Comments

Ted November 11, 2021 7:26 AM

@Clive

Remember when you said studying by flashcards was a good system. I think I need a similar system for implementing these strategies.

Do you think they make a page-a-day tear-off calendar for personal digital security strategies? Maybe for the holidays they could be less thought-intensive.

For example, on Christmas it could be start a conversation ‘round the breakfast nog to find out who has ever lost a phone and what they did about it. (I have never lost a phone yet, but I’ve come close.)

Then everyone could talk about how much they love their phones, the find-a-phone feature, etc. You could even float a few idle comments about 6-digit PIN codes and backs-ups and the like.

Daniel November 11, 2021 7:46 AM

The safest way to back up data if you’re concerned about privacy is an encrypted backup to your personal computer; however, most iOS device owners can back up their data to iCloud with confidence that it is end-to-end encrypted (as long as they have iOS 13 or later).

Major editorial cock-up from Ars Technica here [see Part 1].

iCloud is not end-to-end encrypted save for a very small subset of data:

https://support.apple.com/en-us/HT202303

Clive Robinson November 11, 2021 8:28 AM

@ ALL,

From the intro to part one, and before any thing of utility gets said it’s running away from the reality of life since the start of the third decade of the 21st Century with,

“If attackers find it too difficult or expensive to get your stuff, there’s a good chance they’ll simply move on to an easier target.”

That only applies to the bottom feeders who are basicaly little more than wanabee crooks. They hardly make it out of the “Level I” catagory attacker outlined in Ross Anderson’s three level model.

If these are the only thing you have to worry about well all I csn say is you lead a very non-life.

It should by now be clear, nearly all States regard their citizens as “the enemy”. It may not and probably is not the elected officials with these as primary views of the electrorate. But you can be sure that many around them who shape policy are very much in this view point, some as in the inteligence agencies see themselves above the elected politicians, and that can only end in one way (bloodshed, to refresh the tree of liberty is histories prefered way of bringing it about).

So the article starts badly by effectively saying “You are not Batman” but we know “You are the enemy”…

But “You are also the product” which is the key to just about every other form of abuse you will suffer “online” regardless of who or what you are.

Winter November 11, 2021 10:21 AM

@Perry
“Treat your smart phone like Hannibal Lecter:”

That page advocates Qanon, i.e., it advocates a violent coup against the current president.

Ted November 11, 2021 10:30 AM

@Perry

Treat your smart phone like Hannibal Lecter

Great article. It just doesn’t seem fair to the average or even un-average technology user. Do people have to demonstrate actual harm before things change?

Winter November 11, 2021 10:42 AM

@Clive, ALL
“If these are the only thing you have to worry about well all I csn say is you lead a very non-life.”

If you need one level up in paranoia, look for:
The Hitchhiker’s Guide to Online Anonymity
ht tps://anonymousplanet.org/guide.html

Heed the warning:

Will this guide help you protect yourself from the NSA, the FSB, Mark Zuckerberg, or the Mossad if they are out to find you? Probably not … Mossad will be doing “Mossad things” and will probably find you no matter how hard you try to hide.

humdee November 11, 2021 10:48 AM

@Ted,

” Do people have to demonstrate actual harm before things change?”

Ohhh, another optimist. Why do you think actual harm will motivate change?

Edward Bernays November 11, 2021 10:52 AM

@Perry

Truly an eye opener: mobile devices are the perfect tool for surveillance and brainwashing

Anyone who thinks the author is advocating for QAnon clearly did not undertake a careful reading of the article. QAnon is a form of “Mass Formation,” propaganda that the author warns against in the opening.

AL November 11, 2021 11:13 AM

From PArt 1:

For iOS, this is generally simple—when your device prompts you to upgrade, do it.

No, don’t do it. Apple made a recent change. While the newest version of IOS is version 15, version 14 still gets security updates. So, update yes, upgrade, I won’t until the bugs introduced in IOS 15 are worked out. IOS 14 is secure, and works good.

Ted November 11, 2021 12:55 PM

@humdee

Ohhh, another optimist. Why do you think actual harm will motivate change?

True. Good point. But harm to the big guys might shake out a benefit for the rest of us?

There is a report in the linked article about the very hard look security groups are taking at firms and markets that sell surveillance wares to both NATO members and adversaries.

Alt report title: Spitting in the Wind

https://www.technologyreview.com/2021/11/08/1039395/grim-outlook-cyber-boom-atlantic-council-report/

TimH November 11, 2021 1:20 PM

He missed the most important advice of all to those who do everything on their phone: get a cheap used laptop with Ubuntu/Mint or whatever on it, and do all your financial stuff on that.

Phone should be calls, text, emails, games, nav, on-the-move browsing only. The only reason a CC number (not debit) should be associated with the phone is to buy apps.

Clive Robinson November 11, 2021 2:43 PM

@ ALL,

Back when computer security was mainly fronted by people wearing hats and a strap on of some kind at a handy waist level, the basic security advice boiled down to,

1, Do not connect the computer to any kind of communications channel.

2, Put nothing you need to keep unknown to others on the computer.

Two very sound pieces of advice you just do not hear anymore…

What is the difference today that was not applicable fifty years ago back in the 1970’s?

Well you could blaim technology, but you would be missing the point, we as individuals have been complacent for a half century. And as the old saying has it “The Devil makes use of idle hands” and we eagerly filled them with technology. So much so it’s actually killing people by their own stupidity. That is way to many people can not walk down the street safely because of the technology in their hands absorbing their attention. Some step in the road others trip stumble or fall and some percentage get seriously hurt or die.

But this fixation with technology makes it “Oh so easy to carry out Surveillance on the individual”.

That is “The use” of technology has made us increasingly not just insecure but unsafe as well and certain people see advantage in it.

The point is the data collectors are abusive, in many ways, at the very least they assume they can coerce people. Unfortunatly too few people turn around and say NO[1].

Even as little as twenty years ago we did not have this nonsense, and we’ve foolishly alowed ourselves to be led into a trap. So now the only option is to not just turn around but push back against the flow…

But as I’ve pointed out in the past and again above with those two rules we can protect ourselves way more effectively.

The first step is segregation public from private. That is do not put anything you wish to keep private on a computer unless you absolutly have to. Then never ever connect that computer to any kind of communications channel. Keep this computer locked in a fire proof safe when it is not in use. Oh and never ever connect it to the Internet, and never ever update it… Whilst you do get security patches you also get “spy-ware” from Microsoft, Google and Apple with every update. They might call it something else, but by definition it is “spy-ware”.

If you must “connect” to a communications channel, then use another machine entirely. Preferably build it yourself such that it has no hard drive or other easily mutable storage that run of the mill malware can hide on. If you do it right then simply turning the power off at the wall will clear any of that sort of malware[2] that might have got on it whilst connected.

Oh and don’t do any kind of banking or other financial management on line. You are without a doubt vulnerable, the only reason you’ve not been got at, is it is such a target rich environment. So it takes a while for your turn to be hit to come around, but don’t feel left out it will come to you sooner or later.

As for “social media” what was that 1980’s anti-drug slogan,

“Just say NO”.

[1] I’ve had some rather short and blunt to the point of rudness conversations that usually start with someone saying something along the lines of,

1, You just need to…
2, If you do XXX then…

They act surprised when I say “Why?” and ten seconds after they start pushing out nonsense I say “No”.

They then try coercion of,

3, If we are going to…

To which I simply say “You’ve failed to prove you are trustworthy or demonstrate a real need for the information you are now trying to blackmail out of me”.

Apparently stating the truth is kind of an afront to many such people either from knee jerk training or stupidity, almost their first response is “blaim the victim” or equivalent. Frequently, by at the very least claiming you are rude or hostile. To which my stock reply is “No I’m not, I’m being bluntly honest, can you truthfully say the same?” pause for them to draw breath and then say “Think carefully before you lie”.

Does it make life hard, well yes and no, that kind of depends on your priorities. However I do usually with a bit of effort get what I need and maintain my privacy.

[2] Not all malware can be got rid of at the flick of a switch these days. Unfortunatly there is way to much Flash ROM tucked away in all sorts of places with modern computers. Apple have it in batteries and glued to the inside of their touch screens. Whilst they do it to control the after market repair chain for vast profit, the fact is they leave Flash ROM around which can be used to hide malware.

JonKnowsNothing November 11, 2021 3:47 PM

@All

Over on Krebs on Security, he’s always got some juicy story about how it all goes wrong even when you try to get it right.

One general problem is the “nudge” that we are all “too smart” for “THAT Gimmick” to work. Except it works and has worked for centuries because we are NOT that smart. Jack N the Bean Stalk always presumes “we” are Jack and “we” will beat out the ogre and has been telling us that same story for five millennia.

We are so programmed to be “nice” that we are even nice to the tele-voice-robot informing us that “our call is very important but our wait time on hold is some time around doomsday” because the company did not hire enough people to answer the phones while the CEOGroup made 24% profit for COVIDyear2020 and bought YAI (yet another island).

If you cannot be rude to an AI-Bot, how are you going to be rude to the person who calls from the bank to tell you that someone is trying to filch your account… except the person calling from the bank IS the very person trying to filch your account?

If you cannot be rude to the AI-Bot and cannot hang up the phone on anyone you don’t know and didn’t call, how are you going to hang up on Big Tech Nudges that their EYES-I-Cloud-PRISM is really really safe?

  • Trust Us ‘Cause We Called You …

===

ht tps:// krebson security. com/2021/11/sms-about-bank-fraud-as-a-pretext-for-voice-phishing/

(multibreakers)

Ted November 11, 2021 4:44 PM

@ David Leppik, JohnKnowsNothing, Clive

Don’t do it, even for a TikTok challenge

[Watching] TikTok challenges is the best! … exiting now 😆

We are so programmed to be “nice”

Being nice can be a form of security, so it’s sad when it’s exploited. Seems like there are a few ways to learn how not to be “nice.” It’s wonderful that the article you linked to showed someone who had taught their child “the drill” beforehand: “When In Doubt, Hang up, Look up, and Call Back.” It was especially impressive because the caller ID said ‘JP Morgan Chase’.

As for “social media” what was that 1980’s anti-drug slogan,

”Just say NO”.

It’s curious because their are some social media sites like “Nextdoor” where neighbors can communicate with each and provide helpful info. I’ve seen more than a handful warn others about scams. I mean I wouldn’t post my vacation schedule there, but on the risk v. benefit matrix, it seems to have some honest benefits for users. So I am kind of torn on this one.

lurker November 11, 2021 11:06 PM

@Perry
Trying to get my head around Hannibal Lecter saying it, but it certainly has an air of authority:

Do Not Touch or Approach the Glass

Winter November 12, 2021 3:29 AM

@Ted
“As for “social media” what was that 1980’s anti-drug slogan, ”Just say NO”.”

That one did not work very well, did it?

But the basic logic is one of risk versus benefit. This has been an issue all over human history.

Basically, life in the city has risks over life in the countryside. However, life in the city has huge benefits that come down to wealth and freedom. The same with social media, the new virtual cities. They allow you to communicate efficiently with people you would not be able to otherwise.

With social media you can be better informed and better connected than otherwise. At the same time, social media make you more vulnerable.

As always, it is the already disadvantaged people who are most vulnerable. It is not the readers of this blog that are most at risk. It is the people who are unable to understand this blog, who are the target audience of tabloids and Fox News and their children, that are the victims.

Telling them to stop using social media is like telling their parents to stop watching television (1950-1970s) or listening to the radio (1930-1950s), or watching movies (1920-1950s), or reading magazines and romance novels (1800-1900). Which by the way was the reaction of our mental forbears on these dangerous innovations in mass communication.

Cults and religious extremists are dangerous, but telling people to stop going to church will not help fighting cults and extremists.

Ted November 12, 2021 4:48 AM

@Winter
“With social media you can be better informed and better connected than otherwise. At the same time, social media make you more vulnerable.”

That is exactly what I was thinking!! I could not have said it better!

I had started to wonder about the whole risk matrix and how it would apply to various people, platforms, and content. And how these things could change over time.

Maybe it’s that I perceive myself as being unimportant enough that I have gained some modicum of freedom. I know I am not immune to harm, but I am much less entangled than many other relevant people.

So with this, I enjoy watching reels of people moonwalking, cats doing absurdly funny things, and other very creative things that more uninhibited people do.

I am prepared for a little backlash on this. But even the author of the ArsTechnica article has a pretty entertaining Twitter account.

Winter November 12, 2021 5:29 AM

Previous quote went completely wrong:
ht-tps://www.nbcnews.com/think/opinion/facebook-twitter-don-t-censor-conservatives-they-hire-promote-them-ncna1245308

These stories of alleged suppression tend to be simply anecdotal because the facts simply don’t back up sweeping assertions. We at Media Matters have done study[1] after study[2] after study[3] after study[4] showing that conservative content on Facebook receives significantly greater engagement than other content.

[1] ht-tps:/www.mediamatters.org/facebook/new-study-finds-facebook-not-censoring-conservatives-despite-their-repeated-attacks
[2] ht-tps:/www.mediamatters.org/facebook/despite-bias-claims-facebook-not-censoring-conservatives
[3] ht-tps:/www.mediamatters.org/facebook/study-facebook-still-not-censoring-conservatives
[4] ht-tps:/www.mediamatters.org/facebook/study-right-wing-sources-dominate-abortion-related-news-facebook

Freezing_in_Brazil November 12, 2021 11:19 AM

@ JonKnowsNothing

Re being rude to AI

I can be and I am, most of the time.

However, I just don`t recommend it, because they are watching it too. Beware of your social score [wink]

Clive Robinson November 12, 2021 12:31 PM

@ JonKnowsNothing, Freezing_in_Brazil,

If you cannot be rude to an AI-Bot, how are you going to be rude to the person who calls from…

Whilst it is easy to be rude to an AI bot if it alows you to reply. The question is, “Is it worth wasting a nice bit of invective on?” because you know, that it’s not going to have any positive practical effect[1].

Do it to a RL person, by being very very blunt, sarcastic, intransigent etc rather than rude, and they are likely to mark their database “Do Not Call” against your name.

But what I realy realy miss as a feature on mobile phones is the ability to eves-drop on your Voice Mail.

Back when we all had land lines and “answerphones” we could hear the caller and “pick up” if we wanted to.

It made for ideal call screening, and if you decided to pick up it was easy to give an “out of breath” excuse like “Hi Sue, I need to get fit, the run from the kitchen is killing me” or some such.

[1] Though it could have a negative effect on you… This idea of “Social Score/Credit” the Chinese are pushing ahead with, has delighted many capitalist loonies in the West. They record everything and store it away just in case they can use it… Remember the case where a man slipped on a wet floor in a supermarket, and it went to court and the company lawyer said the man was an alcoholic / drunk because he purchased booze, and the lawyer had a record of what he had purchased over the months on his credit card and some paperwork from some “opinion for rent” person who analysed it and said various –incorrect– things? Just one of the reasons I pay cash and keep the recipts.

JonKnowsNothing November 12, 2021 4:20 PM

@ Clive, @Freezing_in_Brazil @All

re:
@J: If you cannot be rude to an AI-Bot, how are you going to be rude to the person who calls from…

@C: Whilst it is easy to be rude to an AI bot if it allows you to reply.

?Allows you to reply? Why are you hesitating? Are you waiting until the AIBot announces “Our call center is now closed … “?

You are far too polite ….

Being impolite takes practice or you have to have been born a TR-RumpCapper…

As noted one’s Social Scoring will likely go down.

On program in Mainland China requires a face-forward camera enabled, reading your lips and scanning your eye movements, verifying and syncing to the Required Reading of The Day and monitoring your “happy face” emotional index.

  • No frowning at reading dead-boring text
  • No grimacing at reading endless lists of DoNots
  • No eyebrow raising at viewing patriotic images
  • No second audio tracks with alt-voice overs

I don’t think this happens just there…

Some cultures have much better grasp on how to be rude… unfortunately I am deficient in this area. I can barely follow a Hockey Puck….

===

ht tps://en. wikipedia. org/wiki/Don_Rickles

  • When he began his career in the early 1950s, Rickles started to call ill-mannered members of the audience “hockey pucks”.

SpaceLifeForm November 12, 2021 5:16 PM

@ ALL

Just say NO to voicemail

It is a security issue.

If it is really important, the caller will call again.

SpaceLifeForm November 12, 2021 6:05 PM

@ Freezing_in_Brazil

This was not you, correct?

hxtps://www.schneier.com/blog/archives/2021/11/advice-for-personal-digital-security.html/#comment-391815

Freezing_in_Brazil November 12, 2021 9:29 PM

@ SpaceLIfeForm

This was not you, correct?

I`m afraid it was, my friend. Am I in trouble?

Seriously, I think it is a ridiculous getting cozy with machines [and a real danger for mankind based on the things I see people doing with smartphones]. I hope not having disappointed you.

In my defense I should say that I`m very nice to humans. 🙂

Why do you ask [just curious]?

Best regards

SpaceLifeForm November 13, 2021 12:14 AM

@ Freezing_in_Brazil

Thank you for replying. I suspected that it was not you due to a change of behaviour. The URL field.

SpaceLifeForm November 13, 2021 1:27 AM

@ Freezing_in_Brazil

colar acidentalmente no campo URL?

Espero que esteja traduzido corretamente.

Freezing_in_Brazil November 13, 2021 8:09 AM

@ SLF

Your Portuguese is very good. 🙂

No, it was intentional. Sometimes I do it when there`s a new post on my humble pt_BR blog. Think of it as a signature.

Cheers!

Ted November 13, 2021 12:03 PM

@Freezing in Brazil, SpaceLifeForm, All

Sometimes I do it when there`s a new post on my humble pt_BR blog

That’s awesome u have your own blog!

Leave it to SpaceLifeForm to catch onto that. My Portuguese is not so good, so I had to use Google Translate to see what your newest post was about.

Google translates it to “Bitcoin Hits the Real Estate Market”

It looks like your post had, in part, been sparked by a Bloomberg article (linked below). You go on to write:

In September, El Salvador became the first country in the world to make cryptocurrency ‘legal’ to tender, arousing the interest of other governments and companies in our region.

I has no idea about this. I am curious what you, or anyone here for that matter, thinks about this as a sustainable or expanding trend?

https://www.bloomberg.com/news/articles/2021-11-10/bezos-backed-real-estate-app-to-accept-bitcoin-as-payment

SpaceLifeForm November 13, 2021 5:16 PM

@ Freezing_in_Brazil

Your English is very good. 🙂

As I said, it was the unexpected change of behaviour that caught my eye. For some unknown reason, I pay attention to small details.

Now I know. So, I thank you.

There have been many drive-by trolls that drop a link into the URL field.

While I was pretty sure it was you, I just wanted to make sure.

My Portuguese is not that good. I am better at Spanish. While they are very similar, there are various words that have completely different meanings.

Curious. How did you learn your English in Sao Paulo?

As I noted previously, most software developers have to know English.

I am sure your fluency of English would put you in the point one percent level in Brazil.

Freezing_in_Brazil November 15, 2021 8:05 AM

@ Ted, SpaceLifeForm

Dear friends, my apologies for the delay in replying. Today is the Republic day, a national holliday, so I was out of town, away from the niceties of civilization]. I really appreciate your kind words. As I’ve said in the past, it’s an honor to be among such special people in this forum that is a gem of the Internet.

How beauteous mankind is!
O brave new world
that has such people in’t

@ Ted

My stance on Bitcoin is of skepticism. As I mentioned in my blog post [on my blog], the issue of volatility will need to be taken care of. At the same time, it is necessary to attack on at least three fronts: regulation, ease of use, and solving the so-called blockchain scalability trilemma [scalability, security, decentralization][1].

Like you, I would also like to know the opinion of other distinguished members of this blog [I don’t know if it’s possible to do it in this thread without being off-topic].

@ SpaceLIfeForm

I am the grandson of Italian and Spanish immigrants, which allowed me to learn these two languages ​​in the family. I suffer from an extreme case of a disease called Anglophilia [as in Anglosphere]. From an early age I was attracted to the English language and culture. I started taking English on my own around 9 years old [under the influence of the American and Brit culture]. Afterwards I studied English as well as French in elementary school and high school. At university I continued with the English language, and reached the highets academic in the Brazilian curriculum. My father was connected to the railways, and I had contact with Americans and foreigners in general who visited us, which helped me to polish my skills. Studying and traveling abroad completed my training. I remain passionate about the Anglosphere.

I can sing without an accent [nowadays I adopt an accent close to the Northeast of the United States, although before I used to imitate the English accent. People thought it was a bit ridiculous and pedantic, so I had to adapt]. Anyone who hears me speaking tells me that I speak naturally [although I believe they are just being kind].

Lastly, I have noticed your eagle eye on the things pertaining the security of this blog. Keep on the good work.

[1] htps://aakash-111.medium.com/the-scalability-trilemma-in-blockchain-75fb57f646df

Thanks again for your kind words

Freezing_in_Brazil November 15, 2021 9:26 AM

Some truncated phrases there. I don`t do preview anymore [to avoid losing the post], so I cloudn“t catch them. I hoep you get the meaning.

Ted November 15, 2021 9:32 AM

@Freezing_in_Brazil, SpaceLifeForm, ALL

You write beautifully Freezing 🙂 Your inquisitive nature and openness to learning are apparent in your ability to explore highly technical topics and a menagerie of languages. I think we are all honored that you join these conversations!

You write that you also are skeptical of bitcoin but notice its trending presence in different markets, in this case real estate.

I wanted to pull out a quote from the Bloomberg article:

It is unclear if La Haus is the first so-called proptech to accept Bitcoin. Sanchez-Rios said the technology can ease the home-buying process in emerging markets by cutting down on the reams of paperwork and time needed to complete traditional purchases.

I am so wary of not only the practical and technical challenges of cryptocurrency you mention, but the also what seems like a fly-by-night operation by La Haus in this real estate payment market.

The fact that the project has “raised more than $150 million of equity and debt from investors, including Jeff Bezos’s fund” gives me zero more confidence. It feels like this market is potentially being exploited or used for negligent product testing.

Each of these case studies offers a tremendous opportunity to explore the aspects of both the technology and sociocultural elements at play. Please keep up your research! You have so much to offer and we all benefit greatly from what you see and share!

Freezing_in_Brazil November 17, 2021 9:34 AM

@ Ted, All

I don’t have confidence in this Bezos initiative either. Like most of what is said on the bitcoin in the media, this trumpeted “arrival of bitcoin in the LA real estate market” as described on Bloomberg, has all the hallmarks of an infomercial [people down here – and a legion of fraudsters – have been dealing with bitcoin, including the real estate market, for a long time now]. I posted it on my blog just for the news. My mission is to bring the news and start the discussion.

I must say that there are few independent blogs in Brazil [and in Portuguese language for that matter]. Most are linked to large communication groups. Getting to the level of Schneier on Security and other Anglosphere blogs is an almost impossible task in these latitudes.

But of course I keep trying.

Ted November 17, 2021 10:02 AM

@Freezing_in_Brazil, ALL

Getting to the level of Schneier on Security and other Anglosphere blogs is an almost impossible task in these latitudes.

I really had no idea. That makes your presence here even more special ☺️

Also please take anything I say with a big grain of salt. It’s easy to have a big goofy opinion without having all the facts. You have done an amazing job of providing an in-depth analysis of some of the technical and regulatory challenges that bitcoin is facing.

Also, you have specific regional and technical knowledge that many of us do not have (I know for sure I did not.) Please keep sharing with us and of course with your regional community. You are doing the very important work of educating people and starting important conversations. Cheers my friend!! We are very lucky you are here!

Ted November 17, 2021 10:03 AM

@Freezing_in_Brazil, ALL

Getting to the level of Schneier on Security and other Anglosphere blogs is an almost impossible task in these latitudes.

I really had no idea. That makes your presence here even more special!

Also please take anything I say with a big grain of salt. It’s easy to have a big goofy opinion without having all the facts. You have done an amazing job of providing an in-depth analysis of some of the technical and regulatory challenges that bitcoin is facing.

Also, you have specific regional and technical knowledge that many of us do not have (I know for sure I did not.) Please keep sharing with us and of course with your regional community. You are doing the very important work of educating people and starting important conversations. Cheers my friend!! We are very lucky you are here!

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.