Saturday, March 31, 2018

Ontario elections web site & twitter

Earlier today I saw an ad for the Ontario Elections web site in Twitter.  Being paranoid I didn't click on the link and navigated to the site and started the process to verify that I am registered.  With all of the various groups who can make something like legit there was absolutely no way I would click on that link.

I found the site easily enough at and I was happy to see the HTTPS, but, not all of the site was secure and I didn't get that nice little green lock icon.  When it navigated to the 'E-Registration' it did show the proper lock.  ALL the other pages after the main page showed the proper lock icon so there was something on the initial page that caused the issue.

Main Election Ontario page.

Start of the registration
Disclaimer page

When you click the 'Next' button it takes you to the check voter list page.

Check voter list

Once I filled in the information it presented me a page with my information.  I had an option to go back, confirm or update.

It is nice, fast and in 2 minutes I had confirmed my information and Jane's and we are good to vote in the June 7, 2018 Ontario provincial election.

Wednesday, March 28, 2018

Downloading my Twitter archive

With all of what is happening on Facebook and the privacy I was thinking about Twitter and getting a backup of what I can from that service.  I have downloaded my Google archives and Facebook and started to dig to see how to get Twitter.  It is fairly easy to find! 

I am doing this from my browser and not the app on my tablet or phone so it may be different there.  At the top right hand side this is your 'profile & setting' button to the left of the blue tweet button.  Towards the bottom there is a 'settings and privacy' option.  Once you select that you can scroll down until you see the button labelled 'Request your archive'.  Once you click on that it will pop up a screen that the request was received and you will receive an email with the link.  It will be interesting to see what is in that archive and also to have a backup of all of what I did there.

Main Twitter page where you start

Select Settings and Privacy

Popup when you request your archive

Sunday, March 25, 2018

What are they doing with our data?

With the 'breach' at Facebook they won't get my trust back again.  They can call it anything they want, but, from my point of view it is a 'breach'MY data was taken and used in ways I did not give MY permission for.  It isn't just Facebook, but, anyone who offers services over the internet that we need to be more aware of what they know about us and are willing to share to others.  It doesn't matter that it is 'free' like Facebook or a paid service we need to demand that they treat our personal information like crown jewels and do their best to make sure that it isn't taken without our knowledge and permission.

I don't know what they put into the document for data analysis by that 'researcher', but, here are a few things I can quickly think of for anyone who is thinking about people getting access to our data.

  • Where is the data stored?
  • What is the data you need, why do you need it, and, for how long will you require to keep the data for?
  • How is the machine secured both from a physical access point and software?
  • Does the system which holds the data accessible from your LAN and/or internet?
  • What software tools are being used for data storage and analysis and are they up-to-date for patching?
  • Has your hardware been patched for the latest identified vulnerabilities?
  • How did you test the security of your systems?
  • Who has access to the machine?
    • Do you limit access to 'need-to-know' and only the data required?
  • Do you limit how the data is moved off the system when 3rd parties have access?
    • If so, how?
    • What agreements do you have in place for 3rd party access and what do the agreements say?
  • If law enforcement or government request access to the data what is the process you follow to grant them access?  
    • Do you notify the original owner of the data for such data requests?
  • What is the process you follow when there is a network or physical breach of your system?
  • How are the backups done and secured and who has access to those backups?
  • When you are done with the analysis how is the data deleted?  
    • Does that include all backups?
  • How do you prove that the data was deleted and can never be recovered?
I understand that they need to make money, but, when the data leaves their control then anything can happen and they need to do a better job documenting what was requested, why it was requested, how it was secured and how it was deleted when done.  For myself I have downloaded my Facebook data to see what they have and I am now looking at other services that respect my privacy more.  It will be hard as Facebook has a massive population, but, other communities in the past have fallen (MySpace, AOL come to mind).