Are You Using Encrypted Email Yet?
Security emails aren’t something that most people think much about. Yet, they’re becoming more and more important as the bad guys are monitoring us more closely to steal our information, and then there are advertisers. So, do you want them to see your stuff?
Email is something that’s been around now for quite a while.
It was undoubtedly even before the internet standards came out. Many of the systems had a version of the email. I remember some systems back in the early. The seventies, late sixties that had an email functionality is something that we’ve always needed. Usually, it was for just communicating within a group.
And then, in the early eighties, when I got on the internet, we could send email to people all over the world, and the email then looked a lot like it did. Now you net email, we use different types of addressing for, but basically, it’s the same thing that we’re used to today. Many of us have Gmail accounts.
I have some Gmail accounts. I use them basically for throw-away stuff that I don’t want to have tracked. I don’t use Gmail for anything that I consider particularly important, because again, it’s not saying. So now there are two types of security. Really. We need to consider, and I got an email from one of the listeners today.
Who’s on my newsletter? And he said, Hey, I love all of the stuff you put in the newsletter every week. It helps keep me updated on what’s happening in cyber security and what things I need to know. But I’m reluctant to click on any of the links in your email because they’re all trackers.
I do that so that I know what the people who subscribed to the newsletter are interested in. So, for example, I see many people clicking on an email I sent out a few months ago talking about different emails, services, and which ones provide the most WhatsApp security.
If a lot of people click on that, Then I know. Oh, okay. Great. People are interested in this. So I’ll talk more about it on the radio show. I’ll probably put something together for the newsletter so that they have it. It’s like the example I’ve used for a couple of decades now, which is, Hey, if I’m looking to buy a car, I don’t mind seeing a car.
Because it gives me something to compare. If I’m looking to buy an F150, I don’t want to see ads for the latest Chrysler minivan. I’d like to see ads for people who are competing to sell me a Ford pickup truck. Maybe some competitors, maybe Dodge gets in there with the Ram or Chevy. Their truck, but I wanted to focus in it.
It just makes sense to me because I don’t want to waste time on some shoes when that’s not what I’m interested in and the person who’s paying to show me this ad for shoes is wasting money and being a small businessman. I hate to see that I know what it’s like. It gets really frustrating to be spending a lot of money on advertising.
That really is not going in. So you have that type of a monitoring where the advertisers are looking at, what you are looking at, what you’re searching for. They know the sites you’re going to, they know you’re interested in that. F-150. Make sense to you? It certainly does to me as well. So I don’t have a big problem at all with a people collecting basic advertising information about me.
It starts to go over a line. It’s a little bit of a, an obscured thing, frankly, but it starts to go over the line where they’re gathering all this information that could be useful for a bad. We don’t want hackers to have the information. I want to have a hack free life. I don’t want them going out there and finding information about me and, oh, I’m going to be on vacation.
I’m going to be out of town for three weeks and unable to be reached. And so that gives them the opportunity to now go in via phishing campaign. Maybe try and get my CFO to write a check to somebody or, do something that’s frankly, quite malicious. What do we do? How do we deal with that? What makes sense there?
That’s a really good question, frankly, and that line has to be drawn by you personally. I draw it as, I don’t really care most of the time if someone knows. So here’s what I do with my mail client. I turn off the automatic download of photos of pictures, and that way I can see the email. And if it’s.
Piece of spam, where I don’t even want that spammer to know that I opened the email. They’re not going to be able to find out because my male client is not downloading photos. The way it works is you as a marketer or as a spammer. In this case, you are giving a unique URL for that. So that unique URL.
Now, if that photo’s downloaded, tells you that almost certainly that person opened your email. What’s a legitimate email address. You can spam it some more in the future, a little bit more about them. The same thing is true with my emails. For instance, if you sign up at Craig peterson.com/subscribe, and you get my weekly email.
The training and all the other stuff, that’s, all for free in there. You now are telling me when you open it, that you opened my email. Now, why would you want to tell me that? Why would you want to tell anybody that? Nowadays when it comes to email delivery, one of the things we have to face as businesses and as a marketer, who am I using?
Mt. Is that you are great. Every email is scored. This has been true for a long time. SpamAssassin the software I’ve used for. I don’t even know how long now, at least a decade, maybe two. And it looks at the content of the email. It looks to see how much of the email is a graphic. How much of it is using these types of words that are often used by spammers or.
Maybe crazy marketers. So they will score that email. And if it’s above a certain score, if it’s accumulated too many bad points that email doesn’t get delivered, we have a similar system. We have some real fancy stuff that we use ourselves and we use for our clients from Cisco that compares all of these emails that are being delivered worldwide, millions of the members.
And learns from it and automatically blocks them for me, which is really great. But if I’m sending you emails, just like if you’re on my email list, I’m going to send you an email at least one a week. Usually not more than two, but basically one email a week. It’s not only scored on how my email reads the wording, the.
But it’s also scored on how old is my domain. Have other people reported my emails as spam and how many people have opened that email sites? Google track that. So if you’re on Google, if you’re using. It will come up and the email come up and Google says, okay, he read the email. Maybe he downloaded the photos.
He was very interested in it. But if people are not opening the emails, you start to develop as a person sending an email, a low-risk. Lower and lower in this case, lowers is bad. Then the case of SpamAssassin hires bad. So what’ll happen then is your emails will stop getting delivered. You don’t want that.
I put a lot of work into these emails. I send out every week. I usually have a number of tips, usually six to eight different ones in each email. I don’t want that to go to waste. So if people are not opening my email. Then I’m going to automatically remove them after a period of time from my email list, because I don’t want to send email to people who aren’t going to open it, because if I do that sites like Google and many others are going to stop delivering my emails to everybody else, the people that do want it, just see how that works.
So I am reliant on understanding if you open the. How can I tell? I can tell if you clicked on a link and I can also tell if you’ve downloaded any of the graphics that might be in that. Otherwise, I have to assume you’re not opening that email. And if you’re not opening that email, I don’t want to send it to you because if I send it to you and you don’t open it, it’s going to slow down or completely stopped the delivery to other people within the.
For instance, gmail.com. And this is true for any of the major mail vendors that are out there. And I don’t want that to happen. So what I ended up doing, if you have an open them for awhile, I’ll send you an email saying, Hey sorry to be bothering you here. But I wanted to make sure that you did want to get these emails or I’m going to automatically remove them.
You might’ve had that from other people before then. The reason those emails are sent out isn’t because I’m being snotty about it. It isn’t because I’m upset that you subscribed and you haven’t been reading the emails. It’s because I don’t want my email delivery to other people to be damaged because you have no pundit.
Even though I do block images from being downloaded on my emails at the top of the email when I open it up and it has a little button that says load images. And if that email is from someone that I care about it, isn’t from just some spammer that stole my email address or bought it from somebody else.
If it’s a legitimate email, I want to see, I click on that load images. So what happens now is the images in that email or downloaded the whoever sent me the email now knows that email was opened up and I don’t also get kicked off for their list. Now, a few of you guys have complained about that with me, just not complained as much as said, why are you kicking me off of your email?
I told you it’s because you haven’t been opened that. Oh, but I haven’t opened them. You haven’t. But if you turn off the load images on emails, then I don’t know that you’ve been reading them and therefore you’re going to automatically end up being re removed. When we come back, I want to talk about secure email providers.
I’m going to compare some of them. And that came up this week because what was the number one secure email vendor out there? They no longer are. So we’ll talk about that. It’s all in the news. Visit me online. Craig peterson.com.
You use email, everybody uses email, but which providers provide you with security and what do these different types of security actually mean to you? Of frankly? What is security? What is a secure email?
There are a number of different secure email providers.
And there are multiple ways of defining secure email nowadays. All of the email that I send and receive from my company and I send and receive for our client companies is incorrect. There something called TLS. That is basically it’s the same as HDDP S it’s you know, that secure VPN that set up. No, I don’t want you to get confused with these VPM services.
It has nothing to do. But if you go into your web browser and you look up in the URL bar, you’ll see a little lock. It’s typically on the left side of that bar, you click on it and it will come up and say, the connection is secure. What does that mean? It means that the data that you send from your browser.
We’ll get to that remote server in a secure fashion will be encrypted. So if it’s intercepted the third party, won’t be able to decrypt it. Now there’s exceptions to this, but we’ll just keep it nice and simple. When we’re talking about email and the two email servers talking to each other, we’re talking about the same sort of thing.
If you send an email, you have an email provider. It might be my company, but it’s not likely, right? Because we only deal with a certain number of small to medium businesses, but the email goes from you to a server. So let’s say you’re using Microsoft 365. So your email, as you’re sending it to email@example.com that email.
Goes from your browser or your email client over to the Microsoft 365 server. Now I understand there’s different ways to do it. In fact, we don’t do it quite this way. We always go through an intermediate server that we maintain that helps keep things secure, but the email goes over to Microsoft 365. And that first connection is probably a secured connection also by TLS.
Now you’re sending it to firstname.lastname@example.org. That was the two address in your email. So what happens next is it needs to find out who’s handling the email for Craig peterson.com. It finds out, and then it says, A again, TLS session and encrypted session over to my email server. That encrypted session is much the same as what you have on your web browser.
It is. Very hard, very unlikely that anyone in between can see your email. And then the email ends up on my server, whatever service I’m using for my server. And then it ends up at my client. It might be on my phone. It might be on my desktop. It could be anywhere. And again, that is using another encrypted session.
There’s different protocols that might be involved. For instance, I map S SMTP maybe there’s TLS over SMTP, whatever. We’re not going to get into all of those technical details before you guys all leave me because your eyes just glossed over, but there are a lot of ways to have that all encrypted.
So just sending an email from your phone to email@example.com means it’s going through a minimum. Four machines and each time it gets to one of these machines it’s encrypted. That’s hopeful, right? I’m going to knock on wood here because in reality, not every one of these points has encryption. Not every email service has that type of encryption, TLS, or other ones.
What I want to talk about now is the secure email providers. If you have Microsoft 365 email, you can go to and Microsoft website and send and receive email there. Do your calendar there. You’ve seen that before. I’ve used that before, so you can do it all online on the web server. You can also do it on your client on whatever device you have.
These secure email providers. I’m going to talk about right now as a rule are using a web front. So what is a secure email? Obviously the first step needs to be the connection from you to the server needs to be encrypted. And if you’re using a web based encryption, which again is that HTTPS, which is the TLS nowadays.
That is encrypted end to ended choosing public key encryption, the whole RSA patent. And it’s just fascinating stuff. It was absolutely amazing what they were able to come up with. I love it. There is also the server itself, which needs to be secured somehow. And then how about the ultimate delivery to the third party?
Now we use Cisco again. For our email filters, but that our Cisco server that we have for ourselves here in our very own data center located right here then server also handles emails for some of our other clients. So what happens now is if I want to send a secure email to somebody. Party. So I want to send it to somebody working at the bank or working at the repair shop, whatever it might be.
All I have to do is in the subject line, just say secure and the Cisco email, server’s going to notice that. And it is then going to send an email off to the recipient saying you need to come to this IP address. And it gives them a link and I, and grab your secure email. So in that way, I know it was delivered to curly because whoever the recipient is had to go to this secure site on this mail server that my company maintains.
Okay. So that’s another way of doing it. If you don’t have the types of equipment that I have here in software that we use for small businesses, then there are still some options. The number one for quite a while has been proton mail, P R O T O N M a I L. And I wrote a big thing about that. You would have got that in my newsletter a few months ago.
If you save those things, which you shouldn’t do by the way, save them all, just do a search for proton mail in there, and you’ll see my detailed explanation of what it is, why you might want to use it. Proton mail is located over in Switzerland. And of course, Swiss has some good privacy laws sodas, the European union, but that was their claim to fame.
Hey, we are in Switzerland. We do not do log. We do have self-destructing messages and we have some real neat little features that you can use on your on your device. That’s proton mail. It’s been very good, but just this month, a Swiss court ordered proton mail to log the attachment. To their service.
So now when I say attachments, what I mean is the IP address is the two addresses the, from addresses of any body that’s using their service. No, they were specifically looking for this one individual. And so now they are doing some logging. They actually have to change their website. So that’s a negative and we’ll explain why that’s a negative.
And we’ll talk about a couple of. I of the email services that are out there right now and what you can use, what you might want to use, what the costs are, so that you have a good idea. So stick around because of course we’ll be right back. And I want to invite you right now to just take a couple of minutes, go to CraigPeterson.com and subscribe to the newsletter so that you get everything.
You’ll get my show notes every week. You’ll get some of these free trainings I’m in trying to make it so that it’s under three minutes to help you understand different concepts and things that are going on. Craig, Peterson.com/subscribe
What are the features? These secure email providers are providing, what are the costs? Which ones might you want to consider? We’re going to run through the top three right now. What are their features and why would you want to use them?
We started talking a little bit about Proton Mail, some of the real basics here, and it is still the kind of 800 pound gorilla when it comes to secure email, finally they had to capitulate to the Swiss court because they are located in Switzerland.
So just goes to show that even being Swiss doesn’t mean that it is. Completely secured, then there’s a difference too. I want to point out between having a government issue, a subpoena and a court order to have your information revealed. There’s a big difference between that and a hacker who’s trying to hack you and get into your life.
So I think most of us understand that we need to be secure in our documents. We need to have that privacy is guaranteed to us from the constitution, but we also need to have one more level of security, which is okay. How. The hackers. So having a hack free life means you there’s a lot of things that you have to be concerned about, email being one of them.
So I’m not too worried about Proton Mail and the fact that they had a court order to. Provide IP addresses for a specific group of people. And it was a very small group and I can see that. I can agree with that. Proton Mail does have a free version. That’s the one I have because I want to try it out.
And it has a 500 megabytes of free. The storage, you can get up to 20 gigabytes and Proton Mail starts at $4 a month. It has end-to-end encryption, which is really important. Again, it means from you all the way to the recipient, all three of these that I’m going to talk about have end-to-end encryption.
They also all have. Two-factor authentication. Remember when we’re talking about two factor authentication, a lot of places try to pass off this thing where they send you a text message with a number in it. They try and pass that off as two factor authentication. Yeah, it is a type of two factor authentication, but it’s not a.
If you’re already doing something like maybe you’ve got cryptocurrency, you are potentially not only under attack, but I’m very hackable. If you’re using a text message in order to verify who you are. So that’s an important thing to remember. Proton Mail has self-destructing messages, which is a very big thing, very positive.
It tends to be expensive. Proton Mail being the 800 pound gorilla kinda dictates what kind of price they want to charge and they are on the more expensive. Side the web client is a little bit on the outdated side. It does not support pop three, which I doubt is an issue for any of you guys out there because nowadays the modern email clients aren’t using.
Anyways, any more now Proton Mail has PGP support. I use PGP, I have a built into my Mac mail and it allows me to send and receive and do end encrypted messages. And that’s something you might want to look at a plugin that uses PGP or GPG, which is effectively the same. Which allows you to send and receive encrypted email using your regular email client.
However, the person who’s receiving it at the far end has to have that PGP client or GPG client as it is. So it might not be the best idea in the world to use that. I use it and I use it for. People within the organization that I know have PGP, because again, we’re dealing with third parties information.
We have clients and the clients trust us. So we have to be pretty darn careful with some of that stuff. So that’s our first one, proton mail. It’s something I’ve used. I know a lot of you are using it. I had so many responses to that email that I sent out to everybody talking about secure email and specifically proton mail.
And you guys were all telling me, Hey, listen, I’m switched on I’m away from Google forever because Google is by far the least secure of anybody you could be using out there. Now, the next one is called top-down. Two U T a N OTA. So it gets just what Tatan call 10 town, tow hours, something like that, but a N O T a I’m sure you guys are gonna all send me pronunciation guides and it has again, a free version, one gigabyte.
So twice as much as proton mail and it doesn’t really offer quite as much storage, but it starts at a dollar 18 month. Down from proton mail’s four bucks a month. It also has end to end. Encryption also has two factor authentication. It has an encrypted search function, a calendar function, and aliases. I use aliases not only for my hack free life, but I use aliases because I will.
To use a different email address for pretty much everybody I’m dealing with. So these, this way to do that is with an alias. One of the problems here with top I, this is a German company. I bet you it’s a German word. Somehow Tottan TOA is that it is injured. Germany is one of those 14 eyes countries. That means it’s one of the 14 countries, large countries that share information about people online and spy on each other’s citizens.
See, that’s how the government’s gotten around it. The government have preclusions from monitoring citizens. So what did they do while they all get together, serve with the five eyes now once twenty-something eyes, but they’re part of the 14 eyes agreement. So Germany, for instance, would spy on us citizens while they’re in the U S.
And the U S will spy on German citizens while they’re in Germany and all over the world. Okay. So that’s a negative, however, as a general rule, the European union has pretty good privacy laws, so you’re probably safe. And then the third one, which is again, the third in my priorities here too, is called counter mail.
Now it has. Interesting features, for instance, they have what are called Ram only servers. So the server boots up, obviously it has to boot off of some sort of a device, but once it’s running, everything’s in memory. So if that server loses power, it loses everything. Now that’s an interesting thing to do and can be a problem if you’re trying to store emails, right?
It has men in the middle attack protection, which all of these due to one degree or another, but counter male makes that a kind of a big deal. They have a safe box and anonymous payment systems that you can use. And it starts at $3 and 29 cents a month. They have a four gig storage limit. They do not have a free version.
So I liked this one counter mail, but I do use proton mail, at least for testing. Some mothers also rans here that allow you to send and receive encrypted mail. Secured mail is Zoho mail, Z O H O mail. The X, Y Z is another one post deal. So I’ve used Zoho before, by the way post geo P O S T E O.
You might want to firstname.lastname@example.org and start mail. So there you go. Top three proton mail. That’s still my recommendation. If you want some secure email and it’ll cost you a bit, if you want cheaper, look at this T U T A N O T A. All right, everybody make sure you spend right now about a minute.
Go to Craig peterson.com and sign up for my weekly newsletter and training.
Is there no such an example of Silicon valley and they’re a hoity toity attitude of fake it until you make it, or is it the reality of Silicon valley? What’s happening out there? WeWork and others.
Theranos. How many of you guys know about Theranos? They had a really great idea and it was started in 2003 by a 19 year old young lady named Elizabeth Holmes.
That is pretty young, but her idea was why do we need to have a whole tube or more of blood in order to do blood? With the technology we have nowadays, we should be able to just use a drop of blood and be able to test for hundreds of diseases with just a pinprick of blood. It seemed pretty incredible at the time, but she was able to.
Been a yarn that got a lot of people right into investing in her company. We’re talking about nearly a billion dollars in capital that was put into their nose. How could she have fooled all of these people or was she fooling them? Was she doing what you expect to have done in Silicon valley? That is in fact the argument that her attorneys are using right now.
She is on trial because this company Theranos was never able to produce and tests. They could just take out a drop of blood and run hundreds of tests on it. And there’s a lot of evidence that has come out that has shown in fact, a great little documentary that I watched not little on her and the company Theranos.
That showed that they had in fact, been taking vials of blood and using other people’s equipment, not the Theranos equipment to do the valuations of the blood, to look for diseases, to look for things like vitamin D deficiency that is in fact, something that could have helped with this whole COVID-19 thing.
A real quick and cheap check a vitamin D levels in your blood, but what happened? Elizabeth Holmes was really a great talker. She was able to convince a lot of people and a lot of businesses, including Walgreens to invest in her. Not only did she have Walgreens invest in her, but some of the biggest names that you can think of in the investing community, including Rupert Murdoch, he invested in fairness.
Now her argument in her. At least her attorney’s argument is, Hey, listen, we’re not doing anything differently than any other Silicon valley company that’s out there. It’s this whole creed that they have of fake it until you make it. Is that legit. Is it just one more live from Silicon valley?
There’s a great article that was in Forbes, talking about some of these, what are called unicorns. These are companies that are startups and are taken under the wing by investors, starting with angels, and then moving into venture capitalist, actually, even before angel. Friends and family and moving into venture capitalist positions, and then eventually public companies, all of these businesses really required proof before they got any funding.
So here’s an example from Forbes, Airbnb. Obviously they, hadn’t what we consider today to be a rather unique business model. But it had been tried before. The whole assumption was that people would rent rooms in their homes on this huge scale, but they didn’t have any pre. They were the first to make it in this global trend, they built up this whole idea of becoming a hotelier yourself with your home.
But when the founder, Brian Chesky tried to get angel capital, he did not get a dime. He had to prove that renters were interested and people were interested in renting out their homes and that he could pull them together. Once he proved that, then he was able to get the money and prove is you. To have a viable business.
First, it’s really rare that you don’t have to, Facebook was started by Zuckerberg now, all of those stories, but the whole idea was having Harvard students connect with the. And then he expanded it to students and other universities and then expanded it to the world at large, his natural initial investors, like most or friends and family, people who give the money to you because they want to see you successful.
Eventually here. Zuckerberg was able to prove it and get money from Silicon valley. And then VCs, I’m not getting into any of the ethics of how he did it or any of these other people that had Google. Google was started by these two Stanford students page and Brin, and they got angel capital from investors.
And, but these investors were different than most the investors into Google, where people who were already very successful in the computer industry and could understand the ideas behind the algorithm and believed in page and Brynn and that they could grow this company. Microsoft. Again, another company that started with extremely questionable methods was started by gates.
And now. They didn’t have any VCs, either. They started by running programs for other people. They convinced IBM that they needed to license an operating system from Microsoft and Microsoft didn’t even have the rights to, and then they went out and acquired it on a non-exclusive basis. IBM acquired it from Microsoft and non-excludable exclusive basis.
Then they got VC money after they started to take off. Okay. Amazon was started by bayzos with funding from his family and small investors from Seattle. He got a VC from Silicon valley after he launched and was already earning thousands in revenues. Bezos had real proof. Walmart was started by Sam Walton with 25 grand from his father-in-law.
He built this business and financing strategy and used his skills to become one of the world’s most successful companies as he grew. We work. I don’t know if you’ve seen these. There’s a great documentary out there. And we work that I watched too, but again, like Elizabeth Holmes, he was a great guy at standing in front of a group and getting investors to put money.
And he was even great at getting people to buy from. We work that he even started this whole, I think it was called wee life thing where he had people who would move into the building. That they were renting this office space from, and they’d all lived there. They all had their own little units and they’d get together every night and they’d eat together and have community and everything again, collapsed when they couldn’t sustain the momentum.
And it was like a Bernie Madoff thing where he needed more money coming in order to support it. And he got incredible amounts of money from this big Japanese investor. And then we’ve got Theron. Elizabeth Holmes. She failed when this investigative reporter questioned whether the technology really works, the investigative reporter said, Hey, can you really do hundreds of tests reliably with just a drop of blood?
Why did this report, or even have to ask the question at all? How about all of these investors? Huge companies, my including medical field companies. How did all of them get built basically into spending about a billion dollars with her in an investor? It is a real problem. And it’s a real question because ultimately what we’re talking about is companies and Silicon valley thinking you fake it till you make it, who are bilking investors and everybody else out of it.
Now you have to have a certain amount of that. No matter what the company is. Do you think. Faith in yourself. You’ve gotta be able to stand up and make a presentation to customer or to an investor, an angel investor or friends or family, whatever it might be, but how could you have sold value to customers and convince them?
To pay the rent that’s needed before you’ve even shown a profit. And that’s a big question. Things have not changed in Silicon valley because of what we work did. And because of their failure, things have not changed because of Elizabeth Holmes and Theranos and the major failure there. These people are investing money.
They hope that two times out of 10, one times out of 10, they will actually make money from their investments. We’re talking about the venture capitalists and they are jumping on all of these things that are, maybe. Quite legal. That was actually the pitch that was used by the founder of Uber.
Yeah. We don’t really know if this is quite legal or not, but we’re going to let people use their own vehicles to drive their own cars, to pick up strangers and take them places. And it was obviously not legal, especially in big cities where they had laws about all of this. And then all of a sudden now Silicon valley.
Really listening closely and say, oh, not quite legal. Okay. That means you are going to completely overturn the whole industry. And that means we could make a whole lot of money on you again, just the knee jerk. So we’ve got to be careful. The other side of the point and coin is the secret sauce, which is many companies are being careful to not disclose things for very good reason.
They don’t want an employee to leave and take with them. Their secrets. Look at the lawsuits that have been out there with Google and some of the other self-driving companies. You stole an executive, the executive brought all of this knowledge. Them. And maybe even some documents, this should not be legal.
And now you’ve got the Biden administration issuing an executive order, trying to change this whole thing by saying, while you cannot lock people in to not disclosing or to your secrets or to not compete with you. How well to Silicon valley or any business anywhere. To keep their secrets, their secret sauce, the recipe to Coke.
If you will, how are you going to keep it secret if you cannot hold people to these nondisclosure agreement? And so I think again, the Biden administration is going the complete. Wrong direction. I’m going to keep an eye on this whole Theranos thing, this trial that’s going on. I didn’t have an idea how it’s going to turn out, but we do have to change the fake it till you make it.
Ideology of Silicon valley. Hey, take a minute and sign up online. Get my free special reports and trainings. Craig peterson.com. Your cybersecurity strategist.
It doesn’t look like what’s app is safe anymore. So what can you use if you want to have a conversation with someone, how many of you have a friend that’s in China or Iran or Afghanistan or one of those other countries?
I was warning about our friends at Facebook. Of course they’ve been buying competition and in fact, they’re being sued right now because of that.
And they have been going after these companies that look like they are going to eat Facebook’s lunch and then they buy them for way more. The market value. So what are the founders supposed to do? If I was offered crazy money for my company, I’d sell it at the drop of a hat. Just like that. It’d be done.
Thank you very much. WhatsApp is one of those apps. My Facebook and Facebook bought it, allegedly because it looked like it was going to be serious competition. So our friends at the federal government decided, okay, we’ll let this one go and we’ll let them know. When Facebook gets their hands on something, it’s like Google, getting their hands on, what’s going to happen.
Ultimately Facebook is going to be using it in order to sell you things. I’m not against having these various websites that we use, online apps and other things going ahead and Colleen us a little bit. What about things we want things to mean might want that we don’t even know we want because we don’t know they’re available.
So there’s a lot of good reasons from a marketing perspective for them to be able to find out what we’re into. They used to be a little bit different than it is today, but not that much. I was in the. Oh, direct marketing business way back in the seventies. It was my second job, really. And I wrote software.
That was part of this system that actually put all of our competitors in the country, out of business. Yeah. I wonder if they’re still around. It’s called marketing electronics of Canada. And let me see if it comes up. Eh, statistics and be okay, so it’s not really around anymore. So they master gone out of business.
But what we would do for our customers is we’d say, okay, so who should you mail to this? It was direct mail back in the day. And so when we get asked a business, we were in and so they’d say, oh, okay. How about we mail to what 40 year old men who maybe want to buy a pickup truck? So how would we do that?
We would look for the magazines that 40 year old men were likely to be. We’d look for anything, the newspaper subscriptions, neighborhoods. It was a real big deal. When, of course the zip code came in. That’s not what it is in Canada, but the postal codes came into place because then we could narrow it down based on neighborhoods.
So we’d put all of this together and we’d say, okay if someone is getting this magazine, And they’re definitely not getting that magazine, but they’re getting this newspaper and they live in this part of town. Then we put all of that together and we did the duplicate eliminations and figured out exactly.
Okay, this is who we want to be. And then we would do direct mail for the customer to all of those people. So it would be whatever it might be back in the day, it was Grolier encyclopedia was our, one of our customers and Columbia music. You remember, those guys was one of our customers and a few other places out there and we made pretty good money and the, it was pretty easy to do.
But back then we were doing almost the same thing. This was what now? 40 plus years ago, as they are doing today. But Facebook of course has way more information. They don’t just know what website you might be going to, which is the equivalent of which magazines did you subscribe to back in the day, but they all say.
Are in the middle of your conversations, they know who your friends are. They know what your friends have bought. They know what your friends are interested in. So it’s not that much different than it used to be, but it’s more intrusive because now instead of only having one. A couple of hundred magazines Countrywide that people might subscribe to.
We now have millions of websites that we’re likely to go to. And we have the conversations, the listen in which frankly, I think is the worst part of all of them. So when they bought WhatsApp, there was a warning of by myself and others saying, be careful, Facebook’s going to start to watch you on WhatsApp and Facebook.
Good. No. That’s never going to happen. There’s an article that came out this week. Okay. It’s absolutely amazing. This was from pro public. Who looked at the WhatsApp messaging platforms, privacy claims, WhatsApp of course offers quote end-to-end encryption and quote, which most people interpret means that Facebook who owns WhatsApp.
Can neither read your messages nor send them off to law enforcement. So some of us are concerned that they’re reading it and they’re using it from Arcadena et cetera, which okay. I can see, that’s a little bit of an invasive invasion of privacy, but it’s nothing that hasn’t been going on since the 1950s.
And the other side of it is what happens if the bad guys get their hands on that information or law enforcement? It reminds me of the old days was stolen, remember stolen. And in his henchmen, they said, Hey, show me the person I’ll show you the crime. And the reason he was able to say that is there’s so many potential laws that you can bring.
If you tell me the person’s name, I’ll dig into them and watch them, and we’ll be able to accuse them of a crime and get them convicted and thrown in prison. So there’s those of us who are worried about that potentially happening, then you might say it’s not going to happen today. I think frankly, it well could happen today more than it could have, or would have happened just a few years ago, but it keeps getting worse and worse.
So I get all. Stuff, but the claim to WhatsApp being safe to say anything on that. No one’s monitoring you. No one can see what you’re saying is basically false because what they’ve found a ProPublica is that Facebook employs about a thousand WhatsApp moderators whose entire job is reviewing WhatsApp messages.
Now, about some of the censorship this has been going on at Facebook. This is not the same thing because in general, in Facebook, of course, everything is open and available for their computer systems to flag. The automated systems will see it and say, oh, okay. Yeah, this is bad. And they’ll just shut you down and then maybe send it off for a person to review.
What’s happening here with WhatsApp is someone can flag a message that they have received at. Improper now that’s where it starts getting to be a little bit crazy here, because with this loophole in WhatsApp’s end-to-end encryption, now you don’t have that to fall back on that they don’t have it, that they can’t read.
The recipient of any of the WhatsApp messages can flag it once. Flag the messages copied on the recipient’s device and sent as a separate message to Facebook for review. Now, the messages are typically flagged for the same reasons they would be on Facebook, but one of the things that’s been happening.
Is with this content moderation, people who have received the messages from people that they don’t like are reporting these messages to Facebook. So they might be in, in a group. You typically is why it works happening. And in, within this group, there’s people who are saying things that they just don’t like.
That is frankly a loophole. Absolutely a loophole. So it’s not any different from someone receiving a message screenshot in it or shown their device to another person that’s received. But now it’s an automated process. Millions of teams every year have found that out too, with their disappearing videos on Snapchat.
They don’t all just disappear. And that’s a problem we’re having right now with WhatsApp. So what should you use? What could you use? The number one recommendation that I have for you guys is to use signal. You’ll find it online. Signals available for every mobile device out there, pretty much it’s available for most desktop operating systems and it is end to end encrypted.
And the guy who wrote it who has Mr. Marlin spike has an odd name? He has done this because he wants people to have true privacy in their messages. So signal pretty good. WhatsApp, not so good. You might not want to use it, but by the way, it’s huge in use. Hey, take a minute. If you haven’t already sign up for my weekly show notes and my trainings that are in them, you’ll get them absolutely free.
Craig peterson.com. And if you had done that, you’d already know all about WhatsApp and signal and what type of email you should be using.
Big data has strikes again in this time it’s in Los Angeles. If you get pulled over by the police, would you give them your social media information, your email address, et cetera. Question mark? Huh? Here we go.
LAPD has started doing something that most people are saying is unethical and may be illegal is well, they were sued the Los Angeles police department in order to.
Some information out of the police department. Cause some people had been reporting things and the Brennan center for justice is what it’s called, sued them. Okay. Now this is at the New York school of law. The NYU school of law, the Brennan center is, and they filed a public records request with LAPD and police departments from other major cities.
And they were trying to find out what’s going on. What kind of data are these police departments collecting and the LAPD resisted making these documents available? I guess that’s a clue, right? And so they did ultimately provide over 6,000 pages of documents after the Brennan center. Sued the department.
And one of these documents was a memo from the LAPD chief. His name was Charlie. Back in May, 2015. He said that quote one, completing. F I report officers should ask for persons shall social media and email account or information and included in the additional info box. Now, what they’re talking about is a, basically a field contact or field interview form, and he was telling them that they need to get all kinds of information, basically anything they can, but more specifically, once or Twitter handle Instagram.
Profiles. There’s a spot on here for all kinds of information. I’m looking at the report right now. Who are the name your date of birth, your sex, your gang, your or your monitoring moniker? Yeah, not everyone’s in a gang guys. And let’s see field interview, incident number, the division detail.
So the only thing, oh, and by the way, social security number as well. And if you’re asking them for their social security number, it tells you they have to read this assess federal law requires that you be in. When asked for your social security number that must be provided for use and identification authority for required.
This information is based upon field interview procedures operational prior to January 1st, 1975. Remember the social security number was only going to be used by the treasury department for. Income to verify that you’d been paying and would not be used by any other federal departments or state and local.
In fact, it was illegal at the time. Anyways, I guess I’m rambling about this. Cause the social security number thing really upsets me because of. Everybody’s collecting it and the bad guys have your social security number and it’s being used as some sort of a university universally unique number.
We call those UIDs IDs in the computer world, but it’s not. And unlike a regular you ID that can easily be regenerated, they will not issue you in a new social security number. If your old one was stolen. It’s really crazy. So it may be an unusual policy, even though the LAPD has been doing it for years.
Let’s see. So a lawyer in the burn-in centers, the library in national security programs wrote, he said, apparently nothing bars officers from filling out field interview forms for each interaction, they engage. On patrol, notably our review of information about the field information cards in 40 other cities did not reveal any other police departments that use the cards to collect social media data though.
Details are spars, publicly available documents to try to determine if other police departments are channeling. I collect social media during the field interview were requested, but found that most are not very transparent about their practices. So I guess that’s not too surprising. Here’s where it starts getting more concerning for me anyways.
And that is, they are feeding all of this information from these contact cards into a system that was developed by. Amazon. This is a system called plant Palentier. There you go. Palentier. And in fact, there was an open letter that was written by the staff at Amazon to Jeff. Bayzos asking bayzos to stop selling this technology to law enforcement.
Okay. That’s how bad it is. Here’s an article from ARS Technica. Amazon staff have called on CEO, Jeff Bezos to stop selling facial recognition technology to law enforcement and government agencies. Do the book 10 channel that the tech is used to harm the most marginalized. Microsoft and Google also have done the same thing.
Now you hear that and you say, that’s really good, kudos to you. I’m glad that you are trying to stop this. And yet at the same time, these same employees don’t seem to have a problem with selling this technology to the red, Chinese. At all, they don’t seem to have a problem with it in some of these other countries that are using it for just terrible things.
Further this letter that they wrote demanded that Amazon stopped selling their cloud services to data analytics from planet here. They have numerous government contracts involved in the operation of ISIS detention and deportation programs goes on and on. So what makes sense to you? The ACL you recently reported that Amazon’s recognition facial technology is being sold to police departments.
It can identify faces in photos and videos. Amazon pitched in as a way of identifying and tracking suspects. The issue that is raised here by the ECLU is the militarization of the police. How far can it go? Should it go? The targeting of activists and ISIS family separation policy. Now this was in 2018, just so that okay. So back in the day, of course, anything president Trump did was evil. And so this stuff they came out and said was evil. I haven’t, I looked and I haven’t got anything more reasoned about this. So for some reason, the Biden administration using this, isn’t a problem LAPD using this apparently was a problem and continues to be a problem.
Keep an eye out for it locally, because here’s the other side of this whole thing they say. Are they being the police officer when they pull you over I need this information. I need to inspect your car. I need to search your person, et cetera. They may need to, but that doesn’t mean that they have the.
Legal right or constitutional right to do it. So typically the police only ask for things that they can constitutionally asked for, that they should ask for. And people, most people know they can refuse a search depending on the circumstances and they, but they don’t because you’re honoring the police officer.
Going on from there honoring the police officer. I also mean that people are allowing the police to gather this information because of, again, the respect that giving to that police officer. And in fact, they apparently do. There’s another study in this article that talks about that. It’s a problem.
We gotta be careful all of this data being fed into a big system that tracks us, that, the bad guys are going to get their hands on that data. Eventually. Hey, visit online Craig peterson.com and check out today’s newsletter. You’ll find in there links to this and all of today’s stories.
Do you remember when president Trump was trying to block Tik TOK, this Chinese social site that so many of us were using? Of course now that’s all gone. That’s all history. And there’s another piece of news about them.
Tik TOK is a social media site that really rose a like crazy. It is owned by 10 cent, which is a Chinese company. Now, as all companies in China are controlled by the socialists, the communist party of China, the CC CCC CCP. Remember those initials from back in the day.
They are now being given access to location information about Americans, about all kinds of places in the United States, in photos, people’s names, their locations, you name it. Through tick talk to Chinese government, the Chinese military, the people’s liberation army as they call it. And we’re giving all of this information voluntarily.
So president Trump had a problem with that. Why should a Chinese company be allowed to track American citizens? Now at the time, took talk was quite popular and was growing in popular. Now we’re seeing a news story from the BBC saying the tech talk has overtaken YouTube in the average watch time per user in the United States and the United Kingdom.
YouTube is still the bigger video site. They have YouTube as far more users, they have far more video that’s watched, but what we’re talking about here is something that is specific, but it’s still scary, which is the average us tick-tock user watches, more video than the average YouTube view. So if you’re a marketer, maybe it’s time to get on Tik TOK, but also right now, tick talk is really the younger generations.
It’s not the older folk. Okay. I expect that eventually just like Facebook started with the college students and it has now really grown to being a an over 40, even over a 50 year old web. At Facebook, the same thing will happen for Tik TOK, but we’re getting concerned here because tic talk is upended the streaming and social landscape.
With these small videos, it reminds me of how the goldfish, why is the gold fish or the happiest animal in the world? Because it only has a five second. That was just great from Ted lasso. I don’t know if you’ve watched that show at all. That’s one of these apple TV shows out there it’s really it’s really true because these Tik TOK videos are extremely short and the whole goal of it is to have something that’s funny and they’ve had challenges and various other things that they’ve done too, but they have really gone crazy.
Google has tried to counter tic talk. They’ve had their own little thing. Facebook’s had their own little thing with these short videos, but this time spent metric that we’re talking about here is from the monitoring from app Annie. That’s the name of it. And it only accounts. Android phones because some of this monitoring cannot be done on I-phones.
Okay. But it also does not include China where tech talk is a major app in over in China. It’s called . I probably didn’t pronounce that one quite right either, but it is a massive audience that they have out there and. I’m looking at all of the stat. It’s just absolutely amazing. You can see those of course in the newsletter for today, but yeah.
Live streaming apps Twitch. For example, viewers can purchase bits virtual currency and send them to cheer for streamers journal, live stream and stuff. This is an interesting business. Tik TOK has definitely taken it over. And we’re seeing that that nobody’s been able to really do anything. YouTube has it’s Tik TOK clone called YouTube short.
It was launched in may. This is a 62nd video clips, whole ideas. It’s mobile first it’s swipe up. Also out there with, I love this. This is ARS Technica, calling it a photocopier, which is what YouTube does, within an upstart video service comes along a Twitch, see YouTube gaming. Anyways, everybody’s trying to get into it.
No one’s being successful at it yet, other than tech talk. And do we really want the red, Chinese having access to all of that? Think what’s innovative. You’ve got GPS information coming from your smartphone. So they know exactly where it’s taken. They know who you are. They know information about you as a user.
I don’t know. It gets scary. And then you think about what happened with the Wu Han lab and what escaped out of there. Could they use that? Might they use that home? My goodness on a very concerned. Okay. From Krebs on security, we have a warranty. For Microsoft users, attackers are now exploiting a windows zero day PLA.
So this is a previously unknown vulnerability in windows 10 and many windows server versions. And what it allows them to do is seize control over PCs. When users open a malicious document or. A booby trapped website. There’s currently no official patch for it, but Microsoft has released recommendations in order to help mitigate the threat.
These mitigations aren’t the best, frankly, but we’ll see it affects what’s called the Ms. HTML component of internet Exploder on windows 10 and many windows servers that are out there. And of course, internet Exploder has been deprecated. For use people should not be using it anymore. So for those of you who are still using internet Explorer, I’ve got two words for you from the famous Bob new heart, just an amazing guy.
So here we go. Okay. Here you’re there. That’s from an old routine. I couldn’t help, but think of it, but yeah, that’s the bottom line. You need to stop using internet Explorer. It does not work well. It is bug Laden. Like most Microsoft software seems to be, and it is now under direct attack. So make sure that.
Patch had Shirley patch off. And now I am in the middle of putting together. This is another bit of free content for everybody, but two things. One is a cyber health assessment that you can do yourself. And shall I show you how? And I’m going to have a course on that too. A paid course that gets into a lot more detail.
But the basics is, I want you guys to understand that. And then the other thing is in the next 90 days, what are the things that you should do and can do to make your computers safer? Now, as usual, this is aimed at businesses, but works great for. Individuals for home users. And we’ll see how this ends up going.
But frankly, the zero day attacks are going to keep happening. They happen to Microsoft. They happen to apple. They happen to everybody, but they all release patches. The only one that you are going to have trouble with patches on is older versions of windows. And of course Android. What else do I have to say?
Any older Android phone? Cause they lose support very quickly. So don’t use those, but make sure patch Tuesday. All of those patches are installed from Microsoft and visit me online. Craig peterson.com. Make sure you sign up for my newsletter so you can get these coming up and more.