Panopticlick - a research project designed to better uncover the tools and techniques of online trackers and test the efficacy of privacy add-ons. Run the test to see if your browser is safe against tracking.
The solution is to use SubResource Integrity (SRI) which basically involves adding an "integritiy" attribute to your script or link element, like this:
<script src="https://example.com/whatever.js" integrity="sha384-eP2mZH+CLyffr1fGYsgMUWJFzVwB9mkUplpx9Y2Y3egTeRlmzD9suNR+56UHKr7v" crossorigin="anonymous"></script>
Like most people who make use of the web, you probably use some free services like Facebook, Twitter, Google Chrome, Outlook, Gmail (the list goes on... basically we're talking about a product or service provided by an oversized tech power that demands your personal data in exchange for whatever they're peddling). Free services appear great on the surface but you are essentially selling your soul to these data tyrants so they can sell on your personal details to the lowest bidder. As the inventor of the web Tim Berners-Lee (TBL) states:
the web has evolved into an engine of inequity and division; swayed by powerful forces who use it for their own agendas
It's 2018 and we find ourselves in this dire situation, largely due to greed. It's toxic. Thankfully TBL has been working on a solution, called Solid, that aims to give web users more control over how their data is used and abused:
Solid changes the current model where users have to hand over personal data to digital giants in exchange for perceived value. As we’ve all discovered, this hasn’t been in our best interests. Solid is how we evolve the web in order to restore balance — by giving every one of us complete control over data, personal or not, in a revolutionary way
The main idea behind Solid is:
It gives every user a choice about where data is stored, which specific people and groups can access select elements, and which apps you use. It allows you, your family and colleagues, to link and share data with anyone. It allows people to look at the same data with different apps at the same time.
So while you may still need to disclose a certain level of personal information to use the services of Facebook for example, at least you will be in control of your own data, not Facebook. You set up a profile (known as a POD) on the Solid platform and then choose what info you want to share. I like it! And like TBL I'm looking forward to welcoming in the next era of the web.
Treat your passwords like your underwear
- Never share them with anyone
- Change them regularly
- Keep them off your desk
Courtesy of @ml2mst
Useful in-depth article here if you're in the same boat us we are at Doepud, where you need to move some fairly large sites over to HTTPS: Moving from HTTP to HTTPS: A Step by Step Guide for Avoiding SEO Pitfalls and Maximizing Google Organic Traffic. Covers things like 301 redirects, site maps, robots file and various Google considerations.
The ICO blog has a great post on ransomware, the despicable act of holding a business to ransom by preventing access to the files on their computer. These things always begin with a virus, usually through a spam email. Once infected your computer is locked down and access to your important files restricted. The pirates then issue a demand for payment to permit access again... or they will delete them. This is when having external backups comes in handy! Of course, the best defense is to avoid catching the virus in the first place.
Read the post: Being held to ransom?
In advance of the forthcoming data protection reforms affecting the UK, the government has declared that the new General Data Protection Regulation (GDPR) will take effect from 25 May 2018. Not sure what's involved? The Information Commissioner's Office (ICO) have an Overview of the GDPR. They've also produced a handy download, with steps on how to start preparing now.
Can’t believe it is Microsoft calling? - security expert David Massey provides a detailed summary of his call from Microsoft.
Want to see how closely you are being tracked when visiting a website? Check this out: https://clickclickclick.click