Category: Just Rambling!

AI/ML at the expense of Privacy and Security ?! –

Innovation is good for all. Building security and having a concern for personal privacy is a must to sustain trust in products and services. There is a mad rush to integrate AI/ML (Artificial Intelligence/Machine Learning)  into everything; if the sheer number of CES 2019 Alexa and Google Home offering is any indication.  A good dig by Apple via this billboard at CES 2019 says it all:  iPhone Privacy Pledge Ad  Hope Apple sticks with its pledge on protecting consumer data and provide privacy enabled products and services even for a slightly higher a price compared to it’s competition.

AI/ML requires huge amount of real world data. AI/ML is sucking up large amounts of personal data every moment we are connected to internet services most of these are free such as @gmail, @facebook, @yahoo and the likes. Consumers don’t know how their data is being collected, analyzed and used in ways that puts them at a disadvantage. Opting out is difficult and most don’t care as there is very little awareness. In addition to news of misuse of personal data by so many companies, security breaches exposes the data to bad actors doing long term damage to consumers.

There is an effort to protect consumer by creating products and services that adhere to privacy by design for consumer goods and services : https://www.iso.org/committee/6935430.html This is a good start. Days of profiting from personal data should come to an end one day. Consumers get these products for free or very nominal prices without realizing how much they give up.  There is a huge opportunity to create products and services to charge more and still profit by educating the consumers that the additional price is worth and go a long way in protecting their personal data.

When signing up for any service or buying any IOT (Internet of Things) connected or home consumer item that promise an always on connection,   consider and ask how your data is collected, sent where? and how it can potentially be misused, stolen and what protection you have? Is it worth the convenience without security and privacy? For example E-mail is the life blood of communication for every user these days. Have you ever wondered how free email service providers such as @gmail @yahoo mail etc. do with your every intimate conversation that you have with your friends, business associates, doctors, real estate agents etc. ?! They will never disclose what they collect and what they sell? There is gold mine of information that power their AI devices and services exposing every personal information that they can lay their hands on. They may even argue  every user that signed up for their services have accepted their terms and conditions that gives them the consent to do what they do. How many read those fine print?. Another example is streaming services such as Netflix and Hulu – have you wondered how much of personal preferences and data can be collected and fed to AI/ML engines on what you watch, the times you watch, where you watch etc. Troves of this data can be sold to so many companies to recommend products and services that can capitalize and expose your privacy at your expense. Beyond this social profiling can also affect your political and thought freedom as China is already using collected data to give you a behavioral and social score. While US govt. is not doing this today, but politicians can misuse and use this to control population that can slowly chip way the freedoms we love so dearly.

Pexus LLC is always working to create products and services that protect and enable consumers to take control of their own data. We are enabling users to host their own e-mail server at home on in the cloud using a virtual private server completely under their control. We make it easy by enabling a more de-centralized computing the way it was meant to be.

Check out personal server solutions from Pexus LLC at https://www.pexus.com/patriotps and https://store.pexus.net  Contact us at sales@pexus.com to learn more or explore products and services at https://store.pexus.net

inhomeorvps

Password Manager in the Cloud or Ransomware forever?

Splash ID (https://splashid.com/) is  password manager that I had used for years and have been very satisfied with the software. Now they are also jumping into the cloud in the hopes for continued revenue stream in the form of subscriptions. I don’t have an issue with that, but what really ticked me off was the forced update and forced subscription to continue to access my existing data on my mobile device.

I had been using this software with a desktop version that would sync with my mobile app on iOS. Then one fine day I realized the mobile app got updated without any warning or an option to prevent this automatic update. The updated software now forces the user to buy a subscription and does not let the user access the existing stored data. It was a forced update and changed the initial use policy to which I agreed when I purchased the app in the first place long time ago. Now the update doesn’t let me access my existing critical data. To me it seems like a ransomware where the user is locked out of their data, unless you pay to subscribe. I had written to the CEO of the Splash ID – Morgan Slain who has not responded to my e-mail. I think this is an unethical practice by this software company who does not provide an option to stay with the current usage policy of their software and forcing people to update and demanding a subscription to continue using the existing data stored in their application which was purchased without having to subscribe.

My personal opinion is to stay away from password managers that store data in the cloud in the name of convenience.  Your data  will be much safer on your desktop/laptop with local sync than putting all your password data remotely and avoid paying for the ransomware like subscription forever.

Checkout the free desktop password manager KeePaas http://keepass.info/ which I will be migrating to. It also has  paid companion  mobile apps that would help sync the data between the desktop version and mobile version.

Update – I tried KeepPass Touch as a the iOS mobile companion that can sync locally over Wi Fi with your Free Desktop version of KeePass database file and carry your latest KeePass DB on the go. It is worth 0.99 to remove the ad for usage. Finally got rid of the Splash ID ransomware.

You know you are a cool techie, but..

You know you are a cool techie, but you still use that free e-mail and that free drop box like services even when you know there is nothing free in life. You worry about losing control of your personal conversations in the e-mail which can surface one day and may haunt you or worry about the security breaches targeted at file storage services that may expose your confidential documents. You know you can leverage your intimate IT knowledge to take control of your data better but don’t have the time to. Now there is a solution. Check out how easy it is to get a personal server up and running. You can start with a free evaluation using the Patriot PS Personal Server Virtual Appliance and just check things out. You may decide to bring life back to your old abandoned desktop PC that you no longer use and turn it into a personal server with single click installable  Patriot PS Personal Server ISO image or even go with the all in one Patriot PS Personal Server System – that is not only small, compact, but fan less too  for that quite 24×7 operation that you need from a personal server.

Show off your techie instincts without sweating it out, play the internet on your terms knowing a personal server is there to serve you when you need it at home or away from home. Get ready for Internet of Things (IOT) without sending your thing data out to remote servers for those prying marketers.

PatriotPS-Small_BannerText2

Your Server, Your Data, Your Terms! ®

Take control of your E-mails

Don’t let the NSA, the googles, the yahoos and the MSNs take you for a ride and deny you the right to privacy about your information by offering you carrots of free service. Do you know all popular free web mail service scan all e-mails before they reach their intended recipients to extract key words to serve the sender and the recipients advertisements? In addition to this NSA has back doors from these service providers and your ISP.  Most of us use e-mail thinking it is private. But the data travels across many servers making it easy to extract sensitive data easily without anyone’s knowledge.  Do you want to do business with a realtor that uses a gmail or yahoo account when you have to send your financial data and real estate documents to him? The free web mail service providers  have forced you into believing that they all respect your privacy and always protect your data but the recent NSA revelations have proved beyond doubt that this is not the case. An average e-mail user have no idea how many people have access to their data which can be potentially  used against them at some point in their life time whether it is  for political gains or insurance decisions, credit decisions, hiring decisions or damaging your web reputation.  The US constitution guarantees you the right to privacy, but do you think these companies and the Govt. really care about your privacy?

The only true secure option is to use your own mail server with e-mail encryption. But this is quite far fetched  with so many of us using free web mail services.  But with a few simple steps and slight change in your e-mail habits you can continue to use your free web e-mail service  to protect your privacy by encrypting your e-mail so that the  web mail servers will not be able to decrypt your message. Don’t let them tell you that only bad guys have things to hide.. As an individual you have every right to protect your privacy when you communicate with your friends, family and business associates. Until now you were at the mercy of the servers that facilitate the information exchange on the internet that has become so critical in everybody’s daily life. Privacy technologies like PGP (Pretty Good Privacy) and  the free Open GPGP have existed for quite some time. But the adoption and usage has been low because of the lack of easy to use tools and adoption by everyone you want to communicate with.

PGP  technology is based on public and private Keys.  When you send an encrypted e-mail to your friend, you use their public key to encrypt the mail data which only they can decrypt using their private key. Similarly when your friend wants to send you an e-mail, they will use your public key to encrypt the mail which only you can decrypt using your private key. So in order to use mail encryption it is important both the parties have public and private keys. Public keys can be published on public servers or send to your friend by e-mail. Private key is something you safeguard with a pass phrase and keep it on your computer.  The more you convince and show the benefits of using mail encryption amongst your circle of friends, family and business associates, the more everyone benefits.  So take the first step, start using e-mail encryption by creating a public and private key easily using free GPG tools and encourage the people around you to do the same..   It will take some time for everyone in your circle to adopt this, but you can take the first step and ask them to follow suite for a more private and secure e-mail communication.

If you have teenage kids, talk to them about e-mail privacy and show them how they can easily communicate with their friends in privacy and even away from your prying eyes.. may be that will get them started 🙂 The idea is to create a culture of digital privacy and security when they are young that they will carry well  into their adulthood that will  help protect privacy and freedom for all. When more people are comfortable using e-mail encryption and publish their public keys even business will provide services built with encryption and offer secure communication when contacting via e-mail.

There are 4 things you will need to do to start sending encrypted e-mails:

  1. Install open GPG tools ((Windows, Mac OS and Linux versions available)
  2. Install a mail client that supports open GPG – (a good one is Mozilla Thunderbird)
  3. Install the Open PGP plugin or add-on for your mail client. In case of Mozilla Thunderbird it is – Enigmail
  4. Convince your friend and associate to do the same so that you can exchange encrypted e-mails

Here is an excellent description on setting up to how use e-mail encryption using freely available tools and by switching to use a mail client installed on your desktop OS instead of using your internet browser to access your web mail.

https://www.wefightcensorship.org/article/sending-encrypted-emails-using-thunderbird-and-pgphtml.html

You may be wondering what about my mobile device. There are a couple of apps for iOS that will complement your usage of Thunderbird/Enigmail/GPGP  mail client on your desktop OS. The two  iOS Apps are –  iPGMail and OpenGp . Though they are not free, but  the nominal cost of the app  is well worth the investment if you believe in  securing your e-mail communication on the internet.  For Android there is Gnu Privacy Guard on Google Play. Hopefully more choice will be available once more people start using this technology.

You can get Pexus public Keys from public key server – http://pgp.mit.edu/  search for corp@pexus.com to retrieve public key for  our corporate mail box, import it into your mail client and use it to send us an encrypted e-mail if you have any  comment or  find this article useful.

Enjoy !