Arriving late to the dance – Twitter finally takes harassment seriously

Arriving late to the dance – Twitter finally takes harassment seriously

t BirdFor years people have complained about the vicious level of trolling and bullying that is conducted on Twitter. There have been concerted campaigns of harassment, conducted via Twitter, that have driven people to the brink. Piss the wrong person off and you’ll be on the receiving end of a non stop barrage of threats, cruel attacks and more. The worst of the trolls use Twitter as a gathering point to coordinate their attacks.

Contrary to what some in the media try to claim, these aren’t just incidents of name calling and a few insults lobbed back and forth. Telling someone to “man up” or “stop whining” pretty much encourages the attackers. If I stood on a street corner and some random person came up to me threatening to kill me or followed me down the road spewing invectives, I’m pretty sure this would be seen as unacceptable.  There is a difference between a flame war and a directed campaign of harassment. A flame war has two willing participants. Harassment doesn’t. Most efforts to combat the problem have been pretty half-hearted or poorly instituted. Twitter has been a playground for extremists and a vicious variety of trolls.

This week, Twitter announced it will be forming the Trust and Safety Council in a belated effort to take on the problem. Now the wag in me says Twitter is finally taking action because of the hammering they took this week about the reports of changes to how Tweets will appear. But that’s not true. Plans like this aren’t formed in 24 hours.

Twitter is hoping the Trust and Safety Council will develop a coherent plan to combat bullying and harassment. And let’s be honest here people, when we use the term bullying, we aren’t talking about simple garden variety stuff.  If you or one of your friends has never been on the receiving end of one of the nastier versions, it’s difficult to explain how deeply disturbing it can be. On their Trust and Safety Council page, Twitter nails the problem in one phrase “harass, intimidate, or use fear to silence another user’s voice”. Their Sisyphean task includes creating programs and policies to take on the problem and create a safer environment without gutting the vibrant nature of Twitter.

In a not so coincidental act, earlier this week Twitter deleted 125,000 accounts that were used by ISIS to recruit and promote their actions. Twitterati have vocally complained about their presence, but it was pretty useless. Although Twitter has previously delete thousands of accounts, there was no coordinated plan to deal with them or any domestic trolls. Delete one, 10 more puppet accounts popped up to increase the pressure. Without a solid, coordinated program to deal with the issue, nothing was going to change. Will this work? No idea, quite honestly. Twitter may have left it too late.

Read more Twitter blog

 

Password insecurity – the usual suspects

The annual list of truly bad passwords is now out and it still brings a tear of despair to any computer techie’s eyes. Despite all the warnings and examples of the chaos caused by hacked accounts, people still use “password”, “12345678” and “abc123” as the gatekeepers to their personal information. Worse still are those that use the same password across all their devices and accounts.

I have a couple of customers like that. No matter how much I beg and plead with them to change from “87654321” (yea, that’s going to be hard to figure out) or “123456”, they still fall back on the same easy to guess passwords. Or my next favourite – the customer who uses their kids name as their wifi network name and then uses the same names as their router and email password. No, using “karenmike2011” really isn’t a good deterrent to any moderately lazy hacker.

Here’s a case study for you: I have a customer, wonderful family, but they never remember their passwords. The husband is always changing them, in the vain belief that will keep them secure. He dutifully writes the passwords all down and stores them … somewhere … somewhere safe … Last time I was there it took him over 30 min to figure out where he hid the list. HOWEVER … and you just knew there was more to this story, didn’t you …. By the time he finds his list, I’ve already figured out what his passwords are.   Now, changing your passwords periodically is an excellent idea, I do that myself. But it’s futile if you rotate the same easy to guess passwords. I usually try their kid’s names and birthdays (written on their computer calendar). If that doesn’t work, I whip through the usual “pAssw0rd”, their street address, “43215678” etc. And yes, I really do figure them out before he has his “EUREKA” moment.

Given the explosion of excellent password keepers that you can install on your phone/tablet and pc and synch between them, there really is no excuse. But I’ve discovered, lectures don’t do anything. I might as well write out what they need to do, roll the instructions up and smoke them for all the good it does. Some people either just don’t get the danger or they think there are bomb proof.   And when I get that call I refrain from “I told you so” but honour the person with a knowing glare over the top of my glasses as we start the recovery process.

Here are some basic rules for password security:

  • Get an encrypted password keeper. I use Password Padlock and synch the list between my devices. It automatically backs up the list to an encrypted file on my cloud account (not stored on anyone’s server) and when I make a change, it notifies me on my other devices to download the updated list.
  • Make sure your password keeper has a feature that will create a password for you and make it completely random. It should also have the ability to include special characters. We’re creatures of habit, which means when we create our passwords, we tend to fall back on familiar names and numbers
  • DON’T USE 123456 or PASSWORD as the access key to your new password keeper. Kind of defeats the purpose, don’t you think?
  • Change your passwords periodically. The most important ones are your email, online banking and anything that holds private information.
  • Don’t use the same password for your primary accounts. Don’t use your email password on your banking website. Pick unique passwords for each one. And don’t forget to change them periodically.
  • If you don’t want to use a password keeper, create a system to track your passwords. The advice “never write them down” may be good from a security point of view, but entirely impractical from the user end. Who’s going to remember 60 or 70 passwords? Especially if they are completely randomized. That advice is arrogantly dismissive of how difficult it is to remember passwords.
  • I have a customer who has the weirdest system I’ve ever seen. He writes his passwords down in a bizarre code that only he knows. Another one uses a password protected spreadsheet so she has one master password to remember.

Take a few basic steps and protect your data. Take some time to plan out your password – don’t rush picking it. Figure out a system that works for you and stick to it.

… oh and “monkeyboy”, “IamaGOD!”, “l0Vemachine” and your pet’s name are not good choices … trust me on this.