For Paranoiacs Only? 2FA Remains A Hard Problem

I’m convinced 2FA is an excellent idea, and I’m already using it for a few situations like my Apple devices and a Google account. Of course I use two-factor authentication on my Apple devices – but that only goes so far, of course. Google also bugs me when logging in to another Google account on those devices, but keeps sending the confirmation to an Android device that I do not always have near me (and I haven’t found a way yet to alter that setting).

But I have always hesitated to apply 2FA to all the applications and websites I use. Why? Because it’s hard to pick the right tool – which one can be applied to most/all sites (and I have a lot of those)? Should I pick a hardware solution, or an application? What about backing up your keys? What if I lose my phone? Etc.

Dan Goodin confirms the complexity of the situation, and tries to give an answer in “Choosing 2FA authenticator apps can be hard. Ars did it so you don’t have to” (on Ars Technica).

Don’t get me wrong: Goodin does an excellent job introducing the complexities of choosing a 2FA solution. But there are many more solutions available – just try any search engine and look for “2FA”. Years ago, I already looked at FreeOTP and andOTP, but I did not feel confident enough in their backup strategies to actually use them. I would also like to know more about privacyIDEA and its application to the problem.

The article mentioned however can be used as a measuring stick, to see whether your 2FA choice ticks the points that you really want/need. And if you don’t use any 2FA solution yet, at least make sure that you have all your (complex!) passwords in a decent password manager on all your devices – I still find Keepassium and the other members of the Keepass family very valuable.

Read Full Post »

A Once Great Chrome Extension Has Become A Security Risk – Get Rid Of It!

You will have to read the original Github ticket – or one of its copies, in case the Github ticket were to be closed/deleted/… –  but the essence of the message is that Chrome extension “The Great Suspender” (TGS) has become a very suspect suspender. According to the ticket, version 7.18 in the Chrome Web Store does not correspond to the source on Github, and has been modified in such a way that it could (can/will/…?) be used to invisibly execute tracking or malicious code!

I was a great fan of that extension: I’m always juggling reading material and lots of browser-based applications at the same time, and that extension made it possible to keep them all open yet limit the memory and CPU footprint of Chrome to more reasonable sizes. I read about the trouble yesterday, and did not hesitate to delete this extension from all my computers!

There is mention of a few alternatives to The Great Suspender; at least one of them is a copy of the latest “pure” version of  TGS. But at the moment it isn’t available at the Chrome Web Store and requires a bit of manipulation to get it installed properly: that’s not for everyone.

By the way: if the ticket mentioned above is too technical for you, hop over to Life Hacker or The Register get their take on the subject.

Anyway, the worst part of the whole story is that Google does not seem to be interested in doing what it should do, that being to kick the extension out of its Web Store, at least while investigating the matter. But so far there seems to have been no reply from them, even though several people, including me, reported the extensions as incompatible with the rules of the Chrome Web Store. In the words of The Register:

The Register asked Google whether it plans to implement any measures to help make it easier for people to understand who maintains Chrome extensions and to understand code changes that have been made. We’ve not heard back.

Read Full Post »

Contract For The Web: I’m In!

Of course I endorse the “Contract for the Web” – head over to https://contractfortheweb.org/ to do the same!

Read Full Post »

Who’s The Pirate In This Phone Scam?

The past few days I have been repeatedly called by criminals posing as “technical support people”, mainly for Microsoft – one said they called from my internet provider, but couldn’t explain why he spoke English although my provider should do its business with me in Dutch. I do wonder though: why is it that my home number is targeted just this week, after being ignored for many years? The callers all spoke English with an accent that I associate with India and Pakistan. I guess someone out there must have picked up a phone list from the past and said: hey, let’s try these numbers again.

Anyway, I had to think immediately of the solution to this problem that I read about in BoingBoing’s “Vacation scammer telemarketer spends 15 minutes talking to a bot”. The recording in that post is hilarious: it’s not just a Jolly Roger Phone Company bot replying to the caller, the bot takes the lead in the conversation while all kinds of interruptions are going on in the background.

Checking other samples from the other bots offered by the company shows that these are just as good (and just as funny). Too bad the Jolly Roger Phone Company service isn’t available here in Belgium!

By the way: isn’t it strange that phone companies are in no way responsible for helping these criminals?

Read Full Post »

This Is Not A Placeholder Post – Or Is It?

This is not a placeholder post. But it may look like one, since it will (or at least may) be different for each visitor. I’m using the Picsum Lorem website to add a more or less random image to this page.

Click the image to go the Picsum Lorum home page

Picsum Lorem takes a well-known concept: the use of placeholder text when designing a document, and applies it to images. The images are free, coming from the Unsplash community. For details about what Unsplash means with “free” you should check out their Help pages. In summary and according to my interpretation, “free” does mean “free” as in “free beer”, but it is considered a basic form of politeness if you credit the photographer of an image when you use it in a commercial context. Sounds logical, no?

I guess it won’t be long before we also find a “Moviesum Lorem” – or perhaps we should call it “Vidsum Lorem” ;-)

Read Full Post »

Yeah, But: “We Could’ve Voted On Deleting Article 13, Which We Wanted”

From “Sweden Democrats & Swedish Social Democrats Defeat Motion to Amend Articles 11 & 13“:

Sweden Democrats have now issued a comment on the vote.

“Today we had three push-button votes on the Copyright Directive. On one of the votes, we pressed the wrong button: the vote on the order in which we would vote. If it had gone through we could’ve voted on deleting Article 13, which we wanted. The vote should have ended up 314–315.”

The BigCo’s must be laughing like mad after reading this. I’m just flabbergasted: I thought MEP’s were supposed to be smart enough to push the right button out of three…

 

Read Full Post »

Make Our MEP’s See This Video

It’s a catchy #SaveYourInternet song with good lyrics!

The software in Tesla’s car was hacked just a few days ago, so these words from the song are particularly appropriate for today:

And if we still don’t trust AI in Teslas yet
Then pray why would we let it suppress the Net?

Or how about this quote?

It isn’t about creative control, nah,
It’s about controlling creatives for cold cash

Thank you for this song and video, Dan Bull! And thank you, BoingBoing, for pointing them out!

Read Full Post »

This Is NOT How I Want To Feel After The Vote On Tuesday…

I’m talking about the final EU debate and vote on the new Copyright Directive, which is/was planned at 0900h CET on Tuesday, 27 March…

Read Full Post »

From Bad To Even Worse…

As summarized by Cory Doctorow in “The EU hired a company that had been lobbying for the Copyright Directive to make a (completely batshit) video to sell the Copyright Directive“:

In other words, the Parliament gave public money to a corporation that stands to make millions from a piece of legislation, and then asked that corporation to make a video that used false statements and hysterical language to discredit the opposition to the law. It’s not even lobbying, where a corporation uses the promise of campaign cash and other incentives to get officials on-side: this is public officials paying lobbyists to sway public opinion to win a law that will vastly enrich the corporation the lobbyists represent.

Cory is a far better writer than me, so let me use his words to reiterate (and reinforce!) the point I tried to make two weeks ago:

If the Parliament gets its way, those Eurosceptic parties will go into the elections with a devastating piece of ammunition: if the European Parliament votes in a law in spite of the largest petition in the history of the human race opposing it; if it passes the law after being directly contacted by millions of concerned voters; if it passes the law after massive, continent-wide street demonstrations opposing it, then the Parliament will have proved Eurosceptics’ point for them.

I hope it does not have to get even worse than that before it can begin to get better with European politics.

Read Full Post »

No, I’m Not Waiting To Be Bribed By Google…

When I first read these words (by Cory Doctorow), I was quite surprised. Could an executive entity be so… stupid… ?

The EU Commission has been forced to retract a Medium post in which it patronised and dismissed opponents of the controversial Article 13 proposal that will force platforms to surveil and censor users’ postings with copyright filters, calling them a “mob.”

The Commission characterised the opposition as being stooges for Google, hoodwinked by the company to carry water for it, despite the fact that Google has quietly supported the idea of filters as an acceptable alternative to other forms of regulation (Facebook, too, has supported the proposal).

The answer to my question above is: yes. And just to be clear: I oppose some of the Articles in the proposal, but no-one has paid me to do so!

If you want to read what the EU Commission published, head over to TorrentFreak – they have archived a copy of the text.

Does the text of the Commission in anyway address some of the critiques levelled at the current proposal? Not really. It tries to explain the rationale behind it, but hides that attempt between a number of fabrications that can only be classified as condescending, disrespectful and anti-democratic. How else can you interpret a text that says “Do Google, Facebook or others really need to pay to persuade?“, when you know that such companies are among the biggest lobbyists in Brussel (just check LobbyFacts.eu).

Anyway, let’s talk facts: if you want to know what’s wrong Article 13, head over to the EFF website and read “Artists Against Article 13: When Big Tech and Big Content Make a Meal of Creators, It Doesn’t Matter Who Gets the Bigger Piece“. In short: Article 13 is about filtering content, and no reasonably-size forum can do so without automation. Given that all pattern-recognition software (that’s what AI is about) is strongly dependent on the input used to train it, it’s more than likely that many errors will be made. Obliging the platforms to police the content of its users amounts to a form of privatisation of censorship – without much recourse to a fair trial to redress errors and fraud…

What worries me, as a longtime supporter of Europe, most about the EU Commission’s blog post is that incidents like this one are very likely to diminish enthusiasm for the European unification and for the upcoming European elections; it certainly does so for me. Two decades ago, being an elected official for Europe was an ambition for those with a genuine will to make the European Union a success. These days, it seems more like an extension of local and national politics: you try to be elected because one way or another there’s (big) money to be made there… I know this is a very cynical view – but I can’t help feeling that whoever wrote that EU Commission post as far more cynical about democracy than me!

Read Full Post »

Come On, Europe, You Can Do (Much) Better

The latest EU Copyright Directive has reached a final state before going to the EU Council and the EU Parliament. Unfortunately, some of its articles are still unpalatable for anyone wanting to keep the Internet a place where censorship, be it by official authorities or by commercial entities, has no place. I refer you again to the words of Cory Doctorow of the EFF in one of his many explanations about the current proposal, and to the detailed analysis written by MEP Julia Reda. For details on the latest version of the proposal, you should read Reda’s “The text of Article 13 and the EU Copyright Directive has just been finalised“.

I fully understand the desire of artists and authors to be rewarded for their creative efforts if they so desire. Any copyright law must take that into consideration. But I’m not so sure that the current proposal will help them: the only winner will be big, rich companies… not the authors! The proposal, through Article 13 for example (which does not even mention the creators of content, only “rightholders”!), will reinforce monopolies and reduce competition. Unreliable automated filtering of content, without any means of contesting the results of those filters – is that what we really want?

Keep up the pressure, contact your MEP and tell her/him that this Directive in general, and certainly Articles 11 and 13, is not what Europe needs! And vote smartly in May, when the European Parliament needs to be reconstituted.

Read Full Post »

A Good Intention For 2019: Improve Your Online Security

The list proposed isn’t perfect, but multiple items on the list are a good start: “Security Checklist: Be safe on the internet“. It’s an “open source checklist of resources designed to improve your online privacy and security“, and it does cover the basics: a password manager, strong passwords, two-factor authentication where possible, device encryption, etc. As a Belgian citizen, I don’t know what a “credit freeze” is, so I ignore that suggestion.

I’m not certain if I should classify it as a minor or a major flaw, but I feel that Keepass (and its variants/derivatives) should have been mentioned explicitly. I have written about Keepass in the past, and in my mind it’s still the best password management solution. Yes, it requires a bit of tinkering, but you really don’t need any advanced computer skills to build a strong, working solution for multiple devices that works online and offline. I prefer that to a paying solution which at the same time stores your precious data in a place that you just have to trust…

Read Full Post »

Let’s Keep Opposing The Current European Copyright Reform Proposal !

Like I said a few days ago: the fight isn’t over yet. And Change.org confirms that: “The Internet is saved? Unfortunately it isn’t!“:

There is currently mainly disagreement as to whether or not SMEs (= small and medium-sized enterprises) should be excluded from the reform. Germany is in favour, France against! This disagreement was the reason for the cancellation of the deadline. The actual problems, i.e. the upload filters or the ancillary copyright, are still advocated by too many countries.

If you care about the Internet, you should sign the petition as well!

Read Full Post »

Basecamp Is Now A Facebook-Free Business – Who’s Next?

I do have a Facebook account, but I don’t use it – not even to spy on my children. So I wonder: is this just an interesting experiment, or the start of something big?

At Basecamp, we’ve decided to go Facebook Free from today. If you’d like to join, either today, tomorrow or next year, just comment on this post, and we’ll highlight credible pledges for all to see. You’re also free to use the 100% Facebook Free badge that we’ve released under Creative Commons (CA BY-SA 4.0) and have it link back to this page.

Anyway, since I don not use FB (or Instagram, for that matter) in a professional context, you could say I’m “Facebook Free” as well. Hi there, DHH!

Read Full Post »

Going Viral, As Detailed By BoingBoing

A month ago, I linked to a BoingBoing post about the puzzles of Tim Klein. Nothing fancy, just my way of remembering some of the wonderful creations that reach my computer over the Web.

As it turns out, that BoingBoing post was the start of a “viral infection”: Tim Klein’s puzzles went all around the world. Even more interesting: Rusty Blazenhof, author of the original post, has tracked the chronology of “going viral” for this post – spreading out via blogs, but mostly through Facebook and Twitter (of course!).

Click the image to go to Tim Klein’s portfolio

If you haven’t seen Tim’s work, don’t hesitate to click the image above. You may want to exercise patience if you’re thinking about acquiring one of them: you’re not alone, thanks to the Internet!

Read Full Post »