PRIVACY AND SECURITY IN THE COVID-19 TIMES – PART 2

This is the second part of a post I shared recently regarding best practices to help us with your online privacy and security.

Email

Be aware that when you use an email account from GMail, Yahoo Mail, Hotmail, etc you are compromising your privacy. These companies give you a free email account, but in exchange they have access to all your emails. They use the content of people’s email to learn more about people’s behavior and improve their advertisement tools. In addition the emails you sent are not getting encrypted, so a malicious agent can also gain access to them.

The alternative would be to use an email account from a provider like ProtonMail which not only protects and respects your privacy but offers very high security standards with end-to-end encryption. Another alternative is to register your own domain and manage your own email service, but that is more costly and time consuming.

Read more…
Gmail’s privacy problem and why it matters
New Warning Reveals Gmail’s Major Privacy Problem

Text Messages

Similar to email, different text message providers like Facebook Messenger or WhatsApp, do not offer the highest possible security features. For example even though WhatsApp encrypts the content of a message, it does not encrypt the sender, receiver, date, location, etc information.

The best alternative for private and secure text messaging is Signal. This is a non-profit organization that created a text messaging system that prioritizes privacy and security. It is the de-facto text messaging application for reporters dealing with sensitive information.

Apple’s Messages are also encrypted and secure, but you can only use this service if both sender and recipient own Apple devices which is very limiting.

Read more…
https://freedom.press/news/sharing-sensitive-leaks-press/
Why everyone should be using Signal instead of WhatsApp

VPN

Every time you visit a page on the web your IP address is shared with the page you are visiting. This compromises your privacy because your internet provider knows what IP address has assigned to each customer at any given time. And if the website your are visiting does not use a secure connection (https) all the traffic between you and the website could be seen by a malicious agent.

A very simple solution to protect your privacy and security while browsing the web is to use a reputable VPN service like ProtonVPN. Be careful because there are VPN services out there that will track you and sell your data to advertisement companies. The VPN connection will encrypt all the traffic end-to-end so a malicious agent would no longer be able to intercept it, and it masks your IP address so websites can no longer track you.

Web Browser

Continuing on the previous thread about browsing the web securely and privately keep in mind that even if you are using a VPN service websites can still track you through other means, like the use of cookies. For that specific case you can use your browser’s incognito mode.

In addition, be mindful of who makes the browser you are using:

  • Are you using Chrome, a browser from an advertisement company that loves to track everything you do? Then give yourself an F
  • Or are you using Firefox, a browser from a non-profit open source community that does a good job protecting your privacy and security? Now you can give yourself a B
  • Or are you using Brave, a browser built with privacy, security and advertisement blocking at its core? Brave even includes the ability to start a browsing session with Tor enabled which offers the highest level of privacy by using a technique named Onion routing. Congrats you get A+!

Read more…
Goodbye, Chrome: Google’s Web browser has become spy software

Privacy and security in the covid-19 times

With everyone staying home the use of online platforms for communication has increased and with that the inherent problems that some platforms have when it comes to protecting security and privacy increases too. So why not use this opportunity to share some best practices I follow in order to keep myself and those I communicate with safer? I have to disclaim that even though I’m a software engineer with many years of experience, I am not a security/privacy expert. However I think I can still share useful information, so here it goes.

What is the difference between privacy and security

Privacy and security are related. Privacy relates to any rights you have to control your personal information and how it’s used. Think about those privacy policies you’re asked to read and agree to when you download new smartphone apps. Security, on the other hand, refers to how your personal information is protected. Your data — different details about you — may live in a lot of places. That can challenge both your privacy and your security.

https://us.norton.com/internetsecurity-privacy-privacy-vs-security-whats-the-difference.html

Email

When communicating over email always be mindful of the To/Cc and Bcc fields. If your email is going to small group of friends and they all know each other, using To or Cc is appropriate. But if you are communicating to a group and not everyone knows each other, respect everyone’s privacy by using the Bcc field.

When responding to an email that contains multiple people think very careful when to use the Reply All function. Does everyone really need to know that you think a joke someone sent was funny? Maybe just reply to the original sender.

Read more…
https://blog.boomerangapp.com/2013/07/email-etiquette-how-to-use-bcc/
https://www.huffpost.com/entry/reply-all-email-etiquette_n_1232315

Passwords

If you can remember your passwords, then your passwords are terrible! Good passwords are the ones that are almost impossible to remember. So the idea is to use a Password Manager: this is an application you can install on your computer and smartphone where you can store all your passwords, so you don’t have to remember them. You will need to remember only 1 password: the one you use in order to access the Password Manager.

Password Managers make it very easy to use a different password for each application/website. That way if one password is compromised, the rest of your passwords are safe.

Read more…
https://www.popularmechanics.com/technology/security/a26629/use-password-manager/
https://keepass.info/index.html

Video conferencing

Lots of people have been doing video conferencing lately and one application that has become popular is Zoom. Unfortunately this app has multiple (link, link, link) security and privacy problems.

Instead I highly recommend people use FaceTime when everyone in the call have an Apple device. When that is not possible use open source alternative Jitsi or Google Hangouts.

Social media

Be mindful of what you share on social media. Do you really need to post your date of birth, phone number or home address on facebook?

When posting pictures that include others, be mindful of their privacy: Maybe ask your friends if it is ok to tag them before you do.

Consider disabling location services for some social media apps. Do you really want facebook app to know all the places you go to during the day?

Do not connect your social media information: I don’t mind to have silly pictures of me on facebook. I’m ok having my work information posted on LinkedIn. But I don’t want a work contact on LinkedIn to easily find those silly pictures on my facebook profile. Be in control of what you share on each social media platform and avoid interconnecting them.

Logging on a new website


Many websites/apps require you to sign up before you can use their services. When this happens always prefer using the email sign up option and avoid using the Facebook Signup/Google Signup option. Even though the FB/Google Signup is convenient, when you use it the website/app automatically gets access to some of your personal information, while signing up with email just gives them that: your email address.

Read more…
https://www.cbsnews.com/news/what-are-you-sharing-when-you-sign-in-with-facebook-or-google/

Screenshots


When taking screenshots on your computer or smartphone to post them on social media or share them elsewhere, always be mindful of what will show up on the screen shot. You can always crop the screenshot to remove areas of your screen that don’t need to be shared. And you should also blur or remove other parts that might expose aspects of your (or others) privacy.

Sharing links

Websites use a technique called tracking in order to tell how a visitor landed on their page. So for example when a website looks at a weekly report, they might see that 90% of their page viewers came from a shared link on facebook, and only 10% came from a Google Ad click. This helps websites make marketing decisions because they can analyze traffic trends. When this happens your browser will show something like this on the address bar:
https://www.takeouttracker.com/?fbclid=MMcSd116IwAR3StPd0TvvBd0F9iXMMcSdftt9ftt9ftt9XMMcSd11
The website address is only the first part. Everything after the ‘?’ (shown in blue) is the facebook tracking stuff. If you want to share this website with a friend over email or SMS make sure you delete everything after the ‘?’, and confirm that the website still loads correctly without it on a new browser window. This protects your own privacy because that long code after the ‘?’ has information that points back at you. It also makes the links look much cleaner.

Bonus topic: Sharing someone else’s work

This topic has nothing to do with privacy or security but I decided to add it here too, because I think it is important to create awareness on this problem: When sharing something on social media always try to share it from the original source. Many times an artist will produce a song/cartoon/drawing/etc and if you visit his website/youtube channel the artist can make some money because of advertisement. But if you share it from a different source, not only the artist no longer receives anything, but you are giving the benefit to the other person that copied and reposted the art. If you receive something and you don’t know who the author is, try a quick search and see if you can find the original author and share that instead. There is always the extra benefit that the original art will always be higher quality/resolution than the copy one.

Here are two images: one was stolen by a stupid Cliparts website and they even have the nerve to ask for attribution.

And then you have the original image full size and resolution from the wonderful The Oatmeal.

brewery plans update

This is a less verbose English version update of my brewery plans that partially repeats some of the information posted here.

2001

– Graduated from Computer Science degree in Medellín, Colombia and moved to Austin, Texas to work for National Instruments.

2014

– Unhappy with role and salary at National Instruments began the process of looking for a new job, but in the process I discover that software development no longer excites me. Instead (and out of nowhere) one night I decide that I want to start a Brewery in Austin.
– Buy my first kit for home brewing beer.
Continue reading brewery plans update

Programming Interview Tips

Behavioral Questions
Think about good examples you can describe from school (or internship) projects that were successful, in which you played an important role. Think about projects that went wrong initially and how the situation was corrected. What did you learn from the situation? what would you do different next time? think about a difficult bug you had to solve and how you approached the solution. Think about the different programming languages and which ones you like best and why. Always be very honest in your answers, since the interviewer can easily spot when you are making up stuff. Do not come across as the “perfect programmer”. Show that you have made some mistakes and have learn from them. Show that you have good communication skills, good team work skills, that you are a rapid learner, that you go the extra mile…
Continue reading Programming Interview Tips

City of Austin improvements

Lamar and 183
Going north on Lamar and when getting close to 183 only the right-most lane is for cars going on 183. This causes a long line of cars (which capmetro makes this worse because they have buses stopping in the right-most lane too) while the other two lanes flow fine and don’t have as much traffic. Many cars don’t form in line and instead stay on the middle lane and cut to the right most lane at the very end in order to take 183. My suggestion is to make the middle lane also for cars going on 183 since it is already getting used that way. This improvement does not require changes other than redrawing the lanes on the street and adding a sign indicating how it needs to be used and I think it will considerably improve the traffic flow.

183 southbound and traffic merging in after Burnet Rd.
There is a bottleneck on 183 south bound (past Burnet Rd) right-most lane and the traffic trying to merge into 183. Basically at that point 183 makes a turn, so traffic on 183 do not realize that there is traffic merging into the highway (the arc prevents you from seeing this until it is too late). This causes traffic to almost halt to a full stop in that merging point. If 183 drivers knew that there was incoming traffic merging they would try to switch to the center or left-most lanes, allowing incoming traffic to merge easily on the right-most lane.

Barrel Assembly

Corría el año 2014 y luego de trabajar por 13 años en National Instruments estaba listo para probar nuevos rumbos. Comencé a mirar oportunidades de trabajo disponibles y la verdad ninguna parecía llenar mis expectativas. Sin embargo me animé a una entrevista con Roku en Austin. No me fue bien y ahí me dí cuenta que hay que prepararse muy bien para presentar una entrevista técnica. Por esa época me contactó Sameer un reclutador que me ayudó a organizar mejor mi hoja de vida, me recomendó unos buenos libros para preparar las entrevistas técnicas y me comenzó a conseguir oportunidades laborales.

Durante este proceso la noche del 8 de Agosto de 2014, mientras estaba en cama tratando de dormir vino a mi mente algo parecido a una epifanía: el desarrollo de software ya no es lo que me apasiona. Tengo que descubrir una nueva pasión. Y de la nada se me ocurrió: voy a montar una cervecería.

Con nula experiencia en el mundo de la cerveza, decidí que el primer paso era comprar un kit para hacer cerveza casera y aproximarme a ese mundo con el hobby de hacer cerveza casera. Decidí que lo iba a hacer por al menos un año para estar más convencido de que la cerveza era mi nueva pasión.

Después de presentar varias entrevistas infructuosas con diferentes compañías tuve la oportunidad de entrevistar con Visa, y me ofrecieron trabajo. Así que en Junio de 2015 renuncié a National Instruments y luego de un provechoso viaje de aprendizaje cervecero por Alemania, Bélgica y República Checa durante Junio y Julio, comencé a trabajar para Visa en Agosto 2015.

En Diciembre 2016 viajé a Medellín a visitar a mi familia y fue allí cuando decidí que ya estaba preparado para comenzar mi negocio cervecero. Con dos años y medio de experiencia haciendo cerveza casera, de participar en diferentes clubes cerveceros, de enviar cervezas a competencias y colaborar como juez, tomé la decisión de renunciar a mi trabajo en Visa y dedicarme a crear mi nueva empresa.

Es así como el 23 de Enero de 2017 comienzo a crear mi propia empresa y nace Barrel Assembly.

Barrel Assembly Logo
Barrel Assembly Logo

El día que Colombia le dijo NO a una paz regularcita

Imaginen una persona de de 47 años que luego de haber aplicado fallidamente a la universidad varias veces en su vida, por fin la aceptan en el 2011. Por cinco años se quiebra el coco y estudia juiciosa y trata de sacar las mejores notas, pero pues no siempre le va bien en los exámenes. Hay algunas materias que pasa raspando, pero en la mayoría le va bien. Al final de los 5 años y después de muchas horas de estudio y sacrificio, la persona que ya tiene 52 años de vida, está lista para graduarse. Sabe que gracias al grado que está punto de obtener, va a poder recibir el ascenso en el trabajo que le va permitir mejorar las condiciones de vida suyas y de su familia. El futuro pinta muy promisorio. Incluso un primo suyo que vive en Washington le dijo que si se graduaba, le mandaba una platica de ayuda.

Sin embargo un vecino suyo, considera que haber pasado unas materias raspando es vergonzoso y convence a la universidad de que no le den el grado y en cambio lo obliguen a repetir todas las materias donde no le fue muy bien, con el fin de mejorar el promedio. Lo más irónico es que el vecino nunca fue a la universidad: aplicó una vez con desgano pero la verdad nunca tuvo intensiones reales de estudiar. Sin embargo asegura que él hubiera sacado mejores calificaciones.

Ahora solo queda la incertidumbre de cuándo podrá graduarse. Un año más? Cinco? Otros 52? Si será posible mejorar las notas en Física III: Electricidad y Magnetismo? esa vaina es muy brava! Quién le va a ayudar con su familia en estos años extras de volverse a sentar en la mesa a estudiar? Y que pasa si al final la universidad decide no darle el cartón nunca?

Colombia estuvo a punto de graduarse en la paz, pero 18% del país decidió que era preferible volver a clase y mejorar las notas, porque nos íbamos a graduar con un promedio regularcito. Plop.

My thoughts on ride sharing companies and the city of Austin

– Uber is a company trying to maximize profit. They don’t give a damn about riders or drivers. If they cared they wouldn’t leave Austin.
– Uber is heavily investing in self-driven cars technology. They really don’t want to deal with drivers, but right now don’t have another option.
– Their model is to arrive to a city with transportation problems and operate illegally. Yep, the same reason I cannot go around selling my home brew beer, people should not go and give unregulated rides. Yes it is not drugs-selling-illegal but it is not legal none the less.
– The city then has to react to the situation once Uber is already operating (as opposed to be able to plan accordingly) and tries to set a fair play field for these companies and the existing transportation systems.
– Specifically the city of Austin came with a plan that was neither perfect, but wasn’t either unattainable for Uber and Lyft to simply skip town.
– Uber and Lyft attempted to change the plan in their favor by spending 8 million dollars on an aggressive and heavily miss informative campaign that backfired.
– Exploitation doesn’t just mean a sweat shop full of 13 year olds in some 3rd world country. Exploitation happens when you don’t get proper compensation and benefits (health insurance, retirement plan, payed vacation, parental leave, …)
– Many people don’t have an option but to work for these companies. Yes they work for these companies voluntarily but that does not mean they don’t deserve a more fair work environment.
– I rarely used ride sharing neither I was an uber driver trying to make ends meet, so I’m aware that it is easier for me to go on without them. However this also gives me a more objective perspective, because I have no pains or gains in the matter.

Felices Fiestas 2015-2016

Por el trajín de la temporada decembrina no pudimos hacer nuestro tradicional mensaje festivo hace un par de semanas, sin embargo aunque ya un poco tarde, queremos desearle a todos nuestros queridos lectores unas felices fiestas para 2015 y un maravilloso 2016 lleno de felicidad, alegría y macarena.

Para esto los dejamos con nuestro L. Ron Hubbard feo padre y fundador de la Dianética y la Cienciología.

Ugly L. Ron Hubbard
Ugly L. Ron Hubbard

Daniel Jaramillo's personal blog