…you are being watched…
…you are being watched…
Category: security
Self Hosting
I was an early adopter on Pinterest. I liked the service myself, not because I was looking for more social media, but because it allows me to aggregate links and sort them visually. I’m one of those people who navigate by landmarks, so having a visual cue reminds me which link goes to which article.
The problem is that the owners of Pinterest have been working to “improve” the site, often making it harder to use. Primarily adding more bells and whistles — that use more of my computers resources (internal memory). This makes it virtually impossible to use on my little underpowered netbook. (I can only have about 3 browser tabs open before it locks up.) So I usually do research on my big and powerful desktop computer, and the aggregate the links in Pinterest. I have an extensive link library I began to compile there during last years NaNoWriMo when I began my historical novel.
The problem is, Pinterest has recently crippled the service to anyone not signed in. This means I can’t just look at the site to find the link to the material I need, I have to sign in — and use more memory than I can afford — to access this. This is a huge problem for my own use of my own “pins.” But as someone who wants to share links to my own content, this means only people willing to sign in to Pinterest will be able to access my content. That’s a problem. I won’t be sharing Pinterest links anymore.
People concerned about personal privacy call that a registration wall. That’s a big part of why I stopped using Smashwords. I couldn’t use it for the purpose many authors use it — to give out free copies of ebooks — but if people have to pay Smashwords in personal information, the eBooks are not free at all. (Now I email review copies of ePubs, or people can anonymously download from TUEBL.)
And of course, there is Imgfave, another service that allows me to do much the same thing– without needing to be signed in to access my own (or anyone else’s) content. So that will do.
Who’s The Boss?
When we use someone else’s website, they get to make the rules, and we have to follow them. They can change how the site works, or what users are allowed to do, whenever they like. If we don’t like it, all we can really do is leave. (See: MySpace)
Pinterest is not alone in retaining control over how it chooses to allow us to use its website. The same is true of every other website that “generously” allows users to aggregate content or create content for its own greater glory (and profit). All we have to do is pay them in personal information and trust the faceless people making decisions not to change it to make it unusable for us.
Off the top of my head (but by no means an exhaustive list) web platforms that control your data can includes: Twitter, Facebook, G+, Pinterest, Imgfave, Instagram, dropbox, ScribD, NaNoWriMo, LibraryThing, GoodReads, MySpace, LinkedIn, DeviantArt, Imgur, Flickr, YouTube, Livestream, Wattpad, blogspot, WordPress.com, Tumblr, Livejournal etc.
DIY
If you want to control your own data, you need to host it yourself. And that certainly will sound like a scary proposition. But is it any scarier that ripping up that carpet and replacing it with the tiles you want instead? We have no qualms about Do-It-Yourself projects in the physical world, it is not so much different in a digital world. Probably the biggest difference is that there are sure to be many more how-to videos on You-Tube for doing digital DIY. You can very often talk to actual people who made the software you need online via Twitter or through email. (Ever tried to ask Facebook a question?)
blogging
I know WordPress software is licensed to share, so you can download it to your own computer and host your own blog yourself, on your own computer. It is so easy lots of small businesses do this. WordPress even allows you to port your blog hosted on its free site to your own computer any time you like.
(Which is a great way to make backups… not because I don’t trust WordPress to do so, but because like any corporate service provider, it may be compelled to remove some or all of your content on receipt of a DMCA notice (a legal process that merely requires an accusation of copyright infringement… no proof needed). If your original work is taken down in this way, you will need to prove yourself innocent and then upload your content again. Backups are always a good idea because digital data is fragile. I am not certain but I think you can host your own Tumblr as well.
social media
If you are more interested in social media than blogging, there are a growing number of self hosting alternatives out there. If you like Facebook you might want to look at Friendica or Diaspora, if you like Twitter, you can host your own GNUsocial or StatusNet instance in the Fediverse. If you just want to be free of Twitter censorship, you can sign up for an account hosted by individual people, and there are a couple of big co-ops like Quitter and Gnusocial.de.
private browsing
I don’t know about you, but I don’t actually trust Google’s “private” browser to be private. And of course if you want more freedom from being tracked, you might want to use Duckduckgo or StartPage or Ixquick to do your web searches…
The only way to be private online is by using encryption (and even then you need to follow best practices). LONG passwords are more secure than a clever one that is difficult to type or remember.)
If you want to be secure, for email use PGP (stands for “Pretty Good Privacy”) the best (free) software; and for everything else, use TOR (TOR project). Great resources can be found at KW Crypto
And of course, you have the same problems if you use software that you don’t actually own… so Free Software is the way to go.
[Note: normally I would link everything but I simply don’t have time just now. Maybe later.]
Privacy = Security
Do you use the Internet? Then you need to see “Stop Watching Us”
is a website that allows American citizens to demand an end to mass suspicionless surveillance.
Citizens of other nations need to demand the same of our own governments, and that our governments withdraw from participation and/or complicity in mass suspicionless surveillance of its own citizens.
In Canada we can call on our MP to stand against costly online spying
You can read the International Principles on the Application of Human Rights to Communications Surveillance in 30 languages (and people in other countries can find resources) at https://necessaryandproportionate.org
Phishing: Catch of the Day
Unlike the Nigerian Scams that try to con people out of money by dangling a large mysterious financial windfall that the grifter will send after you give them a wad of cash, a “Phishing” attack uses bait to hook people, so they can get your personal information for Identity Fraud.
One things you can do to protect yourself when getting email that looks legitimate but that asks you to do something you shouldn’t ~ like giving personal information to a stranger ~ is to hover your cursor over the link you are supposed to click. If the text of the link is different than the actual link, don’t do it.
Phishing attacks pretend to come from someone we trust. In Canada we pay our taxes to the Canada Revenue Service, so when a Canadian gets an email from them we pay attention. Thiis is a phishing email I received that pretends to be from CRA:
*Claim Your Tax Refund Online*
We identified an error in the calculation of your tax from the last payment, amounting to $ 146.00. In order for us to return the excess payment, you need to create a Tax Gateway account after which the funds will be credited to your specified bank account.Please click “Get Started” below to claim your refund:
Get Started <http://www.cunningruse.com/.tax/>
We are here to ensure the correct tax is paid at the right time, whether this relates to payment of taxes received by the department or entitlement to benefits paid.
An email from the Canada Revenue Agency is likely to make us a little nervous, because most of us will wonder what we have done wrong on our tax return. But when we read this, we discover it isn’t anything terrible, but an error in our favor which brings welcome relief. The amount owing isn’t big enough to look fishy, just a small correction.
The crooks who sent this hope our little bit of fear followed by relief will cloud our judgement, so we will click on the link that will take us to a place where they can extract our personal information. After all, we will be giving the information to the government.
The “Get Started” link actually will send you to a different web page… which hovering reveals leads to www Cunning Ruse dot com.
If your bank, or the government, or any reputable retailer wants your personal information, they will not ask for it through email, because email is not safe, private or secure. Anyone who asks for your personal information in unencrypted email is either foolish or a setting you up for a scam.
Don’t do it. Privacy Matters.
Be Safe Online
hackers or crackers
First, I’m sick of people blaming “hackers” for online security breaches. Hollywood may think that “hackers” are the people breaking online security, but I know too many computer peeps who call themselves hackers, and say a “hack” is a creative solution, not a criminal activity. They call the badguys “crackers.”
Crackers maliciously “crack” open your security, sometimes for fun, the way vandals find vandalism fun, but more often for profit. This is a large part of identity theft; this is the growth are of the crime world.
safe or not
Too often the websites and institutions that are supposed to be keeping us safe online are just making it look safe.
Debit/Credit Cards: I am so tired of the new “chip cards” that are being foisted on us. Supposedly they are supposed to bring increased security. I haven’t figured out how, exactly. What it does is make the transaction take longer. I have to leave the card in until it is finished. A merchant told me that increases the incidence of forgotten cards. This new technology costs the merchants more (in effect costing us more, too) but does it actually improve our security? Don’t think so.
the appearance of security?
The Internet has happened so fast, most of us don’t understand it. But we need to start taking responsibility for our own security.
After people find themselves victimized by a breach of an email account or a highjacking of a domain name, they start thinking about security. The first thing we look at is the password. Suddenly we think this isn’t enough.
That’s why banks and sites have started adding “security questions.” Not to make us more safe, but to make us feel more safe.
passwords
I’ve heard it said that a username and password is fine if the password is good, and if you keep it secure.
But if your password is “password” or anything:
- easily guessable (your birthdate, middle name, dog’s name, etc.) or
- simple enough that password cracking software can breach it
- a password you use in more than one place
- a password stored “in the cloud”
then you are playing with fire.
Any public information is insecure. One thing that would help enormously with online security would be if we were to stop giving out personally identifiable information everywhere we go.
Lie
When I walk into WalMart, I don’t have to show the greeter ID, or tell them where I live. If they asked that, customers would turn around and walk out.
So why should I have to tell a website I visit my name and post code? None of their business. But if they ask, it usually means you can’t get into the site without giving the information. Rule of thumb: if they don’t have the right to ask for the information in real life, they don’t have the right online.
If you buy something from the site, obviously you need to give them the real info. But if you are just shopping, or doing price comparisons, it is none of their business who you are or where you live. The only thing to do is lie.
Find a post code located far away, tell them a made up name. If you’re feeling really adventurous, change your age or your gender. There are also places where you can get disposable email addresses if you need to validate. Like Mailinator.com
The more people with access to your personal information means there is more chance that your personal security will be breached.
public = anyone can find out
Once you have given it out, used it anywhere, online, EVER, it is not secure. Online anonymity is only as anonymous as you make it. The Electronic Frontier Foundation says in most cases all it takes is three personally identifiable pieces of information to find you.
questioning the questions
Adding a “second layer” doesn’t help when the question is “mother’s maiden name” or “elementary school” as the question. Seems to me those “security questions” are rubbish, only giving the appearance of security. When the answer to “security” questions are publicly identifiable information, you end up using public personally identifiable information which identity thieves can use to crack your account. #FAIL
You can get around this by answering a different question, so the question and answer no longer make sense. Mother’s Maiden Name: Pepperoni Pizza … but then you have to keep track of the question and answer, too, so instead of keeping one password per site you have to keep track of username, password, question, answer and perhaps another question and answer. So now instead of one reasonably secure password, you need a book or file to keep track of it all. This makes it much easier for the bad guys to grab hold of this. So this “security” nonsense can end up being even less secure.
Funny story: I forgot my bank question thing, but was able to get online access back, over the phone, by telling them my mother’s maiden name. This is my BANK. You know, the ones pushing the chip cards. #FAIL
real security
Better security can be achieved by keeping out malware. Start with a trusted virus protection program. AVG is good. Check for spyware periodically too.
Don’t open suspect email. If anyone you know has had their identity stolen or sitejacked, don’t open email from their old account. Don’t open attachments. Or apps.
I use the Firefox Browser. Before I click a link on a webpage I am new to, I can hover over it with the curser arrow, and the link’s URL appears in the lower right corner of my screen. This way I can see that the link will take me where the site says it will take me.
One of the ways malware find itself onto people’s computers is through security holes in FLASH which allows crackers entry to *your* computer when you upgrade (don’t do it!) or, my personal favorite: javascript.
I use NoScript because when you allow javascript free reign on your computer, you run the risk allowing executable code on your computer. This means that the java script can have a trojan horse in it, it can start a program to do all kinds of things to your computer. Nowadays they don’t usually turn your computer into a brick, at least right away. Usually they will suck information on your family and friends or record your keystrokes and so find your passwords. Malware, viruses etc.
When I come across a website that is broken without forcing me to load Flash, or worse, that has been javascrippled, I leave. The security risks are simply too high.
passwords
Just so you know: if you use your mother’s maiden name as your password, it doesn’t take a cracker to crack it. The seven year old two doors down the block could likely manage it for a laugh.
Internet bad guys just use a different set of tools. Think of your email password as the lock to your front door. Who would you share the combination with?
If you give the combo to the builders, after they’ve done the job, it is time to change it. The beauty of passwords is that they are much easier to change than physical locks are.
When in doubt, change it.
Keep it secret. Keep it safe.
