Wednesday’s report from TechCrunch of an “exposed server” that “contained more than 419 million records over several databases on users across geographies, including 133 million records on U.S.-based Facebook users, 18 million records of users in the U.K., and another with more than 50 million records on users in Vietnam.”
Take a company like Facebook. They leave millions of passwords in plain text, they created the news feed where dictators use the various Facebook products (Instagram, FB, Whatsapp) to spread fake propaganda, they violate our privacy repeatedly (even those of us who don’t use it, but are connected to people who do) and hijack our attention.
What would turn them around when their very business model is based on driving engagement, taking attention and stealing time?
In the book Skin In The Game – Nassim Nicholas Taleb, argues that in most cases taking a company like Facebook to court and punishing them or the threat of a massive law suite is the best route to have Facebook change their behavior. Hence it makes sense that FB founder MZ asked congress to regulate them. Once they are regulated, FB knows how to play the game of paying for lobbyist and contributing to political campaigns to get around or stay at the edge of regulation.
He argues in the book that “If you harm me, I can sue you” has worked really well in cases of pollution for example.
While many of us might have immediate negative reactions to law suites, forcing FB and it’s employees to have skin in the game, ultimately gives them a framework and the right incentives to do the right thing.
I also deleted Facebook, stop using any apps that are personalized infinite scroll apps, but did not add tracker blocker. It is interesting to see this person actually bought less online as a result of not getting personalized ads.
I Deleted Facebook Last Year. Here’s What Changed (and What Didn’t). https://nyti.ms/2YdvvKk
(The photo is of my sister and I in China 1975)
I was listening to Leo Laporte’s Tech Guy podcast and he was commenting on the FBI vs Apple case about unlocking an iPhone used by the the shooters.
He was pointing out the following misconceptions in the popular press. Inspired by his comments about all the privacy fallacies, I wanted to point out what you need to do in order to have true privacy.
If you have iCloud turned on, where it syncs your email, photos, text messages, Apple will hand over the information to the FBI, much like the phone company will turn over phone right records. The shooter’s phone had a 1 month old backup to iCloud.
turn off iCloud
Apple and Microsoft have a backdoor to your phone if you have auto update turned on. The auto update can completely replace the software and security on your phone.
turn off auto update
Everyone has a GPS, camera, phone with cell signals in their pocket with all their emails and documents synced. The government can track anyone who has a cell phone.
turn off GPS, cover the camera with tape, turn off cell. Buy a disposable phone with cash
The 4 digit code to unlock your phone is not secure, but it is very convenient.
change it to 16 digits
Fingerprint readers are also not that hard for FBI to hack.
turn off finger print reader
If you use Gmail, Yahoo, Outlook, Box, Dropbox, Evernote, even if your data is encrypted, they have private keys that can unlock your data and the FBI can force them to unlock. When you send an email, the receiver has your email content.
do not use hosted email. do not send any emails to anyone
If you use Google Maps, it knows where you go, how long you stay in one place, and it is able to know if you are in a restaurant, any local businesses and can guess where your home and work place is based on hour of day.
delete Google Maps, turn off GPS
Now you have a more secure phone, that does nothing and impossible to use :) But you are more secure and you have more privacy.
Do you have the same password for multiple online accounts? Imagine the worst case senario that can happen if any of your accounts were hacked. These types of accounts are a nightmare if they were hacked: your email, Apple account, bank account, LinkedIn, Facebook, twitter.
You could be publicly embarrassed, financially compromised or worst, compromise your online connections.
Here are a few simple steps to do before 2016 comes around
- Turn on 2 factor authentication. This will use another form of verification besides passwords. Most common is an phone number or a one time pass code generator that has an expiration time.
- Use a password generator like LastPass or KeePassX to create a non-human readable password for every account. This way even if your password was compromised on a site like Target.com, no other account is compromised
- Take a look a your online connections like LinkedIn, Facebook, remove connection who you don’t trust or do not know. It’s good to clean up your social connections. For example: with LinkedIn, all your 1st connections can see your email address.
- Create another email account for your social accounts or any account that exposes your email address to search engines or your social connections. This way even if your social connections were hacked, your email and contact information will not be exposed
- Create a Google Voice number and linked that to your phone number. Always give out your Google Voice number and never your real phone number. This will allow you to easily block anyone who gets your phone number by unknown means.
That’s it, taking these steps will allow you to be more educated about online privacy and security. And you will have better chance to withstand the oncoming cyber security hacks in 2016 and beyond. The hackers out there will leave you alone because there are other people who are much more easily hackable.