Don’t Use Wi-Fi for Security Cameras

I’ve been asked for my opinion on Wi-Fi security cameras many times. My opinion is to avoid them. Wi-Fi is susceptible for many easy to perform attacks. For example, Wi-Fi deauthentication attacks are a favorite of script kiddies because they are so easy to perform. I’ve demonstrated how easy it is to many friends. WPA3 helps alleviate this, but most access points that I’ve seen are still using WPA2. If you buy a Wi-Fi camera that can’t use WPA3, it is vulnerable to this trivial attack.

Deauthentication attacks aren’t the only way to bring a Wi-Fi network down. Wi-Fi is a wireless protocol, which means it’s susceptible to jamming. When I explain this to friends, they often say that I’m being overly paranoid. But just because you’re paranoid doesn’t mean that they’re not out to get you:

A serial burglar in Edina, Minnesota is suspected of using a Wi-Fi jammer to knock out connected security cameras before stealing and making off with the victim’s prized possessions. Minnesota doesn’t generally have a reputation as a hotbed for technology, so readers shouldn’t be surprised to hear that reports of Wi-Fi jammers used to assist burglaries in the U.S. go back several years. PSA: even criminals use technology, and more are now catching on — so homeowners should think about mitigations.

This is the exact thing I’ve been warning about since Wi-Fi cameras came on the market.

The purpose of a security camera is in the name: security. You want security cameras to be a deterrence and, failing that, to collect evidence that can be provided to law enforcers, insurance companies, etc. A Wi-Fi camera isn’t going to deter a burglar who has access to jamming hardware and knows how to use it. Wi-Fi cameras that have been disconnected from their recording device aren’t going to collect evidence (a camera with a built-in SD card could, but then you’re trusting an SD card, which is a crap shoot).

If you’re going through the trouble of buying and installing security cameras, get hard wired cameras. There are a lot of excellent Power over Ethernet (PoE) options on the market. PoE cameras only require a single Ethernet cable to provide both power and data connectivity.

In Praise of Pen and Paper

Back before the Internet became ubiquitous, one of the most commonly given pieces of computer security advice was to not write passwords down on Post-It notes and stick them to your computer. The threat model was obvious. Anyone sitting down at the computer would have access to the password. This threat model was the most common one back then. While writing passwords down on Post-It notes isn’t a good idea today, it’s actually quite secure against today’s most common threats because a piece of paper can’t be accessed remotely. Ubiquitous Internet connectivity has shifted the most common threat models from local access to remote access.

Data breaches, ransomware, and distributed denial of service are three of the most common forms of attack we read about today. Data breaches in business and government networks have resulted to tremendous amounts of personal information being leaked online. Ransomware attacks can grind businesses to a halt by locking away the data needed to complete day to day tasks. Likewise, distributed denial of service attacks can bring businesses to a halt because so much data has been uploaded to other people’s computers. If those computers are knocked offline, the data uploaded to them becomes inaccessible. A folder containing information written on paper forms stored in a filing cabinet can’t be stolen remotely. It can’t be maliciously encrypted remotely. Access to it can’t be taken away remotely.

The benefits of paper don’t stop there. Paper has an intuitive interface. You pick it up and you read it. Accessing information on a piece of paper doesn’t require trying to figure out a command line or graphical user interface designed by a mad programmer who seemed to take design cues from Daedalus. The user interface of paper also doesn’t change. You don’t have to worry about a software company releasing an update to a piece of paper that drastically changes the user interface for no reason other than the sake of changing it.

Paper is resilient. Data stored on a computer can be corrupted in so many ways. A file loaded into RAM can be corrupted due to a memory error and that corrupted data can be dutifully written to disk and then included in backups. It’s possible that a file that is accessed infrequently can be corrupted without anyone noticing until all of the backups of the uncorrected file are cycled out. A file can also be corrupted while it’s stored on a hard drive or SSD. Paper doesn’t suffer such weaknesses.

Writing information down on paper has a lot of security and integrity benefits. None of this is to say there aren’t downsides to using paper. But the next time you read about patient information being leaked online because a hospital suffered a data breach, consider how much safer that information would have been if it had been stored on paper forms instead of a database. When half of the Internet disappears due to another Cloudflare misconfiguration and you are unable to perform a task because the information you need is hosted on somebody else’s computer, consider that you’d still be able to complete the task if the information was on a paper form in your filing cabinet.

Just because a technology is old doesn’t mean it’s completely outdated.

No True Gray Man

Through some twist of cosmic karma, there seems to be a universal rule dictating that any group of carry permit holders must discuss the concept of the gray man. Through an addendum to the universal rule, this discussion must always devolved into No True Gray Man where each participant points out why every other participant is failing to be a gray man.

The concept of the gray man seems simple enough. If you don’t want unwanted attention, you need to blend in with the general populace. This is important to many carry permit holders because they know that if a bad guy is able to mark them as a carry permit holder, then they will be the first target should that bad guy decide to act like a bad guy. Such a grizzly fate can only be avoided by becoming indistinguishable from the background mass of people, to become a gray man. The question is, how does one achieve the coveted status of gray man?

As a frequent (and almost always unwilling) participant in this conversation, I have learned the characteristics of the gray man.

  • The gray man does not wear tactical pants. The only people who wear tactical pants are people who are carrying a gun. No exceptions.
  • The gray man does not wear a tactical shirt. What is a tactical shirt? Any button down shirt that has pockets. Unless it’s not.
  • The gray man does not wear camouflage.
  • The gray man does not wear any clothing with an emblem of any firearm manufacturer.
  • The gray man does not wear hiking boots unless they’re in gaudy colors.
  • The gray man does not use a backpack with MOLLE webbing.
  • The gray man does not use any pack other than a fanny pack because all other packs scream that the owner is carrying a gun.
  • The gray man does not walk too fast. People who walk too fast attract attention and are easily identified as a man with a gun.
  • The gray man does not walk too slow. People who walk too slow are obviously trying to avoid attention and are therefore easily identified as a man with a gun.

If you do all of these things, you will blend in perfectly with the masses and by extent achieve the coveted status of gray man! Unless, of course, you actually practice all of the other things you’re told to practice such as keeping your head on a swivel, not reducing your awareness of your surroundings by wearing earbuds and staring at your phone, crossing the street to avoid an individual or group that you believe could be trouble, or otherwise maintaining any awareness of your surroundings.

The problem I have with most gray man conversations is that they focus almost exclusively on clothing. There is another, and I will argue more important, component of blending in with the masses: behavior. Go to a public place like an airport, mall, or the downtown of a city and watch the people. Take note of how they dress and behave. I can’t tell you how many backpacks with MOLLE webbing I’ve seen at the airport. Those backpacks aren’t unique to carry permit holders. It’s fall here in the Midwest, which means it’s jacket season. Here in my rural community I see countless people wearing camouflage jackets. They don’t stick out at all because hunting is a common pass time in these parts. Many of the fashion trends declared as faux pas by the carry permit holder crowd are actually quite common amongst the general population. I can shuffle through an airport, mall, or city downtown in a 5.11 tuxedo with a Multicam backpack covered in MOLLE webbing and attract little to no attention. However, I can stomp through the same airport, mall, or city downtown in jeans and a t-shirt and attracted more attention. I just have to change my behavior.

If you spent some time people watching, you’ll notice a few trends. Most people look down at the ground as they walk. A lot of people wear earbuds in public and many more are glued to their phone. I once watched a girl whose eyes were glued to her phone walk into a moving car in a Menard’s parking lot. She was lucky that the driver noticed her and stopped the car before she hit him. Many, if not most, people are in varying states of overweight. The people who stick out are the ones who look up and forward as they walk, are obviously aware of their surroundings, and are in good physical shape. In other words, the people who practice all of the things self-defense classes teach are the people who stick out regardless of how they dress.

The gray man as typically discussed in carry permit holder circles is fudd lore. You cannot simultaneously be a gray man and practice good self-defense principles because the behavior of people who practice good self-defense principles causes them to stick out. But I’m also here to tell you that it doesn’t matter. Going back to my remark about being able to attract attention wearing jeans and a t-shirt, I specifically said more attention, not a lot of attention. This is because, short of running around screaming racist slurs (simply screaming is unlikely to attract much attention as most people work to ignore it) with my hair on fire, it’s difficult to attract much attention because most people are oblivious to their surroundings. They’re not just passively oblivious either. They actively work to remain oblivious. They wear earbuds to deafen themselves. They stare at their phones to blind themselves. They do everything they can to not have any awareness of what’s happening around them.

The good news is that you’re a gray man to the general population no matter what you do. The only people likely to notice you are other carry permit holders and bad guys. Being noticed by other carry permit holders usually isn’t a big deal. You might make a new friend (or you might sucked into a No True Gray Man discussion). Being noticed by a bad guy isn’t necessarily a problem either. The main point of practicing good self-defense principles is to signal that you’re a hard target. The reason for signaling this is because most bad guys are looking for soft targets. A bad guy noticing you and identifying you as a hard target is a typically a good thing because it will often dissuade them from choosing you as a victim. Even if a bad guy decides to target you first because you’re a potential hindrance to his ability to target others nearby, the fact that you’re practicing good self-defense principles improves your survivability. If you were blending in with the general population, if you were actively preventing yourself from being aware of your surroundings, you would have zero chance of identifying the bad guy beforehand and would therefore have no chance to defend yourself.

Don’t let yourself get suckered into believing that a change of wardrobe will allow you to achieve gray man status. If you practice good self-defense principles, you’re going to stick out no matter what you wear. Wear what you like to wear. Carry backpacks that you like to carry. Walk how you like to walk. Enjoy your life.

Securing Financial Applications Behind Secondary Accounts

Many people run their entire lives from their mobile devices. Unfortunately, this makes mobile devices prime targets for malicious actors. Apple and Google have responded to this by continuously bolstering the security of their respective mobile operating systems (although the openness of Android means device manufacturers can and often do undo a lot of that security work). One major security improvement has been the optional use of biometrics to unlock devices. Before fingerprint and facial recognition on mobile devices, you had to type in a password (or optionally draw a pattern on Android) every time you wanted to unlock your device. This dissuaded people from setting an unlock password on their devices. Now that mobile devices can be quickly unlocked with fingerprint or facial recognition, implementing a proper unlock password on a device isn’t as inconvenient. With this increase in convenience came an increase in the number of people properly locking their devices.

Setting a proper unlock password protects the owner from the consequences of their mobile device being stolen. A thief might get the device, but if it’s a properly locked (which implies all security updates are installed and the device is actively supported by the manufacturer) device, the thief will be blocked from accessing data on the device such as any financial applications.

Now that locked devices are more prevalent, thieves are resorting to new forms of trickery to gain access to the valuable information on devices:

Most scams that utilize payment apps involve a range of tricks to get you to send money. But some criminals are now skipping that step; they simply ask strangers to use their phones and then send the money themselves.

The victim often doesn’t realize what’s happened until hours or even days later. And by that point, there’s very little they can do about it.

If somebody asks to borrow your phone, tell them no. But asking to borrow a phone isn’t the only way thieves acquire access to unlocked devices. Thieves are also targeting people who are actively using their devices (and since those people often aren’t paying attention to their surrounding, they’re easy targets). If a thief steals an unlocked device from somebody, they can gain access to the information on the device until it is locked again.

Most financial applications offer the ability to set an application specific password, which you should do. However, Android offers another level of security. Android supports multiple user accounts. Applications and data in one user account cannot be accessed by other user accounts (an application can be installed in multiple accounts, but each installation is unique to an account). A user can add a separate user and install their financial applications in that account. When they’re using their main account for things like making calls and instant messaging, their financial accounts remained locked behind the secondary account. So long as the user isn’t actively using the secondary account, any thief who swipes the device while it’s unlocked will not even be able to see which, if any, financial applications are installed.

Financial applications aren’t the only ones that you can hide behind secondary user accounts, but they’re good candidates because unauthorized access to those applications can result in real world consequences. Furthermore, financial applications usually aren’t accessed frequently. They’re accessed when a user needs to check the status of an account or make a transaction.

Bring Enough Gun

A story making the rounds illustrates the importance of ensuring that you have enough gun:

A large bull moose spent more than an hour stomping on the sled dog team of a rookie Iditarod musher in the wilds of Alaska last week – and the attack didn’t end even after Bridgett Watkins emptied her gun into the animal.

[…]

‘As he charged me I emptied my gun into him and he never stopped,’ she wrote on Facebook. ‘I ran for my life and prayed I was fast enough to not be killed in that moment. He trampled the team and then turned for us.’

[…]

She did carry a .380 caliber gun because there are few people where she trains, and she keeps it to to deter or scare off animals. She has since upgraded to a larger caliber firearm after it didn’t stop the moose.

A bull moose is basically a freight train on legs that is fueled by rage. Shooting one with a .380 will just piss it off. In Watson’s defense, she wasn’t foolish enough to believe that a .380 would drop a moose. She carried it assuming that the noise it created would be sufficient to scare off an attacking animal.

So this story illustrates two important consideration when creating a self-defense plan. First, recognize the threats and bring sufficient firepower to deal with those threats. Second, if your plan includes deterrence (which it should), have a backup plan in case it doesn’t work.

Consider the self-defense plan one might establish in a city. Your primary threat will likely be humans. That means calibers like 9mm, .45 ACP, 5.56x45mm, and 7.62x39mm are sufficient in most cases. Pepper spray is a non-lethal option that is often sufficient to dissuade an attacking human. In a city your defensive plan might include a 9mm handgun and a small canister of pepper spray.

Now consider the wilderness in the Upper Midwest. While humans are still a threat in the wilderness, they’re much less common in the wilderness and smaller than some other threats. If you go to the northern parts of Minnesota, you might encounter moose. Throughout much of the Upper Midwest there are also black bears. Both are larger than humans and require more firepower to reliably drop. Therefore, your self-defense strategy might include a .357 magnum, .44 magnum, or 12 gauge shotgun loaded with slugs. Run of the mill pepper spray won’t be sufficient, which is why bear mace exists. In the wilderness of the Upper Midwest your defensive plan might include a .44 magnum revolver and a canister of bear mace.

Obviously a gun and chemical irritant aren’t a complete self-defense plan. There are many other components including a plan to deal with injuries (which is even more critical in the wilderness where emergency services are often unavailable). However, like every other part of your plan, your lethal and non-lethal tools need to match the environment.

Preparing for Bad Times

It’s obvious that inflation and shortages are long term trends, not short term “transitory” states as claimed by the current rulers and their mouthpieces in the mainstream media. If history is any indicator, we’re moving towards bad times. However, the effects of bad times can be mitigated with a bit of planning and preparation.

I’m guessing a large percentage of people reading this have been preparing for bad times for a while. If you have been, good on you. You were smart. If you haven’t, don’t worry. There’s still time. Although most goods are harder to come by than they were two years ago, necessities can still be readily had in most places (although you may have to go to several stores to get everything on a list).

If you haven’t been, this post is a primer for you. It’s not all encompassing. It’s a bullet point list meant to get your started.

Creating a Plan

During the first wave of lock downs people snapped up toilet paper and frozen pizzas like they were gold. They did this because they realized that they needed to “do something” but didn’t bother to develop a plan.

When preparing for bad times, you want to allocate resources where they will do the most good. Having a stockpile of toilet paper is good, but all the toilet paper in the world is worthless if you don’t have any food. The first step of developing a plan is identifying what you need. The most immediate needs of a person are water, food, and protection from the elements (shelter and clothing). If you want to avoid disease, you will also need a hygienic environment and medical supplies. I suggest starting with these categories.

Water

Water availability will differ from region to region. If you live in a desert, you will need more stored water than somebody who lives near plentiful fresh surface water (in which case filtration can be an alternative to storage). Unless the water coming out of your tap is poisonous (in other words what I’m writing doesn’t apply if you live in Flint, Michigan), I’d suggest storing tap water over buying bottled water from a store. Do keep in mind that filling random containers with water isn’t sufficient. You need to store your water properly if you want it to last.

Food

Judging by availability immediately after the lock downs, a lot of people believe they can eat frozen pizzas forever. Setting aside the dubious nutritional value of frozen pizzas, putting all of your eggs in one freezer isn’t a smart long term plan. Freezers require electricity and can breakdown. If electricity is unavailable for an extended period of time or your freezer suffers a mechanical failure, everything stored in it will thaw and spoil. You can mitigate the risk of power loss with a generator (so long as fuel is available), but you can’t mitigate the effects of a breakdown unless you have a backup freezer (two is one, one is none). I don’t want to discourage you from making frozen food part of your plan, just don’t make it your entire plan. Having a backup plan for your backup plan is never a dumb idea (again, two is one…).

The good news for your preparedness plan is that there are options in addition to frozen food. Canned goods are the most obvious. Canned goods in good condition can last for a very long time if properly stored. Dry goods are also worth adding to your plan. Dried beans, rice, pasta, etc. store well without the need for refrigeration. Specially prepared foods such as pemmican and hard tack also store well without refrigeration and can serve as alternative ways to store otherwise perishable foods like meat if a freezer isn’t available.

Before you run to the store and buy every can of Spam on the shelf, consider your current diet. If you don’t like Spam, buying pallets of it is foolish. Survival is the primary purpose of preparing for bad times, but there’s no reason you have to suffer to survive. Focus on buying foods you actually like to eat. This will make your life more pleasant in bad times and allow you to cycle through your stockpile during good times (more on that in a bit). Moreover, buy a variety of foods you like to eat. That will allow you to mitigate appetite fatigue (the point where you become so sick of eating the same thing that you can no longer choke it down even in a survival situation).

Protection from the Elements

I’m not going to spend much time on this. You need appropriate living arrangements to both protect yourself from the elements and to store your necessities. Proper clothing for where you live is also necessary (for example, if you live in an area with harsh winters, make sure you have clothing that will protect you from those conditions).

A bug out destination can be included in this category. Depending on the type of bad time you’re experiencing, your home may not be safe.

A Hygienic Environment

Medical care may be limited or unavailable during bad times. That makes getting sick more dangerous. The best way to avoid sickness is to maintain a hygienic environment. You want to have sufficient cleaning supplies to keep your home clean. That means supplies to sanitize where you prepare your food, supplies to prevent mold from growing in your bathroom, and supplies to keep your clothing and body clean.

This seems to be the most often overlooked part of a preparedness plan. Most people remember food and water, but often forget soap, laundry detergent, bleach, etc. Don’t be one of those individuals or all the water and food you painstakingly stocked will be wasted.

Medical Supplies

Speaking of illness, make sure you have stocks of basic medical supplies. Bandages, gauze, medical tape, tourniquets, disinfectant, etc. are all good things to have and usually store for a long time. Again, medical care may be limited so you may have to fend for yourself if you are injured. Moreover, try to stockpile any medications you need (this can be hard because the state artificially restricts access to prescription medications).

Pets

Do you have pets? Do you want them to survive bad times? If so, makes sure you stock supplies for your pets as well. How easy this is will depend on the kind of pets you have.

Cycling Stock

Instead of building a stockpile and forgetting about it until bad times hit, you should use and replace items from your stockpile during good times. For example, if you have a recipe calling for green beans, pull a can of green beans from your stockpile and replace that can with a new one. This serves two purposes. First, it guards against spoilage by limiting the amount of time any good is stored. Second, it increases your chances of discovering spoiled stock when it can be readily replaced. A can of rancid meat is less of a problem when you can go to the store and buy a replacement than it is when canned meat is unavailable.

Allocating Resources

So you put together a plan, crunched the numbers, and realized that this is going to cost a lot of money. Don’t be disparaged. You don’t have to buy everything immediately.

Your plan should be prioritized. This can be done by asking some simple questions. What items do you need immediately? What items can be acquired cheaply? What items will require saving money to acquire? What items are more readily available?

Obviously items you need immediately should be prioritized. If, for example, you were one of those individuals who stockpiled toilet paper during the beginning of the lock downs and still have several months worth in stock, toilet paper should have a low priority. You may want to prioritize items that you need and are already in short supply. For example, many of the recipes my wife cooks require coconut milk. We live in the Midwest where coconut milk is usually relegated to the “Asian section” of the grocery store, which usually has limited stock in the best of times. So coconut milk is prioritized higher on my list.

Items that can be acquired cheaply are good add-ons to your normal grocery list. For example, many canned vegetables can still be found for under a dollar a can (this is being written on November of 2021, if you’re reading this months after I wrote it, inflation may have made this claim look absurd). Adding a few cans of vegetables to your grocery list probably won’t break the bank. Over time a few cans here and there will result in a very comfortable stockpile. Keep an eye out for sales. If your grocery store is having a sale on an item on your preparedness plan, use the opportunity to stock up for less.

What about expensive items like generators and hiring and electrician to wire your house so you can connect your generator to your home? Budget for them. Save some money each month for the purpose of acquiring more expensive items.

Don’t Panic

Preparing for bad times is, in my opinion, a continuous process. If you do a little bit every week or month, you will be in a solid position surprisingly quickly. It’s easy to convince yourself that everything could fall to pieces tomorrow and panic. Remember that things seldom fall to pieces overnight. When you wake up tomorrow, there will likely still be food on store shelves and the money in your wallet will likely still be able to buy it.

The Police Aren’t Coming

A law enforcer killed a black man in Atlanta and is being charged. This has ruffled the feathers of many other law enforcers in the city and now they’re coming down with the blue flu:

Hours after the Fulton County district attorney announced felony murder and other charges against the former Atlanta police officer who fatally shot Rayshard Brooks, a 27-year-old black man, in the back, a number of Atlanta police officers called in sick just before a shift change Wednesday evening.

A lot of people argue that nobody needs tools to protect themselves because if they’re in danger, they can call the police. I along with many (probably most) other advocates for gun ownership have argued that you can’t rely on other people to protect you. This argument often falls on deaf eras. Even when you point out that law enforcers have no duty to protect you, gun control advocates will argue that a cop isn’t going to just stand by and let something bad happen to an innocent person.

The recent civil unrest that started in Minneapolis has done a wonderful job of illustrating that law enforcement departments can easily become overwhelmed and when they’re overwhelmed they don’t send resources to protect you or your business. Atlanta is now illustrating the fact that there are circumstances where law enforcers will refuse to show up for work. As with Minneapolis just a short while ago, it appears that the people of Atlanta are on their own.

This is why defense in depth is such an important concept. You want redundant self-defense plans in case any single plan fails. This is especially true if any of your plans rely on anybody but yourself to execute (the only person you can 100 percent rely on is yourself because that’s the only person whose actions you can control).

Play Stupid Games, Win Stupid Prizes

This story is an illustration of how not to handle a fender bender:

Following the fender bender, Kamrowski stopped in the left lane and got out of his Ford F-150 pickup truck to exchange insurance information with Fitzgerald, according to police.

Fitzgerald, 37, of Ashland, Massachusetts, stayed inside of his white 2016 Infinity QX70 SUV, authorities said.

“That encounter became adversarial,” police said in a statement.

At some point, Kamrowski of Framingham, Massachusetts, reached into Fitzgerald’s vehicle and snatched a water bottle and then stood in front of Fitzgerald’s SUV, police said.

Ideally, after a collision, both parties get out of their vehicle and cordially exchange insurance information and let their respective companies deal with the situation from there. However, ideal situations are almost as rare as honest politicians. If you find yourself in a collision and the other party won’t exit their vehicle, don’t approach. But if you can’t stop yourself from doing that, at least don’t reach into the vehicle. Record the other driver’s license plate number, the make and model of their vehicle (if you can determine it), and identifying characteristics of their car (color, bumper stickers, etc.) and person. If the driver flees, you have a good description to give to the police. If they don’t, they’ll have to get out of their vehicle eventually.

Let’s pretend for a moment that you’re an idiot though and couldn’t restrain yourself form approaching and reaching into the car. At least don’t do this:

“Fitzgerald then began driving towards Kamrowski, who subsequently jumped on the hood of Fitzgerald’s vehicle,” according to the statement from police.

The box of his F-150 would have been a better place to go (or, better yet, back into the cab). But if do jump on the hood, do it only long enough to jump off the vehicle in a safer direction. If you decided to overstay your welcome (and your welcome will be approximately zero seconds), you could end up going for a ride:

With Kamrowski clinging to the hood, Fitzgerald headed west on the turnpike, accelerating and stopping in an apparent herky-jerky attempt to shake Kamrowski, police said. Fitzgerald’s Infinity hit speeds of up to 70 mph as it traveled about three miles on the highway with Kamrowski holding on, police said.

Now you get to ask yourself a question, is the driver panicked and working from their fight or flight state of mind or are they purposely trying to kill you? It’s a pointless question because the answer is irrelevant to your situation. But asking it might distract you from the fact that you’re probably going to die because of your poor decisions.

Fortunately for Kamrowski, a good Samaritan managed to end the situation before he died:

Several motorists tried unsuccessfully to get Fitzgerald to stop, police said. When Fitzgerald eventually got bogged down in traffic, a motorist with a permit to carry a concealed weapon approached Fitzgerald and ordered him out of the SUV at gunpoint just as troopers arrived on the scene, according to the police statement.

But that’s not something you can bet your life on. Moreover, you’re probably still going to jail:

Fitzgerald was charged with assault with a dangerous weapon on a person over 60, negligent operation of a motor vehicle and leaving the scene of a property damage accident.

Kamrowski was arrested on suspicion of disorderly conduct and malicious damage to a motor vehicle.

In summary, don’t be either Kamrowsky or Fitzgerald. Especially don’t be Kamrowsky though because he put is life in danger (Fitzgerald, on the other hand, was at least smart enough to stay in his vehicle and thus maintained a significant advantage in the deadly situation they both worked to create).

Hey Siri, I’m Getting Pulled Over

Do you carry an iPhone? If so, is it updated to iOS 12? If you answered yes to both, there’s a very useful tool you can download:

There’s a big new feature for iPhone experts this year: It’s an app called Shortcuts, and with a little bit of logic and know-how, you can stitch together several apps and create a script that can be activated by pressing a button or using Siri.

[…]

But Robert Petersen of Arizona has developed a more serious shortcut: It’s called Police, and it monitors police interactions so you have a record of what happened.

Once the shortcut is installed and configured, you just have to say, for example, “Hey Siri, I’m getting pulled over.” Then the program pauses music you may be playing, turns down the brightness on the iPhone, and turns on “do not disturb” mode.

You can download the shotcut here.

I’ve downloaded it and tested it. Sure enough it works as advertised. Grab it and install it on your phone so it’s ready if you get pulled over.

You Must Guard Your Own Privacy

People often make the mistake of believing that they can control the privacy for content they post online. It’s easy to see why they fall into this trap. Facebook and YouTube both offer privacy controls. Facebook along with Twitter also provide private messaging. However, online privacy settings are only as good as the provider makes them:

Facebook disclosed a new privacy blunder on Thursday in a statement that said the site accidentally made the posts of 14 million users public even when they designated the posts to be shared with only a limited number of contacts.

The mixup was the result of a bug that automatically suggested posts be set to public, meaning the posts could be viewed by anyone, including people not logged on to Facebook. As a result, from May 18 to May 27, as many as 14 million users who intended posts to be available only to select individuals were, in fact, accessible to anyone on the Internet.

Oops.

Slip ups like this are more common than most people probably realize. Writing software is hard. Writing complex software used by billions of people is really hard. Then after the software is written, it must be administered. Administering complex software used by billions of people is also extremely difficult. Programmers and administrators are bound to make mistakes. When they do, the “confidential” content you posted online can quickly become publicly accessible.

Privacy is like anything else, if you want the job done well, you need to do it yourself. The reason services like Facebook can accidentally make your “private” content public is because they have complete access to your content. If you want to have some semblance of control over your privacy, your content must only be accessible to you. If you want that content to be available to others, you must post it in such a way where only you and them can access it.

This is the problem that public key cryptography attempts to solve. With public key cryptography each person has a private and public key. Anything encrypted with the public key can only be decrypted with the private key. Needless to say, as the names implies, you can post your public key to the Internet but must guard the security of your private key. When you want to make material available to somebody else, you encrypt it with their public key so hey can decrypted it with their private key. Likewise, when they want to make content available to you they must encrypt it with your public key so you can decrypt it with your private key. This setup gives you the best ability to enforce privacy controls because, assuming no party’s private key has been compromised, only specifically authorized parties have access to content. Granted, there are still a lot of ways for this setup to fall apart but a simple bad configuration isn’t going to suddenly make millions of people’s content publicly accessible.