Dive into a world of creativity!
Data Security - Blog Posts
Defrag 2014's Take On Data Security
As reflected by our year of high traffic social media platforms, large scale company hacks, and increased amount of data, security of that data has become a top priority in tech. Defrag had a series of break out sessions that featured security. Hot topics highly discussed this afternoon have included the slippery slope of "who owns your data?" presented by Lorinda Brandon from SmartBear, "what's in your trash" explored by Rory O'Rouke, and online security challenges revealed by Rami Essaid of Distil Networks.
The biggest lie on the internet, according to Brandon, is that "you read the Terms Of Use". Let's be honest, we all quickly check the "read" box, and do not bother to even open the privacy policy. Why? To even understand the ramifications of what you are agreeing to would take hours and still be missing details. Brandon shared her hours long experience picking apart Samsung's privacy policy and found that Samsung "Share(s) information for purposes of business and ecosystem". Our data and how businesses use it for their own profitable benefit can be unclear. As innovators in tech it is necessary to be mindful of other's data and be transparent with users.
Bounce.io utilizes digital waste by finding treasure in trash, taking data on what kinds of emails "bounce back" to a user and why it was kicked out. A cool idea O'Rouke of Bounce.io mentioned was a user comparing emails in their spam about penny stocks to the actual performance of that penny stock in the market. If information about a stock ends up in your spam, does that indicate that the stock is a poor investment.
2014 has been filled with a "storm of security attacks" as pointed out by Essaid with the security hacking of Target, Sears, and Home Depot. Unfortunately, hacking has become a profession where it pays to be bad; easy, cheap, low risk, and a big payoff. One of the biggest factors that companies are missing is the idea of prevention accompanied by a plan for reaction if an attack occurs. An attack is inevitable, as the data illustrates with the thousands of bots in existence, so not having a reaction plan is foolish. An interesting scenario Essaid pointed out your website may not be the one that is initially hacked into, yet another website's user names and passwords can be hacked and then bots use these stolen usernames and passwords to access your website's accounts.
How to get involved...
- Become aware of your data footprint and who shares your data
- Advocate for transparency about how companies use your data
- Check security settings on your social media
- If in the tech industry, ensure your company is prepared for security breach
Used this as a guide to do that for the first time. Pirate safely loves
I think every computer user needs to read this because holy fucking shit this is fucking horrible.
So Windows has a new feature incoming called Recall where your computer will first, monitor everything you do with screenshots every couple of seconds and "process that" with an AI.
Hey, errrr, fuck no? This isn't merely because AI is really energy intensive to the point that it causes environmental damage. This is because it's basically surveilling what you are doing on your fucking desktop.
This AI is not going to be on your desktop, like all AI, it's going to be done on another server, "in the cloud" to be precise, so all those data and screenshot? They're going to go off to Microsoft. Microsoft are going to be monitoring what you do on your own computer.
Now of course Microsoft are going to be all "oooh, it's okay, we'll keep your data safe". They won't. Let me just remind you that evidence given over from Facebook has been used to prosecute a mother and daughter for an "illegal abortion", Microsoft will likely do the same.
And before someone goes "durrr, nuthin' to fear, nuthin to hide", let me remind you that you can be doing completely legal and righteous acts and still have the police on your arse. Are you an activist? Don't even need to be a hackivist, you can just be very vocal about something concerning and have the fucking police on your arse. They did this with environmental protesters in the UK. The culture war against transgender people looks likely to be heading in a direction wherein people looking for information on transgender people or help transitioning will be tracked down too. You have plenty to hide from the government, including your opinions and ideas.
Again, look into backing up your shit and switching to Linux Mint or Ubuntu to get away from Microsoft doing this shit.
I'm seeing a lot of posts on my dash today encouraging folks to start archiving their favorite online resources, in case they might be at risk of disappearing in the near future. Since privacy and data ownership are major interests of mine, it seems like a good time to share a bit of what I know! I hope that some of this might be helpful--please feel free to reach out if there's a specific question that comes to mind! 💕
(My bona fides, in case anyone wants to know: I do work in tech, with over fifteen years of experience in the same. Linux systems administration is a hobby of mine, and privacy, particularly as it relates to tech, is very near and dear to my heart. That said, I am not an infosec professional, so you may want to supplement this guidance with your own research, depending on your threat model.)
General advice
If you rely heavily on traditional cloud storage providers, like Google Drive and Dropbox, now is the time to start exporting your important files to a more secure location. Data stored with most online platforms is encrypted at rest, but the encryption keys are stored on the server's side, meaning that the contents of your files can still be accessed by the service providers themselves. This also means that your files and their contents are vulnerable to data breaches, DMCA takedown requests, subpoenas, and the oh-so-popular AI scraping that has wormed its way into nearly every tech product of note. (Including Tumblr! Lucky us!) Saving files on your own computer is one option, but if you want something closer to the Google Drive experience, Proton Drive is my recommendation. Free accounts get 5 GB of storage, and all data is end-to-end encrypted, which means even Proton can't read the contents of your files. A suite of document features were rolled out earlier this year, including rich text editing, collaboration, and sharing, so if you use Google Docs for writing, you can use Proton in pretty much the same way. I also use Proton for my email, and I'm happy to vouch for them--they are nonprofit-backed, EU-based, and all of their products are built on privacy from the ground up. If you have an Apple device, you can also turn on Advanced Data Protection for your iCloud account, which will enable end-to-end encryption for most services. (Notably, mail, contacts, and calendars will remain unchanged, to ensure compatibility with standard protocols.) This might be a good option for folks who already have iCloud services and who don't want to set up anything new. You can learn more about how to enable this feature here.
Archiving websites
There are a number of ways to archive specific webpages, depending on how much content you want to preserve and how tech-y of a solution you're willing to tolerate. A web clipper is probably the most straightforward option: install one of the listed notes apps, install the web clipper browser extension, open the page you want to save, and clip clip clip. The images and text (with formatting) will be stripped from the page and saved to a note in your app. Both Joplin and Obsidian's apps are available cross-platform:
Joplin + Joplin Web Clipper
Obsidian + Obsidian Web Clipper
Notes you create in Joplin are encrypted before being saved to your device, while Obsidian's notes are saved to a location of your choosing in plain-text Markdown format. If you aren't sure which to choose, choose Obsidian--it's a little easier to use right out of the box.
If you want to preserve the full context of the webpages you save, similar to what you'd see on archive.org, SingleFile is a browser extension that lets you save complete web pages as a single HTML file. You'll find links to the various browser extensions, as well as documentation, on the project's GitHub page:
Note that these files can get pretty big. In general, I'd recommend a web clipper for most cases, but it's good to have multiple options on hand!
Other tips
Even in the absence of major geopolitical events, it's worth remembering that anything you see online can change or be removed at any time. Keep backups of anything that's important to you. (And make sure you back up your computer, too!) Have an alternate contact method for your online friends, in case one platform goes down or otherwise becomes inaccessible.
Consider signing up for a Signal account, if you haven't already, and recommend that your friends and family do the same. It's a free end-to-end encrypted chat platform, and unlike some privacy-focused chat protocols (looking at you, Matrix), it's easily accessible to non-techies. Don't use email, DMs, Discord, Slack, etc. for any communication that you expect to keep private. Any platform that can access your messages will give them up to authorities if compelled to do so by a court order or subpoena. This is not a theoretical risk. It is happening to people in the US right now. I am being so, so serious about this.
If you're looking for a new creative hobby, why not teach yourself a little HTML and CSS? Neocities is a great place to build your own website, and it's free. And it's fun! (If you make something, please drop the link, because I want to see.)
Breathe. We have to survive this, somehow. Log off for today, if you have to. Drink some water. Pet a cat. Sit outside and watch the birds, just for a few minutes. Believe that we will be okay, however you can. ❤️