by ·Comments Off on You Can Buy the Product or Be the Product

November 21, 2016. I once heard Leo Laporte say in the course of one of his podcasts netcasts that if you use a service and can’t tell someone what that service’s product is (in regard to making money), you, the user, are the product. As I think that through, there is a lot of truth in that. Philosophically, Facebook’s product may be a platform to connect people and enable the spread of information, but in a practical/business sense, their product is you. Their money is made by getting advertisers to buy ads. Advertisers buy ads as a way of buying your attention and time. In a very way, you are the product while advertisers are the customers.

This by itself is not negative. Advertising can truly be beneficial to a person, connecting that person with a legitimate need or want to a quality source for filling the need/want. Advertising is likely more often benign, with a person making an acceptable and small trade of attention for no reward (from the ad or advertiser), but can also be varying levels of negative, by greatly distracting or even offending the person seeing the ad.

Most concerns regarding advertising though are not focused on what you give up in attention, time, or efficiency. A greater concern for many comes from the privacy trades you may have to make.

There are extreme examples, such as AT&T and Verizon using “supercookies” to track user’s habits for better targeting ads, and browser extensions  are one easy way for your habits and actions to be tracked. Even if you think you are being careful about what sort of digital trail you are leaving, things like browser fingerprints and the tracking or logging done by your service provider may make you think otherwise.

Tracking of activity and habits is not necessarily bad or is at least not bad in itself. If we are going to have services or content provided which is made possible by advertising revenue, there is a certain logic in trying to make sure those ads are as useful as possible, so being served ads that are targeted to the user become more appealing.

Additionally, “Artificial Intelligence” with bots, virtual assistants, and machine learning is the focus of many large tech companies. These new technologies are dependent on large quantities of user data being available to learn from.

What’s the takeaway from all of this?

Someone has to pay for the sites and services you use online. When given the option, consider paying instead of always looking for the free option.

Most of all, educate yourself about the products you use and weigh what you get vs. what you give up.

by ·Comments Off on Major Failure #1

Well, here’s the first of the “I’ve got nothing to write” posts. The past week was fairly slow in tech news and highly political which isn’t an arena I’m interested in entering. So, for now, I’ve got nothing.

Sorry folks.

by ·Comments Off on Is Digital Security a Myth?

I have a co-worker who has made the point that you never say “The building (or network) is secure.” You say “The building appears secure.” His years of experience in security and I.T. have taught him well.

I’ve spent the past week pondering to what extent true digital security exists. We experience varying levels of the feeling of security which in turn may broadly parallel reality in our personal level of digital security, but in all likelihood, our feeling of security is tied more to our ignorance of our vulnerability than it is to any real evaluation of our digital lives.

Among the interesting things I read this week was an article that pointed to a group of Wall Street heavyweights that avoid email for substantive communication, with some avoiding the medium altogether. Prosecutors have for years been using email communications to build legal cases in the financial world, and even if a court decides in favor of the organization, the contents of embarrassing emails have made their way to the public, unlikely to be forgotten.

A more frightening article I read this week described how a trio of hospitals in the UK were crippled by a computer virus outbreak. In response to the infection, the first hospital shut down the majority of its computer networks as they worked to fight the virus. Due to a shared IT system, a second hospital was taken offline by the same action. This caused the cancellation of most non-emergency procedures and forced many people to divert to nearby hospitals for their emergency medical needs. This account brought to mind the case earlier this year where a hospital in California had to pay a large Bitcoin ransom to decrypt their data following a cyber-attack.

Vulnerabilities in the sites, devices, and services we use are constantly being searched out by people like the hackers who breached Yahoo’s email system in 2014. News of the breach surfaced only within the last two months, years after the hackers gained access, retrieving information on roughly half of a billion users.

Another problem core to the insecurity of our digital lives is that in addition to flaws and vulnerabilities being found in the construction of the devices and services we use, often we the user can be “engineered” to work against our own security. So-called “social engineering” attacks target human nature rather than machine or software vulnerabilities.

The chairman of one of the major political campaigns this year was targeted with a message designed to get him to expose his email credentials. Being cautious, he ran the message past an IT technician who recommended the chairman change his password, but unfortunately, the advice was unclear and the resulting action revealed information not just about the campaign manager, his candidate, and campaign, but various people and organizations he had been in contact with via that email account.

All this with the recent rise of the Mirai Botnet (and subsequent fall of internet connectivity on the East Coast) has highlighted the issue: We must start considering the realities of our digital security. While there’s little logic in marching toward an offline lifestyle or even to start doing or purchasing drastic new security measures, there needs to be a renewed focus on some basics. For one, consider what you say and do, and where and how you say/do it. Assume that the services and devices you use are vulnerable. What should you change about your usage habits?

Postscript: There was a bright spot that came through my feed this week specific to digital security. Popular password manager LastPass this week announced they were making free a previously premium feature; You can now sync your LastPass database across an unlimited number of devices for free. Many people have the extremely insecure practice of using the same password across multiple (or all) sites and services. This means that as soon as one service you use is breached attackers can use your information to try logging into any other site or service. While maintaining unique passwords may seem too difficult a task, using a password manager can make it less onerous. Check out LastPass, 1Password, and KeePass and take a step toward a more secure digital life.