Insights For Success

Strategy, Innovation, Leadership and Security

Tips and Tricks

Ridge minimalist wallet review

GeneralEdward KiledjianComment
Al-black-clip_2000x.jpg
Black_HW2_1_716e46f4-3f37-41f1-9ed0-6921a9d0116f_1024x1024.png

This is not an ad or sponsored post. This is an honest review.

I have been a fan of minimalist wallets for many years, and my wallet of choice has been the HuMn Aluminium wallet.

Ridge Wallet Specs

  • Holds 1-12 cards without stretching out

  • Blocks RFID (wireless theft)

  • Replaceable elastic

  • Backed by our lifetime warranty

  • 6061-T6 aluminum | anodized black

  • Weight: 2 oz | 86 x 54 x 6 mm

Ridge Wallet Use

Al_black_exploded_1024x1024.png

You add a card by sliding it from the top groove

To access a card, you press the ridged opening and pull the required card out from the top

To Insert a Card: Gently slide the card into the top groove.

To access a card in the middle, you push out all the cards from the ridge, separate the metal plates and then find your card.

IMG_20181001_080318 - Copy.jpg

This strategy is similar to the HuMn wallet and most other plate based wallets. This may seem a little off for someone coming from a traditional leather style wallet but you will get use to it quickly. You will start moving your most used cards to the top or bottom of the stack.

Design

The stated purpose of the Ridge was to design a sleek minimalist wallet that would be durable and easy to use. I believe they successfully achieved this stated goal. The height and width of the Ridge Wallet is designed to be very slightly larger than (North American) style credit cards.

IMG_20181001_075912 - Copy.jpg

First thing first, the wallet is a thing of beauty. Much better looking than the HuMn Wallet.

The aluminium wallet will feel slightly heavier than a “normal” wallet. After 3 weeks of use, the wallet feels normal and not heavy at all. For those that are looking for a lighter option, the poly-carbonate or carbon fiver models are lighter. Unless you want Carbon Fiber for the look and prestige, the aluminium version is likely the best cost/benefit deal.

The wallet comes with either a money clip or elastic band. I chose the clip version which makes it slightly thicker and less useful. I recommend you acquire the elastic band version.

For those that carry their (normal) wallets in their back pocket, you will notice that your cards are slightly bend. The Ridge Wallet’s aluminium “walls” are strong enough to keep the cards straight even if you sit on them.

The company claims that their wallet provides RFID protection. I used an RFID scanner to test this feature and can confirm that it does offer RFID protection (most leather wallets do not offer such protections).

Some companies provide non-standard sized cards (loyalty and membership). Those non-standard cards do not work well with the Ridge. In my case, I do not have any of those.

Behavioral change

For those coming from a normal leather wallet, moving to any minimalist wallet will force you to reconsider what cards you carry with you on a daily basis. In my case, I scanned all my loyalty cards into Google Pay (and Apple Pay) and leave those at home. Additionally I stopped carrying cards I barely use.

Conclusion

Coming from the HuMn Wallet, I wasn’t sure how I would feel about the Ridge Wallet. The truth is that I liked it much more than I expected and it has now become my main daily-use wallet.

They have made a great product that balances form, function and cost.

It is strong, light and dependable. For those looking for a great EDC wallet, this is currently the best choice available (I have tested over a dozen such wallets).

Link: Ridge wallet

Common hotel safety and security questions

GeneralEdward KiledjianComment

When an operational security expert thinks about hotel risks, we typically group them in these buckets:

  1. physical security
  2. safety
  3. technological risk

Travel security means you need to think about potential risks you may be exposed to and how you could mitigate them.

What about room security?

First, think you should do when you walk into any hotel room is walk around and identify all potential ingress points. Make sure that they are locked (windows, sliding doors, doors to adjoining rooms, etc).

The front door is your primary risk and anytime you are in the room, you should always use all of the protection mechanisms made available to you (lock, hasp and deadbolt).

Capture.PNG

When travelling, I always carry a light and cheap Addalock to provide an additional level of safety.

If I'm going to sleep and believe that the risk level may be higher than normal, I will stack the glass cups (water and coffee) in front of the door so any attempted opening will cause them to fall and wake me up.

Are peepholes in hotel rooms really an issue?

The short answer is yes. There are inexpensive adapters that reverse the magnification of a peephole and allow a threat actor to watch you inside your room. I have even seen some with smartphone adapters so you can even record video.

Tip: If the peephole doesn't have a cover built-in, roll up some toilet paper and shove it in the peephole.

Is a hotel safer than an AirBNB?

This is a question I receive regularly and the answer isn't simple.

Most AirBNBs are located in non-descript residential buildings and therefore could allow you to blend in with the locals. Remember that you have to trust the Airbnb host. 

A hotel, on the other hand, is flashy and everyone knows where it is (forget about blending in) but these establishments typically have stronger better-designed security,

Hotels typically set up shop in safer neighbourhoods whereas an Airbnb can be anywhere.

You need to do some research and determine what your risk profile is and then determine which solution best meets your requirements. 

What should I look for before booking a hotel room?

In an emergency situation, you are ultimately responsible for your own safety. An ounce of prevention is worth a pound of cure. Do your research before booking a hotel and the room. I generally want a non-biased third party to provide the below answers. If that is not possible then I try to stick to major Western chains that usually will be fairly honest with their answers.

  • Choose a hotel where the room locks are electronics. This makes it harder for previous guests or “bad guys” to have access to your room. Ask for 2 copies of the room key and keep both on you. If you misplace or lose one, immediately notify the hotel and have replacements made.
  • Make sure the room is equipped with a deadbolt lock and a peephole
  • Most of us do not pay attention to the hotel’s fire suppression system but trust me this one is important. Make sure your room is equipped with a smoke detector and that each room (and the hallways) have visible sprinkler systems. In many countries, the fire response teams are not as fast, well equipped or trained as in North America.
  • Make sure that the hotel environment is secure with proper fencing and that the guest areas are well lit (parking, hallways, ice rooms, etc).
  • Generally, I prefer hotels where the elevator leaving the parking area only goes to the lobby (and not directly to the rooms).
  • I try to make sure that any hotel I choose has adequate security personnel. I like to see uniformed security personnel that seem to be well trained and adequately equipped (in this case adequate depends on the area.) They should be willing to escort you to your room or vehicle if requested.
  • I recommend you contact the foreign affairs ministry of your country (DFAIT in Canada, US Embassy for the USA, etc). Ask them about the area the hotel is located in and determine how safe it is.

How do I ensure my stuff hasn't been tampered with?

If you have read my other articles, I talk about hotels being a prime target for intelligence gathering. Where possible, take all of your "stuff" (passports, money, electronics, etc) with you. Sometimes that isn't possible or desirable, so what do you do.

Make sure everything is turned off (not in hibernation or sleep mode).

Use discreet alignment of your "stuff" to detect if anyone has tampered with it. Discreet alignment means that everything has been placed in specific ways so you will detect the slightest movement. As an example, maybe you place a water bottle 1 thumb away from the USB port of your laptop. When you come back, you will immediately know if someone tampered with that port (if the alignment is off).

You can also use cardinal bearings (alone or with discreet alignment). Cardinal bearings are basically compass headings. So you place the protective item (coffee cup in front of the sensitive USB port) and make sure the handle of the coffee cup has a perfect bearing of north. You can also use pens or anything else that is easy to move.

Once you have set up your environment, take pictures of it with your smartphone camera.

If you are being tracked, make sure everything looks natural. You do not want anyone to suspect that you are laying traps.

Using the do not disturb sign

In security, we want as much advanced notification as possible that something is wrong. The trick here is to place the do not disturb sign on your door but to do it in a way that is unique but natural. As an example, instead of letting the sign just hang freely from the handle, you place the edge into the door frame so it is on a slight angle. To most people, it will seem like you left in a hurry and the sign justs got stuck in the door. If you come back and the sign is no longer on an angle stuck in the door frame (aka it is hanging freely), that means someone was in your room and that you should approach with caution.

9 things you should pack on every trip

GeneralEdward KiledjianComment
vw-camper-336606.jpg

As a frequent traveller, I have picked up some tricks that make travelling a lot easier. I wanted to share some of those with you and hopefully make your life a little easier.

Global WIFI Hotspot

I wrote my first review of the (gen 1) Skyroam Global hotspot in 2015 and it became one of my most used travel items. When they released (gen 2) a new LTE capable model, the Skyroam Solis, I bought one and reviewed it as well.

TL;DR: I have tested dozens of global roaming services (hotspots and global SIMs) and the product I carry in my bag every day is the Skyroam Solis.

Some readers have asked if my Skyroam tests were promotional and the answer is no. I have not received any compensation from Skyroam to test and review any of their products. When I find something that works well and is priced competitively, I recommend it.

I recommend you read my full review, but the summary is that the Skyroam Solis is a pre-paid global 4G (LTE) capable hotspot that works in 100+ countries. They offer an "unlimited" data package sold in chunks of 24 hours (day passes) for about $9 a day (or a monthly pass for $99).

solis_daypass.PNG

Most companies offering this type of service label their offering as "unlimited data" but this doesn't mean you can stream Netflix while cruising the french riviera. Every company I have reviewed imposes some type of "fair use policy". Skyroam's Solis day pass never cut-off your data access but does slow it down to a painful (and barely usable) 2G after you consumer about 500MB per 24-hour period. This period resets during each day pass.  This means that you shouldn't be streaming music or videos (Spotify, Google Music, Apple Music, Youtube, Netflix, HULU, Amazon Video, etc).

As an example, the GeefiGlobal WIFI hotspot fair use policy says "GeeFi will begin limiting the download speed after you exceed 500 MB (megabytes) of data in most countries".

buysolis.PNG

Frequent travellers can buy a Skyroam Solis WIFI hotspot for $149.99 (includes one day pass worth $9). Infrequent travellers can rent a Skyroam Solis with the appropriate number of day passes for $9.95 a day (basically $1 per day to rent the unit plus shipping costs back and forth).

rentsolis.PNG

Collapsible water bottle

download.png

I wrote about the Nomander collapsible water bottle in 2016 and still recommend it for travel.

TL;DR: The Nomander water bottle is a light flexible easy to pack piece of kit you can store easily and use when needed. It avoids having to pay $5 for a 500ml bottle of water that would otherwise cost $0.50 anywhere in the "real world".

The Nomanderis made from food grade silicone so it doesn't retain smell.  It is leakproof. Where my older recommendation (the Vapur) becomes giggly when less than 3/4 full, the Nomander retains its shape fairly well for a foldable bottle. 

With the plastic sleeve in the middle, the bottle is sturdy enough to stand on its own.  The Nomander is (top rack) dishwasher safe, You can also freshen it up, like most other water bottles by soaking a mixture of filtered water and fresh cut lemons for 24-hours.

The water filter

Browse the aisles of any camping goods store and prepare to be amazed at the dozens of water filters available for your immediate purchase. I have been camping most of my life and have travelled to many locations known for terrible horribly diseased water.

I have tried over a hundred filters, tablets and sterilizers. The one I keep coming back to over and over is the Grayl. I first wrote about the Grayl water filter in 2016 and have been recommending it since. It beats every other filter I had tried before or that I have tested since.

download.jpg

TL;DR: The Grayl water filter is the easy to use, easy to carry, low maintenance and high-reliability water filter you want when in the backcountry or when travelling to locations with questionable water sanitation practices.

When using the orange travel filter, you purify and sanitize the water with one (strong) push. This means I no longer carry a UV sterilizer (Steripen) in addition to a filter (Lifestraw or Sawyer mini).

The Grayl Orange Travel filter removes:

Grayl_Filters.PNG

Each cartridge lasts about 300 uses (with 3 full uses a day, a single filter would last 100 days). The filtering process requires a bit of brute strengh but you never have to worry about batteries and there is no need to backwash the filter. 

Portable laundry machine

Scrubba_4_-_Flat_and_Closed_-_Credit_Calibre8_1024x1024.jpg

Everyone starts travelling with lots of extra clothes and big check-in pieces of luggage. Eventually, you learn that one-bag travel is the only way to go. One-bag travel does mean you are travelling with the minimum and thus may need a way to clean your clothes while on the move. 5 years ago I bought a Scrubba wash bag and have brought it with me on almost every trip (longer than a week).

TL;DR: The Srubba is a waterproof bag with scrubbing "teeth" you can use to clean your clothes anywhere in about 10 minutes.

Scrubba has become a trusted travel item for business trips and family adventures (vacations with kids, camping, road trips, etc). I use this with either  Woolite Travel Laundry Soap individually packaged travel packets or Dr. Bronner organic Castille soap. Both of these detergents are gentle, work with all types of materials and wash out easily without leaving a soapie residue.

Airborne and NoJetlag

I started taking both of these products 6-7 years ago and believe they help keep me healthy when travelling (particularly the long North America to Asia flights).

jdwb4yupe3dts0egi3ws_a3600e38-80a6-493d-b398-38dfe2099e49_425x425_crop_center.jpg

I am not a doctor and the effect could be nothing more than placebo but since I started taking Airborne on longer flights, I find I get sick a lot less Worst case scenario, it is a vitamin C supplement but my experience has been very positive. I have managed to stay healthy even with colleagues have gotten sick.

nojetlag.jpg

When travelling to faraway destinations, I started using No-Jet-Lag. While consulting for Cathay Pacific Airlines (based in Hong Kong), a flight attendant recommended it and I have used it ever since (when travelling through more than 4-5 time zones).

The simple rule of thumb is to chew on one tablet, every time your plane takes off and every time it lands.  Then chew on one tablet every 2 hours while in flight. I normally follow the manufacturer instructions and take it an hour before or 2 hours after a meal.

I'm the first person to admit the questionable medical value of homeopathic products and my results may be nothing more than a placebo effect but it has worked for me and has been recommended to me by about a dozen different flight crew members.

Tom Bihn Synapse 25 backpack

Talking about backpacks is almost akin to talking about religion. It seems people are easily offended when you recommend something different than their preferred bag.  Unlike the average traveller, I have 1M+ miles under my belt and have recently tested about 25 different (well rated) backpacks before I recommended the Tom Bihn Synapse 25 backpack February 2018.

20180212_084052.jpg

TL;DR: If you can only buy one backpack (EDC, work and travel), I recommend the USA designed and manufactured Tom Bihn Synapse 25 backpack.

I recommend you read my full review here. This bag is light, durable and has carefully designed features that will make travel much easier. Plus it is built like a tank and will not break on your mid-trip.

Best carry on luggage

AirBoss7.JPG

I first recommended the RedOxx AirBoss in March 2012 and it has been my favourite carry-on luggage since. I have tried 50-60 different products since and always come back to this thing. It is designed to last and comes with a no questions lifetime warranty. Along with Tom Bihn, RedOxx offers the best warranty in the business. 

The RedOxx AirBoss is a 100% USA designed and manufactured bag. It is made from incredibly resilient materials. The bag you see above has travelled 1,000,000 + miles since 2012 and it looks almost brand new.

  • Since does not have wheels, I am rarely asked to check its size.
  • It has a flexible shell which means I can push and shove it into even the smallest overhead compartments.
  • It doesn't waste any room on wheels and a pull handle which maximizes available space
  • It can be used with or without packing cubes

If you could buy only 1 luggage that will have to last 10+years, this is the one.

Pacsafe anti-theft packs

There are times when you will be travelling to riskier destinations where theft is a real constant concern (Shanghai, Delhi, Mumbai, Barcelona, etc). Then travelling to these "special" locations, you may have to take specialized gear to stay safe and no one offers a wider selection of anti-theft backpacks, packs and bags than Pacsafe.

I own both a Pacsafe backpack and a shoulder pack. Both of my products are no longer offered but you can easily find something that would meet your needs. During "normal" trips, I would choose the lighter and more functional Tom Bihn Synapse 25 every time but when I need extra security, the Pacsafe products are a must.  The bags are lined with a metal mesh to prevent theft by slashing. Even the shoulder straps are reinforced with metal mesh to prevent a slash and go incident. Best of all, the Pacsafe bags look like normal everyday products.

pacsafe.PNG

I own an older version of the Metrosafe and found an everyday use for it you may find interesting. In addition to keeping my valuables safe while I travel, I use it when at the beach or public pool.  I lock it to a bench or medium tall tree and know my valuables (glasses, wallet, cell phone, etc) will be there when I get back. When at the beach, I can go swimming without worrying that someone will steal my wallet. All you have to do it pair it with a travel cable based lock. 

Is TOR Private and Anonymous?

GeneralEdward KiledjianComment
japan-956073.jpg

One of the most frequently asked questions I receive from readers (from this blog, Twitter and LinkedIn) is "Should I consider TOR private and anonymous?" 

This question is interesting with fervent activists on each side [of the issue]. On one side are TOR proponents extolling the virtues of the platform and explaining how it will save humanity from the scourge of privacy-invading networks. On the other side of the discussion are conspiracy theorists that claim TOR is nothing more than an NSA honeypot (a data collection tool). 

Like most important topics, the truth is never as clean as we would like it. The truth is that TOR is a little bit of this and a little bit of that. Let's dive straight in. 

Who started TOR?

Conspiracy theorists love highlighting the fact that the United States Navy developed TOR. So the first question we need to tackle is regarding this origin statement.

The core privacy functionality of the TOR network, the onion routing, was developed by United State Naval research laboratory employees named Paul Syverson, Michael G Reed and Favid Goldschlag. The purpose of the technology was to protect US intelligence communication. 

The TOR Project was launched in September 2002 by Paul Syverson,  Roger Dingldine and Nick Mathewson. In 2004, the Naval Research Laboratory released the TOR code under a free license, and the EFF (Electronic Frontier Foundation) began funding the initiative. The Tor project we know and love today was started in December 2006 as a 501(c)(3) non-profit organization with support from the US International Broadcast Bureau, Internews, Human Rights Watch, the University of Cambridge, Google and  Stichting NLnet.

It is true that the majority of the funding for the free and open source project came from the US government. 

Does the government control TOR entry and exit nodes?

When talking about TOR privacy and confidentiality, there are 2 distinct question most astute users ask:

  1. Can someone "see into" my traffic?
  2. Can someone tie TOR traffic back to me? 

The first theory I read about consistently was that world governments (particularly the 14 Eyes Countries) control the majority of the TOR Exit nodes thus can "see into the traffic." Looking strictly at the Exit node piece, governments have no deterministic way of knowing where a suspects traffic will exit from the network. As long as they don't control all of the TOR Exit nodes (which we believe they do not), they can't be sure the suspect traffic will flow through their nodes. Additionally, if the site you are visiting is using cheap and easy to implement security (like TLS) then even if the government controls the exit node, they won't be able to "see inside the traffic." Traffic that joins the TOR network to access a TOR hidden service never exits the network so it wouldn't even pass through an Exit node.

What if a government controls both the Entry node and Exit node you use? Assuming you are using TOR to browse the "normal" internet then you will hit an exit node. If the government(s) control enough of the entry and exit nodes, they can use statistical correlation tie traffic back to you. 

If you are browsing a site with well-designed security, they still would not be able to see "inside your traffic" but would know that you originated the traffic flow (aka collect metadata). 

It is important to remember that the TOR Project isn't just idly sitting on the sidelines watching the government violate its technology. They are actively working to harden the platform and work tirelessly to make it more secure every day. Some of the techniques used by the TOR platform include:

  • Switching TOR circuits regularly and unpredictably. Thus making long-term data mining more difficult. 
  • Ensuring that the TOR nodes used are as randomized as possible. Thus making predictability of route near impossible.
  • and more 

Has the TOR browser been hacked?

The answer is yes but hold on before you install the TOR browser from your computer. I would submit that almost every commercial or free software has exploitable bugs that would compromise a users privacy and confidentiality. The question isn't whether a product has these types of exploitable bugs but rather what the software "vendor" does about them. The TOR project has been an incredibly honourable steward of the TOR platform. They quickly patch any discovered vulnerability. 

The other "trick" for the extra paranoid is to switch the security level in the TOR Browser to high. This will break some sites, but you want strong security don't you? 

torb1.PNG

Can I be tracked using the TOR Browser?

I wrote an article in 2016 talking about browser fingerprinting techniques and referred readers to the EFF's Panopticlick site to test this on their own devices. Browser Fingerprinting is a technique that leverages information your browser gladly provides to sites to uniquely identify you and then track you as you browse the web. 

To illustrate the power or browser fingerprinting, I ran the Ponopticlick site on my "normal use" machine using different browsers. 

  • My reference browser will be Google Chrome (same results with or without UBlock Origin): Your browser fingerprint appears to be unique among the 1,747,285 tested in the past 45 days. Currently, we estimate that your browser has a fingerprint that conveys at least 20.74 bits of identifying information.
  • The Brave "privacy" browser (default configuration): Your browser fingerprint appears to be unique among the 1,747,235 tested in the past 45 days. Currently, we estimate that your browser has a fingerprint that conveys at least 20.74 bits of identifying information.
  • Microsoft Edge (Win 10 latest update): Within our dataset of several million visitors tested in the past 45 days, only one in 218410.63 browsers have the same fingerprint as yours.
    Currently, we estimate that your browser has a fingerprint that conveys 17.74 bits of identifying information.
  • Microsoft Internet Explorer (Win 10 latest update): Your browser fingerprint appears to be unique among the 1,747,285 tested in the past 45 days. Currently, we estimate that your browser has a fingerprint that conveys at least 20.74 bits of identifying information.
  • Tor Browser with safest security option: Within our dataset of several million visitors tested in the past 45 days, one in 92.3 browsers have the same fingerprint as yours. Currently, we estimate that your browser has a fingerprint that conveys 6.53 bits of identifying information.

So in safest mode, the TOR browser does dramatically reduce information leaking about your browser but the fact you are using a low popularity browser is in fact itself a tracking tool. The short answer to this question is that tracking is still possible.

Should I trust the TOR Browser?

I've addressed some of the most common questions I receive, but the only reason you read this article is for this one question alone. You want to know if the TOR browser is safe enough for you. 

Unfortunately for you, I'm a security professional, and I believe security is never black or white. The question of whether the TOR Browser is safe enough for you is the real question and that depends. 

It depends on the types of activities you are performing. 

On the low end of the spectrum is a general user that wants to use TOR to browse questionable websites from work without leaving traces in the company proxy logs or without being stopped by a URL filtering tool. For this type of user, the privacy and anonymity afforded by TOR are probably sufficient. It is unlikely that a nation state will target you for deanonymization and tracking. 

On the other end of the spectrum is a hardened criminal trying to sell nuclear secrets to the highest bidder. You would probably be classified as a high-value target by the global intelligence community, and thus they would use the full arsenal of tools to identify and track you. If you are a criminal mastermind hellbent on world domination, you probably need better tools than TOR. 

A tweet by Edward Snowden explains it best:

Security is a complex system of risk management and mitigating controls. There is no magic bullet where everyone is safe and anonymous all of the time. True security is a complex architecture of different technologies implemented in very particular ways, to achieve the protection level you desire or need. 

If you are browsing adult content from home and want some level of anonymity, TOR is perfect. 

If you want to browse it while at work, know that most companies have agents installed on your workstation to track your browsing regardless of the browser used. 

Therein lies the real risk. Whether you are using TOR or the end-to-end encrypted Signal messenger, the tools themselves are often secure.  However, if someone compromises either of the endpoints, you can still be de-anonymized. This is why true security must be done in layers.

Maybe you need to run a secure Operating System, like Qubes OS that routes its traffic through TOR (booted from read-only media and hash checked to ensure it has not been tampered with). Additionally, even if you have a safe and secure computer, operating system and connection, you must still be careful not to involuntary divulge clues about yourself when online, so security hygiene is also very critical. 

Security is though. Perfect security doesn't exist.

Run a speed test from Google Search

GeneralEdward KiledjianComment
athletics-3108413_1920.png

There are dozens of sites and services that promise to test your internet speed. The most popular are:

Now you can also add Google to the list.

1 - Go to the Google Search Page (on a PC or Android device)

2 - Enter Speed Test

Capture.PNG

3 - Choose the Run Speed Test option and ignore the search results

Capture1.PNG

4 - Wait until Google delivers your speed test results

Capture3.PNG

Android Smartphones - This tool also works on Android devices. Just search for Speed Test on the Google search bar on your launcher and it will perform the same test and return results with a similar look & feel.

Some public WIFI hotspots seem to block it while allowing other services to run. Not sure why.

Does it work in other languages?

 I tried the search on the Google Canada French site using both "Speed Test" and "test de vitesse" and I was not given the speed test web applet. Looks like this may be reserved for english language searches only for now.

Capture4.PNG

 

Conclusion

Nothing special or different here but this could be one more feature in your cap. I do like the fact that Google interprets the results and explains (in plain English) what kind of video streaming performance you should be able to expect from your connection.