(Click Any Image for Information About That Item)
Saturday, July 14, 2018
Cryptee
Cryptee is a cross-platform, zero-knowledge, client-side AES256 encrypted, Documents and Photos application/service. It's meant as a secure and private alternative for Evernote/Bearnote & Google / Amazon Photos.
Your data is for your eyes only. Your documents, notes, photos, and files are all encrypted using AES-256 before leaving your devices.
Anonymous Registry - All you need is a username. We do not require you to provide any personal identifiers, like an email address or phone number, to create an account with us.
Protect your data from unfriendly eyes with our unique Ghost Folders feature. Even if someone asks you to log in to your account in front of them, your most sensitive files will remain hidden. Plus, we don't require you to download any apps, so nobody will know you use Cryptee by looking at your app download history.
We are based in Estonia, named "the most advanced digital society in the world" by Wired, and a country where the government runs on blockchain. Because Estonia is outside of the 14-eyes countries, we have greater protection from mass surveillance and corporate espionage.
--
Cryptee is a new service, but one that I think has a lot of potential. The initial free account only provides 100MB of storage, but that is enough to check out the service and see if it meets your data storage needs.
I note also that 100MB is more than enough to exchange messages with someone using a shared password (foldering).
The Cost of Spending Cash
In December 2017, I recommended using cash for most face-to-face purchases as a way to maintain your personal privacy. I stand by that recommendation, and also recommend that you keep your non-investment savings in cash (not in a bank). Some readers have asked whether this privacy advice would cause them to lose out on interest income that they would otherwise earn by keeping their money in a bank.
According to Smart Asset, the median savings account balance, in the United States, is $5,200. The average, or mean balance is $33,766.49, but households with high incomes seriously skew the numbers when you calculate the mean.
The FDIC calculates the national average interest rate for deposits (i.e. savings accounts) as a simple average of rates paid by U.S. depository institutions. On June 4, 2018 the national average interest rate for savings accounts was 0.08%. Looking through advertised savings account interest rates in my state, requiring a minimum deposit of $5000 or less, the best interest rate I found was 0.60%.
So, lets say that you kept $5,200 in cash at home, rather than putting it in a savings account at your local bank, and let's assume that you can get a 0.60% interest rate if you deposit that money into a savings account at your bank.
At the end of the year, your $5,200 deposit would have grown to $5,231.29. So, the direct cost of not keeping your money in a savings account is $31.29 per year, or about $2.61 per month.
Is protecting your personal privacy worth $2.61 per month?
There is another advantage to spending cash. Studies show that when people make purchases with cash, as opposed to using credit cards, they tend to spend less. And, of course there is no monthly interest rate assessed on cash purchases, unlike 10% - 25% rate you will pay if you carry a monthly balance on your credit card.
Now, you probably can't completely avoid having a bank account. Most employers want to directly deposit your pay. For some things, making electronic payments makes sense. Re-occurring monthly bills may be paid directly from your account. However, after these payments are made you may want to withdraw the remainder of your pay in cash.
With cash in hand, it is easier to budget your spending for the month and when spending cash you greatly enhance your personal privacy by not creating a record of your purchases that can be tracked by your bank or credit card company.
--
Friday, July 13, 2018
Free Online Data Removal Workbook (Michael Bazzell)
Michael Bazzell, a leading privacy and security expert, has made available a Free Online Data Removal Workbook to help you remove your personal information from people search / locator databases.
Doxing is a threat faced by people in public positions, and by people who may express unpopular opinions in a public forum. I have discussed doxing in the blog previously, and strongly recommend opting out of on-line locator databases whenever possible. Michael Bazzell's workbook is a guide that will help you do that.
In addition to removing your information from these on-line databases, there are several other things that you can do to improve your personal privacy and security. I recommend Michael Bazzell's books as in-depth guides for anyone interested in learning more about how to protect themselves from Big Brother, big business, and the never-ending stream of privacy threats we face everyday.
--
Most Complaints About King County Deputies Didn't Result in Any Discipline
According to a report on KUOW (July 10, 2018) "Most complaints about King County, [WA] deputies didn't result in any discipline."
A report was released through King County's Office of Law Enforcement Oversight found that members of the public lodged nearly 700 complaints against King County officers in 2016. But because of the way complaints are handled by the Sheriff’s Office, only 33 percent of them actually stood any chance of resulting in discipline. As for the other 467 complaints? They were stamped “not really about misconduct” or “minor misconduct handled by the supervisor.” Nevertheless, analysis of the discarded complaints showed serious allegations among them, including sexual assault and violation of authority.
--
Although the KUOW article implies that citizen's complaints are being ignored, there is another way of looking at the report, and that is that two-thirds of the complaints filed against King County deputies are “not really about misconduct” or “minor misconduct handled by the supervisor.”
This doesn't mean that there aren't problems within the King County Sheriff's Office, or within other departments in King County - earlier this month we saw Seattle Cops Flee the Force in 'Mass Exodus' Because of Politics. But, I would suggest that the majority of complaints about King County deputies are very likely minor incidents that can and should be handled at the supervisor level.
One of the most destructive things a department can do is to let investigations of misconduct drag on for months. This type of "witch hunt" can totally destroy morale within a department, creating a hostile environment where deputies and officers are afraid to do their jobs for fear of being subjected to unjust and unwarranted investigations.
Thursday, July 12, 2018
The Irvine Company Invading the Privacy of its Customers with ALPR
According to the EFF (July 10, 2018) the Irvine Company - a real estate company that operates malls and mini-malls in Irvine, La Jolla, Newport Beach, Redwood City, San Jose, Santa Clara and Sunnyvale, CA - has been conducting automated license plate reader (ALPR) surveillance since just before Christmas 2016, and providing sensitive information collected to Vigilant Solutions, a surveillance technology vendor that in turn sells location data to Immigrations & Customs Enforcement (ICE).
But ICE isn’t the only agency accessing the data. Vigilant Solutions shares data with as many as 1,000 law enforcement agencies nationwide. Through its sister company, Digital Recognition Network, Vigilant Solutions also sells ALPR data to financial lenders, insurance companies, and debt collectors.
Automated license plate recognition is a form of mass surveillance in which cameras capture images of license plates, convert the plate into plaintext characters, and append a time, date, and GPS location. This data is usually fed into a database, allowing the operator to search for a particular vehicle’s travel patterns or identify visitors to a particular location. By adding certain vehicles to a “hot list,” an ALPR operator can receive near-real time alerts on a person’s whereabouts.
--
Recording the license plate data of its customers and then selling that data to companies like Vigilant Solutions and Digital Recognition Network creates a substantial privacy risk for anyone shopping at the malls owned and operated by the Irvine Company.
I would feel highly uncomfortable knowing that my location data was being tracked and sold by the Irving Company anytime I visited one of their malls.
Why Do We Care So Much About Privacy?
Big Tech wants to exploit our personal data, and the government wants to keep tabs on us. But “privacy” isn’t what’s really at stake.
“The right of privacy,” wrote Justice Douglas, “is a powerful deterrent to any one who would control men’s minds.” Douglas did not coin the phrase “the right to be let alone.” It appears in one of the most famous law-review articles ever written, “The Right to Privacy,” by Samuel Warren and Louis Brandeis, published in the Harvard Law Review in 1890.
This article in The New Yorker provides an overview of our right to privacy, and what's really at stake when our privacy rights are infringed.
--
There are Nazis in our Neighborhood (Tacoma)
A July 11, 2018 article on KOMO4 News reported that "a new billboard in Tacoma is drawing a lot of attention along Pacific Avenue and 72nd Street. The billboard says, “There are Nazis in our neighborhood.” The message on the billboard was put up by a neighborhood group “Tacoma Against Nazis” after flyers were found in the area "urging people to, "Keep America American" and report undocumented immigrants to ICE."
Tacoma Police are aware of the concerns of the “Tacoma Against Nazis” group, but reported that "no crimes have been committed and hate crimes have not been rising in the city."
--
The flyers urging Tacoma residents to report undocumented workers to ICE are perhaps the result of backlash and opposition to protests in Tacoma calling for ICE to be abolished. And, the billboard warning of Nazis in Tacoma is opposition to the flyers calling for Tacoma residents to report undocumented immigrants to ICE. And so the circle of protest and counter protest continues.
Washington state has a strong history of political protests against government actions. NWDC Resistance actions are very similar to the political protests by the Port Militarization Resistance (PMR) that opposed the Army's use of area ports a few years ago.
While these protests are political in nature, and generally peaceful, when opposing groups come together there is an increased chance of violence; and groups opposing government activity may target government personnel with harassment and doxxing.
Government Will Allow Defense Distributed to Distribute Gun-Making Software
The Justice Department has reached a settlement with the Second Amendment Foundation and Defense Distributed, a collective that organizes, promotes, and distributes technologies to help home gun-makers. Under the agreement, which resolved a suit filed by the two groups in 2015, Americans may "access, discuss, use, reproduce or otherwise benefit from the technical data" that the government had previously ordered Defense Distributed to cease distributing.
The government will pay more than $39,000 of the plaintiffs' legal and administrative fees. (Reason, July 10, 2018)
Wednesday, July 11, 2018
The Best Really Free VPN Services for 2018 (A Reader's Recommendation)
VPNs are one of the best options for protecting your privacy, encrypting your data, and changing your geolocation. But as with many things, you get what you pay for.
A reader of my Chesbro-on-Security blog, sent me an e-mail today recommending a great article "Top 6 (REALLY FREE) VPN Services 2018", from VPN Mentor. I love to receive feedback from readers of my blog, and I always seem to learn something new from your comments and suggestions. I would like to share this article on the blog today to give my readers additional options for staying safe on-line.
The article discusses 6 VPN services that gives you the best service for free:
1. TunnelBear
2. Hide.me
3. Windscribe
4. GooseVPN
5. ProtonVPN
6. OperaVPN
I recommend that you use a VPN to protect your privacy when on-line. Use the free VPNs above to understand how a VPN works, what it can do, and what its limitations might be. If you find that a VPN meets your personal data privacy and security needs, consider upgrading to a paid service to get faster connection speeds and additional options.
And thanks again to Tina for recommending this article.
--
Watch Your Hack
Watch Your Hack explains how to protect yourself from hackers, in layman’s terms. Watch Your Hack doesn’t guarantee complete and total safety. Such a thing doesn’t exist on the internet. You can, however, make life as difficult as possible for hackers and viruses by using tips from this site.
There aren't any surprises on the Watch Your Hack site, just good easy to understand security advice. If you have read my blog for a while you should be familiar with most everything on Watch Your Hack, but I was also pleasantly surprised to find a couple of new resources of which I was previously unaware.
Take some time to read Watch Your Hack, and adopt those security techniques that meet your needs.
--
Pardons for Ranchers Who Sparked the Takeover of the Malheur Wildlife Refuge
President Donald Trump pardoned Dwight and Steven Hammond Tuesday [July 10, 2018]. The two Oregon ranchers whose prison sentences sparked the armed takeover of the Malheur National Wildlife Refuge [located roughly 30 miles south of the city of Burns in Oregon's Harney Basin].
The mandatory-minimum sentence for the charge of arson brought against the ranchers was five years in prison. But, a federal judge went against the guidelines and delivered them a much lighter sentence. Dwight was sentenced to three months and Steven was sentenced to a year in prison, with three years of post-prison supervision each. Prosecutors appealed their punishment and won. The Hammonds were re-sentenced to five years in federal prison in 2016.
In an official release about the pardon, The White House says the Hammons were imprisoned for a fire "that leaked onto a small portion of neighboring public grazing land." The White House said, "Justice is overdue for Dwight and Steven Hammond, both of whom are entirely deserving of these Grants of Executive Clemency." (KOMO 4 News, July 10, 2018)
--
The trial judge imposed a light sentence in the original case, realizing that perhaps the arson that the Hammonds had been accused of was an accident or that there were other mitigating circumstances. The government's appeal of that sentence to force a mandatory-minimum of five years in prison caused many question the government's motives and intent in this case.
Tuesday, July 10, 2018
Your TV Is Watching YOU
The Seattle Times (June 18, 2018) reported: "Your TV is watching you. Often, default settings (or screens you likely clicked “agree” to during setup) allow smart TVs, streaming boxes and cable services to track significant amounts of personal information. They know what you’re watching and what apps you use. In 2017, TV maker Vizio even had to pay millions to settle complaints from the Federal Trade Commission and the state of New Jersey for collecting this kind of data with users’ knowledge.
— Recent smart TVs from Samsung, the best-selling brand, track how you use your TV to target ads that Samsung inserts on menu screens.
During setup, the TV encourages you to agree to a bunch of terms of and conditions that include permission for “Interest-based advertisements.” You can say no them, but if you didn’t realize what was going on – or now you’re just not sure – you’ll have to dig into your TV’s settings to stop the tracking."
--
This is just one small piece of a Settle Times series "Hands Off My Data" that provides guidance and recommendations on how to adjust settings on your various devices and accounts to help protect your privacy.
While we are all no doubt aware of potential privacy risks associated with on-line accounts, as more and more things become connected to the Internet we must not overlook the fact that they can be collecting information about us too.
--
Judge Orders Puyallup, WA to Pay $131,064 in Public Records Case
The Tacoma News Tribune (June 28, 2018) reported that Pierce County Superior Court Judge Stan Rumbaugh ordered the city of Puyallup, WA to pay $131,064 in penalties for nondisclosure of emails that were related to public business and stored on a private website maintained by Councilmember Steve Vermillion.
The judge’s ruling followed more than four years of litigation and appeals. The city fell short at every turn, including an ill-fated appeal to the U.S. Supreme Court, rejected in fall 2017. In that span, the city spent $154,521 on outside attorneys, including $124,974. Combined with the penalties ordered by Rumbaugh, the total cost of the case exceeds $285,000.
Thus far, no court has sided with the City of Puyallup in its efforts to seek constitutional protections for the retention of emails sent by former Councilmember Steve Vermillion.
Rumbaugh’s ruling adds another complicating factor in the case. He held that the city and Vermillion were both liable for the penalties, creating a theoretical personal debt for Vermillion. While the city could pay the former councilman’s costs through a standard procedure known as indemnification, Beck and Ramerman argued in court that the unusual liability order violated legal precedent — a topic that could become fodder in appeal arguments.
--
Puyallup isn't the only recent case of courts issuing fines against government agencies / cities for failure to disclose records in accordance with Freedom of Information Act / public records laws. We also saw that a Judge Ordered Tacoma to Pay $297,000 for (FOIA) Records Violations at the end of June 2018.
If you are a government employee, keep in mind that all of your official correspondence (letters, e-mail, text messages, etc.) may be subject to release as part of a public records request.
It is inappropriate, and probably illegal, for you to keep secret, hidden files on government computer networks, and/or to conduct government business on personal servers.
Failure to release government records, or extensive delays in releasing those records, can result in judgments costing a government agency hundreds of thousands of dollars in attorney's fees and fines.
Wrap Your Key Fob in Foil to Protect Against Thieves ?
A story in USA Today (July 8, 2018) suggests that you should store your automobile key-fob in a aluminum can at night, and wrap it in aluminum foil while you carry it around during the day. The idea being that this will prevent thieves from cloning your key fob and driving off with your vehicle.
While it is theoretically possible for someone with the right technology to copy the code from a key fob and use it to access a vehicle; this theoretical attack requires detailed knowledge of the system implementation and a combination of data, skills, and equipment which is seldom feasible for the average car thief. A thief would not only have to capture your key fob code, but would then be required to spend time processing data to replicate your key fob and produce the correct entry code in order to steal your vehicle.
Warnings about thieves capturing or manipulating vehicle keyless entry systems have been around for years (since at least 2008), and are far more hype than fact. Yes, the attack is possible, but it is also unlikely. The average person has little to worry about when it comes to thieves cloning their key fob and stealing their car.
Still, if this is a concern for you, I believe that you will be far better served with a Faraday bag specifically designed to block signals, than trusting your security to a tin can and a sheet of aluminum foil.
--
Monday, July 9, 2018
Seattle to Fine Owners of Unlocked Guns
SEATTLE - A new city ordinance that would assess fines of up to $10,000 against gun owners who do not safely store their firearms has passed a vote by the Seattle City Council. It now awaits Mayor Jenny Durkan's signature. Under the ordinance, a gun owner could be fined up to $500 for failure to store a firearm in a locked container or to render it unusable to anyone but the owner. The fine would increase to $1,000 if a minor or prohibited person gets their hands on an unsecured weapon, and up to $10,000 if a minor or prohibited person uses an unsecured firearm to cause injury, death or commit a crime. (KOMO 4 News, July 9, 2018)
According to this article if you have a firearm in your home that is not stored in a locked container you will be fined by the city. Will Seattle PD be conducting door-to-door checks? If a criminal breaks into your home and steals your firearm, you will now be fined up to $10,000 for the actions of the criminal. What is a locked container? A gun safe, of course, but what about a locked closet? A locked room? Do those cheap cable locks that come with many guns render them unusable?
This is bad law, and a slippery slope that will invade the privacy of private homes.
--
Know Your Gun Rights
Many people choose to keep and bear (own and carry) arms for their personal security. In the United States this right is enumerated in the 2nd Amendment to the Constitution.
“According to U.S. Bureau of Justice Statistics data, having a gun and being able to use it in a defensive situation is the most effective means of avoiding injury (more so even than offering no resistance) and thwarting completion of a robbery or assault. In general, resisting violent crime is far more likely to help than to hurt, and this is especially true if your attacker attempts to take you hostage, such as sometimes happens in a carjacking situation. Most often with gun defenses, criminals can be frightened away or deterred without a shot being fired. Estimates of these types of defensive uses of firearms are wide ranging, from a low of 65,000 to 82,000 annual defensive gun uses (DGUs) reported to the U.S. Department of Justice's National Crime Victimization Survey (NCVS), to a high end of some 2.1-2.5 million annual DGUs, but they seem to occur at least as often (if not far more often) each year as misuses of firearms by violent criminals.”
But with rights come responsibilities, and it is important that we understand just what our rights and responsibilities are with regard to firearms.
The book Infringed by Alexandria Kincaid, a nationally renowned firearms law attorney, is an excellent and highly recommended reference for understanding your rights and responsibilities when it comes to firearms laws and regulations.
The National Rifle Association - Institute for Legislative Action is also an excellent resource for learning more about firearms law and policies throughout the United States.
If you choose to own and carry firearms for your personal protection you should take the time to understand the laws that govern your rights and responsibilities.
Federal Judge Schools FBI on Who Can Approve Search Warrants (Ooops)
An FBI agent investigating possible fraud obtained warrants from two Alameda County judges in 2016 to search a cell phone and use a tracking device, and said he found incriminating evidence.
The only problem, a federal judge said Tuesday, was that California law prohibits state and local courts from issuing warrants to federal officers — a fact that was apparently unknown to the agent, the FBI, and possibly even to the judges who approved the warrants.
The law authorizes state courts to issue search warrants to “peace officers,” who include police, sheriffs’ deputies and other state and local law enforcement officials, but not federal agents, said U.S. District Judge Vince Chhabria of San Francisco.
While some states give federal agents the same court access as local police, “California chose to limit federal authority to enforce state criminal laws,” Chhabria said. He ordered his ruling published in legal casebooks and distributed to the FBI, prosecutors’ offices and other agencies, “to put the relevant actors in the criminal justice system on notice.” (SF Chronicle, July 3, 2018)
--
Sunday, July 8, 2018
Another Fitness App Revealed the Location of Overseas Soldiers
According to Mashable (July 8, 2018) another fitness app revealed the location of overseas soldiers. Fitness apps help you track your runs, calories burned, and maybe even your heart rate. If you happen to be using a Polar device and its associated app, however, that information — in addition to small details like where you live — could end up in the wrong hands.
Approximately six months after researchers revealed that so-called Strava heatmaps allowed for the identification of secret overseas military bases, another fitness app was making all kinds of user data public.
Specifically, Polar's Polar Flow app "is revealing the homes and lives of people exercising in secretive locations, such as intelligence agencies, military bases and airfields, nuclear weapons storage sites, and embassies around the world."
Read the complete Bellingcat article here.
--
It should probably go without saying, but if you are living and working in a secret or sensitive location, don't upload your location data to the Internet.
Privacy International's Open Letter to Thomas Reuters CLEAR Database
According to Medium (June 21, 2018): Documents show that ICE currently has contract with West Publishing Corporation, a Thomson Reuters subsidiary, providing it with access to the Consolidated Lead Evaluation and Reporting (CLEAR) system as part of a contract value worth over $20 million.
The CLEAR system allows ICE access to a “vast collection of public and proprietary records” including phone records, consumer and credit bureau data, healthcare provider content, utilities data, DMV records, World-Check listing, business data, data from social networks and chatrooms, and “live access to more than 7 billion license plate detections”.
With Thomson Reuters Special Services providing ICE’s Detention Compliance and Removal office with “subscription data services”. The contract is worth over $6.7 million and was signed in February 2018. Other documentation specifies that the contract is for a “continuous monitoring and alert system to track 500,000 identities per month” which is “able to securely process and return aliens’ information and addresses using the following types of specified data: FBI numbers; State Identification Numbers; real time jail booking data; credit history; insurance claims; phone number account information; wireless phone accounts; wire transfer data; driver’s license information; vehicle registration information; property information; pay day loan information; public court records; incarceration data; employment address data; Individual Taxpayer Identification Number (ITIN) data; and employer records.”
Privacy International (PI) has today sent an open letter to the President of Thomson Reuters Corporation asking whether he will commit to ensuring the multinational company’s products or services are not used to enforce cruel, arbitrary, and disproportionate measures, including those currently being implemented by US immigration authorities.
--
CLEAR is a records aggregator, similar to TLO and LexisNexis Accurint. These companies gather data and records from a large number of public and semi-public sources and consolidate those data and records into searchable databases.
While these databases are useful investigative tools for law enforcement, they are not magic. What these databases do however is pull together large amount of information about hundreds of millions of individuals that can be accessed by law enforcement and other government employees without the need for a warrant, and without any requirement for notification to the individual whose information is accessed.
--