All posts by Paul Stradling

News

Tech Insight : Politicised PayPal Problems

After PayPal first announcing that it would fine customers for using its services to spread misinformation and then, following a backlash, saying this had been an error, we look at what happened and why.

Policy Update – Fines For Misinformation 

Just over a week ago, PayPal was reported to have published an update to its ‘Acceptable Use Policy’ which said that customers would be banned from using PayPal’s services for “sending, posting, or publication of any messages, content, or materials” promoting misinformation. The policy was also reported to have said that customers would have to pay damages of $2,500 for each violation, effective as of Nov 3.

Backlash 

The policy changes threatening fines for misinformation led to a backlash on social media with accusations that PayPal was censoring speech. Tweets of criticism also came from former president of PayPal David Marcus, and PayPal’s founder Elon Musk.

Also, the announcement reportedly led to some users deleting their accounts and being urged to do so by some US Conservative politicians.

Back Pedal 

No sooner had the backlash begun when PayPal announced that the policy update was simply an error. An email from PayPal spokesperson Justin Higgs was quoted online (The Washington Post) as saying “PayPal is not fining people for misinformation and this language was never intended to be inserted in our policy. We’re sorry for the confusion this has caused.” 

He was also reported as saying that PayPal’s user agreement has long contained a section which says that PayPal can “take funds of up to $2,500 or local equivalent from an account for each violation of the Acceptable Use Policy.” 

Politics – Anger From The Right In The US 

Many commentators have highlighted how the immediacy and fury of the backlash came mostly from the right, i.e. US Conservatives / Republicans and those associated with the far-right. This can be traced back to a long-running claim by right-wing politicians that powerful tech/digital companies, especially Twitter (which banned Trump) have blocked conservative opinions.

There also remains negative sentiment among many on the political right over the US election, i.e. that their claims that President Biden didn’t win, and other related conspiracy theories were not supported by social media companies. For example, Twitter flagged many of Donald Trump’s tweets as ‘misinformation.’

COVID, Infowars & Gab 

Global social media companies like Twitter and Meta also faced a challenge in removing and fact checking COVID misinformation, and faced right-wing anger as a result, e.g. many of Trump’s supporters believed COVID was a hoax.

Also, PayPal became a particular focus of right-wing conspiracist anger after it banned Infowars and Gab back in 2018. Infowars is known as a site that contains many conspiracy theories, its founder being Alex Jones who has recently been in the news for being fined $1 billion over his claims that the Sandy Hook school shooting was a hoax. Gab is a social network that is associated with white supremacists.

What Does This Mean For Your Business? 

Although Twitter’s Acceptable Use Policy may have long contained details of possible fines for violations, it is strange that PayPal would publicly update a policy in such a specific way in error. Some commentators have suggested that it may have been a (high risk) way of floating an idea for tackling misinformation. However, as shown by the right-wing backlash in the US, powerful tech/digital companies still face a lot of anger and accusations of political bias and stifling free speech and right-wing views. Tech/digital companies, therefore, tread a difficult path in calling out conspiracies and misinformation which have been accepted as fact among many with right-wing views in the US. PayPal’s banning of Gab and Infowars made it a target of anger several years ago. Many accept, however, that there is a clear difference between free speech and spreading misinformation and hate speech, and eradicating these from social platforms in particular would be helpful but inevitably, in what some see as a ‘post-truth’ era, even this idea can face serious opposition.

News

Featured Article : WhatsApp For Business?

In this article, we look at the features, pros and cons of the business-focused version of WhatsApp.

Launched in 2018 

The business-focused Android version of ‘WhatsApp Business’ was launched in January 2018 in the UK, and the iOS version was launched in early 2019. Available for free, but with pricing per message and a cost for the API, the app is specifically aimed at the needs of small businesses, which account for 99.3% of all private sector businesses in the UK (FSB).

Connect Small Businesses With Their Customers 

At the time of its launch, Facebook-owned WhatsApp said that it wanted people to use WhatsApp to connect with small businesses, and that the new ‘WhatsApp Business’ would make it easier for companies to connect with customers and offer a more convenient way for the 1.3 billion WhatsApp users to chat with businesses. WhatsApp describes it as “a simple tool for businesses to talk to their customers.” 

Why It Was Launched 

Since Facebook acquired WhatsApp in 2014 for $22 billion, the company had been looking for ways to monetise the app which, although was developed for use by individuals, was being widely used by people in business, and in large and small organisations as a collaboration tool for staff.

WhatsApp also wanted to gain a march on rivals in what had become a battle for the attention of consumers by messaging apps including Apple’s iMessage, Facebook’s Messenger, Kik, Slack for business, and others.

What Can It Do? 

Some of the key features and benefits of WhatsApp Business include:

  • Business Profiles: to help companies to provide useful information to customers, e.g. business description, email or store addresses, and website. This helps customers to be confident that they are communicating with the right business.
  • Business Smart Messaging Tools: to enable companies to respond quickly with answers to frequently asked questions, also greeting messages to introduce customers to the business, and away messages that let them know you’re busy. Quick responses can help give the right impression, help with sales-conversion, and stop customers from going to competitors.
  • Landline/Fixed Number Support: WhatsApp Business can be used with a landline (or fixed) phone number and customers can message that number. This makes communication more convenient and stops businesses missing out on enquiries.
  • WhatsApp Business and WhatsApp Messenger can be run on the same phone, with each app having their own unique phone number. This makes them very convenient for business owners to operate and enables quick responses and the chance to make the most of opportunities as they arise.
  • Messaging Statistics: simple metrics like the number of messages read to see what’s working. This can give businesses a way of measuring and monitoring the effectiveness of the app and can give valuable marketing insights.
  • WhatsApp Web: to enable the sending and receiving of messages with WhatsApp Business on the desktop (via WhatsApp Web). Again, this is a convenient feature for business owners.
  • Account Type: so that customers will know that they’re talking to a business because it is listed as a Business Account. This can become a Confirmed Account later (similar feature to Twitter’s verification process), and once confirmed, the account phone number will match the business phone number. This helps with customer confidence and can, therefore, help with customer conversion.
  • WhatsApp allows users to send photos, it has end-to-end encryption security (an important feature for businesses), allows for easy document sharing (up to 100 MB), and allows for seamless syncing of your chats to your computer so that you can chat on whatever device is most convenient. The security aspect of the encryption is a big attraction to businesses and, being able to send photos and other media makes it easier to conduct businesses and help with buying, selling, and customer support while on the go.
  • WhatsApp Business is built on top of WhatsApp Messenger and, therefore includes all the popular features that users are already familiar with, e.g. the ability to send multimedia, free calls, and free international messaging (depending on the user’s provider), group chat, offline messages, and much more.

Business-Focused Cloud API For WhatsApp Business Too 

Back in May, Meta’s WhatsApp also announced that it was opening WhatsApp to all businesses and developers with a new cloud-based API service. WhatsApp Cloud API, on the WhatsApp Business Platform, offers businesses secure cloud hosting services provided by Meta and the new API (application programming interface) allows apps to communicate with each other. This means that businesses can, for example, build-in a customised customer service chat feature to their website that uses a customised version of WhatsApp (built directly on top of WhatsApp), accessible via a dashboard, for the conversation. Previously, businesses had been set up on the non-cloud version, including Vodafone, BMW, and KLM.

Concerns And Disadvantages of WhatsApp Business 

Some of the concerns and disadvantages around WhatsApp Business include:

– Secuity and privacy concerns. For, example, Kaspersky recently reported uncovering malicious versions of a WhatsApp messenger mod known as YoWhatsApp and WhatsApp Plus that were being used to spread the Triada mobile Trojan and steal WhatsApp access keys.

– Also, back in 2020, a Business Insider Report highlighted how third-party apps may be exposing some data and details of the activity of WhatsApp users. Concerns have also been expressed by some that WhatsApp Business automatically reads all a user’s saved contacts and phone numbers that are stored.

– Concerns that WhatsApp Business lacks the advanced sales and service functions of WhatsApp API.

– Limitations of employee accounts and devices. For example, one account can be linked to five devices, but the devices are all linked to the same number. This could create confusion in communications, i.e. who has answered which customer question.

Other Business-Focused Services 

Other business-focused services recently announced by Meta also include:

– A ‘Recurring Notifications’ service (available on Messenger  and also available for businesses on Instagram by autumn) to help businesses re-engage people in the right messaging thread, choose the topics that people can opt-in to, and how often customers can hear from the business.

– Communities on WhatsApp which will enable users to bring together separate groups (e.g., schools, local clubs, and non-profit organisations, and businesses) under one umbrella with a structure.

– Reactions – a set of six different emojis (a red heart, thumbs up, laughter, a sad face, a surprised face/wow, and a “thanks” emoji) that can be used in busy group chats, e.g., as part of ‘Communities’.

– Improved voice messaging services on WhatsApp.

What Does This Mean For Your Business? 

Many businesspeople and their customers use WhatsApp on a regular basis anyway – WhatsApp is the most used chat app in the UK – and are already familiar with its functions and benefits. Many tech and business commentators are also saying that 1:1 messaging is the future of personalised commerce and post-purchase customer service. It makes sense, therefore, that Meta would make the step to a business version to provide a way to monetise the app and then to expand the business aspects of the app to fight powerful post-pandemic competitors and create new sources of revenue other than advertising.

Many smaller business users may already be happy using the free existing version and are aware of its benefits, i.e., wide user-base, the speed and versatility of communications and security (end-to-end encryption). However, Meta has been expanding its businesses services, and many businesses, 4 years down the line since its introduction, may still not be aware of the extra value they could get from the features of WhatsApp Business. There are many possible applications for WhatsApp Business, such as KLM’s use of the app for flight confirmations and updates, brands using the app on competitions, and WhatsApp Business could work well in industries such as hospitality. WhatsApp Business could also provide a perfect way to enable customers to book a hotel room, get customer support, and even access an on-site member of staff such as a concierge. Retail brands could use the app for many purposes in addition to just shipping confirmations, and WhatsApp is well positioned enough, and widely used enough to provide opportunities for businesses worldwide to improve their communication and relationship marketing.

More recently, Meta has tried to use WhatsApp Cloud API as something to tempt more businesses into taking the plunge with WhatsApp Business. Cloud API, for example, available through WhatsApp Business can offer businesses a fast and uncomplicated way to set up a secure and scalable direct messaging channel with customers that could boost sales in a changing environment where fast messaging responses are now expected by customers. WhatsApp Business, therefore, is still something that many smaller businesses may not have had a serious look at yet but aspects like Cloud API and other features that Meta will no doubt add may start tempting more businesses to look at how competitors are benefitting from its features, and how they could add value to their own business.

News

Sustainability In Tech: The Challenge Of Verifying Supply Chain Green Claims

With sustainability credentials ever more important to stakeholders, we look at how IT buyers can ensure that the green claims made by those in their supply chain can be trusted.

The Greenwashing Challenge 

One of the main challenges buyers face is ‘greenwashing’ whereby supply chain companies may create a false impression about how sustainable they are in order to win business. Buying from a supplier that is found to be greenwashing will leave the buyer’s company open to questions about their own green claims, could lead to legal/regulatory problems, and reputational damage. It could also require the buyer’s company to revise their own emissions reduction or circular economy targets.

Some of the general warning signs of greenwashing in a supplier can include the use of vague or unclear terms e.g., ‘all natural’ or ‘eco,’ potentially misleading descriptions, the use of logos/labels that aren’t from accredited associations, and claims that don’t match up with sector-specific laws.

Ways That Sustainability Claims Can Bed Checked And Verified 

Some of the many ways that IT buyers can check and verify the green credentials of supply chain companies include:

– Prepare and ask a series of questions e.g., what share of the energy they use is renewable? What are their lifecycle emissions figures? What verification of human rights in their supply chains do they have?

– Check claims against the UK government / Competition and Markets Authority (CMA) Green Claims Code (6 key points: https://greenclaims.campaign.gov.uk/.

– Check whether the supplier’s data is published alongside their claim.

– Look at what (if any) voluntary standards they adhere to and what these standards really mean.

– Look for labels or logos on company literature / online / on products which identify them as environmentally friendly, and check annual reports, mission statements and website corporate social responsibility pages for details of the supplier’s environmental policies and practices.

– Check whether they adhere to sustainability models and guidelines e.g., factors of sustainability.

– Check with the list of businesses with sustainable practices held by trade associations e.g., the FSB and British Chamber of Commerce.

– Look them up in relevant directories e.g., World Fair Trade Association.

– Check sustainability disclosures e.g., climate related financial disclosures.

– Look at your suppliers’ suppliers i.e., tier 2, or tier 3 suppliers.

– Look for third-party verification e.g., finding out by asking questions or looking at company reports / published content to see if they’re signed up to the UN-backed Race to Zero, or whether they’ve adopted the Human Rights or Greenhouse Gas Protocols, and many others.

– Research what green initiatives the supplier belongs to or supports.

– Look for recognised, audited accreditation e.g., ISO 14001, or whether they are a member of an accredited ethical scheme such as Worldwide Responsible Accredited Production, Green Mark, and Green Accord.

What Does This Mean For Your Organisation? 

The accuracy of a company’s own green claims are important from a truly ethical, legal/regulatory, and business perspective and one of the ways IT buyers can reduce the risk of their company suffering in those areas is due diligence in checking supply chain green credentials. Greenwashing is quite common so having a well-thought-out checking procedure in place, which includes asking the right questions can help IT buyers to make good choices which protect and validate their own company’s sustainability claims.

News

Security Stop-Press : Beware Malicious WhatsApp Lookalike Apps

Kaspersky has warned users about the dangers of malicious WhatsApp knockoff apps YoWhatsApp and WhatsApp Plus. Although both appear to offer the same functionalities as the real WhatsApp, they are reported to be able to download the Triada Trojan to smartphones, and steal legitimate WhatsApp’s access keys, thereby giving attackers access to the user’s real WhatsApp account.

The advice is not to visit suspicious websites, and not to use unofficial clients for messaging apps, or to download hacked versions of programs via torrents.

News

Tech Tip – Save Time In Gmail By Using ‘Smart Compose’

If you regularly use Gmail, switching-on ‘Smart Compose’ in your Gmail settings can enable time-saving predictive writing suggestions to appear as you compose an email. Here’s how to switch it on:

– In Gmail, top right, click on the cog icon – Settings > See All Settings.

– Scroll down and ensure ‘Smart Compose’ is toggled on.

– While composing an email, if the predictive suggestions look good, click on the ‘tab’ key to accept them, and they will automatically be added (saving you time).

– To make Gmail’s predictive suggestions more relevant and closely related to your writing style, in the same section of ‘See All Settings,’ toggle on ‘Smart Compose personalisation.’

News

Tech News : 60-Sec AI Scan Now Predicts Your Heart Disease

A new AI-based 60-second retina scanning tool can predict a person’s risk of heart disease by looking at the veins and arteries in their eye.

Level Of Risk Revealed By Looking At Blood Vessels

The test findings of the new ‘Quartz’ tool, published in the British Journal of Ophthalmology, show that the AI software takes only 60 seconds to be able to tell if person’s risk of cardiovascular disease, cardiovascular death, and stroke is higher than expected, and what level the risk is. The non-invasive AI tool arrives at its conclusions by analysing the total area of the retina covered by arteries and veins, and their tortuosity/bendiness, because these factors are known to be related to heart health.

Comparable  

In tests, the QUARTZ (“QUantitative Analysis of Retinal vessels Topology and siZe”) AI software’s risk level assessments were found to have “comparable performance” with the current Framingham Risk Score test’s (FRS) standard 10-year risk predictions.

Trained 

The AI software was trained by the St George’s, University of London research using scanned images from 88,052 UK Biobank participants aged 40 to 69. It has been noted, however that 96 per cent of these scan images were from white people and that this bias would need to be addressed to make the tool more accurate for different ethnicities.

The Value and Benefits 

If rolled out, e.g. given high street availability through opticians, the 60-second AI scanning tool would be a fast, fully automated, low cost, non-invasive way to reach a higher proportion of the population. This could mean improved cardiovascular health in the UK, with saved lives through spotting problems early then enabling appropriate treatments and medication to be given.

Similar 

The idea of analysing retina scans to spot health problems is not new. For example, back in 2018, an AI-based retina scanning tool for spotting diabetic retinopathy was approved for use in the US.

What Does This Mean For Your Business? 

This story shows that AI has benefits not just for business but can be extremely useful in areas such as health due to its ability to carry out complex tasks, quickly. This enables saving time, money, and creating innovative new ways to deliver value-adding, accurate results in fully automated ways (freeing up other resources). The comparable performance of the QUARTZ AI tool with existing methods like FRS is very promising. Also, the fact that such a tool could be given high street availability could prove to save many lives and is an example of how technology such as AI is transforming service delivery and outcomes in a way that can improve upon existing methods.

News

Tech News : Universal Charging Cable Gets EU Vote

Following a provisional agreement in June, the European Parliament has voted in favour of a law to ensure that all devices have a single universal charger.

Why? 

Back in June, the EU Parliament highlighted the following reasons why having a single universal charger is necessary:

– Consumers currently face the inconvenience and costs of needing a different charging device and cable every time they purchase a new device. Having one universal charger for all their small and medium-sized portable electronic devices will lead to more re-usage of chargers and will help consumers save up to 250 million euros a year on unnecessary charger purchases.

– The need to make products in the EU more sustainable, and to reduce electronic waste. For example, disposed-of and unused chargers are estimated to represent about 11,000 tonnes of e-waste annually.

– The need to harmonise charging speeds for devices that support fast charging, allowing users to charge their devices at the same speed with any compatible charger.

Vote For A Common Standard : USB Type-C 

The recent European Parliament vote resulted in 602 votes in favour and 13 against (8 abstaining) for a law to require device makers (phones and tablets) to ensure that a single USB Type-C type charger can be used for all devices by 2024 across the 27-nation bloc of the EU.

Under the new rules, laptop manufacturers will also have to make the same change by 2026. It is expected that EU member states will approve the result of the vote on 24 October, whereupon it will be written into EU law.

What Will It Apply To?

The devices that will need to have the single USB-C connectors (normally found in Android devices) are mobile phones and digital cameras, tablets and e-readers, mice and keyboards, GPS devices, headphones, headsets and earphones, handheld videogame consoles, and even portable speakers.

What About Apple? 

Apple, which has its own “Lightning” connector originally objected to the idea saying that it “stifles innovation” and would “harm consumers” in Europe and around the world. However, under the new law, when it comes into force, Apple too will have to change its charging port for iPhones and other devices and is, therefore, likely to be the manufacturer most affected.

What About The UK? 

Since the UK is not in the EU and has said that it is not considering replicating the EU’s idea, a similar UK law is unlikely to be introduced in the near future. However, a parliamentary report from December 2021 stated that “the new requirements may also apply to devices sold in Northern Ireland under the terms of the Northern Ireland Protocol in the Brexit Agreement”. 

What Does This Mean For Your Business? 

Having just one type of charger for all devices clearly sounds as though it could save EU consumers an estimated 250 million euros and a lot hassle managing multiple of cables at home or trying to find the right charger quickly, e.g. if a charger has been lost or broken. Clearly, the EU law will be unwelcome news for those companies who currently manufacture the many diverse types of chargers and for many retailers who currently derive revenue from the many different chargers and cables. For Apple, the EU’s decision also appears likely to cause problems and will force the company to come up with a potentially costly solution for its many devices. It may also push the company into the uncomfortable area of having to accept a third-party charger, instead of its own lightning connector. Many UK consumers are likely to be disappointed that the universal charger will not apply in the UK’s jurisdiction both from a convenience and an environmental point of view.

News

Featured Article : Forget Hacking, What About Tracking?

In this article, we look at the many different ways we are being tracked online, plus which measures users can take to avoid being tracked.

Why Are We Being Tracked? 

Internet tracking is used for a number of reasons, including:

– Improving user browser experiences on websites.

– For analytics to improve business performance and inform/feed-into marketing content strategies, and to monitor a website’s usability.

– To enable the targeting of users with advertising, and to generate revenue by selling data about our browsing activities.

Why Should We Be Concerned About Tracking? 

Some of the risks associated with tracking include:

– Privacy and security risks, i.e. our personal data being taken and potentially falling into the wrong hands / being used by cybercriminals, and companies building profiles of users based on sensitive information gained from trackers in websites.

– Matters of transparency and losing control of personal data. For example, where user data is stored and who has access to it is difficult to ascertain, and feeds into privacy and security worries.

– The possible contravention of a user’s legal rights and matters of consent. For example, GDPR, the California Consumer Privacy Act (CCPA) and Privacy Rights Act (CPRA) and others have meant that tech companies can no longer legally track everything that users do and share that data with multiple other third parties as they wish without permission. For example, in the UK, since GDPR’s introduction, websites must display cookie consent and privacy information displayed on the home page.

Most Websites Use Tracking Tools 

Over 80 percent of websites use one or more tracking tools (Epic) and reasons for private browsing may be to avoid having your browsing history recorded, perhaps being on a shared or public computer (to avoid being tracked by your browser), or to avoid downloading cookies (to avoid being tracked by websites), or to be able to sign into multiple accounts simultaneously.

How Are We Being Tracked? 

The different ways that your browsing and free searching behaviour on the web can be tracked include:

– IP address tracking. The IP address (a string of numbers), set by the ISP, is a way for each computer using the Internet Protocol to communicate over a network. The IP address is necessary for accessing the Internet so that web servers know where to send the information that’s being requested.

– Cookies. These are text files loaded into a folder on the user’s web browser by the sites they visit. Cookies record details such as users’ preferences, and the last time they visited the website. Session cookies are used when a person is actively navigating a website but tracking cookies can be used to create long-term records of multiple visits to the same site. From the user point of view, cookies can serve a useful purpose (e.g. for logins) or can be used for targeted advertising.  Google recently announced an end to its third-party (tracking) cookies within 2 years for its Chrome browser following similar, earlier announcements by Safari (Apple), Mozilla’s Firefox (Mozilla) and Brave.

– Signed-in accounts. The accounts a user is signed-in to (e.g. Google or Facebook) can also track what a user has viewed, liked and more.

– Agent strings. When a user sends a request to a webserver to view a website, the request comes with information about the user attached to the User-Agent HTTP header. This ‘agent string’ contains information such as the browser (type and version) and operating system being used.

– Web beacons. These web bugs / tracking beacons track how a user engages with a specific webpage, including the content a user clicks on.

– Mouse tracking / cursor tracking software that records online users’ mouse movements to reveal how they interact with a website.

– Session replay scripts, i.e. programs that record a website visitor’s activity, such as mouse movements, clicks, and scrolls.

– Favicons (super cookies). These work in a similar way to cookies but are more difficult to decline or remove.

– Browser fingerprinting. This involves gathering and combining a variety of information about a user’s device to create a unique online identity which can be tracked.

– Cross-device tracking. This is the matching up of a user’s browsing habits across devices.

Tracked By Mobile Apps 

All mobile apps gather basic data, e.g. the user’s phone number and email address. Also, users are now tracked by 60 per cent of the world’s most used mobile apps (i.e. harvesting and storing data generated through private conversations). 80 per cent of mobile apps collect data on messages their users send and receive.

In addition to trying to gather data, some mobile apps also try to collect cookies, and 50 per cent of them can access a user’s photos and videos.

How To Avoid Being Tracked 

There are many ways that users can try to avoid tracking, including using:

– Incognito/private browsing mode.
– Private Browsers and Private Browser Extensions.
– VPNs.
– Other privacy tools

Incognito Mode / Private Browsing 

Different browsers have different names for private browsing mode, e.g. InPrivate browsing (Edge), ‘Private’ for Firefox (Mozilla) and Safari, and Incognito for Google Chrome.

Switching to this browser mode loads a new private window. This means that the new window is not signed to any accounts so can’t be tracked by them, cookies are not used, and any browsing is not added to the browser history. In this mode, however, the user’s IP address can still be tracked.

Private Browsers 

Neeva is a new advert- and tracker-free search engine which has just been launched in Europe by former Google executive Sridhar Ramaswamy, using funding by investors. Neeva offers free-to-use search and a password manager, and VPN (for a subscription). Neeva also stresses that its searches are free from bias / corporate influence, suggesting a more impartial experience.

For a more detailed picture of how much tracking is taking place when visiting web pages, Neeva’s Chrome browser extension lists the trackers installed on web pages visited. See https://neeva.com/.

DuckDuckGo is a privacy-centred search engine / privacy browsing app, which is available as a download for mobile devices and a Chrome extension. DuckDuckGo retains a user’s privacy by not saving the user’s browser history, forcing sites to use encrypted connections, blocking cookies and trackers (including ‘hidden trackers’ before they load), and by stopping a user’s searches being sold to third parties for profiling and advertising.

DuckDuckGo employs Smarter Encryption which utilises a list of millions of HTTPS-encrypted websites, which has been generated by continuous crawling the of the web instead of crowdsourcing, thereby keeping it current. Also, DuckDuckGo’s Smarter Encryption enables users to be extra-secure in their browsing by being able to detect unencrypted, non-secure HTTP connections to websites and then automatically upgrading them to encrypted connections. See https://duckduckgo.com/.

Epic is a privacy and security focused, Chromium-based browser that blocks ads, trackers, fingerprinting, crypto mining, ultrasound, signalling, and offers free VPN (with servers in 8 countries). See https://www.epicbrowser.com/.

The Brave privacy-focused, Chromium based browser that is free and open-source. It blocks ads and trackers and allows users to use a Tor in a tab to hide history, and masks location from the sites a user visits by routing a user’s browsing through several servers before it reaches its destination. See https://brave.com/.

The Tor browser uses a distributed network (randomly selected nodes) to anonymise a user’s IP address and encrypts traffic. This makes it incredibly difficult for a user’s web traffic to be traced and very difficult for users to be tracked unless they reveal their IP address by enabling some browser plugins, downloading torrents, or opening documents downloaded using Tor. However, Tor is also used for accessing and is associated with the ‘dark web.’ See https://www.torproject.org/download/.

Private Extensions For Browsers 

Another option for users to try and maintain private browsing is to use an additional private browsing extension/add-on. Examples include:

– Privacy Badger. This is a free extension that gradually learns to block invisible trackers.

– Ghostery. This is a free, open-source privacy and security-related browser extension and mobile browser app that blocks ads and stops trackers.

– Cookie AutoDelete. This is an extension for erasing cookies for a browser tab when it closes.

– HTTPS Everywhere. This free, open-source browser extension automatically switches thousands of sites from “http” to secure “https” thereby protecting the user from many different types of tracking/surveillance and account hijacking.

VPNs – Will Using A VPN Stop You From Being Tracked? 

The short answer is no. Although a virtual private network (VPN) routes a user’s internet through another computer (where many other users of the VPN are using the same IP address) making tracking difficult, it does not stop tracking altogether.

A VPN makes a secure connection to another network over the Internet, encrypts traffic, and hides the user’s IP address. However, VPNs do not protect a user from being tracked, from cookies, from user-agent strings, or through the accounts they are logged into (e.g. Google), or from any VPN’s that keep logs of user activity and which could sell those logs to third parties. Also, some services discourage the use of a certain VPN, and VPNs can slow down the user’s Internet connection dues to the re-routing and encrypting through the VPN server.

Other Privacy Tools 

Examples of some other privacy tools that users can choose to avoid being tracked include combination firewall, antivirus, and VPN tools like Norton 360 Deluxe or Panda Dome, or web proxy tools like Privoxy.

Third-Party Cookies Being Phased Out 

Some recent ‘good’ news in the tracking world is that last year Google announced that it was phasing out third-party cookies (over two years) and would not use other technology to replace these cookies or build features into its Chrome Browser to allow itself access to that data. Google said that it would be switching to Federated Learning of Cohorts (FLoC), a method which groups what it categorises as like-minded online users together so they can be collectively tracked.

What Does This Mean For Your Business? 

The risk of cybercrime, data breaches, and simply being targeted by advertisers mean that for most business users, the security of knowing that they’re not being tracked and that there is a high level of privacy protection by default may be an attractive and useful part of company security measures. Also, using a trusted app/extension/desktop browser may be a convenient way to get greater peace of mind and ensure that all reasonable measures are being taken to cover the many angles of security and privacy. For many businesses, it is likely to be a case of a combination of privacy solutions, e.g. VPNs, secure browsers and extensions, and other privacy tools being used as and when required in a way that is compatible with daily working practices, authorised, approved, and recommended by the company and other relevant stakeholders.

News

Tech Insight : What Are ‘BEC Campaigns’?

In this insight, we look at what BEC campaigns are, their characteristics, together with what businesses can do to protect themselves from the threat of BEC campaigns.

What Is A BEC Campaign? 

A business email compromise (BEC) campaign is a kind of text-based, impersonation, social engineering scam where, in most cases, the victim is forwarded an email threat that appears to originate from their boss. The email is given legitimacy by appearing to be a thread between a partner company, a customer, or an organisation in the supply chain so that it will be recognised by the target. The email instructs the victim, e.g. someone in the finance department of the business to transfer funds (wire transfer / BACs payment) into an account which is actually that of the scammers.

Types 

In the US, for example, the FBI has defined 5 main types of BEC campaign, which are:

– CEO Fraud: The attackers impersonate the CEO or an executive at the company and target an individual in the finance department.

– Account Compromise: This is where an employee’s email account is hacked/compromised and used to request payments.

– False Invoice Scheme: Mostly targeting foreign suppliers, this method sees the scammer impersonating a supplier to request fund transfers to fraudulent accounts.

– Attorney (Lawyer) Impersonation: As the name suggests, the attacker impersonates a lawyer or legal representative, targeting, for example, lower-level employees because they may be more unlikely to question the validity of the request.

– Data Theft: Targeting HR employees, the motive is to obtain personal or sensitive information about company personnel, e.g. CEOs and executives that can be used as part of future attacks (such as CEO Fraud).

Sometimes Uses Domain Spoofing 

BEC campaigns also sometimes use domain spoofing and lookalike domains to trick the targeted employees.

EAC Often Related To BEC 

It is often the case that email account compromise (EAC) enables the BEC, i.e. gaining control of a legitimate company email account makes it possible to launch convincing BEC campaigns.

Difficult To Detect 

One reason why BEC campaigns are so difficult to detect, e.g. using antivirus, is because they don’t often contain red flags such as malicious links or attachments.

How To Guard Against BEC Campaigns 

Some ways that businesses can defend themselves against the threat of BEC campaigns include:

– Briefing and training staff about the nature of the threat and the different types of well-known BEC campaigns. For example, staff should be informed of the indicators of a possible BEC campaign, e.g. high-level company executives asking for unusual information, being asked not to communicate with others about requests, any requests that would bypass the usual channels, spelling and grammar inaccuracies in the emails, and email domains and “Reply To” addresses that don’t match sender’s addresses.

– Ensure that company email security is robust, and that staff are aware of how to avoid risky behaviour with emails, e.g. clicking on unusual links, downloading attachments, or password sharing.

– Encouraging employees to trust their instincts and, if they have the slightest doubt, let them know that it’s OK to seek help and advice. Attackers often rely upon targeting victims at busy times of the day and making requests sound very urgent, so employees need to know that stopping to check and slowing things down is a good idea.

– Having a clear, blanket procedure in place for any such requests that seeks verification from designated managers who are well-informed about this type of fraud and have the confidence and authority to check and challenge.

What Does This Mean For Your Business? 

Since this type of campaign is difficult to spot with automated solutions (e.g. antivirus) and relies upon human error to work, a human-centred approach to protection, such as employee training and the communication of clear blanket policies about this type of question/request/instruction that prevent any circumvention are a wise move for businesses. As with all social engineering, the criminals are using methods designed to suspend normal judgement, and force an emotional reaction before reasoned, critical decision-making can happen. Really knowing the signs (through training), slowing things down, feeling as though they will be supported by managers, and not being afraid to ask others and stick to the policy are ways in which staff can be empowered to defend the company’s security in the face of the threat of BEC campaigns.

News

Sustainability : Venue Uses Human-Heating For Renewable Energy

Glasgow arts venue SWG3’s innovative new heating and cooling system uses the capture the body heat emitted from its victors to provide a renewable energy source.

The BODYHEAT System 

As part of its drive to become a net zero venue, the first of its kind BODYHEAT system took 3 years to develop. The system is now active across the 1250-person capacity event space, a 1000-person event space, and the main foyer entrance. BODYHEAT is able to capture the body heat emitted from all of the venue’s visitors. This heat is then pumped 200m underground beneath a new community garden space at the back of the venue, and then stored across 12 underground boreholes. This stored energy can then be used to heat or cool the venue later date.

Rocks 

The BODYHEAT system, developed by heat pump technology company TownRock Energy, uses air collectors in SWG3’ ceilings to capture heat from e.g., people dancing at the venue, and take that heat some 650 feet into the Earth, warming the surrounding rocks and cooling the club during parties. Rocks can act like heat batteries which means that during non-club times i.e., when SWG3 is simply being used as an office or arts venue, the stored heat can be pumped back up from the rocks to warm the venue space.

Thermal batteries in the form of chambers containing rocks are not new but the technology of these systems has advanced in recent years. For example, back in 2017 Energy Technologies Institute and Newcastle University started work on a major new research centre developing the energy storage technology of the future, focusing on hot rock batteries.

Simultaneous

The venue says that one of the heat pumps is even able to provide simultaneous heating and cooling. Also, body heat to be captured live during an event e.g., from dancing, and be instantly delivered to the foyer to provide heat and maintain a desired temperature.

Complete Disconnection From Gas Boilers 

SWG3 plans to rely totally on the BODYHEAT system and completely disconnect from the gas boilers, thereby substantially reducing the amount of carbon used and, of course, energy costs. The fact that the electricity used to run the BODYHEAT system comes from 100 per cent renewable sources, means that the venue’s heating and cooling system offers net-zero carbon emissions.

May Influence Other Venues 

Andrew Fleming-Brown, MD of SWG said of recent switch-on of the new BODYHEAT system: “We’re thrilled that after three years of planning, consultation, and construction, we are able to switch on the first BODYHEAT system. As well as being a huge step towards our goal of becoming net zero and will hopefully influence others from our industry and beyond to follow suit, working together to tackle climate change.” 

What Does This Mean For Your Organisation? 

SWG’s innovative new heating/cooling system shows how hot rock batteries combined with other new technologies could provide a sustainable, renewable, cost saving, no-carbon heating and cooling system for busy public buildings, clubs, and other venues. If more widely adopted this could be a way for other cities and towns to reduce their carbon emissions, help meet their environmental targets, and move towards a more sustainable future. The combination of the natural properties of rocks and front-end technology could revolutionise energy requirements in some sectors, helping some businesses and organisations to reduce their costs, elevate their environmental credentials, and inspire others to follow their example.