“Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.”
– Edward Snowden, 2015
I reluctantly joined Facebook back in December 2011. During the couple of years I had the account, I learned more and more about the shadowy monster that provided us with our daily hourly doses of dopamine in the forms of likes, shares and status updates.
This brings us to the first inconvenient – and most obvious – truth about the so-called Cambridge Analytica case: there’s absolutely nothing new in any of it.
Continue reading “The Inconvenient Truths about the Cambridge Analytica Files”
After my previous blog post got some unexpected publicity, there were some curious instances of Vero apologists defending the platform. Two main cases they presented were:
I’ll give it to them, the second point is almost 100% accurate, but it simply doesn’t make it any more OK to invade users’ privacy. However, it’s the first point that really grinds my gears, especially when it comes to Vero.
Continue reading “Perceived Privacy vs. Revealing Reality – Case Vero”
TL;DR: if you allow Vero to access your phone’s Contacts even for a brief moment, instead of one-time reading them, it quietly stores them all, links them to your account and uses to shape the user experience. It also gives users who have given access to their Contacts a way of connecting with users who have explicitly denied Vero’s access to their respective phone’s contact list. As an icing on the cake, there’s no way you can delete that info from the service afterwards. This blog post examines how this works.
When I started drafting this blog post a while back, the title was “I Have Been Pwned Twice Already”. That number has since risen to five, and I’m assuming it will continue to rise as old breaches come to light and some long forgotten accounts get popped. So far, no immediate harm has been caused to me from these breaches, and I’ll contribute that silver lining to the reactive and since then proactive steps I’ve taken to ensure that’s the case now and in the future. This is how also you can harden your online presence against these (inevitable) breaches.
Continue reading “I Have Been Pwned… Five Freaking Times and Counting!”
Following in the footsteps of two great guides, “10 Commandments for a Safer Internet” and “0x0A Hack Commandments”, I was inspired to give something back to the community. For the average Joe, operational security – or OPSEC for short – is basically just about risk management through identifying specific pieces of information requiring protection, and employing measures to protect them. Sounds intimidating? Don’t worry, because you’re already doing it.
Continue reading “10 OPSEC Tips That Everyone Should Follow”
There’s a lot of details on how Google and specifically Android tracks your location, that most people aren’t aware of. And if you ask me, that’s cluelessness by design. For most people, turning on “location” on their devices, seeing that little 📍-icon popping up, means that the device is now “connected to the GPS”. In reality however, that usually means that the device is scanning Wi-Fi, mobile networks and even Bluetooth in some cases to improve the results – in battery saving mode Android isn’t actually using GPS at all to locate the device!
So why’s this a big deal? Because every Wi-Fi sharing device is automatically mapped by Google, and they’re using your devices as a tool of doing so. In a nutshell:
Luckily there are few ways to opt-out of these things. In this blog post, I’m going to show you how to do just that.
Continue reading “How Google & Android Track Your Location – And How to Opt-Out “
Compared to other social networks, Reddit is a bit more barebones in terms of features and therefore also in terms of privacy settings. Here’s a handy list of the things you can do to harden your Reddit account.
Continue reading “Reddit Privacy Settings Guide (updated 2021)”
Yesterday was the international Safer Internet Day, and also the day that second annual Microsoft Computing Safety Index’s results were published. Research was done globally on a massive scale; over 10,000 PC, smartphone and tablet users in 20 countries and regions were surveyed. The results? Outright troubling.
Continue reading “Brief Recap of This Year’s MCSI Results – With an Infographic!”
Holidays have been even more exciting than usual here in Finland, but not in a good way. Apparently cyber criminals aren’t aware of the concept of Christmas peace, and multiple cyber attacks have taken place against some major Finnish websites and servers. During 20.-21.12., several Finnish Joomla-servers had been DDoS-attacked and infected with Brobot-malware. Then between 25.-27.12., at least the websites of Helsingin Sanomat, Iltasanomat, Iltalehti, MTV3, Nelonen and Yle were also under DDoS-attacks. For Finns, I highly recommend following CERT-FI in Twitter – they’re The National Computer Security Incident Response Team of Finland, and give all the official information about cyber attacks, and useful security tips too.
Joel Latto 