Two sites to link to whenever someone starts talking about deleting their Facebook account, or quitting Google. Talk is cheap, you know. I wish I could get out of both rackets, but it’s not possible because of work. I will, however, move my email from Google soon, possibly to HEY when they support custom domains.
Privacy is a big deal to me. The mere thought that your everyday tools could be spying on you, no matter if it’s on behalf of a snooping government or a malicious hacker group, pisses me off. Seriously, don’t do that, it’s rude!
Twitter hack was an inside job, could’ve been a lot worse
If you saw Elon Musk, Barack Obama, and more tweet bitcoin scams recently, you saw the result of a social engineering hack targeting verified Twitter accounts primarily. Vice has the full story.
“We used a rep that literally done all the work for us,” one of the sources told Motherboard. The second source added they paid the Twitter insider. Motherboard granted the sources anonymity to speak candidly about a security incident. A Twitter spokesperson told Motherboard that the company is still investigating whether the employee hijacked the accounts themselves or gave hackers access to the tool.
I’m amazed and horrified that the scam worked, collecting over $100,000 worth of bitcoin. Please be more careful, and don’t trust so easily, okay?
Things could’ve been worse though. What if a hack like this was used to spread disinformation, rather than just grab cash from gullible suckers that thinks Elon Musk can magically duplicate bitcoins for free? Come election time, get ready to not trust anything, verified badge or not.
Are your apps crashing today? Blame Facebook
The Facebook SDK is crashing a bunch of iOS apps today, including popular ones such as Spotify and Pinterest. Luckily you can do something about it, by enabling a VPN or a firewall app that blocks the sneaky code that tries to talk to Facebook. The Verge swears by Lockdown Apps, a free firewall for iOS, so if you’re having issues, give it a go. The VPN costs money, but there’s a trial. It’s likely Zenmate – which I like – will get the job done too, although I haven’t tried any of these for this particular problem as I’ve yet to experience it.
You should own your email too
I’ve been on your back in regards to owning your words for quite sometime, advocating quitting social media, and outlining how I aim to tread that not at all uncomplicated road.
But what about email?(more…)
Guide to deleting your social media accounts
Wired has a guide on how to delete your accounts on various social media platforms. It’s not as easy as you might think.
Wanting to delete your account is one thing, but actually being able to hit the delete button is another story. Social media outlets make money off of you and your information, so it shouldn’t come as a surprise that they don’t want to let you go. Because of this, the biggest networks have made it overly complicated to delete your account. But if you are set on getting rid of them, here’s what you’ll have to do.
⚡️ Related: My Social Needia essay, and the services I’m quitting.
Another reason not to use Zoom
If you needed yet another reason not use hyped videoconferencing service Zoom, then this is it. They’re launching end-to-end encryption for calls (yay!), but only for paying users, whom are all criminals it seems.
From the Wired story:
“Free users for sure we don’t want to give that,” Zoom CEO Eric Yuan said in a company earnings call on Tuesday referring to end-to-end encryption, “because we also want to work together with FBI, with local law enforcement in case some people use Zoom for a bad purpose.”
This is stupid in so many ways. Good riddance, Zoom.
Alternatives for your online conversation needs: Jitsi (open source and free videoconferencing tool), Telegram and Signal works too. The latter has a nice blur feature, if you need that.
Was WannaCry the NSA's fault?
Wired reporting on the Windows ransomware that’s wreaking havoc at the moment:
One reason WannaCry has proven so vicious? It seems to leverage a Windows vulnerability known as EternalBlue that allegedly originated with the NSA. The exploit was dumped into the wild last month in a trove of alleged NSA tools by the Shadow Brokers hacking group. Microsoft released a patch for the exploit, known as MS17-010, in March, but clearly many organizations haven’t caught up.
Even if this doesn’t originate from the NSA, it’s ample proof that no one should have backdoors.
SMS is not a secure protocol
O2-Telefonica in Germany has confirmed to Süddeutsche Zeitung that some of its customers have had their bank accounts drained using a two-stage attack that exploits SS7.
In other words, thieves exploited SS7 to intercept two-factor authentication codes sent to online banking customers, allowing them to empty their accounts. The thefts occurred over the past few months, according to multiple sources.
SMS (aka text message) is not a secure means of communication, and that isn’t anything new either. Keep that in mind when you send details, and use two-factor authentication that doesn’t rely on other means of verification too.
Fake ID, present and past
Fascinating story about fake IDs, present and past:
The fake ID racket wasn’t always so easy. In 1994, one of my 10th-grade classmates in boarding school purchased a fake ID kit from a graduating senior for $700. Even at 15, Phil had a remarkable entrepreneurial spirit and naturally gravitated toward the prospect of cornering the fake ID market at our New England prep school. “Once I got out of the red,” he remembers thinking, “I’d be minting money.”
Want your face scanned? Travel to Australia
Futurism posted this video regarding Australia replacing passports with facial recognition at airport starting this June:
Personally, I think this raises so many privacy issues that it’s scary. What will they do with all that data? Who’ll benefit from it, and when someone steals it (because that’s bound to happen), what will the data be used for then?
I think I’ll stay clear of Australia in the future.
Hey, give us your passwords
The Guardian reporting on the possibility of US requiring social media account access and more from visitors:
(Security secretary John) Kelly told a House homeland security committee hearing in February: “We want to say for instance, ‘What sites do you visit? And give us your passwords,’ so that we can see what they do on the internet. If they don’t want to give us that information then they don’t come.”
Yeah, I’m not visiting the US anytime soon. This is just horrible.
Your online activities are for sale
US citizens lost a little bit more of their privacy the other day, when Congress made sure that internet service providers will be able to sell customer information, such as web browsing history, in the future too. Yes, too, because this isn't new, just cemented now (barring president Trump's signature). The Verge:
It’s hard to see this as anything but a major loss for consumers. While reversing the FCC’s privacy rules will technically just maintain the status quo — internet providers have actually been able to sell your web browsing data forever (it’s just not a thing we think about all that much) — they were about to lose permission to keep doing it, unless they got explicit consent or anonymized the info.
It was the Republican party who voted this one through, so while there are lists of the traitors to the internet and whatnot, you should probably call your representatives no matter what.
Want to know what the ISPs can actually sell? Motherboard has you covered, and it's pretty scary reading. You might want to consider getting yourself a VPN (Zenmate, Tunnelbear, and NordVPN are easy to use), use secure messaging apps such as Signal or iMessage, and live in incognito mode until the Big Brother Corp nastiness passes. If it ever will.