Turn your legit link into a scary one

May 7, 2018GeneralEdward Kiledjian

When Google finally shut down its Goo.gl shortening service, I wrote an article about the best alternative URL shorteners.

Security specialists cringe at these services because they can often be used to hide attacks, but when brute forced (using a program that tries to find valid links automatically), you can usually find classified or confidential information. If you are interested in this type of research, check out this academic paper entitled "Gone in Six Characters: Short URLs Considered Harmful for Cloud Services."

The TLDR is that shortened URLs can be scanned using automation and doing so reveals a tone of Microsoft OneDrive accounts storing private information (most unlocked). Knowing that these files are automatically downloaded (most of the time) to the user's PC through synchronization, a threat actor can weaponize them. The researchers also discovered location information such as driving instructions for specialize medical services, prisons or adult establishments.

Make that link scary

None of these valid concerns is the reason I wrote this article though. The purpose of this article is to take legitimate links and make them scary (at least for tech-savvy recipients).

The purpose of VeryLegit is to take good links and make them scary (without actually being dangerous of course).

When asked how the service works, the humorous authors deliver this little gem:

“Due to rapid advancement in dark ritual technology, the programming community has streamlined the development and deployment of unspeakable eldritch horrors. Using robust open-source libraries like a sack of live geese, websites like this one can be developed with far more efficient sacrificial rituals than ever before. We’re still stuck on the version with really inefficient sacrifical rituals though, due to comp͆aͭatib̊i̼͕l̈̿i̮̜t̚y̅ ͊i͋s̾s̢͈͠u̶e̛̊s̼̃.”

— verylegit.link

Let's try it

1 - You copy a link like my article about Google Tasks "https://www.kiledjian.com/main/2018/4/25/google-launches-new-tasks-app-mobile-web"

2- You paste it into the magical input box

3 - You click on Make it look dodgy

4 - You copy the scary looking link (http://ctf.verylegit.link/+javaexploit_970speedupurpc!!install-now!!java0day.docm.js.pdf) and voila. Scare the pants of a tech-aware friend.

It will redirect you to your original link only adding lots of scary extensions typically used by scammers and Nigerian princes wanting to give you millions of dollars.

So welcome to Monday, time to have some fun.

Google launches New Tasks App (Mobile & Web)

April 25, 2018GeneralEdward Kiledjian

In a blog post entitled "With new security and intelligent features, the new Gmail means business", David Thacker (Google VP Product Management, G Suite) announced, "We’re also introducing a new way to manage work on the go with Tasks."

The new refreshed Tasks system will be available on the web and have accompanying mobile apps (Android and IOS). The new updated Tasks system will allow you to create tasks & subtasks with due dates and notifications.

The current tasks was an anemic stand-alone product that barely worked. The new one will integrate into the G Suite and allow you to drag & drop emails from GMAIL, files from Google Drive and more.

“Now you can quickly reference, create or edit Calendar invites, capture ideas in Keep or manage to-dos in Tasks all from a side panel in your inbox.”

— David Thacker

The announcement is happening in the G Suite (Enterprise blog), but this update will flow to the free consumer-friendly version as well.

The Google help centre provides additional information about how all of this will work.

Download the new Android version here and the IOS one here

Fairplay - Canadian media companies want the CRTC to adopt more anti-piracy regulations

April 8, 2018Edward Kiledjian

NOTE: I want to say up front that I believe content creators should be compensated for their work but history proves that laws cannot change user behavior. Make content available affordable in a flexible manner and see what happens (e.g. the streaming music model dramatically reduced music piracy because it became affordable and easily available on all of your devices).

A coalition of 25 Canadian media companies are petitioning the Canadian Ratio and Telecommunication Commision (CRTC) to establish a new piracy review agency called the Independent Piracy Review Agency [FairPlay movement].

Who makes up this coalition? See the list below but it includes : Actra, ADISQ, Bell, CACE, CBCB, Guzzo, Cineplex,Cogeco, Corus, eOne, etc.

The recommendation is that media companies want this new IPRA to have the authority to act quickly without needing a court order to block an offending website.

Understandably many organizations (e.g. OpenMedia & SumOfUs) have mobilized their support base to voice their objections. The first round of comments ended on March 29, 2018, and we can see close to 10,000 comments against the FairPlay proposal.

The common thread amongst the comments is that Canadians do not want a small group of publishers to have the power of censorship over the internet.

Supporters believe the case is clear-cut and the government must act to protect rights owners. Other companies (like ISPs Telus, Shaw) are not card-carrying members but have shown their support for the proposed plan. You can read the Telus Intervention document (support document) here.

All supporters of this plan know the public may complain of possible "over restrictions" and most supporting documents go to great lengths to convince the CRTC commission that controls will be in place to avoid "censorship".

I am proud that my Internet Service Provider, TekSavvy is taking the side of Canadians and has come out against the proposal. I believe in voting with my money which is why I chose TekSavvy as my ISP when I moved. I want to encourage more companies to defend the interests of everyday internet using Canadians.

“The [...]proposal for site blocking would fundamentally reshape how Internet services would work in Canada,”

— TekSavvy

Open Privacy is a not-for-profit group whose mandate is to empower communities through technology. They have come out against FairPlay on the grounds that it will harm the internet's integrity and openness. Open Privacy believes FairPlay regulations will negatively impact internet affordability and online privacy of Canadians.

NOTE FROM SITE: We know major telcos have deployed deep packet inspection technologies to determine what users are doing online. It is reasonable to assume that these technologies will become more invasive once this change passes.

The Creative Commons , A not-for-profit that has created a suite of licensing tools to enable content creators to share their content more freely has come out against this proposal.

“It is not apparent why online copyright infringement should be dealt with as a telecommunications matter — as opposed to a copyright matter”

— Creative Commons

Even the Canadian Internet Registration Authority, the group behind the .ca domain name system, has come out against this proposal stating that existing copyright protection tools are adequate, effective and sufficient.

Conclusion

This is a thorny issue with both sides convinced they are speaking the truth. History has shown that piracy cannot be controlled by regulation. The government stopped Napster (back in the day) but they didn't kill piracy. I believe piracy can only be reduced when content is made available easily (without draconian Digital Rights Management arbitrarily determining where and when you can play content you have paid for) and must be offered at a reasonable price.

Many Canadians feel like they have been beaten with the proverbial stick by Canadian media companies. They feel trapped by expensive content that isn't watchable everywhere. Many see piracy as a silent revolt against the establishment.

Best URL shorteners

April 2, 2018GeneralEdward Kiledjian

URL shorteners are something you either use a lot or never. Google launched it's own URL shortening service in 2009 with unique (at the time) features like third-party API access, QR code generation, ability to use easily on mobile.

But Google is retiring this public facing service and replacing it with Firebase Dynamic Links (FDL) accessible by developers only.

This is not surprising since Twitter retired Deck.ly when it acquired TweetDeck.

As part of the process of making TweetDeck more consistent with Twitter.com & Twitter's mobile apps, we're removing deck.ly from our apps
— TweetDeck (@TweetDeck) September 15, 2011

If you have links, Google is giving you until March 30, 2019, to figure out what you are going to do (even though you will lose the ability to create new short links on April 13).

What are the best Goo.gl alternatives?

1 - Bit.ly

The first alternative has to be Bit.ly which is one of the most popular URL shortening services on the internet and one of the oldest. You create an account and then generate short links as required (you can also choose a tag to group your URL).

Bitly allows you to create custom branded short URLs, which is excellent for marketing.

2 - Ow.ly

Hootsuite runs a service called Ow.ly. Ow.ly offers all of the features of Bit.ly but integrates with HootSuite. So if you use Hootsuite to manage your social media presence, this could be the best option for you.

The big difference is that Bit.ly allows you to quickly shorten a link from their main webpage without having to sign-up whereas Ow.ly does not.

3 - rebrandly.com

Many lists include Firebase from Google but I am omitting it since it is only designed for use by developers in apps (not useful for the average Joe). My last recommendation is Rebrandly.com which offers custom URL shorteners. Many large cloud companies are Rebrandly customers (such as Microsoft, Dropbox, etc).

Before you get scared and look away, they offer a free tier that will meet the needs of most users.

Conclusion

A URL shortener is a service that you will rely on for years, and I have presented the companies (services) that look to be the most stable. Remeber that when the service disappears's your links break which could wreak havoc on your social strategy.

Quebec to change tax collection rules for foreign tech companies

March 23, 2018GeneralEdward Kiledjian

Montreal's La Presse newspaper is reporting that "two high-level government sources" have confirmed that the upcoming Quebec budget (March 27, 2018) will include new sales taxes levied on foreign tech companies like Netflix, Amazon, Google, and Apple, that do not have a Quebec presence.

As it currently stands, these non-resident foreign companies are not expected to collect sales taxes from consumers. Under current regulations, the government expects consumers to auto-report these purchases and submit the necessary taxes.

Based on a November report, the Quebec government believes it lost 270M$ during the previous fiscal year because of this collection model.

Additionally, the government believes local merchants selling online are disadvantaged by the extra tax burden

The intent will be to:

collect sales tax on products and services (intangible) coming from outside of Canada
collect sales tax on physical goods physical goods coming from outside of Canada
collect sales tax on goods (tangible or intangible) coming from the rest of Canada

La Presse reports that these new tax rules will be implemented regardless of Ottawa's position or opinion.