Privacy and Security News from October 2019 - Episode 4

Garrett / G66 - Jan 9 '20 - - Dev Community

Episode 4 of the Your Secure Life podcast.

In Episode 4 of the Your Secure Life Podcast, Garrett shares privacy and security news from October 2019.

Watch the Episode

Listen to the Episode

Website | Apple/iTunes | Spotify | Google

Read the Transcript

Hello and welcome to the Your Secure Life podcast, a podcast about privacy and cybersecurity for individuals and small businesses.

This is Garrett, your host, and I just want to remind you that you can listen to all of the past episodes at YourSecure.Life.

This episode is a little bit different than the past episodes.

I wanted the episodes that are guide style and less news to be standalone, and I wanted the news episodes to stand alone as well.

So what we're going to do is every other week we'll have a guide episode. And then on the weeks in between, we will have a news episode and hopefully that will be enough.

News in cyberspace moves pretty quickly. A lot is happening.

There are breaches, it seems like, almost every day. Social media sites always have something going on.

There's just a lot to take in if you are building a life online, whether that's individually, as a small business, as an influencer, as a blogger, a YouTuber, Twitch streamer, whatever it is that you are.

This week we're going to be talking about a couple of things that are kind of old. That's because I think they're important to discuss and maybe they have not been discussed enough.

Adobe Breach

There was an unsecured Adobe server that exposed data for 7.5 million Creative Cloud users.

I know a lot of people in the online space use Adobe Creative Cloud.

There is Photoshop and Illustrator for editing images. There's Premier Pro. That one's for video.

I personally don't use Adobe anymore, but it is not because of any data breaches or security problems. It was actually just because I got tired of paying for it.

There are plenty of great pieces of software that do the same things that are not on the subscription model, and I just have subscription fatigue.

Anyway, that's not the point of this episode, so let's get back to it.

There was a security breach and basically what they got was, according to hackernews.com, thehackernews.com, they got email addresses and account creation date, the Adobe products that the users subscribe to, subscription status, payment status, member IBS, country time since last login, and whether or not the users and Adobe employee.

This is a great reason to make sure all of your passwords are different, but nothing in here is particularly scary.

However, some of this information can be used to prove your account, which means someone could call Adobe support and get access to your account based on some of this information.

Assuming that the person on the other end of the phone has not been trained properly and preventing against those sorts of things.

My recommendation is if you use any Adobe stuff, go through and change all your information, including email addresses, if you can.

But especially your password, even though they didn't get that you just really want that stuff to be covered.

US Senators seeking NatSec Review of TikTok

Next, we've got senators, US senators, are seeking national security review of TikTok and that's because TikTok is a Chinese company.

They've been known to delete anything critical of the Hong Kong protests or critical of China involving the Hong Kong protests.

Really anything involving Hong Kong protests, actually. I think they're just, they're deleting anything like that, blocking it.

It seems like they may be under China's thumb, but also they may just be covering their butts. Hard to tell.

They said that they are not under Chinese government influence, but I mean, how can we really be sure if they were under Chinese government influence?

Of course they would say, "no, we're not."

So it's kind of hard to tell, especially considering China has more control over the internet in their country than any other country. And I mean that in a bad way.

I mean the government is in control of the internet in a way that censorship is worse in China than any other country in the world.

If you're using TikTok, I don't know. Just make sure that you don't have anything real bad on there.

I guess don't give away too much personal information, but that should be part of your social media policy anyway.

You should not be sharing anything really personal on any public social media.

I actually just got a TikTok myself and I'm checking it out and I will report back later on how I feel about it.

CEOs Responsible for Data

Finally, we are taking CEOs into account for the things that their businesses do.

This is something that I think a lot of us have wanted for a long time, particularly me. I'm not a huge fan of how CEOs can get away with anything when their companies are the ones that suffer. Or employees or whatever.

The truth is, is that everything should trickle up, not down, as far as responsibility goes.

The employee is the responsibility of their superior, and that trickles all the way up to the CEO.

So anything that any employee is doing is the CEO's responsibility. And I feel that way about big companies and small companies.

The fact of the matter is, is that as a CEO, you are in charge of setting the precedents in your company.

So now we've got the Mind Your Own Business Act, which was put together by Senator Ron Wyden and would send CEOs a jail for 20 years if their companies are found lying about misusing the information of their customers.

This is cool.

It's related to the consumer data protection act. This bill requires companies to submit annual data protection reports, confirming that they have complied with all of the regulations and also pointing out anywhere where they failed.

This is any company that holds data for more than 50 million people, which is kind of a lot, or over a million people if they make more than $1 billion in revenue.

This is great, but it's really only affecting major corporations.

This kind of thing needs to affect all CEOs. Anybody who has somebody else's data needs to be held accountable for what their business is doing with that data.

Regarding the Nord VPN Breach

This is a little bit of old news now, but it's something that people still seem to be complaining about and that is that Nord VPN was breached.

I want to cover what actually happened here with the Nord VPN breach.

It was one server and it exposed some of the traffic that was going on on that server at that point in time.

It did not expose passwords or IP address or even really very much information.

It was one specific server out of however many Nord VPN has, and the likelihood of that being you at that point in time is extremely unlikely.

I don't use Nord VPN personally, I don't have an opinion on it. I've actually never used it.

I think it's pretty cool that when I'm sitting at a bar and they have sports channels on NordVPN has commercials and I liked that because I want everybody to be using VPNs.

Personally, I use Proton.

As far as Nord VPN, they're not a sponsor. They're not anybody that I've tried. I have no recommendation nor disdain for them at all.

The truth is this stuff happens.

It wasn't that bad of a breach, but it just goes to show that everything is hackable and that's, that's the fact.

You should always protect your stuff, have different passwords for everything. We talk about password managers in episode one.

You should be using VPNs regardless, and if you have Nord VPN, I wouldn't worry about it.

If Nord VPN works for you, then stick with it. If you want something different than go ahead and change if you're not comfortable with this.

It's important to note that the content of the websites likely would have hidden due to encryption, which is one of the company advisers said.

This wasn't the worst breach I've ever seen. In fact, that's probably one of the least bad breaches I've seen of late, and people are still freaking out about it, and it's just not worth freaking out about.

This isn't a huge deal.

Just practice proper security, personal security. That's what this podcast is all about, and you'll be fine.

And again, you can keep using Nord VPN if that's what you use. I would not worry about it.

Also, side note, you should probably be aware of that pretty much everything is going to get hacked at some point in time. In fact, a lot of things have been hacked and you don't even know it yet. Some things have been hacked and the companies don't even know it yet.

It happens and that's why we have this podcast. That's why we protect ourselves ahead of time. Instead of being reactive, we are proactive.

Is Gradient Storing Your Photos?

There's a new app going around that everybody seems to like . it's called Gradient and people are using it to see what celebrities they look like.

It's a celebrity matching app. You post a picture of yourself and it matches you with a celebrity in like this gradient form where there's four pictures from left to right and there's your picture and then a celebrity and then it gradients you to that celebrity space.

Kinda like the Animorphs books, if you remember that.

Overall, it's a pretty cool looking app, but I don't trust any apps where you upload pictures. Or really anything else to it.Especially pictures.

I don't like putting my pictures on the internet unless I have approved it. I don't want people that I don't know having copies of my pictures, especially in companies.

I know that if a picture of me is on the internet, someone can just right click and save it. That's just the nature of the internet.

But I don't want companies to be storing pictures of myself. I don't like Facebook storing pictures of myself. I don't really want this one that I don't know, storing pictures of myself.

It just seems weird to me.

Like I said, I just don't trust it. It seems like a lot of people don't trust it either.

I recommend not using this until we know more about it. That's really my recommendation.

Closing Remarks

All right. That's all I got this week for you. Thanks for listening. Again, this is the Your Secure Life podcast. My name is Garrett.

You can check out all of our past episodes at YourSecure.Life.

We don't have any sponsors and that is by design. I don't like having commercials. I don't like listening to commercials.

So the best way you can support us is you can go to YourSecure.Life, you can share it with your friends.

You can go to iTunes and subscribe and leave a review.

In fact, I encourage reviews, especially because I would love some constructive feedback.

If you left a bad review previously and we've improved, I would encourage you to please go and update your review.

Another way you can support us is by going to YourSecure.Life/guide where there is a five step guide for you to clear off your digital footprint.

That's all your junk that the internet has collected from you over the years. You can clean it all up in five days or less.

In fact, you can actually clean it all up in one day if you just took a Saturday.

There's this guide that talks you through the whole process. It's got links to everywhere you need to go. It's everything you need in one handy little guide.

Go pick that up at YourSecure.Life/guide.

Your Secure Life podcast is a project from Approaching Utopia, and you can check out more about Approaching Utopia at ApproachingUtopia.com.


Sometimes stuff pulls the wool over our eyes and gets us. Sometimes our information gets out there other ways (like through breaches). We can minimize the damage with just a few actions. Get the free 5 step guide to clean up your digital footprint.

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .