Online Privacy and Security

[Allen Davis]

I wasn't sure exactly where I wanted to post this, but I finally figured this was as good a place as any.

Following the receipt of a couple of e-mails attempting to blackmail me (and later proved to be spam), I felt the need to completely reevaluate the security measures I employ with my Macs and my iPhone.

Fellow Mac-Helper Honestone forwarded a couple of links to me which put my mind at ease about these phony threats. Thanks, Honestone! You’re a valuable asset here!

What was most disturbing to me was the fact that the threatening e-mails indeed contained a password of mine, but it was an old one I hadn’t used for several years. (And yes, I used to be sloppy and quite lazy and used that single password for nearly everything.)

I did realize almost immediately these messages had to be idle threats because the sender said he had installed spyware on my computer and had tracked me around various porno websites. I knew that was a crock, but the fact that this clown had a valid password I had once used rattled me enough to begin thinking about better security.

However, in light of the mega-industry which has developed in the buying and selling of personal information in recent years (with Facebook and Google among the most egregious), I’ve been investigating the use of a VPN service. I’ve actually taken a couple out for a “test drive.”

Currently, I’m trying out TunnelBear, and of the three I’ve tried thus far, I do like this one the best. However, I’m not finished looking. I've been hearing both good and bad things about ExpressVPN, and I plan on trying it out in a couple of weeks or so.

I’d welcome comments, observations, advice, etc. from other users here who employ a VPN service and how they like them.

The entire issue of online privacy has now become a passion of mine because I believe our personal information belongs to US, and shouldn’t be treated as a commodity that is bought and sold, all for the sake of making a buck at our expense. Everyone knows we're all being tracked on the Internet, no matter where we go or what we do. And I, for one, have not only become sick and tired of it, but have come to realize what a total violation of our rights it is.

Thanks in advance to everyone who pipes up here and makes their voices heard.

 

[indago]

I have two Email accounts with Yahoo ATT. I don't use the Email collection APP that is supplied with the MAC OS. I sign in at the Yahoo ATT site to get the mail. I used the Email collection APP until about a year ago, finding that it did not collect all of my Emails.

About a month ago I received a "blackmail" Email quite similar to what you described. I contacted ATT through their Online Chat with a Rep, and he showed me what to do to resolve this issue. They have a Fraud Investigation section that works only on fraud cases. The Rep showed me how to locate the sender address of the Email, and put that into the body of the Email and send the Email to the Fraud Investigation Team. I did that, and haven't heard anything about the "blackmail" Email since.

 

[honestone]

Thanks, Allen, for the nice accolades. You are making me blush!

Folks, you need to listen to what Allen is saying. Although I have (not yet, anyway) been a victim like Allen has, I have experienced some of the insidious stuff going on. Three recent examples are:

1. Back in late April, my wife and I decided that we wanted to visit our oldest son in London in mid-June, so I began researching flights and associated pricing. After doing some initial research on a few sites (on cheapair.com, Delta Airlines' site, and a few others), for just about every site I would visit, I was being bombarded with ads about flights to London! Talk about being p*ssed off! (They did FINALLY cease after we left Seattle on our flight).

2. Recently I was in the market for purchasing a Samsung 500 gig 860 EVO SSD, and thus needed to do some pricing research. Well, every time I visited the site www.yahoo.com, I would see some ads for the SSD on sale.

3. Most recently, I needed to purchase a carafe for our coffee maker. Well, once again, after doing research, I was again seeing ads on yahoo.com for carafes. I subsequently ordered the one I wanted on Wednesday from Amazon, but I am still seeing a few such ads on yahoo.

Earlier this week, I saw this article on www.tidbits.com:

https://tidbits.com/2018/11/14/hacked-account-blackmail-spam-on-the-rise-beware/

When I clicked that link in the article that says "Have I Been Pwned", it bought me here:

https://haveibeenpwned.com/

When I put in my EMail address, it showed one site that I had been "pawned" on:

https://www.mac-forums.com/

I have not visited that site much at all, but I don't believe I have seen any "spammed" EMails about any "potential" breach. But all of that is interesting. I do use 1Password for my password management, and it works very well. But I might need to have it generate stronger passwords.

 

[Allen Davis]

Thanks, Allen, for the nice accolades. You are making me blush!

Folks, you need to listen to what Allen is saying. Although I have (not yet, anyway) been a victim like Allen has, I have experienced some of the insidious stuff going on. Three recent examples are:

1. Back in late April, my wife and I decided that we wanted to visit our oldest son in London in mid-June, so I began researching flights and associated pricing. After doing some initial research on a few sites (on cheapair.com, Delta Airlines' site, and a few others), for just about every site I would visit, I was being bombarded with ads about flights to London! Talk about being p*ssed off! (They did FINALLY cease after we left Seattle on our flight).

2. Recently I was in the market for purchasing a Samsung 500 gig 860 EVO SSD, and thus needed to do some pricing research. Well, every time I visited the site www.yahoo.com, I would see some ads for the SSD on sale.

3. Most recently, I needed to purchase a carafe for our coffee maker. Well, once again, after doing research, I was again seeing ads on yahoo.com for carafes. I subsequently ordered the one I wanted on Wednesday from Amazon, but I am still seeing a few such ads on yahoo.

Earlier this week, I saw this article on www.tidbits.com:

https://tidbits.com/2018/11/14/hacked-account-blackmail-spam-on-the-rise-beware/

When I clicked that link in the article that says "Have I Been Pwned", it bought me here:

https://haveibeenpwned.com/

When I put in my EMail address, it showed one site that I had been "pawned" on:

https://www.mac-forums.com/

I have not visited that site much at all, but I don't believe I have seen any "spammed" EMails about any "potential" breach. But all of that is interesting. I do use 1Password for my password management, and it works very well. But I might need to have it generate stronger passwords.

I read the links Honestone posted here after he sent them to me a few days ago, and they were very informative. I strongly urge everyone to take a good, long look at them.

For a long time, it didn't bother me about advertisers "following" me about, but after seeing a piece on 60 Minutes last Sunday night about how our data is being bought and sold, and worse, how it is used, this issue really got under my saddle like a cockle-burr.

Many people may read all these posts, shrug and then go about their business, blithely ignoring the real significance of what this really means and how deeply it can affect their lives. I'm not trying to act like some 1930s type of hell fire and damnation preacher, but this is a serious issue everyone should pay attention to now.

The seemingly innocuous information we so nonchalantly give away after seeing all those voluminous "Privacy Policy" and "User Agreement" statements is more important than most people realize. Everyone on the planet who has a Facebook, Twitter, Reddit, etc. account is guilty of dropping little bread crumbs of information everyone thinks is harmless. But it isn't. "Well, we're given no choice," people say. "It's their way or the highway." The user is given no choice. Either accept the terms, or walk away. And almost no one ever walks away.

Believe it or not, there is a growing cottage industry in which some very skilled people are being employed to sift through all this "harmless" personal information, and they're capable of putting two and two together to assemble frighteningly accurate portraits of people which make them more vulnerable to everything from identity theft to outright fraud and being completely and totally drained financially.

Second only to identity theft itself, information mining is the biggest area of growth in the online world.

And our personal information is being weaponized with ever-increasing frequency.

While it's no secret that pornography has always been the biggest sector of activity and commerce on the Internet, "legitimate" online commerce has grown by several orders of magnitude in the last decade. And both of these areas show no signs of slowing in growth. Whether or not one enjoys perusing "naughty" sites or not, many people are becoming ever more vulnerable to the prospect of blackmail (which are not simply idle threats posed by some middle-aged cretin in his underwear sitting in his mother's basement). And there are far too many ways people can be blackmailed than I can list here.

Our personal information belongs to us. The legality about who actually owns that information is up in the air at present here in the United States, but could easily be settled by passage of legislation much like what the EU has currently enacted. The EU's new privacy laws and their guidelines have already cost Google and Facebook alone many billions of dollars. And they're currently spending millions and millions of dollars here in the US right now on lawyers and lobbyists in order to stave off any similar legislation from being passed here in this country. Why? Because regulating and restricting the use of, and commerce in, personal information will strangle the cash cows that are making a few people rich at our expense. No one reasonably believes that Google has become one of the most powerful tech companies on earth by selling cell phones and smart speakers, do they? And Google has unbelievable ways of tracking each and every person who regularly uses the Internet in the most insidious ways that would make even hardened cynics cringe. (Perhaps more on that later in a subsequent tirade, MacHelp Administrators willing.)

I'm sorry for such a protracted rant here, but few issues have riled me up to the extent that this has in recent memory. And this is a threat that hardly anyone seems to recognize for not only what it is now, but what it can become sooner rather than later if more of us don't get up on our hind legs and making our voices heard.

This isn't a Republican or Democrat issue. It's not a liberal nor a conservative issue, although it might be reasonably considered libertarian. It's not Left or Right, but it is about what is right. And it's an issue behind which we should all get united immediately.

 

[Allen Davis]

I have two Email accounts with Yahoo ATT. I don't use the Email collection APP that is supplied with the MAC OS. I sign in at the Yahoo ATT site to get the mail. I used the Email collection APP until about a year ago, finding that it did not collect all of my Emails.

About a month ago I received a "blackmail" Email quite similar to what you described. I contacted ATT through their Online Chat with a Rep, and he showed me what to do to resolve this issue. They have a Fraud Investigation section that works only on fraud cases. The Rep showed me how to locate the sender address of the Email, and put that into the body of the Email and send the Email to the Fraud Investigation Team. I did that, and haven't heard anything about the "blackmail" Email since.

I've dealt with AT&T's Customer Service and Fraud Investigation Departments in the past. They were about as useful as mammary glands on a devout nun where my issue(s) were concerned.

I have contacted Apple's people about a separate but similar incident about my iCloud account being locked. That was supposedly sent to me by Apple, but I recognized it to be fraudulent right off the bat. It was funny that at the bottom of this e-mail was a physical address for Apple in County Cork, Ireland. Apple doesn't handle security matters from there. But I will add that I'm proud that Apple takes its customers' privacy and security as seriously as it does, and that they're unsurpassed at dealing with these matters.

Due to AT&T's exceedingly poor ISP services in my locality, I'm almost ready to "cut the cord" from them. At present, Comcast is my only alternative, but other broadband providers will begin offering their services in my area soon, so I'm going to hold off until I see what I can get (and for how much).

I've had a couple of issues with Apple's Mail app in the past, during which I had to resort to using the AT&T/Yahoo site in order to simply send e-mail, and that always scared the pants off me because web-based e-mail security is a very sick joke.

I've tried a couple of alternatives to Mail, but for purely personal reasons of preference, I just didn't like them. And aside from that single problem I had with Mail, I've been perfectly satisfied with it.

 

[honestone]

As usual, Allen is providing some very sane advice. All of us need to heed what he says. I have already done that, as on another thread, he made a strong case for the search engine. DuckDuckGo. Well, I have made it my default one in Google Chrome, and it works like a charm!

 

[Allen Davis]

As usual, Allen is providing some very sane advice. All of us need to heed what he says. I have already done that, as on another thread, he made a strong case for the search engine. DuckDuckGo. Well, I have made it my default one in Google Chrome, and it works like a charm!

Well, now we've got the mutual admiration society stuff aside I have a side-question regarding browsers. I know a lot of Mac users use Chrome and others in lieu of Safari, and if you're happy with Chrome, by all means, have at it. But since it is a Google product, I won't use it.

However, I've always been satisfied with Safari, but have the most recent version of Firefox. When I downloaded and installed TunnelBear VPN, I noticed they had a separate plug-in for Firefox and a couple of other browsers, but none for Safari, so I downloaded the FF plug-in, too, and have been using that. Perhaps it's just a matter of me getting used to it, but I'm not real comfortable with Firefox (at least yet), and I miss having my Favorites icon page as my default.

Another thing… Safari is still my default browser, and when it opened after clicking a link, I couldn't tell if I even needed a plug-in for TunnelBear.

As with any VPN, I'm taking a major hit in the speed department, especially in the upload department. It took an hour to upload a 7-minute QuickTime video from my iMac. Out of curiosity, I uploaded the same video with my iPhone, and it took 25 minutes. And my phone was on my WiFi. I can't fathom why there was such a difference between the two devices.

I hasten to add that TunnelBear isn't the cause of my slow speeds. My AT&T DSL service is about 40% as fast as what I'm supposed to be getting, and they aren't going to do anything about it within the foreseeable future. It doesn't matter which VPN service one uses, everything I've read on the subject warns that a hit of up to 50% is considered reasonable. There are far too many variables for me to say Brand XXX is the very best/fastest/etc., since what is great for me might suck eggs like a starving blue tick hound dog for someone else.

 

[honestone]

Our youngest son is coming for Thanksgiving, and he uses a VPN. He also has a faster Internet speed "tier" from Comcast than I do: 400 Mbps, versus the 250 Mbps I have. So I'll try and get some information from him. He does, though, use Windows machines, but don't think that makes much of a difference.

Around here (the Seattle, WA area), the two ISPs, in terms of speed, are Century Link and Comcast. Every time i looked into CenturyLink, their speed tiers are consistently very low compared to Comcast, and for almost the same money.