Post is pinned.Post has attachment
Clark Howard Suggests Setting Up A 'Financial Chromebook'

Chromebooks are the most secure mainstream computing platforms on the market. That's why, in this article, 'money expert' (whatever that means) and radio host Clark Howard recommends setting up a 'Financial Chromebook'. The idea is that you would buy a Chromebook (even a very cheap model would work) and use it solely for managing your finances online.

The advice not to use this for browsing Government Organization sites like the DMV, or for filing online taxes, are probably overkill, though the rest makes sense.

With all the security risks attending online financial activities these days, setting up a special Chromebook just for this purpose seems like a great idea.

If you do this, definitely avoid using Android apps (unless you absolutely must use one or more financial apps for which no web counterpart exists), any Chrome apps, or any Linux apps the platform may support in the future, and also avoid using any Browser Extensions unless you absolutely must use one or more (like a PW Manager). If you're using other Chromebooks under the same Google account, be sure to go into the Sync settings so you won't get apps and extensions from your non-financial Chromebooks synced to your financial one.

It is also a good idea to enable Strict Site Isolation and Top Document Isolation in the Flags, for extra security.

I may do this, myself. Would you ever do this?

#ChromeOS #Chromebook
Add a comment...

Post has attachment
Google's New reCAPTCHA Is Invisible

Google's reCAPTCHA is one of the most popular systems for securing websites and apps against bot visitors and users.

Over the years, the system has evolved, first from one that forced users to type a set of words or characters to prove they were human, to more recently allowing most users to authenticate just by checking on a verification box.

It is now taking its final, inevitable step: automatically approving most human users in the background. Google has apparently learned enough about the differences between human and bot users to know the difference without requiring the user to approve anything. This should make thousands and thousands of websites easier to use for millions of users.

This likely will not work, however, for hyper secure users, such as Tor Browser users, who block Google from tracking their web activity.

#Google #reCAPTCHA
Add a comment...

Post has attachment
Facebook Adds Support for FIDO USB Security Keys

If you're worried about keeping your Facebook account secure, and you should be, good news: Facebook now supports FIDO USB Security Keys for 2-Factor Authentication (which you should be using, seriously, like yesterday).

Add a comment...

Post has attachment
AT&T Selling American User Information To Law Enforcement For Profit

An AT&T program called Hemisphere has been more-or-less secretly selling private user information to American law enforcement for profit. The program, inaccurately described in many cases as a 'partnership' with law enforcement, is really nothing more than an Orwellian product being promoted to law enforcement agencies, giving them warrantless access to valuable evidence (in the form of metadata, such as who-called-who, tower location data, etc...).

Worse, the terms of the program require law enforcement personnel and agencies to keep the program secret, forcing them to invent false narratives regarding how certain investigate leads and/or evidence were obtained, and to avoid presenting any evidence obtained from Hemisphere openly in court unless absolutely necessary.

In simpler language: Hemisphere requires law enforcement investigators to perjure their own testimony, thereby denying the accused their right to fairly challenge all the accusers and evidence being used against them.

While AT&T would be required, if presented a warrant, to turn over this same type of data to investigators, and may even have leeway to volunteer some information to law enforcement if they suspect some criminal activity by their users, what makes this so ominous is the profit motive to ignore basic Civil Liberties, and the mandate for law enforcement to craft deceptive narratives of how leads and evidence were obtained in the course of an investigation.

#SurveillanceState #Privacy
Add a comment...

Post has attachment
Facebook, Twitter, and Instagram Used For Protest Surveillance

An investigation by the ACLU has uncovered a disturbing use of major social media sites by law enforcement. A company called Geofeedia has been using the API's (which allow third-party services and applications to access various types of data from the network) of these networks to provide law enforcement with Real Time Maps of social media activity in protest areas.

This information was used by law enforcement agencies to target and disrupt protesters, including protesters in Baltimore after the Freddie Gray incident. In some cases, protesters were even arrested based on this data.

While Facebook and Twitter both revoked Geofeedia's access to their API's after the ACLU report, it is unclear how they could have been ignorant of this usage of their API's, which violate their own Terms of Service for API access, for many years, and feels rather like the sort of collusion revealed by the PRISM Leaks detailing disturbingly intimate relations between major tech companies and the Western Intelligence Agencies.

#SocialMedia #Privacy #Surveillance
Add a comment...

Post has attachment
WhatsApp Reverses Privacy Stance To Share Data with Facebook

WhatsApp, the behemoth of Instant Messaging, is pulling a 180 on its privacy stance to profit its parent company Facebook.

When the Social Network acquired their sort-of competitor, the company promised, “Respect for your privacy is coded into our DNA, and we built WhatsApp around the goal of knowing as little about you as possible," and that the acquisition wouldn't change this.

Now, however, they are updating their Privacy Policy to share your phone number with the parent company, allowing them to more effectively track users across services. While the company would like you to primarily focus on how this will help them improve your service, block spammers, etc..., even they aren't denying that part of the point of this is to improve their ad targeting.

This is well timed, since WhatsApp has plans soon to open their service to businesses, and this could make those efforts much more valuable.

The only way, going forward, to protect your privacy would be to use a different phone number with each service, which is obviously not convenient or practical for many users, some of whom will see this as nothing less than a betrayal.

Do you use WhatsApp? How do you feel about this decision?

#SocialMedia #Privacy #WhatsApp
Add a comment...

Post has attachment
900 Million Android Devices 'At Risk' Of Quadrooter Malware? Nope.

You may have seen the blood chilling headlines: 900 million Android devices are supposedly 'at risk' of being infected by Quadrooter Malware. The sky is falling, the sky is falling!

There's just one problem: it's not true. In fact, not only is it not true, because Android already has built-in security that already prevents this 'threat', but the company behind this bogus story is none-too-subtly using it to promote their own product.

Nothing to see here, folks. Move along.

#Quadrooter #Malware
Add a comment...

Post has attachment
An IP Mapping Flaw Has Made Life Hell For One Kansas Farm

Life for the owners of a small farm about an hour from Wichita, Kansas has become a nightmare, all due to an internet mapping flaw.

The farm, located near the geographic center of the United States, was assigned by a company called MaxMind to become the default location for a variety of IP addresses of unknown geographic proximity. They didn't know, in their defense, what kind of damage this decision would cause.

As a result, they've been threatened, accused of crimes, visited by authorities, and generally marked for attention, retaliation, and controversy.

Remember this the next time you complain about poor connection speeds or in your home or place of residence.

After all, things could always be worse.

#Privacy #Oops
Add a comment...

Post has attachment
Snowden 'Fine' After Sending Mysterious Tweet

The internet exploded with concern for the safety of exiled American whistleblower Edward Snowden after he Tweeted a cryptic 64-character code, which was deleted minutes later.

Many speculated that the code may have been a 'Dead Man's Switch' designed to send out the decryption key for any remaining files he may have entrusted with journalists.

While the code may, indeed probably was, a decryption key, as suggested by his previous Tweet which ambiguously stated 'It's time', a journalist who has worked with Snowden has confirmed that he is "fine".

Nonetheless, we can surely count on a new wave of Snowden revelations will soon be forthcoming.

#NSA #Snowden
Add a comment...

Post has attachment
SMS 2-Factor Authentication Isn't Being Banned And Isn't 'Unsafe'

A recent U.S. National Institute for Standards and Technology (NIST) report recommended that, for accessing sensitive government and medical information, SMS text messaging-based 2-Factor Authentication (2FA) should be phased out, citing the risk that phone numbers can be stolen and text messages intercepted. Sounds reasonable, yes?

The media, unfortunately, heard something else: "SMS 2-Factor Authentication is being banned and is unsafe!"

As usual, the media got this one wrong. There is no such general 'ban' forthcoming, and for most people any form of 2FA, including via SMS, is going to make their data way more secure than single-factor security like a password or pin code alone. The latter are all-too-easily hacked in this era of supercomputers in our pockets, while the former at least makes it more challenging if not virtually impossible.

That said, there are other forms of 2FA available, such as the use of a code generating app, a mobile popup (recently introduced by Google for their 2FA), the physical proximity of the phone itself (e.g. a Chromebook's 'Smart Lock', which is tied to the Bluetooth signal of your Android smartphone), Biometrics like fingerprint and voice sensors, and physical USB Security Keys, all of which are superior options when available. (Though, some may argue that the Biometrics option is itself risky, as you can't change a fingerprint or voice signature if and when someone does 'hack' it.)

#Security #2FA
Add a comment...
Wait while more posts are being loaded