Month: December 2025

Memory Lane: Syria & the Model UN

BobbieLeave a comment

In 1992 or 3– memory is a little fuzzy — I was part of the Model United Nations and the country we were representing was Syria. I remember thinking “I know nothing about Syria” and having to cram as much information as I could to prepare. There was a delegation of us, I think… 8? 12? I just remember probably six of us crammed into a hotel room in New York, where the final event is held, toward the end of the school year. It was my first trip to New York, and I learned a lot.

West Point had, if I remember correctly, Burkina Faso. I do not know why I remember that. I just remember seeing what looked like two very white bro-dudes representing Burkina Faso and then looking at our delegation of mostly female persons representing a country that only superficially extended any rights to female persons.

To establish the zeitgeist of the moment: the US had just “won” the first Gulf War (fun fact, I was on an airplane to Australia for the student exchange when we declared war. The pilot shared that on the overhead. I and some 30 other exchange students didn’t know what to do with that), the “Middle East” was and had been for some time a scary place (inasmuch as all the news we got at the time was about scary things happening there). There was no internet (or none that was easily navigable to), and news was something you either got from a physical newspaper or from 6pm-8pm on TV. Heading to New York to effectively pretend to be Syrian — as a female person, in the company of *mostly female people*– was going to be an interesting prospect.

It was straightforward – act in “your own” interest. In the case of Syria, that was one of a wedged country – Syria participated in the Gulf War on the side of the US (because the alternative was siding with someone who would be interested in invading Syria) but also had a history of cracking down (murderously) on its own people. On one hand, Syria could be simply oversimplified into “bad guys in the Middle East that we had to work with against a worse guy” (plus assorted other stereotypes) and on the other hand how do you concentrate millennia of cultural history into context for play acting over 3 days? Not terribly well.

In pursuant years Syria remained a talking point on the nightly news as a Player In The Middle East and the older I got the more I understood (or thought I did) about how they moved in their local sphere (or internationally). Remembering my time in the Model UN meant I attached a little asterisk in my head to mentions of Syria; thinking back to “oh remember when you oversimplified their international stance over a 3-day period in an ironically mostly female representation?”

All is not wine and roses in Syria now; they still have crushing poverty and homelessness; they still need medical support and humanitarian aid. Yet this morning, I opened up the latest article in my inbox from the Economist to see that Syria is the Country of the Year – much improved and more democratic (yes, a subjective take), having shed itself of a dictatorship (and put in some measure of stability in the ensuing year). It had stiff competition — as noted in the article — but really, a transformative year. One that cannot, and should not, be oversimplified.

You can donate to UNICEF in support of Syria here.

If you’d rather donate closer to home, you can donate to Habitat for Humanity here.

You can learn more about the Model United Nations here. Most schools have to fundraise for their delegations and materials, so if you have an alma matter and if you have an interest, you can reach out to them and provide support.

It’s the Most Wonderful Time of the Year, Part II

BobbieLeave a comment

Working on the premise that during these holidays you find yourself in situations where you are “the explainer” and/or see the need to be one, here’s a guide on what you can do about data.

Specifically, your data. Or encourage people to do with their data.

The very first part of this is a bummer so you may want to pull up a glass of eggnog while choking this down (if you aren’t already choking on the eggnog): your data is not 100% private no matter what you do. Not ever. The only thing you can control (somewhat) is the length to which it is shared and the compartmentalization of that sharing so as to reduce the amount of destruction that can happen with a Data Breach. The other bummer with Data Breaches is that they are not something YOU did wrong – some entity that was responsible for storing data was infiltrated by Bad Persons who now have your data. Even if you had a unique password, even if you had MFA. Usually what gets stolen are credentials (the ID part of them, hopefully not the actual passwords) because what is supposed to happen is that sensitive things like social security numbers, credit cards, etc. are supposed to be “hashed“. That said, there are clever hackers and there are dumb companies, and so you don’t want to trust that everything works “the way it is supposed to”.

The following are suggestions for discussion/implementation as you get called in as The Person Who Knows These Things. If you actually do get a data breach, the most immediate steps are:

  1. Change the password for the given site(s) that was(were) breached.
  2. Check your credit cards/bank accounts to see if there are any fishy charges.
  3. Make sure they have 2FA on them
  4. Pull a credit report and freeze your credit – and in the credit report look for anything fishy (new accounts, for example).

Otherwise, we’ll assume the time slots you have below are based on how much time you have — or are willing to have — to disseminate knowledge :).

15 Minutes

With 15 minutes you have a selection of things you can do/advise:

  • Unique passwords for each site (at least, at the very least, for anything tied to finance – bank cards, store cards, etc.) – this reduces what a potential attacker has access to if there is/was a data breach with that one site. With 15 minutes you probably can do like, 2, but you can include the explainer on why they should do this for the rest of their sites.
  • Provide an explainer on data breaches:
    • They are somewhat inevitable because no system is perfect,
    • This is why you don’t want to do things like store credit card information with retailers or on your browser,
    • This is why people should have two emails (or more) – one that all their finance stuff goes to vs. the “spamhole”,
    • This is why you activate 2FA or MFA on all your stuff (again, if data found in data breach is being leveraged by bad guys then at least make it a little harder for them).
    • Whenever you get a notice of one you change the password on that site – and any you think may be tied to it – immediately.

30 Minutes

  • Show them how to freeze, and temporarily unfreeze, their credit, and why.
  • Discuss options like Delete Me.
  • Take the free credit monitoring
    • Almost every data breach notification comes way too late after this particular horse is stolen from this particular barn, BUT, free credit monitoring is free credit monitoring.
      • When they sign up for that it should be with a unique password.
      • Put in a reminder for the couple of weeks before the monitoring is set to expire so they can/should decide if they want to continue it on their own payment or cancel it once it is no longer “Free”
        • (An unfortunate reality is with the frequency of data breaches you could probably stack these 😦 ).

45 Minutes or Longer

  • Get a Password Vault app (e.g., Bitwarden) and an Authenticator app installed
  • Set up that 2nd email and update accordingly to financial sites
  • Google yourself and see what comes up. If you don’t want whatever does come up, file a request with the owner of that site or leverage something like DeleteMe.

The last thing I’d point out is that there is an astonishing amount of information out there on you that is publicly available. County assessors include your information and real estate tax information publicly, county and state court websites have records, etc.

The Real World

I will end with an example: recently, some folks I know were buying a house here in WA. Specifically in King County. They had seen a house, and they wanted to know more about it. Naturally, working with a realtor, they got some information. However, through about 15 minutes of searching, I could see: every permit that had been applied for, and accepted/rejected (and why) for that house, the previous homes the current owner lived in, how much they bought and sold those homes for, the current owner’s court records including their recent altercation at their house, a speeding ticket, their previous marriage, their previous divorce settlement, their current partner, their place of employment, their previous employment, the location of their families across the country, their voter registration, etc. etc. This is/was all publicly available data- I didn’t have to pay anything or even register anywhere to search it. Bonus: the folks I knew were checking with their own realtor about their own house to see how it was titled. and I was able to pull their title -an actual copy of their title – in 5 minutes.

This is what I mean when I say you will not be able to be 100% private. Certainly, there are ways to obfuscate this: you can get court records sealed, you can register your home in the name of a trust or a shell company, you can scrape your name off of as many sites as possible, etc. When you get the notice of the data breach, pay attention to what was breached – and respond accordingly.

It’s the Most Wonderful Time of the Year, Part I

BobbieLeave a comment

As we sit in meetings and hear “yeah, so let’s circle back to that in the new year”, as we receive out of office emails, as we get quite literally bombarded with solicitations (to go buy things or donate money), we find ourselves yet again at the end of a calendar year, heading into “the holidays”.

It is “the holidays” because it incorporates a selection of them with a variety of observances and customs, and I can get behind any seasonality that involves getting together with the ones you love and eating things. Oh, and pretty lights.

This is also the time of year where you may be dragged into being tech support for a friend or family member and remember that it is an honor and a privilege: You Are the Techie Person. You get to say stuff like “it works on my machine” and “have you tried turning it off and turning it on again”. Practice holding your coffee mug in your non-dominant hand while gesturing at screens, it will help.

If, however, you do not want to spend all of your time at a gathering doing tech support, and you’ve allotted a specific amount of time to do the Good Work, here’s some suggestions. For all of these you should explain to the recipient what you are doing and why, so they understand when things change. It also means that they can’t wander off and leave you by yourself to play tech support (unless you, and they, want it that way).

15 Minutes

With 15 minutes, grab the phone(s) of the intended persons (WITH THEIR PERMISSION) and:

  • Ensure they are updated with the latest patches – this will help guard them against security issues and could help performance.
  • Adjust the text sizing/accessibility features as needed – sometimes these are hard or confusing to get to.
  • If the phone is a sea of apps, make sure they know how to search for apps and/or reconfigure their first page of apps to the ones they use the most.
  • Establish a family code word for human MFA – AI has gotten savvy and so if Grandma gets a call from her “Grandson” explaining he’s in jail / trapped in a town someplace else / needs money, Grandma can ask for the passphrase. The kid will know it, AI will not. (You may need to show Grandma some examples of AI real-time deepfakes, so she understands the abilities of the bad guys).
  • Depending on the state of the person and what kind of support you do, you may want to enable location sharing to you. If you do that explain why.

3o-45 Minutes

With this additional time,

  • Make sure they are storing passwords someplace safe. IF THAT IS A PIECE OF PAPER, make sure they understand that that piece of paper needs to be hidden and not just hanging out and visible to anyone who visits the house. Pitch solidly for a password manager — the one Apple has built in is fine; Bitwarden is good too.
  • Make sure they understand to NOT STORE THEIR CREDIT CARD INFORMATION IN THEIR BROWSER. If they are doing that, walk them through why it needs to be removed, and teach them how to use Apple Pay or Pay Pal. Yes, this may take more than 15 minutes.
  • Walk them through how MFA works (if they don’t already know it) and ensure it’s set up for any/every instrument tied to money (bank accounts, shop/store accounts, subscriptions, etc.)

An Hour or More

  • Check to see if the router ADMIN password is unique and not the one the router shipped with. If it is, change it, make sure they add it to whatever they’re using to manage their passwords, and explain to them why (I find it useful to use the “Garage Door Opener” example: there was a thing a few decades back where folks discovered that if you bought a garage door opener and drove through neighborhoods eventually you’d find one you could open).
  • Make sure their Wi-Fi is not open for all – it should be password gated and that password should be stored accordingly.
  • If you have crazy amounts of time and inclination – let’s say you’re visiting from out of town and staying at the house a few days? –
    • Consider setting up a guest Wi-Fi and/or IoT Wi-Fi network. Separate things-that-touch-money from “smart” things (e.g., smart fridge, smart thermostat, etc.), and also separate “visitors”.
    • Go through browser hygiene on all machines – how cookies work, what you do and don’t get for them (explain that this is how Facebook knows you were shopping for boots).
    • Make sure machines are on auto-update for patches.
    • Consider getting a separate authenticator, and walking them through how and why to use that.
    • Explain passkeys.

Stocking Stuffers

  • Don’t plug your phone in to charge at any rando USB port. Instead, use a USB Condom. And with this, let the recipient know that they should never have to download an app just to charge their devices.
  • You can also get them a portable charger, especially if they travel a lot.
  • Bitwarden has a free tier but also for $1/mo or $3.33/mo you can get extras.
  • Ghostery is free but does accept donations.
  • Signal is free but does accept donations.
  • Credit Monitoring – even though we all get it “free” every time one of our accounts is compromised, it’s a good idea.
  • Authenticator Apps – Wirecutter and PC Mag have covered these.

Next post: why the Credit Monitoring is a good idea, and how to deal with the never-ending Data Breach issues.