Tag: privacy

According to Whom?

~ Leslie Lanagan ~ 2 Comments

Have you ever unintentionally broken the law?

I just can’t with today. I got up early and started writing, and it was going pretty well. Then, the Jetpack (WordPress) app got put in the background. When I went back to it, nothing would render (no text appeared). My entry disappeared into thin air.

So I’ll start over, and it will be nothing like what I was thinking earlier because I’m not thinking about that now…. whatever it was. I had a better idea to introduce you to my life of crime, unintentionally, of course.

When you are in a choir, it is frowned upon and also common practice to copy things. It’s very illegal. But I have aided and abetted many times. I struggle with copiers, because I think they sense my fear.

The next time I unintentionally broke the law was when my friends were putting a giant amount of music on their servers and giving me access. “It wasn’t illegal” because my friends said it wasn’t. What they meant was that copying off their server was legal. I later found out that was not the case, but luckily, not because I was caught. The safest way to share music was to borrow CDs and transcode them yourself, which is where the term “sneaker pimping” originated. It was underground, like “Winds of Change” during the Cold War…. yet less inspirational and more sitting there waiting for the CD-ROM that copied at 4x speed and generally wrote two bad discs before a right one. That got better over time, but in the beginning, it was atrocious. The CDs were expensive and then half of them failed.

I unintentionally broke the law the other day when I installed Windows 11 in a Virtual Box. My key wouldn’t activate anywhere but my original machine, even though I wasn’t using it for that. So, it’s off to find another solution, because the longer I spend with Windows, the more I’m irritated by it. You mean I can’t change my own time zone, I have to connect to location services? No matter what I do, I can’t make it where you don’t get to access my location and the rest of my information, and who knows how deep they’re digging? I don’t have anything to hide, it’s just the principle of the thing.

Facebook and everything else is built on stealing your information, why they’re free. We’re just dependent on it now, because we’ve been on it since you could get an account. That’s probably 15 years for me by now.

So, it’s a little intimidating when it’s not apps you can choose to install. If I really thought that gathering my ad information was important, I could delete Facebook off my phone/tablet and clear my browser history. What do you do when the data mining is the operating system itself?

They’re not even breaking the law unintentionally….. because what they’re doing might be legal, but it’s nowhere near moral. And the bitch of it is that we could have open source and secure social media, but it would never take off to the degree that Facebook did…. so you either install Facebook or you’re cut off from most, if not all of your friends.

That’s because free software has two problems. The first is that few businesses will buy in because they have to have someone to sue if things go wrong. The second is that if you put it out there for free, people assume it has no value. It’s the opposite. It’s millions of coders giving their time to create something that doesn’t depend on reporting to any kind of mothership and doesn’t cater ads right in your taskbar. Well, not ads, but sensationalized news to get you to click when it’s just nonsense. And you can’t turn it off if you just want the weather icon. If you close the obnoxious news banner trying to keep you up to date, everything goes with it. If you leave it on, every time you hit that hot corner when you’re trying to do something productive will make you want to punch your monitor.

Last week I was in “game mode,” where there are no distractions. I thought I had a complete crash when Windows put the game on the taskbar to ask me how likely I was to recommend Windows 11 to a friend. Luckily, I have enough VRAM that I could go back to it, but not every piece of software is that stable. Windows is becoming cancer, and I don’t want to deal with it anymore. I just don’t have a choice.

If Windows games could run on Linux perfectly, I wouldn’t need it at all. Steam is making headway, but I don’t have a Steam library. I chose GOG because then you own the game outright. I did not know that it would be different in every way from the Steam version and new releases make it crash…. frequently.

Sometimes you make choices in life. They lead you down a bad road….. and in a church choir, no less…….

Public Service Announcement: Security

~ Leslie Lanagan ~ Leave a comment

I am sure that Google does not want me to tell you this story, but I need to do so. It’s a public service announcement for people who keep credit card numbers in the Play store. I didn’t think anything of it because Apple requires a credit/debit card to get started with an iTunes account. When Google’s screen came up to enter the information, I did not realize it was optional. So, I entered in my credit card information, and they just use the address you have on file from when you first opened your account, which was in Portland, Oregon.

The reason that I am publicly talking about this is that you cannot imagine how difficult my Google password is. I use LastPass to create 25 characters so there’s no way to look up anything I use in the dictionary. It would take a computer days to decrypt them. I also log out of the password vault after I’m finished using it, which is also encrypted. I thought I had it wired.

Then, when I came home from Paris, I tried to Uber to the Metro, and my card was declined. I knew there was money in the account because it had just been transferred. So, I logged into my bank account only to find that two transactions from Google had zeroed me out.

My account was hacked and my debit card was used to sign up for Google Cloud, and the bandwidth chosen was $100/day. I didn’t catch it the day it happened because I was in Paris, but I caught it within three days. I got on the phone with customer service, where they canceled my card and gave me a link to the fraud forms I would need to fill out to start the investigation. I was given provisional credit pending their findings so that I had access to my funds.

Several weeks later, Google sent my bank a report that said there was no evidence of foul play, that I was the party responsible. My provisional credit was yanked back, again emptying my account. So, I started my own investigation because theirs was so shoddy.

First of all, the billing address on my card did not match the billing address Google had on file. Secondly, while I was the “owner” of the Google Cloud account, there were at least 10 projects with two people who had added themselves as editors, with e-mail addresses that clearly looked like spam, e.g. 468434471727@cloudservices.gserviceaccount.com. And no address was used twice.

I then contacted Google tech support, where a very nice man named Jeremiah was absolutely sympathetic. I was able to lay out my concerns, and use technical language that he would understand, whereas my bank totally wouldn’t.

I sent the transcript of our conversation to my bank, and my money was returned. That being said, it took a few days to resolve because Google absolutely screwed me…. it made no sense, because the original report Google sent my bank should have set off alarm bells just for the billing address alone.

The bank’s next step is to report the incident to the police, because what the hackers did was a felony. However, having been in IT myself the chance that a hacker would ever get caught is less than zero. My first instinct is that it was done through a double VPN (worth every penny for your own privacy on the Internet), which makes finding physical location damn near impossible. Plus, no identifying details in the e-mail addresses, et cetera, et cetera, et cetera.

When I was talking to Jeremiah about all this, I said, “I don’t even know how to program. It would never occur to me to buy virtual server space, especially not that much bandwidth.” After we talked about tracking down IP addresses and such, he joked, “are you sure you don’t know how to program?” I said, “no. I’m in tech support. I bail out programmers when their computers break. They can write, but God forbid the operating system throws an error.” He laughed his ass off and said, “welcome to my life.”

So, even though this was a very serious situation, I could still laugh about it (somewhat).

I am just angry that a company whose motto is “don’t be evil” didn’t even take the time to beat down the evil that was happening to me. I had to figure it out on my own. Thank God I had the technical smarts to do so. I was able to learn the web interface quickly, so that I could find all the information I needed to prove my case. It’s sad, because it was so easy that if I did ever want to purchase virtual server space (like to be able to use the full version of WordPress and tailor it on my own rather than the limitations of WordPress.com), it’s definitely the easiest panel I’ve ever used. But I just cannot justify giving them any money, no matter how small the amount.

After this happened, I changed my password to another 25 character random string and instituted two factor authentication. This means that whenever I log in on my desktop, I have to prove it’s me on my phone. If I’m using my phone, they send me a text verification code. I am not playing around. It occurred to me that if someone could get into my Google account, they could also get into my calendar and mail.

So, I created an account with ProtonMail, which encrypts e-mail going out. Privacy is built in, as opposed to Gmail, which needs a plugin called “Enigmail” (link is to the full version, Gmail web interface uses a Chrome plugin). But even ProtonMail has its limitations. If both people aren’t using secure e-mail, it can only encrypt the text on the way out.

I also prefer to use Signal on my phone, which handles text messages, but if the other person has Signal as well, the messages are encrypted. For those who use iOS, iPhone messages are already secure. Basic SMS is not. If you communicate with both iOS and Android users, I highly recommend downloading Signal or WhatsApp (I’ve tried both, and Signal won). That way, information is encrypted no matter who you’re texting.

There’s been some chatter about campaigns to get iMessage ported to Android, but I highly doubt it will gain traction. WhatsApp has nearly all of iMessage’s features, but Signal won for me because I don’t need fancy. It’s a simple text interface, and that’s what I like about it.

I’m just sorry that it took a financial disaster to get me on my soapbox about privacy, because if it could happen to me, it could happen to you, too. This is an entry I should have written years ago.

I apologize. Those responsible have been sacked.