Posts from the “Privacy & Security” Category

Let’s ask bigger privacy questions

With Mark Zuckerberg and Facebook facing incredible scrutiny from the United States government, to Apple’s Tim Cook calling out the company and industry insiders lining up to tell you to delete your Facebook account are we missing the larger issue with privacy?


Background

I’m here to argue that most consumers, especially those arguing against Facebook and standing up for other companies, care about privacy inside of pockets. What do I mean? Let’s look at those who side with a company, taking Apple and Tim Cook here or if you’re siding with any company without first taking into consideration privacy as a whole. Let’s ask some important questions:

  • Are all of your customer facing sites tracker free?
  • Do you encourage end users to utilize VPNs to mask their online traffic?
  • Do you offer dashboards with full insight to the data that is collected on your users?
  • How clear are your own privacy policies?
gao-report-on-privacy-security-wake-up-call-for-hhs-showcase_image-3-p-2342

The internet itself in 2018 is almost not private by default. It’s a sad reality, but it’s the truth. Seemingly harmless websites are stuffed with ad trackers causing slow page loads and hampering the overall experience all while gathering plenty of analytical data for the site owners to target you — even sites of publishers claiming to care about your privacy.


What to do

Do not trust any entity. There is no company on this earth, including Apple, Google, Amazon or others, that deserve your complete devotion to their security practices. You should scrutinize each and every company, especially those that say they value your privacy.  So what can you do in a world that is seemingly less and less private?

  • Always look for third party alternatives and don’t just settle for what companies offer.
  • Host your own solutions.
  • Research and stay up to date on the latest privacy and security solutions.
  • Engage your friends and family to encourage them to take on extra security methods.

Conclusion

This is a hard topic and one this will be increasingly difficult to manage and maintain as more and more online systems are integrated into our lives; however, with diligence we can maintain a decent level of privacy and security in our lives — it just takes time and effort.

Google Home Review for 2018

Ah, Google Home and the omnipresent Google Assistant……just works and whether you are looking to get into home automation with over 1500 devices available, wanting Google Assistant smarts or wanting quality sound — you can get it from one of the Google Home options.

Left to right: Google Home Mini, Google Home, Google Home Max

Key Review Points:

  • How easy is setup?
  • How many devices should I use?
  • Is Google Home good for home automation?
  • How is Google Home for the privacy junkie (like myself)?

Background

When you receive a Google Home for Christmas, then proceed to lose your mind buying “smart” everything, a review is the least that I could do.

Google Home is currently slotted against Amazon’s Echo and the upcoming Apple HomePod in the smarthome “smart speaker” wars, although Apple is touting it as “speaker first”, so we will see how smart it is.  Additionally, similar to the Echo, Google Home comes at multiple price-points with Google Home Mini ($49), Google Home ($129) and Google Home Max ($399) — enabling Google to meet the needs of many different consumers and their underlying budgets.

Google Home.

The key features of Google Home is that it gives you and other Google accounts that are linked access to all of your personal calendars, lists, music accounts and all of the smarts of Google itself through the phenomenal Google Assistant.  Yes, Assistant is better than Siri in every way Apple fans.


Setup

The first thing that you’ll need to do to get started on your Google Home journey is download the Google Home app, which serves as the primary landing spot of every Google home and entertainment product, including the Google Home, ChromeCast and ChromeCast Ultra.  Setup is simple, requiring you to connect the device to your home wifi network and your corresponding Google account.  (Note, the first account used will be the primary account on the device, with other accounts being referred to as “linked accounts” that can also operate on the device and receive personal information such as calendars, reminders and place phone calls.)

One thing of importance, is that if you’re wanting to take full advantage of Google Home by controlling wifi enabled devices throughout your home, customizing news and getting personalized results, you will additionally need to download and use the Google Assistant app.

So, now that your Google Home is all setup, likely in your living room, what happens when you go into the office?  What happens when you go into your kitchen…..  You know where I’m heading with this.

Enter Google Home Mini (or Max).  First, let me state that having one Google Home product is enough; however, Google Home Mini devices are very affordable and can be thrown just about anywhere to ensure that your Assistant is always at your side.  Additionally, for the audiophiles out there, Google Home Max is nothing short of a complete and utter monster, delivering superb audio quality and rivaling the sounds of Sonos.


Day to Day Usage

Get used to this phrase, “Hey Google” because it’ll be around for a while. Using the Google Home, irregardless of flavor (eg. Google Home, Mini or Max), is simple and straightforward and you’re always pleasantly surprised at things just working great. The microphones are incredibly receptive and can pick up your voice from varying distances away even while the speaker is actively playing something. At times there are hiccups or occasional network blips and that should be expected with any product. The hits are far more than the misses. So what will you ask it on a day to day basis? Some of my most used phrases are for:

  • Weather
  • Lights and home automation
  • Timers
  • Music

Additionally, Google has added support for voice calls, I’ve tested this with my Google Voice account and it works flawlessly.

What are you asking your Google Home?


Home Automation

As I noted above, there are literally 1500 devices that can work with Google Home and allow you to control them all with your voice.  The way that this is accomplished is that first (unlike with HomeKit enabled devices) you must download the app from the manufacturer, create any required accounts and setup the device there.  Afterwards, you link that third party account with your Google account inside of the Google Home app.  This is done by going into the hamburger menu and tapping “Home Control”, this will open the Google Assistant app (on iOS), press the “+” button and find your manufacturer there.  Login with your account (similar steps to adding and linking accounts in IFTTT) and those devices will appear in Home Control and be at your beck and call.

Google Home, Home control.


Privacy

Being a privacy nerd is tough while utilizing Google Home because in order to work properly, Google will need to know a bit of information about you, from your location to your search and web activity; although, there are ways to circumvent this, without exposing all of your data.  Google is not some evil company that just wants to know everything about you, the information you give it, is vital to the services and information that YOU get out of it, so when certain aspects of data collection are removed some services may or may not work properly.  With that being said, I do not believe in giving entities your real location, so I chose to not give Google Home/Assistant my real address and let it triangulate it by where my wifi router is.  Additionally, apps that use your location, depending on what they are, can be nefarious — so I’ve turned off all location services from Google.

I let Google keep 3 data points:

  • Web and search history
  • Youtube watch history
  • Youtube search history

Web are search is the only option that is crucial for Assistant to work properly, so in this case with the only queries I push to it being voice, I deem this as acceptable and manually delete things that I do not wish for it to have.  An additional way to remediate this data grant is simply to not use the Chrome browser.  I have proudly switched back to my once favorite web browser, Firefox.  This allows me to more consistently use my search engine of choice, Duck Duck Go and limit the data that I pass into Google. Lastly, just mute the darn thing!!! This is something I certainly do when I am not using it for an extended period of time or if talking about sensitive things.


Final Thoughts

Google Home is fun, exciting and ever growing.  Regardless if you’re part of the Google, Amazon or Apple ecosystem — if you have a Google account, this could be an excellent tool for you to use.  Additionally, barrier to entry is very low with the most economical option, Google Home Mini, starting off at only $49.  Buying one smart device will certainly lead you down the path of “home automation fever”, but it’s a fun one and one that hopefully makes your life a little bit easier.

Apple Phone Slowdown Explained

It’s never a good thing to suspect that a company, especially one as large, controlling and expansive as Apple, could be doing something nefarious.  This certainly is not the case, Apple is not doing anything to make consumers purchase new devices or give up on their old ones.  However, what they did do, in traditional Apple fashion, is lack tact in delivering information to consumers, who just so happen to be the ones making them billions.


What is happening?

Over time lithium-ion batteries degrade.  It has become common knowledge that your smartphone battery (any rechargeable battery for that fact) will hold less and less change as it only has a lifetime of so many charge cycles.  With that being said, given the fact that your smartphone battery has limited life, develops wear and tear and will hold less and less charge over time it might make sense to slow an older phone down, right?  Smartphone apps are not getting any less demanding nor are the mobile operating systems that contain them.

iPhone-5-battery-replacement-process-iFixit-001

Due to the systems and applications that are on our mobile computers needing such power, they simply strain the battery too much for them to remain properly functional, meaning that Apple will throttle the performance of your CPU when it detects that the battery has a certain level of wear.  When CPU spikes occur, sometimes we feel our phones getting hot (it simply means that it’s working hard under load); however, when you’re dealing with sensitive internals of a device — if your battery already a tremendous amount of wear, spike after spike of the CPU could have your device shutting off because it simply cannot handle the operations (we’ve seen this on iPhone 6), have it’s battery life plummet or worse, mechanical failure of the internal components. Users noted that after they got a battery replacement on their device it seemed to function normally presumably because no throttling was needed at that point because the battery in the device was of good integrity.

Remember the Galaxy Note 7?  You don’t want mechanical failures like that in your precious iPhone.


Apple’s Response

Since the fallout, Apple has publicly acknowledged that this was happening and reportedly has been occurring since the iOS 10.2.1 update when it was noted that the iPhone 6 battery issues had been resolved.  This comes as somewhat of a surprise to Apple loyalists when some enthusiasts have been suspecting Apple of “planned obsolescence” or intentional slowdown of older devices in order to get the user to purchase a new one.  Additionally, Apple has noted that a future software update will give users insight into the health of their battery, this will come in early 2018.


My unbiased opinion

The issue that I have is that Apple did not tell customers that this CPU throttling was happening and honestly, they have a right to know, especially with newer phones costing $1000 and more.  Don’t just sit back and apologize for Apple (or any technological company) over and over again when they make a mistake — this is wrong and cowardly when you hold such a compelling grip on your customers and can lead to consumer backlash.  Perhaps that’s exactly what the company needs to stop being so secretive and oftentimes ignoring what their customers want and think.

Dear FCC

Dear FCC,

On December 14, 2017, you did one of the most thoughtless, insincere, undermining things to an internet that not only you don’t understand — but also an internet that YOU do not own. A little 3-2 vote to repeal the regulations for Net Neutrality — a shame and embarrassing when 5 individuals get to decide on the fate of the internet as we know it. You know that it is bad when the man responsible for the internet itself, Tim Berners Lee, speaks out against you. It’s even more shameful when your clown of a chairman, Ajit Pai, was once Associate General Counsel at Verizon…..who is just one of the entities that would benefit greatly from a rollback of net neutrality protections.


Why is it that we can give ISPs and major corporations so much leeway but not protect the consumers, WHO MAKE THEM RICH? Why is that so Mr. Pai? But it’s obvious your ignorance goes farther than we think on these issues. How is data transmitted over the internet you ask? In packets. A movie file you stream may be billions of packets while that email from grandma may only be one hundred; however, at the end of the day — a packet of data is a packet of data.

It does not matter who sends that packet, who is retrieving that packet or WHY that packet is being sent…the internet is designed to not discriminate and the push those packets along. Yet, when business gets in the way and certain entities business thoughts don’t align, it becomes ok to change that? No. It doesn’t.

To the three individuals voting to strip away the net neutrality guidelines, I hope your internet is severely throttled — better yet, you don’t even deserve internet since you’ve undermined the entire infrastructure of the internet itself.  The internet is too good for you.


Final Thoughts

Our internet service providers supply the internet, THAT is it — the problem comes when they think they should encompass your entire experience and insert themselves everywhere.  But you’re already paying for internet, so what else could they possibly want from us?  Nothing.  As it was noted on the Vergecast, AOL had us all fooled by making us think that all of the internet was in that AOL window; however, you could minimize that and open Netscape or Mozilla!!  AOL didn’t own it, they simply put a fancy skin on top of it.  Now, Comcast and others want to create their own internet “experiences” while killing it at the same time.

DO NOT let lawmakers dismantle the internet.  Visit BattleForTheNet and overload them with calls and voicemail citing your disapproval.

Want for find out more about net neutrality?  Read a fantastic post from Save the Internet, here to get the scoop on how our internet is supposed to be.

Protecting Your Digital Life, 2017

It’s 2017 people, ads are everywhere, malicious software is everywhere, eyes are everywhere and they don’t necessarily want your money.

Data.

Data is one of the most important things that many give to so many companies so freely; however, it can have some of the most dire consequences.  A simple first name, last name and email address can be used to figure out what state you live in, your address, telephone number, voting statistics and more.  The horrible part is that we agree to it!  Have you ever really sat down and read a ToS (Terms of Service) or Privacy Agreement for an online service that you sign up for?  There are no truly free things on the internet — when you don’t pay, you and your data are the fees.

In the below, I’ll break down the common attack surfaces in which you need to protect yourself by describing in detail what they are and giving you ammunition in your fight for your RIGHT to online and digital privacy.  (Remember, contrary to popular belief by friends, family, and employers — you have a right to your privacy.)


Apps & Software

Why start with apps first?  Simple.  We are on our phones from the moment we wake up checking Facebook (I’ll make you terrified of them later) until we lay it down at night.  What a better way to protect yourself from malicious apps than not installing them at all?

When you are browsing your App Store of choice for that next big thing there are 4 things to consider:

  1. Who made the app?
  2. Are there common issues which are seen in the ratings/about section that you should be aware of?  (Such as update date, constant bad reviews, etc)
  3. When agreeing to the Terms of Service, what do they actually say?
  4. Upon installation what permissions does it need? (Location, Camera, Microphone)
    1. Note that denying access to one or more of these permissions could cause the app to not work properly, but that is a cost we can pay for increased privacy and security.  My recommendation is to give apps the least amount of permissions at first, then add when necessary while never giving access to Location Services unless you fully trust the app, most apps simply do not need that level of access

I do not expect you to read the Terms of Service or Privacy Agreement in full for every app, some are simply too long.  However, there are keywords to look for that I advise you to check (use the Find command, if you are at a computer Ctrl + F brings up this search) before agreeing to use a free app again:

  • Data
  • Personal
  • Privacy
  • Usage
  • Share
  • Third-Party(ies)

If you do keyword searches on these and they comeback with hits, read the selected sentences and agree to those terms only if you are satisfied and agree with the potential risks, if any.


Service Providers & Snoops

Your internet service provider (ISP) might be one of your biggest foes, little did you know.  Whether you are on wifi at home utilizing Comcast’s services or on the go with a blazing fast LTE connection from MetroPCS, Verizon or another cellular carrier — your ISP can track your every move and they want to sell your data.  Additionally, there are malicious actors on the internet that can act in the middle of the router you are connected to and the internet itself (which is why it’s never good to join wireless networks you are unfamiliar with) and can see your data while it is being sent and can even manipulate data and images that you see — this is called a “Man in the Middle Attack“.

It may seem that there is nothing you can do, but there is and it’s fairly simple to implement and will cover most of the security risks above.

VPN. (I’ve talked about this in depth previously, please read all about it)

A VPN connection creates a secure tunnel between your computer and whatever item you are accessing on the internet and your machine uses the remote computer to do it’s online surfing.  What does your ISP see?  They see absolutely nothing.  They can tell that you are connected to “private host A”; however, they cannot see the contents of the data being transmitted — they see a garbled, encrypted mess, which is exactly what we want!  You can even use a VPN to alter your location, in many cases, media providers like Netflix and others do not like users to utilize a VPN or proxy to connect.

IMG_1235

Example of how a VPN connection appears in the system status of iOS and showing the user’s location is altered. (You just have to trust me when I state that I don’t live in Florida)


Ad Companies

Facebook, Equifax, Google and others  have developed a bad wrap for their potential data selling in the marketplace.  (Let it be known, as I’ve stated before Google doesn’t sell your data or “follow” you around the internet, they primarily sell access to you in the form of ads that you see based on information that you provide — remember those Terms of Service agreements that you likely didn’t read?  It’s documented there.)  Google may not be squeaky clean, but they are leaps and bounds better than people give them credit for in terms of security and privacy.  The company offers dashboards for the end user and allows you to customize every piece of your experience and what types of data (if any) are collected.  Read their privacy policy here as well as a previous DexJohn’s PC post about their privacy stance.

On the other hand, companies like Facebook are a little more nefarious.  Ever heard of Facebook Pixel!?  Of course you haven’t, because it’s designed to sit in the background, installed on your favorite websites, and watch your every move on the internet and serve you “relevant” ads whether you are a Facebook user or not.


Hardware Protection

We walk around carrying priceless data on our devices, from friends and family information including notes, phone numbers and addresses, not to mention personal passwords and more, which should all be kept in encrypted form either on device or in the cloud.  There is absolutely no reason to not have a passcode on your device, whether it is a mobile device or laptop.  Protecting your hardware is one of your first defenses.  Take this example, you have no password protections on any app on your device; however, you have a lock-screen password — at least you’re somewhat safe.  Create a password that has a combination of letters (upper-case and lower-case), numbers and a symbol (my iPhone password is over 20 characters long).  Your password doesn’t have to be as long, as long as it is complex and something that you can remember.  If you need help creating a secure, complex, lengthy password visit here, shown below:

Screenshot from 2017-11-08 12-48-30

Screenshot from http://passwordsgenerator.net/, showing the complexities that can be programmed.


Recommendations for Security

To be private and secure one cannot simply utilize the tools that are available on his or her mobile device or machine.  Only through a set of secure apps and protocol can one travel down the road to increased privacy.

  • Password Manager — A password manager is essentially for your privacy and security.  There are several options where you password database are stored in the cloud such as LastPass and 1Password, while there are offline options, which are considered more secure, such as KeePass.
  • VPN — A VPN is necessary for masking your online activities (just because you’re masking because of privacy DOES NOT mean that you are doing nefarious activities) from your ISP, attackers and services online.  Some options that are prasied are PrivateInternetAccess, Proton VPN, IPVanish and more.
  • Terms of Service Help — Ever heard of “tldr” or too long didn’t read?  There is also tosdr for Terms of Service Didn’t Read and this website can help you understand what it is that you’re signing up for.  Additionally, while reading and agreeing to privacy statements, be sure to use my Find and search technique, outlined above.
  • Chrome/Browser Extensions — We all use one of big browsers as our gateway to the internet.  Add these extensions to hamper tracking by Facebook and eradicate insecure connections.
    • HTTPs Everywhere — an extension created by the EFF and Tor Project and it switches sites from http to https, which is secure.
    • Privacy Badger — Blocks ads and invisible trackers
    • Ghostery — Protects you from trackers and optimizes the web
    • Facebook Disconnect — Blocks Facebook ads from Pixel and its potential tracking of your traffic all over the web
    • AdBlock — Blocks obtrusive ads on Facebook, Youtube and multiple place

Wrapping Up

Remember, these are all tools to add to your privacy and security arsenal and is in no way a complete list or a complete listing of products I use — just ones that I consider essential.