How to Block Yahoo Mail from Scanning, Collecting, and Selling Your Data

Believe it or not, there still are millions of users out there using a Yahoo Mail account, and according to the Wall Street Journal (August 28, 2018) Yahoo Mail is still scanning, collecting, and selling users’ data to advertisers, and according to people familiar with the matter, some 200 million inboxes are being involved.

Officials working for Oath, the company that the new Yahoo owner Verizon created last year, say this is by no means unexpected behavior. An email service “is an expensive system,” Doug Sharp, Oath’s vice president of data, measurements and insights, said, so it makes sense for the company to try to generate some money using your data.

You can opt-out of this scanning of your e-mail (although Yahoo could scan your e-mail, regardless of your preference). Opting out isn’t a very straightforward thing to do because Yahoo has decided to hide the settings in this regard deep in its account information and not in the Yahoo Mail settings screen.

To opt-out you need to do is to open the Ad Interest Manager page where all the options are grouped. Needless to say, you need to be logged in with the Yahoo account that you want to update.

In the Your Advertising Choices, there are two different tabs called Across the web and On Yahoo. Both of them need to be changed – make sure you do this because disabling just one leaves the data scanning active.

Open each tab manually and click the button that reads Opt Out. Once you do this, the page should refresh automatically and the button should switch to Opt In, letting you know that the personalized ads have been blocked.

As you can see, the method is by no means intuitive, and the average person is unlikely to discover it unless reading about Yahoo’s questionable practices in the media. For the time being, however, Yahoo has no intention to change the way users can opt out of the email scanning.
--

CA Officials Admit to Using License Plate Readers to Monitor Welfare Recipients

According to a Gizmodo article (August 13, 2018) -- Since 2016, Sacramento County officials have been accessing license plate reader data to track welfare recipients. Investigators working fraud cases have used the data for two years on a “case-by-case” basis.

License plate readers (LPR) are essentially cameras that upload photographs to a searchable database of images of license plates. Each image captured by these cameras is annotated with information on the registered owner, the make and model of the car, and time-stamped GPS data on where it was last spotted. Those with access, usually police, can search the database using a full or partial license plate number, a date or time, year and model of a car, and so on. 

Anyone with access to that data could use it track where someone drove and when, provided they were scanned by the LPR. The privacy concerns are obvious, as where people go reveals a lot of privileged information about them. For instance, they could be visiting an STD clinic, an immigration office, or a relative’s homes.

Welfare fraud is statistically speaking, extremely rare. In 2012, the DHA found only 500 cases of fraud among Sacramento’s 193,000 recipients. Mike Herald, director of the Western Center on Law and Poverty, stated: “I think we’re only picking on a group of people who are extremely poor and they want to create a perception with the public that there is a real big fraud problem with welfare programs.”

The Sacramento Bee reports that county welfare fraud investigators with the Department of Human Assistance accessed the data over a thousand times in two years.
--

 

Don’t Let Trojan Horses Inside Your Connected Home (Security Video)

This security awareness video, Don’t Let Trojan Horses Inside Your Connected Home, dramatizes home a cyber-criminal might gain access to your home through the Internet of Things.

The video is a useful lead in for security awareness training.

For additional information, check out the Ted talk:

What Your Smart Devices Know (and Share) About You
 

Five Eyes Nations Quietly Demand Government Access to Encrypted Data

According to the New York Times (September 4, 2018) the Trump administration and its closest intelligence partners have quietly warned technology firms that they will demand “lawful access” to all encrypted emails, text messages and voice communications, threatening to compel compliance if the private companies refuse to voluntarily provide the information to the governments.

The threat was issued last week by the United States, Britain, Australia, New Zealand and Canada, the so-called Five Eyes nations that broadly share intelligence. Collectively, they have been frustrated by the spread of encrypted apps on cellphones and the ability to send encrypted messages through social media and, most prominently, on Apple’s iPhones.

At the core of the dispute is whether Apple, Facebook, Google and others should be compelled to provide a “back door” to their products that would allow government investigators to gain access to all communications, with a legal order.

It is far from clear that Congress is ready to take on the technology companies on this issue, especially because more companies and citizens are turning to encryption to protect sensitive conversations and financial transfers.

Ordinary Americans are also increasingly using encrypted apps to conduct delicate conversations to prevent monitoring by the government or others.

“Cybersecurity experts have repeatedly proven that it’s impossible to create any back door that couldn’t be discovered — and exploited — by bad actors,” Facebook said in the blog post. “It’s why weakening any part of encryption weakens the whole security ecosystem.”

The debate was fueled in part by Apple’s refusal to unlock an iPhone used by one of the attackers in a 2015 shooting in San Bernardino, Calif., as demanded by the F.B.I. A year earlier, Mr. Comey had cited “concerns” about encryption apps that he described as “companies marketing something expressly to allow people to hold themselves beyond the law.”

In response, Tim Cook, Apple’s chief executive, contended that once phones or messaging systems were designed to allow legal access, hackers from Russia, China, Iran, North Korea and elsewhere would use the breach to pry their way in, destroying technology devised to protect privacy.
--

Requiring corporations like Apple, Facebook, Google, and the like to include a backdoor to break encryption in their products is an extremely bad idea. Any backdoor that allows encryption to be bypassed with a court order will sooner or later (probably sooner) be hacked allowing unauthorized access to sensitive, encrypted information by criminals, and foreign powers.

There simply is no good technical means to allow only the "good guys" to break encryption and still keep the "bad guys" out. And as we have too often seen, the government is not always the good guys.

I note too that while strong encryption will keep the government out of your private information (at least for a time) most cases do not hinge on access to encrypted data.  In 2017 there were only 102 cases of encryption encounter in wiretaps, and of those officials were not able to decipher the plain text of the communications in only 37 cases. The use of encryption simply isn't keeping the government for conducting effective law enforcement, but what the use of encryption does do quite well is keep the government from conducting mass surveillance programs - and this is the real issue at hand!

According to security guru Bruce Schneier, "The Five Eyes -- the intelligence consortium of the rich English-speaking countries (the US, Canada, the UK, Australia, and New Zealand) -- have issued a "Statement of Principles on Access to Evidence and Encryption" where they claim their needs for surveillance outweigh everyone's needs for security and privacy." 

Privacy and security expert, Cory Doctorow stated, "Oh for fuck's sake, not this fucking bullshit again.   America, Canada, New Zealand, the UK and Australia are in a surveillance alliance called The Five Eyes, through which they share much of their illegally harvested surveillance data. In a recently released Statement of Principles on Access to Evidence and Encryption, the Five Eyes powers have demanded, again, that strong cryptography be abolished and replaced with defective cryptography so that they can spy on bad guys. They defend this by saying "Privacy is not absolute.""

 

 

NATO Innovation Challenge

The NATO Innovation Challenge lets you participate in projects and submit ideas that support NATO missions. Anyone can compete in the open innovation events organized in the NATO Innovation Network. So doing, you contribute to solving NATO priority issues, get NATO-wide exposure and get the chance to win prizes and support for the development of your solutions.

Most Violent and Property Crimes Reported to Police in the U.S. Go Unsolved

According to Pew Research (March 1, 2017) only about half of the violent crimes and a third of the property crimes that occur in the United States each year are reported to police. And most of the crimes that are reported don’t result in the arrest, charging and prosecution of a suspect, according to government statistics.

Even when violent and property crimes are reported to police, they’re often not solved – at least based on a measure known as the clearance rate. That’s the share of cases each year that are closed, or “cleared,” through the arrest, charging and referral of a suspect for prosecution. In 2015, the most recent year for which data are available, only 46% of the violent crimes and 19% of the property crimes reported to police in the U.S. were cleared, according to FBI data.

Police clearance rates also vary significantly by crime type. Only 13% of burglaries, 13% of motor vehicle thefts and 22% of larcenies and thefts were cleared in 2015. By comparison, police cleared 29% of robberies, 38% of rapes and 54% of aggravated assaults in 2015.

When it comes to deadly crimes, Chicago has drawn widespread attention recently for its historically low murder clearance rate in 2016. But murder is actually the crime that’s most likely to be solved, at least when looking at national statistics. In 2015, 62% of murders and non-negligent homicides in the U.S. were cleared. That rate hasn’t changed much since 1995, but it’s far lower than in 1965, when more than 90% of murders in the U.S. were solved.
--

So, why is it that most crimes in the United States go unsolved? The men and women that make up our police forces certainly want to solve crimes and catch bad guys. Police training in the United States may not be the best in the world, but it far from being the worst and certainly not what anyone would rate as poor quality. There are very knowledgeable, skilled, and experienced detectives and investigators on or available to every police force.

There are many reasons that police may be failing to solve crimes, but one reason may be that departments are not focused on proactive policing and crime solving activities. Police departments have become cesspools of politics and special interests, where employees are subjected to witch-hunt investigations, suspensions, and terminations for any mistake, and too often for just doing their jobs.

Recent news reports highlight the issues affecting many departments:

Behind The Scenes, Lacey, WA Police Department is a ‘Mess,’ Union Says

Baltimore Cops 'Stopped Noticing Crime' After Freddie Gray Incident

Portland Police Union President Says City 'A Cesspool' Amid Failed Policies

Seattle Cops Flee the Force in 'Mass Exodus' Because of Politics

Police are no longer focused on fighting crime, and they are not trusted by the people in the communities where they work. Under these conditions it is little wonder that actual crimes go unsolved.

Deadly Insider Attacks on US Troops Won’t End, Experts Say

In the wake of the second deadly insider attack in Afghanistan this year, experts say that these incidents are an unfortunate reality of the train, advise and assist mission: that U.S. troops cannot avoid living among killers in disguise.

The latest suspected green-on-blue attack occurred Monday. Killed in the attack was Command Sgt. Major Timothy Bolyard, the top enlisted soldier for the Army’s new 1st Security Force Assistance Brigade, a unit designed for Afghan advisory missions. One other service member, who was not identified, was wounded. Afghan security personnel or insurgents wearing Afghan uniforms are suspected in the attack.

In July, an insider attack killed U.S. Army Cpl. Joseph Maciel of South Gate, California and wounded two other U.S. service members, who were operating in the Tarin Kowt district of Afghanistan's southcentral Uruzgan province.

Since 2007, insider attacks have killed 157 coalition personnel, according to the Modern War Institute at the U.S. Military Academy at West Point.

"It's going to happen," Jason Dempsey, an adjunct fellow for the Center for New American Security, told Military.com. "You are talking about a security force of about 300,000-plus. You've got changing loyalties, you've got desertion rates up to 25 percent ... dudes are flowing out of the Afghan military nonstop.

"There is absolutely no way to stop it."  (Military.com, September 5, 2018)
--

With all due respect to Dr. Dempsey, may I suggest that we can in fact stop or at least mitigate these type of attacks with an improved force protection posture.

To do this we need force protection personnel who are actually qualified to advise on these matters (a 40-hour course is not a qualification) and who have experience operating in hostile and non-permissive environments. Have your force protection advisors ever deployed to a combat zone? Have they spent years living and working overseas? Do they at least hold advanced degrees in security management, in intelligence, in strategic studies and analysis?

Too often force protection is an additional duty, something that gets looked at as an afterthought. Or even worse, force protection is based on what can be found with a Google search and little else.

Cut and paste force protection results in dead Service Members.