The cloud is a current buzzword in technology, referring to remote storage space on the internet. The big challenge with using it, as a privacy advocate, is you don’t know what the people on the remote end are doing with it — are they reading or reviewing the files you put there? Are they selling them or providing the information about those files to third parties like advertisers? Is anyone legally responsible if it is hacked/compromised? If they’re offering it for “free”, you’re likely providing the product being sold.

The most controversial as of writing this is the newly announced Google Drive, whose Terms of Service currently suggest that while you own the copyright for files you put there, Google could use the content as well:

“When you upload or otherwise submit content to our Services, you give Google (and those we work with) a worldwide license to use, host, store, reproduce, modify, create derivative works (such as those resulting from translations, adaptations or other changes we make so that your content works better with our Services), communicate, publish, publicly perform, publicly display and distribute such content.”

That being said, there are a lot of benefits to using the cloud, I just don’t recommend you do it for anything you’d not want public someday. If you want to store confidential files there, encrypt them with something like GNU Privacy Guard, that way only you can read them.

If I’ve not scared you off, here are a few different free solutions, you can use one or all of them for over 10G of free storage space!

• Dropbox
• Google Drive
• Microsoft SkyDrive
• Apple iCloud

If you know of any others, let me know and I’ll add it to the list!

I’ve spoken about trackers before and recommended four steps/solutions for protecting your browsing privacy:

• Script blocking (browser plugin that blocks scripts by default, the most important plugin one can have!)
• Ghostery (browser plugin that shows how many trackers any given website is using)
• Ad Block Plus (browser plugin that blocks ads on websites, which often includes trackers)
• A replacement hosts file from my friend Dan Pollock (redirects attempts to bad sites to your own computer)

Companies are increasingly more interested in selling your personal information than protecting you (see a few Canadian examples here).

Yesterday I was interviewed by CBC regarding a viral video of a speeding motorcycle here on Vancouver island, and spoke about the potential to track the anonymous poster of the video using the internet. The irony is, I can’t watch the video that I’m in, as CBC has required tracking by Doubleclick (s0.2mdn.net) in order to view it (Read my friend Chris’ detailed article on why Doubleclick is a concern.

If you’re able to watch the video above, you haven’t taken sufficient measures to ensure your browsing security and you should be aware that you’re likely being heavily tracked.  In essence, having the ability to watch the video equates a violation of your privacy.  Since most attacks these days are browser-based, you will be well served to take the steps listed above to both protect your browsing privacy and to make your computer(s) more secure overall.

I would argue the four steps listed above are even more important these days than having anti-virus software installed. The first three are browser plugins, so they should be easy to install. The fourth one is a little more complicated, so don’t hesitate to contact me if you need help going through this process as an individual or for your organization.

This is a time sensitive post, CBC is a National Canadian treasure, and can resolve the tracking ability of their website at any time. Notify me if/when this happens and I will update the article as such, once verified. –Kris

There have been a lot of stories about what happens when you reveal your social network profile, especially your geo-location information. Probably made famous first with Please Rob Me which would post open Foursquare profile data, showing when you’re not at home. While it’s since been shut down, such information is still being used. The Girls Around Me app is getting media attention this week, which shows women in your area, with links to their online profiles.

I have no issue with using open profiles and geo-location, as long as you’re aware of the risks and making an education decision. If you’re not aware of the potential repercussions, you probably want to stay away until you’re better informed.

On all social networks, there are options to close your profile, so it’s not open for the general public to see. This applies to Facebook, Twitter, LinkedIn and Foursquare, for example. Try looking yourself up on each of these, see what you can find!

If someone hacks into your laptop/computer, and it has a webcam, they can control turn it on whenever they’d like. This video, based on a true story, should motivate you to cover your webcam:

One tech tip, don’t put tape directly over the camera as I initially did, as it will leave sticky artifacts on your lens. Instead, put a piece of tape on each side of a piece of paper, and place the paper part on top of the camera.

Most of my clients are running anti-virus on their home and work computers, but are they using it right? There are 3 key steps to running anti-Virus software correctly.

1. Install it. This probably seems obvious, but any computing device you connect to the internet should have anti-virus software installed. If you’re using Microsoft Windows, Microsoft offers Security Essentials for free. This includes portable devices like laptops, tablets and smart phones, and yes, if you’re using an Apple computer, you should also be using anti-virus, otherwise you’ll likely never know if your device has been compromised!
2. Download the latest definitions, regularly. Every day 100s of new viruses are found in the wild, on the internet. Your anti-virus company will provide you with a chance to download the latest definitions of theses viruses likely every day or two. It doesn’t make sense to move to step 3, without doing this step first. Otherwise, your anti-virus software will only be able to find viruses with the latest definitions file it has.
3. Scan your device. A lot of people think steps 1 or 2 are all you need to do, but that is incorrect. You need to have your anti-virus do a regular, deep scan of your device, so see if it finds any matches between it’s list of definitions, and files on your computer. If it finds a virus, it will offer you a way to remove or quarantine it.

How often do you scan your devices with the latest definitions?

I mentioned a few months ago for those wanting to leave Google search to give DuckDuckGo a try. There’s another alternative as well, called ixquick. Give it a try as well, and see which one you like the best. You can follow the DuckDuckGo post to make ixquick your default search engine as well.

This is the basis of the follow up letter from Digital Policy Canada drafted to the CIRA sponsored Canadian Internet Forum this week. The fundamental question we need to ask, what are Canadian regulators doing to protect Canadians, as well as their intellectual property, from foreign state actors who assert legal or technical controls over them? Right now for example, the American government is attempting to position itself as the global internet police, by taking down foreign domain names, even if no laws have been broken in that country.

If you run a website, that broke no Canadian laws, how would you feel if the American, or any, foreign government took it down because they didn’t like it?

Digital policy asked this question a year ago, and requested a follow up by the end of 2011. As no response was received, help us ask the question: what are our regulators doing to protect Canadian internet sovereignty?

If you’re on twitter, you can join the discussion using the #ciraif hashtag.

You can read the entire Digital Policy Canada letter here [pdf]

Disclosure: I am a co-founder and active member of Digital Policy Canada.

If you’re in the Victoria, British Columbia region, we’re going to start a community-based reverse engineering class, and you’re invited. Reverse Engineering is understanding someone else’s software well enough to be able to do what you want with it. You can follow the latest on the REclass page on the Ideas – Victoria  wiki.

You don’t need any software or computer programming experience, but it will definitely help. You will have to be willing and eager to learn. You can do a search online for “introduction to computer architecture” and “introduction to assembly language” to get an idea of what to expect.

You might also watch on their Facebook page and/or Twitter account for updates.

UPDATE Feb 15: See the initial syllabus as presented by Guy: Reverse Engineering Brainstorm Session

Do you think such a thing could be implemented without any public consultation or corporate media attention? It exists. About 6 months ago at an Ideas Victoria meeting, Kevin S McArthur brought up the fact Victoria Police were using cameras on some of their police cars, called Automatic Licence Plate Recognition, or ALPR. As Chris Parsons and myself were in attendance, no strangers to privacy issues in Canada, we immediately had a list of questions about such a system. Who was running it (later to find out the RCMP)? How wide spread was it? Where was the data sent and/or stored? Who had access to it? What type of information was stored? How was it claimed to be used, how could it be used?

Rob Wipond was also in attendance, one of Victoria’s last freelance journalists, and one of few I know who do investigative journalism… researching stories with more than a one day turn around for a quick hit. He was also very interested, and agreed to initiate the research by submitting some freedom of information (FOI) requests.

This story takes many bizarre twists and turns, including lies, misinformation and misunderstandings by everyone involved in this system. My thanks to the folks at FOCUS Online for supporting such research. This is the type of story that should be national, but none-the-less I’m proud a “little magazine from Victoria” can be responsible for disclosing such an important breach of our civil liberties.

You can read the entire article called Hidden Surveillance in the February 2012 issue of FOCUS, which is on newsstands now.

If the story interests you, Rob went a step further and published all of the documents he received from his FOI and Federal Access to Information requests!

Disclosure: I did not participate in most of the research, only in the initial planning stages, due to potential conflict of interest with my role on the Privacy and Access committee of the BC Civil Liberties Association and other committments.

On Vancouver Island, you might pick up the Times Colonist newspaper to see what’s happening. There are little to no privacy risks if you buy it from a stand. However on the internet, where the company has the opportunity to protect you even more than the physical space, they’ve decided to try a different angle… sharing your reading habits with other companies. If you use ghostery you can see that by viewing timescolonist.com, they are sharing your viewing habits on every page you visit to at least 10 different companies, with little to no disclosure on what those third parties do with your information.

If your local newspaper isn’t a concern, which it should be, what about your financial institution?

Why are these organizations providing your private news reading habits, and online financial transactions to 3rd party companies?  If you decided to ask them, perhaps also ask how much money are they making from providing your information?

How does your local news website score? What about your financial institution? Download ghostery and find out for yourself.

It should be noted that 10 trackers doesn’t necessarily mean worse than 1 tracker; if your personal information is provided to a tracker, you have no control of what happens to it when it gets there… they could sell it to 50 more companies.

If you find any other interesting results from ghostery, let us know on twitter and we might add it!