Thursday
Aug132015

Ad-blocking is essential for your privacy and security on the web.

Adblocking software has been in the news quite a bit recently due to their increasing popularity.

Guillermo Beltrà spends a lot of time surfing the web.

Yet like many avid Internet users, Mr. Beltrà hates the annoying pop-up advertisements that litter many websites. “It’s just very cumbersome,” he said.

So like a growing number of people, Mr. Beltrà, a Spaniard who works for a consumer protection organization in Brussels, decided to block them by downloading software for his desktop browser that removed any online advertising from his daily Internet activity.

While he acknowledged that advertising was often the primary source of income for many websites, Mr. Beltrà said he remained wary of how much data companies were collecting on his online activities. -Mark Scott, New York Times, Blog

I have long advocated the blocking of advertising network because while many user find advertisements "Annoying" there is a far more sinister side to advertising that marketers would rather you didn't know about.

Unknown to many users is the fact that many advertising networks embed spyware that is designed to track you across the Internet with every website you visit. They do this by embedding trackers into the advertisement that your browser then loads whenever you vist Website X using Advertising Network Z. Now when you visit Website Y who just happens to be using Advertising Network Z you are instantly identified as the person who visited Website X earlier.

But the thing that surprises most people is just how many trackers an otherwise innocent website may harbour. Let's take a quick sample; I am using the browser extension Ghostery to show detected trackers in the purple box bottom right. (Click Images to Enlarge them.)

So CNN has 18 Trackers and The Daily Telegraph has 26 Trackers setup to betray their readers privacy, and these are only the trackers that Ghostery is able to detect.

Let's check the last site again with both trackers and advertisements blocked:

Now we can see that AdBlockPlus has removed 23 of the 26 trackers and all the advertisments. Ghostery has detected and blocked the three remaining trackers.

These are only two websites on the Internet that I have chosen to demo for no particular reason. There is nothing abnormal about the behaviour of these sites, it is now a common practice for website operators to install malware (spyware) into websites for commercial gain because there is a lot of money to be made in violating your privacy.

It wasn't always like this. Advertising didn't used to involve malicious action towards the end user. Although advertisements have always been annoying it is only over the course of the past decade that they have become a specific threat that users need to block by default.

Fortunately there is a way to block most of these trackers. I highly recommend everybody install AdBlock Plus and Ghostery into their browser. Both programs are free and both will block trackers. Ghostery in particular will give you an alarming insight into just how many trackers are being used to invade your privacy. I have been using both programs for years and would not consider browsing the Internet without either of them.

Friday
Jul172015

Anti-vaccination political party loses Domain Name.

In recent weeks a group of anti-vaccination campaigners have attempted to start their own political party called the Involuntary Medication Objectors Party whose goal is to undermine public health initiatives. 

Recent so called No Jab, No Play, No Pay laws discriminating against parents who choose not to vaccinate their children have far reaching effects for the basic freedoms that we have enjoyed.
We object to the our elected representatives making and supporting laws that use financial coercion to compel struggling, loving, caring parents to vaccinate their children with questionable medication.
The injustice of the recent No Jab, No Pay law has motivated us to form a political party that will aggressively agitate for rescission of this undemocratic law. -Involuntary Medication Objectors Party

This party is a response to the Abbot Government "No Jab, No Pay" laws which closed a loophole that people have been using to claim benefits they aren't entitled to. Under this new law if parents want to claim a payment that has an immunisation criteria they must ensure that their children are vaccinated before they can receive the handout.

The party did have a website setup at IMOP.com.au until auDA the government organisation that administers the .au namespace received the following complaint.

The domain imop.com.au is registered to Misty Mountain Health and Institute Ltd, ABN 61097939672, so the domain name is clearly not (as required) an exact match, abbreviation or acronym of the registrant's names:
* Better Life Productions
* Misty Mountain Health Retreat, or
* Misty Mountain Aboriginal Healing Place.

Given it is being used to host a political party's web site, I fail to see how it's being used for domain monetisation, or otherwise closely and substantially connected to the registrant under the rules for that use in the guidelines. -Complainant

The registry is now reporting status: pendingDelete (Client requested policy delete)

As we have seen in the past Anti-vaccination campaigners have a psychotic determination to undermine public health. I have no doubt they will return after this setback, and we will be waiting when they do. Every victory against the Anti-vaccination movement is a victory for public health, and we are winning this fight.

Wednesday
Jul152015

Opposition to Password Managers is Opposition to Security.

These days password managers are becoming popular security tools for end users to manage their passwords. The most popular solutions available to consumers are Lastpass, Dashlane, KeePass, 1Password and RoboForm. These applications enable their users to create unique-strong passwords for all their online accounts and store them in an encrypted database to keep them safe.

I personally have more than 3,200 credentials stored in multiple encrypted databases. The databases I manage include everything from Electronic copies of my passports, access for this blog, DNS Servers, Email accounts, service providers, application credentials, domain registrars, Encryption/Decryption keys, private x.509 keys, remote access to alarm and CCTV systems and more.

I have worked in IT since 2003, even with only part time contract work the amount to credentials that I have needed to store is phenomenal and if I didn't clean out the database could be significantly larger than it currently is.

Password managers have become an essential way of life for me. There simply is no alternative when you need to manage so many systems/services, and those credentials need to be kept secure. Of the 3,200+ credentials in storage at least 200-300 of them are for personal use such as, Facebook, Youtube, eBay and anything else I've created an account for over 10+ years.

Password Management software is perhaps our best hope for getting users out of the habit of picking weak passwords or reusing the same passwords on multiple services. So it is frustrating to discover that in 2015 some companies are deliberate preventing their users from using password managers.

As if educating users not to write passwords down or reuse passwords in multiple places is not already a challenge. The fact that British Gas has gone out of its way to prevent their customers from using a Password Manager to keep unique passwords safe really shows how out of touch with the modern world they are. Perhaps British Gas would prefer their users to resort to Post-It notes on the monitor?

Friday
Jul102015

Former Queensland Police Officer calls for murder of medical workers.

Chris Savage is a prominent anti-vaccination campaigner and former sergeant in the Queensland Police Force prior to being thrown out for reasons Qld Police have not disclosed. I will however speculate that they probably didn't want someone who thinks it's ok to randomly shoot people at your own leisure.

Of course this is not the first time Anti-vaccination campaigner have praised murder as a legitimate tactic. Back in Febuary United States based anti-vaxxers openly praised the murder of medical personnel.

In September of last year a leading anti-vaccination campaign tried to convince a woman to kill her own husband via deliberate dissemination of false medical advise.

Way back in 2011 calls to "String the Bastards Up" where made by anti-vaxxers advocating the lynching of medical personnel. Then there is the unforgettable Frankie Vazquez who issues both bomb threats, death threats and more.

So while we are used to anti-vaxxers engaging in threatening and criminal activity it is not often that we have Former Police Offices engaged in such activities. Chris Savage actively promotes himself as a former police sergeant to garner credibility within anti-vax circles.

I will be interested to see what Queensland Police have to say about this. They kicked him out, but he still uses their brand/reputation to promote himself.

Monday
Jun222015

De-anonymised Luke O'Hehir of Elegant Logic loses the plot.

For sometime now an Internet Troll by the name of Luke E Lawless has been hassling skeptical blogger Peter Tierney aka Reasonable Hank, winner of last years Skeptic Of The Year Award. 

Message sent to Peter; from Luke.

Like much of the harassment that members of this community face it was done behind the veil of anonymity as Luke E Lawless is clearly a fake name, this is also confirmed by the fact that this individuals identity has since been revealed. Due to a comment he made on Peters Blog.

Normally an IP address alone is not enough to identify an individual and most people have nothing to be concerned about. However the anonymous Luke E Lawless certainly wasn't happy and immediately accuses Peter of promoting criminal activity. 

So concerned was Luke E Lawless that he found a question on Stack Exchange about IP Addresses and posted it to his Facebook wall in order to reassure himself that everything would be alright.

Actually when a person engages in a campaign of harassment getting their IP address is often the first stage in identifying the culprit. People like Luke O'Hehir owner of Elegant Logic in Melbourne who believe  they can engage in abusive behavior behind the veil of anonymity will always slip up eventually and allow us to build their profile.

Luke O'Hehir was de-anonymised using more traditional investigative methods but a court order against his Internet Service Provider would also have worked to identify him via his IP Address. It wasn't used this time but yes, once we have your IP we can potentially identify you with it.

Since being identified Luke O'Hehir has been posting even more batshit crazy things to Peter. Here's a classic.

This is the old "I have a lawyer and you better believe it" tactic. It's a beyond pathetic attempt to curb criticism. I have yet to meet a Lawyer who uses Facebook to communicate with clients. Luke O'Hehir is simply upset that he was caught.

Equally funny (and Pathetic) is the "I have a cop" tactic.

Keep going Luke O'Hehir. As someone who presents themselves as an IT Professional you seem to have a poor understanding of both the Internet and the law. I look forward to the headline "De-anonymised Internet Troll sues harassment victim for whambulance fees."