Saturday, December 16, 2017

Stop Tracking Cookies using a whack-a-mole

Block advertising cookies, and email tracking 1-pixel graphics using this technique.  This is an admittedly a whack-a-mole solution, but it works for all software installed on your PC.  This technique is known as a DNS Sink Hole.

While surfing, websites drop tracking cookies (tracking files) on your computer and these can track where you have been and what advertisements you should receive.  These can also be used to raise prices on car rentals, hotels and air fares.

Not all cookies are bad.  Some keep you logged-in as you move from, say, one Google product to another (Gmail, Youtube, etc.).  And others, such as your bank, use them to help control the current banking session.  But a majority benefit only advertisers -- and not you.

This article discusses how you can control and tame them.

2018.01 Update: See this alternate keyliner article: Building a dedicated DNS Server Appliance for a more elegant way to use a DNS Sink Hole.  This article uses a Raspberry Pi and Pi-Hole software and I have now switched to this new design.  This article is simpler and easier to implement, but only works for one PC at-a-time.  The Raspberry Pi solution works for all devices in your network, including laptops, tablets, phones, and macs.

These instructions are for Windows 10 but will work with all versions of Windows.

A lot of the sites I visit now feature this graphic -- and I am happy to see this:

In other words, I have successfully blocked from even knowing I am browsing that page.  This is neat, but a bit geeky.

New: 2017.12 - You can also use this technique to block the most common email-tracking techniques.  I have added a list of the 30 most popular email-trackers to the Host file below.

An Interesting Test - Try this:

To give you an idea about how they are being used:  Try booking a fictitious airline flight on any site, such as Delta, or Expedia.  Note the cost.  Go to another site and search that same flight's date/time, then return to the original site and look again.  You will find the cost is $15 to $20 higher.  They are trying to scare you into the purchase.  Clear your browser's cache and cookies, and reboot your router (to get a new external IP address), and search again.  The price will have dropped back down. 

This is technical article, and if you follow all the steps, it is a whack-a-mole problem, 
where you have to do some chasing.  But it is relatively easy to do, 
a bit fun, and geeky.  This is low-risk because everything can be un-done. 

1. Start Here - Drop Third-Party Cookies

All computer users, using any browser, should do this step, even if you do not follow the rest of this article.

Make your browser erase third-party cookies when the session ends.  This allows any site to create cookies as it-sees-fit, but then, when you are done, they are all erased.  This is recommended.

The settings are:  "Always accept third-party cookies" -- but set them to "Keep until you close".

Steps vary, depending on the browser. To avoid cluttering this article, see this keyliner article for Firefox, Chrome, IE, and Edge:

Keyliner link: Disable third-party Cookies.

Again, do these steps, even if you don't do the remaining steps in this article. 

2.  Research Ad Domains

Using your favorite browser, browse all the sites you like to visit.  For example,,,, etc..  Spend a few minutes browsing around.  Open an article here-and-there.  Just poke-around, loading-up your cookie inventory.

Using your browser's Options or Settings menu (see steps above), look at the cookies gathered.  You will find these in the browser's Options, "Privacy" area. 

For example, Firefox, select the hamburger-menu (tools, options), Privacy, "Show Cookies"

click for larger view

In the cookie list, look for cookies that might be advertisements and write them down in a notepad file.  For example, I found these obvious candidates after surfing MSN and Yahoo (see end of this article for a complete listing):              #Note the .co, not .com

Ignore those that belong to the site you are surfing, such as or; these are undoubtedly needed for the site to work properly.  Ignore those cookies on sites you like to do business with, such as Amazon, twitter, your bank, etc.  For duplicates, such as "", and "", combine into their domain name, "".  The list is not order dependent.

3.  Install and Run the Acrylic DNS Service

This gets geeky, but the steps are easy.  Your Internet Service Provider provides Domain Name Services when your computer connects to the Internet.  The DNS resolves names, such as "" to its real internet ipaddress, e.g.

This next series of steps installs a new DNS service on your computer.  This intercepts DNS requests at your machine and gives you a chance to insert your own values.  Sounds complicated, but it is not. 

As a technical aside, for those who know this trick, the Windows etc Hosts. file does not work well in this situation because etc-Hosts does not allow "wild-card" domain names.  Because of this, this article replaces the Windows DNS and etc.hosts with a new product.  There are many to choose, I am using "AcrylicDNS".  As a benefit, Acrylic points to Google's Domain Name Controllers.

A.  Locate the Acrylic Download

Google this search term, "Acrylic DNS", locating their home page.

or click this link, as of 2017.06:

(Note: This is now a SourceForge link.  When arriving at the download page, ignore the registration screen.)

-Select Download Setup for Windows
-Download and save "Acrylic.exe" to your downloads folder
-Open the folder (open containing folder)
-Launch "Acrylic.exe" and install, accepting all defaults

The install will not create a desktop icon or tile in your Start Menu -- there is no need because this is a background program.

B.  Configure your Network Adapter

Once installed, follow the steps on the Acrylic home page for configuration.  In the home page, scroll past the release notes and find the "How to install Acrylic" instructions.  They have well-documented steps for Windows 7 and Windows 10 -- click the link for your operating system.

In summary,
Open the "Network and Sharing Center" Control Panel
Click "Change Adapter Settings"
On your adapter(s) - see illustration directly below

Change IPv4's "Use the following DNS server addresses: "  to
Change IPv6's "DNS Server Address" to ::1  (colon-colon-one)


where "" indicates your local PC (do not use your PC's local IP Address, you must use  (or ::1 for ipv6).

Do this for each active network adapter. 
Desktops typically only have one.  Laptops may have two, typically called 'Ethernet' and 'WiFi.'  Do not set this for your bluetooth adapter, if present.  If needed, see Acrylic's site for more detailed, and illustrated instructions.

C.  Run the Service

From the Windows 10 Start Menu (tile menu), type "Services.msc"

-In the Services list, Acrylic is probably the first on the list
-Click the service once to highlight
-Other-mouse-click the service name, choose "Start" (or Restart)
-Close the services window

Note: This starts the new DNS server.  There is no indication the program is starting; it runs in the background as a "service."

You are almost done.

4.  Edit the Hosts File

A.  Return to the Windows Start Menu (tiles menu). 

B.  Again, search for "Acrylic" in the search area

C.  Click  "Edit Acrylic Hosts File" 
(or alternately, from Notepad, File Open, "C:\Program Files (x86)\Acrylic DNS\AcrylicHosts.txt"  (your path may be different))

E.  In the opened Notepad document ("AcrylicHosts.txt"),

Scroll to the bottom
Paste all the domain names recorded from your research steps.
Add a ""  and a carrot ">" to the front of each domain, one domain name per line.

For example: becomes         >

See file illustration, below, where carrots are greater-than-symbols

where:   - redirects all traffic for this domain to your local PC, bypassing the net.  The traffic will not be able to resolve and it will simply die, with nowhere to go.  The advertising cookie or advertisement will not appear in the browser.  This was your goal!

The carrot (greater-than-symbol) >  - acts as a wild-card, saying all addresses ending in this domain.  Acrylic supports wild-cards whereas the Windows etc.Hosts. file does not.  This is why you installed Acrylic.

Use spaces after the to make a cosmetically pleasing look to the file.  Make them as wide as you want, but use at least 3 spaces. 

My AcrylicHost.txt file looks like this:

Click for larger view
F.  Save and close the file.

Below, is a copy-and-paste version of my blocked domains.  You are welcome to copy.  

Restart the Service

With every saved-edit in the AcrylicHost.txt file, you must manually restart the services (or reboot) for the changes to take effect. 

A.  Start, Run (or Windows-R), type "Services.msc"

-In the Services window, locate the Acrylic DNS Service.
-Highlight Acrylic
-Restart the Service, as illustrated 


In your browser's Privacy area, clear all cookies.  Re-browse MSN, etc., and then re-examine the stored cookies.  None from the hosts file will be there.  You have blocked them.  They cannot track you.


You can be aggressive with the hosts file, adding hundreds of entries.  If you block domains that drop cookies, they will quietly and unobtrusively fail and you will never even know the attempt was made. 

If you block a domain that is presenting an advertisement or banner ad, the ad will not appear on the page and instead it may display a red-X or a short text saying "server cannot be reached".  In effect, this is similar to ad-blocking.  This can make some pages look strange -- but no ads from that domain!

Be careful about blocking all domains.  You usually cannot block domains/cookies that drive the site itself (eg.,  If you block > (go ahead and try this; remember to restart the service), you will not be able to open any pages on Facebook.  This is an effective way to block sites.

Changes to the host file affect all browsers simultaneously.  No additional work is required.

By default, Acrylic uses Google's DNS servers for all name resolutions, bypassing your ISP's domain services.  Google is a trustworthy source for DNS and I like the idea of this change.  By using Google for your DNS, your ISP will have a harder time slipping-in their own advertisements into your data-streams.


For documentation, use these steps to undo everything and return to a standard Windows setup:

1.  Open the Network and Sharing Center control panel:

2. Select "Change Adapter Settings"
3. Select your Ethernet Adapter, Properties
4.  Select "Internet Protocol Version 4 (TCP/IPv4)
5.  Change from "Use the following DNS Server Addresses" to
     (*) Obtain DNS Server Address Automatically
6.  Select "Internet Protocol Version 6 (TCP/IPv6)
     (*) Obtain DNS Server Address Automatically
7.  In Control Panel, Programs and Features, Un-install Acrylic DNS.
8.  Reboot

Here is my current AcrylicHosts.txt file.   Now includes email tracking pixel vendors!  When pasting, you may need to change all ampersand-GT's to >
I will change this often.  Last Edited 2017.12.15.

#                   #
#                   #
# This is the AcrylicHosts.txt file.          #
#                   #
# It contains predefined mappings between domain names and addresses the #
# same way the native Windows HOSTS file does but with a few upgrades.  #
#                   #
#                   #
# Where IPADDRESS is in dotted-quad notation for IPv4 or in colon-separated #
# groups for IPv6 and DOMAINNAME1, DOMAINNAME2 and DOMAINNAME3 are strings. #
#                   #
# Domain names can contain wildcard characters '*' (matches zero or more #
# characters) and '?' (matches exactly one character):      #
#                   #
# ad.* ads.*              #
#                   #
# Domain names can be regular expressions if starting with a '/' character: #
#                   #
# /^ads?\..*$              #
#                   #
# Note that there's no final '/' at the end of a regular expression. More #
# info about the regular expression engine and its syntax can be found at: #
#                   #
#              #
#                   #
# A '>' character at the beginning of a domain name is a convenient #
# shortcut for representing all domain names ending with what follows after #
# that character. For example an entry like this one:      #
#                   #
# >              #
#                   #
# Is equivalent (and internally is expanded to) an entry like this one:  #
#                   #
# *           #
#                   #
# When using wildcard characters or regular expressions you can specify #
# exceptions like these for example to filter out all ads.* like domain #
# names except for the ads.test1 and the ads.test2:       #
#                   #
# ads.* -ads.test1 -ads.test2          #
#                   #
# For easier maintenance of HOSTS files coming from multiple sources it is #
# also possible to "include" external HOSTS files using the following #
# syntax (the line must start with a '@' character followed by a space and #
# then by a relative or an absolute file name):        #
#                   #
# @ AcrylicHostsGroup1.txt             #
# @ AcrylicHostsGroup2.txt             #
#                   #
# A line starting with the '#' character (and everything after it if it's #
# found within a line) is considered a comment and therefore ignored.  #
#                   #
# Note: If all domain names are provided in ascending order Acrylic will be #
# able to load them much faster (avoiding a costly sort at the end of the #
# load and parse process).             #
#                   #
# Restart Acrylic services with any change localhost localhost.localdomain
::1 localhost localhost.localdomain    >    >    >    >    >    >    >    >    >   #email tracking    >    >    >    >    >  #email tracking    >    #email tracking    >    >  #email tracking    >    >      #email tracking    >  #email tracking    >    >    >    >    >    >    >    >    >      #email tracking iko system also velocify    >     #email tracking    >    >      #email tracking    >    >    >    >      #email tracking    >    >    >    >    #email tracking    >       #Note the .co, not .com    >      #email tracking    >     #email tracking    >    >     #email tracking    >    >    >    >      #email tracking    >    >     #email tracking    >    >    >       #email tracking    >       #email tracking    >    >     #email tracking    >    >      #email tracking    >      #email tracking, now hubspot    >     #email tracking    >    >    >streak.comp    >    >    >    >    >      #email tracking    >    >    >      #email tracking Velocity Pulse    >    >    >    >      #email tracking

# or copy details from here.   Restart Acrylic services with any change localhost localhost.localdomain
::1 localhost localhost.localdomain       >       >       >       >       >       >       >       >       >      #email tracking       >       >       >       >       >    #email tracking       >       #email tracking       >       >    #email tracking       >       >           #email tracking       >    #email tracking       >       >       >       >       >       >       >       >       >            #email tracking iko system also velocify       >          #email tracking       >       >            #email tracking       >       >       >       >            #email tracking       >       >       >       >       #email tracking       >              #Note the .co, not .com       >           #email tracking       >         #email tracking       >       >         #email tracking       >       >       >       >           #email tracking       >       >         #email tracking       >       >       >             #email tracking       >              #email tracking       >       >         #email tracking       >       >           #email tracking       >            #email tracking, now hubspot       >          #email tracking       >       >       >streak.comp       >       >       >       >       >            #email tracking       >       >       >           #email tracking Velocity Pulse       >       >       >       >            #email tracking

Related article:
See this alternate keyliner article: Building a dedicated DNS Server Appliance using a Raspberry Pi and Pi-Hole software.

Excel - Trim formula not working - Solution

Excel - Trim formula is not working.  Leading or trailing spaces not being removed from Trim.  Other formulas are working correctly.

For example, =Trim(A1) was not working, or was not working as expected.  Leading or trailing spaces remained.

Likely Issue:
The "space" character is not a true (ascii 32) space.  It is a non-breaking-space, probably from MSWord.

Likely Solution:


A1 is the cell that needs to be trimmed.

CHAR(160) is a "non-breaking space"
In unicode:  U+00A0
Also may be displayed as  a acute (a')

Also known as hex 20 A0, \u00A0,  &#160


The code can be discovered with these formulas, the first for leading spaces, the second for trailing:


"Mid-string, starting at position 1, for a length of 1"

For a while, I thought this was a problem with the new version of Excel that was recently installed.

Some browsers detect this as white-space and others do not.  This may be dated information, but IE 7 and 8, and Safari 3.2 do not treat this as a white-space-character.  Source.

Vaguely related articles:
Excel - Formatting Phone Numbers
Excel - Dates showing as 1905

Excel - Parsing First and Last Names
Excel - Parsing City-State-Zips
Excel - Return First / Last Word  - SuperTrim

Monday, December 11, 2017

Disposable Email Accounts

Disposable Email Accounts - Recommendations

Quit giving your email to vendors that you never want to hear from again.

or and setup an account

You have a regular email, which is used for private and personal business, and if you are smart, you also have a junk email -- one that you give away to vendors and other parties -- this address you consider as less-important.

But I have found my junk email account is still important enough to monitor and I tire of all the spam that arrives there.  I wished there was a way to have a disposable email account, one that I might monitor for a day or two, but then could completely ignore.  This article discusses ways to do this.

What can you do when a site requires an email address,
 and they send a confirmation email,
 -- but you don't want to give them your real address?

Junk Email Accounts
Consider creating a free junk email account (I use Yahoo), where you give this address to all non-personal, non-professional contacts.  I know all email arriving here is from a vendor and the email is not fully-trusted and likely not important or critical.  But as I had mentioned above, this will probably still require monitoring because of invoices, shipping details, etc..

There is a limit to how many of these accounts one is willing to create.  Building the accounts, remembering credentials, and cleaning out inboxes, all take time.  For these reasons, I no longer consider these types of accounts as disposable.

Google+Email accounts
Google's gmail supports ad-hoc email accounts.  When giving out your gmail address, append a "+" (plus) and some text, making a new, unique address.  For example:

The email will arrive at your normal inbox (jsmith), as if it were sent to your real account.

This is not a disposable account, nor is the account secretive or anonymous.  The vendor can continue to send emails to the +address and you cannot block or disband the address.  The only benefit of this address is you could tell if "some-name" sold your email to another. Vendors know if there is a + in the address, they can strip the appendage and get the real destination. 

Instead, consider a disposable email address. 

With a disposable address, look when needed and ignore when you don't care.  All of these systems delete emails after an hour or two, so no cleanup is required.  The vendor can still communicate with you, but you get to chose when you want to see the email. 

* Now, with this said, many sites hate the idea of a disposable email address.  They want and need a valid, legitimate contact to communicate with their customers.  At the same time, people like me want to restrict who we give our address to -- we are constantly being abused with spam and having our address sold to third-parties.  When using disposable addresses, there is a lack of trust on both sides.

I argue that disposable accounts are no different than a junk mail account -- they are as legitimate of an address as any -- it is just that I get to chose when I want to look at them.  I still look when needed.  Otherwise, I can appreciate their ephemeral and self-cleaning nature.

A heated discussion on this can be found at this link:  see the comment section for the back-and-forth

I recommend the following disposable email services -- all are free and easy-to-use and quirky.

Each service has benefits and drawbacks.  Most are public, meaning they are visible to anyone who knows the account name.  This means there is no passwords and no security.  But, this is what makes them interesting and is part of their beauty. 

Mailinator - Recommended

No signup, setup, or registration required.
Optional signup recommended if you need to delete, save, or forward.
No advertising
!Inbox created by the sender - at the moment they send you the email.
No need to pre-setup; no benefit to pre-setup.

Can be used on-the-fly; address can be invented without using a computer or app.  Just coin the address on-the-spot.  --But don't forget what address you used or, it is lost.

Literally, at any time, any place,
make-up an email address and give it to your vendor.
This becomes the inbox.

For example:

By design, arriving email is visible to everyone ('public' emails)!  If you know the account name, you can read the emails.  Notice you do not need a password and anyone can go to that address to read the mail.  See example, below.

Recommended use:
For registering on websites for one-time or limited transactions.
For registering with businesses where you expect them to spam or sell your address.
Public email lives for apx 5 to 10 hours -- longer than most.

Register for some added features, including saving and deleting emails from any public email.
If you save an email, it saves in a private inbox, visible only to you, and is not subject to retention. 

If your vendor sends a shipping confirmation, etc., you have to monitor the inbox before it deletes.
If anyone knows what account name you used (the vendor knows!), they can open and act in the inbox.

Things like credit-card and SSN's can be exposed in emails.  Be careful. 
Mailinator does poorly with attachments.  If you expect attachments (typically .pdf), use Guerrillamail. 

To Use:
Give vendors any made-up address, tacking at the end.

(If your vendor blocks this domain, Mailinator has alternate domains, all going to Mailinator's same address.  For example,, 

These 'alternate' domains are not published.  Mailinator's author wrote a very interesting blog post about alternate domains.)

Amazingly, it does not matter if the email account has been used before.

Free addresses are public -- anyone can open the inbox by using the email-name.
Receives email only; no outbound email; no attachments.
Mail retained for a "few hours."
Don't forget the address you used or it will be lost.

Knowing your emails are public, give vendors a complicated email address, such as "" -- an address scheme that only you would know. Use this same scheme for all of your transactions.  But understand this is security by obscurity.

No Risk - Try this now:

Open browser to
At the "Go" prompt, type "Jsmith"
Read jsmith's inbox (a popular inbox

Additional test:
To prove how easy this is, from your normal email client, send an email to  Then open and go to that address.

I recommend clicking the "Signup" link and registering (where you only need to give a real email address and a password).  With a sign-up, you can save or forward emails in a dedicated inbox and they are not deleted (exact retention is unclear -- but it lasts more than a few hours).

To their credit, mailinator uses 2-factor authentication to register the account (good), but they use an unencrypted login page (bad) -- your browser will warn you the login is not SSL-encyrpted.  This is a low-risk email account, so the fault is survivable.

Guerilla Mail

Anonymous setup required (to build the email account)
No advertising
Send or receive email
Use this service if you need attachments or need to send a semi-anonymous email.
There is a nice Android app for those times when not near a computer.

Recommended use:
For registering on various websites for one-time or limited transactions.
For registering with businesses where you expect them to spam or sell your email address.
If you never want to hear from a vendor again, ignore the email's inbox.
For sending semi-anonymous outbound email, identified only by IP address.

To Use:
Open a browser to and create the email account.

Select a domain, such as SharkLasers, or the impossible-to-spell -- all are aliases for 

Note it assigned a random, alias-name to your real account (illustrated as asdfasdf).
Click on the alias field to type a name of your choosing. 

The scrambled address is the best address to give vendors. But, you can use the alias address, which is easier for people to guess

Copy this to a clipboard.

Similar to mailinator, no password is needed.  If you know the account, you have access to the inbox. 

Inbound emails are visible for one hour, then auto-delete.  This is a problem if a shipping notice or other confirmation is sent the next day, but with most vendors, you can go to their website to see the transaction, so all is not lost.  If you happen to see the subsequent email, you can forward to your real address.  

Guerrillamail has an Android app can notify you if an email arrives (but this seems buggy; notifications do not always happen); however, it is easy to monitor from your phone.  It can store up to 10 aliases.

Outbound emails are immediately sent, and once sent, are not visible from the web-client.

Attachments, up to 150mb, are handled well.

You must setup the account before using.
Account setup is easy, but requires a PC or Android app.
The Android app is handy when you need to give out the email when not at your computer.

But, external email addresses are long and complicated; the only real way to use is to copy to clipboard.  Sadly, external email address cannot be changed to a more readable format.
Practically speaking, you need to copy-and-paste the address to use.

Similar to mailinator, you must monitor the account for inbound emails.
Mail deleted religiously after 1 hour; much shorter than mailinator.

The Guerrillamail domain is harder to spell than mailinator.  Change to one of the other default domains.  I like to use (or

No Risk - Try now:
Open the browser to
Click forget-me and type a username you will remember.
Copy to clipboard the generated address.
From your regular client, send an email.

Do not give away the account's address ( -- the email will be discarded on the webclient (but oddly, arrives on the Android client -- I think this is a bug).  Plus, you would be giving them rights to see the inbox!  Use the generated email address.

For outbound, composed email, they are semi-anonymous -- tracking only your IP address.  Since most people's IP address is transitory, this offers reasonable and superficial protection from the recipient getting your real contact information.  But remember, your ISP can divulge your account.

Outbound emails will only send to one address at-a-time; no CC, or BCC.  And there is a horribly-difficult captcha test you have to pass, proving you are not a robot.  It often takes three attempts to navigate past.

Other Services, not yet reviewed by keyliner.  (Pending)

Hide Your Email
No signup required; no setup
To build an account, make-up an address, tacking on
You can reserve an address at no cost
Requires registration and setup
This is not an on-the-fly email service
Create a new email account from provided domains
Trashmail will forward to your regular email account
Site has an address-manager to keep track of all of your made-up addresses
It will keep the email for a life-span determined by you
Has a limitation on how many "Forwards" are allowed; pay for extra capacity

Related Articles:
Better, stronger and easier passwords

Thursday, October 12, 2017

How to recognize a scam - Email will be deactivated

How to: Recognize a scam email.  "Your request for EMAIL deactivation..."

A good friend of the family hosts their own email server at their business.  They received the following email, threatening to delete their business account if they did not act.  The message: 

Our record indicates that you recently made a request to deactivate email And 
this request will be processed shortly.

If this request was made accidentally and you have no knowledge of it, 
you are advised to cancel the request now. 

However, if you do not cancel this request ... your email data 
will be lost permanently

There was panic and mayhem...

This email was a scam. But, to the uninitiated, it is scary
and your first inclination is to click the big, important
button and make the problem go away.

What to look for

Click for a larger view

  • The "From" line was empty or was not your email service provider.   In this case, the From line was blank, but be aware it could be your normal email provider (Hotmail, Outlook, Yahoo, etc.)
  • "Your request for email deletion...." was unexpected.  Any unexpected, out-of-the-blue email should be met with great skepticism.
  • Bad grammar.   I am constantly amazed at how bad the sentences are constructed and mistyped.  "you recently made a request to deactivate email And this request will be processed shortly" -- nobody would write a sentence this clunky And capitalize the word "And".
  • The email has one button - one easy, but urgent button.  You had better click it now or else bad things will happen.  This is a clue you are being scammed.
  • With a PC client, you can hover over the button and see the real link; in this case, ""  Who is this?  Certainly not your email provider. 

    We didn't click the link.  It could be an innocent advertisement, but more likely, it will ask you to confirm your email address and ask you to login.  When you do, you will probably lose control of your email account. 
  • The link can be disguised.  If you were a gmail user, the link could look something like this:


    All the stuff in front, no matter how official-looking, can be ignored.  Only the (.com) domain-part of the address is important.
  • The closing was again vague, "Email Administrator", but it could have a Google graphic, with Google's address, legitimate phone numbers, and all kinds of official stuff.

What to Do

With this email, it can be safely ignored.  Delete with no action, provided you didn't click the link.

If you clicked the link, and provided your login credentials, you are in trouble. 

a.  As soon as possible, login to your email account and change your password.

If you cannot login, contact your email administrator and try to reclaim your account.  Or with many email providers (Gmail, etc.), try the "Forgot password" or "my account has been hacked" links. See the end of this article for more help.

However, many thieves will leave your original password; see below.

b.  Check the email's forwarding rules to make sure your emails are not being forwarded to a third-party. 

Sometimes the crooks will compromise the account, leaving the password untouched -- but they use a vacation rule to forward all mail.  If you can't find this feature, look harder; it is there.

c.  Consider looking in your Outbox for unusual activity.  The better thieves will keep this clean and leave no evidence

d.  Look for Login history (for example, google, android) has this in your myprofile area.  It will show what cities were last logged-in from.  Naturally, you must be logged in to see this.  You might be lucky and they've not had time yet.

e.  Seriously, enable two-factor authentication for your email account (sometimes called 2fa, or MFA multi-factor authentication) and tie the login to your phone.

f.  If you know you were compromised, contact everyone in your address book and advise them to be suspicious of any unexpected emails sent by your account.

g.  If you have other accounts that share this same password, such as Amazon, Gmail, Twitter, etc., do these same steps to re-claim those accounts.  Do not re-use the same password on other accounts.  

See this helpful article:  Keyliner Better, Stronger Safer Passwords


Many of us now read email on a phone or tablet client.  The trouble is, you can't hover over the "link" to see where it is going.  If reading email on these smaller clients, do not click links until you can view them on a desktop or laptop.  But still, unsolicited, unexpected emails should make you think twice, if not three times.

Hosted Good

My friend hosts his own email server and it is old and out-of-date.  In other words, he is managing his own email system.  Because of this, he loses the benefit of having a global email provider's smart algorithms.  Hopefully you are not in this situation.  He now has more impetus to move his email to a hosted vendor.

When he forwarded the message to my email, I could not find it.  My ISP hid it deep within the SPAM folders.  The email was marked as "Read" so I wouldn't bother looking for it.  Not bad.

When the sane email was forwarded to Gmail, Google did this:
My office email would have replaced the "Cancel De-activation" link with the actual link.  I wish all email clients did this.  It is really handy.

All three of  my email accounts protected me in one way or another -- but diligence is still needed in case they miss the target.  My friend was lucky; the clicked-link on the phone went no-where, but I bet from a desktop client, it would have been more exciting.


Imagine if my friend had two-factor authentication on his email account.  Even if the crooks infiltrated his email account, having both his login-ID and password, they still could not login without his cell-phone.  Two-factor is not perfect, but it is better than a standard password.

I am reminded of a text message on my phone a few years ago, saying my "gmail account had been hacked.  Click this link to restore your password."   I laughed.  I was not hacked.  I didn't even bother checking my account.  I used 2-factor-authentication and they could not get past my phone.  I deleted the message and wrote an article.

He had a few moments of fear, thinking his business email account was about to be deleted, but once we saw the message, finding all of the inconsistencies and oddities, our fears were allayed.  We deleted the message and went about our day.

See these related articles:

Related articles: 
Keyliner Better, Stronger Safer Passwords
Keyliner: Using Google's Two-Factor Authentication
Keyliner:  Your Gmail account has been hacked
Keyliner:  Gmail Protection Steps

Google Account Compromised
Google has these instructions if your account were hacked and the password was changed:

Sunday, September 17, 2017

Western Digital My Cloud Review

Western Digital My Cloud - Personal Cloud Storage -Installation comments and feature reviews.   Review updated for 2017.09.  I have now had this drive in service for over two years.  Still a recommended device and the software still works the same. 

I had a problem:  Of the 6 or 7 computers at my house, my 650GB External USB drive could no longer hold all the image backups plus, moving a portable USB drive from machine to machine was a nuisance.  None of this worked well for daily backups. It was time for a Network Attached hard drive (NAS - Network Attached Storage).

Western Digital (and other vendors) now sell relatively inexpensive "Cloud Drives" - basically a drive on the wire.  The drive is visible from inside the network and from the internet -- acting like DropBox, GDrive or OneDrive -- except the drive is in your house and there are no monthly fees.

I bought a single-bay, 3TB model for $170.  Also available is a 4TB dual-bay RAID-0 (with two 4TB drives, mirrored) for $350.   

With a NAS/Cloud Drive, you get these benefits:
  • Stand-alone; no server or dedicated PC needed
  • Large capacities, relatively cheap (3TB for $170)
  • Visible to all devices in your network; disk appears as a Network Share
  • Visible to all of your Internet devices, including your phone, tablet, laptops, etc.
  • Acts like a Drop-box, Gdrive, OneDrive, but lives at your house
  • Build public and private shares; invite other people to use the device
  • Supports continuous or scheduled backups
  • Supports Streaming Music and Video folders
  • No monthly fees
And you get these drawbacks:
  • Vastly slower than an internal SATA drive
  • Much slower than a USB connection
  • Cannot connect drive directly to a PC USB Port 
  • Not well-suited for Image (ghost) backups

Hardware Setup

The hardware is easy.  Plug in a Cat-5 network cable and launch a configuration program (see software, below).  The drive will be online and ready in a few minutes. But the setup has two flaws.  First, it picks a variable DHCP address and second, the default drive-name is confusing.  Both are addressed below.

The drive does not have a power switch.  To turn off, use the WD Quick View/Dashboard software.  Always power-off gracefully using the software. 

A device as important as this, deserves to have a UPS battery backup. Mine does.

Bewildering Software

Western Digital's software, and how to install them, is bewildering. This will frustrate even knowledgeable users.  When I am installing (or re-installing), I return to this page to see what I should be doing.

There are a half-dozen different utilities, all doing different things, and Western Digital does not help in explaining why or what you should do Western Digital has been improving the experience. Start here:

1.  Install hardware, as described above.

2.  Account and Drive Setup

Open this page:

Scroll to the bottom Software Download section,
Click "WD My Cloud Setup for Windows"

3.  At "Get Started," create an online WD Cloud account (this allows you to retrieve files from your drive while remote, recommended) and locates the drive in your network.   Write-down the email and password you used for this account.

Once it finds your drive, It opens a browser window.
Note the Settings button:

4.  Rename the drive from "WD My Cloud" to something meaningful.

In "Settings," change the name from WD My Cloud" to a more meaningful name.  I chose "WolfhouseSAN".  (SAN = storage-area-network drive)

Reason: With this product, everything is called "My Cloud this and My Cloud that".  It gets confusing.  With this rename, the device appears more naturally in Windows Explorer.  Do this now, before you install the remaining software.  This is hard to change after-the-fact.

5.  Optional, but recommended:  Change the drive from a DHCP IP address to a fixed, static address.

Reason:  This way, the drive does not change addresses when the router reboots.  When picking an address, be sure to pick one that is outside of your router's normal DHCP assignment range/pool. 

You can make an educated guess on what address to use with these steps:

a.  Discover your network's IP addresses

From the Windows 10 Setup Gear (click Start, Gear-icon). 
Chose "Network & Internet". 
Click on link "View your network properties" in the center-bottom section.
Note your machine's IPv4 Address.

Yours is probably 192.168.0.xx
Note your default gateway, probably

b.  Discover your WorkGroup

Launch File Explorer.
Highlight "Computer" (My Computer)
Other-mouse-click, select "Properties"
Note your workgroup name:  Mine is called "Wolfhouse" yours might be called "Workgroup"

Close File Explorer and return to the browser "WD Settings" screen.

c.  In the WD Settings screen, click the left-nav "Network" section.

Change from "DHCP" to "Static"
You will be prompted to enter several IP addresses.
Type an IP Address similar to your workstation's IP, but change the last octet to a high number
For example:  192.168.0.xx  -- change to

This is likely outside of your DHCP range.  Keep the number below 250.  If inclined, see your router's exact DHCP range, usually set from .10 to .50 -- be outside of this area.  Caution: Do not type your workstation's .xx address here!

Set the Netmask to the same as your workstation, likely
Set the Gateway address the same as your workstation, likely
Set the DNS Server 1 address to ""  (This is Google's DNS server, as good as any)

d.  Return to the left-nav's Network section.  Type the Workgroup name, discovered from above.

6.  In the left-nav, "Notifications" section,

Click New Email and type your email address.
Change the slider-bar from "All" to a center setting, "Errors and Warnings"

7.  In left-nav, Firmware, check for firmware updates.  Download and apply patches, as needed.

Continue with other Software

Install these programs, again looking at the bottom-section of the Western Digital, Downloads

8.  Download and install "WD Quick View for Windows"

This places a handy icon in the system tray and is recommended.
Essentially this is a dashboard.

9.  Download and install "WD Smartware"

This is the backup program -- and the reason you bought the drive.  I have no clue why they would name this program "Smartware" -- this is the backup program.  I recommend and like this software.  See below for important setup instructions.

Other Western Digital downloads are of dubious use  

You might consider "WD sync for Windows," if you have multiple PC's that all need to share the same copy of files.  I have not used this program yet.

WDAccess - allows you to copy files directly to the drive.  I have not used this program yet, and have instead copied manually using File Explorer.

WDBackup - a new backup program, released since I originally bought this drive.  The WD forums are unclear about the purpose of this program and why it is different than "Smartware".  However, all indications are Smartware is still the best program to use.

Be aware with all Western Digital downloads, they are a mixture of ZIP and MSI files and figuring out how to run the installations is complex enough to keep non-technical people from succeeding.  Roughly speaking, expand the Zips, copy the contents to a folder, then run the setup.exe.  If it is an MSI, other-mouse-click the MSI and select "Install."  Really?  Come on Western Digital - you can figure this out.  It needs to be one download, with a menu, and it needs to walk people through the installation.  My mom does not know what to do with either a ZIP or an MSI.

Smartware Backup

For normal day-to-day file backups, use the "Smartware" backup utility, which is one of the downloads above.  This is a slick program but there are several decisions to make and each has limitations and risks. 

It can run two types of backups, both electable at the bottom of SmartWare's Backup tab: 

1.  Category Backup, where it looks at the entire drive for particular file extensions, or
2.  File-by-file, folder-by-folder backup (my recommendation)  
  • "Category" backup looks for certain types of data files (by category, DOC, XLS, Music, video, etc.). 

    Approximately 300 extensions are supported, with a complete list of extensions on the support site.  I do not trust  this backup because unexpected file types, such as macro files, or other unusual files, such as a database, will not be backed up. 
  • Backup of Selected Folders - Recommended but with risks.

    Mark the (data) folders to backup, and exclude those you don't (such as Temp and Cache folders).

    For example, I mark "C:\Data" and C:\Users\me\Documents

    I recommend this method, but it has one giant caution.  The biggest problem with a File Backup is you have to include and exclude folders.  When a folder is marked, all files and folders within are backed up.  On the surface this is good.  But if new folders are added below the previously-marked folder, it will *not* be backed.  (A better design would have been to select the top-most folder, then mark selected subfolders to exclude, but that is not how the software was designed.

    Because of this, periodically check which directories are included in the backup or be religious about where you save your data -- always in a data or Documents folder. 

Each of the backups have two types of schedules:

A.  "Continuous backups" (not recommended, where the file is backed up as soon as saved) or

The Continuous backup is a neat idea, but chatty.  If you save your Excel sheet multiple times during the day, it will backup multiple times.  I have the software set to keep 5 generations (5 copies or revisions of each file).  With a continuous backup, you may consume all generational backups on the same day.  The sixth-save will roll-off the oldest.  This is all handled automatically, but it is nice to have a backup from 3 days ago and the continuous backup may be harmful in this area.

B.  "Scheduled Backup" (recommended, where it is periodically backed up, on a timed schedule)

A scheduled backup waits for an hour or day, then backs up all changed files.  See below on why this is recommended

Scheduled Backup Backup Frequency:

At first I ran the scheduled backup "Once per day" at 8:00am (I was likely not using the computer at this time).  All changed files would be backed, once per day.

But usually the computer was asleep and it would not wake up to run the backup, missing the step.  When the machine woke, usually in the evening, it did not run a catch-up job, instead it waits until the next (8:00am) job!  When I realized this, I had missed 5 days of backups.
To work around this, switch to an "Hourly" backup. This way, if a schedule is missed, it will catch-up the next time the computer is in-use and you are not beating the drive with a continuous backup.  This gives better control over the generational backups and even if the file is saved multiple times in an hour, it will only occupy one generation of backups.

Click "Enable Backup" to complete the schedule. 
Click the clock icon to backup now.
You can close the window; it runs in the background.

In the [Settings] tab, click 'setup software" and confirm the number of generational backups is set to "5" (or a higher number, as desired). This keeps five copies of each file, the last-5 changes.

Scheduled data backups have been glorious.  Automatic and unattended.  Restores are simple and reliable.

As a bonus, you can reach into the backups folders from a tablet or phone and show your friends the pictures you took the day before, without having to download them to the phone -- just reach into your cloud drive and look at last-night's backup.  This is not as the software was intended, but it works well.


The backup requires a login before you can use it -- but what login to use?  Western Digital was not helpful.  The answer is the same account you use when you log into the Windows desktop.  For example, on my Windows 10 machine, I login with ""  - use this same account, spelled the same way.  Windows 7 users, who are running a local account, the username will be shorter: for example 'trywolf'.

If you don't recall the actual account, open Control Panel, Users, "Make changes to my account" (see inset). 

Click for larger view

I have had other problems where Smartware cannot find a backup drive.
See this keyliner article for details:

Image Backup

Western digital did not provide backup software for "Image Backups" (Ghost images of the entire drive).  I use a third-party program called Acronis.

Acronis saw the drive* and the backup can run over the wire.  Be sure all of your switches and routers are gigabit speeds.  Even with fast switches, an "Image" backup will take 15 to 20 hours over the wire.  Image backups are not really what this drive was intended for.  

* Using Acronis on the Western Digital Cloud drive required adjustments in the backup job.  In the backup job, use the local workstation's login credentials (e.g. the account used to login into the workstation.)  For the destination, use a UNC path to one of the Shares defined on the SAN; for example "\\wolfhouseSAN1\Bak" and within that share, create a sub-directory to hold the backup. 

Restoring an image with Acronis is problematic.  The bootable Acronis recovery disk will not be able to see the cloud drive -- even though the Acronis Windows client was able to make the original backup.  As a horrible idea, you can restore to a bare-metal replacement drive by installing Windows, then Acronis, then the restore.  Instead, what I do is copy the image (.tib files) from the Western Digitial drive, to an external non-cloud USB drive, then boot the Acronis Linux disk.  From here, run a standard restore.  Of course, if you are trying to restore just a file or a directory or two, you will not have these problems; launch the program and restore the file.

Related: When making any disk-image backup (using a third-party program, such as Acronis), be sure to follow the steps documented here:  Disk Imaging Cleanup Steps

Other Backup Concerns 

Because the drive lives in my house, it is susceptible to fires, floods and other disasters.  You will still need GDrive (OneDrive, DropBox, etc.) for important off-site data backups.
Then there is this concern:  How does one backup the backup drive?  The Smartware utility provides a "Safepoint", which can mirror the entire drive -- but then you need a second drive large enough to hold this drive.  If you can afford to, buy the dual-bay mirrored drive, which helps solve part of this problem.   

You did put this drive on a battery-backup UPS, didn't you?

As a File Share

The drive can also act as a standard network file share.  Files saved on a share are available to all of your devices, all in a central location. However, this has been vaguely disappointing.

On the home network, seeing the share, saving and retrieving files, has been noticeably slow.  The slowness is found in two areas.

If the drive is busy running a backup, it will be slow for other clients - taking 15 to 30 seconds to load even a minor document.  And, if the cloud-drive is asleep due to inactivity, it will take 40 to 50 seconds to wake and retrieve the file. 

The drive supports separate user accounts and you can build multiple shares (folders), exposing them to the Internet or keeping them private to your network.  Essentially, the drive appears as an SMB NT Server, with shares on the disk pack.  This works as expected and the details are too boring to explain here.  Share and other settings are exposed in the System Tray's Dashboard.

USB Connections

The drive has a USB 3 port and you will need a male-to-male USB 3 cable, not supplied.  To my surprise, you cannot use this port on a PC.  It turns out this USB port is only compatible with the USB 3 port on a router ( Answer 1544) and only more expensive routers have this feature.  The USB connection will gain you nothing in speed; you are still restricted by your other workstation's network connection.   

Not being able to mount the drive directly to a PC was not mentioned on the box and this means I cannot run Image backups or restored directly on the drive (This is why you cannot use Acronis to directly restore when booting from the Recovery disk).

Some may complain the drive will not run over wireless.  If it could, it would take a month to run a backup.

As a Streaming Device

The drive also supports streaming.  For instance, I copied all of my digitized music to the Public Music folder, turned on the streaming feature, and now I have access to my music, from any device, both on the internal network and from the Internet. This has been entertaining and I was completely surprised about how useful this was.  See this article for details:  Keyliner Streaming Music with a Western Digital Drive.  Since then, I have discovered the joys of Pandora.


The drive is working wonderfully as a backup drive, especially when using the Smartware utility.  Image backups are too leisurely to be useful and with these, use a directly-connected USB drive. 

Using the drive as a standard file share has been disappointing because of speed issues. Sometimes the speed is acceptable, other times not, depending on when the drive is asleep. 

Western Digital needs to simplify the software installation and simplify the decisions that need to be made on how the drive is installed. It is confusing to have a setup program that does not include all of the needed options, and other naming problems, mentioned above.

The Support Download pages had the barest of descriptions -- descriptions such as, "This download contains the latest version of the WD Quick View for Windows," are not helpful.  Tiny description, such as "This is a utility that will discover WD network attached storage drives on the network and provide drive status information." -- Is this important?  -- Should I install it?  My recommendations in the chart above will help you get started. 

With the complaints aside, this drive accomplished my goals in a way that is hard to do with other methods.  I recommend it. 

Additional Costs

When considering your backup solutions, there are other costs, above and beyond the price of the drive.  Ideally, you would do all of these suggestions, at great expense:
  • Upgrade all routers to gigabit speeds. 
  • Buy a second Cloud drive to backup the first (or buy the dual-bay drive).  You have to worry about drive failures.
  • Pay for the professional version of Smartware and then subscribe to DropBox, Onedrive, etc. so you can have more than 2G of free space.  Use this for offsite backups of your most important data.  The Professional Version of Smartware backup makes this easier to manage (although I have not tried this myself).  You need to be able to schedule multiple, different types of backups.
  • Use a third-party product (Acronis) for Image backups.  Buy an external USB drive to hold them.
  • Put this drive on a UPS battery power -- after all, this is a spinning hard disk and it will not like power failures.  The router should be on UPS too.  As you can see, this can get complicated.

Related articles:
Disk Imaging Cleanup Steps
Keyliner Streaming Music with a Western Digital Drive
Smartware Drive not found