More details surrounding the voluntary anti-piracy agreement between Google, Bing, and major rightsholders have emerged. In addition to efforts to mitigate pirate sites' efforts to jump domains to avoid downranking, the search engines will "exchange detailed information" with rightsholders "on a confidential basis" in order to better understand how users are searching for content.

Following roundtable discussions between the BPI, Motion Picture Association, Alliance for IP, plus representatives of Google and Bing, in February a voluntary anti-piracy agreement was announced.

Under this anti-piracy code, search engines agreed to further optimize their algorithms to demote pirated content in search results, with the aim of making infringing content less visible and legal alternatives easier to find.

As highlighted last month, details of the arrangement were planned to remain largely secret but thanks to a pair of Freedom of Information (FOIA) requests from both the EFF and TJ McIntyre from Digital Rights Ireland, we now have a somewhat clearer idea of what will be happening between the groups.

As expected, the main focus is the search deranking of sites “dedicated to infringement” based on the volume of valid DMCA-style notices rightsholders send to Google. In other words, sites that index a majority of infringing content and are subjected to a lot of rightsholder complaints will find their results buried.

Unfortunately, the report released under the FOIA request is redacted, which leaves some sections ambiguous at best and hard to follow at worst. This section, however, seems to indicate an additional effort to manipulate search results that are generated from “neutral” non-piracy related search terms.

“All parties support the objective of removing links to infringing content from [REDACTED] search results returned to consumers in the UK in response to ‘neutral’ formulations of search query (exact search terms to be agreed) with the goal of presenting the consumer with links to legitimate sites. This includes search results presented to the user in the form of natural search results, sponsored or advertisement results or media player ‘box’ results,” the document reads.

These search terms haven’t been defined publicly but based on previous copyright holder complaints, words such as ‘download’, ‘MP3’ and even artist or content names could be in the mix. In any event, an assessment will take place to see how they prejudice rightsholders, especially when it comes to fresh content.

“Selection of such search queries by the parties shall take into account data indicating the actual levels of usage of such search terms, as well as the harm that illegal access to content via specific queries can cause to creators, in particular for new releases,” the agreement notes.

Google’s AutoComplete feature, which has proven controversial in the past, will also be subject to tweaks that focus on not suggesting infringing content when neutral terms are entered.

Moving forward, an area that is likely to raise an eyebrow or two is a statement in the agreement which possibly suggests the sharing of search engine user behavior data with rightsholders.

“This information exchange will not be expected to include commercially confidential information, and is without prejudice to the existing legal remedies available to either party.”

To give an indication of how complex these discussions must’ve been at times, one only has to look at the following paragraph, which appears to be an effort to lay some of the blame with rightsholders, should infringing links appear more prominently than legal ones in search results.

“Performance in achieving the above metric should be considered in tandem with an objective assessment of the existence of legitimate websites (of rights holders or their partners, distributors or other authorized locations) that offer consumers access to legitimate content or information for the measured queries, and the efforts made by rights holders to take advantage of reasonable techniques such as search engine optimisation,” it reads.

In other words, rightsholders shouldn’t be able to blame Google and Bing for the appearance of ‘pirate’ results if they don’t make legal alternatives available or fail to carry out effective SEO. That shouldn’t be too much of a problem though, since the agreement notes that the parties will work together to optimize SEO for legitimate sites to “improve the likelihood such sites will rank higher in results for well-meaning queries.”

Another interesting detail in the agreement is how the parties intend to tackle so-called “domain hopping” by pirate sites. Currently, when Google receives a lot of DMCA notices for a domain utilized by a pirate site, the site is downranked in results. That often leads to the site getting a new domain, at which point the ‘clean’ domain starts appearing higher in results again. The agreement seeks to deal with that.

“All parties will work with the [Intellectual Property Office] to evaluate how frequently copyright infringing websites, subjected to demotion, change their top-level domain (TLD), but otherwise retain substantially the same identity,” the agreement reads.

“If this activity is sufficiently widespread as to justify it, search engines and rights holders should develop a process whereby rights holders can notify search engines of the occurrence so that, when verified, such domains can be appropriately demoted.”

Overall, Google and Bing will work with rightsholders to demote domains quicker, with the latter encouraged to use APIs and better-formatted infringement notices. A whitelist of sorts will also be introduced, to ensure that legitimate sites don’t get caught up in Google and Bing’s downgrading filters.

But for those concerned about the potential for this voluntary agreement to spread beyond those currently involved, there’s something looming on the horizon. Google and Bing have also committed to sharing their work in this area with search engines and rightsholders that are not already signatories.

“All parties to this Code of Practice commit to ensure that progress or best practice in this area (to the extent that such information is non-confidential) is shared widely with smaller search engines and independent rights holders,” the agreement notes.

As previously reported, the Minister of State for Intellectual Property will oversee the implementation of the voluntary code, and provide quarterly cycles of research and a review after one year.

The full, albeit redacted document, can be viewed here (pdf)

Author : Andy

Source : https://torrentfreak.com/google-anti-piracy-agreement-will-target-domain-hopping-share-search-data-170307/

Categorized in Internet Privacy

When talking about search engines, most people only think of Google. Very few people seem to realize there are other popular search engines out there, even though they usually own a smaller market share. DuckDuckGo recently revealed that they surpassed the milestone of 14 million searches in a single day. As of December 2016, the platform has been gaining a lot of popularity.


Competing with search engine giants such as Google and Bing is not an easy feat for any company. Smaller search engines, such as Wolfram Alpha and DuckDuckGo, have been somewhat struggling to gain market traction. That being said, things have been improving for DuckDuckGo, as December 2016 has been one of their busiest months in history.

Earlier this week, the company revealed how they served over 10 billion searches since launch. Interestingly enough, over 4 billion of those searches occurred in December of 2016. Considering Google and Bing have not had major issues ever since that time, this news has come as quite a surprise. Then again, DuckDuckGo positions itself as the only search engine that does not track its users.

Other good news for DuckDuckGo come in the form of their increased number of daily search queries. About a year ago, the platform served between eight and nine million searches per day. That number surpassed 14 million on January 9th of this year, which is quite a spectacular growth. It appears a lot of internet users want more privacy and transparency when it comes to search results. With all searches being conducted in an anonymous manner, there are no data records about user behavior either.

DuckDuckGo is quite pleased with this development, even though the company is growing a lot faster than even the owners have predicted. With more people actively looking to reduce their digital footprint, it is not unlikely DuckDuckGo will continue to see accelerated growth moving forward. Consumers feel a search engine provider should not retain information regarding their activity, yet that is exactly what Google and Bing are doing.

DuckDuckGo has been making headlines for other positive reasons as well. The company recently donated US$225,000 to other companies working on raising the standard of trust online. Government scrutiny, mass surveillance, and data harvesting are all threatening consumer privacy when using the Internet. More and more consumers want to be shielded from unwanted scrutiny, and that situation is also affecting the search engine market right now.

Although there is still a long way to go before companies such as DuckDuckGo can take a real market share away from Google and Bing, things are heading in the right direction. It takes time to gain traction in a market dominated by two players, especially when considering both search engines are operated by two of the largest technology giants in the world. Slowly but surely the public perception of search engines is changing, that much is certain.

Author : JP Buntinx

Source : https://themerkle.com/duckduckgo-sees-significant-growth-as-consumers-look-for-privacy-centric-search-engines/

Categorized in Search Engine

Microsoft's Windows 10 has been criticized a lot in three key areas during its 18 month existence.

The first was the year long aggressive free upgrade campaign to get users moving from Windows 7/8.1 to Windows 10.  In fact, Chris Capossela Microsoft's Executive VP and Chief Marketing Officer, recently admitted the company just pushed too hard to get users to upgrade for free during that program. Of course, this is now a mute point because the free offer has now expired.

Secondly, its reliability and the fast pace release of updates under the premise of Windows as a Service (WaaS) has been a constant point of contention for many users and bad updates have resulted in some system level issues for some users however, just as many Windows 10 users have told me they have systems that perform reliably despite this new updating process.

The third and final issue is one that has likely generated the most written words over the last 18 months and that is privacy and Windows 10. Microsoft collects telemetry from Windows 10 and other user information for many reasons and that is all detailed in their commitment to privacy statement and policies. The biggest issue many had from a consumer perspective is that telemetry collection could not be turned off completely unlike higher SKUs of Windows 10 like Professional, Education and Enterprise which can turn that feature off using Group Policies.

I have looked at the Privacy Settings in Windows 10 on a few different occasions and they are extensive and very granular. That allows the end user to exercise a tremendous amount of control over what information is shared with Microsoft and apps on their Windows 10 systems.

Well this week Microsoft has taken another step in reinforcing their commitment to privacy by unveiling a new centralized portal under each users Microsoft Account page that provides the ability to delete any information Microsoft has collected from their usage of Microsoft products and services.

This new privacy controls page allows users to review and/or delete information in the following areas:

  • Browsing history
  • Search history
  • Location history
  • Cortana's Notebook
  • Health activity

Now, there has always been other locations that this information could be dealt with but by bringing it all under the Microsoft Account it is now in one place for quick and easy access.

In addition to providing controls to delete this data, Microsoft is also using this portal to explain to end users the value added nature of Microsoft knowing the data collected in each area.

Browsing history

If browsing history in Cortana is turned on, your Microsoft Edge browsing history is sent to Microsoft so that Microsoft features and services may use this data to provide you with timely and intelligent answers, proactive personalized suggestions, or to complete tasks for you.

Search history

Like other search engines, Bing uses your search history to give you better results, including personalization and autosuggest. Cortana also uses that data to give you timely, intelligent answers, personalized suggestions, and complete other tasks for you.

Location history

To give you directions to the places you want to go, and show you data relevant to where you are, we use locations that you provide or that we've detected using technologies like GPS.

Cortana's Notebook

To help you avoid traffic, remember anniversaries, text the right “Jennifer” in your contact list, and in general do more, Cortana needs to know what you’re interested in, what’s on your calendar, and who you might want to do things with. The Notebook is where Cortana keeps track of your interests. When you don’t want to reach for a keyboard, Cortana can use your speech and handwriting patterns to help translate what you say or write into documents and text messages.

Health activity

Microsoft Health, HealthVault, and devices like Microsoft Band can help you collect, understand, and manage your health data. Your data can include activity and fitness data like heart rate and daily steps taken. It can also include any health records you store in HealthVault and HealthVault gives you the ability to share health records with caregivers.

In addition to providing direct access to these areas of information, the new Privacy Portal in your Microsoft Account also has a collection of direct links to other parts of the Microsoft ecosystem for managing privacy and data.

Those include:

  • Windows Privacy Settings
  • Xbox Privacy and Online Safety
  • Skype Privacy Settings
  • Apps and Services
  • Office
  • Advertising Preferences
  • Marketing Preferences

One last area that Microsoft is making some changes when it comes to privacy is the Out of Box Experience, aka OOBE, when installing the upcoming Creators Update release that is expected in April of this year. During that installation process, you will be offered the following privacy options:

  • Location
  • Speech recognition
  • Diagnostic (Full or Basic)
  • Tailored experiences with diagnostic data
  • Relevant ads

Of course, even with this new clarity and control options there will still be some who are not happy with the collection of telemetry and other information and that is simply reality.

However, Microsoft does provide an extensive collection of controls that help you manage that information. When you combine that with the explanations on why that information is useful and enhances the user experience in Windows 10 and other parts of the Microsoft user environment/services it really should help the user decide what they leave turned on or off when it relates to privacy.

But, wait...there's probably more so be sure to follow me on Twitter and Google+.

Author : Richard Hay

Source : http://winsupersite.com/microsoft/microsofts-new-privacy-dashboard-helps-users-control-their-personal-data#slide-3-field_images-81611

Categorized in Internet Privacy

As more personal information is collected up by ever-more-powerful computers, giant sets of data – big data – have become available for not only legitimate uses but also abuses.

Big data has an enormous potential to revolutionize our lives with its predictive power. Imagine a future in which you know what your weather will be like with 95 percent accuracy 48 hours ahead of time. But due to the possibility of malicious use, there are both security and privacy threats of big data you should be concerned about, especially as you spend more time on the Internet.

What threats are emerging? How should we address these growing concerns without denying society the benefits big data can bring?

The size of the potential problem

First of all, due to the sheer scale of people involved in big data security incidents, the stakes are higher than ever. When the professional development system at Arkansas University was breached in 2014, just 50,000 people were affected. That’s a large number, but compare it with 145 million people whose birth dates, home and email addresses, and other information were stolen in a data breach at eBay that same year.

From the perspective of a security professional, protecting big data sets is also more daunting. This is partly due to the nature of the underlying technologies used to store and process the information.

Big data companies like Amazon heavily rely on distributed computing, which typically involves data centers geographically dispersed across the whole world. Amazon divides its global operations into 12 regions each containing multiple data centers and being potentially subject to both physical attacks and persistent cyberattacks against the tens of thousands of individual servers housed inside.

Difficulties with access control

One of the best strategies for controlling access to information or physical space is having a single access point, which is much easier to secure than hundreds of them. The fact that big data is stored in such widely spread places runs against this principle. Its vulnerability is far higher because of its size, distribution and broad range of access.

In addition, many sophisticated software components do not take security seriously enough, including parts of companies’ big data infrastructure. This opens a further avenue of potential attack.

For instance, Hadoop is a collection of software components that allows programmers to process a large amount of data in a distributed computing infrastructure. When first introduced, Hadoop had very basic security features suitable for a system used by only a few users. Many big companies have adopted Hadoop as their corporate data platform, despite the fact that its access control mechanism wasn’t designed for large-scale adoption.

Consumer demand drives security and privacy

For consumers, then, it is critical to demand a heightened level of security through vehicles such as terms and conditions, service level agreements, and security trust seals from organizations collecting and using big data.

What can companies do to protect personal information? Countermeasures such as encryption, access control, intrusion detection, backups, auditing and corporate procedures can prevent data from being breached and falling into the wrong hands. As such, security can promote your privacy.

At the same time, heightened security can also hurt your privacy: it can provide legitimate excuses to collect more private information such as employees’ web surfing history on work computers.

When law enforcement agencies collect information in the name of improved security, everyone is treated as a potential criminal or terrorist, whose information may eventually be used against them. The authorities already know a lot about us but could ask companies such as Apple, Google and Amazon to provide more intelligence such as a decrypted version of our data, what search terms we are using and what we are buying online.

The fundamental security principle used to justify this type of blanket surveillance (which is now more affordable and feasible due to the use of big data technologies) is “nobody can be trusted.” Once collected, those data join the rest of the information in being susceptible to abuse and breaches, as demonstrated in snooping incidents involving National Security Agency employees.

And yet when used properly, big data can help enhance your privacy by allowing more information to be leveraged and eventually improve the quality (especially, the accuracy) of intelligence on potential attacks and attackers in cyberspace.

For example, in an ideal world we don’t have to worry about fraudulent emails (also called phishing) because a big data analytics engine would be able to pick out malicious emails with pinpoint accuracy.

How big data is used – for you or against you

There are also other privacy concerns about big data. Companies are eager to deliver targeted advertising to you and tracking your every online move. Big data makes this tracking easier to do, less expensive and more easily analyzed.

A service like IBM’s Personality Insights can build a detailed profile of you, moving well beyond basic demographics or location information. Your online habits can reveal aspects of your personality, such as whether you are outgoing, environmentally conscious, politically conservative or enjoy travel in Africa.

Industry representatives make benign claims about this capability, saying it improves users’ online experiences. But it is not hard to imagine that the same information could be very easily used against us.

For example, insurance companies could start questioning coverage to consumers based on these sorts of big-data profiles, which has already begun to happen.

Banning large-scale data collection is unlikely to be a realistic option to solve the problem. Whether we like it or not, the age of big data has already arrived. We should find the best way of protecting our privacy while allowing legitimate uses of big data, which can make our lives much safer, richer and more productive.

For example, when used legitimately and securely, big data technology can drastically improve the effectiveness of fraud detection, which, in turn, frees us from worrying about stolen identities and potential monetary loss.

Transparency is the key to letting us harness the power of big data while addressing its security and privacy challenges. Handlers of big data should disclose information on what they gather and for what purposes.

In addition, consumers must know how the data is stored, who has access to it and how that access is granted. Finally, big data companies can earn public trust by giving specific explanations about the security controls they use to protect the data they manage.

Author : Jungwoo Ryoo

Source : http://theconversation.com/big-data-security-problems-threaten-consumers-privacy-54798

Categorized in Internet Privacy

Just a few years ago, you could get by online with four simple rules. Firstly, don’t use your dog’s name for all your account passwords. Similarly, don’t give your Wi-Fi password to your weird neighbour just because their internet isn’t setup yet. Don’t visit (too many) dodgy websites. If you have to, make sure you have a virus scanner.And, whatever you do, don’t click any pop-ups that claim they’ll a) clean your system or b) let you work from home and earn £100 an hour.Despite being quite tech-savvy, I’ve still been winging it with these basics. I’m lazy, like many. But I’ve also realised waiting for something to go wrong is like waiting to be robbed before you buy home contents insurance. Internet privacy and security matter.



What made me think twice was a close call that almost derailed something I’ve been working for all year.A few months ago I managed to scrape together the money to put down a deposit on my first home. Just two days after I paid my life savings into this money pit, Tesco Bank was hacked and all transfers were put on lockdown. If I’d waited just two days, I’d have been screwed. Cue homelessness and enough stress to age you ten years in 24 hours.These breaches happen all the time. They’re unavoidable, but being lax about security and privacy open you up to a personal attack that sees life savings evaporate into the cloud rather than just being inaccessible for a couple of days. So, yes, maybe it’s time to get a bit more serious about security and privacy.



Step one: fixing my passwords. I can barely remember what I had for dinner last night, so going the traditional route and actually remembering more, and more complex, passwords is a bust. Thankfully, I can cheat.There are absolutely loads of apps that not only remember your passwords, but can input them as needed and create super-secure new ones for you. The app I’ve been trying recently is Dashlane.
It’s so proactive I ended up swatting it away a few times when trying to quickly order some late-night Christmas presents online. I’m getting there, but I’m not the finished article yet.These apps are a bit like bank vaults, hiding your passwords behind a wall of 256-bit “military grade” encryption. What this means is the key used to unlock your data is one of 2 to the power of 256 keys. That’s so many it’d take a computer longer than the age of the universe to crack it.It feels slightly sad to wave goodbye to those old “first pet and then the number 1” passwords, but anything that can be tracked back to you is a no-no. The old advice that passwords should be something you can easily remember doesn’t stack up anymore. Use one of these password managers and you only need to remember one master password.I still can’t remember the Wi-Fi key of the Virgin Media router I use daily to test all the gadgets I review at Stuff, so this is going to have to be one of 2017’s brain food exercises.



Step two: tackling new-age nasties. I love free Wi-Fi. Whenever I can I’ll head out to a pub or coffee shop just to find somewhere to work other than the office. Sure, the chair’s nicer there, but it gets boring after a while.But free Wi-Fi isn’t really safe. Anyone on the same network can use nasty software to leech the info you type in whenever you don’t use an “https” web page, and even those secure pages can be compromised.The more I read into this stuff, the more I feel like I’m slowly fashioning a tinfoil hat out of pure Googling. But when the solution is so easy, it’s worth looking into. I’m talking about a VPN.What this does is to encrypt all your internet use, even with unsecured pages. You’re much safer regardless of where you’re browsing, and as a side benefit the government can’t track you.
And, err, it looks the conservatives are really getting into that sort of stuff.I’ve been trying out NordVPN. It costs about £4 a month and is so deliciously simple, it’s actually fun.Install the NordVPN app on your laptop, desktop or phone and you see a cartoony map of the world, packed with all the servers it operates. One click/tap and your internet browsing starts getting routed through Iceland. Or Italy. Or India.If you have an advanced router you can even set it up so everything in your house gets the VPN treatment. But as I’ve only just got internet installed I’ll leave that for 2017. Internet may be considered a human right by the UN, but that doesn’t stop you going without it for a month when you move house.


I’m on the way to being fully nerded-up on my internet use. But the most important part of privacy for a lot of people is something simpler.Every time I see a slightly drunken photo of me, showing off the excess chin I never managed to shift in the gym, I get a little self-obsessed anxiety spike thinking about who might have seen it already. Paranoia justified?Probably. It only takes a minute to go through the privacy settings (see below) for your social networks: Facebook, Twitter and Google+ are the ones to watch out for. This tailors exactly who can see what.After one too many scares about prospective employers finding out bits and bobs through my Facebook I had already tidied these up. But you really should check them over in case all your angry status updates are being broadcast a bit further than you think.


1. Check your Facebook permissions, statYou can tweak your Facebook privacy settings on your laptop. Just click the menu drop-down, then settings, and finally privacy. Here you can alter who sees your posts, and how easily people you don’t know can find you on
2. Watch what you typeIf you’re using public Wi-Fi, always check for “HTTPS” in the address bar. This means whatever you send is being encrypted, so can’t be hijacked like the stuff you type into plain old Google and so on.
3. Keep an eye out for wandering eyes All the techy precautions in the world can’t protect you from someone looking over at your keyboard as you type-in your card details or passwords. Are many people using this like new-wave phone theft? Who knows — better safe than sorry, eh?
4. Ditch your rubbish old passwordsIf your password is your surname, the name of your partner or something else some nasty type could find out from a quick bit of social network stalking, sort your game out.
5. Check if your router supports VPN If you want to get your whole house VPN’d up you’ll need a router that supports DD-WRT. This is a wireless standard you’ll only find in more expensive routers like the Netgear R7000, not the one that your internet provider sent you. Sorry.
Author : Andrew Williams
Categorized in Internet Privacy

A new and somewhat bizarre lawsuit filed against Google accuses the search giant of running an “internal spying program” and forcing employees to adhere to “illegal confidentiality agreements, policies, guidelines and practices.”

The lawsuit was filed earlier this week by an anonymous product manager. The suit claims that Google’s employment agreements expressly prohibit Google personnel from reporting illegal conduct they may have witnessed or even bringing to light potentially dangerous product defects. The complaint alleges that Google discourages the aforementioned type  ofwhistle blowing activities because such statements might ultimately resurface during legal proceedings

The complaint also details that Google’s employment agreement precludes employees from disclosing their base pay to potential employers and even from discussing what their working experience at Google was like.

“The policies even prohibit Googlers from speaking to their spouse or friends about whether they think their boss could do a better job,” the complaint adds.

Also interesting is the allegation that Google “prohibits employees from writing creative fiction”, without prior approval, if the main character works at a tech company in Silicon Valley.

The lawsuit takes the position that Google’s sweeping confidentiality agreements are unnecessarily broad and ultimately violate California labor laws.

The complaint reads in part:

The unnecessary and inappropriate breadth of the policies are intended to control Google’s former and current employees, limit competition, infringe on constitutional rights, and prevent the disclosure and reporting of misconduct. The policies are wrong and illegal.

In regards to the allegations that Google wants employees to keep illegal activity and potentially dangerous products on the down low, the complaint reads:

Google restricts what Googlers say internally in order to conceal potentially illegal conduct. It instructs employees in its training programs to do the following: “Don’t send an email that says, ‘I think we broke the law’ or ‘I think we violated this contract.'”The training program also advises employees that they should not be candid when speaking with Google’s attorneys about dangerous products or violations of the law. The program advises Googlers that some jurisdictions do not recognize the attorney-client privilege and “Inside the U.S., government agencies often pressure companies to waive the privilege.”

As a point of interest, the plaintiff in this case has been a Google employee for just over 2 years and, per the complaint, was recently outed, albeit falsely, for leaking proprietary information to the press.

Google has since issued a statement to The Verge relaying that it “will defend this suit vigorously because it’s baseless.”

The full suit can be read below.

Author:  Yoni Heisler

Source:  https://www.yahoo.com/tech/lawsuit-claims-google-employees-forced-ignore-serious-product-040350012.html

Categorized in Internet Privacy

Ian Kilpatrick, chairman of security specialist Wick Hill Group and EVP cyber security for Nuvias Group, looks at the rapidly changing security scenario faced by companies in 2017

1. Security reaches the boardroom

In 2017, security breaches will be a regular occurrence.

Organisations will continue to struggle to deal with them, causing board-level executives to pay more attention to security, as the financial and reputational consequences become more apparent – the average cost of a serious data breach to a company is now $3.5 million.

The fact is that many company boards have abdicated their responsibility regarding IT security for a long time, and are only now overtly recognising that breaches are a business risk, the same as a foreign exchange risk or a fire risk, and they need to understand it and manage it.

Business leaders will increasingly demand clarity around the security risks that their organisations are exposed to, and how secure they are in response to those risks, particularly around issues like PCI compliance. Alongside this, they will require ongoing monitoring and board level reporting.

As such, IT professionals will need to deliver a clear-cut definition of proper measures to tackle the risks.

2. Tackling existing threats and employee behaviour

Most vulnerabilities will continue to either be known vulnerabilities or down to employee behaviour, and organisations shouldn’t be distracted by the big cyber-attack headlines in the press, or knee-jerk responses and marketing hype from security vendors.

Organisations need to address their vulnerability management in a structured fashion so they are progressively working their way through managing their own vulnerabilities, rather than getting distracted by the latest data breach that’s making the news.

Keeping a core focus on the key elements of security, while still responding to upcoming threats, isn’t easy, but CISOs need the strength to push back to the board to say, “We need to deal with this first.”

3. More cloud breaches

There will be continued growth in cloud breaches. It’s an attack vector that contains significant vulnerabilities around identity management and mobility or off-site access.

Consequently, cloud access security broking will experience significant growth and there will be more interest in Identity-as-a-Service (IDaaS).

Indeed, Gartner predicts that 40 percent of identity and access management (IAM) purchases (see below) will use the identity IDaaS delivery model by 2020, up from just 20 percent in 2016.

4. Identity access management comes of age

Across all areas, identity access management will at last move into where it should have been ten years ago, and experience strong growth.

Organisations are starting to recognise that simple passwords have always been insecure but in this new world they now are totally insecure. Particularly with user passwords being harvested in the hundreds of millions from social media sites.

Identity access management involves a range of solutions based on multi-factor authentication, linking between physical access and logical access, e.g. card systems, tokens, mobile phone biometrics, etc.

While biometrics can appear as a panacea, bear in mind that that your biometric is a core unique identifier, and if the underlying database is breached, that identifier is useless from that point on.

5. Total security still not achievable

Companies will realise total security is not achievable, and that they will be breached. The consequence of that is that they will increasingly move to secure key assets rather than try to protect everything.

They will increasingly invest in technology such as data leakage protection and encryption, as they look to protect their security perimeter against attack, from both inside and outside the organisation.

6. IoT insecurity

The Internet of Things (IoT) will continue to show the stupidity of rolling out applications prior to considering security.

The challenge for organisations will be both dealing with the security threat of IoT technology getting into the organisation – probably through shadow IT implementation – which is a nightmare scenario for CISOs.

IoT will also drive growth in DDoS solutions, particularly following the recent high profile attacks on Twitter, Spotify and Reddit using ‘smart’ home devices.

7. Growth in user training

One much overlooked area is user training, testing and awareness, but one that continues to experience strong growth, as organisations realise that insecure behaviour at home leads to insecure behaviour in work-mode.

More than 60% of all network intrusions stem from compromised user credentials, so education, awareness training and user testing will increase as companies realise employee behaviour is a key vulnerability – but it can be resolved by teaching and managing employees’ awareness skills and competence.

Measurements show that, for most organisations, initial testing of employee skills demonstrates average failure rates of 20%, which slowly declines over time – but worryingly rarely reaches zero!

8. Mobility and wireless worries

Mobility security will continue to represent an ever-increasing challenge to organisations both with device management and user interaction – as will the use of wireless networks.

A large majority of mobile device users will connect to Wi-Fi networks without considering the risks that involves and the credentials they are exposing. Inside organisations, first generation wireless deployments are, in many cases, particularly insecure.

There is an increasing focus on providing high capacity and high performance networks but that carries with it not only the need to do it securely, but also to offer the right user credentials, particularly in distributed organisations where there have been many high-profile breaches.

9. GDPR preparation

In 2017, General Data Protection Regulation (GDPR) will drive a lot of changes within organisations in preparation for the May 2018 deadline, as the consequences of not meeting the deadline sink in.

If an organisation fails to protect their data, they will be liable to a fine that represents a percentage of their turnover.

Bear in mind there are organisations only making two or three percent profit as a percentage of their turnover, so that’s going to hurt – and possibly cause a collapse of share prices. Companies need to start thinking about how to mitigate that risk.

10. Implementing best practice

There will be more press coverage of stolen data in 2017, which for many organisations, will expose unresolved issues around passwords, content, and payment card vulnerabilities.

In most cases, companies are unaware when they’ve been breached. Just because you think you’re safe, doesn’t mean you are; if nothing appears to have happened, it doesn’t mean it didn’t happen or isn’t still happening.

Shockingly, the average length of time an attacker stays inside a network before detection is more than 140 days – that’s if the attacker doesn’t just copy the data and disappear.

As a result, you may not find out you were breached for a long time. Some recently discovered breaches date back over four years.

Organisations need to look at encrypting their data, changing login credentials, removing user privilege, etc., on a regular basis.

At worst, you will have spent the time implementing best practice, and at best you’ve stopped potential attackers using your own data against you.

If you’re waiting for a breach before implementing these safeguards, you might want to think about the financial and reputational consequences compared to the cost of fixing it before it happens.

Auhtor : Nick Ismail

Source : http://www.information-age.com/top-10-security-predictions-2017-123463621/

Categorized in Internet Privacy

Do you still have a Yahoo Mail account? The tech company made its way onto the scene in 1994 and became a popular search engine and email service. However, it's had a very rough year.

First we learned of a massive data breach that could have impacted billions of users. Then we found out Yahoo was allegedly complying with a government security agency's request to spy on all incoming emails. Now, there is more troubling news coming out about the tech giant.

Security researcher Jouko Pynnonen recently discovered a severe security vulnerability with Yahoo Mail. The flaw would allow an attacker to access the victim's email account.

This was a cross-site scripting (XSS) attack, similar to the one discovered by Pynnonen around the same time last year. Watch this video to see a brief detail of last year's discovery:

Why this flaw is so alarming

What's terrifying about this is the victim wouldn't even need to click on a malicious link to be affected. You only had to view an email sent by the scammer for your Yahoo Mail account to be compromised.

Yahoo filters HTML messages, which is supposed to keep malicious code from making its way into a user's inbox. However, Pynnonen discovered a vulnerability that kept the filters from catching all malicious code. It had to do with different types of attachments that could be added to emails.

The good news is once Pynnonen reported the flaw, Yahoo fixed it. The tech giant also paid him $10,000 for discovering the vulnerability through its Bug Bounty Program.

Even though these flaws have been patched, it's been a rough stretch for Yahoo. If all of these problems worry you, you might want to close your Yahoo accounts. Here are instructions on how to do that:

  • How to close your Yahoo account:
  • Go to the "Terminating your Yahoo account" page.
  • Read the information under "Before continuing, please consider the following information."
  • Confirm your password - if you forgot your password, you can recover it with the Yahoo Sign-in Helper.
  • Click Terminate this Account.

Remember, if you do close your Yahoo account, you will not be able to use services associated with it. So if you decide to keep your account, at the very least make sure you have a strong password. Here are three proven formulas for creating hack-proof passwords.

You can also enable two-step verification, set up a Yahoo Account Key, or use a password manager. It's always better to be safe than sorry!

Author:  Mark Jones

Source:  http://www.komando.com/

Categorized in Internet Privacy

Two years ago, Google introduced the mobile-friendly label. Then we witnessed ‘mobilegeddon’, where Google began prioritizing these mobile sites. Now, they are cracking down on mobile sites offering a substandard user experience.

On January 10th 2017, any sites with intrusive interstitials may lose ranking juice. The key question then is, what counts as an intrusive interstitial? Essentially, it’s any extraneous content that appears over the majority of the page proper. Call them silly, but Google assumes visitors enjoy seeing the information they clicked for.

At this point you may well have further questions; fortunately, I am here to answer them. In this post, I will help you decide exactly what will and won’t count as an intrusive interstitial by Google. Let’s get straight to it!

What Is an Intrusive Interstitial?

Intrusive interstitials are essentially popup ads. They tend to block most or all of a page, leading to a bad user experience for desktop and mobile users alike.

google examples of intrusive interstitials

Google’s own examples of intrusive interstitials.

These types of ads make it frustrating at best to access the page as intended. The general exception to the rule is when there are legally required (or ethically advised) notifications, such as popups for age verification.

The kicker is that while popups are moderately annoying on desktops, there is even less screen real estate to work with on mobile devices. In these cases, it can completely ruin the user experience. Here are a few examples of how this goes wrong:

  1. The interstitial covers most or all of the content on a page.
  2. The interstitial is not responsive. That means it is difficult or impossible to close it on a mobile, rendering the page useless for mobile users.
  3. The interstitial is not triggered by an action, such as “Click here to subscribe.” Rather, it pops up on its own without prompting, creating an unpleasant surprise for the mobile viewer.

As you can see, the issue is not only the annoyance of popups but their role in ruining the user experience. If you find an interstitial on your own site that you’re not sure of, we find it best to err on the side of a pleasing experience for the user.

Why Are Intrusive Interstitials Being Targeted?

Our first clue that Google was shifting from banning app interstitials to allinterstitials was August 2015, when Gary Illyes confessed to the world that he’d love to use them as a negative ranking factor one day. Back then, he said, “But we don’t have anything to announce at the moment.”

By now, you already have a bit of insight into Google’s decision. For a better understanding of what exactly is under scrutiny as January 10th races towards us, we can look at the factors that play a role in the market.

As frustrating as users find popups, companies continue to use them because they are effective. In one recent study of 1,754,957,675 popups, there was an average 3.09% conversion rate, with high-performing popups performing on average at 9.28%.

However, mobile traffic is growing, and Google seems to be leaning into it hard. In 2015, Google reported that access via mobile was higher than desktop searches in ten countries. Meanwhile, it’s worth noting that 56% of traffic on major sites comes from mobile.

HubSpot’s Senior Product Marketing Manager, Marcus Andrews, recently gave us a friendly reminder that “Google is very focused on the user.” He notes, “Marketers are always looking for hacky ways to increase traffic and conversion rates, and every once in a while, Google needs to make a correction to improve the user experience.”

It’s no surprise then that Google is focusing its resources on mobile, rather than desktop. It’s where the majority of users are — that’s just good business. Between this and its Accelerated Mobile Pages (AMP) project, it’s fair to say Google wants webmasters to offer a seamless user experience for mobile users.

It’s important to note that Google is currently only looking at interstitials that show up when the user first lands on the website from a search result. This means the important part is ensuring that any traffic coming from Google isn’t served these interstitials until the user has clicked further into the site.

“What we’re looking for is really interstitials that show up on the interaction between the search click and going through the page and seeing the content. What you do afterward like if someone clicks on stuff within your website or closes the tab or something like that then that’s kind of between you and the user,” John Mueller from Google Webmaster Central announced during an office-hours Google+ hangout.

How to Identify Intrusive Interstitials

Google has already decided that all interstitials ruining the user experience will negatively impact that site’s ranking signal.

What you need now is a blueprint to check your own site against. How can you tell which interstitials are okay, and which aren’t? Keep reading!

Intrusive Interstitials That Will Be Penalized

The examples of penalized interstitials provided by Google are relatively straightforward. So far, we know of three types of interstitials that will be problematic.

The first is a regular popup, or a modal window blocking the content of the page. These often come with a dark semi-transparent background dimming the rest of the content. These are perhaps the most traditional popups, in that they appear to literally pop up over the rest of the page.

An example of an intrusive popup from Google

An example of an intrusive popup from Google: a regular popup, or a modal window blocking the content of the page.

You can see how the background dims to a dark gray for the modal popup:

example of an intrusive popup
A real-life example of a regular intrusive popup.

The second is a standalone, full-screen interstitial that sits above the header of the website. These interstitials typically force your browser to scroll up to see it before letting you see the rest of the content.

An example of an intrusive standalone interstitial from Google

An example of an intrusive standalone interstitial from Google: a standalone, full-screen interstitial that sits above the header of the website.

The last is also a standalone, but essentially a full-screen modal window blocking the content.

Another example of an intrusive standalone interstitial from Google

Another example of an intrusive standalone interstitial from Google: essentially a full-screen modal window blocking the content.

Its functionality is like that of a regular popup, but you get no preview of what content lies below. In practice, they look exactly the same as the previous standalone popup. Here’s a real-life example:

a real-life example of an intrusive standalone interstitial

A real-life example of an intrusive standalone interstitial that blocks the content.

However, in some cases, it doesn’t seem so cut and dry. For example, what if you have a live chat box that automatically appears to help the guest? This isn’t a direct advertisement, but it does still ruin the user experience if all they want to do is read the content they came for.

In these cases, think about the popup in its purest form — a box that appears over the actual page content. If it’s not a necessity, there’s a good chance it’s going to be penalized.

Intrusive Interstitials That Shouldn’t Be Penalized

It’s important to remember that not all interstitials will be an issue. Depending on your website and country, you may have legal or ethical reasons to display interstitials. Google knows this, and isn’t planning to punish you for it.

Google provides two predominant examples of these legally required interstitials, the first being legally required age verification blockers. These help create a shield for age-sensitive content such as websites featuring alcohol or adult content. The second example is cookie consent notifications, as they are required in the EU.

Finally, and perhaps most importantly, any banners taking up a “reasonable amount of space” should be safe. Though an exact size is not provided, it is better to play it safe and assume less is more. If you keep it to 15% or less, even landscape mode devices will still have enough room to read several lines of text.

This goes to show that you can still keep your ads, but you may need to switch up your approach by respecting the user’s screen space first and foremost. Try redesigning interstitials you can’t part with so they take up a small amount of the page, perhaps reducing them to a link that leads to a separate page entirely. In a last-ditch effort, you could change them to be inline ads. If you’re not sure what works best, try A/B testing to find an effective middle ground.

All this said, there is no guarantee of what will or will not be counted against you. Google only notes that these, when used responsibly, will not be affected.


As the deadline draws near, we urge you to check your interstitials and ensure they follow Google’s new guidelines. Though it’s not clear how strong this new ranking signal will be, Google shows a definitive preference for mobile. We recommend that you don’t underestimate its power.

It is relatively straightforward to identify your intrusive interstitials and take action:

  1. Review required interstitials, such as age-verification popups and cookie notifications. You’ll leave these live, but ensure they are easy to use on mobile devices.
  2. Find the interstitials on your site, leading directly from Google search, that act as advertisements.
  3. If these are so effective that you can’t justify getting rid of them, try modifying them to take up a small amount of screen space for mobile devices. Otherwise, we recommend removing them entirely.

What are your fears about the new intrusive interstitial ranking signal? Ask any further questions you have in the comments section below!

Author:  Aleh Barysevich

Source:  https://www.searchenginejournal.com

Categorized in Internet Privacy

It’s one of the Internet’s oft-mentioned ‘creepy’ moments. A user is served a banner ad in their browser promoting products on a site they visited hours, days or months in the past. It’s as if the ads are following them around from site to site. Most people know that the issue of ad stalking – termed ‘remarketing’ or ‘retargeting’ - has something to do with cookies but that’s barely the half of it.

The underlying tracking for all this is provided by the search engine provider, be that Google, Microsoft or Yahoo, or one of a number of programmatiic ad platforms most people have never heard of. The ad system notices which sites people are visiting, choosing an opportune moment to ‘re-market’ products from a site they visited at some point based on how receptive it thinks they will be. The promoted site has paid for this privilege of course. Unless that cookie is cleared, the user will every now and then be served the same ad for days or weeks on end.


Is this creepy? Only if you don’t understand what is really going on when you use the Internet. As far as advertisers are concerned, if the user has a negative feeling about it then the remarketing has probably not worked.

If it was only advertisers, privacy would be challenging enough but almost every popular free service, including search engines, social media, cloud storage and webmail, now gathers intrusive amounts of personal data as a fundamental part of its business model. User data is simply too valuable to advertisers and profilers not to. The service is free precisely because the user has 'become the product' whose habits and behaviour can be sold on to third parties. Broadband providers, meanwhile, are increasingly required by governments to store the Internet usage history of subscribers for reasons justified by national security and policing.

The cost of privacy - dynamic pricing

Disturbingly, this personal tracking can also cost surfers money through a marketing techique called 'dynamic pricing' whereby websites mysteriously offer two users a dfferent bill for an identical product or service. How this is done is never clear but everything from the browser used, the search engine in question the time of day, the buying history of the user or the profile of data suggesting their affluence may come into play. Even the number of searches could raise the price.

This seems to be most common when buying commodity services such as flights, hotel rooms and car rental, all of which are sold through a network of middlemen providers who get to decide the rules without having to tell anyone what these are. Privacy in this context becomes about being treated fairly, something Internet providers don't always seem keen to do.

ISP anonymity – beware VPNs

Achieving privacy requires finding a way to minimise the oversight of ISPs as well as the profiling built into browsers., search engines and websites. It is also important to watch out for DNS nameservers used to resolve IP addresses because these are increasingly used as data capture systems.

At any one of these stages, data unique to each user is being logged. This is especially true when using search engines while logged into services such as Google or Facebook. You might not mind that a particular search is logged by the search provider but most people don’t realise how this is connected directly to personal data such as IP address, browser and computer ID not to mention name and email address for those services. Put bluntly, the fact that an individual searched for health, job or legal advice is stored indefinitely as part of their personal online profile whether they like it or not.

In theory, the traditional way of shielding Internet use from ISPs can be achieved using a VPN provider. Techworld recently covered free VPNs available to UK users in a standalone feature so we won’t repeat its recommendations here but it is critical that the user doesn’t make naïve assumptions about this technology. A VPN creates an encrypted tunnel from the user’s device and the service provider’s servers which means that any websites visited after that become invisible to the user’s primary ISP. In turn the user’s IP address is also hidden from those websites. Notice, however, that the VPN provider can still see which sites are being visited and will also know the user’s ISP IP.

Why are some VPNs free? Good question but one answer is that they can perform precisely the same sort of profiling of user behaviour that the ISP does but for commercial rather than legal reasons. In effect, the user has simply swapped the spying of one company, the ISP, for another, the VPN.

Post Snowden, a growing number advertise themselves as ‘no logging’ providers, but how far the user is willing to go in this respect needs thought. Wanting to dodge tracking and profiling is one thing, trying to avoid intelligence services quite another because it assumes that there are no weaknesses in the VPN software or even the underlying encryption that have not been publically exposed. With that caveat:

Best 7 online privacy tools 2016 – VPNs


IPVanish is a well-regarded US-based service offering an unusually wide range of software clients, including for Windows, Mac and Ubuntu Linux, as well as mobile apps for Android, iOS and Windows Phone. There is also a setup routine for DD-WRT and Tomato for those who use open source router firmware. Promoted on the back of speed (useful when in a coffee shop) and global reach as well as security. On that topic, requires no personal data other than for payment and states that “IPVanish does not collect or log any traffic or use of its Virtual Private Network service.”

Costs $10 (about £6.50) per month or $78 (£52), and even accepts payment in Bitcoins.


Another multi-platform VPN, Romanian-based Cyberghost goes to some lengths to advertise its security features, its main USP. These include multi-protocol support (OpenVPN, IPSec, L2TP and PPTP), DNS leak prevention, IP sharing (essentially subnetting multiple users on one virtual IP) and IPv6 protection. Provisions around 50 servers for UK users. Also says it doesn’t store user data.

Pricing is based on the number of devices protected. Premium covers one device and costs £3.99 per month while Premium Plus costs £6.99 per month for up to five devices.

Best 7 online privacy tools 2016 – Privacy browsers

All browsers claim to be ‘privacy browsers’ if the services around them are used in specific ways, for example in incognito or privacy mode. As wonderful as Google’s Chrome or Microsoft’s Edge/IE might be their primary purpose, we’d bed to differ. The companies that offer them simply have too much to gain from a world in which users are tagged, tracked and profiled no matter what their makers say. To Google’s credit the company doesn’t really hide this fact and does a reasonable job of explaining its privacy settings.


Firefox by contrast is by some distance the best of the browser makers simply because it is does not depend on the user tracking that helps to fund others. But this becomes moot the minute you log into third-party services, which is why most of the privacy action in the browser space now centres around add-ons.

We recently updated our look at the other privacy browsers on the market, including services such as Tor, but failing that users can resort to add-ons.

Disconnect Private browsing

Disconnect is a slightly confusing suite of privacy add-ons offering private browsing and visibility (control over tracking cookies, including branded social sites), private search, essentially a VPN dedicated to the anonymous use of search engines. The former worked fine on Firefox while the latter required Chrome. There’s also a Premium desktop version that bundles these features and more into a single service for up to three devices for an annual fee

Disconnect is essentially the VPN idea presented in a different way with browser add-ons for those not wanting to go that far. The service says it neither collects not stores personal data beyond that required for payment and does not disclose any of this unless legally required to do so.

The add-ons are free while Premium costs $50 per annum. Mac/iOS users are offered a separate service, Privacy Pro, for the same price.

Best 7 online privacy tools 2016 – Privacy search engines

It might seem a bit pointless to worry about a privacy search engine given that this is an inherent quality of the VPN services already discussed but a couple are worth looking out for. The advantage of this approach is that it is free and incredibly simple. Users simply start using a different search engine and aren’t required to buy or install anything.


The best know example of this is DuckDuckGo, which was embedded inside Mozilla’s Firefox in November 2014. What we like about DuckDuckGo is protects searches by stopping ‘search leakage’ by default. This means visited sites will not know what other terms a user searched for and will not be sent a user’s IP address or browser user agent. It also offers an encrypted version that connects to the encrypted versions of major websites, preserving some privacy between the user and the site.

DuckDuckGo also offers a neat password-protected ‘cloud save’ setting that makes it possible to create search policies and synch these across devices using the search engine.

Oscobo UK search

Launched in late 2015, Oscobo competes head-on with DuckDuckGo but in truth is almost identical bar the fact that it returns UK-specific search results by default (DuckDuckGo requires a manual setting). As with DuckDuckGo, the search results are based around Yahoo and Bing although the US outfit also has some of its own spidering. Beyond that, Oscobo does not record IP address or any other user data. According to its founders, no trace of searches made from a computer are left behind. Where does it make its money? As with any search engine, from sponsored search returns.

Best 7 online privacy tools 2016 – DNS nameservers

Sister title Computerworld UK recently covered the issue of alternative DNS nameservers, including Norton ConnecSafe, OpenDNS, Comodo Secure DNS, DNS.Watch, VeriSign and, of course, Google. The attraction of these is overwhelmingly performance and sometimes deeper levels of domain security. We highly recommend them compared to ISP DNS equivalents on that basis.

However, as with any DNS nameserver, there are also privacy concerns because the growing number of free services are really being driven by data gathering. The only way to bypass nameservers completely is to use a VPN provider’s infrastructure. The point of even mentioning them is that using an alternative might be faster than the ISP but come at the expense of less privacy.


Available on and, DNS.Watch is unique in offering an alternative DNS service without the website logging found on almost every rival. We quote the firm: “We're not interested in shady deals with your data. You own it. We're not a big corporation and don't have to participate in shady deals. We're not running any ad network or anything else where your DNS queries could be of interest for us.”

Best 7 online privacy tools 2016 – Privacy utilities

Abine Blur

Blur is an all-in-one desktop and mobile privacy tool that offers a range of privacy features with some adblocking thrown in for good measure. Available in free and Premium versions ($39 a year) on Firefox and Chrome only, principle features include:

- Masked cards: a way of entering a real credit card into the Blur database which then pays merchants without revealing those details. Using this feature requires a Premium subscription ($39 per annum) and incurs additional credit card processing fees each time the card is charged with credit.

- Passwords: similar in operation to password managers such as LastPass and Dashlane without some of the layers of security and sophistication that come with those platforms. When signing up for or encountering a new site Blur offers to save or create a new strong password.

Masked email addresses are another feature, identical in principle to the aliases that can be used with webmail systems such as Gmail.  Bur’s management of these is a bit more involved and we’d question whether it’s worth it to be honest were it not for the single advantage of completely hiding the destination address, including the domain. Some will value this masking as well as the ease of turning addresses on and off and creating new ones. On a Premium subscription it is also possible to set up more than one destination address.

- Adblocking: with the browser extension installed, Blur will block ad tracking systems without the conflict of interest are inherent in the Acceptable Ads program used by AdBlock Plus and a number of others.  We didn’t test this feature across many sites but it can be easily turned on and off from the toolbar.

- Two-factor authentication: Given the amount of data users are storing in Blur, using two-factor authentication (2FA) is an absolute must. This can be set up using a mobile app such as Google Authenticator, Authy or FreeOTP.

- Backup and Sync:  Another premium feature, this will synch account data across multiple devices in an encrypted state.

- Masked phone: probably only useful in the US where intrusive telemarketing is a problem, this gives users a second phone number to hand to marketers.  Only works in named countries including the UK. Only on Premium.

Overall, Blur represents a lot of features in one desktop/mobile browser extension. Limitations? Not terribly well explained in places and getting the best out of it requires a Premium subscription. Although the tools are well integrated and thought out most of them can be found for less (e.g. LastPass) or free (e.g. adblocking) elsewhere.  The features that can’t are masked phone and masked card numbers/addresses.

Author:  John E Dunn

Source:  http://www.techworld.com/

Categorized in Internet Privacy
Page 5 of 8

airs logo

Association of Internet Research Specialists is the world's leading community for the Internet Research Specialist and provide a Unified Platform that delivers, Education, Training and Certification for Online Research.

Get Exclusive Research Tips in Your Inbox

Receive Great tips via email, enter your email to Subscribe.

Follow Us on Social Media