Wednesday, 23 May 2018

The internet landscape is changing, and companies around the world are implementing stricter practices to protect your personal information from unauthorized disclosure and to be more transparent on what is done with your personal information and how you can control how your information is used and distributed.  We have always followed best practices in collecting and handling your personal information and will continue to make this a priority when you do business with us.

Below is a summary of our new Terms of Service and your rights in requesting, correcting, and deleting the personal information we have collected from you.

Thexyz has unilaterally chosen to adhere to the guidelines of data protection set forth by the European Union in the General Data Protection Regulation - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, we have adapted the following notice mirroring guidelines from the UK Information Commissioners Office (ICO) and other industry best practices.

The right to be informed Learn more

Our Terms of service is clearly visible on every page of our website. A user account cannot be created, and an order cannot be placed, without the checking the box to confirm to our agreement in the Terms of Service. This page also includes a link to our Privacy Policy and any other important terms and service agreements.

The right of access/right to rectification Learn more

Thexyz client portal gives you access to login and view you personal information (profile data). This same client portal also provides you with access to update your personal information including name, email address, postal address and phone number as well as any custom fields you define. Previously, under the DPA, there was a small fee for this service. This will no longer be allowed under the GDPR and DPA 2018.

The right to erasure (also known as the 'right to be forgotten') Learn more

If we receive a request for erasure, we can perform a deletion of the customer record using our new Delete Client functionality . Using this feature removes all data relating to a given member including, but not limited to, personal information in the member's profile, service and invoice history, activity log entries, support ticket and email history.

The right to data portability Learn more

Data portability means the right to receive personal data in a machine-readable format and to request for such data to be transferred directly from one controller to another. This right only applies where the processing is based on consent or for the performance of contract; and; when processing is carried out by automated means. There is no right to charge fees for this service.

New functionality added to our control panel allows you to generate a customizable export of data relating to your account. This allows you to generate an export in JSON format containing the data entity.

Wednesday, 9 May 2018

In the latest episode of 'Perry on Privacy,' Perry was asked if by using Google Analytics will an organization be GDPR compliant?

There seems to be some confusion here, as many people are under the impression that if Google is becoming GDPR compliant, then if I use Google, I must be compliant too. That is not the case. I also have some concerns about contradictions and interpretations of Google's latest statement found here.

I also recommend disabling Google Analytics and checking out Matomo, not only will this reduce GDPR compliance risk, it will speed up your website, improve rankings and increase the privacy of your website visitors.

Check out my latest Podcast: Is Google Analytics compliant with GDPR? Feel free to leave me a question. Thank you,

About the Author

I'm Perry Toone, a British Software Developer with keen expertise in spam and fraud prevention.  You'll regularly find me talking about email privacy and best practices via my podcast.
Thursday, 3 May 2018
Today is world password and a great day to introduce to a new podcast I have launched called "Perry on Privacy." I am constantly surprised at how easy it can be to hack someones password, servers, social accounts, bank etc. When I am in need of advice, insight and general direction when it comes to passwords, I turn to the world leader on passwords and developer of the Have I Been Pwned tool, "Troy Hunt."

Here is Troy's stance on Password Managers, from the post: Password managers don't have to be perfect, they just have to be better than not having one which you can read here.

Our brain is a very bad password manager. It's incapable of storing more than a couple of genuinely random strings of reasonable length (apologies if you're a savant and I've unfairly characterised you in with the rest of our weak human brains). That leads to compromises. If you're one of these people who says "I've got a formula that always gives me unique passwords that are strong", no you don't, they probably aren't and no they're not. You're making concessions on what we empirically know is best practice and you're kidding yourself into thinking you aren't. I've had this debate many times before and there's dozens of comments raging backwards and forwards about this in my post on how the only secure password is the one you can't remember.

And "compromises" is really where the discussion needs to be because what we should be talking about is how option A compares with option B. In this case, how does putting genuinely strong, unique passwords in a password manager which may have a security risk compare with putting weak passwords in your brain? You're comparing a low chance of something going wrong and resulting in an impact across the breadth of your accounts with a high chance of something going wrong and impacting a smaller number of accounts. Except that last bit probably isn't accurate because we know that the "put it in my brain and hope for the best" strategy usually results in the one weak password being reused all over the place (I've got a couple of billion records of proof on that too, by the way).

I really like the work Tavis is doing in finding these bugs because quite simply, it makes the software better. We all should want one of the smartest blokes in the industry hammering away at password managers and then operating under the banner of Google's Project Zero the disclose vulns responsibly. But it's going to make headlines too and holy cow, don't journos love a good headline! So our challenge now is we need to take that headline, filter out all the bullshit and reach some sort of educated conclusion as to how bad it is. Then we need to compare it to the other bad thing which is not using a password manager at all. So far, we're yet to see a vulnerability with a major password manager worthy of chucking the things out altogether and trusting our brains instead.

Let me give you a great example of the sorts of discussion we should be having: I've had many people share The Personal Internet Address & Password Log Book with me whilst loudly gnashing their teeth at the gall of so many passwords being stored in such a weak fashion.

But let's actually use some common sense for a bit: We all know people for whom LastPass, 1Password and all the other ones pose insurmountable usability barriers. They might be elderly or technically illiterate or just not bought in enough to the whole password manager value proposition to make it happen. They're doing the memory thing and failing badly at it, but then you give them the password book. They write down sites and passwords because hey, it's a pen and paper this is something they understand well. Then they put their unencrypted, plain text passwords in a drawer. Their "threat actors" are anyone who can access that drawer and right off the bat, that's a significantly smaller number of people than what can take a shot at logging onto online services using the usual poorly thought-out passwords people have. See how different the discussion becomes when you look at a security practice like this compared to alternatives rather than in isolation?

The UK gov's National Cyber Security Centre put out a piece on password managers earlier this year. They rhetorically ask the question "should I use a password manager?" and reach a very simple conclusion:
Yes. Password managers are a good thing.

And then, as if it was written just to illustrate the point of this blog post, one bright spark chimes in with a comment and suggests that password managers are a bad idea because "there is no such thing as 100% security". Of course there isn't! But there doesn't have to be to justify using a password manager, it just has to be better than not using one.

Password managers are a good thing. Even when issues like the LastPass one above are found, they're still far superior to our frail human brains when it comes to your overall security posture. Until such time as that changes and either they're worse due to a flaw that actually causes some serious damage or we create something better again, this is where the game is at. Less sensationalism, more pragmatism.

This post was written by Troy Hunt. You can find his website here or follow Troy on Twitter @troyhunt

Subscribe by email

Enter your email address:

Subscribe to more feeds

Trending Posts

Blog Archive


News (65) Web Hosting (48) security (25) Email (19) webmail (19) Advertising (15) Thexyz Cloud (14) Tutorials (13) Video (4) resellers (2)