Hi, folks!

Lots of policy changes in the cyber realm lately. Net neutrality is back again as an issue, but that’s been overshadowed by another topic in recent days. Before we get into that, though…

Still working on the report on closing. I’m trying to get permission to include something from a while back, which would be a cool addition.

That’s the problem with being involved in other people’s projects over such a long period. You know a lot of great stories, but some of them aren’t yours to tell.

I’ll keep my eyes crossed. (I need my fingers to type.

Also, before we get into the main bit, there’s something you should do if you use iCloud: Change your password.

secret-file-password image

You’ve probably heard about the group that’s trying to blackmail Apple into paying them $75,000 in Bitcoin (or $100,000 in iTunes gift certificates) or they’ll delete everything in 300 million iCloud accounts on the 7th of this month.

While it appears to be a hoax, there is reason to believe they’ve acquired some legitimate passwords. Probably ones that are the same as those used on other services.

You know – like when your LinkedIn or Yahoo password is the same as the one you use for your iCloud or bank account?

No need to panic. Just change your password to be on the safe side. Use one you haven’t used for other services. And think about enabling 2-factor authentication, for added measure.


“ISPs Selling Your Data”

big-data-path image www.intelagencies.comooo

Yeah. Big noise in the press on this, and rightly so. Tuesday it became official: The President signed a bill into law that scraps regulations preventing ISPs from selling your personal data. Including your browsing history.

Here’s the thing most people don’t get: This isn’t new. The law doesn’t let them do anything they couldn’t already. It just stops a pending prohibition on it from coming into effect.

The rationale presented by the bill’s supporters in Congress is just stupid. “We want to protect privacy, but we want everyone subject to the same regulations. So we’re going to eliminate the protections that had been developed.”

Sure. And they’re really likely to develop new ones later.

Don’t count on it.

Trying to explain to these folks that free and optional services like Facebook and Google are different from infrastructure systems you have to pay to use is pointless.

It’s tempting to blame the willful ignorance on campaign contributions, but the folks who voted against the bill got roughly the same amount as the ones who voted for it. So, it ain’t that.

This is all about who gets to control your information. Every detail of your private activities online.

I think that should be you.

Comcast, Verizon, and AT&T have all said they don’t sell this data and have no plans to do so. Which one should always translate as “but maybe later.”

AT&T was typically snarky in their comments. Someone really needs to explain to them that talking down to their customers isn’t an ideal strategy.

I think they’re still sore about the breakup.

To their credit, though, they’re also the only ones with a clear and simple “We won’t sell your personal information to anyone, for any reason” statement in their privacy policy.

What they might consider “personal information” is less clear.

Here’s a very rough analogy.

If you use some basic, if uncommon, security measures, Facebook can be like a really, really big restaurant. They can know everything you do and say while you’re there, but not much else.

Google is like a huge mall, with lots of security cameras. They can see and track what you do on their properties, and others that carry their cameras, but there are limits.

Your ISP, especially if it’s a cable company, can know almost everything. It’s like they can walk right into your house, peer through your blinds, see what mail you get, where you bank, what shows you watch, how many kids you have and their ages (and what sites they visit), who you talk to on the phone and for how long, who your kids talk to, what apps you use and on what devices, where you have accounts, where you shop online, when you’re planning vacations, when you’re not home, and so much more.

That’s just from the logs. No snooping involved and no real effort to mine and correlate the data. And you don’t have much choice in the matter.

Your ISP might only consider your name, address, and social security number to be personal, along with maybe medical info and data about minor children. Even then, there’s nothing preventing them from legally selling any of it they like.

Here’s the real kicker: The just-signed law also prevents them from being required to take steps to protect all that information.

cybersecurity=image www.intelagencies.comooo

Really. Even if they don’t abuse you themselves, they don’t have to do anything to keep you safe from hackers. Or tell you when your data is compromised.

Just let that sink in for a minute.
Now, suppose they sell it to a data aggregator. If you’re a guy, that’s like having your ex-wife, your new girlfriend, your mother, your 5th grade teacher, your boss, your doctor, and your best friend from high school all trading stories about you.

I’m sure there’s a similarly horrifying female equivalent.

Keep this all in mind the next time you’re tempted to say “If you’re not doing anything wrong, you don’t have anything to hide.”

Maybe you don’t care about your privacy. That’s your business. But it doesn’t give you the right to go into someone else’s house and rip down their curtains.

Privacy isn’t about hiding. It’s about being allowed to mind your own business.
That’s what we’re going to talk about for the next few issues. How to increase your personal privacy online.

There are some things you ought to know before we get into that, though. The biggest being that the only certain way to avoid someone else getting private information is to keep it to yourself.

cyber-spy image

Anything can be hacked.  And anyone.

I’ll show you some tricks ranging from basic to mediocre, and I’ll give you the best advice or links I can, but there are risks with any of them. Things can change, and unknown exploits can be found. Previously benign companies can go over to the dark side.

As Pogo said, lo, these many years ago, “We have met the enemy, and he is us.” User error always poses the greatest risk.

I’ll give you pointers that will help cut down the data you leave around and decentralize what you can’t eliminate. But I make no guarantees.

Anyone who promises you 100% security is either a liar or a fool.
Another thing to keep in mind is that there are always trade-offs. You have to decide which data is worth what level of expense or inconvenience to keep private.

Encrypting your phone slows down boot-up and makes it take longer to open when you need it. On the plus side, that and a good password ensures that random people won’t be able to get in if you lose it or it gets stolen. Or you just leave it on the table while you have company.

Using a VPN may keep your ISP from getting a lot of that data, but it could just be shuffling it to another seller, or slowing down your surfing.

Encrypted texting apps might require jumping through some hoops to make sure you’re sending only to the person you want, and they could limit who you protect conversations with. It can be easy to forget which of your friends are on “secure lines” and which aren’t.

The same is true of using encrypted email.

Using something like Tor to browse the web has its own risks. It opens new areas online, but some of those can be dangerous in themselves. And there’s speculation that simply installing it could attract notice by law enforcement.

If you aren’t doing anything wrong, that can be a good thing. There are those who believe that the best way to protect all our rights is to make the cost of spying on everyone too heavy. To have so many people using encryption and other systems that agencies are forced to take a more targeted approach to doing their jobs.

Always trade-offs.

I should also point out that the things I’ll cover are about increasing privacy, not gaining anonymity. That’s a whole other level of obfuscation. And none of this is meant to help you hide anything illegal.

That’s not the goal. More privacy is the goal.

In the meantime, think about what info you want to keep to yourself. If you have specific ideas, it will help you get more out of this.

And, if you have any specific questions on this, go to my website below

Until next time…

Leave a Reply

Your email address will not be published. Required fields are marked *