Welcome to the second edition of Liberty Nation TecWeek, a weekly column that will catch you up on all things tech related –- specially designed for those who do not consider themselves tech savvy. TecWeek focuses on news stories and topics that affect you, like digital security, government and corporate surveillance, privacy, and much more.
In this week’s column:
- Signal now offers video calling – but you need to know something first
- Operations Security (OPSEC) may be a problem for Trump
- Google is failing at the scammer protection game in its ads
- Using multiple browsers used to help protect you online, but not anymore
If you follow the quest for privacy in digital communications, then you’re aware of Signal, the best app available right now for those who want their texts and calls to be private. Signal has recently added video functionality to their calling ability, which is a huge boon to users, who asked for that feature many times.
There is, however, one small fly in the proverbial ointment; WIRED reports that Signal’s upgrade uses CallKit, a framework by Apple that makes the functionality possible. The integration also means that your private Signal calls will show up in the iPhone call log – and if you’re an iCloud user, the data gets uploaded to the cloud, where it’s fair game for government data vacuums. Naturally, this defeats the purpose of having Signal.
Signal users who upgrade to the new version should go into the Settings menu, and turn off CallKit integration in the Advanced menu. Disabling the integration will stop the phone from uploading the metadata to the cloud server by either party in the call.
Signal’s push to make things more user-friendly ends up compromising certain facets of its privacy-oriented purpose. As people who seek privacy understand, the more convenient something is, the more compromised it will be as well. Signal’s choice to trade some privacy facets for usability gained the app popularity and more users, but also alienated some who believe that any compromise is unacceptable. As with any other encryption app, users should exercise caution and pay attention to what they discuss while using Signal.
Speaking of using caution, President Donald Trump is under fire for engaging in poor OPSEC, or operations security. After North Korea had launched a ballistic missile, the President was on the phone discussing the situation – while at dinner in a public place. Ars Technica reports that the president’s aide-de-camp (the Air Force officer who travels with the President and carries the nuclear launch codes known as the “nuclear football”) not only posed for photos with other diners but that the pictures of the President’s table made it onto Facebook. On another occasion, the President approved a Navy SEAL raid in Yemen while at dinner with senior officials, according to the New York Times. While certainly, the President’s days as a corporate mogul make him quite adept at handling a variety of situations while at dinner or on the road, the level of security required for his new position as President does not lend itself to the same type of conduct. Perhaps it’s time for him to think about security before multi-tasking.
Security researcher Graham Cluley points out that the President’s Twitter metadata shows that he is still using an unsecured Android phone to post on social media; even if he never uses it for anything official, the device is still Target Number One for foreign intelligence agencies and hackers all over the world.
Two Democrat lawmakers sent a letter to Secretary of Defense James Mattis on February 9th asking for him to confirm whether President Trump has a “secured, encrypted smartphone for his personal use,” and whether he is using it. If hackers were able to access a phone used by the President of the United States, the negative fallout would be astronomical.
Google received some negative fallout of its own, as it catches flak for allowing scam advertisements on its search page. As security researchers point out, Google is not a search engine company. The search engine functionality is simply a front for their real business – ads. When visitors access the search engine, Google presents a variety of advertisements, expressly chosen for that user based on all of the data that Google collects from their search history, websites visited, email, and even their location data as pulled from other Google apps. The practice means that ad blockers “aren’t good for Google’s business model,” as Graham Cluley writes for BitDefender.
Google, however, has made ad blockers a necessity, partly because their ads often have malware in them. In January 2017, one malware analyst pointed out that a Google ad for YouTube actually “took users to a Microsoft tech support scam site.” Considering YouTube is part of Google, one wonders how that happened. More recently, a fraud ad pretending to be Amazon made it through Google’s supposedly strict vetting process and ended up at the top of all search results for the most searched retail store on the internet. Not good.
The moral of the story here is don’t assume Google ads get checked for malware or other things that can harm your computer. Don’t click on ads – better yet, use an ad blocker and don’t even allow them to display on your screen.
In other privacy news, using multiple browsers may not help break up your internet identity anymore. Some privacy-conscious people have historically used a variety of browsers to help mask their identity on the web, making it harder for marketers, ad scripts, and even the government to see what users are doing online. New research at Ars Technica, however, has figured out a way to bridge the gap between browsers – actually mapping out who you are even if you’re breaking up your internet activity across several different browsers.
Currently, their research doesn’t work against people who are using the base installation of the Tor browser – but no one solution is foolproof. The bottom line is simple – it is getting harder and harder for people to use the internet privately, and that shows no signs of ending under the Trump administration.
That’s it for this week! Tune in next Friday for more tech news that matters.Whatfinger.com