Saturday, December 16, 2017

Stop Tracking Cookies using a whack-a-mole

Block advertising cookies, and email tracking 1-pixel graphics using this technique.  This is an admittedly a whack-a-mole solution, but it works for all software installed on your PC.


While surfing, websites drop tracking cookies (tracking files) on your computer and these can track where you have been and what advertisements you should receive.  These can also be used to raise prices on car rentals, hotels and air fares.


Not all cookies are bad.  Some keep you logged-in as you move from, say, one Google product to another (Gmail, Youtube, etc.).  And others, such as your bank, use them to help control the current banking session.  But a majority benefit only advertisers -- and not you.

This article discusses how you can control and tame them.

These instructions are for Windows 10 but will work with all versions of Windows.

A lot of the sites I visit now feature this graphic -- and I am happy to see this:



In other words, I have successfully blocked doubleCli.net from even knowing I am browsing that page.  This is neat, but a bit geeky.

New: 2017.12 - You can also use this technique to block the most common email-tracking techniques.  I have added a list of the 30 most popular email-trackers to the Host file below.



An Interesting Test - Try this:

To give you an idea about how they are being used:  Try booking a fictitious airline flight on any site, such as Delta, or Expedia.  Note the cost.  Go to another site and search that same flight's date/time, then return to the original site and look again.  You will find the cost is $15 to $20 higher.  They are trying to scare you into the purchase.  Clear your browser's cache and cookies, and reboot your router (to get a new external IP address), and search again.  The price will have dropped back down. 


This is technical article, and if you follow all the steps, it is a whack-a-mole problem, 
where you have to do some chasing.  But it is relatively easy to do, 
a bit fun, and geeky.  This is low-risk because everything can be un-done. 


1. Start Here - Drop Third-Party Cookies

All computer users, using any browser, should do this step, even if you do not follow the rest of this article.

Make your browser erase third-party cookies when the session ends.  This allows any site to create cookies as it-sees-fit, but then, when you are done, they are all erased.  This is recommended.

The settings are:  "Always accept third-party cookies" -- but set them to "Keep until you close".


Steps vary, depending on the browser. To avoid cluttering this article, see this keyliner article for Firefox, Chrome, IE, and Edge:

Keyliner link: Disable third-party Cookies.

Again, do these steps, even if you don't do the remaining steps in this article. 


2.  Research Ad Domains


Using your favorite browser, browse all the sites you like to visit.  For example, Yahoo.com, MSN.com, Time.com, Food.com etc..  Spend a few minutes browsing around.  Open an article here-and-there.  Just poke-around, loading-up your cookie inventory.

Using your browser's Options or Settings menu (see steps above), look at the cookies gathered.  You will find these in the browser's Options, "Privacy" area. 

For example, Firefox, select the hamburger-menu (tools, options), Privacy, "Show Cookies"

click for larger view

In the cookie list, look for cookies that might be advertisements and write them down in a notepad file.  For example, I found these obvious candidates after surfing MSN and Yahoo (see end of this article for a complete listing):

taboola.com
gravity.com
scorecardresearch.com
icanbuy.com
go.com
quantserve.com
babator.com
optimizely.com
dynamicyield.com
keywee.co              #Note the .co, not .com
ru4.com
imrworldwide.com
doubleclick.net
doubleclick.com
123banners.com
adforce.com
imgis.com
advertising.com
teknosurf.com
appnet.com
avenuea.com
bluestreak.com
burstmedia.com
burstnet.com
engage.com
extreme-dm.com
l90.com
stats.net
valueclick.com
websidestory.com
fastclick.net

Ignore those that belong to the site you are surfing, such as MSN.com or Yahoo.com; these are undoubtedly needed for the site to work properly.  Ignore those cookies on sites you like to do business with, such as Amazon, twitter, your bank, etc.  For duplicates, such as "cdn.taboola.com", and "taboola.com", combine into their domain name, "taboola.com".  The list is not order dependent.


3.  Install and Run the Acrylic DNS Service

This gets geeky, but the steps are easy.  Your Internet Service Provider provides Domain Name Services when your computer connects to the Internet.  The DNS resolves names, such as "msn.com" to its real internet ipaddress, e.g. 23.101.196.141.

This next series of steps installs a new DNS service on your computer.  This intercepts DNS requests at your machine and gives you a chance to insert your own values.  Sounds complicated, but it is not. 

As a technical aside, for those who know this trick, the Windows etc Hosts. file does not work well in this situation because etc-Hosts does not allow "wild-card" domain names.  Because of this, this article replaces the Windows DNS and etc.hosts with a new product.  There are many to choose, I am using "AcrylicDNS".  As a benefit, Acrylic points to Google's Domain Name Controllers.

A.  Locate the Acrylic Download

Google this search term, "Acrylic DNS", locating their home page.

or click this link, as of 2017.06:
http://mayakron.altervista.org/wikibase/show.php?id=AcrylicHome

(Note: This is now a SourceForge link.  When arriving at the download page, ignore the registration screen.)

-Select Download Setup for Windows
-Download and save "Acrylic.exe" to your downloads folder
-Open the folder (open containing folder)
-Launch "Acrylic.exe" and install, accepting all defaults

The install will not create a desktop icon or tile in your Start Menu -- there is no need because this is a background program.

B.  Configure your Network Adapter

Once installed, follow the steps on the Acrylic home page for configuration.  In the home page, scroll past the release notes and find the "How to install Acrylic" instructions.  They have well-documented steps for Windows 7 and Windows 10 -- click the link for your operating system.

In summary,
Open the "Network and Sharing Center" Control Panel
Click "Change Adapter Settings"
On your adapter(s) - see illustration directly below

Change IPv4's "Use the following DNS server addresses: "  to 127.0.0.1
Change IPv6's "DNS Server Address" to ::1  (colon-colon-one)

and

where "127.0.0.1" indicates your local PC (do not use your PC's local IP Address, you must use 127.0.0.1  (or ::1 for ipv6).

Do this for each active network adapter. 
Desktops typically only have one.  Laptops may have two, typically called 'Ethernet' and 'WiFi.'  Do not set this for your bluetooth adapter, if present.  If needed, see Acrylic's site for more detailed, and illustrated instructions.


C.  Run the Service

From the Windows 10 Start Menu (tile menu), type "Services.msc"

-In the Services list, Acrylic is probably the first on the list
-Click the service once to highlight
-Other-mouse-click the service name, choose "Start" (or Restart)
-Close the services window



Note: This starts the new DNS server.  There is no indication the program is starting; it runs in the background as a "service."

You are almost done.



4.  Edit the Hosts File

A.  Return to the Windows Start Menu (tiles menu). 

B.  Again, search for "Acrylic" in the search area

C.  Click  "Edit Acrylic Hosts File" 
(or alternately, from Notepad, File Open, "C:\Program Files (x86)\Acrylic DNS\AcrylicHosts.txt"  (your path may be different))


E.  In the opened Notepad document ("AcrylicHosts.txt"),

Scroll to the bottom
Paste all the domain names recorded from your research steps.
Add a "127.0.0.1"  and a carrot ">" to the front of each domain, one domain name per line.

For example:
taboola.com becomes

127.0.0.1         >taboola.com

See file illustration, below, where carrots are greater-than-symbols

where:
127.0.0.1   - redirects all traffic for this domain to your local PC, bypassing the net.  The traffic will not be able to resolve and it will simply die, with nowhere to go.  The advertising cookie or advertisement will not appear in the browser.  This was your goal!

The carrot (greater-than-symbol) >taboola.com  - acts as a wild-card, saying all addresses ending in this domain.  Acrylic supports wild-cards whereas the Windows etc.Hosts. file does not.  This is why you installed Acrylic.

Use spaces after the 127.0.0.1 to make a cosmetically pleasing look to the file.  Make them as wide as you want, but use at least 3 spaces. 

My AcrylicHost.txt file looks like this:

Click for larger view
F.  Save and close the file.

Below, is a copy-and-paste version of my blocked domains.  You are welcome to copy.  


Restart the Service

With every saved-edit in the AcrylicHost.txt file, you must manually restart the services (or reboot) for the changes to take effect. 

A.  Start, Run (or Windows-R), type "Services.msc"

-In the Services window, locate the Acrylic DNS Service.
-Highlight Acrylic
-Restart the Service, as illustrated 



Testing

In your browser's Privacy area, clear all cookies.  Re-browse MSN, etc., and then re-examine the stored cookies.  None from the hosts file will be there.  You have blocked them.  They cannot track you.

Effects

You can be aggressive with the hosts file, adding hundreds of entries.  If you block domains that drop cookies, they will quietly and unobtrusively fail and you will never even know the attempt was made. 

If you block a domain that is presenting an advertisement or banner ad, the ad will not appear on the page and instead it may display a red-X or a short text saying "server cannot be reached".  In effect, this is similar to ad-blocking.  This can make some pages look strange -- but no ads from that domain!

Be careful about blocking all domains.  You usually cannot block domains/cookies that drive the site itself (eg. MSN.com, Yahoo.com).  If you block >Facebook.com (go ahead and try this; remember to restart the service), you will not be able to open any pages on Facebook.  This is an effective way to block sites.

Changes to the host file affect all browsers simultaneously.  No additional work is required.

By default, Acrylic uses Google's DNS servers for all name resolutions, bypassing your ISP's domain services.  Google is a trustworthy source for DNS and I like the idea of this change.  By using Google for your DNS, your ISP will have a harder time slipping-in their own advertisements into your data-streams.


Un-Installing

For documentation, use these steps to undo everything and return to a standard Windows setup:

1.  Open the Network and Sharing Center control panel:

2. Select "Change Adapter Settings"
3. Select your Ethernet Adapter, Properties
4.  Select "Internet Protocol Version 4 (TCP/IPv4)
     Properties
5.  Change from "Use the following DNS Server Addresses" to
     (*) Obtain DNS Server Address Automatically
6.  Select "Internet Protocol Version 6 (TCP/IPv6)
     (*) Obtain DNS Server Address Automatically
7.  In Control Panel, Programs and Features, Un-install Acrylic DNS.
8.  Reboot



Here is my current AcrylicHosts.txt file.   Now includes email tracking pixel vendors!  When pasting, you may need to change all ampersand-GT's to >
 
I will change this often.  Last Edited 2017.12.15.

#############################################################################
#                   #
# IF YOU MAKE ANY CHANGES TO THIS FILE YOU HAVE TO RESTART THE ACRYLIC DNS #
# PROXY SERVICE IN ORDER TO SEE THEIR EFFECTS.        #
#                   #
# This is the AcrylicHosts.txt file.          #
#                   #
# It contains predefined mappings between domain names and addresses the #
# same way the native Windows HOSTS file does but with a few upgrades.  #
#                   #
# The format is: IPADDRESS DOMAINNAME1 [DOMAINNAME2] [DOMAINNAME3] ...  #
#                   #
# Where IPADDRESS is in dotted-quad notation for IPv4 or in colon-separated #
# groups for IPv6 and DOMAINNAME1, DOMAINNAME2 and DOMAINNAME3 are strings. #
#                   #
# Domain names can contain wildcard characters '*' (matches zero or more #
# characters) and '?' (matches exactly one character):      #
#                   #
# 127.0.0.1 ad.* ads.*              #
#                   #
# Domain names can be regular expressions if starting with a '/' character: #
#                   #
# 127.0.0.1 /^ads?\..*$              #
#                   #
# Note that there's no final '/' at the end of a regular expression. More #
# info about the regular expression engine and its syntax can be found at: #
#                   #
# http://www.pcre.org/              #
#                   #
# A '>' character at the beginning of a domain name is a convenient #
# shortcut for representing all domain names ending with what follows after #
# that character. For example an entry like this one:      #
#                   #
# 127.0.0.1 >google.com              #
#                   #
# Is equivalent (and internally is expanded to) an entry like this one:  #
#                   #
# 127.0.0.1 google.com *.google.com           #
#                   #
# When using wildcard characters or regular expressions you can specify #
# exceptions like these for example to filter out all ads.* like domain #
# names except for the ads.test1 and the ads.test2:       #
#                   #
# 127.0.0.1 ads.* -ads.test1 -ads.test2          #
#                   #
# For easier maintenance of HOSTS files coming from multiple sources it is #
# also possible to "include" external HOSTS files using the following #
# syntax (the line must start with a '@' character followed by a space and #
# then by a relative or an absolute file name):        #
#                   #
# @ AcrylicHostsGroup1.txt             #
# @ AcrylicHostsGroup2.txt             #
#                   #
# A line starting with the '#' character (and everything after it if it's #
# found within a line) is considered a comment and therefore ignored.  #
#                   #
# Note: If all domain names are provided in ascending order Acrylic will be #
# able to load them much faster (avoiding a costly sort at the end of the #
# load and parse process).             #
#                   #
#############################################################################
# Restart Acrylic services with any change

127.0.0.1 localhost localhost.localdomain
::1 localhost localhost.localdomain

127.0.0.1    >123banners.com
127.0.0.1    >l90.com
127.0.0.1    >adforce.com
127.0.0.1    >advertising.com
127.0.0.1    >agkn.com
127.0.0.1    >appnet.com
127.0.0.1    >avenuea.com
127.0.0.1    >babator.com
127.0.0.1    >bananatag.com   #email tracking
127.0.0.1    >bluekai.com
127.0.0.1    >bluestreak.com
127.0.0.1    >burstmedia.com
127.0.0.1    >burstnet.com
127.0.0.1    >cirrusinsight.com  #email tracking
127.0.0.1    >clearslide.com    #email tracking
127.0.0.1    >clipix.com
127.0.0.1    >contactmonkey.com  #email tracking
127.0.0.1    >demdex.net
127.0.0.1    >deskun.com      #email tracking
127.0.0.1    >didtheyreadit.com  #email tracking
127.0.0.1    >doubleclick.com
127.0.0.1    >doubleclick.net
127.0.0.1    >dynamicyield.com
127.0.0.1    >engage.com
127.0.0.1    >exelator.com
127.0.0.1    >extreme-dm.com
127.0.0.1    >fastclick.net
127.0.0.1    >filepicker.io
127.0.0.1    >g2crowd.com      #email tracking iko system also velocify
127.0.0.1    >getnotify.com     #email tracking
127.0.0.1    >gigya.com
127.0.0.1    >gmelius.com      #email tracking
127.0.0.1    >gobankingrates.com
127.0.0.1    >go.com
127.0.0.1    >gravity.com
127.0.0.1    >hubspot.com      #email tracking
127.0.0.1    >icanbuy.com
127.0.0.1    >imgis.com
127.0.0.1    >imrworldwide.com
127.0.0.1    >intelliverse.com    #email tracking
127.0.0.1    >keywee.co       #Note the .co, not .com
172.0.0.1    >livehive.com      #email tracking
127.0.0.1    >mail-track.com     #email tracking
127.0.0.1    >minute.ly
127.0.0.1    >newtonmail.com     #email tracking
127.0.0.1    >nr-data.net
127.0.0.1    >optimizely.com
127.0.0.1    >outbrain.com
127.0.0.1    >outreach.com      #email tracking
127.0.0.1    >pagefair.com
127.0.0.1    >pixelsite.info     #email tracking
127.0.0.1    >pubexchange.com
127.0.0.1    >quantserve.com
127.0.0.1    >remail.com       #email tracking
127.0.0.1    >remail.io       #email tracking
127.0.0.1    >rlcdn.com
127.0.0.1    >rocketbolt.com     #email tracking
127.0.0.1    >ru4.com
127.0.0.1    >salesloft.com      #email tracking
127.0.0.1    >sidekick.com      #email tracking, now hubspot
127.0.0.1    >saleshandy.com     #email tracking
127.0.0.1    >scorecardresearch.com
127.0.0.1    >stats.net
127.0.0.1    >streak.comp
127.0.0.1    >sync.optimatic.com
127.0.0.1    >taboola.com
127.0.0.1    >teknosurf.com
127.0.0.1    >tinypass.com
127.0.0.1    >toutapp.com      #email tracking
127.0.0.1    >tru.am
127.0.0.1    >valueclick.com
127.0.0.1    >velocify.com      #email tracking Velocity Pulse
127.0.0.1    >voicefive.com
127.0.0.1    >websidestory.com
127.0.0.1    >w55c.net
127.0.0.1    >yesware.com      #email tracking



# or copy details from here.   Restart Acrylic services with any change

127.0.0.1 localhost localhost.localdomain
::1 localhost localhost.localdomain

127.0.0.1       >123banners.com
127.0.0.1       >l90.com
127.0.0.1       >adforce.com
127.0.0.1       >advertising.com
127.0.0.1       >agkn.com
127.0.0.1       >appnet.com
127.0.0.1       >avenuea.com
127.0.0.1       >babator.com
127.0.0.1       >bananatag.com      #email tracking
127.0.0.1       >bluekai.com
127.0.0.1       >bluestreak.com
127.0.0.1       >burstmedia.com
127.0.0.1       >burstnet.com
127.0.0.1       >cirrusinsight.com    #email tracking
127.0.0.1       >clearslide.com       #email tracking
127.0.0.1       >clipix.com
127.0.0.1       >contactmonkey.com    #email tracking
127.0.0.1       >demdex.net
127.0.0.1       >deskun.com           #email tracking
127.0.0.1       >didtheyreadit.com    #email tracking
127.0.0.1       >doubleclick.com
127.0.0.1       >doubleclick.net
127.0.0.1       >dynamicyield.com
127.0.0.1       >engage.com
127.0.0.1       >exelator.com
127.0.0.1       >extreme-dm.com
127.0.0.1       >fastclick.net
127.0.0.1       >filepicker.io
127.0.0.1       >g2crowd.com            #email tracking iko system also velocify
127.0.0.1       >getnotify.com          #email tracking
127.0.0.1       >gigya.com
127.0.0.1       >gmelius.com            #email tracking
127.0.0.1       >gobankingrates.com
127.0.0.1       >go.com
127.0.0.1       >gravity.com
127.0.0.1       >hubspot.com            #email tracking
127.0.0.1       >icanbuy.com
127.0.0.1       >imgis.com
127.0.0.1       >imrworldwide.com
127.0.0.1       >intelliverse.com       #email tracking
127.0.0.1       >keywee.co              #Note the .co, not .com
172.0.0.1       >livehive.com           #email tracking
127.0.0.1       >mail-track.com         #email tracking
127.0.0.1       >minute.ly
127.0.0.1       >newtonmail.com         #email tracking
127.0.0.1       >nr-data.net
127.0.0.1       >optimizely.com
127.0.0.1       >outbrain.com
127.0.0.1       >outreach.com           #email tracking
127.0.0.1       >pagefair.com
127.0.0.1       >pixelsite.info         #email tracking
127.0.0.1       >pubexchange.com
127.0.0.1       >quantserve.com
127.0.0.1       >remail.com             #email tracking
127.0.0.1       >remail.io              #email tracking
127.0.0.1       >rlcdn.com
127.0.0.1       >rocketbolt.com         #email tracking
127.0.0.1       >ru4.com
127.0.0.1       >salesloft.com           #email tracking
127.0.0.1       >sidekick.com            #email tracking, now hubspot
127.0.0.1       >saleshandy.com          #email tracking
127.0.0.1       >scorecardresearch.com
127.0.0.1       >stats.net
127.0.0.1       >streak.comp
127.0.0.1       >sync.optimatic.com
127.0.0.1       >taboola.com
127.0.0.1       >teknosurf.com
127.0.0.1       >tinypass.com
127.0.0.1       >toutapp.com            #email tracking
127.0.0.1       >tru.am
127.0.0.1       >valueclick.com
127.0.0.1       >velocify.com           #email tracking Velocity Pulse
127.0.0.1       >voicefive.com
127.0.0.1       >websidestory.com
127.0.0.1       >w55c.net
127.0.0.1       >yesware.com            #email tracking






Excel - Trim formula not working - Solution

Excel - Trim formula is not working.  Leading or trailing spaces not being removed from Trim.  Other formulas are working correctly.

For example, =Trim(A1) was not working, or was not working as expected.  Leading or trailing spaces remained.

Likely Issue:
The "space" character is not a true (ascii 32) space.  It is a non-breaking-space, probably from MSWord.


Likely Solution:

=Trim(Substitute(Clean(A1),CHAR(160),""))

where:
A1 is the cell that needs to be trimmed.

CHAR(160) is a "non-breaking space"
In unicode:  U+00A0
Also may be displayed as  a acute (a')

Also known as hex 20 A0, \u00A0,  &#160


Diagnostics:

The code can be discovered with these formulas, the first for leading spaces, the second for trailing:

=CODE(MID(A1,1,1))
=CODE(RIGHT(A1,1))


"Mid-string, starting at position 1, for a length of 1"



Comments:
For a while, I thought this was a problem with the new version of Excel that was recently installed.
 

Some browsers detect this as white-space and others do not.  This may be dated information, but IE 7 and 8, and Safari 3.2 do not treat this as a white-space-character.  Source.

Vaguely related articles:
Excel - Formatting Phone Numbers
Excel - Dates showing as 1905

Excel - Parsing First and Last Names
Excel - Parsing City-State-Zips
Excel - Return First / Last Word  - SuperTrim


Monday, December 11, 2017

Disposable Email Accounts

Disposable Email Accounts - Recommendations

Quit giving your email to vendors that you never want to hear from again.

Summary:
InventedName@mailinator.com
or www.guerrillamail.com and setup an account


You have a regular email, which is used for private and personal business, and if you are smart, you also have a junk email -- one that you give away to vendors and other parties -- which you consider less-important.

But I have found my junk email account is still important enough to monitor and I tire of all the spam that arrives there.  I wished there was a way to have a disposable email account, one that I might monitor for a day or two, but could then completely ignore.  This article discusses ways to do this.

What can you do when a site requires an email address,
 and they send a confirmation email,
 -- but you don't want to give them your real address?


Junk Email Accounts
Consider creating a free junk email account (I use Yahoo), where you give this address to all non-personal, non-professional contacts.  I know all email arriving here is from a vendor and the email is not fully-trusted and likely not important or critical.  But as I had mentioned above, this will probably still require monitoring because of invoices, shipping details, etc..

There is a limit to how many of these accounts one is willing to create.  Building the accounts, remembering credentials, and cleaning out inboxes, all take time.  For these reasons, I no longer consider these types of accounts as disposable.

Google+Email accounts
Google's gmail supports ad-hoc email accounts.  When giving out your gmail address, append a "+" (plus) and some text, making a new, unique address.  For example:

jsmith+someCompany@gmail.com

The email will arrive at your normal inbox (jsmith), as if it were sent to your real account.

This is not a disposable account, nor is the account secretive or anonymous.  The vendor can continue to send emails to the +address but you cannot block or disband the address.  The only benefit of this address is you could tell if "some-company" sold your email to another. Vendors know if there is a + in the address, they can strip the appendage and get the real destination. 



Instead, consider a disposable email address. 

With a disposable address, look when needed and ignore when you don't care.  All of these systems delete emails after an hour or two, so no cleanup is required.  The vendor can still communicate with you, but you get to chose when you want to see the email. 

* Now, with this said, many site hate the idea of a disposable, one-time email address.  They want and need a valid, legitimate contact to communicate with their customers.  At the same time, people like me want to restrict who we give our address to -- we are constantly being abused with spam and having our address sold to third-parties.  When using disposable addresses, there is a lack of trust on both sides.

I argue that disposable accounts are no different than a junk mail account -- they are as legitimate of an address as any -- it is just that I get to chose when I want to look at them.  I still look when needed.   Otherwise, I can appreciate their ephemeral and self-cleaning nature.

A heated discussion on this can be found at this link:  https://gist.github.com/nocturnalgeek/1b8fa44283314544c487  see the comment section for the back-and-forth

I recommend the following disposable email services -- all are free and easy-to-use.

For on-the-fly, read-only, inbound email addresses, with no setup, use Mailinator.

Mailinator has no setup and addresses can be invented ad-hoc, any time, without a computer or app.  Compared to most free services, it has a slightly-longer retention policy, making it easier to read emails without baby-sitting the inbox. It is stink'n easy to use, but does not handle attachments.

For a slightly more sophisticated experience, where you need attachments, or need to send outbound, use Guerrillamail.  The biggest drawback is the email has a really-short retention policy, which is both good and bad. To help ease this pain, it has an easy-to-use Android app. 


Each service has benefits and drawbacks.  Most are public, meaning they are visible to anyone who knows the account name.  This means there is no passwords and no security.  But, this is what makes them interesting and is part of their beauty. 



Mailinator - Recommended

www.mailinator.com

No signup, setup, or registration required.
Optional signup recommended if you need to delete, save, or forward.
Free
No advertising
Read-only
!Inbox created by the sender - at the moment they send you the email.
No need to pre-setup; no benefit to pre-setup.

Can be used on-the-fly; address can be invented without using a computer or app.  Just coin the address on-the-spot.  --But don't forget what address you used or, it is lost.


Literally, at any time, any place,
make-up an email address and give it to your vendor.
This becomes the inbox.

For example:  JSmith-123Street@mailinator.com


By design, arriving email is visible to everyone ('public' emails)!  If you know the account name, you can read the emails.  Notice you do not need a password and anyone can go to that address to read the mail.  See example, below.

Recommended use:
For registering on websites for one-time or limited transactions.
For registering with businesses where you expect them to spam or sell your address.
Public email lives for apx 5 to 10 hours -- longer than most.

Register for some added features, including saving and deleting emails from any public email.
If you save an email, it saves in a private inbox, visible only to you, and is not subject to retention. 


Drawbacks:
If your vendor sends a shipping confirmation, etc., you have to monitor the inbox before it deletes.
If anyone knows what account name you used (the vendor knows!), they can open and act in the inbox.

Things like credit-card and SSN's can be exposed in emails.  Be careful. 
Mailinator does poorly with attachments.  If you expect attachments (typically .pdf), use Guerrillamail. 

To Use:
Give vendors any made-up address, tacking @mailinator.com at the end.

(If they block this domain, there are alternate domains, that all go to the same place.  For example, @suremail.info, zippymail.info, and others, searchable on the net.  These 'alternate' domains are not published.  Mailinator's author wrote a very interesting blog post about alternate domains.)

Amazingly, it does not matter if the email account has been used before.

Free addresses are public -- anyone can open the inbox by using the email-name.
Receives email only; no outbound email; no attachments.
Mail retained for a "few hours."
Don't forget the address you used or it will be lost.

Knowing your emails are public, give vendors a complicated email address, such as "jsmith-somecompany-2018@mailinator.com" -- an address scheme that only you would know. Use this same scheme for all of your transactions.  But understand this is security by obscurity.

No Risk - Try this now:
Try the site now to get a feel for the product:
Open browser to www.mailinator.com
At the "Go" prompt, type "Jsmith"
Read jsmith's inbox (a popular inbox

Additional test:
To prove how easy this is, from your normal email client, send an email to jsmith-somecompany-2018@mailinator.com.  Then open www.mailinator.com and go to that address.

If you use this service, I recommend clicking the "Signup" link and registering (where you only need to give a real email address and a password).

With a sign-up, you can save emails in a dedicated inbox and they are not deleted (exact retention is unclear -- but it lasts more than a few hours).

To their credit, mailinator uses 2-factor authentication to register the account (good), but they use an unencrypted login page (bad) -- your browser will warn you the login is not SSL-encyrpted.  This is a low-risk email account, so the fault is survivable.





Guerilla Mail
www.guerrillamail.com

Anonymous setup required (to build the email account)
Free
No advertising
Send or receive email
Use this service if you need attachments or need to send a semi-anonymous email.
There is a nice Android app for those times when not near a computer.

Recommended use:
For registering on various websites for one-time or limited transactions.
For registering with businesses where you expect them to spam or sell your email address.
If you never want to hear from a vendor again, ignore the email's inbox.
For sending semi-anonymous outbound email, identified only by IP address.

To Use:
Open a browser to www.guerrillamail.com and user-account and select a domain.

For example, when I arrived, the domain was called "Sharklasers.com" (or chose from a dozen other domains, such as guerrillamail.com or, pokemail.net).

It will assign a random name (e.g.  abcdefg@sharklasers.com).
Click "forget me" and type a user-name you will remember (e.g. jsmith@sharklasers.com).
This is the key to the account.

Similar to mailinator, no password is needed.  If you know the account, you have access to the inbox.  (Naturally, a more complicated username other than jsmith, ought to be used.)

Directly below, note the auto-generated email address, which can be given to vendors.

For example,
aas224+2nw3h6w8hw9rg@sharklasers.com
Click "copy to clipboard".  This address is not adjustable.
Up to 10 addresses can be tied to your account and the addresses do not expire.

Inbound emails are visible for one hour, then auto-delete.  This is a problem if a shipping notice or other confirmation is sent the next day, but with most vendors, you can go to their website to see the transaction, so all is not lost.  If you happen to see the subsequent email, you can forward to your real address.  

The Android app can notify you if an email arrives (but this feature is buggy; notifications do not always happen); however, it is easy to monitor from your phone..

Outbound emails are immediately sent, and once sent, are not visible from the web-client.

Attachments, up to 150mb, are handled well.

Drawbacks:
You must setup the account before using.
Account setup is easy, but requires a PC or Android app.
The Android app is handy when you need to give out the email when not at your computer.

But, external email addresses are long and complicated; the only real way to use is to copy to clipboard.  Sadly, external email address cannot be changed to a more readable format.
Practically speaking, you need to copy-and-paste the address to use.

Similar to mailinator, you must monitor the account for inbound emails.
Mail deleted religiously after 1 hour; much shorter than mailinator.

The Guerrillamail domain is harder to spell than mailinator.  Change to one of the other default domains.  I like to use pokemail.net (or sharklasers.com).

No Risk - Try now:
Open the browser to www.guerrillamail.com
Click forget-me and type a username you will remember.
Copy to clipboard the generated address.
From your regular client, send an email.

Do not give away the account's address (JSmith@sharklasers.com) -- the email will be discarded on the webclient (but oddly, arrives on the Android client -- I think this is a bug).  Plus, you would be giving them rights to see the inbox!  Use the generated email address.

For outbound, composed email, they are semi-anonymous -- tracking only your IP address.  Since most people's IP address is transitory, this offers reasonable and superficial protection from the recipient getting your real contact information.  But remember, your ISP can divulge your account.

Outbound emails will only send to one address at-a-time; no CC, or BCC.  And there is a horribly-difficult captcha test you have to pass, proving you are not a robot.  It often takes three attempts to navigate past.


Other Services, not yet reviewed by keyliner.  (Pending)

Hide Your Email
Hide-your-email.com
pidmail.com
No signup required; no setup
To build an account, make-up an address, tacking on @pidmail.com
You can reserve an address at no cost

TrashMail.com
Requires registration and setup
This is not an on-the-fly email service
Create a new email account from provided domains
Trashmail will forward to your regular email account
Site has an address-manager to keep track of all of your made-up addresses
It will keep the email for a life-span determined by you
Has a limitation on how many "Forwards" are allowed; pay for extra capacity

Related Articles:
Better, stronger and easier passwords

Thursday, October 12, 2017

How to recognize a scam - Email will be deactivated

How to: Recognize a scam email.  "Your request for EMAIL deactivation..."

A good friend of the family hosts their own email server at their business.  They received the following email, threatening to delete their business account if they did not act.  The message: 

Our record indicates that you recently made a request to deactivate email And 
this request will be processed shortly.

If this request was made accidentally and you have no knowledge of it, 
you are advised to cancel the request now. 

However, if you do not cancel this request ... your email data 
will be lost permanently

There was panic and mayhem...


This email was a scam. But, to the uninitiated, it is scary
and your first inclination is to click the big, important
button and make the problem go away.


What to look for

Click for a larger view

  • The "From" line was empty or was not your email service provider.   In this case, the From line was blank, but be aware it could be your normal email provider (Hotmail, Outlook, Yahoo, etc.)
     
  • "Your request for email deletion...." was unexpected.  Any unexpected, out-of-the-blue email should be met with great skepticism.
     
  • Bad grammar.   I am constantly amazed at how bad the sentences are constructed and mistyped.  "you recently made a request to deactivate email And this request will be processed shortly" -- nobody would write a sentence this clunky And capitalize the word "And".
     
  • The email has one button - one easy, but urgent button.  You had better click it now or else bad things will happen.  This is a clue you are being scammed.
     
  • With a PC client, you can hover over the button and see the real link; in this case, "http://athleticclothing.com/wp-admin/user-confirm...."  Who is this?  Certainly not your email provider. 

    We didn't click the link.  It could be an innocent advertisement, but more likely, it will ask you to confirm your email address and ask you to login.  When you do, you will probably lose control of your email account. 
     
  • The link can be disguised.  If you were a gmail user, the link could look something like this:

    http://google.Email.Account.Services/gmail/athleticclothing.com/admin/user-confirm...."
     

    All the stuff in front, no matter how official-looking, can be ignored.  Only the (.com) domain-part of the address is important.
     
  • The closing was again vague, "Email Administrator", but it could have a Google graphic, with Google's address, legitimate phone numbers, and all kinds of official stuff.



What to Do

With this email, it can be safely ignored.  Delete with no action, provided you didn't click the link.

If you clicked the link, and provided your login credentials, you are in trouble. 

a.  As soon as possible, login to your email account and change your password.


If you cannot login, contact your email administrator and try to reclaim your account.  Or with many email providers (Gmail, etc.), try the "Forgot password" or "my account has been hacked" links. See the end of this article for more help.

However, many thieves will leave your original password; see below.

b.  Check the email's forwarding rules to make sure your emails are not being forwarded to a third-party. 

Sometimes the crooks will compromise the account, leaving the password untouched -- but they use a vacation rule to forward all mail.  If you can't find this feature, look harder; it is there.

c.  Consider looking in your Outbox for unusual activity.  The better thieves will keep this clean and leave no evidence

d.  Look for Login history (for example, google, android) has this in your myprofile area.  It will show what cities were last logged-in from.  Naturally, you must be logged in to see this.  You might be lucky and they've not had time yet.

e.  Seriously, enable two-factor authentication for your email account (sometimes called 2fa, or MFA multi-factor authentication) and tie the login to your phone.

f.  If you know you were compromised, contact everyone in your address book and advise them to be suspicious of any unexpected emails sent by your account.

g.  If you have other accounts that share this same password, such as Amazon, Gmail, Twitter, etc., do these same steps to re-claim those accounts.  Do not re-use the same password on other accounts.  

See this helpful article:  Keyliner Better, Stronger Safer Passwords


Trouble

Many of us now read email on a phone or tablet client.  The trouble is, you can't hover over the "link" to see where it is going.  If reading email on these smaller clients, do not click links until you can view them on a desktop or laptop.  But still, unsolicited, unexpected emails should make you think twice, if not three times.


Hosted Good

My friend hosts his own email server and it is old and out-of-date.  In other words, he is managing his own email system.  Because of this, he loses the benefit of having a global email provider's smart algorithms.  Hopefully you are not in this situation.  He now has more impetus to move his email to a hosted vendor.

When he forwarded the message to my email, I could not find it.  My ISP hid it deep within the SPAM folders.  The email was marked as "Read" so I wouldn't bother looking for it.  Not bad.

When the sane email was forwarded to Gmail, Google did this:
My office email would have replaced the "Cancel De-activation" link with the actual link.  I wish all email clients did this.  It is really handy.

All three of  my email accounts protected me in one way or another -- but diligence is still needed in case they miss the target.  My friend was lucky; the clicked-link on the phone went no-where, but I bet from a desktop client, it would have been more exciting.


2-Factor

Imagine if my friend had two-factor authentication on his email account.  Even if the crooks infiltrated his email account, having both his login-ID and password, they still could not login without his cell-phone.  Two-factor is not perfect, but it is better than a standard password.

I am reminded of a text message on my phone a few years ago, saying my "gmail account had been hacked.  Click this link to restore your password."   I laughed.  I was not hacked.  I didn't even bother checking my account.  I used 2-factor-authentication and they could not get past my phone.  I deleted the message and wrote an article.


Closing
He had a few moments of fear, thinking his business email account was about to be deleted, but once we saw the message, finding all of the inconsistencies and oddities, our fears were allayed.  We deleted the message and went about our day.


See these related articles:

Related articles: 
Keyliner Better, Stronger Safer Passwords
Keyliner: Using Google's Two-Factor Authentication
Keyliner:  Your Gmail account has been hacked
Keyliner:  Gmail Protection Steps

Google Account Compromised
Google has these instructions if your account were hacked and the password was changed:
https://support.google.com/mail/answer/50270?hl=enhttps://support.google.com/mail/answer/50270?hl=en


Sunday, September 17, 2017

Western Digital My Cloud Review

Western Digital My Cloud - Personal Cloud Storage -Installation comments and feature reviews.   Review updated for 2017.09.  I have now had this drive in service for over two years.  Still a recommended device and the software still works the same. 



I had a problem:  Of the 6 or 7 computers at my house, my 650GB External USB drive could no longer hold all the image backups plus, moving a portable USB drive from machine to machine was a nuisance.  None of this worked well for daily backups. It was time for a Network Attached hard drive (NAS - Network Attached Storage).


Western Digital (and other vendors) now sell relatively inexpensive "Cloud Drives" - basically a drive on the wire.  The drive is visible from inside the network and from the internet -- acting like DropBox, GDrive or OneDrive -- except the drive is in your house and there are no monthly fees.

I bought a single-bay, 3TB model for $170.  Also available is a 4TB dual-bay RAID-0 (with two 4TB drives, mirrored) for $350.   

With a NAS/Cloud Drive, you get these benefits:
  • Stand-alone; no server or dedicated PC needed
  • Large capacities, relatively cheap (3TB for $170)
  • Visible to all devices in your network; disk appears as a Network Share
     
  • Visible to all of your Internet devices, including your phone, tablet, laptops, etc.
  • Acts like a Drop-box, Gdrive, OneDrive, but lives at your house
  • Build public and private shares; invite other people to use the device
     
  • Supports continuous or scheduled backups
  • Supports Streaming Music and Video folders
  • No monthly fees
And you get these drawbacks:
  • Vastly slower than an internal SATA drive
  • Much slower than a USB connection
  • Cannot connect drive directly to a PC USB Port 
  • Not well-suited for Image (ghost) backups


Hardware Setup

The hardware is easy.  Plug in a Cat-5 network cable and launch a configuration program (see software, below).  The drive will be online and ready in a few minutes. But the setup has two flaws.  First, it picks a variable DHCP address and second, the default drive-name is confusing.  Both are addressed below.

The drive does not have a power switch.  To turn off, use the WD Quick View/Dashboard software.  Always power-off gracefully using the software. 

A device as important as this, deserves to have a UPS battery backup. Mine does.




Bewildering Software

Western Digital's software, and how to install them, is bewildering. This will frustrate even knowledgeable users.  When I am installing (or re-installing), I return to this page to see what I should be doing.

There are a half-dozen different utilities, all doing different things, and Western Digital does not help in explaining why or what you should do Western Digital has been improving the experience. Start here:


1.  Install hardware, as described above.

2.  Account and Drive Setup

Open this page:
https://support.wdc.com/product.aspx?ID=904&lang=en

Scroll to the bottom Software Download section,
Click "WD My Cloud Setup for Windows"


3.  At "Get Started," create an online WD Cloud account (this allows you to retrieve files from your drive while remote, recommended) and locates the drive in your network.   Write-down the email and password you used for this account.

Once it finds your drive, It opens a browser window.
Note the Settings button:


4.  Rename the drive from "WD My Cloud" to something meaningful.

In "Settings," change the name from WD My Cloud" to a more meaningful name.  I chose "WolfhouseSAN".  (SAN = storage-area-network drive)

Reason: With this product, everything is called "My Cloud this and My Cloud that".  It gets confusing.  With this rename, the device appears more naturally in Windows Explorer.  Do this now, before you install the remaining software.  This is hard to change after-the-fact.



5.  Optional, but recommended:  Change the drive from a DHCP IP address to a fixed, static address.

Reason:  This way, the drive does not change addresses when the router reboots.  When picking an address, be sure to pick one that is outside of your router's normal DHCP assignment range/pool. 

You can make an educated guess on what address to use with these steps:


a.  Discover your network's IP addresses

From the Windows 10 Setup Gear (click Start, Gear-icon). 
Chose "Network & Internet". 
Click on link "View your network properties" in the center-bottom section.
Note your machine's IPv4 Address.

Yours is probably 192.168.0.xx
Note your default gateway, probably  192.168.0.1

b.  Discover your WorkGroup

Launch File Explorer.
Highlight "Computer" (My Computer)
Other-mouse-click, select "Properties"
Note your workgroup name:  Mine is called "Wolfhouse" yours might be called "Workgroup"

Close File Explorer and return to the browser "WD Settings" screen.



c.  In the WD Settings screen, click the left-nav "Network" section.

Change from "DHCP" to "Static"
You will be prompted to enter several IP addresses.
Type an IP Address similar to your workstation's IP, but change the last octet to a high number
For example:  192.168.0.xx  -- change to 192.168.0.240

This is likely outside of your DHCP range.  Keep the number below 250.  If inclined, see your router's exact DHCP range, usually set from .10 to .50 -- be outside of this area.  Caution: Do not type your workstation's .xx address here!


Set the Netmask to the same as your workstation, likely 255.255.255.0
Set the Gateway address the same as your workstation, likely 192.168.0.1
Set the DNS Server 1 address to "8.8.8.8"  (This is Google's DNS server, as good as any)

d.  Return to the left-nav's Network section.  Type the Workgroup name, discovered from above.


6.  In the left-nav, "Notifications" section,

Click New Email and type your email address.
Change the slider-bar from "All" to a center setting, "Errors and Warnings"

7.  In left-nav, Firmware, check for firmware updates.  Download and apply patches, as needed.


Continue with other Software

Install these programs, again looking at the bottom-section of the Western Digital, Downloads

8.  Download and install "WD Quick View for Windows"

This places a handy icon in the system tray and is recommended.
Essentially this is a dashboard.


9.  Download and install "WD Smartware"

This is the backup program -- and the reason you bought the drive.  I have no clue why they would name this program "Smartware" -- this is the backup program.  I recommend and like this software.  See below for important setup instructions.


Other Western Digital downloads are of dubious use  

You might consider "WD sync for Windows," if you have multiple PC's that all need to share the same copy of files.  I have not used this program yet.

WDAccess - allows you to copy files directly to the drive.  I have not used this program yet, and have instead copied manually using File Explorer.

WDBackup - a new backup program, released since I originally bought this drive.  The WD forums are unclear about the purpose of this program and why it is different than "Smartware".  However, all indications are Smartware is still the best program to use.

Be aware with all Western Digital downloads, they are a mixture of ZIP and MSI files and figuring out how to run the installations is complex enough to keep non-technical people from succeeding.  Roughly speaking, expand the Zips, copy the contents to a folder, then run the setup.exe.  If it is an MSI, other-mouse-click the MSI and select "Install."  Really?  Come on Western Digital - you can figure this out.  It needs to be one download, with a menu, and it needs to walk people through the installation.  My mom does not know what to do with either a ZIP or an MSI.





Smartware Backup

For normal day-to-day file backups, use the "Smartware" backup utility, which is one of the downloads above.  This is a slick program but there are several decisions to make and each has limitations and risks. 

It can run two types of backups, both electable at the bottom of SmartWare's Backup tab: 

1.  Category Backup, where it looks at the entire drive for particular file extensions, or
2.  File-by-file, folder-by-folder backup (my recommendation)  
  • "Category" backup looks for certain types of data files (by category, DOC, XLS, Music, video, etc.). 

    Approximately 300 extensions are supported, with a complete list of extensions on the support site.  I do not trust  this backup because unexpected file types, such as macro files, or other unusual files, such as a database, will not be backed up. 
     
  • Backup of Selected Folders - Recommended but with risks.

    Mark the (data) folders to backup, and exclude those you don't (such as Temp and Cache folders).

    For example, I mark "C:\Data" and C:\Users\me\Documents

    I recommend this method, but it has one giant caution.  The biggest problem with a File Backup is you have to include and exclude folders.  When a folder is marked, all files and folders within are backed up.  On the surface this is good.  But if new folders are added below the previously-marked folder, it will *not* be backed.  (A better design would have been to select the top-most folder, then mark selected subfolders to exclude, but that is not how the software was designed.

    Because of this, periodically check which directories are included in the backup or be religious about where you save your data -- always in a data or Documents folder. 




Each of the backups have two types of schedules:

A.  "Continuous backups" (not recommended, where the file is backed up as soon as saved) or

The Continuous backup is a neat idea, but chatty.  If you save your Excel sheet multiple times during the day, it will backup multiple times.  I have the software set to keep 5 generations (5 copies or revisions of each file).  With a continuous backup, you may consume all generational backups on the same day.  The sixth-save will roll-off the oldest.  This is all handled automatically, but it is nice to have a backup from 3 days ago and the continuous backup may be harmful in this area.

B.  "Scheduled Backup" (recommended, where it is periodically backed up, on a timed schedule)

A scheduled backup waits for an hour or day, then backs up all changed files.  See below on why this is recommended


Scheduled Backup Backup Frequency:

At first I ran the scheduled backup "Once per day" at 8:00am (I was likely not using the computer at this time).  All changed files would be backed, once per day.

But usually the computer was asleep and it would not wake up to run the backup, missing the step.  When the machine woke, usually in the evening, it did not run a catch-up job, instead it waits until the next (8:00am) job!  When I realized this, I had missed 5 days of backups.
 
To work around this, switch to an "Hourly" backup. This way, if a schedule is missed, it will catch-up the next time the computer is in-use and you are not beating the drive with a continuous backup.  This gives better control over the generational backups and even if the file is saved multiple times in an hour, it will only occupy one generation of backups.

Click "Enable Backup" to complete the schedule. 
Click the clock icon to backup now.
You can close the window; it runs in the background.

In the [Settings] tab, click 'setup software" and confirm the number of generational backups is set to "5" (or a higher number, as desired). This keeps five copies of each file, the last-5 changes.



Scheduled data backups have been glorious.  Automatic and unattended.  Restores are simple and reliable.

As a bonus, you can reach into the backups folders from a tablet or phone and show your friends the pictures you took the day before, without having to download them to the phone -- just reach into your cloud drive and look at last-night's backup.  This is not as the software was intended, but it works well.


Logins

The backup requires a login before you can use it -- but what login to use?  Western Digital was not helpful.  The answer is the same account you use when you log into the Windows desktop.  For example, on my Windows 10 machine, I login with "trywolf@somewhere.com"  - use this same account, spelled the same way.  Windows 7 users, who are running a local account, the username will be shorter: for example 'trywolf'.

If you don't recall the actual account, open Control Panel, Users, "Make changes to my account" (see inset). 

Click for larger view

I have had other problems where Smartware cannot find a backup drive.
See this keyliner article for details:

http://keyliner.blogspot.com/2017/07/wd-smartware-password-problem.html



Image Backup

Western digital did not provide backup software for "Image Backups" (Ghost images of the entire drive).  I use a third-party program called Acronis.

Acronis saw the drive* and the backup can run over the wire.  Be sure all of your switches and routers are gigabit speeds.  Even with fast switches, an "Image" backup will take 15 to 20 hours over the wire.  Image backups are not really what this drive was intended for.  

* Using Acronis on the Western Digital Cloud drive required adjustments in the backup job.  In the backup job, use the local workstation's login credentials (e.g. the account used to login into the workstation.)  For the destination, use a UNC path to one of the Shares defined on the SAN; for example "\\wolfhouseSAN1\Bak" and within that share, create a sub-directory to hold the backup. 

Restoring an image with Acronis is problematic.  The bootable Acronis recovery disk will not be able to see the cloud drive -- even though the Acronis Windows client was able to make the original backup.  As a horrible idea, you can restore to a bare-metal replacement drive by installing Windows, then Acronis, then the restore.  Instead, what I do is copy the image (.tib files) from the Western Digitial drive, to an external non-cloud USB drive, then boot the Acronis Linux disk.  From here, run a standard restore.  Of course, if you are trying to restore just a file or a directory or two, you will not have these problems; launch the program and restore the file.


Related: When making any disk-image backup (using a third-party program, such as Acronis), be sure to follow the steps documented here:  Disk Imaging Cleanup Steps


Other Backup Concerns 

Because the drive lives in my house, it is susceptible to fires, floods and other disasters.  You will still need GDrive (OneDrive, DropBox, etc.) for important off-site data backups.
 
Then there is this concern:  How does one backup the backup drive?  The Smartware utility provides a "Safepoint", which can mirror the entire drive -- but then you need a second drive large enough to hold this drive.  If you can afford to, buy the dual-bay mirrored drive, which helps solve part of this problem.   

You did put this drive on a battery-backup UPS, didn't you?


As a File Share

The drive can also act as a standard network file share.  Files saved on a share are available to all of your devices, all in a central location. However, this has been vaguely disappointing.

On the home network, seeing the share, saving and retrieving files, has been noticeably slow.  The slowness is found in two areas.

If the drive is busy running a backup, it will be slow for other clients - taking 15 to 30 seconds to load even a minor document.  And, if the cloud-drive is asleep due to inactivity, it will take 40 to 50 seconds to wake and retrieve the file. 

The drive supports separate user accounts and you can build multiple shares (folders), exposing them to the Internet or keeping them private to your network.  Essentially, the drive appears as an SMB NT Server, with shares on the disk pack.  This works as expected and the details are too boring to explain here.  Share and other settings are exposed in the System Tray's Dashboard.



USB Connections

The drive has a USB 3 port and you will need a male-to-male USB 3 cable, not supplied.  To my surprise, you cannot use this port on a PC.  It turns out this USB port is only compatible with the USB 3 port on a router (WDC.com Answer 1544) and only more expensive routers have this feature.  The USB connection will gain you nothing in speed; you are still restricted by your other workstation's network connection.   

Not being able to mount the drive directly to a PC was not mentioned on the box and this means I cannot run Image backups or restored directly on the drive (This is why you cannot use Acronis to directly restore when booting from the Recovery disk).

Some may complain the drive will not run over wireless.  If it could, it would take a month to run a backup.


As a Streaming Device

The drive also supports streaming.  For instance, I copied all of my digitized music to the Public Music folder, turned on the streaming feature, and now I have access to my music, from any device, both on the internal network and from the Internet. This has been entertaining and I was completely surprised about how useful this was.  See this article for details:  Keyliner Streaming Music with a Western Digital Drive.  Since then, I have discovered the joys of Pandora.


Conclusions

The drive is working wonderfully as a backup drive, especially when using the Smartware utility.  Image backups are too leisurely to be useful and with these, use a directly-connected USB drive. 

Using the drive as a standard file share has been disappointing because of speed issues. Sometimes the speed is acceptable, other times not, depending on when the drive is asleep. 

Western Digital needs to simplify the software installation and simplify the decisions that need to be made on how the drive is installed. It is confusing to have a setup program that does not include all of the needed options, and other naming problems, mentioned above.

The Support Download pages had the barest of descriptions -- descriptions such as, "This download contains the latest version of the WD Quick View for Windows," are not helpful.  Tiny description, such as "This is a utility that will discover WD network attached storage drives on the network and provide drive status information." -- Is this important?  -- Should I install it?  My recommendations in the chart above will help you get started. 

With the complaints aside, this drive accomplished my goals in a way that is hard to do with other methods.  I recommend it. 


Additional Costs

When considering your backup solutions, there are other costs, above and beyond the price of the drive.  Ideally, you would do all of these suggestions, at great expense:
  • Upgrade all routers to gigabit speeds. 
     
  • Buy a second Cloud drive to backup the first (or buy the dual-bay drive).  You have to worry about drive failures.
     
  • Pay for the professional version of Smartware and then subscribe to DropBox, Onedrive, etc. so you can have more than 2G of free space.  Use this for offsite backups of your most important data.  The Professional Version of Smartware backup makes this easier to manage (although I have not tried this myself).  You need to be able to schedule multiple, different types of backups.
     
  • Use a third-party product (Acronis) for Image backups.  Buy an external USB drive to hold them.
     
  • Put this drive on a UPS battery power -- after all, this is a spinning hard disk and it will not like power failures.  The router should be on UPS too.  As you can see, this can get complicated.


Related articles:
Disk Imaging Cleanup Steps
Keyliner Streaming Music with a Western Digital Drive
Smartware Drive not found


Saturday, September 2, 2017

ZYXEL C1100Z DSL Modem Setup

How To:  Manually setup a Zyxel C1100Z DSL vDSL Modem

Setting up a DSL modem/router is easy.  You can follow the vendor's installation steps, which sometimes require installing software or connecting to a setup-website or you can follow the steps in this article.

These steps are more complete than the vendor's and will take about 20 minutes to complete.  Almost all DSL routers and cable routers follow similar procedures.  Use these instructions for new or re-configured devices.


Note: The instructions in this article should be used when the DSL router has multiple workstation ports (1-4). If your DSL modem has only 1 (yellow) port, see the EA2700 article, below.

Related article:
Keyliner: Linksys EA2700 Wireless Router - First Time Setup


Overview:
Your setup may not have optional devices.  However, I recommend using a separate wireless router because it has more capabilities and speeds than the wireless built into the DSL:

click for larger view


Basic Setup

1.  Wire the network in this fashion:

Click for larger image
a.  Plug the green RJ11 phone cable into the phone-wall jack. 

Plug the other end of the green RJ11 phone cable into the new DSL modem's "green" port.
Do not use a DSL line filter or DSL line dongle on the green line.

b.  Plug a (yellow) RJ45 network cable into any one of the four yellow ports, and plug the other end into your desktop or laptop's wired network jack.  This is a temporary connection for the setup.

If your workstation does not have a wired network jack, use the DSL modem's wireless for the setup, but this is not recommended.  It is easier to use a wired connection and the rest of the article assumes this.

c.  Connect the Router's power.

While the router is powering-on, do the following on your workstation or laptop:

-  Assuming you are using a wired connection: turn off your workstation's wireless antenna (especially if using a laptop.  Desktops may or may not use a wireless connection). 
See the system tray; click "Wi-fi" to disable. This forces the workstation to connect to the wired network.


- If you are using the DSL modem's wireless to configure the network, use the broadcast SSID and password printed on the side of the modem.

d.  Reboot your workstation to obtain a new IP address.

Note:  Your workstation will probably get an IP Address of 192.168.0.2


2.  Get the DSL Login credentials

From when the DSL line was first installed, you will need the DSL login credentials. This is the DSL circuit-login and is not the computer's login or any other login normally typed.  Usually, this is on a letter mailed to the house and is labeled PPP or PPPop login information.  If you have this, skip to step 3.
 
If you do not have the login credentials, continue

a. When rebooted, launch a browser and (at least with Century Link), the router will take you to a site, offering to login.  Using a recent phone bill, login with your ISP's account number and go through other screens to prove your identity.  Once you succeed, Century Link will display your DSL credentials.  Record the values; you will need them below.  Naturally, logins are case-sensitive.

If you still cannot find your DSL PPP login, contact your ISP.

Century Link / Qwest: 877.348.9005 or 888.777.9569
ATT 877.722.3755
Verizon 800.567.6789


Continue with the Setup

If you launched a browser (with CenturyLink), it will take you to a website, where you can follow the instructions on how to setup your modem.  Although the offered instructions are good, it does not actually do anything to your router -- the site is essentially an electronic tutorial and can be ignored in favor of these steps.

3.  Assuming you have rebooted the workstation, launch a browser and type this address:

192.168.0.1

You should be presented with this login page:



Type Administrator UserName:  "admin"
Type Administrator Password:  (see sticker/label on side of modem)

The UserID and password are case-sensitive.

If you do not get this login screen, confirm the yellow network cable is in one of the DSL Router's yellow ports - and not in the LAN/WAN port.  (Or, if you are using a wireless connection, confirm you connected to the wireless network printed on the router's label.)

Bad Password:  If you cannot login because of a bad password, the modem has a different password than sent from the factory (you would have done this previously). If the password is lost, the modem can be factory-reset by powering on the modem, using a paper-clip to press and hold the Reset button for 10 seconds.  Release the reset button, wait a minute, then try the login again.



4.  From the Zyxel main menu, select Quick Setup.


From step 2, type the DSL circuit login credentials. 
Your domain may be different than illustrated.
 
PPP Username:  *****@something.net
PPP Password

(uncheck [ ] Hide password; keeping you from having to type the password twice)

Change the "Custom Realm" pull-down menu, changing to your ISP's domain name.  For example, mine was changed to "@qwest.net"; yours may be "@CenturyLink", etc.  If your domain is not listed, leave as "Custom".

Click "Apply"


5. In "Advanced Setup", change the Administrator Password,

Recommended:  Change the administrator password to something you will remember.  The password must have upper and lower-case, a number, and a special-character -- which is odd, because the factory password is not so-restricted.

Consider this keyliner article: Password Schemes.  

Record the new password on the modem's label, and in your login documentation.  If you lose this password, you have to re-do all of these steps to recover.


6.  In the "Utilities" menu, click "Upgrade Firmware".

Follow the on-screen instructions.  You will basically download a firmware file, browse to it, and apply.  This is recommended.

As of 2017.09.01, Zyxel C1100Z's latest firmware is CZW0034.12.010.16.
If your version is older, it should be upgraded.  Return to this menu once or twice a year for upgrades.


7.  In the "Utilities" menu, set the Time-zone and Daylight Savings Time.


8.  Configure Wireless settings - even if you intend to disable this device's wireless.  This way, if you ever need to enable this part of the network, it will be pre-configured and ready to use.

In the "Wireless Setup" menu, set a new SSID broadcast name.

Change the network SSID name from "CenturyLinkxxxx" to a name of your choosing.  For example, my network is called "WolfhouseDSL".

If you have another, downstream wireless router, this name cannot be the same as the other router's SSID.  I append "DSL" here so I can tell the two apart.

Change the WPS PIN to a value you will remember.  Write this down.  This is used for automatic workstation setup, which some people like to use.

In "Wireless Security", change the Security Key/Passphrase to a string your will remember (this is the connection/passphrase for people to log into the wireless network).  Make sure this password is different than your Admin password.  Make it memorable.  For example, I use "wolfy DSL 1979".

Record this in your documentation.


9.  Decision:

If you have a second, wireless router (illustrated as 192.168.0.2), let that router handle the wireless traffic and disable the DSL modem's wireless.  I call this second router a "downstream router" and it will be faster and more capable than the wireless built into the DSL modem. This is recommended.

Because the DSL modem has 1-4 available ports, the downstream router will have special setup steps, documented in the next section. 

Caution:  If you are using Wireless to configure the DSL router, leave the wireless enabled until you are done with all configuration steps.  

If you are using a wired connection right now (to setup this network), and have a second, downstream wireless router, disable the Zyxel's Wireless now.  In the top-menu, "Wireless Setup," click "Disable"

Even if the Zyxel's Wireless is turned off, you can still connect wired desktops and laptops to the four yellow ports.


10.  Change the DHCP address range

Make this recommended change, moving the Zyxel's DHCP address pool from .2  to .10 -- giving room for other routers and hard-coded devices.

In the top-menu, Advanced Setup, choose the left-nav, "DHCP Settings"

Change the "Beginning DHCP address" from 192.168.0.2  to 192.168.0.10
Change the "Ending DHCP address" from 192.168.0.50     to 192.168.0.100

Optionally: I like to set the Lease Time to 3 days, although the 1-day default is acceptable.

"Apply" the changes.

The router is now configured and ready for use.


Secondary Wireless Router Wiring Changes


If you have a secondary wireless router (illustrated above as 192.168.0.2), do these wiring steps.  These steps will place all devices on the same subnet and the steps are a bit counter-intuitive.  Skip this entire section if you do not have a downstream router.

In summary, change the wireless router's IP address to a Static "192.168.0.2" address, then disable DHCP.  This is a one-time setup, just to get the new router on the proper network.

The steps vary by manufacturer, but in general:

a.  Unplug the wireless router from all other network wires.

b.  Plug your workstation's wired Ethernet cable into any yellow-port on the wireless router (similar to how you connected to the Zyxel DSL router).  Or use wireless to connect to this device; see the owner's manual for the default SSID broadcast name. 

c.  Reboot your workstation to get a new IP Address.

d.  With a browser, login to the wireless router's admin page, using the default router's address.  See the router's owner's manual, but usually:

192.168.1.1  or
192.168.100.1

Login with (the published default password).  For example, see this article for more detailed instructions:
Keyliner: Linksys EA2700 Wireless Router - First Time Setup

e.  In the advanced settings [Local Network], disable DHCP

This is important: Do not allow this router to give out IP addresses; this will conflict with the Zyxel -- even if you pick a different DHCP range.

f.  In Connectivity, "Internet Settings," set the router's internal IP Address to a hard-coded (Static) IP address:

Static IP:        192.168.0.2
Subnet Mask:      255.255.255.0
Default Gateway:  192.168.0.1
DNS 1:            8.8.8.8



where  "0.2" is on the same network as the DSL router (the third octet)

where .2 is below the DSL's router's starting DHCP Address Range  (which was moved to .10 - .100) in step 10, above.

where 192.168.0.1  is the same IP Address as the Zyxel DSL router

where DNS1 is "8.8.8.8".  This is Google's DNS server - as good of an address as any.  Your ISP would prefer you use their DNS server, but Google's is safer.   (Some ISP's slip-stream their own content into data-streams.)

Apply the changes.  When you do, you will temporarily loose connectivity to the router.
Continue with the next steps.

g.  Power off the downstream router.

Then, run a network cable from one of the DSL router's 1-4 ports, into the downstream router's 1-4 ports -- any port, on either side will work (illustrated above with a yellow cable).  Do not use either of the WAN/LAN ports -- you want this router to be on the same network as the main DSL router, and because of this, you cannot use the WAN/LAN ports.

h.  Move your workstation's Ethernet cable to any free-port (yellow) port, on either device.  I like to move the cable back to the DSL modem's 1-4 ports.  Again, avoid the white WAN/LAN ports.

i.  Again, reboot the workstation to get a new IP Address.  Yes, this is a drag.

j.  Once connected, open the browser and type this IP Address:  192.168.0.2 (the downstream Wireless Router's address) -- and again, login to the router's admin pages.  (Note: you can now also login to the DSL's router's admin by using the 0.1 address.)

Make these additional changes (see the Linksys article for more details):

- Set a memorable SSID -- make this different than the DSL's SSID -- example: Wolfhouse5G
- Set a Network password (for wireless access):  wolfy house 5G
- If the router has a second channel (e.g. 2.4ghz), SSID:  Wolfhouse24G
- Set a second password (for wireless access):  wolfy house 24G

If the router supports a third channel Guest network (most do):
- Set the SSID broadcast to "Wolfhouse Guest"
- Set the guest password (for wireless access): wolfy house guest

k.  Finally, change the Router's (admin) password, to a value of your choosing.  Write this down.

The wireless router's setup is complete.


Optional Switch

If you have an optional 8-port switch, illustrated above, do the following.

- Run a (yellow) network cable from any of the yellow 1-4 ports on the DSL modem to any yellow 1-8 port on the switch.  Do not use the WAN/LAN ports.  For minor performance reasons, you should not run the network cable from the downstream wireless to the switch; instead, go directly to the DSL modem's 1-4 ports.

-power-on the switch; you are done.  No software configuration required.


Analog Devices

If you have a land-line phone, the phone can be plugged into the Zyxel's phone jack and no DSL filter is required for this connection.  If you have other analog phones or analog phone devices, such as phone-based alarm systems, satellite receivers, answering machines, etc., you must use a DSL line filter on each of those jacks.  These will have to be purchased separately and can be found anywhere analog phones are sold. 


Printers, TVs

With printers and an internet-connected TV, I recommend running wired Cat-5 network cables.

If you can, run a wired connection for the printer; it is less of a hassle -- many printers (especially Brother printers) dislike it when the wireless router moves to a different channel after a power failure.  A wired connection prevents these types of problems.

Related article:  Keyliner Brother Wireless printer fails after power failure.

And, because of DHCP, printers tend to move around and get new IP addresses when they reboot.  This is a pain and it forces you to re-build printer connections at each workstation.  Regardless if wired or wireless, set the printer to a fixed or static IP address.  From the printer's main panel, set a hard-coded IP Address.  I like to use these settings:

Static IP Address:  192.168.0.200
Subnet Mask:        255.255.255.0

Default Gateway:    192.168.0.1

where 192.168.0  is the same network as the Zyxel DSL router.
where .200 is an address outside of the DSL Router's DHCP range.
where 192.168.0.1 is the Zyxel's IP Address

Similarly, I also set the TV/Roku to a fixed address:  192.168.0.210  (keeping the number below .254).  Because it is such a high-bandwidth device, the TV should be on the wired network.  I always smile at people who buy a 100mb high-speed network connection for their house and then run the TV over a 10mb wireless network.


Power

Sometimes, after a power failure, these routers loose their gourds and have to be re-configured.  Save yourself the hassle and buy a small battery-backup UPS for the network devices.  Plug the DSL modem and downstream routers and switches into the UPS.  Make this separate from the PC's UPS.

Most UPS's have two sides:  A battery-protected side and a simpler surge-protection side.  Be sure to use the battery side.

When powering on the network.  Power-on the DSL modem first.  Wait a minute, then power on the other devices.


Final Network Test

From any workstation, wired or wireless, running on the new network, open a browser and make one last connection to the new Zyxel router:

192.168.0.1

Login with your new admin credentials and confirm you can reach the configuration menus.  You should be successful. Then open a browser session to something like www.google.com.  The page should display.

If you have a downstream wireless router (illustrated above), now would be a good time to turn off the Zyxel's internal wireless.  From any workstation, return to the 192.168.0.1's configuration screens and disable.

Using any workstation, confirm you can get to the downstream wireless router's admin screen by typing this address:  192.168.0.2

If all this works, you are golden.


Record Keeping

It is embarrassing and painful to lose your router's passwords.
Write this information in a safe place because if the Internet is down, you can't exactly jump on the net to find your contact information.  Don't wait to do this because you will forget.

ISP Name: ______________________________________________

ISP Technical Support Number: _____________________________

DSL PPP Login Credentials: _________________ /  _____________

DSL/ISP Account Number: _________________________________
(Often the home phone number.  If no home phone, see bill for separate account number)

DSL Modem Model Number: _______________________________

DSL Modem IP Address:  192.168.0.1 ________________________

DSL Modem Admin Login:  admin / __________________________

DSL Wireless SSID Broadcast Name: _________________________ [  ] Disabled

DSL Wireless SSID Password: _______________________________ [  ] Disabled

Downstream Wireless Model Number: _________________________

Downstream Wireless Router IP Address:  192.168.0.2 ____________
(Optional, if you have a separate Wireless router; see below)


Downstream Wireless 5G SSID: ______________________________


5G Password: _____________________________________________

24G SSID: _______________________________________________

24G Password: ____________________________________________

Guest SSID:  ______________________________________________

Guest SSID Password: _______________________________________

Printer IP Address:  _________________________________________



Related articles:
Reset Linksys Wireless Password
Linksys EA2700 Router First Time Setup
Installing a NetGear DM111PSP ADSL Modem