My GDPR Statement

Like you, I have also been inundated with updated privacy policy emails lately in the wake of the new GDPR rules (General Data Protection Regulation). Everyone wants to tell me what they are doing to protect my data. To be honest, it’s not something that’s been bothering me, but thanks for clogging my inbox anyway.

It gets silly… I’ve heard that some schools are using GDPR as an excuse to avoid having things online, such as refusing to post photos or student work, not allowing students to use online services, etc. I’ve even heard it suggested that you can’t read blogs anymore as it infringes on the GDPR rules! I am pretty sure that was not the purpose of GDPR (and we certainly should not allow some rule designed for the European Union to be affecting schools as far away as New Zealand!)

I also heard that some bloggers are adding GDPR compliance statements to their blogs for fear of breaking the rules. Which I think is ridiculous, but here goes…

This blog does not, has never, and will never, use your personal information in any way. I don’t collect it, and if I did I wouldn’t share it.  The only time you “give” me your data is if you leave a comment here, but that’s entirely up to you and you can be anonymous if you want.  The full privacy policy is here.

If you have privacy concerns raised by the GDPR about leaving comments on this (or any other) blog, then here’s my advice. Don’t leave comments.

In fact, if you have privacy concerns raised by the GDPR about simply reading blogs, then here’s my advice. Don’t read blogs.

Of course, if you don’t like paranoid Europeans telling you what to do, then do whatever you want.

 

Header image CC BY-SA: GDPR and ePrivacy on Flickr by Dennis van der Hiejden

Watch Me Drive

There is an advertisement on TV at the moment for an Australian car insurance company that encourages drivers to download an app to their phone to find out who is “Australia’s Best Driver“.  Here’s the ad…

When you download and install the app it starts by asking you a few questions…  your name, gender, email address, home address, etc. Then it keeps track of your driving using GPS location, timestamps, speed tracking, etc for at least the next 300km. In fact, it even defaults to an autostart mode so that you don’t have to remember to turn it on. Every so often it will check in with you to make sure that you are in fact the driver of the trips it’s been tracking. Then it scores your driving style in an attempt to find out who is the best driver in Australia.

Think about it. As well as knowing exactly who you are, it knows how fast you’re driving, when you’re driving, where you’ve been, who was driving and how long for, and even what your phone was doing as you drove. And remember, it just starts tracking automatically every time you drive. Without you even needing to turn it on.

Over time, the data will show whether you speed or not, whether you drive long distances without taking a break, whether you accelerate and brake erratically, what times of day you drive, and of course whether you’re using your phone as you drive. This is not just Big Data.  This is highly personalised data about you as an individual.

But it’s just a game right? You’re encouraged to compete with your friends via social media, so that lots of people are playing the game with you, all submitting the intimate details of their driving history as well. Let’s see who’s the best driver. Plus you can earn badges. Yay! Badges! That’s what it’s about right?

I can’t believe anyone would voluntarily give all this data to an insurance company. I mean they say it’s to make you a safer driver. Yeah, sure, that’s totally the reason. Until you apply for insurance one day and you find they know a little bit more about your driving habits than you might’ve thought and your insurance premium reflects that knowledge. If you’re a good driver, maybe you’ll pay less for you insurance. And maybe you won’t. I know which one I’m betting on.

I like to think that I’m a pretty good driver, but even with the promise of a big cash prize, to voluntarily hand over that much personal driving history data to an insurance company seems absolutely crazy to me.

Thanks AAMI, but I’ll leave this little adventure to Neil, Gaz and Loretta Jones.

Featured CC BY-NC Image “The Sunset Storm, Brisbane Australia“, by Ben Ashmole on Flickr

In Second Factor We Trust

You hear of so many security compromises and hacks these days. There are major security breaches happening, with millions of passwords being stolen and used to steal or damage your stuff. So what can you do about it?

With so much of our lives now being lived in online spaces, losing a password, losing an account, having someone get into your stuff online,  would be a nightmare. What would happen if someone got into your Google account? Your Facebook? Your bank account?

I lost my original Twitter account (betchaboy) last year after a password breach and have never been able to get it back. These security breaches DO happen.

The best thing you can do to protect yourself is to turn on Two Factor authentication. Sounds complicated? Its not. It basically means that there are two passwords required to get into your account instead of the usual one… there is the normal password that you usually use, plus a second one that changes every 30 seconds or so. Even if the bad guys were to get your password, without the second factor – which only you know because it’s generated on your phone, in your presence, on demand – the first password is useless.

It’s a bit like having a door with two locks on it. You’d need both keys to open the door, not just one. Either key on its own won’t open it.

But wait, what? A second password that changes every 30 seconds? That sounds like a lot of messing around! I know it sounds like a hassle, but it’s actually not. Most Two Factor systems form a trust relationship with the devices and computers you use often so most of the time you don’t need the second factor for the computers you use regularly. It’s just needed when you log into a different computer or phone that you don’t normally use. Just like the one that a hacker might be trying to use to log in as you. Even if they discover your password, unless they have YOUR device they only have half the password.

I’ve been using Two Factor authentication on my main Google account for a while now. I resisted turning it on for ages because it all sounded too hard. I eventually relented and decided to give it a go. It’s something I should have done a long time ago. And it’s something that you, if you haven’t already, should do too. Right now.

I spent some time tonight setting up Two Factor authentication on all my Google accounts (about 5 of them), plus my Facebook, Evernote, WordPress, PayPal, Dropbox, Lastpass and Apple ID.  Here’s a good article on how to do it.

For most of these, the second factor can be generated by an app on your phone called Google Authenticator, available for Android, iPhone, Blackberry and Windows Phone. It uses Google’s open source token generation algorithm, and it spits out a new code every 30 seconds, specific to each account. Just log in to these sites as usual, but have your phone handy to generate the second password. It’s very straightforward and easy to use, and well worth whatever minor inconvenience it might cause (which honestly isn’t much)

If you haven’t set up Two Factor yet, can I strongly encourage you to at least give it a try. You can always turn it off if you hate it, but really, you should be using this! There was a report of a password breach for Dropbox users yesterday and it was such a relief to think that it didn’t really bother me as even if they got my password it didn’t matter. It was useless to them anyway.

Do it. Do it now. Seriously.