Just came up with my father again.
He blames me that mother forgot her phone’s and Google password because I recommended against it being a word.
I mentioned encryption, “not necessary unless you’re doing something illegal”.
When mentioning lack of privacy with targeted advertisements, he said that he actually really likes them, because he bought a couple of things he wanted for years.
I don’t really have good arguments.
Ask them to unlock their phone and give it to me. If they have nothing to hide from me, then they truly have nothing to hide from anyone since I probably dont hold power over them (nor do I care to).
If they say yes, I show them that im going through their photos, location history, browsing history, texts, emails, all the usual suspects for surveilance. If they’re ok with all of that, then by God they truly have nothing to hide.
If they say no, I ask them why. Try to let them find the answer for themselves.
Most just refuse, which is a good reminder to them that everyone has some secrets to keep. Even if they’re completely innocuous.
EVERYONE has stuff to hide.
It may not be illegal, but there are a lot of stuff I don’t want to be public knowledge, as it would be highly embarrassing if they got out.
This is the same for everyone.
Then we need to discuss the illegal stuff, I am talking about stuff you wont even realize is illegal, or things that you did decades ago that is so minor that you never even thought about them.
In my generation, one classic part of growing up was torrenting just about anything you could find. I never considered it illegal at the time, but I sure as hell wouldn’t want the popo start investigating me.
I see it like this, if you have nothing to hide, you can’t be trusted.
As for your father’s misplaced blame, he should be annoyed that neither of you wrote down the password, not that you used a word as a password.
“We require privacy not to conceal our own wrong doing, but to protect against people who would abuse their authority to pry into our lives and do us harm by misrepresenting what they find.”
Years ago, I heard a lecture by the guy who investigated the case referred to in the article below. Thieves and con artists are a legitimate concern. Or at least they should be.
From the Batesville Daily Guard - Batesville, Arkansas
After fighting identity theft for seven years, country singer/songwriter David Lynn Jones is ready to take back his life.
During that time, Jones, on paper, was three people – and at times, four.
“Two guys were playing me,” Jones said. “It’s unimaginable, until you go through it . . . that someone who doesn’t even look like you can steal your identity. The damage,” he said, “is incalculable.”
Jones may be ready to sing “I Feel A Change Comin’ On” again. That’s the title of one of his singles from his heyday.
During better times, Jones released four acclaimed albums – “Hard Times on Easy Street” (1987), “Wood, Wind and Stone” (1990), “Mixed Emotions” (1992) and “Play by Ear” (1994).
His charting singles include “Bonnie Jean (Little Sister)” which was also a popular music video on television, “High Ridin’ Heroes” (with Waylon Jennings), “The Rogue” and “Tonight in America.”
He may be best-known for writing “Living in the Promiseland,” a No. 1 hit for Willie Nelson.
While Jones kept writing songs during the past seven years, he could not release them because the identity theft culprits were getting his royalty checks by having the checks sent to their address. Much of the time, that address was in Colorado.
Now, Jones and his wife, Illa, who live east of Cave City, are looking forward to teaming up to record and release a new album.
He also has unreleased albums from the past that can now be put before the public.
“There’s five (previously recorded David Lynn Jones) albums that never were released,” Jones said. He plans to make those available to buyers on the Internet within the next few months.
Fans should be patient, though, because it may take quite awhile, he said.
In February, Baxter County sheriff’s investigators arrested Danny James Sullivan, who was working at a McDonald’s in Mountain Home under the name David Lynn Jones.
Sullivan was also drawing disability checks from the government under his own name while working at the McDonald’s under Jones’ name. His aliases include Danny J. Bass and Danny J. Rader.
A day later, acting on a tip, the alleged mastermind of the plot, Janis Rae Wallace, was arrested at a home in Fayetteville. Wallace is also known as Janis French and Janis Rae Jones, the name she used while posing as the real Davis Lynn Jones’ “wife.”
She’s even booked into the jail as Janis Rae Jones.
Wallace and Sullivan, both 51, remain in jail – she, on a $500,000 bond and he, on a $200,000 bond.
They are each charged with nine counts of felony financial identity fraud, according to an affidavit filed with the charges and signed by sheriff’s Sgt. Bob Buschbacher.
The information filed with the charges and in arrest reports matches the story told by Jones – the real Jones.
“Those are all federal charges,” Jones said.
The theft started, Jones said, when Wallace stole his driver’s license while working for him.
“At the time, my Social Security number was the same as my driver’s license number, and with just that information, they infiltrated my life,” Jones said.
Soon, he was getting no mail. It was all going to the fake David Lynn Jones’ address via an address change. The mail included preapproved credit card applications that the thieves filled out; after they maxed out the cards, they reported them stolen.
“Among the stolen items via mail were personal checks and business checks from music royalties the victim had earned as a songwriter and musician,” Sgt. Buschbacher said.
“They had ‘me’ moved to Colorado; my phone was shut off,” Jones said. “This was back in 2002 . . . . By the time we realized what was going on, we couldn’t get it stopped. They wound up with my royalty checks from publishing music,” including royalties from “Living in the Promiseland.”
Buschbacher said that in the beginning, to further the identity theft scheme, Sullivan, posing as Jones, filled out an identity theft passport request victim information sheet and submitted it to the attorney general’s office. Then, he obtained an Arkansas driver’s license in the victim’s name.
Meanwhile, Jones’ elaborate and well-known recording studio at Bexar was stripped of all its expensive equipment.
“I still own the studio,” Jones said Saturday. “It’s for sale and has been for some time. These people had gone out there and took down the for sale sign and put up no trespassing signs. They were drawing money out of my checking account, which eventually caused me to be overdrafted,” he said. His interest rates were doubled because of a bad credit rating.
And to add insult to injury, Wallace convinced people who dealt with Jones financially that someone was trying to steal her identity (“She was speaking as my ‘wife,’” Jones said). So, those who could have helped would not even listen to the real Jones.
“When we started talking to credit card companies and banks, they didn’t believe it (was me),” Jones said.
The crowning portion of the identity theft scheme was yet to come.
“They started telling everybody I’d been in a horrible accident in Colorado and I was in a wheelchair and I couldn’t play and sing anymore,” Jones said. “She even wrote a letter and sent it to all of my family saying that.”
Since he had been busy with his work during the earlier part of the problems and hadn’t been in touch with family members regularly, several of them even believed the accident story, he said.
“My mother (Verna Jones) passed away during all of this and we were trying to make funeral arrangements,” and a check his brother mailed to help with those expenses went to Colorado into the thieves’ hands, Jones said. “Even my own brother didn’t understand what was going on. I told him I never got the check . . . . It’s so crazy when you’re actually experiencing it.”
The investigation revealed that Wallace and Sullivan obtained a Social Security card, a Colorado identification card and the Arkansas driver’s license, all in the name of David Lynn Jones. Wallace then obtained power of attorney over Jones, claiming he was mentally disabled due to the fake “accident.”
Wallace and Sullivan were even filing joint federal income tax returns as Mr. and Mrs. David Lynn Jones. Those returns were filed in 2006, 2007 and 2008.
Jones said as soon the investigation revealed the first name of the suspect, he knew who was behind the scheme even though she was giving her last name as Jones. Still, the identity thieves stayed one step ahead of authorities for a long time.
Before being arrested, Wallace and Sullivan were trying to get the title to some land Jones owns in Baxter County, authorities said.
A break in the case occurred 15 months ago when Wallace, as Mrs. Jones, and Sullivan, as Jones, applied in person for an identity theft passport at the Arkansas Attorney General’s Office.
As soon as Wallace and Sullivan were arrested, investigators obtained search warrants for their houses. Jones said several items found in their homes could only have been obtained by their breaking into his home east of Cave City, where he and his wife have lived for five years.
“We’ve known for years things were being pilfered, things moved around. They were hanging out in the woods, watching for us to leave (so they could get into the house).”
Investigators found pictures and other items taken from inside Jones’ house, as well as photos of the house taken from the driveway.
Jones said officers on the trail of the crooks had been advising Jones for months to be alert and stay well-armed, because one possible logical next step could be to eliminate Jones and his wife, so the identity thieves “could become us. That could have been the last (planned) step,” particularly with them applying for the identity passport, Jones said. “Who knows what would have happened next?”
He has high praise for the attorney general’s agent who felt something was wrong when Wallace and Sullivan approached him about getting that passport.
“That’s what got them caught,” Jones said.
The agent was suspicious enough to go into another room and look for pictures of Jones on the Internet. The pictures did not match the man claiming to be Jones.
“If it had not been for the attorney general’s office, it’d still be going on,” Jones said. “The attorney general’s officer said it was the worst case he’d ever seen in all his years of investigating identity theft.”
Baxter County Sheriff John Montgomery said the investigation involved personnel from the attorney general’s office, the Social Security Administration’s Inspector General’s office and the sheriff’s office.
Jones said he expects he still has years to go to clear the damage to his name.
When asked what the identity theft has cost him, Jones did not give a dollar figure. Instead, he said quietly, “It’s cost me seven years of my life.”Easiest way to explain privacy imo is simply just saying: “If you have nothing to hide, then why do you shut the door when you go to the bathroom?”
Aak if they’re chill leaving the bathroom door open next time they use the restroom so you can watch. They have nothing to hide, right?
Cool, he has nothing to hide, but when people want to get at you, they will invent things. They will decide regular human behaviours are morally abhorrent, and they will have an infrastructure to enforce that.
It’s not about things that are wrong, it’s about preventing abusable tools from existing.
If someone is willing to just invent things to get at you, privacy isn’t going to save you.
Absolutely, that’s why we need to prevent things that would enable abuse.
There’s always going to be people pushing for more power, and we need to be alert because that power will endanger people. We’ve seen that in America, we’ve seen that time and time again throughout history. Unchecked power causes abuse and dead people.
It’s going to be a balancing act, naturally the role of government will require some level of power over it’s people, but ideally the people also get a say in that.
The biggest roadblock to our own safety in that regard is complacency. Why else are we being turned into passive consumers? Those with money know it’s easier to manage a docile consumer population than it is to manage something like France. Strong consumer rights, and the general willingness of the population to actually get mad and start wrecking shit have left them in a largely advantageous position.
So yes, I believe you should push back even on the small abuses of power and privacy, both because it’s important, and because it gets you used to pushing back when actually abuses of power start occurring.
Privacy is important so that nefarious individuals don’t steal your identity, and everything you worked hard for, in your lifetime.
If they have nothing to hide ask for all of the following; all passwords, to everything (internet, bank, shopping accounts, investments, etc.) Bank statements Tax returns Get a set of keys for their homes, cars, businesses, etc. Remind them that you will be allowed to come over at any hour of the day or night and look through every nook & cranny of their property. If someone really is an open book, let the snooping begin. And also remind them that you will share whatever information you feel like with anyone you choose to, publicly.
Privacy prevents people from being abused, stalked and taken advantage of. Privacy is a form of personal security. That’s why we lock the doors at night.
Google sucks, but one thing I think they did right was giving you a way to print out a list of one-time passwords that can be used to recover an account if you forget your password.
2 big things for me.
First is that everyone, and I mean absolutely everyone has something they want to hide. People assume “I’m not a violent person or a criminal” except yes you are, and you’ve done something. A great example is everyone in the US speeds, absolutely everyone. Does that mean you want every office to know every instance of you speeding if you get pulled over? So, yes everyone has something they’d rather not say.
Second is more of an example of you should be allowed to go places without everyone knowing. The example was about 5 years ago police used location data to find a person who broke into someone’s home. Problem is that the location data they used returned one person who happened to be on that street around the same time. They were riding their bike down the street. To the police they had the person there, they had proof, it was good enough. Except it wasn’t, and he obviously wasn’t the person they were looking for. Location data put him there though, and sold him out. So maybe not the best thing for whoever to know exactly where you are at any given time.
As for encryption, ask him for his porn history. If he gets upset, just say “why it’s not illegal”
but, I agree with the other person. If you’re dad is like mine and countless others, you’re not fighting against him but propaganda. If that’s the case, you aren’t going to win this. The only winning is turning off the source.
I wouldn’t say everyone speeds as not everyone even drives. The biggest thing for me is that even if you don’t have something you’re ashamed of it could still be something you could be targeted for, like political views, disability or gender identity etc.
Ask him for his banking details.
In the end of the day, we have digital security for the same reason we have physical security, like a lock on your door. You can take a horse to water but you can’t make them drink, so let him learn the hard way.
I’m going to be real. I was part way through an explanation before I deleted it. What you are dealing with sounds like a situation where you simply won’t win by using logic. To continue to labor under the presumption that a good and logical reasoning will have an effect is just going to stress you out and achieve nothing.
Google password because I recommended against it being a word.
IT nerds help me out here, but I’ve been under the impression that the best defense against brute force attacks is a very long password, and the idea of sprinkling in special characters or numbers is outdated. Something like “iwenttothestoreandboughtabirthdaycake” is a more secure password than “$6jds_*WghP6”.
edit: Also the mantra to never write down any passwords is more of a workplace piece of advice. I personally think, and this would probably be helpful for older people, that writing down passwords in a notebook which is kept secure in their home is pretty safe. Short of a home invasion, that notebook is safe, and having it can encourage them to diversify their passwords on different accounts. So, if you are going to keep at the issue, taking an angle of using something they are more comfortable with like a paper notebook is going to be accepted more easily than trying to sell them on a password manager or something.
It doesn’t even have to be that long. 12-16 characters and it’ll be infeasible to brute-force for the foreseeable future. But unless you’re talking a high-value target like government, military, or executive suite at a company, no one bothers to brute-force anyway because there’s easier ways to gain access.
The biggest issue with password security is reuse and sharing. The most secure password in the world doesn’t mean a damn thing if you use the same email/password combination across a hundred different websites, because all it takes is for just one of them to suffer a leak and now your credentials are in a dump with millions of others that can be bought for a song and a dance.
This is why it’s imperative to use 2FA for your most important accounts, because it can mean the difference between an attacker getting access and hitting an error page and trying the next poor fucker’s credentials instead.
But also, no one wants to try to remember a hundred different unique passwords so it’s also a good idea to use a password manager. Chrome and Firefox both have them built-in (note that Firefox stores passwords unencrypted on disk unless you set a master password!), but there’s also services like OnePass or Bitwarden that have stronger guarantees.
While being aware that leaking passwords and reusing them is a major risk, I was just asking about the construction of the password as it relates to being attacked directly.
But also, no one wants to try to remember a hundred different unique passwords so it’s also a good idea to use a password manager.
Absolutely. I recommended the notebook approach only because I think people of a certain mindset would be more open to it than a password manager, even if it isn’t as elegant of a solution. At the end of the day it still diversifies passwords. I’m vividly picturing my mom throwing a fit any time a doctor or other office wants her to fill out a form on a tablet instead of paper.
Is there something that would perhaps also work on Android? Also, how do you move the passwords from password manager into the fields? My problem with clipboard is that anything can read it. Of course, that means there has to be something to exfiltrate the data, but 1 problem is better than 2.
Password managers on Android (and frankly all platforms) actually try to avoid using the clipboard. They prefer the auto-fill service, which is intended for applications just like this. Unfortunately this isn’t working in all cases, but you can also set your password manager as a keyboard (temporarily), so it can directly input a selected username/password without anyone else seeing it.
Examples where I know this is the case are open source keepass options (Keepass2Android, KeepassDX). But I’d assume bitwarden and the like also work this way.
Most of those password managers are also available on android, and automatically clear the clipboard after 30 seconds.
But that’s a bit like plugging a leak when the tanks empty. If they managed to get a tool onto your device to read the clipboard, what else is there to get? They’ll almost certainly have a key logger installed as well, if not a full backdoor.
And that’s assuming they’ll even go through the effort of installing anything and not just using ransomware to brick your device.
The first thing about security is knowing who you’re defending against, and you’re not defending against targeted attacks by nation states (if you as an individual are, you’ve already lost). Your main adversary is spray-and-pray “script kiddies”, maybe the occasional private actor.
I was thinking of Android, and whatever some apps may be doing. They should already be pretty limited in what they can do, so it might be forced to just read the clipboard from time to time and hope you don’t notice (android now shows pop-up when something reads clipboard).
Keypass has apps which supposedly support autofill (I’ve never bothered with setting them up because I hate using a phone), but it might go through the clipboard. You can also set it to clear the clipboard so its at least not just sitting there indefinitely.
For my parents I save their passwords into my password manager whenever I set stuff up for them after learning the hard way several times.
As far as I know, the thing is that randomly chosen words will be more secure because there’s simply too many words. However, sentences will be more predictable. And a single word will give quick access to someone with a sufficient wordlist.
Honestly, I don’t remember what exactly my recommendation was, just that I recommended against something quite simple (common word), and that she shouldn’t tell me or anyone else what it is.
Edit: but I am not a professional, so don’t use me for advice.
The difference for random Vs chosen sentences is when brute forcing a password (short of a few common or predictable sentences) the attack works by trying out combinations of different words randomly (if they’re even that advanced in the first place instead of using characters). That means any sentences you come up with, based on 3 things in the room, are so unpredictable that it doesn’t matter that they aren’t truly random.
You can also change the space characters. Use - then _ then + and repeat:
Instead of
iwentshoppingformilklastsaturdayuse can usei-went_shopping+for-milk_last+saturday. The amount of variables are just too high for it to truly matter.Now all you need to deal with is the banking login being so poorly designed it only allows a max of 8 characters or BS like that, in which case you’ve lost before you even started.
in which case you’ve lost before you even started.
And once I came across even better limitation. “Only English characters and numbers are permitted. Passwords are case-insensitive.”
OK, the last one wasn’t actually mentioned, but I just found out the case didn’t matter either.Yikes, you just know those are stored in a file called
passwords-donotsteal.txt…The fourth largest bank in America, Wells Fargo, has cases insensitive passwords
deleted by creator
You don’t lock the doors of your house because you have something to hide, you lock it because you have valuable things you want to protect.
Your dad’s fear is not the government (whether or not it actually should be), but he should have a reasonable fear of criminals taking his money. Technology has made it easier than ever to be robbed but also created better locks than ever to fight the criminals.
Everyone’s got something to hide.
For example, I like to keep my credit card number secret from criminals.
Then they should be willing to submit to deep hypnosis, with the end result being them telling ALL of their darkest secrets, all on a live recorded broadcast.
