Friday, May 25, 2018

How to add a Cookie Notice to Blogger Sites for EU GDPR Compliance

European Union (EU) GDPR laws require you to give EU visitors information about cookies used on your blog. In many cases, these laws also require you to obtain consent.

Google now requires you to make a notification for your site.
You are responsible for confirming this notice actually works for your blog, and that it displays. If you employ other cookies, for example by adding third party features, this notice may not work for you. If you include functionality from other providers there may be extra information collected from your users. 

  • Google has added the following code option to all bloggers sites. Why is this not a Widget?

    Change this notice, add a SCRIPT tag with 'cookieOptions = {...};' in the HEAD tag with values for any of msg, close, learn and link.

Here's an easy way to add cookie notification for sites

1. Goto your Blogger Dashboard
2. Choose Layout
3. Add a Gadget

4. Choose and Configure HTML/Javascript Widget
5. Goto to personalize your cookie consent pop-up.

Under "Link to your own policy" use Googles privacy policy

6. Copy Code and paste into Widget

7. Remember to SAVE Arrangement, before you leave the page.

Thursday, May 24, 2018

How safe/secure is the new Microsoft Cloud Clipboard

The Windows Clipboard has long been a contentious security issue for Microsoft.
The current clipboard clip is stored in plain-text in memory which available to-be read by any app and this is by design for programability, but has been a bone of contention for a long time. Many third party apps have addressed this by actively cleaning-up the clipboard after a few seconds, and store it into their own secure encrypted queue. Third party apps and the community benefit of this Windows well documented open API, but you have to be aware of the issue, and who as time for the minutiae.
For most, it’s still mentally manageable since the legacy clipboard only stored 1 clip at a time. If you copy a password, just immediately copy nonsense afterwards and you are safe. You can monitor the current clip with Clipboard viewer (clipbrd.exe) from Window 7, and trivially still works in Windows 10. Note: Chrome will marks all zipped .exe files as Dangerous, and this is not, it's unadulterated.

With the new "Cloud Clipboard", is actually the Clipboard History Viewer by using the Windows+V keyboard combination. But according to Bleeping Computer, this clipboard history is stored in a plain-text file;

This file is used to store the Cloud Clipboard history queue which represents a greater security risk. Since now you can attack a whole history of commands, and potential passwords.
The actually syncing of clipboard to cloud is using same mechanism as Microsoft Graph technology that powers the Timeline and subject to man-in-the-middle attacks which any HTTPS connection uses and also uses OAuth which can be subject to OAuth attacks. The Graph API sends messages as open text (JSON) via HTTPS as most systems do, and depends on SSL for it’s protection.
It’s recommended that set your Windows 10 Settings to select “Never automatically sync text that I copy” instead, you’ll have to manually choose what you want to copy to the cloud. To do so, open your Clipboard history with Windows+V, hover over an item in your clipboard history, and click the cloud-shaped “Sync to Other Devices” icon.

Lastly, according to Windows 10 Lock Screen Leaks Clipboard Contents post,
getting the current Windows 10 clip has been trivially hacked, but you have to be physically on the device to perform it.
The frighteningly simple hack goes as follows (but has been fixed recently):
1. Win+L: Lock workstation
2. Win+ENTER: Start Narrator
3. CapsLock+F1: Open Narrator Help
4. Ctrl+V: Profit!

Wednesday, May 23, 2018

How to Turn Off Tracking Data/Manage your personal data with Google

In light of recent privacy concerns Google has responded with a way to manage your personal information, and it's called Privacy Checkup.

With these settings you can manage what info you keep private, and what data is saved to your account to improve your Google experience.

Pop this URL into your browser

The process will take about 5 mins, and I recommend you turn off all tracking. 

The following tracking areas are available; 
  1. Web & App Activity
  2. Location History
  3. Device Information
  4. Voice & Audio Activity
  5. YouTube Search History
  6. YouTube Watch History
  7. Manage what you share on YouTube
  8. Likes and subscriptions
  9. Your YouTube activity feed
  10. Video privacy
  11. Control what others see about you : Shared endorsements
  12. Make ads more relevant to you