Facebook and Apple Fight is About Monetizing You

If you’ve downloaded and installed Apple’s iOS 14.3 update for iPhones and iPads, you’ve put yourself in the sights of Facebook and Apple. Called “App Tracking Transparency” feature, it labels apps in the App Store, telling users what data those apps collect and whether it’s used to track them for advertising. Facebook, which makes its money from advertising, says the feature will harm small businesses that rely on targeted online advertising.

In many cases, you’re worth pennies on the dollar, but there are hundreds of billions of pennies at stake. And while both sides try to cloak their stands in privacy and free enterprise, it’s really about “fee enterprise.”

The gist of Apple’s policy is that when you download an app from the App Store, your activity on the device can’t be tracked unless you give permission. Until now, you had to opt-out to avoid being stalked electronically online. Most people usually ignore the opt-out/opt-in option, and Facebook and other web-based operations have made a lot of money by tracking you and selling the data to companies who want to sell something you want – or have indicated you may want.

According to a recent article in Forbes, Facebook itself estimates a 60-percent swing in advertising effectiveness between targeting and non-targeted advertisements. Facebook’s ad charges the article notes, will presumably match its ad-placement effectiveness. With the company controlling about 25 percent of a $40 billion online U.S. advertising market, up to $6 billion in annual revenue is at stake in the US alone. Google and Amazon also profit immensely from tracking you and selling your data.

The bottom line is that anyone who opts out is 60% less valuable than a regular customer, and that’s part of legal proceedings before the Federal Trade Commission and in 48 states. Apple, of course, has been taken to task for its practices in handling App Store operations, including who gets to put apps there, and other technical issues. They’re not saints, but that’s a separate issue from the Facebook issue.

The Forbes article likens Facebook’s operations to Ladies Night at a nightclub. On Ladies Night, clubs let women in for free expecting that they will attract men who will pay a cover, as well as spend money on the women and themselves. In a similar way, Facebook provides users with free services in the hope that advertisers will spend money on them. Facebook is like the owner-bartender who, for $10, will tell you everything he knows about a particular woman, including her relationship status and favorite drink.

I can’t speak for how a woman might feel after reading this, but anyone can feel some outrage about being put on display and sold. Yet at the same time, we’re looking for new and interesting products or services when we go online, and we may be open to new ideas when they’re presented to us. To me, that’s Facebook’s argument. You might view Apple as the guy who senses harassment and comes over to “protect” you.

To expand the transparency/privacy conversation, you have choices. You are able to use search engines and plug-ins that block unwanted ads while you browse the web and visit sites. Websites are fighting back by not allowing you access unless you unblock the ads on their site. You may not like the choices. You may not like sacrificing privacy for convenience or vice versa. But this is all part of the opt-in/opt-out battleground over who gets to profit from you.

If you have any questions about how to configure apps to meet your privacy or convenience needs, we can help. Call us – 973-433-6676 – or email us for an appointment to walk you through the process.

Understanding MFA and Other Security Measures

We recently added a new home-user client through the Nextdoor website, and during our initial conversations, we covered a lot of security issues. The new client, an elderly gentleman, had a really good handle on his online security. There’s a lot for us to unpack as individuals and as those who have elderly parents – though some of this can apply to everyone.

First, let’s look at passwords. While this discussion is inspired by our new client, our conversation can apply to anyone because we never know when someone will not be able to access vital personal information either stored on a computer or device or in the cloud.

When we take on a new elderly client, we spend a lot of time talking about online security, including passwords, password managers and MFA. We were heartened to learn our new client knew all about using his passwords properly. He seemed to understand the system better than many of our younger clients.

When he asked about using a password manager, a subject he brought up, we advised against it. While password managers can greatly enhance online security and can be extremely convenient (think about accessing a website from your mobile phone when you’re in an urgent situation), everyone needs to know the law of unintended consequences. Every password manager has an encryption key, and if you don’t have the master password with that encryption key, you won’t get in. That includes you as the account owner and anyone who might need to get into a website.

We told him it would be preferable to write all his passwords in a book. It doesn’t need to be locked in a safe, but it should be kept in a secure place – and at least one other trusted person should know where it is. This is critically important for the elderly or anyone else who may need someone to manage their affairs because of some impairment or death.

Second, let’s look at forms of security generally known as two-factor authorization (2FA) or multi-factor authorization (MFA).

We discussed using MFA for his online banking and financial activity, and he said: “That is so easy, everyone should be doing it.”

I agree wholeheartedly. It’s not that complicated to use it once you set it up. In most cases, you can link the authorization to a specific device or devices, such as a computer, tablet or phone. When you do that, you can sign into a website account from the authorized device(s) without going through the authorization every time – or you can set it up to require authorization every time. It becomes difficult if somebody is trying to sign into your account from another device, but of course, this is what the process is designed to do.

The way most MFA processes work is that when you sign in from a device, a code is sent by text message to a phone or to an email address. Once you receive the code, you enter it on a designated page associated with the website. The complication will come if someone is truly signing in on your behalf from an “unknown” device. That person will need access to the authorization message.

Another security measure that works for iOS devices is Apple’s iCloud Keychain. Functioning like a password manager to some extent, it allows you to use your device access code to activate a complex password to enter a secure website.

We can help you understand all the benefits and pitfalls of using MFA. The big problems, obviously, are to make sure you don’t lock yourself out of your account and know what do to if your phone is not working. Call us – 973-433-6676 – or email us to get comprehensive information about MFA and password managers and to configure your systems to work best for your needs.

CAVEAT EMPTOR!!!

“Buyer Beware!” is a more important warning than ever before if you’re buying phones, computers, tablets and other electronic devices online. We all like online bargains, but the looting that took place as peaceful demonstrations fell apart will put a lot of stolen goods on the market. It’s a fact of life – not a political or social statement. Here’s what you need to know.

First, mobile phones, tablets and computers have built-in tracking. If the merchant from whom the devices were stolen reports the identifying information to the manufacturer, a message can be displayed as soon as the device is connected to any kind of network. It will tell the user that the device is stolen and cannot be put into service.

Second, in all likelihood, if you bought tainted goods on the internet, you bought it from a less-than-reputable seller, which means you won’t get any support from the manufacturer or a cellular network carrier. We can’t say for sure, but a manufacturer or merchant who knows where a stolen device is could initiate action to get it back.

Third, if you used a credit card, your account information is now in the hands of people who can monetize it at some point.

In short, you’ll have no consumer protection, and you could have a lot of liabilities. That puts the onus squarely on you to make sure you visit only legitimate merchant websites and buy from legitimate sellers.

Everyone can expect to be bombarded with offers from sellers, legitimate or not. We’ve been bombarded for years. Some offers come through phishing expeditions, which can look legitimate but may have one slight change from a seller that might be familiar to you. You might see an ad on a website, and that can be a tough call. Huge businesses have been built – legitimately – by tracking your browsing history and then sending you ads. It’s easy for a “fencing” operation to set up a website that has every appearance of legitimacy.

Our advice is simple. Only click on links that you are 100 percent sure are legitimate websites. Only buy electronics from legitimate sources. They may be well-known retailers as well as vendors vetted and supported by services such as Amazon. You can be reasonably assured you are getting a legitimate product and that your credit card information will be properly protected. And if your product is defective or not what you expected, you should be able to exchange or return it within a clearly stated policy.

If you have any questions about a product you’re shopping for, don’t hesitate to ask us about its properties or things to look for in a seller. Call us – 973-433-6676 – or email us if you have any questions.

What Are Your Biggest Online Threats in 2020?

Cyberthreats will be coming at you – and any person or organization with whom you have an online relationship – with increasing speed and sophistication. For some, it might feel like you’re living inside an online fantasy game, but it’s real life. Here’s what to look for.

Phishing and Social Engineering

There’s nothing new about phishing, where cybercriminals try to obtain sensitive information, like passwords or financial information, usually by using links in emails to install malware to breach your system. Non-profits have been major targets because they don’t have alert systems built into network infrastructures, but any business, governmental organization or individual can be hit. We’ve discussed the need to be highly aware of what you’re clicking and to exercise extreme caution. As an individual user, you have control.

At businesses, it’s a bigger chore to combat phishing. Attacks enable hackers to steal user logins, credit card credentials and other types of personal financial information, as well as gain access to private databases.

Going hand-in-hand with phishing is social engineering, which can cover a multitude of attacks such as disinformation and deep fakes spread by social media. We see this as one of the biggest threats you face this year.

Social media makes it easier to spread disinformation faster than anyone can send out the facts to repudiate fakery or misrepresentation. Deep fakes relate to fake images and videos being created by deep learning techniques. We’ve seen them in the political arena and can expect more them to be leveraged as a tool to attempt to discredit candidates and push inaccurate political messages to voters via social media. We’ll also see them in ransomware, showing targets realistic videos of themselves in compromising situations. We’ll also see more spoofing in business email with deep fakes used to add a further degree of realism to the request to transfer money.

Ransomware

Ransomware attacks cost billions of dollars every year, as hackers literally kidnap an individual or organization’s databases and hold all of the information for ransom. The rise of cryptocurrencies such as Bitcoin spurred ransomware attacks by allowing ransom demands to be paid anonymously. As companies build stronger defenses against ransomware, some experts believe hackers will increasingly target other potentially profitable ransomware victims such as high-net-worth individuals.

Third-Party Vulnerabilities (IoT, Cloud, Supply Chain)

This is a tough threat to ward off because you have some control over your vulnerabilities but not all of them. With the Internet of Things (IoT), you have control. Make sure that you change every default username and password for every device you connect to your network and have a strong network password and firewall. I have little sympathy for people whose systems are hacked because they didn’t take the proper setup steps to prevent invasion.

The cloud is as safe as you can get, especially with large, reputable service providers. They have the resources to deploy the most advanced security measures and multiple services to protect your data. Our advice here is to use a top-rated cloud service provider and make sure you have protected your network, just you would to maintain IoT security.

The supply chain is tough. With so many companies using the internet to fulfill product orders, manage vendors and customers and provide financial services, each one of them can rely on hundreds of vendors. You rely on all of them to keep your data safe, and that can make any one of them the weakest link in your security. Your best defense is to take every security precaution you can, such as keeping your software and hardware up to date, using common sense on what you click, and letting others know when you have concerns about their security.

Internal Attacks

We have only begun to see the impact insiders can have on organizations as well as national and global security. While the news focuses on dangerous insiders exfiltrating data to foreign governments and terrorist organizations, you need to focus on your business – and your business partners. In all likelihood, your biggest threats will be data theft for monetary purposes – similar to effects of ransomware – or some disruption of your business by a disgruntled or careless employee.

5G’s Unprecedented Data-Theft Speeds

5G cellular technology promises unprecedented speed to make it possible to have more effective infrastructure, autonomous vehicles, faster emergency response and greatly improved telemedicine. It will be almost entirely software-driven; you’ll need hardware capable of handling it. Because it will be software-driven, it will be susceptible to hacks. You’ll need to follow safe internet practices and hope that everyone else does, too. There’s not much you can do technologically in the grand scheme of things, but you can and should demand that large organizations and governments take steps to protect 5G networks.

We can help you make sure you have the knowledge and systems in place to protect your systems from cyberthreats. Contact us by phone – 973-433-6676 – or email to discuss your needs.

7-bit#, 7-bit#-not PW123 – A Password Primer

This headline depicts how passwords are written and stored in your computing environment. We won’t go into heavy details, but it essentially works this way.

When you put letters – upper and lower case – and numerals and special characters into your password, the storage system records them in a code involving 7 bits and a # symbol. Hackers have learned that if they attack your password in #s, or hashes, they have a shot at cracking your password.

When you change just one special character – or number or letter, you’re only changing one #. You’re actually making your security worse when you do that, especially if you have a really simple password and depend on a &, $ or @ to keep your passwords secure.

Here’s what you need to know about keeping them secure, and if you understand the principles, you’ll know why passwords can’t go away fast enough.

  • Don’t change just one number or special character. If someone has managed to get close to your password, it doesn’t take much run a program that swaps out 10 numerical characters and maybe eight special characters.
  • Don’t use short passwords. A computerized analytics program can run through a short combination of letters and characters faster than you read this sentence.
  • Do use long passwords with combinations of upper- and lower-case letters, numerals and special characters.
  • Do change several numbers and/or special characters when you change your password.
  • Do make your passwords illogical. We all try to keep some semblance of something we can remember because we need to have passwords for so many websites or apps. But if a hacker catches onto your logic, you’re more vulnerable.

We can’t emphasize strongly enough that password and internet security get more critical every day. Hacking and ransomware attacks get more prevalent, and the stakes are higher as we digitize every aspect of our corporate and personal lives. Governments, agencies and school boards – Livingston here in NJ being the latest – have fallen victim to ransomware attacks, and all face the agonizing decision of whether to pay up or try to recover their data. The latter can take longer and be more expensive than the ransom payment, but for some, it’s a matter of principle.

This leads us to four other recommendations when it comes to passwords and internet security:

  1. Use fake answers for the security questions that accompany passwords on many websites. So many of them involve facts that are the matter of public record, including addresses, your first car and your maternal grandmother’s middle name.
  2. Use a password manager program – and let it generate random passwords for every online account you have or ever hope to have. You just need to remember one password, and you can use it to download every password you have if and when you need to know each one.
  3. Have a real backup program for your data. OneDrive and Dropbox are good for storage, and you can recover your data file by file. A backup program such as Azure allows recovery and restoration more efficiently.
  4. Switch from passwords to biometrics whenever and wherever you possibly can. Biometrics are becoming more available, and it makes sense to incorporate them where you can.

Contact us by phone – 973-433-6676 – or email to talk about a good backup program, a password strategy and/or moving to biometrics. And above, practice safe password protection.