Self Hosting

I was an early adopter on Pinterest. I liked the service myself, not because I was looking for more social media, but because it allows me to aggregate links and sort them visually. I’m one of those people who navigate by landmarks, so having a visual cue reminds me which link goes to which article.

The problem is that the owners of Pinterest have been working to “improve” the site, often making it harder to use. Primarily adding more bells and whistles — that use more of my computers resources (internal memory). This makes it virtually impossible to use on my little underpowered netbook. (I can only have about 3 browser tabs open before it locks up.) So I usually do research on my big and powerful desktop computer, and the aggregate the links in Pinterest. I have an extensive link library I began to compile there during last years NaNoWriMo when I began my historical novel.

The problem is, Pinterest has recently crippled the service to anyone not signed in. This means I can’t just look at the site to find the link to the material I need, I have to sign in — and use more memory than I can afford — to access this. This is a huge problem for my own use of my own “pins.” But as someone who wants to share links to my own content, this means only people willing to sign in to Pinterest will be able to access my content.  That’s a problem.  I won’t be sharing Pinterest links anymore.

People concerned about personal privacy call that a registration wall. That’s a big part of why I stopped using Smashwords. I couldn’t use it for the purpose many authors use it — to give out free copies of ebooks — but if people have to pay Smashwords in personal information, the eBooks are not free at all. (Now I email review copies of ePubs, or people can anonymously download from TUEBL.)

And of course, there is Imgfave, another service that allows me to do much the same thing– without needing to be signed in to access my own (or anyone else’s) content.  So that will do.

Who’s The Boss?

When we use someone else’s website, they get to make the rules, and we have to follow them. They can change how the site works, or what users are allowed to do, whenever they like. If we don’t like it, all we can really do is leave. (See: MySpace)

Pinterest is not alone in retaining control over how it chooses to allow us to use its website. The same is true of every other website that “generously” allows users to aggregate content or create content for its own greater glory (and profit). All we have to do is pay them in personal information and trust the faceless people making decisions not to change it to make it unusable for us.

Off the top of my head (but by no means an exhaustive list) web platforms that control your data can includes: Twitter, Facebook, G+, Pinterest, Imgfave, Instagram, dropbox, ScribD, NaNoWriMo, LibraryThing, GoodReads, MySpace, LinkedIn, DeviantArt, Imgur, Flickr, YouTube, Livestream, Wattpad, blogspot, WordPress.com, Tumblr, Livejournal etc.

DIY

whatsinsideIf you want to control your own data, you need to host it yourself. And that certainly will sound like a scary proposition. But is it any scarier that ripping up that carpet and replacing it with the tiles you want instead? We have no qualms about Do-It-Yourself projects in the physical world, it is not so much different in a digital world. Probably the biggest difference is that there are sure to be many more how-to videos on You-Tube for doing digital DIY. You can very often talk to actual people who made the software you need online via Twitter or through email. (Ever tried to ask Facebook a question?)

blogging

I know WordPress software is licensed to share, so you can download it to your own computer and host your own blog yourself, on your own computer. It is so easy lots of small businesses do this. WordPress even allows you to port your blog hosted on its free site to your own computer any time you like.

(Which is a great way to make backups… not because I don’t trust WordPress to do so, but because like any corporate service provider, it may be compelled to remove some or all of your content on receipt of a DMCA notice (a legal process that merely requires an accusation of copyright infringement… no proof needed). If your original work is taken down in this way, you will need to prove yourself innocent and then upload your content again. Backups are always a good idea because digital data is fragile. I am not certain but I think you can host your own Tumblr as well.

social media

If you are more interested in social media than blogging, there are a growing number of self hosting alternatives out there. If you like Facebook you might want to look at Friendica or Diaspora, if you like Twitter, you can host your own GNUsocial or StatusNet instance in the Fediverse.  If you just want to be free of Twitter censorship, you can sign up for an account hosted by individual people, and there are a couple of big co-ops like Quitter and Gnusocial.de.

private browsing

I don’t know about you, but I don’t actually trust Google’s “private” browser to be private. And of course if you want more freedom from being tracked, you might want to use Duckduckgo or StartPage or Ixquick to do your web searches…

The only way to be private online is by using encryption (and even then you need to follow best practices). LONG passwords are more secure than a clever one that is difficult to type or remember.)

If you want to be secure, for email use PGP (stands for “Pretty Good Privacy”) the best (free) software; and for everything else, use TOR (TOR project). Great resources can be found at KW Crypto

And of course, you have the same problems if you use software that you don’t actually own… so Free Software is the way to go.

 

[Note: normally I would link everything but I simply don’t have time just now.  Maybe later.]

Why I Can’t See The Facebook Attachment You Shared

Sometimes I find such annoying messages in my Facebook feed:

This Attachment may have been removed, or the person who shared it  may not have  permission to share it with you.

When this happens, I usually send a direct message to the person who posted it, because I assume that if they shared it with me, they actually want me to see it– whatever “it” might be. Maybe it’s just another cute cat picture, but you never know if it might be the cure for cancer.

Sometimes when I go to re-share something someone else shared, I get a message warning me some of my readers might not see it… because the person who posted its privacy settings might exclude my Facebook friends or group mates. Maybe their privacy settings only allows their friends — amd not friends of friends — to see what they post. Or maybe it was initially posted to a closed group. Whatever the reason might be, I just don’t share it. Having such non=posts in a timeline does neither of us any good.

If the post originated with you, probably your privacy settings exclude me from seeing your attachment.

After I tell the person who posted it, if neither of us can see it, it probably means somebody complained about it… (maybe it was a breastfeeding image) and FB agreed your post violated community standards AND censored it, or someone made a copyright claim and DMCAed it.

Possibly the most annoying thing is that Facebook drops these messages we can’t see in our timelines. When you realize FB only shares some of what our FB friends post in our timelines, it seems ridiculous that these locked down messages always appear. But there is good reason for that: Facebook wants us to complain to our friends so they will make their privacy settings more open.


Oddly enough, I agree with FB that we should have wide open privacy settings on Facebook, because when we do, it’s easier to remember that nothing posted on Facebook is private.

That’s Facebook for you.

Permission or Free Culture?

Creative Commons logoDisclaimers like “this video is not owned” and that “no copyright infringement is intended” have zero legal validity.  It used to be that copyright was only enforced against commercial copyright infringement.  But we’re living in copyright crazy times.

In most of the world, any video (music, painting, movie, story poem etc.) that is created is automatically locked into copyright by the videographer/maker.

The reason Lawrence Lessig calls ours “permission culture” is because when you copy ANYTHING under such copyright law without getting permission from the copyright holder (who may not be the creator) you are committing copyright infringement.    copyright jail ~ by question copyright

Copyright infringement used to be a purely civil matter, but as it is “strengthened,” not only is it becoming harder to tell what is infringement, it is becoming criminalized, which means anyone– from school kids to grandparents — needs to be aware of this in self defence.

Since everything starts out copyrighted, sharing it is copyright infringement, which is illegal most places–  unless it is in the public domain or it is licensed to share with a free culture license like Creative Commons.

If you want people to share your story, poem, song, picture, video etc. here is the Creative Commons tool to select the license *you* want.


The Question Copyright “Copyright Jail” is by Nina Paley
 

You Need A Web Presence…

… if you are in business for yourself or if you are an organization with a public face.

If you are starting your own business, if you do free-lance work (or want to), if you are an independent musician, actor, artist, writer, cartoonist, or self-publisher, you need to have your own website, so when anyone searches for your name in a web browser (sometimes referred to as “googling”) they will find you. That way, they can find you and contract for your services (and you can continue to pay the rent and feed the kids)

If you have a Public Service Organization, or a Charity, Fan Club, Guild or any other public organization, you need to a website so people will can find your organization online so they can join up or donate so your group can keep the lights on.

Libreleft books: My Business Blog

The First thing you need is your very own Domain Name

Domain names are unique. There can only be one Libreleft.com and I own that — so long as I pay my annual fee, no one else on the Internet can have that Domain Name.

In the beginning, Domain Name Registration was free, but now it will cost you something, and what it costs varies.

Don’t Use:

A lot of people choose one called GoDaddy because its cheap, but I heave heard such a variety of horror stories, I can’t possibly suggest that — in fact, I will always strongly advise against it. If you can find pages of horror stories about any service, it is probably a good idea to walk on by.

use

I am extremely happy with my Domain Registrar, Register For Less because they have proven very trustworthy from a privacy standpoint (at least until Edward Snowden tells me different — but I don’t think he will.) R4L has always offered Whois Privacy without charge.

Of course, I have no experience with any other Domain Name Registrar, so don’t take my word for it, do research :)

The second thing you need is a Web Host

If you are tech savvy enough to host your own website, you won’t need this article (although you probably know someone who does). If you don’t, you will need to contract with a commercial website Hosting service.on a local service, OR do so through a web platform.

Should you Hire a Pro?

It is certainly easier to pay someone to do it all for you, but there are a couple of things you need to be aware of before you do.

Even if you don’t know what HTML is, the first thing you must insist on is that you have access and control over the website you are paying for. The thing you don’t want to happen is that after you pay for your website but the web designer actually owns your Domain Name and has total control of your site. That can effectively force you to do business with that Web Designer forever and the biggest risk is that you build your brand but lose control of it.

Horror story: I know one non-profit organization that had a volunteer design its site and register the domain name… and when there was a falling out, the guy with the domain locked the organization out and the organization lost all access to its own online content and had to start over from scratch. They could have won in court, but most non-profits don’t want to or can’t afford to go that route.

I am not suggesting web designers are evil, but even the nicest web designer might not always be around. If your web designer controls the only “keys to” your site, and you lose contact with your web designer, you lose control of your site — and your brand. This can have the unhappy side effect of costing you work if your contact information changes.

It is important to have access to your own site after you’ve paid for it, even if you contract with your designer to maintain it, things change. If you suffer financial reverses, you might not be able to continue to pay to have this done for you. And you should always be able to switch to another professional should circumstances warrant it, or maybe you just want access so your grandkid can make regular updates for you.

Or should you Do It Yourself?

There are many different ways to do a website; some want lots of bells and whistles, so if you’re new at this, there will be a pretty steep learning curve.

When you have a domain name and a web host, you need to have something to put there. The most basic function of any website is to serve as a calling card that explains who you are and what you or your organization does and provide a way that your friends, clients and fans can contact you.

A Static Web Page

A basic website is built with a programming language, the current version of which is HTML5. It isn’t particularly difficult, but it isn’t easy either. I learned HTML from a startlingly easy to use set of online tutorials on an awesome website called HTMLdog. (I bought the printed manual to support the author, because it was worth it. And I plug it wherever I can because it was just that good. When I learned it was XHTML, but the whole site has been updated to the new HTML5 standard).

HTML is the primary language of the Internet… as far as I know email and blogs are written in HTML or a variant. So if you have the time to learn how to do it, you can build your own web page in HTML5. This is great for things that rarely change, like your mission statement or FAQ, sample work, list of credits or résumé.

Pretty nearly any website you have to log into in order to use gives the user the option of a profile page. Always fill these in, and include your contact information. If you want to be contacted, the more places people can find you, the better.

There are also web platforms specifically designed to serve as an online business card. Here’s my about.me page and my artist sister Liana Russwurm’s see.me page.

A Blog Web Page

Blog software has changed the Internet, because it makes it much easier to add new content to keep your website fresh.

There are lots of great blog platforms — WordPress, Tumblr, BlogSpot, LiveJournal — as well as some I’ve only just heard of, like Weebly and Overblog — so you can set up a free blog on a variety of web services. This is my historian-writer brother Lani Russwurm’s visual history blog Past Tense on Tumblr, and it’s previous incarnation on WordPress and it’s original incarnation on blogspot.

Increasingly non-blogging websites like Flickr and GoodReads are allowing users to blog as well.

A blog can be used to discuss and share some of your work with your fans, as cartoonist Nina Paley does, or it can be entirely new content with a view to finding an audience, as my humorist (and/or science fiction) writer brother Larry Russwurm does

I like Tumblr for my visual blogs; I like the archive features (users can look at thumbnails of your entire blog, and I also like the ability to password protect content and allow people to see it without having to register or log in (sometimes called a “registration wall” because users must register (which entails giving out personal information) as well as using a password to access protected content). You can also use it like a regular blog, alothough if you want to have comments, you need to use Disqus to do it. If you decide to use Tumblr, 10 Tips For Problogging On Tumblr has some excellent advice.

My other favorite is WordPress, which can be used in different ways:

  • You can set up an entirely free blog ~ my first blog is still at WordPress.com. When your free blog starts getting traffic, WordPress will start posting ads there, so you needn’t feel guilty about getting a “free lunch”.
  • If you decide to go ad-free, you can subscribe to a commercial package from WordPress, which gives you the ability to post your own video (you can only embed from YouTube in the free version) and you can even get your domain name from there
  • You can download the WordPress software (free as in gratis and free as in freedom) from WordPress.org and create a website to host yourself.
  • Even if you choose to blog on WordPress.com as a trial, and decide later you want to self host, you candownload the whole thing and reconstitute it as a self hosted blog if you wish.
This is my Gravatar on my Author blog, but I also use it anywhere anywhere I need an avatar image.

This is my Gravatar on my Author blog, but I also use it anywhere anywhere I need an avatar image.

An avatar — that little photo of you that appears on Facebook, or Twitter or wherever — is the visual manifestation of your “brand.”  It should be your logo if you’re an organization or a business; if you’re an independent contractor or creator, it should be you. Either way, it should be consistent, because like any brand, people will see in a blink that it’s you. Whether or not you use WordPress, you should sign up for a Gravatar; that way when you make comments in many places, your chosen image will accompany what you write.

recommendation

Many of my blog articles (like this one) are something I’ve written because I know someone who needs the information. A lot of people use FaceBook as their calling card, but do you really want to mix your business and personal contacts? If you are using facebook as your business presence, it is necessary to use a Facebook Page, because what you post on your personal page can not be seen outside Facebook.

One of the things I dislike most about Facebook is that all posts you make there are not seen by everyone in your friends list, and Facebook is forever twiddling with the Timeline order in which your posts appear.  And of course, posts can easily get lost. It can be virtually impossible to try and find something you posted on Facebook a while back. Things don’t just disappear off a real website or a blog under your own control.

Even if you’re a big Facebook fan, it’s possible to set WordPress or Tumblr blogs to post to Facebook.

If all you want right now is a basic online “calling card” my own recommendation would be to choose the blog software you like best and use that to make a static web page. Later on, if you want to expand it into a blog, you’ll be halfway there.

Privacy = Security

Do you use the Internet? Then you need to see “Stop Watching Us”

Stop Watching Us

is a website that allows American citizens to demand an end to mass suspicionless surveillance.

Citizens of other nations need to demand the same of our own governments, and that our governments withdraw from participation and/or complicity in mass suspicionless surveillance of its own citizens.

In Canada we can call on our MP to stand against costly online spying

You can read the International Principles on the Application of Human Rights to Communications Surveillance in 30 languages (and people in other countries can find resources) at https://necessaryandproportionate.org

HeartBleed and Passwords

Heartbleed is a security breach that compromises passwords. Now is the time to change passwords.

--Bob Jonkman

Bleeding HeartsMy favourite spring flowers are called “bleeding hearts,” but this spring the online world is reeling with the discovery of something completely different — an Internet problem that’s been named “Heartbleed.

This is is not a computer virus, it is a mistake someone made in the SSL software code.  When such a mistake is made in a novel it would be called a typo, but on the Internet, Heartbleed is a serious security flaw.

For years watchdog organizations like the EFF (Electronic Frontier Foundation) have been advocating the adoption of internet security feature called SSL/TLS encryption.

Secure Sockets Layer (SSL), more properly called Transport Layer Security (TLS), has become the default approach for protecting sensitive data flowing over the Internet. SSL uses encryption to provide data confidentiality for connections between users and websites and the web-based services they provide. The vast majority of sensitive web traffic, such as user login screens, e-commerce checkout pages, and online banking, is encrypted using SSL.

Thales e-Security: SSL/TLS Encryption

Over time more and more websites have adopted this security measure as a way to make the Internet a safer place for you and me. That’s why something like three quarters of the Internet uses SSL/TLS encryption today.  This is a good thing.

What is Heartbleed?

The security vulnerability known as Heartbleed is a programming error in the SSL code, and it’s a bad thing because it has made every site that uses SSL vulnerable.  Although we are only hearing about it now, it has existed since 2011 or 2012.

I first heard about it on Wednesday, April 9th, 2014.  Today (April 11th) the Toronto Star reports the Government of Canada is disabling federal government public websites — at taxtime — in a move to protect users.  I don’t understand why they didn’t do this the moment the Heartbleed story broke.

This vulnerability went undetected for something like five months (and apparently NSA knew, but didn’t bother to mention it to its Five Eyes allies, like, say, The Government of Canada, because NSA was too busy exploiting the vulnerability for its own purposes.)

Heartbleed vs Websites

A real world comparison might be that using SSL is like a having double lock deadbolts on the door, and “Heartbleed” is what happens when you forget to lock the back door.  Ordinary people can’t fix the Heartbleed problem.  It can only be repaired (or patched)  by the people running SSL websites & servers.

The Internet giants (Facebook, Twitter, Google etc.) were warned first, so they fixed the problem before the vulnerability was announced publicly.  Most of them are trying to allay the fears the media has been whipping up about this all week.

But the Internet is also crowded with many smaller sites that smaller organizations and even ordinary people host themselves.   The EFF has kindly explained how our SysAdmins can effect the Heartbleed fix:

The Bleeding Hearts Club: Heartbleed Recovery for System Administrators

Correcting the code is not an immediate fix, because each SSL secure website also must have its Security Certificate updated, which will take time with so many websites doing this.

Heartbleed vs People

For you and me, the biggest problem is that our passwords may be compromised.

This is such a big glitch, most of us won’t be attacked today.  Our passwords probably won’t be used to crack our accounts right now because so much of the web is affected.

But we can no longer trust that our passwords are secure.

A Better Analogy

The Apartment Analogy

If the superintendent of an apartment building replaces flimsy locks on the doors of all the rental units with good strong deadbolts, it makes it harder for bad guys to break in.

If someone secretly copies the master key, they can break into apartments.

When clever crooks use the duplicate master key to break into apartments, they are very careful in what they steal.  So long as the thefts aren’t noticed, the thieves  can keep coming back for more.

No one can tell there is a problem until something is discovered to be missing..

The only defense that the tenants have is to change the locks on the door.

Heartbleed

If a website or email platform adopts SSL/TLS security, the website security becomes much more powerful, because it adds encryption which prevents most security breaches.

A bad guy exploits Heartbleed by using it to download passwords etc.

When Internet criminals exploit the Heartbleed error, their intrusion is invisible. There is no way to see how much security information has been downloded, or whose security has been breached.

No one can actually tell who or what is at risk until there is an actual attack.

The only defense that the users have is to change the passwords on their data.

 

 

 



Like the NSA, black hat hackers (or crackers) may have already filled databases of passwords they’ve found the Heartbleed system. .   Even if the  System Administrator has fixed the Heartbleed problem for their website, it doesn’t change the fact that any bad guy who cracked the website before the fix still has your password.  Or passwords.

If three quarters of the people in Toronto left their doors unlocked, only some of those homes would be broken into right away.  Because so much of the Internet has been at risk, they might not get you today, but they might tomorrow, or next week.

HTTPS WEBSITES ARE VULNERABLE

You can tell a website uses SSL by looking at the URL (or the website address).  SSL website URLs don’t start with http:// (like this one).  SSL URLs all begin with https://.  You used to be able to tell with a glance at your browser bar, but today’s fashion is to hide this part of the URL in the browser bar.   Some browsers show you are at an SSL site  with a padlock symbol, others display SSL URLs in different coloured text, but if you aren’t sure, you should be able to see which it is by cutting and pasting the URL it into whatever text editor you use.

Not all HTTPS websites were vulnerable to Heartbleed because there are different versions and configurations, but there is no easy way for you and I to tell which SSL sites were vulnerable.

As well as SSL websites, any secure site where you use passwords — email, instant messengers or IRC services may have been compromised.

Nobody Knows For Sure

Google, Amazon, Facebook and Paypal claim their customers are not at risk because they have fixed any Heartbleed problems they had.

But because the Heartbleed vulnerability is invisible,  until someone actually breaks into our accounts, we can’t even tell if they have been compromised.  Even if the Internet giants have fixed their problems, the only way we users can be sure we are safe is by changing our passwords.

Someone has put together a Heartbleed Test so we can discover which SSL sites we use are vulnerable or fixed.  Once we know the website is no longer vulnerable to Heartbleed, we can only be sure of our security after our password is changed.

Tumblr just told me to change my password, which means Tumbler has fixed their Heartbleed problem, and wants to be sure its users accounts are secure.  Bravo.

I am in the process of typing the URLs of sites where I have passwords (Facebook, Twitter etc.) into the Heartbleed Test to find out they are secure before I change my passwords.

Heartbleed isn’t a threat to websites like  Pinterest (http://www.pinterest.com/)techDITZ (http://techditz.russwurm.org/blogs/) or deviantART (http://www.deviantart.com/) that have not yet made the transition to HTTPS

Password No-Nos

  • Never use the same password more than once.
  • Never use passwords like “Password” or “1234”
  • Never use your mother’s maiden name, the name of a loved one, or a birthday… especially these days when all of our personal data is being harvested by corporations and governments alike. If your parent, partner, child, co-worker, next door neighbor or best friend can guess your password, it isn’t secure.

Good Password Practices

I have plenty of passwords, so I keep them filed in a safe place on my desktop computer. But I learned the importance of having a backup copy somewhere else this past summer when I had a major disk failure and I lost something like a terabyte of data — mostly photos —and my password list!

The only time you have to change your password is when:

  1. it has been breached (or when there is a good probability it has been breached
  2. when the website owner tells you you must. or
  3. when you’ve foolishly shared you password with someone you shouldn’t have.

Bob Jonkman, one of the computer security experts I know, recommends using a password manager, such as KeyPassX. But if you don’t he says:

  • Use a different password on every site or application for which you need a password. That way if one site is compromised it doesn’t affect every other site. Of course, Heartbleed affects every [https] site, so that’s not always true.
  • Make it long. Long passwords are good passwords. 20 characters is good. 16 is probably adequate. 10 is marginal.
  • Choose a phrase that is easy to remember, but difficult to guess. As an example, something like “Itookthebustoworkthismorning” — it’s sufficiently long, easy to type, easy to remember.
  • Don’t bother with $p3c14l characters or numbers; the bad guys have software that makes those substitutions too. Special characters make the password difficult to type and difficult to remember. If you need to type slowly because of special characters then it’s easy for a bad guy to shoulder-surf and see what you’re typing. According to KeepassX the passphrase “Itookthebustoworkthismorning” has 28 characters for 224 bits of entropy; on the other hand, passwords with 28 random characters with upper-case, lower-case, numbers and special characters (created by KeepassX’s password generator) have only 182 bits of entropy.
  • If the site does not offer a password reset option then write down your password, and keep it where you keep your money. If the passphrase is protecting $10 worth of data then keep it in your wallet; if the passphrase is protecting $10,000 worth of data then keep it in a safe. Don’t forget to write down the site or application name, the user ID, and any other credentials you need.

— Bob Jonkman, [kwlug-disc] Heartbleed affected sites

Although Heartbleed is a problem, it is being resolved all over the Internet… all over the world… as you read this.

And SSL encryption is still a good idea, just as house keys are, because personal security is important.   And privacy matters.

XKCD: HeartbleedCredits:

XKCD “Heartbleed” by Randall Munroe is released under a Creative Commons Attribution-NonCommercial 2.5 License.

Licensing your Tumblog

copyright jail ~ by question copyright

Tumblr is full of people exuberantly infringing copyright as they share culture. Rather than risking copyright infringement, I prefer to stick to free culture works ~ which are either licensed to share or in the public domain.

I also take care to credit and attribute anything I reblog, even if it is public domain work.

Many Tumblr themes come with a built in Copyright All Righs Reserved declaration.

But if you’re like me, if you think culture should be shared freely, you don’t have to leave your tumblog locked up in copyright – you can give your Tumblog a free culture license instead.

Tumblr allows users to publish our blogs under any license we like.
Here’s how:

There is a menu at the top of your dashboard that has a gear icon (second from the right)

When you click the gear you get a menu
>choose EDIT THEME

Now you’ll be in the customize menu, and in the left sidebar at the top you will see “Custom theme” and directly under this
>>click the link that says Edit HTML >

In the Edit HTML sidebar hold down the Control key and press “F” (for find)
and a search bar will appear at the top of the sidebar

in the search box type © 2014
> press the down arrow and it will take you right to the place that says © 2014

This is where you can type in the details of the license information you wish
to replace © 2014 with:

<a rel=”license” href=”http://creativecommons.org/licenses/by/3.0/deed.en_US”><img alt=”Creative Commons License” style=”border-width:0″ src=”http://i.creativecommons.org/l/by/4.0/88×31.png” /></a><br />
<a href=”http://YOURtumblrNAME.tumblr.com/” rel=””cc:attributionURL””>The NAME OF YOUR TUMBLR</a> by YOUR NAME HERE is licensed under a <a href=””http://creativecommons.org/licenses/by/3.0/deed.en”” rel=””license””>Creative Commons Attribution 3.0 Unported License</a>

which will look like this:
Creative Commons License
The NAME OF YOUR TUMBLR by YOUR NAME HERE is licensed under a Creative Commons Attribution 3.0 Unported License

Have fun spreading free culture!


Image Credit:
Public Domain Copyright Jail by Nina Paley @ Question Copyright

Phishing: Catch of the Day

Don't get Hooked! (cc by laurelrusswurm)Unlike the Nigerian Scams that try to con people out of money by dangling a large mysterious financial windfall that the grifter will send after you give them a wad of cash, a “Phishing” attack uses bait to hook people, so they can get your personal information for Identity Fraud.

One things you can do to protect yourself when getting email that looks legitimate but that asks you to do something you shouldn’t ~ like giving personal information to a stranger ~ is to hover your cursor over the link you are supposed to click. If the text of the link is different than the actual link, don’t do it.

Phishing attacks pretend to come from someone we trust.  In Canada we pay our taxes to the Canada Revenue Service, so when a Canadian gets an email from them we pay attention.  Thiis is a phishing email I received that pretends to be from CRA:

*Claim Your Tax Refund Online*
We identified an error in the calculation of your tax from the last payment, amounting to $ 146.00.  In order for us to return the excess payment, you need to create a Tax Gateway account after which the funds will be credited to your specified bank account.

Please click “Get Started” below to claim your refund:

Get Started <http://www.cunningruse.com/.tax/>

We are here to ensure the correct tax is paid at the right time, whether this relates to payment of taxes received by the department or entitlement to benefits paid.

An email from the Canada Revenue Agency is likely to make us a little nervous, because most of us will wonder what we have done wrong on our tax return.  But when we read this, we discover it isn’t anything terrible, but an error in our favor which brings welcome relief.  The amount owing isn’t big enough to look fishy, just a small correction.

The crooks who sent this hope our little bit of fear followed by relief will cloud our judgement, so we will click on the link that will take us to a place where they can extract our personal information.  After all, we will be giving the information to the government.

The “Get Started” link actually will send you to a different web page… which hovering reveals leads to www Cunning Ruse dot com.

If your bank, or the government, or any reputable retailer wants your personal information, they will not ask for it through email, because email is not safe, private or secure. Anyone who asks for your personal information in unencrypted email is either foolish or a setting you up for a scam.

Don’t do it.  Privacy Matters.