Just In Time, the Brave Browser Becomes My Default

Last night I saw a respected security professional I follow on Twitter mention the Brave web browser, and how good he thought the mobile version is. Brave was started by the Mozilla Project co-founder Brandon Eich, and is based on Chromium, the open-source base that Google Chrome is constructed upon.

Today, I caught wind that Chrome is soon going to prevent you from doing things such as disabling its DRM management feature called Widevine. The problem with this is summarized here:

…a single browser may now require two different DRM plugins to play all DRM content. These plugins have their own security issues, but unlike with the Flash vulnerabilities, security researchers are banned from looking for them, due to Section 1201 of the Digital Millennium Copyright Act (DMCA). That means malicious hackers, who already engage in other criminal activities, may freely take advantage of all the vulnerabilities they find in these DRM plugins before companies discover them on their own.

In short, because of the closed nature of the DMCA, we end users are at risk unnecessarily, and we will soon have no ability to disable this plugin should we wish to do so.

Enter The Brave

Brave offers a browser that works on all platforms (Windows, Mac, Linux) and on mobile. It blocks ads by default, blocks malware, and is lean and fast. Putting user privacy and security at the forefront, along with speed, this thing is a powerhouse as it forces https on websites and prevents malware-serving advertisement networks from invading your workspace.

But the difference is the paradigm shift in supporting advertisers, as opposed to simply blocking them out completely:

Brave intends to keep 15% of ad revenue for itself, pay content publishers 55%, ad partners 15% and also give 15% to the browser users, who can in turn donate to bloggers and other providers of web content through micropayments.

I have yet to figure out how or if that will work, exactly, and it doesn’t seem to be fully impemented in the browser yet, but it seems like a great way to solve the elephant-in-the-room problem the Internet faces today: how to earn money and keep users safe at the same time, so that they don’t need to run ad blockers and anti-tracking plugins?

Stay tuned for more info as I learn it, and as I figure out Brave.

Let’s Revisit: Sending Mass Emails The Right Way

envelopes photoThe concept of sending an email to multiple people the right way seems to have eluded the populace as a whole lately. I’m looking at you, schoolteachers, soccer coaches, and party invitation senders. I write to you today because, in recent months, it seems I’ve been included on more and more emails where I’m one of 50 people whose email address is awkwardly stuffed into the CC: field of the email you sent, right there with all the others for everyone in the list to see. I even got an email from the manager of the local Sears store I had recently purchased an appliance from, that got sent to all the people who had bought something there recently, and everyone’s name and address were easily viewable in the CC field.

The problem here is that you are being inconsiderate towards peoples’ privacy, and you are sending around a large list of real email addresses to possibly be harvested by spammers.

There is a way to do this that protects peoples’ privacy, doesn’t annoy the nerds and geeks in your email list, and makes you look like you know what you are doing. What trifecta could be better than that?

The easiest way to do this is by using the BCC: field instead of the CC: field. BCC stands for “Blind carbon copy,” which means that any email address entered in it will not show up to the recipients of the email. The CC: field does show them, so don’t use it.

The trick is that you should enter your own email address in the To: field of the email, then enter the long list of room parents or party invitees in the BCC field. That’s it! Now you too can look cool.

There are some detailed instructions, with pictures, available here, in case you need more info.

What Does Facebook Know About You?

More than you probably thought possible.

A recently released study shows that computer-based personality judgements are more accurate than those made by humans.

This study compares the accuracy of personality judgment—a ubiquitous and important social-cognitive activity—between computer models and humans. Using several criteria, we show that computers’ judgments of people’s personalities based on their digital footprints are more accurate and valid than judgments made by their close others or acquaintances (friends, family, spouse, colleagues, etc.). Our findings highlight that people’s personalities can be predicted automatically and without involving human social-cognitive skills.

spy photoBy analyzing 150 of your “Likes” on Facebook, a computer can figure you out with more accuracy than your closest family members. Maybe it’s time to go back and see all the things you’ve chosen to “Like” on Facebook.

This is more important than it seems at first glance. You may think that it doesn’t matter what Facebook thinks about you. While that is debatable (and probably wrong), it’s what this data can be used against you for that is concerning.

Per a Newseek article about this study, one of the study’s authors talks about it:

…there are also dangers to having machines that can judge people’s personalities and emotional states, says Kosinski. “Like any other technology, this technology is morally neutral, but it can be used for a bad purpose,” he says. “For example, knowledge of psychological traits can help me exert influence over you.” The risk, he says, is that people will lose trust in cellphones and online environments, which is why he believes people should be given control over their own data and the authority to decide whether it will be shared with certain companies.

What you “Like” is only one aspect of the data that Facebook collects about you. It’s easy to overlook the fact that Facebook is watching and learning about you when you are not even using Facebook. Considering that millions of people don’t even know that Facebook is part of the Internet, this is quite profound.

 

Photo by JeepersMedia

NordVPN’s Bait and Switch

The old bait and switch: promise you one thing and sell you another. That’s what happened when I signed up for a year of VPN service through NordVPN. Their website said:

Easiest VPN Ever. To get on NordVPN, just click and go. NordVPN’s secure VPN software takes care of all the hard stuff so you can focus on fun stuff. And work stuff, if you have to.”

Their imagery showed multiple devices running their software, including phones and laptops.

I had read about their service and took the plunge. After I had paid, I found out they do not have an app for Mac OS X or Android. Those apps are supposedly coming soon, but not yet. For now, you have to download a third-party app for each device, download a bunch of configuration files, install said configuration files, configure a bunch of things, remember your username and password for each configuration file, and then figure out what is going on and whether or not you are actually connected.

To be fair, they do have instructions on how to do all of this, but it is far from “Easiest VPN Ever.” Every other VPN app I have used is a simple app you download and click a button to get going with.

I chatted with NordVPN’s technical support guy, “Dave,” who informed me that of their refund policy, which states that unless their product did not work for a fault of their own, I could not get a refund for my money. All he could do was extend my subscription by 3 months.

(01:30:40) David: if the service does not work we will issue a refund.
(01:31:17) Visitor 34392357: that is my point – it doesn’t work as you advertise it. it only works through a lengthy process of installing other software.

I would argue that their product does not work as advertised and I am entitled to a refund. In fact, it’s not even their product I am using — I am using something called “Tunnelblick” on my Mac, and an app called OpenVPN on my Android phone to connect to the NordVPN servers.

In summary, the bait was the promise of an easy to use VPN app. The switch was not even having an app for me to use.