Do you need help using the Internet?

I have a new book and it may just be the thing you have been looking for!  The name of the book is You’re Never Too Old to Surf:  A Senior’s Guide to Safe Internet Use. 

This book is for you if you have ever wanted to harness the power of the Internet, but haven’t been quite sure what that means or how to do it.  It is intended for the parents, grandparents and great-grandparents who want to use the wide range of tools that are available today on the Internet, from simply surfing the web to buying online, using email, blogs and even social networking sites.  You may have sought guidance from your child or children  only to be annoyed at their exasperated response to your questions.  Or, you may have tried it on your own, and gotten frustrated with the tools, or had some problem result from that use (or know someone who did).  You may be using the Internet, but just not feel very confident in what you are doing.  If you fall into any of those categories, I wrote this book for YOU!  Of course, if you are the child or grandchild and are having trouble explaining things to your elders, this book could help you too.

The book is available from Amazon.com and BarnesandNoble.com.  Your local bookstore can order it too.  It is published through CreateSpace, ISBN 978-1506163857.

Please give it a try and let me know how you like it.

 

Facebook and Email

Last week Facebook decided to replace everyone’s default email address with a Facebook email address for everyone.  For example, they changed my email address to vicki.sauter@facebook.com.  I never saw an explanation for why they made this change, but I heard a lot of the discussion of the problems that it caused.

First, this change impacted how people could search for friends.    We all know you can search by putting a name in the box at the top of the screen labeled “search for people, places, and things.”  However you can also put in an email address there.  Suppose, for example, you were looking for John Smith.  There are a large number of John Smiths from which to choose and maybe your friend doesn’t have a photo, or is using a photo of his children, dog, or an interesting plane as a profile photo.  It may be impossible to know which John Smith is actually your friend.  However, if you search for his email address, let’s say jlsmith1234@yahoo.com, you will find him directly.  Once Facebook changed everyone’s email addresses, they hid real email addresses, so that this kind of search was no longer possible, thereby making searching difficult.

Second, there is no facebook.com email agent.  Yes, you can check messages by clicking on the globe icon on the left top of your facebook screen.  Not all messages sent via email seem to have been put there, however.  You also need to look in your “other messages” file;  I’ll bet you didn’t know there was an “other messages” file!  To get to these messages, click on the word “messages” on the left hand menu when looking at your newsfeed.  This click should show a another file called “other messages.”  I have not yet discovered how Facebook decides to deliver messages between your message folder and your other message folder.  However, you should check both.

Third, many people have smart phones and other smart devices that try to keep all of your contacts from different programs consistent.  If you have one of these, you should check your contacts and their email addresses.  Some devices replaced known email addresses with the facebook.com email address for all contacts.  This meant that you lost the real email address, which might cause problems for you if you need to actually email them.

Other devices decided that the contacts with these new email addresses at facebook.com were new contacts and therefore created a new profile for them in the contact/phone book list.  If you have a lot of connections between the your Facebook and phone book list, this can cause a lot of confusion.

What can you do?  Go to your “home” page (not your newsfeed) and click on “info.”  Scroll down to “contact” information and see if the accounts you want to be active are active. If you still have an email address at facebook.com, you can change it here.  (If you instead have the Timeline, click on “about” and edit your contact information.)

 

Privacy Legislation

There is good news for those of us who use email, smart phones and social networking sites!  Legislation was introduced in both houses of the (U.S.) Congress today that would prohibit employers or prospective employers from forcing employees or prospective employees to divulge passwords.  The good news is that both houses think this is a problem and are acting to do something about it.  The bad news is that the bills differ.  The Senate’s version is called the Password Protection Act and is sponsored by Sen. Richard Blumenthal, D-Conn also includes smart phones, private email accounts, photo sharing sites, and any personal information that resides on computers owned by the workers.  Rep. Ed Perlmutter, D-Colorado introduced similar legislation in the House.  However, last month, Rep. Eliot Engel, D-N. Y. introduced the Social Networking Online Protection Act (SNOPA) that extended the protections to elementary, high school and college students.  The ACLU supports this inclusion of students because they are a target of much of the social media monitoring.

Rep Engel was quoted by ABC News  as saying:

There have been a number of reports about employers requiring new applicants to give their username and password as part of the hiring process. The same has occurred at some schools and universities,” Engel said in a statement. “Passwords are the gateway to many avenues containing personal and sensitive content — including email accounts, bank accounts and other information, he added.

Of course, the legislation also protects employers in that it prevents them from accidentally learning information about a candidate that is not allowed to be considered in a hiring decision.

These are positive steps to protect our civil liberties.

Meanwhile the New York Courts have asked Twitter to release data pertaining to a user involved with the Occupy Wall Street movement.  According to CNN,

Twitter, however, countered that the court would need a search warrant to get that information. It pointed to a recent Supreme Court decision which found that attaching a GPS device is considered a search under the Fourth Amendment, which prevents unreasonable searches and seizures.

“If the Fourth Amendment’s warrant requirement applies merely to surveillance of one’s location in public areas for 28 days, it also applies to the District Attorney’s effort to force Twitter to produce over three months worth of a citizen’s substantive communications, regardless of whether the government alleges those communications are public or private,” wrote Twitter in its motion.

Twitter also suggested that Harris owns his own tweets and could therefore file a motion to quash on his own, despite the prosecution’s assertion of the opposite.

The ACLU is calling Twitter’s move a ‘big deal.’

The fourth amendment should protect us from arbitrary search and seizure of our own information.  Just because it is easy to access (because it is electronic) does not make it right to do so.

Individual Privacy: Is 1984 finally here?

When I was in high school, everyone was required to read the book entitled 1984 by George Orwell.  According to Amazon’s description of the book, “In 1984, London is a grim city where Big Brother is always watching you and the Thought Police can practically read your mind.”  I recall there being much discussion of how horrible that would be and how it would never happen.

Yesterday I read an article on BBC.com that states, “The government will be able to monitor the calls, emails, texts and website visits of everyone in the UK under new legislation set to be announced soon.”  That sounds to me like 1984 may have arrived.  Of course, those proposing the new law state that it is critical to have access to information about terrorists and their contacts in order to protect the country.  The difference between this proposal and one that failed a few years earlier is that police will not be able to access the data without a warrant.  But, the article goes on to say that the law would “enable intelligence officers to identify who an individual or group is in contact with, how often and for how long. They would also be able to see which websites someone had visited.”

Most law-abiding citizens have no difficulty with the concept that terrorists or criminals would have their information recorded.  However, the law does not limit data collection to known criminals or terrorists, or even those under suspicion — it opens the door to collecting this information about everyone.  Once collected, will the government be able to help itself in doing more with the data than intended?  What is the difference then between the British government and that in China or Iran in modern times, or Nazi Germany and Communist Russia in more distant times?  Will the government not face the risk of taking action because of some communications that when put together look alarming?  How long will it take for the government to try to mine the data to find other “terrorists” or “criminals” who are so identified simply because they have similar surfing or communications patterns?

In addition, how will all of these data be protected from hackers?  We have recently seen hackers breech the security of Scotland Yard meetings, military data, corporate data, and, of course, credit cards.  In that same article, the author notes, “The Sunday Times quoted an industry official who warned it would be “expensive, intrusive [and] a nightmare to run legally.”  Most professionals respond to that quote as “to say the least!”

Police have always wanted this kind of information, but society has said that individual freedom is more important.  Just because it is (relatively) easy to get and keep such data now that it is electronic, does that make it right?   It is almost impossible to get privacy back once it is lost … shouldn’t we ponder this a bit more before we risk the loss of privacy forever?

WiFi Tricks and Threats

Last week the Huffington Post commented on how to avoid hackers, especially for celebrities.  It was an article full of useful information, but only if you know how to use it.  The fourth of these was to avoid WiFi networks.  Well, that’s nice, but what is it and how does one avoid it?

One can define WiFi as the technology that allows an electronic device, such as your smart phone, laptop or iPad, to connect to the Internet wirelessly (using radio waves).  In order to connect, you must be able to send information to a hotspot (or access point).  Such hotspots are limited inside because walls, furniture and other physical objects can block the signals, but have a greater range outside.  Wi-Fi allows cheaper deployment of local area networks, and  in spaces where cables cannot be run, such as outdoor areas and historical buildings.

You may well have used WiFi at your local Panera (or St. Louis Bread Company as it is known here) while eating.  Bookstores, restaurants and lobbies of hotels also generally provide WiFi coverage to their customers.  Most devices attach easily to WiFi, and may attach automatically (with no obvious signal to the user).  It is a convenient way to access your email, social networking, or web searches from your portable device.

But, it is also an easy way for others to access your email, social networking or web searches.  Most public WiFi networks have no security associated with them (as indicated by the fact that you have no password or other requirements to join the network).  Since there is no security on the network, anyone can attach any device to the network and do on it what they want.  Some people, then,  attach devices that can read any non-encrypted transmission over the network.  That includes your passwords, credit card numbers, confidential corporate information or your surfing history.  This is comparable to the person eavesdropping, except it is with the computer.   They may also be able to masquerade as another device and send requests for information (such as data or pictures) to your computer (which your computer thinks it should honor).  As I have said before, sometimes people do this for fun, or to learn what they can do.  Others engage in such behavior to find information that might be sold to magazines or used to blackmail people.  Still others engage in the behavior to steal confidential information (such as credit card numbers) that they use to steal money.

So, what do you do?  Of course, the normal precautions of having your security software up to date will prevent someone from unleashing a virus or malware on your computer.  But in addition, many security experts suggest you avoid such networks.  Or, if you do use them, set up a virtual private network (or VPN).  You may already be familiar with a VPN because you may use that to login to your company’s computer.   VPNs typically require remote users of the network to be authenticated, and often secure data with encryption technologies to prevent disclosure of private information to unauthorized parties.  This software prevents sniffing of the material sent over the network, ensures that communications come from the place they say and that information is not intercepted inappropriately.

A Mobile VPN gives a user the same level of security when using public WiFi networks.  Instead of requiring a stable location on a network like the traditional VPN, a mobile VPN maintains a virtual connection to the application instead.  It allows the computer to move among WiFi networks which changes the “address” of a computer, and handles the changes of the addresses transparently.  This kind of security has been used by police officers as they move among cell towers, and by hospital personnel as devices move with patients.  Both applications require absolute security.  Using a mVPN may involve additional hardware and will involve additional software provided by a third party.

It is, of course, an extra step.  But, if you do not want the world to know the data you process, then perhaps the extra step is necessary.

 

Email Etiquette

You might  ask if there are any rules of etiquette for email.   Of course, as with any other social group, there are certain accepted practices of which you should be aware, and we shall discuss them shortly.  It is important to remember, however, that there are social conventions among people that go beyond the realm of email.  Clearly, polite society recognizes polite communication whatever the medium, and email users expect the same.  Generally, it is useful to have a well written document as well to make it easier for the recipient to understand your point.  If your email is for a particular club, organization or place of work, remember the code of conduct in that group and follow it as you would in face-to-face settings.

First, think about your email and whether it is appropriate to put your message in that medium.  Emails can easily be forwarded, printed and saved.  If what you want to say is confidential or hurtful, you might not want to use email.  Remember, although you delete the email, not everyone does.  Do not put anything in email that you do not want the world to see.

The second accepted practice among email users is DO NOT USE ALL CAPITALS IN YOUR EMAIL.  Capitalization always adds emphasis to your point.  However, in the world of email, capitalization is considered shouting.  Do not shout in your email any more than you would shout in face-to-face communications.   Some email users I know avoid all use of capital letters in an e.e. cummings approach to prose.  Clearly it avoids the image of shouting, but it can also be difficult for the recipient to read.

Third, respond to email as you would respond to a telephone call.  Some people find it very annoying to send a message and never receive a response.  While this takes time, it is generally accepted practice.  However, if you do not know the sender of the email and it is not a wanted email , then never reply to it.

Most email systems have a way of marking an email as urgent.  When that email appears in a recipient’s inbox, it is marked with a red exclamation point to get his or her attention.  This is a good system to help people identify really important messages.  But, if all of your messages appear this way, the identifier loses any significance.  So, use the urgent marker sparsely.

Many systems also have a way of asking for a return receipt that the email was read.  These popups are annoying to users because it adds and extra step in reading email.  It also clutters the sender’s inbox with those acknowledgments.  When the message is urgent and you need to be sure the recipient has read the message, then use this option.  Otherwise, ignore it.

Many people believe society should be more cautious as to what email we forward to others.  One way to keep in touch with others is to forward meaningful stories, photos and jokes to one’s friends.  But, not everyone has the same sense of humor and not everyone wants to receive these items.  Be cautious and think about your recipient before automatically forwarding something.  In particular, think hard and long before sending chain letters that promise either good or bad luck.

If you do forward email, remove the heading material before you do.  The headings often include a list of people to whom (and from whom) the email has been passed previously.  It may include several people’s signature as well.  Hence, the recipient needs to scroll down (sometimes a long way) before seeing the content you intend.  By removing this material, you shorten the email and protect the privacy of those people who received it previously because their email addresses are not constantly rebroadcast (as discussed below).

Eight, think about whom you include in a carbon copy (cc:) of your email.   There are two reasons to be concerned about this. First, you are sharing the email addresses of all of the recipients with all other recipients.   If they know each other, this is fine.  However, many people do not like sharing their email address with unknown individuals.  Respect their privacy and be cautious about how you do this (you can always use bcc: if you need to copy them).  In addition, you may be sending a statement that you do not intend by copying another individual.  If it is a confidential conversation and you copy someone else, a recipient may be hurt or offended.  Follow your common sense and the practices of the group you are emailing to make this decision.

Nine, if you reply to an email, be aware of how you are replying.  In all email systems, there are two reply options, one labeled “reply” and one labeled “reply all.”   The first (reply) sends your email only to the person who sent the email to you.  The second, however, sends your email to both the person who sent the email and anyone who was copied on the original email.   If you intend your message just for the original sender, you might be terribly embarrassed if the entire group reads your response.  Alternatively, if your goal was to inform the entire group about your answer, you will have missed your opportunity if you simply chose the reply option.

Finally, always make sure it is obvious from whom the email was sent.  This includes signing the email and/or using a signature.

Hacking — Are we Safe?

Last week there was an article in most English-speaking outlets about the group Anonymous hacking a conference call from the FBI to Scotland Yard on January 17, and releasing the contents to YouTube.  The group  was able to access the call because it allegedly obtained an email from the FBI to law enforcement agencies in various countries giving details of how to dial in to the call.   Of course it is quite embarrassing for two of the world’s foremost law enforcement agencies to be subject to such a breach in security.  It is not known whether the information provides critical details for current investigations and whether those investigations were compromised by the leak.  The FBI, which is investigating the incident provided the following statement:  “The information was intended for law enforcement officers only and was illegally obtained. A criminal investigation is under way to identify and hold accountable those responsible.”

What is more of concern to us today is — if it can happen to Scotland Yard and the FBI, how secure are MY emails?  The answer is, “not at all.”   Emails that are sent unencrypted over an open Internet line (the way most of us send our email) are subject to being intercepted.  People can employ electronic devices on Internet lines to read emails and other transmissions.  That is to say, someone other than the intended individual can intercept an email, without the sender or receiver being aware of that fact.  Or, if either party has inadvertently installed spyware on his or her machine, the spies do not even need to intercept the email if it can be diverted automatically.

So, what does a user do to protect him or herself?  First and foremost, remember that emails are not generally secure, and that they should not contain sensitive information.  Social security numbers, credit card numbers, passwords, and other critical information should never be sent via email.  If it could represent the loss of money, security, privacy or identity, it should not be put in an email because it is too easy for it to be stolen.   That means that you should never do business with a vendor that that wants you to send information about your accounts via email OR that sends your full credit card number back to you in an email as a receipt.

Second, be cautious about using open networks.  Many of us use non-secured networks at coffee shops, hotels, and other places where we want to conduct business.  If you have a wireless network in your home, ensure that it is a password protected network.  Open  networks are particularly easy to breech, and their use increases the likelihood that your email will be intercepted.

Third, use virus and malware protections on your computer to be sure that your email is not being monitored before it is ever sent.

Remember, a massive number of emails are sent each day.  One site estimated that in 2010, there were, on average, 294 billion emails sent per day.  The odds of someone finding your email and acting upon it are quite low.  However, care in what you put in the email will help protect you if someone does intercept your email.

 

Post note:  There is a nice tutorial I recommend:  9 Things You Must Absolutely do to Keep your Online Identity Secure

CAPTCHA’s and RECAPTCHA’s

CAPTCHA’s, reCAPTCHA’s and their cousins have become common  anywhere you respond to something on a website.  You may not know the name, but you probably have seen something that looks like the image below (taken from the CAPTCHA site).

A CAPTCHA is a computer generated distortion of words (such as you see above) that allows the computer to ensure that the responder is actually a person.  Humans clearly can understand the two words above are “overlooks” and “inquiry,” but a computer that is trying to do word recognition would have trouble identifying the words because they are distorted both by the waves and background images.  (All CAPTCHA’s have an audio option for those who are visually impaired.)

According to the official website,

The term CAPTCHA (for Completely Automated Public Turing Test To Tell Computers and Humans Apart) was coined in 2000 by Luis von Ahn, Manuel Blum, Nicholas Hopper and John Langford of Carnegie Mellon University.

Over 200 million CAPTCHA’s are solved every day.  You tend to see the CAPTCHA’s on sites where you are registering (such as creating an email account) or voting  (such as answering a poll).  The goal is to prevent users from writing a program that could do actions automatically and thus overwhelm the system or bias the results.  The CAPTCHA is used, for example, on sites that provide free email addresses to ensure that it was actually a human applying for that email address.  Many people with questionable purposes were applying for those accounts, and using them to send spam or break into applications.  While it is still possible to open an email account for those purposes, the existence of the CAPTCHA requires a person to be involved, and thus slows down the bad guys.

The CAPTCHA’s are also used for any kind of online poll.  So, for example, suppose your municipality wants to vote on the best location for a festival.  In order to avoid computer-generated voting (to bias the results), they might include a CAPTCHA to be sure there is a person casting the vote.    Sometimes blog sites include a CAPTCHA to ensure the comments on posts are not just spam.

The CAPTCHA is an interesting use of the technology, but the reCAPTCHA does more.  Early on we saw only one word used in a CAPTCHA, but usually you now see two as in the image above.  When there are two words involved, it is called a reCAPTCHA.  These puzzles not only prevent bots and spams from causing problems, they help to digitize books, newspapers and old time radio shows.

Think about how long it would take to type in the content of an old book.  Even if you use scanning software and text recognition software, it will take a long time because the original is old, yellowed, perhaps torn and for other reasons hard to read;  the results of the scan and text recognition are not very reliable.  An example of a scanned bit of text (taken from the CAPTCHA site) is shown below.  You can see the errors in the interpretation.

It would be useful to find a group of people who would help identify and correct mistakes from the scanning of the old documents.  As stated before, there are over 200 million CAPTCHA’s solved each day, each taking about 10 seconds to do.  If you could get the people using the websites to check the words, that would give you over 150,000 hours of work each day — FREE!

But, you ask, how do you know if the person is entering the data correctly?  The reCAPTCHA provides two words, one you know and one which is taken from one of these old books or magazines.  When the person enters the two words, the software checks the first word (the one that is known) and if that word correctly matches, then we can assume the second word is correct too.  If we have multiple people who receive the second word (the one from the old document), and they all agree on the word, we have more confidence that we have gotten the correct word.

So, every time you enter a reCAPTCHA, you are not only preventing SPAM, but also helping to digitalize an old document!  The CAPTCHA folks have other projects that we will address at another time.

Scams that Cost you Money

This must be the time of year for scams on Facebook and email.  This morning I opened my email and saw the following from a friend:

I hope you read my email on time, I have been robbed and left stranded in Edinburgh, Scotland where I made a short trip to days back.
I lost my bag and all personal effects in it(passport, Credit Cards etc).
The embassy here issued me a temporary ID card and will allow me fly home without a Passport, but I will have to settle my bills myself.
I’ve also made contact with my bank but it will take me days to retrieve my credit cards or access  money in my account from here.
Can you please lend me some money to  pay my bills and book a ticket back home?
Kindly let me know. I will check my email often to read from you

Richard

It sounds like a horrible situation, doesn’t it?  And it is your friend, you should help.  This message may come to you via email or Facebook, but it is a scam!  In this case, someone has broken into my friend’s email address and sent the messages.  He hopes to find a few people who will help their friend by sending money to them.  The money, of course, goes to the thief, not to the friend.  Generally the thief has come and gone before anyone knows to start tracking him and he gets away scott free!

This message is tugging on those heart strings.  It is particularly common for messages like this to be sent to seniors, by people posing as their grandchildren!

How do you know it is a hoax?  Generally these thieves have just enough information about the individual to make the request sound like it is coming from a relative or friend.  So, before you send money,  call the person or a close relative of the person (for example, your child when inquiring about a grandchild), and see if he is even in a foreign country.  If that is not possible, ask the person from whom you received the email or Facebook post some question the answer to which is only known by the real person.  In other words, verify the story before you spend the money!

If it is not your friend or relative, then try to contact them to tell them their account has been compromised — he may not even know it!

How to examine Scams and Spams

My post yesterday talked about scams that propagated by money or control or ignorance.  Today I received a message on Facebook that is ever as much a scam, but it is the kind that pulls on your heart strings instead of your purse strings.   The message came in as

URGENT ……… To all the parents whose children — have a profile on facebook! There is a man who tries to make contact with the children to talk about sex. His name is Thierry Mairot. please, copy and paste on your wall! Thank you for protecting your children! PLEASE share as an emergency. He poses as Justin Bieber! His profile appears as Justin Bieber! PLEASE SHARE (( shared from a friend of mine – pass it along ))…..

We all want to protect our children and grandchildren from people like this, and so we pass this along to warn our friends.   Instead, I first checked Snopes.com.  I went to the site and typed in “Thierry Mairot” into their search box at the top right corner of the page.  I found an entry that had a very similar message to the one above.   Let’s look at what Snopes provides you.

• At the top of the entry, Snopes provides a rating of the veracity of the message.  A red dot (such as the one at the top of the page about Mairot) means the rumor has been shown to be false.  If the dot were green it would mean the rumor has been shown to be true whereas a yellow dot means that the rumor is unconfirmed and a white dot means the rumor cannot be classified.  Of course if there are multiple parts to the rumor, it might get both red and green dots meaning that there are some parts that are true and others that are false.
• The next information is an example of the message that has been investigated.  You will note that the one on Snopes does not mention Justin Bieber, but is, in essence the same message.
• Associated with that example is a date when it was seen.  Note in this case, Snopes first started investigating the rumor in September 2010!
• After that summary information, Snopes will provide a discussion of the origin of the rumor (to the best of their ability to track it down), and the variations it has taken over time as well as related rumors (in this case, the related rumors include “social deviants” posts).
• Finally Snopes provides the last date the entry was updated.  In this case it was last updated in October 2010, meaning they have found no new information about the rumor since that time.

Checking Snopes.com allows you to dismiss the rumor without further action.  So, you will not generate lots of spam by forwarding it onto your friends and relatives.  You also will not annoy your children and grandchildren on a non-issue, and hence are more likely to keep those channels of communication open for when there is really a problem.