Last pass

There is to  be a change to the free version of LastPass service.    At present, you  can use LastPass on as many devices as you like absolutely free. That’s changing on the 16th March.

You’ll have to choose whether you want to use LastPass on computers or mobile devices   You won’t be able to use it on both unless you pay for the premium version.

If you use it on both computers and mobile devices at the moment, choose which one to keep.  The first time you sign in to LastPass on or after the 16th, it’ll record which device you do it on.  That will become your free device type – so if you sign in first on your computer, you won’t be able to use the app any more (and vice versa).

To keep access to both, you need to sign up for the premium version. If you upgrade before the 16th March, a full year costs £22 or £30 after.

The new WhatsApp Terms and Conditions of Use

Let’s start with this passage from the article in The Register referred to below where the founder of WhatsApp talks about his reasons for creating WhatsApp …

“When WhatsApp was acquired by Facebook in 2014, it promised netizens that its instant-messaging app would not collect names, addresses, internet searches, or location data. CEO Jan Koum wrote in a blog postAbove all else, I want to make sure you understand how deeply I value the principle of private communication. For me, this is very personal. I was born in Ukraine, and grew up in the USSR during the 1980s

One of my strongest memories from that time is a phrase I’d frequently hear when my mother was talking on the phone: ‘This is not a phone conversation; I’ll tell you in person.’ The fact that we couldn’t speak freely without the fear that our communications would be monitored by KGB is in part why we moved to the United States when I was a teenager.

Two years later, however, that vow was eroded by, well, capitalism, and WhatsApp revealed it would be “coordinating more with Facebook,” and gave people the opportunity to opt out of any data sharing. This time around, there is no opt-out for the sharing of data with Facebook and its tentacles. Koum left in 2018.”

So this all started 4 years ago, when WhatsApp announced a change to their Terms and Conditions (Ts&Cs) – the first change in many years, and the first since being taken over by Facebook. It was possible to opt out of this change which was announced as only to “improve the experience of Facebook users” (that’s kind of them – do I believe that?).

I don’t know whether I chose to opt out, I suspect I did, but I have no way of knowing!!! Whatever … I only had 30-days to opt out then, and I can’t go back and opt-out now.

I was alerted to the current impending change on February 8th, which is a take it, or leave it choice by this article in a well respected techie (UK-based) blog – The Register. It’s subsequently been updated, and may be updated again I suspect as more information is squeezed out of Facebook.

Before Christmas in a meeting of the Cardiff U3A Computer Group, I referred to the repatriation of UK-data to the US as a consequence of Brexit. So far Facebook and Google (and there could be more) have announced their attention to do just that, and others will undoubtedly follow. Free from Europe, our government has said we will follow GDPR (it had very little option), but the US tech companies see the wisdom of not having a European base for their (our) data and are hopeful of less stringent Federal privacy restrictions under a new Democratic Party controlled Senate committed to introducing legislation.

Once out of the European protection, we in Britain could in the course of time, and after the repatriation of Facebook data to California (read the article above), be deemed not to be part of the European area and so the protection offered by WhatsApp/Facebook suggested in this article in “The i“, would cease to apply. So the short-term acceptance of these Ts&Cs thinking they don’t apply to us, might be scuppered should the data-hosting move to the US.

No certainties, just doubts and that’s where mistrust comes in.

As of today, I’m at a loss to know what to advise or do. I’m hopeful of further clarification in the days to come, but I’ll leave acceptance of the new Ts&Cs to the last few days before February 8th.

Your comments and thoughts most welcome.

Why do I dislike Facebook (Fb)?

I was challenged with this question last Thursday when I told my family about the intended changes to the WhatsApp Terms and Conditions of Use. I didn’t reply to my IT-savvy son until this morning when I was first asked to agree to these new Ts&Cs. This is what I wrote …

“It starts with trust, and then you work away from that. It’s what a company does with information and whether you can then trust them to handle it properly. Google+ was a closed system that you opened up; Fb is an open system that even though it has Privacy Controls – which you need a degree to work out how to set them – essentially allows them to do anything with what appears on their platform.

You take a photo – you don’t retain copyright, you assign that right to them when you publish to the platform  – you lose some control over what is done with the photo. You can’t opt out of adverts (understandably – that’s how they make there money) – you are conned into thinking that in allowing them, you will get a better experience.

For whom? For you – no, they’re just an annoyance to me, but for others they just drive people to buy stuff they might not want/need. For them – yes, that’s how they drive income and more.

So it’s the more that’s more interesting and insidious because what they do with that information leads to targeting people with posts, hence my reference to Brexit and Trump. [I had said in my brief first reply – Cambridge Analytica, Brext and Trump.] The algorithms behind the scenes work the data and susceptible people get targeted with posts as well, not just adverts. I could go on, but as I said – it’s all about Trust, and Fb as a company is one that I just don’t trust.

Getting data from WhatsApp was something they committed at take-over they wouldn’t do. Now they are starting to do just that. Next step targeted adverts on a platform which is advert free; then “posts from others you might be interested in” – not the encrypted ones, but ones from Public Figures. Then “oh! dear” we have to drop encryption because of new privacy laws in the US. [Aside: is it a coincidence that Google, Twitter and Fb appear to be more privacy focussed since the Republicans lost control of the Senate and they just might want to be on the right side of the argument that’s going to come in the US in the next four years ].

So I always logout of Fb to stop them tracking me; I suspect that WhatsApp will have a mechanism that prevents a user from being disconnected so Fb with these new Ts&Cs will be tracking as well as getting the other personal info from users.

Please feel free to comment either on the post.

How do I know that a Password manager is not just a phishing site?

Well … first you need to only download the software from the official links of the provider, eg LastPass, Dashlane or 1Password, or from the app store of your mobile device.

Then be assured that the passwords (if you use these downloads) are not stored on a central server anywhere. They are stored in encrypted form on your device. When you open a different device the password is transferred from one “vault” to another in encrypted form. The service provider just provides the encryption algorithm which it can’t have access to itself. So rest assured as long as you use the “official” downloads they’re very safe.

How safe are iPads and other tablets without additional software protection?

A good question! I certainly can state that mobile banking is safer from a mobile device than from an internet browser because the latter can be compromised because it’s more open to the internet and issues that you install anti-malware software to protect you.

I would judge that the fact that as all software downloaded onto these devices go through a “shop” maintained and supported by the hardware vendor that they have done checks on the software and the supplier before releasing it through the shop. That’s a very powerful first step and is why I’m a strong supporter of these “shops” and would be distressed if some alternative means of downloading software onto a mobile device was allowed.

However, nothing protects you against yourself and that’s where the hints and tips in the third part of my “Protect yourself online” talk come into play.

Can my phone track my movements? Should I not allow this to happen?

A matter of personal choice.

If you’re using maps or navigation on your phone, it is pretty important to allow your phone to know where you are!!

If you don’t want adverts from a coffee chain, perhaps it’s a good idea to disable location services before you go into a cafe!

Or, if you don’t want anyone to know where you are (???) again perhaps a good idea to disable location services.

You can do this in quite a granular fashion, so you can switch off for the device, for the application on the device, or only when using the application on the device. That’s why it’s quite important to close down an application when you don’t need it, or aren’t using it, because it will continue tracking you after you think you’ve stopped using it!

Of course with the Covid-19 tracing capability Google and Apple have jointly worked upon, this relies on an element of location services to be working, but that’s to determine proximity of individuals and as I understand it, location is not stored on any central server.

Do you need to use anti-virus software on a Mac?

Probably not.

I’ve just loaded Malwarebytes on our iMac and MacBook Pro computers – provided by our bank – and only found one piece of tracker code, on one machine, which was very old and most probably not active. I deleted it.

Macs have a very good history of not being hacked, and when they are they close the problem down very quickly. This is a benefit of Apple owning both the hardware and software and being able to control which of the latter is installed on MacOS.

Using Paypal instead of Credit Cards

This was a question that was raised during the General Meeting discussions. PayPal has a Buyer Protection and Fraud Protection policy which for small transactions (ie <£100), and for transactions with companies/individuals you regularly do business with, is probably sufficient protection.

For large value items (ie >£100) and up to £30,000 you might prefer to choose using your credit card because of the Section 75 protection you get.