The Rise of the Sociopaths
While this title above might seem like the name of a fiction novel, it isn’t. It’s actually what is happening in the world and specifically in the United States today. Yes, mental illness is on the rise, but so is COVID. Let’s explore just how COVID is playing a part in this.
COVID-19 and Sociopaths
Let’s lead this article with the primary explanation of what is occurring in the world. It is estimated that at least 1% of the United States population is psychopathic, which includes sociopaths. Sociopaths are one subset of mental health. However, this is a subset of mental health that allow people suffering from it to do a lot of damage very quickly when placed together.
When COVID-19 arrived, those who do not suffer from mental health issues feared (and continue to fear) for their their own lives and safety and thus, retreated to their homes. These same sane people who are cautious of getting COVID, are particularly fastidious about washing their hands, are limiting their exposure to others and are only shopping when necessary. Basically, these people are staying home and not being reckless with their own health, their family’s health or of those around them. They take all precautions, wear masks, order take out only, visit stores rarely and refrain from heading off to shopping malls, crowded movie theaters or hanging out in large crowds.
Sociopaths, on the other hand, don’t care about any of that pesky ‘safety’. Not only have they been told by Trump that the virus simply isn’t that dangerous, they personally choose to believe that themselves. The sociopath believes only what benefits them or their ego and discards all else. Being constrained by wearing a mask, staying at home and not being able to socially gather isn’t of benefit to a sociopath. Sociopaths actually need others around them to do their bidding, stroke their ego and to interact. A sociopath who doesn’t have “friends” to hang out with isn’t really a sociopath. Sociopaths appear to be extroverts even though they are technically loners. Though, the word ‘extrovert’ doesn’t accurately describe how a sociopath operates. Suffice it to say, a sociopath requires people to manipulate… and manipulate them they do. We’ll come back to this aspect shortly.
Because COVID-19 has shut in so many, those who are still running around with careless abandon primarily consist of sociopaths… or rather, those people who have sociopathic tendencies. Like pretty much anything, there are degrees of sociopathic behavior… which means a person can be a little sociopathic or extremely sociopathic with added traits like narcissism. Before COVID-19, society consisted of both normal mental health individuals and those with mental health disorders. Because sociopaths can blend in and appear normal, their behaviors were mostly kept in check by those “normal” people around them. Sociopaths deeply wish to fit in with a crowd so they can have their ego stroked. To do that, they adopt behaviors that appear to be the same as those of their sane friends around them. This reinforcing behavior keeps many sociopaths in check.
Since COVID-19 and the loss of so many “normal” people being out and about, the sociopaths have lost their reinforcing behaviors… yet they still need their egos stroked, still need to be able to manipulate people and still need all of the satisfaction they had prior to COVID-19. As a result, like attracts like. Because those who are running around are primarily sociopaths, they tend to gravitate towards like minded sociopaths. This firmly leaves sociopaths, who were formerly able to keep their mental health state in check with their sane friends, with their mental state unchecked and unbounded.
Trump
Donald Trump has shown himself to be a nearly text book narcissistic sociopath. What does that mean? It means never a hair out of place, an orange complexion, always dressed in a suit or another “smart” outfit… all the way down to his trophy wife. He surrounds himself with things and people that not only stroke his ego, but support his personal agendas.
Because he’s a sociopath, he doesn’t have a conscience… which means he’s brutally honest to a fault, he doesn’t tolerate people who won’t do his bidding and he will just as easily tell you off as act like your friend. In short he will do whatever it takes to get his agenda accomplished. If a sociopath doesn’t get their way, they will throw a tantrum. Narcissistic sociopath tantrums don’t usually include self harm, but they may harm possessions, animals or people around them both verbally and/or physically.
When their tantrum is over, they will act as though nothing ever happened. They won’t talk about it and they don’t want to talk about it. Instead, they are still laser focused on getting their way using whatever means is required.
Sociopaths always seek popularity, which is why Trump was so in love with Twitter. Having over 70 million followers is a HUGE ego boost for anyone. Being able to spout a message and instantly see thousands of responses is mesmerizing and incredibly satisfying to a sociopath… which is why Trump tweeted so frequently. Unfortunately, that satisfaction is fleeting. Like a meth user needing his next fix, sociopaths need their next ego fix constantly…. why Trump tweeted so much every day. Sociopaths have an insatiable ego-boost appetite.
If that’s where Trump’s sociopathy ended, I might not even be writing this article. Unfortunately, it doesn’t end here. Sociopaths are also expert at manipulating people by using lies, boasting, blackmail and fakery. There is no measure considered too extreme by a sociopath to get someone to do something for them. In fact, the more you tie yourself to a sociopath, the more they will use you for their own benefit. Unfortunately, to manipulate someone requires pathological lying. Both sociopathy and pathological lying go hand-in-hand. This type of lying means tricking someone into believing something that is untrue and then having that person act on that lie.
Conscience is non-existent by a sociopath. This means that they simply cannot feel sorry for, empathize with or in any way feel for someone else’s plight. They simply don’t have this ability. Because of this lack of empathy towards others, they will do and say anything without remorse. Just witness some of Trump’s speeches for various examples.
In short, a narcissistic sociopath like Trump, needs others to help him and stroke his ego at the same time. If they stop helping, they are summarily cut off. To invite a sociopath into your life is to invite a toxic relationship that will end badly.
Followers and Sociopaths
Trump’s goal is to not only stroke his own ego, but gain as many followers to do his bidding. In fact, he has done this. He has used lies to manipulate his followers into action. His latest action, unfortunately, went horribly awry at the Capitol Hill building. Unfortunately, when cornered, a sociopath begins making mistakes… which is exactly where Trump is. On January 6th, he was cornered. He either had to accept his loss (which is of no benefit to him) or he had to manipulate people in an attempt to change the outcome.
He attempted to manipulate Mike Pence into this, but that effort failed. He then resorted to inviting (and inciting) a crowd to Capitol Hill that turned into insurrection. Because his desperation level, as a sociopath, is increasing, so is his ability to rationalize outcomes. Typically, sociopaths are able to play out scenarios in their heads and see the outcome they desire. As long as they follow a specific set of lies and manipulation, they can usually affect that outcome. Unfortunately, these outcomes require unlimited amounts of time for the outcome to finally occur.
When tight time constraints are in place, the ability of a sociopath to see and plan for everything needed becomes clouded. They can’t manipulate and lie fast enough to get people to believe those lies and affect their goals. This then leaves the sociopath desperate and flying by the seat of their pants. Desperation only leads to instigating rash, difficult situations and mistakes… and in the case of Trump, with inciting insurrection. Because January 6th had arrived, he didn’t have enough time to plan a way to engineer a successful coup. Instead, he left it up to the crowds by requesting they do this work by “fighting”.
Trump knew very well the type of people he had invited to Capitol Hill and he was well aware of the types of paraphernalia they would bring with them. He didn’t have to explicitly tell his cabal to storm into the building as it was all subtext to be read between the lines. His mostly sociopathic cabal was well aware of exactly what he wanted done and attempted to execute it on his behalf. Unfortunately, because his cabal was a loose set of people rather than a cohesive group, no planning was initiated between those who breached into the building. Because of the lack of planning, they all did whatever they pleased as his cabal was mostly loner sociopaths themselves who can’t work together as a team. Thankfully, however, his cabal wasn’t organized enough to lay siege, occupy or hold its occupants hostage on Capitol Hill.
Election Rigging
Though, that didn’t matter. Trump has had 4 years to gather, indoctrinate and manipulate his cabal into doing his bidding through lies, lies and more lies. Remember that sociopaths are almost always pathological liars. His most blatant lie being that he won the 2020 Presidential election, when he clearly had not. Of course, his second lie was that since he didn’t win the election, the election must have been rigged. Nevermind the fact that rigging a Presidential election is basically impossible, which this fact has since been proven that no rigging was found. Trump continually cited counting irregularities, ballot counting issues and people’s anecdotes (lies from even more sociopaths) as rigging, but never actually provided any proof of that fact… to which nearly every court case Trump has created was dismissed due to lack of evidence. Nevermind that voting irregularities do occur in most every election, but are eventually found and reversed through proper vote counting and procedures long before the state certifies its counts.
Worse, he claimed that many dead people voted. Hello! The world is presently under threat of COVID-19. We’ve had 373,000 COVID-19 deaths in the United States to date. As of this article’s publish day alone, we’ve had 4,112 deaths from COVID-19. On November 3rd, we lost people to COVID-19. On November 4th, we also lost people to COVID-19. That means that every day since the 2020 Presidential election, people have died to COVID-19… many people who voted. So, yes, there will have been people who are now dead who voted in the election. That’s not fraud. That’s not rigging. That’s statistics.
Further, if a candidate wished to perpetuate fraud in an election, why would he or she do so with such a narrow margin? It doesn’t make sense. If you are intent on winning an election through fraud, wouldn’t you bump the numbers up to a least 60:40 or 70:30 so that there was no question about who, in fact, won? Why would you leave the win at almost 50:50 with such narrow margins in some states that it required recounting 3, 4 and 5 times?
No, I contend that someone intent on rigging an election would do so to such a degree that there would be no question about who won and who lost… and more specifically, who won immediately. With a 60:40 split, that would mean news services could call the election within an hour or two, not days.
Is rigging even possible?
Let’s understand that rigging an election would require access to not only one state of systems, but 50 states worth of independent systems. None of the each state’s voting systems are linked together. That means that Florida’s systems do not talk to systems in California or Idaho or anywhere else. This means that if someone wanted to rig an election, they would have to physically visit the voting centers in all 50 states and in all cities in all of those 50 states.
We’re talking about thousands and thousands of people all over the country simultaneously touching thousands of voting machines and making changes. It’s simply not possible or even feasible. Biden’s team and even the Democratic party doesn’t employ that number of people. Let’s forget all about the fact that Republicans and Democrats alike operate these election centers.
Worse, if an election were rigged, that also means that every race is suspect… not just the Presidential race. But no, the Republicans weren’t having any of that nonsense. They only blamed the Presidential race, but not the other election races on that same ticket. It doesn’t work like that. If an election is being alleged as rigged, all elections held that night are suspect. No candidate can win if even one race is under investigation for having been rigged. You can’t cherry pick what you want and leave the rest out. This is a classic sociopath behavior. Choose only the things of benefit, ignoring all other things. Logically, you can’t do that when calling out election rigging. Either all election races are suspect to fraud or none are.
Yes, it gets worse
Because the sociopaths of the world are out in full force due to their lack of conscience and empathy, they don’t care if they get COVID-19… or, more importantly, if they give COVID-19 to others. For this reason alone, the primary people attending Trump’s rallies and gatherings are very likely sociopaths, just like Trump. Like minds attract and all that.
That’s not to say that everyone attending is a sociopath, but the vast majority of those people attending his rallies are almost assuredly sociopaths… because those who don’t want to get COVID-19 are not heading out to his rallies, let alone large gatherings. That’s why Trump’s attendees almost never wear masks. That’s an ego thing, too. To wear a mask hides the very thing that allows the ego to be stroked. Anyone who is a narcissistic sociopath won’t wear a mask because it hides the ability to have the ego stroked… something a narcissistic sociopath desperately needs at every moment.
Because Trump’s followers… or more specifically, his rally attendees are primarily sociopaths just like he is, they have no moral compass. That’s why so many were willing to bring weapons AND grin for the camera within Capitol Hill. That’s ego at work. A sociopath needs to be praised for sitting at Nancy Pelosi’s desk, for pulling her plaque down smiling at the camera, for stealing her lectern, for breaking windows, for taking selfies with a cop. Anyone who does not have a mental health issue doesn’t need to do any of these things. These people doing this at Capitol Hill don’t have a moral compass, which very heavily implies every one of these people are a sociopaths.
Yes, there were people who were not entering the building. Yes, there were people who may have shown up simply to stand in protest. However, there were also thousands who crowded the steps, broke down doors and windows and allowed themselves to be photographed while grinning. Perhaps not everyone in that crowd was a sociopath, but those who don’t have a moral compass, who yell out death threats and who beat up cops, these are not sane people. Sane people don’t behave like this.
Trump has rallied and goaded people who are just like he is into these actions through lies. His sociopathic followers choose to believe his lies because it benefits them to do so and helps stroke their own egos.
This is the danger and risk COVID-19 and, by extension, sociopaths poses to society. By keeping the sane people at home, it leaves those with mental health issues running amok on the nation. This is why this article is entitled, “The Rise of the Sociopaths”. Our country is now under siege by these mentally challenged people. As long as Trump still has a mouthpiece to lie to them, he can incite his sociopathic followers further into action. The problem is, with Trump’s loss of Twitter, Facebook and other social media platforms, this is leaving him even more desperate and in need to reach out his followers to have them do even more damage. Trump will be required to take desperate measures to mobilize his cabal. The country is truly in peril by sociopaths.
We’ve only got 10 more days until the inauguration. However, Trump has 10 days to plan something big with his sociopathic cabal to not only undermine that inauguration, but perhaps damage the United States and democracy beyond repair. For this reason, it is imperative that Trump be removed from office immediately. He is a danger to not only himself, but to the United States and to the rest of the world.
Why not simply ask Donald Trump to resign? That won’t work. He’s a sociopath driven by ego. Voluntarily giving up his Presidential power isn’t something he can do. He has no moral compass or empathy. He simply can’t feel for the predicament he has placed the United States into. In fact, a sociopath cannot ever place blame for a problem on himself… even if he caused it. Donald Trump simply can’t see that he has done anything wrong by inciting insurrection. As a result of feeling like he’s done nothing wrong, he won’t give up his office. However, Trump does understand prosecution…
If I were on Capitol Hill, I’d be immediately offering Trump a deal in exchange for his resignation. While such a deal may be distasteful overall, the important national security part is that Trump is removed from office and can do no further damage. What deal is that? Offer Trump prosecutorial immunity with permanent exile outside of the United States in exchange for his immediate resignation. To negotiate with a sociopath, you must offer a deal that greatly benefits them and one that they can’t refuse. This offer greatly benefits Trump and the United States. It offers Trump a way out without any penalty of legal action and it forces Trump to leave the United States so he can’t possibly mobilize local crowds ever again. Secondarily, by enforcing permanent exile, it doubles the stakes by preventing him from ever holding public office again, without the need for impeachment.
As long as Trump remains in the United States, he remains a threat to national security in or out of office. The only way to stop that is to send him packing. I honestly don’t care if Trump ends up in jail or not. He just needs to be prevented from doing further damage to the United States of America and, sadly, prosecutorial immunity is actually a small price to pay to make that happen.
↩︎
Rant Time: Is Apple protecting our devices better than Google?
While many people believe that Google’s App store is a far inferior store to Apple’s app store, there is also a misplaced belief that Apple’s store offers more propriety than Google’s Play store. We need to understand more about both ecosystems to better understand the answer to this article’s question. Let’s explore.
App Protection
Certainly, iOS appears to be more resilient to malware on the surface, but is it? Google’s Android also appears way more prone to malware on its surface, but is it? We need to understand more about both of these operating systems and each OS’s overall ecosystems.
Let’s understand better how and why Apple has garnered its appearance of propriety, with “appearance” being the operative word. The first reason that Apple appears to have a better system in place is primarily because iOS doesn’t allow side loading of apps. What is side loading? Side loading is the ability for the user to load apps outside of the Android app store, for example using a USB cable or, more importantly, by downloading an ‘APK‘ file directly to your device from any web site.
While there are means and methods of side loading apps on iOS, it can only be done through Apple’s developer toolkit. You cannot perform this process directly on a phone in the wild. You can’t even do it with iTunes. If you had even wanted to side load an app, you’d have to jump through some fairly complicated hoops to make that happen on iOS. Because of this one thing, this forces you to download ALL apps from the App store.
On Android, you can not only use the App store to download apps, but more importantly, you can side load them. Side loading an app on Android does require some security setting changes, but this change is easily done in about 3 simple steps.
Does side-loading account for all of Google’s malware?
No, it doesn’t. After all, there are many who likely haven’t changed the necessary side-loading parameters and have still been hit by malware. So then, how did the malware get onto their phone? Likely, through the App store directly.
One App Store
Here we come to the second reason why propriety seems to prevail at Apple. With Apple, there is one and only one app store. With Google, there are many, too many. Google not only runs Google Play, but there are many other App stores including:
- Amazon
- Samsung Galaxy Apps
- Aptoid
- Sony Apps
- Huawei App Store
- F-Droid
- GetJar
- AppBrain
- SlideMe
- 1Mobile
- Opera Mobile Store
- Appolicious
- NexVa
- Kongregate
- Appland
- Itch.io
These stores are all independently owned and operated. This is not a complete Android app store list, but it gives you an example of how many different app stores are available for Android. This is significantly different from Apple’s iOS, which only supports one app store and that store is operated by Apple and Apple alone.
There is no such thing as a third party app store for iOS. It simply doesn’t exist.
Multiple App Stores
Because of Google’s insane choice to allow many app stores to operate simultaneously by different companies, Android users are at the mercy of each of those app store’s propriety. The difficulty is, there’s no rhyme or reason or protection afforded by many of these app stores, let alone Google Play. The secondary problem is that some of these app stores come preloaded as the primary download store on some Android devices.
Clearly, Google branded devices come shipped with Google Play set up. Amazon devices some shipped to use the Amazon app store. However, no-named brand Android devices likely come shipped with one of the above non-Google stores installed. In fact, it could even be set up to a store not in the above list… a store operated by the manufacturer of the device.
Careful with that App
The difficulty with multiple app stores is one of, you guessed it, propriety. What I mean by using this specific word ‘propriety’ is the app store’s ability to police its content for completeness, functionality and, yes, malware. In short, propriety is a company’s ability to protect its download users from malware or dangerous software.
The difficulty is that while Google might have enough money to throw at App vetting to ensure higher quality apps reach its stores, not every store in that list has the money to afford that level of commitment.
What this means for consumers is, when you use a random app store, you take your chances with malware. Multiple stores combined with side loading is nearly the sole reason why Android gets a bad rap for malware. These two things are something Apple doesn’t do in its ecosystem. For Android, it’s worse still. As a consumer of a device, you don’t really know which app store is the default on your device. Most app store manufacturers properly label their apps, but cheaper devices made by random Chinese manufacturers tend to play games with naming and might name their app store app Goggle Play or Gooogle Play or even simply Play Store. There are many ways that manufacturers of cheap phone devices can trick you into thinking that you’re getting your apps from Google’s store… when, in fact, you’re not.
Not only are there too many app stores that can provide questionable apps, Android has been licensed by so many random Chinese manufacturers (okay, so perhaps licensed isn’t necessarily the correct word here… it’s more like, ripped off). Anyway, if you buy into any of these super cheap Chinese phone brands, you have no idea where your apps are really coming from. Although, because it’s Android, you should be able to load Google’s Play store (the real thing) and use those apps instead… with should being the operative word. The device manufacturer could have instituted a block to prevent the use of the Google Play store.
However, replacing a crap store with Google Play typically takes effort on the part of the consumer… that and knowledge that they must take this step. Most consumers are oblivious to this aspect of their phone’s use and naturally assume the included app store is looking out for their phone’s well-being and their own best interest. You should never assume this, not even with Apple devices.
Apple’s App Store
Here we circle back around to Apple. We are beginning to see why Android is in the state that it’s in, but how much better is Apple’s ecosystem of devices?
A lot of people believe that because there’s only one iOS app store and because Apple is the sole operator of that store that this somehow makes Apple devices safer to use.
“Security through Obscurity“
This is a phrase tossed around in the security communities. What it means is that because a platform is more obscure (more exclusive and closed), that that somehow makes the platform safer to use. Security through obscurity works maybe 10% of the time. Maybe. The other 90% of the time it’s less about obscurity and more about best practices.
For example, you should never load random apps from any store. It doesn’t matter if it’s Android or Apple. If you don’t know anything about the developer, you shouldn’t trust them. Why?
App Store Approval Process
Apple’s app store approves apps for release into the store based on specific usability criteria. For example, that the developer is not including terms-of-service restricted content or features. Restricted content being whatever Apple or Google or that specific app store deems off limits within an application.
The developer must verbally or on a written form affirm that their app does not contain such restricted content when submitting it for approval. Even then, Apple may or may not be able to verify such an affirmation. Basically, developers can lie and say their app doesn’t do something that it does, in fact, do. Apple and/or Google may not be able to see the app doing it until that specific set of code in the app is triggered. In other words, the app may appear totally genuine enough to pass Apple’s and Google’s store submission criteria.
We have seen some apps which have been released into the app store as a result of such affirmations only to be pulled from the store when it is found that the developer lied about what was affirmed and stated to have not been included in the app. Apple doesn’t take kindly to lying about app features, particularly when you can see the app doing things it shouldn’t be doing.
Apple is relatively quick on removals of offending content from its app store. Google Play and other Android stores may not be quite so nimble in this process. In fact, many of the third party stores may not even police their apps at all. Once it’s in the their store, it may be there more-or-less permanently. Apple is much more active and selective with maintaining that their apps are upholding developer agreements. However, there is a limit to even Apple’s propriety.
Epic Games
This is a recent fight between Apple and Epic Games. Epic Games apparently decided to change the way it utilized in-game purchases, which has since culminated in Apple rescinding Epic Games’s license to use Apple’s developer tools. Both Apple and Google have since removed Fortnite from their respective app stores citing violation of the store’s terms.
In-app payments require that developers hand over a portion of their profits to Apple and Google. However, there are ways of circumventing that by including outside payment systems in apps. I don’t know exactly what was included by Fortnite that triggered this specific problem, but apparently Epic wasn’t satisfied by Apple’s greedy in-app payment system and decided to take a stand.
Some may think this is about consumer protection. It’s not. It’s about Apple profiteering protection. Apple cites its terms that apply equally to all developers, but in fact, this specific condition is intended to maintain Apple’s profits. Yes, it does apply to all developers (well, almost all developers… see Amazon below), but it is also a condition that is unfavorable to developers and extremely favorable to Apple’s bottom line.
Ramifications
Apple picked a fight with the wrong company in this “epic” (ahem) fight. Epic Games also happens to be the developer of the Unreal game engine. This is a very widely used game engine throughout the gaming industry. It’s probably one of THE most commonly used engines, particularly on gaming consoles.
Without access to Apple’s iOS developer tools, this engine is effectively dead on iOS (and MacOS) devices. Worse, developers who rely on Unreal to drive their own iOS games may soon find that they have to find another game engine. These Unreal engine users may wake up to find their Unreal-based game removed from Apple’s app store as a side effect of Epic Games’s removal.
If Unreal can’t be supported, then neither can the games that utilize this engine. This Epic Games fight has deep reaching ramifications for not only Apple, but also impacts every iOS device owner and every developer that uses Unreal to drive their game. If that game you love was built around Unreal, you may find that app no longer available in just a few weeks.
If you have the app downloaded onto your device, you can still use it. Bought a new Apple device? Well, don’t expect to cloud download that app again if it’s been removed. You’ll need to rely on iTunes backup and restore instead of Apple’s cloud storage… which relies on downloading the app again from the app store. If it’s been removed, the app will be unavailable. Only backing up and restoring through iTunes will recover apps you presently have on your phone device and which are no longer in Apple’s app store. Didn’t do this? Oh, well. That app is gone.
Apple’s Ramifications
Apple’s once burgeoning gaming section may soon become a ghost town. Maybe this is an exaggeration, but maybe not? Let me explain. The loss of the Unreal engine from the iOS platform is a huge blow to iOS game developers worldwide. It means game developers must either now build their own engine instead (to avoid such engine removals in the future) or rely on another gaming engine that supports iOS (at the peril of it being removed in the future).
Apple is effectively “Cutting off its nose to spite its face”. In other words, Apple has most likely done more long term damage to its own brand and products than it has done in short term damage to Epic Games. Sure, Epic’s loss of Fortnite on iOS is a big loss to Epic, but Apple’s loss of the Unreal engine is a much, much bigger problem for Apple.
If developers can no longer turn to the Unreal engine for use on iOS, then that means fewer games will be developed for iOS… at a time when iOS doesn’t need this gaming speed bump. Fewer games developed means fewer game apps in the app store. Fewer game apps means less revenue for Apple. Basically, Apple’s loss of revenue from cutting off developer access to the Unreal engine will come back to bite Apple hard in the ass.
Apple relies on that in-app revenue for its continued operation of the App store. If that revenue dries up, well so too will iOS devices while also undercutting MacOS notebook sales. It’s not just about Fortnite here. It’s about every iOS game using Unreal that also uses in-app payments legitimately. People won’t buy into a mobile platform when they can no longer find and play their favorite games, particularly if those games are on other platforms. The loss of the Unreal game engine is a big deal to Apple. Considering Apple’s paltry 10-13% mobile device market share as of 2019 (and shrinking), killing off development tools that bring revenue to the platform should be a big deal to Apple, one would think.
However, there are still other game engines that developers can use, such as Unity, BuildBox and AppGameKit. With the loss of the Unreal engine, of which many, many games are built on consoles, that means straight ports of well recognized and popular console games to iOS will become almost impossible. Very few console developers choose Unity and none use BuildBox or AppGameKit.
If Apple was hoping to pull over the bigger console titles onto iOS, they’ve just lost that opportunity by kicking Epic Games off of their platform. No console developer will spend several years porting their Unreal based game to Unity or one of the other game development kits. Without Unreal on iOS, the much larger money making console games will forever be locked out of iOS, simply because of Apple’s stupidity.
Instead of trying to work through a compromise with Epic Games over this issue, they simply pulled the plug. They’ve “thrown the baby out with the bathwater”. They’ve as I said above, “Cut off their nose to spite their face.”
Apple’s Stupidity
This is a huge blow to iOS devices and to consumers alike. Within the next year or so without Epic Games support on iOS, Apple’s gaming community is likely to dry up. Games like Fortnite can no longer come to exist on Apple’s platform because of the loss of the Unreal engine.
There is a bigger danger to using a third party game engines for iOS games. If you, as a developer, settle on a third party game engine and that engine developer has a fight with Apple thus causing their developer licenses to be rescinded, just like Epic Games, you could see your game pulled from the store or, more importantly, obsolete by the next yearly iOS release. This whole Epic fight has some serious ramifications to the gaming industry.
I guarantee that with Epic Games being pulled from the Apple platform and if this is allowed to stand going forward, Apple’s usefulness as a gaming platform will greatly diminish. Not instantly, but definitely over time. It will definitely erode confidence in iOS and MacOS as a gaming platform.
Lest you think I’m being overly dramatic, I suggest you look at this very long Wikipedia page and see the list of games produced using Unreal for consoles, specifically Unreal Engine 4. Every single one of these games had the potential of making their way to iOS or even MacOS. This hope is now lost. The loss of the Unreal engine on Apple’s ecosystem is a loss to the entirety of Apple’s devices.
If Apple had designs of getting into gaming, they summarily lost that hope in one fell swoop. What’s worse is that other game developers may follow suit and voluntarily pull their engines from Apple’s devices as well, leaving only the smallest and crappiest of game development engines available for iOS devices… firmly dragging Apple’s devices back into the stone age for gaming. The best you can hope are the silly finger swipe games that leave you bored in less than 15 minutes.
Sure, Bethesda, Ubisoft and Activision may continue to maintain their proprietary engines on iOS and MacOS for their specific games, but up-and-coming and existing Unreal console developers alike have lost any iOS portability inroads they might have seen on the horizon.
Though, I suppose this situation is a win for Sony’s PlayStation and Microsoft’s Xbox consoles… and consoles in general.
Epic Games Ramifications
I would be remiss without discussing the ramifications to Epic Games, also. Certainly, Epic Games has lost a huge platform for both Fortnite and the Unreal engine … well, two with the additional loss of Google’s Play store. Though, I don’t think that Google has yet rescinded Epic’s developer license for Android. As a result, would-be game developers considering which engine to choose will not choose Unreal if they have eyes on iOS, MacOS or possibly Android (depending on how far Google takes this). For game developers who’ve already chosen Unreal, it’s probably too late to undo that choice. Game developers in the planning stages can reconsider which engine to choose.
Epic Games Unreal engine may not fall out of favor with the game development community. It was formerly an engine developers could rely on, more specifically for a wide range of platform support. With the loss of iOS and Android, that leaves a big hole for the Unreal engine, and Epic Games. That’s basically the loss of every mobile platform! Epic Games chose this battle by not wanting to follow Apple’s greedy rules.
Honestly, I don’t blame Epic. Amazon fought with Apple over these very same rules a long while back. Amazon chose to remove all ability to buy anything via their apps. Though, the Amazon app seems to have regained its ability to purchase junk, but I’ve no idea how they’ve worked this with Apple. Epic should cite Amazon app’s ability to purchase products using a third party payment processor. If Amazon can do this, Epic should be able to as well. It seems that even Apple isn’t following its own “all developers are equal” rules.
Tim Sweeney, Epic Games CEO, should call out this incongruity in Apple’s “equal” application its app store terms and conditions. If Epic Games is violating Apple’s purchasing rules, then so is Amazon… and so is any other company who is able to offer purchases using their own third party payment processor.
However, that doesn’t leave Epic Games without problems. Without iOS and Android for not only Fortnite, that leaves a huge revenue stream hole for Epic Games. That’s the downside for Epic. That and the loss of being able to license the Unreal engine to would-be iOS and potentially, depending on how far Google takes this, Android developers.
TikTok and WeChat
Beyond Epic, there are other problems brewing at Apple. The problem with Apple’s app store is that it will accept and publish apps from any developer from any part of the world. Yes, even communist bloc countries like China and Russia.
What does this mean for you as a consumer? It could mean spying, malware and theft of your data. Apps like WeChat and TikTok originated in China. These are apps that were intentionally designed and released by Chinese people who live in China and who have no ties to the U.S. and who don’t care about data privacy, your data or anything else about you. They don’t even have to follow United States laws. They want your money and they’ll do whatever they can to get it. They don’t care if they have to step on your toes (or turn on your camera and microphone at inappropriate times) to do it.
Apple has been entirely remiss in this area of vetting apps. Can we trust apps developed and produced entirely in China or Russia? Yet, Apple has published these apps to the App store and still allows them to remain in the store. But… Epic Games, a U.S. based game developer, can’t keep their app in the store because of silly in-app purchases? It’s perfectly okay to allow apps to spy and steal data for communist bloc countries, but it’s not okay for a U.S. developer to want to use a third-party payment processor. Yeah, Apple’s priorities are entirely effed up.
Apple’s values at this point are entirely suspect. What Apple has done to Epic is retaliation. It has nothing to do with propriety or consumer safety. It has to do with ensuring Apple’s revenue remains intact. If it were about consumer safety, Apple would have not only re-reviewed WeChat and TikTok for appropriateness the moment the President called them out, they would have been removed from the store.
This is where we learn Apple is not about propriety, it’s about making money. Losing the ability to make money from Fortnite (and by extension the Unreal engine) is way bigger of a deal than allowing Tencent and ByteDance to use their respective apps to potentially spy on U.S. consumers.
Here’s where consumers get lost in the mire and murk of it all. Apple’s silly hide-everything-from-everyone ideals allow this sort of behavior from developers to fester. Developers get to hide behind Apple’s veil of secrecy and “wall of friendliness” so that apps like WeChat and TikTok can flourish without consumers being the wiser.
Yet, here we are. Chinese and Russian apps are infiltrating Apple’s store with careless abandon, some of these are taking the Internet by storm, like TikTok. ByteDance rolled the big one with TikTok and now they can roll out spying measures if they wish, assuming they haven’t already.
I look on anything coming out of China as suspect. Most products coming out of China are third rate products that fall apart as soon as you sneeze on them. Many are counterfeit or are a stolen designs from an original product created outside of China. Clearly, China’s ability to innovate is limited. Instead, Chinese engineers must reverse engineer an existing design that originated outside of China only then to build their thing based on that existing design. Copying is said to be the highest form of flattery, but in this case it’s intellectual property theft.
With products that don’t need the Internet, such as a toaster oven or a microwave or a fridge, other than their possibility of falling apart or harming you physically, they can’t steal personal data or spy on you. Like physically harming you with junk appliances from China, downloading apps from an app store can be equally harming to you. They can steal keyboard input, turn on microphones and cameras at inappropriate times, grab your photos… they can even monitor which apps you use and watch your movement around the city via GPS on your phone. There’s so much data they can collect about you, including the contacts in your phone book.
By installing one of these communist bloc apps, there’s literally a mountain of data they can learn about you from your device. Spying? That’s literally an understatement.
Apple has given the communist bloc countries carte blanche access to U.S. owned devices through iOS. Google has done the same with Android. Worse, both Apple and Google are doing absolutely NOTHING about this. Treason by U.S. companies? That’s an understatement. They not only allow these apps to be published, they’re endorsing them… and some of Apple’s and Google’s own developers may even be using these apps personally. Talk about inception.
Spying
Spying was formerly thought to be about covert operatives running around gathering intel with crude and rudimentary devices in black garb. Today, it can be done in broad daylight using every person’s very own cell phone right in their hand.
Need access to listen in on a conversation at a specific GPS point… I can just hear someone say, “Let’s see which of our apps are on devices close to that location.” Yeah, this is a real thing. Simply enable the microphone and possibly even the outward camera and BOOM, you’ve got access to immediate intel relayed instantly back to you in real-time.
Yeah, that’s the danger of social apps like TikTok and WeChat. They can be used to eavesdrop on anyone anywhere. You only need to give access to the camera and microphone and boom, they’ve got access anywhere the app owners wish.
Apple can thwart this possibility potentially, but only if they add some heavy restrictions for when and how these devices may be used. Like, for example, these devices can only be enabled when the app is the front most active app and the screen is on (i.e., the user is accessing the screen). Even then, access to these devices should always require positive confirmation to use them every single time. Without positive confirmation, these devices cannot be enabled remotely.
Otherwise, spying is already here. Nefarious apps can listen in on what you are doing without your knowledge. They may even be able to switch on the camera and stream video data back to whomever. Yeah, bad news here.
Malware
Many people think malware means software that intends to cause malicious harm to your device. It doesn’t only mean that. Malware covers a lot of territory including spyware, malicious software, ransomware and many, many other types.
Any type of software designed to subvert your device for someone else’s use is considered malware. Don’t limit your thoughts to only software that intends to erase or destroy data. It doesn’t end there. It begins there. It ends with any software of malicious intent, including any software that is designed to spy on you, steal your data, copy data from your device or attempt to get you to do things that might compromise not only your phone, but also your personal finances.
However, the days of overt malware are firmly over. Now we’re seeing a new wave of software that makes itself appear legitimate by offering seeming legitimate services, but which have malware belying that happy-go-lucky façade. It’s the software version of social engineering. They trick you in believing you’re getting a real legitimate app, but underneath, these apps are doing things they shouldn’t be doing.
This is a new wave of bad news rolled into one app. No one can know the ultimate intentions of an app producer. Hopefully and trustingly, we put our faith into the developers hands to “do the right thing”, to be upstanding and give us an app that does only what it claims.
Unfortunately, we’ve moved into an era that’s now firmly gone beyond this. If you’re getting an app from a U.S. developer, you can pretty much be assured that what the app says that it does, it actually does do… and nothing beyond that. That’s a given because U.S. companies must follow U.S. laws. With apps coming from China or Russia or Cuba or Vietnam or even North Korea (don’t kid yourselves here), you have no idea what their ultimate motives for producing that app are. Worse, they are not required to follow United States laws. Yeah, and that’s the problem in a nutshell.
Apple and Google’s trusting nature
These communist countries not only see the dollar potential wrapped up in these apps, but they also see the spying potential above the dollars. Not only can they divert U.S. dollars outside of the country to fund who-knows-what, they can steal your data and spy on you, too.
Why? Because Apple and Google are far too trusting and let them do it. They believe that developers will be good neighbors and not do untrustworthy things. Apple and Google are both trapped into believing that everyone will follow United States laws. Naïve! Unfortunately, that trusting nature is now being used against both Apple and Google… though, Google more than Apple by these communist countries. Google devices way outpace Apple’s devices in market share. In 2019, Apple’s devices made up just ~13% of the market, where Google’s Android devices made up a whopping 87%! Together, Apple and Google make up close to 100% of the market, with the small remaining percent running other mobile operating systems (yes, there are a few).
For Google’s saturation reason, it’s no wonder why malware authors are targeting Google over Apple. It’s a simple matter of low-hanging fruit. Google’s fractured stores and litany of device problems has led to where we are. Malware authors can have a field day with Google’s devices because they can take advantage of these tinier stores with much reduced release restrictions. It’s easy, then, for small indie developers to release malware onto Android… far too easy. It’s much more difficult to do this same thing on Apple devices. That is, until you realize exactly how developers are outwitting Apple’s far-too-trusting nature.
Once not-so-upstanding developers understand they can disguise malware underneath a legitimate service, they can then push that service out to app stores (with Apple’s blessing) and get people to use it, in similar form to TikTok. In fact, perhaps the app was even released without the malware to have the appearance of propriety (and to pass Apple’s initial scrutiny). Then, after enough momentum has been reached, the app developer can then slowly release updates containing bits of malware at a time. As far as I know, Apple doesn’t put the same level of scrutiny into app updates as it puts into new app listings. Apple’s hands off approach to updates means the author can slip bad features into updates under Apple’s and our noses and none will be the wiser.
Security Considerations
You always have to really think 🤔 about what apps you have installed and why you’ve installed them. More than that, you need to find out who specifically is developing your apps and where they are in the world. You might be surprised to find that the author doesn’t live in the country where you reside. If the author isn’t in your country of residence, they don’t have to follow your country’s laws for, well, anything.
Of course, you never know what an app author intends by writing and releasing an app. Even the money making aspect on the surface may not be the actual agenda. Hopefully, the app’s purported use case (making money) is the only reason the app exists. Unfortunately, subversion seems to be becoming more and more common in apps, particularly those that may not be developed in the same country where you reside.
For example, someone who develops an app in China doesn’t have to follow the laws of any other country than China. Meaning, if the app developer decides to include spyware, no laws will apply to that developer other than Chinese law. Even then, since they weren’t spying on Chinese citizens, they likely won’t be seen as having violated any Chinese laws… even when spying on citizens in other countries. Because the U.S. can’t apply laws to Chinese citizens, any spying that may have taken place is damage already done. The only action that can be taken is banning the app entirely from the U.S., just as Trump had wanted to do with TikTok.
Every mobile device user must remain on their toes. You can’t assume that Apple’s closed store nature will protect you from spying or data theft (all forms of malware). Apple is way too naïve for that. Instead, you must do the research yourself. Determine who develops an app you intend to install. Find out where they live in the world. If they live in a country where you do not, your local laws will not apply if the developer includes illegal activities in your place of residence. This means they can do a lot of nefarious things and never be caught at it, particularly if they live in a country like China.
If you want to safeguard your own data, don’t install apps without knowing where the author lives. No, not Android and not even on iOS devices. No, not even on… and especially not on company owned devices.
In this day and age of anyone and everyone who can design and build an app basdd anywhere in the world, we’ve firmly come to a time where our devices can be used to spy on us and those around us simply because we’ve installed a random app.
It’s now only a matter of time before government policies catch up with this technology trend and new laws begin emerging which intend to hold device owners responsible for treason when an app spies on and funnels data outside of your country of residence.
In answer to the article’s primary question. No, neither Google nor Apple is better at protecting our devices from malware. However, while the overt malware may be less common on Apple devices, Apple’s and Google’s trusting nature is now firmly subverting our devices for foreign spying activities… particularly when these apps are designed to intentionally use the camera and microphone.
↩︎
The U.S. in Peril
I really didn’t want to write this article, but it must be written. Unfortunately, the US (and probably other countries) have come to a crossroads. As they say, the truth will out…. and here it comes. Let’s explore.
Brutal Truth
These lockdowns and shelter-in-place orders have caused many, many small and medium businesses to shutter their doors and lay off staff. They’re not closed for only a few days, but for potentially weeks and possibly even a month or two.
Practically no business is prepared to run without income for weeks, let alone months. It’s no wonder, then, that business owners and operators are laying off so many of their workers. You can’t continue to hold onto staff when you can’t even pay your own business’s lease and bills. This is just the tip of this iceberg.
You just wait. It gets worse. Much, much worse.
Unemployment
It is theorized that as many as 20% may become unemployed due to COVID-19. I’d guess that this is a conservative estimate and it will go much, much higher than this. 99% of businesses in the US are considered small businesses. This is the highest failure group for an extended lockdown scenario.
JP Morgan Chase writes:
Over 99 percent of America’s 28.7 million firms are small businesses. The vast majority (88 percent) of employer firms have fewer than 20 employees, and nearly 40 percent of all enterprises have under $100k in revenue.
What does this mean for the US? This means that potentially 28.4 million businesses are at risk of permanent closure due to the COVID-19 crisis. That means potentially up to 568 million jobs are also at risk of loss due to COVID-19.
Some small businesses may be able to weather a few weeks of this storm, but not much after that. Again, this situation can (and likely will) get much worse the longer it lasts.
Survival and Economy
With up to 568 million people without jobs, this means that the economy will not only tank, it will implode. The stock market won’t even exist. There will be nothing left of the US economy.
I did say that this can get worse. Yes, it can. And… it can even go beyond this.
Apocolypse
This word is actually defined as “catastrophic change”… with the word catastrophic being the key word here.
Turning out this many people to unemployment means desperation. As people’s ability to feed, clothe and house their families and themselves dwindle, desperate actions will become necessary (at least for some). Once the newly turned Robinhood thugs turn out en-masse to shake down those who “have” to feed those who “haven’t”, it’s going to get ugly. Really, really ugly. In fact, COVID-19 will likely become the least of everyone’s worry.
It will then become mostly about survival of the fittest and who has the “necessary force” to get what is needed to survive.
We haven’t yet reached this level of desperation as people still have small stock of food, water and can live out their remaining rent, but our society is quickly coming to a turning point. Once rents can no longer be paid, food can no longer be bought and gas can no longer be afforded (or even found), the niceties of our former social world will come to a grinding halt. Then, desperation takes hold.
What will ensue is looting, gangs and these folks being forced to obtain food, water and shelter by force. The currency will no longer be the dollar, but the bullet or knife. Violence is in the US country population’s nature. When it becomes necessary to survive (and it will), then all bets are off.
Martial Law
Yes, the Government can roll its military through and declare martial law to attempt to stem the tide of the new age of lawlessness that will begin, but that can’t last. Eventually, the government itself will break down and fail to be of any use. Those in the military will be conflicted about where to take orders and, indeed, where if any place can they even use the money they are being paid.
If small businesses fail, what can you spend your money on? Will that money even be worth anything? Larger businesses like Target and Walmart may be able to last for a bit longer, but eventually the supply lines will dry up as the small business suppliers close. It will become a vicious cycle that won’t end until the country has entirely unraveled.
Making the hard Choice
The country is at a serious perilous crossroads. It can keep everything closed in order to stem the COVID-19 tide or it can immediately lift the lockdown and shelter-in-place orders and let businesses reopen to save what’s left of the economy.
With COVID-19, we may be forced to let the chips fall where they may. We can’t keep society closed forever. We can’t even keep it down for a few weeks. For the US to continue its way of existence, it must be unlocked and allowed to resume.
Yes, we need to be cautious and vigilant to avoid getting COVID-19, but we can’t let COVID-19 grind the US to a halt and, subsequently, to completely unravel the US’s entire way of life.
We have to consider what’s worse? Perhaps 500,000 deaths from COVID-19 or millions of deaths due to a bankrupt US economy leaving millions homeless? Without an economy, the US can’t survive as a country. Having a president preside over a dead country is like not having a president at all.
Believe me when I say that if the US is forced into martial law, it won’t be long before there’s bloodshed… and that won’t have anything to do with being infected with COVID-19.
As I said, I really dislike writing this article, but the outcome of what can become a very real possibility must be said. Right now, the president is basically saying, “everything’s going to be okay”, but that’s not reality. If these lockdowns continue beyond a week or two, much of our country’s way of life is doomed to vanish forever. Even Hollywood may never be able to recover from this… the biggest entertainment producer in the world will be lost. Without Hollywood and the music business, this country will plunge into a second dark age.
With all of that said, cities, counties and even the federal government needs to reconsider these lockdown actions pronto. Staying locked down for months will tailspin the US into unrecoverable territory. This will force many families into the streets without the means to obtain food, clothing or shelter. The homeless shelters will be forced to shutter because even they can’t afford to stay in business. Literally, the entire country will fall back to “the wild, wild west”. People will be forced to take matters into their own hands to survive.
Now, it is difficult to foresee exactly how all of this plays out, but no matter the sequence of events, the end result will be failure, death and loss of the US way of life. We will turn back into small communities together using local services. We will have to barter to live. The technology we so actively thrive on will cease to exist. The computers will still function, but the internet may effectively shut down as more and more businesses are forced to close. Even cell phones may become a thing of the past as lawlessness and anarchy begin driving survival. Even money may become worthless paper.
Alarmist?
This article may seem a bit alarmist. In part it may be, but it is also grounded in current lockdown reality and is based on where we are headed today, while still in the early stages of these lockdowns. Simply reviewing Twitter, you can already see just how many people have been furloughed or laid off due to COVID-19. This is just the tip of a very large iceberg. News articles show restaurants and other businesses with their doors shut and lights out.
Right now is a perilous time and our government leaders needs to weigh what’s coming if we remain on this course. If we don’t change our course now, there may not be any time left to change this downward spiral.
COVID-19 may, in fact, turn out to be the least of society’s worries. Our society isn’t currently prepared to live and work at home on a semi-permanent basis. It hasn’t ever considered or prepared financially for this eventuality. There are just no work-at-home jobs that pay enough to live. Most businesses can’t afford (nor are they willing) to begin paying people the salaries they were getting when they worked in a company office. I’m not even sure that companies can recover enough at this point to pay those former salaries anyway.
Tailspin
We only need to look at the stock market to understand the ramifications of business closures, layoffs and lockdowns. Clearly, people are selling because they know they will need that money to live. The stock market can’t handle this kind of mass sell off. But, it’s inevitable and it’s only going to get worse before it gets better.
This means way less investing overall and that means less investment capital for businesses to stay in business. Businesses will also need to recover any investments they currently have to pay their own bills also, which means more selling. And, unless this COVID-19 lockdown business is unlocked soon, there won’t be an economy left to save or investments worth holding.
Only the currently richest businesses may be able to weather this storm for any length of time, such as Apple and possibly Google. That is, those businesses with billions in the bank. That also depends on how worthless the dollar becomes. Even then, these rich companies will have to start trimming their own workforce or face a cash hemorrhage crisis.
This situation will likely also tumble salaries massively. It will tumble everything including home values, multifamily rent and even phone bills. Not only will it be a recession, it may become a depression forcing major deflation across the board. One might think deflation is a good thing, but it’s not. When few will be able to afford to pay for much, even at deflated prices, we’re in for a rough and violent road ahead.
Prevention?
Can this combined economic and societal tailspin be prevented? It depends entirely on our governmental leaders. If they can find ways to prop up the local economies while allowing businesses to reopen in safe and effective ways, then perhaps. Unfortunately, I doubt that propping up everything is possible. There are far too many people to attempt to prop up every man, woman and child in the nation. Even the measly $1000 grant from the government can’t possibly help to stem this quickly overflowing tide. The only thing it will do is, in fact, make the situation worse.
How can we reopen safely? That’s the million dollar question. The first thing that needs to happen is to find a way to disinfect people’s clothing and surfaces before they enter any large gathering. This way, when they touch any surfaces within, there’s no chance of leaving latent virus behind or picking one up. Second, we need near instant viral load testing. It doesn’t matter the virus. What matters is that the person has a high viral load of any kind. If a person is carrying a high viral load of any kind, they will be denied access to all social gatherings. It doesn’t matter if the virus is COVID-19, HIV, the flu or a simple cold. We can’t be specific here. Testing needs to be general because it’s too complicated to try to determine COVID-19 specifically. This will weed out super spreaders.
With any high viral load, you can’t fly, you can’t get on a bus and you can’t enter a restaurant, store or any other business. If you’re carrying a high viral load, an isolated medical transport will come to collect you and take you home where you must stay until you can be tested viral load free. If you’re found out and about a second time, you may be jailed. HIV positive people may be a problem in this. But, HIV is also a virus and it does count under viral load. It’s not necessarily spread as easily as COVID-19 appears to be, but it is spreadable.
These actions are the only way we can protect citizens against COVID-19 and still operate society in some kind of normal fashion. Without some semblance of normality resuming quickly for our every day lives, there will be no hope of recovery for not only the economy, but for society in the US as a whole. When TV shows can’t film, when music performers can’t perform, when you can’t go to the movies, a restaurant or even an amusement park and when everyone is scared to even walk out their front door, society grinds to a halt… and that’s where we are now. Society has stopped dead in its tracks.
The things that the US is so known for can’t even be done. All business that revolves around those activities and linked to activities plus the activities secondarily and tertiarily linked will equally suffer. It’s a huge supply chain, with emphasis on the word ‘chain’. When one link breaks, the entire chain fails.
Unless we can figure out a way to kick our society back into gear, fix the chain and keep it going, we’re at the cusp of situation that is bad… very, very bad. So bad that it’s practically impossible to understand or predict just how bad it can really get. Though, we can most certainly guess.
Lawlessness
When there is a large contingent of the working force that becomes not only unemployed, but hungry and homeless, where do we go from here? As the saying goes, “Desperate times call for desperate measures.” What that means is that many people will get desperate to feed, clothe, house and protect their families… and many will attempt to take matters into their own hands to make that a reality, using necessary force if needed. This means I’d expect gun violence and looting to drastically increase.
This lawlessness will drive the government into declaring martial law. Right now, we’re at the cusp. We are teetering on the precipice. But, it won’t take much for that edge to collapse and then society falls in. In fact, we’re currently on the verge of collapse.
Government, Survival, Society and Hard Choices
I urge the governmental leaders to reconsider these lockdowns. Instead, we need to find alternative workable solutions that allow businesses to resume normal operation while attempting to keep them safe from COVID-19.
If we can’t resume a semblance of normal societal operation, we will likely end up in bloodshed. We might even have anarchy on our hands. We could even have more deaths due to unemployment and a deep depression than from COVID-19.
Governments must weigh these risks carefully. COVID-19 is a known quantity. It will kill a number of people just because of what it is. But, attempting to protect every person from it may end up collapsing society as we know it. This collapse could very easily bring about unnecessary violence as people attempt to survive. A societal collapse could even bring about more death, violence and destruction than even COVID-19 and the Flu combined.
When people get desperate enough, they will break into houses, steal food, clothing and use it for shelter. They may even consider killing others to get what they need. They will break into stores and loot. They will break into stores to steal necessities. Is that where we want society? Is that what we want to see? Is that what the current government really wants for its people?
All told, the death toll from violent survivalists could actually kill more people than COVID-19. This risk must be weighed! Letting the virus run its natural course while allowing society to operate may be a better (and safer) choice than having to declare martial law, while attempting to lockdown an entire nation. There are simply not enough troops to do that, which will lead to an even worse outcome. This situation could even trigger a second civil war, except this time it will be between governmental forces and its out of work citizens.
If we let society collapse, all bets are off on how many deaths may occur… not necessarily directly because of COVID-19, but this virus may certainly contribute in some way to that death toll.
This is a serious decision that governmental leaders must consider and they must decide NOW. Complacence and apathy doesn’t work. Strong decisive change must be implemented quickly. It may not be happy news for some, but society can’t be ground to a halt for the 18 months (as some organizations have predicted) for COVID-19 to subside. The US can’t survive an 18 month lockdown. It can’t even survive a 1 month lockdown. We must craft an alternative solution. We must craft and implement that solution NOW, while there’s still time to bring us back from the precipice. There is no other choice.
↩︎
How to prevent school shootings
On the heels of the Parkland, Florida shooting, this question has emerged yet again. Can we prevent school shootings? Let’s explore.
Mass Shootings
In recent years, mass shootings seemingly have been more and more frequent. Or, at least so it seems. It’s not just school shootings, it also includes shootings like Las Vegas and the Pulse Club shooting in Orlando. I’d even include the mass killing by vehicle where people mow down crowds of pedestrians. While these last three examples aren’t school shootings, they do point to a systemic problem that appears to extend beyond the school into our everyday lives.
We don’t know why these mentally disturbed folks decide to pick up a weapon and point it at a crowd or drive a car through a crowd. However, I’d start by looking at commonalities. These might include medications they were taking or things they were doing in their daily lives. It might even be mental health problems.
Parkland Shooting
My heart goes out to those who have had loved ones taken away in Parkland. However, Parkland is the most recent example of a mass school shooting allegedly committed by a former student who had apparently been expelled. What triggers these people? Though, the bigger concern is less why this student was triggered and more how this student found access to weapons. And, herein lies the problem and with it, the solution.
Weapon Access
The bigger question is, how did a 19 year old get access to the weapons he allegedly used? In many states, it’s perfectly legal for an 18 year old to purchase and possess a rifle, but not legal to purchase or possess a handgun at that age. In the case of the alleged shooter, he apparently legally bought the AR 15 rifle just weeks before the shooting. I guess the somewhat odd thinking here is that a rifle is more obvious than a handgun. This is backwards thinking. The rifle, while being obvious when someone is holding one, is obviously a more dangerous weapon… especially if it’s an AK-47 style semi-automatic rifle. This compared to a handgun which isn’t always semi-automatic, though some are.
Here’s where we have a problem. The point to an semi-automatic rifle is to point and spray. That is, to discharge as many rounds as fast as possible. These weapons are designed to dole out mass amounts of bullets and damage. This compared to a handgun which isn’t typically designed for this purpose. Here’s the first problem. Why are semi-automatic weapons allowed to be sold at all, let alone to someone under 25? These are weapons that should, if at all, only be sold to people who can pass a proper gun test and full background checks. It should also be limited to someone aged 25 or older.
If an 18 year old wants to gain access to semi-automatic rifles, join the military. For the shooting in Parkland, the alleged shooter was legally an adult at the time of the shooting, so I’ll come back to the adult age group issue shortly.
Children with Guns
In the case of younger school mass shooters, how did they get access to the weapons at all? These children can’t own weapons. This is where parental guidance fails. Many of these shooters obtained their weapons directly from their parent’s weapon stash or from a friend’s weapon stash. Of course, they might have also obtained weapons through illegal means.
In the case of parents owning weapons where the child used it in a mass shooting, the parents should be held legally accountable, at the very least as an accessory. If you own weapons and do not properly secure them from your child, then you need to be held legally accountable for how that weapon is used, particularly if it is by your child. As a parent, you need to share in your child’s legal culpability and burdens, even if the child is shot and killed after the mass shooting. As a parent of a child mass shooter, you can no longer claim to be a victim in this. You are now fully responsible for your child’s actions while using your legally purchased weapon(s). If that means the child performed a mass school shooting, as a parent, you should expect a maximum sentence including jail time.
This is the first way to stop these mass school shootings. If parents legally become an accessory to whatever is committed by the child with that parent’s weapon, then parents will then have to be much more careful about where they leave their guns. This means making completely sure that your weapons are entirely secured from your child, preferably away from your home. This means making sure your child has no way to circumvent your gun storage system and take possession of them. However, if your child does take possession and uses your weapon in a mass shooting, expect to see the inside of a courtroom and see the inside of a jail.
Making parents take responsibility for their child’s actions is the first way to stop school age child shootings. Parents of a shooter need to stop making themselves into the victim and take legal responsibility for their child’s actions.
Adult Aged Shooter
In the case of Parkland, the alleged shooter was 19 and legally purchased and owned the weapons he purchased. That’s partly because Florida’s gun laws are fairly lax. This is where if Florida’s gun purchasing laws had been more strict on this matter, this 19 year old (still mentally a child) wouldn’t have been able to buy an AR 15 weapon. Unfortunately, there is the argument that at 18, the age were everyone is considered a legal adult, you should be able to buy and own a weapon. I agree with that sentiment to a degree. It’s not that you can’t own a weapon, it’s that the states need to mandate stricter requirements before you can walk out of the shop with one. No one needs to walk into and out of a gun shop with gun-in-hand in the same day. It’s not that kind of an item. Here are some points that could have at least slowed down (or possibly thwarted) this alleged shooter:
- Require a permit. A permit to own a weapon means you need to file for that permit and wait until the permit arrives before a gun. This takes time and a little bit of money. It also means your name is on file with the state and authorities that you own a weapon and which weapons you own (because the gun dealer has to make a record with your permit number).
- Require a waiting period. In addition to the time it takes to file for and receive a permit, force every gun shop to make you wait at least 30 days before taking possession of the weapon. Not only does it force the buyer to think about their purchase, it forces the buyer to wait 30 days before that gun becomes yours. It also gives the gun shop owner 30 days to do their own research before handing over the weapon. I consider this one due diligence. No one needs a weapon overnight. It also means the gun shop might not get a pass for not doing their due diligence. Everyone involved in the sale of a gun has a responsibility to ensure they are selling that weapon to a person of sound mind.
- Require a mental health evaluation. This one is on the list only because it can help evaluate sound mind, but it’s also controversial. This means that as a gun buyer, you need to be evaluated by a medical professional prior to taking possession. Or, at least, take possession of your first weapon. The problem with this is, judging someone else’s mental health is a bit of a challenge. Habitual lying sociopaths are well capable of making their lies seem quite truthful… even to a mental health professional. This means that unless the mental health professional is able to diagnose a lying sociopath, the mental health professional could be on the hook for what that person does with the weapon after they signed off on that person’s mental health. Not sure how many mental health folks would want to take on that responsibility.
- Background check. A person who is looking at purchasing a weapon should go through a thorough background check. This should include social media sites and reviewing any behaviors that might seem out of the ordinary. If the person is under 25, the person’s most recent school records and conduct must be evaluated. If a school has recently expelled that person, this should be grounds for background check failure. If a parent or sibling has been involved in gun violence, failure.
These basic checks would at least stop obtaining weapons through legal means. However, it won’t stop people from obtaining weapons illegally. It also won’t stop person to person weapon purchases. For example, in Florida, one person can legally purchase a gun from another person without notifying anyone. This is the hardest problem to solve. Is there a way to solve this? Not easily. Because person to person weapon transactions are the hardest to track and the hardest to know about, it’s almost impossible to stop these.
Failure to Investigate
In the case of the alleged Parkland shooter, this former student apparently had disturbing content on various social sites including a now infamous comment left on YouTube. Content describing the want to use weapons in the way they were used. Apparently, some folks from the school found these sites and brought it to the attention of the school authorities, the local authorities and even the FBI. Yet, none of these leads were apparently followed up on.
This is a hard section to write. If the folks who are tasked to investigate troubled teens for possible issues like this, why wasn’t this information followed up? Why wasn’t he found early? Why wasn’t he taken in and detained? Why did none of this happen? There’s a term for it…
Security Theater
What exactly is “Security Theater“. According to Wikipedia:
Security theater is the practice of investing in countermeasures intended to provide the feeling of improved security while doing little or nothing to achieve it.
What this means is that authorities set up mailboxes to catch complaints with hollow promises to follow up. In fact, these sites actually aren’t monitored and the mailboxes go unchecked. These sites are set up strictly to placate, to provide security theater.
Instead of implementing the facade of security theater, we need to actually monitor, take action and follow up on these legitimate leads. If the FBI had actually followed up on (or at least had notified the local authorities), the Parkland shooting might not have taken place. It’s one of those hindsight is 20/20 kind of deals. It’s easy to look back and see all of the mistakes. However, if at least one of those notified authorities had followed up, perhaps Parkland wouldn’t have happened?
Overall
By enforcing more strict gun purchasing laws (especially to those under 25), by eliminating the practice of security theater and by actually following up on all possible threats, it’s possible we could have prevented the Parkland shooting. Heck, car insurance has always been higher for those under 25 for a reason. The insurance companies realize how reckless that age group can be. Why not apply this same logic to gun purchasing and ownership?
These ideas won’t necessarily stop all mass shootings and wouldn’t necessarily have prevented a shooting like Las Vegas, but if these ideas can reduce the frequency of them, then that’s a win in my book.
How to protect yourself from the Equifax breach
Every once in a while, I decide to venture into the personal financial security territory. This time, it’s for good reason. Unfortunately, here’s a topic that is fraught with peril all along the way. It also doesn’t help when financial linchpins in the industry lose incredibly sensitive data, and by extension, credibility. Let’s explore.
Target, Home Depot and Retailer Breaches
In the last few years, we’ve seen a number of data breaches including the likes of Target and Home Depot. While these breaches are severe problems for the companies, they’re less problematic for the consumer in terms of what to do. As a consumer, you have built-in protections against credit card fraud. If a thief absconds with your number, your liability is usually limited to around $50, but that also depends on the card… so read your fine print.
With the $50 you might have to pay, the inconvenience to you is asking your credit card company to issue you a new card number. This request will immediately invalidate your current card number and then you have to play the snail mail waiting game for a new card to arrive. That’s pretty much the extent of the damage with retailer like Target or Home Depot.
No one wants to go through this, but it’s at least manageable in time… and you can get back on with your life. For breaches like Equifax, this is a whole different ball game, let’s even say, a game changer. Breaching Equifax is so much more than a simple credit card inconvenience.
Credit Reporting Agencies and Breaches
With Equifax breached, this is really where the government needs to step in with some oversight and regulations. What your social security number is the the government, your credit reporting file is to your personal financial health. This breach is a dangerous game… and worse, Equifax is basically taking it lightly, like it’s no big deal. This is such a big deal, you will absolutely need to take steps to make sure your data is secure (and even then, that only goes so far).
First, I’ll discuss what this breach means to you and how it might affect you. Second, I’ll discuss what you can do to protect yourself. Let’s start with some basic information.
There are 3 primary credit reporting agencies (aka credit bureaus):
Unless you’ve never had a credit card, you probably understand what these businesses do. I’ll explain for the uninitiated. These agencies collect and report on any outstanding credit card or revolving lines of credit you currently have. If you have a mortgage, these entities know about it. If you have a credit card (or many), they know. They also know lots of other data (i.e., previous and current address), what loans you’ve had in the past, what bank accounts you have, what balances are on your outstanding lines of credit, any collections activities and the list goes on and on. It also lists your birth date, social security number and full credit card numbers and account numbers.
Based on all of your credit lines, how well you pay and so on, these companies create a FICO credit score. This score determines how low of interest rates you’ll receive on new loans. These companies are not only a bane to actually exist, but they are your lifeline if you need new credit. Even just one blemish on your record can prevent you from getting that loan you need to buy your new house or new car. Without these linchpin companies, lenders wouldn’t be able to determine if you are a good or bad credit risk. Unfortunately, with these companies, consumers are at the mercy of these companies to produce accurate data to lenders (and to protect that data from theft)… a task that Equifax failed to do.
What did Equifax lose?
Equifax lost data for 143 million record holders. While that number may seem small, the damage done to each of those 143 million record holders will eclipse the damage produced by Target and Home Depot combined. Why? Because of how these credit reporting agencies actually work.
Equifax (and pretty much all of these credit reporting agencies) have flown under the radar in what they do. If you go to a car dealer, find a car you want and fill out loan paperwork, that dealership will pull a credit report from one or more of these agencies. Your credit report will contain a score and all loans currently outstanding. It also shows how well you pay your loans, any delinquencies in the past and other financial standing metrics. This credit report will be the basis of whether you get a loan from the car dealership and what what interest rate.
Hackers had access to this data between May and July of 2017. The hack was found on July 29th, but not reported to the public until September 8th. That’s over a month that Equifax sat on this news. It’s possible that they were requested by law enforcement to hold the announcement, we just don’t really know.
What was lost?
According to the Washington Post:
Hackers had access to Social Security numbers, birth dates, addresses, driver’s license numbers, credit card numbers and other information.
According to the New York Times:
In addition to the other material, hackers were also able to retrieve names, birth dates and addresses. Credit card numbers for 209,000 consumers were stolen, while documents with personal information used in disputes for 182,000 people were also taken.
Those dispute documents being PDFs of bills, receipts and other personally identifying information. I’ve also read, but have been unable to find the corresponding article, that the hackers may not have had access directly to the credit report database itself, but only to loose documents in a specific location. However, even with that said, do you really trust Equifax at this point? I certainly don’t.
Why is this such a big deal?
Because the credit reporting agencies have played it fast and loose for far too long. They make boat loads of money off of each credit report that’s pulled. If you pay $50 as part of the loan process to pull your credit report, the dealership will keep part of that money and the rest goes to Equifax. Because many loans applications are processed every day, some credit reporting agency is making money. Making money isn’t the problem, though.
These agencies will pull a report for anyone willing to spend money. This includes people with stolen credit cards. However, that only gets thieves so far before being caught. Instead, breaking into computers at the agency allows them to not only pull credit reports for anyone who has a record, they can get access to lots of sensitive information like:
- Social Security Numbers
- Birth Dates
- Addresses
- Places of employment
- Home Addresses
- Credit card numbers
- Dispute Documents
- Etc..
Basically, the thieves may now have access to everything that makes up your identity and could steal your identity and then attempt to divert bills away from your house, create new cards, and do other things that you may not be able to see. If they managed to get access to your credit report, they can open cards out the wazoo. They can charge crap up on those cards. And, they can perform all of this without your knowledge.
Credit Monitoring
You might be thinking, I’ll set up a credit monitoring service and have the credit reporting service report when activity happens. Even that, while only somewhat effective is still subject to being breached. If the thieves have access to all of your identity information, they can request the credit reporting service to do things like, reissue passwords to a new email address and send sensitive reports to a bogus address. These thieves can even undo security setups like a credit freeze and reassign all of that information to their own address. You won’t see or even know about this unless you regularly check your credit reports.
This problem just barely peeks into the can of worms and doesn’t even open it fully. There are so many things the thieves can do with your identity, that by the time you figure it out, it could be far, far too late. So, don’t think that signing up for credit monitoring is enough.
Sloppy Security Seconds
In fact, it wasn’t seconds, it was almost 2 months before the breach was known to the public. A move that not only shows complete disregard for 143 million people’s financial security from a company who should be known for it, Equifax doubled down by creating a lead generation tool in their (ahem) free TrustID tool. Keep in mind that that TrustID tool is only (ahem) free for one year, after that you pay. Though, protecting against new account creation is only half the problem. The other half to which TrustID can’t help is protecting your existing accounts. Because credit reports contain every account and every account number you own, if your data was compromised (and with 143 million accounts worth of data lost, it’s very possible), you need to do so much more.
Even the Security Checking Tool (which was questionably put up on a brand new created domain???) seems to have been a sham and had its own share of SSL certificate problems leading to some browsers showing the site as a scam. Some Twitter users have entered bogus data… and, this checking tool seems to have stated this bogus data was included in the breach. The question is, does that tool even work or is it merely security theater? Yet another black eye in among many for Equifax’s handling of this data breach. To wit…
and then this tweet…
To sign up for Equifax’s TrustID premium service, you have to enter even more personally identifying data into a form of a company that has clearly demonstrated they cannot be trusted with your data. Why would anyone do this? Seriously, signing up for a service with a company who just lost a bunch of information? No, I think not. Instead, Equifax should be required to pay victims for a monitoring service with either TransUnion or Experian (where breaches have not occurred.. yet).
On top of entering even more personal information, the service requires you waive your right to lawsuits against Equifax and, instead, requires binding arbitration. Yet another reason not to sign up.
It’s not as if their credit monitoring service is really going to do you a whole lot of good here. If you really do want a credit monitoring service, I’d suggest setting it up with Experian or TransUnion instead. Then, figure out a way to get Equifax to pay you back for that service.
Can’t I reissue credit card numbers?
While you can do this, it won’t protect you fully. The level of what the thieves can potentially do with your data from Equifax goes much deeper than that. Yes, changing the numbers will help protect your existing cards from access. However, it won’t stop thieves from opening up new accounts in your name (and this is one of the biggest problems). This is why you also need to set up a credit freeze.
Because the thieves can now officially pretend to be you, they can do such things as:
- Pretend to be you on the phone
- Call in and request new pin codes based on key identifying information (address, SS#, phone number, etc)
- With your old address, they can then transfer your bills to a new address
- They can reissue credit card numbers to that new address
You’re probably thinking, “What about the security measure my bank uses? Won’t that protect me?” That depends entirely upon how convincing the thief can be over the phone. If they can answer all of your identity information and find a representative who can bypass some of the banks security steps, they can get a foot into the door. That’s all it takes for them to basically take over your credit accounts… which is one step away from potentially hijacking your bank accounts. A foot in the door is enough in many institutions to get the ball rolling towards full hijacking.
How do I protect myself?
If your data was involved in the breach (unfortunately, the tool that Equifax provides is sketchy at best), the three bare minimum things you should do are
- Contact one of the three credit bureaus and ask for a free 90 day fraud watch
- Contact all three and ask for a credit freeze on your records at each credit reporting agency
- Set up credit monitoring at TransUnion or Experian
The 90 day fraud watch means they will need to let you know when someone tries to do anything with your credit report. However, this watch is only good for 90 days and then expires. The good thing about requesting this watch is that you only have to do it at one bureau. All three will receive this watch request from your contact with one of them. The bad thing is, 90 days is not nearly long enough to monitor your credit. In fact, the thieves will expect the 90 day fraud watches, wait them out, then go after it hard and heavy after these begin expiring.
A freeze, on the other hand, lasts until you unfreeze. A freeze puts a pin code on your credit record and that pin is require each time a company needs to pull a copy of your credit report. This will last far, far longer than a 90 day watch and serves to stop the thieves in their tracks. To freeze your records, you will need to contact all three separately and perhaps pay a fee of $5-10 depending on where you live.
Setting up credit monitoring means you can be alerted to whenever anything changes on your credit report. But, credit monitoring won’t stop the changes from occurring. Meaning, you’ll be alerted if a new card is opened, but the monitoring service isn’t a preventative measure.
You can contact each bureau as follows to set up any of the above services, including a credit freeze (links below):
- Equifax or call 1-800-349-9960
- TransUnion or call 1-888-909-8872
- Experian or call 1‑888‑397‑3742
Neither a fraud watch nor a credit freeze will impact your credit score. A freeze simply prevents any business from pulling your credit report without having your pin code. Companies for which you already do financial business or have loans established can still pull reports as needed. However, any new loans will be required to have your security pin code. You can learn all about the details of a credit freeze at this FTC.gov web site.
Unfortunately, because the breach may have been more extensive than it appears, a thief can now contact the credit bureaus over the phone, pretend to be you and have any pin codes removed and/or reissued. Then, gain control over your credit records. This is why this breach is so treacherous for consumers. You need to be on your guard, vigilant and manually monitor your credit report for at least the next 12 months regularly. This is the part no big box media site is reporting. Yes, this is a very treacherous landslide indeed that is at work. Even if you do all of the protections I mention above, thieves can still subvert your financial records for personal gain by knowing your key personally identifying information.
How do I stop the thieves?
This is the fundamental problem. You can’t, at least not easily. To truly protect yourself, the scope of changes would include all of the following:
- Get a new social security number
- Reissue all of your credit card and debit card numbers
- Open new bank accounts, transfer your money into the new accounts
- Close the old bank accounts
- Reissue new checks
- Change your telephone number
- Move into a new address (or obtain a P.O. Box and send your bills there)
- Legally change your name
- Change all of your passwords
- Change all of your email addresses
- Set up multifactor authentication to every financial app / site you log into that supports this feature.
Unfortunately, even doing all of the above would still mean the credit bureaus will update your credit report with all of this new data, but your prior history would remain on the report… possibly up to and including all of the old account, name and address information. It is very, very difficult to expunge anything from a credit report.
In addition to the above, I’d also suggest closing any credit lines you don’t regularly use. If it’s not there, it can’t be exploited. None of this is a magic bullet. You just have to wait it and shut the thieves down as things materialize. Being diligent in watching your credit report is the only way to ensure you nip things in the bud early.
Tidal Waves and Repercussions
It is yet unknown the extent of their breach or the extent to which each consumer may have to go to protect themselves from this deep gash in the financial industry. Not only does this gash now undermine each account holder’s personal financial well being, it undermines the credibility of the very industry holding up the world’s economy. This is some serious shit here.
If half of the US’s residents are now available to identity thieves, those organizations who help protect the small amounts of identity theft throughout a normal year cannot possibly withstand a financial tidal wave of identity theft paybacks which could seriously bankrupt many credit organizations. In fact, if this tidal wave is as big as I suspect it could become, we’re in for some seriously rough financial waters over the next 6-12 months. By the time the holidays roll around, it could be so bad, consumers cannot even buy the goods needed to support the holiday season. Meaning, this could become such a disruptive event in the US’s financial history, many businesses could tank as a side outcome of consumers not being able to properly spend money during the most critical season of the year.
This has the potential to become one of the most catastrophic financial events in US history. It could potentially become even more disruptive than the 1939 stock market crash. Yes, it has that much potential.
Since I have no reason to believe that Equifax has been totally honest about how much data has actually been lost, this is the reason for this level of alarm. I’d be totally happy if the amount of data lost was limited to what they have stated, but the reality is, nothing is ever as it seems. There’s always something deeper going on and we won’t find that out for months… possibly at the point where the economy is hit hard.
Equifax Aftermath
Because the US is so pro-business, Equifax will likely get a slap on the wrist and a warning. Instead, this company should be required to close its doors. If it is not providing adequate data security measures to protect its systems, then it needs to shut its doors and let other more capable folks handle this business. This sector is far too critical of a service and that data too risky if lost to allow flippant companies like Equifax to continue to exist in that market.
Rant Time: Password Bombing
What is password bombing? This is a malicious activity by Internet trolls just to inflict chaos and to annoy legitimate account holders on the Internet. Like DDoS attacks affect Internet providers, password bombing affects individual Internet users. It works like this. You have an account somewhere, let’s say Apple. Apple institutes a policy that after 3 failed password attempts your account is locked. You must then jump through a bunch of hoops to unlock the account… typically answering ‘security questions’ in addition to entering your password. Sometimes these hoops are much more problematic, like bank logins. You might even be required to call in to have someone there verify your identity and unlock your account. You might also be required to reset your password. Some companies, depending on the lockout procedure, might even require that you re-register a brand new account. The hoops you are required to jump through can be minimal to numerous… all in the name of security. A password bomber takes advantage of these security practices and bombs your account to force this account lock inconvenience on you. Let’s explore.
Security and Logins
Yes, we all want our login IDs to remain safe, but not at the expense of being locked out of our account by a random schmoe on the Internet. After all, when they enter your account’s password incorrectly, there’s nothing that affects the malicious troll except a few failed attempts… at which point they can move on and try yet another account. All of the burden and inconvenience is firmly placed on the account holder to resolve the lockout. The malicious user gets to lock you out, you as account holder have to jump through the hoops to get the account reinstated. Depending on the organization’s security practices, you might be online in a few minutes, sometimes it can take days for the lockout to expire.
Overreaching Security Methodologies vs User Preferences
As more and more breaches occur, ever more organizations are making huge security knee-jerk reactions by, in most cases, silently instituting tougher and more problematic security measures for user accounts. After all, it’s my account and, in many cases, I’m paying to have that account (in one way or another).
This is one of those times where organizations think they know better than you. They think they can simply institute security procedures and everyone will just go along with them all happy like. It doesn’t work that way. If you’re an organization instituting security practices that will affect your user accounts, you need to not only inform your user base, you need to also offer ways to set preferences to control these security practices. If you’re planning on instituting a lockout policy, then you should offer ways to prevent lockouts (multi-factor authentication) or in ways to remain informed of lockout attempts. For example, if you’re planning to lock an account due to bad data, send an email WHY your system locked the account and the IP address that caused the lockout.
Locking out accounts may sound like a great security prevention practice, but it’s what’s happens after a lockout that makes this security measure useful or a fail. Making your users jump through a bunch of sometimes impossible hoops to reactivate their account is not cool. Simply because some random schmoe on the Internet decided to type in my account name with a bad password three or more times shouldn’t require me to spend 30 minutes or longer resolving this issue. It’s your system that allowed that schmoe to continue to enter the password multiple times. That had nothing to do with me.
Why not just block that IP address from your site after multiple bad attempts and then inform the actual account holder that someone attempted to gain access from that specific IP? Let the account holder determine how to handle this issue. That’s the better way to handle this. Let us know that people are attempting to access our accounts and tell us where they are from and what device they are using. Let us make the decision. Don’t just lock us out without a word, then assume we’re okay with spending 30 minutes jumping through your silly hoops to gain access again. Do you really want us to use your services?
Password Bombers
As we are forever required to have and own more and more accounts on the Internet, it’s becoming much more common for our usernames to clash with other people. This is especially true when we’re required to use our email addresses as our login IDs. I preferred the time when we could choose our user IDs so they could be unique. Instead, we are now forced to use our email addresses which can be easily confused with other users, particularly when using an email domain like @gmail.com, @yahoo.com, @outlook.com or similar common email services used by perhaps millions of other users.
Worse, though, is when malicious trolls decide to be contrary. When they can simply go out to Yahoo or Apple or Google and just plug in random data into the login screen simply to lock user accounts. Even though this vulnerability has been around for a long time, it’s now becoming more and more common. As we move forward, it will become even more common in retaliation to stupid things like Internet comments.
These password lockout practices need to be refined to not inconvenience legitimate account holders. But, instead, it should inconvenience the password bomber. Yes, inconvenience them. Make them pay for their stupidity of entering incorrect data multiple times. Instead of locking out our accounts, block that IP from your site for 24 hours after entering incorrect login data. Prevent them from locking any further accounts through their contrary actions. Make them contact your team to get the IP unblocked. Leave the accounts alone unless it’s absolutely necessary, like under a real breach. If your organization loses password data, then yes lock our accounts until we change passwords. If some random troll decides to password bomb as an activity, make them pay for this activity by blocking their IP from your login screen.
If you have been password bombed by someone on the Internet, please leave a comment below with your story. If you like what you read here, please subscribe to the Randocity blog so you don’t miss my newest posts.
Security vulnerability: Apple Watch, iPhone and Apple Pay
If you own an Apple Watch, there is a security vulnerability that could compromise your Apple Pay cards. Let’s explore.
Watch Stolen?
Let’s say you’re on vacation and you decide to visit that cute little patio coffee shop. Naturally, you’re sitting, sipping and enjoying your coffee. Your wrist adorned with your new Apple Watch is sitting on top pretty wrought iron fence. Someone comes along and grabs your Apple Watch off your wrist and runs away. What do you do? Chase after them to get it back? Oh, but they’re already gone. So then, try to disable the watch on your iPhone? So, here’s the dilemma (and the vulnerability). As soon as you unlock your iPhone, your watch is now quite vulnerable thanks to Apple.
Unlocking your iPhone
Apple has recently pushed an update that automatically and, by default, unlocks both your Apple Watch and your iPhone merely by unlocking your phone… so long as the watch is on anyone’s wrist (it doesn’t have to be your wrist). And herein lies the vulnerability.
So now, that thief who has just stolen your Apple Watch is standing close enough to still get a connection from your iPhone. The thief already knows what will happen after you unlock your phone. So, they patiently wait until you unlock your phone. Then, they get access to your stolen watch’s data until you A) Mark as Missing or B) remove all your credit cards from your wallet. It’s doubtful you can unpair the watch once they have taken it out of range of the Bluetooth/WiFi, but you can mark it as missing.
The thief will wait just long enough to get the watch unlocked and then run for it to get out of connection range. This may allow them to get access to the Apple Wallet and skim your cards from NFC. They could even still do it while in range of your phone, especially if you somehow hadn’t noticed the watch was missing (i.e., you had taken it off and placed it in your bag).
Fixing the Vulnerability
It’s quite amazing that this exists, a stupid security feature from the same company that’s trying to defend itself from unlocking a terrorist’s iPhone for a judge. Hypocritical much? No no, mustn’t unlock a phone for a judge. But, it’s perfectly okay to give thieves access to Apple Pay credit cards by enabling this dual unlock feature. First thing I’d immediately recommend is going into the Watch app on your iPhone and disabling this feature pronto! You’ll find that the Apple Watch itself also has this setting available under Passcode, but thankfully it can only be enabled or disabled on the iPhone.
However, this feature should not be available at all, Apple.
Preventative Measures
While you are still in possession of both your Apple Watch and your iPhone, you should immediately disable this feature. On the iPhone, it’s under Watch app=>My Watch (Screen)=>Passcode=>Unlock with iPhone set to OFF.
You’ll need to perform this while you are in possession of both devices, before your watch is stolen or misplaced. If you fail to make this change now, you cannot make this change after it is stolen. You can only mop up the mess.
Reactive Measures — My Apple Watch has been stolen!
If you leave the Unlock with iPhone setting enabled, anyone wearing your watch will see it unlock as soon as you unlock your iPhone if they are still in connection range (possibly 30 feet or so, but could be farther). So, you realize your watch is missing and the first thing you do is think, “I need to delete my Apple Watch from my phone”. However, merely by unlocking your phone, you may have just now given the thief access to your watch and to anything on that watch including your Apple Pay credit cards. This means they can activate the NFC on the watch and skim those card numbers off or even use them to charge in shops around the area, possibly even for the entire day until you remove the cards from the wallet. This gives the thief access to wallet and your credit cards until the watch runs out of battery or it locks again once taken off. Or, until you have taken measures to remove the cards from Apple Pay and have marked the watch as missing.
It’s very important to understand exactly how exposed you are by using the Apple Watch with the Apple Pay when enabling the Unlock with iPhone feature. But, you have to know that it’s stolen to take these measures.
Protecting Yourself
What do you do after it’s stolen?
Assuming you know that the watch has been stolen, the first thing you should do before unlocking your iPhone is disable Bluetooth and WiFi. How do you do this? At the > Slide to Unlock screen do not unlock the phone. Instead, swipe up from the bottom of the screen to the top. This will bring up the quick access menu that lets you manage items like WiFi on/off, Airplane mode on/off, Flashlight on/off and, yes, Bluetooth on/off. From the quick access menu, you need to disable both WiFi and Bluetooth before ever unlocking your iPhone. Because Apple Watch relies on Bluetooth and apparently an adhoc WiFi connection, the signal that you’ve unlocked won’t be sent to your nearby watch. It doesn’t seem to send this signal when your phone is on a carrier LTE or 4G data network. However, disabling Bluetooth or WiFi alone is not enough. The Watch can still connect to the cloud if close to a WiFi network it knows about. If you’re out on the street, that’s not likely. If you’re in or near your hotel, it might.
If you are not sure where your watch is, you should disable WiFi and Bluetooth before unlocking your iPhone. Once you’ve disabled WiFi and Bluetooth, go into Watch app=>My Watch=>Apple Watch and then Mark as Missing (making sure you have access to an LTE or 4G data network). You will not be able to disable the Unlock with iPhone feature while the watch is locked even if you reenable both WiFi and Bluetooth. In fact, if you do enable WiFi and Bluetooth, the app seems to remember the last unlocking for some period of time and will pass that unlock to the watch to unlock it. You don’t want to do this.
Whatever you do, don’t enable WiFi and Bluetooth until you’ve selected Mark as Missing under the Apple Watch menu. The last thing you want to happen is the iPhone to send an unlock signal to your watch.
Didn’t notice the watch was missing?
If you’ve left the watch in a hotel room or at pool or on the beach, you may have inadvertently unlocked the watch for a thief while you did not know the watch was missing. In this case, you should immediately Mark as Missing (see above). The second thing you will need to do is go into Wallet and Apple Pay is remove all credit cards from this area. This will deauthorize the card from Apple Pay and prevent the watch from making any further purchases with your cards.
Because Apple Pay creates a unique new Apple Pay card ID for each card, the thief won’t get access to your actual card number. But, a thief can still skim these unique numbers from the NFC and continue to use the numbers as long as you have not removed the card from the Wallet and Apple Pay menu. See ‘Thievery at its finest’ below for a caveat on skimming of NFC Apple Pay card numbers.
You should also call all of your credit card companies and let them know the period of time the watch was lost. While replacement of the cards is not necessary due to the way that Apple Pay registers new card numbers for use, it might still be a good idea just to be safe.
Forever losing things?
If you’re one of those people who is prone to losing or misplacing your stuff (especially things like Watches), then you need to head back up to Preventative Measures and disable Unlock with iPhone while you still have both your iPhone and Apple Watch in your possession. In fact, you can do it now while I wait here… patiently… for you to open up Settings on your iPhone… and disable Unlock with iPhone. Yes, you. Go do it now.
Okay, so now that that’s done. You did go do it, right? Okay, just checking. Assuming you didn’t lie about disabling it, there is no way a thief can get access to your Apple Watch by being in proximity of your iPhone if stolen or lost (i.e., like at the beach or at a pool).
If you are the type of person who loses things regularly, you might not even want to enable Apple Pay on the watch at all. Though, if you have a credit card on file for iTunes, Apple tries to be nice and imports this card into your watch on your behalf after its first setup. You should immediately go into the Watch app on your phone and remove that card. You can always add it back if you like.
Thievery at its finest — (the thief who returns most of what is stolen)
If you take your watch off by a pool, at the beach or any place where you might not want your watch damaged, a would-be thief could ‘borrow’ your watch just long enough to NFC skim all your cards off of the device (after waiting for you to unlock your phone). Then, carefully return the watch to you. He now has all your cards and you aren’t even the wiser that the watch was even missing.
Before this happens to you, you should disable Unlock with iPhone. Though, if you’re concerned about the credit card situation at all, you might just want to delete all the cards from your Apple Watch entirely and not use the watch for Apple Pay. Even if a thief attempts to skim your card data from your watch, they won’t be able to do it if the cards aren’t even there. However, if you do choose to use Apple Pay with your watch and as a security measure, I’d suggest removing and re-adding the cards once every couple of months. Better, once a month. This forces your bank to issue a new unique Apple Pay card number for each credit card. This will invalidate old Apple Pay unique card numbers that may have skimmed from your watch.
You should always remove and re-add your cards if your Apple Watch has been out of your possession for any period of time.
The Takeaway
Hopefully, by reading this article someone doesn’t end up taking more than your Apple Watch from you. The takeaway from this article should be to secure your device by undoing stupid Apple counter-security measures. Disable Unlock by iPhone in the Apple Watch app. Remove unnecessary cards from Apple Pay. Better, don’t use Apple Pay on the watch if you’re prone to losing things. If you’re planning on wearing the watch, don’t take it off your wrist.
I can’t even believe that Apple would stoop to putting in such an obvious security hole onto a device capable of storing credit card information (even if the numbers are unique to Apple Pay). If an Apple Watch could identify my wrist differently from someone else’s reliably 100% of the time, then this feature might be worthwhile. Because the Apple Watch can’t detect who’s wrist it is currently sitting on, this is a security compromise just waiting to happen.
Amazon Kindle: Buyer’s Security Warning
If you’re thinking of purchasing a Kindle or Kindle Fire, beware. Amazon ships the Kindle pre-registered to your account in advance while the item being shipped. What does that mean? It means that the device is ready to make purchases right from your account without being in your possession. Amazon does this to make it ‘easy’. Unfortunately, this is a huge security risk. You need to take some precautions before the Kindle arrives.
Why is this a risk?
If the package gets stolen, it becomes not only a hassle to get the device replaced, it means the thief can rack up purchases for that device from your Amazon account on your registered credit card without you being immediately aware. The bigger security problem, however, is that the Kindle does not require a login and password to purchase content. Once registered to your account, it means the device is already given consent to purchase without any further security. Because the Kindle does not require a password to purchase content, unlike the iPad which asks for a password to purchase, the Kindle can easily purchase content right on your credit card without any further prompts. You will only find out about the purchases after they have been made through email receipts. At this point, you will have to dispute the charges with Amazon and, likely, with your bank.
This is bad on many levels, but it’s especially bad while the item is in transit until you receive the device in the mail. If the device is stolen in transit, your account could end up being charged for content by the thief, as described above. Also, if you have a child that you would like to use the device, they can also make easy purchases because it’s registered and requires no additional passwords. They just click and you’ve bought.
What to do?
When you order a Kindle, you will want to find and de-register that Kindle (may take 24 hours before it appears) until it safely arrives into your possession and is working as you expect. You can find the Kindles registered to your account by clicking (from the front page while logged in) ‘Your Account->Manage Your Kindle‘ menu then click ‘Manage Your Devices‘ in the left side panel. From here, look for any Kindles you may have recently purchased and click ‘Deregister’. Follow through any prompts until they are unregistered. This will unregister that device. You can re-register the device when it arrives.
If you’re concerned that your child may make unauthorized purchases, either don’t let them use your Kindle or de-register the Kindle each time you give the device to your child. They can use the content that’s on the device, but they cannot make any further purchases unless you re-register the device.
Kindle as a Gift
Still a problem. Amazon doesn’t recognize gift purchases any differently. If you are buying a Kindle for a friend, co-worker or even as a giveaway for your company’s party, you will want to explicitly find the purchased Kindle in your account and de-register it. Otherwise, the person who receives the device could potentially rack up purchases on your account without you knowing.
Shame on Amazon
Amazon should stop this practice of pre-registering Kindles pronto. All Kindles should only register to the account after the device has arrived in the possession of the rightful owner. Then, and only then, should the device be registered to the consumer’s Amazon account as part of the setup process using an authorized Amazon login and password (or by doing it in the Manage devices section of the Amazon account). The consumer should be the sole responsible party to authorize all devices to their account. Amazon needs to stop pre-registering of devices before the item ships. This is a bad practice and a huge security risk to the holder of the Amazon account who purchased the Kindle. It also makes gifting Kindles extremely problematic. Amazon, it’s time to stop this bad security practice or place more security mechanisms on the Kindle before a purchase can be made.
Stupid Security Measures: autocomplete=off – How To Turn Off or Disable
While I’m all for some browser related security, this one feature is completely asinine because it’s so unpredictable, uncontrollable and stupidly implemented. This is the complete opposite anyone should expect from a quality user experience. Let’s explore.
What is auto-completion?
Most browsers today will automatically fill forms and password fields from locally saved browser login and password information (usually the field is yellow when automatically filled). This is called autofill or autocompletion. While I admit that storing passwords inside a browser is not the smartest of ideas, specifically if it happens to be connected to your bank account. With that said, it is my choice. Let me emphasize this again loudly. Saving passwords IS MY CHOICE! Sorry for yelling, but some people just don’t listen or get this… hello Chrome, Firefox and IE, you guys (especially Chrome) need to take notes here.
So what’s this autocomplete=off business?
As a result of autocompletion, the browser creators have decided to give web site creators the ability to disable this mechanism from within their own web pages. So, when they create forms, they can add the tag “autocomplete=off” to the form which prevents the browser from storing (or offering to store) passwords or other sensitive information. This is fine if the browser would give the user the choice still. It doesn’t.
I’m fine with browsers trying to prevent stupid behavior from users, but always provide an override. Never implement features like this, however, at the expense of a frustrating and inconsistent browser experience. This is exactly what autocomplete=off does. Why? The browser doesn’t give the user control over this web page mechanism nor does it even warn of it. If the site sets this flag on their form, the browser won’t offer to store anything dealing with this form. That’s fine IF I can disable this behavior in the browser. I can’t. As I so loudly said above, this is MY choice. Make this a preference. If I want to store logins and passwords for any site on the Internet, it’s my choice. This is not Chrome’s choice or Wells Fargo’s choice or any other site’s choice. If you offer to store and save passwords, you need to let me do it under all conditions or don’t offer to do it at all. Don’t selectively do it based on some random flag that’s set without any warning to the user.
Inconsistent Browser Experience
When autocomplete=off is set on a form, there is no warning to the user that this value is set. The browser just doesn’t save the password. You have no idea why, you don’t know what’s going on. You expect the browser to offer to save and it doesn’t. This just makes the browser look broken. And, frankly, it is. If the browser can’t warn that autocomplete=off is set by the site through changing the color of the bar, flashing, an icon or some other warning mechanism (like the lock when https is in use) the user experience has been compromised and the browser is broken. This affects not only Chrome, but IE, Safari and Firefox. Yes, and this is extremely bad browser behavior. It’s also taking a step back in time before web 2.0 when the browser experience became more positive than negative. We’re heading back into negative territory here.
Browser Developers Hear Me
Not warning the user that the experience is about to change substantially is not wanted behavior. For auto-completion, we already have mechanisms to shut it off entirely. We have mechanisms to exclude sites from saving credentials. Why do we need to change the browser experience just to satisfy Wells Fargo or some other site? I’m all for letting these sites set this flag, but just like overriding bad certificates at https sites, users should be able to override autocomplete=off. There is no need to break the browser experience because you want to allow sites stop saving of passwords. No, again, hear me, it’s MY CHOICE. It’s not your choice as a developer. It’s not Wells Fargo’s choice. It’s not PayPal’s choice. It’s MY CHOICE. If I want to save passwords into my browser, allow me t0 always override this setting.
Hacks Galore
Yes, there are browser hacks available as browser extensions (Chrome or Firefox) to disable autocomplete=off on forms on sites. While these hacks work, they require updating, can break on browser updates and can be generally problematic under some conditions. No, this is an issue that firmly needs to be addressed in the core browser, not through clever browser add-on hacks. Let the sites set autocomplete=off, that’s fine. But, warn me that it’s turned on and let me override it. I shouldn’t need a hack to fix a bug in the browser.
Always Warn of Browser Experience Changes
Why am I going down on this issue so hard? Because this is a completely crappy implementation of this feature. Why? Because it breaks the user’s browsing experience without any warning. If this the page is attempting to prevent me from saving credentials, then this information should be marked clearly in the browser somewhere. Perhaps by adding a special icon to the address bar indicating that credential saving is not allowed on this site. Then, when I click that small icon, I should be able to override this behavior immediately. Again, this is my choice to store or not store passwords to the browser. There should never be any defacto security mechanisms which cannot be overridden by a user control. Never!
If the user chooses to do something stupid, that’s the user’s choice. No, it’s not a bank’s, chrome’s or any other company’s responsibility to ensure the safety of user data. It’s entirely the user’s responsibility and those choices should be completely left up to the user to decide, for better or worse.
[Update] Safari is now warning when autocomplete=off is set on a page. Safari now tells you that the site you are visiting doesn’t allow saving of passwords. Bravo to at least Apple for getting this one right.
I have also found that Firefox with the Greasemonkey plugin and this Greasemonkey script works best for completely disabling all pieces of autocomplete=off. While the above plugins do at least allow saving passwords, the plugins don’t always allow autocomplete to work. This means that if you want to see your credentials autopopulate into the fields on page load, you may have to use Greasemonkey instead. I have found that the Greasemonkey solution is the most complete at disabling autocomplete=off. The reason this works is that Greasemonkey actually removes this autocomplete=off pieces from the page before Firefox renders it. The other plugins just tweak the browser to ignore the setting for password saving, but it still exists in the page source and, thus, the pieces that manage the autocomplete parts are left unhandled. So, these pieces still don’t populate the fields.
Security tip: Don’t sign-up for sites without ‘delete account’ function
As security of data becomes more and more important and as security breaches become more and more frequent, the ‘delete account’ link becomes very important. So many sites today allow you to import information such as credit cards, birth dates and other sensitive information, but many times they don’t allow you to delete that information (or your account) easily. In some cases, you can’t delete your data at all. It’s important to understand why it’s critical to have the option to delete your account (and all data associated with it). Let’s explore.
Account Security
Few people consider account security when signing up for an internet service like Facebook, Twitter, MySpace or even Yahoo or Google. As more and more sites become victims of security breaches, without deletion of old dormant accounts, your data is sitting out there ripe for the picking. In some cases, these accounts may have stored credit card, social security or other potentially sensitive or revealing data. So, when you begin that sign-up process, it’s a good idea to check the help pages on how to delete your account information before you sign up.
Old Dormant Accounts
We all have them. We signed up for a site 4 years ago and then either never used it or used it only a few times. Don’t leave old dormant accounts sitting unattended. Delete them. You don’t need some random hacker gaining access to the account or, worse, obtaining the password through a break-in to that site. If they obtain an old password, it’s possible that they may now have access to all of your accounts all over the net (assuming you happen to use a single password at all sites).
If you are using a single password, change them to all be unique. If you can’t do this, then find the delete button on all these old accounts. If you can’t remember what you’ve signed up for, then that’s beyond the scope of this article. Still, deletion is the best option at avoiding unintended intrusion into other important accounts, so delete old accounts.
No Delete Function?
Two ways to handle this one.
- Delete all data that you can from the account, then find a random password generator and change the password to a randomly generated password. Do not keep a copy of the password and never use it again. Basically, you have locked the account yourself. If someone does access the account through the web, they won’t get anything. If they break into the site and gain access to the passwords, they will get a randomly generated password that leads them nowhere.
- Contact the site administrator and ask to have the account completely deleted without a trace. Sometimes they can, sometimes they can’t. Depends on how the site was designed. It’s always worth asking.
New Accounts at New Sites
When signing up with new accounts, if you cannot find a way to delete the account, then contact the administrator and explain that you would join the site, but you cannot find a way to delete the account when you no longer wish to have one. If they state that there isn’t a deletion function, explain to them that until they implement this function, you can’t use the site.. and walk way. Note that there is nothing more important than your own personal data security and you have to be the champion of that security because no one else will. If sites refuse to implement deletion functionality, then don’t use the site. There is no site functionality that is more important than your data security.
No Reason for Lack of Delete Function
In fact, there is absolutely no reason, other than sheer laziness, to not implement a delete function in any internet web site. If it can be added, it can be deleted. It’s very simple. I know, some developers are going to say, “Well, it’s not that easy”. That’s a total crock. It is that easy. If you have developed software that is incapable of deleting user account information, then you are either seriously inept as a programmer or you simply don’t understand what you are doing. There is no excuse at all for not adding a delete function to any site (including deletion of a user account). To my knowledge, there is no operating system or database that does not have the ability to delete data. Not adding this feature is just not acceptable. Always demand this feature if you cannot find it.
Pre-existing Site Accounts
I know that some of you may have joined sites ages ago when data security breaches were less common than today. Back then, account delete functions may not have been available. This may have been carried forward and these sites may still not have delete functions. Demand that the developers add this functionality. If you are an avid user, you should always demand this functionality. You never know when something may change that may require you to delete your account at that site… like a data breach. Security is important and your personal ability to delete your account is your right and should not be undermined. Again, always demand this feature from the sites you frequent if it is not present.
I challenge you to visit all of the sites you regularly use and locate the delete account function. I’ll bet that more than 50% of the time, it’s not there. Demand that this feature be implemented if, for nothing else, than your own personal peace of mind in case you need it. It’s like that insurance policy you buy, this is the same. The delete account feature is your insurance policy to prevent unauthorized access whenever you need to exercise this option. However, you cannot delete your data if the functionality is not there, so always make sure the delete feature exists before you sign-up.
Random Thoughts - Randocity! 
leave a comment