Before the month is over: countersurveillance/anti-stalking tips

I’ve really missed the target on the number of posts I wanted to make for National Stalking Awareness Month, though actually I’ve not made that many posts to this blog period (and I am way behind on my other blog, with a post I need to finish before I can post one that has to be scheduled behind it, but that’s another story).

It’s not that I’ve forgotten, just that blogging has taken a back seat to a few other things lately. So, before the month is over, here are a few basic countersurveillance/anti-stalking tips:

  1. Be very leery of an intimate partner (boyfriend/girlfriend) asking to borrow your phone, your vehicle, etc. “all of a sudden.” It’s one thing to offer a ride, it’s another to just lend the car outright. (It’s the same with phone calls.) Sometimes this is a ploy to install tracking devices (vehicle) or software (phones/computer/tablet).
  2. If something feels wrong, it probably is. If there’s any doubt about a situation that you’re not comfortable with, get out of it.
  3. If you think you are being followed in a vehicle, make a series of turns in the same direction. Ideally, these should be turns that do not have to cross oncoming traffic, i.e. right turns in the US, Canada, and other countries that drive on the right. If you are in the UK or Japan, these will be left turns. You can also try driving much slower than the flow of traffic. If you are still being followed, find a populated and well-lit area (if at night) and call the police.
  4. Know the anti-stalking law in your country, state, or province, and what the legal definition of stalking is. It may not be what you think it is. In Texas, for example, stalking (Penal Code 42.072) is for the most part defined as multiple instances of harassment (Penal Code 42.07) with some additional qualifiers and a couple of criteria which broaden it to conduct which isn’t necessarily against 42.07 per se. There’s also a civil anti-stalking law (Civil Practice and Remedies Code Chapter 85) which is a bit wider than the criminal law. There’s also a federal anti-stalking law but that usually only comes into play when a stalker follows you across state lines.
  5. Running any operating system besides Windows on a PC will do a lot to improve security, if you possibly can stand to make the change. The vast majority of spyware/malware is written for Windows, to the point where it practically does not exist in the wild for anything else. Ubuntu is easy to set up, and there are other GNU/Linux distributions and freely available operating systems focused on user friendliness. It may be worth having two computers: one with Windows to run the bare minimum of proprietary Windows programs, and one running a GNU/Linux distribution (or whatever) for general purpose browsing, email, Facebook, Twitter, etc. (I’m writing this on a used laptop purchased for $200, which I’ve since had to put a $75 solid-state drive in to replace the original failing hard drive. Sure, it had the former user’s Windows install on it, but that was easy to take care of.) If there’s demand for a more in-depth post or series of posts on this, let me know and I’ll write them.
  6. If you don’t need to keep data, get rid of it. Overwrite sensitive data, don’t just delete it using a normal delete command (which only removes a pointer to the data, not the data itself).

I’ll try to come up with something else before Tuesday night. Stay safe out there.

Could you get spied on and ratted out by your computer repair shop?

This post was inspired by the recent widely publicized incident where a Best Buy customer in California was charged with child pornography-related crimes after he dropped his computer off at the local store and it was shipped to the Geek Squad center in Kentucky for the actual repairs. There’s also a tie-in with National Stalking Awareness Month related to privacy and security when it comes to electronic data which I will get to later in the post.

A representative sample of articles about the incident:

I’m not really going to go into quotes of any of the articles here, but simply restate what appear to be the facts in my own words. A Geek Squad staffer was running a data recovery (“file carving”) tool on this particular PC. Part of the assigned work was data recovery, so on its face it would appear to be a valid reason. However, the Geek Squad staffer’s job was just to get the PC running, not recover data. It turns out that he was a paid FBI informant who got $500 for each instance of apparent child porn he found.

To its credit, Best Buy issued this statement (quoted from the Network World article):

“Best Buy and Geek Squad have no relationship with the FBI. From time to time, our repair agents discover material that may be child pornography and we have a legal and moral obligation to turn that material over to law enforcement. We are proud of our policy and share it with our customers before we begin any repair.

“Any circumstances in which an employee received payment from the FBI is the result of extremely poor individual judgment, is not something we tolerate and is certainly not a part of our normal business behavior.

“To be clear, our agents unintentionally find child pornography as they try to make the repairs the customer is paying for. They are not looking for it. Our policies prohibit agents from doing anything other than what is necessary to solve the customer’s problem so that we can maintain their privacy and keep up with the volume of repairs.”

My first reaction to reading this was “looks like more spin than a Steve Mizerak massé”. I have a lot of respect for PR as a profession, but this smacks of trying to close the barn door after the horse has already bolted. Depending on the circumstances, I would even question that there is a moral obligation, even if a legal one is there. That they would be proud of this policy, especially if it goes over and above what the law actually requires (despite what they say), is a bit concerning from a privacy standpoint.

The law in Texas appears to have such a requirement. Without quoting the entire law here, the computer technician has to “view the image” “in the course and scope of employment or business” in order for the reporting requirement to kick in. There’s a criminal penalty of a class B misdemeanor ($4,000 fine and/or 180 days county jail as of this writing) as well as possible civil liability. For the terminally curious, it’s Section 110 of the Business and Commerce Code.

Anyway, whether your threat model is a Best Buy technician, or an intimate partner who may have turned to stalking you, the basic ways to protect yourself are pretty much the same. First, realize that without taking any other steps, “deleted” files aren’t really deleted. Whether one empties the Recycle Bin in Windows, or runs the rm command from a GNU/Linux command line, the only thing that is actually removed is the pointer to the data, not the data itself.

If the true intent is to erase a file, one needs to actually erase it, not just remove the pointer to it. BleachBit contains options for wiping the data in the free space of a hard drive (which I would recommend doing at least once per month, if not more often), as well as overwriting file contents or an entire directory’s contents prior to deletion. There is also the shred command for GNU and related systems if working from the command line. This mainly pertains to mechanical hard drives, as a properly configured solid state drive (SSD) should effectively do this for you: enable TRIM on Windows, or mount with the “discard” option on GNU/Linux (yes, it may affect performance but it’s a small price to pay for knowing that deleted files are actually gone and not just floating around). In fact, not only should one not need to overwrite files on have a solid state drive, doing so can shorten the drive’s lifespan.

Second, consider using encryption to keep your data private. There is a reason most websites (including this blog) use HTTPS (encrypted HTTP) now, and why it’s been recommended since the beginning of the World Wide Web to never submit credit card or banking information over unencrypted plain HTTP. Anyone can read plain HTTP while it’s in transit. It’s the electronic equivalent of writing information on a postcard and mailing it–something most people reserve for the most innocuous of communications. Similarly, data encrypted in storage won’t be readable without a decryption key, usually a passphrase (don’t just use a simple word).

Third, consider keeping particularly sensitive data on external storage devices such as USB hard drives, so that the data is not on the computer if it needs to be repaired. This would also reduce the chance of important data on the internal drive getting “accidentally” erased for whatever reason during a repair–though if it’s important, it should be backed up anyway (see below).

Fourth, don’t keep data that you don’t need. If you don’t need your web browsing history from some months ago, get rid of it. Firefox sorts history by calendar month and lumps sites visited over 6 months ago into their own list; unfortunately, this has to be done manually every so often (again, I would recommend monthly). For stuff that should never go into the history to begin with, Chrome has an “incognito” mode and Firefox has a “private browsing” mode. Firefox, at least, also lets one completely disable keeping browsing history if appropriate for one’s situation (Preferences / Privacy / History then select “Never remember history”) and also includes a “Forget” toolbar button for quickly “disappearing” the last 5 minutes, 2 hours, or day’s worth of history.

Finally, don’t forget to keep adequate backups. Remember, if the main copy of the data is encrypted, it only makes sense for the backups to be encrypted as well (and often the backup copies should be encrypted even if the originals are not). The more important something is, the more backup copies of it should exist (either onsite or offsite).

The morons must really think our public lands are worthless

H.L. Mencken was really on to something when he famously said “Nobody ever went broke underestimating the intelligence of the American public”. (This quote is frequently misattributed to P.T. Barnum, who may well have repeated it a few times himself.) No more true have those words rung than the present day…

This story from The New Civil Rights Movement is perhaps the single most absurd thing our Congress–or more specifically, our House of Representatives–has done in the entire two centuries and change of its existence. Quoting the article:

The new rule, authored by GOP Rep. Robert Bishop of Utah, Chairman of the House Natural Resources Committee, codifies that any legislation to dispose of federal land and natural resources would have a net sum zero cost to taxpayers.

Basically, the rule short-circuits past the part of the rules which require a discussion of the costs and benefits of any such move, since by definition such a move will not cost the taxpayers anything. According to this USA Today story, the vote was split almost completely across party lines, with only three brave Republicans willing to cross the line and vote with Democrats to oppose this absolutely awful piece of junk.

This rule is dangerous because of how short-sighted it is, as the true cost of selling off public lands, particularly national parks and monuments, cannot be measured strictly in dollars and cents. These parks and monuments belong to all of us, the people who cast the votes. And once we sell off something like a national park, there’s no getting it back. Obviously, this is so the oil companies can drill, frack, and screw up our environment even more than it already is. (Some of the oil companies are starting to call themselves “energy companies” but let’s be honest, oil is still the main reason for their existence, without which they’d be folding like houses of cards in a Category 6 hurricane.)

I’d ask what they were thinking, but I already know the answer, it’s obvious, and it really burns me up. It’s a further indictment of the stupidity of the Citizens United decision, as if we needed another.

To just sell or give away, say, Yellowstone Park would be bad enough. To sell or give it away to an oil company for the purpose of drilling and fracking it beyond recognition is unconscionable, outrageous, and patently devoid of any sense of scruples. I haven’t been a big huge nature buff most of my life, but I am on the e-mail lists for the Sierra Club, Greenpeace, and the Audubon Society among others. And I’m sure I’ll be getting emails about this with the accompanying pleas for donations in the coming weeks. In better times I would donate, but right now I’m doing good to keep this blog online. I hope someone out there reading this feels generous and/or needs a tax deduction.

My take on the not-so-rockin’ New Year’s Eve set from Mariah Carey

For New Year’s Eve this year, I stayed home and kept the TV on channel 13 (KTRK-DT) to watch Dick Clark’s New Year’s Rockin’ Eve with Ryan Seacrest. Most of the show was enjoyable. Mariah Carey’s set set started with “Auld Lang Syne” which. If only things didn’t go completely sideways right after it…

Mariah’s next song, “Emotions”, was marred by technical problems; according to her on-air commentary at the time, she couldn’t hear the audio in her in-ear monitor well enough to sing along with it. She sort of just stood there on stage for most of it, letting the crowd sing along for a bit. The song after, “We Belong Together” also appears to have been affected even though Mariah was able to either sing along or lip-sync to some of it.

Unfortunately the YouTube copies of the videos have been blocked by Dick Clark Productions on copyright grounds, despite the fact that a clip of just Mariah’s performance for commentary purposes quite clearly qualifies as fair use under US copyright law. Fortunately, I found someone with a copy of the broadcast and was able to make my own clip of the performance, which will be available via BitTorrent shortly after this post goes live. The clip starts at the introduction to “Auld Lang Syne” and ends at Ryan Seacrest’s great ad-libbed commentary about what had just happened, which also happens to drive home that clearly things did not go as planned.

Indeed, it wasn’t long until USA Today labeled the performance “a disaster”, US Magazine asked “What Went Wrong?”, Complex referred to it as “awkward” and said “Twitter let her have it” during the following number, “We Belong Together”, CBS News said she “botched” the performance, and many others.

Mariah herself tweeted a very candid, if slightly profane, summary shortly after the performance:

Shit happens 😩 Have a happy and healthy new year everybody!🎉 Here’s to making more headlines in 2017 😂

During an interview for Entertainment Weekly (EW), Mariah issued this response to a question about her feelings of how the show went now that some time had passed:

All I can say is Dick Clark was an incredible person and I was lucky enough to work with him when I first started in the music business. I’m of the opinion that Dick Clark would not have let an artist go through that and he would have been as mortified as I was in real time.

Perhaps most telling, however, was this EW interview with Stella Bulochnikov, Mariah Carey’s manager. Stella runs through the events leading up to the disastrous moment. In summary: Mariah arrives at the stage for the rehearsal at 2:30pm, which winds up being almost an hour early. The rehearsal runs 3:20pm to 3:50pm, and during the sound check the sound is coming in choppy to Mariah’s earpiece, but she was reassured it would be working by the evening. The sound was choppy again during an interview Mariah does with Ryan Seacrest at 10:30pm. They try a different set of equipment and a different battery pack, which also do not function correctly (the sound is faint) and Mariah is told “it will work on the stage” so they go to the stage. I’ll quote from here:

It’s now four minutes to showtime. She says, “I hear nothing in my ears, my ears are dead.” The other stage manager says, “It will work right when we go live.” Then things start to get chaotic. They start counting her down — four minutes, three minutes. Mariah: “I can’t hear.” Them: “You’re gonna hear when it goes live — two minutes!”

So, right when it goes live, she can’t hear anything. The ears are dead. They’re dead. So she pulls them out of the ear because if the artist keeps them in their ears then all she hears is silence. Once she pulled them off her ear she was hoping to hear her music, but because of the circumstances — there’s noise from Times Square and the music is reverberating from the buildings — all she hears is chaos. She can’t hear her music. It’s a madhouse. At the point, there’s no way to recover.

On the third song when she could hear her track playing it was so bad she said, “F— it, I’ve had enough.”

Stella goes on to describe the conversation she had with Mark Shimmel, the producer at Dick Clark Productions, in which she asks Mr. Shimmel to cut the West Coast feed to limit the damage. He refuses, and then:

So I’m like, “You would prefer to air a show with technical glitches so you can have a viral moment rather than protect the integrity of your show and Dick Clark Productions?” He said, “We just won’t do it. Do you want to do a joint statement?” And I said, “No, I want you to go f— yourself.” And that was it. I don’t think it was an unfair ask to ask them to cut [the segment from] the West Coast feed after they had this huge mechanical glitch.

And now for my take on all this…

Regarding Mariah being “mortified”: I think most of us, myself included, would be mortified as well, if our own national television appearance had gone sideways as badly as this one did. In fact, Mariah’s personal brand equity has a better chance of recovering, I think, because her past fame gives her a bit more room for error. Personally, if I went on national television tomorrow, it would be my very first time, and I’m not sure I’d ever recover from a disaster like this. While there are some who expected better, Mariah probably maintained poise better than I would have in the same situation.

Regarding Mr. Shimmel’s refusal to cut the performance out of the West Coast feed: were I the producer of a program similar to this I would have refused as well. Unless there’s a danger of a lawsuit or fines from the FCC by letting the program air unedited on tape delay, I would lean towards not tampering with the part of the show that’s already aired to half of the country. However I should note, were I the one in Stella’s position, I’d have asked for the cut as well, but realistically I would have expected a rejection. (There’s nothing to lose by trying to do what’s clearly in the best interest of the artist.) I would have left the decision on what to do regarding the joint statement up to the artist I was representing instead of saying what Stella did. (Though for all I know, Stella knows Mariah would have just said “he can go (screw) himself” so she didn’t bother.)

So for the most part I take Mariah’s side on this, and I can’t really blame Stella for getting heated. A lot of the blame here has to go on the side of Dick Clark Productions if the majority of the story as told by Stella is true. However, Hanlon’s Razor definitely applies here: never assume malice that which can be explained by incompetence. I would say those in charge of the audio equipment, including the earpiece monitors, are most to blame here. As much as I can understand how personnel matters are usually kept relatively private, this is a well-publicized incident that happened on live national television and there just isn’t any putting the genie back in the bottle. In that vein, it would be good to see a press release from Dick Clark Productions acknowledging that someone responsible, even if not named, is no longer working for them as a direct result of what happened.

And then there are the accusations that Mariah’s performance was sabotaged by staff at Dick Clark Productions. For those who either never watch television or who are unfamiliar with American television, Dick Clark is a legend in the television industry. In addition to his own production company, he was a fixture on television shows ranging from several incarnations of Pyramid (with changing dollar amounts in the title as the years went on), TV’s Bloopers and Practical Jokes (now just known as Bloopers), American Bandstand, The Challengers, Scattegories, Winning Lines, in addition to the New Year’s specials which bear his name. Yes, some of these were shows that he also produced, but many were not. Now, I concur with Mariah that Dick Clark would never have let this happen on his watch, but as a fan of Dick Clark’s work over the years both in front of and behind the camera and thus of the legacy he has left behind, I find the accusations that the current staff at Dick Clark Productions did this on purpose to have a viral moment quite offensive, egregious, and tasteless (see above regarding Hanlon’s Razor). This will remain my standpoint on the accusations until evidence surfaces to indicate those accusations may be justified.

That said, even if this was caused by incompetence and not malice, I still think Mariah is due an apology, as are the viewers who were disappointed by what we got instead of what could have been a great performance. And again, even if this was caused by mere incompetence, this looks quite bad on Dick Clark Productions and the New Year’s Rockin’ Eve brand. I hope I’m not stuck at home again next New Year’s Eve, but if I am, this is enough for me to possibly rethink where I tune the TV, or for that matter, maybe even if I bother watching TV at all.

National Stalking Awareness Month 2017

For those of you who don’t know about it, this January is once again National Stalking Awareness Month in the US. I’ve never highlighted this before on this blog, but there’s a first time for everything. I’m not going to make a whole bunch of posts about stalking and related subjects, but I do plan to make at least one post per week exclusively about stalking, plus a couple of related tie-ins in other posts (as I do have some privacy- and cybersecurity-related posts to make this month as well).

For those of you who wish to learn more (or who may not even have realized this particular awareness month existed), I’ve linked the website above and I’ll be leaving a banner up at least through January if not a bit longer.