open padlock

If you’re not concerned about your privacy, you’re not paying attention

Cross-posted from MomsRising.org.

I don’t know about you, but the past year has been a real wake up call for me about the importance of digital security. I used to think of hackers as bored teenagers showing off for their friends, or scammers sending viruses and spam to people by the millions. But today’s online outlaws are much more sophisticated.

Not content to just blast misleading links at us, elite hackers have started spear phishing. This is a tactic that sends an e-mail to an individual with unique, personalized information making it look very real, and convincing the user to click through to a website where they will enter their login credentials. Some hackers also use social engineering (not technology) to trick people into giving away critical information that can then be leveraged to compromise accounts.

Unfortunately, we need to worry not only about obviously sensitive information like bank accounts and e-mails, even seemingly inconsequential accounts can be exploited to provide an opening. Once a hacker gets into any of your accounts, be it iTunes, Etsy, or Pinterest, they can use that information to access other services.

The threat to our privacy is real, and we have seen that there are people who may target us and access our data not just for commercial purposes but for political use. People and organizations that are working for social change have every reason to be concerned about how our personal information, organizational data, and private communications might be used.

Good security is a pain to implement, but every inconvenience for us is an even bigger hassle for a would-be hacker. Start now from wherever you are, and make incremental changes to improve your personal and organizational security.

 

OK, Ruby, we’re terrified! What do we do?

There is always room for improvement of our security practices, especially as we learn more about the threats that are out there. Here are my recommendations for where to start.

 

More resources

 

Here’s your reward for making it to the end of this challenging post! Freak out and laugh and get down all at the same time with Ashley Black learning about digital security with the help of Talib Kweli and others, on Full Frontal with Samantha Bee (NSFW).

Just another reminder that the companies that profit off our content and relationships give no fucks about us

Screenshot from a friendSo my Instagram account got hacked early last week. I’m not sure when. I found out when someone sent me this screenshot on Tuesday showing my photos with a different profile, which seemed to be marketing porn.

I submitted support tickets to Instagram on Wednesday and again on Thursday but never got any reply. Strangely, a few other friends said that they were also hacked this week! But they were able to get access back in less than a day after contacting support.

Finally, I used a professional network I’m in to see if anyone had contacts at Instagram. This connected me to someone, but he was on vacation! After I bugged him, he eventually connected me to someone else, and she was able to get my account restored on Saturday afternoon. They are both political staff there, not the help desk.

I still don’t know how it got hacked so I don’t know if there was a breach at Instagram or if someone got my password. I would very much like to know, and I also find it unacceptable (but sadly not surprising) that their tech support didn’t even care to reply to me or to stop a malicious hacker compromising their platform.

This whole thing caused some unpleasant flashbacks to The Great Hack of 2013, but my security is much better now because I use truly random, computer-generated passwords (and a password manager) and I always utilize multifactor authentication when it’s an option. So I immediately changed a few passwords that were overdue anyway, but I don’t see anything else suspicious on other accounts. Still keeping a watchful eye open…

Choose ONE: Hootsuite or Twitter verification

image

So, on Monday I attended an historic protest at the North Carolina General Assembly.  My phone was in-hand nearly the entire time (see goofy pic), as my main goal was documenting the civil disobedience and arrests of five elected officials from Orange County, NC. However, I found myself only able to retweet others from the Hootsuite app I use on my Android phone. I could post with other apps like Instagram, but my tweets (as @ruby and as @orangepolitics) just sat in Hootsuite’s outbox.

In the chaos of the day I chalked this up to the ongoing tangle left by last week’s hacking, so today while I was at a computer I made sure to fully authorize Hootsuite using the 2-step verification that I enabled for @ruby about a week ago. It seemed to work. This evening I tried again to use Hootsuite from my phone and found that I still can’t send from any of my Twitter accounts. So I asked @hootsuite, and amazingly, they said:

We are unable to guarantee full functionality with Twitter 2-step verification at this time. ^TF

https://twitter.com/HootSuite_Help/status/342457146727862272

Now I know that Twitter only enabled this feature less than 2 weeks ago, but here I am – a paying customer of Hootsuite (through work) – and now that I have enabled better security on ONE of my accounts, I can no longer post tweets from ANY of my accounts from my phone.

Amazed again that huge companies that rely on their web services don’t seem to care much about the security of their accounts. They should be pushing US (customers/products) to get more secure, not the other way around!