So, some guy named Jamie McCreedy, has something against me apparently, because he found my instagram, screen capped all my photos that are meant to be body positive (underwear photos, posts about how I finally feel sexy) all my posts about my past abuse, and sent them to my dad on like August 10th. 

However they went in to the “other” folder on facebook. 

I had no idea, until he messaged us through gofundme just now. Saying for my dad to check his other folder. 
I was on my dads account because he had just left for work, so I went opened the message and saw it all. 

Jamie saying saying he’s “worried.” about me because of the photos I’m posting, and what I’m talking about, saying I’m talking to overage guys and showing my body everywhere. I deleted the message and blocked him on both of our facebooks. 

1. I am 18 years old. and all those photos were taken AFTER I turned 18, and they aren’t even meant to be sexual.

2. I talk about my experiences because I need to, it helps me. My dad knows not about some things because it isn’t his business.

3. HOW DARE someone even do that to me? None of that’s my dads business, and he doesn’t care what I do. He told me when I turned 18 that I’m a grown adult now, I can do what I want as long as I’m safe. so there’s no fucking reason to send him a message, with all my stuff he doesn’t need to see, because IT’S MY CHOICE to do those things and he can’t and wouldn’t tell me stop, but what would happen is it would be insanely awkward, and I’d have to tell my father about what happened to me, bringing up everything from my past, hurting both of us.so screw you. I can’t even comprehend this.

I am seething. 

By the way I told my dad about it, and he said and I quote, 

“Tell him to go fuck himself.” 

So yeah, nice try trying to make my extremely feminist dad mad about me making my own choices.

RULES FOR LIVING YOUR LIFE SURROUNDED BY INTERNET

1.
Assume everything you do and say will be made public.

2.
Do not be seduced by privacy settings and passwords, which are temporary illusions that distract from the reality of the previous point.

3.
Understand that context and data are often one in the same. When you enter information on the internet, assume that you include the who (you), the what (the data), the when (the time of data input), the where (the site on which the data is being placed), the how (the device on which you input the data), and the why (the purpose of the site).

4.
Believe that all of your credit card transactions are being kept in a colossal, searchable ledger that one day will be made available for all to study.

5.
Believe that data does not disappear when you delete it.

You’re welcome.

3

A Facebook intern exposed a big privacy problem — so they fired him 

When Aran Khanna released the Marauder’s Map, a browser extension that lets you track your friends using their Facebook Message location info, he thought Facebook would be impressed. He was, after all, a few weeks away from starting an internship there. They did notice and released an update to Messenger that ramped up location-based privacy. Then Facebook fired Khanna — and for a pretty absurd reason.

The news that hackers have released a gigantic trove of data from the servers of infidelity enthusiasts Ashley Madison provides us with another chance to see how we really feel about this brave new world of ours. It’s easy to laugh off this particular hack—the users of a super-skeezy website whose motto is “Life is short. Have an affair” do not immediately elicit sympathy—but that would be a mistake. Feeling untroubled about such a massive breach of privacy is as misguided as thinking that government surveillance is only a problem if you’ve “done something wrong.” The point isn’t the morality of the players; it’s our loss of control over our lives. We can’t function without the internet, so does everyone’s tolerance of privacy invasion mean that the standards around our expectation of privacy have been lowered?

It’s easy to mock the unlucky philanderers whose information was exposed. But we’re in uncharted territory now.

Windows 10′s Parental Controls: Watching and Warning

With Windows 10, Microsoft has made their family account settings more visible and easier to access than ever before. These settings have been available since Vista (requiring separate downloads in Vista and 7, natively available in 8), but somewhat more obscure and not as feature-rich as they are now, and, for the most part? These are really smart, fantastic tools for parents, including things like screen time limitations, web and application filters, and prepaid balances for a child’s Xbox/Microsoft account to allow them to make purchases without having unfettered access to their parent’s credit or debit card.

Unfortunately, the family settings also include (and, again, have always included) activity/web reporting, and there is a very justified concern that this kind of reporting could lead to the careless (and dangerous) outing of LGBTQIA kids to bigoted parents.

To be honest, the way this information was presented made it sound somewhat Orwellian in scope, so I decided that I would investigate by setting up an old throwaway Live account I made to share pictures of my daughter with family as a child account.

Most of the administration is done through the web interface at account.live.com, under the family tab. Once you click through to the child’s account, this is the first screen you see, exactly as it appears on a new child account:

As you can see, both Activity Reporting and emailed reports are enabled by default. Parents have to intentionally turn these features off if they are using a child account.

Somewhat more surprising, web filtering (under the web browsing tab) is NOT turned on by default. I went ahead and enabled it for my tests to see what was allowed and blocked by default (whitelisting and blacklisting sites is very easy).

For some strange reason, my child account would not allow me to take screenshots, but I captured screens with my phone.


This notification greets child accounts EVERY TIME THEY LOG IN, which immediately made me feel better about what MS is doing (more editorializing in a bit). Any time a child logs in to their account, they know if they are being watched, which is a big deal.

Next, I decided to do some testing of blocked and reported content. The parent account had already installed Chrome and Firefox, so I loaded up all three browsers and tried visiting various webpages.

Major news sites largely loaded with no issue, and visits to most of the common gaming sites were no trouble. Strangely enough, Kotaku must have been flagged as having potentially objectionable content, because I got this screen when I tried to visit:

Other sites that were more likely to be outright blocked, such as Reddit, did not return any error at all - they simply did not load. Google.com also did not load (I presume this is because because Microsoft can’t force Google to load only “safe search” results), though Google accounts loaded just fine, as did Google ad services.

Because I wanted to get a good idea of what the parental controls were and were not capable of, I tried to go into InPrivate/Incognito mode in all three browsers. The keyboard shortcuts were disabled, and any options to open new windows in these private modes were simply missing. I didn’t expect so simple a workaround as using a different browser to work, but it’s always worth checking for the basic vulnerabilities in a system first.

Next, I tried to download and install the IPVanish VPN client. I did not actually try to visit any websites with it active, because installation AND program use both require admin privileges, which the child account does not have, so a child wanting to use a VPN would have to either know their parent’s password (in which case these family settings could be bypassed anyway) or have their parents supply the password every time they logged in. Even if the VPN hides their activity, the necessity for parental involvement makes it worthless as a tool to avoid parental invasions of privacy.

Finally, I tried a few web-based proxies (specifically: hide.me and proxfree). Bing will happily search up free proxies for restricted accounts, and using the proxies, I sailed right through to previously inaccessible sites with ease. Kotaku and reddit both loaded right up.

PARENTAL RESULTS

With a nice browsing history worked up, I logged back in to my parental account to see what my snooping eyes could see and found out something interesting: parental accounts do NOT get real-time web reports. All night long, my parental account had a blank screen for web history. The next morning, it had populated the previous day’s activity. This means that parents can’t just sit and monitor a child in real time, so no “catching them in the act.”

The following morning, the parental account had a full history

You’ll notice that it shows attempts to visit questionable websites that require permission, but it does NOT show attempts to visit sites that it simply refused to load, like reddit. You’ll also notice that in the right-hand bar, there are “block” and “allow” buttons that enable instant white and blacklisting.

Here, you see that the hide.me visits are reported. The good news is that, since this reports shows EVERYTHING, including EVERY SINGLE AD AFFILIATE, a parent who doesn’t know what they’re looking for could very easily miss this proxy in the noise. Parents who DO know what they’re looking for, though? Chances are good they’ll see the proxy visits if they take the time to actually sift through the entire report.

Each root site listed can be expanded into a more detailed view. Fortunately, hide.me was as good as its word. Here is the detailed view from those 4 visits:

Parents can block proxies as a child uses them, but there are a LOT of proxies out there, so that is a Sisyphean task, at best.

Another important thing to note is that, while unique URLs visited are reported, a child’s search history on Bing is kept private.


Past the web history, these are the other stats collected on a child account:

There is no explicit data given to parents here (no screencaps or DVRed activity), but parents can easily block apps their children should not be using, and the screen time limit is a very good tool for younger children.


Tim’s Theory:

Once I saw that Microsoft warns child accounts at every single login that they are being watched, I started developing a theory:

Microsoft understands the privacy concern of spying on kids, and they’re trying to get in front of it and give kids the power to protect themselves where they might not otherwise have it.

There have been tools to allow parents to spy on their kids for as long as there has been internet access for parents to spy on. A lot of these tools are just prettied up versions of spyware that you would never, ever want on your computer, but a parent who is determined to spy on their kid usually doesn’t care.

By integrating parental controls that include spying by default, Microsoft can give parents a “safe” monitor while also warning kids that they are being watched. This means the computer and its users are safer (no keylogging, screencapturing, or camera hijacking for third parties to gain back-door access to), a child’s privacy is safer (passwords, even for logging in to the computer, are not revealed to a parent).

By not turning on web filtering by default, MS may be trying to subtly suggest that, rather than blocking your kids, you should be talking to them.

By not blocking even well-known proxy servers when web filtering is turned on, MS is giving kids an escape route from watchful eyes.

I would be far more comfortable if the spying were not turned on by default, but I feel like MS turns it on by default (and makes it sit right at the top of the page in the family controls) to make parents think about what they’re doing to their child’s privacy.

Everyone has to learn how to protect their privacy online, and, unfortunately, that includes kids. There are ways to be smart about “forbidden” websites. Kids at risk of having secrets exposed to their parents need to be made aware of how to be safe.

The biggest and best advice to keep yourself safe when being watched? Do a LOT of “not secret” browsing. Flood that report with “normal” websites, and keep your proxy visits to a minimum. Make it look like noise in the report. When you are on the proxy for something, make sure you go to a non-proxy tab every so often and click through to a new thing.

Also, don’t use just one proxy. Make yourself a list of proxies. Here are a few to start with:

http://hide.me
http://www.proxfree.com
https://www.vpnbook.com/webproxy
http://www.proxy4free.com/list/webproxy1.html

You should not have to protect yourself from your parents, but knowing you’re being watched is a more valuable tool than you might think.

And if you’re a parent reading this? Instead of stalking your kids, try talking to them, instead. They deserve their privacy.

Some handy tips for helping protect your friends' privacy online

1. If their Facebook posts are friends-only, do not share them with people outside of their friends list without permission!

2. If your friend’s public-facing accounts clearly only use their first name (I am an example of this), then do not publicly reference those accounts with their full name! Nobody needs to know your friend’s last name if they choose not to publicize it!

3. If your friend uses a pseudonym as their online handle on some platform (this can be either an alternate name or a made-up handle like many people have on Twitter), then only reference their presence on that platform using that pseudonym! As a general rule of thumb, just refer to the person however they refer to themselves in a given space.

4. NEVER share screencaps from a closed/secret Facebook group (as opposed to an open group, in which all posts are public) without permission. I don’t care if someone annoyed you.

5. Don’t let the ridiculous furor over “vaguebooking” keep you from guarding someone’s privacy. One person’s “vaguebooking” is another person’s “sharing personal frustrations or problems without dragging another person out for public shaming.” It’s perfectly legitimate to just post, “I saw a post that conflated being bi with being someone who cheats, and here’s what I think about that…”

6. Even if someone’s posts are public/findable, be careful about sharing them if you have a much larger online following than them, wield disproportionate influence, and/or know that you have trolls or bigots among your following. You may be The Best Person Ever but your followers might not be. Be honest with yourself about this and don’t get defensive. Help keep your friends from being deluged with online harassment and threats.

7. If you want to share screencaps, even of a public post, ask first, because there’s something about screencaps that many people find uncomfortable and a little creepy even if the original post was public.

8. If unsure, just ask. Safe is definitely better than sorry when it comes to privacy, especially for marginalized people, especially for marginalized people who are not “out” in some significant way, and especially for people who may have abusers or stalkers. We already have to deal with malicious people trying to destroy our privacy, so we should be able to count on not having our friends destroy it carelessly because they didn’t stop and think before posting.

It’s worse. Because if you look at CCTV alone, at least Winston [Winston Smith in Orwell’s novel 1984] was able to go out in the countryside and go under a tree and expect there wouldn’t be any screen, as it was called. Whereas today there are many parts of the English countryside where there are more cameras than George Orwell could ever have imagined. So the situation in some cases is far worse already.
—  Joseph Cannataci, UN privacy chief, on how modern surveillance is already “far worse” than what George Orwell imagined.

I can’t believe people would think it’s okay to just show up at markiplier’s door at random times. As a community with a lot of people who understand what it’s like to be introverted, anxious, depressed, phobic, etc. I don’t understand why people don’t get that he is the same as everyone else: when he’s at home, he might not want to interact with anyone. You might be triggering severe anxiety in him and you’d never know it because you’ve never thought that far. I know if someone showed up to my house that I didn’t know and expressly invite over, I’d be absolutely terrified. I have well-hidden social and general anxiety and I get uncomfortable enough when someone I don’t usually talk to Facebook messages me on my day off. I can’t imagine strangers showing up to my house. And that’s why he’s moving: you’ve likely scared him and at least made him intensely uncomfortable by intruding upon him when all he wants when he’s home is privacy. That’s totally unfair, especially because he cares so much for this community even after people have done stuff like this countless times. He shouldn’t have to ask people to leave him be. He shouldn’t have to uproot his life just to HAVE a home life. Yeah, Markiplier is a public figure. But Mark Fischbach goes to lengths for his privacy and now his personal life is being disturbed to the point that he’s moved several times within the past year. He’s not a high-profile A-lister with publicists and bodyguards. He didn’t sign up for that. Please be respectful and understand how hard it must be to have to constantly keep moving. I don’t usually rant like this, but I feel sad that he genuinely cares so much for his fans and would do anything to make their lives better but these intrusive fans don’t understand how hard they’re making his life. He loves us. Go a bit easier on him, please.

Windows 10 Privacy Settings Explained

I made this guide to explain what the privacy settings in Windows 10 do, and whether or not you’ll need them. If you’re coming from Windows 7, some of the privacy settings in 10 might seem confusing, and there have been posts from users concerned about them. So hopefully this guide will help you understand all of these settings and address those concerns. It’s a long post so everything is under a read more

Keep reading

Do you ever wonder if the various national intelligence agencies ever get caught in a recursive loop of spying on each other’s spying?

Like, maybe CSEC is spying on my emails.

The NSA is spying on CSEC spying on my emails.

The KGB* is spying on the NSA spying on CSEC spying on my emails.

MI5 is spying on the KGB spying on the NSA spying on CSEC spying on my emails.

And CSEC is spying on MI5 spying on the KGB spying on the NSA spying on CSEC spying on my emails.

Recursion is fun!

* Okay, they call it the SVR these days, but we all know who’s still in charge.