About David Strom

David Strom is an old hand at enterprise IT, having worked in the industry from the early days of the PC. He has developed numerous print and Web publications for IT managers and developers and writes for SecurityIntelligence.com and Inside.com/Security

Thoughts about live tweeting during arts performances

I realize that I come very late to this issue, but I recently discovered that many theatrical venues are actually encouraging live tweeting of their performances, and have done so for many years. As someone who speaks professionally and encourages live tweeting, I feel somewhat conflicted about this. Granted, my speeches are more than just cultural events — or at least I would like to think so — but still, there are plenty of people in my audiences who are using their phones while I am on stage.

The key event was an article in the NY Times this week about the practice. As I said, it has been going on for many years. One of our local opera companies puts on an annual Twitter invitational performance, inviting social media influencers to attend a single performance gratis and tweet away during the show.

This is a growing trend, and theatrical companies in numerous cities such as San Francisco, Palm Beach and Sacramento have established a separate seating section in their auditoriums called tweet seats where folks are encouraged to use their phones during the performance. Some even have set up monitors in the lobby displaying the tweets during intermission. Again, this mirrors many conferences that I have been to where the collected live tweets are displayed for all to see. Part of my job as a reporter covering a conference is to live tweet the event. I have to admit that I get excited when I see my tweets are trending and liked by other attendees.

I think it is getting harder to make a distinction between live tweeting in certain venues — such as a ball game or a professional conference — and in others, which just makes the issue more complicated.

I asked a friend of mine who runs a New York theater company what he thinks of live tweeting and using devices during his performances. “This is a huge problem. People record our shows on their phones all the time, AND they are now offended that you ask them to turn OFF their phones. I pretty much felt like that was the end of civilization as I knew it.” My friend told me that he “actually has had to crawl down aisles to stop people from texting or recording.”

The Times story notes situations where many Broadway actors have taken the phones out of the hands of audience members or stopping the show to berate the phone’s owner. My friend echoes this with his own experiences.

There seem to be several issues here:

  • Should cellphones and other devices be banned completely from live performances? It used to be that devices were banned as a distraction for the cast and other audience members, either because of the lit screen or because someone was actually on the phone during the show. But now that most phones have video cameras, it is a larger issue. An artist or theater company has a right to control their recorded performance.
  • Should an artistic company encourage live tweeting? I kind of get it: especially for opera, its audience is aging rapidly, and having live tweeting is a way to show they are hip and relevant and seed interest in a younger crowd that may attend other shows. Of course, for those shows they might be forced to just watching and listening. My friend has further commentary: “To be honest, my only objection is the fact that a huge portion of the artistic process is reflection — that moment to think about what you really feel about something that was presented.  A knee-jerk reaction isn’t enough. You need to pause and really connect to a feeling. As a frequent theatergoer, I’m not sure sometimes how I feel until the next day or several days later after I have seen a performance.” He makes a good point.
  • Is this a problem just for the millennial generation? I think it is applicable to all ages. Our attention spans have gotten shorter, our focus is less in living in the moment and more about sharing it with our “audience” and “developing our brand.” Indeed, this is the plot line of a new novel I am reading (Follow Me, out in February).

I welcome your comments and thoughts about this.

HPE blog: Top 10 great security-related TED talks

I love watching TED Talks. The conference, which covers technology, entertainment, and design, was founded by Ricky Wurman in 1984 and has spawned a cottage industry featuring some of the greatest speakers in the world. I attended a TED Talk when it was still an annual event. I was also fortunate to meet Wurman when he was producing his Access city guides, an interesting mix of travelogue and design.

This is an idiosyncratic guide to my favorites TED Talks around cybersecurity and general IT operations, plus some of the lessons I’ve learned. Security TED Talks look at the past, but the lessons are often still relevant today.  (Shown here is Lorrie Faith Cranor, who gave a great talk on passwords.) Moreover, what might seem like a new problem has often been around for years.If you get a chance to attend a local event, do it. You will meet interesting people both on and off the stage.

Protecting your digital and online privacy

I gave a talk at our local Venture Cafe about this topic and thought I would summarize some of my suggestions in a blog post here. We all know that our devices leak all sorts of personal data: the locations and movements of our phones, the contents of our emails and texts, the people with whom we communicate, and even the smart devices in our homes are all chatty Cathys. There have been numerous articles that describe these communications, including how an app for the University of Alabama’s football team tracks students who agree to divulge their game attendance in return to obtain rewards points for college merch (see the screenshot here). Another NY Times story analyzed the tracking resources when a reporter visited dozens of different websites. The trackers from these sites were able to determine where the reporter lived and worked and could collect all sorts of other personal information, including finding out when women who were using phone apps to track their monthly periods were having sex.

Most of us have some basic understanding about how web tracking cookies work: this technology is decades old. But that era seems so quaint now and the problem is that our phones are powerful computers that can track all sorts of other stuff that can be more invasive. It also doesn’t help that our phones are usually with us at all times. Reading the two NYT pieces should make anyone more careful about what information you should give up to the digital overlords that control our apps. In my talk I present a few tools to fight back and provide more privacy protection. They include:

  • Monitor your Wifi usage and then choose the right VPN that offers the best protection. Open Wifi networks can collect everything that you are doing online: you should find and use the right VPN to at least encrypt these conversations. The problem is many VPNs are owned by Chinese vendors or that collect other information about you. Two studies are worth reviewing: one by Privacy Australia which has a nice analysis of which are faster performers and one by Top10VPN which goes into details about who owns each vendor. I use ProtonVPN on both my phone and laptop.
  • Choose passwords carefully and use a password manager. I have made this recommendation before, do take it seriously if you still are a hold out. Reusing passwords is the single biggest mistake you can make towards compromising your privacy. I use LastPass on all my devices.
  • Change your DNS settings to provide additional protection. There are now numerous alternative DNS providers that can help encrypt and hide your web traffic, as well as provide for faster connections. Cloudflare has two tools, including its 1.1.1.1 DNS service and its Warp phone VPN service. Both are free.

In my talk I also have several main strategies towards better privacy protection. These include:

  1. Eliminate very personal data on social media, such as your real birthday and other identifying information. Be careful about future posts and whom you tag on your social media accounts too.
  2. Delete the Facebook Messenger phone app: it scraps your entire contact list and uploads it to Facebook. Don’t use social media identities as login proxies if you can avoid them.
  3. Audit your phones regularly and eliminate unneeded apps. Know which ones are leaking data and avoid them as well. The app Mighty Signal will report on what is leaked.
  4. Set up your phone for optimum privacy protection. This involves several steps, including updating to the latest iOS and Android OS versions and enable their latest privacy features, such as stripping photo location metadata and blocking unknown callers. A good place to start is to use the JumboPrivacy App to further restrict your data leakage too: it will recommend the most private settings for you, given how complex the average phone app is these days and how hard it is to figure out how to configure each app appropriately.
  5. If you are truly concerned, move to a different browser and search tool, such as Brave and DuckDuckGo that offer more privacy protection. Yes you will give up some functionality for this protection, so you have to weigh the tradeoffs of utility versus protection.

This seems like a lot of work, and I won’t deny that. Take things one step at a time, and change one habit and understand its consequences (including loss of functionality and convenience) before moving on to making other changes. Too often folks can easily get overwhelmed and then retreat to old habits, nullifying these improvements. When you have a choice, pick technologies that are easier to manage and implement.

Do let me know what your own experiences have been along this journey too by posting a comment here if you’d like.

 

RSA blog: Are you really cyber aware?

It is once again October, and cybersecurity awareness month,. Last year I wrote a blog post for RSA that mentioned four different areas of focus:

  • More comprehensive adoption of multi-factor authentication (MFA) tools and methods
  • Ensuring better backups to thwart ransomware and other attacks
  • Paying more attention to cloud data server configuration
  • Doing continuous security awareness training

For this year’s post, I re-examine each of these areas, chart progress and trends, and offer a few new suggestions. Attackers have gotten more determined and targeted and software supply chains have become more porous and insecure. What is clear is that security awareness remains a constant battle. Standing still is admitting defeat. Chances are you aren’t as aware as you think you should be, and hopefully I have given you a few ideas to improve.

The worldwide spread of government-sponsored social media misinformation

For the past three years, researchers at Oxford University have been tracking the rise of government and political party operatives who have been using various social media tools as propaganda devices. Their goal is to shape and undermine trust with public opinion and automate dissent suppression. This year’s report is chilling and I urge you to read it yourself and see what you think. It shows how social media has infected the world’s democracies on an unprecedented scale.

The researchers combed news reports and found evidence of what they call “cyber propaganda troops” in 70 different countries, with the most activity happening in Russia, the US, Venezuela, Brazil, Germany and the UK.  This is a big increase in the number of places where they found these activities a year ago. In 44 countries, they found evidence of a government agency or members of political parties using various automated tools to help social media shape public attitudes. “Social media has become co-opted by many authoritarian regimes. In 26 countries computational propaganda is being used as a tool of information control.” Azerbaijan, Israel, Russia, Tajikistan and Uzbekistan have taken things a step further: there student groups are hired by government agencies to use digital propaganda to promote the state’s ideology.

You would expect that these techniques would be employed in dictatorships and in countries with less than stellar press freedoms and democratic records But what is interesting about their study is the few places that we would consider democracies where they didn’t find any evidence of any systematic social media tampering, such as in Canada, France, and Norway. The authors don’t say why this is the case, whether from a lack of research resources or because those places haven’t yet gotten on the state-controlled social media bandwagon.

“Until recently, we found that China rarely used social media to manipulate public opinion in other countries,” they state in their report. Prior to this year, China focused on manipulating its home grown social media platforms such as WeChat and QQ. That has changed, and now Chinese state-sponsored agencies are branching out and can be seen operating in other parts of the world, using Facebook and Twitter. “China is turning to these technologies as a tool of geopolitical power and influence.”

One thing the Oxford researchers didn’t examine is how the practice of using fake followers of major political figures has spread. This analysis was done by SparkToro. As you can see in the above graphic, Donald Trump and Jerry Brown have half or more of their Twitter followers by bots and other automated programs. There are other political figures elsewhere that have high fake proportions too.

It is sadly ironic that the very tools that were created to improve communications and bring us closer together have been so successfully subverted for just the opposite purposes by various governments. And that these tools have become mainstream elements in so many places around the world.

CSOonline: 5 trends shaking up multi-factor authentication

Analysts predict that the multi-factor authentication (MFA) market will continue to grow, fed by the demand for more secure digital payments and rising threats, phishing attacks and massive breaches of large collections of passwords. This growth is also motivating MFA vendors to add new factor methods (such as some of the newer hardware tokens shown here) and make their products easier to integrate with custom corporate and public SaaS applications. That is the good news.

The bad news is twofold, and you can read my latest update for CSOonline on MFA trends here to find out more about how this market has evolved.

FIR B2B podcast#128: More SEO Secrets with Charley Spektor (Part 2)

This is the second of our two-part interview with Charley Spektor, principal at Saratoga B2B Group. Charley and his business partner, Paul Desmond, combine SEO and quality content to produce sustainable lead generation for B2B clients. In this second podcast, we discuss some of the practical tools that marketers can use to improve their SEO operations, common mistakes that marketers makes when trying to improve their SEO results, how to provide the best content mix to deliver solid leads and how to stay ahead of the constantly changing technology.

You can listen to part 2 of our interview here:

You can find part one of the interview here.