Password Managers For 2024
The top two questions we’ve received for the last 15 years are which browser should I use for privacy?, but more common is “Which password manager should I u...
The top two questions we’ve received for the last 15 years are which browser should I use for privacy?, but more common is “Which password manager should I u...
I’ve been updating this blog for well over a decade on privacy centric browser options, so I thought I’d start with my recommendations as we dive into 2024. ...
When sharing links, there are a handful of issues that may occur. The original news site or blog may have taken the article the down, or they may in the futu...
We’ve all been working on something on our device when we get a pop-up that a new patch or update is available, and we probably dismiss it as we want to stay...
If you’re a profitable company, hiring a full-time CISO and Privacy Officer might not be out of your budget, and if so, this article is not meant for you. Th...
A couple of years ago we wrote about how you should Re-evaluate your cookie and consent management platform, and it’s been interesting to watch how some webs...
On November 25, 2021, amendments to B.C.’s Freedom of Information and Protection of Privacy Act, R.S.B.C. 1996, c. 165 (“FOIPPA”) came into force through Bil...
I’ve been asked this question countless times over the last couple decades, perhaps because I used to be responsible for cracking weak passwords for a compan...
In order to be effective as possible, we must always be aware of what the biggest problems organizations are having. In our case, regarding your privacy, sec...
I often get asked which secure communication tools I recommend. I’m writing this as a condensed master of list of previous articles I’ve written.
5 years ago, I pulled together some of Canada’s top privacy experts, and we did a Reddit “As us anything” (AuA) about the Canadian privacy landscape.
There are now several privacy laws (Canada – PIPEDA/PIPA, EU – GDPR, California – CCPA) that allow individuals to request their personal information.
I’m no longer associated with Canada’s ID Theft Support Centre, which ran out of funding years ago, but I still regularly get asked for help by victims. List...
In this audio clip I talk about the three factors of authentication, and some solutions you can use regarding 2fa to protect your accounts.
If you have a website that uses cookies, you’re likely aware of the European Cookie Law. What started as an EU Directive, by May 2011 it was adopted by all E...
If you’re using SimplexTax and follow this blog because you prioritize on your privacy, you likely want to take the following steps immediately:
When is the last time your organization had a security audit or a privacy law compliance check up? We have a spot for one more security audit this year, and ...
If you’re using a major Canadian ISP, you can likely no longer access goldtv.ca. or goldtv.biz. This is due to a federal court case from two weeks ago, case ...
Please read the entire article before clicking on any of the links, and I’ll explan why.
As you likely know, especially if you’ve followed this blog over the years, most websites are collecting as much data about you as they can, and are using it...
I was looking for a list of privacy centric domain name registration systems, and as of writing this, I can only find one: Njalla. It was created by Peter Su...
There’s some hot news about StatsCan collecting 15 years worth of Canadian’s personal financial data in the news. There are few interesting points related to...
I’ve written about privacy trackers for over 7 years on this blog, and have been speaking about them for over a decade. This is an updated article, as techno...
I was asked again this morning about using a specific app to send secure messages in a corporate environment. My answer was simple, and it hasn’t changed in ...
If you work in privacy, chances are you’ve thought at least somewhat about where your data is stored — and this is the year where we all need to be thinking ...
Starting May 25th, if your company is a data processor or controller of anyone in the European Union, you’re obligated to comply with the EU’s strict new Gen...
Fellow Canadians, especially journalists, when a person or organization can’t respond to a request citing “privacy reasons”, let that be a huge red flag to y...
In Canada, we have a federal law called the Privacy Act, as well as one called PIPEDA, which amongst other things, allows you to access the information priva...
One of the features you’ve likely enabled, is Facebook’s platform. To give you an idea of how powerful this is, this is the warning it gives you when you att...
“In the name of “preventing, detecting and investigating terrorist offenses and related travelâ€, all United Nations (UN) Member States should develop sys...
The short, but intense solution for Meltdown and Spectre from CERT is to upgrade your CPU. (update: As you can see by this URL, they have a more detailed sol...
If you’re ready to stop providing an advertising company with full access to all of your email communication, there are other alternatives out there. This is...
I’m often asked which browser I use. Both Chrome and Firefox have a more privacy centric alternative now, Iridium Browser and Firefox Focus respectively. Of ...
[NOTE: Senior Advisor Kris Constable submitted this to HuffingtonPost, but due to the time zone differences and the severity of the issue, we have decided to...
Thanks for trusting us to help with your privacy, security, and technology needs. Use the following options to begin the engagement as agreed. Once payment g...
EDIT: Click here for the Live Reddit iAMA link. For details, read below.
I’m often asked about secure websites. For example, should you trust the connection with your computer and your bank’s website? The article is going to get a...
I recommend you start asset cataloging before you have a vulnerability assessment done on your organization as you need to know what the assets are you’re tr...
These are the three browser plugins for device protection I recommend you install. The first one is arguably more important than anti-virus, and takes a whil...
The next time you think you’re having a private online chat with a family member, you might want to think about who can read, watch, or log that conversation...
If you’ve ever wondered, “What information can my organization collect from a person according to British Columbia’s Personal Information and Protection Act ...
If you’re wondering what the top 3 steps to protect your computing device, this post is for you. It’s important to note I said device and not computer, as th...
For over four years, the BC Liberals have been working to build a monster database of all of our personal information. Instead of it being limited to one Min...
If you own or operate a business in British Columbian or have a sole proprietorship and you wonder, “Does PIPA apply to me?,” this talk is for you. This con...
Have you ever really paid attention to what information an application is requesting? While I’m singling out Facebook and Android in this article, please thi...
A local LinkedIn group has a discussion recommending a specific anti-virus software. That made me wonder, what antivirus software do you recommend, and why?
In the Supreme Court of Canada’s case of R v. Telus, a 5-2 decision was made that law enforcement need wiretap authorization to intercept text (SMS) messages...
Reader level: Techy/Sysadmin
Today’s question comes from a former student, asking what I use for a portable password manager:
For most things privacy related in Canadian law, it comes down to what a judge feels Canadians think is reasonable. A couple of days ago the Ontario court of...
According to Wikipedia, the purpose of Data Privacy Day is to raise awareness and promote data privacy education. It is currently ‘celebrated’ in the United ...
When you connect your computer to any network, there are typically two options for how it gives you an IP address – a static IP or a dynamic IP (DHCP). The c...
What likely started out as a school prank has turned into a popular video series called Surveillance Camera Man
Most of us use a search engine such as Google or Yahoo daily without taking much time to consider the inherent privacy implications. If you have some time, ...
Have you ever wondered what’s happening in the background on your network? This article will show you how to determine for yourself. In order to begin, you’r...
There’s been a lot of buzz this month about the retired New Jersey locksmith selling several master keys to the city of New York to a newspaper reporter via ...
After reading my Everything you say is likely compromised post, my friend Ross Henton asked,
Ever since the early days of 2600, people have been learning what it takes to compromise voice conversations.
If you’ve followed this blog for some time, I first wrote about the introduction of the bill in May 2010, and then a follow up redux in August 2010 (a summar...
I read a post today on the IAPP‘s Daily Dashboard talking about a “privacy-friendly” “positive side of facial recognition”. It suggests that Ontario’s Inform...
Because of Apple’s advertising, Mac users often (wrongly) believe that they don’t need anti-virus software. The problem that these users have is that when th...
I had a lot of positive feedback from the recent post on Diaspora with client-side encryption. For those of you who are somewhat technically inclined, and li...
Wired is reporting that several hundred thousand people may be affected on Monday when the FBI turns off the domains used in the DNSChanger malware. Over 1/...
Ever since PGP removed their open source client, GnuPG has been the standard in open source PKI. If you want to encrypt your emails and/or files on your comp...
I’ve written about Diaspora before, a social network (Facebook replacement?) that is decentralized, and cares (more) about privacy. If you’re interested to l...
There’s currently a Facebook status going around that states the following:
The cloud is a current buzzword in technology, referring to remote storage space on the internet. The big challenge with using free cloud storage, as a priva...
I’ve spoken about trackers before and recommended four steps/solutions for protecting your browsing privacy:
There have been a lot of stories about what happens when you reveal your social network profile, especially your geo-location information. Probably made famo...
If someone hacks into your laptop/computer, and it has a webcam, they can control turn it on whenever they’d like. This video, based on a true story, should ...
Most of my clients are running anti-virus on their home and work computers, but are they using it right? There are 3 key steps to running anti-Virus software...
I mentioned a few months ago for those wanting to leave Google search to give DuckDuckGo a try. There’s another alternative as well, called ixquick. Give it ...
This is the basis of the follow up letter from Digital Policy Canada drafted to the CIRA sponsored Canadian Internet Forum this week. The fundamental questio...
If you’re in the Victoria, British Columbia region, we’re going to start a community-based reverse engineering class, and you’re invited. Reverse Engineering...
Do you think such a thing could be implemented without any public consultation or corporate media attention? It exists. About 6 months ago at an Ideas Victor...
On Vancouver Island, you might pick up the Times Colonist newspaper to see what’s happening. There are little to no privacy risks if you buy it from a stand....
One of the most common ways your computer gets compromised, is by malicious scripts opened by your web browser. This means you go to a website that might loo...
If you’ve not heard of #SOPA yet, you likely will today. As of right now, it’s only something that techies and internet crusaders seem to be aware of. Like m...
Over the week-end, the University of Victoria’s new administrative building was broken into. A payroll server with the personally identifiable information (P...
What is your computer doing on the internet without your knowledge?
While working in information security for the largest company in Canada, I realized there was no one internally, actively attacking the password database to ...
You’ve probably heard of Google analytics, which takes logs of your website visitors, and all of their activities, and provides you some very pretty, and use...
If you’re a citizen of British Columbia and concerned about the government’s handling of your personal information, you probably want to read Bill-3 (full te...
It’s not often we’ve given Google credit for privacy or security steps, but this week is one of them. Following the steps by Facebook and Twitter we announce...
Thanks to my friend Kevin McArthur for helping unveil this badboy, as it seems to be infecting quite a few machines. It appears that it was local machine att...
After the F8 conference, there is even more concern than before about what personal information Facebook has on an individual. I was sent Facebook’s personal...
Right after the Facebook F8 keynote, a 15 year old noted he didn’t understand this new model Facebook was about to roll out. What might not be obvious, is th...
You may have read my comodogate article back in March where I reported that the comodogate hacker, going by the name Ich Sun told me “…there is a lot of vu...
In an overwhelming scary move, the Vancouver Police Department and the Integrated Riot Squad have just launched a Vancouver riot tell-on-your-friends website...
There is a wildcard *google.com SSL certificate in the wild, which means malicious people can sit between you and anything at Google (including gmail) and pr...
If your friends ever tell you that they’ve received spam from your account, but you didn’t send it, likely your account was compromised. The following steps ...
If you read any of the PostMedia (formerely CanWest) newspapers online, you know that their technical abilities are lacking, to say the least. One of the big...
After writing an article yesterday on how LinkedIn opts your name and photo into social advertising by default, it was brought to my attention today that if ...
Rather unprofessional, and probably against Canadian privacy legislation.
If you’ve installed a Facebook application on your smart phone/mobile phone, they’ve taken the liberty of syncronizing your personal telephone number list in...
Yesterday, Vanity Fair published an exclusive on operation Shady RAT (remote access tool), which was a high-level hacking campaign that lasted over 5 years, ...
I’m sure you’ve received an email spam from what appears to be a legitimate email address, saying you’re entitled to millions of dollars. You know that — tha...
Moxie Marlinspike just released an updated (10 years later!) version of sslsniff that includes the iOS BasicConstraints vulnerabilities that were published t...
An article came out today on canada.com.details how some good precedence for freedom of speech and anonymity online was just made in Ontario:
You’re likelty using Google as your default search engine; and they’re undoubtably good at search. The challenge to me is what are they doing with the inform...
There’s an article in the register today highlighting that American organizations are all bound by the US Patriot act, which essentially allows the US govern...
I just read a tweet from Meredith L Patterson stating that Len Sassaman has committed suicide. I don’t know why, but at first I thought it only a silly inter...
You may remember a year ago I broke the story on the introduction of the minority government’s Canadian version of the patriot act (see articles one and two)...
When you go to a website that doesn’t exist, instead of your search engine of choice offering you other solutions, Shaw has decided to do this themselves, an...
It was [announced a few minutes ago](https://www.timescolonist.com/residents+secure+CareCards+must+renew+every+five+years/4812099/story.html) that British Co...
Penetration testing, also known as pentesting, is a way of evaluating the security of your organization from the perspective of a malicious black hat hacker....
I received a lot of feedback after my post yesterday about creating a permanent SSL (https://) connection to Facebook. It’s most important to use SSL anywher...
This tip is to create a permanent secure connection to Facebook. You can tell you’re using SSL if the URL starts with https:// instead of http://. When you’r...
For anyone that attended the Privacy and Security talk tonight at Social Media Club – Victoria, I mentioned a browser plugin that allows you to see who is tr...
If you’re in Victoria on April 18, 2011, I will be speaking with my good friend Chris Parsons at Social Media Club – Victoria. My talk’s current title is “T...
News broke yesterday of epsilon.com being breached almost a week earlier. While none of us had really heard about them before that, they’ve been reported to ...
One of the most serious attacks on internet infrastructure occoured a few days ago, and as the Canadian media don’t seem to want to report on it, I will, as ...
I just realized that my first time going to CanSecWest was while working as a security expert at Nortel, by far the largest company in the country at the tim...
This image is getting a lot of attention. Today Michael Geist has released an article on Unpacking The Policy Issues Behind Bandwidth Caps & Usage Based ...
As of writing this, I am one of over 180,000 Canadians that have signed the stop the meter campaign against usage based billing. There are several challenges...
All kinds of breaking drama around the compromising of plentyoffish.com (POF), which includes the usernames and passwords for around 30 million people! Chris...
I will be speaking at the 12th Annual Privacy and Security Conference with the theme “Security and Privacy – Is there an app for that?”
Because they can. On Monday, Facebook released a [ video](https://www.facebook.com/video/video.php?v=10100328087082670) that shows how their new *sponsored s...
It’s been well reported on Google’s kowtowing to the Chinese government in regards to censorship. This was based on the requests of a foreign government. How...
I was excited to read today’s post on Facebook’s blog. It starts off with
My friend Dan Pollock has been compiling the must have hosts file for some time. According to Wikipedia, the hosts file is a computer file used in an operati...
Because now they can. Last Friday, after work, Facebook announced they will be providing your home address and telephone number to software developers.
Did you know that most printer manufacturers have secretly ensured there are watermarks on everything you print? These are tiny tracking dots barely visible ...
Most large organization make sure to do Business Continuity Planning (BCP), also known as Disaster Recovery Planning (DRP), because they understand the impor...
If you are in the Suwon/Seoul area of Korea tomorrow, I will be teaching an Ethical Hacking class at no cost. Contact me at @PrivaSecTech on twitter for di...
This is my first Q&A post. If you have a question about anything Privacy, Security or Technology related, contact us on our website or ask as on twitt...
Last week I attended PacSec in Tokyo, Japan. This is one of the three SecWest conferences every year, the largest being CanSecWest in Vancouver. One of t...
I was quoted in this Vancouver Sun article today which highlights several ways you can protect yourself from sidejacking attacks.
Today I was quoted in the Winniped FreePress about Firesheep:
If you have a wireless card in your laptop or netbook, you should see if it can be put into monitor mode/promiscuous mode. If so, this means you can “sniff p...
There are two credit bureaus in Canada, Equifax and Transunion (there was a 3rd, American company, but it appears to be defunct). Contrary to the prices list...
There is a lot of attention on Google right now due to the fact that Google had cars driving around the world, collecting photographic data so that it could ...
This is a technology hint for those wanting to know if they’re getting a good deal. You can use this hint no matter what you’re buying. You could be looking ...
The article posted in May on the Canadian Patriot Act being introduced to the House of Commons didn’t seem to go much further than “preaching to the choir”. ...
Recently, I was in a local brewery buying a keg, and they asked for a copy of my driver’s licence to write down the number on the deposit form. And then a fe...
“To provide location-based services on Apple products, Apple and our partners and licensees may collect, use, and share precise location data, including the ...
Traditional cellular phones are now known as feature phones, deprecated by the advanced “smart phone”, which allows one to install feature rich, operating sy...
If you cut and paste from websites fairly often, especially on media websites, you may have noticed when you did so that some extra text was added. This is m...
Today a couple of changes to Canada’s privacy landscape were introduced under the infamous banner of “safety and security”. This will create significant chan...
In 2008, I was in Ottawa, talking with one of our clients, CIPPIC. Specifically the executive director at the time, about Facebook. There was discussion that...
“My email provider shut down my account, gave me a support ticket number, but I have no way to look it up” “Have you paid for your account?” “No, it’s a free...
If you’re looking at a web site in your web browser (Firefox, Internet Explorer etc), it is being served by a web server. According to Netcraft over 50% of w...
On our contact us page we mention OpenPGP standard encryption (RFC 4880). What is this? Most people think email only goes to the intended recipient, but inst...