Today I took the next step in my exodus from Google services. I deleted my old @powerz.org mail domain from Google Apps. I had used it for several years before retiring it for a newer one about a year ago. With my mail backed up elsewhere and after I finally got all of the services dependent on the domain moved I was able to delete my account. it felt good, however my other Google Apps Domain is more of a challenge. I still use some of the google doc’s associated with it and figuring out an alternative is my current challange.
Security
Securing my email a bit
Today I completed my copying of my email off my Google App’s account. That means all my data is safely on other systems besides Google Apps. I finished re-pointing most of my domains to my new web host. Next up is completing migrating my parents to the new system. I cannot yet delete my Google Apps for Work account but i am one step closer.
A New Search Engine
As a continuation of my previous discussion on my recent aversion to all things Google over the past month I have been moving my default search engine elsewhere. I have been a fan of startpage.com. I have heard from people I know that their search results are not nearly as good as google but they don’t log your searches so I made them my default search provider on my computers. I do use Yahoo sometimes as an alternative to Google. They may be close to Google in the data retention but the advise I got was they are a bit more transparent and better at fighting requests to hand over data. That is purely opinion but the opinions of people I trust.
My Sudden Allergic Reaction to All Things Google
I have recently had a technical dilemma. I have been a user of many Google services over the years. I have several Google Apps for Work domains. I post private videos of my family on Youtube. I have loved Google Voice long before Google owned it. For most of the time I have used their services I have know there have been some questions about what they do with all the data collected. From day one of Gmail you knew they were looking at your mail to give you ad’s. At the time I brushed it off, especially since i didn’t really start using gmail for a few years after it came out. After I did the lingering security questions were still there but because they provide services that really work well I didn’t question anything nor did I really care. The cool aid was great.
The problem I am facing recently is I have read more specifically about what data Google collects and how long they store it. Or rather how they don’t really say how long they store it. There are many discussions on the topic, here, here, here, and many other places. After reading a lot on the topic and talking with a few people I work with more knowledgeable on the subject than I am I decided the great user experience wan’t worth all I was giving them.
If was to move providers I needed first an email provider. 2nd I needed to stop using Google Voice.
Until very recently that was no small feat. I didn’t want to rely on my mobile alone. That is why I ported my mobile number to Google Voice in the first place. Thankfully as good timing would have it the new IOS software offers wifi calling and handoff to computers for calls. This is not nearly a replacement for google voice for me, but it made it easy to move back to one mobile for everything since as long as I had WIFI I know my number would work. With my new iPhone 6 I would be able to solve my Google Voice dependency. Next up of course is the bigger issue, my email hosting. If just picking anyone I would have gone with Office 365 or some other cloud offering. The problem was as I kept talking to people and reading more I have to say I wasn’t too happy with the US governments tactic’s on getting access to people’s accounts. After that statement I know people are going to say if you don’t have anything to hide, why would you worry. Well I don’t have anything to hide, but that’s not the point. I would rather not know my government could relatively easily get access to my stuff with a court order that apparently happens more often than you would like. I don’t think I am being paranoid guy about this. To me it feels more like ignorance is bliss. Since I do know how creepy stuff is apparently now a days I don’t just want to leave Google mail I want to ensure my data is safe where ever i put it.
I thought about my own server. I just don’t want to deal with it. The super secure Swiss email hosting provider was too expensive. I opted for a well known general web hosting provider in Switzerland were data privacy laws are much more strict than in the US.
Next up for me is to goto the T-Moble store and port my number. After that it is lots of mail copying to my new provider.
Security Overkill
I love reading articles from Bruce Schneier. I have read Secrets & Lies, and I am in the process of reading Beyond Fear on my Kindle now. He explains security and security concepts for computers and in the real world in a fascinating way. He also points out the absurity of some of the security practices that we see today. I love this article he pointed to that I read tonight. This isn’t the first time I have read articles about some of the absurd rules regarding calling in suspicious activity or banning taking of photos. My personal favorite was the news regarding Amtrak Police arresting a contestant in their own photo taking contest! As someone who a) deals with real world security and b) someone who likes taking photos of trains and planes this is really disturbing.
10.5 Compatible Applications Follow Up
When I first installed Leapord (OS 10.5) I wrote about the compatibility issues I had with some programs that I use. Well it has been almost two months and allot of those issues are resolved with one or two still lingering.
I found out that the ecto beta for 3.0 is a free upgrade for me since I owned 2.x. So far 3.0 is working fine in beta and thankfully isn’t crashing so I can write this blog entry without aggravation.
Mark/Space has published a beta of the Missing Sync for the Palm that works with 10.5. I had issues with it like I did with the original version of 6.x. It stops syncing tasks and calendar items from my Treo. Thankfully since I wrote the first post and now I have switched phones to a Symbian based Nokia E61i so I don’t need to rely on this software.
PGP Desktop may be the de facto standard in security products but it is not cheap ($70 or so for 1 year). Add the fact that they didn’t have a working product (even in beta) when 10.5 came out I began looking for other products. I have looked into Knox several times before I went with PGP Desktop, but now I took another look at the product that is basically an add on to Apple’s DMG file format. Knox gives me all the functionality I want, plus added features that a simple encrypted DMG file does not. I gave the trial a go and already bought myself a license (only $34.95 for a license not a one year subscription). I have let my PGP subscription expire and so far I am happy with my choice. Converting the encrypted stores I had took some time but I think I am finally done.
Mactheripper is a totally different story that I wont go into now. I don’t want to write that much.
Marketcircle has had several beta’s of Daylite 3.6 out. Their latest still has sync problems with Apple Sync services. They have been very responsive so I am patient for now. I can use the program but I can’t use alarms, or I can’t sync it with my phone. This is probably the most frustrating issue i have right now.
Other than that I have not had many issues with Leopard. I am not using all the new features that I thought I would, but overall it is a great OS.
CIA cited as worst freedom of information agency
Umm, are we talking about the same CIA that I am thinking of? I would expect that CIA to I don’t know keep secrets. it is in fact a spy agency! I am not saying I agree with anything it may or may not have done now or in the past, but it is by definition a spy agency. I would expect it to be cited as the worst freedom of information agency. Not getting an award for being the most open agency for free flowing information. Get over it.
Technorati Tags: current events
Security Is Inconvenient
If anyone has every told you security is convenient for you, they are lying. Security is very inconvenient. The more secure something is the more difficult and or expensive it is to use. it is much harder to support a group of people you force hard passwords on vs a group you let set a password to anything they want. You know I am right. People give lip service to wanting more security, and when they are given it they don’t like how hard it is to use whatever system you secured.
Take for example something I read a few months ago that said AOL was offering a secure ID like FOB for people to enhance the security on how they log onto their accounts. I have used Secure ID’s for years (i haven’t used it in years, but I have used them long ago, they are not new) and it is not some new wiz bang system. Will the masses use it? probably not unless they are forced to. Do you really think that (i always use my dad as the example) my dad would carry around a keychain secure id to just log into AOL? He would screw it up and get frustrated inside of a week.
Westchester county in NY is trying to legislate securing Wifi networks. In principle it is nice that the county is trying to protect citizens, but come on! Do you really think a person or small business that is ignorant enough to put up an unsecured WIFI network will be compelled to register with the county and secure the system just because there is a law saying it. Hello people this won’t do anything but piss people off and generate some revenue for the county. Like I said before, security is a myth. You cannot legislate the population into security compliance. If you could people in rural areas won’t still leave their houses unlocked and keys in the car!
This of course will be the problem going forward with everything becoming digital. The more secure you try to make something, the less mainstream it will become, but the more mainstream something becomes the more secure it needs to be to protect the public.
The Security Myth
Security. I am a fan of it. Security is like a nice warm um well security blanket! No really. It is good, and most people take it for granted. The problem is allot of time security is this myth that people believe in that may not really exist. Take Wifi for example. I just used macstumbler while I am sitting at my desk at home. Do you know what I found? 8 wireless networks. One of them was mine. Of the other 7, I saw 4 open networks. Of those 2 had the default network names, and one was just named my network. That means that 50% of the networks around me where not just open for anyone to go into. That is crazy. I bet the people using those open networks don’t know they have a huge security hole on their network, or they don’t care. The network device manufacturer’s have a big problem. Make the setup of the devices too hard and people won’t buy them. Make them too easy (as they are most of the time now) and you have tons of unsecured networks. Having the majority of the people using this gear not know the mechanics of how the gear works does not help the situation. It is like having everyday people work on their cars instead of taking them to mechanic’s.
I don’t think most computer people will argue with the assessment I have made above. Or they can if they want. Wifi security has been discussed to death. Even with proper WEP or WPA encryption the system is still not safe. I know that. I have WPA setup on my wifi point. I know I can also add MAC address filtering, etc. I know better, but I still think I have secured the system enough. Have I really? I think for the most part yes. I think of WPA as the club. you can still steal the car (aka break into my network) but why would you waste time with my network or car when you can steal the guy down the streets car who left the door unlocked or just doesn’t have a club? I have a myth of security.
Another example of gaping security wholes is another growing wireless standard, Bluetooth. I have been a fan of it since I first read about it almost a year before the first mobile phone with bluetooth came out. And when it did, I bought one. A Ericsson (they were just Ericsson back then) r520. So for the record I am a fan of Bluetooth. I am a fan of wifi for that matter. I remember when I was at my first tech job back in 96 I got to play with a demo of a 1mbit (i think) wireless card and point from Raytheon. The problem is bluetooth has the same security myth. It also has the problem of the media blowing the issues into this huge security crisis. The simple fact is that most phones and other bluetooth devices were configured to be as easy to configure as the manufacturer could make them. That means allot of devices are setup to be discoverable by default. That means that if the bluetooth radio on a phone is on, someone else looking for bluetooth devices can see your phone if you are in range. To prove that, last week on Amtrak home from my trip I was able to view up to 4 other bluetooth devices from my seat. To protect yourself all you usually have to do is make a change in the default configuration of your device to not be “discoverable”. Do most people do this? Nope. But if you turn discovery off by default you have people complain that setting up partnerships are too hard. See the problem?
You have people then go around thinking all is ok, until they have a problem or someone tells them their phone is at risk of being broken into. First of all that may or may not be true given that you have to set passkeys, etc. For argument sake lets say it is an accurate assessment. These people then freak out and get mad at hardware vendors for delivering unsecured devices. How do you win?
Most of the time people live in the dream world that their stuff is safe. The crazy thing is that maybe 99% (or the vast majority) of the time people’s fantasy worlds are not broken. That perpetuates the myth that all is safe. Even if someone has been using their unsecured wireless internet connect for free for months.
The more I think about it, the more security myths I think about. And I am only thinking in terms of personal computer security. Don’t get me started on other society security concerns.
A perfect example is a few years ago my mom called me after she saw an Oprah on TV. She was calling to warn me that email I send wasn’t secure and that anyone can intercept and read it. She was shocked, but Oprah set her straight. I was like, yeah mom of course email is not secure. Old news. She was surprised that I knew that. It is scary that the general population assumes something like email is secure, and it isn’t. On the flip side can email be intercepted? Of course if it is not encrypted. Is most mail not encrypted? Yes. Will my mom have to worry about her neighbor reading her email or some stranger intercepting it? Probably not. It is very possible to do, but come on who really is going to try and sniff out her mail? its a real threat, but I don’t think most people won’t ever have to worry about it. Doesn’t mean I don’t think we should all get certificates and secure our mail. I would love to do that, but it is impractical in today’s world. So you see even I let the myth of my stuff is secure live on some level. We all do it, and if you don’t think you do, you are kidding yourself.
Need To Know
My dad always taught me information is on a “need to know’ basis. I think he did that so he didn’t have to tell my mom all non-essential things. It wasn’t that he was keeping things from her, but just omitting information until she needed to know. This worked and backfired on him all the time. Fortunately or unfortunately (depending on how you look at it) that mentality has rubbed off on me. For personal or professional reasons I have had to selectively give out information. My friends call it being a security minded individual. I guess that is true.