I Forgot That My Amazon Wish List Was Public

And That Made My Digital Footprint Vulnerable To Harassment

Getting to “good enough” about your own digital security is as much a matter of psychology as any other domain of experience. Specifically: cognitive science.  Specifically, in the case of the latest lapse I discovered in trying to lock down my digital footprint, my hippocampus: the seat of memory consolidation and recall. I learned (again) that my Amazon Wish List is public.

Some of you might know this because your Wish List is public because you’ve chosen to make it public.  It’s your get-me-this-gift registry. And that’s cool.  But I used it as a place to store a list of books, paraphernalia, nick-knacks, gadgets, and items that I intended to one day purchase and didn’t have the resources or desire to pay for them at that moment. 

Last night, I learned that there were some potentially compromising items on that list.  Nothing terribly embarrassing, but potentially compromising. If someone wanted to find out what my personal vulnerabilities are, my trigger points, the parts of my biography that I’m sensitive to, a browse through that list would be sufficient. I spent a half hour cleaning it up.  If you look at the list now, you’ll see a curated list of books that I’ve browsed through. My vulnerabilities are hidden. 

The point: when I started using the Wish List in 2009, I guess I knew that it was public.  Then I forgot. Because we forget things.  And for the next eleven years, it because a repository of stuff I wanted to buy, some of which happen to be the type of things that I wouldn’t want others to know that I was looking at. If you’ve forgotten this too, go check your settings.  Get rid of your public wish list unless you use it for public reasons.  While you’re at it, go into your Amazon privacy settings and do a scrub.  Enable Two-Factor Authentication immediately.

Farhad Manjoo wrote this week about the existential benefits and drawbacks of the Amazon shopping experience. I align with his views.

Amazon is pushing a level of speed, convenience, and selection in shopping that millions of customers are integrating into their daily lives. The more entrenched Amazon gets, the tougher the political case for breaking the company up becomes, especially if you consider the demographic makeup of Amazon’s best customers. Compared to Wal-Mart (which still reigns as by far the largest retailer in the world), Amazon’s customers tend to be affluent, excessive consumers. Many Amazon devotees are exactly like me — they are part of the global elite in the media, politics, finance, and tech, upper-middle-class consumers whose chief hardship is having more money than time, and who may not take too kindly to their conveniences being snatched away in the name of corporate equality.

Our USC Election Cybersecurity initiative traveled to Ohio this week, where, under the brilliant golden dome in the statehouse, we met with 150 campaign and election workers.  The Secretary of State, Frank LaRose, is a Republican. It is tempting, in our highly polarized times, to ignore state officials with any partisan affiliation, and a lot of folks might do so automatically. But I found that LaRose has worked hard to build a rapport with Democrats BECAUSE he understands that election integrity for voters is a second order priority that requires that he be trusted.  When voters think as partisans, forget it.  When voters think as voters, then LaRose’s work becomes essential.  He has forged a good relationship with his neighbor, Michigan Secretary of State Jocelyn Benson – a Democrat -- because he knows that, absent a national strategy (and enough money coming from the feds) to secure everything, the more that states work together, the more information they share about best practices, the more they work through problems together, the more secure their election processes will be, and more importantly, the more secure people will perceive it to be.

Not that Ohio (or LaRose) comes to the public sphere without controversy. Democrats and Republicans will fight about ballot access and fight fiercely. I spoke a number of top Democrats about LaRose, and while each of them could find fault in one or more his decisions, none questioned his motive.  He knows that getting buy-in from voters about the integrity of the election is essential. He wants Republicans to accept that Democrats win and Democrats to accept that Republicans win.  It’s a good look for a public official. 

Another good practice: his communications team is aggressive, digitally savvy, and proactive. They’re preparing for problems before they arise. They use all forms of social media to communicate, and LaRose is a ubiquitous presence on Twitter. He’s branding himself quite self-consciously as a leader in election security and integrity, and it seems to be working.

New Hampshire Won't Be Like Iowa, But

But Don't Expect Instant Results, and Watch For Questions About Electronic Polling Books

Although the forces of disinformation will undoubtedly attempt to game the interpretation of the results, there are several important reasons why New Hampshire won’t be a second Iowa, and it’s worth noting them, in rough order.

  1. New Hampshire has a Secretary of State that a majority of voters, election officials, campaign officials, the media, and candidates largely trust. His name is Bill Gardner. He is a zealous advocate for his state’s first-in-the-nation primary status. (It goes without saying: Iowa Democrats ran the Iowa caucuses. The state of New Hampshire runs the presidential primary, although Gardner is a Democrat.) Trust in Bill Gardner is essential. There are few officials like him in the country: people associated with the integrity of the system by which we choose our leaders. If something goes wrong, folks in New Hampshire will give Gardner leeway to sort it out and explain it publicly. You can bet that he is ready. If there are problems, then his stubbornness, a trait which has catalyzed efforts to vote him out of office, might be responsible.

  2. Being a primary, New Hampshire counts votes. There are no “State Delegate Equivalents” or viability thresholds. The Democratic Party of New Hampshire decides how to apportion delegates based on the total number of votes cast, but the only number that matters to voters on Tuesday is the allotment their votes add to.

  3. New Hampshire does not rely on computers connected to each other, or to the Internet, to count votes. Votes for the primary are tallied by machines. Most of them were built by a company called Accuvote; the tallies are read aloud and tallied in public. Accuvote’s machines are never linked together, so someone can’t implant malware on one machine with the goal of infecting others. The machines are old. Close to 90 percent of all votes cast on election night will be placed into the Accuvote machines. About a third of New Hampshire municipalities use other machines that the state certified.

  4. New Hampshire has been transparent and open about its voting process security evaluations. It lists relevant documents online.

New Hamsphire isn’t perfect, here. Gardner won’t allow post-election audits, which angers local officials.

The state recently came up with a way to ensure that the individual machines are relatively tamper proof, but it relies on human beings to verify.

And since the machines have to be programmed ahead of each election, that programming is distributed via the Internet to local authorities ahead of the vote. If someone wanted to mess around with all of the machines, they could hack into the programming instructions that are then uploaded to the machines individually. That this did — or could — happen is highly unlikely, but the vulnerability remains.

The memory cards that store the tabulations for each machine are collected and secured after the vote. All recounts would be overseen by Gardner, which has historically rankled local election officials, many of whom want to take extra steps to ensure an accurate count.

State law does not require automatic recounts. (All of the ballots are kept in the case of a statewide recount, which would have to be requested by, and paid for, a candidate. This could take weeks. But it would be transparent.)

A final potential point of concern: New Hampshire now allows its localities to use electronic polling books to check in votes. The State certified vendors, and cities and towns can choose whether to try one of the new electronic methods or stick with off-line voter books. It hired a firm to make sure that communication between the ePollbooks are encrypted. This is a new system, though, and although electronic polling books are designed to speed up the process of signing in voters, there may be glitches and delays. It’s not clear whether local officials have been trained to prevent intruders from trying to tamper with their access to the state voter rolls, which are updated daily.

Those of us who live in California are used to waiting hours, and even days, before knowing the winner of many local elections. Such is life. Call it the California chill-out. But news anchors and Steve Kornackis are impatient creatures — no shame, though. Counting ballots by hand takes time, and if the race is close next Tuesday, we may not know who wins until Wednesday. Prepare for that!

Lessons From Iowa: Secrecy Isn't Security

First, today’s tips.

Use two-factor authentication in life. If you get an e-mail from someone you know, and you’re not expecting it, use a second factor to check to make sure that the person it seems to come from actually sent it. Reporters do this now, and it’s a useful habit to develop. Iranian hackers are spear-phishing academics and others by pretending to be known journalists. Be mindful.

Twitter leans forward. Take time to read their new policies about synthetic and manipulated images. It has nuance but it also reflects clear-thinking. And remember: if someone spreads information about elections that can interfere with the integrity of the process, Twitter might ban the account. Of course, bad information will spread rapidly before Twitter can do its investigations, so this can’t be a panacea.

What can you say about Shadow’s app that the developer hasn’t already said?

One point: The Iowa Democrats did not want the developer’s identity known, they said, in order to prevent would-be intruders from trying to hack in to the software.

This was a huge mistake; open-source software is not unsecure software; as Zeynep Tufecki notes, often, because open-source software, developed, tested and iterated in public, is the safest and most secure software there is. Somehow, somewhere, someone, with good intentions, conflated secrecy with security, and that proved to be a catalyst for disaster. Point two:

“Anything developed this rapidly that has not been properly stress-tested—and is being used in the wild by thousands of people at the same time—is likely to crash the first time it is deployed.”

This was a known known. Why the Iowa Democrats did not anticipate this is a genuine question.

What I can say about the night of the caucuses: the Iowa Democratic Party either lacked or did not deploy a crisis communications plan, and they did not effectively counter disinformation or misinformation. A crisis comms plan would incorporate both the likeliest disaster (and this was foreseen) and allow for black swan catastrophes; it would force the party leaders to devote bandwidth during their scramble to collect and tabulate the votes to explain to people on all social/digital and legacy platforms what was happening, what wasn’t happening, and how they would communicate with the public going forward.

A few terse and defensive statements do not a crisis plan make. And this vacuum leaves room for people to create conspiracy theories out of whispers (It was a Pete put-up-job), all of which happen and rapidly spread.

Speaking of Charlie Kirk, a false claim he spread before Iowa about — FALSE CLAIM AHEAD — how the number of active voters in certain Iowa counties exceeded the number of people of voting age. FALSE CLAIM DONE. Judd Legum has a nice frame for how to combat that sort of misinformation. (It became disinformation quickly — 40,000 people retweeted the false claim!). Notice how Legum does NOT initially repeat the false claim. This is important.

Disinformation paralyzes. Whatever residue of trust that people might have had in the caucus process has been scraped away by a royal flush of human error, technology problems, the social infrastructure that was built to exploit carnage, and malicious actors who know that the best way to own the other team is prevent the other team from even taking the field.

How to Fortify Your WhatsApp, Like Now

Today I had planned to discuss two digital security education initiatives I’ve been helping stand up. One focuses on the education of journalism students. The other will find me traveling to all 50 states to work with state and local officials, and campaign officials, to help fortify them against malicious digital attacks, misinformation and disinformation. More of that tomorrow.

We have to stick with the headline of the day, because so many people (1.5 billion!) across the world use WhatsApp to communicate sensitive information. I have an equity here I must disclose: I consulted for WhatsApp when it launched its end-to-end encryption process. However, I confess that I also use several other encrypted chat apps for my own work.

It’s not likely that the Crown Prince of Saudi Arabia will allow himself to be the vector by which a malware implant is routed to your mobile device, but the case of Amazon CEO Jeff Bezos is extraordinarily instructive for everyone.

We do not know, precisely, how the malware that exfiltrated Mr. Bezos’s personal data and photos lodged itself in the root firmware of his phone. We know that WhatsApp was the medium, and there are hints that Bezos did NOT have to click a link that MBS sent him. Eesh.

What most people forget, though, is that the auto-download settings — the same type of Autodownload settings that your mail client uses — take stuff that’s sent to you through WhatsApp…. moves it out of the part of your phone that is running the app … and deposits it where you’ve specified. MP4s and photos might go directly into your “Photo” container. Think for a moment about how active that “place” - be it physically located on your hard drive or somewhere in the cloud, or both — must be. You use photos (and by extension, your camera app) for so many other other things. Apple doesn’t really have a way to scan everything that comes out of the WhatsApp part of your phone for malware, because that would require your phone to either have a dynamic directory of suspected signatures, or connect to a cloud that interrupts the end-to-end encryption process. In any event, here’s what you need to do if you use WhatsApp to chat about stuff you don’t want other people knowing about.

  1. Turn off the autodownload settings.

  2. Go into your iCloud back-up settings (in Settings), scroll all the way down to WhatsApp, and TURN OFF YOUR CLOUD BACK-UPs. They are NOT encrypted.

  3. Regularly clear your conversation cache.

Of course, if you need to keep a conversation, or you need to download something, do that on a case-by-case basis.

What happened to Jeff Bezos is scary. It might have been preventable.

Google's Good Deed

This newsletter — Ok, my conceptual identity* — hasn’t been kind to Google and other platform companies and tends to not want to give the companies the benefit of the doubt when they announce advances in security. (Facebook moving towards end-to-end encryption as a business strategy still has been scratching the noggin.)

One complaint I’ve had (and voiced) is hat Google, Facebook and Twitter still make it hard for you to really and truly, with a few simple clicks, meaningfully make your accounts more secure. You’ve still got to click on a lot of links and make a lot of small choices and figure out whether you want (for example) your YouTube browsing history to influence the ads you see on Instagram.

Well today, Google announced an initiative that, if a lot of people adopted it, would make virtually all gmail accounts much less susceptible to spear-phishing attempts. Starting today, anyone can enroll in Google’s advanced protection program, which they had heretofore offered only to “high risk” folks, like politicians and campaign workers and celebrities.

In essence, it allows you to easily enable two-factor authentication for your Google Account, AND Google monitors efforts to break into your accounts. I still use a key for two-factor authentication, because keys are the safest way, but it is true that, for some, keeping a physical security token or a key isn’t convenient.

The upside: it took me less than one minute to enable this protection.

The downside: it only works on Chrome.

This is important. Campaign workers, journalists, election officials, and anyone else should consider accepting Google’s invitation. It will help secure the digital commons.

A few short items:

  • We are product-agnostic here at the newsletter.** 1Password’s two-factor authentication protocols are also good to use, if you use that app as a password manager.

*Newsletters can’t speak. Humans can.

** The royal “we” is actually just one person. Me.

Loading more posts…