What is web 3.0?

Currently we’re in “Web 2.0”, but transitioning to 3.0. What does that mean? I’ll give you a super quick history lesson. The first version of the internet contained static (boring) pages. Basically, they were placeholders until web gurus, marketers, and admin could figure out what to do. The first websites were basically static billboards. Companies like Coca Cola needed to claim their domain, so that they could retain control of their company image. Some guy even bought madona.com, and the real Madona had to take him to court, which set a precedent on ownership rights.

When interaction capabilities were beginning to be built into web experiences with platforms like PHPBB, Friendster, MySpace, etc, this became known as “Web 2.0” as interaction became a distinct evolution from the billboard-like experiences we had before. Of course, because there’s things to do and hold our attention, new independent websites like YouTube, the early Twitter and FaceBook exploded in popularity (YouTube was eventually bought by Google).

CC0 UnSplash, https://www.pexels.com/photo/meeting-pencils-macbook-notebooks-40120/
CC0 UnSplash, https://www.pexels.com/photo/meeting-pencils-macbook-notebooks-40120/

So, that is the internet we’ve experienced up until this year. For a few years now, people like me (Andrew) has expressed serious concerns about privacy, and our rights to own our data (see bibliography at the bottom of this article). These were ignored. Basically, people ignore or remain naive to an issue until we or our friends are hurt, then we hear or tell everyone around us about it, and then change our behaviour. With revelations that the US intelligence community has been vacuuming up our data as it passes through US territory, the constant leak of passwords and private information from Yahoo, and now Facebook (via Cambridge Analytica), and the missuse and abuse of trust, we’re now on the verge of changing the internet again.

So, what will Web 3.0 look like?

We’ve already started evolving into that. You’ve seen vestiges of it already in place. The fact that you’re reading this is apart of Web 3.0 already. Let me explain.

The new internet will be about security, privacy, and human rights; both in support and opposition to it. Security, privacy, and human rights in the digital realm is the new activists battle ground. In China, we see the government demanding to snoop and spy on their citizens. Encryption and VPNs are now banned in China, except where it would interrupt international commerce and trade. In the US we see election candidates wanting to snoop and spy on citizens, and use that information to influence your thinking. In Europe and Switzerland, we see that snooping and spying on citizens are outlawed, except in cases approved by the court (with a search warrant like process) to allow for criminal investigation. The worst that can happen with your personal data is:

1. Governments will use it to falsely accuse you of crimes and punish you. We see this already happening to human rights advocates in Vietnam and China, and against minority groups in the US.

2. Abused by employees of the government to monitor people within their own families or neighborhoods. Also employers abuse their access and privilege to spy on employees, which has had serious consequences already.

3. Accessed by criminals to steal your personal data. Identity theft is a very common digital crime. Criminals can impersonate you, and take out credit cards and loans in your name. They then wrack up a debit of which you are responsible for, and it destroys the credit rating of Americans, which is particularly harmful to them. This type of crime is difficult for the police to investigate as it is often committed internationally, and because your own personal computer security is so bad, the police can’t even determine how the criminals got your data, so beginning an investigation is difficult.

Group discussion. CC0 Startup Stock Photos, https://www.pexels.com/photo/people-office-team-collaboration-7075/
Group discussion. CC0 Startup Stock Photos, https://www.pexels.com/photo/people-office-team-collaboration-7075/

What you can do?

Here are the tools and features of Web 3.0:

SSL certificates. Basic SSL certificates are available to all our customers for free. These are the green padlocks you see in the address bar of your browser. The web address should start with “https” not “http”; the ‘s’ indicates a secure and encrypted connection. That means, if you’re using public wifi, criminals cannot see your login username or password, but they can if you didn’t use an SSL connection.

FireFox or Brave. These are web browsers that are so much more secure than Microsoft Explorer or Edge. Set these to “Never remember browsing history”, or “Clear browsing data after closing”, and never store passwords.

For secure communication, use Whatsapp, the best is Telegram.

For secure email use Gmail or protonmail.com (Yahoo often gets hacked, so never use it). Just know that Gmail is owned by Google, and so any data you have there, is accessible by Google (and their national government).

Use a VPN like PureVPN or similar. A VPN hides your geographical location, and encrypts your data, so no-one can snoop on your communications. Never use a “free” VPN. They make money from selling your data. Always pay for a VPN, because those companies make money from you, not from selling your data.

For cloud and online file storage, don’t use DropBox, it is not secure. Use Tresorit. Tresorit has never been hacked, and is the most secure system we know. Tresorit also synchronises your files between computers, office network, or just your only computer and cloud. If your house is ever burgled or burnt down, you haven’t lost your important files.

Don’t use Google for searches. Google also vacuums up your data, information, interests, search history, everything. They can match it to you via your ip address whether your signed in or not. Use Duckduckgo.com instead. They do not store your data, and they redirect your searches to a variety of search engines, and so you get a wider variety of responses anyway, and your searches are anonymised. That means, that health problem you think you have, you won’t see ads for treatments appearing on every website you visit. Fun Freaky fact: Amazon knows if a woman is pregnant before she does, just by analysing her searches, and comparing it to historical data of women who have bought baby items.

For your own website, of course use us, HelloSpace.Me. Our servers are expertly maintained, and are physically located in Switzerland. That means your data is protected under Swiss Privacy laws, and under Swiss Data Protection laws. Which means, only a judge in a criminal investigation can allow access to our servers, but only to a specific persons account. So far, we’ve never received such a request; if we do, we will seek legal advice before permitting investigators access. Conversely, US intelligence already has unfettered access to US webhosting companies anyway, which makes us the best option. Finally, we keep your data to ourselves, and we only collect the vital data we need so that you can maintain the essential functions of your account with us. We do not over-collect (get data we don’t need), and we do not share or sell it to anyone. There are some services where this is necessary, such as your domain registration, and any additional features you purchase for your website that are provided by third-party sellers.

Never over-share your information. Avoid publicising your identifying data like your date of birth, place of birth, mother’s maiden name, your preferred bank, and such. Don’t engage in/with political messages whilst using your real name. Use a pseudonym (which were commonly used in Web 1.0 and early 2.0) with a VPN when you’re engaging in political or social activism.

For more information, see Andrew’s publications:

  • Blyth, A. (2015) Social Media Ethics. The JALT CALL Journal, 11/2, 173-184. [journal link]
  • Blyth, A. (2011) Cookies and Breadcrumbs: Ethical Issues in CALL. ELT Journal, 65(4), 470-472. [abstract link] [Full text pdf]

Avoid using WiFi for a few weeks #KRACK

Recently, it was discovered by security researchers that almost every single WiFi is vulnerable to breach. Basically, Key Re-installation Attack (KRACK) is possible for a hacker to act as ‘man in the middle’ by spoofing a local WiFi hub, so all your WiFi traffic will go through his (or her) computer, before going onto the real WiFi hub. The affected WiFi hubs use the WPA2 security protocol.

Normally, you should be protected by using https (the green padlock SSL certificates) on websites.  SSL certificates should encrypt your username and password, making them invisible, but the KRACK vulnerability removes this protection.

Microsoft has already released a patch on their Windows 8 and 10 computers. If you don’t have automatic updates turned on, do it now. Google has announced that Android devices won’t be updated until the 6th November. Android users are advised to turn off wifi until the update is provided. Various other Linux devices will be updated in the near future (check your specific vendor). It is unknown if and how Apple iOS and Mac products are affected; Apple has not released specific information.

In the mean time, it is prudent to avoid using WiFi until you are sure your device has had this patch provided. Regarding your home and office WiFi router, check with your vendor for patches and updates. It is possible that using a Virtual Private Network (VPN) will keep your data and traffic encrypted, and probably protected. There are many VPNs, and these are available on mobile devices as well. Otherwise, absolutely avoid public WiFi until you see specific information stating it is protected against KRACK. After all, it is in the public space where man-in-the-middle attacks work best.

More detailed information from Engadget:

News this week

Our regular summary of news in education and technology, and you can contribute. Submissions of tips and stories will be gratefully appreciated (Contact Us), and don’t forget to tell us your name and sources.

Technology

Another ransom ware is out (BBC). They’re not exactly sure what it is, it appears similar to the recent WannaCry attack, and similar to Petya, so this one is currently known as NotPetya. A South Korean webhosting company paid over a million dollars equivalent in Bit Coin to have their data unlocked. This gives the attackers huge incentive to persist such attacks. Consequently, we will not be paying. Our strategy is this:

  • We keep regular backups of our data.
  • We regularly run virus scans, and use the most up-to-date software.
  • If attacked, delete and reformat our drives.
  • Reinstall everything using the most recent backup.

This approach will mean that some data loss is inevitable, especially new data. Consequently, we urge you to also back up your data on your website and home computer. Keep this data stored on an external device (like an external high capacity hard drive), which is not directly connected to the web. Using this method, for if we or you are affected by ransomware, at least some data is hidden and protected and systems are hopefully perhaps 80 to 90% recoverable. Even a 40% recovery is better than rewarding cyber criminals.

Education

The prestigious Global Teacher Prize is now accepting applications and nominations. If you, or you know someone, who is doing astounding work, submit for the next prize now. Announcement here.

The Global Teacher Prize
The Global Teacher Prize

HelloSpace.Me

We are growing all the time, so we have a lot to say this week. All our current members should have received an email with a special discount coupon valid until the end of this month. Check your email for details. If you haven’t got it, check your junk mail folders.

We are welcoming scholars and teachers who want to promote their research and classroom ideas with the community. We are accepting short articles on a variety of topics related to education, and technology in education. More info.

Special Offer of $150 worth of website for free for social media influencers: Announcement.

New Services: We are really happy to announce that we can offer auto-provisioning of some SSL certificates for Symantec, RapidSSL, and Geotrust. We also now offer professional level spam email filtering services, and Weebly website builder. See the new Categories in the shop for details: https://hellospace.me/host/cart.php.

Conferences

Submit your 2-3 line conference announcement at Contact Us.

The Fourth Extensive Reading World Congress will be on Friday 4th to Monday the 7th Aug at Toyo Gakuen University, Tokyo Japan. HelloSpace.Me will be there, so drop by and say ‘hi’.

The British Association of Applied Linguists (BAAL) annual conference will be held in the University of Leeds, from 31st Aug to 2nd Sept 2017. Submissions have closed. Details at BAAL.

The Pan Asian Consortium of Language Teaching Societies and KOTESOL will be co-hosting their annual conferences at Sookmyung Women’s University, Yongsan-gu, Seoul, South Korea, from 21st to 22nd October 2017. Call for submissions due 31st May 2017. Details at KOTESOL.

The Japan Association of Language Teachers (JALT) will hold their annual conference at Tsukuba, Ibaraki Prefecture, Japan, from 17th to 20th November. Submissions are already closed. Details at JALT.

The joint Applied Linguistics Conference for ALANZ, ALAA, and ALTAANZ has a call for submissions for their conference to be held on 27-29th Nov 2017, at Auckland University of Technology (AUT), Auckland New Zealand. Close of submissions was 1st May 2017. Details via ALAA.

5 easy steps to keep student data safe

We live and teach in the 21st Century (though some colleagues are not aware of this), which means everything is digitised. Everything is digitised because it makes life easy. When we lived in the paper age (as opposed to the stone and the digital ages), we kept student records locked in filing cabinets, locked inside of teacher’s rooms, locked inside the school. So, it was kept from anyone who couldn’t pick locks. Now, we have hackers, and so a different way of keeping student data safe is required. It actually isn’t hard. There are of course many other suggestions, these are just for starters.

1. Use HelloSpace.Me

Ok, we’re biased. But listen why. We have our servers in Switzerland for a very, very, good, very important, ultra-good, super-important reason. All data and information are protected under gold-standard Swiss laws. Which means, unlike certain other anglophone countries, cannot be accessed by government, government agencies, third-party companies, and others. So, that means you need to have your website hosted by us. Here is the obligatory Buy Now link.

2. Use an SSL Certificate on your website

An SSL Certificate adds the “s” for “secure” to your http (literally). So your web address will be https:// which means, all traffic will be parsed through that secure portal. That means passwords, usernames, and info are kept hidden from prying eyes. This is particularly important if you’re using wifi almost anywhere, or using a LAN network anywhere. Sadly, you just can’t start typing in https into your web address. For it to work, you need to purchase a certificate and install it. An SSL certificate has secure mechanisms built in to protect you, and your website users. Here is the super useful Buy SSL Now link.

3. Use your own cloud or Tresorit

For storing info and sensitive records don’t rely on USB memory sticks, your own computer, or DropBox. USB memory sticks are easily lost or taken. Your own computer can be stolen, destroyed (think fire or virus), and DropBox is not secure. Instead, on your own website install and SSL certificate with ownCloud to keep all your data off-site (not away from your teacher’s desk), but easily accessible to only you. Whilst we and your website has great security, we have to admit that Tresorit is better. Tresorit is like DropBox, but way, way more secure and they are the supreme experts for online security. Tresorit is a Swiss company, and they also take privacy very seriously.

Woman working on a computer. CC0 Unsplash, https://www.pexels.com/photo/adult-blur-business-busy-271560/
Woman working on a computer. CC0 Unsplash, https://www.pexels.com/photo/adult-blur-business-busy-271560/

4. Lock your devices

What can prying eyes access? Your Twitter, your Google Docs, your dating app, and others. They especially want to access your email address first. Let’s say your Google Docs account (where you keep grades stored), the thief can reset your password, and so they need to receive a confirmation email and approve the change. Once that is done, then they can change the email address designated in the account. Once that is done, then you’ve completely lost control of the account. Keep prying fingers and eyes out by setting a password or passphrase. All devices like smartphones, computers, and tablets all have an auto-close feature. Even with Windows 10, if you haven’t used it for a while, the screensaver activates, and to re-enter, you shake the mouse and then can be prompted to enter a password. Additionally, iOS devices (like iPhones and iPads) can be set to auto-wipe all data that’s stored on the device (not in your accounts) if the wrong password was entered 9 consecutive times.

5. Use a strong password

We cannot stress this enough. We know it’s said ad nauseam on the net, but a lot of people don’t really understand what this means. When hackers got into Adobe and stole their password database, at first, Adobe said something like, “It’s ok, all the passwords are encrypted, they can’t see anything”. The hackers then got to work to crack the encryption. A password might be “fluffybunnies”, which is encrypted to something like “dksdiud8393iegh8e48ej”. So, each letter or number corresponds to a real letter in the real password. It’s impossible to figure out the encrypted version of the password, except if parsed output corresponds to a real dictionary word. As it turns out, many years ago a huge number of Adobe users set their passwords to “password”, “12345678”, “adobe”, “adobe123”, or similar. The hackers only needed to figure out what combination of encrypted version will return a hit on a dictionary word like “password” or “adobe”. In actual fact, hackers broke the encryption for the entire database in a matter of days because so many people could use the word “adobe” and “password” for their password. Consequently, avoid using dictionary words, and other words like “password”, “adobe”, and of course “hellospaceme”.

So, how do you make a secure password? It’s easy. Answer this question, “What is your favourite song?”. Let’s say it’s “Firework”, by Katy Perry. The lyrics are:

Baby, you’re a firework
Come on let your colours burst
Make them go, “Oh, oh, oh”
You’re gonna leave them all in awe

So, take the first letter of each word, and add a symbol or number. The number could be the year you set the password, or your age. So, your password would be, “byafcolycb17”. Even if the password is decrypted by a hacker, it still looks like nonsense, and will be rejected. You’ll have won; Hackers 0, You 1. Finally, don’t use the same password for everything. Yahoo has been hacked not once, but so many times that we have changed our passwords many times in the last few years. So, make it a rule to, at least, change all your passwords the day before your birthday every year.

Finally

Finally, there are more ideas and advice that can be given, but this is just a start to whet your security-appetite (wow, I feel so awkwardly geeky writing that). In any case, look out for more articles from us. If you liked this article, please share it with friends and colleagues through your favourite social media.

News this week

Our regular summary of news in education and technology, and you can contribute. Submissions of tips and stories will be gratefully appreciated (Contact Us), and don’t forget to tell us your name and sources.

Technology

Many companies and regular people are currently learning the hard way the reason why keeping up to date software is vitally important. The WannaCry attack that began on Friday (BBC), infects Windows computers with older operating systems, or those that have not had recent security updates. We strongly advise you to update your operating system now, and all the anti-virus and anti-spyware software now. Do not use “free” software, only high quality paid-for versions.

Is HelloSpace.Me affected by WannaCry? No. All our software uses up to date security installations and patches. We also use up to date, strong, robust anti-virus and anti-spyware software. The website operating system runs on secure and up-to-date Linux, and also uses up-to-date anti-virus software. We prefer Linux as it is one of the most secure types of operating system, and is less of a target to hackers as Windows is.

What more can you do to be safe against WannaCry and other future threats? Follow and check technology news sites, blogs, and especially Twitter feeds regularly. We especially recommend The Next Web (TNW), Mashable, and the BBC. HelloSpace.Me follows these and more on Twitter, so following us and checking our retweets can help. Additionally, keep a backup of all your important data. This means do regular exports of your WordPress blog, your website, and keep these stored on a highly secure cloud service like Tresorit.

Finally, nothing is 100% secure. Keep redundant backups of everything. Also consider running an old computer on Ubuntu Linux instead of Windows, or have a Mac (vice-versa if you’re a regular Mac user). Having diversity of systems gives you security options, so you still have quality access to the internet, information, and resources. 

In other news, if you have this feature turned on, your WordPress software should have been automatically updated to version 4.7.5. You should have received an email confirming this. We strongly recommend that you turn on the auto update especially for security reasons. There will also be feature updates, which will make life better too. 

HelloSpace.Me

HelloSpace.Me will be at the JALTCALL annual conference in Matsuyama. Please swing by and talk to us.

We have some great Special Offers at the moment. See if you can benefit:

  • Special Offer for social media influencers: Announcement.
  • JALTCALL Conference, Want to get into the conference for free?: Announcement.

Conferences

Submit your 2-3 line conference announcement at Contact Us.

The Pan Asian Consortium of Language Teaching Societies and KOTESOL will be co-hosting their annual conferences at Sookmyung Women’s University, Yongsan-gu, Seoul, South Korea, from 21st to 22nd October 2017. Call for submissions due 31st May 2017. Details at KOTESOL.

JALT Computer Assisted Language Learning (CALL) annual conference will be 16th to 18th June 2017, at Matsuyama University, Ehime Prefecture, Japan. HelloSpace.Me will be there. Submissions have closed. Details at JALT CALL.

The British Association of Applied Linguists (BAAL) annual conference will be held in the University of Leeds, from 31st Aug to 2nd Sept 2017. Submissions have closed. Details at BAAL.

The Japan Association of Language Teachers (JALT) will hold their annual conference at Tsukuba, Ibaraki Prefecture, Japan, from 17th to 20th November. Submissions are already closed. Details at JALT.

The joint Applied Linguistics Conference for ALANZ, ALAA, and ALTAANZ has a call for submissions for their conference to be held on 27-29th Nov 2017, at Auckland University of Technology (AUT), Auckland New Zealand. Close of submissions was 1st May 2017. Details via ALAA.