The Jammer Coat: High Fashion meets Wearable Technology & Privacy

You might not think the SumRando blog would be the ultimate source for high fashion.  For the most part, you would be right.  We wanted to share an interesting story about a concept related to wearable technology.  It's no secret that people are betting that a boom of wearable technology such as Google Glass is inevitable.  Wired Magazine recently did a cover story on the topic, and there are hosts of new startups looking to revolutionize technology on your body.

A new concept out of Vienna suggests wearable technology might start to be reflecting the diversity of potential consumers as it relates to privacy.  Just as some prefer slacks to jeans, wearable technology fashion could accommodate those who want to be more connected to others and those who want to remain undetectable.

Vienna-based Coop Himmelblau's Jammer Coat

Fast Company reports on a new "invisibility cloak for the digital age" out of Vienna.  They share, "Vienna-based architectural design firm Coop Himmelblau has come up with a CHBL Jammer Coat that lets you disappear, sort of. Unlike wearable tech like Google Glass, meant to better connect you to the world, the Jammer Coat makes you utterly untrackable."

Coop Himmelblau describes their Jammer Coat concept with the following:

"The CHBL Jammer Coat is a piece of clothing that enables its user to disappear: Google cannot find you anymore. The piece is made of metallized fabrics, which are blocking radio waves and shielding the wearer against tracking devices. You are no longer reachable on your mobile phone and no information from your credit card can be captured. The Wave Circle pattern of the fabric gives an illusion of strange multiple body parts, which hides and frees the individual physicality."

The Jammer Coat highlights an interesting parallel between transportable technology and wearable technology: The spectrum of privacy needs/desires and people's action's to carry out those desires.  Fashion in many ways acts as an interesting metaphor for people's preferences when it comes to the internet.  Certain services and routines are trendy ("fashionable"), which is why users will often go to great lengths -- or be willing to sacrifice a great deal -- in order to remain in step with the latest service.  Others are more selective about what technology they trust and use, amassing a set of tools and apps that seem attractive to like-minded people.

The Jammer Coat would shroud your devices from detection.

Jammer Coat is important because of the impending growth in wearable technology.  Just as good art and design should, Jammer Coat pushes us to examine or re-examine our contexts and the ways in which we view the world.  This piece might suggest to some that those of us concerned about privacy advocate for more Jammer Coats (though more colorful and more flattering) at the advent of widespread consumption of wearable technology.

What if by doing so we suggest a lack of privacy options is a wearable technology fashion faux pas?  The fear of your data being exposed is as real as the fear you've mismatched your outfit at work -- or, more fittingly -- left a zipper open.  Unfortunately, there are millions of "zippers down" today and too little messaging that leaving one's zipper down is not just a faux pas but a potentially destructive and dangerous mistake.

Can Google's New End-to-End Push Industry Standards Forward?

Last week, when we supported the #ResetTheNet campaign, we provided our Gold VPN free for a month to encourage as many users as possible to start using a VPN or allow them to upgrade to one that was faster and more helpful.

The intent behind the RTN campaign was to encourage individuals to take action to protect themselves, but another main goal of the campaign was to encourage companies (like us) to help “reset” the complacency and lack of knowledge that characterizes internet privacy issues en masse.  Privacy experts like ACLU’s Ben Wizner have observed that while individual action can curb the harmful effects of invasive practices, it is industry that needs to take the lead on these matters.

Last week, Google participated in RTN with SumRando and other companies by unveiling a new solution that could help their users better encrypt their data.  Google has been the target of extensive criticism the past several years, but their new “End to End” Chrome extension seeks to make encryption easier for a larger group of users.  Given its size and market share, Google could help inspire other companies to follow suit.

Google's End-to-End Encryption Solution

But how viable is this to conquer the market?  As Information Week reports, End to End is not ready for mainstream use quite yet:

Google's encryption software is not yet ready for mainstream use. The company is offering it as alpha code so it can be tested. Those who find bugs in the code can submit them for a possible reward through the company's Vulnerability Reward Program.

When End-to-End is ready to be released, Google plans to offer it through its Chrome Web Store as a Chrome browser extension. End-to-End is based on OpenPGP, an open protocol for encrypting messages through public key cryptography.

Given how much Google relies on their customers’ data for ad use, they will likely employ strategies to maintain their strategic edge while better encrypting data.  IW shared the following:

Google's embrace of encryption will have a downside for the company: Messages encrypted on Google's servers cannot be scanned, eliminating their use as a source of ad-targeting data. However, given how much Google already knows about its users and the fact that it expects only the security-conscious minority to install its encryption software, the company's ability to target ads isn't likely to be much degraded.

Read more about Google’s new encryption solution at Information Week or Google's code hub.

Google Docs Phishing Attack Puts All Your Online Data at Risk

Just over a week ago, we warned you about putting all your digital eggs in one service provider's basket. This week, the universe decided to back up our argument as cyber-scammers unleashed a large-scale phishing attack that pretended to be a "Secure Document" sent through Google Docs.  

The email reads:

Hello, A Secure Document was sent to you by your financial institute using Google Docs. Follow the link below to visit Google Docs webpage to view your Document Follow Here. The Document is said to be important. Regards. Happy Emailing, The Gmail Team 

Readers who click the link in the email are taken to a fraudulent Google login page that's actually hosted in Thailand. The page asks users to input their email address and password. Bonus: according to the fake login page, Google Docs now supports users from other email providers including Yahoo!, AOL, Hotmail, and others; so phishees can feel free to submit any email address they might have. Unfortunately, as the Sophos researchers who discovered the attack put it, filling out the form "can only end in tears."

Remember, falling for an attack like this doesn't just put your email at risk. Many services including online banking use your email address to verify your identity when you forget your password or username, so in many instances, unauthorized email access can put other data in jeopardy. Furthermore, as we previously mentioned, many users treat Google as a hub for their digital content with services like Google Docs and Google Calendar. If you have sensitive data in either of these services, you've just been compromised.

Google is Unrolling Personalised Search. Should you use it?

When it comes to digital security, it’s a mistake to put all your eggs in one basket. Don’t use the same password for more than one account; don’t use the same browser for banking and surfing; and don’t use the same company for your email, search and storage needs.

Google, however, has other plans. The tech giant announced it will unroll an invasive a personalised search functionality that will effectively integrate users’ Gmail, Google Calendar and Google+ accounts with Google Search.

Google provided a few examples of the system's functionality on their blog. 

• Flights: Ask Google “Is my flight on time?” to get info on your upcoming flights and live status on your current flights. 

• Reservations: Ask for “my reservations” to see your dining plans or “my hotel” to get your hotel name and address. With one tap, you can get driving or public transit directions straight to your destination, saving you lots of steps.

• Purchases: Ask for “my purchases,” and you’ll get the status of your current orders, so you know whether your mom’s birthday present will arrive on time.

• Plans: Ask Google “What are my plans for tomorrow?” to see a summary of upcoming flights, hotels, restaurant reservations and events—very useful when you’re traveling. 

• Photos: Say “Show me my photos from Thailand” to see the photos you uploaded to Google+. You can also ask for “my photos of sunsets” if you want to show off the shots you’ve taken over the year; Google will try to automatically recognize the type of photo you’re asking for.

The new system will be rolled out gradually. According to Google, U.S.-based users will be the first to try it out.

Officially, this system isn’t any less secure than your existing Google account. As Google explains on their blog, the data will be “secure, via an encrypted connection, and visible only to you when you're signed in to Google.” The problem, however, is with the behavior it encourages.

It’s no secret that Google has striven to become an all-inclusive operation when it comes to users’ online needs. And frankly, bundling features like Gmail, Google+ and Google Drive together provides a great deal of convenience. Unfortunately, that convenience comes at a cost. And what you might gain in efficiency, you’ll lose in security.

If you use three separate providers for your email, social networking, and cloud storage, when one becomes compromised, the others remain secure. But if a user moves all of his or her data under the Google umbrella, it only takes one hacked password to expose all of their information.

Again, this system won’t make your account any easier to hack. It will just make the consequences more dire should a hack occur. So, before you dive head-first into the Googleplex, make sure your data is stored and managed in a secure way.

Google Has Your Wi-Fi Password. Does the NSA?

Just in case you haven’t already donned a tinfoil hat in light of Edward Snowden’s NSA revelations, here’s a little extra motivation. According to the Electronic Frontier Foundation (EFF), Android users who use the “back up my data” feature on their devices could be serving up their Wi-Fi passwords to data harvesters like the NSA.

Disclaimer: No evidence exists that the NSA is actually logging passwords and it is irresponsible to suggest otherwise unless actual evidence is provided. EFF has demonstrated that it is simply possible.

“The ‘Back up my data’ option in Android is very convenient,” wrote Micah Lee, staff technologist at the EFF. “However, it means sending a lot of private information, including passwords, in plaintext to Google. This information is vulnerable to government requests for data.” [ArsTechnica]

Ostensibly, Android’s backup feature is outstanding and frankly a responsible thing to use. It sends data including your call logs, system settings, and browser bookmarks to Google’s cloud so they can be easily retrieved should you lose your phone. Unfortunately, since the data is sent in plain text, any information requests could very well include more sensitive data like your Wi-Fi passwords.

“Since backup and restore is such a useful feature, and since it's turned on by default,” wrote Lee, “it's likely that the vast majority of Android users are syncing this data with their Google accounts. Because Android is so popular, it's likely that Google has plaintext Wi-Fi passwords for the majority of password-protected Wi-Fi networks in the world.”

And if that’s not unsettling enough, don’t forget that Google also mapped most of those Wi-Fi networks with their Street View program. It wouldn’t take much to link the location of the network and the corresponding password for anyone interested in snooping.

Have we mentioned you should use a VPN when you’re on Wi-Fi?

You Are the Weakest Link

"Unfortunately, the human is often the weakest link in security."

That quote came from Google Chrome’s security head Parisa Tabriz. And it’s undeniably true.

Tabriz spilled this unfortunate truth at Google’s I/O conference last Thursday while discussing passwords and alternate protection measures.

Our current state of online security and privacy is nothing to boast of. But it’s not hopeless if you’re willing to put in the groundwork yourself and maintain a certain degree of vigilance when surfing the web.

Obviously, one of the best measures you can take is to download and use a good VPN. Remember, a VPN encrypts all data coming in and going out of your computer. If you ever work or surf at cafés or other hot spots, all your data is available and easily accessed by anyone else using that same Wi-Fi connection. No joke. It’s just out there for the taking. But one click on your VPN client will wrap that data in a protective tunnel and scramble it in 128-bits of encryption. Even supercomputers have trouble cracking that kind of security.

Google also has a few more recommendations. According to Eran Feigenbaum, director of security for Google Apps, "You should turn on two-step verification, make sure [the browser] is up to date, and make sure your password recovery options are set."

We’d also recommend making sure your passwords are strong and varied. Never use the same password twice. If your Twitter account gets hacked, you don’t want the perpetrators gaining access to your email, Facebook, or bank accounts as well. Furthermore, make sure your passwords include letters, numbers, and symbols. 

You can try SumRando for free here.