Free Phone Calls... With a Catch

I've been sitting on this one for a few days, but finally have gotten around to writing about it. It's a doozy: A company called Pudding Media has launched a web-based phone system that lets you call any phone number in North America and talk for free, as long as you want. The catch: The company listens in on your call and serves up ads based on what you're talking about.

Pudding is a VOIP operator, much like Skype, so you have to use a computer and a microphone or headset to make your calls. That's critical to the Pudding experience, as the ads are delivered on your computer screen (rather than via commercial-like audio interruptions). Of course, it wouldn't make sense for a human to listen in on your call and push a button to send you an ad. Voice recognition software listens for keywords. An example cited by the New York Times says that Pudding could offer movie reviews and ads for films if you're talking about the latest blockbuster.

Pudding says it does not keep recordings or logs of call content, but that's little consolation to those who find this an egregious privacy violation. For its part, Pudding says this is no different than what Google does with Gmail, offering ads related to what people are emailing you about, and arguably with more of a paper trail than a telephone conversation.

But is it? There's something indescribably different about a phone conversation than an email. It's more intimate, more personal. I'd have trouble using Pudding's system for all but the most trivial of phone calls. Still, I'd also have no problem trying it out and getting an account in case of emergencies. (I'm currently on the waiting list to join the beta, which you can join as well at thepudding.com.)

Would you give Pudding a try? More than once? Are free phone calls worth it? Be careful how you answer: Pudding notes that people actually change what they're talking about based on what the ads delivered on screen are. That's a little spooky, if you ask me.

How to Secure the Data on Your Laptop

Reader Jessica writes: I am an in-house investigator (not law enforcement) looking for laptop safety software. I've read on some of the "hardcore" techie pages that I need specialized encryption software to keep emails and files safe when I'm on my home wireless network. I'm planning on getting the Dell XPS 1710 for the road and working from home and know that it comes with the basic security suite. However, I'd like to be able to recommend something I can use on the laptop to the firm as well. I can't seem to convince the head honchos that information security is a huge problem!

Securing the data on a laptop computer requires a multitude of applications. The good news is that you're probably already running many of them. Here's a rundown on what you need, and what each application actually does.

Antivirus - The first line of defense; you are probably quite familiar with tools like Norton, PC-cillin, McAfee, etc. I've written about free antivirus options here.

Anti-spyware - The second line of defense; spyware blockers protect you from the other half of the malware out there. Install both Spybot and AdAware; both are free. I've written on how to clean a spyware infection here.

Firewall - A firewall protects you against direct attacks over the internet. Unlike viruses and spyware, these attacks don't arrive via a carrier application. Often they are "denial of service" attacks, which aim to simply disable your computer altogether, as long as the attack continues. The best firewall is the one on your router, so make sure it's turned out. Also turn on the built-in Windows Firewall. It does a fine job. I don't bother with additional firewalls unless the security need is extreme. In that case, ZoneAlarm is the one I'd recommend.

Data encryption - Things get more serious when we talk about encrypting the data on your PC. Encryption essentially scrambles everything on the computer unless the proper password is given to unlock it. You can also set up encryption to protect your email, but this is a more complicated process, as the recipient generally must also use the same encryption process to decode what you sent them. Just remember, encryption is only as good as the password you use to lock it. Windows Vista Ultimate Edition includes an encryption system called BitLocker. If you have Ultimate, definitely give it a spin. There are myriad encryption tools out there, most of which are free, which will encode your hard drive for you. Some are easy, some are difficult. Search around until you find one you like and which has positive reviews. You might start with FreeOTFE, which is pretty simple and rock solid. Be aware that encryption software will often slow down your PC considerably because of the complexity of the calculations it has to do.

Theft recovery - LoJack for Laptops (I've written about it many times) can help you out if your gear gets ripped off.

Additional tools (optional) - Many laptops include biometric scanners (fingerprint scanners) to help lock out unauthorized users. I find them more trouble than they're worth, but for sensitive data scenarios I'd recommend using one if your laptop includes it. Read the LoJack link above fore more commentary on how fingerprint scanners can interfere with LoJack.

Remember that all of these tools will only work as long as you keep them up to date with current data definitions, frequent scans, and with good passwords. Like most things, good security comes down mostly to common sense. Remember that laptop theft is the most common computer crime out there. Keep your machine out of sight and secured with a cable lock whenever you're unsure of your environment's safety.

How to Pick a Genuinely Secure Password

When it comes to security, Bruce Schneier is a god among us mere mortals. He has written some of the most influential books on computer security and cryptography ever printed, and his blog is essential reading for anyone on the Internet.

So when Bruce says here's how to create a secure password (and how he creates his own passwords), I listen. His post on the topic is extensive, so I'll try to boil it down to the essentials. If you have the time, I encourage you to read the whole thing, though.

First question: How are passwords cracked, anyway? Primarily through brute force "dictionary" attacks, where software tries to guess a password by running through a series of common phrases or words in various combinations. Sure, we know that "password" and "qwerty" are easy to crack, but password crackers have gotten much more sophisticated these days. Now, they check hundreds of these common "root" passwords (here's a list)... in combination with various "appendages," including all two- and three-digit combinations, single symbols (like ! and ?), dates from 1900 on, and a few others. The crackers also sub in common characters like "3" for "E" and other typical hacker-speak substitutions.

What's that mean? Basically, if you thought the safe-looking pigl3t9! was a secure password, you're sadly mistaken. Any modern password cracker will suss it out in a matter of minutes.

Before you begin to despair, Schneier offers simple rules on how to create a password that cannot be easily cracked by such methods. (Mind you, given enough time, any password can be cracked, though. But this will make it much harder.)

The trick is to use a "root" that is not in that list that I linked above, and to put your "appendage" (or two of them) in an unusual place: Either in the middle of the root or at both the beginning and the end.

Schneier's example is to use a word that you can pronounce but which is spelled "wrong": armwar or pitchsure or baysball are all examples. Then attach your appendage(s): arm9!9war or 1066pitchsure6601 or bay1776sball. It shouldn't take much effort to commit any of these to memory.