Pragmatic 55: Cautiously Concerned

31 January, 2015


Privacy online is becoming a bigger issue with more servers hacked every week our personal data has never been at more risk. Seth Clifford joins me to talk strategies to reduce your exposure on the internet.

Transcript available
Welcome to pragmatic pragmatic as weekly discussions are contemplating the practical application of technology exploring the ruble trade-offs with great ideas are transformed into products and services that can change our lives nothing is as simple as it seems this episode is sponsored by hover hover is a domain registrar that stands apart from the rest in simple easy to use and understand the valet service for your domain transfer making its amply the best way to buy and manage your domain names check out and find out just how easy it is to grab your own domain and transfer your existing domain, using the coupon code pragmatic to get 10% off your first purchase let hover valet your domain stresses away today is absent is also sponsored by many tricks makers of helpful apps for the Mac visit metrics or for more information about their apps Butler chemo Leach desktop curtain time sink Usher Moon name angler and which if you visit that URL you can use the code pragmatic 25 that's pragmatic the wording to 5 numbers and shopping cart save 25% on any metrics product. More about them during the show I'm your host John Geagea and I'm joined again once again by our my friend Seth Clifford Hayden Seth demodulator have me back they succumb back on arm I go before we dive into the topic today which is going to be privacy arm is 10 mentioned once more that after a few more weeks available for sale are the first and quite likely only arm pragmatic gay T-shirt they're being sold through to spring there is a link in the show notes and this time it is the show nice I said it was last week but unfortunately armed it missed outs are on the initial cuts are but I had later updated the website's apologies if you're looking for a shiner to define it while it's there this week definitely apologise against that are I do realise a cheap T spring if you're in outside the US are shipping can be a little bit pricey I do understand that unfortunately there aren't very many arm good quality international options that I'm aware of it if you are aware of one please let me know I've also had a few are requests for a coffee mug hands for his stubby holder let's just see how this goes first before we get too excited arm year so get back to you on those are in any case I said I'm really not planning on doing this again I'm only really doing it because people have asked our pretty much the last nine months when he doing shirts and is not just one quite a few people so this point the sales count is up to about 14 are it's only been up for less just just about a week and down I think it's pretty good are so I set the minimum attend so that it will be made I don't have expect to sell huge numbers but if you ever want a shirt now is your chance are and are all leave the nagging there so go grab one hour why they're available okay so arm privacy now this one is as topics go this one came up out of episode 42 which was are the e-readers are episode are think it was called hopefully they don't burn it fatuous reference to burning books in the Second World War but never mind that long-time listeners show are Nick Radcliffe are and I had a very long email conversation back-and-forth which I alluded to in the follow-up episode for episode 42 are regarding privacy and I realise that some of the points he brought up were really enough fodder for an entirely independent episode about privacy as privacy and in an online privacy is a is a big deal and it's something that I guess I feel like in the last 20 years we've gone from not trusting anything that we put put online to getting to a level of trust whereby people we've put credit card numbers online and buy stuff online which you 20 years ago when I was just becoming a possibility where people so at crazy bits like the truss disorder been building but then there's been a few incidents like sites have been hacked recently and I can see some of that being undone and people staying to think more about their privacy and what it's worth so I guess I guess there was a time you figure back far enough before governments before records were kept like you people are born we live we died off the grid. There was a grid or a radar and she is herself the radar to as narrator right arm and there was no government and perhaps maybe was a basic government they had no idea that people existed like exactly who when and where in and sign in this place in the world right now that still the case but I guess governments sort of we will put together to try and protect the people always I was the idea and malformed government and to do that they need to keep track of where people were you having if you were born and died where they live silica plan access to amenities figure out where to build roads hospitals nights of seemingly innocent stuff but of course time goes on they want more money ultimately they bring in things like income tax and then they start tracking people with social security numbers and tax file numbers social insurance numbers so those are like USR Australia and Canada numbers and all around the world so they can track your income is lengthier how much tax you and CO that way then they can fund's government by phase and fact-finding missions to the Bahamas or something that I know are you do they do with tax money anyway so not fix letter entirely different gel you write actually this arm CS rather than go down around whole arm but of mine so I guess the thing about the Internet that scares governments and scarcely has a lot of farm people that want to have that information to track all this information is they have some level control is that the intimate is is about sharing information freely and that it can be anonymous on on anonymously shared and part of the problem with that is that that's directly opposed to the other movement which is well I want to be able to conduct business online which therefore has to be has to have some level of privacy but at the same time has to be very secure so I see privacy and security is sought are very intertwined in note if you got good security then you can ensure a certain degree of privacy so I guess we can needed cover a bit of both I think anyway arm all right so I guess the thing is that a lot of country since the Internet came about Ben had tried to take control of aspects of it and some cases even infect different components of it in order snooping on the information and you recently that Hartley do exploitation for example mounting CIA knew about the years before it became public knowledge and they were exploiting it for their own purposes of eavesdropping and then of course there was a whole are prison thing is forgot about prison already in seems like old news money at a huge deal so here I mean again likely to finish our are dive into exactly what prison was but I mean Guy was so Snowden was the guy that broke that if memory serves right ear is still in seclusion listening was he been doubly so I don't know what to think I think that's an order think I guess I suppose the ends justifies new to some extent it's it's it's hard to know but all I know is that prison was wrong it's just that we know it existed in an and is a lot of eavesdropping going on ends guess ultimately the matter how you slice it if you treat the Internet as he put zoning out there it could be exploited by the wrong people so it's best for us to just focus on what we have where we have a choice and where we have some degree of control and how to exercise that control because beyond that I mean unless you pull the plug on completely off the grid which is the ultimate answer arm in which case probability this podcast then I well armed so I guess it's about for me I guess it's the pragmatic choices which are I want to be able to take advantage of the digital age and be a part of the Internet and still enjoy all of those benefits like a wannabe shop for some things online are one of the other download staff might be able to get music from Apple but the same time I will have signed a little bit of privacy I don't want to be and I wanted to have everything about me here and I know it absolutely does and from me in iconic this morning from a gas to an end user perspective where I am very selective about the tapes of services that a choose to use what a choose to share with them because I understand now you know we started talking we started this conversation talking about it from you can ever government perspective and infrastructure level at me personally I'm far more concerned with all of the different ways like if we assume that would be in mind let's just say I'm far more concerned with all the ways that they don't know people are taking my deed and using it for money for nefarious things just things late on approver for now selling the D-Day doing other things with it and sell that's the only thing that I think about on a daily basis and when I hear security breaches and credit cards were hacked and this in our old passenger-side complaint at Lake ologies consumer level things that affect us that's the stuff that drives me up all lake things like prison and an inner think that that level I guess I just assume because things are happening and you have to can't make peace with it on some level even though it is not something that we would want as inner Internet citizens but I think the thing that rankles me more is that the that the whole move to free services and giving all this stuff away without a notion of what the actual cost is that the thing that keeps coming back around from me you want things that I always ask myself when I sign up any service free or paid is what exactly do you need X, Y, and Z for you know once that particularly get me and maybe we should sort of before we go any further justice talk about what private data what I'm talking about like the one we say privacy what we talk about this breakdown real simple manager you start with obviously our neighbour not just an hour full name so arm you do they really need nominal name is probably not in nodes even though I have not my first name is good reason initial good enough surely that's good enough you so whatever date of birth following a do some your birthday card will know they're probably not whatever you say needs are my age for age verification purposes like it is fudge that so what's the point of the date of birth exactly I don't you and date of birth is often used to unlocking information on the bank accounts as proof identification so date of birth is the case is a very very dangerous thing to have leaked out there I think armed physical address is another good one while only my physical address if they never shipped me anything in rate is like that comes up time and again and a lot of time and that comes up it's because our I'm signing up for an account that requires a credit card so suck the credit card companies a lot of them as verification will ask you to enter your physical address to verify that your credit card is in fact yours invalid which you your billing address rate yet exactly which I kind again but at the same time if that's the only point it seems it seems a bit wrong that should I give that to the bank and not to this third-party website that God knows what they can do with that information I don't understand why they need it so are sometimes arm even if they ever ask things like identification card numbers things like a driver's licence number that's just wrong admittedly I can't give too many sites about is one of talk about later the dead are health insurance numbers anything official like that to me that's that's nothing gnarly no online services I can think of unless the government-based could ever want anything like that that year there arm phone numbers does not want arm although admittedly phone numbers aren't necessarily the more a nuisance thing I think some gets hold of the new number they can they can text you stuff but with things like like my message and with them you push notifications and stuff like that it's it's become a lot easier you don't need a addendum mobile phone number any more to annoy people, smart rate so arm otherwise a little bit less tangible things like our company work for the company's address are different avenues to gather more information about you that sort of thing so would you zoning you have to know you don't that list now I think that I think that pretty much covers it for the purposes of the discussion at the one thing I would add is that there are there are legitimate reasons for wanting to understand who your users are if you want to build a better product if you want to serve you use a bit better it helps to know who is using it where they are what they're looking for her in our maybe in our age demographics to a certain degree the night the birth month and gain year there are probably tons and tons and tons of companies who ask for bits of information like this because they really do want to just take it and in use anonymously and just apply it against what they're building like I fully believe that a lot of places like to do that and this is just the inner the most straightforward way of doing bite their hearts sell many more that only one that information so that they can market yield track you watch other activities that they really have no business being in a being in the loop for and that's the thing that really gets under my skin yeah it's it's it's good you raise that because one of things that I I okay unlike I'm I'm an engineer and a marketing person I get that if I tell you I'm in the age bracket 18 serve me know 24 then I suppose that statistically might be more interested in certain kinds of products but you if it comes to things like arm I know like a crib cots are awesomely for a baby you know and I just bring it up to your current situation but are by guess the thing is that that's not necessarily connected to my age you know like I gave a young family or I could wait was middle-age all a bit older wrap before have a family I could have had one marriage, my second marriage and honour on the site 50 years older when I have start my second family members all sorts of variables and their yards not age-related site it's like I know I guess you know how many children you have arm if you have any children I guess that's all you interesting stop if you're signing up for an email address it's like that's very survey data likely know it's not an eye I guess I guess I always wondered just how effective that information would be just an age you know based on the data but just how effective is that really targeting advertising a think it can't be as is to be some value to what I can't imagine is a heck of a lot of value things like Google of Margot Google of Corner this this idea of gathering all this information every single search term that you put in the a massive database of information about you and to target ads that's far more valuable than just a few scraps I would have thought dear I guess if you're asking someone to provide it kind of as a as a means of flushing out a profile and that's you know there is no other way for you to gather input or data from them and you can take what you can get an and assess whatever value can from it obviously stuff the Google does for more detailed and more sweeping bite is also more accurate and that's in our Google is one of those things that a I am very conflicted about because on one hand the technologist in is like this is in a this is amazing this is that this can happen that that a company can do this and learn about me and then bring me more relevant content and tailor my activities in such a way that it streamlines my day but on the other hand it's leg and not really think anybody needs to know that much about me and in depending on the week eight I'm either very bullish on it or their Americana and I don't keep it go it's it's a pendulum swings back and forth and it's dependent on a heck of a lot of factors yeah no you that that is true i.e. I feel very cautiously out of the quite right away putting it easier with respect to Google I'm I'm cautiously concerned I suppose and sometimes it does freak me out when I start typing in something is like it's reading my mind and you know sometimes that old's switch to Dr Cole something else because it freaks me out around the quite serious when I say that it does freak me out sometimes and I've made a conscious effort to move away from our from Google's are from Gmail so I typically don't use Gmail anymore but you it's unfortunately it's one of those things that you can't really get away from because technically because you that the engineering meat I write think about this aside while what's stopping Apple or what's stopping Microsoft apart from them saying we wouldn't do that was actually stopping them from doing it and the answer is nothing if I put a search term into their service and their service spits back a result can make a short I've asked for because they can me know and I hearts I have no guarantee that they won't let me not stop using search engines altogether well no not necessarily this thing about Google though is that you then they're smart enough to know that if you do nothing and you just you again you lay in your web browser of choice go to and type in a search term you type enough search terms from that IP address that rout they can start to build a profile and if they can attach your name to that profile flaggers you and it'll follow you around you know and it's one of those things if you don't login as yourself in a Gmail account I don't login and Jim Gmail oh Google accounts I should say these days they call it I log into my Google accounts ever anymore and if I go to a stranger's computer in a completely different place I will get different search terms search results because of course it's not the car follow my profile and I been using Google search long enough to tell the difference between i.e. Al Qaeda knows it's me and I'll know has no idea that's me in the search results you wish and probably we should probably figure out what the sailors of this conversation can be a thing Google needs to be one of them I think Facebook is the one I think probably something like Amazon needs to be one of them because they collect data in different ways for different purposes and I feel very very different about each one of them collate you now we'll have to limit it to those those are just three that come to mind and in our bills different country life that we make what they offer while thing is that from a privacy point of view if you are concerned about Google tracking to who you are rather than that what you search for me if you call yourself you know Bob the builder and you create Bob the go for life access or summons ready done that mine propping up the real Bob but anyway arm yes anyway too much kids TV on a plane that anyhow it's on in the room you can't avoid it again anyway they get sidetracked easily sometimes so yeah arm if you do create a false name and is usually associate account to get sort of pseudo-benefits and you don't mind says saying to your friends yeah just email that's perfectly okay that's fine arm you but you'll still mechanical information with you so long as you never ever put in your actual name in any way to connect you to that profile although Google bought a profile that they think it's profile of Bob the builder and I've no idea as you personally so maybe that's okay maybe that's the line that you draw a maybe that's perfectly fine so you in which case you can still enjoy all the benefits are Google has to offer but all it really does take is a is a slip and an Google will not pounce on it not have the information that they need to connect the dots if they're smart enough in the open dialogue from out but the thing is that where it's different I guess amount about Google plus because does anyone use Google plus I don't know I think linear people use it had I personally don't use it really is my kind of thing I think that people use it because it's just a Google account thing is like you know you signed up for a Google account so you get Google plus on the nape they push it in Gmail may push in EEO all that as much as they can get away with that but I guess am thinking now more of you mention Facebook and I because Twitter is also part of this where you voluntarily post information about what you're doing what's going on in your life it's not a search thing is like having breakfast well okay I don't yet often by sometimes Ms amigos was Instagram's full but he is a photo of my breakfast arm I get that anyway all right so but yes a Facebook at least make some vague attempts to keep you in your posts private if you want to keep them private they keep messing with their privacy settings so is almost like they don't want your information be private but I want to look like they want your information to be private is that you have some usually have some thoughts about this so you will benefit from a from a very high level I feel like there is there's three different ways in our best under three different companies that I mentioned that in our people are using the array Google is Google is taking everything that you can possibly get it to build better search results and cerebellar ads and do and am using the word better because I'm kind of imparting that ideal for these purposes that this is is what they want anyone everything were relevant to you a I have a Google account I don't really sign into it that I thing because even though I've heard from friends that when you sign in your search results are better I don't know that I want better results I want results I want to do a search and in a run a query owner term and Rick and Anne have returned to me what the intranet thinks I'm looking for like I don't care that Google knows I searched for in whatever MacBook Pro is 150 times and so the inner surface MacBook Pro stuff more if the thing I'm looking for is something else that to me in my mind could get in the way of what I'm looking for and this is totally a personal thing with Facebook and feeling the more you put into Facebook like what what are you getting out of it apart from the social and are actually Google at least has a value if you look at it in that prospective Facebook if you look at your while and eight I left Facebook several months ago because I was rather unceremonious but I just wasn't really using it and decided it didn't need to be my life and what if you look at Europe typical NL Laguerre Libya while so much of it is just adds and your current hand that you're looking for your friends can't hang photos whatever it is that you narrative you is just completely buried among all this other stuff and Facebook's ads had never been relevant to me and that could be because a never really put a light into it by it just never seemed to be was not deriving any kind of value from it the way that I could see some of the writing gave Google services cell and an exit Facebook changes their privacy settings and they really want everything to be public and they have this philosophy of well if everything is kind of public and then we can all communicate better in do these things better but that seems anything to me you now just best iron the stuff that the company does and just in the way that they handle things that they've traditionally done a lot of backpedalling when it comes to privacy concerns and things like that and that any you can look at it for a little while as in a hopeful naivety like all leaders want these things to be better they wanted the Internet there in our very younger companies that these are the goals is through their object itself yet economic mistakes in the mechanical back on them and everything will be fine by feeling at this point now when there are things that seem weird about Facebook are inadvertently mounted easily put into it feeling doubting or better and again not using it anymore so I could be woefully out of the loop and they could be way better at privacy banner they are feeling is that it's it's not gonna get all the better because D benefit from that we more than you'd elected the tree lovers is skewed in their favour only grew see the thing is I guess with Facebook is it's all based around our reality like is it you are who you say you are there is no report on Facebook for anonymity there is no it's all about you connecting with your friends which requires that you have your name your face your animation and and that is that inevitably is the premise now you compare and contrast that with Twitter and Twitter it reminds me a lot more of IRC of of old our our still around but you know me back when I see was the way with you a chat and communicate with people so it's just that it's by the public IRC anyone can look at and there is they make no bones about there is no privacy that it isn't you can enable private option but severely limits a lot of features like you can't retweet private accounts and you can't just become by you because follow their account you need to get their permission and everything in Yale there is Twitter is very upfront about race Facebook isn't and either way you slice it you're putting information into 1/3 party so wishes your trusting them and I guess for me that the privacy angle to be had is more about this privacy discussion is about who gets access to your private data I'm handing over my private data there is an expectation as to how that data is going to be use or better better still who I'm giving it to the problem for me is not necessarily the who I'm giving it although sometimes Google and Facebook and Twitter I do wonder arm more so Facebook and Google I'm giving you this information do I trust that that's where it stops you know or is it can be used for something else I'm not aware of so I know that Google and use my information to give me better more tailored search results and maybe that's a good thing maybe it's not I don't know it's not as scrupulous it will Facebook you honestly I don't see much of an advantage to Facebook I'm on my Q and a five my wife and I like two or three other of my friends that are only on Facebook that I want to see what's going on with all I want you it participate with online then on Twitter and there is no other social way of interacting so beyond I message you Facebook has become a method by which I stay in touch with a certain subset of my friends and family and it works for them but honestly if not that I wouldn't use it as the adversarial but the eye with Twitter I made a decision are when I joined up to use my real name I don't have to but a choice because arm ice to go around calling myself are Apple convert are back in the forums on the strain MacWorld many years ago and then I started to distortion I started out writing under the same mum so Monica for a while then I thought to myself I'm going to be you know if I'll if I ever want to go and build beyond just being a pseudonym I i.e. I write I need to present my real face of my real name so I decided to do that and along with doing that publicly comes a certain degree of risk and I guess that's also an element of this privacy thing is if you put your name out there then you going to get more attention and you going to get arm become more of a target potentially and I guess that's one of the trade some of the risks when using Twitter there is nothing stopping you inquiries of whatever you like arm you like your counter notions is a very popular example in our little tech bubble of someone our contra were recalled himself arm and is you know knows who is or other company going with no serious but under no to know who is no doubt in your bop not really the point that I guess so I mean you would say that Mr counter notions are is in fact are you exercising his right to privacy so if it's a heave and actually come to think of I don't know so anyway all right said to me privacy is about the trust act aspect and Facebook has done so many things wrong to ruin that trust with their change the privacy policy and like you said there there are you sorry about that kind of attitude we really didn't think about psycho will resist an accident we accidentally just open all your information up everybody and you didn't have time to set it so that you could bid Neo so as private as like Walton so but they do it too often they burned all of the goodwill and this is the visitor thing so to me as breach of trust information sent from one person to another publisher on Facebook and a daughter and I do it let's say it's Apple in China I'm filling in credit card information from date of birth or in a sort of stuff it doesn't really matter so much as the exactly who it is a matter of I expect this information to to to stay with between us but the problem with that is of course there's the breach of trust whereby the person hoarding the data the server person that runs the server keeps your data will they keep it safe can they keep it safe and then of course is the possibility of being intercepted in transit between your your place mayors and of course there is no your end of it getting affected by this your computer so like in intrusion at the source like your computer malware viruses whatever arm you know that sort of thing he was Albert Immaculata about that that while I know keeping the system up-to-date on every computer in your network is always good advice and I'm jumping around will be here I'm just trying to get this to this point where if you going to put information about yourself out there onto the Internet in any way any concern about it being intercepted you start home and make sure that you've got arm you some degree of our any virus on your computer if it's not a Mac especially but if it even if it is a Mac it's worth considering and keeping system up-to-date so there's an update just make sure you got your security updates up-to-date bustle and on every computer on your home network but the next thing is who you trust in the service I things and one of things it's been going around just recently when our circles is whether or not you go SSL on everything without you encrypt on your website is something I thought you might be might be interested in justice discussing briefly your thoughts on on that whether you should or shouldn't the army went we certainly can I there is a pretty good discussion on EDP about I'm sure that's inner where a lot of us started to think about it in detail shop and in LA it's one of those things I'm probably not even the rate person ask about this in terms of technical aspects but for four reasons for the obvious reasons like if you know she did SSL you can avoid ad injections and things like that there is there's a lot of reasons why it makes sense and I think if if we as a culture are serious about maintaining a level of in our personal protection but personal awareness I can see tremendous value in that time and money jumping all over the place because I'm now thinking about the Verizon in other wireless super cocky thing and how that how that's getting handled and will totally be getting ahead of ourselves because something else that I want our conduct is nauseating and end intros are just in a year SSL thing I think it's it's probably one of those things that make sense is it feasible to do in a short timeframe now? Is it because anything that we should champion a gas because it is achievable and it probably ultimately benefits users the most and I'm a big believer in you now being any user being a person who lives in technology I want the best for me and my family and the people that I know cell it's it's something that is admittedly like I said at a really are not familiar with the full technical underpinnings and what it would take to do it by ear and at a very inner surface level it seems like the right thing to do it seems like now is a good time to start talking about it and start the ball rolling given all of the things that are happening will look arm before I do smoke do a brief discussion of the basics of SSL what is and why why matters before I do arm would like to talk about first sponsor and new sponsor and have been a very big fan of these guys for a long time and are and they are hover hover is a domain registrar that stands apart from the rest owning and controlling your own domain is critical if you're developing in at writing a blog running a business project won't to keep the same email address for life even you all just having a presence on the web at all in our domain is a single best way for other people to find you in the best way to buy and manage domain names is of hover if you don't currently have a domain name hover can help you find the perfect one I was put a huge list of sealed these in their domain search is truly amazing you type in your best idea and it'll tell you not only whether that domain is available but it'll suggest dozens of close matches that might be just as good or even better than your original suggestion sometimes people sign up for different hosting services may offer a free domain name as part of the deal read the fine print because sometimes they'll charge a mint to transfer that domain out when you want to leave for whatever reason and you could end up losing keeping control of your domain using a service like hover where that's their bread-and-butter it puts you in control and as little as five minutes you be up and running with your own domain hostels are so easy to use and father mostly won't need any help getting set up but if you do this support team is always available to help you out there famous for their no weight no hold no transfer phone service no getting a real living human being will help you now that they are tried up so you in every little detail things like who is privacy that everyone should have it yet it's just included there's no flashy as no pushy BS in shorts it's actually pleasant to use which is for a domain registrar in my experience anyway is a rare thing I know that that's all wonderful and everything bites hover also offer bulk discounts for 10 domains and up so the more domains you have with them the cheaper it gets that's a bonus they also have a reliable email service and you can get terabyte storage space if you want they even offer email forwarding for as little as five dollars a year now finally the thing that I think the bring so many people across to hover the have existing domains it's their valet transfer service and its free or you do is point hover in the right direction with your existing domain registrar information and they'll take care of everything have to worry about messing up they do it all the time so is getting a lot more smoothly if you've only done it once every few years soap and aminos are one of many reasons why I move my domains there years ago and why there still are hover and that's where they're staying so anyway to check out and find out just how easy it is to grab your own domain transferring your existing domain hover using the coupon code pragmatic to get 10% off your first purchase let hover valet your domain stresses away today thank you so much to hover for sponsoring pragmatic so SSL only going to too much of the technical wise and so on things that are beyond the scope of this but just just basically the idea is that it's is the mechanism by which you you can encrypt one of several methods by which one popular method you can encrypt data transactions between York and York computer and server computer space and the public key in a private key that are then combined to create a session key at the commencement of communications to get these degenerates of the public and private key on your own server and then you pass that is our certificate signing request or CSR shortly send that to a certificate authority and they will then send you back a valid certificate based on the information you serve a public certificate browse checks against the trusted servers in list and says yes your certificate is valid its current current it belongs the size being served from and certified by this authority and we know they are dodgy or other we think they are dodgy the probably not dodgy so there on that the not dodgy list of CACI are each direction of data is encrypted by its partner and their creator session key for the duration of the communications on all nicely encrypted salads you in one direction it I gets the point is that the key is running so the creation of the connection and then it goes based on session keys at that point so you really only get a very narrow window of your sniffle at the beginning communications and that's one of the key things about everything at once is encrypted as is essentially is private and cracking encryption on the duration of the data transaction is extremely are difficult anyway but the bottom line is that some this choice quotes are as joyous quote about this are with with grass fishing attacks and our fishing attacks are because impersonating a service of people think you going to you're actually not going to John's dodgy and you just don't know it and arm the whole thing is that the whole our certificate authority and kidney over the trusted certificate system and it's all based on our why Kate there's a quiet life I I found through the electronic Frontier foundation EFF and are goes on like this is security of HTTPS is only as strong as the practices of the least trustworthy incompetence certificate authority such that the market tends to drive people towards cheapest providers and therefore with reduced cost usually you increase the likelihood that the certificate authorities themselves will be hacked because people get their hands on my cargo the hands on the private private keys they can generate their own our certificates they can start impersonating service or EOB economic go wrong if that happens now there is a legal mission is actually about how someone I was able to hack are someone else's SSL connection our local Wi-Fi hotspot a coffee shop would say that makes a bunch of assumptions by Keogh you can impersonate a router the router has your router has a stronger signal than the coffee shops router and the server doesn't incompletely encrypt all the traffic light is a few pages aren't encrypted so you know it's there's a bunch of assumptions but essentially it can be done has been done with a lot of caveats even if you don't have the actual cases actually sniffing and cracking it right there you with no other information other than what they can sniff over the Wi-Fi but bottom line is it's difficult and is a bunch caveats and awoke with a very limited subset of situations problem I've got though is that in a SSL is still not completely perfect it's it's the best but it's the best we've well it's one of the best that we got so the idea is that if you got a site and you storing any kind of data and all logins passwords even if it's just that you had you should really have SSL and that's one of the things that I looked into and I'm currently updating the website and & so forth so the other logins for example on hold and that's one of the things that I'm considering implementing our in future as a result of some of the research for this actually for this episode so I think it matters because I mean if people gonna give me their name and their plan and a password I have no idea of the part of the using is unique so I have to try protected information and that means Anita. Make sure that it's not sniff between their computer and in the server that I operate and of course need to make sure that the server that I'm operating has sufficient security measures in place and is an open book all part of themselves are encrypted but you know you can still break that if you get if you can hack in and get all of the ER all the hashes you can always run them through because me the thing is you have you seen these are articles about how to build AER a hacking machine that is that runs are software with parallel graphics cards that crunches through all the combinations to break the encryption and takes days weeks whatever but if they get their hands on the even on the arm the hashed passwords I can still make and still eventually can hack them through brute force are now now I have night what if they hack into the server and they actually get those passwords they can given the right hardware and enough time and patience arm just using lots and lots of graphics cards all stacked together is highly hacked but you know we call them hackers are in that it is actually possible that's why you when I hack into a survey even though the passwords are encrypted you they can still decrypt them because at the decryption only works in the one direction city run through enough possibilities eventually you'll come out with something that isn't gibberish goes the theory anyway as you try every single possibility any car going through the front door and do it because they rate limits and I say well you can only have X number of requests to have login attempt to test your attempts the password so going into the front door is no good if you can hack the server and extract the data and run on your own box you can answer all possibilities millions and millions and millions and millions and millions possibilities to sit therein well just grab a cup of coffee but might be there for months but so is protecting your server side is very important as well is not as the SSL which protects the data transactions protecting the server on the other end that comes back to trust your harbour harbour harbour who you trust the think gets that one sorry Iago a whole is a I think the question the question is night should we apply SSL than anything that has inner London has was I think that's that's pretty obvious think the topic that was being discussed in that particular show and what I think is most relevant as we go forward as should SSL be applied to everything rate read-only pages and stuff like that is when that something that was that Lana came up yet the issue is that if you have so few got a site that has a single page that has data that needs to be protected in transit it would then make sense to simply force HTTPS on every single page to every everything outside just just pushed across stage eps and predominates everything is protected raise some some sites were doing while I only have to protect this one this one page so you'll have a special URL special handling special rules the rest was obvious that normally while but the argument is well know you should do the lot one in Allin and that protects against a myriads of of issues but honestly from a privacy point of view are yes it also does lock out a fine bunch of other things like he said advertising and so on but from privacy perspective you can protect against the advertising and stuff through different means three browser directly which will get to but I do know I think that's arm the reason I bring it up is that if you're ever doing our putting secure data while sorry Hannah if you're putting data out into a circle onto a website signing up something and is not SSL and you're putting in your your name date of birth anything like that yet you really should have it really should be HTTPS there should be a nicer lock certificate and all that stuff and you and I win I would look. The average person doesn't but then again I guess I'm betting that people are listening to the show know what to look for so I it's pretty safe bet ideas a breeze about to but you tell your friends and family anyway all right arm the miserable begin moving so before we go in it in a different direction eight just remember that the other company had mentioned was Amazon yes and Emma's own is in their their whole use of data is very different but at the same time nuts at different rates so they may know hack a lot about you and the I think so as irrational as it may be I am I am right now today more okay when Emma's own knowing the stuff that I buy in the videos that I watched and whatever whatever else I've done with our design services I don't know why I thought I just I feel like the value that I extract from them knowing more about me is is is higher than with something like Facebook I feel like when I purchased certain items and they say there are some other things you may like Roman times I've looked at it and then make you a deal want one of those actually and that kind of a transaction that can have a mental jump from me is easier to make FA watch videos and SA only watched Apocalypse now you might like this make you hates actually that is something I'm curious about something about the way that our design brings recommendations to me and and keeps a full record of all of the things that I've done within the Emma's own ecosystem again I reiterate I know it's irrational but something about that feels better to me 88 Put my finger on why maybe it's because I cant recall a time where Emma's own him under fire for using Dida differently or in an unexpected way or anything like that and there could have been instances there just I don't know what they are by think the other thing is that I feel Emma's own has all this data and they want to keep it blank if it's forward them I feel like it's 19 their best interests to sell the dealer because the more they have the more if they can offer their own our business against competitors sell again I don't know why I feel this way it's just one of those things where the convenience of Priam the the availability of certain products that the recommendations seem very relevant to my interests of L there is a hell of a lot of kids videos and labourers and crap that I don't need to see every time a latte and you it just it's a different kind of system I know there are gathering mountains of data about me but I feel very different about that than I did about something like Facebook is interesting is that because Facebook I wonder if the ads on Facebook if they actually were better or more relevant of my children differently on but I I died to me I decide to take Facebook fences make I die guide to I can't actually rationalise my reason for hating Facebook much the same way that it's hard for you to rationalise why you trust Amazon more than you would say Google but I guess the bottom line is that you just you get more value from Amazon and perhaps it's the same thing with Apple with their suggestions as they do the same kind of thing right they they know what you board and presumably what you washed watched and are you there the genius suggestions are the arm it is not iTunes are genius iTunes not marching Nigel's incident was introduced a few years ago I don't I turned off here you genius recommendations and stuff like that in a survey suggesting she might like as well but I do know I guess one of the things though it comes up time and again whenever why whenever I talk to someone about privacy is that what is the worst that could happen so well is really relevant to anyone that I watched home alone two or home alone three even worse potentially no therapist anyway is it is it really useful information to someone to anyone and I guess I think to myself well not so much that but things like my name my date of birth my home address that sort of thing is perhaps more of an issue potentially and is not so much that even it's also okay right now Amazon has that data or let's say that you're really arm you're really a big fan of a certain company that's producing something is really want to use Igo mail clients or up to do at to do list at the school when I know and it's got a web component that requires for some reason your home address in your Damon date of birth who knows and down and then they get bought out or they go out of business or the government serves them are a subpoena further information or you know they signed up to do to prison what God knows what you know and that data that you thought was was this with them and you trusted them with it and went them suddenly now someone else's got and sometimes these things go up to the highest bidder and what happens with information after that who knows so I guess the problem I've got is that previously when you have a paper copy of something the paper copy says some is my name my date of birth my home address and that was filed in a cabinet somewhere that you physically had access to physical security it was difficult to copy because you need a photocopier I guess or younger right down by hand so that made it far more difficult to steal our denial Mission impossible thing you know with the other fake face in the in the accent and pull the security guards badge make fake copy and get in the break-in and you know start doing music and arm you know that that's a sign of May okay maybe not enough of it is that sort of thing right whereas these days once it's online replicating it digitally is easy and our once that information is is out there and I'll and it's released then it's up for anyone that wants to pay for it in like cases some countries may pay what may sell it like you say Amazon is not myself because I really have no benefit in selling and that's that's a good thing I think that someone like Google that's that's their business so year mega sell yelling and sell you because that's their business so it I guess it's levels of paranoia is not How paranoid you want to be here and that's the thing brought about ball and in the past I would see one to 2 years they've taken a very user centric privacy heavy stamps where inner Apple pair has been introduced and that is really to up for ski purchases and keep transactions as secure as possible there's been a light of credit card bridges and things like that in the past 1 to 2 years Apple has gone on record with in our PR releases and things like that seeing what the deal what they don't deal how this now this focuses for the user in protecting people and as much as the know about you know us as users this is something that they have made very public I think partially because of the sensitivity of these things happening certainly it's a great marketing message and if they are gonna stick to it that to me carries lighter weight that makes me feel like okay well I complete at least a little bit more trust in these services in this product because this is something that I care even nominally about now I guess said things change dealer gets sold to the highest bidder and suddenly the once great feeling you had about a company can go away but the fact of the matter is if you use a credit card that did the deed that you share with that credit card company of the issuing bank is salt time and time and time again at the transaction that you just have to be okay with F you're using a credit card and in The reason you get voluminous amount of junk mail is because you are your banking your credit card and your ISP and your mortgage company everybody sells your information to everybody else it's just that it just happens that's that's how junk mail is born and it's it's crazy how rampant it is that you were typing a lot about things happen online in protecting digital assets as the tablet this has been happening for so long just in the normal sphere of culture that I think it's different it feels different because it's happening online are we as you said earlier and shall we went from a .20 years ago of Arno know about this buying things online thing to all this information being online in our work and are pulling back like hey wait a second leg many this wasn't such a terrific idea in our media we should that I was out there but it's almost too late because your information in your home address year all that stuff is on paper abate its night protected behind larking to anymore it's just it's chit showered through the profit every single day you junk mail the rattling so so yeah you sometimes hear arm my wife says some hey we get a bill got Mica hiked as I wish it was Bill but anyway arm not that often anyway so I want a story about arm a jobhunting experience that I had that freaked me out and this is sort of freaked me out a level that I have been freaked out are about privacy for a while and it was just the one company and I will not say who it was I was applying for a job and is they had a secure website and the secure website said in order to apply for this job you must provide the following they asked for a scanned full-colour scanned copy high-resolution scanned copy of my drivers license of my birth certificate and is it kind of occurred to me when I'm doing this unlike I really need a job right now because I was no in a bad situation from an employment point of view at that point and I I needed a job so I call them up and I said arm can I supply you a hard copy can I drop off a hard copy to your not comfortable a transmitter scrub information across the Internet and be on I'm not sure I'm comfortable with you storing and soft copy their response was was twofold first of all she sound like no one ever asked this question before and what you of course really it's it's a big deal while actually kinda was so anyway arm a first response was well you welcome to drop in a scanned copy if you want I mean you wrote what Robert God, hard copy if you want were scanning ourselves anyway might case either limited the ER in-transit problem that I have eliminated the storage of that information digitally problem and I then said oh okay is there is any way that if I'm successful for the aquifers for the role than I can give that TXA if unsuccessful what you do keep on file what you policy and delete it arm why do you need it and she said was a policy that you know anyone applies this we need to confirm your country of birth and your current arm status within the country like the tribe basically cut back on arm what they call the legal are illegal aliens or something of that something in local North America people are not legally allowed to work are in the country is on the appropriate Visa or Rebel or whatever try crackdown that and of course they because their human resources department was spread over multiple locations having a single hard copy wouldn't cut it because they were farming out their work to multiple locations so not only was it a problem once it was in soft copy that softcopy was distributed amongst different sites so it was a really big question how much I trusted that company and ultimately as much as it pains me to do so and as much as it went against everything that I thought was reasonable and sensible I end up doing it because I needed the job but that to me illustrated how far we've come and how really dangerous you know some of this really is because if they have their server hacked someone can now impersonate me I have everything that they need right there to just take over my identity you are to me is to most precious pieces of information so you and as we've seen repeatedly and in recent memory servers are not as secure as companies would have you think and their their entire infrastructure is not a secure because there's been kinds of breaches there is been memos that have been leaked that email the two that come to mind are the target the target one here I guess I was about a year ago and the hole deeper line and there were there articles I remember reading an article in Ars Technica about the person who is in charge of security from the bell and it was laughable that that that guy was the person who was supposed to be securing everything and it was it was calling an afterthought would be an overstatement in out here and these you trust these companies you trust that on the Halliday they have to be protecting it because you would think it would be crazy not to be still liable if they didn't let the night so many of them orient or if they are not doing it in the railways and the basically it's kind of you now don't worry that until something that happens and will apologise and offer everybody a year of credit monitoring and that is the most offensive thing I can think of that our lives and livelihoods are constantly but it rest for no good reason because it's cheaper to offer a year of credit monitoring and a letter of apology and it is to just secure the data correctly you exactly and no longer comes to mind recently was the other Sony Hack which had away personal information for employees arm that was leaked out onto one new and onto the instances it's crazy and what bugs me is that people become so comfortable with the convenience that they are and they are not taking the security aspects of its seriously enough and this is why thought it was worth adding into this privacy discussion is that I think people have reached that point now where they're beginning to realise oh dear this is really not such a smart idea you know this is bad and I can't just trust and is about a breach of trust so when you give over your drivers licence W birth certificate to the government because while there the government there was only one trust the government that's that's another story I guess again but you are seriously though assuming you do trust the government are more so than you trust a private corporation at least I do know arm I know Demi alright so the we should probably keep. We then went on all over the place today but it's on it's one of those topics that you get flustered thinking about it because even if we had done a big formal outline of all the things we wanted to talk about it wouldn't wouldn't cover it all and we'd still be off attention so you saying I agree let's let's keep with so I connect the next subtopic I Gary I guess I'd longer talk about is arm the use of credit cards online specifically but before I do go down that particular health but also our second sponsor and that as many tricks now matrix there are great software development company and their apps do you guested from their name many tricks their apps include Butler chemo chemo leach desktop curtain time sink mu Marcia name angler and which is a much talk average those apps that I can't do it all wants so we're diesel at about four of them start off with moon now I love move it makes it so easy to move any of your windows to whatever positions you want on the screen halves corners and edges fractions of the screen whatever you like and then you can even save and recall your favourite window arrangements and is even a special auto arrangement feature when you connect or disconnect from an external display it's awesome I use it every day name angler now let's say you've got a bunch of files that you need to rename quickly efficiently and in large numbers well name angler can extract things like the meta data from the files and use that to rename them a bit Scott search and replace obviously but you can also create stage renaming sequences and if you mess it up just go back to when you started and have another go which he should think about which is a supercharger for command tab apps which are now which is great for and is very popular with ex-Windows users like myself or those becoming more of a fading memory with every week anyway if you've got three or four documents open at once and anyone at then which is beautifully simple pop-up let you pick exactly which one you're looking for very quickly it's great usher why can access any video store and iTunes average iPhoto or any connected hard drives on your Mac allowing you to easily group sought tag and organise them in the one application if you still pairing off of the makers need to convert anything to an iTunes format to seek and watch it so if you got a video collection in different formats cut across different programs and drives that usher can help you strain it all out just for of their great apps this still five more you can check out on their site and all of them have free trials you can download them from many tricks all one and try them out before you buy them there available to buy from those of their respective pages on site or through the Mac App Store however if you visit that specific URL and yes they've extended this offer again you can take advantage of a special discount of their very helpful apps exclusively for pragmatic listeners simply use the code pragmatic 25 that's pragmatic the word and to 5 the numbers in the discount code box the shopping cart and you receive 25% off everything in that site is only available to pragmatic this is for a limited time so take advantage of it while you can if you haven't already thank you once again to many tricks for their continued support of pragmatic okay credit cards online the thing is when I was when I was younger I know if this was unconscionable to me that I would ever put credit card information online and you don't and is the convenience is what the attract is the attraction it's so convenient to just go to Apple and is on or eBay you know and buy something and then have a job on your doorstep by the next day the next few days next week or in my case in Australia next month sometimes because were in a little island was asking about little but it's an island anyway so you and WGT is the ultra cheap ultra-slow arm pigeon delivery service which sometimes gets lost is across the Pacific so you know anyway I choose to live here we have we have beautiful beaches that's what I keep telling my being okay right good focus so arm right I always wary of sites with homegrown looking checkouts know I look for the sites that have got's arm the actual light shot bigger shops are big because I think I shopper fires even though vessel of the 80 because you know shopper five of got all of the year the security arm is that because there is the companies that host this information have to split the data between servers and is a bunch of other regulations about the following everything you know that you get to know some of the brands behind it but there is definitely a trust aspect to it but people like Apple and Amazon have got this new and Barnes & Noble is available all all examples of places that have got all that well and truly you taken care of but even so every time you transmit that information even across as I was always that possibly matter how remote that you have your credit card details stolen or if someone hacked their servers they could get that information as well although it is unlikely of course if they follow all the regulations and that require separate servers technically than ever had 170 to half information that is not enough so now there's a bunch of stuff by a delegate needed then too much detail but still the way I think you can get around that you can limit the damage is by not using a credit card online but if you still want to be able to buy things online there is a one way around it and that is some there is an absurd deal with the referred to as an inferior form of cash and that's a gift card but the thing is some sites will offer independently purchased gift cards because it causes gift cards that you buy online with a credit card which defeats the purpose of course you need to be held by them are independent of being online in other words you go shopping mall shopping centre go wherever 7-Eleven I guess and by the gift card from their and if you really really really paranoid on his back because they can't trace a bank card transaction and pay with cash and it will be more or less untraceable but the point is that are again depending on your level of paranoia just on an ideas guy not necessarily advocating it but you can if you want to you have the power so there are a few places that do this week and have a buy gift card are in arrears in the real world that you can use to buy fully digital products without a physical delivery perhaps even if you want to go down that road so are fully digital products like music or are all movies or apps yes are examples of our e-books is a good example to say I have a big big man examples Apple and is on Barnes & Noble those of the big three that I I could think of anything of any others that Apple and Amazon are probably why buy most of everything that that they probably cover a large ones noble is another big one I'm sure there is a half-dozen maker analyses I thought about every 30 seconds you me I guess I might pick those because those are the cars you can buy that are readily available in the in shops about a Barnes & Noble and Amazon not so much it definitely Apple you can't walk into a corner store down here without seeing an Apple gift card are on the shelf so you can walk into a store by them with cash bring home punching a number into an Apple account and anti-Apple ID and if you create it with no quantum quote fake or protected if you think that way information about yourself you can theoretically still have that experience that you would have arm anonymously and you can still download apps and everything in charge all to a gift card adsorbent bought that way if you are really really concerned about your privacy that is an option but you know if you're concerned about physical address you're stuck in a job I think your members on the get shipped to you welcome one ship do you have a physical address to ship it to so there are other ways around that of course you can always ship it to a friend or family member or a business address and pick it up from there I suppose but you know that starts to get to be more painful and if you do that then and if there is an option for shopping bricks and mortar store than shopper bricks and mortar short more store and buy that way by even considering it's I guess I guess is the point of what this this privacy discussion with an online thing so obviously go off-line if you wanted not to information taken online because that's kinda obvious is not so you can go live in a cave you want to that that's your choice might be the cold and damp but still are right so I can estimate and sets an interesting point I just want to say it late going off-line is almost 19 option if you want to be a part of society in a lake there are there are plenty of people who aren't really online and in a just saying we have to be online on one level sounds a little asinine lake know you really don't you can leave your entire life off-line but there is so much interaction social or otherwise that occurs on the Internet among totally normal everyday people just emailing your parents emailing you grandparents are in a sending stuff to friends back-and-forth things are to become still standard it's increasingly hard to just step back entirely even if you say nothing to buy things alone among you buy things in person and by things in cash there are there are steps you can take that it's still hard to detach and remain connected to them the everyday people in your life none even the people that are miles away just people in in in the same county let's it's just a cultural difference now then you from a decorative you see it's a good point it's it's become the emails become ubiquitous açai everyone who seems to have an email address and the reason is that you are you you buy an iPhone you know you get an email address when you create an Apple ID right you get create a Google account for free you get an email address so everyone seems to have an email address so do not have one seems very very unusual and certainly pretty much everyone I know with the exception of my mother realise my mom doesn't have any ahead my mum doesn't have Internet at her house she doesn't have an email address she doesn't have a computer doesn't even have an iPad or any computing device whatsoever that's a less well I sometimes say to her all you see the photos we put on Facebook mind that no rent because she didn't want my thinking arm anyway and every now and then we service ASIC is often iPad all we should get you an iPad and we my sister and I we we always did we almost bore an iPad and she is like if you bought me iPad I would refuse to use them like that to you but my mum is the sort of beautiful person who says what you know what you can't make me so it's okay fine beer I saw good I guess as well as iPad I have to maintain that level, I got my wives are my phone my kids iPad is asleep and I got enough stuff to maintain in my IT personal life but yet so arm it is very hard you write to go off the grid especially in Western culture these days especially for anyone I think under the age of about I know 50 I would say it's it's just so hard anyway only to be ageist when I say that I just I was trying to give a good age of the top my head and maybe it's hard to put the number on in much else to say about the credit cards to be perfectly honest but you know I just want to mention that so little of our browsers and is arm for little bits and bobs for we wrap it up but are some things you can do is there is arm crime has a single incognito mode and Safari has this single private browsing outdoor modesty instinct is to quickly talk about what that does what they doesn't do so I guess some in terms of additional protection it's it's more about protecting your the data on your site on your own computer more than more so I think anything else you still tight if you're in Korea mode and you type in a search into Google Google still have a record of it you know but if you got a browsing history that browsing history won't be maintained on your computer any cookies that have been transferred you during your web sessions it ordinarily would stick around potentially on your hard drive for a bit longer to track where you go next while Dale Darby expunged the interview session are of course you can do that yourself manually if you want to there settings in you in your browser to turn that off you can turn off your cookies and so on and so forth and say don't you track my history with the idea of giving me a private mode is that it's a one click button are that allows you to realise the one click button as opposed to what John to click button three click button is one button that you can press to take care of it all I suppose but you can go further than that if you want to and one things I've come across is HTTPS everywhere and its friend SSL everywhere have you come across these ones I never heard of them but I've never really looked into it you I started looking into its are a few weeks ago actually and it's it's their extensions were HTTPS everywhere is an extension of the Firefox crime on android and Fortune forces HTTPS and ISL everywhere is an option that does safe Safari uses a few other different ones out there but those that the two that I was looking at and date forces HTTPS on every website worried whenever it is a possibility so rather than if the website says default HTTP but is HTTPS option then the browsable force HTTPS option date forces that encryption even if the site doesn't are you can also is a sense that you could use expire and when heavy as the browed browser you can turn off referral links you can turn off insulin at locker that's another want our I also came across an interesting site I haven't used it it's called disconnected me and it kinda looks interesting that if there is a free version of it as a five door month version it says it can give you a truly anonymous search visualise tracking information and so on but I might be interesting just to investigate further is not necessary recommendation that you there are other things that you can do but honestly the simple things of passwords and stuff as well they are not sort of attention on browsers but when you signing up something on the web just use a different password for every site you sign up to that wave one gets hacked your passwords knock and get affected many other logins may be affected as well and using a passive management tool that can generate remember all the unique password is very useful for the size one password arm I realise again it's a bit of attention but it's all related securing and securing what you're doing and keeping a private in you having one password for everything is insane I'm assuming he is password management also earlier avenues one password for years I swear by it and I tell everybody I can about it yet same here and I tried my wife to use it and she said at another pop-up means IT keep hitting cancel butts the sound of my head banging against the desk you have only other way he is in it and she is she is a boy now she gets it and that just it sounds small but it helps me sleep better you're exactly right because someone was Facebook got hacked arm a while ago arm which was an unpleasant but brief but unpleasant experience so yet and I think she is getting better but I still need to do more training I think one password site so anyway and you need to add on the on things into a browsers to try and improve your privacy arm year at service that I like to use especially when travelling as cloak arm it's a VPN service that you just pay a couple of bucks a month and everything is basically routed through inner private server that they maintain and again you trusting them with that data by I a feel like it's a good tree laugh if you are on public Wi-Fi or an airport order travelling wherever our it's very very fast and whenever a signup for a service like this I try to dig as much as possible and see what they're all about and I'd get a pretty good feeling from those guys it's a very small company this in very serious about providing a good service cell in a that's one that I currently using and trusting and also recommend people is very inexpensive if it's something you're interested in cool and justice for the full list of the don't know about why VPN matters is that if you what will VPN does your you dial into a dialling gosh Jesus when you connect to a VPN and I stick by slap myself anyway when you connect to a VPN and its encrypted one it's essentially a connection between your computer and a server somewhere out there that data transfer is then essentially asynchronous can sniff locally that all your data requests go via that VPNs were about VPN comes out of the other end so what you're essentially doing is yet your meaning anyone locally like you said on the free Wi-Fi around the place they can't sniff any the Daleks its encrypted between you and wherever VPN is so I can't get out which I think is the a very good idea and it also kills a lot of the young are ads and stuff and things again insert over the top on them on free Wi-Fi think you I think so VPN is traditionally more of a corporate thing for getting back into your business network yes I ate a scene kind of a small pulp proliferation of consumer level VPN services over the past few years and in cloak is one that has I was work from its very very fast and that's really a new can you get sometimes spearhead performance head when you do that because you knew you you're bouncing you to request through somewhere else but it's it's very refinement and in my experience and again if it's the kind of thing that you think about at all it's worth investigating in a R wireless services multi-year stuff like that is is pretty robust these days and getting better but there are times when you just don't have service in you have to use public Wi-Fi just having that available to you is an extra level of security and a good feeling cool cool good clip should be given should we even talk about the Verizon superbug that is actually what I was hoping you are saying NOT mentioned earlier so let's let let let let's explore your front your current frustration annexed with respect to the super cookie had just I actually only no bits and pieces about selling in a more about that I do so well you take away yet admittedly another security researcher and a will probably never speak at least once in this diatribe by that the general the general notion is that I believe it's AT&T and Verizon the Verizon is is more unpleasant I think there are debilitating adult think they had spring doing it I know T-Mobile is not because they come out and said when I do this anyway I ideas rises by carriers that's what's relevant to me that the notion is that there are there are cookies that are placed on your wireless traffic that is not going over Wi-Fi that already multi-year 3G network that even if you have up to now wherever possible are through Verizon's services which I have done to limit ad tracking in Suffolk that this particular snippet will remain and even if it is deleted it can come back and their position is its legal and you don't really have to worry about it because nobody is going to use it by third parties have investigated it and found that other companies are in fact using it and that even if it is deleted those companies can still access at a replacement or something like that the bottom line is that there is there is a flag on your wireless traffic if you're using those networks that basically reveals an offer light about you your behaviour your location and your habits and yes it is an extremely unsettling thing to learn and it's the kind of thing where you said yourself okay in a way taking it I can switch carriers today because from me in my area I'd had every single carrier and Verizon is the best that my services extremely good here extremely good and I'm very pleased with its fast it's reliable it's ubiquitous in my area but there is a part of me that is severely disturbed by this and you and whether it's just a general principle that this shouldn't be happening that's that's a part of it but the other thing is getting back to a nursing earlier at the notion that companies have of old don't worry about it nothing bad can happen and in that attitude incenses me to know and because even as a nun security researcher I have a little bit of insight that says something bad could easily easily happen as a result of this and whether you're selling it or it gets misappropriated in some other way bad things can happen so don't sit there and tell me don't worry about it and it's fine like it's just that we were way past the point of just seeing either a world no big deal than you know and I really hope it's the kind of thing that gets a lot more attention is getting a lot of attention I hope it's gonna get a lot more attention and that it continues to really keep this dialogue all been a what we are accepting other than what we are allowing these companies did you with our weather again and with in our identities to some degree I say one thing that I do think is wonderful arm about Apple's and there are lots of things low about Apple cause but we are not perfect and they do two things wrong from time to time but this whole pusher that they've got about privacy if you want to be the cynic and say we our marketing is marketing think is the answer is either really mean it or whatever else but you know what if you take it if you take them at their word and people say well I feel safer with an iPhone because of all the the malware that seems to get on android versus that gets on an iPhone and the fact that Apple pay in touch ideas all that information is all stored in a secure chimney can't get the data out it's a one-way transaction data goes in it never gets out your site while okay so that's wonderful if that becomes a strong differentiator how long before that momentum starts to say in fact but I'm in a good way but yet it starts to be a big influence and all the other companies are out there start to realise we can't keep being so is most patronising is as regards no big deal about you know you should be worried so actually we are worried yes it is a problem and no we don't trust you and I'm going in our vote with my feet because I've alternative and these people over here care about my privacy so I'm gone you know you and I think we're starting to see the beginning of that but hasn't gained enough momentum yet in this whole discussion about privacy the more I think about them I think to myself that it's going to become a bigger and bigger issue and people are going to start demanding it's only a matter of time and the more breaches that we have the more arm exposure that there is more information people are trying to get out of us the bigger problem it's going to become animal visibility it's going to get so I deny I still not sure of our if turning point is the right expression but certainly there have been enough incidents that it's starting to to really change public opinion so you were finally getting a chip and pin hereafter 15 years of people saying don't worry about yourself things are changing the I'm I'm really happy that America is finally going to embrace chip and pin arm it's been well when I was when I lived over there it was I was very odd to me that I would hand over my credit card arm doubting what it is it's just weird are but you you can't use it as a status is the way it was done and is arm you it's it's great to see and you know honestly it's gonna make it a lot easier for special people travelling around the world but also for the opera in the US it's just it is better and are now with Apple pay over the top of that like I certify talk about this in the last episode it's yet it really is arm the next step whereby are the transaction is sort of is more in control for the individual is more difficult to extract and it's going to really cripple arm the vast majority of credit card fraud and a mean little about what 200 marketing is 200 billion is the overall loss in the US are the merchants I think an individual level is about 5 billion USC year of that individuals see out everyone's individual losses that losses that cannot be recovered so individuals at all up $5 billion credit card fraud every year to chip and pens can decimate that an Apple pail decimated and further all systems like Apple so definitely step in the right direction right there is nothing is what we talk about arm and that is so getting back to Nick Radcliffe's feedback specifically about e-books and is how this all started is that the problem is that if you want to be able to go gets music and do it anonymously or e-books and get them anonymously the ability to sideload those books not via an app store is a is a handy feature and some devices allowed and some don't but in any case arm it's that the end of because lack of DRM is also very helpful if you can do so arm there is a is an interesting book an article on the arm Lifehacker is to like and is arm is a link to it and show notes for people that feel like they're into deep arm with a did their digital footprint if you're caught that there is a book that was written by professional skip tracer and their job is of course is to attract people down and down anyways could disappear erase your digital footprint and is it I haven't read it but I've read exits from her looks really really good and the idea is that this is the person that wrote this had 20 years of experience tracking people down and they decided that they should write a book about how you can Ashley make it hard for people like them to find you so some interesting points for those people that feel like they're into deep may want to back out little bit arm and summaries of polygamy obvious but as quickly mentioned anyway arm minimise social interactions on social networks to stop posting things I don't include your location don't tell people exactly what you're doing you know gradually reduce the amount of interactions don't do it suddenly looks obvious distill gradually and then eased out of it arm you can create misinformation in all of your profiles online so you rather do change the spelling of your last name change your date of birth if you put your actual one in change addresses a couple numbers here and there and so and so forth and then and that will then of course you throw people off if they're trying to find you arm you stop using credit cards debit cards just moved to cash was as a stop using plastic but in Australia plastic money so that's not can help you Yami right stop using the crack has to be there because his it's a lot harder to track you if you just using cash and if you really really really want to go further you can say well either sell the business entity to handle moving all my money around so they can pay bills on apartment they can pay electricity bills whatever else utilities and some and Dar and technically doesn't your name is is a further set layer or two removed so anyway that's pretty intense though I don't have people really go that little bit it still looks interesting for those who want to get away from from being too exposed online I think that it's it's it's interesting I personally and probably not going to do that but you never know maybe maybe you're considering it so I know so I guess if either wrap this up arm and I know you're right we have been a bit all over the place so hasn't been a typically has met typical pragmatic episode in that sense but still I guess people are been saying for years not put so much information about yourself online this is not a new thing but maybe only recently a people site are taken more seriously because a lot of that trust it's been building is now being broken all the server side hacks is that before being out map mass dumping of encrypt what people thought were cryptic passwords and personal information in the Sony hacking targeting all these things are happening inside your road that trust there is really no encryption method that can't be hacked eventually it's not possible are there is always going to be a method to to break encryption nothing is perfect and is in a it's just a matter of its Mouse game so you move the piece of the you move the goalposts is set higher and the technology catches up to let hackers hack it and then you keep moving it up and move it up and it's you never quite year out of the game you always gotta keep getting better encryption embedded technologies for doing this stuff but if you want to play online and take advantage of the Internet what's got to offer you can still minimise your risks of your private data becoming exposed but the key point is you can never fully eliminated you can't eventually someone who is truly determined can find you it's just how hard they prepared to work tracing back your arm your IP address to an ISP arm hacking into the ISP to find out your home address or God knows what they would do you can never truly absolutely completely get away from it if you partake in eventually someone can find you it's just a matter of how far you're prepared to go how paranoid you feel and how much trouble you want to go to to avoid I suppose that risk we think you that's the sedately concealed that cool before we do go though there is something out of that is that you been working on I do I talk about I know it's not a has a Hindu of privacy our bodies call and it's an application it's call and called Stringer Mrs Dormer show arm Stringer is an app for shovelling a music it's something it's our first-ever dairy that we released last November in the file so much you guys got together and started a local company on site as I know that your CIO of nickel finish but arm useless started this Derby thing to specifically work on apps that you guys want to write that right you that's accurate we've had ideas for years that we wanted to were similar cells but treasures are client services business and so is hard to allocate time do that stuff so we found ourselves in a position to do that I guess at the beginning of last year arm and we did and it's been an interesting and interesting journey in the it's been a light of hard work a different kind of hard work but it's been extremely rewarding and substring was just the first idea that we wanted to Canada kick-off when we needed some place to start and that he is very small so we needed to to build something that we could get out without taking too much time still as I started to say it's it's a pretty basic concept if you have local music on your iPhone or are you using iTunes match what the Apple do as little a look at it and it'll shuffle all that stuff and the trick is that when you use the regular music apathy shuffle as you go through songs if you hear something that you like you wanting a more direct from that album if start shuffle step outside good listener more and then come back and reshuffling all the while the finger Stringer is you can where you are in your shuffle planner step over to the side and throw some songs in the inner rate after second hearing what Malcolm Auger the other weenie and with Matt artist from the other arms appearing a collection and continue wine so it's like a customisable shuffle there some of the stuff that's built into it you can point writings playlists arm you can see the strings if you can tell a string to your liking if you have you all this on S1 albums and it's only the songs you like you can even save stuff within the applicant that it does a few other things it's the kind of thing that now so many people use streaming services they cardio in spite of I and that's that's calling in in others they offer amusing things that the core group of us that had this idea though we have really big musical actions and we listen to allow tomorrow music still and I think they're still a pretty decent number of people could do finds in our group and you know iTunes isn't selling as much music as they once were but they are still selling a pretty decent amount of itself if you are someone who does fall into that category and listens to a collection and likes to shuffle and often thanks and I'd like to hear more of this then it may be some free to check out it's pretty fun we we think it looks real nice and are there's not many bugs are okay nicer that submits always handing out yet AIM so people should forget shuffle and they should string and arm honestly are at play with it and I know this is still things like animations business it looks very very cool the stringy affected spherical arm so you about I play with it I quite like it arm I have actually been going through a phase and listen to a lot of pod casts more than I am listening to music but still are I have to admit it is so much better than the built-in shuffle functionality and are as I said i.e. I am like you II don't stream very much I tend to were I have my music collection so it suits me perfectly so if you particularly then I'd encourage you to check it out are it is so it is free on the App Store a belief it's free with line I purchased one like the advantages that you can deftly try and and figure out if it's really can you can use it for free to write content are just as it is cool excellent writing will arm thank you for that and I guess the farm we might leave it there than the sending still bound project now we could go on forever about his ISP exactly draw God right somewhere I think is whether this was a good jumping off point ethic we touched on a lot of things in a very shallow level and maybe will revisit some of these in the future but there is there is so much talk about we could go on exactly so if you do want to talk more about this arm you can reach me on Twitter and John sitting in my is with a podcast hosted are a lot of my writing of the stuff that I've done lots any feedback please use the feedback form on the website that's where you also find the casts pragmatic don't forget about the T-shirts there is a link in the show notes this time promised and I grabbed my canon can be forever again so this is your last chance and we can are you followed pragmatic show on Twitter to see show announcements and other related stuff and I'd also like to thank my youngest host for coming on and that was the best way you can find on Twitter and settler through there and if you like the things they say you can read is that they read occasionally I stayed at settler for gardening you are one of privacy think you it was work and it's only in retrospect it's our it's yet is just comparing contrast things in different approaches and really just feelings and not allow science but it's just enough stuff on my mind so there is cool ON if everyone is either if you want to work with the Australian Senate one nickel finish nickel that stuck arm for blooming company and he Derby to come for a product very good excellent while arm a final thank you to both of our sponsors for this episode are firstly a personal thing, sponsoring a show hover is a domain registrar that simple and easy using valet service your existing domain transfers making it simply the best way to find full control of your domain names check out, and finance just how easy it is to use the coupon code pragmatic to get 10% off your first purchase let hover valet domain stresses away today I'd also like to thank many tricks sponsoring pragmatic if you're looking for some Mac software that can do many tricks remember specifically visit this URL many tricks or more information about their amazingly useful apps can use the pro bono discount code pragmatic 25 pragmatic word to 5 numbers 25% off the total price of your order sorry it's only for a limited time only keep extending it that they were forever getting weekend thanks again everybody and of course concept thanks management�
Duration 1 hour, 45 minutes and 45 seconds Direct Download
Episode Sponsors:
Hover: Hover is a domain registrar that’s simple and easy to use with a valet service for your existing domain transfers and an amazingly accurate and helpful new domain suggestion search making it simply the best way to buy and keep full control of your domain names. They won’t upsell you on essentials like others often do, they offer bulk discounts and also offer EMail, storage and forwarding services too. Let Hover valet your domain stress away, today. Visit and use the Coupon Code PRAGMATIC for 10% off your first purchase at Hover.

Show Notes

You should also check out Seths new venture at Hey Derby and their iOS app Stringer.

Related TechDistortion Articles:

T-Shirt Direct Link:

Previous Pragmatic Episode Links:

Related Links:

Government Tracking:

Premium supporters have access to ad-free, early released episodes with a full back-catalogues of previous episodes


Seth Clifford

Seth Clifford

Seth is CIO of Nickelfish and he also appears on the Iterate podcast.

John Chidgey

John Chidgey

John is an Electrical, Instrumentation and Control Systems Engineer, software developer, podcaster, vocal actor and runs TechDistortion and the Engineered Network. John is a Chartered Professional Engineer in both Electrical Engineering and Information, Telecommunications and Electronics Engineering (ITEE) and a semi-regular conference speaker.

John has produced and appeared on many podcasts including Pragmatic and Causality and is available for hire for Vocal Acting or advertising. He has experience and interest in HMI Design, Alarm Management, Cyber-security and Root Cause Analysis.

You can find him on the Fediverse and on Twitter.