Digital Literacy: Reading Between the Lines

The great folks at Tech Soup Canada host a monthly series of talks, Tech Tuesday, and they recently invited me to share what I know about “Digital Literacy”.  Little did I realize what I’d actually taken on. Digital Literacy isn’t just one tidy little topic. It’s actually a bunch of concepts, interwoven and far-reaching. Confused? You should be. I was.  Which instantly galvanized me to distill a meaningful definition without diluting the impact of all the contributing factors as shown below:

Because Digital Literacy really means multiple literacies. So what we should fully appreciate is that it goes far beyond simply being able to use the technology, but also entails:

“The ability to locate, organize, understand, evaluate and analyze information using digital technology”. Wikepedia

I also very much liked this definition of what it wasn’t:

“Digital literacy is not simply a means by which we consume ever-increasing amounts of data and information, but a critical and creative means of interacting with the world.” Matt Dean

I’ll break it down to 3 core competencies:

USE: do we know how to use the range of technology available to us? And that’s a whole lot of devices

UNDERSTAND:  can we comprehend the information, put it into context? More importantly, can we critically evaluate it? 2 words kept coming up when I did the research: Critical Thinking.

CREATE: Can we produce content, and then successfully communicate and share that content using the tools available?  Content isn’t just words on a page. It’s graphic, visually impactive. It’s audio. It’s sensory.

Another big question raised repeatedly: What can you contribute to the online conversations that is unique? Websites, memes, infographics, blogs, videos and anything beyond that.

ireallymemeit

It’s all well and good to be familiar with the tech available and know how to use it. But baby, baby it’s a wide world out there and not everyone has the same techno advantages. Yes, I’m talking disparity aka known as “The Digital Divide.”  One of the caveats I learned when researching Digital Literacy is that freedom of expression comes with digital constraints.

Being digitally literate requires that we understand our responsibility for accurately and safely curating and disseminating information. Think on that for a moment. Then think about our kids, in schools everywhere, and how they are actively engaging in online media as part of their curriculum.  It would be nice to think there is a level playing field out there, especially when it comes to our kids in the classroom, but that’s far from the reality.  According to CBC Tech columnist Jesse Hirsch, it’s “a pressing social issue.”

“The digital divide is a problem that goes beyond schools that needs to be closed not just with social policies but with the technology industry making sure their products are affordable.”

And this matters vis a vis Digital Literacy because it’s how we learn; how we engage; and how we work.

“Individual freedom and creativity, and societal and economic development, are becoming dependent on a degree of digital literacy.”

But regardless of what devices we use, the key to digital literacy keeps coming back to this:  Critical Thinking.  Just as we critically evaluate print media, we must also critically evaluate digital media. “Don’t believe everything you read” fully applies, especially when it comes to social media. Advertising has morphed along with marketing to target your preferences, and to trace your digital footsteps. It’s all about what we don’t know so I have put together a checklist of things we need to stay safe in our digital communities.

  1. Look for discrepancies, bad grammar, spelling errors.  These are tip-offs that somebody is looking for something you don’t want to give them. Like access or personal information
  2. Don’t follow blindly.  Not everyone is your friend, even on Facebook
  3. Wait! Don’t click that link.  You’ve heard of breaches a lot over this past year. Well, phishing is how many victims get lured in. Malicious code is hidden in that cute attachment of kittens. Or in that website link you were sent. Evaluate!
  4. Malvertising. This is another way the bad guys go looking for easy targets. Many of those online ads actually contain malicious code that can redirect you to a website you never wanted to visit. And the worst is, it will follow you home and help itself to your information.
  5. Sponsored Ads.  Technically, if someone is paid to promote something online, that’s sponsored and it needs to be disclosed. But that isn’t happening. You’d be surprised how they get around it and I’ll talk about that in a moment.
  6. Privacy.  You have a right to your privacy. And your information should be kept private. But the internet is Pandora’s box. Once it’s out there, it’s out there for good and you no longer have control over it. Be very selective about what you sign up for and what you choose to reveal. Select All isn’t always the right answer.

This matters for everyone, but in particular it matters to our kids. This generation is growing up with technology in the classroom, at home, at play.  The onus is on us, as their parents, to understand what they can and will be exposed to.  Which is no small feat especially regarding privacy issues.  The collection of personal information online has become commonplace, and is still done without our knowledge or consent.

Read through privacy statements to see how this works. An example comes from Lucid Press, who make a free design and publication app to integrate with Google Classroom.  They encourage educators to sign up for a free educational upgrade and accounts for all their students. According to the privacy statement for Lucid Press:

lucidpress

Now, we  know these aren’t the cookies that you dunk in milk.  But what about web beacons or pixel tracking technology?  A web beacon is typically a transparent graphic image (usually 1 pixel x 1 pixel) that is placed on a site or in an email. The use of a web beacon allows the site to record the simple actions of the user opening the page that contains the beacon. Because web beacons are the same as any other content request included in the recipe for a web page, you cannot opt out or refuse them. However, where they are used in conjunction with cookies they can be rendered ineffective by either opting out of cookies or by changing the cookie settings in your browser. This is from the site “All About Cookies”  a free resource to help marketers and consumers understand the issues surrounding the use of cookies.

If I’ve made you stop and think, then this blog has served a purpose. Hopefully, I’ve given you answers to some questions, and prompted some questions you will now try to find answers for. To help you in that quest, these are some online resources you can look into:

As always, really glad you stopped by and thanks for reading!

Back It Up, Back It UP!

(A cautionary tale and my little take on “Shake It Off” by Taylor Swift)

I left it too late
Got nothing on my plate
That’s what my disk drive says mmm-mmm
That’s what my disk drive says mmm-mmm

Now my files are all gone (sob)crash3
And I know something is wrong
At least that’s what the server says mmm-mmm
That’s what the server says mmm-mmm

So I keep losing
All the work that I was doing
It’s like I got this hole
In my drives
And it’s not gonna be alright

‘Cause the data’s gone away, way, way, way, waybash
And now it’s way too late, late, late, late, late
Baby, I’m just gonna cry, cry, cry, cry, cry
I shoulda backed it up, backed it up
Shellshock is gonna bash, bash, bash, bash, bash
And the hackers gonna hack, hack, hack, hack, hack
Baby, I’m just gonna cry, cry, cry, cry, cry
I shoulda backed it up, backed it up

When we got hacked todayransomware
By Ransomware – won’t pay
That’s what they say don’t do mmm-mmm
That’s what they say don’t do mmm-mmm

Get the backups- Let’s restore! (backup and restore)
Is this all- why aren’t there more? (why, why aren’t there more?)
So I tell them I don’t know, mmm-mmm
I tell them I don’t know, mmm-mmm

And we are losing
The work that we’ve been doing
It’s like we got this hole
In the drives
And it’s not gonna be alright

‘Cause the data’s gone away, way, way, way, waysonypictureshack-640x1136
And now it’s way too late, late, late, late, late
Baby, I’m just gonna cry, cry, cry, cry, cry
I shoulda backed it up, backed it up
Our site is getting hacked, hacked, hacked, hacked, hacked
Our accounts are getting jacked, jacked, jacked, jacked, jacked
Baby, I’m just gonna cry, cry, cry, cry, cry
I shoulda backed it up, backed it up

Back it up, I’ll back it up
I, I’m gonna back it up, back it up
I, I’m gonna back it up, back it up
I, I’m gonna back it up, back it up

Yeah ohhhh!!!!

Yeah the price we had to pay, pay, pay, pay, paydrive crash
But today’s a different day, day, day, day, day
Baby, I’m just gonna save, save, save, save, save
Now I back it up, I back it up
If the hard drive’s gonna crash, crash, crash, crash, crash
Or tornadoes gonna smash, smash, smash, smash, smash
Baby, I’m not gonna cry, cry, cry, cry, cry
Cause I back it up, I BACK IT UP!

You know what you gotta do – go do it!

Superfish and Lenovo: One Big Fish Fry

“Superfish” by @EddieTheYeti

There’s a nasty little game afoot where new laptops come with undesirable extras. I’m talking about “crapware” – all those annoying little programs and invitations to sign up and buy that suddenly fill your screen moments after you first boot up.  That’s not the way anyone deserves to experience those heady first moments with a major new purchase. And yet, it’s exactly what happens with nearly all new laptops and pcs.

If you ask, you’re told that it’s been in practice by big companies for a while; that it’s the way business is done; that it’s nothing to worry about.  That doesn’t make it right.  And as of today, that doesn’t make it safe.

lenovolaptopIt has been discovered that the plethora of advertising extras pre-installed on Lenovo laptops contains a hidden danger.  A piece of adware, known as “Superfish Visual Discovery”, actually conducts a type of attack known as “MiTM” or Man-in-the-Middle, where it messes with that lovely new laptop’s configuration, and actually compromises a key security component. And no, that is not supposed to happen.  Which is why I think it’s time to speak up and speak out about this practice.

Plenty of top-drawer securitytech experts are currently dissecting and revealing the ugly truth about “Superfish”.  Simply put by Marc Rogers on Marc’s Security Ramblings,:

 badcert Lenovo is installing adware that uses a “man-in-the-middle” attack to break secure connections on affected laptops in order to access sensitive data and inject advertising. As if that wasn’t bad enough they installed a weak certificate into the system in a way that means affected users cannot trust any secure connections they make – TO ANY SITE.

Rik Ferguson offers this explanation on CounterMeasures:

 Superfish also installs its own self-signed Root Certificate Authority… Superfish can generate any certificate it wants, which will be trusted by your browser as entirely legitimate, allowing it to impersonate any destination on the internet. These sites are normally protected by strong encryption for your security

twittererRob Graham on Errata Security described how he was able to “intercept the encrypted communications of SuperFish’s victims (people with Lenovo laptops)”. On Twitter, he challenged the supposition by Peter Hortensius, CTO of Lenovo, that the problem was “theoretical” by saying how he had tested and proved otherwise.  And Steve Ragan on Salted Hash Security News hits the nail on the head when he states:

Even if the user removes the Superfish software, the certificate remains trusted and installed on the system. As for the opt-in requirement, most users agree to everything when configuring a new system, assuming they even notice the Superfish TOS to begin with.

What really bothers me is that most users don’t have the technical skillsets to understand what is actually happening, let alone to diagnose and disinfect.  From my years of experience working with end users, cleaning up this kind of mess definitely  falls outside reasonable expectations of what we should ask most people to do. Helping folks overcome their fear of technology is always challenging.  Most people would just like the problem to go away. Or for someone else to fix it.  There is a point to which you can lead users, but then they balk.certs

My team and I are all about simplifying technology for users. And honestly, if you can teach someone the easy ways to do things right, like security, then it’s like teaching that proverbial man to fish: they’ll be fine for the rest of their lives. But there is nothing simple about cleaning up malware, spyware, adware and the technical mess they inflict on devices.  Nobody who really cares about their customers should be asking them to start prodding around in program or registry files even if the customer is technically qualified.  Because confusion happens and mistakes can be made.

It’s really great to hear the outcry against what’s been going, and to put the issue squarely in front of major manufacturers. Time for certain parties to take a good look in the mirror: How can you proclaim your commitment to improving security when you’re actually contributing to a key source of problems? I love this statement by Marc Rogers on Marc’s Security Ramblings :

We trust our hardware manufacturers to build products that are secure. In this current climate of rising cybercrime, if you can’t trust your hardware manufacturer you are in a very difficult position

That said, what can you do about it? First and foremost, you need to get that junk off your device.  I’m happy to report that some terrific folks have been addressing that and there are some good suggestions on how to detect and remove.  For those inclined to do take the task on, read the steps through carefully a couple of times to make sure it’s clear before you undertake anything.  I can recommend this piece by PC World.  As well, I found this piece by ZDNet a little more detailed and perhaps easier to follow.

Crapware serves no purpose other than garnering profit.  Lenovo has a PR nightmare ahead, and they have a lot to answer for. While they claim to have halted shipping it back in January, that does nothing about what’s already out there.  Hopefully this serves notice to other distributors about cleaning up their acts so they don’t get caught up in the same net with “Superfish”.   Because the only real victims in this fish fry are the end-users.

NOTE: The awesome pic up at the top is by talented InfoSec member and artist @EddieTheYeti