Yael WritesYael Writes

Freelance writing services from Yael Grauer

  • About
  • Writing Portfolio
  • Contact
  • Blog
  • Resume
You are here: Home / Archives for tech

Stuff I Wrote: September 2015

October 1, 2015 By Yael Grauer Leave a Comment

Writing Fountain penHappy autumn! Here in Phoenix we are thankful that the temperature is finally dipping down into the double digits, and getting ready for the beautiful fall and winter temperatures (as opposed to the intolerable summer heat). Anyway, I have a huge batch of stories for you to peruse this month. Enjoy!

Online Privacy and Security

  • Awkward! How One Woman’s Tinder Dates Popped Up As Professional Suggestions on LinkedIn. (Forbes) If you’re using LinkedIn for work and dating apps for play, and don’t want to mix the two, you’ll need to change the default settings if you’ve given LinkedIn your phone number, lest it pull your contacts and serve you suggestions of people to connect with…who you don’t want to connect with.
  • Anti-Virus Software Could Make You Less Secure Because Vendors Are Ignoring Best Security Practices. (Forbes) What Google Zero uncovered about Kaspersky Lab might give you pause…
  • Trollbusters’ Digital Hygiene Course (Trollbusters) Some basic tips on how to take care of yourself online, divided into 15 basic steps!

Tech News

  • Donald Trump’s Deleted 9/11 Tweet Shows The Need For The Politwoops Service Twitter Killed. (Forbes) Politwoops catalogued deleted tweets by politicians, untilTwitter pulled the plug on Politwoops’ access to its API, that is.
  • Your Edward Snowden News Roundup (Forbes) And this was BEFORE he got himself a Twitter account!
  • Most Americans Support Government Backdoors, Even Though They Know The Risks. (Forbes) Kind of depressing, this one.

Security News This Week

This weekly column for WIRED runs down security news each week that WIRED didn’t cover in depth, but deserves your attention nonetheless…

  • Security News This Week: Turns Out Baby Monitors Are Wildly Easy to Hack (WIRED, September 5)
  • Security News This Week: Russia and US Homeland Security Agree on Something for Once (WIRED, September 12)
  • Security News This Week: US Homeland Security Is Vulnerable to Hacks, Too (WIRED, September 19)
  • Security News This Week: There’s Plenty of Phish in the Sea (WIRED, September 26)

Your Career

  • Turning Interview Negatives Into Positives (Dice Insights)
  • 7 Writing Tools That Will Help You Hit Your Deadlines. (The Freelancer) Some of my favorite tricks!

Health and Fitness

  • Expert Answers: Is Warming Up Or Cooling Down Better? (Experience Life)
  • A Primer on Herbalism Part 2: Herbal Preparations (Performance Menu, paywall)

MMA

  • Beating the Odds: UFC 191 (Sherdog)
  • TUF Weekly Recap by NOS Energy Drink; Episode 2 (The Sports Post)
  • TUF Weekly Recap by NOS Energy Drink: Episode 3 (The Sports Post)

Filed Under: stuff I wrote, tech

Dear ICANN, Please Don’t Expose WHOIS Data!

June 24, 2015 By Yael Grauer Leave a Comment

megaphone vector

I can’t think of any good reason a small business owner should have to publicize her home address just to have a website. Can you?

Right now, website owners can pay a few extra dollars to conceal their private information with WHOIS protection services. Scary guidelines proposed by MarkMonitor would prohibit sites with commercial activity from doing that, forcing business owners to publish their contact information or sharing it with people who complain about the site.

If you’re opposed to these proposed rules and would rather not have your personal information (or anyone else’s) revealed without a court order, email your views to ICANN at comments-ppsai-initial-05may15@icann.org by July 7th, or use the phone and email tool of another coalition at respectourprivacy.com. You can also sign a petition at  savedomainprivacy.org.

Filed Under: business, tech

Asking Technical Questions The Smart Way

June 16, 2015 By Yael Grauer Leave a Comment

185508448_7f247723f5_zWhenever I spend any amount of time playing with sophisticated new software, I usually break things or maybe never quite get them working properly in the first place. Luckily, I can tap into the expertise handful of incredibly patient people who spend a considerable amount of time helping me put them back together again (or get them working in the first place).

When telling a friend that a lot of people are incredibly generous with their time but I secretly wonder if they all hate me, he shared this post explaining how to ask technical questions the smart way. This incredibly thorough post, incidentally, is not all that dissimilar from books like the Hamster Revolution or advice I’ve gotten from friends on what to write in emails to score interviews with busy people.I recommend reading the whole post, but here are some suggestions that stuck out to me…

  • Drop the sense of entitlement. Nobody owes you an answer to your questions, even if you have problems and they have the ability to solve them. Don’t act like anybody owes you anything–they don’t. And asking for pointers or resources is preferable to asking for exact answers.
  • Do your homework before asking questions. I think we can all relate to someone asking us a question that they could just find the answer to online or in free resources we offer. It’s frustrating and time-consuming and doesn’t have good prospects for actually helping the person in question, who comes across as lazy. When people feel technically inept, they often forget about this. Before asking for help, try to help yourself by reading the manual, using the Google machine, looking through the archives of the list you want to post to, experimenting, asking skilled friends, or reading the source code (if you can grok it). If you’re going to post on a forum or list, make sure you’ve spent some time researching it and are reasonably sure that it is the correct place to ask.
  • Mention what you’ve done ahead of time and what you’ve learned from it. This is a mistake I’ve made, often saying things like “I spent 30 hours on this” or assuming that it was a given that I’d spent a lot of time trying to fix something before approaching someone for help. Instead of talking about how I’ve been working on trying to fix something forever, I could explain what I read and why it didn’t apply and what I may have gotten out of it. I’ve also made the mistake of trying to diagnose problems, instead of just describing what I tried and what happened to, you know, an expert who would actually be able to diagnose the problem.
  • Write good subject headers. If you’re posting on a mailing list or forum, subject headers are important for getting the help you need. Make sure they’re specific and technical. The post explains that object-deviation subject headers are best, ones where you describe the thing that’s broken, followed by how it is broken. I’m thinking even if your contact with someone isn’t through an email list, having good headers (or asking the initial question in a logical way) would be just as important.
  • Put some thought into your questions, and be sure to ask them in a logical order. I’ve found that throwing out multiple questions, even if well-researched, can be really frustrating for someone who wants to approach a problem in a linear and logical way. (Usually they’ll just say “STOP” and redirect the conversation, but delicate snowflakes like me probably want to avoid this from happening in the first place.)
  • Be crazy specific. Just because you’re asking your questions in a logical way rather than delving into a prolonged monologue about Still Life With Laptop doesn’t mean that you can neglect to include all of the pertinent details, so make sure to describing the symptoms, when they occur, what you researched, what steps you’ve tried and the results, any relevant changes in your computer or software configuration, and how to reproduce the problem, if possible. Describe the symptoms in chronological order.
  • Follow up to let people know (and say thank you) if something works. Jotting off a quick note to people who spent a lot of time helping you with a solution solution means they won’t feel like their work is disappearing into the ether.

Check out the full post here: How To Ask Questions The Smart Way. Also, my comments are working again; feel free to leave yours.

Lead image by Marcus Ramberg

 

Filed Under: musings, tech

Protecting Your Sources In the Age of Surveillance: A Tool Roundup

November 4, 2014 By Yael Grauer Leave a Comment

If you’re a journalist, you’ve probably been privy to information that could put your sources at significant risk if it got in the wrong hands. I’ve written a post on The Freelancer with some basic tips on how to protect your in-person communications, but ran out of space to talk about the tools of the trade–patiently explained to me by Michael Carbone, Manager of Tech Policy and Programs at Access, Runa Sandvik, privacy and security researcher at Freedom of the Press, and a couple of other experts speaking on background.

You may want to start playing around with these tools now, as it’s best to get a handle on them before you actually need them. But before we delve into complex, high-tech tools, be aware that basic digital security measures should be in place. I’ll have a post within the next week or so on ways to make yourself safe(r) on line, whether you’re a journalist or not, but for now, here are some basics:

  • Make sure you use long, complex passwords, using a password manager such as 1Password or KeePass. (Memorizing your main password, not writing it down, and not using password hints is, of course, preferable… and think twice before )
  • Set up two-factor authentication, which can alert you to break-in attempts and make your data harder to compromise. You’ll have to use your password and type in a code texted to your cell phone when you log into programs with two-factor authentication set up.
  • Keep your software up-to-date, so that you’re not vulnerable to security issues that have been patched up in newer versions.
  • Try to stay on top of any concerning issues, such as Apple’s troubling default autosave settings (which I just wrote about for Slate’s Future Tense blog).
  • Be careful when clicking on links or opening attachments. You can view non-confidential attachments on Google Drive, or use Virus Total (now owned by Google) to scan links and attachments. Long URL expands shortened URLs for you so you’ll know what you’re clicking on.

Now that the basics are taken care of, let’s get to the fun stuff. Here are some tools you can pick and choose from to decrease the chances that your source’s identity will be compromised. 

Your invisibility cloak: Tor

What is it?

Tor is a robust anonymity network that protects your location and identity online by bouncing communications through multiple volunteer-staffed locations around the world. Originally developed for the U.S. Naval Research Academy to protect government communications, Tor was also famously used by whistleblower Ed Snowden to send information about PRISM to the Washington Post and the Guardian. Tor sometimes gets a bad rap because it’s been used as a tool to spam web forums or send anonymous hate mail, but it’s also been used by domestic violence survivors to avoid cyberstalking without needing to quit the internet cold turkey.

If you’re reporting from a country with internet restrictions, you can use Tor to access the websites that would otherwise be blocked. If you’re okay with giving away your identity but not your location, you can post on social media sites using the Tor browser.

Difficulty:

The Tor Browser is incredibly easy to use, and doesn’t even require that you install any software. The operating system Tails, which can be used while traveling, lets you use the internet anonymously and routes traffic through Tor. It requires a bit more technical know-how.

Limitations:

Obviously, logging into Facebook, a bank account, or an email account associated with your name reveals your identity.

  • Opening documents, enabling or installing browser plugins, checking into email and Facebook accounts using your real name, and using Torrent are a few other ways that your identity can be compromised.
  • In addition, your internet service provider or local network administrator can see that you’re using a Tor relay unless you take special members to try to hide it.
  • Another potential drawback is that some websites either block traffic coming from Tor, or do not allow comments from Tor users.
  • Tor and Tails have posted warnings detailing other potential vulnerabilities.

Making user identity and location for both journalists and sources is highly useful, and the fact that it requires limited technical knowledge makes Tor a no-brainer.

Your Dead Drop

securedrop_logo.png

SecureDrop is used by prominent publications and websites, including the New Yorker, Forbes, ProPublica, Intercept, the Washington Post and the Guardian.

Difficulty: SecureDrop is challenging to set up without some computer know-how, and it’s recommended that an organization has an IT professional or system administrator to maintain it.

Limitations:

  • Secure Drop needs two servers and an old laptop, so the cost is between $1000 and $3000.
  • As mentioned, having a computer professional on staff is recommended. (Another option that may be better for freelancers is OnionShare.)
  • It’s not impossible for an entity to break or hack into the news organization to seize the document.

Your decoder rings

Encrypted email

What it is: PGP stands for “pretty good privacy,” while GPG, an open-source version, is “Gnu Privacy Guard.” Both tools allow you to send and receive encrypted messages to people online, using their public key code. These messages look like a jumble of text to anyone unless you sent it to them, and they open it with their own special private key code. Even if you don’t want to encrypt a message, you can digitally sign an email, so that the recipient knows it wasn’t tampered with in transit.

Difficulty: Let’s just say that I definitely wouldn’t recommend trying to learn how to encrypt email while on deadline. Although it’s not hard to download and there are numerous tutorials online (like this one by opsec expert Tom Lowenthal), it can be challenging to get all of the components to work together with your email client. (GPG also doesn’t work with Yosemite, if you’re on a Mac, and it looks like they will begin charging for the service once it’s ready.)

I was lucky enough to make fast friends with someone who gave a presentation on the topic. Even with assistance, I made multiple juvenile errors, including hitting reply to an encrypted message (thereby unencrypting it), sending something unencrypted when I thought it was encrypted, and setting an expiration date a year sooner than I’d intended.

The email client Thunderbird offers a robust encryption plugin called Enigmail that is a little finicky but can simplify the process, and a new program called Mailpile looks promising, though it isn’t finished.

Limitations:

  • As mentioned, email encryption can be hard to learn, and both the user and the sender need to use it to communicate.
  • If your computer is stolen, encrypted messages may be compromised, depending on the strength of your computer’s password, since a few mail servers unencrypt messages and store them in unencrypted form.
  • If a key is lost and you are storing messages in encrypted form, the data is gone forever.
  • Email service limitations and other issues sometimes make it difficult to send large files using encryption. (They can be shared through thumb drives, Onionshare, or other file sharing sites.)
  • Sending encrypted emails does not hide information about who is emailing who, when, how often, and with what subject line.
  • Senders need each other’s public keys, which adds another step to the process. Some journalists link to their public key on their websites, and I’ve loaded mine up to my Twitter bio and linked to it in my email signature.

Encrypted chat

What it is: Off-The-Record (OTR) Messaging is a chat extension you can use to encrypt chat conversations. It can be used through the Tor browser to protect user location as well. It is used with other software, such as Adium for Mac or Pidgin for Windows.

Difficulty: OTR is incredibly easy to set up. If you are routing another chat program through OTR, you can see the encrypted conversations happening in that chat window. However, learning how to verify the identity of the person you’re speaking with proves to be a bit more challenging.

Limitations:

  • Both users need to use OTR in order for it to work.
  • Separate steps must be taken if you wish to verify the identity of the person you’re speaking with.
  • OTR does not support group chat, file transfers, or audio and video communication.
  • National security researchers may want to stick with Jitsi because OTR does have a few security concerns that those with high-level technical experience may be able to exploit.
  • OTR with Adium appears to be saving some messages in plain text. This needs to be disabled manually.

Encrypted phone calls and texts

Open Whisper Systems offers two Android tools, Redphone and TextSecure, for calls and texts. Apple users can use Signal on their iPhone to make encrypted phone calls.

In addition, a company called Silent Circle offers encrypted calling and texting, with plans ranging from $12.95 to $24.95 a month to call non-user numbers. Otherwise, you can call users for $9.95 a month.

Limitations:

  • Both users need to have Open Whisper Systems tools installed on their phone. Silent Circle allows its users to call or text those not using the services, but this obviously makes the calls less secure. Otherwise, both users need to pay for the service.
  • Since your phone number is attached to the tools, anonymity is not protected, and your cell phone tracks your location through cell tower signals as well as GPS systems. (It is possible to use Signal with an iPod, however.)
  • It’s always possible to trace GPS information from cell phones (or location from towers), and phones can be turned into listening devices.

Encrypted video chat

jitsi

 

 

 

Skype has a complicated security history both locally and internationally. In some cases, Google Hangouts can be used instead. Otherwise, Jitsi is a good alternative for secure video communication. It can be used for chat, as well, as an alternative to OTR. Jitsi is easy to set up and use, does not require any installation, and allow you to use current services you have set up, such as AIM, Google Talk, or Facebook chat.

Limitations:

  • Users need to be accessing Jitsi using the same chat program (i.e. AIM, Google Talk, or Facebook chat).
  • Account providers like Google or Facebook keep records of who is communicating and perhaps who they are communicating with. They can share this information with corporations and governments, even if the actual content is encrypted. (It’s possible to use programs like Ostel.co, but this takes a little more setup time.)
  • Jitsi requires you to install Java on your computer, but Java has many security problems of its own. If you don’t have Java installed already, and download it to use Jitsi, you may need to go through the added steps of disabling Java and its associated plugins from your computer.

Encrypting your hard drive

Say you’re covering border issues and your laptop is confiscated at the airport… or even that you misplace it at a conference. If anyone makes a copy of your hard drive, it’s best if the material on it is encrypted.

Using a full disk encryption service such as FileVault (for Mac), BitLocker(Windows) assures that the image of your hard drive will be scrambled. Most Linux providers allow you to encrypt the hard drive when you first install the service. If you are storing your data in the cloud, make sure to use a service, such as SpiderOak, that encrypts cloud backups.

Difficulty: Installing full disk encryption is incredibly easy, but encrypting cloud backups and especially sharing files through SpiderOak has a steep learning curve.

Drawbacks:

  • If you forget your password for any of these options, all of your files are lost.
  • SpiderOak is considerably more difficult to learn and use than its competitors (DropBox and Google Drive).
  • In addition, its features are less robust.

So there you have it—a wide selection of tools to choose from based on what your sources are able and willing to use, and what’s most appropriate for your specific situation. It may be worth picking just one to start messing around with before you really need to, so you’re not trying to install and master challenging tools on a deadline.

For more information, check out some of these links as well:

Privacy Tools: The Best Encrypted Messaging Programs (ProPublica)

The 7 Privacy Tools Essential to Make Snowden Documentary CitizenFour (EFF)

Surveillance Self-Defense (for journalists on the move) (EFF)

Also, check out EFF’s secure messaging scorecard.

Filed Under: tech, writing

All People Suck At Technology

June 17, 2014 By Yael Grauer Leave a Comment

Editor’s note: This post is by my OMGBFF Holden Page, who’s a freelance writer and social media whiz living in St. Paul.

On Imgur, the headline for this image is “watching my parents use a computer.”

Honestly, I feel kind of left out. Typically my version of “good fucking Jesus Christ how do you not understand,” is reserved for debates about politics with my father, and justifying various life decisions to my mother. Not once have I used this look explaining anything computer related to my parents.

That’s because they are kind of fucking awesome at technology. If they have questions, it’s not because they clicked on pop-ups telling them to clean their computer. There’s a legit problem, and their son is abnormally nerdy enough to embrace the challenge.

While I have always blamed my parents for robbing me of an opportunity to complain about them, it seems members of my generation have managed to fill the hole they left.

This may be a surprise to some; after all, my generation invented the art of selfies, sharing meaningless status updates, and editing pictures of our food. But there is a massive gap between being proficient at sharing your life, and understanding technologies that operate these systems.

It turns out everyone sucks at the latter half.

This first became clear to me during my short stint at a student newspaper. Charged with redesigning the WordPress site, it quickly became apparent that my peers had no idea what they were doing.

Random plug-ins invaded areas of WordPress I hardly knew existed. Parts of WordPress I considered immune to dysfunction caved under the weight of poorly coded premium themes. Over three people managed one WordPress site, only one of whom who had any experience with basic HTML.

While this disfunction certainly bothered me, it still wasn’t enough to induce the look of pure and utter defeat displayed so well by the .GIF above.

No, what induced my personal WTF moment is when the student writers I talked to were scared to use WordPress.

Scared to tinker, to play, to break. And to make better. They clutched to their papers in mock nostalgia, and insisted that the process they put in place was fine. Nevermind that the site regularly went down, updates had stalled for months, and the mundane process of simply writing was convoluted beyond repair.

In short, they were scared to change.

Digital natives were scared to change, to learn and to grow.

It was this lack of adventure that made me quit the student paper. Sure, I changed what I could. I made the site operational, and it continues to operate at a nice clip to this day. But no one was passionate about this change, and many simply ignored it.

This is a far cry from my parents, who met their frustration with technology with an equal amount of wonder and opportunity.

Which brings me to my greater point: It doesn’t matter how young or old you are, chances are you suck at technology if you don’t meet the change necessary with wonder, opportunity and a willingness to break things.

I will reserve my bewildered facial expressions for people who are unwilling to do those things.

You should, too.

Filed Under: tech

  • 1
  • 2
  • 3
  • Next Page »

Subscribe!

Subscribe using an RSS Reader
Close

Join Me On

survive-the-internet

Professional Organizations

ire-logo ona-logo

Publication Credits

yael-wired

yael-forbes

yael-slate

yael-takepart

yael-mensjournal

yael-vice

yael-experience

yael-performance

yael-readwrite

yael-sherdog

Copyright © 2019 Yael Grauer · Log in