Wednesday, May 28, 2014

Protecting Your Privacy - A Basic Rundown of Smartphone Kill Switches

A lot of debate has arisen over smartphones and kill switches. This is predominately a response to the actions of several state senates, including Minnesota and California, which passed controversial bills in the beginning of May. While varying in specific details, these bills are intent on requiring cell phone manufacturers to include “kill switch” technology in all their smartphones.

First things first, what does kill switch technology do?
Also known as “bricking” a cell phone, these kill switch programs are intended to allow the owner to render a device useless and its data unobtainable in the case of theft or loss. Some newer smartphones already have this feature available, such as Apple’s iOS 7, where it is called Activation Lock. Samsung has similar lock and kill switch features. Apple also already has a Find My iPhone app accessible for all their phones, iPads, and Macs that helps owners track their devices and decide if it was truly stolen or just simply misplaced.

How big of an issue is smartphone theft?
While some feel that features like kill switches or tracking apps are already widely available for concerned owners, others feel that even more must be done.

There is certainly no doubt that smartphones are a tempting target to thieves. Depending on the brand and value of the device, thieves can net themselves hundreds of dollars on the black market, and that's before we get into the profits reaped from selling your data and identity. iPhones are usually the most profitable, and iPhone theft has become so common that it has been nicknamed by some as “apple picking”.

Most prevalent in metropolitan areas, it was estimated that last year in 2013 an estimated 3 million Americans were hit by smartphone robberies. In addition, according to the D.C. Police Department, 40 percent or more of reported robberies in every large city region, such as Washington D.C., San Francisco, and New York, involved the theft of smartphones.

More than physical endangerment, theft of smartphones can also lead to identity theft if the phone is unprotected or not password locked.

What is being done and what are the concerns?
Clearly smartphone theft is a major problem. In a way however, the bills passed by Minnesota and California’s senates are just making doubly sure that the payoff of stealing smartphones is greatly reduced. This is because the concept of widely implementing “kill switches” to make smartphones unsellable and thus less attractive to thieves has already been addressed.

On April 15th, most major cell phone companies announced their participation in CTIA’s “Smartphone Anti-Theft Voluntary Commitment”, pledging to have “baseline anti-theft tools” (basically kill switch technology) downloadable or pre-installed in all smartphones manufactured after July of 2015. Participating companies include Apple, HTC, Google (Android), Motorola, Samsung, AT&T, Verizon, Nokia, T-Mobile, Sprint, and other large organizations.

Don’t expect news stations to stop discussing the “kill switch” controversy however. Some are concerned that implementing this type of technology will in fact make smartphones less secure, citing possible danger from hackers using those same “kill codes” to steal sensitive data and maliciously disable smartphones that are still in the hands of their owners.

Wednesday, May 21, 2014

Why All Internet Users Should Use a VPN

Two technical results are achieved by using a virtual private network connection, or VPN. First, you can make it look like you’re accessing the internet from a different location, country, or machine than you actually are, thanks to the VPN hiding your real IP address. Secondly, a VPN encrypts your connection, so your online activity cannot be seen by eavesdroppers and nosy criminals. Do you really need a VPN though? Yes, I believe you do, in fact, I believe everyone should have one, and here’s why.

Privacy Is a Basic Right

If you believe that you should have the right to receive and send information over the internet without the authorities, hackers, or anyone besides the intended recipient viewing your communications, cataloging and following what you do, then you need a VPN. Philosophically, that’s probably a good enough reason to get one, but let us look at specific examples of how a VPN can help protect your online privacy:

Avoid tracking and reprisals for web research – There are a number of reasons you would want to keep your internet research private. Reporters, celebrities, law enforcement officers, and market researchers are some of the most common researchers who would want to remain anonymous. By masking your IP address, a VPN can do this.

Make VOIP calls private – If you are not familiar with the term, VOIP stands for voice over internet protocol. Basically, it is internet telephoning. Skype and Lync are examples of this, unfortunately is incredibly easy to listen in on. A VPN is able to cloak your calls.

Avoid internet marketing based on your search history – Every web search you perform is logged by Bing, Google, and other search engines. These searches are associated with your IP address, which the engines then use to direct advertisements at you. It can be annoying, and is the digital equivalent of advertisers yelling your name as you walk down the street, trying to hawk their wares.

Added Benefits of a VPN

For anonymous browsing and confidential emails, the Wi-Fi in a hotel or the hotspot at Starbucks is not a safe option. Anyone savvy enough to eavesdrop can do so fairly easily, since public Wi-Fi typically offers zero encryption to users and monitoring software is freely and cheaply available. If you think you need to be especially talented to steal data over Wi-Fi, think again, there are plugins for browsers that beginner hackers are able to utilize at the click of a button to see everything you are doing online, these plugins can even collect passwords and typed information, and steal enough data to compromise your identity. A VPN is able to keep all of your data encrypted no matter where you are.

Many organizations, such as schools, offices and even a number of countries have draconian rules about what you can access on their computers. They end up censoring popular sites and services like Twitter, Facebook, Flickr, Netflix, and YouTube. With a VPN, you can unblock these sites and access any site you want.

Choosing the Right VPN

VPN’s are a dime a dozen these days, finding the right one might seem tough at a glance, but do a little research and it becomes clear which ones are dedicated to protecting your privacy, and which ones are are simply paying lip service. It’s a competitive field, so subscription prices keep falling. Whatever you do, do NOT sign up for a free VPN service. Right now, I use Ironsocket VPN and DNS Proxy and have been really impressed with their service. It’s cheap, feature-packed and their customer service is just brilliant. If you’re in the market, I heartily recommend them. There are some other relatively decent options, but I’ve yet to find one that’s as open and transparent, and which provides the value they do.

Friday, May 16, 2014

Much Ado About the Heartbleed Bug

What to Do to Stay Safe in the Wake of the Heartbleed Bug
Heartbleed has come and gone, no need to worry, right? Wrong. Since March of 2012, the Internet’s most popular cryptographic library, OpenSSL, has been potentially bleeding information due to a massive security vulnerability. Yes, it’s been patched, but unless you’ve been proactive about your online security, you may still be at risk.

For many it is hard to tell if you are affected since most users do not even know whether a site they visit is using OpenSSL. Many sites that do use OpenSSL have been fairly good about communicating the fact that users need to update passwords, and providing information on what needs to be done. That said, quite a few have been startlingly lax, and either haven’t sent emails out in a timely manner or haven’t sent them at all. I say if in doubt, change everything.

OpenSSL Is Apparently No Longer Vulnerable

The people who maintain OpenSSL fixed the vulnerability just before the bug was revealed to the public. Swapping out the cyberlocks that protected their data, it is up to Internet companies to also create fixes for their own software. Going forward, you are probably protected as long as you’ve updated your password information. The scary part is thatsince OpenSSL ha been vulnerable for the past two years, any information you sent over the Internet could have been compromised.

Though there is little you can do about the Heartbleed bug now, there are steps you can take to ensure you are unaffected if similar issues arise in the future:

·         Remain calm – The vulnerabilities exposed this week have already been secured by all of the major Internet companies, including Google and Amazon.

·         Public Wi-Fi networks are not your friend – Limit your Internet usage to transactions that are not especially sensitive and things you would not mind people being able to see if you are hopping on the Wi-Fi in public places like Starbucks. When in doubt, use a VPN.

·         To see which sites are vulnerable, do a test–There are apps available on the web that will tell you when the encryption on a site was last updated, what type of encryption they use, and if the site is still vulnerable to the Heartbleed bug.

·         Use a VPN – Connect using a VPN if it is offered by your school or company. Or, you can purchase VPN services for fairly cheap. These provide unparalleled encryption above and beyond that offered on most websites. It’s their business to keep you safe online, many of them are good at it.

·         Every few months, change your password – This is a good practice to have no matter what, since so many of our transactions happen online. There are a number of excellent password managers out there that help you generate cryptographically strong passwords, and store them for you so you don’t need to remember them. Change them regularly, and for goodness sake, don’t use the same password for multiple sites!

Thursday, May 8, 2014

Is Google Chrome's "Incognito Mode" Really Secure?

The most used browser in the world is Google Chrome, with StatCounter indicating that nearly half of all desktop internet users are Chromeites. Chrome’s “Incognito” feature has proven extremely popular, and remains a large reason why the browser has secured such a large following in Russia, Europe, the Americas, Australia, and many other regions around the globe.

But What Is “Incognito”, How Anonymous is it?

Without your browsing history being recorded within Chrome, users can visit sites across the internet when in the “Incognito” browsing mode. All of your browsing history is instantly deleted when you launch an Incognito browsing session. Also, any cookies created during the session are deleted when the Incognito window is closed.

Many people believe this is a safer way to use the worldwide web, because it doesn't allow them to be tracked online. This is only partially true, because Incognito does not actually make your internet experience more secure or safe, from prying external eyes (such as your employer or marketers). Incognito is a good way to make sure others who use your device or computer are not able to see what websites you have been visiting, and that's about it.

Routers, websites you visit, and your ISP can, and do log where you have been spending your internet time.

What Can You Do To Make Your Browsing Secure?

Using a VPN, or virtual private network, is by far the best and easiest way to ensure your browsing is secure and your data kept private. Good VPNs use high powered encryption to send your information and communications over the Internet at the source, making sure absolutely everything you do online is safe and anonymous. Outside sources simply will not be able to log your web browsing, IP address, your download history, or any other information about you.

In addition, good VPNs give you an array of different region IP's to choose from, making it appear as though you are using the internet in a different country, even on the other side of the globe. One of the benefits of  appearing to access the internet from a different country is that you will also be able to visit country specific content. For example, Netflix and Hulu only offer services in certain countries, and even then, they alter what is available for specific countries. With a VPN you can get all the content you want, and browse the web freely without worrying.