Posts Tagged

software

The Fun World of Firefox Browser Addons

Elizabeth Technology October 20, 2022

With the recent announcement that Chrome is gutting ad blockers, it’s never been a better time to switch to Edge (which we recommend because it is especially easy to use) or Firefox. Edge is better for business – but if you want a smoother, less ad-riddled home browsing extension, why not check out Firefox?

Ad Blockers

Because Google sells quite a few of the slots you see online, it’s become disincentivized to let you avoid them on their browser – so Chrome will no longer block ads because that would be blocking Google from making that sweet, sweet ad money off of your views. And ads are everywhere. You scroll past them in between posts on TikTok and Tumblr. They appear on the sidebars and banners of news websites. They autoplay when you open Youtube, and speckle the progress bar with yellow. They’re obnoxious. And simultaneously insidious – you may watch a clip of a seemingly normal Instagram video only to realize after they begin pitching the product hard that it’s not a recommendation, it’s an ad, and you simply missed the little sponsor logo in the corner. Ads track you. Ad companies watch you view their ads and then determine from your behavior whether or not you’re interested. They watch the content you watch, and determine your age, gender, nationality, political affiliation, hobbies, and more from your online behavior. Even if you don’t mind ads, this tracking is often enough to justify an ad blocker in and of itself.

That said, ads can be pretty annoying. Especially if it’s disguising itself as regular content. Edge, a popular alternative to Chrome, still has an ad blocker, but does it have a sponsored post blocker? Because Firefox has both! Firefox can filter out sponsored posts from your websites alongside the normal ads you see everywhere. If you’re sick of sponsored content making up an unfair percentage of your feeds, Firefox has you covered.

Password Managers

Edge, Chrome, and Firefox all have versions of their own ad blockers as well as third party versions that can be downloaded to the browser – Firefox, however, will allow you to synchronize this across devices without a fee. While we like and recommend LastPass, it’s only free if you’re using it on one device, and you have to pay to sync it on multiple devices, which can be a bummer.

This is a mixed bag of a tool. On one hand, having all this stuff stored safely inside your Google account sounds great and convenient, and usually it is – except in the case of hacking. If someone socially engineers their way into your Google account, suddenly all of your other passwords are stolen too. Nightmare! A Firefox account, which does not have its own email service, is less likely to get hacked if only because it’s less immediately valuable. By dividing your email service from your browser password service, you’re not putting all of your eggs in one basket.

As far as security, a really good fake webpage that trips your browser or password manager to auto-fill the password would get almost any password service, built in or not! Turn off auto-fill if you can.

Other Goodies

Firefox has tons of other useful addons as well! Tired of getting distracted on Reddit, but can’t seem to stop typing in the URL almost unconsciously? Download Impulse Control and wrest your eyes back on task. Trying to keep cookies under control? Download the extension that shortens the path to deleting your browser history right to your window. Ads still squeezing in, or threatening to break your page if you don’t turn off your ad blocker? A browser extension called DeCentralEyes promises to serve more local content that won’t slow down your page or give a ton of info to bigger third-party ad sites. You can remove ‘recommended’ content on YouTube to see only the people you’re subscribed to on your front page, and skip out on YouTube sponsorships with a separate extension from that one. Overall, you can completely tailor your experience on Firefox, and you’ll have quite a bit of privacy from the business running the browser itself while doing it.

If Chrome isn’t going to offer you privacy or add-free browsing or a customizable experience, consider Firefox!

(Those extensions: https://addons.mozilla.org/en-US/firefox/addon/youtube-recommended-videos/?utm_source=addons.mozilla.org&utm_medium=referral&utm_content=hotness

https://addons.mozilla.org/en-US/firefox/addon/sponsorblock/?utm_source=addons.mozilla.org&utm_medium=referral&utm_content=hotness

https://addons.mozilla.org/en-US/firefox/addon/decentraleyes/?utm_source=addons.mozilla.org&utm_medium=referral&utm_content=rating

https://addons.mozilla.org/en-US/firefox/addon/clear-browsing-data/?utm_source=addons.mozilla.org&utm_medium=referral&utm_content=hotness

https://addons.mozilla.org/en-US/firefox/addon/impulse-blocker/?utm_source=addons.mozilla.org&utm_medium=referral&utm_content=featured)

Metadata: What is it?

Elizabeth Technology August 30, 2022

The BTK killer was caught with metadata. Geotagging can unintentionally help poachers find endangered animals, and metadata can reveal hidden layers in images. Metadata. What is it?

What Is It?

Metadata is the data about the data. Generally, it falls into three families: Structural, descriptive, and administrative. Structural metadata is what it sounds like, it’s data that has to do with the structure of the data. When you take a picture, the information about the device (what kind and what camera, time, etc.) is stored in that picture. Video length and picture quality are also forms of structural metadata.

Descriptive metadata is data attached that may or may not have to do with the data inside the document: it’s data purely to make locating things easier. An ISBN is metadata about the book – it’s the book’s identification number, and it’s an identifier that humans have attached for the sake of control and ease of access. The Dewey Decimal system attaches even more data by describing what kind of book the number’s attached to.

Administrative metadata contains information about who created files, when they were moved, and when they were edited. When you type in an up-to-date word processing program, most of the time, the computer will know which user profile did the typing. It’s also the information about copyrights and where the picture came from originally, which is useful for tracking down leaked photos from services like Patreon. Keeping the art and comics exclusive to Patrons is what keeps it viable. This is administrative metadata.

EXIF DATA

EXIF data is data that’s stuck to an image, but it depends on file type – not all kinds of images have EXIF data.  With the right program, you can see into the EXIF data, because the file essentially has layers hidden within it. This is great for the scenario above, where a Patreon content creator may be trying to track down a picture leaker. First, they gradually narrow down who receives a certain tag on their comic, and make those groups progressively smaller. Eventually they get to the specific tag and user who’s been posting their content elsewhere. There are other, more foolproof methods, such as putting something visually different (but minor!) in the comic so it can’t be deleted (EXIF data can be) but it’s certainly a good option. It also helps with criminal investigations and copyright claims for similar reasons.

Geotagging

When you post a photo online, you should also check your phone’s settings to be sure Geotagging is off. Geotagging is another form of metadata, and it’s where the phone attaches a location to the image. Families on vacation taking a picture of a rhino and posting it right away can lead poachers to its location. The same applies to the inside of your house. Don’t post pictures of valuables if people can find out where the picture was taken!

Instagram and Facebook both scrub the EXIF data from pictures before uploading them, but places like Flickr and Shutterfly do not. It’s a double edged sword – you’ll have to keep geotagging off for Flickr, but you won’t have to worry about the copyright info disappearing from the pic. Facebook strips all the location and photography info, but hidden copyright is gone too. Choose wisely – and maybe use a watermark.

Side Note: Don’t %#*& With Cats – and Metadata

It only took one unscrubbed photo from the Cat Strangler featured in Netflix’s documentary “Don’t %#*& With Cats” for his location to be compromised. Internet sleuthing leads to witch hunts more often than it does good convictions (see Sunil Tripathi) but in this case, metadata was one of the few pieces of the puzzle the online folks had that wasn’t circumstantial.

For those of you who haven’t seen the documentary, a Facebook group begins tracking down a serial animal abuser. The Cat Strangler eventually escalated to killing a man, and while seems like the police had been ignoring the Facebook group before, it’s more likely that the evidence was just… not that great. A blanket bought off of eBay that ships overseas isn’t the rock-solid proof the documentary portrays it as, but the metadata was! The Cat Strangler’s repeated comments in the actual group were also compelling evidence. That was incriminating, and it was info the police could use. Ultimately the group did help track the man down, and evidence gathered helped get him convicted, so it didn’t all go to waste.

Deleted Docs and Recovery

The reason data recovery is even possible is because stuff isn’t deleted deleted until it’s been written over with something else. Free space isn’t empty space, it’s just space the computer is allowed to write on. This is why you need to start the data recovery process as soon as possible after a major loss. The data’s not necessarily gone unless the failure was catastrophic, and you may have a chance to recover it. This is metadata in action!

As mentioned above, metadata can also be used to identify the age, previous locations, and editors of a document. If a document is older than the event it’s supposed to be covering, you know for sure something’s wrong.

Document recovery tools and data forensics are two groups that go hand-in-hand. This article is very technical, but it goes over a lot of interesting information: here. It does a better job than I could of describing what the tools do. In basic terms, a metadata-based recovery tool finds where the file used to be stored using the directory. It then copies that entire chunk, including hidden bits, and reconstructs the file based on that. This isn’t a perfect explanation, so if you’re interested, go ahead and read that study.

Side Note: BTK and Metadata

Metadata once famously led to the capture of Dennis Rader, the BTK Killer. He’d used a floppy disk that had previously held a document from the church he worked at. The last person to modify it (which would have been the person to delete the document) was “Dennis”. Between that and DNA evidence found at a scene he confessed to, he was trapped! He’d sent the floppy in after they told him he’d be anonymous still, and the police weren’t technically lying. They expected him to use a fresh disk, in which case they’d have never been able to track it back to the church.

Sources:

Do your online photos respect your privacy?

https://www.theatlantic.com/technology/archive/2014/01/the-floppy-did-me-in/283132/

Animal Instinct: How Cat-Loving Sleuths Found an Accused Killer Sadist

What is Photo Metadata

https://www.forbes.com/sites/michaelshiels/2016/09/07/deadly-virtual-postcards-lead-poachers-to-rare-endangered-trophy-animals/?sh=56014dcc23ad

https://eudl.eu/pdf/10.4108/eai.13-7-2018.163091

The Kinect’s Path To Market

Elizabeth Technology August 23, 2022

The Xbox Kinect was famous for a couple of things: it could see you without a remote, unlike the Wii, it could take commands without a controller, unlike the PS4, and it nearly caused riots when Xbox demanded it stay on, always.

Xbox. You can’t just do that. But first, lets look at why it was launched in the first place!

Innovation

The Kinect didn’t need a controller to register your movement, something other consoles still struggled with. Even when PS4 wanted to incorporate more active games into their lineup, they went with a remote that looked a lot like the Wii remote. It fit nicely into the hand, but as some users discovered, cheesing the game by only moving your arm was too easy. Besides, if you executed a dance move perfectly except for your wrist, you wouldn’t be rewarded for it. The Kinect set out to fix the problem by cutting out handheld remotes completely, and provide a bigger space for users to interact with the game. The main problems with this were room detection and movement detection – other consoles didn’t bite because the prototype was fiddly at best. The machine didn’t know how to “see” the human figure, and instead it would try to analyze a movement based purely on camera alone.

If the machine doesn’t understand the way a human can and cannot move, it’s much more likely to mis-detect pieces of furniture and light sources as people phasing in and out of existence. This makes gameplay jerky and difficult, and it’d take time to fix. Luckily for the development team, Microsoft doesn’t mind waiting – in fact, they’re happy to have something that can compete with the Wii in their development lab. They knew right from the start it would be difficult and expensive to do all the research necessary to make the Kinect work. In fact, it was shelved once or twice while software caught up! But it would be worth it. Right?

Competition

The Wii was very popular, but Nintendo’s habit of underproducing cut sales. Weeks at a time went by where nobody could find a Wii except from scalpers, who charged two or three times more than the original selling price for a unit. The PlayStation version was a much better seller, but unlike the Wii, the PlayStation was not built around motion games. Its movement-game library was lacking, even though their motion controller was completely fine. The Kinect was going to revolutionize the market with a fresh take on dance games, a commitment to fitness, and a constant stream of new games that would make the Kinect the Christmas gift of the year!

The technology was new – nobody else had taken the initial contractor up on their motion sensing. Xbox had exclusive access to something incredible. They pared down the size and made it more responsive. It could adjust to the room it was in! Nothing like it had ever been seen before, and it was all designed to fit neatly on top of the console or TV. It really was a revolutionary product.

However…

Nintendo was able to produce a whole library of games for the Wii, and Playstation’s modest selection was fine for the price of the PlaySense controller. Xbox only released 5 titles at launch, assuming third party developers might step in. They didn’t. Programming around the Kinect seemed like a nightmare, a time-consuming task that they’d rather not buy into. This was long before VR was a thing, and developers would need a lot of time to even learn this new engine, let alon make something using it. But Xbox could still make that work, right? They’d make their own games on the regular, just like they did for the source consoles, the Xbox 360 and the Xbox One. Especially since they’re thinking about making the Kinect mandatory for the XBone, right? You wouldn’t force people to pay extra for a dance game they didn’t want, right??

New Console

The Kinect was completely optional for the 360, but at announcement, not for the Xbox One (also known as the XBone, a nickname intended to peeve off Microsoft). People who didn’t intend to use the device were angry that they were paying extra for ‘nothing’, and people who did want it were angry that the console might not work without it. Either way, it was a bad idea to try and push the two out together to boost a failing product.

The Playstation’s latest launch did no such thing, and shared many of the features of the Xbox One, including all the new entertainment features like a DVD drive and access to Youtube.

Anecdotally, when this was first announced, I remember many people on forums claiming they’d leave Xbox for PlayStation if nothing was done to correct this injustice. Whether or not they actually were going to or even had the ability to wasn’t important. The statements themselves drove newcomers just entering the console market off into PlayStation’s waiting arms. Playstation was a gaming console, where the XBone came with a lot of strings attached. Or it would have.

Failure Approaches

Companies were already facing backlash for “always on” before this – Xbox shouldn’t have thought it was exempt. The latest Assassin’s Creed was declared unplayable by a sizable portion of their audience, and EA’s “always on” Sims release turned many people off the franchise. In my opinion, they’re right to be angry! Internet connectivity is not guaranteed everywhere, so limiting access to a game because of location is very, very annoying. Instead of getting to continue a story they like, they’re now limited to watching other people play through it, people with better internet than them, on forums and Youtube.

Always on is supposed to allow for updates on the regular, but a side effect is that the game won’t boot until it’s fully updated if you had the console off for a length of time. It’s very annoying to sit down, expecting to be able to play a video game, only to have to wait an additional 40 minutes while it catches up. Because, you know – computers are supposed to be turned off every once and a while. You’re going to restart your Xbox to keep the red ring of death away.

The Kinect would be off to a rough start. But surely for the people who did have access to good internet, this would be a smash hit, right? Always on means games are always bug-free (in theory) and besides, the Kinect was revolutionary!

However, the Kinect could respond to voice commands. It needed to be listening to pick up on those commands. This meant that the Kinect would always be listening, and the camera was always on, too. In a world before the Amazon Alexa and Google’s Cortana, this seemed incredibly invasive! If your console’s in your bedroom, is Microsoft listening to you, even then? Yikes.

What Happened?

The Xbox One, or the XBone, was forced to drop the mandatory internet connection and included Kinect before release – people just weren’t ready to have Xbox’s version of the Amazon Alexa yet. Additionally, PlayStation had gamed them by announcing the exact opposite of what Xbox announced: Where Xbox said “internet required”, Sony said none needed. Where Xbox said “Always Listening!”, Sony said unnecessary. And when Xbox said “Digital only, no sharing!” Sony said of course you can share games. Sony knew what Xbox was doing to itself and simply let it happen. Xbox was forced to retreat and retract ‘features’ to keep up with the newest PlayStation.

That ‘sharing games’ thing was a big point of concern. People saw a future with no retro games and no more local co-op. And Xbox framed this as a good thing! It’s connected to your library so you’ll have it anywhere you go. Yeah, that’s cool! But Xbox would have effectively shut down their part of the game-reselling industry to make it happen and killed a lot of joy in the process.

Long story short, Xbox’s decisions killed some of the hype for the newest console – the Kinect got caught by the fallout.

Legacy

The supply of Kinect game titles is very small. Trying to shove it into a package with a console that was already on thin ice with consumers was always destined to fail. It wasn’t a bonus; it was a liability! On top of all the other liabilities that they wanted the XBone to have! If workers took their work home, was the company going to have to make a policy of no Kinects? Is Microsoft watching your children and you just out and about in your house? It sounds paranoid, until “Always On” was used to sell ads elsewhere. Not from Kinect, but other companies.

It had far more negatives than positives at the time, and that on top of everything else the XBone was doing wrong led to Kinect’s demise. It just wasn’t fun enough to replace the controller games that everyone – including game makers! – were used to. It wasn’t fun enough to ward of criticism of “Always On” tech. It just. Wasn’t. Fun. Enough.

Besides, the Oculus Rift and other Virtual Reality headsets almost always use controllers. Between the helmet sensing motion and the handles sensing your movement, it was easier to program for, so as soon as they were available they soaked up any demand there might have been. No skeletal tracking, with the added benefit of VR immersion. The Kinect can’t put you in Skyrim like a headset can, even if it lets you interact with the game like you were. It’s a baby step, instead of a gigantic leap. The Kinect was simply too big a step for the time.

Sources:

https://www.svg.com/101430/everything-microsoft-wrong-xbox-one/

https://www.businessinsider.com/xbox-one-kinect-privacy-issues-2013-5

https://www.digitaltrends.com/gaming/kinect-for-xbox-one-discontinued/

https://www.polygon.com/2020/1/14/21064608/microsoft-kinect-history-rise-and-fall

https://www.pcworld.com/article/2042445/microsoft-reverses-policies-on-xbox-one-rentals-online-check-ins-and-region-restrictions.html

Click Options And Why

Elizabeth Technology August 11, 2022

The Double Click

Double clicking used to be the default for interacting with items on the desktop. If you wanted to open an application, you’d need to double-click it. But what purpose does that serve?

Double-clicking allows for more functions to come out of one mouse button. The mouse you’re using right now (unless you’re using something like a gaming mouse) most likely has a maximum of three buttons and a minimum of one, depending on what brand you’re using.

Right now, if you single click on a word in this sentence, nothing will happen. If you double-click the word, the word will become highlighted. If you triple-click it, the entire sentence will become highlighted. Then, using either keyboard shortcuts or the right click function, you can copy it, if you so desire. The same applies to word processors – if you do this in Word, you’ll be able to alter the entire paragraph, delete it, etc. without moving your hand down the entire height of the paragraph, the way you’d have to if you were drag-clicking to highlight.  The multi-click function here is providing additional functionality to your mouse. Pressing and holding the button, combined with moving it, can provide alternate functionalities as well. Many computer mice allow you to press down on your scroll wheel and click-and-hold the right button as well, allowing you even more options.

An easily visible divide between the first generations to use computers at home or work and the latest is whether or not they double click links to open them. The first several home editions of Microsoft Windows required that users double-click some things and not others, but since double-clicking would open anything anyway, many users became accustomed to just double-clicking everything. Even today, Windows requires you double click a program to open it (unless you alter that yourself in your settings) and single clicking only selects the icon. Single-clicking has become the default for many items online as well as many applications. Double clicking requires more fine motor skill, but since users can adjust the length of time they need to click the second time for it to register, it’s not the speedbump it used to be.  

Single Click

Single-clicking is the new default. Not only does it make it a bit easier for users with motor-control issues to use websites and apps, it also makes it easier to translate websites to mobile. Double tapping is an option, of course, but it’s much more finicky than double-clicking because the screen is so much smaller. Simply tapping once can accidentally activate buttons when the user is trying to scroll, yes, but it’s a better option than the alternatives. Tablets, which are often an in-between mish-mash of desktop pages and mobile’s touch functionalities, also benefited from the move to single-clicks.

Similarly, on desktops, double-clicking when you have three buttons on your mouse already was unnecessary unless there’s a possibility you meant something else when you clicked it. Most things except for in-app functions like highlighting words now take single-clicks and double clicks, but the single will work fine until you get back to your desktop.

Apple Conundrum

Apple’s dedication to streamlining their devices has lead to the magic mouse, a wireless mouse with no outwardly visible buttons and a charging port placed deliberately on the bottom of said mouse to keep you from leaving it plugged in while you use it. Where Microsoft and third-party mice have two or three buttons at least, Apple mice trend towards one! Being able to click the scroll wheel might be extra, but the right-clicking function opens a menu relating to the item being clicked on. Apple instead has users press the control button as they click something to open the analog menu in Apple devices. A side effect of this is that you can’t do the equivalent of right-clicking with only one hand.

This accomplishes the goal of simplifying the mouse, but it does so at the cost of simplicity overall – Microsoft’s left-right mouse clicks are sort of the default. An Apple user could come to a Microsoft mouse and discover through trial and error that the right-click behaves like ctrl-click does, but a Microsoft user is not likely to have the same results – I had to Google it myself to find that out!  

The mouse is a powerful, valuable tool. It communicates with the desktop in a way that even touchscreens can’t. To reduce its functionality to left-clicking only feels like missed opportunities when so many buttons can be packed into the same device without sacrificing usability or accessibility.

The Worst of Every World

I propose instead of even that single click, Apple could introduce the hover-to-click option. This would be unequivocally worse than any other option. It would add a delay to every single click, it would make web browser games unbearable, and it would require the introduction of more button-pressing on the keyboard side to do things. But, it would also remove Apple’s need for the one Magic Mouse button on desktop computers, and leave it instead in a strange purgatory where it is, more or less, a laser pointer.  

More Antivirus is Not Always Better!

Elizabeth Technology August 9, 2022

Built-In Antivirus

Microsoft Windows has come with it’s own antivirus for quite some time. Windows 10 and 11, for example, came with Windows Defender built in and on automatically unless another antivirus was installed, at which point it would automatically switch off. Windows Defender by itself is plenty of defense for the kind of run-of-the-mill threats you’d run across browsing unsecured websites or trying to download games from websites other than big, trusted ones like Steam (given you’re listening to it when it suggests you double-check the source and double-check that you meant to download a .exe file) but some people would rather have this protection from a paid-for antivirus like Kaspersky or McAfee. The fact that those programs cost money doesn’t necessarily mean they’re better, but it can be a peace of mind thing – complaining about something that cost money means that some penalty can be extracted if the user isn’t satisfied, even a penalty as small as a partial refund.

This Computer’s Not Big Enough for the Two of Us

Windows Antivirus is unique for automatically stepping down when another program steps up. Many others don’t!

Antiviruses do not get better the more that you have. They interact in ways that step on each other’s toes and lead to false alarms. As an example: say a computer has both Norton antivirus and McAfee antivirus installed. McAfee will try to scan the computer for new threats upon startup, but will be interrupted by Norton, who interprets the file-checking as potentially hazardous behavior. Norton isn’t wrong, because ransomware will often sweep through files in some way or another, but it doesn’t recognize McAfee, and almost no other program has a reason to do that anti-viral scanning. Thus, Norton then tries to report McAfee to you! Some antiviruses have safety rails that literally will not let you whitelist (whitelisting refers to telling a program that a file or action is okay, or ‘whitelisted’) certain executable programs, so you get stuck in this horrid, unbreakable loop of antivirus fingerpointing every time you boot up your computer.

These interactions actually make your computer less safe – if both antiviruses have deadlocked themselves out of scanning because the other one says it’s a virus, your computer is not being scanned. That’s bad! Scanning is not completely foolproof, and a regular residential antivirus won’t necessarily be able to catch or handle something industrial grade, but it catches plenty of small things like trojans before they become serious problems that can cripple your computer.

Your computer is much better off with just one brand of antivirus on it at a time. Instead of more, buy better. And if you’re unsatisfied with one brand’s performance, completely uninstall it before you install the program you replace it with. Not only does that prevent them from interacting in a negative way, it also prevents the previous program from hassling you to renew it with pop-ups (McAfee is infamous for this). Either way, it’s going to save you some annoyances!

And in Other Realms

The antivirus problem is a pretty unique one because most programs don’t interact with every file on your computer in the way that they do. Two art programs are not going to start fighting over which one you should use, for instance. However, some other cases can be pretty similar. Like VPNs! Having more VPNs is going to slow down your computer without much additional benefit. The way a VPN works is that it takes your request, encrypts it, sends it to a server, unencrypts it, completes the request, encrypts it again, and then sends it back to you. This keeps your ISP from seeing this request, but it doesn’t necessarily anonymize the data – after all, the VPN’s server has to unencrypt the data to actually complete the request, so the VPN knows what the data is, and it knows where the request is coming from in the first place. The VPN has the same visibility the ISP initially had. Adding more VPNs to your computer will not solve this problem, it will just move it down the chain, and add extra time to each request you make in the meantime as it bounces around VPN servers.

If you only need to protect your data from the coffee shop’s open Wifi or want to watch Netflix Canada, the kind of VPNs you see advertised on Youtube will be able to do the job – the data won’t be strictly, unsubpoenably anonymous, but it will be encrypted and rerouted well enough to make those two things happen. If you’re trying to search for things that nobody can know about, you’d be better off downloading TOR (which stands for The Onion Router), a popular VPN with an excellent reputation for encryption and security. Using TOR to do illegal things is illegal, of course, but the act of downloading it and using it by itself is not.

Intro To Phishing, And How To Avoid It

Elizabeth Technology July 14, 2022

What is Phishing?

Phishing is the action of sending someone messages with the intent to deceive them into parting with information they otherwise wouldn’t have shared. While it’s commonly used to try and steal logins, cookies, and other digital data, it can be used to snatch things like government-assigned identification numbers, important medical information, and more.

It’s also not limited to email, despite the common perception – ‘smishing’ is phishing over text using things like fake verification texts, and the ever-popular phone scams can phish by pretending to be a bank or other service that the victim may actually use.

What’s the Risk?

Getting your PII (your personally identifying information) stolen is kind of a nightmare. You probably don’t need me to explain all the ways identity theft can really screw up your credit and reputation!

If a scammer gets ahold of the login to your bank service, and you don’t have 2FA enabled on your account, they can do quite a bit of damage to your account by requesting cards, making fraudulent purchases, or transferring out money. Even if your bank has policies to protect you and undo all that mess, it’s still going to be a very frustrating and anxious few weeks of reclaiming control of your account, communicating with the bank, and the bank trying to track down the phisher (if they even can). That’s just one login!

Aside from the big, important services like your bank and utilities, getting your password and login stolen from a service you don’t consider important can still really suck. It can even lead to the phisher getting into the services you do consider really important. Take a smishing attempt that looks like Fedex has tried to deliver a package, but couldn’t. Were you expecting a package? If you were, you’re probably a little concerned. You don’t notice there’s a typo in the text, or that the number it sent from is different than usual. You click on the link, and it leads you to Fedex Smart Delivery manager, prompting you to log in. If you type in the login, then you just gave them your Fedex credentials! That doesn’t sound like a big deal – Fedex is easy to reset, right? But it is a big deal. Your address is in Fedex. You have your telephone number in Fedex. Your delivery history is in Fedex. The phisher can use some of that information to open accounts in your name that they don’t intend to pay for, which can impact your credit score. Plus, if you reused that password anywhere else, you have to reset it everywhere it was used, because odds are the phisher is going to try and get into everything they can to gather more data and steal working accounts.

How to Better Protect Your Accounts

All of this sounds really painful. Luckily, there are a few tips that can make your information safer! Firstly, don’t re-use passwords. You may groan at the thought, but reusing a password for services makes it much easier to steal an account of yours if they get that password via a site breach or a scam. We recommend a password manager like LastPass – it makes it much easier to store and create unique, strong passwords for every site!

Secondly, you’ll be better protected if you use two-factor authentication on every website that has the option to. If you do fall for a phishing scam, the scammer won’t have the code necessary to get in! Of course, some scams are sophisticated enough to think of that beforehand: Craigslist, for example, had a bad rash of scammers a while back who would “text a code” to a seller “to make sure they were a real person”. The seller then gives them the code, and the scammer now has a Google Voice number with the seller’s phone number as the verified number behind it! They just social-engineered their way into bypassing 2FA. This is why you should never give out verification codes – especially if you didn’t request them. Instead, it might be time to reset the password of the account that verification email came from. Just don’t click any links in those verification emails, either: go straight to the home page of the site instead to log in. The verification email might be a phishing attempt all by itself, hoping you’ll click a fake link to the website!

How To Avoid it in the First Place

It’s better if they never get to test 2FA at all. There are a few key tips to avoid phishing scams. Firstly, is there a sense of urgency? Your utility companies aren’t going to call and say they’ll shut off your water without at least a few mailed reminders that your bill is due! The same goes for your bank. If they demand that you resolve a problem right then, right there, out of the blue, it’s probably a phishing scam (if you’re nervous it’s not a scam, call the alleged company using their number off of their Google page or their real website). This goes for both phone and email phishers.

 If it’s an email or a text, ask yourself if you were expecting an email or a text from that company. If you get a Fedex text update that you didn’t sign up for, it might be a phishing scam. If you got a notification from Walgreens that your photos have finished printing, and you didn’t print any photos, it might be a phishing scam. They want you to click or tap the links they include to see what’s going on. Spelling errors are also a common tell – it’s not impossible for a company to make spelling errors in their communications with you, but they won’t be littering the page with them! Phishing scams do that to weed out people who know better so they won’t waste time on targets that won’t crack.

You should also check the sender of the email! Spoofing is a technique that attaches a real name that you might know to an email address or phone number that definitely doesn’t belong to them. Anyone can set their name to George Smith or Big Company Customer Service in Gmail, but they can’t change the email address they’re sending from. If it’s [email protected] and not [email protected], for example, it’s probably a phishing scam.

The same goes for caller ID, although it’s getting harder and harder to tell real calls from fake ones – scammers can set their name to something like “Hospital” or “School” to make it more likely you’ll pick up. Some more sophisticated operations can even make it look like they’re calling from a different number altogether, using VOIP technology to match the area code of the caller to the person being called. Just like in the urgency tip, you should be able to call a legitimate company or organization like a school back from the number they have on their website, or the number you know to reach them at. If they’re really resistant to you hanging up and calling back for reasons that don’t make sense, it might be phishing. Unfortunately, some scam calls are really tough to pick up on, and the FCC can’t do much to stop them if they’re not in the US. Many people today don’t answer their phone unless they were explicitly expecting a call as a result, and phone companies themselves sometimes offer up call and text screening.

Spear Phishing

Spear Phishing is much more sophisticated by default. It’s a scam that can’t just be blasted out to 500 people, they want to get you! They’ll use every trick in the book they can to get you to click a link or give out information you shouldn’t. If they think you have valuable information on your company, for example, they may send an email pretending to be a coworker by using spoofing, and they will write more carefully to avoid misspelling anything. If something doesn’t feel right, it’s important to check the ‘coworker’s’ email address for spoofing, which should stop most spear phishing attempts in their tracks. If you examine the entire domain name for misspellings, you may find one! For example, somebody using [email protected] or [email protected] instead of [email protected] might snag a few people who didn’t look closely enough. A scammer may also try to use a line like “I’m locked out of my work email, so I’m using my personal one” to try and impersonate your coworker. Many organizations have policies against using personal addresses for this exact reason – how can you verify they’re with the company if they’re using Gmail or Yahoo? Anyone could make an account with their name at that point! In this case, if the coworker didn’t warn you or share this address with you beforehand, you shouldn’t interact with the email further. Don’t click any links or attachments in the meantime.

You can even forward the email to IT! If you’re worried that the coworker really needs that sensitive data (which fits into creating a sense of urgency, like mentioned above) consider the risks of falling for a phishing scam vs. the risks of standing your ground when you didn’t need to. A phishing scam can completely pull down your entire operation, lock up or steal files, and wipe computers of their data, setting a company back with nearly nothing. Not giving information out to an email address you don’t recognize can delay a project or annoy a client, yes, but it’s much better than wrecking your organization, in which case you’ll also delay projects, but for much longer as your company recovers from a phishing-based security breach. Better to be safe than sorry!

Why Didn’t Projection Keyboards Take Off?

Elizabeth Technology May 12, 2022

They’re Not Actually That Convenient

While they look cool, and the premise sounds like it’d be more convenient, the reality is that they weren’t. Anything made of light can be interfered with using other light, firstly – all of the coolest demo pics showed the keyboard being used in a low-light situation, primarily so you could see it better in these super cool pics but secondarily so it would work better. Speaking of seeing it better, that’s a problem too. Looking at bright things in the dark can cause eye strain, and while you probably don’t need the lights completely off to see your keyboard, your monitor itself is going to produce light, so working in suitable conditions for the keyboard may not be suitable given your monitor. You can lower how much light the monitor produces, but you also don’t have to do that for other keyboards, so.

Secondly, you now have to have a flat surface to type on. You may think “regular keyboards need that too!”, but they don’t need it as badly as the projection keyboards need it. You can type on a laptop on your lap. The keyboard (unless you’re typing on a flimsy, ultra-thin device) can support its own weight, and you can sit while doing it. If you don’t have a place to set the projection – like a table, or even a smooth chair – you’d end up setting it on the floor so it can project evenly. This then means that you’re touching the floor, or the wall, or whatever surface you have instead of your desk.

While this is, again, not a consistent problem, it’s the kind of thing you don’t want to discover in an airport or out on a hike looking for endangered frogs.

Nobody Likes Slapping Plastic

Turns out, a lot of people like haptic feedback. At the very least, they’re used to it. Typing on tablets can be frustrating for some because it’s unclear if they actually activated the button, requiring them to glance between the keyboard and the screen where the letters are appearing. Everything from long nails to caffeine shakes to physical disabilities can make it harder to type on tablets. The same applies to the projection keyboard. You’re left typing on whatever surface you have – most tables are hard, one way or the other, and so you’re slapping your fingertips down on something that doesn’t have any ‘give’ like normal keyboards do. It’s cool-looking, but not cool-feeling.

Mac ran into a similar issue when it was making the slimmest laptop yet – not only did the size compromise the strength and power of the laptop, it also achieved that size by eating up key height, which was the computer equivalent of breeding the snout off of an American Bulldog “because it’s what the breed standardizers want”. That keyboard felt like typing directly onto a hard surface, too, and a significant portion of the people who bought it didn’t like that.

Does it Actually Work?

It looks cool, and given the conditions are right, it works, right?

The high end models do for sure. The problem is that, like with any electronic, not every product on the market is legitimate or well-made for the price. The high end models can handle uncertainty in projection-to-desk distance, they can handle differences in light and a bright room, they can even handle small warps in the typing surface. The cheaper knockoffs of the original idea simply cannot, and in the same way Roseart pastels can convince children that pastels just aren’t for them, these cheaper projection keyboards did nothing to ingratiate the general public to the much more expensive version. After all, before you drop 300$ on something, you want to be sure you like it with a 50$ version first, right? That’s good advice for everything from fishing rods to model kits, because if you don’t enjoy it, you haven’t set yourself back $$$ to learn that.

At the end of the day, projection keyboards look cool, but they’re not actually that convenient to use, and not every model can even do the things keyboard needs to. Until they can do better than the flexible keyboards already on the market, projection keyboards are going to remain a niche item.

Games and Permanent Marks

Elizabeth Technology April 13, 2022

Should games be messing with file registries?

Before you read this, there are game-behavior spoilers for games from 2017 and back.

Games like being creative. They especially like doing interesting things to punish you for making poor choices or mistakes, although how the game defines ‘punishment’ is completely up to the developers. For example – sometimes, punishment for taking on an enemy you weren’t prepared for is simply dying a frustrating death, but you still get to keep your stuff and levels (like the Halo games). Sometimes, punishment means losing some levels, some of your stuff, and any consumables you used in the fight, because dying to the boss doesn’t mean going back to a checkpoint, it means going back to a spawn point (like Dark Souls).

Some games go even a step further than that – they write your failures or poor choices somewhere besides the game, so you can’t escape your failures unless you find those files.

It’s not a new phenomenon, although it has gotten a little more popular as of late. An old RPG by the name of Zork! would curse you if you tampered with a corpse, and you’d never be able to pick up treasure again. It would keep the curse stored in the Windows Registry, so not even reinstalling could help you. Fun!

The Famous Undertale “Genocide Route”

Undertale is a cute game with many twists, the first one being that you don’t actually have to kill any of the enemies – you can, and you’ll still beat the game, but you don’t have to. You may not realize this upon first playthrough, though, so when you beat the game, look up discussions or lore, and realize oh man I killed some guys you can go back through and play it pacifistically to get the ‘true’ ending. No penalties, you made an uninformed mistake and can fix it now that you know better.

However, this doesn’t apply if you decided to start maliciously slaying everything in and out of your way (the way other RPGs expect you to grind for experience points)! It really doesn’t feel good, not just because the characters are cute, but because the game is designed for random encounters, so actually finding every killable enemy in an area takes much longer than playing the game normally – even as your damage increases. At that point, you get a different final boss fight that’s even harder than the original Flowey fight (which isn’t spoilers), and you carry the mark of what you just did with you forever (intentionally vague). And the game really does mean forever. Even if you complete the total pacifist run afterwards, at the very last second, the game shows that it still knows what you did. Even at reinstall.

The game’s check that you killed everyone is in a folder that is separate from the game’s main ones. While it isn’t hard to find if you know it’s there, it was unsettling to the people who’d played the genocide route, uninstalled, reinstalled, and then discovered the game still remembered their crimes.

Anti-Pirating Techniques

In-game DRM, most popular in games from the late nineties up to the mid-2000s, prevents the game from functioning as intended. Some prevent the game from starting at all, others actively shame you for  downloading an illegitimate copy, but most sit somewhere in between. In the Spiro games, for example, you can still play… but you’ll never get to finish the game if it thinks you have an illegally made copy. The game becomes increasingly difficult to play, and when you get to the end, the game crashes and wipes your save. In Alan Wake, the game just slaps an eye patch on your character and guilts you without actually touching any playable aspect of the game. Restarting doesn’t make either of these things go away, but reinstalling might… if the legit copy was just faulty, or if you actually did replace your… faulty… copy with a legitimate copy of the game.

The DRM is part of the game, so it’s not technically a permanent mark on the computer, but a permanent mark on the game itself. Don’t pirate indie games!

Doki Doki Literature Club

If you’ve been online in the game-sphere in the past 7 or so years, you’ve probably seen the Japanese-Dating-Sim-inspired DDLC (or Doki Doki Literature Club) mentioned at least once. If you haven’t, this section will contain some vague spoilers. DDLC is infamous in the indie game scene for jerking very hard to the left, and executing that turn so well that it permanently shaped the way that flavor of indie game was made. The game actually pulls from the Windows or Mac directory to get your real name, but that’s not all. It actually invites you into the game’s files at the finale, and it organizes itself so neatly that removing a character is as simple as removing a folder with her name on it. It’s not quite that simple if you were to actually look inside the files (the game is actually doing a check to see if you’ve removed that file, and if you have, it removes the relevant character, because actually sorting character information like that is practically begging for bugs) but it is a very interesting way to handle the last scenes of the game.

Games That Uninstall Themselves

Some games actually refuse to leave any trace at all, insisting that you don’t replay them without at least a little bit of introspection in between runs.

Or, they realize they’re already on track to be uninstalled, and simply do it themselves. Meme games, meme horror games, and art games sometimes fit this description, but it’s honestly pretty rare. It makes it tough to get back into the game, because reinstalling games is annoying, so the games that do this either understand they’re special or understand they’re annoying. DDLC did this too, and so do a handful of Japanese games. One of the big ones is Nier Automata – if you don’t let characters delete themselves, you don’t get the ‘true’ ending.

If you like spoilers, or you just like seeing how games handle the concept, TVTropes actually has a whole page of games that self destruct, delete your data, or otherwise tamper with themselves as a game mechanism: https://tvtropes.org/pmwiki/pmwiki.php/Main/DeletionAsPunishment

Games That Install Things That Aren’t Really Part of the Game

The My Little Pony fangame Luna Game was sort of famous for this, if famous is the right word – within the incredibly niche community of MLP Horror fans, there existed this platformer that pretty much only played for long enough to serve up some jumpscares and then leave, granting you one final jumpscare with an edited creepypasta-style .jpeg that opened right after the game quit itself out. Later editions would open up the notepad and tell you something ominous.

Eventually, horror games realized this was associated with the sort of games that were easy to make and scariest for 12-year-olds who weren’t allowed to play scary games yet, but were afraid of breaking the family computer by downloading ‘a virus’ and getting caught.  As such, notepad txt files and simple jpegs aren’t really used this way anymore. When games want to show off their monsters, they put a gallery with still images of it in the game itself!

And, once again, DDLC did something higher with this concept – after the game deletes itself, it leaves a note for you, one that’s actually sincerely tied into the game and not a jumpscare or warning. While there’s a lot of room for creativity, there’s also a lot of room for things to go wrong. Some antiviruses, for instance, don’t take kindly to the ‘wrong’ kind of file opening while a game is playing. Other computers just don’t let the game put the files in the way it wants them to, meaning it can’t pull them back out the way it will need to at the end of the game.

Overall, there are many ways to add to a game within a game, so maybe twists and turns from fiddling with source files isn’t the only way to add scares or intrigue to the game!

Sources:

https://classicreload.com/zork-i.html

The myth of the Rust Programmer

Elizabeth Technology April 8, 2022

The Rust subreddit is populated by a bunch of people who seem to be the programming equivalent of Sasquatch, in that everyone who goes there as a different programming language’s expert never sees these people in real life. Stack Overflow loves Rust, but 97% of the polltakers who declared that don’t use it as their primary language. What is Rust? Why does finding people who write in it seem so hard?

Finding Training In It

If you go down to your local Barnes and Noble, you should head to the technology section. There, you’ll see a couple of strong trends – Python, Javascript, Java, and C (including C#, C+, and C++) as well as a couple of general hacking books (white hat, obvi) and a small sprinkle of other languages used for specific goals, like WordPress and Linux. At the bottom, at the end of the shelf, you might see a small book about Rust.  

Steve Klabnick, who’s written books on many of the popular programming languages, does have two books on Rust out for the public, but unlike Python or C#, his books were not available in the store. Online resources go deep, but not as deep as other living languages do, or even as deep as other offshoots of C do!

But Rust isn’t some weirdo language with one specific purpose, so why’s it so rare?

Why So Rare?

Firstly, Rust was created by Mozilla Firefox, the software company most famous for making the Firefox browser alongside a handful of other privacy-related projects. The origin of any language changes how it’s received – if C# and Linux had traded parents, we’d be looking at penguins right now. Secondly, Rust is pretty young, released in 2010. For comparison, most people put it next to Python because both are fairly powerful and concise, but Python was born in 1991. Rust is just not as well-established as its older siblings are.

Thirdly, when it comes to the language itself, it’s not alien to other programming languages, but it’s got some quirks to it. It’s format, for example, is sort of like writing a haiku instead of an essay to achieve a desired result. Its conciseness is a major source of power, but it’s much easier to write sentence after sentence to explain your point than it is to shorten that point to a handful of available syllables. Additionally, when people say it’s ‘safe’, they don’t mean safe-safe, they mean programming-safe, as in memory-safe: it’s not going to buffer-overflow your computer into a crash, but that doesn’t mean a determined beginner can’t find some other way to change their machine with it. Rust also does not default to compile inside a Virtual Machine unless you put one in its way, which is a little bit scary.

What Is Rust Used For?  

Rust touches on pain points that other languages can’t. It’s exceedingly powerful, and elegantly simple; it’s suitable for bare-bones programming alongside more complex demands. Rust is a free offshoot of C++, a language commonly used by Windows, so it’s easy to get into if you’ve got some experience in something else. In general, Rust is a good all-rounder application, although you probably wouldn’t want to use it to make games.

Sources:

https://codilime.com/blog/why-is-rust-programming-language-so-popular/

Audacity Security Breach

Elizabeth Technology February 11, 2022

Audacity is a free software that would allow you to edit audio files. It was an excellent software, one that despite being free was remarkably flexible and stable, a godsend for newbie producers and potential hobbyists who aren’t sure they’re ready for a more expensive program. Or worse, a subscription service. Audacity fell from favor after an update threatened the security and privacy of it’s users after Muse Group purchased it.

Audacity’s newest privacy update (as of April 2021) now specifies that they’re allowing themselves to ‘collect data’ for ‘potential buyers’ and ‘law enforcement’. They do not specify what data they’ll be collecting, or if it’s even limited to the app. They do not specify if law enforcement needs a warrant, or if they’re just allowed to have anything they ask for as a rule. They do not specify what all is included in the group ‘potential buyers’, which – if you think about it – could be literally anybody who could potentially have the money necessary to make the purchase. That’s obviously really broad, but that’s the issue! The full scope of this tiny little throwaway line in the updated privacy agreement carries all this weight on it with no special attention made to highlight it.

Even worse, we know they intend to use that data collection, because they’ve stated children are not meant to use the app (because collecting data on children under the age of 13 is not legal in the US). Telemetry features were very quietly added to the application in that April update, meaning if you’ve updated, there’s a possibility they’ve already begun collecting.

Of course, the company denies that any of this means anything, and says that other privacy policies include the same language. The difference, of course, being that a free, open-source software that wasn’t doing that now is, introducing a whole new set of rules for it’s use. This complicates things tremendously for schools and other reasonable places where kids might learn to use software like Audacity (which is both free and open-source, meaning no copyright issues if no modifications are made) and now they can’t because of that whole ‘violating federal law’ thing.

Substitutes exist, of course. If you look on the web, you’ll see things like Dark Audacity and Reaper, both designed to fill gaps that the original Audacity couldn’t even before that critical update. Audacity making an unfortunate move doesn’t mean everyone else has to, or that they’d somehow cornered the free, open-source audio-editing software market.

Hang in there!

Sources:

https://www.itpro.com/security/privacy/360116/audacity-privacy-update-sparks-outrage

‹  Older posts