• Menu
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Before Header

  • About Us
  • Lexicon
  • Contact Us
  • Our Store
  • ↑
  • ↓
  • ←
  • →

Balloon Juice

Come for the politics, stay for the snark.

We are builders in a constant struggle with destroyers. let’s win this.

Battle won, war still ongoing.

When someone says they “love freedom”, rest assured they don’t mean yours.

It’s time for the GOP to dust off that post-2012 autopsy, completely ignore it, and light the party on fire again.

Fuck these fucking interesting times.

Everybody saw this coming.

Pessimism assures that nothing of any importance will change.

You can’t attract Republican voters. You can only out organize them.

If senate republicans had any shame, they’d die of it.

The GOP is a fucking disgrace.

Give the craziest people you know everything they want and hope they don’t ask for more? Great plan.

Never entrust democracy to any process that requires republicans to act in good faith.

My years-long effort to drive family and friends away has really paid off this year.

You can’t love your country only when you win.

Following reporting rules is only for the little people, apparently.

A sufficient plurality of insane, greedy people can tank any democratic system ever devised, apparently.

Come on, man.

The Supreme Court cannot be allowed to become the ultimate, unaccountable arbiter of everything.

Nancy smash is sick of your bullshit.

When I decide to be condescending, you won’t have to dream up a fantasy about it.

Teach a man to fish, and he’ll sit in a boat all day drinking beer.

New McCarthy, same old McCarthyism.

Why is it so hard for them to condemn hate?

“Jesus paying for the sins of everyone is an insult to those who paid for their own sins.”

Mobile Menu

  • Winnable VA House Races
  • Donate with Venmo, Zelle & PayPal
  • Site Feedback
  • War in Ukraine
  • Submit Photos to On the Road
  • Politics
  • On The Road
  • Open Threads
  • Topics
  • COVID-19 Coronavirus
  • Authors
  • About Us
  • Contact Us
  • Lexicon
  • Our Store
  • Politics
  • Open Threads
  • War in Ukraine
  • Garden Chats
  • On The Road
  • 2021-22 Fundraising!
You are here: Home / Data security and you

Data security and you

by Okkam|  November 10, 201610:56 pm| 61 Comments

This post is in: Cybersecurity

FacebookTweetEmail

Hi everyone….

I’m a friend of John’s for several years now who works in the IT security industry.  I’m also the dad of Cole, his godson.  John and I met through World of Warcraft way back in vanilla and stomped around Azeroth for many years.

He has asked me to do a few posts about helping you secure your personal communications and the like.  This will hopefully be a multipart series that you will find useful.  I want to cover different vectors of communication like texting, instant messaging, email and more.  Later, we can talk about data leakage on social media and the like.

Starting with texting/instant messaging…..  Anything sent via SMS or MMS (traditional text messages) are not secure at all.  They are not encrypted in transit so a man in the middle can read the message while it travels across the network.  Your cellular carrier also keeps copies of these messages and can retrieve them and provide them to law enforcement.  Bottom line, if you care about secure communication, don’t use this AT ALL.  It doesn’t matter who made your phone or what version of the OS is on it, this communication is unencrypted and vulnerable to both rogue malicious actors as well as the state.

Instant messaging has taken off and replaced SMS and MMS for a lot of people, both because it doesn’t cost per message like SMS used to be sold, but also because of the features the different clients offered.  These are things like iMessage, WhatsApp, Telegram, Allo, Facebook Messenger and more.  There is a good article on The Verge that does a quick and dirty breakdown of each from a security perspective.  Click here to read it!

I think that’s all for tonight.  I’ll talk more about how to deal with things like backups, server side copies and more in the coming days.  I leave you with some kid pics of Cole since John said you guys like that stuff.

2015-07-15-17-45-15

FacebookTweetEmail
Previous Post: « The Hits Keep on Coming
Next Post: A Day Late, But Not Forgotten »

Reader Interactions

61Comments

  1. 1.

    TaMara (HFG)

    November 10, 2016 at 11:00 pm

    Cole melts me. Thanks for posting that. Oh, yeah and I’m sure the security stuff will be interesting, too.

  2. 2.

    NotMax

    November 10, 2016 at 11:02 pm

    VPNs (and exit nodes) will be covered as well, one hopes.

  3. 3.

    John Cole

    November 10, 2016 at 11:05 pm

    @TaMara (HFG): I’m single, too, sweet thing.

    Oh, never mind.

  4. 4.

    Gin & Tonic

    November 10, 2016 at 11:05 pm

    What happened to Adam’s post?

    And since you’re new here, fuck you.

  5. 5.

    Okkam

    November 10, 2016 at 11:08 pm

    @NotMax: Yeah, I hope to go as far down the rabbit hole as people will follow. I figure start with low hanging fruit and go from there. We will all be buying meth and hitmen on the dark web with bitcoins in no time!

  6. 6.

    debbie

    November 10, 2016 at 11:09 pm

    Cute kid, but mmmm, donuts.

  7. 7.

    Okkam

    November 10, 2016 at 11:09 pm

    @Gin & Tonic: lolwut? :)

  8. 8.

    Mary G

    November 10, 2016 at 11:10 pm

    Thanks for this, and your son is a very handsome young fellow. Plus doughnuts!

  9. 9.

    Adria McDowell (formerly LurkerExtraordinaire)

    November 10, 2016 at 11:10 pm

    Oh, wow! Thank you for your post! I have a feeling we’ll all need your kind of knowledge in the times to come.

    Your son is adorable!

  10. 10.

    Gin & Tonic

    November 10, 2016 at 11:12 pm

    @Okkam: That’s the traditional B-J welcome. Ask Cole how it worked out for Freddie.

    Oh, and there was an Adam post up for a minute or two that I wanted to comment on, but by the time I refreshed his was gone and yours was up, spoiling my mood.

  11. 11.

    chopper

    November 10, 2016 at 11:13 pm

    wot, no pet pics? if you’re trying to impress me you’ve failed.

  12. 12.

    SiubhanDuinne

    November 10, 2016 at 11:14 pm

    @Gin & Tonic:

    And since you’re new here, fuck you.

    Fuck G&T’s “fuck you.” How many cats do you have and what are their breeds, names, and ages?

  13. 13.

    Okkam

    November 10, 2016 at 11:14 pm

    @Gin & Tonic: No worries. I don’t know what happened to it. I saw it briefly as well above mine. I’ll ping John about it.

  14. 14.

    Manyakitty

    November 10, 2016 at 11:16 pm

    @Okkam: Woohoo! That sounds like a party!

  15. 15.

    Okkam

    November 10, 2016 at 11:16 pm

    @SiubhanDuinne: No cats. Wife is deathly allergic to them. When she ultimately leaves me for Nathan Fillion, I will be getting a siamese because I love those and Tunch is in heaven.

  16. 16.

    maeve

    November 10, 2016 at 11:16 pm

    In my twitter feed it was advised it you are going to tweet (not positively) about Trump then

    a) Make sure your passwords are secure and different for different services
    b) Use 2 factor authentication (e.g, verify w/ your cell phone when logging from different device

    Can’t remember all the others (there were 4) but the implication is that if you are critical of Trump or mock him then alt-right or Russian trolls will be hacking you.

    I have a password strategy but re-thinking it … ( Don’t tweet a lot or post controversial things but looking at Gamergate etc. it doesn’t take much for someone to get on your trail — the “secret” PantsSuit Nation Facebook is page is being trolled now by not only comments but people messaging posters )

  17. 17.

    jharp

    November 10, 2016 at 11:16 pm

    Tell me if I’m wrong but I still just go to the bank and drive to the store and kind of like my routine.

    Though I’m about to adjust my life where I walk to the store.

  18. 18.

    Okkam

    November 10, 2016 at 11:17 pm

    @chopper: No domesticated pets currently. Our backyard has become an unofficial rabbit sanctuary and I’ve told Cole and his brother Gabe, if they can catch one, they can keep it. So far, they are coming up empty.

  19. 19.

    TaMara (HFG)

    November 10, 2016 at 11:17 pm

    @Okkam: He just stepped on you, saw it and pulled it. I’m sure he’ll repost in an hour or so. He’s only being nice because you’re new here. Otherwise, bigfooting is just an I love in with a time stamp.

  20. 20.

    jacy

    November 10, 2016 at 11:18 pm

    Welcome!

    Such a cute kiddo.

    And I suppose we’ll be needing all this cybersecurity stuff for the coming underground resistance? I’d better start taking notes.

  21. 21.

    Jane2

    November 10, 2016 at 11:18 pm

    Donuts, adorable tot, *and* useful info! You’re a keeper.

  22. 22.

    NotMax

    November 10, 2016 at 11:18 pm

    @Okkam

    Heh.

    .onion, the digital equivalent of Tolkein’s Dead Marshes.

  23. 23.

    TaMara (HFG)

    November 10, 2016 at 11:20 pm

    @John Cole: OMG, you have no idea how much I needed that smile tonight.

  24. 24.

    MattF

    November 10, 2016 at 11:24 pm

    Stephen Dodson’s blog is a good one. Here, he offers a translation of a poem by Maria Tsvetaeva.

  25. 25.

    Adam L Silverman

    November 10, 2016 at 11:25 pm

    @Gin & Tonic: That’s a very good question. Someone seems to have pulled it and rescheduled it.

  26. 26.

    Major Major Major Major

    November 10, 2016 at 11:26 pm

    Are you going to cover encryption?

  27. 27.

    Larkspur

    November 10, 2016 at 11:26 pm

    Oh my, this security stuff is what I need to know.

    Okkam, your son is beautiful. I am trying to ignore the donuts. It’s hard to tell on my screen: are your son’s eyes blue or are they an exquisite other-worldly kind of silver?

    And please do answer the cat question.

    Edited to say bunnies are good, too.

  28. 28.

    Imonlylurking

    November 10, 2016 at 11:28 pm

    Once I am able to think, much less speak, about this election without choking back tears-and once I am able to speak without half the words being a variation of fuck- I will absolutely need this information. Thank you.

  29. 29.

    Gin & Tonic

    November 10, 2016 at 11:29 pm

    @Adam L Silverman: You didn’t pull it? If I were in your shoes I’d write a stern letter to management.

  30. 30.

    Nied

    November 10, 2016 at 11:33 pm

    @maeve: I would recommend a good password manager like LastPass. That way you eliminate duplicate passwords across different accounts. They can also be further hardened with hardware based 2-Factor authentication like a Yubikey.

  31. 31.

    John Cole

    November 10, 2016 at 11:34 pm

    @Adam L Silverman: I did. Figure we wouldn’t stomp the new guy. Tonight.

  32. 32.

    Omnes Omnibus

    November 10, 2016 at 11:35 pm

    Not the best time to intro a new person. No offense. But I think that most of us are focused on something else.

  33. 33.

    3am

    November 10, 2016 at 11:38 pm

    Signal, VPN, Tor?

  34. 34.

    NotMax

    November 10, 2016 at 11:38 pm

    @John Cole

    Plus you know what other pix of you he might have?

    ;)

    (I kid, I kid.)

  35. 35.

    jacy

    November 10, 2016 at 11:39 pm

    @John Cole:

    I’m somewhat surprised you didn’t stomp on him accidentally yourself.

  36. 36.

    Adam L Silverman

    November 10, 2016 at 11:40 pm

    @Gin & Tonic: I did not do it. It has been rescheduled for 11:45 PM EST.

  37. 37.

    CaseyL

    November 10, 2016 at 11:40 pm

    @Omnes Omnibus: It’s always nice to meet new people, and Okkam has useful info, too. Win-win.

  38. 38.

    fuckwit

    November 10, 2016 at 11:44 pm

    Great post. TextSecure is pretty cool.

    I hope you’ll be getting to tor and noscript and such.

    We are all Greenwald now.

  39. 39.

    Steeplejack (tablet)

    November 10, 2016 at 11:44 pm

    @3am:

    Cloaking devices to keep you secure and anonymous on line.

  40. 40.

    Omnes Omnibus

    November 10, 2016 at 11:45 pm

    @CaseyL: My point was that the late night, after many people had “medicated” given what happened might not be the time to introduce a valuable new guy. I just question the timing.

  41. 41.

    seanindc

    November 10, 2016 at 11:46 pm

    two questions:
    1) What class did you play and why was it a DK tank?
    2) do you remember the root pw for kali?

  42. 42.

    MomSense

    November 10, 2016 at 11:47 pm

    Welcome, Okkam and thanks for the info. Cole is adorable.

  43. 43.

    Aleta

    November 10, 2016 at 11:47 pm

    Thanks for this. Have become more concerned lately, and now with trouble about to blast off, I want to know if privacy is even possible.

  44. 44.

    Major Major Major Major

    November 10, 2016 at 11:49 pm

    @Aleta: Well, you can always get pretty good privacy.

    *rimshot*

  45. 45.

    Eric NNY

    November 10, 2016 at 11:49 pm

    @chopper: Chopper is correct. Pet pics or you’re not welcome in these parts…

  46. 46.

    Adria McDowell (formerly LurkerExtraordinaire)

    November 10, 2016 at 11:51 pm

    @Omnes Omnibus: hey, it could be valuable to know how to cover one’s goat-porn-watching tracks after self-medicating! YOU DON’T KNOW MY LIFE! /s

  47. 47.

    GrandJury

    November 10, 2016 at 11:51 pm

    Yea but you need a data plan to use messenger. SMS/MMS is included with voice or usually is anyways. If you don’t send too many then it doesn’t make sense to get a data plan. At least not just for that. There is wifi all over the place for that a lot of the time too.

    The simplest most secure thing to do these days is to use 2 factor authentication. That locks things down tight enough for most peoples needs.

  48. 48.

    NotMax

    November 10, 2016 at 11:54 pm

    @Omnes Omnibus

    Planning to medicate after din-din with an A1 (or three).

    2 parts gin
    1 part Grand Marnier (I prefer a less syrupy mouth feel, so opt for ½ part)
    juice from a generous wedge of lemon

    Shake well with ice and pour. Garnish with lemon twist, if desired.

  49. 49.

    Aleta

    November 10, 2016 at 11:57 pm

    @Major Major Major Major: ha, will check it out ! Get confused about differences betw different approaches though.

  50. 50.

    Major Major Major Major

    November 11, 2016 at 12:01 am

    @Aleta: The OpenPGP and GPG implementations are adequate and vaguely user-friendly. The trick of course is that everybody involved has to be using it. Once you’ve got that set up though you can plug it into emails, texts (there are apps), desktop instant messaging, etc. I’ve worked professionally with a few mumble mumble groups of rightly paranoid people, and we always used PGP.

  51. 51.

    Lizzy L

    November 11, 2016 at 12:10 am

    Medicating even now — w/ a Corona. Welcome, Okkam! Thanks for the donuts.

    Paranoia strikes deep
    Into your life it will creep
    It starts when you’re always afraid
    You step out of line, the man come and take you away

    We better stop, hey, what’s that sound
    Everybody look what’s going down

  52. 52.

    Ripley

    November 11, 2016 at 12:13 am

    Text messaging is why I can never run for public office. I’m good with that.

    How do you say “bring it” in Russian?

  53. 53.

    gwangung

    November 11, 2016 at 12:59 am

    Oh, good….discussion of security at hopefully an intelligent layman’s level…

    Just dipped my toes into it and got a VPN provider….anxious to see if I’m doing it right. Looking forward to other recommendations.

  54. 54.

    EBT

    November 11, 2016 at 1:05 am

    Telegram has weak encryption and the default setting is to save all your conversations server side, not a good choice.

  55. 55.

    Mnemosyne

    November 11, 2016 at 1:17 am

    I just want to say that I remember the day that John G. Cole posted the newborn Cole’s picture right here at Balloon-Juice.

    How time flies.

  56. 56.

    Gretchen

    November 11, 2016 at 1:47 am

    Young Cole is very cute! We need cute kid pictures these days!
    So text is insecure. Is it a problem if the texts I’m sending are things I don’t care if the world sees? Say, meet me at 6? Can they get into other, more private things of mine by seeing that?

  57. 57.

    Gretchen

    November 11, 2016 at 1:48 am

    @Mnemosyne: @Mnemosyne: Yes, I remember that too. I can’t believe so much time has passed!

  58. 58.

    Applejinx

    November 11, 2016 at 5:19 am

    Welcome and thanks, Okkam. I’ve always been super crotchety about another specialist, our Health Insurance Industry Guy, but right now I’m grateful for him because rather than get a sane health care system our people are gonna get flung into exactly the sort of madness he’s an expert on, redoubled.

    I welcome our new specialist, who might well save some lives around here. I think it’s important, because one thing I think that’s been lacking on the Left is information: I was thinking of my election day MoveOn adventure and how we were the only ones canvassing certain places, and how they hadn’t even asked me for anything except endless asks for money, and I wondered whether we might not divide it into two ‘worlds’ and see which wins:

    1) ask people for money, raise money, buy TV ads etc you know the drill

    2) no money at all, ask people for time and to communicate and organize. We need digital samizdat, we need to be able to look up non-fake information about what is happening in the world, know who’s running for office and what sorts of things are put up (locally and nationally) to ‘vote’ on, given that we’ve got a tradition of voting that would be very messy to simply remove. If things become so dangerous that we need ‘moles’ getting into the system to weaken it because it becomes untenable to practice democracy directly (like for instance if alt-righters just start assassinating people who openly oppose ’em, MURIKA FUCK YEAH, we’re a direct country) then there’ll have to be a way for such people to communicate.

    Digital security and the darknet become indispensable there.

    I’ll be paying really close attention and am grateful for this new information. It’s interesting to track who stands where: tech apparently is behind the recent ‘Calexit’ talk, though that talk is itself pretty naive. I’ve always been skeptical of Amazon, seeing ’em as just Wal-Mart digitalized, but it seems like Amazon and Bezos are hostile to Trump interests, and one thing about ’em is that oh my GOD are they a disciplined, scary lot. If I was Trump I’d be really scared of a politicized Amazon, their infrastructure capacities are mind-boggling and their attitude is like crazed Spartans, except self-absorbed and dedicated to commerce because there’s been no reason for them not to be.

    On the other hand, Peter Thiel looks to be on the Trump side, so God help you if you’re a Gawker hoping to publicly shame the new administration and think you’re gonna have any sort of freedoms of speech or protections as a political actor.

  59. 59.

    Taylor

    November 11, 2016 at 6:07 am

    @Nied: A password manager is essential, agreed. Podesta’s emails were hacked because he used the same password for his email and for a Web site with weak security. The password was compromised by an attack on the latter. Better to use unique random passwords for every Web site that you have an account.

    OTOH the vulnerability of a Web-based password manager is that they have all your passwords. Sure, they are encrypted with your master password, but you provide that every time that you log in. I’d like a solution where the password manager is a local app, maybe on a USB stick, with the Web maybe used for backup.

    Social media sites are of course really excellent spying machines. Cookies can also be used to track you across Web sites. You can delete all your cookies or try to get by browsing “incognito”, but they can still track you with your IP address, and your ISP can supply the information needed to connect your identity to your IP address.

    If you’re sophisticated, you can try using Tor, but I assume that the FBI automatically flags anyone using Tor as a “person of interest.” And I’m sure that the NSA has some tricks for cracking Tor anonymity that they aren’t telling anyone about.

  60. 60.

    Applejinx

    November 11, 2016 at 6:16 am

    Also, if you are not a poo-flinging monkey and in political terms you’re fairly unidentifiable, or can be pigeonholed as ‘just some loser who’s not important’, that can be really good cover. I know a heck of a lot of Vermonters and New Hampshire-ites who are quietly and intractably armed to the teeth, not alt-right, and not open-carry gunhumpers. Some of them are interested in protecting the country from enemies foreign and domestic, and that doesn’t necessarily mean ‘headscarves and hijabs’. The Keene police department has a tank. Literally a tank. Those who are all ‘muh freedums!’ have not been solely worried by the Left for some time now.

    These are natural allies but you will get nowhere if you’re a poo-flinging monkey. If you have friends who have always been utterly decent people, particularly if they don’t get drawn into hotheaded arguments, and yet you know they are heavily armed and they take pains not to talk about it, well, maybe now we understand their world a little bit better. Expressing that might not go amiss. Just remain aware that if you’re opening that conversation, you might not meet THEIR standards, and that might have more to do with whether you’re as responsible as you ought to be, and less to do with political litmus tests, than you think.

    Sort of IRL darknet stuff, really. Trust is earned, not assigned.

  61. 61.

    Bill Arnold

    November 11, 2016 at 11:53 am

    @maeve:
    For the paranoid (those seriously worried about doxxing (good justification here)), last time I checked (a few months ago?) it was still possible to create an anonymous twitter account if you can manage to create an anonymous email account. (The later requires a burner phone typically.) Tor (and preferably a VPN) a prereq though, and discipline.
    I expect that there will be a lot of primers available shortly for the newly paranoid.

Comments are closed.

Primary Sidebar

VA Purple House Delegates

Donate

Political Action

Postcard Writing Information

Recent Comments

  • Jackie on Schrödinger’s Speaker (Open Thread) (Oct 3, 2023 @ 10:44am)
  • SFAW on Schrödinger’s Speaker (Open Thread) (Oct 3, 2023 @ 10:43am)
  • Ken on Schrödinger’s Speaker (Open Thread) (Oct 3, 2023 @ 10:42am)
  • OzarkHillbilly on Schrödinger’s Speaker (Open Thread) (Oct 3, 2023 @ 10:42am)
  • Matt McIrvin on Schrödinger’s Speaker (Open Thread) (Oct 3, 2023 @ 10:41am)

🎈Keep Balloon Juice Ad Free

Become a Balloon Juice Patreon
Donate with Venmo, Zelle or PayPal

Balloon Juice Posts

View by Topic
View by Author
View by Month & Year
View by Past Author

Featuring

Medium Cool
Artists in Our Midst
Authors in Our Midst
We All Need A Little Kindness
What Has Biden Done for You Lately?

Balloon Juice Meetups!

All Meetups
Talk of Meetups – Meetup Planning

Fundraising 2023-24

Wis*Dems Supreme Court + SD-8

Calling All Jackals

Site Feedback
Nominate a Rotating Tag
Submit Photos to On the Road
Balloon Juice Mailing List Signup
Balloon Juice Anniversary (All Links)
Balloon Juice Anniversary (All Posts)

Twitter / Spoutible

Balloon Juice (Spoutible)
WaterGirl (Spoutible)
TaMara (Spoutible)
John Cole
DougJ (aka NYT Pitchbot)
Betty Cracker
Tom Levenson
TaMara
David Anderson
Major Major Major Major
ActualCitizensUnited

Join the Fight!

Join the Fight Signup Form
All Join the Fight Posts

Balloon Juice for Ukraine

Donate

Cole & Friends Learn Español

Introductory Post
Cole & Friends Learn Español

Site Footer

Come for the politics, stay for the snark.

  • Facebook
  • RSS
  • Twitter
  • YouTube
  • Comment Policy
  • Our Authors
  • Blogroll
  • Our Artists
  • Privacy Policy

Copyright © 2023 Dev Balloon Juice · All Rights Reserved · Powered by BizBudding Inc

Share this ArticleLike this article? Email it to a friend!

Email sent!