As secure as a SPY?
Since we are spending this week learning about online presence, perhaps now is a good time to talk about online security.
Let's start with the amount of information your giving away without realising it. Firstly, I'm sure you're all very careful with your Facebook settings - making sure that only friends can view your content and posts and friend's posts. Of course you are. But just in case it's definitely worth reviewing your privacy settings.
The whole purpose of Facebook is to join the world together using the power of the internet.
Like every corporation, Facebook's primary objective is to make money. And the way it makes money is to sell advertising that is targeted at you. And the way it targets you is to syphon as much information about you as it can from what you are doing on its site. It's AI sifts through your comments, likes, and your friends comments, likes etc and builds a kind of avatar about your politics, education, shopping habits etc.
They have a lovely page absolutely CRAMMED with information and HELPFULL sections to protect your privacy. It takes about two days to figure it all out and organise the settings. I wonder why they make it so difficult?...
There are plenty more helpful sites out there to help you. One to try is https://www.wired.com/story/facebook-privacy-apps-ads-friends-delete-account/.
On the plus side they do strip most of your metadata out of the images - see below.
Now. Do you have a cat? If so you might want to check out this site. Do it now but come back.
Did you see your cat? Was it at your address? Don't worry if you didn't. I'm sure there are plenty of other photos out there on the net on sites like Instagram, Flikr, Twitpic etc that have all the hidden data you really don't want to broadcast.
This is because digital images have a hidden section on them called metadata (or exif data) which contains all sorts of information such as the camera type & model, camera settings, time, complete thumbnails of cropped images and, if set, the GPS coordinated where it was taken! If your not careful you are broadcasting your face and location to everyone in the universe.
You need to have images on your site, though. So what to do? Again the internet is your friend (although it doesn't sound like it at the moment). But check out helpdeskgeek with simple procedures to 'clean' your photos before you use them online. It's a good idea to make a new folder just for exif wiped content as sometimes it's good to keep the exif data for photo apps on your devices etc. Copy your existing images into it and then if the data is removed from the copies directly, without re-saving, you still have the originals.
For Windows users, there is a built in option:
Right click on the image then > properties > Details tab (at the top) and you'll see an option to Remove properties and personal Information. You then can select exactly what you want to remove. Mac users will need to download a simple app from here.
So that's images done.
As of the end of this month, Zoom is going to be full on secure, so it will be as good as any of it's competition as regards security. And it is still the best for user experience.
At present it meets the following industry and security organisation standards:
● SOC 2 (Type II)
● FedRAMP (Moderate)
● GDPR, CCPA, COPPA, FERPA, and HIPAA Compliant (with BAA)
● Privacy Shield Certified (EU/US, Swiss/US, Data Privacy Practices)
● TrustArc Certified Privacy Practices and Statements
Which is nice.
But it is ramping up it's security at the end of May to a more modern encryption that's better for streaming.
However, this now means that YOU are the security weakness. In May you will be forced to use the new 5.0.x version with default security settings that make it very difficult to hack. Leave them be.
Then there is the issue of screen-sharing. Due to lag when you are changing windows while screen-sharing, whatever's in a window behind it becomes briefly visible. Make sure that any other windows are closed before starting a zoom meet. Look over your desktop for private files etc. Also, switch off the constant notifications that pop up on windows. They're rarely of any importance but might reveal incoming emails etc.
My computer has an i5 chip 3.7GHz.
Let's say it takes 6Hz to perform a calculation. That means every second it can perform ... erm .... so ... er ...
well, it has 6 cores (coincidentally - obviously) so it can perform 3,700,000,000 calculations per second. If your password is a word in English it can be hacked by me in 46millionths of a second.
Pause for effect...
Some more numbers.
PW = 6 characters long with upper and lower case letters and some numbers. Hacked by my computer in 15 seconds.
PW = Unique name combo + any year from 0000 to 9999. That's taking into consideration every possible combination of first and last names for every country in the world. So, likely yours. Hacked in 22mins. But more likely 2mins as I'll take a punt that you're not from Bhutan.
PW = 3 words you know (as recommended by GCHQ). Hacked in 36 mins.
PW = 3 words in english dictionary randomly picked. Hacked in 15 days.
PW = 9 characters made of upper & lower case letters, numbers and special characters. Hacked in 5 years (give or take) by me. Aurora a super computer in the States coming in 2021 would still take only take 9 minutes!
PW = as above but 12 characters. Hacked by me in 4m years. Aurora in 15 years.
These are very simplistic numbers built on many guesstimates and assumptions but they give you an idea.
The reason GCHQ suggests three words, is not that it's particularly secure, but it is secure enough AND you're likely to remember the password.
However, I have 4 pages of passwords to remember. Why? Because every new login should have a unique password to prevent cross site hacking if one password is compromised by a major corporate hack. Some of those passwords are hardly used and long forgotten.
I can't remember them all.
A password manager.
A password manager generates unique passwords associated with a website or just stored as notes. A good one is secure, uses Two-Factor authentication and is flexible.
It generates rubbish passwords for really unimportant sites that require no security like, 'EVErCUo'
to something a bit more, you know, hefty like,
or my personal favorite, &@*FwVoy!hK$br^a*qZ14sGJmYyjy3#6%d$#8!ZHjP2#jc1BeE!10okUDpeVB#*g#9RKJtD$N00DGJA@1Yq^WPzAfW6UvA2UIhJ
There isn't enough time left in the universe to hack that one.
You still need to remember a password, but just the one. It's called...
And it is. Loose it, forget it, have a brain aneurysm and all your logins are lost.
There are many password managers out there. Try googling information about security and you'll soon gets sucked into a wormhole of opinions and options. The upshot is that NOTHING is 100% secure. BUT you just have to make it too difficult to make it worthwhile. Remember you don't need to be able to outrun a bear. You just need to outrun your hiking partner. Hackers will move on to easier targets if it's going to take minutes to break your system.
The one that I've used and like is LastPass. It's free version is very comprehensive and hasn't filled up yet. It has Two Factor authentication using a grid or authenticator app on top of The Master. The passwords are locally encrypted and decrypted to the cloud so that they can't be hacked when off your system. Like I say loose The Master and LastPass itself wouldn't be able to recover your data. It can fill out forms at the click of a button - useful for shopping - and if you use a browser plugin, automatically fills login data on your sites. It takes a little practice but it is a massive enhancement of our security.
Check out this site for the top four password managers.