post

Why Browser Extensions Are Dangerous

Regardless of browser-type used, I’ve always been **extremely** cautious about loading extensions, especially if they’ve been created in God-knows-what-country and ask for permissions that are worse than leaving your front door open with the key in the lock!

There have been a number of compromised extensions recently in Chrome (see Attackers Go on a Chrome Extension Hijacking Spree” – Several More Compromised) and other browsers are not immune. But it’s this recent spate of Chrome-based extension compromises that is the biggest worry.

How-To Geek just published Browser Extensions Are a Privacy Nightmare: Stop Using So Many of Them and it is absolutely worth a read, especially with warnings like this:

“Modern web browsers like Google Chrome and Microsoft Edge have a permission system for extensions, but many extensions require access to everything so they can work properly. Even an extension that just requires access to one website could be dangerous, however. For example, an extension that modifies Google.com in some way will require access to everything on Google.com, and therefore have access to your Google account—including your email.

These aren’t just cute, harmless little tools. They’re tiny programs with a huge level of access to your web browser, and that makes them dangerous. Even an extension that only does a minor thing to web pages you visit may require access to everything you do in your web browser.”

So either don’t load extensions or be very, very, very careful when you do so.

post

Cutting the Cord is Hard

Have you considered cutting the cord? If so, get ready for A LOT of resistance and delays when you try to cancel your services!

My wife and I are downsizing from our large family home to a townhome or condo. We haven’t yet purchased a dwelling so we’re uncertain as to which cable provider we may end up with and, since it’s summer, it seemed like a good time to begin cancelling all the services we don’t need and do it now. Plus, it’s actually highly likely we may not renew a cable subscription anyway.

So let’s say you have decided to cut the cord. Cancelling is not a 5 minute per account adventure.

CANCELLATIONS
Not surprisingly, none of these TV provider subscriptions can be cancelled online. One must talk to a human who will do their best to try to talk you out of it and keep you as a customer. Be prepared to invest at least 45 minutes per cancellation and call earlier in the day rather than later.

  • Cancelling Comcast escalated the call from a Philippine-based call center to a U.S.-based “Cancellation Office” where they gave me the third-degree on why I was cancelling. I was forceful that I just wanted to cancel (not put my subscription “on hold”) and they finally cancelled it.
  • Cancelling TiVo was another story. Again it was a call center somewhere and the woman, Joyce, made multiple offers to keep my subscription alive. “We can put it on hold” or “We can offer you X months at a reduced rate” and I was having none of it. “I just want to cancel it” and it turned out Joyce was having “technical difficulties” so could not cancel the account. Fortunately, a few hours later, an email came through with a cancellation notification so that’s done.

Here’s is why it’s so hard to cancel. These legacy TV providers are losing subscribers like crazy and are obviously doing whatever they can to hold on to us:

Five of the largest U.S. pay-TV providers posted subscriber losses during the second quarter as younger viewers increasingly cut the cord and moved to “skinny bundles,” or cheaper packages with select channels, and Internet streaming services like Netflix or Hulu. (via Fortune)

CUTTING THE CORD
If you’re like us, or most people we know, the lion’s share of our TV watching is done through streaming boxes (we have an AppleTV and Roku) as well as subscriptions to Netflix, Hulu (commercial free), AcornTV and DirecTV Now (it’s only $10/month since we have an AT&T Unlimited Plus family plan and then we pay $5/month for HBO too).

Two things we considered strongly and are two things to ponder if you’re considering cutting the cord yourself:

1) There isn’t yet a streaming service that can become a cable replacement, one that includes all the major networks and channels one might want or need. For example, DirecTV Now does not yet have all of the Minneapolis/St. Paul local channels. They also do not have CBS at all. So they’re not an option…yet…but parent AT&T has announced big changes for this Fall.

Whether there is a service that hits the sweet-spot of what people need — at price-points we can stomach — is certainly in flux and there is A LOT of uncertainty about who will be that be-all, end-all provider. You can see a good comparison of the top five providers here.

2) Maybe we don’t need to worry about local channels anyway. I just ordered a Mohu antenna that, for $20, will get all the HD channels we need in the Twin Cities and is better quality than what we’ve watched on cable (over-the-air signals are uncompressed so look much better than compressed cable TV signals). For where we’re going to move to next we don’t yet know which antenna we’ll need, but for now this will work great.

Hope this helps if you, too, are considering cutting the cord.

post

Communicate Like a Pro

Regardless of your occupation, having great communicator skills are “table stakes” to be in the work game today. Especially if you host webinars, record screencasts, podcasts or videos, or even chat with a friend over Skype.

National Public Radio (NPR) has this very useful NPR Training website where you can learn the techniques NPR has honed over many, many decades.

As someone who has done all of the above for communicating with others, the subtleties and nuances of properly delivering what you want to get across is something easy to learn…but you do need to learn it. Too often I’ve attended webinars with the host taking the first five minutes to “um” and “hang on a second” as they futz around getting everything ready. Then they talk like they simply do not care about what they’re saying, you as an attendee, or that they’re bored out of their mind.

Come across as the real you. Not the “DJ” you or what you think you should sound or look like. This training will really help you communicate like a professional so check it out.

post

Why My New VPN is ProtonVPN

The team of scientists and engineers that came out last year with the wildly successful end-to-end encrypted email service, ProtonMail, has now officially made public their new highly secure (and very fast!) virtual private network (VPN) called ProtonVPN.

As a ProtonMail user I’ve been incredibly pleased with the service and its security and this morning I signed up for their newest offering, ProtonVPN. I did so mainly because of the features, but also because it’s from a company I trust and, as a beta user, found it to be fast, robust, secure, and rock-solid.

I’m also stunned by how quickly they’ve nailed the key features needed in both email and VPN to keep us private and secure. A big plus also is that the company, Proton Technologies AG, is based in Switzerland, a country whose laws favor privacy, security and non-disclosure which is the perfect place to headquarter the firm:

“ProtonMail was founded in 2013 by scientists who met at CERN and were drawn together by a shared vision of a more secure and private Internet. Since then, ProtonMail has evolved into a global effort to protect civil liberties and build a more secure Internet, with team members also hailing from Caltech, Harvard, ETH Zurich and many other research institutions.

Today, we help our community of millions of users secure their private data online. More than 10,000 supporters have assisted us in this mission by donating to make this project possible. Thanks to your support, we are continuing to develop state of the art email privacy and security technology from our home base of Geneva, Switzerland.”

ProtonVPN has several key features that are a bit geeky, but have turned my head as someone who is deep in to cyber security:

  • Secure Core: This architecture gives their secure VPN service the unique ability to defend against network based attacks. Secure Core protects your connection by routing your traffic through multiple servers before leaving our network. This means an advanced adversary who can monitor the network traffic at the exit server will not be able to discover the true IP address of ProtonVPN users, nor match browsing activity to that IP.
  • Strong Encryption: All your network traffic is encrypted with AES-256, key exchange is done with 2048-bit RSA, and HMAC with SHA256 is used for message authentication which means it is VERY secure.
  • Forward Secrecy: The encryption cipher suites they use only include ones that have Perfect Forward Secrecy. This means that your encrypted traffic cannot be captured and decrypted later if the encryption key from a subsequent session gets compromised. With each connection, ProtonVPN generates a new encryption key, so a key is never used for more than one session.
  • Strong Protocols: They exclusively use VPN protocols which are known to be secure (OpenVPN and IKEv2). Though I’m not a cryptographer, every one that is whom I follow online swears by both of those protocols which have been examined and certified secure by top cryptographers all over the world.
  • Physical Security: The company has gone to extreme lengths to protect ProtonVPN’s Secure Core servers to ensure their security. Critical infrastructure in Switzerland is located in a former Swiss army fallout shelter 1000 meters below the surface. Similarly, our Iceland infrastructure resides in a secure former military base. Our servers in Sweden are also located in an underground datacenter. By shipping our own equipment to these locations, we ensure that our servers are also secure at the hardware level.

Other Key Features Include:

  • Open Source: Goes without saying that their transparency level is very high and having their software reliant on open source software examination and certification is a big selling point for any of us.
  • No Logs Kept: Under Swiss law they don’t have to keep them so they do not.
  • DNS Leak Protection: They ensure that your browsing activity cannot be exposed by leaks from domain name service (DNS) queries.
  • Kill Switch: Their desktop and mobile applications come with a built-in Kill Switch feature which will block all network connections in the event that the connection with the VPN server is lost.
  • Tor VPN: ProtonVPN comes with Tor support built-in. Through their selected Tor servers, you can route all your traffic through the Tor anonymity network and also access dark web sites. This provides a convenient way to access Onion sites with just a single click.

Take a look at their pricing page. They have a free offering (which is currently shutdown due to the overwhelming response and signups this week) and I signed up for the “PLUS” level today since, as a current ProtonMail user, I got a bit of a larger discount on both ProtonMail and ProtonVPN as a bundle.

I need to end with this: I’ve analyzed more than a dozen of the top VPN providers and previously chose Private Internet Access (which I still have active since I’m paid through April of 2018) and, especially for the non-geeks out there, it’s still the easiest to use, they keep no logs, have the most data centers, and still has my strong recommendation.

But if you’re extra-serious about your VPN — or have specific needs to be highly secure when online — I’d absolutely recommend you immediately go and signup for ProtonVPN.

post

A Few Ideas About Staying Safe and Anonymous Online

My daughter sent me an email last night asking me if an app called Disconnect might work to help keep her safe online, especially since she has experienced her virtual private network (VPN) connection slowing down her online activity.

Here is some of what I emailed to her and thought I’d expand it a bit and post it as it might help you too.

A VPN’s encrypted tunnel does have overhead so it will slow down your internet connection. No way around that and there are always trade-offs like this in order to have good security. A VPN’s encrypted “tunnel” through your internet connection — for your traffic to travel through — typically requires using 10-15% of your internet connection’s bandwidth, but it’s worth it almost all of the time.

One tradeoff many of us make is using good, hard to remember, and always different passwords for every website and app we use. Doing so is very challenging as is keeping track of them (which is why using a password manager like LastPass is so important).

That Disconnect app is just a tracking blocker, but it does offer a VPN in their Premium version for both blocking trackers and keeping traffic encrypted and somewhat anonymous (and it’s good to see that Disconnect does not keep logs of your VPN traffic and use). Disconnect’s VPN will slow down your internet connection just like any VPN does, but I haven’t done a side-by-side comparison between Disconnect’s VPN and the one we use.

Our chosen VPN is Private Internet Access (PIA), a provider that also keeps no logs and has 3,194 servers in 36 locations across 24 countries. Our entire family (and our business) uses PIA. Unless one uses the Disconnect Premium with their built-in VPN, your ISP and trackers can still know where you go and what your iPhone’s apps do (i.e., websites you visit; connections your phone makes through apps; etc.).

My preference is to use best-in-class tracking blockers and a VPN, but want to keep them separate (e.g., Disconnect’s Premium product is $5 per month or $50 per year  for only 3 devices while PIA’s is $6.95 per month or $39.95 for a year but they allow up to 5 devices).

Just know that, even with all of the measures I’m going to outline below, you always, always want to use a VPN when you connect to public Wifi (as well as a few other things) regardless of whether you are only concerned about being tracked while online.

Also, understand that there isn’t anything that is 100% foolproof. Cyber security is an “arms race” and as the good guys build better defenses, the bad guys are building better hacking/cracking and tracking tools. For example, the tech news site Ars Technica had this comprehensive article about how sites can still fingerprint you online even when you use multiple browsers so do your best to stay untracked and anonymous as you can.

[Read more…]

post

Self-Driving Cars by 2030 Will Decimate the Auto Industry BUT Will Save Consumers $1 Trillion & Grow The Economy!

A new research report by the think-tank RethinkX was just published today and has some startling forecasts (my bold and in red):

We are on the cusp of one of the fastest, deepest, most consequential disruptions of transportation in history. By 2030, within 10 years of regulatory approval of autonomous vehicles (AVs), 95% of U.S. passenger miles traveled will be served by on-demand autonomous electric vehicles owned by fleets, not individuals, in a new business model we call “transport- as-a-service” (TaaS). The TaaS disruption will have enormous implications across the transportation and oil industries, decimating entire portions of their value chains, causing oil demand and prices to plummet, and destroying trillions of dollars in investor value — but also creating trillions of dollars in new business opportunities, consumer surplus and GDP growth.

The impacts of TaaS they predict will be both exciting and frightening — if you’re in the transportation business — but the savings for the rest of us (and increased GDP growth) is amazing (again, my bold):

  • Savings on transportation costs will result in a permanent boost in annual disposable income for U.S. households, totaling $1 trillion by 2030. Consumer spending is by far the largest driver of the economy, comprising about 71% of total GDP and driving business and job growth throughout the economy.
  • Productivity gains as a result of reclaimed driving hours will boost GDP by an additional $1 trillion.
  • As fewer cars travel more miles, the number of passenger vehicles on American roads will drop from 247 million to 44 million, opening up vast tracts of land for other, more productive uses. Nearly 100 million existing vehicles will be abandoned as they become economically unviable.
  • Demand for new vehicles will plummet: 70% fewer passenger cars and trucks will be manufactured each year. This could result in total disruption of the car value chain, with car dealers, maintenance and insurance companies suffering almost complete destruction.

Besides all of the obvious downsides to the Trump Administration opening up National Parks and federal lands to oil drilling and mineral exploration —all while decimating the Environmental Protection Agency and labeling climate change a hoax — the positive economic impacts of using solar for energy production, having autonomous vehicles (especially those that are electric) is just smart (which likely explains why the Trump Administration is against those…but I digress).

There is so much more detail in this report that it is definitely worth your time to go and download it:

Go to the RethinkX Website
Read the Press Release
Download the Report Here
post

The NSA is *Not* Securing Our Nation...On Purpose

By now you should have heard at least something about the WannaCry ransomware attack that’s been going on over the last few days. When I ask people about it and what they know, most have vague responses like, “those computers must be old or not updated” or “people were stupid and did something wrong.”

While both have some truth in it, this analysis by Richard Clarke* about an ABC News story on WannaCry had one of the best paragraphs that describe the #1 problem I’ve been mad about for years which was the root cause of this cyberattack, namely that the NSA is not disclosing so-called zero-day vulnerabilities (zero-days are ones that aren’t yet known so companies can fix them):

First, America’s own National Security Agency (NSA) found the vulnerability in Microsoft Windows that would permit a hacker to gain control of a device. When the agency found that vulnerability, it should have told Microsoft right away, so that the error could have been fixed as part of the regular monthly “patching” program without calling attention to it.

Yep. The NSA should have told Microsoft right away so they could patch the vulnerability but then the NSA couldn’t use it themselves. The NSA has a long history of not disclosing vulnerabilities though the NSA chief claims they do disclose 91% of them (which means they likely keep the good stuff, the other 9% that are devastating like WannaCry has been when leaked, to themselves).

Clearly there needs to be a balance, as this Georgetown Security Studies article suggests, between national security and actions that cause national weakness, which I would argue the NSA is doing by keeping vulnerabilities to themselves. The NSA could go a long way toward protecting the American people by disclosing vulnerabilities that are obvious to them and potentially crippling to our nation, as well as not being breached and having their tools stolen.

That Georgetown article had these words to say about the United States’ Vulnerabilities Equities Process (VEP) that should compel the NSA to be more forthcoming, but it contains a loophole that anything before 2014 doesn’t have to be disclosed (which is millions upon millions of computers and servers running older versions of operating systems and software):

Established under President Barack Obama in 2014, the Vulnerabilities Equities Process (VEP) is an interagency framework used to determine whether the US government and its contractors should disclose software and hardware vulnerabilities to the public and private sector or foreign allies.

The public and private sector have increasingly called for full transparency of the VEP and disclosure of all known exploits. According to the National Security Agency (NSA) Director Admiral Michael Rogers, the NSA shares more than 90% of the vulnerabilities it discovers. However, the VEP currently provides a loophole that exempts any vulnerabilities discovered before 2014 from the vetting process. This is problematic for transparency given the long shelf life of a zero-day.

Sadly, I don’t think the current White House administration will do anything to thwart the NSA’s runaway, do-anything-they-want agenda. Transparency is certainly not their forté so my expectations are low.

Let’s hope Congress steps-in and helps drive national cyber security a little harder when it comes to the NSA actually caring about national internet security vs. just performing signals intelligence while the nation’s I.T. infrastructure is hacked.

This WannaCry ransomware attack is a wakeup call to this nation (and the world) that all of the intelligence agencies (we’re looking at you too, CIA) had better start helping the world instead of acting like a bunch of high school hackers exploiting whatever weakness they can before they are found out and get caught.

FURTHER READING

post

Net Neutrality is B.S. and John Oliver Calls It Out

Humor is a great way to point out why net neutrality is such bullshit and John Oliver does it better than anyone.

Do you like the internet? Or would you rather have it “owned” by corporations (e.g., Comcast, Verizon)? If you care to comment and let your views known, use Oliver’s custom URL to go directly to the page where you can make a comment: http://gofccyourself.com

UPDATE at 10:12am CDT

Here is the text I just submitted to the FCC comment form here:

The global internetwork is one of the most important advances in all of human history. As someone who has worked in the internet space since the 1990s (e.g., Vignette) and covered startups and innovators in Minnesota (e.g., Minnov8.com), as well as building dozens upon dozens of websites with one of our businesses (Innov8Press.com), it is clear net neutrality must remain and be enhanced, not deregulated to the point where ISPs are free to turn it in to a metaphorical toll road with incredible analytical and tracking capabilities built-in.

I believe that internet service providers (ISPs) and governments regulating the internet should treat ALL data on the Internet the same. They should not discriminate or charge differentially by user, content, website, platform, application, type of attached equipment, or mode of communication.

ISPs, like all corporations do and should, work in their own self-interest. While leaders within those organizations live and work in their communities, they have a fiduciary duty to their shareholders and thus work toward outcomes that maximize their competitive advantage and shareholder value over all other considerations. In short, they must focus strategically on their company instead of any other greater good while the FCC must focus on the latter and mitigate unintended consequences.

Consumer privacy *must* be protected. Entrepreneurs and innovators must be completely free to invent, disrupt, and even replace existing methods, processes, services and other areas that ISPs would inherently block in order to preserve and defend their businesses.

Unless compelled to do so through regulation, ISPs will erode a neutral internet, slowly-but-surely infringe upon the private online behaviors of consumers, and sway internet usage toward their paid services. It is in their best interest to do so and it will happen.

I urge the FCC to reclassify internet service providers (ISPs) as common carriers under Title II of the Communications Act of 1934. Title II classification would allow the FCC to protect net neutrality by regulating against paid prioritization and other self-interest behaviors that are not in the best interest of America.

post

One Word Describes the Trump Administration: Uncertainty

Image of Trump by DonkeyHotey under a CC-by-2.0 License 

There is an old adage used by investors, strategists and market watchers that “markets hate uncertainty” and the Donald Trump presidency is all about throwing grenades in to everything and creating that uncertainty. As I read, talk with senior leaders, venture capitalists and even small business owners like myself, everyone is unsure what to do next when it comes to healthcare insurance, investments, and more.

In my view Trump’s creation of uncertainty is negatively impacting markets, innovation, investment (both domestic and foreign) and is only going to get worse as his presidency continues.

Here are a few examples that have come up from the beginning of April until today:

That last bullet point is about uncertainty in healthcare, especially after the House passed the repeal of Obamacare, and how insurers, hospital and clinic systems, physicians, business leaders, and so many others are just not sure what to do next. They see how horrifically bad the GOP direction would be if passed by the Senate — and how it leaves out millions of our fellow Americans — and are on-hold until Trump and the GOP figure out what to do themselves.

Virtually everything under Trump is uncertain and his administration’s falsehoods (i.e., lies) about even small details means that any initiatives or policies Trump and his minions put forth are treated with uncertainty.

Uncertainty is my reason #2,445 why Trump is the worst thing that has ever happened to America.

post

My Podcast Archives

A family listening to the radio in the 1940sIn the CTD Podcast Archive, which I just cleaned up and posted, you’ll find 47 podcast ‘shows’ that I recorded from May of 2005 through March of 2007. Yes, I still podcaster after 2007 but did it over at Minnov8.com and, as of this writing, we’ve done 400 shows and just ended that podcast as of April 8, 2017.

I’m pretty certain, however, that I’ll be podcasting again since I enjoy it so!

One of the reasons for this archive is that I’m a family historian and I love storytelling. The more I’ve learned about my ancestry in the late 1700s to early 1900s, the greater my desire is to have heard any of them tell me stories about what was on their mind. Though my podcasts vary greatly and aren’t always stories, one can still get a good sense of what was on my mind while I was recording them.

Hope you enjoy these and let me know if you think I should start podcasting again!