If you’re active in any social media or otherwise have an opportunity to express an opinion online (sadly, particularly if you’re female), you’ll need an anti-doxing strategy.
If you’re not familiar with the term “doxing”, it refers to harassment in the real world as a result of information that can be gleaned about you online. It can range from anything from being signed up for mailing lists or printed magazine subscriptions to annoying telemarketer calls to even having the local SWAT team called to your house (this is called “Swatting”). It can range from annoying to potentially life-threatening, so it’s something to take seriously and plan for accordingly.
If you have a iOS device, you’re probably wondering about the recent announcement by a security researcher that there are a number of “backdoors” in the system. Here’s what you need to know.
I was thinking the other day about Google and Apple. Google’s lifeblood is the information it can gather from its customers, from their web searches to movement of Android phones (to ascertain traffic congestion) and more. They’re not alone, of course, lots of companies are doing the same in order to either sell you something or enable someone else to sell you something. It’s the business model behind every “free” service. But not everyone is doing that.
Apple has a very large (and very valuable) user base that they’re not using the way Google and others are. It’s evolved over time, sure, but Apple prioritizes user privacy, treating it like a competitive advantage. They collect the minimum amount of data necessary, encrypt it when they do collect it, and delete it when it is no longer needed. Yes, an iPhone is more expensive than most Android phones, but ask yourself how much your privacy is worth to you.
If you recall my earlier post about TrueCrypt mysteriously shutting down, news that a possible TrueCrypt fork is in the works is certainly interesting news. But complicating the issue is one of the developers claiming that a fork isn’t possible and only a complete rewrite would work. Stay tuned, I guess.
On Tuesday the European Court of Justice (ECJ) ruled that Google violated a Spanish man’s right to privacy by not taking down search results pointing to an auction the man ran to pay off some debts. Note that the ECJ didn’t say that the documents that Google points to have to be taken down, just the pointers themselves, which seems odd. Also, the ruling is just the ECJ’s agreement that the case has merit. It’s up to a Spanish court to now actually enforce the deletion and fine Google should it fail to comply.
The so-called “right to be forgotten” is fairly new in EU law (it appeared in 2012) and can’t exist in the US since it’s in opposition to the First Amendment. Unfortunately, it’s rooted in concepts that don’t exactly have counterparts online. It’s one thing to restrict access to things like juvenile arrest records, since they usually exist in only one place. But the documents at the heart of the Spanish man’s case still exist on the Net and plenty of other sites link to them, with plenty more resulting from the publicity this case has generated. Will Google be barred from pointing to these sites? Right now, no one knows.
Webcomic xkcd does an excellent job of explaining the “Heartbleed” bug:
If you know something about programming this is bug is the result of dynamic memory and lack of bounds checking. It allows the server to return the contents of RAM that may include information like passwords, login ids, etc. that are normally not visible externally. If you’ve recently logged in your information could easily still be in RAM and vulnerable but if you haven’t it’s likely nothing of yours remains. It’s all dependent on whether or not someone has determined a particular server is vulnerable and exploited the bug.
So what should you do? First, check this list on Mashable. If there’s a site you use frequently and it’s marked as vulnerable, change your password now. Otherwise, you can probably take your time but still change it. Consider using a password manager like 1Password or LastPass to make creating and managing passwords easier. Turn on multi-factor authentication where available. Also consider a personal password expiration policy. Yes, I know it’s a pain but if you use a password manager generating a new password is painless.
Security isn’t a “set it and forget it” thing, it’s an ongoing process.
You have to admit the NSA is nothing but thorough. We all know they’re grabbing data from the Internet and cell networks and while that might lead you to believe you’re safe if you’re not actually connected to a network, you’d be wrong. Very wrong. The NSA has spy devices with built-in radios that can send data from unconnected computers to listening stations miles away. While this requires physical access to the computer, once installed they are undetectable unless you’re looking for an RF signal. They claim to only be using this technology against foreign targets but at this point does anyone believe them?