Are Online File-Conversion Services Safe?

At Quora, I occasionally play, “Ask the expert”. Hundreds of my Quora answers are linked at the top right. Today, I was asked if it is safe to use free, online services that convert between file formats. For example, many web services allows you to upload a JPEG image and get back a PNG file. Others convert between DOC and PDF, or between popular video or audio formats.

Some of these services include additional processing. For example, stringing separate images together into a single animated GIF file—or rotating pages and adding a password within a PDF file. If you don’t have a locally installed program that does these things, is it safe to use these free, online services?

And what about the apps that you download and install? These present separate risks! But, with a little common sense, you can figure out which ones you can trust…


The short answer: It depends on the file type. A JPEG file that is processed via an online service is safe. SVG is not.*

A More Complete Answer…

There are three factors that relate to the safety of free online file converters:

  1. Is the target file type passive? That is, is it a data-only file that you will open with your own application. But watch out!

    Most—but not all—media formats (files that store pictures, music or video), cannot contain malicious code, unless you are tricked into opening them with the wrong program. Most of these formats simply direct your application to present pictures to your screen or audio signals to the speakers, without launching other apps or executing code that reads or writes to your device. But there are exceptions. Some popular formats support scripts, which are a form of program instructions. And, rarely, you may even be susceptible to execution of a data only file.*

    In my opinion, JPEG files are safe (including .jpg and .jiff file extensions). So are bmp, gif, mp3, avi, and mp4 files. But svg, doc and pdf files are not necessarily safe! These file formats permit javascript or other code which can be activated when you attempt to open the file. Therefore, if you use a service to create SVG, DOC or these other file types, be sure that you use your own applications to open it, and that you have configured your application to restrict execution on files that are downloaded from the Internet.

  2. Is there anything sensitive in your source material? (i.e. is your file confidential or embarrassing?). If so, it will be in the hands of strangers for all time. Do not use an online service to convert the file—nor even to store it, unless it is first encrypted on your device.
  3. Is there possibility of misdirection or error during the process? That is, could you be tricked into uploading the wrong file or revealing more information than you intended? For example, with deceptive tactics, a web service might slip you a routine that fools with your file associations. Now, a file ending with .JPG is no longer interpreted as an image, but contains an active and malicious threat.

Most Important: Never accept options that offers an upload manager, browser plug-in or “assistant”. These are programs over which you have no control! They often contain malware that threatens your data and your entire network. Helper apps and plug-ins should only be installed from rock-solid sources, such as the maker of your operating system or browser (Apple, Microsoft, Google) or from highly reputable, open-source projects.

Disambiguation: That last warning is about apps installed on your device, rather than online services. But, how can a non-techie be secure in their decision to download or install an app? Here is way to think about your options and safety: The maker of your app should fall into one of these two categories:

  • The vendor has a lot to lose if they fail to fully vet the context and security of an executable. This is typically true of large, audited, publicly funded companies like Adobe, Citrix or Google. (Being big does not inherently make them trustworthy, but it makes them very careful to verify their claims against internal practices).
  • —OR— The executable is offered via a reputable open source community with a broad base of technical and critical developers. It helps if developers are rewarded for finding and reporting bugs.

Online file conversion services fail these tests—But they are not locally installed apps. Remember, these last two tests are intended for apps that you plan to install, whereas online file-conversion services simply process data and return it to you. So to protect yourself from file-conversion programs that you download and install, you must ensure that they don’t install or interact with your other applications and data.

One way of ensuring this is to run in a sandbox or protected environment (as if you maintained a separate PC for use only with file conversions). The more practical way is to educate yourself on the vendor’s practices, reputation and history. A dedicated file conversion utility should interact only with files you select—and only to generate passive content that you open with your own applications.


* Even data-only files can be exploited. For example, malware can use a “buffer overrun” weakness to treat some of the music or photo data in your files as executable program code. But don’t worry. Although this might seem impossible to defend, such opportunistic exploits are unlikely if you have good antivirus protection, and if allow your trusted applications to update regularly.

Additional reading about SVG file format:

United Air: Public relations nightmare

Check out the last minute of this Jimmy Kimmel video. It is a spoofed TV commercial for United Airlines. Based on recent events, it seems pretty authentic. Kimmel’s monologue is pretty funny too!

I have heard from a few people who defend United—offering an explanation of overbooking policy—or the rude defiance of the Asian doctor that was dragged out of the plane bloodied and on his back (and apparently, with a broken jaw). But, no matter how you spin this, United was incredibly foolish to issue a patently offensive statement about how clients were unfortunately “reaccommodated”.
Yeah! I’ll agree that it was certainly unfortunate. But, I am not too sure about this being an example of airline accommodation. Check out the Twitter reaction.
Typically, these things blow over and the public searches for the next low fare—even if it is lower by only one dollar. But this time, I think that United may feel the pain. Their methods and the ensuing arrogance of CEO, Oscar Munoz, are tantamount to flipping a middle finger at paying passengers.
Good luck with that, United Airlines!

Blockchain can dramatically reduce pollution, traffic jams

The World Economic Forum has posted an article that hints at something that I have also suggested. (I am not taking credit. Others have suggested the idea too…But advancing tech and credible, continued visibility helps the idea to be taken seriously!)

I am not referring to purchasing and retiring carbon credits. I like that idea too. But here is an idea that can enable fleets of autonomous, shared, electric vehicles. Benefits to individuals and to society are numerous. And the blockchain makes it possible early in the next decade. It is not science fiction.

The future is just around the corner. Non-coin applications of the blockchain will support great things. Goodbye car ownership. Hello clean air! The future of personal transportation is closer than you think.

Read about it at the World Economic Forum.


Ellery Davies co-chairs Crypsa & Bitcoin Event, columnist & board member at Lifeboat, editor
at WildDuck and will deliver the keynote address at Digital Currency Summit in Johannesburg.

 

Getting your first Bitcoin; Choosing a wallet

There are at least four ways to acquire Bitcoin and three ways to store it…


Acquire Bitcoin: You can trade Bitcoin in person, accept it as a vendor, mine it, or buy on an exchange.

Store Bitcoin: You can keep your Bitcoin in an online/cloud service (typically, one that is connected to your exchange account), keep it on your own PC or phone, or even print it out and store it on a piece of paper. Like a physical coin, the piece of paper has value. It can be placed in your lock box or under your mattress.

Let’s look at the market for Bitcoin Wallets (all of these are free), and then we shall talk about Bitcoin exchange services. This includes my personal recommendation for the typical consumer or coin enthusiast…

1. Choosing a Wallet

You can start your search for a wallet on this page at Bitcoin.org. Use the drop down tabs to refine your search by platform: Mobile, Desktop, Hardware gadget or Web. Don’t overlook the web option. For many users, the wallet (and VAULT) included with an online exchange account is all you need.

Each wallet platform is further distinguished by operating system. For example, you can find a smartphone wallet for Android, Apple, Windows Mobile or Blackberry. Some popular apps are listed under more than one OS or platform.

When you click on any of the app logos, you will see a checklist of five key traits, according to reviewers at the Bitcoin Foundation:

  • Control over your money
  • Simplified validation
  • Basic transparency
  • Secure environment
  • Weak privacy

These are not necessarily critical traits/features. It depends on your needs and preferences. For example, everyone wants good privacy and security. But not everyone wants to control their private keys. That places the risk of loss, backup and/or the burden of inheritance issues on you, rather than a standardized recovery process. The feature comparison simply helps you to begin your own comparison and evaluation.

For Android users, my personal recommendation is Bitcoin Wallet by Andreas Schildbach (the logo is a tilted orange ‘B’). It is simple, secure, well maintained and very popular. (iPhone users: See my my suggestion in the recommendations, below).

2. Portable –vs– Online

Despite the simplicity and low cost of spending or sending Bitcoin between individuals and vendors, getting your first Bitcoin can be confusing, complex and even risky. For this reason, I suggest that Newbies open an account at a very established and trustworthy exchange.

In the near future, this will include most big banks. But for now, the safest and most reputable exchange is Coinbase in San Francisco. They are also the one with the highest level of regulatory compliance. Bitstamp of Slovenia and Great Britain is a close second. In my opinion, using either of these organizations as a currency exchange or a secure place to park your digital currency is a safe bet.

Both of these exchanges include a cloud wallet service that—when used properly—is safe and secure. But, because Bitcoin is still in its infancy, you will need to learn about sweeping funds into a ‘vault’ (to better protect against hacking) and you should also learn about portable backups and multi-sig (to protect your assets, in the event of forgetfulness, death or incapacitation).

With either type of wallet—device storage or online with an exchange—I recommend that you install and play with a portable wallet on your phone, just to get the hang of a few basic functions: Display wallet address for incoming money, Send money, Request money (i.e. send an invoice), and Pay with the QR-camera feature. All wallets serve these basic and critical needs.

Recommendations:

  • Coinbase is a most reputable exchange for buying/selling & storing Bitcoin
  • Bitcoin Wallet by Andreas Schildbach is an excellent choice for portable, secure storage. This app is available for Android phones only. Apple iPhone users may wish to try Bitcoin Wallet by Blockchain. I have not reviewed it. It has a slightly less friendly user interface but it is stable and very popular.

Related Reading:

Ellery Davies co-chairs Cryptocurrency Standards Association. He produces The Bitcoin Event, is board mem-
ber at Lifeboat Foundation and will deliver the Keynote Address at Digital Currency Summit in Johannesburg.

Is it Too Late to Get into Bitcoin and Blockchain?

At Quora, I occasionally play, “Ask the expert”. Several hundred of my Quora answers are linked at the top right. Today, I was asked “Is it too late to get into Bitcoin and the Blockchain”.

A few other Bitcoin enthusiasts interpreted the question to mean “Is it too late to invest in Bitcoin”. But, I took to to mean “Is it too late to develop the next big application—or create a successful startup?”. This is my answer. [co-published at Quora]…


The question is a lot like asking if it is too late to get into the television craze—back in the early 1930s. My dad played a small role in this saga. He was an apprentice to Vladamir Zworykin, inventor of the cathode ray tube oscilloscope. (From 1940 until the early 2000s, televisions and computer monitors were based on the oscilloscope). So—for me—there is fun in this very accurate analogy…

John Logie Baird demonstrated his crude mechanical Televisor in 1926. For the next 8 years, hobbyist TV sets were mechanical. Viewers peeked through slots on a spinning cylinder or at an image created from edge-lit spinning platters. The legendary Howdy Doody, Lucille Ball and Ed Sullivan were still decades away.

The Baird Televisor, c.1936

But the Televisor was not quite a TV. Like the oscilloscope and the zoetrope, it was a technology precursor. Philo T. Farnsworth is the Satoshi Nakamoto of television. He is credited with inventing TV [photo below]. Yet, he did not demonstrate the modern ‘cathode ray’ television until 1934.

Farnsworth demonstrates TV

The first broadcast by NBC was in July 1936, ten years years after the original Baird invention. (Compare this to Bitcoin and the blockchain, which are only 7 years old).

Most early TV set brands died during the first 10 years of production: Who remembers Dumont, Andrea and Cossor? No one! These brands are just a footnote to history! Bear in mind that this was all before anyone had heard of Lucille Ball, The Tonight Show or the Honeymooners. In the late 1950s, Rod Serling formed Cayuga Productions to film the Twilight Zone in New York. Hollywood had few studios for dramatic television production, and the west coast lacked an infrastructure for weekly episode distribution.

Through the 1950s (25 years after TV was demonstrated), there was no DVR, DVD or even video tape. Viewers at home watched live broadcasts at the same time as the studio audience.

The short answer to your question: No! It’s not too late to get into Bitcoin and the blockchain. IIn fact, we’re still in the very early era. The ship is just pulling into the dock and seats are mostly empty. The big beneficiaries of blockchain technology (application, consulting, investing or savings) have not yet formed their first ventures. Many of the big players of tomorrow have not yet been born.

At this early stage, the only risk of missing the Bitcoin boat is to assume that it is a house of cards—or passing fad. It is not! It is more real than the California gold rush. But in this case, prospectors are subject to far less risk and chance.


Ellery Davies is co-chair of Cryptocurrency Standards Association. He is also a frequent contributor to Quora and editor at A Wild Duck.

Bitcoin can arbitrage Netflix VPN workaround

I almost overlooked This Forbes article. It was published in June 2016. It is not about Bitcoin. Rather, it discusses the Netflix effort to thwart forbes-logoVirtual Private Networks (VPNs), which had been used to circumvent geographic content restrictions.

The  author describes a fascinating work-around. It probably doesn’t break any government law—although it most certainly violates the Terms of Service which users acknowledge when they sign up or log into their Netflix account.

The workaround begins in paragraph 4, with the title: “The Solution”. It describes a self-balancing market for p2p use of desirable residential IP addresses. For example: USA has the largest number of movie and TV titles. The author proposes an automated process of bidding for temporary remote control of USA Netflix subscriptions, using the subscriber’s internet connection as a gateway, while content is delivered to Beijing, Dubai or Fiji.

Effectively, Bitcoin is used as the backbone of a clever negotiating, bidding and settling mechanism. Since USA IP addresses have a premium value to foreign netflix-logo-01Netflix subscribers, it enales USA members to auction the temporary use of their Internet connections.

Of course, using Bitcoin to arbitrage the disparate value of residential Internet connections doesn’t explain the technical process of relaying movies through remote user gateways. That part is achieved by adding an arbitrage-activated VPN proxy into members who choose to bid or auction regional access. Netflix is looking for the IP addresses of commercial VPN gateways and not the IP addresses of its own individual members. Although, I have not yet tested the work-around described, it should be transparent to both users.

For me, this is a particularly elegant application of capitalist economics. In fact, I recently sold my patent on a similar bid-for-attention mechanism that stops Spam without blocking anything that each individual user would find desirable, even if it is unsolicited, commercial or sent in bulk.

The key information [excerpt from linked article]:

“Basically, the number of users trying to watch U.S. Netflix would vastly outnumber the users trying to watch Australia Netflix so U.S. connections would be oversubscribed. This can be resolved with a balancing mechanism with financial incentives, such as Uber surge pricing,” Yen told Forbes.

Bitcoin pile-s“When U.S. connections become oversubscribed, U.S. users would be able to make money by making their connections available while foreign users would have to pay more to access U.S. connections. Bitcoin could be used to facilitate these payments since it is anonymous, decentralized and has a low transaction cost.”

What makes this proposal so attractive, is that it thumbs a nose at any vendor that thinks that it can control the individual use or application of its product in the field for no good reason. (I consider geographic content restrictions to be  “No good reason”!). Regardless of EULAs and even national laws, in the end, it’s very hard to argue with grassroots phenomena and facts on the ground.

Hey! You’ll get no dog whistles here.

Ellery Davies is a frequent contributor to Quora. He is also co-chair of
Cryptocurrency Standards Association and chief editor at A Wild Duck

Why properly oriented photos jump back to rotated

A year ago, I watched my good friend, George, create a new account at a popular dating service. It wasn’t a hook-up site, but rather a serious forum for like minded, intellectual, Italian Americans.

George Clooney-sSure, Ellery!…I bet that it was you surfing the
dating service—and not your imaginary friend.

No, seriously. That’s him on the right.               »
Anyway, the first photo that George uploaded is the handsome close-up shown here. But to his surprise, the dating service displayed the sideways photo shown below.

George was surprised, because he recalled that the camera displayed it this way when his mom took the photo. He rotated it clockwise even before uploading to a PC. Now, it displays correctly on both his camera and on his computer screen. He thought that the sideways photo problem had been resolved. He even emailed the photo to me, and it looked fine on both my phone and desktop PC.

George Clooney-Couterclockwise« But there it is at ItalianStallions.com. Somehow, the photo had jumped back to sideways orientation. What gives?!

I started to give George a tip about permanently correcting the problem, but he cut me off…“Ellery”, he said—“I just want to meet Sheryl411. She has incredible eyes. I haven’t been so smitten since I met Amal!

With a remarkably low threshold for technology glitches, he decided to leave the sideways photo at ItallianStallions.com. “I can’t imagine that a reasonable girl would care” He said. “After all, women love my mug. They can rotate it after saving it to their drive—Or, they can simply ask my agent to send a signed, 8-by-10 glossy photo”.

I grimaced. In my opinion, the sideways photo broadcasts a not-too-subtle message—It says that the person seeking companionship is a Luddite, rather than America’s premier hunk. George’s character in the film Up in the Air was ruthless, but had so much more common sense.

George and I were still sitting on the back deck sipping Shirley Temples, when the alert appeared on his screen. Even before he reached out to any of the beautiful, eligible women at ItallianStallions.com, he had caught the eye of Sheryl411. What an incredible coincidence! But, sadly, her note to George was an unsolicited rejection letter:

Dear ‘Clooney-Actor-Hunk’,

I am fascinated by your wit and words—and I love your movies. I read about your break-up with Amal, and I just want to hold you to my breast and comfort you.

I wish that I could jet-set to your latest movie set in Casablanca or sail on your 164 foot yacht. But, I’m afraid that it is not meant to be. I could never date you…

If you can’t figure out how to make a sideways pic of yourself upright, then we are not a good match. I’m sorry… Darwin is making me do it.

I tried to sympathize with George. Sheryl411 represented his fantasy and passionate hopes. But Sheryl has a shorter tolerance for techno-averse actors than they do for figuring out how to rotate a photo.

So what is the problem—and how can it be solved?

In response, I am sharing with readers my reply to Sheryl. (I grabbed George’s laptop PC, and wrote this note back to the object of his lust)…

Dear Sheryl411,

I *love* your final comment to my friend George: “If you can’t figure out how to right a sideways pic…Darwin is making me do it”. Hawhh! And to think that I thought this was a problem related to a double-X chromosome!

It is, in fact, a tricky problem, because with some phones & cameras, the rotate-feature does not really rotate the image data. It only adds a tag that tells the display device that it should be rotated (90, 180 or 270 degrees). So, the user may see a properly oriented photo—even after they upload it to a PC. Yet, when they upload to the dating service, it jumps back to sideways. That’s because the dating site uses older rendering software that does not recognize the rotate instruction.

Sheryl411: George’s latest obsession

For this reason, I would give George a break (even though a sideways photo is one my pet peeves too!). Since cameras and PCs are not his thing, it can be tricky to realize that he needed to use the older method of rotating, which actually rotates and re-writes the image, rather than adding a rotate tag.

But wait! Things don’t really get better, because if you use an older process to truly rotate the image, it is likely to leave the embedded tag which tells newer devices to apply an additional rotation. Oy Gevalt! What to do?!

The best solution is to run a free utility, Autororate. It adds a right-click feature to your Explorer/browser. It rotates and re-saves an image file in place. If the file has a rotate tag, it syncs the underlying orientation and then strips the tag, with no loss of image quality.

And so, Sheryl—We have solved the problem. Now, that I have shown you that I know how to avoid sideways head shots, please consider dating  me  instead of George. He may be a hunk, but I have much more going on upstairs, if you know what I mean! 😉 Check out my dating site profile and my upright photos. If Darwin is your thing, visit my Blog, AWildDuck.com. You are sure to be impressed by my intellect, eclectic wit, charm, wry sarcasm and incredible modesty.

Your future date (or mate-?),
~Ellery


Epilogue:

I forgot to create my own dating page and give Sheryl my user name. So, she had no way to answer me. Later that night, she wrote to George asking for my contact information. (she could have used the Contact form here at Wild Duck).

When George saw her request, he went ballistic! He realized that I had put the moves on his girl. I have always thought of this Blog as a family-friendly site, and so I cannot relate the angry note that George sent to me. It drips with venom and profanity.

Today, Sheryl and I are married. George is still with Amal, and he is still angry with me. He refuses to rekindle our friendship, and so we don’t spend time on his Yacht or on set of his Casablanca movie (It is still being filmed). But we always see his films at the local theater and we raise a glass or two in his honor. After all, he introduced us!

No. I don’t really know George Clooney and I am not married to Sheryl411. I wrote this article to
explain JPEG image rotation. Yes, Sheryl411 is real, and she really can’t stand techno-Luddites.