You, groups, flickr and privacy

Most of the time people join flickr to showcase their photos, to get faves, and to get comments (hopefully both positive and constructive) to enable them to improve their photography. The photos you upload are shown in your flickr Photostream (or Camera Roll) which you can browse and put into Albums. You can create your own Galleries of your (and other people’s) images; Fave images that appear in your Activity stream (see later) and Follow people whose photos you like.

We’ll start by looking at the default privacy settings you can apply to the images you upload. The Settings page is accessed from your profile tab …

… which gives you access to a page with these headings …

… clicking on Privacy and Permissions brings up this screen – from which you should first look at Defaults for new uploads

Read carefully the Note: “if you add something to a group pool, that group’s members will be able to view and add notes, comments or tags, regardless of privacy settings.” There’s no privacy within a group. All members of the group can see all members’ photos. If you’ve declared your image to have restricted viewing to Friends, or Family however they will not be visible for public viewing in the group, even though the group page might be visible for public viewing.

After uploading your photos they will (unless you’ve changed the default settings) appear by default in the Activity stream which you can access from the flickr logo …

… from which you will also be able to see the images of the people and groups you follow. This is the default view when you open Flickr on a mobile device.

Any photo you fave is then attached to your account so that you can return to view it on a later occasion.

It is also possible – unless you’ve prevented it – for someone to download the photo, or add it to their own Photostream as their own! You might wish to check your settings to prevent that happening.

… and …

… so it’s important that you know what you’re doing when you follow someone – I certainly wouldn’t recommend the default setting of “Anyone”.

There are occasions however when you might wish to keep your photos completely private, or to share them privately within a Group. The settings in flickr to allow this are not exactly as intuitive as they might be so this post continues by seeking to help understand how you can “hide” your photos from the Public photostream, but to show them within a Group. Let’s start there.

Groups can either be Public, open to invited membership (or upon application to join) and then also to be Private. Note especially carefully the note attached to Invite-Only Group which can be either Public or Private … “Anyone can view an Invite-Only group page …”

The last case is obviously the most restrictive and in this situation a Group is setup by a Flickr member and they invite either existing Flickr members, or non-members to join the group.

They will be sent an invite to join flickr, and the Group, as a member. You can therefore appreciate that you have to be a flickr member to view Photos which are in a Group. However if they’re not hidden from the Activity Stream by changing the default privacy settings (as above) and if it isn’t a Private group – they’ll still be visible to anyone unless you’ve also changed your search profile …

For the Invite-Only Group which has not been declared Private it is important to note that anyone (even non-Flickr members) can view the group page, so as we shall next, if you want your photos to be completely invisible to the outside world, you’ll have to do something else to make them invisible!!

If you want to keep your photos visible only to members of a Group, you need to specify on the Default privacy settings page either “Your friends”, or “Your family” depending upon the nature of the Group; similarly you should restrict Comments (and Notes, Tags and People) to “Your friends and family”.

However these settings will then apply to every image that you upload and that might be more privacy than you really want, so you are able to choose the level of privacy on an image by image basis after you’ve uploaded them. This is done by looking at the information attached to an image after you’ve clicked on it in your Photostream …

… so, as an alternative, you could leave your Photostream relatively open using settings similar to the ones in the screenshots above and then restrict viewing of individual photos to Friends, or Family, etc. within Groups.

I hope this helps.

Open Source and “free” software

I was quite surprised to see when I reviewed the articles I’d posted over the years that I’d never written one specifically about Open Source software, and “free” software. Of course the topic has cropped-up quite a bit at Cardiff U3A Computer Group meetings, and I have referred to pieces of Open Source and “free” software on “Just thoughts …”, but I’d never put my ideas down about the reliability, philosophy, use and accessibility of Open Source and “free” software in general. Just as I write this – guess what popped-up on my screen …

Java – an example of a programming language that has morphed into a software development environment whose component parts are all, or can be replaced by, open source modules. Java is an accepted piece of the architecture of a huge number of the systems we use everyday, as is Apache – the web-platform that powers most of the Internet’s servers. I mention these two as examples because it demonstrates how deeply elements of Open Source thinking is embedded into so many of the systems we use every day. Other ones would be Linux,  and WordPress – a multi-platform  operating system, and web-publishing software which the Cardiff U3A Group has looked at before. So, in a nutshell – open source is respectable!

What makes software open source then? Technopedia defines open source thus …

“Open source is a philosophy that promotes the free access and distribution of an end product, usually software or a program, although it may extend to the implementation and design of other objects. The term open source gained traction with the growth of the Internet because of the need to rework massive amounts of program source code. When source code is opened to the public it allows for the creation of different communication paths and interactive technical communities; it also leads to a diverse array of new models.”

… thus the code is generally very safe, because it can be inspected by anyone, and any changes in the code can be easily traced. The definition goes on to explain the following …

“Open source revolves around the concept of freely sharing technological information so that it may be improved through multiple insights and viewpoints. Since the technology is open source, the amount of work that needs to be done is reduced because multiple contributions are added by many individuals. This concept existed way before the age of computers and even before the industrial age when people shared and improved recipes for food and medicine, for example.

In terms of open source software, the code is often freely downloadable and changeable as long as the user sticks to what is agreed upon in the software license agreement. Open-source software is usually under the General Public License (GNU), but there are other free licenses like the Intel Open Source License, FreeBSD License and the Mozilla Public License.”

That doesn’t make it necessarily FREE, because developers can charge for the software they develop on the base of open source, however generally if it’s made available under one of the above licences it’s often the Support and Implementation that’s chargeable, not the software itself. Look for the licences (as above) to determine whether the software is genuinely Open Source and thus you should expect it to be “respectable” and “safe”.

So any open source software must adhere to the following criteria:

  • Free redistribution of the software.
  • The source code should be publicly available.
  • The software can be modified and distributed in a different format from the original software.
  • The software should not discriminate against persons or groups.
  • The software should not restrict the usage of other software.

Then there’s Free Software. As I’ve explained most Open Source is distributed free of charge, and the intention behind it was freedom of code, and freedom from intellectual property rights. The subtle difference with Free Software is that in the latter the emphasis is on freedom for the user to do whatsoever they want to do with the code. It is truly FREE! As a term and as expressed by the Free Software Foundation it predates the Open Source initiative and was the driving force behind the licences mentioned above. Thus free software must adhere to the following four pillars of freedom (which are rights and not obligations):

  • The freedom to deploy the software for any use case without any restrictions. For example, saying that the license of a program expires after 30 days makes it non-free.
  • The freedom to study how the software works and modify it according to your needs and preferences.
  • The freedom to freely re-distribute the software to assist someone in need. The redistribution can be done at a cost or at no cost.
  • The freedom to enhance the performance of the software and release your enhancements for the community to benefit—both programmers and non-programmers. You can do this at a cost or at no cost.

Now it starts to get a little bit more cloudy. There’s freeware which might also be described as freememium, or shareware. I quote

“Typically, freeware refers to a software that you can use without incurring any costs. Unlike open source software and free software, freeware offers minimal freedom to the end user.

Whereas it can be used free of charge, often modification, redistribution, or other improvements cannot be done without getting permission from the author.

As such, freeware is often shared without including its source code, which is atypical to open source software or free software.

Two of the most common types of freeware are Skype and Adobe Acrobat Reader. While both programs are free to use, their source codes are unavailable to the public.

Most developers usually market freeware as freemium or shareware with the intention of encouraging users to buy a more capable version.

Freemium refers to a program that is offered at no cost, but money (premium) is paid for extra, more capable features.

Shareware refers to a program that is initially available without any costs attached, and users are encouraged to distribute copies. However, that cost-free period usually lasts for a certain period; thereafter, a user is required to pay for continued use.”

Finally, you may come across the term “donationware”. This is software that is distributed for free, but the author invites the user to make a contribution to the ongoing development costs (or the programmers coffee). It might also be described as “conscienceware”, or even “thankyouware”!!!

So armed with that information, it’s time for me to provide a list of the free software that I treasure the most.

Further reading

What is Open Source software, and why does it matter?

Free Software vs Open Source vs Freeware: What’s the Difference?

 

 

Great new Plugin from Ordnance Survey for Mapping Trails

I’ve been using a WordPress Plugin called OS OpenSpace Maps for quite a while that allows the mapping of trails (I use .gpx format to record the trails) onto an OS Map.

This has worked well, but in updating a blog post I came across the information that the Ordnance Survey has produced a new plugin that works with their DataHub Maps service. This is an even better service and if you’re a low-use user, you can upgrade to the Premium level subscription to get 1:25,000 scale maps.

The map can be easily zoomed and can be clicked to take to full screen size.

Here are a couple of links to help you along the way of installing and using the plugin.

The Plugin Page on WordPress – https://wordpress.org/plugins/os-datahub-maps/

Using the OS Maps API (which you have to obtain after creating an account – https://osdatahub.os.uk/docs/wmts/overview

A guide to using the plugin – https://skirridsystems.co.uk/wordpress-plugins/os-datahub-maps/

Really neat!

 

Using a Password Manager and implementing Two Factor Authentication

Introduction – passwords, passwords, passwords.

Log in to your e-mail account. Log in to your bank account. Log in to Facebook, WhatsApp or twitter. Log in to your Amazon account, or any other retail site. Log in to your photo sharing service. Log in to Thought grazing, or any other membership based organisation eg U3A, Which?

 

Is it possible to remember the number of applications you use on a regular basis that require a password? How do you keep track of all of all those passwords?

Here are a few tricks you might have tried or considered (with hints about why you may want to steer clear of some of them):

    • Memorise passwords. This is a great technique if you use your passwords every day, but maybe not for those you only need occasionally. If you don’t use a password regularly, there’s a good chance you could forget it if you rely on your memory alone. In addition, Web browser cookies can remember your login session for days or weeks at a time, meaning you only enter the password manually once in a while even if you use it every day. This could therefore be a weakness and security breach if someone stole your computer. So to login to your computer, or connect to your bank this might be the best approach, but be mindful of the potential security breaches and use for only a limited number of uses. [NB The login credentials to your bank are not saved on your computer, but other sites may well store them in cache or cookies to make it “easier” for you to connect!]

 

    • Use the same password everywhere. Memorising a single password for every account does make life simpler. For security reasons, though, this isn’t a great idea, because it makes it easy for a hacker who finds your user name and password for one account to break into your other accounts, too. So what you could do is have a base (root) password that is the same, and then add something you believe you’ll remember to identify the pairing of the password with the site (a variable). Thus making the password unique to that site. So if you wanted to connect to Boots the Chemist you might choose “B00ts&” before your root password. I gave some ideas on choosing a root password in an earlier post.

 

    • Write passwords down on paper. This is an ideal solution if you can hide the written information where no one else has access and you can remember where that place is :-). However not only is this a risk if someone finds the list, but a written list or an assortment of scraps of paper could also be lost or damaged, and you’ll need to find and update the list each time you update a password. This is most definitely the most frequently chosen option, and most certainly is the worst option too.

 

    • Write passwords into a file on your computer or mobile device. This is less likely to get lost than the paper, but you do risk losing the file if you have hardware failure. In addition, this file is as vulnerable to hackers as other files on your computer. You could encrypt it for an added layer of security, which makes this strategy similar to the next solution. I used this option for a while with the file saved on Dropbox and protected by a Password, so it was safe from loss – but it wasn’t encrypted and most definitely wasn’t very safe – but it was a safer option than the previous method.

 

    • Use password management software. Password management software is a utility you can use to save and retrieve all your passwords. This software could be a standalone application on your local computer or a feature within another application (such as your browser) – or both. This option greatly limits hackers’ possible routes to your password data while adding convenient features for organising and retrieving information. This is the strategy that is strongly recommended for everyone and for use on a single computer – it can be FREE.

When I sat down to write this piece, I obviously looked around to see whether there was any information I could reference. After I’d done that, it was clear that there was no point in me re-inventing the wheel. So I point you at this excellent introduction to Password Managers and review of the leading Password Managers out there. Read it before you go any further!.

Password managers – how do they work? Are they safe?

So you’ve read the article mentioned above? Yes – then proceed. Otherwise I really do insist you go back and read it.

So now you know there are browser-based password managers, cloud-based password managers and locally-stored password managers. You do know that, don’t you? If not, go back and read this article again!

Are they safe? – you only have to remember ONE password, the master password, and that unlocks your Password Vault. So compared with unsafe, easy to guess passwords, or scraps of paper – they are very safe; and you can’t lose them, forget them, or mislay them. They’re all in one place!

How do they work? – well, I don’t need to tell you much about this because you’ve already read this, haven’t you? Essentially, you can choose to let the Password Manager generate random passwords for every site you need to provide login credentials for, or you can provide the Password Manager with a password when prompted. I tend to do the latter using the “variable + root” approach I discussed before. It’s not that I don’t trust my Password Manager, it’s just that for many of the sites that I use frequently, it’s quicker and easier for me to supply the password because I can remember it!

Which Password Manager you choose to use is down to your situation – you could read this Review of Password Managers – which picks Dashlane and LastPass as best products. Either of these would be good to implement and use but they have different use cases. I use LastPass and pay a small amount annually so that I can use it on more than one device. I also use it because as it’s cloud-based, I can log into my LastPass account from any machine and access my online services. Dashlane lets you make the choice of local machine or cloud-based password storage – but it is not free, whilst Keepass (which is open source and free) works on a single machine, the passwords are stored on that machine – so that might be the option for you. If you only tend to use a laptop or desktop for browsing websites where you need to provide Login credentials, the free version of LastPass or KeePass is more than adequate.

Note: I do not recommend for the reasons explained in the article, that you use the Password Managers contained in your browser.

How do you use your Password Manager?

This is really beyond the scope of this article but elements of usage are covered in the two articles that have been referenced above. You should refer to the documentation for your chosen Password Manager.

What’s all the fuss about Two-factor Authentication then? Do I really need it if I’m using a Password Manager?

Well yes you do! It’s bandit country out there on the Internet. You’ll know  that if you’ve been on Have I been pwned? and seen your email address has been captured by a leak, or a hack. So it’s always possible that someone has got at least part of your login credentials, and from that it might be possible for them to request a new password – blocking you from using a service – or they may have even requested a new userid!  So that’s where 2FA comes in.

What is it though?

Essentially once you’ve implemented 2FA you’ll be asked for secondary information about yourself (Face-ID, or Touch-ID if you’re using an iPhone) or confirmation that you are the person you’re purporting to be – by asking you to supply a code that is displayed on a smartphone or other device you own, and which is to hand. Thus having your UserID and Password is not sufficient alone to access your account.

If you’ve used Online Banking recently you’ll have noticed they’ve implemented 2FA widely. In fact I believe they’ve been required to by the Banking Regulator. Thus accessing your bank from your device is intrinsically safer now than it used to be.

I’m not going to say much more about 2FA , I’m going to refer you again to a Guide rather than repeat the information myself – and quite possibly make a mistake in doing that. There are a number of sources of reference out there, from Google, Apple, Microsoft but the one that I’m pointing you at is this one which I think explains things well, and also points at how to implement it for a number of popular and well-used platforms and services.

Making life easier with an Authenticator for 2FA

Wouldn’t it be nice – instead of waiting for the site you are trying to access to send you a code to type into the box they’ve provided – if you could just look at your phone and see a code on it that you could then provide and type in?

That’s what an Authenticator does. Perhaps the best known is Google Authenticator – and that’s the one I use on my iPhone, but there are others. You might consider using LastPass Authenticator for instance, I’ve meant to try it out for quite a while, and there’s also Authy, which has significant advantages over Google Authenticator – but it’s perhaps best to get experience using the Google software first.

And that’s it! Thanks for getting to the bottom of this long article. I promise you, if you follow the advice and guidance included in it, and in the referenced articles, your online life will be much safer, more secure and your stress levels will be reduced!

What gender is a computer?

I’d like to thank a U3A member for sharing this with me and suggesting others might like to see it – not only as a light-hearted but also as a challengingly true piece of computer-related education (?)

It could be it’s an old video, and you’ve seen it before, but at least it’s not a Covid-19 meme!