Microsoft Keeps on Giving (and Taking). The return of Clippy!!!

Microsoft is intent on getting you to use CoPilot. In brief we can refer to CoPilot as Microsoft AI. Whereas I hate using the term Artificial Intelligence, since although it is artificial, it is not intelligent, I would prefer the term MS LLM (Large Language Model).

All Windows users had a sudden toolbar addition added to their PC's for CoPilot (BTW, you can get rid of it!). Apparently, that wasn't not enough, so MS is putting CoPilot in 365 Versions of Office, whether you want it or not. In addition, they're going to charge you an additional fee for it, which may be based on one's usage of the service.

Although you may be indifferent to this new feature, some may find it intrusive like Microsoft's famous Clippy service, which would often interrupt your work process with suggestions, etc.

You can opt out of this new service integration, but only temporarily. Read the article below about your opt-out options, which involve making a change to your subscription to an Office classic plan.

https://www.computerworld.com/article/3806855/copilot-ai-microsoft-365.html

A New Outlook

This is not an optimistic letter about having a new outlook. No, it's actually the opposite.

Next month (February 2025) Microsoft will be forcibly updating those using the latest version of Outlook to a new interface. This only concerns users of Outlook for Office365.

This does not affect Classic Outlook. What distinguishes the classic versions beguiles me, as it's obviously not just an older version, but a completely distinct version of Outlook.

Now, this might not seem so bad, but I have encountered clients with issues using the new interface and made sure they stayed with the older interface.

Fortunately, there is a fix. However, the fix can only be applied after Microsoft has come out with the February update.

You can read all about this "update" and the fix at:

https://www.bleepingcomputer.com/news/microsoft/microsoft-to-force-install-new-outlook-on-windows-10-pcs-in-february/

I would also be remiss if I didn't mention an analysis by German researchers into possible account access Microsoft will have to any non-Microsoft account that is used in the new Outlook.

You can read about this issue here:

NextDNS to hinder snooping

We have all had the experience of having an interest in some item, let's say a ladder, then opening up a browser and seeing ads for ladders, steps, etc. What's going on?

Ok, so by now everyone knows all the big companies snoop on you. But there are numerous ad agencies gathering information on you and reselling it.
 

I've long been keen on trying to be as anonymous as possible (hence my website: anonyme.avantguardsystems.com), and was quite happy to discover yet another tool to check on the effectiveness of one's ad blocking.
https://d3ward.github.io/toolz/adblock
 

Using Firefox on Android and Linux, I scored 99% effective blocking. I was very impressed! Since I also had Chrome and DuckDuckGo browsers installed on my Android, I checked them out:Chrome: 96% - goodDuckDuckGo: 67% - what? I mean DDG touts itself as being security focused. Hm.... Oh, well, I never really use it anyhow.
 

Having shared this data on socials, I received a lot of interest in how to improve one's score.  
 

The main tool I use is NextDNS. You should also consider installing extensions to your browser, but NextDNS makes a HUGE improvement in your score, provided you include the necessary filters.
 

What follows are instructions on setting up NextDNS:
 

Go to NextDNS's website (https://my.nextdns.io/login) and set up an account. I have been using a free account and only occasionally have gone over my monthly free limit, which only means their filter's aren't working for a couple of days.
After logging in, you will have a Configuration ID. Then follow the instructions for setting up your phone, computer, etc.
 

While logged in go to the Security tab and enable everything you would like blocked. I've enabled most everything.Now go to the Privacy tab. Here you can enable various blocklists, or filters. Based on my log, you definitely want to enable the following:
 

HaGeZi - Multi ULTIMATE1Hosts (Pro)

HaGeZi - Multi PRO++

Goodbye AdsNoTrack Tracker 

BlocklistSteven 

BlackNextDNS Ads & Trackers Blocklist
 

iPhone:
 

Download the NextDNS app from the AppStore.

https://apps.apple.com/de/app/nextdns/id1463342498
 

Android:
 

For Android there is no longer any app. You will have to change your Private DNS settings. There is, however, an app for Managing your NextDNS account.

https://play.google.com/store/apps/details?id=com.doubleangels.nextdnsmanagement&hl=gsw

Hacking Into the Past

In my youth, I would take apart various electronic games, un-soldering and re-soldering them, and taking pride in the fact that that the successful operation on the device worked. With respect to my first computer - a TRS-80, however, it would have been beyond all reason to vivisect such an investment. An old TV, a radio? Who cared. But my computer? No way.

Back then computer magazines would advertise computers that you could assemble yourself. Although interesting, I did not have the confidence that to build a computer, nor the resources.

Time jump to to the late 20th century, then an adult without any technical training, I often fixed tower computers and even built a few. Jump again to today and the advancements in technology, most computers are single-board devices. Alas, there's nothing to assemble and little that can be repaired. Not that that hasn’t stopped me.

A few years ago while browsing the web, I discovered PDP kit replicas. Intrigued by the possibility of not only building, but operating my own PDP-8, I took the bait. Thus began my new hobby into vintage computers.

Big time jump to the dawn of microcomputing, albeit through the lens of retro kits. Starting with the PiDP-8(1), I then went on to build a PiDP-11(2), an Altair 8800(3), an IMSAI 8080(4), and finally a KIM-1(5) - all computers that I had only read about were now at my fingertips.

Secure Passwords

We always here that we need to have a secure password. But how secure is your password?

Go to this website and test your password(s) out. 

https://howsecureismypassword.net/

Want to create a secure password? You can create really secure and impossible to remember passwords at:


https://www.grc.com/passwords.htm



or can go for a password that's more easy to remember, but slightly less secure at:


https://xkpasswd.net/s/



Choose  XKCD from the Presets, at least 5 words in the Settings. Choose one of  the passwords, run it through the aforementioned test and if it looks  good enough, then use it.


Of course instead of memorizing passwords, you're best using a good password vault and I recommend LastPass (www.lastpass.com). You can also use it to generate and remember passwords for you.

Anonymity and Security

Before I get into the meat of this Newsletter, I just want to ask all Microsoft Office users to please update now! There is a serious security issue with Word.

Also, if you're still using Windows Vista - upgrade! Vista is no longer being supported by Microsoft.

Ok, so now into the fire. I personally have been very fascinated and concerned about the ability to be anonymous on the web and ensure my security on the web. Although this interest has nothing to do with the latest threats from legislation permitting internet providers greater access to their customers data, it has definitely been peaked.

I wish to thank Steve Gibson for a lot of the content that follows. https://www.grc.com/securitynow.htm

Many of us have been using a VPN or TOR to enable anonymity. But there are many layers to ensuring our anonymity and security. Briefly they are:

1. IP

2. Cookies

3. DNS

4. Browsers

5. Others

The truth is almost any one of these factors can give you away. The combination of course provides merely further proof. Let's take them on one by one.

1. IP

When you connect to the internet you have a distinct IP address, particularly from your work or home. Think of this as your actual house address or work address. If I know that information, I can pretty much deduce the likely person who is currently on the web.

2. Cookies

Cookies have been around for a long time and their original intent was rather benign. But now they are used to track you. On the basis of cookies alone the cookie provide can be very sure about who you are.

3. DNS

When you connect to the internet you are provided with information as to how to obtain information about all those internet address your looking for. Think of this as the Yellow Pages of old (if you don't know what the YP's are, go ask grandma). Anyhow, in order to ask DNS how to get somewhere, they have a good idea about who you are.

4. Browsers

You browser is a conspirator in helping the former to determine who you are. Not to mention if your browser logs you into certain profiles (whether directly or through cookies - Google, Microsoft, Yahoo, Amazon, Facebook, etc.), then you're being tracked and perhaps by all.

5. Others

There are just so many means by which there are other ways to track you.

Ensuring anonymity and security is not easy, but here are some tips.

VPN's and TOR

For most people the easiest app to use would be the Tor-Browser while on the web. https://www.torproject.org/projects/torbrowser.html.en

A VPN and or Tor will at least guarantee some anonymity, but it will definitely ensure that intermediary between your device and the VPN/Tor server can be snooping into your communication, as all that traffic is encrypted.

If you opt to subscribe to a VPN provider, please be sure to verify their credibility. Do the research!

Here's a good place to start: https://torrentfreak.com/vpn-services-anonymous-review-2017-170304/

Also I should note that there is little doubt, however, that security agencies are watching exit nodes of Tor networks.

Cookies and Browsers

Cookies are ubiquitous in browsers. It's hard to live without them, but it's probably a good idea to scrub and not to access 3rd-party cookies. Find out how to do that for your particular browser.

On top of that Google has an interesting way of tracking you, when doing a Google search. Have you ever clicked on a search link and then the browser kind of flicks a few times before opening the webpage? Check out the link to any site and you'll see that it's not actually the link to the site, but to Google, which then forwards you over to the page. They've just tracked you.

There are ways to avoid this. DuckDuckGo is a simple solution. https://duckduckgo.com/

There may also be an extension for your browser that disables this functionality.

DNS

Although you have to use DNS, you don't have to use the ones provided to you by your Internet provider. Your queries are definitely subject to harvesting. There's a neat little service called DNS-Crypt which will connect you to a DNS through an encrypted connection. Check them out at: https://dnscrypt.org/

Ok, now you've tried using some of these methods, but how can you be sure. Here are some websites that will help you.

IPLeak will tell you a lot of information about where your computer and DNS are located.

https://ipleak.net/

Whoer will provide information that you never imagined was leaked by your browser.

https://whoer.net/

Finally, check out your cookies at the following website. If you tried to protect against third party cookies and they show up here, you haven't done it right.

https://www.grc.com/cookies/forensics.htm

Backups and Recovery

This is a letter about lessons learned the hard way. Perhaps one of the most important things to remember in computer administration is to never assume, as I have been. This concerns backups and recovering data.

Whatever backup strategy you have - ALWAYS check that in such an event where you to accidentally deleted a file or renamed it, or it became in some way corrupted, that you can recover that file. In other words, do test recoveries!

As an avid user of Google Drive I know that whenever I work I on a file, I can see the revision history for that file and can recover it to any prior change in the past. What I had assumed was that this applied to all files and not just Google's own docs, sheets, etc. After contacting Google concerning the need to recover a bunch of non-Google files stored on Google drive, they informed me that they are not a backup solution and that those files cannot be recovered.

Currently I'm looking into backup solutions that have revisioning (the ability to recover a file to any prior change). One of the cheapest and well-known solutions seems to be Carbonite, but I would be interested in what other people use and suggest.

Final note. The proper backup solution is the 3-2-1 rule.

You should have 3 backups,

You should have backups on at least 2 types of media,

You should have one backup off-site.

In other words, you could have one backup on your computer, a second backup on a USB Drive, and a third backup in the cloud.