Location Oriented Services

Posted on by
Reply

Introduction

Lately I have been using a VPN service. Using a VPN for daily browsing has many advantages and everyone should use it. A great feature of browsing through VPN is that the websites are fouled to believe that you reside in different countries than the one you actually do. Unfortunately, this is the route of many problems, as it seems that many websites contain services that function based on the user’s country. This matching is being performed by the user’s IP address. I will call these types of services “location oriented services”.

Types of location oriented services and security

Normally, location oriented services, should include types of services that are complementary to a web sites functionalities, like advertisements. However, a lot use user’s location to apply security practices. For example, paypal or facebook, when accessed from a different location than usual, they might request you to confirm your real identity, change passwords etc.

In security terms, changing country practically means nothing. People travel all the time; others use corporate VPNs every day to work remotely, while others use VPN for anonymity. Therefore, people may appear to be in different countries than they reside for a number of legitimate reasons. Consequently, applying security practises based on the switching of countries is a clear confession of failure. Web sites should not depend on user’s location in order to draw any kind of conclusion.

A better approach

An argument to this could be the adjustment of language. Many multilingual websites use the user’s country in order to display the correct language. There is an alternative approach to this that could produce more accurate results; automatically, switch website to the user’s “accepted languages“. The accepted languages can be set by the OS automatically, or by the user and are part of the HTTP protocol, which practically means that there is native support to all web programming languages.

In general, if the web site needs to provide any type location oriented services, except security, the “Accept-Language” is the way to go. Security location oriented practices should not be accepted.

Legal matters

A critical aspect of the location oriented services, which are based on the IP address, is the matching of user’s IP address and country. Critical questions arise here about who provides this information, and if sharing this is legal. Moreover, is the sharing of this information part of the contract with the ISP? As this is a huge issue, it becomes a great candidate for a future article.

Conclusions

In stead of conclusion, two things:

1. Use VPN, its for your own good!

2. Resist in sites that use your IP to detect your country and provide services based on that!

 

P.S. As a VPN provider, I am using, for almost a year, those guys Private Internet Access and I am super happy with their services!

 

One Password is Enough

Posted on by

1. Introduction

Security and password choosing should be one of user’s main concerns. Unfortunately, password choosing is a painful procedure which occurs very often. Moreover, based on a latest study, 38% of users prefer to clean a toilet than think of a new password! Thus, a lot of users end up using the same password, in more than one web site.

2. Facts

1/ It is essential to keep separate and secure passwords for every web site you use.

2/ It is impossible to memorize as many passwords as the websites we keep accounts to.

3/ There are some tools (i.e. password managers, browser plugins) that help you solve this problem, but having a new tool adds complexity to your daily tasks and habits.

3. Memorize one password – that’s enough

Clearly the problem starts when we have to manage (or memorize) more than one password. This becomes more painful if the passwords are hard-to-guess. However, there is a simple way to overcome this problem. We only need to memorize one password and one simple proceudre. Having those two ingredients, it can be guaranteed in high percentage* that we will use different passwords for every web site we use without the need for an external tool.

*This percentage depends strongly on the simple procedure mentioned above. We can define types of procedures that result in reaching a percentage near 100%. 

4. How to do it

Sit down and think of a secure password. Don’t wait for a registration form to popup, it will become painful. If this is hard, just use a password generator.

In general your password should have the following characteristics:

  1. At least one capital and one lower case letter
  2. At least one symbol (i.e. #, $, ^)
  3. At least one digit
  4. Length higher than 5 characters

A more detailed guide on how to choose a secure password.

4.1 Let’s get our hands dirty

Reaching this point means that you have your secure password. Let’s call this the matrix password. You need to memorize your matrix password.

It’s time to create a method. The method will apply some rules on the password and will produce a modified version of the matrix password. This will be the final version of the password and we are going to use it when subscribing. The method is something that needs to be defined by us and needs to be kept secret. Its secrecy is equally important as the password’s.

Find below some examples of how the method is defined and applied to our password.

4.1.1 Example1 (graphic example)

For the examples, we assume that our matrix password is: ff$$12Tr0

Method: Add the first and third letter of the web site’s name after the first letter of the matrix password.

one password img1 One Password is Enough

4.1.2 Example2

Let’s use a more complicated method.

Method: Add the first and second letter of the web site’s name after the first letter of the matrix password; add the last letter of the web site’s name to the end of the matrix password:

Let’s generate the passwords:

Web site: amazon

Final password for amazon account: famf$$12Tr0n

Web site: google

Final password for google account: fgof$$12Tr0e

Web site: facebook

Final password for facebook account: ffaf$$12Tr0k

 

Site Password 
amazon
 
famf$$12Tr0n
 
google
 
fgof$$12Tr0e
 
facebook
 
ffaf$$12Tr0k

As shown in the table above, the all generated passwords are slightly different. If one password is compromised, it is quite hard to uncover the method and apply it reversely in order to generate the matrix password.

In general it is good idea to use two different methods. The first will be the main method which is going to be used in all web sites while the second one will be used in case you are forced to change your password (i.e. by the web site itself – the case of an expired password).”

5. Conclusion

In summary, 38% of people hate the idea of thinking a new password. Just ask yourself and you will probably get the same answer. Using the procedure described in this article, it not necessary anymore to think of new passwords. You will need just one, so make sure this is a secure one.

 

My favorite color

Posted on by

When I was a kid, a famous question among kids was: “what’s your favourite color?”. All children had a favourite color. Maybe, in terms of psychology this has a special meaning, but I ‘m no expert in this field, even if it is about my own psychology. So I will just focus on the favourite color part. As a grown up, I think I found a color I really like. So, my favourite color is #0f0f0f.

FYI: Below, you can see a couple of #0f0f0f stripes mixed with stripes of black (#000).

#0f0f0f
Black
#0f0f0f
Black

What’s your favourite color?