Blog

Home / Blog
Time to leave Gmail? Here are some privacy centric alternatives.

Time to leave Gmail? Here are some privacy centric alternatives.

Tech Tip
If you're ready to stop providing an advertising company with full access to all of  your email communication, there are other alternatives out there. This is especially important for any non-American, as the American intelligence apparatus is specifically built to spy on your communications, and providers there have a history of giving up access to user's private emails. If you don't worry about your emails being used against you today, or some day in the future, this post is not for you. If you're not happy with your emails being sold, researched, or given away, and are looking for alternatives, there are many. The two big privacy centric email providers are Protonmail and Tutanota. You can create a free account on either of these websites right now, and then forward…
Read More

Privacy Centric Browsers

Tech Tip
I'm often asked which browser I use. Both Chrome and Firefox have a more privacy centric alternative now, Iridium Browser and Firefox Focus respectively. Of course if you want real privacy and are OK with the slowness that comes from really good privacy, Torbrowser is preferred. For fun, I've created a micro-survey, which browser do you use the most regularly?
Read More

Wifi as we know it can be compromised

Media Attention, Security, Tech Tip
[NOTE: Senior Advisor Kris Constable submitted this to HuffingtonPost, but due to the time zone differences and the severity of the issue, we have decided to post the article here in the interim] When you connect to a wireless access point (AP), your device (the client) most likely negotiates that connection using the industry standard, WPA2. A couple of hours ago, 2am PT, the website Krack Attacks was born and it will keep the best of industry and security administrators busy for some time. This means, after reading this, we can assume it will be short under until there is an exploit in the wild that can be used against all of us using WiFi, or more specifically, WPA2. Someone who uses this exploit will be able to do what…
Read More

Secure websites

Tech Tip
I'm often asked about secure websites. For example, should you trust the connection with your computer and your bank's website? The article is going to get a little technical, but hopefully will give you the tools to know which websites are secure, and which aren't, from now on. There has been a secure encryption using protocol around for a long time called secure sockets layer (SSL), which has been modified and labelled Transport Layer Security (TLS) which can be used in most client/server relationships. By adding the HTTP protocol over TLS, this makes the web based session encrypted. The S in HTTPS stands for secure. This is the difference between HTTP and HTTPS, which should be easy to see in the URL bar at the top of most browsers. Does…
Read More

Asset Cataloging

Policy
I recommend you start asset cataloging before you have a vulnerability assessment done on your organization as you need to know what the assets are you're trying to protect. The cataloging process is similar to the vulnerability assessment process in that you want to identify, quantify and prioritize all of your assets. This is done by first creating a comprehensive catalog of assets. A good place to start is with your financial statements, as you'll have your catalog already started from the assets listed there. Assets are the nouns of your organization, the people, places and things. Your financial statements will likely list the larger assets, such as furniture, computing devices, vehicles etc. In the information economy, you'll also want a list of your digital assets, such as your intellectual…
Read More

Browser plugins for device protection

Tech Tip
These are the three browser plugins for device protection I recommend you install. The first one is arguably more important than anti-virus, and takes a while to get used too as you have to enable scripts on pages you trust. This is an updated post from April 2012 post called the browser tracker test. An important caveat before installing any browser plugin, is that if you read the warnings from your browser, it is likely that the developer of that plugin will have access to every website you ever visit while having that plugin enabled! That being said, if you're going to install plugins to improve your privacy and security while browsing, these are the top 3 recommended browser plugins for 2013: Script blocking (browser plugin that blocks scripts by default, the most important…
Read More

Who can read your chat?

Privacy, Tech Tip
The next time you think you're having a private online chat with a family member, you might want to think about who can read, watch, or log that conversation. The most popular solution in North America is skype, so let's take a look at it's privacy policy. From section 8: Skype may use automated scanning within Instant Messages and SMS Last year, Microsoft also started a commitment to bi-annual law enforcement requests report after industry pressure. They disclose that the governments of Brazil, Ireland, Canada and New Zealand have received content from within chat logs. As you know, I only recommend communication happen with open source encryption. Skype's encryption is closed source, and we know that they have the ability to intercept messages in real-time as demonstrated in an article this week.…
Read More

What information can my organization collect from a person under BC PIPA?

Lunch & Learn
If you've ever wondered, "What information can my organization collect from a person according to British Columbia's Personal Information and Protection Act privacy law?" don't miss the second event in the Lunch and Learn series, May 22. I'll be hosting a free online video conferencing event to talk about PIPA's consent section, and we'll finish with a Q&A. The presentation will be an estimated 20 minutes, with at least 10 minutes available to answer any questions you have on B.C's consent requirements. Feel free to join, and drop off the call at your convenience. A few of the questions I've been asked already: Can I collect email addresses from business cards to add to an email list? Do I need the person's consent to subscribe them to my newsletter? Is verbal consent…
Read More

The top 3 steps to protect your computing device

Tech Tip
If you're wondering what the top 3 steps to protect your computing device, this post is for you. It's important to note I said device and not computer, as the same should apply to any device with a browser, including a smart phone like an iphone or android. 1) Update all of your software when alerted an update is available. When it's realized an attacker figures out how to exploit any version of any of your installed software, the vendor will release a patch or update fixing this vulnerability. If you're still not patched, that means any other attacker to come across this exploit can easily attack you. 2) Enable script blocking in your browsers. Most web based attacked still seem to be through malicious websites using javascript or flash.…
Read More

Integrated Case Management

Policy, Tech Tip
For over four years, the BC Liberals have been working to build a monster database of all of our personal information. Instead of it being limited to one Ministry, minimizing the exposure in the case of compromise, someone privately made the decision to put all of the data every ministry has, into one place. Many years ago, the federal government tried to do the same thing, and as soon as the public was informed, the outrage resulted in the longitudinal labour force file database being dismantled. The more personal information in one database, the bigger target it becomes. Can you imagine if every bit of information every Ministry in BC has on you was in one place? It would be the single biggest target in the province. Civil society groups have been advocating…
Read More