Do you have or know someone who has an iPhone or iPad? If you or they live in either Australia or the UK, here’s a heads up. Make sure your device has a 4 digit passcode and back up your data to your computer. Secondly, enable multifactor authentication. Otherwise, you may end up losing it to a hacker who has hijacked your iCloud account.
How often do you use your email? Your Twitter / Facebook / other social media accounts? Your cloud apps? What would you do if you lost it all? What is recovering it worth to you?
When we have something of value, it becomes a target. And, the more we entwine our lives with technology, the more valuable those 1s and 0s become to us.
Though cyber extortion is not new, it is interesting how common it is becoming.
Then there is the case of Hunter Moore who was arrested and indicted by the FBI for his involvement in hacking private email accounts to gain access to explicit pictures that were meant for private use only. While this was not exactly extortion, it was a method of hacking and stealing of personal digital property that was used to shame and make money off of unsuspecting people.
Last year the story making the rounds was about Cryptolocker hijacking people’s data and then requiring money to unlock it and regain access to it.
Then there was of course the great Facebook, Gmail, Twitter hack I wrote about in December.
This is by no means an exhaustive list, rather just one to show the different ways your data can be used against you.
What does this all mean for you? It should heighten your awareness of cyber security and the very real threats that exist out there today. How do we mitigate these threats? We do what we can to protect our data. Following is a simple list of steps you can take immediately to avoid becoming a victim.
- Back up your data
- Use 2-Factor Authentication
- Hide Sensitive Information
- Be Wary of Strangers
- Be Careful Online
This means not only data you physically have access to like your financial documents, family photos/videos, or your music – but also your online presence. Many social networks let you download the entire contents of your user profile. You should also consider redundant backup options such as physical backups and off site backups. Just remember to make sure both are secure.
Facebook, Gmail, Twitter, Paypal and more utilize 2-factor authentication. My first introduction to this was using an authenticator for my World of Warcraft account, which I opted for as soon as they were made available. I still use 2-factor on that account today. This Life Hacker article has a great rundown of all the places you should enable it. Do it now!
While sites may require you to provide a birthday or email address, the also usually give you the ability to keep this information private. Those who need to know the year you were born or your private email address already have that information or can ask for it. There is no need for it to be out in the open for everyone to see. Also, don’t let sites save your credit card information. While it is an added convenience, as the case of @N above demonstrates, it can be used against you. Other advice he offered in his article was to call your institutions and require them to NOT share any of your personal information over the phone. That means birth dates, names, or partial information like last 4 of social or credit cards.
This may sound odd as the whole allure of the internet is connecting with strangers. However, if you don’t know someone, you should be very cautious about letting them into any social network circle where they can find out more information about you as this can be used against you.
Don’t click on anything you can’t easily identify. Don’t submit information to sites you are not familiar with. Don’t trust things just because they come from people you know. Don’t download things to your computer without some sort of software protection installed.
In summary, treat your digital property much like you would treat your physical property. Follow the Hide Lock Take philosophy. It works for both your email and your car.
Salon recently featured an article (Salon.com) about a study (PDF) that reveals how Facebook monitors self-censorship by tracking everytime we type something, even if we decide not to post it. While it is understandable that people are concerned with this tracking of information that we do not share, I believe it is also important for us to understand that Facebook is not a free service. We pay for the opportunity to use this service by providing our precious data. Therefore, it is Facebook’s goal to gather and retain as much data as possible, even if that data is never explicitly shared.
Though I do not agree with their practices, as I am an advocate for the user and users rights when it comes to their data, I do understand them and contend that it is within their right to do this – even if it is an unsavory practice to perform. As a user, your rights and your power lay solely within the choice to use the product. If you want to retain ownership over your data, sharing it on a service where you provide said data for payment of using the service, is likely not the wisest choice. Keep that in mind when you type anything into any text box anywhere on the web, because as this example proves, that data may be saved even if you hit cancel.
Being the 2-factor security person that I am, I know many of you have probably read about Facebook, GMail, and Twitter passwords being hacked. Though you can’t do much about that (other than not have accounts with those services of course), there are steps you can take to keep those accounts secure even if someone else has your password. All that is required is that you have a mobile phone and that you set it up from your computer (I don’t know of a way to do this from the mobile side only).
Facebook users, to enable the 2-factor setting click on the lock icon and click on the link at the bottom that says “See more settings”.
Once there, click on the Security link 2nd from the top on the left.
Then click on Login Approvals.
There you will be given a checkbox to “Require a security code to access my account from unknown browsers”.
You can check that box and then choose which method you use to get your codes. I chose the code generator because that will work even if I only have access to WiFi, whereas receiving a text message may not. I would also at this time generate extra codes just in case you lose your phone. Save them in a place that will be easy to access, so you can get back to your account easily should you need to.
While you’re in the security section I would also suggest you check the active sessions and recognized devices. End activity on anything you don’t recognize. Lastly, setup your trusted contacts. Be sure to choose people who actually use Facebook regularly.
GMail users who use their accounts on multiple devices may find this method a bit cumbersome, but it’s only cumbersome to setup. Once it’s done, you don’t have to make any changes unless you get a new device or wish to disable it.
Login to your GMail account and then find the cog icon under your picture on the upper righthand side of your screen and click settings.
Once there, click Accounts at the top and you will find security settings.
Clicking Account Recovery Options lets you set up your phone to use to recover your account should you forget your password or to challenge hackers. You can also add a recover email address as well as an alternate email address you can log in with. I would highly suggest doing both.
Clicking Other Google Account Settings will take you to a page that lists all of the settings for your Google identity. If you’ve never been here, I suggest you read it so that you understand more about the way Google views & uses your information. For our purposes today, click on Security from the menu on the left.
From there, scroll down to the bottom to find 2-Factor Authentication and turn it on.
After you set it up, you will want to create device / application specific passwords for your account so that you can log into your email through your phone, tablet, or other device that doesn’t use 2-factor authentication. You can click on the link visible in the screen shot above to get there.
Pro-Tip, you can use one generated password for all of your devices if you enter it into all of them at the same time. Caution though, if you do that and have to revoke it for some reason (you lose your phone), you’ll end up revoking it for all devices instead of just that one.
Login to Twitter and click the cog icon on the top right hand side of the nav bar.
Then select settings from the menu.
Then select Security and Privacy from the menu on the left.
Then select one of the two login verification options available.
Hopefully this was helpful to some of you. I know these settings can seem buried and intimidating if you’ve never used them before, but I suggest it is worth it to go through all of this trouble so that you don’t end up losing your digital life to someone else’s malicious activities.
I do not have many words to add to the multiple that are already out there. What I do have to say is that about a year ago I was protesting SOPA with the rest of you. It was one of those things those of us who care so deeply about freedom and the Internet did in hopes that it would actually bring about change.
Internet and Information freedom are near and dear to my heart. My entire Masters research was on FOSS / Fedora. I’ve posted on this blog about many of the things that are threats to this freedom including cyber bullying, censorship, and net neutrality.
Though I have a few papers floating around on the Internet, you will not find any of them in a journal much to the dismay of many of you who have contacted me for copies and citations. Why? Because I refuse to have my research (especially that which I do of my own free will and with no outside funding) published in a journal that cannot be accessed by the public, even if this hurts me academically.
I am not the only one that has a problem with the journal system and there are a few journals out there that have risen up against the status quo. There are also a few people who have taken a stand against the privatization of publicly funded information. Aaron Swartz was one such person. While he should be remembered for the many awesome things he did for Internet and Information Freedom, it is the ending of his life over the weekend that is being talked about today.
All I can say is the world, especially those of us who feel the same way he did, lost a great mind and advocate. He has been an inspiration to many of us, and he will only continue to do so. It will be interesting now to see how he has changed the world through the ending of his own. I am just an academic and a wanna-be hacker, but I will always do what I can to fight many of the same fights he did.
In the words of famed anthropologist Margaret Mead:
Never doubt that a small group of thoughtful, committed citizens can change the world; indeed, it’s the only thing that ever has.
How are you changing the world today?
P.S. If you are reading this through an RSS feed – thank Aaron…
I just spent the last 24 hours intentionally without access to Facebook. What struck me was not that I missed it as in fact I did not and to be honest there was a bit of relief that washed over me as I walked away from my computer after disabling my account in protest to SOPA. No, what struck me was how many times I, as a matter of habit, considered opening a Facebook tab during the course of my day. Please don’t confuse this as missing it. Understand it instead as how habitual my use has become that it was just second nature to want to act on this subconscious thought of “I have a moment to spare, so I should fill it with something.” The happy thing was that I easily filled those moments with something else without too much effort or thought.
Overall I was just surprised at how often the thought of visiting Facebook occurred to me. I remember just 5 years ago when it was Livejournal that filled up my pauses in work or school. Over 10 years ago it was a local message board for a club that kept me refreshing Netscape every five minutes as drama exploded online. What about 15 years ago? Well then it would have been my first college issued email account (yes, I’ve been in school a long time!) or my first Hotmail account. Two decades ago I was in high school and I filled all of my spare moments with a book. There was even a joke made about this at my senior assembly where a picture was taken of a woman at a mall reading a book and that was supposed to have been me 10 years later. (Instead it ended up being me on my Palm Treo 300. I like to think I invented mobile Googling to solve arguments almost 10 years ago. But, I digress….)
I suppose the point I am trying to make here is that no, it wasn’t that I missed Facebook itself. Rather, I realized that as of late I have been using Facebook as an escape that 20 years ago was reserved for mystery novels and fantasy books. I believe the reason for this is not that I value Facebook over my books of times past. Instead, it’s that I have so little in between time these days that I fill it with a brain snacks instead of a healthy meal. That said, with work and my PhD classwork I get plenty of high quality brain food. I guess what this all boils down to is that I just miss the brain snacks that were both filling and tasted good.
I know someone like me, a little blogger, taking down my blog for the day will not move mountains or change people’s minds about their political stance. That said, this is a warning to those who do actually read this blog that it will be taken down for the day tomorrow to protest SOPA in solidarity with Reddit, WordPress, NVidia, Wikipedia, and more.
If you want to learn more about this, check out my SOPA Pinterest board.
On Friday December 30th, my husband and I had a wedding ceremony in North Texas exactly one year after we were married in South Korea where he was stationed serving in the US Army the year before. We planned our entire wedding from El Paso in far West Texas (only about 600 miles away from where we had it) as my husband is currently stationed at Fort Bliss, and I used Evernote to help us do that every step along the way.
Using Evernote meant that no matter where I was, I could add things to my todos, inspirations, growing expenses, guests lists, and more. I also used it to write my vows the day before the ceremony. This is where it gets fun.
About an hour and a half before the ceremony I realize that my vows and the reception music were still on my laptop, which was at the house where I had started getting ready and not at the venue of the wedding where I had already arrived. I had one of my bride’s maids shove it in the car of another to bring it so that I could fix my overlook. (Funny that my todo list on Evernote did mention putting the music on a flash drive, but alas in the chaos of it all I didn’t have a chance to refer back to it!)
All of my bride’s maids arrived in time and we were getting ready when we realized that the car where the laptop was had its keys locked inside. This meant that both the music and my vows were now in the car and I only had half an hour to go before the ceremony. Realizing that I had typed my vows into Evernote, I took out my phone and looked them up in an attempt to memorize them. Then one of my bride’s maids said, “Why don’t you just use your phone? Better to have it and read them, then not have it and forget them.” With that they all agreed that not only was the the best choice, but for me – a cyber anthropologist, it was apropos.
With that, my phone was handed to the officiant and off I was rushed to hide in the final moments before the ceremony began. It was a pretty emotional ceremony as we’ve spent almost as much time separated as together in our marriage due to the fact he’s serving his country. I had already been tearing up before he got to his vows and by the time he uttered his words to me I was about to start sobbing. That’s when it was my turn and the officiant took out my phone and handed it to me. All of the guests began laughing, which was a blessing in that I was able to laugh too. Otherwise, I may not have been able to actually read my vows without being a blubbering bride.
After all of that, and all of the other uses I have for Evernote as a PhD student (all of my class notes, paper drafts, project notes), Research Assistant (all of my meeting notes and todos), an Anthropologist (all of my field notes), and a User Experience Designer (notes, todos, ideas, drafts etc) – I just want to say thank you for making such a great product and for all of the extensibility that is offered through its various application interfaces. I don’t know what I would have done otherwise. Using your product really did save me on my wedding day!
For those interested, you can read the vows here.
A thankful bride