Monthly Archives: October 2016

Easy Steps to Protecting Your Digital Life

There are more reasons than ever to understand how to protect your personal information.

Major website hackings seem ever more frequent. Investigators believe that a set of top-secret National Security Agency hacking tools were offered to online bidders this summer.

And many of those worried about expanded government surveillance by the N.S.A. and other agencies have taken steps to secure their communications.

In a recent Medium post, Quincy Larson, the founder of Free Code Camp, an open-source community for learning to code, detailed the reasons it might be useful for people to make their personal data more difficult for attackers to obtain.

“When I use the term ‘attacker’ I mean anyone trying to access your data whom you haven’t given express permission to,” he wrote, “whether it’s a hacker, a corporation or even a government.”

In an interview, Mr. Larson walked us through some of the basic steps he recommended. We added a few of our own, based on additional interviews.

1. Download Signal, or Start Using WhatsApp to send text messages.

Encryption is a fancy computer-person word for scrambling your data so no one can understand what it says without a key. But encrypting is more complex than just switching a couple of letters around.

Mr. Larson said that by some estimates, with the default encryption scheme that Apple uses, “you’d have to have a supercomputer crunching day and night for years to be able to unlock a single computer.”

He said the best way to destroy data was not to delete it, because it could potentially be resurrected from a hard drive, but to encode it in “a secure form of cryptography.”

Signal is one of the most popular apps for those who want to protect their text messages. It is free and extremely easy to use. And unlike Apple’s iMessage, which is also encrypted, the code it uses to operate is open source.

“You can be sure by looking at the code that they’re not doing anything weird with your data,” Mr. Larson said.

“In general, the idea behind the app is to make privacy and communication as simple as possible,” said Moxie Marlinspike, the founder of Open Whisper Systems, the organization that developed Signal.

That means that the app allows you to use emojis, send pictures and enter group texts.

One bit of friction: You do have to persuade your friends to join the service, too, if you want to text them. The app makes that easy to do.

WhatsApp, the popular chat tool, uses Signal’s software to encrypt its messaging. And in Facebook Messenger and Google’s texting app Allo, you can turn on an option that encrypts your messages.

Mr. Marlinspike said the presidential election had spurred a lot of interest in Signal, leading to a “substantial increase in users.”

When asked to speculate why that was, Mr. Marlinspike simply said, “Donald Trump is about to be in control of the most powerful, invasive and least accountable surveillance apparatus in the world.”

Signal is available for both Android and iOS.

2. Protect your computer’s hard drive with FileVault or BitLocker.

Your phone may be the device that lives in your pocket, but Mr. Larson described the computer as the real gold mine for personal information.

Even if your data were password protected, someone who gained access to your computer “would have access to all your files if they were unencrypted.”

Luckily, both Apple and Windows offer means of automatic encryption that simply need to be turned on.

3. The way you handle your passwords is probably wrong and bad.

You know this by now. Changing your passwords frequently is one of the simplest things you can do to protect yourself from digital invasion.

But making up new combinations all the time is irritating and inconvenient.

Mr. Larson recommends password managers, which help store many passwords, with one master password. He said he uses LastPass but knows plenty of people who use 1Password and KeePass, and he doesn’t have a strong reason to recommend one over another.

Not every security expert trusts password managers. Some noted that LastPass itself was hacked last year.

So that means you may want to write them down in one secure location, perhaps a Post-it note at home. It seems more far-fetched that a hacker would bother to break into your home for a Post-it note than find a way into your computer.

If you take that route, we suggest setting a weekly or biweekly calendar reminder to change your passwords.

As far as making passwords up goes: Don’t be precious about it. Use a random word (an object near you while you are hunched over your Post-it), scramble the letters and sprinkle in numbers and punctuation marks. If you’re writing passwords down, you don’t have to worry about making them memorable.

4. Protect your email and other accounts with two-factor authentication.

When you turn this step on, anyone trying to sign in to your email from new devices will have to go through a secondary layer of security: a code to enter the inbox that is sent to your phone via text message. (Though sadly, not through Signal.)

You can also set two-factor authentication for social media accounts and other sites. But email is the most important account, since many sites use email for password recovery, a fact that hackers have exploited. Once they have access to your email, they can get access to banking, social media, data backups and work accounts.

5. Use a browser plug-in called HTTPS Everywhere.

Mr. Marlinspike recommended this plug-in, developed by the Electronic Frontier Foundation, a digital security organization. It ensures that you are using the secure form of websites, meaning that your connection to the site will be encrypted and that you will be protected from various forms of surveillance and hacking.

And this is a good time to note that you should always find out whether the Wi-Fi network you are using is secure. Public networks — and even private networks without security keys — often are not.

6. Remember that incognito mode isn’t always private.

You may be in such a hurry to use this feature, available on Chrome, Safari and Firefox, among other browsers, that you do not heed its clear warning.

On Chrome, the second paragraph of the “incognito” home screen spells it out for you.

“You aren’t invisible,” it says. “Going incognito doesn’t hide your browsing from your employer, your internet service provider or the websites you visit.”

Mr. Larson recommended Tor in his article, a browser that allows for private web activity. But we’re not going to recommend that here, mostly because Tor is relatively slow and clunky at the moment.

“I’ll be honest, I don’t use it very often,” Mr. Larson said.

He said he suspected that other browsers would start adding ways to browse more securely.

“Apple is very security conscious,” he said. “I wouldn’t be surprised if they started to incorporate Tor-like features into Safari.”

7. Do sensitive searches in DuckDuckGo.

Mr. Larson said that if people were paranoid about Google, he would strongly encourage them to use DuckDuckGo, an alternative search engine.

He said, however, that he was not paranoid.

“Google is built on the hacker ethic, and they have put principle above profits in some aspects,” he said.

But he also acknowledged that he meets “people all the time who are extremely skeptical of any large software organization, and I think that’s reasonable.” There are trade-offs. Google’s search results are more useful and accurate than competitors’ precisely because of the ways it collects and analyzes information about its customers’ searches.

Should Know some Free Tools to Keep Those Creepy Online Ads From Watching You

SAY you’re doing a web search on something like the flu. The next thing you know, an ad for a flu remedy pops up on your web browser, or your video streaming service starts playing a commercial for Tylenol.

The content of those ads is no coincidence. Digital ads are able to follow people around the Internet because advertisers often place invisible trackers on the websites you visit. Their goal is to collect details on everywhere you go on the Internet and use that data to serve targeted ads to your computer, smartphone and connected television.

This global commercial surveillance of consumers is poised to become more extensive as tech companies expand into the Internet of Things, a category that includes wearable computers and connected home appliances like smart thermostats and refrigerators. Amazon, eBay, Facebook and Google can already follow users from device to device because people log in to their services with the same IDs on various gadgets.

For other marketing companies, tracking people on multiple Internet-connected devices has become a holy grail. The process is complex, because some lack the direct relationship with people that the giant tech companies already have. Only about 6 percent of marketers can reliably track a customer on all of that customer’s devices, according to the research firm eMarketer. But advertisers are working toward the goal.

Continue reading the main story
RELATED COVERAGE
X Marks the Spot That Makes Online Ads So Maddening DEC. 6, 2015

How Bad Are These Bad Ads? DEC. 6, 2015
Smarter Living
Stories to help you understand the world – and make the most of it.
That New Year’s Resolution? Let Us Help You Stick With It
FEB 1
These Foods Aren’t Genetically Modified but They Are ‘Edited’
JAN 9
To Improve Your Sense of Direction, Lose the Technology
JAN 9
How to Navigate New Airline Carry-On Rules
JAN 9
How Emotion Over Pet Care Helps Explain Human Health Spending
JAN 9
See More »

ADVERTISEMENT

Continue reading the main story

“Our privacy is completely under assault with all these connected devices,” said Jeremiah Grossman, the founder of WhiteHat Security, a web security firm.

So what better time to get a head start on defending yourself against web snoops (as if email trackers, which this column covered last year, weren’t annoying enough already)? Many companies offer tools to help obscure your digital footprints while you’re browsing the web. We researched and tested four tracker blockers and found their results varied widely. In the end, the app Disconnect became our anti-tracking tool of choice.

Here’s how web tracking works: In general, targeting individuals with digital ads involves a sophisticated ecosystem of third parties — like online advertising networks, data brokers and analytics companies — that compile information on consumers.

When you visit websites, these companies typically pick out your browser or phone using technologies like cookies, which contain unique alphanumeric identification tags that can enable trackers to identify your activities as you move from site to site. To sell ads delivered to certain categories of consumers, like suburban singles looking for romance, companies may sync these ID tags to pinpoint individuals.

The downside is, your browsing history may contain sensitive information about your health concerns, political affiliations, family problems, religious beliefs or sexual habits.

“More than just being creepy, it’s a huge violation of privacy,” said Cooper Quintin, a privacy advocate for the Electronic Frontier Foundation, a digital rights nonprofit that also offers the anti-tracking tool Privacy Badger. “People need to be able to read things and do things and talk about things without having to worry that they’re being watched or recorded somewhere.”

We took a close look at four free privacy tools: Ghostery, Disconnect, RedMorph and Privacy Badger. We tested them with the Google Chrome browser on the top 20 news websites, including Yahoo News, CNN, The Huffington Post and The New York Times.

The tracker busters generally work in similar ways. You download and install an add-on for a web browser like Chrome or Mozilla Firefox. The anti-tracking companies each compile a list of known web domains that serve trackers or show patterns of tracking services. Then when someone connects to a website, the tools prevent the browser from loading any element that matches their blacklist.

Ghostery, a popular tracker blocker, was the most difficult to set up. When you install it, it asks you to manually select the trackers you want to block. Our problem with that approach is that there are hundreds of trackers, and most consumers probably won’t recognize most of them, putting the onus on users to research which specific services they might wish to block.

Scott Meyer, the chief executive of Ghostery, said this had been a deliberate design choice. When trackers are blocked, parts of websites may not function, so it is less confusing to let users experiment and decide which ones to block on their own, he said.

“We block nothing by default,” he said. “That’s in direct contrast to other companies who are saying, ‘We’re turning everything off and let you turn whatever you want back on.’ That’s way too complex for users.”

The tracker blocking tool RedMorph takes the opposite approach. It blocks every tracking signal it can detect and lets people decide which ones to allow. For parents concerned about their children’s Internet use, RedMorph also offers a service to filter out certain sites or block certain swear words or other language they find inappropriate.

“When you go home, you lock the door and you may pull down the shades at night,” said Abhay Edlabadkar, the chief executive of RedMorph. “You should have the same level of privacy control over your Internet activities.”

In our tests, RedMorph was the most thorough with blocking trackers. It blocked 22 of them on USAToday.com, whereas Privacy Badger blocked seven, Disconnect blocked eight and Ghostery detected eight.

But in the process, RedMorph caused the most collateral damage. It blocked some videos on the websites for CNN, USA Today, Bleacher Report, The New York Times and The Daily News. It also broke the recommended reading list on Business Insider and a Twitter box on BuzzFeed. For people who run into issues loading websites, the company offers an “Easy Fix” button to stop blocking a website’s trackers, but that’s hardly an ideal solution when it causes so many websites to malfunction. Mr. Edlabadkar of RedMorph said the tool was blocking some videos or recommended reading lists because they were loading only after a tracker had been loaded first.

That leaves Privacy Badger and Disconnect. Privacy Badger detects third-party domains that users are connecting with when they’re loading a website and blocks those domains only if they are determined to be tracking you. Its widget shows sliding bars of trackers it has detected. The ones in red are blocked and the green ones are allowed.

Disconnect takes a similarly nuanced approach. The company said some tracking was fair and necessary for a website to work properly — for example, if a site like The New York Times is using analytics to collect information about readers, as it describes in its privacy policy. However, Disconnect will block trackers from third parties that are collecting, retaining or sharing user data. On its website, it publishes lists of trackers it blocks and those it allows, along with explanations of its policy.

“We really focus on privacy rather than blocking ads that are done in a respectful way,” said Casey Oppenheim, the chief executive of Disconnect. “It’s important we have the ability for publishers to survive and make money. I think there’s a middle ground.”

In the end, we picked Disconnect as our favorite tool because it was the easiest to understand. It organizes the types of tracking requests it is blocking into different categories: advertising, analytics, social media and content.

Mr. Grossman of WhiteHat Security also tested tracking blockers and chose Disconnect for similar reasons. He breaks his online activities into two separate web browsers to make himself more difficult to track: On one browser, he does everyday tasks like reading news articles; on the other browser he logs into accounts that are linked to his personal identity, like online banking sites and Amazon.

But Mr. Grossman said that in the broad arms race between consumers and advertisers, the advertisers always find some way to outmaneuver us.

“We’re talking megabillion-dollar industries totally designed to track you online,” he said. “That’s their

Know More The Internet of Things Is Coming for Us

The Moche people lived on Peru’s north coast long before the Spanish conquest of the Americas. They grew corn and squash, built monumental adobe temples and were master craftsmen in gold and ceramics.

They never had the chance to sell their wares on Etsy, and yet they anticipated some of our most modern anxieties.

Like us, they saw themselves living in a vulnerable world where the technology created to make their lives better was just as likely to turn against them. While we worry about our baby monitors and home routers being hijacked by malicious hackers, they perceived a world in which everyday objects like jugs and clothes might come to life with ominous consequences.

Moche artists painted scenes of this happening on ceramic vessels and on the walls of their temples. They appear whimsical to us today — items of clothing, weaving implements, weapons, all with arms and legs, hands and feet, some with heads and faces, on parade or engaged in battle — but for the Moche they may have represented a deep-seated uncertainty and fear about the ultimate fate of the human-created world.

Continue reading the main story
ADVERTISEMENT

Continue reading the main story

In some scenes, the animated objects are docile. In one, bowls piled with food and jugs have grown legs and walk toward human figures participating in a ceremony; some helpful jugs even bend over to pour liquid into vessels.

But other paintings show a world turned upside down, where the objects have taken charge: They fight and defeat human warriors and parade naked human captives.

In an excavation in 1991 near the town of San José de Moro, archaeologists, including one of the authors of this piece, Luis Jaime Castillo Butters, discovered the lavish tomb of a Moche priestess. Her coffin had been anthropomorphized, with a mask representing the priestess’ face on top and with arms and legs fashioned from copper on the sides.

Inherent in the idea that objects have life is the more subversive concept that they also have desires; feel hate and love; seek revenge; and have the capacity to act on their own.

In the modern world, most of the objects that surround us are a result of an impersonal process of production — they come from factories, we buy them in stores or online. For the Moche, objects were not produced — they were created, imbuing them with the ambiguity and mystery with which life is given to animated beings.

Such objects could be either beneficial or dangerous, depending on whether they decided to serve their creators or turn against them, either of their own volition or through the black arts of others.

We now live in a world where objects once again have life. We can talk to them and they can answer back, as is the case with Alexa and Siri and their digital kin. With their help we can control and organize the world around us: We can make sure our homes are safe, turn lights and appliances on or off, summon a taxi or order food from a restaurant. Little by little we are transferring to these technologies the tasks that we used to do ourselves, and at the same time, we are giving them control over our surroundings.

The internet of things is made up of billions of everyday devices connected for convenience to the web. Last fall, hackers attacked this network, commandeering as many as 100,000 of these devices by using malicious software that guessed at their simple, factory-set passwords, and then ordering them to send volleys of nuisance messages to the computers of a company called Dyn, which functions as a sort of switchboard for the internet. That was enough to cripple many major websites, including Twitter and Netflix. We have given life to these things, but now we know that they do not obey only us.

There are alternative interpretations of the Moche ceramic paintings, and some researchers do not see a sinister component. But the paintings have an echo in a myth collected in central Peru in the early 17th century. In the myth, the sun dies, the world is plunged into darkness and household objects and domesticated animals revolt: Mortars and grinding stones eat people, and llamas drive humans.

Andean people before the conquest created a philosophical and spiritual system built around the concepts of duality and transformation — light versus darkness, order versus chaos.

The modern world is full of such opportunities for chaos, often created by humans and the increasing sophistication and technology-centeredness of modern life. A solar flare has the potential to disrupt electrical networks. A tsunami can flood a nuclear reactor. The digitalization of stock markets leads to flash crashes. Russian hackers stealing Democratic Party emails seek to influence an American presidential election.

Order gives way to chaos. The internet of things turns on its makers.

The Moche culture collapsed around A.D. 850. The reasons are not clear, but the collapse was most likely a result of the Moche’s inability to cope with a hostile and perhaps changing environment, including the failure of their technology, knowledge and institutions to help them overcome those challenges. We can be certain that the technology they created did not rebel against them. But neither did it save them when they needed it the most.