From the first days I taught Operations Security (OPSEC) for the Inter-Agency OPSEC Support Staff, selling the idea of OPSEC was hard. People saw it as another chore: try to remember your list of critical information and don't talk about it. Yawn…

But the military and Intel Agencies take this very seriously Because seemingly unimportant information that is shared carelessly is dangerous.

Purple Dragon - the original OPSEC program for the USA.

For example, during the Vietnam war, the US military inadvertently leaked their plans to the Viet Cong spy network by having their planes visibly on the runway with the supplies staged nearby.

In a more modern example, reporters in the 90's discovered that they could predict major world-events based on the number of late-night pizza delivered to the Pentagon and other key agencies – a phenomenon now playfully referred to as "the pizza meter".

Basically, by operating in the open with no care for who was watching and what they might learn, US forces suffered data leaks of their own making. But who cares about the government, right? Why should regular people should care?

The crime of disbelief

Do you believe in Zeus and Poseidon? Do you legitimately believe they're real and must be respected and feared? If not, you are a non-believer… just like the rest of us. There are many major religions and branches and we are all non-believers to one or the other… and that shouldn't be anyone's business or concern. But not everyone agrees.

Trigger warning: violence, death

I was raised Christian, but learned early that there are "right kinds" and "wrong kinds". Catholics, Baptists, and others who claim to have the same beliefs, but will still argue and judge each other. It's one reason separation of church and state is so important – even if people could agree on the religion, there's just too much disagreement about details.

A 2017 Netflix Special about an activist murdered for her cause

Luckily, brave people like Madalyn Murray O'Hair advocated against forced prayer and Bible readings in public schools as early as the 60's. Through a lifetime of court cases and advocacy, she made schools a safe place for those of a different denomination, a different religion, or no religion at all.

A 2017 Netflix special details O’Hair’s life, her struggles, her victories, and (ultimately) her kidnapping and brutal murder in 1995. By making an effort to make the USA more respectful and inclusive for people of different beliefs, she, her son, and granddaughter paid the ultimate price.

The crime of being "girly"

The crime of freedom

More than ever these days, it's become vitally important for vulnerable populations and advocates to learn how to speak without drawing undue attention from aggressors OR to be a 'hard target' if you do.

In an ideal USA, bigots and abusers would face scorn, shame, and, most of all, repercussions for their hate. But at the whims of society and politics, they not only might escape any consequence; they may be cheered and applauded. Whatever our ideals, we have to live in reality and that means sometimes being judicious about the amount and kind of attention we draw to ourselves.

Bottom line, whether it's serial killers, child molesters, haters, abusers, creeps, or con artists; strangers or people you know – it's in your best interests to learn about risks and countermeasures so you can make an informed choice about sharing information.

But first a disclaimer!

Why bother?

Commander biographies far too often publicly list family names, ages, sexes, schools and more

When I worked for the Inter-agency OPSEC Support Staff, a co-worker shared the story of a military commander who didn't think they needed an OPSEC program. In his view, "we're careful so all that extra effort is a waste."

To prove the point, my co-worker looked up his public profile online. There he found a bit of background on the commander, his wife, and his kids. It also mentioned his oldest daughter was a student at the nearby University of Maryland.

Minutes later, he'd found the daughter's profile on Facebook where it listed several photos, details of her life, and her class schedule. He grabbed a camera, a buddy, and printout of the schedule and went down to the school.

At the expected time, she came out of the Chem building, crossed the quad, and then sat at a long bench to check her bag. My co-worker sat down on the other end of the bench and did a "V" sign while his buddy took the shot. Later, he tossed the photo down on the commander's desk and said, "THAT is why you need an OPSEC program."

The good news is that the commander didn't take it personally and implemented the program, but not everyone has a team to handle this stuff for them. And even if they did, trying to trying to stay aware of (and defend from) every new type of scam, hack, or trick is impossible. But giving up isn't the answer either. There needs to be a third option and that option is LifeSec.

Like a martial art, LifeSec is a lifestyle. Not a series of steps and processes, but a set of general rules to internalize and make part of your every day life. While this could never be 100%, adjusting your mentality about personal information has a much better chance of protecting you not just from the attacks of today, but whatever new con is waiting right around the corner.

First up, The Risk of Visibility.

Brave. The privacy browser

Keeping up with security and privacy topics when your work is only tangentially related and life sweeps you away (so you don't have time or energy the rest of the time) is not easy. That's why your best chance for getting an upgrade is finding the time to focus and experiment OR finding the right article at the right time… and I hope this will be that for you.

I've tried to focus this article on how most people use the Internet most of the time. For extreme folks, there are other options including Lone Wolf and Tor, but for everyone else, keep reading:

Hate having to read an entire article for the answer? Here's the bottom line: I use Firefox for websites with logins (except social sites), Brave for regular Internet (and social sites that constantly lead out to the Internet), and a little bit Edge as backup and personal brand segregation.

The brief background

Why is this necessary? Because companies are doing everything in their power to get into your business. They track where you go, what you click, what you're interested in, or just what they THINK you're interested in based on your browsing and clicking patterns. Besides being creepy and unwanted, it creates problems.

What happens when someone else uses your computer or you look something up for a friend or family member? Now their interests get mixed with yours causing you to see ads and recommendations that aren't remotely relevant. And what happens when you accidentally click a bad link in a chat or email (it happens to the best of us)? Many attacks are based on the idea that you're logged into your email or bank in another tab of the same browser (this is called cross-site scripting). And what if someone buys ad space and puts malicious code in or (or it's just rude and obnoxious)?

To reduce risks, annoyances, and invasion of your privacy while keeping things extremely simple, the pro tip is browser segregtation

Generally speaking, you can break down your Internet use into two or three main categories:

1. Actual browsing. Searching, clicking, exploring, etc.
2. Account-based web applications. Email, banking, shopping, etc.
3. Social and personal brand. LinkedIn, Facebook, Twitter, and other things connected to your professional image.

Let me explain each in more detail.

Browsing

When you're browsing around the Internet, you want the toughest browser around because you could end up anywhere at any time. Click a bad link, type a url wrong, or just browse around normally where sites attempt to identify you individually, track you, invade your privacy, and put you at risk due to poorly managed scripts and advertisements. As your default browser, this is the one that will load if you accidentally click the wrong thing in a Discord chat or any other app on your computer.

This is also the one you want to use for your private social accounts and any other app that is so closely tied to the general Internet that its nearly indistinguishable from open Internet anyway. Things like Reddit and Pinterest or alternate accounts for Twitter and Facebook that aren't tied to your identity.

Basically, you need your A-game browser – the best of the best – when out in the wilds of the open Internet.

Account-based Web Applications

This is where you keep your login-based accounts like emails, banking, shopping, and so on. If it's not a semi-Internet site like Reddit or Pinterest and it requires a login, keep it in your secondary browser.

Granted, sites like Amazon are very invasive as well, but much of the way they spy on you requires that you're out browsing the internet and not staying on a handful of specific websites. Additionally various types of attacks depend on you browsing around and taking a wrong turn while your tasty bank account or email are open in another tab of the same browser. Using separation this way largely prevents that too.

Don't overcomplicate it! For many people, keeping your logged in accounts and open browsing separate is good enough, but if you want to see why I use a third, read on.

Identity Accounts and Branding

In my case, I chose to have one more separation where my identity is known and my reputation at stake. To make sure that I don't cross wires and rant about how much I hate the VI editor on my branded-Reddit page, I keep them segregated too.

LinkedIn, Reddit with my professional name, Kickstarter, Twitter (if it survives into 2024 and beyond), my official Facebook (if I ever decide to make one) – basically, I keep these in a third browser because:

1. I want to keep a third more standard browser around in the rare cases where sites refuse to load in anything else
2. I can visually tell if I'm in the wrong place because of the different browser. That helps me think twice about what I'm going to post since it's tied to me individually.

For identity-based Internet

I'll cover this first and only briefly since only some people will be using the 3rd-level browser. I use Edge because it's one of the three major-supported browsers and will work for any site that doesn't like deviations from the norm. Also, it's not Chrome (the worst for privacy invasion).

For account-based Internet

For this one, I chose Firefox. Firefox is nowhere near the privacy-focused and community-friendly browser it used to be, but most of the ways it sucks now require being on open Internet. It's still going to be supported by major websites and you shouldn't have any trouble using your accounts with it.

For open Internet

I had been sleeping on this one for a while and heard bad things in the past, but read and watched videos and did some research. I determined that, as of this posting, Brave is the best browser for privacy online. It has a built-in adblock function and VPN (the first is free, the VPN you have to pay for, but not a big deal). It's nicely presented, fast, and works everywhere I've tried it so far.

Brave is also building a privacy-based search engine which is something DuckDuckGo has been known for, but even DDG has some issues that Brave does not. If the Brave search isn't working for you, Google and DDG are still there. Brave does use some kind of cryptocurrency gimmick, but that's optional and doesn't get in the way enough that I see it as a dealbreaker.

Summary

For best safety/security/privacy, use at least two browsers and mentally separate your activity online into "log-in account stuff" and "everything else" (and maybe a third for "anything that I use my real name for"). Tags: Brave, Browsers, Chrome, Edge, Firefox

Netflix! Bro! You can be SO much better than this.

One of the reasons that Google because THE Internet search engine (though DuckDuckGo is better because it protects privacy) is because they have clean, no frills interface and they WORK. They get the job done. Those two key features made it the juggernaut that it is. Netflix is basically on the same path except for a few obvious design flaws.

Autoplay

The first is auto play. I really don't need to say much else: it's a feature almost no one wants or needs and they shouldn't have shoved it down our throats. If you want to "opt-in" fine, but making it the default and forcing us to turn it off (which doesn't even work fully) is obnoxious to say the least. Don't play, don't preview, don't do anything at all until and unless I tell you. No one wants an interface that goes rogue and has a mind of it's own.

Originals

This one is probably petty, but it ticks me off when I see something labeled as "Netflix Original" that is neither. They slap that label on Anime that they didn't create, produce, or otherwise do anything with other than make it available. Giving it a "Netflix Original" label is much like seeing Apple juice in the store labeled "100% juice!" when in reality, it only has 10% apples in it.

I'm 100% aware there are some linguistic and legal shenanigans at foot that make this not technically fraud, but I don't care. It's dishonest and manipulative.

Watch forever

Recently I've been enjoying something that is actually Netflix original: Netflix comedy specials. It's fun to have on when I'm working on other stuff, but I'm not interested in watching the same show multiple times in a short period. Much as I might like Dave Chappelle or Gabriel Igelsias, it's going to be several months or years before I can really enjoy seeing it again. Meanwhile Netflix keeps showing me the same stuff over and over with no way to filter it or even indicate which ones I've seen.

I contacted Netflix about this and they said I could either check the watch history in my profile and manually keep track or thumbs down my favorite things instead. So my current choices are to build a crime-scene wall of watched photos to keep track myself or gut-punch my recommendations (and favorite shows) with undeserved thumbs-downs. I think they can do better than that.

No indication of what's been seen before. No option to filter. Really?

Pandora has a neat feature where you can say "I'm tired of this, shelve it for a while" which would be great. Or if I could just say "seen it" and filter it to only things I haven't watched before, that would help me find new stuff instead of accidentally starting the same John Mulaney special 5 times in the course of a week. The thing that kills me is that it would be so easy to do. It's not difficult to have a little icon marking "watched this". Maybe even a counter, but WAY better would be a way to push them aside if I don't want to see it again for a while.

To prove this is as trivial as I claim, I wrote a greasemonkey script to give basic ''watched that'' functionality. It's pretty basic, but it's better than what Netflix is giving you.

Installing

Click here to learn more about Greasemonkey and how to use it. If you already have GreaseMonkey (or similar), you can get install my script by clicking the install button on this page. Otherwise, here's the raw script if you prefer:

// ==UserScript==
// @name	Netflix saw it button
// @author	TheGeekProfessor
// @description	Fix netflix thumbnails so you can mark them as watched
// @include	https://www.netflix.com/*
// @require https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js 
// ==/UserScript==

// license	Creative Commons Attribution License


$(document).ready(function() {  
  $('[data-ui-tracking-context]').each(function(){
    // It's  query string that's actually JSON that's actually an array
    id= JSON.parse(decodeURI($(this).data('ui-tracking-context')));
    id = id.video_id;
  	if(localStorage.getItem(id))
      $(this).closest('.title-card-container').addClass('g_watched');
  });
  $('[data-tracking-uuid]').closest('.title-card-container').append('<div class="watched_eye">&#128065;</div>');
  $('.watched_eye').click(function(){
  	$(this).closest('.title-card-container').toggleClass('g_watched');
    id = $(this).closest('.title-card-container').find('[data-ui-tracking-context').data('ui-tracking-context');
 	  id= JSON.parse(decodeURI(id));
    id = id.video_id;
    localStorage.setItem(id,$(this).closest('.title-card-container').hasClass('g_watched'));
    console.log(id);
    console.log(localStorage.getItem(id));
  });
 
  $('head').append( `
    <style>
    .watched_eye {
      font-size: 57px;
      padding: 10px;
      position: absolute;
      bottom: -40px;
      left: 0;
      background: gray;
      border-radius: 6px;
      height: 30px;
      line-height: 30px;
    }
		.watched_eye:hover {
			opacity: .3;
			cursor:pointer;
		}
		.title-card-container.g_watched {
			opacity: .3;
		}
    </style>
  ` );
 
});

MeWe: A Facebook alternative based on protecting your right to privacy.

It's been great watching DuckDuckGo rise as a major Google competitor. I've been thrilled to see Firefox taking a more aggressive approach to protecting people as a way to combat the invasiveness of Chrome. Now we might finally have a solution to the Facebook problem. "Which problem", you might ask?

If you didn't already know, Facebook has a long and sordid history of taking and misusing your data, profiling you, selling those profiles, losing and mishandling the data as well. They're essentially a data-broker masquerading as social service. This means harvesting every piece of information they can find about you so they can package and sell it to others. It's nasty business, but everyone's doing it… everyone except a few who are building a new paradigm that proves you can make a business work without abusing customers.

Data-brokering is nasty business. They learn about your habits, your private business, your medical information - all of it packaged and sold with nary a thought to whether that will be used for ID Theft, skeezy marketing, law enforcement and so on.

That's what I hope to see in MeWe. I did some research since I'd never heard of the before today and they've actually been around a while. They used some business-focused "gofundme" services (Angel.co and wefunder) to get capital and have built up MeWe.com from that. There are various reviews of the site around including Forbes.com who claims they already have 8 million members (though that's rapidly growing).

If that's the case, they hardly need my review on top, but I still reached out to the CEO (his email is listed online… something he'll want to change if the site is growing this rapidly) to point out some room for improvement. For example:

It's not actually clear in the policy what happens if they change their mind later. I read on another post (their about page or one of the reviews perhaps) that they would notify you of changes and you could opt out… not very reassuring. Better would be to make it clear that minor changes to the policy that are still in-line with the philosophy would result in notices, but major changes would not affect you until you logged into your account again and manually accepted the change. This is a bold site with a bold plan; let's see bold assurances as well!

They're actually doing pretty well already in having a conversational tone, keeping it short, and avoiding legalese, but I think it can be even better. For example, the font is pretty small and they're not making great use of whitespace. Some pics might be good to break up the wall of text. Some of the detail is a little over-kill (maybe summarize and then link/expand for people who care).

Did you know? Internet law requires at least one cat pic per post.

There are precious few companies trying to take on the giants and it would make sense for them to join forces; even if only in cross endorsement. Obviously they should first review their business model, security plan, and a deeper look at their tech strategy, but then, if they're convinced, the endorsement of someone I already researched and trust would go a lot further than online posts.

So far going through the privacy policy and terms of service, I'm generally impressed. There are some neat features like "secret messaging" that even MeWe can't see (end-to-end encrypted between you and the recipient), full right to download all your MeWe content to your local computer, and messages that will auto-delete once they're received. Of course there's the question of "how they get paid" which they answer on their FAQ page.

It's a bit lengthy so let me summarize: they make money by charging businesses for a PRO version, by selling extra emotes (if you care), and other add-ons that are optional.

Last Thoughts

Signing up was easy and, though I will never let a website scan my contacts from other services, at least there's SOME assurance this site wouldn't abuse that function. The home page is clean, easy to understand and features some posts from the CEO about important privacy issues (like the growing concerns over how Amazon uses Alexa). Nice…

Not bad. If you combine the promised privacy with a good tool, this might be the tool that saves us from Facebook.

The jury's still out for me, but at least I can feel comfortable using MeWe in my regular browser instead of having to isolate Facebook in a private window to keep it from stalking me on the web. That alone puts MeWe on top for me.

FTC

(Image is in the Public Domain)

The Federal Trade Commission proposed a new standard of privacy in American Industry recently:

“Despite some good actors, self-regulation of privacy has not worked adequately and is not working adequately for American consumers,” Jon Leibowitz, the chairman of the trade commission, said. “We’d like to see companies work a lot faster to make consumer choice easier.”

No kidding? Companies won't regulate themselves? Unbelievable!

Anyway, the article goes on to say:

The online advertising industry, Mr. Zaneis said, would suffer “significant economic harm” if the government controlled the do-not-track mechanism and there was “a high participation rate similar to that of do not call.” Mr. Zaneis said the industry would continue to build upon a self-regulatory framework and had recently put in place the use of icons on select online advertisements that allow users to opt out of customized advertising.

Oh boo hoo! Companies that have been tracking and tagging you like cattle would be upset if they had to stop. Waa.

Whether or not the FTC will get traction with this is uncertain, but it won't matter much if it's built into the browser AS IT SHOULD BE. Fortunately, Firefox at least is looking into this in an upcoming version.

Today a severely depressing story of a baby that was shaken to death for interrupting his mother's Farmville time.

A normal parent knows interruptions happen and can deal, but someone suffering from an addiction is different. They're obsessed and nothing else is as important!

The Mashable article says this:

Needless to say, it is Ms. Tobias — and not the game itself — that is responsible for the death of her 3-month-old son.

While this is completely true, I don't think it's right to say that Farmville was not involved and bears none of the responsibility. The game, is fun, engaging, bright and feeds into people's innate needs to build, organize, nurture, and escape (all signs of addictive games), but worst of all, Farmville punishes you for not playing. When you stop playing, your animals and crops die.

At some point, the people who make Farmville had a meeting to decide how to keep people playing the game and came up with the death idea. To be fair, maybe they didn't realize how this would lead many people into addiction, but it has and that fact is pretty obvious by now.

Even Mashable agrees:

FarmVille, named one of the “worst inventions” in recent decades by Time magazine, has more than 60 million members, most of whom access the game through Facebook (Facebook). Some players have found it so addicting that they’ve lost their jobs and racked up debts north of $1,000.

In the end, what company owns up to this and apologizes or changes their ways even in the face of deaths and misery that they had a hand in causing? Instead, they'll blame the user saying that it's totally their responsibility for becoming addicted. So the only choice you have is to handle it yourself.

You have to manage or completely avoid games that are (allegedly) built addictive. Just do a search for "name of game" addictive and if there are pages and pages of results, you just might want to steer clear.

(Image used under: Creative Commons 2.0 [SRC])

Ok so maybe not ONE click. But someone has put together a simple tool that you can use to take over the active sessions of anyone within wireless range of you. Hang out at the Starbucks free wi-fi and you'll be able to control the Facebook or other accounts of people nearby. It's an attack that was always simple to do for those who know how, but now any idiot can do it with a simple new interface.

By the way, they mention a few protections from this at the bottom of the article, but here's one more.

(Image used under: Creative Commons 2.0 [SRC])

This is not surprising.

"Apps" are pieces of software that let Facebook's 500 million users play games or share common interests with one another. The Journal found that all of the 10 most popular apps on Facebook were transmitting users' IDs to outside companies.

The apps, ranked by research company Inside Network Inc. (based on monthly users), include Zynga Game Network Inc.'s FarmVille, with 59 million users, and Texas HoldEm Poker and FrontierVille. Three of the top 10 apps, including FarmVille, also have been transmitting personal information about a user's friends to outside companies.

Once you install a 3rd party application, you no longer have control. Think twice before touching any "app" about how much you care if your information remains private or is sold on the information black market.

(Image used under: Creative Commons 2.0 [SRC])

Rule number 1: don't trust Facebook or any other marketer with your information. Anything you provide should be carefully researched to see how safe it is then provided only after deciding what risk you face.

Rule number 2: don't use automated processes to share information without even MORE careful research.

Breaking both rules is a new app from Facebook which will allow you (or one of your friends) to violate the privacy of many people at once by uploading your phonebook.

The greatest part is that you don't have to give up your phone number since one of your friends can instead! This is just like how Facebook let friends tell stalkers where to find you or add you to groups so someone who's mad at you can make you look like a pedophile.

Don't you love Facebook?

Let Facebook know location? Not a good idea

(Image used under: Creative Commons 2.0 [SRC])

I can't imagine broadcasting my current location to the world. There are so many risks that I don't even know where to begin. If you like this feature, good luck and godspeed. Hopefully you don't get robbed, stalked, or worse. The point is that your risk is higher when strangers know your location, and Facebook helpfully turns on this feature by default. If you want to take my advice and turn it off, here's how:

1. Find the control for Places in your settings

2. Disable the ability of friends to check you in