Three Things You Should Do Right Now To Protect Yourself Online

There are two types of companies: those who have been hacked, and those who don’t yet know they have been hacked.

– John Chambers, CEO of CISCO

Corporate hacks, data breaches, and leaked celebrity photos: data security has seen almost non-stop news coverage in recent years.

You can’t do anything about hackers or companies with inadequate security. Fortunately there are some things you can do to reduce the likelihood of hackers gaining access to your accounts, and minimise the impact if they do.

My Spotify account recently got hacked, which prompted me to improve security on my other online accounts. Here are three of the most important things I did, which you should also consider doing today.

Check Your Passwords

Adobe. Tesco. Sony. Vodafone. Yahoo. Domino’s. Forbes. Adult Friend Finder. Gawker. Ashley Madison. VTech. All of these sites have been hacked, and all have had their account data leaked. If you had an account with one of these sites, it’s likely that someone else now knows your password.

How do you find out if your data was leaked in any of these cases? HaveIBeenPwned.com allows you to enter your email address and search for it among over 220 million leaked accounts across all the above (and more) breaches. You can also sign up to receive notifications in case you are ever involved in a future leak.

If your details were leaked and you reused the password somewhere else, then you should consider that password public information and change it as soon as you can. To protect yourself against future hacks, one of the best things you can do is to use a unique, strong password for every account you have.

Set Up Two-Step Verification For Your Email Account

Your email account can be used to gain access to almost all of your other accounts. Two-step verification is an extra hurdle that makes it much harder for a hacker to gain unauthorised access to your account, by requesting an extra code when you log on from a new device. Here’s how to do this for Google/Microsoft/Apple accounts.

If that seems like too much hassle, this article is worth reading to see the full impact of losing access to your email account. If you think reading the article isn’t worth your time either, then just tweet me your email address and password and I’ll set up two-step verification for you.

Only joking, you should never do that. Please set up two-step verification.

Pay Attention To The Little Padlock Icon In Your Browser

When doing anything online, realise that people can listen in. If you’re using public wifi, it’s possible for people to intercept all the messages going between your device and the website you’re visiting. One way to protect yourself is by making sure that the messages being exchanged are encrypted, which means that anyone listening won’t be able to understand them.

That little icon, what is it good for? Security!

How do you do this? Look out for the padlock icon in your browser, which means that a site is using HTTPS. HTTPS messages are encrypted, so anything sent between you and that site will be protected from prying eyes. Do not send or receive any sensitive information on a webpage without the padlock icon, especially if you are using a public wireless network.

Thanks for reading. If you found this useful, please recommend and share. Leave a comment or response if you have any tips of your own!

View at Medium.com

How Autonomous Cars Will Change Society

The horseless carriage didn’t just cause less horse shit. What will be the impact of a driverless, horseless carriage?

The dangers are obvious… Horseless carriages propelled by gasoline might attain speeds of 14 or even 20 miles per hour. The menace to our people of vehicles of this type hurtling through our streets and along our roads and poisoning the atmosphere would call for prompt legislative action…

– U. S. Congressional Record, 1875

In the late 19th century, as the horseless carriage was just around the corner, observers were skeptical of the possibility, practicality, and safety of such a design. Some of the questions being asked showed that people thought of it not as the thing it would become, the car, but as a novel version of the horse-driven carriage.

But where’s the horse?

The same thing is happening now, over 100 years later, with what’s being dubbed the driverless car. Most of the mainstream media attention so far has been focused on incremental or cosmetic ways in which these cars are different from what’s currently on the road, and fears related to these differences: what if a car driven by software kills someone? How will it make decisions about who to kill? What if these cars are hacked? Oh look, these cars might have more shiny windows!

These are important issues that will need to be addressed before widespread use is possible, but they hide the more interesting changes that these cars will bring.

A horseless carriage doesn’t just mean less horse shit.

It means highways, long distance commutes, spread out families, suburban sprawl, trucks, far away holidays, and more. The social and environmental changes brought about by the introduction of the car went far beyond the initial fears and speculations.

A driverless car doesn’t just mean less time spent at the wheel.

As I will aim to describe here, it means less parking hassle, a smoother ride, new business models for taxis, fewer road deaths, improved accountability, fewer car owners, specialised car designs, and many more things which we haven’t realised yet.

One person whose writing seems more forward-looking than most of the mainstream media’s short-sighted pieces is software architect and entrepreneur Brad Templeton. As a previous member of Google’s self-driving car team, he has done a lot of research in this space. On his robocars page he shares many of his predictions on what driverless cars will mean for society. Here is an introduction to some of the more interesting ones.

Less parking

Cities currently need to allocate some of their land to parking spaces. In addition, at certain times a significant proportion of urban traffic is made up of cars looking for parking spaces. Self-driving cars ameliorate both of these by

  • Being able to park further away — you will be able to step out of your car wherever you need to get off, and tell it to go park itself. Then, when you need it again, you’ll be able to call it and get it to pick you up where you are.
  • Using non-conventional parking spaces — why can’t we park in front of someone’s driveway? Because that would block them in. But what if a self-driving car was able to realise when the driveway needed to be used, so that it could park there and move out of the way if the owner of the driveway returns or needs to leave? That would create a lot of new parking spaces.

A smoother ride

Current cars have good suspension, but not the best possible. Self-driven cars won’t need to be able to ‘feel’ the road in the way that humans like to, and so suspension can be optimised further. These cars will also have more precise control over acceleration, unlimited patience, and will likely be able to optimise for comfort over speed in scenarios where this is relevant.

Driverless, horseless Uber

The taxi industry is already being disrupted by companies like Uber and Lyft, and it is moving towards a model which almost looks like it was designed for self-driving cars. The next step here will be app-based ‘summoning’ of self-driving cars, wherever you might be in a city.

Uber could buy a fleet of self-driving cars for themselves, but it would be more in line with its current model to allow individuals or other companies to put their cars to ‘work’ for the Uber app when they’re not using them themselves. People might even buy cars especially to have them work for Uber, in the same way that some people now buy apartments to rent out on Airbnb.

Fewer road deaths

Car crashes kill over 1 million people per year globally. Self-driving cars don’t drink, text, fall asleep, or turn around while driving. They have faster response times, and are more aware of their own limitations. Because of the incentives created by increased accountability (as detailed below) and the highly negative impact of the fear following any accidents, there is enormous pressure on manufacturers to make sure that their accident rates are far lower than current human accident rates —Templeton’s estimate is that these cars will need to demonstrate an accident rate 10–50 times better than human drivers before they will even be allowed on the road unsupervised.

Improved accountability

A common concern about self-driving cars is about assigning blame. If a car crashes and kills someone, who will be at fault? Self-driving cars will actually make this process easier, for the following reasons:

  • Fewer crashes. As covered above, there will be fewer crashes. Apart from the obvious direct benefits, this also means fewer cases to investigate.
  • More data. These cars are covered in sensors, so it will be much easier to tell who was at fault in an accident. Decisions will be based on recorded facts rather than eye witness accounts. If a company’s software is found to be at fault, the company can improve it and send out software updates to all their cars without having to physically service them (Tesla already does this).
  • More at stake. Right now most drivers assume that they will never be in an accident, and many often take risks which turn out OK 99% of the time. If a company has produced millions of self-driving cars, it won’t be able to afford having them take risks like that because it knows that some of them will result in accidents. Because of this self-driving cars are likely to drive in a much more cautious way than human drivers.

Fewer car owners

As autonomous cars become ubiquitous, car sharing will become more viable. Current schemes such as zipcar are a good start but having to walk around to find a zipcar is an inconvenience. When app-based car summoning (Uber or otherwise) becomes available it will likely be cheaper, more convenient, and safer for a lot of people based in cities or big towns to use a such a service rather than own their own car.

Specialised car designs

What happens when you remove the need for a steering wheel, dashboard, windscreen, pedals, and windows? Just like early cars gradually moved away from the carriage design, these new cars will probably evolve slowly into something that looks very different from current car designs. These are some designs we might see:

  • Small and light one- or two-person cars. People tend to buy versatile large cars for occasions, however rare, when they need to carry four, five, or seven people at one time— even though many journeys today are made with one person in the car. When car sharing becomes more prevalent, it’s likely that we will see smaller car models as it will be easier to match the demand for these journeys to the right type of car. These will be much lighter — hence cheaper to produce, and less fuel-hungry. They’ll also be able to park more flexibly, and might be able to share lanes with other smaller cars to make better use of road space.
  • Sleeper cars. For long journeys, there might be cars which are effectively beds on wheels. These would be optimised for smoothness over speed (few people would mind a slightly longer journey if it means they get better sleep) and would allow people to undertake longer journeys by car than they normally would.
  • Entertainment cars. For medium length journeys, some cars could resemble a modern living room. With a smooth ride, a large screen and a games console/entertainment system/Netflix, your commute could feel just like relaxing at home.
  • Courier cars. Small, lightweight, autonomous cars designed purely to carry small cargo. These would be more like current motorbikes than cars in size, and might be a more viable option than delivery drones for anything but extremely light packages.

Driving will become recreational

These new cars won’t mean that people-driven cars will disappear (though they might be banned from driving on public roads, as Tesla’s Elon Musk has suggested). People still ride horses for fun. Driving for leisure will probably remain popular, but these autonomous cars will take over where driving is just a means to an end.

If you found the content of this post interesting, please recommend or share so others will read it too. I’d highly recommend checking out Brad Templeton’s Robocars site and blog if you’d like to take a more in-depth look at this subject.

How I Lost Control of My Spotify Account

And How To Prevent Unauthorised Access to Yours

Monday morning. Bag down, headphones on, ready to get to work. But first some music.

Please enter your username and password.

Hmmm, I don’t remember the last time Spotify asked me that.

Incorrect password.

Sigh. I guess I’ll have to reset.

Password reset email sent.

Why am I not getting a password reset email?

Maybe I signed up with my Facebook account?

Welcome to Spotify, would you like to take a tour?

That’s weird, it thinks I’m a new user…


What Happened?

It took me surprisingly long to figure out why I couldn’t access my Spotify account. Someone had managed to log themselves into my account, and had replaced the email address on the account with their own. Luckily it was a premium account, so even though it took several days and a few emails back and forth, the Spotify support team reset my account and restored the playlists I had lost.

Luckily Spotify’s support team were fairly helpful in restoring access to my account

But why would anyone want to hack into my Spotify Premium account?

Surely no one hates ads so much that they would hack into someone else’s account to get rid of them rather than paying the monthly fee?

Months after this happened and I had forgotten all about it, I read this article about Spotify’s royalties model which revealed a motive:

All a fraudster has to do is set up a fake artist account with fake music, and then they can use bots to generate clicks for their pretend artist. If each stream is worth $0.007 a click, the fraudster only needs 1,429 streams to make their $10 subscription fee back, at which point additional clicks are pure profit. But… it’s possible to purchase stolen premium accounts on the black market, making the scheme profitable almost immediately.

So someone got control of my Spotify account, and was using it to play their own ‘music’ on repeat to extract royalties from the system. It turns out that it’s possible to make up to $600 monthly per account this way. But how did they get into my account in the first place?


My Mistake

This is where I have to admit that even though I’ve been interested in computer security for a long time, I’ve been lazy for a much longer time, and sometimes I reuse passwords. I know, I know… When I first set up my Spotify account I used a password I had used before. I didn’t bother changing it when I upgraded to premium.

It turns out that one of the things I had used that same password for was to sign up for an Adobe Photoshop trial. Oh and, in the meantime, Adobe got hacked and the details of 153 million accounts leaked. Oops.

So I’m guessing that some ethically compromised, entrepreneurial faux-artist out there realised that people would reuse their Adobe passwords for other things and checked all the hacked details to see if they could log into Spotify with them. And my account was one of those.


Lessons Learned?

Stop reusing passwords. Seriously! Stop it. Right now.

After this happened I read up a bit on best practices for personal online security, and wrote up a short summary of the easiest things with the greatest impact. You can read it here.

Thanks for reading, I hope you’ve found this useful. Please recommend and share so others can read this too. Leave a comment or response if you have any tips to share! Now, I have some passwords to change…