Category: Security

My choice for a Safari 13 content blocker on Mac

With Safari 13 my favorite Mac ad and tracker blocker uBlock Origin, along with a few other extensions, no longer work. Because of this, I have switched to Firefox as my main browser. That said there will still be times when I will want to use Safari and will want an ad and tracker blocker.

I tried Ghostery Lite but I had two issues with it. It doesn’t block YouTube ads and I didn’t like the way it handles space left behind by blocked ads.

For now, I’ve settled on Wipr. Wipr blocks all ads, trackers, cryptocurrency miners, EU cookie and GDPR notices, and other annoyances. I also switched to Wipr for Safari on my iPhone and iPad in place of BlockBear. BlockerBear was working fine but for consistency, I switched to Wipr.

Day One encryption

I have been using Day One for going on three years now. One concern I’ve had is that journals by default are encrypted but with Day One holding the encryption key. This means that someone at Day One might be able to access my journals. Journals with Standard encryption are also exposed to a data breach or security glitch. This has caused me to limit what I write in them.

Now, after reading Shawn Blanc’s ”Best Journaling App for iPhone, iPad, and Mac” on The Sweet Setup I’ve taken his advice and enabled End-to-end encryption for all my journals.

Shawn Blanc:

End-to-end encryption is not turned on by default for providing the best type of security for your journal entries, as users must maintain their encryption key at all times to unlock journals if necessary. As Day One’s FAQ puts it:

When using end-to-end encryption, it is essential you save your encryption key in a secure location. If you lose your key, you will not be able to decrypt the journal data stored in the Day One Cloud. You’ll need to restore your data from an unencrypted locally-stored backup.

We recommend turning on end-to-end encryption whenever you create a new journal to ensure your data is always kept safe and secure. Save your encryption key in an app like 1Password or a locked note inside Notes.app and never lose the key.

Now no one has access to my journals without the encryption key. I keep it in 1Password.

Watch out for Apple Phone Phishing Scams

Security researcher Brian Krebs on his Krebs on Security blog recently outlined one of the latest phishing scams he’s seen, where an incoming phone call appears to be from a legitimate Apple support line. I’m writing about this to make you aware so that you don’t fall for the scam. Please take the time to read the blog post so that you know how the scam works.

Brian Krebs, writing for Krebs on Security Apple Phone Phishing Scams Getting Better — Krebs on Security

A new phone-based phishing scam that spoofs Apple Inc. is likely to fool quite a few people. It starts with an automated call that display’s Apple’s logo, address and real phone number, warning about a data breach at the company. The scary part is that if the recipient is an iPhone user who then requests a call back from Apple’s legitimate customer support Web page, the fake call gets indexed in the iPhone’s “recent calls” list as a previous call from the legitimate Apple Support line.

Jody Westby is the CEO of Global Cyber Risk LLC, a security consulting firm based in Washington, D.C. Westby said earlier today she received an automated call on her iPhone warning that multiple servers containing Apple user IDs had been compromised (the same scammers had called her at 4:34 p.m. the day before, but she didn’t answer that call). The message said she needed to call a 1-866 number before doing anything else with her phone.

Apple support also offers a document on how to Avoid phishing emails, fake ‘virus’ alerts, phony support calls, and other scams – Apple Support

Web Finds for October 2, 2018

Web Finds are from my web surfing travels. You’ll find some unique and informative news, apps and websites that you may have never known existed. Enjoy!

Apple, Firefox tools aim to thwart Facebook, Google tracking
New protections in Apple’s Safari and Mozilla’s Firefox browsers aim to prevent companies from turning “cookie” data files used to store sign-in details and preferences into broader trackers that take note of what you read, watch and research on other sites.
Via AP News

National Cybersecurity Awareness Month: Cybersecurity at Home | US-CERT
October is National Cybersecurity Awareness Month (NCSAM), an annual campaign to raise awareness about cybersecurity. The National Cyber Security Alliance (NCSA) has published general tips to help you increase your cybersecurity awareness—including whom to contact if you are the victim of cyber crime—and protect your online activities.

NCCIC encourages users and administrators to review NCSA’s guidance for online safety basicsand the NCCIC Tip on Avoiding Social Engineering and Phishing Attacks for additional information.
Via US-Cert

How to Delete Your Facebook Account: A Checklist
Here’s a guide on how to delete your Facebook account.
Via lifehacker

Previous Web Finds are here.

Facebook gets hacked again. 50 Million users personal information put at risk.

I’m sure you’ve already read or heard about the latest Facebook hack involving the personal information of at least 50 million users. The hack was revealed in a Facebook blog post yesterday. If you haven’t here are the details.

Mike Isaac and Sheera Frenkel, writing for the New York Times

Facebook, already facing scrutiny over how it handles the private information of its users, said on Friday that an attack on its computer network had exposed the personal information of nearly 50 million users.

According to TechCrunch, Instagram and other third-party sites that use Facebook Login may not be out of the woods either.

In a follow-up call on Friday’s revelation that Facebook has suffered a security breach affecting at least 50 million accounts, the company clarified that Instagram users were not out of the woods — nor were any other third-party services that utilized Facebook Login. Facebook Login is the tool that allows users to sign in with a Facebook account instead of traditional login credentials and many users choose it as a convenient way to sign into a variety of apps and services.

As I’ve written before, now is a good time to delete your Facebook account. Between getting hacked and selling your personal data for advertising purposes Zuckerberg and his gang just can’t be trusted.

Facebook is using your 2FA phone number to target you with ads

Facebook has stooped to the lowest possible level. TechCrunch has exposed the fact that Facebook is using 2FA phone numbers to target users with ads. Zuckerberg and his gang are taking the number users are using to additionally secure their accounts and using it for ad targeting.

Some months ago Facebook did say that users who were getting spammed with Facebook notifications to the number they provided for 2FA was a bug. “The last thing we want is for people to avoid helpful security features because they fear they will receive unrelated notifications,” Facebook then-CSO Alex Stamos wrote in a blog post at the time.

I guess the bug wasn’t a bug after all. Just another Facebook lie.

Facebook has confirmed it does in fact use phone numbers that users provided it for security purposes to also target them with ads.

Specifically a phone number handed over for two factor authentication (2FA) — a security technique that adds a second layer of authentication to help keep accounts secure.

Here’s the statement, attributed to a Facebook spokesperson: “We use the information people provide to offer a better, more personalized experience on Facebook, including ads. We are clear about how we use the information we collect, including the contact information that people upload or add to their own accounts. You can manage and delete the contact information you’ve uploaded at any time.”

If you haven’t deleted your Facebook account yet now would be a good time to do so.

iOS Safari content blockers

Ben Brooks has published his test results for Safari content blockers. Since I’ve been thinking about a different blocker I found his testing to be helpful. Up until today, I’ve been using the original 1Blocker which is now called Legacy since 1Blocker X was introduced several months ago. By the way, 1Blocker X is Ben’s overall number one pick.

My concern has been whether the developer will continue to update the Legacy app?

So after reading Ben’s evaluation I’m switching over to BlockBear his second choice overall but his first choice for those who don’t want to tinker with the settings and that’s me. As a side note, I also use TunnelBear VPN by the same developer.

Safari Content Blocker Evaluations – 9/26/18 Edition

I ran another round of content blocker testing for Mobile Safari in order to take a look at which ones are the ‘best’ right now. To be fair: it’s really hard to find these content blockers on the App Store now, so I grabbed the ones which looked the most popular to me (top lists, and top search results) and then did the testing to see which was the best.

BLOCKBEAR

My overall rating on this was: quick, not perfect. If I needed to tell a non-technical friend or family member which content blocker to use, this would be the content blocker I would tell them to use. The setup is “cute” and dead simple. The entire app is dead simple actually, and it worked pretty well overall. No customization, but it does have whitelisting if that family member keeps having trouble with a site.

And it is fast, as it is tied for the fastest of the group. It’s not what I recommend for most people who regularly read this site, as I suspect you’ll want the features of 1Blocker X. That said, I can understand why you would use this. It’s simple and easy. And that you can whitelist from the share sheet in Safari, only makes it an even better pick for those who want ease of use.

Web Finds for September 13, 2018

Web Finds are from my web surfing travels. You’ll find some unique and informative news, apps and websites that you may have never known existed. Enjoy!

Credit Freezes Will Soon Be Free
With the one-year anniversary of the Equifax breach just behind us, here’s a reminder that you will be able to freeze your credit reports and sign up for year-long fraud alerts for free starting Sept. 21 thanks to a federal law passed earlier this year.
Via Lifehacker

IPHONE XS AND XS MAX: HANDS-ON WITH APPLE’S GIANT NEW PHONE
Apple just announced the iPhone XS and XS Max. They’re iterations on last year’s iPhone X, but the XS Max at least stands out in one very notable way: it’s so much larger. The Max has a 6.5-inch screen, making it a bigger phone than even the latest model in Samsung’s famously large Galaxy Note line.
Via The Verge

Apple iPhone XR hands-on: the new default iPhone
The new iPhone XR, which feels like it will be the default iPhone for many people this season. Not only does it have a very similar design to the more expensive iPhone XS model, it has many of the same features for a considerably lower price.
Via The Verge

Hello eSIM: Apple moves the iPhone away from physical SIMs
On Wednesday, Apple announced that its new iPhone XS and iPhone XS Max will use an eSIM—a purely electronic SIM that allows users to maintain a secondary phone line in a single device. That line could be a secondary domestic line (say you’re a journalist and don’t want to have separate personal and work iPhones), or the phone could have an American and Canadian number (if you travel across the border frequently).
Via Ars Technica

Previous Web Finds are here.

Web Finds for June 11, 2018

Web Finds are from my web surfing travels. You’ll find some unique and informative news, apps and websites that you may have never known existed. Enjoy!

17 Basic macOS Terms Every Mac User Needs to Know and Master
Whether a newbie or veteran, you have a whole lot of Apple-specific glossary to pick up and master. But don’t worry, it’s not all that difficult.
Via Makeuseof

10 Strikes and You’re Out — the iOS Feature You’re Probably Not Using But Should
For many years now, iOS has offered an option in the Passcode section of the Settings all: “Erase all data on this iPhone after 10 failed passcode attempts.
Via Daring Fireball

How to Request a Copy of Your Apple ID Account Data
Apple now allows its customers to download a copy of their personally identifiable data from Apple apps and services. This can include purchase or app usage history, Apple Music and Game Center statistics, marketing history, AppleCare support history, and any data stored on Apple servers, including the likes of calendars, photos, and documents.
Via MacRumors

4 Ways to Generate a List of Apps Installed on Your Mac
I ran across this the other day. It’s not something that I would use often but in the right situation it could be very helpful.
Via Makeuseof

Previous Web Finds are here.