First, experts warned internet users to change all of their passwords in the wake of the devastating Heartbleed bug.
Then they didn't.
So who do you believe?
Finally, some consistent advice has started to emerge following the discovery of the flaw in OpenSSL, the tech which runs much of the encrypted web. The Heartbleed bug was discovered on Monday by a team of security experts, including one from Google, having gone undetected for more than two years.
The bug bypasses the encryption that normally protects data as it is sent between computers and servers, leaving personal and sensitive data vulnerable. It is commonly recognised as the closed padlock that appears in the corner of the web browser to show your connection is secure.
There is also now evidence that hackers were probing sites for the bug before it was publicly announced - indicating hackers may have had a headstart in gathering sensitive data. Up to 500,000 servers could be affected - and all need to be manually patched to fix the bug.
Experts are starting to agree that the best way to deal with the issue is to change the passwords for affected websites only, and only once they've fixed the bug.
Here are some of the key highlights:
- AOL Email: not affected
- Yahoo Mail: affected, fixed, change your password
- Facebook: unclear if affected, but you should change your password
- Instagram: affected, change your password
- Linked In: Not affected
- Tumblr: affected, change your password
- Twitter: not affected, but patch applied
- Apple: not affected
- Amazon: not affected
- Google: affected, fixed, probably change your password
- Microsoft: not affected
The Japanese government counter-terrorism practice of fingerprinting foreigners who enter the country may have inspired Doctor Tsutomu Matsumoto to invent "fingerprinting gels", a way of faking fingerprints for scanners. Learn how to make your own here.
Worried someone around you is secretly recording everything you do? No fear! There's a relatively low-tech way to defeat such snoops, via white-noise-producing audio jammers. These tiny devices use good ol' white noise to blur the sound picked up by hidden microphones and other surreptitious recording devices.
MIT's Technology Review calls it the newest, hottest Thanksgiving accessory -- but you can use phone-size "Faraday cages" like this (sold by uncommongoods) to block your cellphone's call signal, WiFi and GPS. Handy now that federal courts are ruling that cops can track suspects via cellphone sans warrant, and Apple can remotely disable your phone camera with a click. As security researcher Jacob Appelbaum said in an interview with N+1 back in April, "Cell phones are tracking devices that make phone calls." So shouldn't you be prepared for when you don't want to be tracked?
Hidden cameras got you down? Blind them all with a simple baseball cap lined with infrared LEDs. Amie, a hacker on WonderHowTo, shows the world how to make one, while this German art exhibition lays out how these ingenious devices work.
These receivers reveal the telltale electronic crackle of hidden mics and cameras. Strangely enough, they were around long before "surveillance culture" became a common phrase. Today they're sold in all sorts of shops for surveillance paranoids.
Sometimes hiding your face isn't enough; sometimes you don't want to be seen at all. For those days, there's camera maps. The NYC Surveillance Camera Project is currently working to document the location of and working status of every security camera in New York City. This project has been replicated by others in Boston, Chicago and Bloomington, Indiana. Notbored.org has even published a guide to making your own surveillance camera maps (here).
Credit to artist Adam Harvey for this one. Inspired by the "dazzle camouflage" used on submarines and warships during World War I, he designed a series of face paint principles meant to fool the facial recognition schemas of security cameras. Check out The Perilous Glamour of Life Under Surveillance for some tips on designing your own camera-fooling face paint.
Walmart may be the premier symbol of corporate America, but its disposable cellphone selection can help you start a thoroughly maverick lifestyle. $10 TracFones work on most major networks, including AT&T, T-Mobile, Sprint and Verizon, and come with minutes prepaid so you can dispose of the devices when you're done.
Radio-Frequency Identification (RFID) chips are now regularly implanted in passports, ID cards, credit cards and travel papers. These tiny chips make machine-reading your documents easier -- but could also let anyone with the right type of scanner scrape your information and track your whereabouts. Luckily, gadget geeks have come to the rescue again, this time with RFID-blocking wallets. Working on the same principle as the "phonekerchief", these wallets create a Faraday cage around your items, keeping their data secure until you take them out to be scanned where they're supposed to be scanned. Destroying the chip is simpler: just nuke it in the microwave for five seconds. Of course, whatever you're microwaving might burst into flames first...
UK experts agree that users should put in the leg work to find out which of their services were affected, and change their passwords accordingly.
"Change your passwords - but only after the affected website operators and internet service providers have implemented the patch to fix the bug," said Hugh Boyes, cyber security lead at the UK-based Institution of Engineering and Technology.
"Changing your password before the bug is fixed could compromise your new password."