Security Saturday
[NB: check the byline as usual, thanks. /~Rayne]
I have Disney’s ‘Cinderelly’ song from the animated movie Cinderella stuck in my head now as I do my weekend cleaning.
We observed “Cinderella Saturdays” when my kids were younger. At 10:00 a.m. the morning cartoons were turned off (or the teenagers awakened) and appropriate Get Moving music put on the stereo.
For the next two to four hours we’d tear through the house with vacuums and mops and dust rags, throwing bedding in the laundry and hanging wash on the line.
It felt so good to be done with the chores by mid-afternoon. Or done with the irritating question, “When are we going be able to play?”
~ ~ ~
It’s Saturday once again, but our cleaning chores have changed. Now it’s time to address digital chores like information security, ensuring the week will be safer than the last.
— If you haven’t reset your passwords recently, it’s past time.
— If you haven’t set up Multi-Factor Authentication, it’s also past time.
— If you haven’t recently used some apps on your mobile devices, it’s time to remove those you don’t need. Please consider using a good browser to access services instead of apps because each app is a new security risk, a chance to be hacked.
— If you feel like you need more information about personal information security, visit Electronic Frontier Foundation’s Surveillance Self-Defense page.
https://ssd.eff.org
— This site by Tactical Tech is no longer being updated but it’s still a decent guide to privacy and security considerations you might want to browse as a guideline:
https://myshadow.org/increase-your-privacy
Tactical Tech also offers their own resource kit called Security in a Box:
https://securityinabox.org/en/
— If you don’t have this automated already and haven’t cleaned your browser’s cache, search and download history, cookies, site settings, now’s the time to go through them.
— If you don’t have antivirus and antimalware applications set up on an automatic schedule, it’s also time to get this done.
— If you don’t have instructions “in case of an emergency” about your online accounts for your family, now’s the time to draft them and put them wherever you also keep your legal documents like a springing power of attorney, patient advocate authorization, so on.
~ ~ ~
Now a few words about housekeeping for this site.
First, you may have noticed occasional lags or quirks in service of late. You may assume we’ve made somebody unhappy and they’re having a “tantrum,” in which case you may need to wait until the “tantrum” is done.
You can check for us online at Twitter — our accounts are:
@emptywheel
@bmaz
@raynetoday
@MasaccioEW
@JimWhiteGNV
(I don’t think Peterr has a Twitter account, sorry.)
Second, how our security works won’t be elaborated upon here, but you can guess there are triggers which may cause your comments not to make it directly onto the page. Things you can do to reduce the possibility of tripping a trigger:
— Make sure you use the same username each time, spelled the same way. (You have NO idea how much time is spent checking users’ account information and correcting some minor typo or spelling error because it’s tripped up a comment.) Save the information in a plain text notepad file to cut-and-paste if you’re forgetful or prone to fat fingering keys.
And no, we’re not going to look for a new comment system. We do not need to maintain a separate database which may also collect and sell your data.
— If your post has links, you may wish to “break” the link by inserting blank spaces so that it’s not active when posted; an active link may cause auto-moderation. The more links you share in your comment, the more likely your comment will go into auto-moderation.
— There are times when security is tighter, especially if you’re using a VPN. I’m sorry but this is simply a necessity for the security of the site and community members.
— Comments do not allow but a narrow range of HTML tags here; this is another security measure.
— If you’re being an ass and/or SHOUTING or swearing at community members or contributors/moderators, you can expect auto-moderation to kick in; see our Community Guidelines for more elaboration.
— For the safety of this site and others, please consider removing tracking from URLs you share in your comments. Links to sites of a questionable nature will never make it onto the site, including links to Google Docs.
Twitter links in particular are very easy to edit to remove tracking — just delete the question mark and everything after it so Twitter doesn’t have a full path from you, your machine, the person you’re retweeting/sharing, back to this site.
~ ~ ~
And now set up reminders in your calendar: clean your browser weekly, change your password monthly to quarterly, check all your other security bells and whistles at least 2-4 times a year.
You can go play when you’ve finished your housekeeping chores.