Is your logo favicon friendly?

A favicon is the small image that you see beside a web address in a browser tab. Similar images are sometimes used with social media names. Slaw, for example, uses as a favicon “Sl” in a particular font, Harrison Pensa uses its “HP” design (which, by the way, is a registered trademark), and my own blog uses my initials.

Because they are so small, they must be simple. If someone has a simple logo to begin with, it might be usable as is. But more complex logos won’t work. They need to be simplified, or edited so only a portion is used.

If one’s logo has been registered as a trademark, the trademark protection may not be effective if the logo is modified in any significant way. It may be necessary to register the favicon on its own as a trademark.

Anyone designing a new logo should keep favicon use in mind. It will not always be practical to design a logo that can be used in its entirety as a favicon, but that is a laudable goal. At the very least some thought should be turned to what portion of it might be used, whether people will recognize it as the same brand as the full logo, and whether there is merit to registering it separately as a trademark.

Cross-posted to Slaw

David Canton

Happy World Backup Day

Today is world backup day, a reminder of how important it is to back up our data – and to do it daily.

(I have not been able to figure out the origins of this day – Wikipedia doesn’t even have an entry for it – but the sentiment is a good one.)

For just one example, if your defenses are down and you get hit with a Crypto Virus that locks up all your files, you can restore your files from yesterday’s backup, rather than paying the ransom.

For practical thoughts on some things to consider about how and why to back up all your data, take a look at this article by David Bilinsky.

Also take a look at this infographic by Cloudwards – a cloud storage promoter – that has some info about the causes of lost data, and issues to consider around backup solutions.

Cloudwards.net – World Backup Day 2015
Courtesy of: Cloudwards.net

.sucks TLD Sunrise Period Starts March 30

New TLDs (top level domains) continue to become live.  There are hundreds to choose from.  Gone is the day that there were only a handful, and a business could tie them all up for their corporate name and brands.

Also gone is the day that they are all inexpensive. Some of the new TLDs command a premium price.  A .lawyer TLD, for example, costs US$6500.  A .guru domain is a bargain at US$29.

This Yahoo article talks about the .sucks TLD, which will be in the sunrise period on March 30, and generally available 60 days later.  Some think brands should pay the US$2500 to secure their brand.sucks domain name to keep it out of the hands of others, while some think that’s a waste of time and money.

Most of the new TLDs would be irrelevant to businesses that are not in the niche intended for the TLD, such as .vacations or .guitars.  But others, such as .sucks or .help are more generic and could be used by almost anyone.  Businesses and celebrities have obtained their own names for TLDs that could be used for purposes that could be derogatory or contrary to their image simply to park them and prevent their use.  And there might be merit in getting ones like brand.help for one’s own use.

But there is a limit to what makes sense and what is affordable.

Cross-posted to Slaw

The Surveillance Society is already here

Canadians often look at intrusive, anti-privacy surveillance in other countries, and at things like the NSA and Patriot Act in the United States and think we are above that. But it is becoming apparent that Canada is just as bad. We need to do better than this and move the pendulum back towards individual rights and freedoms, and away from a surveillance society that does very little if anything to actually protect us.

For example, it recently came to light that the Communications Security Establishment, or CSE, Canada’s equivalent of the NSA, monitors and stores emails sent to Canadian government agencies.

This kind of surveillance is usually justified as being necessary to deal with terrorism and threats to national security, and its effects are downplayed by comments like its just metadata, or Canadians aren’t targeted. But there does not seem to be any evidence that all this surveillance and collection actually prevents anything bad from happening. Metadata is every bit as personal, private, and informative as the data itself. Who is targeted does not change the fact that personal information on citizens is being collected and retained, and that this information has the potential to be abused and used for undesirable purposes.

Mathew Ingram puts it well in an article in the Globe entitled We can’t accept Internet surveillance as the new normal.

The only good news is that the ongoing revelations about the nature and type of spying – largely because of Edward Snowden – are creating a growing public backlash, and tech companies are working to make it harder to intercept communications. Bill C-51, the anti-terrorism bill currently in the hearing stage is a case in point, which has attracted a huge amount of criticism – both over a lack of oversight, and as to the intrusiveness and potential abuse of authority that could result.

See, for example, this Huff Post article entitled Edward Snowden Warns Canadian To Be ‘Extraordinarily Cautious’ Over Anti-Terror Bill, and Michael Geist’s article entitled Why The Anti-Terrorism Bill is Really an Anti-Privacy Bill: Bill C-51′s Evisceration of Privacy Protection 

There is even a website dedicated to stopping the bill.

Cross-posted to Slaw.

CRTC announces first CASL anti-spam penalty – $1.1 million

The CRTC issued a press release on March 5 announcing that it has issued a Notice of Violation to Compu-Finder including a penalty of $1.1 million for violating CASL.

The Notice of Violation has not been made public, and we don’t know all the facts or exactly how CASL was applied. It relates to email messages sent to promote corporate training programs.

This should be a wake-up call to those who are not yet taking CASL seriously.

Unfortunately, though, until we see a decision containing the facts and how CASL was applied, it does not help those of us who are trying to understand how this difficult piece of legislation is going to be interpreted in practice.  It contains far too many unclear provisions, inconsistent provisions, and gray areas, and actual decisions would be most helpful to see.

March is fraud prevention month – let’s be careful out there

Let’s be careful out there.  We have all received fraudulent emails or phone calls.  To reduce the chances of being a victim, here is a Global News article on the Top 10 scams to watch out for this Fraud Prevention Month, and Tips to Protect Yourself from Fraud from the Competition Bureau.

MasterCard offers the following tips for credit card security:

Today 88% of face-to-face transactions in Canada are Chip & PIN or contactless, and thanks to the layers of security built into the MasterCard network, Chip & PIN and contactless are safe and fraud rates for Canadian face-to-face transactions have sharply declined.

While consumers should feel safe using their card all the time, they can further protect themselves by remaining diligent and taking precautions. Here are a few simple tips:

 1>     Don’t underestimate the strength of strong passwords. Make them complex with upper case, numbers and symbols and change them from time to time.  Use different passwords for different purposes and ensure you have a means to recover passwords, where applicable, such as a separate registered email address.

2>     Shop with confidence online and visit reliable websites. eCommerce makes shopping more convenient than ever, but consumers should do their homework. Look for the SecureCode symbol  from MasterCard at checkout, which adds a layer of security and ensures you are who you say you are online.

3>     Be skeptical of unsolicited phone calls, email, text messages, or social media messages if they request credit card data or personal information such as passwords, date of birth, social insurance number etc.

4>     Do not click hastily on links contained within emails or on any email attachments sent by an unknown or un-validated source no matter how harmless or familiar the title appears. Instead delete the message unless you can confirm the sender.

5>     If you followed an email link to a website (or a text message to a voice recording system) and provided card data that later seemed suspicious, contact your card issuer immediately so your account can be protected

6>     Always use Chip & PIN, and tap to pay where applicable. You should be the only one with knowledge of your PIN number, and shield it from sight at checkout.

7>     Keep an eye on your card statement. Sign up for online/e-statements and check regularly to make sure an unauthorized purchase was not processed. If you notice something, call your bank immediately. The number is always on the back of your credit card.

8>     Be informed; know the facts about the layers of security built into your card’s payment network.

Cross-posted to Slaw

Smartwatches still in the running

I’ve written about smartwatches before. So far they have not been selling as fast as some expected.  The marketplace still hasn’t sorted out the right combinations of features and price.

Apple’s iWatch is arriving in April.  It will no doubt sell well – if for no other reason than it’s an Apple product.

The first real smartwatch was the Pebble, which broke Kickstarter records in 2012.  They announced a new version of it yesterday, called the “Pebble Time”.  They launched a new Kickstarter project yesterday morning – but this time just to take pre-orders at a discount for May delivery, rather than for funding development.

If nothing else, it proved that there is tremendous interest in smartwatches.  They achieved their $500,000 sales goal in about an hour, and the last I checked they were over $9,100,000, which translates to around 50,000 watches.

Cross-posted to Slaw

Privacy Commissioner issues guidance on police body cameras

The federal Privacy Commissioner has just released a report giving guidance on the privacy implications of police wearing body-worn cameras, and what police need to do to comply with privacy laws.

It points out that the issues around body-worn cameras are more complex than on fixed cameras.

As is usually the case with privacy issues, it is about balance – in this case balancing the advantages of the cameras with privacy concerns.

The report has this to say about balance:

There are various reasons why a LEA might contemplate adopting BWCs. LEAs could view the use of BWCs as bringing about certain benefits to policing or other enforcement activities.  For example, in addition to being used to collect evidence, BWCs have been associated with a decrease in the number of public complaints against police officers as well as a decrease in the use of force by police officers.  At the same time, BWCs have significant privacy implications that need to be weighed against the anticipated benefits.  As the Supreme Court of Canada has noted, an individual does not automatically forfeit his or her privacy interests when in public, especially given technological developments that make it possible for personal information “to be recorded with ease, distributed to an almost infinite audience, and stored indefinitely”. And as the Supreme Court added more recently, the right to informational privacy includes anonymity which “permits individuals to act in public places but to preserve freedom from identification and surveillance.”

It goes on to talk about the tests to determine if the intrusion is justified, and what uses and safeguards are appropriate.

Its worth a read even if just for its general discussion around cameras and privacy.

Cross-posted to Slaw

http://harrisonpensa.com/lawyers/david-canton

Big Brother in your TV? 10 “freaky line” things to think about

There has been a big kerfuffle in the last few days over the thought that Samsung smart TV’s are listening to and recording TV watcher’s conversations via their voice command feature.  That arose from a clause in their privacy policy that said in part “…if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party through your use of Voice Recognition.”

Samsung has since clarified this language to explain that some voice commands may be transmitted to third parties to convert the command to text and make the command work.  Also to point out that you can choose to just turn that feature off.  That is similar to how Siri, Google Now, Cortana, and other voice command platforms work.  Some voice commands are processed locally, and some may require processing in the cloud.  How much is done locally, and how much in the cloud varies depending on the platform and the nature of the command.

While one should never reach conclusions based on press reports, the probability is that this issue was way overblown.  But it does show how challenging privacy issues can get when it comes to technology and the internet of things (IOT).

Issues to ponder include:

  1. The importance of designing privacy into tech – often called “Privacy by Design” – rather than trying to bolt it on later.
  2. How complex privacy is in the context of modern and future technology where massive amounts of data are being collected on us from almost everything that includes things like fitness trackers, web browsers, smartphones, cars, thermostats, and appliances.  Not to mention government surveillance such as the NSA and the Canadian CSE.
  3. The mothership issue – meaning where does all that information about us go, how much is anonymised, what happens to it when it gets there, and who gets to see or use it?
  4. How difficult it is to draft privacy language so it gives the business protection from doing something allegedly outside its policy – while at the same time not suggesting that it does unwanted things with information – while at the same time being clear and concise.
  5. How difficult it is for the average person to understand what is really happening with their information, and how much comfort comes – or doesn’t come – from a trust factor rather than a technical explanation.
  6. How easy it is for a business that may not be doing anything technically wrong or may be doing the same as everyone else is to become vilified for perceived privacy issues.
  7. Have we lost the privacy war? Are we headed to a big brother world where governments and business amass huge amounts of information about us with creeping (and creepy) uses for it?
  8. Are we in a world of tech haves and have nots where those making the most use of tech will be the ones willing to cross the “freaky line” where the good from the use outweighs the bad from a privacy perspective?
  9. Are we headed to more situations where we don’t have control over our personal freaky line?
  10. Where is your personal freaky line?

Cross posted to Slaw

FTC report – Internet of Things – Privacy & Security

The US FTC just released a report entitled internet of things - Privacy & Security in a Connected WorldIts a worthwhile read for anyone interested in the topic.  It should be a mandatory read for anyone developing IoT devices or software.  A summary of it is on JDSupra.

The conclusion of the FTC reports reads in part:

The IoT presents numerous benefits to consumers, and has the potential to change the ways that consumers interact with technology in fundamental ways. In the future, the Internet of Things is likely to meld the virtual and physical worlds together in ways that are currently difficult to comprehend. From a security and privacy perspective, the predicted pervasive introduction of sensors and devices into currently intimate spaces – such as the home, the car, and with wearables and ingestibles, even the body – poses particular challenges.

In essence, the FTC states that security and privacy must be designed into the devices, data collected must be minimized (at least in respect to consumer data), and people need to be given notice and choice about the collection of data.

These are laudable goals, but will take work to attain.

Cross-posted to Slaw