The GDPR and You!

GDPRHave you been getting tons of “read our new privacy policy” emails? Here’s why…

What the GDPR means for Facebook, the EU and you

c|net – By: Justin Jaffe, Laura Hautala – “The European Union has a new law on the books for protecting data privacy. It’s the General Data Protection Regulation, more commonly called the GDPR. This Friday, it goes into effect in the EU’s 28 member states.

The law changes the rules for companies that collect, store or process large amounts of information on residents of the EU, requiring more openness about what data they have and who they share it with.

That means you, Facebook.

It also means any company with a digital presence in the EU (which for the time being still includes the UK) will have to comply with the law or face steep penalties.

The deadline to comply with the law has been looming for two years, ever since the European Parliament adopted it in April 2016. When the Cambridge Analytica scandal at Facebook emerged in March, privacy advocates found an eye-catching example of why internet users might want more control over who can access their data.

I think the GDPR in general is going to be a very positive step for the internet.
– Facebook CEO Mark Zuckerberg

The GDPR came up several times during Facebook CEO Mark Zuckerberg’s testimony before the US Congress in April, and it was a major focus Tuesday when members of the European Parliament questioned Zuckerberg in Brussels. EU officials said they weren’t satisfied with the Facebook CEO’s answers to questions about the GDPR, and he promised to follow up with answers in writing.

‘I think the GDPR in general is going to be a very positive step for the internet,’ Zuckerberg told US lawmakers, going on to discuss Facebook’s plans to tighten data policies, protect users from further leaks and become more transparent about who’s advertising on the site.

It’s not just the household names of the internet like Facebook that will have to comply. Health care providers, insurers, banks and any other company dealing in sensitive personal data will also be on the hook. That’s why your inbox is getting flooded with updated privacy policies.

The GDPR will have a significant impact on our online footprints and how the apps and services we use protect or exploit them. Here’s what you need to know.

What is the GDPR?
The General Data Protection Regulation is a sweeping law that gives residents of the European Union more control over their personal data and seeks to clarify rules and responsibilities for online services with European users. It replaces the EU’s previous law governing data protection, passed in 1995, and makes some dramatic changes to existing conventions.

The regulation expands the scope of what companies must consider personal data, and it requires them to closely track the data they’ve stored on EU residents. If someone in the EU wants a company to delete his or her data, send copies of the data, or correct an error in the data, companies have to comply.

The law goes even further than that. EU residents can now object to specific ways companies are using their data, saying that they don’t mind if a company keeps the data as long as it stops using the info for a particular purpose.

What’s more, the law requires companies to notify users within 72 hours of a data breach — something very few companies currently do. For example, during the Equifax breach that exposed the personal information of millions of people in the US and beyond, the company spent weeks stopping the attack and then planning how to deal with the damage before informing the public.

How will the EU enforce the GDPR?
Each member state of the EU will have its own enforcement mechanism, with one GDPR supervisor per country.

Residents can make complaints to the governing body in their respective country. Companies found in violation of the law will face fines that could be very steep. The maximum fine for a GDPR violation is 20 million euros or 4 percent of a company’s annual global revenue from the year before, whichever is higher.

When does the GDPR take effect?
Friday. The regulation was ratified in 2016 and organizations were given a two-year ‘implementation period’ to prepare. This grace period ends on May 25, 2018, when enforcement begins in earnest.

Does this law apply only to companies based in the European Union?
No — and this is why it’s major international news. The GDPR applies to any organization that collects, processes, manages or stores the data of European citizens. This includes most major online services and businesses that collect, process, manage or store data. Because of this, the GDPR essentially sets a new global standard for data protection.

On Friday, several news websites based in the US stopped operating in Europe, with some saying they are looking for ways to go back online in EU countries.

What kind of data does the GDPR protect?
The regulation applies to a broad array of personal data, including a person’s name and government ID numbers. It also protects information that can show a person’s activity both online and in the real world. That includes location information, as well as IP addresses, cookies and other data that lets companies track users as they browse the internet.

How will this affect Facebook and other social-media companies?
Many large online services and social-media companies are updating their privacy policies and terms of service to prepare for the new legislation. Facebook’s response is sure to be closely scrutinized by European regulators, given the Cambridge Analytica scandal as well as past concerns about the company’s data collection. Austrian privacy advocates filed complaints on Friday, the first day the GDPR went into effect, against Google and Facebook, as well as Instagram and WhatsApp (both owned by Facebook.)

These include the kerfuffle in 2007 over the company’s controversial Beacon advertising program that broadcast user activity on partner sites. And don’t forget user uproar when Facebook and its subsidiary Instagram claimed to own user profile data and photos. The GDPR makes it much clearer that these kinds of activities aren’t OK.

In his testimony during a joint hearing of the Senate’s Judiciary and Commerce Committees on April 10, Zuckerberg stated his support ‘in principle’ for a GDPR-like opt-in standard for users before they give up their data — but he didn’t commit, adding ‘details matter.’ (Zuckerberg’s notes, which he left open during a short break, included a warning: ‘Don’t say we already do what GDPR requires.’)

How will this affect me, a non-EU resident?
Facebook, Microsoft, Twitter, Apple and others have all offered users beyond the European Union some additional rights over their data.

But those rights don’t have the force of law behind them, which means you can’t file a complaint against Microsoft for violating the GDPR if you aren’t an EU resident. While you enjoy these rights only as long as a company says you do, it does show that the European regulations are reshaping the way major companies approach user data.

The other way this affects you is with the barrage of privacy policy updates you’ve likely received over the past few months. Many companies crafted new privacy policies in advance of the GDPR going into effect, and then they told you about it all at the same time.

Could the EU fine Facebook for sketchy things it did in the past?
Seems not. In an interview with Bloomberg, EU Justice Commissioner Vera Jourova said the new GDPR rules “cannot be applied in this [Cambridge Analytica scandal], because there’s no retroactivity possible.”

How does the regulation affect hacks and breaches?
The GDPR requires companies that have lost control over customer data, or that’ve been hacked, to notify users within 72 hours. That’s one of the rules that carries the maximum penalty. For instance, if Facebook was found to have failed to comply, it could be liable for a $1.6 billion penalty (based on its 2016 annual revenue of $40 billion).

Are there special protections for minors?
The GDPR requires businesses and organizations to obtain parental consent to process the personal data of children under the age of 16.

Does the US have any legal equivalent to the GDPR?
No. Most states have their own laws governing data breaches and notification requirements, and most apply to only a limited type of data: Social Security numbers and health or financial information.

The SEC recently issued guidance on how public companies should disclose breaches and risks.

Californians could be voting on a data privacy law this year, the California Consumer Personal Information Disclosure and Sale Initiative. That would let residents request copies of their data from companies, find out which third parties companies have sold their data to, and ask companies not to sell or share their personal data.”

A Huge New Release of The GIMP is Here!

The GIMPCheck out the Release Notes from the latest major release:

The GIMP (Gnu Image Manipulation Program)

“The long-awaited GIMP 2.10.0 is finally here! This is a huge release, which contains the result of 6 long years of work (GIMP 2.8 was released almost exactly 6 years ago!) by a small but dedicated core of contributors.

The Changes in short
We are not going to list the full changelog here, since you can get a better idea with our official GIMP 2.10 release notes. To get an even more detailed list of changes please see the NEWS file.

Still, to get you a quick taste of GIMP 2.10, here are some of the most notable changes:

  • Image processing nearly fully ported to GEGL, allowing high bit depth processing, multi-threaded and hardware accelerated pixel processing, and more.
  • Color management is a core feature now, most widgets and preview areas are color-managed.
  • Many improved tools, and several new and exciting tools, such as the Warp transform, the Unified transform and the Handle transform tools.
  • On-canvas preview for all filters ported to GEGL.
  • Improved digital painting with canvas rotation and flipping, symmetry painting, MyPaint brush support…
  • Support for several new image formats added (OpenEXR, RGBE, WebP, HGT), as well as improved support for many existing formats (in particular more robust PSD importing).
  • Metadata viewing and editing for Exif, XMP, IPTC, and DICOM.
  • Basic HiDPI support: automatic or user-selected icon size.
  • New themes for GIMP (Light, Gray, Dark, and System) and new symbolic icons meant to somewhat dim the environment and shift the focus towards content (former theme and color icons are still available in Preferences).
  • And more, better, more, and even more awesome!”

Smash Bros. for Nintendo Switch is Coming!

Smash Bros.My son, the GameMaster, is looking forward to this one!

New Super Smash Bros Could Have New Characters

Geeky Gadgets – By: Conner Flynn – “A few months ago Nintendo officially announced Super Smash Bros for the Nintendo Switch. However the announcement didn’t offer many details, like the roster of characters we could expect, but the trailer did reveal that characters from Splatoon could be part of the lineup. Now it looks like there may be more.

According to reputable leakster Vergeben, the upcoming game could feature Ridley from Metroid, Ice Climbers, and Castlevania’s Simon Belmont. Ice Climbers have appeared in previous versions of the game, like Super Smash Bros Melee and Brawl, but they skipped the Wii U version. Now they could be making a return for the Switch if the rumors are true.

Nintendo Life has pointed out that Ridley’s inclusion is questionable because in the past, series head Masahiro Sakurai did not seem particularly positive about the inclusion of the character in the game. That’s a good point. We ill have to wait and see.

Super Smash Bros will be playable at E3 2018, so hopefully, we’ll have more details at that time. It won’t be long until we all find out what we need to know about this game. We have all been waiting for this one for a very long time.”

Geek Software of the Week: eM Client!

eM ClientLooking for a great free Email Client for Windows? Check out eM Client!

eM Client for Windows

“eM Client is a full-featured email client with a modern and easy-to-use interface. eM Client also offers calendar, tasks, contacts and chat.

eM Client lets you customize its appearance and behavior on multiple levels. It supports several fully customizable themes including a Dark theme and allows you to customize its behavior in the most comprehensive way on the market

eM Client sidebar brings you quick contextual information that will boost your productivity even more. The sidebar communication history, attachment history and agenda will save you a lot of time.”

Beware of Free VPN Services!

VPNThis is why I recommend Private Internet Access (PIA).

Why free VPNs are not a risk worth taking

ZDNet – By: David Gewirtz – “TANSTAAFL. If you’ve read your Heinlein, you know it’s an acronym for ‘There ain’t no such thing as a free lunch.’ That phrase has actually been around since the days of Old West saloons. If you bought a drink, the saloon would provide you with a free lunch. There was a catch, of course. The lunches were so salty that patrons wound up buying more and more drinks, to slake their thirst.

A virtual private network enables users to send and receive data while remaining anonymous and secure online. In this directory, we look at a few of the very best commercial VPN service providers on the Internet.

There’s always a catch.

Think about Facebook. We use it for free, but in return for that attention, Facebook catalogs vast amounts of information about us, which it uses for targeted advertising. Google became one of the world’s most profitable companies on the back of ‘giving away’ free search (along with little ads on the side). The result was almost total dominance of the digital advertising industry.

TANSTAAFL.

All of that brings us to VPN services. Let’s do a two minute recap of what a VPN is, first. VPN (or Virtual Private Network) is a term used for services that allow you to encrypt your internet traffic between your computer and a destination computer on the VPN service. This is particularly necessary when using something like a hotel’s open Wi-Fi service, so that other guests can’t watch all your traffic and steal juicy bits, like credit card numbers and passwords.

I did a great intro to VPNs for CNET, our sister site. If you don’t know which VPN service to use, I compared a bunch of commercial VPN providers in The Best VPN services of 2018, analyzing them against 20 different factors.

That directory was a study of commercial VPN services. I limited my analysis to commercial services for a reason: TANSTAAFL.

There are also many free VPN services, but I don’t trust them. You probably shouldn’t either.

Here’s the thing: Running a VPN service is expensive. You need either servers and data lines, or you’re paying a cloud vendor like Amazon for every bit received, sent, and stored. Either way, it costs money. So, think about this: If you’re running a free VPN service, how do you pay for all that expense?

You. In the back of the room. I see your hand up. ‘Ads,’ you say. Yep, that’s a possibility. Some free VPN services plaster ads on your browser display and sell those to whomever will pay.

I see another hand. ‘Stolen data.’ That’s a possibility, too. If you were a criminal organization or a terrorist ring, and you wanted to pick up a lot of credentials quickly, one easy way would be to open up a free VPN and wait for people to just hand you their secret information. As P.T. Barnum is said to have said, ‘There’s a sucker born every minute.’

TASBEM. In other words, TANSTAAFL.

OK, one more. ‘Lead in for upgrade sales.’ Yeah, that works, too. Some vendors will offer a small amount of free access and when you eat up that bandwidth, they’ll ask you to upgrade. Try before you buy is a proven method for selling services, it’s perfectly legitimate, and it’s often good for both the vendor and the customer.

You may also see some universities, activists, and other well-meaning groups offer free VPNs, but the problem is that they are resource constrained. That means that you’re bound to see either slowdowns or stoppages because they can’t afford the resources needed to provide the service. Some of those groups might also harvest information as you use their services, for use sometime in the future to further whatever their agendas might be.

The bottom line, though, is this: It’s just not worth risking your personal and financial data on a free VPN service. The VPN services I rated range from about $6 to $12 per month, or about $40 to $120 per year. It’s usually a better deal to pay for the whole year at once.

The cost of identity theft keeps going up, both in out-of-pocket expenses and in the time and hassle to clean up the mess. When it comes to a service that’s designed to transfer your personal credentials and keep them safe, isn’t it worth spending just a few bucks to save potentially thousands of dollars, hundreds of hours, and an unmeasurable amount of stomach acid?

For me, it is. I’m using a commercial VPN right now, as I write this. For the peace of mind and digital protection, it’s a few bucks well spent.

*By the way, if you haven’t read Robert Heinlein’s The Moon is a Harsh Mistress, I recommend it highly. It’s a Hugo and Nebula-award winning novel. One word of warning: It’s quite political (1960s political). But it’s also brilliant science fiction — a must read for any serious student of the genre.”

Windows April Updates Issues Reported

Windows Update 1803Be aware, some folks are having issues with April Update 1803.

Windows 10 April 2018 Update problems: Users struggle with mystery ‘black screen’

ZDNet – By Liam Tung – “Windows 10 users over the past two days have begun reporting serious glitches after updating to the Windows 10 April 2018 Update.

As per an account on Reddit, after installing the update the computer appears to boot but then gets stuck with a black screen and no icons. There’s also an error message that the Desktop file could not be accessed.

Users on Microsoft’s forums have been reporting similar black-screen problems since May 14 after updating to the latest version of Windows 10. However, more reports have flowed in over the past two days.

‘Tried the update on my Dell and all I got was a black screen with a mouse, then on my Asus I get the black desktop screen with only the recycle bin icon,’ wrote a user on May 22 on another thread.

‘On my Dell it just kept restarting, trying to reinstall the software. On the Asus after every restart, it goes back to the setup screen telling me these ‘updates help protect you from an online world’.’

As per The Register, a US computer-repair firm Computer Cellar has written a post on Reddit blaming the issue on Avast antivirus because a number of users who also run that AV have had the same problems.

Indeed, some Reddit users do claim they were running Avast when they struck problems after updating to the Windows 10 April 2018 Update, while others claim to be using AVG, which is owned by Avast.

However, there are also multiple Reddit users who claim not be running either antivirus and yet are experiencing the same problem.

Avast told the publication it has tested the issue and ‘don’t see any indications this is caused by Avast’.

Either way, it’s sparked a debate about whether Windows 10’s built-in antivirus, Windows Defender, is sufficient protection, or whether consumers need third-party antivirus.

Once upon a time, Microsoft consistently trailed third-party antivirus firms in malware detection tests run by AV-Comparatives and AV-Test. Nowadays Windows Defender scores as high if not higher than Kaspersky and Symantec.

And as Microsoft recently boasted, these machine learning-led improvements to its antivirus are paying off in the enterprise, where Windows Defender has a 50 percent share of Windows 10 devices.

But this supposed third-party antivirus isn’t the only teething issue Windows 10 users have had since Microsoft released the Windows 10 April 2018 Update.

Earlier this month, Microsoft said it was aware of some devices hanging or freezing when using apps such as ‘Hey Cortana’ or Chrome, after installing the Windows 10 April 2018 Update and was working on a fix.

Microsoft has also told users with Intel SSD 600p Series or Intel SSD Pro 6000p Series to roll back to the Windows 10 Fall Creators Update because the latest update was causing crashes.”