Does Downloading Facebook Data Ever Work?

It’s the third time I couldn’t download my Facebook data. It never worked once.

It’s fast and easy to start the process and wait for an email with the download notification. Unfortunately I never get one. I only get emails confirming the failure of the export 48 hours later: “Please retry your Facebook download.”

“We’re sorry. Something went wrong and we weren’t able to put together a copy of your Facebook data. Please start the process again by visiting your account settings and clicking ‘Download a copy of your Facebook data.'”

Great. This didn’t help at all. To answer my own question I asked in the headline: not for me.

Free Space on an iPhone 64GB with iOS 8

Mobile operating systems are growing and install more apps by default. I was wondering how much space is left on my iPhone after a fresh install.

I use 64GB models since I bought an iPhone 4S in 2011, because my 32GB iPhone 4 got very full. I was just under 32GB but iOS updates could be a problem (they need a couple of gigabytes to install over the air).

Long story short: about 55GB of 64GB are free. 30 apps are installed by default.

The same applies to iPads and iPod Touch’.

Safari’s iCloud Keychain Has a Security Problem

Saving your website logins in Safari 8 on OS X Yosemite is very convenient. No more typing in login credentials as they are filled-in automatically. The keychain gets synced via iCloud if you want it to, so you get automatically filled-in logins on your mobile devices as well.

There’s just one problem. If you think this is a problem.

Safari also fills in the password field for the current password on profile pages where you can change your password. While this is also very convenient it defeats the purpose of this security measure.

Making users to type in their current password before changing sensitive information is a security measure to avoid malicious people using your unlocked computer to change your password to one which you don’t know. The same goes for the email address. They can lock you out of your account without you being able to ever reset the password again.

While I like the convenience I think it’s quite a problem because it severely weakens your ability to protect your accounts. Automatic logins to websites are okay but weakened security for sensitive account data is not.

How to Easily Create Strong Passwords

Strong passwords are important because your personal data is important. I’m going to show that everybody can have strong passwords easily without forgetting them.

Password Basics

You shouldn’t use the same password for different accounts, even if the password is sufficiently strong. If one account gets hacked and somebody gets ahold of your password, all your other accounts are wide open.

If this happens you’re in for a lot of work because you have to change the password for all these accounts. It’s better to invest just a little more in the beginning.

What Are Passwords Made Of?

Strong passwords are long and don’t consist of any personal information or are made from common words you can find in a dictionary. Also they mustn’t consist of well-known information like a quote or lyrics.

The reason for this is a hacker can just grab a dictionary and try all those words one after the other. This is called a brute-force attack.

Don’t Try to Be Smart

If you use a password like password and change it to p@ssw0rd to incorporate numbers and special characters, which is still readable and therefore convenient, then you just got hacked. Hackers also know about these tactics and try all those combinations. It’s very unlikely that you are able to outsmart professional hackers.

A more detailed explanation of weak passwords is on Wikipedia.

Passphrases and not Passwords

It’s better to use a passphrasestrongpassphrasesaregood is better than strongpassword. But the same which applies to passwords also applies to passphrases: no personal information and no common words.

How Long Should a Password or Passphrase Be?

Having at least 10 characters is crucial. 15 to 20 characters is much better if you want to stay future proof. Passphrase tend to be even longer.

What is secure now won’t be secure in 5 or 10 years. If somebody saved your undecryptable data now they will be able to decrypt it after those years.

While you don’t know what happens to your data in the future I guess you very much don’t like to see your personal data being widely available to everybody as long as you live. So better make sure your passphrase stays safe for a very long time.

How to Memorize Strong Passphrases

You don’t. It’s not feasible to remember a sufficiently strong passphrase which tends to be very long. There are exceptions (Diceware, see below) but the best idea is to use long and completely random passphrases and store those in a password manager.

Password Managers

Password managers are safe storage applications which specialize in passwords and other secrets. Generally they don’t store large documents but only small amounts of information.

Popular password managers are 1Password, KeePassX or LastPass. There are a lot more lesser known. I recommend local applications over web services like LastPass, which store your passphrases on their servers where you have less control and needs a lot of trust.

To save a password you create a login item having your username, passphrase and the URL of the website if it’s a website. Using your manager you can log in by automatically filling in your username and password and initiating the login. Depending on the manager this works on desktop and mobile, because the passphrases are synced between your devices.

Password managers do also generate strong passphrases for you and store them automatically as login items.

I personally use 1Password on my Mac, iPhone and iPad and I’m very satisfied with the experience. It’s the first app I install on all those devices.

Generate In Bulk If You Are a Techie

If you are a techie and have access to a Unix computer like Linux or OS X you can generate your password after installing a terminal application e.g. pwgen. Because you are a techie I don’t have to tell you how you have to do it :)

This generates 10 random passwords with the length of 20, the output is one password per line:

pwgen -cnys1 -N 10 20

Don’t Use Password Generating Websites

Don’t use a website to generate the passwords for you for free. You want secure passwords and don’t know if the people running the server either store the generated passwords for hacking attacks or if somebody is intercepting the generated passwords because the connection to the server is not secure.

Use Diceware If You Are Human

Of course techies are also human but this is a very non-technical approach. I like it very much. Diceware means rolling five dice six times and picking the correspondent six words from a list. The passphrase will consist of these six words separated by spaces. There are lists for English and other languages.

Passphrases created with dice are safe because even though the word lists are known the choosing of the words from these lists are completely random. A random passphrase of the same length would have more strength but the whole point of diceware is having safe and memorizable passphrases.

Conclusion

Passphrases made from dice can be remembered quite easily. You should use these for those passphrase which you cannot store in a safe password manager. Like the passphrase for manager itself.

For everything else you should use a password manager and use one distinct random passphrase for every account and store it in your manager exclusively.

Combing Through 7 Years of Tweets

Twitter extended it’s search to include all tweets ever tweeted. Now you can really find something on Twitter and not only the most important tweets or the last two weeks.

This reminded me that I downloaded all my tweets as an exported archive from Twitter some time ago. It’s easy to request your tweet archive. Go get yours, it’s fun!

I realized I used many different services over the time. Especially in the first couple of years. Some of them are now defunct. So, what should I do? Delete all tweets which were useless because of the defunct links? No, I rather keep them for keeping my whole archive for posterity.

Then I wanted to know what kind of different services I used and make a list. Probably a crazy and time-wasting idea. I’m going to file this under “shit you do because you can”. Those kind of services are now built-in to Twitter.

Long story short, here’s the list of the services I used. The asterisk marks non-operational services.

URL Shortener

Image Services

I most often used bit.ly / j.mp and Twitpic.

On Twitpic

Twitpic was forced on copyright claims (“twit”) by Twitter to cease operation. Just before killing off the service they came to an agreement that all images will going over in Twitter’s possession. It’s not clear if Twitter paid anything for the images.

Twitpic was one of the first companies which enhanced Twitter’s ecosystem in a very meaningful way. Twitter should be glad they existed and therefore treat them less hostile. They killed off a competing service on dubious grounds and got all their assets for free. What a shame.

Opt Out of Interest-Based Ads on Google

I wrote about keeping your privacy while using Google products a while ago. The post covered ways to reduce your data footprint with Google. To stress the importance of interest-based ads for Google I’m going to write in more detail about the collected data.

On Google’s ads opt out page there are some areas of information of what Google is actually storing about you:

  • Gender
  • Age
  • Languages
  • Interests

The last one – interests – looks unconspicuous but has the most detailed data about you. This is the reason Google scans your email and uses other means of getting information about you. While nobody knows how detailed the stored interests profiles are it’s probably the most information-rich collection of data about you after Facebook’s data trove.

It’s save to assume that this collected will never be deleted. Storage is cheap and is getting cheaper every day. Especially for huge companies like Google.

Opt out of Ads on Google and Google ads across the web to have peace of mind. You won’t miss anything.

Disable Your Google Account History to Keep Your Privacy

If you are interested in keeping your privacy and use Google products it’s a good idea to disable your Google account history. To view your history you have to be logged-in.

On the account history page you are able to view and disable several histories Google is automatically keeping. These histories allow Google to tailor their ad displays to better suit your interests. As a result you get more relevant ads displayed while surfing the web.

While this sounds not bad these histories are actually a track record of your behavior. If you value your privacy it’s recommended to minimize any tracking. All of this data is shared within Google i.e. your search behavior is linked to your YouTube behavior. Here are some direct links for viewing your histories. All of them are also on your Google account history.

Google Search History

All your searches you did while using Google’s search engine are displayed here. This can easily add up to a lot of information because people are googling a lot.

Google Location History

This is your location history which shows all physical locations you have been at while using location-enabled Google products like Google Now, Goggle Maps or other Google sites which use the location of your web browser.

YouTube Search History

YouTube’s search history doesn’t have much user-value because the watch history is much more useful. So disabling won’t hurt much.

YouTube Watch History

While YouTube’s watch history has some value to find this particular video from last week which you want to show to somebody but don’t remember the name you might want to disable this if you are privacy-sensitive.

Settings for Interest-Based Ads

This is the core of Google’s ad display technology. If you don’t want Google to know about your interests and habits to create a huge personal profile about you it’s time to turn it off. You don’t have any control about future applications of this data and might not like the consequences.

Google+ Shared Endorsements

Shared endorsements mean Google is going to display your name next to some products you used or liked in the past to endorse them. You don’t have any control of the value proposition the ads are making and might not agree with them.

I recommend to first delete all histories and then disable all of them, especially location and interest-based ads. You don’t lose much value and all products work perfectly without these.

But Google Still Stores this Information

Disabling histories in your Google account will not prevent Google from gathering and storing this information and using it for internal purposes. It also does not change the fact that any information gathered and stored by Google could be sought by law enforcement.

With histories enabled, Google will keep these records indefinitely; with it disabled, they will be partially anonymized after 18 months.

All of this can change for the worse if Google changes it’s privacy policy again.

WordPress Featured Image Plugins

WordPress has a cool feature: featured images. These images are displayed differently to common in-article images. Most of the time they appear before the article itself.

They are also used for thumbnails in recent posts lists, archives, next and previous post or the common blog home page. They enrich articles immensely and make people more likely to click on the link to read the it.

Here are some plugins which make the use of featured images even better:

Featured Image Reminder

If you want to use a featured image for every post you write then this plugin will help you not to forget setting one. No updating the article after publishing because you forgot it. Quite handy.

Featured Image Caption

If you use images you didn’t create yourself most likely another person holds the copyright. To be a good person you should display this copyright notice somewhere in the article. For normal images you could use a caption next to the image. For featured images you normally cannot do this but have e.g. a copyright notice at the end of the article.

This plugin enables captions next to the featured image.

Auto Featured Image from Title

Some people use generic images as featured images and would like to have the title on top of the image and use the featured image as a background.

If your theme doesn’t allow this this plugin will create a new image and stamp the title onto it automatically.

RSS with Images

Featured images are not displayed in RSS feeds because it’s not part of the content of the post. This plugin allows you to have your featured images in your feed. This is also handy if you use your RSS feed for automatically creating your email newsletter.

On Quitting Google, WhatsApp, BuzzFeed, HuffPost

I stopped using a couple of very popular services for a variety of reasons, mainly ethical ones, because I want to be in charge of my own digital life.

Quitting Google

I quit Google because the collection of data is getting too pervasive. I have no issues with publishing information about myself or storing sensitive data in the cloud, but I like to know what is stored and being able to delete it. And Google doesn’t let me know or delete it. So I don’t use Gmail or Google search anymore. Instead it’s FastMail and DuckDuckGo.

I never used Google+ in the first place.

Quitting WhatsApp

WhatsApp had too many security and privacy issues and also technical problems. At first I was unsure if I should really delete my account. Then being bought by Facebook didn’t make me feel better about the whole thing. So I deleted all my data and my account even though 38% of Germans have an account which is huge.

Quitting Huffington Post

I never used the Huffington Post and the likes in the first place. They just scrape content from the Internet and republish it as fast and as much as possible but under their own name. More content is better for getting lots of people via search engines or because of the greater exposure on social media.  Also most of the articles they publish don’t add any value to the original article they are using as the source.

Quitting BuzzFeed

BuzzFeed and the likes are even worse. They use the same tactics like HuffPost but in a more deceiving way. All headlines are click-bait like “[Famous person] got into trouble. You won’t believe what happened.” Which means you have to click on the link because you a) are interested in the person but don’t know what happened and b) it sounds mysterious and pushes your buttons. Which means you are tricked into it. Better headlines would be “[Famous person] got into trouble for unpaid parking tickets.” Then you can decide if it’s worth to spend your time reading the article.

I never used these sites which use these means of getting readers (or more appropriately eyeballs to display ads to).

The Takeaway

You can shape the world out there if you decide what kind of services you want to consume and pay for.

  • Don’t use services which employ business ethics which you don’t agree with.
  • Vote with your money. “If you don’t pay for the product you are the product.
  • Don’t click on links if you don’t know what linked article is all about.
  • Don’t click on links for headlines which end with a question mark. The question mark just means you can freely speculate as much as you like.

At least keep your private accounts on services which value your privacy. You can change jobs but not your life.

Update 2014-08-25

Facebook started fighting click-baiting today

On Quitting Twitter

A friend of mine (@moeffju) quit Twitter recently. I think this is not unreasonable if you think about how Twitter wants to change itself to monetize better. Because every move they make is making Twitter worse for most of the heavier users. I’m sympathetic to his move although his reasons where different.

But I also noticed that in international technology circles many people use their Twitter username as the only digitally means of identification or connection.

I’ve been to the European Ruby Camp (eurucamp) three weeks ago. Most attendees predominently referred to themselves either on their name tag or on the eurucamp website using their Twitter nick.

Some “hip” websites having their focus on user communication like messaging or some form of feed also only use the Twitter username (I cannot remember the sites off the top of my head).

I also used a couple of iOS apps–which are not Twitter apps–where usernames starting with an @ are automatically linked to Twitter.

Am I Also Quitting Twitter?

So my feeling of leaving Twitter is like I’m going to isolate myself. Because the most compelling reason of using Twitter is that you can follow people and/or communicating  with them directly without asking for email addresses or friendship requests first. A very loose and open network of people.

It’s also easy to find “followers”. Not the Twitter vanity number, but people who want to support your cause and/or work with you on some projects.

As long as I don’t find another way of getting the same from another service I most likely won’t leave.