security | Piss and Moan

Internet spies

Posted on March 9, 2022 by backuphill

Have you noticed that the internet is spying on you? We joke about it, but have you been met with ads on social media shortly after you were talking about something, something that you haven’t ever looked at or shopped for previously?

Have you noticed that your electronic devices seem to be listening even when you aren’t using them? We’ve seen or heard examples where the “assistant” we willingly allowed in our homes have responded without prompting.

Freak you out a little?

How do airlines know to send me an email reminder about booking a flight I have looked at on their webiste but didn’t actually log into the website? I was just browsing for curiousity sake. Dreaming. But not 30 minutes after looking I receive an email asking or reminding me about booking the flight. Weird?

The fact is, any sense of privacy we have these days is an illusion. We like to assume we have privacy but in reality we don’t. We are beind spied on everywhere we go. Our phones track us. Our apps track us. Our computers track us. Our watches track us. Our tvs, appliances, gaming systems, streaming services, security cameras, cars, etc etc etc track us. Our spending is tracked. Our health is tracked. Our eating is tracked. Our exercise (or lack thereof, in my case) is tracked.

Can you name something that isn’t tracked? I bet you have a difficult coming up with a list of things that are free of tracking these days.

Sure, we allow it. We invite it onto our bodies, into our homes. We have asked for it to a degree. But at what point do we look at all of it and say enough is enough?

We trade privacy for convenience. Plain and simple.

Our assumption is that we have privacy and we have to blindly trust that it won’t be violated by the things we allow into our lives. We all know it is being violated though. We all know they’re lying to us.

So why do we keep doing it?

Follow up – Authentication frustration

Posted on July 16, 2021 by backuphill

Alright, for those of you who give a rat’s ass and want to know what’s going on over here at the blog, I have a follow up about the last post – Authentication frustration. I doubt that many of you really care whether you get an update but just in case you are interested or simply run into the issue yourself, here is the info you might need.

Two-factor authentication is a royal pain in the ass. It is unfortunate that it is even needed, but that is the state of society these days. There’s a whole bunch of really stupid, bad people out there.

While Instagram and Facebook have the ability to set up two factor authentication, I would recommend NOT using it and just having a really, really strong password. The unfortunate truth is that this social media giant has a process that is broken, meaning you may or may not be able to access your account if you ever need to use it. Based on scouring the internet, I would say there are a large number of people who have lost their accounts due to the fact that the text message for the two factor authenticator never gets generated or sent (not sure which, but either way nothing shows up in your messages). Thus, leaving people stuck and locked out of their accounts.

I’ll tell you what, it was a couple of frustrating and worrisome days trying to get back into my accounts.

Yes, you read that right. I WAS able to get back into both of my Instagram accounts. But it wasn’t without a lot of hassle and frustration.

The “help” documentation provided by Instagram is annoying, poorly written, and ultimately doesn’t really help. There is no clear way to contact customer support if none of their suggestions work. It is just a mind numbing maze of FAQs that don’t really point you in a clear direction if you ultimately still need assistance. It would have been especially helpful if along with the “How to set up two factor authentication” FAQ there was also a FAQ for “What do I do if two factor authentication isn’t working as it should?” A “click here” link to fill out a support ticket would have been just awesome.

As it turns out, I somehow stumbled upon a place to submit a “help ticket” in the app and eventually got a response via email. The place I filled out the form said I would receive an email from Instagram. Low and behold, I got a rather suspicious looking email from Facebook. This email was signed by “The Instagram Team” and outlined steps to begin the recovery process. Luckily, I had seen and read a blog post by someone else that outlined the process they went through to recover their account. The email they described sounded very similar to the one I received so I wasn’t as suspicious as I would normally be.

“Please reply to the message and attach a photo of yourself holding a hand-written copy of the code below: XXXXXXXXX”

Then followed other instructions about how to submit the photo. I followed the instructions and replied to the email. About 30 minutes later I got another response with more steps to take for account verification. I followed those steps and then another email arrived. Within two hours I was back into my account and turned off two factor authentication.

What a freaking hassle!

Anyway, after all is said and done, the world has been set right again. I know you might not be all that keen on dealing with social media and whatnot, but truth be told – those that use it have memories stored there and have distant family access there. In the case of one account, I have a huge number of hours in creation and curation of posts there. It’s an investment, whether we like to admit it or not. Losing access to a social media account can be stressful.

I seriously hope you never have to deal with this.

Authentication frustration

Posted on July 14, 2021 by backuphill

Frustration level has reached CRITICAL. I am having a hard time balancing the internal coolants and I just might blow a top, a gasket, a lid, a …

So, yesterday I upgraded my phone from an iPhone 8 Plus to an iPhone 12 Pro. That part isn’t the frustrating part.

The frustrating part is all the apps that have to be logged back into and set back up and all that jazz that goes with having a new device. BUT, there is one big issue that has been caused by doing this and it is creating a huge roadblock!

The issue – two factor authentication.

Good lord, what a nightmare!

I have two work apps that are used for two factor authentication. Both have to be set back up on the new device. The guy who does the usual setup is on vacation until next week, meaning I am going to have to wait to get help with the setup and I’ll have some limited access to things that are part of my job until it is done. Obviously, that’s an issue.

Also, I am now locked out of my Instagram account…because of two factor authentication. I have two factor authentication set up on my account to keep from being hacked, but what Instagram doesn’t tell you when you set it up is that it MAY or MAY NOT work as it should. What it is supposed to do is send a text message to the phone number used to set up the account. So, when you go to log in, it shows you the number it is sending to but the text message is never sent. I have tried over and over and I get all kinds of other two factor authentications via text, so why it isn’t working is beyond me. Included in that two factor authentication set up is the ability to get recovery codes for when the text message doesn’t work. Great, except the codes don’t work either. I have 5 unused codes from when set it up and none of them have managed to get me back into my account.

Even more frustrating, try finding a place to get “tech support” for these issues. That’s a freaking circus in and of itself! The website is of little help. There is no help in the “reset password” email (especially if it takes you right back to the two factor authentication screen).

I am telling you, two factor authentication is a pain in the ass.

I have finally managed to file a support ticket/report with Instagram/Facebook, but it was tough finding the place to do it. So far, it has produced no results as I go through the process.

Let me tell you, if I get back into my account, I am turning that two factor thing off ASAP. What a freaking nightmare…

Totally makes you rethink upgrading your devices now…

Virtual over the shoulder

Posted on March 16, 2021 by backuphill

In my line of work, I do a lot of “virtual over the shoulder” looking at a client’s computer. It’s the best way to help them troubleshoot issues they have in the software and we can help them (sometimes “holding their hand”) as work through processes to get the data they need. This is, of course, with their permission.

The matter is entirely different when you haven’t explicitly authorized a computer/mobile operating system, app, or browser, to look over your shoulder virtually while you use a device. Instead they collect more and more data about what you do and where you go, all in the name of providing information and data to people who want to sell you things (or have other motivations).

I am getting more and more wary of the intrusiveness that we have allowed, mostly without a fight. We just accept it.

So, I have started looking at alternative browsers that provide more of the privacy that we should want, but moreover expect. I have used Chrome for years and years, both personally and at work. However, as more information comes to light about business practices and intrusiveness (even the “incognito” mode tracks you) it becomes harder and harder to accept.

Transitioning to something different is difficult because you inevitably are going to be asked to sacrifice something in the trade-off. Weighing all those factors becomes somewhat of a challenge since there are benefits with the varying products that are out there. The nagging question is always, “What’s the best way to go from here? Am I making the right choice?” It’s a question I haven’t been able to settle as I look at the different options.

So, what say you?

Are you on a similar journey and what are you finding? Have you taken steps to move browsers and what did you consider as you did so?

Tell me what you are considering, or considered if you have already made the move.

Ad-versary

Posted on February 2, 2021 by backuphill

Facebook, you are doing it to yourself. The revolt against you and your policies, oh and your very very underhanded and sneaky use of people’s data, are going to do you in. You still have an audience, but people are growing tired of being suspicious of everything you do in the background and they just want some safety and privacy from your all invasive practices.

No one wants to be bombarded by advertising. No one wants to be tracked everywhere they physically go and no one wants to be tracked where they go digitally either. So, this little deal you got going on here shouldn’t fool too many people…except that it likely will.

Perhaps Apple is actually trying to protect people and their data. Perhaps they are just making room for their own tracking and advertising. I haven’t a clue. But what I do know, is that I like the way Apple has shown that they are trying to protect people’s data. That goes a long way in trust, something Facebook doesn’t have and likely won’t have (for sure from me).

Facebook is scrambling to adjust over new alerts coming from Apple in the near future that will let people adjust how they get advertising from Facebook by opting out of tracking (or in, depending on how you view this approach). In essence, it will block tracking data so you don’t get “personalized” ads. I am all for that!

Actually, I don’t like ads at all. I’d rather not have my feed filled with ads that some company thinks I might be interested in. I could totally do without. I’d even consider paying a small fee to go ad free. But, at the same time, if I am going to pay a fee to not see ads I would also expect that I am not going to be censored for my views, thoughts, beliefs, etc.

Apple and Facebook have taken an adversarial approach to how they are going to work together and I like it. Big tech and other companies should have to fight over customers and the more people make them work for their dollars the better off we are as consumers. But we as consumers need to be smart about how we give our business to these companies in order to make them compete for it, otherwise we get all-encompassing monopolies who then dominate the marketplace and make up new rules and charge ridiculous fees because they have no one to oppose them.

I like what Apple is doing here. I hope they aren’t just trying to make space for their own scheme. But for now, I am glad to see Facebook about to take it in the nose for their privacy and data collection practices.

They actually deserve it.

Who needs security?

Posted on January 9, 2020 by backuphill

Photo by icon0.com on Pexels.com

Every once in a while (well, probably more like every day), I wonder if the people in charge know what the heck they are doing? In this case, it happens to be those who are in charge of military bases and security.

This article, Chinese caught surveilling same US military base twice in 2 weeks, caught my attention earlier this week and after reading it all I could think was, WTF? Who’s in charge of security?

Yes, its concerning the Chinese are trying to spy on our military bases and apparently doing it right under out noses.

Several things in the article stood out. The first was this:

The guard asked the men for their military IDs, which they did not have. She told Wang and Zhang to turn around and leave the grounds. Instead, they drove straight onto the property.

They drove straight onto the property. So, like, anyone can just drive through the gate unobstructed? There little to no barriers to slow them down? No tire spikes or giant posts rising out of the ground like we see in the movies to stop people from proceeding?

So what happens next? Did the guard chase after them?

The guard, who was not permitted to leave her post, radioed other security personnel with a description of the vehicle.

The guard? As in, there is only one guard at this particular post? There aren’t others there, with weapons or vehicles, as back up? What? This can’t really be how things work, can it? So she radioed other security…because there were no other security guards near by? I can’t believe an entrance to a military base is only guarded by one person. Really?

This is rich. So who actually went after these guys after they breached the under-protected gate at a military base?

After 30 minutes, Navy security forces finally located the two men.

Wait, it took 30 minutes to locate them? WHAT?? So for 30 minutes these intruders were driving around a military base, unhindered, because a single guard at a poorly designed post entrance didn’t have any back up? Seriously?

They allowed the security officers to look at their phones and their Nikon camera.

The officers found photographs taken of the property,…Officers also found video Zhang filmed with one of his devices.

Incredible! Absolutely incredible. 30 minutes of information gathering, which I am sure was sent to somewhere to someone who could use the photos for something. I am sure they weren’t just keeping those images on their devices to upload later. That wouldn’t make sense with the technology available today. So, that means they were at least partially successful in their mission. Good grief.

Nice work, whomever is in charge. Way to put safety and security protocols in place that make sense. This whole things has a Three Stooges, or Keystone Cops, feeling to it. This is how we secure a “sensitive storage site for weapons and ammunition”?

Not cool. Not cool at all.