[fr] N'utilisez pas le code par SMS comme solution pour la double authentification, utilisez une application genre "Google Authenticator" sur votre téléphone à la place. Pourquoi? A cause du SIM-swapping.
People nowadays rely heavily on their online presence: in today’s world, your e-mail, facebook, tiktok or instagram account has become part of your identity. So, you’ll want good passwords for your accounts, and an extra layer of security provided by two-factor authentication (2FA). But don’t use SMS for that!
You definitely want to use two-factor authentication (2FA) on at least all your important online accounts (e-mail, facebook, website, etc). This means in addition to using a strong password (do use a password manager) you also have to indicate you are in physical possession of your phone (usually) or some other device (newer: security keys).
SMS is the basic (but outdated) way of doing 2FA. You get a code through SMS when you try to sign in from another device.
Do listen to this podcast, and to other episodes of “A Perfect Scam“. It’s really a great way to become familiar with the kinds of bad actors a normal person can encounter today, and how they operate.
A couple of extra tips:
your e-mail allows to reset all your social media accounts, so it should be extra secure
in addition to making sure you don’t use SMS for 2FA, make sure it is not possible to reset your account password by receiving a code or link by SMS
Ne copiez-collez pas des messages sur Facebook, de grâce.
Vu qu’il est maintenant possible de payer un abonnement pour ne plus avoir de pubs sur Facebook, la désinformation à copier-coller fleurit de plus belle sur le réseau. Ça n’aide pas que Facebook a présenté tout récemment un petit écran au démarrage pour nous demander de choisir si on voulait payer ou pas, et donc d’affirmer explicitement (pour être supposément raccord avec la législation européenne), qu’on est d’accord “d’être le produit” et de laisser Facebook exploiter joyeusement nos données pour son plus grand profit. Chose que Facebook ne s’est pas privé de faire toutes ces dernières années, alors qu’on gardait la tête dans le sable, qu’on regardait ailleurs, ou qu’on serrait les dents.
En somme, rien ne change par rapport à la semaine dernière si on continue à utiliser la version gratuite. Mais bon, voilà, on est envahis par ce genre de mauvaise herbe. Je vais vous expliquer pourquoi c’est un problème.
Ces messages véhiculent des idées très naïves et fausses sur comment fonctionne la protection des données et de la vie privée. Vous croyez vraiment que copier-coller un message sur un mur peut avoir une valeur légale? Surtout quand celui-ci comporte des référence factuellement fausses, comme c’est souvent le cas? Et… sérieux, les fautes d’orthographe, ça vous parait sérieux?
D’aucuns répondront: “on sait jamais, ça peut pas faire de mal”. Je ne suis pas d’accord. On se plaint des ravages du complotisme, du fait que les gens ont des croyances qui sont complètement déconnectées du réel, et bien nous y voici. En propageant ce genre de message, on infecte notre entourage avec un “virus des idées” qui essaie de faire croire aux gens des choses qui ne sont pas vraies. Tout le monde n’a pas un système immunitaire cognitif efficace.
Ça me navre vraiment de voir autant de personnes de mon entourage, certaines, j’avoue, dont j’attendrais qu’elles sachent mieux, jouer les petits soldats de la désinformation et de l’intox.
Quand vous revenez de vacances ou d’absence et que vous êtes devant une pile de mails, traitez les mails les plus récents en premier.
Je réalise régulièrement que cette façon de procéder ne va pas forcément de soi. C’est vrai qu’on a tendance à penser chronologiquement, ou bien commencer par le début, et donc se dire qu’on va faire les choses dans l’ordre.
Mais la réalité c’est que le mail d’il y a trois semaines a bien des chances d’être caduque, surtout s’il était un peu urgent. Les urgences d’il y a trois semaines ne sont plus des urgences, par contre les urgences d’aujourd’hui le sont encore. Il vaut donc mieux commencer par elles.
Ce mail d’il y a trois semaines a peut-être aussi été suivi par un mail il y a une semaine qui dit “laisse tomber, j’ai trouvé une solution”. Ne vaut-il donc pas la peine de voir ce mail-là en premier?
A plus forte raison si vous êtes en copie d’une “discussion mail” à plusieurs, il vaut mieux voir l’état de la discussion aujourd’hui (qui est peut-être close) plutôt que de répondre d’abord au premier mail, puis au deuxième, etc. – pour ensuite découvrir que nos réponses sont inutiles parce que la situation a évolué entre-temps.
Il arrive aussi que l’on ait tellement de mails qu’on n’arrive pas à tout rattraper. Dans la plupart des cas de figure, ce n’est pas un désastre, pour autant que l’on traite d’abord les mails récents! Si un mail envoyé reste sans réponse et était important, la personne va se manifester à nouveau et donc se retrouver en haut de votre boîte de réception, et son mail sera traité.
Il vaut aussi la peine, avant de passer beaucoup de temps sur une ancienne demande, de vérifier avec l’expéditeur si celle-ci est toujours d’actualité.
At lunch my colleague ordered delivery for us. On her phone.
Of course I know this exists. But it hasn’t “worked” that well in Switzerland for all that long, and I think I’d never ordered food with an app. I felt like a fumbling doofus not knowing where to find the fries in the menu.
This got me thinking (and we had a chat around this topic with a bunch of my – quite – younger colleagues, and one my age).
The idea that you can easily and cheaply get food delivered is very new to me. This is not something we could do when I was young. I think I only really started ordering food during lockdown (when Quintus died, actually), and I only did it a handful of times. Maybe once before. But I call, speak to a human being, place my order. I don’t really feel confident doing it through a website.
Weird, huh?
We were also musing on why so many people seem to want paper versions of certain documents when a digital version can be sent instantly by e-mail (and printed, if need be). Some people just aren’t comfortable having important things on their phones. I recalled how long it took me (me!) to be comfortable travelling with only a “phone” version of my airline ticket. In all honesty, depending on where I’m going, I still am not really.
So, here’s a little list of stuff I do and don’t do with technology.
I use ebanking and cash transfer apps (I’m almost completely cashless)
I use an app to track my public transport use and bill me at the end of the day
I order(ed) books and CDs online from amazon, before I went completely digital
I buy plane and train tickets online (but am always slightly uneasy not carrying a print version when abroad)
I make concert reservations online
To book a restaurant, I’ll call them up
I chat and interact with people I “don’t know” online all the time
I’ve been meeting people “from the internets” for over twenty years (completely blasé about it)
I never managed to really get into snapchat or tiktok
I rarely print things, I tend to photograph paper stuff to digitally store it
I order groceries online when needed but I’d rather go into the store (when needed: post-lockdown, overworked)
I message people, rarely cold-call (except with family or purely utilitarian stuff, I generally schedule my calls)
I don’t order clothes online
I rarely print photos, they are first and foremost digital beings
I trust digital storage at least as much as physical storage
I know how to use a paper map
I navigate using google maps most of the time
I don’t have a CD or DVD player anymore
I have a Kindle and prefer most of my books as e-books
I type rather than write on pen and paper
I dictate to my phone regularly (my thumbs get fed up though I thumb-type really fast)
I rarely send people voice messages (never without consent – I hate receiving cold voice messages)
I have a location tracker on my cat, and home surveillance cameras (for the cats) but haven’t connected the cat-flap to the internet
When I was talking with my colleagues, I realised that the first phone I had which could usefully connect to the internet (through GPRS) was around 2007 or so (it wasn’t an iphone). I could check my mails and even Twitter. Load slow web pages that weren’t mobile-friendly. I was 33 in 2007. So until that age, I lived and functioned without a constant connection to the internet. And I’m realising, now, as years turn into decades, that I’m starting to see my age in my level of comfort with certain technology usages.
Sometime back I joined a pile of “Group/Page Admin Help” support groups on Facebook. As you may or may not know, I manage a rather busy and intense support group for diabetic cat owners on Facebook. One thing I would love to be able to do is identify members who haven’t posted in a given time-frame to check in on them.
We screen people who want to join the group through welcome questions, so every person who joins the group has a sick cat (a few exceptions). The thing with diabetic cats is that if you don’t do things right, you run the risk of ending up with a disaster. When those disasters happen at night or on week-ends (as they do), the group ends up having to deal with panicked owner and sometimes dying cat that the on-call vet doesn’t want to see (I guess they have their reasons). So in addition to wanting to be helpful to our members, we have a vested interest as a community in making sure that our members are actually using the group to follow best practices, keep their cat safe, and therefore avoid being the source of a midnight crisis.
This is just to give you a bit of background.
So what we do in my group is each member gets a personalised welcome publication when they join, with instructions to get started and pointers to our documentation. At the end of the week. all the people who joined during the week get a “group welcome” publication with some more info and links. (Think “onboarding”.) Two months later, another message (the first six months after diagnosis are critical, so two months in is a good time to get your act together if you haven’t yet). I used to do a “you’ve been here six months, wow!” group post too, but now I’ve moved it up to a year (the group turned two years old last January).
When I posted in these “admin support groups” to explain what we did and that I would like a way to identify inactive members, I was immediately piled upon (honestly there is no other word) by people telling me that they would quit a group which mentioned them like that in publications, that people should be allowed to lurk, etc. etc. I was Wrong to want to identify inactive members and Wrong to actively onboard new members.
I have to say I was a bit shocked at the judgement and outrage. Why do these people assume they understand my community better than I do? Anyway, it was a very frustrating experience.
For the record, there isn’t a way of identifying inactive members in a Facebook group.
Yesterday, somebody else posted the same question on one of those groups. They also wanted a way to identify inactive members to encourage them to participate, in a group based on active participation. Again, the onslaught of judgemental comments regarding the group’s rules and philosophy.
A la base, je déteste les messages vocaux. Mais j’ai appris à les aimer. Je vous raconte.
Premièrement, le message vocal souffre du défaut propre à l’audio et à la vidéo, par rapport au texte: on ne peut pas y jeter un rapide coup d’oeil ou l’écouter en diagonale. Soit on l’écoute, soit on ne l’écoute pas. L’écouter monopolise l’entier de notre attention. Et avant de l’écouter, on ne sait pas ce qu’il y a dedans.
Impossible de “trier”, de décider s’il mérite ou non une consultation immédiate, s’il va nous remuer ou simplement nous donner une information anodine. Le message vocal, comme la séquence audio ou vidéo, est simple à produire, mais impose à celui qui le reçoit une plus grande charge pour y accéder.
Deuxièmement, et ça c’est un élément personnel, comme je suis malentendante, écouter un message vocal représente potentiellement toute une gymnastique: ôter mes appareils, trouver mon mains libres, etc. Et il y a toujours la crainte que la qualité audio ne soit pas suffisamment bonne et que je doive réécouter des bouts.
Voilà pour le message vocal “haine”: celui qui débarque sans explications ni annonce, imprévu, une boîte noire qui réclame que je lâche tout pour je-ne-sais-quoi.
Et l’amour alors?
Le message vocal, c’est de la voix. On entend l’autre. On s’exprime parfois plus facilement qu’à l’écrit. Pour raconter quelque chose, ou rentrer dans des subtilités, c’est génial. C’est moins prenant qu’un appel, mais il y a une proximité similaire. Il y a des gens avec qui j’ai des conversations par messages vocaux. J’adore.
Mais le pré-requis, c’est le consentement. Vérifier que je vais pouvoir écouter, par exemple. C’est aussi le message vocal envoyé avec un peu de contexte: “je te raconte ça, tu écouteras à l’occasion”. C’est le message vocal poli, au final, qui tient compte de l’autre, et pas juste de la grande facilité qu’il y a à le produire.
[fr] Réflexion sur la place du blog, de facebook, et de la solitude.
Not 20 years ago. But not yesterday either.
My number of blogging years is going to start to look like 20. Well, 18 this summer, but that looks an awful lot like 20 around the corner. My old Quintus is not quite as old as this blog.
We all know that blogging before Twitter and Facebook was quite different from what it is now. “Social Media” made blogging seem tedious, and as we became addicted to more easily available social interaction, we forgot to stop and write. Some of us have been hanging in there. But most of those reading have left the room: consumption is so much easier in the click-baity world of Facebook.
Facebook didn’t invent click-bait. I remember the click-bait postings and the click-bait blogs, way back when. When the nunber of a comments on a post were an indicator of a blog’s success, and therefore quality, and therefore of the blogger’s worth. And then we lost Google Reader. Not that I was ever a huge user of any kind of newsreader, but many were. So Twitter and Facebook, our algorithm machines, became the sources to lead us to blog postings, and pretty much everything else we read.
As the current “delete Facebook” wave hits, I wonder if there will be any kind of rolling back, at any time, to a less algorithmic way to access information, and people. Algorithms came to help us deal with scale. I’ve long said that the advantage of communication and connection in the digital world is scale. But how much is too much?
Facebook is the nexus of my social life right now. But I’ve always viewed my blog as its backbone, even when I wasn’t blogging much. This blog is mine. I control it. It’s less busy than my facebook presence, to the point where I almost feel more comfortable posting certain things here, in a weird “private by obscurity” way, even though this is the open internet. But the hordes are not at the doors waiting to pounce, or give an opinion. Comments here are rare, and the bigger barrier to entry is definitely a feature.
I’ve found it much easier to write here since I decided to stop caring so much, stop putting so much energy in the “secondary” things like finding a catchy or adequately descriptive title (hey Google), picking the right categories, and tagging abundantly. All that is well and good, except when it detracts from writing. It makes wading through my posts more difficult, I’m aware of that. But oh well.
During my two-week holiday, I didn’t disconnect completely. That wasn’t the point. But I definitely pulled back from social interaction (online and off, it was a bit of a hermit fortnight). I spent more time alone, more time searching for boredom. I checked in on the little francophone diabetic cat group I manage, as well as FDMB, a little. I checked my notifications. I posted a little. But I didn’t spend that much time going through my feed.
And you know what? After a week or ten days or so, my facebook feed started giving me the same feeling as daytime TV. Or cinema ads. I stopped watching TV years ago. I watch the odd movie or series, but I’m not exposed to the everyday crap or ads anymore. And when I go to the cinema, the ads seem so stupid. I’m not “in there” anymore. This mild deconnection gave me a sense of distance with my facebook newsfeed that I was lacking.
I caught myself (and still catch myself) diving in now and again. Scroll, scroll, like, scroll, like, tap, scroll, like, comment, scroll, scroll, scroll. What exactly am I doing here, keeping my brain engaged when I could be doing nothing? Or something else? I think my holiday gave me enough of a taste of how much I need solitude and doing-nothingness that I now feel drawn to it.
I’m not leaving Facebook. But if it were to disappear, I’d survive. I’d regroup here, read more blogs, listen to more podcasts (hah!). It helps that I’m looking at my immediate and medium-term professional future as an employee. And that I’ve recently experienced that forum-based communities could be vibrant, and in some ways better than Facebook groups.
This week-end I was listening to a Fresh Air interview of the author of Irresistible, on addictive technology. I don’t like the idea of considering tech overuse as an addiction. But if we leave words like that one aside, I find myself in agreement with Adam Alter.
Here’s my main take-away, the one that has been trotting in my head since then: if you find yourself checking Facebook or whatever on your phone when you would actually rather be doing something else, then it means there is a problem.
This happens to me. A lot. But being aware of it makes it reasonably easy to snap out — which I have been doing regularly these last days. “Do I really want to spend my Sunday morning hanging out on Facebook?”
I’ve also installed Moment to try and get some objective measure of my usage, but I keep forgetting to take the screen shots.
Tout à l’heure, j’ai écouté l’épisode “The Russian Passenger” du podcast Reply All. Alex arrive avec une question: il a d’un coup commencé à recevoir des alertes Uber pour des trajets à Moscou, au milieu de la nuit. Il voit que les trajets sont facturés à sa carte de crédit.
Il tente de se connecter à son compte via l’application sur son téléphone mais… son compte ne semble plus exister! L’investigation subséquente nous mène dans le monde du traffic de comptes et de mots de passe. On envisage d’abord l’hypothèse d’une faille de sécurité chez Uber, abandonnée au profit de la réutilisation de mots de passe. En effet, quand on réutilise ses mots de passe, il suffit qu’un service qu’on emploie soit compromis, et les trafiquants de comptes vont ensuite essayer notre combinaison “e-mail + mot de passe” un peu partout, pénétrant ainsi dans des comptes de service qui n’ont pas été compromis. Dans le cas d’Alex, il semblerait même que ce soit son compte Gmail qui ait été hacké, alors même qu’il utilise la double authentification… Le mystère demeure.
Bref, encore une histoire qui met en avant l’importance de ne jamais réutiliser ses mots de passe, et donc d’avoir un gestionnaire de mots de passe pour les gérer (parce que s’en souvenir c’est impossible).
I think that now that we are all experiencing that we can be “public” (something we couldn’t 20 years ago) we’re going to be crawling back into more private spaces, understanding that the advantages we can see to “reaching more people” or “micro-fame” come with a load of drawbacks. But we need time in these public spaces to really get what those drawbacks are (as a society).
On a personal level, I can feel the pull towards publication spaces which have more friction. I was reading an author’s blog this morning — a full-time SF author who is quite well known. There were only a handful of comments on each blog post. It felt, reading his blog, that I had a priviledged contact with him — something I’m not going to feel on his 25k+ facebook page. Something that reminds me of the early days of online socialising and blogging.
When I write stuff on my blog, although it’s “the public internet”, it feels like a more intimate space, because it’s less reactive. The content is harder to get to. And there is value in that.
![PSA: Don’t Use Your Mobile Number For 2FA Or Password Reset [en]](https://i0.wp.com/climbtothestars.org/wp-content/uploads/sites/8/2023/12/perfect-scam-banner.jpg?fit=1140%2C655&ssl=1)
![Stop aux virus des idées! [en]](https://i0.wp.com/climbtothestars.org/wp-content/uploads/sites/8/2023/11/Screenshot-2023-11-11-at-09.20.47-1.png?fit=1200%2C659&ssl=1)
