Thursday, November 19, 2015

Don't run around naked on the Internet. Use Signal and TOR.

We should be using software that we can rely on. This doesn’t need to be an big change. It doesn’t have to be disruptive. It should be invisible, it should be something that happens effortlessly. I like apps like Signal, because they don’t require you to change your method of communications. You can use it right now. I also like TOR for a browser..

  • The first step that anyone could take is to encrypt their phone calls and their text messages. You can do that through the smartphone app Signal, by Open Whisper Systems. It’s free, and you can just download it immediately. And anybody you’re talking to now, their communications, if it’s intercepted, can’t be read by adversaries. [Signal is available for iOS andAndroid, and, unlike a lot of security tools, is very easy to use.]
  • You should encrypt your hard disk, so that if your computer is stolen the information isn’t obtainable to an adversary — pictures, where you live, where you work, where your kids are, where you go to school. [Here is a guide to encrypting your disk on Windows, Mac, and Linux.]
  • Use a password manager. One of the main things that gets people’s private information exposed, not necessarily to the most powerful adversaries, but to the most common ones, are data dumps. Your credentials may be revealed because some service you stopped using in 2007 gets hacked, and your password that you were using for that one site also works for your Gmail account. A password manager allows you to create unique passwords for every site that are unbreakable, but you don’t have the burden of memorizing them. [The password manager KeePassX is free, open source, cross-platform, and never stores anything in the cloud.]
  • The other thing there is two-factor authentication. The value of this is if someone does steal your password, or it’s left or exposed somewhere … [two-factor authentication] allows the provider to send you a secondary means of authentication — a text message or something like that. [If you enable two-factor authentication, an attacker needs both your password as the first factor and a physical device, like your phone, as your second factor, to login to your account. Gmail, Facebook, Twitter, Dropbox, GitHub, Battle.net, and tons of other services all support two-factor authentication.]

Monday, November 9, 2015

Facebook face a daily fine of $269,000 for cookies that track users.

BRUSSELS —  A Brussels court had ruled that Facebook must stop within 48 hours the collection of data on users’ Internet browsing when they are not logged in. If they didn’t stop, then Facebook would face a daily fine of $269,000.



Facebook has acknowledged that it collects data on users’ Internet browsing even when they aren’t logged in, through a cookie that it places within an user's Web browser if they have visited the Facebook website. That cookie reports back to Facebook whenever that browser accesses a Web page with an active social plug-in, such as a “like” button.

Facebook says the process is necessary for security purposes to protect people from spam, malware and other attacks. The firm says it uses the information from that cookie only to weed out browsers being piloted by a machine rather than a human, and discards the browsing data after 10 days. Machine-driven browsers are often used to hack into users’ Facebook pages, the company says.