Looking at Internet of Things phenomenon, the Portland FBI issued a blog post talking about how connecting your computer to the same network as your internet enabled refrigerator could pose a security risk. They advise changing the device password settings from the default, make them as long as possible and unique. Leo says that it's not practical to have a separate connection for your iOT devices. But regularly updating your devices and giving them a good password is a good idea.
Jeff is concerned with the current state of online security. So many companies are taking security for granted. They send software passwords in an email and other foolish acts online. Leo says that the CTO should know better. But Leo also admits that security is hard, and there's no such thing as perfect, bulletproof software when it comes to security. Inevitably, the software will get flaws, as they get updated. But a lot of the software has dumb mistakes that slip through due to arbitrary deadlines.
Leo says that many are complaining that big tech is far too intrusive and is destroying our privacy. But Leo says that this is largely overblown with people acting like "privacy puritans." A lot of it can be mitigated by Big Tech keeping our data secure and coming out with an accurate and truthful privacy statement for all to see. If we give up some data privacy for free services, Big Tech should treat it as a public trust, and give customers the right to opt-out.
Jay is being bothered by third party cookies and notifications. Is that still a security risk? Leo says that websites don't want to wait for you to come to them, they want to push their content to you. Leo always says no by default, and he also recommends browsers like Firefox and Brave, that will globally say no to notifications. It's in their app settings. Cookies, by contrast, get a bad wrap. Cookies aren't really dangerous. They basically save settings so when you return to a site, you don't have to enter your password again.
José would like to be anonymous online. How can he minimize his online footprint with Mac addresses? Rich says that most systems are encrypted now, and Google is pushing all websites to update to https. So your traffic gets more encrypted. If that's not enough for you, then randomizing your Mac address is a good way to do it. In iOS 13, for instance, Apple devices generate randomized Mac addresses while online. That's a good way to keep yourself protected. You may try using a VPN, or you can browse privately.
Ron wants to know how he can find Rich's feature on facial recognition online. Rich says that facial recognition is happening everywhere and in China, they use it to gauge citizen's social credit score. Very draconian. Rich says that any tech segment on KTLA can be found on their website.
Dan upgraded to OS X Catalina last week, and he's starting to get a warning that Google will be able to read, delete and compose email in his account. Leo says that isn't from Google. He suspects that Dan may have an extension installed in Safari that's causing that, or that it could be a standard European GDPR warning message. But even if he approves it, he can revoke the permissions in settings. But first, look at extensions. Safari-Preferences-Extensions.
Rich needs to monitor his son's text messages. Is there an app for that? Leo says that there are circumstances when this is critical. For Android, it's easy to do. But if he's tech-savvy, he can probably find out pretty easily that he is being monitored. Rich may want to check with the phone company and see if they can help. Ideally, if you can do it without an app on his phone, that would be a better idea. Check out Verizon's Smart Family: they have monitoring tools that may be of help.
Dan signed up for a VPN recently, and he can't use it with his banking, Netflix or other apps. Leo says that the bank is probably blocking it. VPNs can break IP-based authentication. BBC iPlayer, for instance, blocks VPNs, because you're not paying for the TV license fee. Netflix does it because it doesn't want another region to be watching content that isn't available for licensing reasons. Banking activity is encrypted, so you don't really need a VPN for it. Google has also been pushing for HTTPS encryption with every site, so if every site is encrypted, there's no real need for VPNs.
When sending private information online, it is best to avoid doing so through email as the email servers between your email provider and the other person's are not that secure. However if you need to send private information via email, Leo recommends zipping your file content and sending them the password to access the zipped content through another means such as phone via text message.
Other services that you can use to send such highly confidential information are FireFox Send or ShareFile!