Equifax Illustrates WHY Certain Information Is Sensitive

There have been thousands of articles about the Equifax breach recently, but very few have discussed the deeper reasons why information that used to be common knowledge has become so critical to online safety and security. This blog post from AgileBits, makers of 1Password, is a great primer on why certain information is now considered sensitive. It all boils down to the fact that banks have adopted identifiers (such as Social Security Numbers) as secrets and “identifiers are bad secrets.” To illustrate the point, the author includes a fun clip from Monty Python’s Flying Circus, the famous “Bruces Sketch.”

There might be a lot of Bruce’s in the room, but there are probably not two with the same birthday and definitely not two with the same Social Security Number (SSN). So the name Bruce can’t be used as an identifier. Bruce + SSN used to be ok, but became a secret when banks began to use them for telephone banking. Bruce + birthday is not great, but add Bruce’s address and that should be unique. However, it is not a secret because Bruce’s birthday can be found on his Facebook page and his address is probably 1,000 places online. Identifiers are clearly bad secrets.

The Equifax breach has brought the problem to a head by speeding up the process of demonstrating that identifiers are bad secrets because for hundreds of thousands of people those identifiers are now public information (for hackers). The solutions are complicated and while many people think they don’t have any “secrets” and ask themselves “Why would a hacker possibly be interested in my boring family photos?” The deeper issue is the increasing interconnectedness of online and physical identities. For a deep dive into how to protect yourself online, see my recent series, “Online Security.”

AgileBits is certainly doing their part to help people keep track of the real secrets: passwords, credit card numbers, driver’s licenses, passports, etc., but a kept secret is only as good as the privacy of the place it is stored such as a smartphone or computer. For more information on this part of the problem, take a look at Apple’s excellent new website on privacy. It presents a clear picture of  how closely related secrecy and  privacy really are.

Google Requests a Fax of an Online Form?!

Here’s a fun throwback to end the week. Google requested that I send them a fax. Really Google? How about I chisel the information into a clay tablet and send it with a tribute of grain via the next caravan going to Mountain View? Yes, Google really sent me the form below after I closed an old G Suite account.

There are thousands of major Google account maintenance tasks that can be done online with no physical paperwork necessary. With Google Fetch and Render large websites can be reindexed, organizations can open accounts to manage hundreds of email addresses, advertising can be broadcast around the world in an instant, but a $2.64 refund requires the telephonic transmission of scanned printed material through the use of a machine invented in 1843. Wow, there are apparently some gaps in the high tech world of Google.

Feedly – Because If You Are Still Starting Your Morning With a Zigzag…

“… through a standard set of Web sites (sic), you’re wasting time and energy. Feedly is what you Needly.” That corny quote is courtesy of a New York Times article from May 2013 and in terms of reading blogs, not much has changed since then.

And it’s not just blogs. Many people still visit a list of websites every day such as news, fitness, sports, celebrities, etc., quickly resulting in a deluge of information peppered with tons of intrusive ads. What they don’t know is that many websites offer one or more “RSS feeds” containing direct links to articles posted each day. For example, The Verge is an excellent source of technology news. They even break down their feeds into useful categories such as posts about “Microsoft, Apple, Google, Apps, Mobile, Science, Features, etc.”  Many companies large and small also have their own blogs with RSS feeds. National Instruments (NI) has a webpage with links to not only their own blog (with over 1,500 posts!), but the technology blogs of their partners as well.

The confusing part is that everybody from the New York Times to The Verge to NI use something called “RSS” to publish their feeds even though they are completely different sources of information published on completely different schedules. The Verge might publish more than 20 articles on a busy day while NI only publishes one article every couple weeks. So why visit multiple sites everyday, some of which might only publish occasionally? That’s where an “RSS reader” comes in. After setup and subscribing to various websites’ RSS feeds, it only displays a list of new articles. Articles in this list are marked as “read” either by being read (duh) or by skimming through headlines. Once marked as read, they do not show up again.

The easiest part is finding a good RSS reader. No need to do a Google search, just use Feedly.com. It’s free, simple to setup, and synchronizes content across its website, smartphone app, and tablet app. It is also fast, straightforward, and provides direct access to a wide variety of high quality news sites organized by topic such as Technology, Business, Design, Photography, Science, and Travel. Other websites and blogs can easily be added via the search box. Once the basic setup is complete, each time Feedly is accessed, it only displays a list of headlines from unread material.

So if you have some free time during these last few weeks of summer, setup Feedly and enjoy distraction free reading of your favorite websites and blogs. By the way, the Elephant Tech blog can be subscribed to by searching for “elephanttech.com” using the search box in the upper right corner…

Leaving LinkedIn After Over a Decade

It was a tough decision, but I finally closed and deleted my LinkedIn account. A professional lifeline for over a decade, it is hard to measure the value of the contacts I had there. However some online transgressions are impossible to overlook and violating privacy is at the top of my list. To be fair, it was probably in their terms and conditions, one of those “sacrifices” we make everyday as a trade for a valuable service offered at no charge, but flagrantly breaking the implicit trust involved in privacy required immediate action.

What did LinkedIn do? They accessed my profession and personal email contacts without my permission and used them to suggest new connections. Before you ask, I am 99.9% sure that I NEVER gave them permission to do this with the other 0.1% reserved for the remote possibility that they tricked me into it somehow. Throwaway email addresses that I only used once and have not used for 10 years were showing up in this list. Doing some research online, it was suggested that LinkedIn might have gotten these addresses when I had LinkedIn open and Gmail open in two browser tabs at the same time. I’m not sure if this is true, but it would be one way to explain it.

It must be tempting for a company like LinkedIn to think that they are helping the world by connecting people professionally and the more connections, the more they are helping. Gmail does something similar by looking into Gmail accounts and suggesting ads so why can’t LinkedIn do the same? But it’s not the same by a long shot. There is an expectation of separation when multiple tabs are open in a browser. Amazon doesn’t look to see what I purchased recently from Nordstrom online and even Facebook, for all their privacy issues over the years, doesn’t seem to make personal suggestions based on my email contacts stored in Gmail.

So goodby LinkedIn, we had a good run where I published over 180 articles on your publishing platform and connected with hundreds of other professionals. As your email said, maybe you’re sorry to see me go, but if you had wanted me to stay, you would have never have violated the trust we worked so hard to build.

Watch Out Google! – 303 Links to Acoustics and Vibration Companies

Of course you could always do a detailed Google search and get millions of results, use Google’s Custom Search feature to create you own list, or even use the Duck, Duck, Go search engine if you don’t want to end up with tons of ads for custom acoustic foam fabricators for the rest of your life, but isn’t this list just a bit handier? Besides, these are from a website I created with Chip Doyle almost 20 years ago called NVHmaterials.com. It was a big deal back in a time when Google was still “in beta” with only 60 million pages indexed and Lycos ruled the search engine world. Interestingly, over 70% of the companies from the original list are still around today!

The list is broken down into five categories:

Consultants – 80 links
Educational Websites – 31 links
Enclosures, Barriers, Panels, and Chambers – 23 links
Materials – 66 links
Test Services – 17 links
Test Systems, Equipment, and Sensors – 76 links
Other (Trade Magazines, etc.) – 10 links

If you have any additions or corrections, please let me know, but in the meantime there are several gems in here that won’t be found until page three of a Google search like Acoustical Systems Inc. and Environmental Noise Control. Enjoy!