In today’s Technology Age, where hacking is child’s play and information is forever, is it even worth it to try to safeguard your privacy? I say YES.
There are steps you can take and practices you can employ to keep you safer online.
Today, for Techie Tuesday, I’ve brought you security expert Jay Donovan, owner of TechSurgeons, LLC and my own favorite Digital Dark Knight.
He’ll be answering our questions in the comments (Squeee!!).
Jay is also teaching a webinar on March 28th called Who Wants To Know? Internet Privacy and Security. I can guarantee you I’ll be in that class.
Why do I feel so strongly about this?
Your data and your privacy are on shakier ground than you might think. Identity theft is up and security is down. All that unethical hacking just steams me a bit so I asked Jay to come visit and share his security savvy.
Five Important Lessons from my Digital Dark Knight, Jay (he’s in purple below):
1) False security is worse than no security at all
If you think you’re protected, you’re going to be less cautious. Case in point: A techie friend of mine picked up a computer virus causing his friends to be spammed because he clicked on a bad link since he “knew” he was safe. He “knew” something that wasn’t so.
2) Everything posted to the Internet is there forever
How many times have we heard about people losing a job because of some old pictures of them drinking or behaving badly. What about the poor erotic dancer forced to resign because people found out she wrote children’s books? 🙂
3) Good Security is like Ogres and Onions (there are many layers)
Every hurdle and impediment you put between potential stalkers and you provides more protection. A good anti-virus works better when you don’t click malicious links. Your house is less likely to get robbed if you don’t upload pictures identifying where you live and then announcing you’re going on vacation.
4) Pen names can be a great help, but only if done right
If you’re trying to keep stalkers from your front door, you have to make it very difficult for them to find you. Open secrets about your pen name aren’t any secrets at all. See points 1, 2, 3, and 5
5) You can play on Social Media and still maintain your privacy
I’m a social media butterfly, but I never reveal when I’m on vacation. That screams “My house is empty, rob me!”
When I asked Jay why he recommended this class particularly for authors, I liked his answer:
Every author should take the class because it teaches many tips for keeping your personal information private and gives practical advice for properly using a pen name.
The last time I taught the class, one author thought she had protected her privacy. I spent less than an hour e-stalking her and found her address, 2 phone numbers, pictures of & maps to her house, her husband’s name, their approximate ages, found archives of a website she closed over a year before, knew her political views, and more.
Wowzers! I don’t know about y’all, but I’m so in.
Here are the deets:
When: March 28th – 4:00 pm to 7:00 pm EST
Cost: $40 (but the More Cowbell Posse gets a discount!) – Discount code: “hacking”
Link: http://wanaintl.com/event-registration/?ee=125
Last but not least…thanks to Jay for taking time out to hang with my posse today!
Do you have questions for Jay? Are there other courses you’d love to see regarding writers and internet security? If you were to add one more tip to this list, what would it be? Enquiring minds always want to know these things here at More Cowbell!
Jenny
*****************
About Jay
Jay Donovan has been a geek since before geeks were cool. He’s done it all, from remotely debugging the Internet connection for a US aircraft carrier deployed to *REDACTED*, to being responsible for the servers and networks for one of the largest Internet sites in the world, and the most challenging job of them all – parenthood.
He’s trained as a Certified Ethical Hacker (yes, really!) and always uses his geeky powers for good.
When he’s not neck deep in wires and computer parts, you’ll find him hanging out on Twitter as @jaytechdad or at TechSurgeons.
When a hacker tries to break into our computers, an alarm and loudspeaker should go off in theirs. “WARNING! WARNING! THE PERSON ON THIS COMPUTER HAS BREACHED SECURITY! THEY ARE HACKING A PERSONAL COMPUTER! CALL 9-1-1! This would be on a loop of course….
That would teach them especially if they were in Starbucks at the time.
LikeLike
LOL…can you even imagine if this alarm went off in Starbucks? That would be AWESOME. 🙂
LikeLike
Someone should get right on that new ball breaking antivirus software…
LikeLike
I’ll get right on that.
*GASP* Oh no, it looks like Susie is trying to hack into someone’s computer! Here, let me sound the alarm on hers. 🙂
-Jay
@jaytechdad
LikeLike
NO!….DON’T ….PUSH …THAT ….BUTTON!
LikeLike
Push it, Jay. P-Push it real good! *dances around kitchen*
You didn’t actually think I was gonna pass that up, did you Susie?
LikeLike
No one can resist the *SHINY RED BUTTON*
http://nicktoons.nick.com/videos/clip/space-madness-clip-2.html
LikeLike
Ok. The geek love is official. P-push the jolly, candy-like button! Ren and Stimpy and Salt ‘n’ Peppa in the same chain? You kill me. In a ROFL way 🙂
LikeLike
Jay, I’ve always been curious about how difficult or easy it is to hack and track someone based on their Facebook habits. I totally use 411.com for addresses all the time, so I can see the issue if someone is using their really name. What are your recommendations? And how do you turn off that damn geotracking that gets picked up from your IP address?
LikeLike
Hi Jenny,
You can’t turn off IP address based geotracking since it’s info the webserver gets when you connect.
For those not in the know, IP addresses are pretty much a computer’s phone number. Just like area codes are linked to a geographic region, IP address blocks are linked to a particular owner – your local cable company has a block and it’s easier for them to assign those blocks to a particular location.
If you were really paranoid about it, you could rent a small server somewhere else and do some network magic to have all your internet traffic seem to come from that server. That’s called setting up a VPN (virtual private network) between you and the server. I have a server in Canada I sometimes use for that purpose – it is normally used for watching our servers in Phoenix.
-Jay
@jaytechdad
LikeLike
Maybe I should worry more about this – I do the minimum (don’t even use a pen name.) Guess I figure I’m so boring they wouldn’t bother…. (I know, that’s wrong – 75 yr old women get raped, right?)
LikeLike
Hi Laura,
Maybe not quite worry, but be aware. If you are going on vacation, mention that your virtual ex-Military sniper brother is watching your house. 🙂
-Jay
@jaytechdad
LikeLike
Okay, I’m in. I enrolled in Jay’s course. Not only does this Digital Dark Knight have an awesome name (he knows what I mean), but he has sufficiently scared me into action! LOL.
Thanks for the discount!
LikeLike
Thanks Julie!
The Q/A session at the end isn’t limited to security questions. If you have tech questions for your WIP, I’m happy to answer them there,
-Jay
@jaytechdad
LikeLike
I missed Jay’s last class and don’t want to miss this one. Thanks for explaining about IP addresses, Jay. I have a lot to learn.
Thanks for having the Digital Dark Knight here, Jenny.
LikeLike
Of course, Miss Lynn! I like to look out for my peeps. 🙂
LikeLike
Thanks Lynn. If you have any questions, fire away. 🙂
LikeLike
Hey you! Yes, you in the fuzzy slippers & wearing the old concert shirt. I know you have a question. Go on and ask. 🙂
LikeLike
LOL.
LikeLike
Oo, Oo! *raises hand* You said you’d take techie questions for our WIP’s, Jay. You may regret making that offer. If someone has hidden a webpage behind a webpage (say because the hidden webpage is for an illegal business) what would be the most likely way that a private detective (reasonably computer savvy but not a brilliant geek like you) whose perusing said outer webpage might stumble on evidence of the hidden page? And what would be likely to come up when they clicked on the disguised link?
I have a letter in the legit business’s name as the hidden link, and only a log-in box comes up, with no explanation, and no sign-in option (i.e., one has to already be registered to log in). The PI then takes the whole problem to a brilliant geek like yourself who figures out how to get in to the hidden site.
The owner of the site is not the brightest bulb in the package, so the explanation for how the hidden site is hidden doesn’t have to be brilliant but it does have to be plausible.
I write mysteries, can’t you tell? 🙂
LikeLike
Oh, and you weren’t too far off re: the fuzzy slippers, etc. LOL I’m still in slippers and bathrobe at 1:35 p.m. because I was up til 5 a.m. writing.
LikeLike
Kassandra, that question is awesomesauce!!!
LikeLike
Hi Kassandra!
Well, that letter would likely be a different color or font than the others on the page. Or the screen reading software would point out the link – is anyone blind in the story? Or he got lucky when mousing over the page, mousing over the letter would show the link address in the status bar. Or the guy would view the source (HTML codes) to the page and notice the oddity.
Me, I’d hide a QR code in a small part of one of the images.
You should take the class just to grill me at the end about helping law enforcement capture a murderer… I can’t talk about all the details, but there are some. 😉
Oh, and Kassandra, how do we not know each other already?
-Jay
@jaytechdad
LikeLike
LOL, I don’t know Jay, that whole writing until 5 a.m., hanging out in my bathrobe all day thing could be why. I don’t get out much.
The PI is a woman, btw. I have her running her mouse over the page and noticing that the cursor turns into a little pointing hand over that letter. Would the url have to show up in a status bar then? Is there a way someone could have blocked that?
Not sure what a QR code is? Sounds kinda sexy. Would that be something the PI could stumble on by accident? And what would that look like if she did?
Thanks! Off to check out your class.
LikeLike
Well, being a she, she’d be much more likely to notice the nuanced color change. I’m still amazed at all the words for “blue” that exist. 🙂 And yes, the site could disable the status bar by using a pop-up window but it is easy to bring it back.
LikeLike
Thanks, Jay. That’s probably sophisticated enough for my bad guy, and for my readers. But I bookmarked Jenny’s QR code post for future reference as well.
LikeLike
Jenny already mentioned QR codes and what they are – https://jennyhansenauthor.wordpress.com/2011/10/25/techie-tuesday-are-you-into-quick-response/
LikeLike
Okay, Jay, I asked this one of Jenny and she didn’t know. Why aren’t you working with the Pentagon?!!?? 😀 (Oh, and can you offer any semi-serious tips for choosing passwords that don’t require me to use a random number generator?)
LikeLike
In a past job, I worked closely with the FBI and Secret Service.
As to password, I bet you can remember: “2 Pounds of Chocolate!” or something similar.
-Jay
@jaytechdad
LikeLike
Oh, I love this password idea. I can do many variations on my favorite chocolate treats! How about “GSthinmints2good!” 🙂
LikeLike
See? I KNEW IT!!! FBI, Secret Service, Pentagon — all in the ballpark! You ghosts are all the same! Thanks on the password thing. Love it!
LikeLike
Jay, Jay, Jay!!!!!!!!!! Hey, what I want to know is when are we going to see your smiling face??? Also, how safe are on line merchants, like Amazon and other places that hold on to our credit card information? Are there new banking regulations that cover that? Is it really legal to hold on to that information??
LikeLike
Hi Rachel, Good question!
So kind of you to assume that I haven’t been terribly scarred by a freak monitor explosion that left me a bitter, bitter man out to seek revenge on the manufacturer who knowingly shipped a bad monitor rather than spending an extra $0.02 on a capacitor that wouldn’t overheat. **whistles innocently** (Maybe I’ll turn on my webcam during my class.)
The online merchants are pretty safe. They have to be in order to accept credit cards directly. That being said, nothing is perfectly safe so I never recommend people use debit cards for online purchases since that $ comes right out of your bank account. Both debit & credit cards provide protection, but it’s far more stressful to find your bank account empty than it is to find a bad charge to your account.
It is legal to hold on to the info, there are specific regulations on data encryption and protection which need to be followed. The credit card companies have been on the forefront of setting good policies and procedures to protect themselves (duh!) and their customers.
-Jay
@jaytechdad
LikeLike
Fantastic post–just shared with a couple of writerly email lists.
LikeLike
OK – how is everyone getting hacked on Twitter lately? I’ve had to turn off the ringer on my phone because I was getting DMs from hacked accounts at 2AM. I’ve gotten over a dozen “Did you see this pic of you” DMs this week alone!
LikeLike
Hi Lisa!
People are clicking links to sites running malicious Twitter apps. Those malicious apps then have permission to send tweets as the user and also send DMs to the victim’s followers trying to get them to click the links and keep the chain going. Twitter is making it more explicit about asking for your permission before allowing an app access to your account. The malicious apps are sneaky, some do useful things like tracking unfollowers in order to attract people in the first place.
Oh and everyone, Lisa is my go-to-expert for Facebook stuff. She’s been helping manage the TechSurgeons FB page – http://www.facebook.com/TechSurgeonsLLC #shamelessPlug
-Jay
@jaytechdad
LikeLike
Awww – thanks, Jay *blushes* I guess this explains why I’ve never been hacked on Twitter – I don’t use any of those apps. 😀 At least, I don’t think I’ve been hacked. Someone would tell me, right?
LikeLike
I hate the phishing DMs, but something I learned recently is that you should tell the owners of the hacked accounts that they have been compromised. Especially if they are your friends. Help them to protect themselves and you will be doing everyone a favour 🙂
LikeLike
Yes, just as people don’t often know when a tail light on their car is burned out, they might not know they’ve been hacked. It’s just neighborly to let people know…
-Jay
@jaytechdad
LikeLike
Thanks for the post! Everything we put on the net is there for good, and posting pics while on vaca and announcing you are away is no bueno! We all must be conscious of this.
Phil
LikeLike
Thanks Phil!
LikeLike
*raises hand* Oh, I’ve got a question for you, Jay! Will your class be recorded for those of us who can’t be online at the time it’s being offered? 🙂
LikeLike
Hi Melinda,
Great question! *slips her $5 for asking it*
Yup, it will be recorded with the text chat, slides, and all the audio comprising the recording. And if you have any questions, you can either send them to me in advance or after the class.
-Jay
@jaytechdad
LikeLike
Awesome! Thanks, Jay! *runs to finish registering*
LikeLike
Oh awesome! I was so bummed that I’m working during that time. So, we can access the audio set up via WANA Tribe? Is that how we find it? Cost on the podcast (if that’s the correct name)?
Thank you for recording it! I’d really like to learn more about this! In fact, are you going to DFW Con? It’d be smart if they offered a conference class like this since it’ll be all writers who live on their computers and so many are new to using social media. If you’re not already signed up, and you have the time, I would share this link and the courses you’ve done with them to see if you could present. I really think that’s worthwhile!
LikeLike
Hi Jess,
Sorry for the late response. I spent the day not-working as is my tradition for the Ides of March. So far I’ve managed to avoid Senators and “honorable men.”
If you sign up for the class, I’ll email you a link to the recording. And even if you weren’t at the computer, you’d be able to phone in to listen. The recording includes the audio, text chat for everyone in the classroom at the time of the presentation. And if you can’t make it, I’m happy to answer questions for you after the class.
I’m more a writer groupie than an actual writer (though Kristen has convinced me to write a book), so DFWCon wasn’t on my radar screen. Hmmm, I’d need to figure out how to maintain my privacy schtick for it though. 🙂 Maybe next year.
-Jay
LikeLike
I really hope you consider it as I think a course around social media safety is important for writers – so many of us are new to this and don’t even realize the threats till they attack us.
LikeLike
Jay, I have to confess, I am FREAKED out in that I pretty much put myself completely out there. No own name. I tell people what city in which I reside. People know I have a kid. So is there any way to really go back? I don’t announce that I’m going on vacation when I’m REALLY going on vacation (although I have taken blogging breaks before), but what can an over-sharer like me do to put the genie back in the bottle? 😉
LikeLike
No *pen-name*
D’oh!
LikeLike
Hi Renee!
No need to freak out. *leads everyone in a stress-releasing breathing activity* Thankfully, no one here is talking about having a current stalker. That gives us the luxury of time to fix anything we need to fix.
The first thing to do is to stop over-sharing. Time does help.
On Facebook, you can limit who can see posts – this is limited protection so still be a little careful about what you post. Imagine a hacker group completely got into FB and changed every post to public. That might make for a great book. 🙂
You already practice some restraint. You don’t identify your son’s name. You’re not announcing you’re going on vacation.
If you get hit on and worry about pervy stalkers, you could take some efforts to make yourself seem less available. This is why the first part of my Twitter profile states that I’m happily married. I didn’t see a mention of your husband on your
You’ll never quite get the Genie back into the bottle (See #2 above), but you can stalk yourself online (or pay someone to stalk you *waves*) to see what’s out there about you. A fair chunk of my class covers what is entailed in getting personal information taken off information aggregation sites like 411.com.
-Jay
@jaytechdad
LikeLike
A quickie question (former IT helpdesk here who has seen my fair share of viruses and trojans infecting computers):
What are your favorite anti-malware/anti-virus programs? Right now I’m allowing Microsoft Security Essentials to run with Clamwin for daily use. I also use Spybot and Malwarebytes on a “on demand” (no TeaTimer or other background processes running) basis. For browser protection, I use common sense (not clicking most emailed links even if they were sent by friends–for those I usually ask what something is and go look for it myself) and add-ons such as Adblock and NoScript.
Lastly, as someone who fell in love with her husband because of Code Wars in college, I love the fact that you call yourself a hacker, Jay.
LikeLike
Thanks Eden! I pretty much use the same tools. *high five*
I run ClamAV on the home server to pre-filter any email for the kids and then we use MS Security Essentials. SuperAntiSpyware is another good one for “on demand” use. Be careful having too many things running at once because some packages might fight with each other.
The AdBlock + NoScript extensions are why my primary browser is still Firefox. Chrome has NotScript, but it looks to be more complex to set up. I don’t trust Google as far as I can throw them.
-Jay
@jaytechdad
LikeLike
*smiles* Good to hear that this old horse has some sense left in her.
I use Seamonkey (Firefox clone like the older Netscape), but the effect is the same. Chrome annoys me… and it is how I managed to get the two trojans that did get through to my machine in, so your instincts may be spot on. However, I suspect that Google itself is much like any big company–not interested in letting malware get through, but not that worried about chasing down potential problems until someone exploits them and forces their hand and their market share.
Just my take on them. I’d be curious to know why you dislike them so, Jay.
LikeLike
I used SeaMonkey but moved back to separate apps for Browsing, Mail, and the rest when it and Firefox had horrid memory leaks.
As to Google, my main gripe has to do with their “Don’t be evil” motto. It’s BS, they’re just as evil as anyone else.
This is the same company who provided info on dissidents to the Chinese government, has weakened its privacy policies to something not worth much, ignores the “do not track” feature in browsers, was caught recording people’s WiFi traffic, deliberately sabotaged Maps from working on a competitor’s products, has put pressure on governments to shut down ad-blocking services (Free in France), and so on.
And with all the info they collect, I worry about what would happen if they decided to go “Full-Evil.” There’s another good story idea…
That being said, I love my Android phone (they bought the company who created Android) and use them when they’re the best option available.
-Jay
@jaytechdad
LikeLike
Good list there–knew about several of those, but you listed a few I hadn’t seen. Thanks again–I have more to look up.
LikeLike
Pingback: The End is Near (and we deserve it) . . . Sexcereal « Bayard & Holmes
Pingback: Writing Resources 16 March 2013 | Gene Lempp ~ Writer
Fab post, Jenny and Jay! I won’t be able to sit in live, but will watch the recording. You had me at learning to get address data not listed. My laptop was hacked about a year ago and I had to get it wiped clean from the invader. Still not sure how since I’m careful about clicking links.
I also quake when I do semi-searches on myself and find my home address. I have mentioned some places or in conversation my overall city (not actual suburb) and now wonder if I should go hide in the CVS on the corner if any crazies come. Now I wonder if I should have grabbed a pen name, but don’t want to start all over in social media platform building. *doing above mentioned breathing exercises*
LikeLike
Hi Barbara,
Yes, I do go into how to remove your address from sites. Since there was so much interest in this, I added an overview with an example of how to do it. And for those who want either more hand-holding or even for us to do it, there are options too.
As to how your computer was hacked, it could have come in through a poisoned ad that your browser and anti-virus missed. I saw a few bad ads a while back when Spotify’s ad network was compromised. It’s often difficult to know exactly how a computer gets hijacked.
-Jay
@jaytechdad
LikeLike
I’m so going to sign up for Jay’s class. There is never enough one can learn about the Internet security!
LikeLike
Pingback: WriterStrong: Why Is Your Hosting Company Integral To the Success of Your Website or Blog? | Writers In The Storm Blog
Pingback: WriterStrong: Why Is Your Hosting Company Integral To the Success of Your Website or Blog? | Writers In The Storm