Insights For Success

Strategy, Innovation, Leadership and Security

Spyware

What is CASL

GeneralEdward Kiledjian

The Canadian Anti-Spam Legislation (CASL) went into effect on July 1st, 2014. Designed to protect Canadians from unwanted commercial electronic messages (CEMs), it applies to all businesses that send CEMs - including emails, text messages, and social media messages.

As a result of the law, CEMs cannot be sent unless the recipient has consented to receive them, and businesses that violate the law may be penalized. Additionally, businesses are required to include their contact information in all CEMs and to provide recipients with a means of unsubscribing from future messages.

For businesses that violate the law, the Canadian Radio-television and Telecommunications Commission (CRTC) can impose significant fines - up to $1 million per violation.

t is intended to protect Canadians from these threats and to help businesses ensure that they only send CEMs to those who have consented to receive them.

Some businesses have complained that the law imposes undue burdens on them. In spite of this, the government has defended the law, stating that it is necessary to protect Canadians from electronic threats.

You can find additional information about CASL on the website of the Canadian Radio-television and Telecommunications Commission (CRTC). It is the responsibility of the CRTC to enforce the law and to provide resources and information to businesses and consumers. The website includes links to relevant legislation, FAQs, and contact information for the CRTC. Consumers and businesses may also file complaints with the CRTC if they believe that a business has violated the law.

Keywords: CASL, Canadian Anti-Spam Legislation, commercial electronic messages, CEMs, consent, unsubscribe, CRTC, fines, spam, spyware, electronic threats, businesses, consumers, complaints

Description: The Canadian Anti-Spam Legislation (CASL) is a law that went into effect on July 1st, 2014 in order to protect Canadians from unwanted commercial electronic messages (CEMs). This law applies to all businesses that send CEMs, including emails, text messages, and social media messages. Some key points of the law are that businesses must have consent from the recipient in order to send them a CEM, businesses must include their contact information in all CEMs, and recipients must be given a way to unsubscribe from future messages. There are significant fines in place for businesses that violate the law - up to $1 million per violation. The CASL was created due to growing concerns about spam, spyware, and other electronic threats. The Canadian Radio-television and Telecommunications Commission (CRTC) is responsible for enforcing the law and providing resources and information to businesses and consumers on their websites. Complaints can be filed with the CRTC if someone believes a business has violated the law.

Improve your internet security right now, easily and for free

GeneralEdward Kiledjian

Quad9 is a new DNS service launched by a non-profit consortium (founding members are IBM Security, Packet Clearing House & Global Cyber Alliance). The promise of the Quad9 DNS service is good security using the knowledge of some of the world's leading security research firms, by merely changing your default DNS server and ALL for free. 

The service is (not so creatively) called Quad9 because the DNS address is 9.9.9.9

Is the Quad9 service fast?


I used the free DNS Benchmark tool by Steve Gibson with connections from Canada, the USA, the UK and Switzerland. I performed ten tests from each region, and in every test, the Quad9 service was in the top 3 fastest DNS services available. In most cases coming in first. 

Quad9 is lightning fast because they use anycast routing which automatically finds and uses the nearest DNS server to the user. 

At launch, the service is powered by 70 servers in 40 countries, but the intention (in 2018) is to grow the fleet to 160 servers.

So how does it improve my security?

So why should you switch from your existing DNS service to the free Quad9 DNS service? Quad9 is a security and privacy enhancing DNS service that delivers much more security than any other DNS service currently available to consumers (more than your ISP, OpenDNS, etc.)

Quad9 says " Quad9 blocks against known malicious domains, preventing your computers and IoT devices from connecting malware or phishing sites." The threat intelligence is provided by the IBM X-Force but also includes 18 additional threat feeds from partners. Typically companies would pay tens of thousands for this level of protection and they are offering it for free.

You can configure your home router to use Quad9 and all device inside your house would be automatically protected (including that cheap easy to hack $29 webcam you bought from a shady online reseller). 

If a device (using Quad9) tries to contact a "bad" site, they will get back an NX domain error code (aka not found). This is how they prevent devices from being directed to dangerous sites.

Remember that a known good site could have been compromised and therefore could attempt to pull content from a shady site. Quad9 will prevent this from happening. 

Quad9 will continue adding features to further improve your security.

What about false positives?


They maintain a list of the 1,000,000 most used sites on the internet as a whitelist. This means that they cannot (mistakenly) blacklist an important site and make it unavailable. 

It looks like a well designed and well thought out platform.

What about my privacy?

The first thing you should realise is that most home connection use the DNS services of their ISP, and I consider most ISPs as the least trustworthy operators in your computing chain. Most are willing to sell your data cheaply to anyone willing to buy it.

Quad9's privacy statement is clear "No personally identifiable information is collected by the system. IP addresses of end-users are not stored on disk or distributed outside of the equipment answering the query in the local data center. Quad 9 is a nonprofit organization dedicated only to the operation of DNS services. There are no other secondary revenue streams for personally identifiable data; and the core charter of the organization is to provide secure, fast, private DNS."

Conclusion

I switched to Quad9, and it has been everything they promised. I recommend everyone reading this switch and try it out. It is one more layer of protection, and this one is easy & free.

Ubuntu is spyware

InfoSecEdward Kiledjian

Richard Stallman, the creator of the GNU Project and a leader of the Free Software Foundation, recently called Ubuntu spyware.

He made that claim because the latest version of Ubuntu (12.10) sends desktop search information to Canonical (the makers of Ubuntu) so they can show you customized Amazon ads directly in Ubuntu's program called Dash. His exact explanation was "Ubuntu, a widely used and influential GNU/Linux distribution, has installed surveillance code. When the user searches her own local files for a string using the Ubuntu desktop, Ubuntu sends that string to one of Canonical’s servers. (Canonical is the company that develops Ubuntu.)"

Stallman's issue isn't the advertising but rather the monitoring and surveillance done by Canonical to provide targeted advertising (as part of the core operating system). I do want to remind Windows 8 users that many of their built-in apps also come bundled with advertising but in the case of Windows, these aren't core components and you can easily skip using them.

Canonical has a built in switch to allow users to turn this surveillance off but most don't realize it's there. I believe a clear question should be asked during the installation (or update) about this and the switch can then be set to on or off depending on the users explicit response.

What is dash? In Ubuntu, the Dash has always let you search your computer for your files, photos and videos. But now it does more than just search your computer - it can search all your online accounts too. So, once you’ve saved the login details in the ‘Online Accounts’ function, you can expect to see your Flickr photos, Google Drive documents and more in your search results, alongside the files on your computer.