Tag: microsoft

  • Adding pronouns to your Microsoft 365 profile

    Adding pronouns to your Microsoft 365 profile

    TDLR: I worked on a project at Microsoft to bring pronouns to user profiles in Microsoft Office / Microsoft 365.


    Rewind the clock to mid-2019, myself and Margrete Sævareid at Microsoft Development Center Norway slowly started working on a new project; to allow users to add their pronouns to their Microsoft Office profile.

    At that time, the project was “unfunded” and so our job was to work around our day-to-day tasks and gather the necessary research and make the required presentations to the right people to get the project funded.

    As 2019 came to a close, we were sat in Microsoft HQ in Redmond with colleagues from all corners of Microsoft and LinkedIn, hosting an initial “kick-off” meeting.

    A short time later, in February 2020, we were both sat in the offices of Microsoft Research New England ready to undertake some fundamental research with esteemed researcher Mary L. Gray and the team.

    It’s been 3 years since the trip to Boston, but Microsoft have recently announced and listed pronouns as being something you can add to your Microsoft 365 profile.

    🎉



    Since the inception of the project, there have been many people working on the addition of pronouns to the product suite – and I definitely lost track of who was involved throughout the process after moving teams within Microsoft and leaving this project behind towards the end of 2020.

    So, whilst I was not part of the team that finally got to launch the feature to the world, I feel so grateful that I was able to lay the foundations for this project. It was definitely a passion project of mine from day one, I was sad to move off the work, and I’m very excited to see how it develops.

    There’s a lot that I would love to share about the process behind the initial stages of this work, but I’m not sure what I’m allowed to say.

    I truly hope that with the new capabilities you feel like you are better represented at school or work – whether you are transgender, non-binary, or were simply blessed with a name that people commonly misgender.

    🥰

  • Know when you are being scammed and how to report it

    Know when you are being scammed and how to report it

    Quite often when people say they have been “hacked” it turns out they haven’t been hacked. They’ve often fallen victim to something called “phishing”. That’s the term used when someone creates a fake website that looks like a real website to trick you.

    You might often get emails that look like they are from your bank and then link you off to a website that looks like it’s from your bank – and they ask for all your login details – tricking you into handing over important information to the scammers.

    Don’t feel too bad if you have fallen victim to this recently, or in the past. The web pages that people create for phishing are looking ever more real and professional. I discovered one recently that even went as far as getting a security certificate to show a little padlock icon to make you think you’re safe.

    The Exodus Phishing Scam

    I recently highlighted a phishing site pretending to be Exodus, but even after a manual independent review, the reviewers said there is “No threat found”. That’s because it’s a very convincing fake.

    An email landed in my inbox claiming that 94,000 of Exodus customers have been hacked and need to update their 12 word seed phrase and pin number. Yet, I know that giving away your 12 word seed phrase and pin number is like giving a car thief the keys to your car.

    A screenshot of a phishing email claiming to be Exodus wallet.
    A very convincing looking email, advising me to update my passphrase.

    If you receive an email like this and you aren’t sure whether it’s real – do not click any of the links or buttons in the email. Close the email, open your web browser, and go directly to the Exodus website. This is a simple way to avoid getting phished from email; when the email is asking you to update or give some personal or security information never click any links in your email.

    Clicking the link in the email might save you the 10 seconds it takes to open a web browser and type in the website name yourself – but spending the 10 seconds to do it manually will save you from getting phished.

    But since I know what I’m doing…

    I clicked the “Update” button. It takes you to a fake website which had my email address added to the end. This helps make it look legitimate, but also for the scammers to know I’ve been blind enough to fall for the scam.

    Everything looks like the official Exodus website. If I do a web search for ‘Exodus wallet support‘ I will find the official support website. At the time, this was http://support.exodus.io and the website I was taken to by the email was not exodus.io.

    Here is a comparison of the fake site, versus the real one.

    Looks pretty real, huh?

    There are sections of the Exodus Support website which say that they would never ask for your 12 word seed phrase. No website or customer support should ever need to know your seed phrase and so alarm bells should ring at this point.

    And whilst the fake site looked real, the scammers will rarely copy the whole website. This means that clicking the navigation doesn’t go anywhere. The Products, Support, Community, and Download links all keep you on the same page, asking for the seed phrase.

    But, this looked like an official email. And the website looks quite real. And if I look in my web browser, there is a little padlock assuring me the website is safe!

    Wrong.

    We’ve been told to trust the padlock. If you see a padlock in your browser, the connection is secure – everything is safe, right? But this just means the you have a safe connection between your computer and the website you are visiting. The padlock doesn’t tell you if the website is real or fake. If that website is a scam website, the padlock confirms you are safely connected to the scam website. Nothing more.

    On closer inspection — the official Exodus team use Cloudflare to verify the connection to their website. The fake site uses a different provider; Let’s Encrypt. There is no good reason why one company would use two different companies to issue their security certificate.

    This isn’t something I would expect most people to pick up on. On seeing the padlock, people presume the site must be legit. But in this case, it’s not.

    These are the biggest tell-tale signs:

    1. The email is asking you to update or provide personal or security information AND provides a quick link to click to update your details.
    2. The website address is not the same as the official website — if you are unsure, use a search engine to get to the official website before signing in or giving away information.
    3. Often, none of the other links on the website work. This is not a fool-proof way of detecting a scam, but you can try clicking around the site before you start entering information to see if the website is real.
    4. Don’t enter information on a website without the padlock icon. But also know that the padlock icon doesn’t tell you whether the website is real or fake.

    How to report phishing

    If you receive an email or find a website you think could be trying to trick you out of some information, you could simply ignore it or delete it. However, there are people out there who aren’t as savvy or aware as you – and with just a few clicks, you can help protect them from falling for the scam.

    A lot of the big tech companies try to stop you getting scammed. If they know a scam site exists, their apps will jump in and tries to protect you. It sometimes looks like this:

    But to know these sites exist, they need people like you to report them. And you can do that in a few different ways; by email address, or visiting a website.

    Reporting phishing by email

    This is a very straight forward approach. You receive a phishing email and before you delete it, choose the “Forward” option in your email app and send it to one or all of these email addresses:

    phish@phishtank.com, scam@netcraft.com, phish@office365.microsoft.com, report@phishing.gov.uk

    This will send the fake email and any websites to companies like Phishtank, Netcraft, and Microsoft who decide whether they think it’s a phish or not. If they do, they’ll block it for everyone.

    Interestingly, the last email address sends it to the UK Government who as of 31st March 2021, received more than 5,500,000 reports and work with hosting companies to remove links to malicious websites.

    Report phishing manually

    Google! That’s the big one. There are so many Google Chrome users that you should probably report any phishing to Google. Unfortunately, they don’t have an email address to forward your junk to. You have to use the Google Safe Browsing Report a Phish form.

    This means you’ll have to manually copy and paste links across into the form. So tedious. I’d expect something more from Google, but it is what it is.

    Russia’s answer to Google – also allows you to manually submit sites to Yandex. This means people using Yandex browser for desktop and mobile, Yandex mail, Yandex DNS and other Yandex services I don’t really know about will benefit from your reports.

    You can report manually to both Phishtank and Netcraft too, but they have the email address for quick-submission.

    Stay safe

    So, that’s pretty much it. Be aware of what you are clicking on and what information you are about to leak.

    If you find a phish, help others catch it first by reporting to the email addresses or websites mentioned above.

    Good luck out there on the wild west web.

    If you ever want to geek out and chat with me about internet privacy and security – drop me a message via Matrix to @matt:gossip.land or via Mastodon to @matt@oslo.town

  • The best web browser for iPhone

    The best web browser for iPhone

    Apple have updated (or will soon update) your iPhone to iOS 14 – a shiny new version of everything Apple for your handheld computer. One of the new features of iOS 14 is that you can change your default web browser away from Safari.

    But why would you want to?

    To be honest, Safari on iPhone is a pretty good web browser, but using other web browsers have other benefits. Maybe you want one that is going to protect your privacy more aggressively? Maybe you want to use a different search engine? Maybe you want to sync your bookmarks between your computer and phone?

    Whatever your reasons, there are lots of web browsers to choose from. And below, I’m going to go through the most popular and best alternatives to Safari for your iPhone.

    A lot of this info is entirely subjective. I used to work for a web browser company for 5 years, and now work at Microsoft (who have their own web browser) – so I would like to think I know what I’m talking about.

    Here we look at 11 web browsers. From worst to first.


    Google Chrome logo icon

    11. Google Chrome

    Ok, one thing you should be aware of is that I am pretty much anti-Google. They are the biggest advertising company on the web. Their business model is to know as much about you as possible.

    Google Chrome is the default choice for many web users. It works well. And, if you are happy with using Google, then continue to use Google. But if you value your privacy in any way, the maybe don’t use Google or Google Chrome.

    The browser itself isn’t that bad but Google owns a monopoly on the internet so it might be nice to support someone else.

    Official Site · Google Chrome on the App Store

    Cake Web Browser logo icon

    10. Cake web browser

    This web browser disappoints me so much because it had so much potential and then just turned out to be… trash.

    I loved that when you did a search, instead of showing the results page, it opened the top results in tabs that you swipe between. And the home screen had cool illustrations – and the app icon was nice.

    But then you couldn’t really pick from a good amount of search engines, and then they switched out the cool home page with lots of celebrity news and other crap.

    The way the product developed screamed that they are torn between making a good product and making money. And their desire to make money is killing their product.

    Official Site · Cake web browser on the App Store

    Brave web browser logo icon

    09. Brave

    Started by Brendan Eich – known for being the creator of the JavaScript programming language, co-founder of Mozilla, and opposing same sex marriage.

    Brave is privacy-focused and block trackers. On one hand they are stopping you from from seeing adverts on websites. Then with the other hand, they serve you “privacy respecting” ads themselves and pay you money to see them. Well, they pay you in cryptocurrency.

    The browser itself isn’t bad, but the way their advertising model works benefits Brave as a company more than anything else. Oh, and did I mention that Brendan Eich opposes same-sex marriage?

    Official Site · Brave on the App Store

    Qwant logo icon

    08. Qwant

    Based in French France, Qwant is another web browser made by a search engine company. As a search engine, they promise not to track you as you search. As a web browser, they are very basic.

    I like when a European company steps up and offers a privacy-driven alternative to the technology giants in the United States of America. So, I can fully get behind Qwant in that regards.

    But building a browser is not their focus. Updates are slow. At the time of writing, their app hasn’t been updated for 10 months – which is a lot of bug fixes you are missing out on.

    Official Site · Qwant on the App Store

    Ecosia logo icon

    07. Ecosia

    The Germany-based search engine that plants trees with their profits has their own web browser. And it’s… very average.

    By far the biggest selling point about Ecosia is their commitment to environmentally friendly projects and, during this battle against climate change, it’s a very welcomed addition to the search engine market.

    I can highly recommend the search engine. But, as a browser? Average.

    Official Site · Ecosia on the App Store

    Yandex browser icon logo

    06. Yandex

    Imagine Google, but in Russian.

    Yandex is Russia’s answer to Google and whilst that might sound scary to some, it’s probably no more scary than using Google Chrome.

    Presuming you have a Yandex account, you can sync everything with Yandex on your computer, it has a Turbo Mode to load pages faster if your internet is slow, has a nicely presented news section called Zen.

    It’s a polished product and nice to look at, but is that enough for me to use it? Their ad blocking and search engine options are basic, so, No. Probably not.

    Official Site · Yandex browser on the App Store

    Firefox Focus Logo Icon

    05. Firefox Focus/Klar

    Firefox Focus (or Firefox Klar if you are in a German-speaking nation) is a lightweight version of the full Firefox browser. It’s a privacy-focused browser with all the tracking protection and content blocking of the standard Firefox.

    Where Firefox Focus differs is that every time you close the web browser, it deletes all information about what you were doing. That means it logs you out of all sites, forgets your browsing history and basically self-destructs. Nice for privacy, but a real pain if you want to stay logged into a specific website.

    What you can also do is have Firefox Focus installed and then set it as a Content Blocker in Safari – which means you can use Safari with all the privacy protection of Firefox. Nice.

    Official Site · Firefox Focus on the App Store

    Duck Duck Go Icon Logo

    04. DuckDuckGo

    A privacy-based search engine making a web browser. And, from a privacy angle, they do a pretty good job. The browser has a variety of built-in features to keep you from getting tracked online.

    Much like Firefox Focus, DuckDuckGo has a self-desctruct mode for when you are done with your browsing and want to delete all traces of whatever filth you were looking at.

    Is it private? Yes. Does it only let you search DuckDuckGo? Yes. Is it a pain to stay logged into websites? Also yes.

    Official Site · DuckDuckGo on the App Store

    Microsoft Edge logo icon

    03. Microsoft Edge

    Microsoft don’t have a great reputation when it comes to web browsers but, I have to admit, Microsoft Edge is not that bad. Especially if you use Microsoft Edge on a Windows computer too.

    Sign in with your Microsoft Account and everything will sync between your Windows computer and your phone. The default search engine is Microsoft Bing – but as you use other search engines they appear in the settings so you can switch your default.

    However, syncing is Microsoft’s thing. They, like Google, want to know as much about you as possible. You are encouraged to share your browsing data and opt-in to a “personalised experience”.

    Official Site · Microsoft Edge on the App Store

    Opera Touch Icon Logo

    02. Opera Touch

    This browser has two of my favourite features of any mobile browser;

    The Fast Action Button – where all menus are hidden behind one button which fans out as you hold your thumb on it. Nice!

    A built-in cyptocurrency wallet – so you can send, receive and buy Ethereum straight from your browser and sign into services like CryptoKitties.

    Other than that, the app is fairly standard. It does ad blocking. You can pick from a fixed list of search engines. It doesn’t sync with your computer, but will let you send pages between your phone and Opera on your computer.

    Most of the time, I enjoy using this app. But then sometimes I don’t because it lacks a bit of polish in places.

    Official Site · Opera Touch on the App Store

    Firefox Logo Icon for iPhone

    01. Firefox for iPhone

    Mozilla, the makers of Firefox, have gone for the privacy angle. Today that is their bread and butter and so include some content blockers to make sure the big evil tech companies aren’t tracking you as you browse the web in an attempt to sell your information.

    They also let you customise the search engine. Don’t want to search using Google? Good. Then switch to whatever search engine you want. You can pick one of the search engines bundled with the app or add your own.

    Sign in with a Mozilla account and you can sync all your bookmarks between your phone and Firefox for your computer.

    The way the app is designed is… okay. It doesn’t look super sleek in places, and can sometimes feel “clunky”. But, it’s a solid web browser and comes with a good hearty recommendation from me.

    Official Site · Firefox on the App Store


    Conclusion

    As I started to write this blog post, I didn’t really know where it was going to end up or which browser would top my recommendations; and it turned out it was Firefox for iPhone.

    But, that said, I would immediately change the default search engine in Firefox away from Google to something like tree-planting search engine Ecosia, or a privacy-respecting search engine like Qwant or DuckDuckGo.

    Ideally, I want a good privacy-based web browser with a built-in crytocurrency wallet that isn’t made by a multi-million dollar tech company in the USA. I guess the closest you get to that is Opera Touch – which is a Norwegian company, majority-owned by a Chinese consortium, with the product team based in Poland (I think).

    Respectable companies like Qwant and Ecosia, whilst based in the EU, apparently don’t have the resources to make both a good search engine and a good web browser. They rightly focus on their primary product; search.

    But Firefox for iPhone is probably the best all-rounder. It’s good on privacy, it lets you customise the search engine, you can sync between your computer and mobile. Mozilla are a US-based not-for-profit organisation and don’t harvest, sell or monetise your personal data.

    I guess that’s as much as we can expect from a web browser in 2020.

    Worth mentioning

    If privacy is really high on your agenda, you could also check out Onion browser – which runs on the Tor network. If you know what the Tor network is, you probably know which browser you want to use anyway.

  • Links of the week: Planting trees, hacker news & self-reflection

    Links of the week: Planting trees, hacker news & self-reflection

    Some weeks you can feel like you can do a lot but have nothing to show for it. This week almost feels like one of those weeks. I have been busy, but I can’t tell you what I’ve done. And not because I am keeping it a secret.

    This weekend is coming to a close. Amid meeting friends and volunteering at the Red Cross, we managed to clean the apartment, put up some picture frames and take a nice walk through Oslo.

    Here’s a round up of things that have happened elsewhere:


    A photo of a green tree

    Planting trees in Australia

    Ecosia, the search engine that promises to plant trees around the globe, is putting 100% of it’s profits from this Thursday towards planting native, subtropical trees in the Byron Bay area of Australia.

    All the details of the initiative are on the Ecosia blog. If you needed an excuse to move away from Google, at least for a day, there isn’t a better reason. Try it now.


    A screenshot of the website copychar.cc in Brave browser on Mac OS

    ℃opy ⅋ Ƥaste

    Do you often need a special character in your writing, but you don’t know the secret keyboard shortcut? You need CopyChar. Just click or tap on a character and it will be copied to your clipboard.

    I used to use CopyPasteCharacter for the same job, but they use Flash player and that’s dead wood.


    A picture of Saudi Arabia's crown prince meeting Jeff Bezos. They both are sitting in what looks like a hotel room, dressed in suits and laughing together.

    The crown prince of Saudi Arabia showcases elite hacking skills

    Apparently, the crown prince of Saudi Arabia, Mohammad bin Salman, sent an infected WhatsApp video to the world’s richest book store owner, Jeff Bezos. You might also know him as the big boss man of Amazon or Washington Post owner.

    After opening the seemingly innocent video, large amounts of data were exfiltrated from Bezos’s phone within hours, according to a person familiar with the matter. This was not too long after the crown prince toured the US meeting everyone from Donald Trump to Bill Gates to Oprah and The Rock.

    Should you care? Probably not. But you should probably care about your own digital security and privacy. You can get some great tips and tricks from privacytools.io.


    An image of a security camera attached to a blank wall

    EU look to ban face-recognition technology

    According to a white-paper draft obtained by Politico, the EU are looking to ban the use of facial recognition technology in public spaces for the next five years. This would allow time for the introduction of proper regulation.

    In true Silicon Valley style, today’s facial recognition technology is not good at identifying women and people of colour and 46% of folk in the UK want to opt-out of being recognised. Another reason to have stuck with the EU membership.

    Google and Microsoft representatives have slightly different opinions on the issue. Coincidentally, Microsoft sells such technology to government agencies.


    An illustration of an office worker sat at a desk thinking about various things.

    Pause before you begin

    As we race towards the end of January, maybe it’s a good time for some reflection of the 11 months ahead. 99u have pulled together a guide based around 6 key areas of assessment based on a model published in 1976 by Dr. Bill Hettler.

    Or for a different take, try these 13 prompts for planning creative resolutions which can be used as talking points when having a word with yourself.


    Bye.