/ Technology

Tech Talk with Which? Computing

Welcome to our tech talk area! This is your place to discuss all things tech, get updates on Which? Computing, and discuss the latest goings on with our Computing editor, Kate Bevan.

Hello, world. Welcome to my tech talk area on Which? Conversation.

It’s been six months now since I took over the editorship of Which? Computing, and one thing I’m particularly keen to do is find ways to meet, chat with and learn from Which? members and our community.

I want to be able to be a bit more nimble about reacting to, commenting on and explaining what’s going on in the wider tech news world, and so we thought that opening up this space would be a great way to do that.

A tech space for everyone

This space is as much for you as it is for me. I’m not only keen to share with you what we’re working on in Which? Computing, but I very much want to hear what you’re doing with your technology; what you’re thinking about technology-focused news, and what you’re considering building, buying and tinkering with.

I’ll be posting here in the comments on a wide range of topics. Next week, for example, is Google’s annual event at which they launch their latest consumer devices. Sadly, I won’t be going to New York for that, but I will be at the London event, and I’m planning to report on that as it happens.

I’ll also be letting you know what we’re up to with planning the Computing magazine; I’ll be sharing news stories and – hopefully – helping those of you outside of the tech bubble make sense of everything that’s going on.

But most of all I’m here for the community. It’s a conversation, not a broadcast, and I hope you’ll be joining in and helping to shape it. I’m really looking forward to it.

From the Convo team

This tech-focused area of Which? Conversation is the first of its kind from a Which? editor.

Much like the Lobby, it was born out of an idea from our community – we’ve been asked for a more tech-focused discussion area in the past, and this can act as just that. This area isn’t only for Kate’s updates, but for you all to discuss the latest tech news, reviews and issues you’re interested in.

Kate will continue to write separate Which? Conversations for the ‘big’ tech stories, which we’ll also link to here for reference.

09/10/2018 All the latest from Google’s annual hardware launch

02/10/2018 Was your Facebook account accessed by attackers?

29/09/2018 A brief history of tech: what got you into computing?

16/08/2018 Do we really spend too much time on our phones?

Otherwise, for all things general tech chat and questions for Kate, feel free to get inolved!

Guidelines

To ensure the Computing Corner remains a healthy and friendly place for you all to share your thoughts and musings, all of our Community Guidelines apply.

Comments

Please may I revive ‘Tech Talk’?

I’m interested to know whether it is necessary or even advisable to change an email address if an account is hacked. This is obviously a safe solution but maybe a lot of work if you have to notify a large number of people and organisations and there is little doubt that some will forget about the change.

I’ve seen advice to update anti-malware software and check for problems and to renew your existing password with a new and secure one. Obviously if the attack results in spam being sent to your email address you will probably have to change it. No-one I know has had a problem with retaining their email address after their account being hacked.

I don’t have a problem but it might be interesting to discuss the alternatives.

DerekP says:
23 August 2019

Hi wavechange, I found some good general advice here:-https://www.nytimes.com/2018/04/11/technology/personaltech/email-hacked-password.html.

A number of other sites also gave similar advice.

This is probably also a situation where prevention is better than cure. So any important email account should be secured via a strong password and perhaps also by two factor authentication (e.g. by mobile text messages).

Also, given the very many unimportant internet sites that invite one to register and login via an email address and password, those passwords should never be the same as ones main email password (and should all be different). Another good idea is to use a different email address for those sites.

DerekP says: Today 08:12
…perhaps also by two factor authentication (e.g. by mobile text messages).

I wish. I know we’re not alone in not having anything resembling a mobile signal here, but this move towards 2FA seems to regard mobiles at ubiquitous when, in fact, they’re far from it or at least the signal is.

Now Visa has brought it in on the ‘verified by visa’ system it makes life extremely difficult for those of us without mobile signals. To make it worse, the VbyV people will only send the code via email 5 times. Why is that? VbyV is a typical example of a bank con; presented by Visa as a way to protect the customer, it’s nothing of the sort, protecting only the banks instead. Grrrr…

Thanks Derek. Unfortunately it is necessary to register on the NY Times website and from past experience, registering with commercial websites can result in marketing emails even if you try to opt-out. My approach is not to register unless I want to use a site regularly, so I’m no further forward about whether it is necessary to change an email address if an account is hacked.

I am moving towards having different passwords for everything and stronger passwords though I have never heeded the common advice to change passwords periodically. For unimportant sites I do use a different email address.

DerekP says:
23 August 2019

For the context of emails, I’ve yet to see a provider that has made two factor authentication compulsory.

For those in notspots but with working landlines, there may also be some tech solutions, for example:-http://bt.custhelp.com/app/answers/detail/a_id/9043/~/set-up-and-use-bt-text

In the next incarnation of the Apple OS system, Apple will be providing disposable and entirely fictional email addresses which will be redirected to your Apple email account. Meanwhile, E4ward does this already, allowing you to invent email names which redirect and if you wish to remain utterly anonymous, you can always use Proton Mail.

DerekP says:
23 August 2019

wavechange, sorry – I didn’t have to register or login to see that post. I wonder if my Privacy Badger add-in got around that trap?

Here’s an alternative:-https://www.kaspersky.co.uk/resource-center/threats/what-to-do-if-your-email-account-has-been-hacked

Problem is, Derek, that requires a text compatible ‘phone. But thanks, anyway.

My bank will use my cardreader. Seems a good option.

That is a far superior option, Malcolm, but will they use it for the Verified by Visa problem? If they will, then it’s a ‘phone call to my bank later today.

DerekP says:
23 August 2019

The main practical snag I’ve seen with text message two factor authentication is when folk don’t have the corresponding mobile phone with them. This might happen because they’ve changed their mobile and not told their email provider or because a family member has set up the email account for them and used a different mobile number when that was done.

For folk that really struggle to remember and/or type passwords, some online accounts can also be set to use text message authentication as a single primary security check at login.

I’m not so sure. If you go away on holiday, are you more likely to take your mobile phone or a card reader?

Perhaps the intelligent approach is to standardise on offering both options to suit the needs and wishes of users.

Derek – Thanks for the alternative link, which confirms my understanding that it might not be necessary to change an email address because an account has been hacked. What I would do if it happened to me remains to be seen…

My bank will use it for my debit card. The device reads the chip so different cards will require their own readers. Let’s hope it becomes a general alternative. My credit card provider currently will use a mobile as a contact, with email for only a limited number of OTPs. If I don’t have a mobile or have a bad signal I’m advised to phone them – which requires a landline.

I thought that card readers were being standardised. Here is advice from my bank:

“Can I use someone else’s card-reader, even one from another bank or building society?

Yes, if you have a card reader from us, you can use that, or most card readers from other banks.”

That does appear to be so. At least for those readers that use the same system. I’m intrigued to know how that works as the 8 number code produced by the reader has to be recognised by your bank. Putting my credit card into my bank’s reader does produce a code. Is that code potentially capable of verifying a transaction? So could readers be used across the board?Another option is for the code to be sent via landline and “read out” – i.e. spoken.

Elsewhere we have been discussing cheap laptops with little storage spare. An increasingly popular solution is to use cloud storage, which obviously requires online access. I use it because it allows convenient file sharing between my phone and computers using iCloud, and for years I have used Dropbox for file sharing with others. I have backups of my files on external hard drives too.

One of the main criticisms is that accounts could be hacked and that is why I don’t put anything sensitive into cloud storage. It would be interesting to know more about the risk of hacking of cloud storage and whether some services are less safe than others.

There is a bit on Cloud here but unfortunately undated (as far as I can see), something Which? should address.
https://www.which.co.uk/reviews/external-hard-drives/article/external-hard-drives-vs-cloud-storage

I think it was Lauren Deitz who responded to my criticism of the lack of dates in articles – something that has been repeatedly raised by us and others. I cannot remember the explanation but still feel that it is unprofessional not to indicate when articles are revised.

Having said that, I cannot see any significant problem with any of the information provided by Which?, probably because cloud storage is well established.

Cloud storage can be used for different purposes. Some users will use it to share data across their phones, computers and tablets. Others will use it primarily to share data with others, in some cases allowing more than one person to work on a document. To provide a Which? percentage rating for different cloud systems seems a bit pointless. My preferred option is to use one system for personal use and another for sharing with others.

For a start use a password with 12 or more characters .
Cloud storage automatically sync,s data -bad side –loading the Cloud app /turning on gives the users immediate access to stored data but can potentially allow hackers to gain access .
“Man-in-the -Cloud Attack (security hole ) can compromise apps like Box,Dropbox and MIcrosoft OneDrive ,hackers can steal the security token that gives your computer access to cloud ,even without a password .
Use encryption on cloud ,if you can afford it use
– Certain Safe Digital Safety Deposit Box -excellent recommendation for security but forget your password etc and goodbye data..
Tresorit (Switzerland) is good but again dear –
https://tresorit.com/

I use secure passwords (14 or more characters) though should probably change them more frequently than I do. If I do not use cloud storage for anything that needs to be kept private, the only danger seems to be that someone could access my computers. That has not happened yet, though maybe I am living on borrowed time.

After years of Cloud Storage hackers are now well up on hacking it even when changes are made ,a lot of those hacks involving storage companies and millions of customers aren’t being reported in full or even reported which lulls the public into a false sense of security .
Last year I said the US military/security services refused to use the standard cloud and have tendered for a real secure version costing an enormous amount of money .

This is an issue with me I get annoyed that many members of the public post saying —how do those scammers/hackers know all my personal details ? yet its played down because all the big US conglomerates gather our data just by accessing their websites or now just by viewing an email they know when you click on an email ,pictures in emails gather data .
Their excuses no longer hold water and now the big US companies are going to be indited by the US government and I refuse to accept —oh its America not the UK?? what world are people living in ? those massive companies are used by us and worldwide otherwise you cant fully use the internet if at all .
But every time I have posted on it out comes—– don’t put the public in fear of the web ,you don’t need me to tell you in whose financial interests that position is .
Its frustrating the public cant be told the truth due to money,its getting like the US tech,help website I was excommunicated from for criticising – MS/Google /Facebook/Twitter etc because they were paid by them to promote them ,even at the expense of the public losing out they even were honest enough to admit it .

I was alerted to some of these risks before either of us posted on Convo, Duncan. Very sadly the person who warned me now works in data gathering and his clients include a large supermarket with a US parent. If I had my way it would be illegal for any organisation to put a cookie on anyone’s computer. I used to refuse to accept cookies but finally succumbed when I wanted to order something from John Lewis for collection at Waitrose. We are all familiar with the notices about cookies at the bottom of web pages. Most of us click ‘OK’ or ‘I’m happy to accept cookies’ even if they don’t want advertising because it is the quickest way to use a website. I’m sure that it would be easy for business to use statistics to ‘prove’ that most people are happy to accept their cookies. 🙁

Meanwhile back at cloud storage. The reason I use it is for convenience. It means that I can access a large number of photos and other files wherever I am. In a meeting I can pull up a conservation management plan, heritage protection agreement or minutes of an earlier meeting, there and then. I no longer have the problem that what I’m looking for is on the other computer. I do not use cloud storage for any information that I consider to be sensitive, including emails, letters and forms. I do my back-ups on external hard drives. The advice from Which? in their article about external hard drives vs cloud storage is: “Both systems have their own advantages so our advice is use them in combination.” That’s what suits me.

I’m here to learn and am well aware of the fact that what happens in the UK often follows the US.

I have made a shocking find Wavechange , on a visit to St Andrews I called into a local shop that has its main office in Paisley to buy certain female items for my severely handicapped wife .
They were out of stock but told me to order them via the web, as I don’t do that I phoned them and after them saying – you haven’t ordered over the phone in the past—-wrong ! and “we are out of stock ” I insisted they were wrong on both counts ,on checking she admitted I was right so I could use their secure phone system without security checks .

The order went through okay and I got an email telling me its “on its way ” ,the problem ? both the delivery company and their online tracking methods .
I have already been told to not deviate from convo,s ,not by a mm it seems nor mention the “big boys ” so much as I would like to tell you the shocking discovery I made in relation to computers/the Web etc I cant or somebody will take offence , this country is now running on a “need to know ” basis and the UK public are being kept in the dark about “covered up as an app ” malware ( yes I have a page full of adverse data on it ) its an American multi million $$$ company .

Apple’s cloud security has a good track record.

I have used it since the days of MobileMe without any problem.

Duncan – I am not sure what we as individuals can do to put an end to tracking and I doubt this is within the remit of Which?, other than push government to take action where appropriate. Which? can and does provide us with useful advice on computer security.

Sorry Wavechange I would not get so heated about this if it were just tracking I am talking of the deposit of a malware app directly into a Windows 10 operating system which needs a paid remover to dislodge it.
It redirects your browser , changes your start page and slows your browser down and much more proved to be easily hackable and filled full of trojans/backdoors etc .
Thats the only way I can track my parcel ,for a start its “lucked out ” with me cant install a website download directly onto my Manjaro system and would be isolated in my downloads file , I need to use a special Manjaro installation manager with 2 stage verification and even then it would block this evil app which is not approved nor in my special secure app store .

The British public should be told as more than one UK company uses it and 5 % of the UK population download it –dangerous !

I cannot offer any useful comment, Duncan. I don’t have problems with malware, even though I do order some things online and track the deliveries.

I have read your discussions with Derek and have picked up some useful tips but most of it I cannot relate to. I am sorry, but I don’t think I can make any further contribution to what you are keen to discuss.

I must say Which ? has taken some security measures which are good since reprogramming this website , I don’t want to name them but its a bit more professional now .

The take over of Twitter Boss Jack Dorsey’s Twitter account was down to – as in most cases of ‘hacking – human fallibility. He was a victim of Sim Swap Fraud.

I suspect that as long as humans are involved, no computer-associated system is ever totally secure. Apple has, in a sense, done most in this by using end to end encryption for which the secure keys are only with the user.

I have used Microsoft Office 2011 for years and decided to give Office 365 a go. The first thing I wanted to do was to show paragraph markers, spaces, tabs and page breaks in Word, which are immensely useful when working on anything other than the simplest document.

Unless I have missed something, I assume that Word in Office 365 is a cut down version of the standalone version.

A quick play online seems to confirm that, at least, the zero cost version does not have such a “show formatting characters” feature but at least one other online word processor, Zoho Docs, does.

Thanks Derek. My more recent Macs came with office software. Pages is the equivalent of Word and that shows formatting characters and page breaks and save in Word format, but I have become accustomed to Word.

If I had paid for access to Office 365 I would have been disappointed. I have ordered a standalone copy of Office and hope that it has retained the features I’m accustomed to.

DerekP says:
7 September 2019

Pages seems to be a decent word processor but it’s native files can be difficult to read on non-Apple platforms.

On one of my clients sites, I have just been migrated to W10 and one of the latest versions of MS Office. It seems to continue to support all my favourite obscure features, but can make them hard to find.

‘Numbers’ – the Apple equivalent of Excel – really messes up the layout of Excel files that I receive weekly. Even those who use Excel complain about having to make adjustments to suit their screen resolution. I wish people who circulate documents could be persuaded send pdfs when there is no need to edit the files.

Software is available at sensible prices to qualifying charities. For example Microsoft Office costs £25 + VAT from Charity Digital.

I always send PDFs when I can. I also make extensive use of Libre Office, which is reasonably good at reading and writing simple Excel files. But when it comes to charts, there are noticeable incompatibilities between Libre Office Calc and Excel.