As you should be painfully aware by now, data is not only proving to be the currency of the information age, but also the key to political power, and when you are the world’s largest social media company (as well as one of the largest, period), you have a ton of data at your virtual fingertips. It should come as no surprise that Facebook plays a considerable role in shaping the values of millions of people. After a painful mea culpa about Russia’s exploitation of Facebook to stir up dissent prior to the 2016 elections, Facebook and it’s CEO are being called on the carpet by the UK government to answer allegations that the company shared data on 50 million Facebook users with a consulting firm tied to both the 2016 US Presidential Elections as well as the infamous Brexit vote earlier in that same year.
Was last week’s article strangely prophetic?
Though I didn’t know about the bombshell announced today concerning the improper (and possibly illegal) transfer of data that should have been protected by Facebook, the media has been circling the embattled company like wolves, and as I mentioned in last week’s article, plenty of everyday folks I talk to regularly have expressed a growing sentiment that I also seem to write about with growing frequency. While the reports surrounding this controversy are shocking to me because of the vulgar disregard these people seem to have for anything resembling a moral compass, they are not surprising to me. I’d like to say the icing on the cake was the revelation that Google (“Don’t be evil.” c. 2000) has admitted to providing technology to our government to aid with its military drone program. I’m also willing to admit that the Google of 2000 is nothing like today’s behemoth that holds the internet in the palm of its hand, but again, they are part of this problematic elephant on the internet. We have all built a monster that somewhere along the way got away from its handlers and is being used to do as much harm as good. The only one who is going to rescue us is, ironically, ourselves, but only if we wake up and take responsibility for important aspects of our lives-privacy and critical thinking-that we have ceded to the internet in exchange for entertainment and convenience. Should you delete your Facebook? At this point, the value of that act is almost entirely symbolic (and maybe financial if enough people make this choice), but your information is still out there, in the hands of people with very questionable moral fiber. The real question is now, “What do we do about it going forward?”
Image courtesy of Miles Stuart from FreeDigitalPhotos.net
I don’t have any actual statistical data to back this up, but by my reckoning, over the past 4-5 years I’ve been running C2, at least one out of every five people I’ve spoken with at length have expressed some interest in leaving the bulk of social media behind, and most of them have lumped email into that category as well. Granted, many times when I’m talking with people it’s while I’m on the job, so there’s usually a substantial reason they aren’t best friends with technology at that moment. I imagine every one of us at one point has wished a certain ornery piece of technology could be instantly reduced to a smoking pile of ash, and I’m pretty certain at least a few of you have followed through on the threat and have destroyed something that beeps or glows with vengeful delight. Despite the fact that I find little use for social media personally, I definitely do not underestimate the value and power it holds for business and organizations, so I recommend careful, deliberate consideration before doing anything you might regret professionally, but making a clean break as an individual may bring balance back to your private life.
Ready to make a change?
Make no mistake, the instructions provided in the following two articles will require effort, with the second being considerably more involved. There is no silver bullet, mystical pill or magic wand that will get you off the grid – the internet has a long memory that is probably close to impossible to wipe, as many, many people have come to learn the hard way. Here’s the bad news up front: if you are looking to exit social media because of past, less-than-discrete but publicly shared incidents, the best you will be able to accomplish is shielding your own eyes and ears from digital reprobation and reminders, but unless everyone around you also walks away from social media forever, the most you can expect is protecting yourself from possible future life-damaging (and potentially viral) faux pas.
The Clean Break Approach: this article from Wired gets right to the bones of the matter – deleting your social media accounts on Facebook, Instagram, Twitter, Snapchat, LinkedIn, Google+ and Pinterest. Obviously this is not an exhaustive list – if you’ve been busy in social media, this might only be a small part of your online “portfolio”, but for most of us, these are the mainstays, and in some cases (like Facebook) will require some effort to truly delete the account. If you want to remove yourself from the Internet, following this guide will get you as close as you might be able to accomplish without deep cash reserves and a small army of skilled hackers.
The “Secret Identity” Approach (warning: link contains soft paywall): maybe an exaggeration, but hopefully colorful enough to accurately describe this approach. In essence, it’s a fairly general guide to constructing an online, public-facing persona that excludes your private data while still enabling you to participate in the various internet-based platforms out there. Important to note: this path is actually more technically complicated and one I would only recommend pursuing if you need to maintain a social media presence. This is most definitely not the way to simplify your digital life.
Whichever approach you take, including the “I’ve got nothing to hide” one, you should never forget that for every minute you spend online you are building a comprehensive permanent, indelible digital “fingerprint”. We humans make the mistake in thinking that the internet remembers like we do. Or maybe we are forgetting that it never forgets, and can compile data on us from incomprehensible angles. Either way, if you remember anything, remember the only way to truly hide yourself from the eye of the Internet is to not use it.
I regularly receive calls from clients, family and friends that follow a familiar pattern, “My internet is slow|broken|acting weird, and yes, I just rebooted my device.” My cohorts and I in the technology industry will take full credit for finally ingraining in our clients the (oftentimes) self-healing mantra of “reboot, reboot, reboot,” but when powering it off and back on doesn’t “fix the internet”, we have to get down to the real business of technical support. Since we are all friends here, I’ll let you in on a little secret: Sometimes even we so-called experts don’t know why your internet is broken, but I’ll try to explain why that is.
The internet really is “a series of tubes”
Former Alaskan Senator Ted Stevens received no small amount of flack from the industry when he infamously used this description of the internet in his opposition of net neutrality back in 2006. Some of that scorn was rightly earned as it was clear that Stevens was not as technically savvy as his responsibilities would seemingly require as the head of the Senate committee in charge of regulating said “series of tubes,” but over the years I’ve often used plumbing as an analog for the internet when working with clients (both savvy and otherwise). Similar to troubleshooting a plumbing problem, figuring out why your data isn’t flowing freely involves tracing the path of the data from origin to destination, and when it comes to content delivered by internet, rarely is it a straight, easy-to-follow path.
Even when the last few dozen feet to your device may be completely wireless, somewhere nearby is a piece of equipment attached to one or more wires, which are themselves attached to other devices and more wires, and so on for hundreds or even thousands of miles, depending on the path that your data takes across the internet. Depending on the technology and platform, the stream of bits that comprises your email or cat video or instant message can cross dozens of those intersections on a path that could take literally hundreds of different twists and turns on its way to you. Fortunately for everyone, the technology of the internet is designed so that instead of humans determining that path for every single bit, machines do it for us, and they normally do a very good job of finding an optimal path through this maze of wires, or “series of tubes”. On top of this, the internet itself was built around the concept of a self-healing network that could route around hardware failures, however, the physical implementation of the internet (the wiring) as well as the logical design of many internet services (like website hosting) are limited by various bottlenecks and choke points that lead to outages. Another factor to keep in mind: even though there are machines that determine the routes our bits will take across the internet, those machines were built by humans, and they are configured and maintained by humans, which, as we all know, frequently leads to “oops, I broke the internet” moments.
Last Friday, Amazon (the world’s largest cloud computing provider) broke a good-sized chunk of the internet for everyone when their Eastern data center experienced “issues” that took several hours to resolve. During this time, hundreds of websites and cloud-based platforms (email servers, social media sites, etc.) were slowed down or completely offline. Depending on where you were geographically and what services you considered “your internet”, you were either fine, somewhat impaired, or “OMG everything is broken and on fire.” This was an actual, semi-serious quote from a client who shall remain nameless. Understandably, when your entire business relies on services provided by the internet, it can be incredibly frustrating not being able to just grab a pipe wrench to fix that broken tube. Even when your IT guy can point out the actual broken tube, unless it’s in your own home or office, rarely does he have a pipe wrench long enough or big enough to actually fix these types of problems. If it helps ease the pain, envision several thousand IT guys standing around the engine compartment of your broken internet car, rubbing their chins and saying, “There’s your problem,” while one guy is elbow deep, covered in grease actually trying to fix the problem.
While it may feel like some services are always broken, the fact remains that despite “hiccups” like these, cloud services are for the most part very reliable, and 90% of the time it probably is your local or regional “plumbing” that is the source of the issue. This is where the expertise of a firm like C2 comes in handy. Once we eliminate the obvious upstream sources, we are the technicians who are up to our elbows in wires and ISP automated support services, navigating the tangle of tubes that make up your personal network.
Image courtesy of bajita111122 from FreeDigitalPhotos.net
Despite the fact that fixing broken technology and fighting internet pollution puts food on the table at Casa C2, I don’t take (much) pleasure in delivering technology tales of woe and doom to you, so it’s refreshing when I can update you on a technology that I am keenly interested in, especially when it intersects with my favorite food. I’ve been impatiently and selfishly waiting for self-driving cars for awhile now, primarily because driving in Los Angeles is incredibly stressful and monstrously inefficient. Even though I know that widespread adoption and implementation is a ways off, there will come a time when I can dictate a schedule into my smartphone the night before a busy day, and then, on the following morning, walk outside to see a car pull up to whisk me off to the first of several onsite client meetings. No worries about traffic, parking, hours wasted in traffic, or whether I have enough fuel to get me to my next destination. Even if the time in the vehicle is lengthy, it’s time I can use to work, relax or even sleep.
For now, I’ll settle for getting a pizza delivered via self-driving car.
Of course, to do so today I would have to be in Miami, Florida, where Ford is currently taking its first steps to meet its 2021 goal of having a nationwide fleet of self-driving taxis and delivery vehicles. Based on the pilot program first launched in their HQ hometown Ann Arbor, Michigan, pizza-maker Domino’s is partnering with Ford on a Miami-based beta test of the driverless pizza delivery fleet. While I have mixed feelings about the potential surge in unemployed pizza delivery persons, I like the idea of pizza delivered quickly and efficiently by self-driving car. However, when the inevitable takeover by robots and AI of menial and easily automated jobs actually occurs, will it mean that humans will be free to pursue more enlightening and fulfilling employment, or will we end up with way too many idle hands put to poor use? This will be a true test of humanity and civilization: can we leverage the freedom technology can grant us, or will be squander it in the pursuit of idle pleasure. Is your vision of the future Rodenberry’s “Star Trek” or H.G. Wells’ “Time Machine”? I’m hoping (and working) for a Star Trek future.
Image courtesy of nalinratphi from FreeDigitalPhotos.net
Companies jumping on the cryptocurrency hype train is relatively old news. You’ve all heard about companies changing their name to some variant of “blockchain” just to cash in on the trading frenzy surrounding the hot new tech, regardless of whether they had anything at all to do with the industry or technology. As a nice follow up to last week’s blog about your server being secretly enslaved to mine cryptocurrency, the latest trend is to get your web browser to mine virtual coins. While there have been plenty of reports of illicit browser hijacking to crunch cryptocurrency numbers, online magazine Salon is offering up an ad-free browsing experience in exchange for using your “unused computing power” to mine, presumably as a way to offset lost advertising revenue.
What this means for you
Online advertising has been in a never-ending, escalating conflict with browsers and plugins that are designed to block ads. Content providers are also trying desperately to figure out how to monetize their visitor traffic without completely alienating those same visitors who are increasingly savvy to marketing gimmicks and have become sensitized to their rapidly dwindling privacy. Some content providers have moved directly to soliciting tips or donations directly from their viewers, but for sites like Salon, the donation model just isn’t appropriate. What remains to be seen is if visitors are sufficiently annoyed with the sites advertising to instead give up some CPU power to enjoy a brief respite, and what sort of impact it might have on their viewing experience. It will also be very interesting to see if other content providers jump onto this bandwagon. Could this be a new web browsing model: watch these ads or donate some CPU cycles? Humans have demonstrated their willingness to donate CPU power to causes like SETI@home and Folding@home, but are you willing to drop your spare CPU change into a for-profit company’s tip jar?
Cryptocurrency mining seems to be all the rage right now. While it wouldn’t be unusual for my clients in the finance industry to be keeping close tabs on technology’s “hottest” trend, I’ve been asked about cryptocurrency by just about everyone, including stay-at-home parents and retirees, mostly because a younger family member is either an avid PC videogamer or aspiring cryptominer trying to find a video card. Why on earth would cryptominers need cards normally focused on digital entertainment? It just so happens that the complex mathematical equations used to calculate the physics and graphics of a video game are very similar to the ones used to mine Bitcoin and other cryptocurrencies. But when they can’t find video cards to fill their mining warehouses, some cybercriminals are resorting to stealing processing power from your hacked server.
“Let my server go?”
Before you go yanking the cables out of your server and network because things are running a little slow lately, keep in mind that Microsoft is busy patching the snot out of the biggest CPU flaw known to man at this point, and as some have predicted, it’s taking a toll on all systems, big and small. However, if your server is running unusually slow, there is a possibility that your network may be compromised by either the Smominru or Wannamine botnets, especially if they include servers or workstations that haven’t been patched in awhile. Unfortunately these particular variants are very hard to detect, and can move laterally through networks as infected machines are isolated and disabled. Early reports from security research firms indicate that these infections are crippling and very hard to remove because they employ methods that include fileless deployment strategies that completely sidestep traditional antivirus protection. In the two above mentioned cases, they are relying on a widely known, but still largely unpatched exploit known as EternalBlue, so eliminating that weakness in your network will add a certain measure of security, but the most effective option by far is to continue training your people to avoid infection vectors in the first place, ie. stop opening those strange attachments and links.
After months of denying it had any significant role in the 2016 Presidential elections, Facebook finally admitted that its platform had been exploited by Russian propaganda agencies with the express intent of spreading “fake news” and creating division among Facebook users. Five months later, it seems they haven’t made any progress on this front, and have also managed to stir the pot on several other hot-button issues. Seeing as Facebook is still one of the largest social media platforms in the world, it’s highly likely you or someone you know and love uses Facebook. Becoming familiar with the current batch of controversies may help you visualize one of the biggest elephants in the internet room.
Here’s what Facebook’s in trouble for this month:
- Banning ads for cryptocurrency – the digitial coin movement is facing its own set of troubles (devaluation, fraud, investigations, etc) and Facebook is already on the hook for its other controversial ads. Not wanting any part of a potential law suit or the destruction of their users life-savings, Facebook will no longer allow ads related to Cryptocurrency trading. Crying foul, of course, is the industry and its investors, which despite its still strong overall valuation and big-bank backing, has its share of fringe enthusiasts that see this as more evidence of “deep-state” persecution of currencies not controlled by the government.
- Messenger for Kids app under fire – Facebook’s new chat app is targeted specifically at kids between the ages of 6 and 12. Personal opinions aside (I would never recommend letting a child near internet-connected ANYTHING at that age), health experts and child advocacy organizations are urging Facebook to stop development and distribution of the app.
- Cries of censorship as known troll accounts banned – this one may seem like a head-scratcher at first, but only if you are a reasonable human capable of critical thinking. Some folks on Facebook are crying foul after Facebook notified them that it removed known Russian propaganda sites from their news feeds. Rather than facing the sobering fact that they might have been influenced by someone who didn’t actually have their best interests at heart, these fine folks are actually siding with the trolls who bamboozled them in the first place. How do you say, “Mission accomplished” in Russian?
- Stuck in the middle of profit vs community: Facebook founder Mark Zuckerberg recently announced that Facebook will be pivoting away from publishing news from big, well-established organizations to focus on more community and friends interaction. Smaller news organizations like Patch are lauding the change, and the big pillars of journalism are understandably concerned. Can Facebook successfully walk the knife-edge between possibly enabling even more fake news and echo-chamber interaction over vetted and respected (but for profit!) news outlets?
Over the years since the internet has come to dominate the technology and business landscape, I’ve often compared the growing tide of malware and general bad behavior found online to pollution. Like its physical manifestation, the source of internet pollution can’t be tied to a single cause or factor or even several of them. The rising tide of malware, spam, cybercrime, and even fake news is caused by a relatively small group of ignorant, mercenary or even outright malicious agents, but because of the way the internet works, there are few practical ways to stop it from spreading everywhere. If you imagine that the internet is the ocean, this stuff is a gigantic oil spill, illegal toxic waste dump and six-pack rings spreading everywhere.
And your website is soaking in it.
Most of us access the internet like we tap our water supply – through (more or less) filtered pipes connected to the main source. Just like I wouldn’t recommend drinking your water straight out of a lake or stream without some filtering, accessing the internet without proper protections is asking for a nasty infection. But have you considered the chilling fact that your website is out there, right now, braving the internet without a hazmat suit? According to at least one internet security company, over half of all website traffic is generated by bots, and more than half of that traffic is malicious. More importantly, they found that for the smallest, least trafficked websites (0-10 human visitors per day) had the highest percentage of non-human traffic, and because they were less visible and more likely to be unattended, they were more likely to be attacked and successfully compromised. Does that sound like a website you know? Maybe your own website? On average, C2’s webserver is attacked several hundred times a day, and, let’s face it, compared to the rest of the web, we’re at the very low-end of the traffic scale.
As to why anyone would attack a site that isn’t visited that much? A compromised website has many uses, many of which actually require that attention not be drawn to the compromised activities occurring on your very own internet island. This allows the attackers to leverage your site’s computing and broadcasting power (however small), essentially drafting it into a massive mesh of zombified soldiers that aren’t limited by a workplace or home firewall. And there are a ton of low-traffic websites. It’s the internet-version of the age-old question of, “Which would you rather fight?” One massive, infected website, or a million tiny, but infected, websites?
Unless you are a skilled website administrator, securing your site isn’t trivial. Definitely leave it to the professionals, but don’t leave it undone. Your website is floating in polluted waters, and unless you take necessary precautions, your little bit of internet paradise might end up looking like the picture attached.
Image courtesy of Sujin Jetkasettakorn from FreeDigitalPhotos.net
Hawaiians got a small taste of cold-war nostalgia last week with a false alarm that warned of an imminent but non-existent ballistic missile threat. While authorities were relatively quick to clarify the lack of impending doom for the tropical islands, they could not forestall the sharp criticism from many fronts, including North Korea who was probably glad for a moment to not be the brunt of global scorn. At the crux of the 38-minute gaffe: a terrible user interface and-surprise, surprise-a human.
What we should take away from this
Aside from the uneasy reminder that North Korea appears to be a button-push away from making this false alarm into a very real one, this unfortunate mistake gave us a glimpse into a critical technology system (poorly) designed by humans. While it may be psychologically useful for us to shake our heads and make jokes about the government’s tendency to award crucial projects to the lowest bidder, Hawaii’s recent tour of nuclear apocalypse came courtesy of a system undoubtedly produced by such thinking. “Lowest bidder” and “technology” rarely result in quality in which you would entrust your business, so why should it be any different for our most critical technology platforms, just because they aren’t profit centers? The next time you are evaluating a technology purchase, make sure your budget matches the importance of the purchase.
It’s also important to note that for as much as we depend on technology to do everything from getting us to work, keeping us safe, and moving the human race forward as a whole, it has yet to replace or even supplement one very critical human trait that seems to be in short supply these days: common sense. A moderate investment in training your people on the reasonable and SAFE use of technology will pay off dividends far in excess of your costs, and can prevent panic-inducing moments like Hawaii’s False Missile Alert.
It seems that while most of us aren’t sorry to see 2017 in the rear-view, if recent news is any indication, 2018 isn’t shaping up to be any brighter for technology. My outlook on security for SMB technology is mixed at best – I’m certain we will see an escalating amount of attacks coordinated by organized and well-funded teams pursuing both criminal and political agendas, and we will continue to see the rise of propaganda in social media presented as facts-based journalism. On a more positive note, there are still plenty of technology options for SMBs that give them access to the same tools and software that the big boys use, but as with real life, graduating to an internet-savvy business world means preparing for an environment full of sharp edges.
To get you ready, I recommend the following technology resolutions:
- Back up your data. This was #1 last year, and it will be #1 next year. Not just to a hard drive you keep right next to your computer or server, but offsite, and regularly updated. Data loss is not just a possibility – it’s an eventuality. But it doesn’t have to be fatal.
- Use strong, unique passwords. The standards have changed, but the concept remains the same. Don’t use weak passwords, and certainly don’t use them for multiple, critical sites or services. Get a password manager to help keep track of them.
- Secure your mobile device, including laptops. If you check email, correspond with friends, purchase goods and services, take photos, blog, socialize, whatever, put a password on it. Can’t get the fingerprint sensor or face scanner to work? Sorry charlie, put a password on it. Even a 4-digit pin is better than nothing.
- Don’t value convenience over security. Being secure is hard work, but recovering from an attack or malware infection is ten times harder. Don’t learn this lesson the hard way.
- Protect your technology in layers. Maintain malware protection and firewall on your workstations. Encrypt drives on mobile devices. Set up malware and firewall protection for your network. Backup your data (important enough to say it twice). Add malware protection to your email service. Train your employees on proper security maintenance. Every layer is additive and creates a strong defense on all sides.
The internet continues to be a major engine for both economic and civil change, and the world’s powers clearly recognize this. Many battles are being laid, fortifications are being built, and skirmishes are already in the open. Like tense borders between countries, this can make the technology landscape risky and sometimes even toxic. It’s not time to head to the bunkers yet, but you should definitely be diligent in protecting your own technology territory. The internet has gone from pristine frontier to a heavily populated and increasingly polluted environment, and if you don’t take necessary precautions, your organization could end up catching a nasty infection with long-term health implications.
Image courtesy of Stuart Miles from FreeDigitalPhotos.net