* Posts by Stolen Time

7 publicly visible posts • joined 7 Jul 2015

Microsoft’s Azure mishap betrays an industry blind to a big problem

Stolen Time

^-r^-rf

Is there a proofreading error in the article? Several other comments have used "rm -rf" instead of "rm -r", and I remember I got used to typing -rf without really thinking about it... if a mistake is worrth making, it's worth making properly.

Amazon tells folks it will stop accepting UK Visa credit cards via weird empty email

Stolen Time

Re: My email wasn't blank...

My wife and I got different emails, within 30 minutes of each other yesterday morning. Hers was blank - apart from a lot of copyright statements etc. - but mine had text. It's certainly unimpressive customer relations, even if you got the text it's written by someone more used to demanding overdue payments than talking nicely to customers.

Laughing UK health secretary launches COVID-19 Test and Trace programme with glitchy website and no phone app

Stolen Time

Unmanaged BYOD

I think everyone would agree that personal information such as contact lists is sensitive information, especially in the very high volumes expected.

There is precedent for government to handle this, but normally it would involve significant investment in security measures. In particular, the laptops/desktops used by the staff handling the information would be quite heavily locked-down for security reasons. Security would be assured by government accreditation teams, or at the very least would be company managed, to ensure for example that everything is patched up to date. It's not clear what's happening here. It would worry me if the contract tracers are all bringing their own devices. You might argue that it's analogous to contact tracers being asked to supply their own paper and pencils, but surely that's naive, they will have some access to a central database and, equally surely, not all staff will be able to secure their own equipment against determined attackers. The result, will be a high risk that determined attackers will get access to the central database - all the lowlife who install ransomware, blackmail you, send spam or store information to use against you in 30 years time will have a field day. I hope it's not true...

Google: You know we said that Chrome tracker contained no personally identifiable info? Yeah, about that...

Stolen Time

Niggle about terminology

It's unfortunate that there's a distinct lack of standardisation about the meaning of "PII". It can refer to either:

PII1) information which allows you to _identify_ an individual, or

PII2) information about an individual who can be _identified_.

I tend to use PII as an acronym that refers to things like name, passport number, mobile phone number, database index (I would say it stands for "personally identifying information"). That's PII1. The second category, PII2, is what in Europe is more often called "Personal Data" though I've also seen it called "personally identifiable information" - religious belief, health conditions, favourite food, life history, etc.

Thus it might be correct to say that there is no PII2 (personal data) in this tracker, the point that is being made is that the tracker is PII1 (identifying data). While neither is good, it seems -based on the text quoted - that the article might be blaming Google for something they never said. Could The Register perhaps lead the way in standardising on terminology, to help avoid this - my experience is that many computer users apply security policy designed for personal data to PII and vice versa (and it leads to problems).

PS. I do understand that sometimes (but not always) data can be simultaneously personal data and personally identifying data.

We asked for your Fitbit horror stories and, oh wow, did you deliver: Readers sync their teeth into 'junk' gizmos

Stolen Time

Same here too

I have the same experience here in the UK - in my case it's a Flex that my wife used until she got a Charge 2 a while ago, it used to sync regularly if not completely reliably. For the past month it no longer syncs unless I reset it with a paperclip while at the same time rebooting my phone. I was hopeful this morning, it worked on its own for the first time in a month; but my happiness was short-lived, it's back to not syncing.

My wife has a Charge 3 now and it had a few day's outage but is now working. I suppose it's not really surprising that a manufacturer focuses on newer kit when updating applications, the lesson is that if your hardware relies on a "free" support model in the cloud then it probably won't have a very long life. It could become quite a common problem - the "send destination to car" function for my 3-year old car has been abandoned by the manufacturer, purchasers of less common e-books have lost content, and I worry that some of the "smart devices" in my home might suddenly stop working in the same way.

Mud sticks: Microsoft, Windows 10 and reputational damage

Stolen Time

Strange new bugs

The underlying OS seems very stable. Converting the C: drive to use SATA just worked, whereas on W7 it was a nightmare. I'd expected the desktop-style apps to be unstable, because there presumably are all sorts of compatibility issues making them work with the metro interface. But I've not had any problems.

What is disappointing by contract is that the new metro-style apps fail in strange new ways. You would think they would be a showcase, but I've suffered from them just not starting... from the calculator to the Windows store. It happens repeatedly, for no clear reason, and I know I'm not alone because the web is full of arcane fixes such as powershell scripts (I haven't found one which works for me though). Switching user can be an adventure, too.

So it's academic for me whether the new interface is not quite as easy to use, and whether I'd trade that for convergence with a tablet. It's not stable.

Home Office kept schtum on more than 30 data breaches last year

Stolen Time

Erratum on definition of personal data

"Personal data is defined as any data that may be used to _identify_ a living individual".

I think that's a common misconception, the correct definition is in the link given in the article to the ICO's site. Basically, personal data is any information _about_ a living individual. That applies whether the individual can be identified from the data itself, or by cross-referencing with some other records.

The test depends on who has the data. For example, a spreadsheet without any names or addresses etc. might be "personal data" for the Home Office, if they know which individual each row corresponds to; but just anonymous data for you or me.

That makes it hard to tell from the report how serious this really is. If the incidents relate to individuals identifiable just from the data, it's a lot more serious.