deniers who skip the news and slept through science class should hopefully be able to understand.

The science didn’t do it since so many think science is BS and God will take care of us all, so we can just sit on our butts and do nothing. The Pope doesn’t think God will just handle it for us nor do these other 100 Catholic and Evangelical religious leaders (PDF) who support the Pope’s position.

Then, when that liberal organization called the Pentagon stated this in a 2014 report (PDF), the deniers ignored or pooh-poohed it:

The responsibility of the Department of Defense is the security of our country.  That requires thinking ahead and planning for a  wide range of contingencies.

Among the future trends that will impact our national security is climate change. Rising global temperatures, changing precipitation patterns, climbing sea levels, and more extreme weather events will intensify the challenges of global instability, hunger, poverty, and conflict. They will likely lead to food and water shortages, pandemic disease, disputes over refugees and resources, and destruction by natural disasters in regions across the globe.

In our defense strategy, we refer to climate change as a “threat multiplier” because it has the potential to exacerbate many of the challenges we are dealing with today – from infectious disease to terrorism. We are already beginning to see some of these impacts.

Sad that our education system has churned out so many functionally science illiterate people who just cannot comprehend the data or believe that 97% of scientists concur that climate change is real.

post

Dropbox Delivers FTP-like Uploading Anyone Can Use

baby-dropboxing

Everyone’s favorite file syncing service, Dropbox, just announced one of the simplest, most powerful file uploading capability I’ve seen yet. So simple that anyone with a Dropbox account (except a Business one…that’s coming soon) can create a request, and the person (or multiple people) they send that request to can upload files, each up to 2GBs in size*.

Providing access to your files in Dropbox to another person or persons is already simple. You can copy a shared link to that file and email it to someone. Couldn’t be easier. But enabling others to send you files has always been very difficult.

At my companies, it turns out that many people at our clients don’t have Dropbox (or Box)  or are unable to use it due to corporate security policies that disallow the use of third party file sharing services. Asking someone to set up a file upload-and-email service sounds good, but if they have to send you either one huge file (like a video) or multiple files (e.g., compressed in to a Zip file) then they will likely have to buy a subscription to that service in order to be able to send it to you.

But Dropbox has made this entire file sending adventure a no-brainer for anyone to use. [Read more…]

post

Enabling Seniors To Leverage Technology & Stay Home, Will Be *Very* Big Business

netsurfIn November of 2013, I wrote a post called New Connected Device for Seniors at Home that received thousands of unique views in its first month. That post was one that continued on a topic regarding technology for seniors that started with one of my most popular posts ever with tens of thousands of views, Elderly Need Super-Simple, Phone-like Skype.

I was certainly interested in this topic…but why were so many others?

My interest began as my father, Bill Borsch, was aging-in-place and in his last few years (he passed away in March of 2013). I was filled with anxiety knowing so much about available technology, but feeling like I couldn’t quite leverage what was currently available.

Knowing that we were right on the cusp of tech that would transform his world was both exciting and anxiety-producing since I really wanted to help him out. Sadly, it turns out that 2011-2013 was still too early for me to deliver any sort of transformative technology in Dad’s home. I’d purchased him a very early SmartThings kit (from their Kickstarter project) but even that was too early at the time.

Today we have a lot of great technology for (or able to be leveraged) that seniors can use, but the entire “connected aging” space is changing almost by the week. There are so many things going on in the space right now like personal security and medical alert stuff, wearables including the Apple Watch, connected in-home automation sensors and devices, and so much more, that it is really hard to stay on top of what’s going on.

[Read more…]

post

Backup Factoids to (Hopefully) Get You Off Your A$$

infographic-snippetIf you already backup all of your digital data on all devices—or have a company strategy that takes care of it all for you along with your mission-critical data—go ahead and watch this instead of reading this post.

If you don’t, or are looking for some data on the costs of loss or downtime, you need to peek at what the gang over at Singlehop sent me after reading my post, Your Mom DEMANDS That You Backup Your Computer!. In it they asked if they could send over an infographic they’d created which I could share with you.

Normally I decline when I get these sorts of requests, especially since they number 2-3 per week, but I am passionate and adamant about backing up and hopefully these factoids will motivate you to take steps NOW to do the same for yourself or your organization. Besides, it has some really interesting factoids within it you will undoubtedly find interesting.

Here is that infographic:

[Read more…]

post

My Apple Watch & Dick Tracy

dtwtchAs a kid, I was always fascinated by Dick Tracy and his gadgets. Add to that my interest in mystery novels—especially ones like Mike Hammer when I got older—buying a smartwatch has been in the back of my mind but I didn’t like any of the current ones. Getting the functionality promised in my soon-to-arrive Apple Watch, however, is something I’m looking forward to not as a gadget guy, but as that little kid who wanted a wrist-radio-watch.

Now I kinda, sorta regret not building my “private detective office” when my wife and I were constructing our current house back in the early 1990s since having my wrist-radio-watch would have fit in perfectly.

My home office space would have been awesome as a “private eye’s” office. With french doors that swing open to the office space, I thought I’d make something that looked somewhat like this 1930s-era private eye’s office:

pdoff

20-inch-monitor-on-deskBut it wouldn’t have made sense, especially since I had a HUGE computer display, Mac tower, VoIP digital phone with headset and a Powerbook laptop on my desk! As you can see from the photo on the left, that enormous display and other technology would have looked very weird in a 1930s-era private eye’s office.

Still, I was able to get my “private detective fix” by getting my kids in on the action. They, too, were enthusiastic about kids being resourceful or as private detectives in movies such as Home Alone, Harriet the Spy, and Who Framed Roger Rabbit. My son and I would read my old Hardy Boys books together as well, and he became an avid reader of those and hundreds of other fantasy, science fiction and mystery genres.

kids-as-detectivesIn the photo on the right, taken one very cold and bleak winter-weekend day, I’ve hidden my pager (yes, I carried a pager in the 90s!) and it has been stolen and the country’s two best detectives, Alex and Biz, are on the case. I made fake fingerprints and put them around the house and they set about solving the mystery.

Only one fingerprint was different and, of course, it had a matching one on the pager itself (which was stuck in a drawer). There were a bunch of other clues and the kids had to investigate and figure out where the pager had been placed. It was fun and they solved the mystery, albeit too fast so we had to find other stuff to do that day.  😉

dtwbDid you order an Apple Watch? It’s highly unlikely that anyone under 40 years of age—and especially my own kids—won’t have a lot of context for Dick Tracy and probably won’t even think about how awesome and cool the technology really is with a wearable device like this one. My kids don’t seem to ache for future technology like I did as a child. They just expect that new technology will appear, be awesome, and enable them to do things better, cheaper and faster.

By the way, if you happen to bump in to me after my Apple Watch arrives, and I’m dressed like Warren Beatty in the Dick Tracy movie, please do not just walk up and say, “Hi Steve!” since I might be on an important case.

post

Your Mom DEMANDS That You Backup Your Computer!

mom-n-kidI know, I know…when someone gets after you for not backing up your computer, it sort of feels like Mom is badgering you to brush your teeth and wash your hands, right?

Mom was right. Clean teeth are happy teeth and don’t you DARE touch anything with those filthy hands! If your Mom had included data backup in her admonishments to you, she would have been right about that too.

forgotWhen it comes to backing up your personal computer—you know, the one that contains all your digital photos, videos, music, important files and more—you probably think to yourself, “I’ll do it soon” or “Maybe I’ll use a cloud backup service someday” or “I have a solid state drive and, um, they don’t crash?” Unfortunately your best intentions, procrastination, laziness or nonchalant attitude won’t save those ONLY COPIES of precious baby photos, images from your wedding, videos of a family vacation, or those critically important, now-digital documents you’ve already shredded, when your hard drive crashes and can’t be recovered.

You have four options when it comes to backing up your one-and-only copy of a digital file:

  1. Buy a cheap drive and backup to it. Cheap drives don’t last long and aren’t that durable. I’ve had several go bad on me over the last 10-20 years.
  2. Backup to the cloud with a service like Crashplan. If you have multiple terabytes of data, however, it could take weeks to backup (and use a lot of your internet bandwidth) or you’ll be sent a big drive and you’ll have to backup to it and then ship it to the cloud service (to get a headstart on future backups and save both you, and the cloud backup service, a lot of bandwidth cost).
  3. Buy an ioSafe secure vault drive (more on that below).
  4. Do nothing and hope your computer’s drive never crashes, a power surge or brownout doesn’t fry the drive, your house doesn’t start on fire, or some burglar doesn’t come in and take your computer and its files for a joy ride in his stolen car.

Option #4 is like not having homeowner’s, auto, or health insurance. You may never need any of them, but if you do and aren’t insured, you’ll likely lose big or lose everything.

[Read more…]

post

John Oliver on Surveillance

Love how he can wrap very serious content with enough funny stuff to keep us paying attention…and understanding what’s coming is exactly what we all need to do (and yes, that includes you):

post

Anyone, Anywhere, Anytime (Unless You Use Apple)

webrtcAs more of us work virtually, it is imperative that we can communicate with each other easily, seamlessly, and that the web browsers we use support standards vendors agree upon.

One such browser-based technology already exists. With it you launch a web browser that supports this technology and “call” anyone, anywhere who has internet access. You could see them on video. Share your screen with them. Get in to a chat or a group chat. Share files with each other. Plus, since web browsers run on virtually every modern mobile device, this ability would extend to your communications anytime.

Unfortunately, the #1 most promising technology, WebRTC, is only minimally supported at this moment. A standards battle is underway and is yet another one amongst giants hoping to dominate the next wave of unified communications…to our detriment IMHO. Seamless, easy, ubiquitous communication capability—with anyone, anywhere and anytime—should be in our hands already. The technology exists and works well.

[Read more…]

post

Napkin: A Surprisingly Powerful Communication Tool

napkin-logoGoing through my news reader early this morning I came across this one sentence post by John Gruber at Daring Fireball. It referenced a Mac app called “Napkin” and Gruber said that it’s a “great update” so I thought I’d check it out.

Wow. How did I not know about this app? Napkin allows you to essentially create a mashup of media that you can annotate and quickly share.

Huh?” you may ask. What do you mean by “annotate and quickly share” Borsch?

napkin-pip

An example of a screenshot annotated in Napkin and immediately exported to my desktop and imported in to this post. Time to create was about 1 minute.

My workflow consists of communicating with people every single day that are not in my office and some I’ve never even met personally. I have to communicate concepts to people at our clients, on my team, to subcontractors, and to friends and family. If I write up a bunch of text about a concept, often people just don’t get it. Creating a quick screencast is very time consuming so I only do that when my communication to one or more people absolutely requires it.

For my high value concept communications, let me tell you about the steps I went through before, and then after, I used Napkin.

[Read more…]