Bloggy stuff

And deleting browser history is not going to help

Details

Published: Tuesday, 04 April 2017 09:18

Written by Stephen Cassidy

Hits: 2081

The US President has just changed the law by removing the net neutrality rule and making it possible for internet service providers (ISP) to sell user data without customer consent.

During the weeks leading up to today, Twitter has been buzzing with unhappy, angry and disappointed users, resulting in two crowdfunding actions to buy and publicly post the user data of the officials that voted on the bill.

I can understand the thinking behind their actions and I think that most of us are not happy with the fact that this is for real. It would have probably been a good idea to first look into what data is collected and how the collected data gets used before starting crowdfunding actions. People might be putting their energy into the wrong direction. If anything, it is raising awareness of internet privacy and how important it is to protect your personal information.

What's going to happen then?

Well, one cannot legally just buy people's personal data. What happens is; your ISP monitors all traffic flows to and from their network and in that process collects data. By law this data is kept for a certain period before being deleted. In all European countries ISP’s have to keep the collected data for 6 months. Up till now internet service providers say that they value their customer privacy and that their policies do claim that they will always protect your personal information.

Who else collects our data?

Quit a lot of websites already collect your browsing history for their own use or pass it onto third party advertising networks. Companies like Google, Facebook and LinkedIn are some of the well known free services we use that collect user data for targeted marketing ads. For instance, if you are browsing Google for and buy a new camera tripod online you will for the coming time see a lot of Google ads with ‘camera tripods’. Google have also recently started what's called zip code targeting in their Analytic's 360 Suite giving a more detailed views of user data.,

Google is very clear about what they collect from its users. (from Google)

Things you do:

Things you search for

Websites you visit

Videos you watch

Adds you click on

Your location

Device information

IP address and cookie data

Things you create:

Emails you send and receive on Gmail

Contacts you add

Calendar events

Photos and videos you upload

Docs. sheets and slides on Drive

Things that make you “you”:

Name

Email address and password

Birthday

Gender

Phone number

Country

How does that work:

Your online activity is collected and used by marketeers with certain demographics for targeted advertising and sold to the highest bidder in the market place at that moment. The bidding happens in a fraction of a second even before the visited page has loaded.

What do they sell then?

Your ISP or other internet services do not specifically sell your personal or browsing data as in, name, house number etc as many people seem to think is going to happen with the new bill. The information shared would be general geo location, age, gender group and things like device information and in some cases possibly banking and medical information. The main difference with you ISP is that you pay for your Internet service providers services, so you would not expect them to just sell your user data, because they say that they will always protect your personal information. Are they stepping over the privacy line with this bill or is it the next step for governments making it easier to collect our information and how are these changes going to affect Europe?

Whats next?

Would it be far fetched to think that we will soon have new internets? Such government decisions might just spark off crowdfunding actions to start up new private internets or new versions of the surface web.

We have all heard of the dark web. The dark web is a sort of hidden internet, with world wide web content that lives on darknets and can only be accessed with authorisation and using specifically configured software. The darkweb is not only for baddies, it’s also used by military working abroad, reporters, whistleblowers and since 2014 even Facebook. People using the Tor browser can access Facebook via their OnionWeb address: https://facebookcorewwwi.onion/TorProject works. 

Farfetched or not, one thing's for sure, our approach to the internet and our personal information is changing.

Stephen Cassidy

The internet is for humans… We are people, not machines.

Details

Published: Wednesday, 15 March 2017 09:18

Written by Stephen Cassidy

Hits: 2331

A lot of webmasters add a, ' built by', ' supported by' or ' website by' link to the footer/bottom of clients websites. Why do they do that? Is it right to link your site to the footer of your clients website? Is it advertising and is it even allowed.

A lot of products have branding. When you buy a car it will have a brand logo, or if you purchase a TV or laptop they all have some sort of branding so why not a website. As a webmaster I sometimes get asked to manage or take over the maintenance of a website. I personally do not put my own company name in the footer of websites but I do ask the client what they think about the footer link from the last webmaster or company that managed their website. "Shall I remove it?, I ask.

"Please remove it, I don’t want it there". I then ask: "Did you agree on a link in the footer or was it just there?" Usually I hear that it wasn’t agreed on and that the client didn’t even notice it in the beginning. On the other hand some people do say that they don’t mind a footer link to the builders website. The flip side of having your link in the footer would be to be credited for a rundown shabby website that was built 5 years ago and now, with more cut and pastes than a scrapbook, and to still see your name in the footer. That can be somewhat frightening.

How does Google see this? A link to the builder of the website in your footer is seen by Google’s search engine as an ‘unnatural link’. An unnatural link is considered a violation of Googles guidelines and can be seen as a way to manipulate PageRank. This is in most cases not the intention of the webmaster who is only looking for recognition for his work. But in the eyes of Google, money does not have to change hands for a link to be seen as a paid link (think along the lines of affiliate leads). For webmasters the way around this is to use what’s called a “nofollow” tag. A nofollow tag tells Google not to follow this page or link and are frequently used on login pages, or in this case a link to the web builders company website.

A good alternative for adding a link would be an initiative called ‘ humans.txt’. Humans text is a text file that the webmaster can put in the root folder of a website. Humans.txt is a simple and fast, none code intrusive method of knowing the people and technology behind the website. So it’s just a plain text file that shows who has contributed to a website.

For instance, Google uses humans.txt on the Google websites. Here you can view Google’s humans.txt file: https://www.google.com/humans.txt

It states:

“Google is built by a large team of engineers, designers, researchers, robots, and others in many different sites across the globe. It is updated continuously, and built with more tools and technologies than we can shake a stick at. If you'd like to help us out, see google.com/careers”.

Quite a few websites use Humans text, for instance here is The New York Times humans.txt file: http://www.nytimes.com/humans.txt

And here is my own Humans.txt file: https://www.stephencassidy.nl/humans.txt

Humans txt can be seen as credits at the end of the film. It may contain your contact information or even reflect a bit of your personality.

So the internet is for humans… As we are people and not machines.


Stephen Cassidy

Will curiosity kill the cat, or should we blame technology?

Details

Published: Thursday, 09 March 2017 09:18

Written by Stephen Cassidy

Hits: 2254

When it comes to online security it is true that we are often the weakest link in the security chain. Even when we are up to date on security risks you will find that for all sorts of reasons we make mistakes. Last Tuesday an engineer at Amazon’s web servers made a typo and caused world wide outage, it happens.

Crime is with 75%, the largest motivation in today's cyber attacks. 97% of all attacks gained access through links in phishing mails which installed malware to either collect or encrypt your information. #ransomeware

As a small company, or probably you work alone and possibly from home? Then you actually have similar or the same security issues as large companies do. A lot of small companies think that it costs too much to protect themselves against cyber threats and just hope that things go ok.

It is a good idea to take time to discuss cyber security and built user awareness with the people that you work with. Saying that you don’t have the time, money or in-house knowledge is really no excuse. Think again about how successfully those 97% of attacks occurred. #phishing

Do we expect too much from technology or would techniques like stripping out attachments from emails and setting all inboxes to plain text to prevent phishing mails be a good idea. Locking everything down is probably not the best route to take as it’s just defeating the purpose of communications and limiting the powers of the internet. Productivity would slow down, and attackers would just use different techniques. #user-awareness

Using the most advanced tools to protect your company will not protect you if you do not have and use, a security plan.

What can we do to minimize security risks.

1. Stop clicking willy–nilly on links in emails. Nearly 80% of people know not to click on unknown links and out of CURIOSITY over 50% of people still click them.

2. Make backups and set your computers to make automatic backups, it’s also important to keep copies of old backups. Backups are great but if recent backups are also infected you always have older versions to fall back on. #backups

3. Keep computer software including mobiles, modems, and other appliances updated with compatible software.

4. Use a VPN connection to and from the office. A private secure connection does give a good feeling and VPN is getting easier to use.

5. Protect your customer data. If you have customer information on your laptops, server or websites it’s a must to make sure that it’s secure.

6. Where needed make everyone separate logins and never share admin or super admin level passwords.

7. Use a firewall and virus scanner (paid versions)

8. Don’t just give your Wi-Fi passwords to guests, setup a guest Wi-Fi account.

9. Smartphones are a security weak-spot. Apps have access to a lot more information than you think, delete apps that you don’t regularly use.

10. When out of the office never use unprotected WI-Fi spots.

11. You probably use social media, then it’s important to use “Two Step Verification”. It is easy to use and you can export and save a list of backup codes.

12. Don't just use USB sticks without scanning it first, yes they are still around.

13. Encryption is also getting easier to use. Use encryption to protect your data. Tip: You can encrypt a MacBook with 5 clicks of a mouse.

14. Make a “change password day” get into the habit of using longer and strong passwords. Nowadays you don’t need to remember passwords. For security reasons you need longer and different passwords for all accounts, websites and appliances. Your going to need a password manager. #Do-it

If you do get ransomeware in your system and your computers get locked/encrypted remember one thing, “never pay ransom”. Clean the computers or get someone to do it for you and reinstall the operating system. Paying means that your just buying time, they will reactivate the ransomware at a later date, if at all. But you have backups right!

Don't let curiosity kill the cat?

Stephen Cassidy

Nothing to hide? It’s none of your business.

Details

Published: Wednesday, 20 April 2016 09:18

Written by Stephen Cassidy

Hits: 2544

Two weeks ago the Dutch lower house passed a mass surveillance bill. This new law means that they will use a dragnet to collect all of our data in case someone commits a crime or terrorist act.

The information collected through mass surveillance can also be passed unfiltered on to foreign governments without taking the consequences of such actions into account. I used to think that the Dutch where the cool guys of Europe, leading in the internet neutrality laws. Yet now they think that mass surveillance and data collection is the way to go. #dragnet

In 2016 we had 119 incidents where Dutch town halls lost public information to hackers or via stolen or lost laptops. Also in 2016, from the 1816 government websites less than 44% had secure connections and 108 of those website with https where configured wrong. Honestly, I don’t trust the government with my information. Not just because I find it unethical and totally out of character for the Dutch government, but because of the fact that they keep losing our information and are also not looking into the near future, where huge amounts of data will be connected to newer and different databases, producing profiles with unforeseen consequences. This information can also at a later date be analysed for certain patterns. History shows that the idea of protecting people can, in the long term turn out to be more damaging. #security

For a moment, put yourself into the shoes of a teenager who gets a Facebook friend request from his or her mother or school teacher; yuck! How they would feel being watched or afraid in case their friends sees embarrassing posts from mom. Will we have that feeling of being watched over our shoulder or will we just get used to it and think nothing about it because countries like NL, FR, UK and US already have all of our information so it doesn’t matter because they're just looking for the bad guys. Or will we adapt and protect ourselves. #privacy

Most of us are law abiding citizens and you could say that we have nothing to hide. In general most of us don’t, and when asked, most people say “I have nothing to hide”. A lot of people don’t seem to have a clear idea what privacy is. I looked up the term privacy: “The right to privacy refers to the concept that one's personal information is protected from public scrutiny" or put a simpler way; the right to be left alone. Privacy is a fundamental right. So what I think people actually mean is: I don’t care as long as it doesn’t affect me, or they have nothing to hide until something goes wrong.

A big problem with privacy is that it can be compromised without us even knowing about it. If I am correct it takes the average company about 200 days to find out that they have been hacked or to find that information has been leaked.

What's going to happen now. Well short-term we might see self-censorship but looking forward I foresee the people will educate themselves on using VPN's, mail encryption, PGP (getting easier to use) and take steps to protect themselves against unethical mass surveillance of governments, data collection companies and ransomeware bandits.

No I have nothing to hide but it’s none of your business anyway.

Stephen Cassidy

My PGP Public key: 0669E103.asc

EFB6 A094 BA87 20ED ED35 E19C 528A 7FDF 0669 E103

Could we be losing a generation of photographic memories!

Details

Published: Tuesday, 13 October 2015 18:48

Written by Stephen Cassidy

Hits: 4440

We are taking more photos than any other generation before us, and at the same time we could be looking at a generation of lost photographic memories.

Nowadays, mobile telephones have replaced cameras in many peoples lives. The average person might have 1000+ photos on their mobile telephone. I know from experience that most people do not have a backup of their photos and certainly do not have an offline or double backup.

Here’s what I usually hear when a neighbour or friend phones with his newest life threatening problem. Hi Stephen, how are you and by the way ‘my computer/Mobile just died, can you see if you can fix it and get back all my stuff, as I need all my stuff’. What stuff would that be, I answer you want your documents? yes, but I really need all my photos back. I usually reply with did you not make a backup? they reply with, no as I never got around to it, or I had no time.

Before we had all this technology we used to take photos with a camera and send them off to get printed. They arrived, we looked at them, showed them around and put them in a shoe box on top of the cupboard. Twenty-odd years later we would take them down have a laugh and pass them on to our children. As time goes on we realise that these old photos are actually very precious to us, so why do we let this happen.

I think it might be due to the fact that technology is moving faster than most people can keep up with. People find it a job in itself just figuring out how it all works. I notice quite a lot of people just expect their PC or mobile phone to just work and only start to worry when things actually go wrong.

As ICT manager you would be shot dead, fired and hung out for the birds if the system crashed and the companies data were lost. Not only an onsite backup, but an extra offsite backup is essential in case of fire or robbery. Online storage/cloud and external hard drives are becoming cheaper and easier to use. Take an hour or so to figure out how your Google, Apple or similar online account works, or invest in either of the above mentioned. It’s a big relief, a lot cheaper and a lot less strife when your appliance eventually does die on you.

Recently I have started to make, via photo book websites, photo books for people I know as birthday presents. The photos I use are usually of themselves,their grand children or other family members doing stupid things. You can with the use of templates and built in layouts get beautiful results.

Making a photo book online and getting it printed, is a great and easy way to preserve our precious photos for the next generation to come.

    Stephen Cassidy 1986

Stephen Cassidy