AI/ML at the expense of Privacy and Security ?! –

Innovation is good for all. Building security and having a concern for personal privacy is a must to sustain trust in products and services. There is a mad rush to integrate AI/ML (Artificial Intelligence/Machine Learning)  into everything; if the sheer number of CES 2019 Alexa and Google Home offering is any indication.  A good dig by Apple via this billboard at CES 2019 says it all:  iPhone Privacy Pledge Ad  Hope Apple sticks with its pledge on protecting consumer data and provide privacy enabled products and services even for a slightly higher a price compared to it’s competition.

AI/ML requires huge amount of real world data. AI/ML is sucking up large amounts of personal data every moment we are connected to internet services most of these are free such as @gmail, @facebook, @yahoo and the likes. Consumers don’t know how their data is being collected, analyzed and used in ways that puts them at a disadvantage. Opting out is difficult and most don’t care as there is very little awareness. In addition to news of misuse of personal data by so many companies, security breaches exposes the data to bad actors doing long term damage to consumers.

There is an effort to protect consumer by creating products and services that adhere to privacy by design for consumer goods and services : https://www.iso.org/committee/6935430.html This is a good start. Days of profiting from personal data should come to an end one day. Consumers get these products for free or very nominal prices without realizing how much they give up.  There is a huge opportunity to create products and services to charge more and still profit by educating the consumers that the additional price is worth and go a long way in protecting their personal data.

When signing up for any service or buying any IOT (Internet of Things) connected or home consumer item that promise an always on connection,   consider and ask how your data is collected, sent where? and how it can potentially be misused, stolen and what protection you have? Is it worth the convenience without security and privacy? For example E-mail is the life blood of communication for every user these days. Have you ever wondered how free email service providers such as @gmail @yahoo mail etc. do with your every intimate conversation that you have with your friends, business associates, doctors, real estate agents etc. ?! They will never disclose what they collect and what they sell? There is gold mine of information that power their AI devices and services exposing every personal information that they can lay their hands on. They may even argue  every user that signed up for their services have accepted their terms and conditions that gives them the consent to do what they do. How many read those fine print?. Another example is streaming services such as Netflix and Hulu – have you wondered how much of personal preferences and data can be collected and fed to AI/ML engines on what you watch, the times you watch, where you watch etc. Troves of this data can be sold to so many companies to recommend products and services that can capitalize and expose your privacy at your expense. Beyond this social profiling can also affect your political and thought freedom as China is already using collected data to give you a behavioral and social score. While US govt. is not doing this today, but politicians can misuse and use this to control population that can slowly chip way the freedoms we love so dearly.

Pexus LLC is always working to create products and services that protect and enable consumers to take control of their own data. We are enabling users to host their own e-mail server at home on in the cloud using a virtual private server completely under their control. We make it easy by enabling a more de-centralized computing the way it was meant to be.

Check out personal server solutions from Pexus LLC at https://www.pexus.com/patriotps and https://store.pexus.net  Contact us at sales@pexus.com to learn more or explore products and services at https://store.pexus.net

inhomeorvps

dnsbl.njabl.org sunset Jan 01 2019

If you run a mail server (which I think everyone one should for a real decentralized communication network e-mail was originally designed for) and using postfix  and use dnsbl.njabl.org to lookup blacklisted hosts when processing mail, then you need to remove this host as dnsbl.njabl.org has been sunset and will no longer resolve. This will affect your mail server as it will reject all mail received. Update your postfix configuration file /etc/postfix/main.cf and remove this RBL client entry e.g:

smtpd_client_restrictions = reject_rbl_client sbl.spamhaus.org, reject_rbl_client blackholes.easynet.nl, reject_rbl_client dnsbl.njabl.org

Then restart your postfix server

/etc/init.d/postfix restart

Refer: https://en.wikipedia.org/wiki/Not_Just_Another_Bogus_List

 

Omnipresent Personal Data Collection in the name of convenience

The flow of personal data through voice interaction is exploding via devices such as Alexa, Google Home Assistant and Apple Home Pod. While these devices provides convenience and claim privacy – do they really protect your personal data? Can we trust them with every personal interaction that we do in our homes? They are made to look cool and the wave of the future. However as long as they are connected to their servers one can never be sure how your intimate personal home interaction data will be used. 

The ‘big brother is always watching’ is becoming a reality if you own such a device that is connected and controlled by their manufacturers. 

May be there is a better way.

Unless we decouple the device manufacturers from the service provider and include personal privacy protection features that will completely anonymize the data that that is sent outside your home, we can never be sure. 

Consumers must claim for this decoupling and complete anonymization.  While Apple is making some efforts in this space we still have a long way to go. Apple who is not be in the business of selling and using personal data for their profit  like Google, Facebook and Amazon; will be in a better and credible position to sell this concept.

Until the consumers are educated on the privacy implications of these devices big tech companies like Google, Amazon, Facebook who profit from personal data will continue to endanger user privacy.

So think before getting one of these devices that is always listening to you.

Free yourself from digital enslavement of your personal communication data

The desktop personal computer may be a thing of past, with so many mobile options from laptop to tablets and smart phones. The shift to small, powerful and mobile computing has made desktop computing irrelevant and unnecessary for most people. The mobile computing is also always connected to the internet and to the cloud services. Most people also use free services for their daily personal communication such as e-mail and messaging. However free services also comes with strings attached. Though we don’t realize this every personal communication data goes through the free service providers servers that siphons your important personal data and use them in ways most people will never comprehend.  Personal communication such as e-mails and file (e.g. photo) sharing has become such an important part of everyday life that it is impossible to live without these services.  E-mail service requires an internet domain name. Most people use @gmail.com or @yahoo.com or a host of other free services.  Until now setting up a personal communication server using ones own personal domain name has generally been an endeavor  that only tech geeks would undertake.

Now with Pexus LLC – getting a personal domain, personal server solution and setting up a mail server is a breeze. We at Pexus LLC provides a one stop shop where you can shop for a personal domain name : https://hosting.pexus.net  and also buy an affordable personal server that is small, beautiful, quite and fan less and so easy to setup at an affordable price.

Right now we have  clearance sale for $249  https://store.pexus.net/K-900-4GB-500GB-BLK that will enable you to host a mail server using your home ISP and create unlimited mail boxes for yourself and your family members ! We also enable easy installation of  community edition of OwnCloud – https://owncloud.org/  a fantastic free file sharing application that you can host from your home. We even make it so easy to install a Lets Encrypt free SSL certificate that will automatically renew without any interaction from you.

We will always be here to support you in your journey to free yourself from not so free e-mail service and take control of your personal privacy and personal communication on your terms and under your control !

Password Manager in the Cloud or Ransomware forever?

Splash ID (https://splashid.com/) is  password manager that I had used for years and have been very satisfied with the software. Now they are also jumping into the cloud in the hopes for continued revenue stream in the form of subscriptions. I don’t have an issue with that, but what really ticked me off was the forced update and forced subscription to continue to access my existing data on my mobile device.

I had been using this software with a desktop version that would sync with my mobile app on iOS. Then one fine day I realized the mobile app got updated without any warning or an option to prevent this automatic update. The updated software now forces the user to buy a subscription and does not let the user access the existing stored data. It was a forced update and changed the initial use policy to which I agreed when I purchased the app in the first place long time ago. Now the update doesn’t let me access my existing critical data. To me it seems like a ransomware where the user is locked out of their data, unless you pay to subscribe. I had written to the CEO of the Splash ID – Morgan Slain who has not responded to my e-mail. I think this is an unethical practice by this software company who does not provide an option to stay with the current usage policy of their software and forcing people to update and demanding a subscription to continue using the existing data stored in their application which was purchased without having to subscribe.

My personal opinion is to stay away from password managers that store data in the cloud in the name of convenience.  Your data  will be much safer on your desktop/laptop with local sync than putting all your password data remotely and avoid paying for the ransomware like subscription forever.

Checkout the free desktop password manager KeePaas http://keepass.info/ which I will be migrating to. It also has  paid companion  mobile apps that would help sync the data between the desktop version and mobile version.

Update – I tried KeepPass Touch as a the iOS mobile companion that can sync locally over Wi Fi with your Free Desktop version of KeePass database file and carry your latest KeePass DB on the go. It is worth 0.99 to remove the ad for usage. Finally got rid of the Splash ID ransomware.

Take control of home network and personal data…

For all those IOT fans out there, here is an interesting reading:

More IoT insecurity: the routers that take instructions from anyone

Free is never free. Your free e-mail, free router that your cable company provides or even a paid Google NEST home temperature control device. Sure it does provide you convenience and save you a few bucks.. But what are you losing? A lot; come to think of it.. What you communicate and plan – everything is available to companies that benefit from selling you a service, big data now can analyze vast amounts of data and once they have it; you as a consumer don’t have any leverage.. the companies that have your data that you willingly provided (may be unknowingly)  have all the edge.. an internet bargain you intend to get will never be there, because you don’t have the leverage any more once you have already provided your intentions may be in an innocent looking e-mail to your family or a Facebook post about your vacation plans 🙂

Start taking control of your data using a Patriot PS Personal Server (http://www.pexus.com/patriotps) and even replace your cable company provided free router with your own and put a freely available firewall IP COP (http://www.ipcop.org/)  and shut off the cable company control of your home network.

Consult with Pexus LLC (sales@pexus.com) how we can help you set up a secure personal server solution in your own home and start taking control of your personal data.