Each year I donate to the Electronic Frontier Foundation (EFF) but did more in 2016 than ever before. You should donate too since they’re the ONLY digital legal watchdog that’s protecting our cyber rights!
Each year I donate to the Electronic Frontier Foundation (EFF) but did more in 2016 than ever before. You should donate too since they’re the ONLY digital legal watchdog that’s protecting our cyber rights!
While discussing cyber security and online safety with clients, family and friends, I’ve had several of them ask me for guidance on how to secure their communications and web activities. While a thorough examination of all the detail surrounding privacy, security, and good online habits could be the length of a book, let me give you some of the basics along with a few links to learn more.
There are several reasons you should care about whether your online, digital communications and web surfing are private:
a) Tracking: Ever wonder how Facebook knows you just shopped for Corningware at Amazon and suddenly the ads on Facebook are displaying other bakeware companies? Would you be surprised to know that nearly all websites you visit set a little digital file called a “cookie”—a file that can prove to be very beneficial most times—but that some cookies are set by third party companies that do nothing but track ALL of your website visits (and much more) everywhere?
b) Are You Naked on Public Wifi? If you ever connect to a public Wifi hotspot, you should know that it is trivial for a Wifi hotspot to be spoofed and you might have already inadvertently connected to it! There are also packet-sniffers that can view any unencrypted traffic going back and forth between your laptop or device and the Wifi router and some blackhat hacker can view it.
Want to see how incredibly trivial it is to create a man-in-the-middle attack and spoof a Wifi hotspot? Then read this article which should scare the beejesus out of you (it did me). It’s called Maybe It’s Better If You Don’t Read This Story on Public WiFi and its tagline is this:
We took a hacker to a café and, in 20 minutes, he knew where everyone else was born, what schools they attended, and the last five things they googled.
If after you have read that article you are still logging on to public Wifi hotspots without using a VPN, please comment below and give me your argument as to why you think it’s OK to get online with public Wifi and no VPN. I’ve yet to hear a single, valid reason why someone shouldn’t connect securely.
c) Government Surveillance: You’ve undoubtedly heard about Edward Snowden who revealed the vacuum mass surveillance apparatus in place by the National Security Agency and that they’re are scooping up ALL metadata about who called whom; what websites you visit and searches you perform; what texts you send; who your Facebook/Twitter and other friends are; what photos you post; and much more.
As a preview to what might very well happen here in the U.S. under a Trump administration, a new law just passed in the United Kingdom and it will give you a taste of what is probably coming to America…and soon…and why we all need to be more diligent about our privacy and security. The UK Now Wields Unprecedented Surveillance Powers — Here’s What It Means spells out what we could expect in the US in the near future:
The UK is about to become one of the world’s foremost surveillance states, allowing its police and intelligence agencies to spy on its own people to a degree that is unprecedented for a democracy. The UN’s privacy chief has called the situation “worse than scary.” Edward Snowden says it’s simply “the most extreme surveillance in the history of western democracy.”
The legislation in question is called the Investigatory Powers Bill. It’s been cleared by politicians and granted royal assent on November 29th — officially becoming law. The bill will legalize the UK’s global surveillance program, which scoops up communications data from around the world, but it will also introduce new domestic powers, including a government database that stores the web history of every citizen in the country. UK spies will be empowered to hack individuals, internet infrastructure, and even whole towns — if the government deems it necessary.
It is also probable that both the UK and the US will take steps to ban end-to-end encryption (one reason I use more and more services outside the US) and/or legally force companies to insert backdoors in their software so law enforcement can get in to the computer or device you own, especially without having to secure one of those pesky search warrants. It’s actually a lot more ominous than that, but writing much more about it is beyond the scope of this post.
You should be. I am, and I stay abreast of all of this every, single day. Read on for some specific tips and tricks to stay safe online.
Edvard Munch’s painting The Scream…and a few scared internet users
For no other reason than this is one of my favorite Monty Python bits of all time, I give you the Dead Parrot sketch:
Several people I know have asked me for guidance on how to secure their communications prior to Trump taking office. The reason they are concerned is the same reason I am: The Trump administration could very well accelerate (or use extensively) the vacuum mass surveillance apparatus in place by the National Security Agency.
Electronic Frontier Foundation Guide
Here is the guide you should use for staying safe with email, chat, voice calls, if you’re at a protest, and so on.
Modern technology has given those in power new abilities to eavesdrop and collect data on innocent people. Surveillance Self-Defense is EFF’s guide to defending yourself and your friends from surveillance by using secure technology and developing careful practices.
The guide has an Overview if you’ve not yet secured your computer, tablet or smartphone, to Tutorials that include step-by-step guides on how to install software and tools, and finally with Briefings which are detailed guides for specific situations.
Bonus link from The Intercept: Surveillance Self-Defense Against the Trump Administration
Could Trump Accelerate the Use of NSA’s “Google for Private Communications?”
Yes, possibly and perhaps even likely. I would say it is likely since the Trump administration people—especially those like the highly controversial pick of advisor to the president, Steve Bannon—won’t be able to help themselves with the power of the office and the tools at their disposal…so I am going to assume the answer is yes, they will.
One of those tools is XKEYSCORE, the name of the NSA’s Google-like search engine and one of the agency’s “…most powerful tools of mass surveillance (which) makes tracking someone’s Internet usage as easy as entering an email address, and provides no built-in technology to prevent abuse.“
The NSA’s XKEYSCORE program, first revealed by The Guardian, sweeps up countless people’s Internet searches, emails, documents, usernames and passwords, and other private communications. XKEYSCORE is fed a constant flow of Internet traffic from fiber optic cables that make up the backbone of the world’s communication network, among other sources, for processing. As of 2008, the surveillance system boasted approximately 150 field sites in the United States, Mexico, Brazil, United Kingdom, Spain, Russia, Nigeria, Somalia, Pakistan, Japan, Australia, as well as many other countries, consisting of over 700 servers.
NOTE: All we actually know of XKEYSCORE is from 2013 and no one knows what advances have been made in the last three years. The deep concern is that the tool has become more powerful, and access could be as simple as logging in with a White House web browser. Imagine that someone’s full communications portfolio is instantly laid out for review by anyone wanting to know what you’re texting, browsing, who you’re calling and more, all at the click of a mouse.
Unless, of course, your communications are secure.
I hope I’m wrong and President-elect Trump becomes a centrist and moves away from his childish, vindictive behaviors. That hope extends to Trump stopping his being tone-deaf on what more than half this country needs from a president. But I don’t believe in fairy tales, magic, or that “God will make it OK” like many people I know believe.
Instead, my communications are already secure so I highly recommend you make your communications secure and do so right now…while you still can.
Apple’s 1984 ad introducing the Macintosh in January of 1984 with Donald Trump in
the role of overlord, about to be overturned by a disruptor with a sledgehammer
Yeah…he’s scary and I’m disappointed he won too. But it was a close election with Clinton winning the popular vote with 59,943,009 votes (47.7%) and Trump with 59,705,048 votes (47.5%). We all now know that Trump won the should-now-be-abolished electoral college with 279 votes vs. Clinton’s 228 and he’s our (shudder) president-elect.
Turns out that the 47.7% who did NOT support Trump are quite unhappy about getting a clown as president and there are protests in the streets, uncertainty everywhere, and the circus will soon arrive in our nation’s capital.
Fortunately the 47.5% who DID vote for Trump are incredibly excited because “it was God’s will” (which they influenced ’cause they prayed a lot), they now have a shot to delete the Affordable Care Act, overturn Roe v. Wade, revert to marriage as “one man, one woman“, get rid of Muslims, Mexicans, Somalis, and anyone who doesn’t look like them, invest in the military so we can crush all global militaries 10 times over instead of just 7 times over, and make sure that “political correctness” dies like Trump would speaking to a group of millennials.
But hey…we’ve got nearly two months left before we have to go nuts against a Trump administration and fight what will certainly be the attempted execution of an old man’s vision for the United States of America.
Until then it’s time for a chuckle. Here are a few videos that will hopefully help you overcome your stunned disbelief:
If I was 25 years old right now I’d probably be feeling pretty hopeless. Is it any wonder everyone, including young people, are furious and feeling hopeless? But this post will focus on our children and the world they have already inherited and how they still have optimism about the future.
Right after September 11, 2001 I remember peeking in to each of my kid’s bedrooms before going to bed myself. Our daughter was 13 years old and son was about to turn 7 years old. After that devastating day I stood there saddened when considering the world they were going to inherit and I felt a twinge of hopelessness.
That feeling turned in to irritation and then anger as the months unfolded. I saw the 9/11 tragedy turned in to a justification for war, one where the slimmest amount of intelligence possible was used as justification for invading Iraq and Afghanistan.
From 2002 through 2008 I grew increasingly concerned as the Bush administration seemed to be bending the rules of intelligence with CIA ‘enhanced interrogation‘ and rendition, along with initiatives like Total Information Awareness (TIA). TIA was killed off but as we now know thanks to Edward Snowden’s revelations, any paranoia and concern I had at the time paled in comparison to what was really going on as the goals and objectives of TIA lived on.
Next came the global economic meltdown, inadvertently created by the financial services industry whose greed overshadowed their fiduciary responsibilities and destroyed the economy. A greed, I might add, that was fueled by the laissez faire attitude toward oversight and regulation by the GOP and Bush administration. The same administration that squandered a surplus while cutting taxes and going to war. According to The Center on Budget and Policy Priorities:
“If not for the Bush tax cuts, the deficit-financed wars in Iraq and Afghanistan, and the effects of the worst recession since the Great Depression (including the cost of policymakers’ actions to combat it), we would not be facing these huge deficits in the near term. By themselves, in fact, the Bush tax cuts and the wars in Iraq and Afghanistan will account for almost half of the $20 trillion in debt that, under current policies, the nation will owe by 2019. The stimulus law and financial rescues will account for less than 10 percent of the debt at that time.”
Add to all of this the student debt crisis. The Economist reported in June 2014 that U.S. student loan debt exceeded $1.2 trillion, with over 7 million debtors in default. Today, there is approximately $1.3 trillion of outstanding student loan debt in the U.S. that affects 43 million borrowers who have an average outstanding loan balance of $30,000.
Lastly we have the Wells Fargo controversies which have shown that even one of the most profitable, respected banks in the world is no better than a plaid-sports-coat wearing salesman hawking non-running used cars on some inner city lot.
How can we not all be FURIOUS and filled with RAGE? If I was 25 years old I’d be marching in the street, campaigning for Bernie Sanders, and doing whatever I could to change the system and make a wholesale change in Congress.
But there are bright spots that are fueling optimism, no matter what the obstacles and barriers fueling hopelessness. [Read more…]
Unless you’ve been traveling in space for the last few years, you obviously know all about the mass surveillance by the National Security Agency and Edward Snowden‘s revelations, as well as the continued acceleration in security hacks globally.
Besides using a virtual private network (VPN) when you are on public Wifi (here is why a VPN is extremely important), I’ve found the simplest method for my family, friends and even clients is to use a super-secure, open source app on our phones called Signal by Open Whispher Systems.
Even non-geeks know that email is laughingly insecure, which is why this app is so important and how I use it:
a) My bookkeeper sends me important, private information over the Signal app.
b) I have clients send me passwords and credentials for their services.
c) Several of my friends and family members I’m connected to use Signal to send me messages that need to be secure. We often share items like passwords, especially when I’m helping one of them with some website or online application requiring me to login.
c) But what really sold me on Signal was when my wife was on a recent business trip to Hong Kong. Her hotel’s Wifi was set up to disallow the use of VPNs so she was not able to set up a secure, encrypted channel. This is because of what is euphemistically called the great firewall of China which the country uses to restrict what their citizenry has access to outside of China.
So my wife and I connected on Signal and, because the system has both private messaging and voice calling, we knew we would be secure and assured that some Chinese government flunky wasn’t eavesdropping on our messages or listening-in on our calls.
As I’d mentioned, Signal boasts highly secure private messaging using end-to-end encryption. In fact, the Signal protocol (the underlying technology) is being used by WhatsApp (though there are other insecurity issues with the app so I do NOT recommend using it). As of this writing, all other messaging apps (yes, even Apple’s Messages) have good security layers, but some are still accessible by the NSA’s warrantless surveillance activities, law enforcement, or possibly a system administrator at the app company.
End-to-end encryption (especially the way Signal implements it) means NO ONE can eavesdrop on your messages. Same thing with phone calls made via Signal due to its quality. When my wife and I were talking over Signal between Minnesota and Hong Kong I was pleasantly surprised with the quality of those calls while using the app on our iPhones (Signal is available for both iPhones and Android phones). It was better than if we had been talking over mobile connections (she was on good Wifi in her hotel, but often other voice-over-internet-protocol (VoIP) phones like the insecure Skype don’t sound very good).
SIGNAL FOR THE DESKTOP
Once you start using Signal you will probably come to the realization (like most Signal users do, I suspect) that it would sure be great to be able to use Signal on the desktop. Well now you can!
Signal is now an app for Google Chrome, the browser I use every day (Note: it does require that you have already set up Signal on your smartphone). Besides the computer version of Chrome, I also have two colleagues that use Chromebooks and now can use Signal on them.
You can connect the Chrome app with your smartphone’s Signal app by opening the app and instantly scanning a QR code. Once done you are connected and can even have your smartphone’s Signal app contacts imported in to your desktop version.
This is so easy to use and so secure that there really is no reason why you shouldn’t be using Signal right now.
Just after the horrific tragedy of 9/11, I began to see quite disturbing things unfolding in the U.S. in the name of “security” that was (in my, and many other’s, minds) clearly trampling on the Constitution. Most of my friends teased me for several years about wearing a “tinfoil hat” to shield my brain, but then Edward Snowden came on the scene, ensuring that the unconstitutional domestic surveillance underway by the National Security Agency (NSA) was exposed.
While I was (and am) less disturbed by some of the global spying activities the NSA is performing—other than egregious hacking of world leaders’ mobile phones and such—there is no question that making U.S. citizens aware of the extent of the domestic spying was the first wake-up call for those ignoring the signs of the obvious, disturbing and unconstitutional activities going on.
After essentially reading every single news article and snippet about what Snowden (and others, I might add) have released to date, yes I believe Snowden did the world a great service and is a patriot. No, I don’t think he will get a pardon (yet) since it’s still too early on and Congress has not yet bothered to rein in the NSA in any meaningful way with regard to domestic spying.
The U.K. news organization The Guardian has an entire section called the NSA files which is likely the most comprehensive compendium of items sparked by Snowden’s whistleblowing document release. It’s a bit daunting to wade through, so I was intrigued this morning to see that Business Insider just compiled this bullet-point list of items Snowden had provided to select journalists that were released between 2013 and 2014. It’s pretty amazing to see them listed and realizing just how profound were these leaks and, in my view, extremely important.
Here are just a handful of those links just to get you started:
On a daily basis I am just astounded that people don’t know absolute basics about how to use a web browser, download a PDF from a website, use the “Lost your password?” link to reset their password if they forgot it or it didn’t work, and a myriad of other stupid-simple tasks.
While I admit that there are a host of non-intuitive design paradigms out there for websites, basic things are basic: People should know (by now) how to do the items I mentioned above at the very least.
I’ll give you one example from today. I had a client from our website development company (Innov8Press) reach out to me since a user tried her password that was sent to her but it didn’t work. Rather than click the “Lost your password?” link under the login box, she went to the website’s contact form and sent in a note.
So I tried her username and password combination originally sent and they worked. I informed my client to have her use the lost-your-password process since we’d taken great pains to build out one that is incredibly intuitive and nicely designed. I haven’t heard back from anyone yet, but am not holding out hope that we won’t be “helping” this person again. (UPDATE: Client just said this: “She said she tried again and couldn’t get it to work, so she is going to send in a paper registration.“).
In one of our other businesses we offer PDF reports that people buy. Though we have set up force-downloads on our server, some browsers ignore that and load the PDF inside the browser (e.g., Safari on Mac and Chrome if set up to display PDFs in-browser, which many corporations do for their users).
It turns out that many people simply didn’t know that they couldn’t come back to their account on our site again-and-again to download the report whenever they want to view it. Most importantly they didn’t know to do a “Save as…” in their browser to save the report out to their downloads folder or desktop.
So here’s a question for you: Am I being a cranky old man or should basic, stupid-simple web browsing tasks be something that people should know how to do in 2016?
Just completed another “Steve’s Road Trip” for 2016. Though I’d originally intended to head out to Rocky Mountain National Park this year, my time is limited so, once again, I headed up to the north shore of Lake Superior with my new Nikon D500 camera (which I’m in love with, by the way).
These are a handful of “keeper” photos from the several hundred I took as I experimented with the HUGE number of camera settings! The place I stay at is about three hours away so is even perfect for a weekend getaway.
Click the photo below to view the trip Flickr album or click here:
I’m sure you, like me, find the Internet VERY important and vital to our lives today. The ONLY group who “gets it”, and vigorously defends our digital rights, is the Electronic Frontier Foundation (EFF). I donate to @EFF since they keep the Internet free and open. Seriously. They’re the only ones. Join me and donate now:
Podcasting hit the mainstream in July of 2005 when Apple added podcast show support within iTunes. I’d seen this coming so started podcasting in May of 2005 and kept going until August of 2007. Unfortunately was never ‘discovered’ by national broadcasters, but made a delightfully large number of connections with people all over the world because of these shows. Click here to view the archive of my podcast posts.
Connecting the Dots is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License.