PSA: Don’t Use Your Mobile Number For 2FA Or Password Reset [en]

[fr] N'utilisez pas le code par SMS comme solution pour la double authentification, utilisez une application genre "Google Authenticator" sur votre téléphone à la place. Pourquoi? A cause du SIM-swapping.

People nowadays rely heavily on their online presence: in today’s world, your e-mail, facebook, tiktok or instagram account has become part of your identity. So, you’ll want good passwords for your accounts, and an extra layer of security provided by two-factor authentication (2FA). But don’t use SMS for that!

You definitely want to use two-factor authentication (2FA) on at least all your important online accounts (e-mail, facebook, website, etc). This means in addition to using a strong password (do use a password manager) you also have to indicate you are in physical possession of your phone (usually) or some other device (newer: security keys).

SMS is the basic (but outdated) way of doing 2FA. You get a code through SMS when you try to sign in from another device.

However, as this episode of the Perfect Scam podcast on the multi-million SIM swapping business demonstrates, there is no way to safeguard oneself against SIM-swapping (though I do suspect it is less likely to happen in Switzerland than in the USA).

Do listen to this podcast, and to other episodes of “A Perfect Scam“. It’s really a great way to become familiar with the kinds of bad actors a normal person can encounter today, and how they operate.

A couple of extra tips:

  • your e-mail allows to reset all your social media accounts, so it should be extra secure
  • in addition to making sure you don’t use SMS for 2FA, make sure it is not possible to reset your account password by receiving a code or link by SMS
  • use an authenticator app on your phone like Google Authenticator
  • make sure to print out the backup codes which will allow you to access your account if ever you’re locked out, and store them in a safe place.

Stay informed and stay safe!

Stop aux virus des idées! [en]

Ne copiez-collez pas des messages sur Facebook, de grâce.

Vu qu’il est maintenant possible de payer un abonnement pour ne plus avoir de pubs sur Facebook, la désinformation à copier-coller fleurit de plus belle sur le réseau. Ça n’aide pas que Facebook a présenté tout récemment un petit écran au démarrage pour nous demander de choisir si on voulait payer ou pas, et donc d’affirmer explicitement (pour être supposément raccord avec la législation européenne), qu’on est d’accord “d’être le produit” et de laisser Facebook exploiter joyeusement nos données pour son plus grand profit. Chose que Facebook ne s’est pas privé de faire toutes ces dernières années, alors qu’on gardait la tête dans le sable, qu’on regardait ailleurs, ou qu’on serrait les dents.

En somme, rien ne change par rapport à la semaine dernière si on continue à utiliser la version gratuite. Mais bon, voilà, on est envahis par ce genre de mauvaise herbe. Je vais vous expliquer pourquoi c’est un problème.

Ces messages véhiculent des idées très naïves et fausses sur comment fonctionne la protection des données et de la vie privée. Vous croyez vraiment que copier-coller un message sur un mur peut avoir une valeur légale? Surtout quand celui-ci comporte des référence factuellement fausses, comme c’est souvent le cas? Et… sérieux, les fautes d’orthographe, ça vous parait sérieux?

D’aucuns répondront: “on sait jamais, ça peut pas faire de mal”. Je ne suis pas d’accord. On se plaint des ravages du complotisme, du fait que les gens ont des croyances qui sont complètement déconnectées du réel, et bien nous y voici. En propageant ce genre de message, on infecte notre entourage avec un “virus des idées” qui essaie de faire croire aux gens des choses qui ne sont pas vraies. Tout le monde n’a pas un système immunitaire cognitif efficace.

Ça me navre vraiment de voir autant de personnes de mon entourage, certaines, j’avoue, dont j’attendrais qu’elles sachent mieux, jouer les petits soldats de la désinformation et de l’intox.

Twitter Exodus and Mastodon [en]

My online world is abuzz with people leaving Twitter, discussing Twitter, discussing what Elon Musk is doing with Twitter and its employees, and how Mastodon is going to deal with the influx of Twitter refugees, in a September that never ended kind of way.

Clearly, my Twitter usage has seriously dwindled over the years. I joined early – December 2006. A few internet lifetimes ago. Facebook has clearly taken over my online presence, and if I’m making an overt effort to be present elsewhere, it’s here, on this blog. TikTok makes me feel old, and miss the good ol’ days we had with Seesmic.

So I’m not “leaving” Twitter. I honestly rarely saw the point of ever “leaving” anything. I tend to fade away. But I’ve had a mastodon account, on octodon.social, since April 17th 2017, my mailbox tells me. It was the first time in a long time that a new platform started showing up on my radar and it felt worth trying it out. I even wrote about it in my newsletter (looks like this is a post I forgot to import here… note for later). But I didn’t use it much. I’d drop in every now and again to see how things were, like I was doing with Twitter these last years.

Given so many people are joining Mastodon now, I looked for an easier way to find the people I’m following on Twitter there: fedfinder really helped (tip: add your Mastodon handle somewhere in your username or description so that scrapers such as this one can find it) and allowed me to follow a good hundred people or so I knew on Mastodon, in a few clicks and a few minutes of patience. So, now my Mastodon news feed feels a bit more like a familiar place. It still has the feel of the social media platforms of old, in the early days, but I’m not sure it will last.

What is happening with Twitter is making me think of other social situations where the good people leave because bad things are happening, and the only ones left in the room at the end are the bullies or the extremists. That’s one of the reasons I’m not leaving. I’m not fighting for the platform either, but I don’t want to remove myself and contribute to creating the void into which ugliness can freely pour.

I feel sad about what’s happening. The sadness of the favorite park or field of your childhood being bulldozed to build apartment blocks. The sadness of a restaurant you used to hang out with changing owners and becoming unrecognisable. The sadness of the world changing, whether it’s leaving you behind, or you leaving it behind.

I honestly don’t think Twitter will survive this, at least not in a form that will be recognisable as the Twitter we knew and loved. But it’s not time for me to pull the plug on it yet.

Traitez d’abord les mails récents au retour de vacances! [fr]

Quand vous revenez de vacances ou d’absence et que vous êtes devant une pile de mails, traitez les mails les plus récents en premier.

Je réalise régulièrement que cette façon de procéder ne va pas forcément de soi. C’est vrai qu’on a tendance à penser chronologiquement, ou bien commencer par le début, et donc se dire qu’on va faire les choses dans l’ordre.

Mais la réalité c’est que le mail d’il y a trois semaines a bien des chances d’être caduque, surtout s’il était un peu urgent. Les urgences d’il y a trois semaines ne sont plus des urgences, par contre les urgences d’aujourd’hui le sont encore. Il vaut donc mieux commencer par elles.

Ce mail d’il y a trois semaines a peut-être aussi été suivi par un mail il y a une semaine qui dit “laisse tomber, j’ai trouvé une solution”. Ne vaut-il donc pas la peine de voir ce mail-là en premier?

A plus forte raison si vous êtes en copie d’une “discussion mail” à plusieurs, il vaut mieux voir l’état de la discussion aujourd’hui (qui est peut-être close) plutôt que de répondre d’abord au premier mail, puis au deuxième, etc. – pour ensuite découvrir que nos réponses sont inutiles parce que la situation a évolué entre-temps.

Il arrive aussi que l’on ait tellement de mails qu’on n’arrive pas à tout rattraper. Dans la plupart des cas de figure, ce n’est pas un désastre, pour autant que l’on traite d’abord les mails récents! Si un mail envoyé reste sans réponse et était important, la personne va se manifester à nouveau et donc se retrouver en haut de votre boîte de réception, et son mail sera traité.

Il vaut aussi la peine, avant de passer beaucoup de temps sur une ancienne demande, de vérifier avec l’expéditeur si celle-ci est toujours d’actualité.

Bonne reprise!

The Tweak to Google Tasks That Makes it Work [en]

I like Google Tasks. Most of my task management is paper-based, but when it comes to getting through my day, I’m married to Google Calendar. That’s where all my meetings are, and where, for a few months now, I’ve been scheduling my various activities for the day (including free time).

Here is what I use Google Tasks for:

  1. to pin a reminder for a “small thing” I want to get done today, but that I don’t think I need to schedule in order to get it done
  2. to pre-plan on which day of the week I’m going to get something done.

The second use-case isn’t much of a problem. When I get around to preparing my schedule for the day, the task in my calendar helps remind me that I need to plan time for that task on that day.

The first one is trickier: regularly, I will not get around to doing the task on that day (another story, but for the sake of this post, let’s just take this as a fact of life). This is where the handy “new” (I actually don’t know how new it is) feature that Google Tasks provides comes in really handy: if you let tasks slide, today’s task listing also provides one-click access to “pending tasks”.

Pending tasks are those from previous days that haven’t been done. From that list, you can easily mark them as done or edit them.

One of the reasons I had stopped using Google Tasks in the past was precisely because of what happen – rather, didn’t happen – when I let tasks slide. They would simply disappear from my awareness and get forgotten until they came back to bite me. The “pending tasks” feature prevents this, and it’s a godsend.

Getting Older: How I Use Technology [en]

At lunch my colleague ordered delivery for us. On her phone.

Of course I know this exists. But it hasn’t “worked” that well in Switzerland for all that long, and I think I’d never ordered food with an app. I felt like a fumbling doofus not knowing where to find the fries in the menu.

This got me thinking (and we had a chat around this topic with a bunch of my – quite – younger colleagues, and one my age).

The idea that you can easily and cheaply get food delivered is very new to me. This is not something we could do when I was young. I think I only really started ordering food during lockdown (when Quintus died, actually), and I only did it a handful of times. Maybe once before. But I call, speak to a human being, place my order. I don’t really feel confident doing it through a website.

Weird, huh?

We were also musing on why so many people seem to want paper versions of certain documents when a digital version can be sent instantly by e-mail (and printed, if need be). Some people just aren’t comfortable having important things on their phones. I recalled how long it took me (me!) to be comfortable travelling with only a “phone” version of my airline ticket. In all honesty, depending on where I’m going, I still am not really.

So, here’s a little list of stuff I do and don’t do with technology.

  • I use ebanking and cash transfer apps (I’m almost completely cashless)
  • I use an app to track my public transport use and bill me at the end of the day
  • I order(ed) books and CDs online from amazon, before I went completely digital
  • I buy plane and train tickets online (but am always slightly uneasy not carrying a print version when abroad)
  • I make concert reservations online
  • To book a restaurant, I’ll call them up
  • I chat and interact with people I “don’t know” online all the time
  • I’ve been meeting people “from the internets” for over twenty years (completely blasé about it)
  • I never managed to really get into snapchat or tiktok
  • I rarely print things, I tend to photograph paper stuff to digitally store it
  • I order groceries online when needed but I’d rather go into the store (when needed: post-lockdown, overworked)
  • I message people, rarely cold-call (except with family or purely utilitarian stuff, I generally schedule my calls)
  • I don’t order clothes online
  • I rarely print photos, they are first and foremost digital beings
  • I trust digital storage at least as much as physical storage
  • I know how to use a paper map
  • I navigate using google maps most of the time
  • I don’t have a CD or DVD player anymore
  • I have a Kindle and prefer most of my books as e-books
  • I type rather than write on pen and paper
  • I dictate to my phone regularly (my thumbs get fed up though I thumb-type really fast)
  • I rarely send people voice messages (never without consent – I hate receiving cold voice messages)
  • I have a location tracker on my cat, and home surveillance cameras (for the cats) but haven’t connected the cat-flap to the internet

When I was talking with my colleagues, I realised that the first phone I had which could usefully connect to the internet (through GPRS) was around 2007 or so (it wasn’t an iphone). I could check my mails and even Twitter. Load slow web pages that weren’t mobile-friendly. I was 33 in 2007. So until that age, I lived and functioned without a constant connection to the internet. And I’m realising, now, as years turn into decades, that I’m starting to see my age in my level of comfort with certain technology usages.

Quoting Douglas Adams:

1. Anything that is in the world when you’re born is normal and ordinary and is just a natural part of the way the world works.

2. Anything that’s invented between when you’re fifteen and thirty-five is new and exciting and revolutionary and you can probably get a career in it.

3. Anything invented after you’re thirty-five is against the natural order of things.

What about you?

Early Thoughts on Clubhouse [en]

Sometime back, I got an invitation to Clubhouse. I joined. I was very perplexed. I thought I would write down some thoughts while my eyes are still fresh.

Clubhouse reminds me of Seesmic, a space in which one could disappear for days on end. It reminds me of the excitment of the early days of blogging and social platforms like Twitter and even Facebook. It reminds me of the of videoblogging and audioblogging, later to become podcasting. It reminds me of Netmeeting and chat networks, way back before I left for India.

If you haven’t heard of Clubhouse, or don’t know what it is exactly, here is what you need to know. It’s a live audio social network. Audio only. It’s like Facebook live without the video. It’s like live podcasts, or little private radio stations. Like audio-only zoom, with an audience.

When I say audio-only, it really is audio only. There is no way to communicate with other users. You can start a room and invite people and start talking. And that’s it. Oh ! I nearly forgot. You can set a topic for your room. That’s the only non-audio content you’re allowed on Clubhouse. Apart from your profile bio, of course.

Now, hearing just this, one would be justified in thinking a Clubhouse room would be one big mess of people talking over each other and background noises. But no. Each room has a « stage » : these are the people who can talk. The rest of the room is the « audience ». People in the audience can raise their hand to ask to be invited on stage. The room moderator can invite people on stage, put people back in the audience, mute microphones if necessary.

Most rooms I see in my feed are huge, with hundreds or even thousands of people in the audience. But I see a potential for smaller, niche, « amongst friends » discussions. Many years ago, Suw and I had a short-lived podcast called Fresh Lime Soda. We would catch each other on Skype, talk about interesting stuff, and post it. Clubhouse would be great for this kind of things. Set a time, invite one or two friends and talk about stuff.

You could also organise a « virtual conference » there. Of course, you can already do that on zoom or meet or wherever, but maybe Clubhouse would make such an event more discoverable. There is no friction to joining a room, raising your hand, inviting somebody on stage.

If Clubhouse was mainstream, I’d hold a weekly Q&A for my diabetic cat group on there.

One thing to ponder about, and that we discussed with Arne on the occasion of our first « real » attempt at figuring out this Clubhouse thing, was the lack of video. I really see it as an advantage. The barrier to joining is lower without video. I can jump onto a call without worrying about how I look, what I’m wearing, or people seeing what it looks like where I am. Audio is less invasive. You can « do stuff » while listening to audio, but you can’t do much while watching video. You can hang out in the audience of your favorite Clubhouse room with your phone in your pocket while you do the dishes or go for a walk – just like you would listen to a podcast.

So, if you’d like an invite, or if you’re over there and would like to seize the occasion to play around with the new tool and catch up while we’re at it, let me know !

So You Know My Users and Community Better Than Me? [en]

Sometime back I joined a pile of “Group/Page Admin Help” support groups on Facebook. As you may or may not know, I manage a rather busy and intense support group for diabetic cat owners on Facebook. One thing I would love to be able to do is identify members who haven’t posted in a given time-frame to check in on them.

We screen people who want to join the group through welcome questions, so every person who joins the group has a sick cat (a few exceptions). The thing with diabetic cats is that if you don’t do things right, you run the risk of ending up with a disaster. When those disasters happen at night or on week-ends (as they do), the group ends up having to deal with panicked owner and sometimes dying cat that the on-call vet doesn’t want to see (I guess they have their reasons). So in addition to wanting to be helpful to our members, we have a vested interest as a community in making sure that our members are actually using the group to follow best practices, keep their cat safe, and therefore avoid being the source of a midnight crisis.

This is just to give you a bit of background.

So what we do in my group is each member gets a personalised welcome publication when they join, with instructions to get started and pointers to our documentation. At the end of the week. all the people who joined during the week get a “group welcome” publication with some more info and links. (Think “onboarding”.) Two months later, another message (the first six months after diagnosis are critical, so two months in is a good time to get your act together if you haven’t yet). I used to do a “you’ve been here six months, wow!” group post too, but now I’ve moved it up to a year (the group turned two years old last January).

When I posted in these “admin support groups” to explain what we did and that I would like a way to identify inactive members, I was immediately piled upon (honestly there is no other word) by people telling me that they would quit a group which mentioned them like that in publications, that people should be allowed to lurk, etc. etc. I was Wrong to want to identify inactive members and Wrong to actively onboard new members.

I have to say I was a bit shocked at the judgement and outrage. Why do these people assume they understand my community better than I do? Anyway, it was a very frustrating experience.

For the record, there isn’t a way of identifying inactive members in a Facebook group.

Yesterday, somebody else posted the same question on one of those groups. They also wanted a way to identify inactive members to encourage them to participate, in a group based on active participation. Again, the onslaught of judgemental comments regarding the group’s rules and philosophy.

Seriously, what is wrong with people?