Feed aggregator

Beer Growler Cozy Tutorial

Moogly - Wed, 07/24/2019 - 14:54

The Beer Growler Cozy Tutorial demonstrates how to crochet this fun and practical pattern that’s perfect year-round – in right and left-handed video tutorials! Disclaimer: This post includes affiliate links; materials provided by Red Heart and Clover USA. Beer Growler Cozy Tutorial: How to Crochet the Beer Growler Cozy – Right Handed How to Crochet...

Read More

The post Beer Growler Cozy Tutorial appeared first on moogly. Please visit www.mooglyblog.com for this post. If you are viewing this on another site they have scraped the content from my website without permission. Thank you for your support.

Categories: Crochet Life

Cryptozoic Announces Release of Epic Spell Wars of the Battle Wizards: ANNIHILAGEDDON Deck-Building Game

Cryptozoic - Wed, 07/24/2019 - 13:00

Cryptozoic Entertainment announced the limited release of Epic Spell WarsTM of the Battle Wizards: ANNIHILAGEDDON Deck-Building Game at Gen Con, August 1-4, followed by a full retail release in September. Fans who purchase any entry in the Epic Spell Wars series at Cryptozoic’s Booth #503 at Gen Con will receive the exclusive Studd Spellslammer & The Juice! Promo Card Set. Gen Con attendees can also buy the limited edition Epic Spell Wars of the Battle Wizards Statue.


Categories: Tabletop Gaming Blogs

OD&D Half-Orcs

Zenopus Archives - Wed, 07/24/2019 - 12:54
Orc or Half-Orc? 

An Orc by Greg Bell from OD&D Vol 1, looking more human than later depictions...

Half-orcs were first introduced into D&D in late 1977 in the Monster Manual in a section at the end of the entry for Orcs, which notes orc-human hybrids as just one type among others (orc-goblins, etc). Following Gygax's pattern of briefly introducing concepts and then expanding on them in later rulebooks, the next year's AD&D Players Handbook added them as a full-fledged character race. Here I imagine what the entries might have been had they been introduced back in the original D&D booklets and then carried forward.
Fictional LBB entry:
"Half-orcs: Generally feared, but characters are assumed to be of the rare type able to pass as human. While they may opt only for the fighting class, due to their warlike nature they may progress up to 9th level (Lord). They are able to speak the language of Orcs, and see well in dimness or dark but do not like bright light as noted in CHAINMAIL. Tribal affiliation should be noted (Orcs of the Mountains, etc) as there is often great inter-tribal hostility".
Fictional Greyhawk entry:
"Half-Orcs: Half orcish and half human, they are on average about five and half-feet in height, muscular in build, and weigh 180 pounds. Characters are assumed to be among the rare 1 in 10 half-orcs that can manage to pass as human. Like half-elves they gain some abilities from each heritage. Half-orcs have infravision and can see monsters up to 60' away in the dark."
In addition to working up to 9th level in fighter, half-orcs can work up to the 5th level (Cutpurse) as a thief, and those with 17 or 18 dexterity can work up as high as 6th level (Sharper) or 7th level (Pilferer), respectively. Half-orcs can work simultaneously as fighters and thieves, but no bonuses for abilities above the normal are then given, and earned experience is always divided evenly even if the half-orc can no longer progress in the thief class. When acting as thieves, half-orcs can wear only leather armor. 
Half-orcs with a wisdom score of 9 or more may also become Anti-Clerics (Clerics for Chaos), and only working up as high as 3rd level (Village Priest). If they so opt all experience will be divided in equal proportion between fighting and clericism."
Blackmoor would then add half-orc assassins with unlimited advancement.
Fictional Holmes entry:
"Half-Orcs — are part orcish and part human, about five and half-feet tall and muscular in build, weighing 180 pounds. Most look orcish, although the rare individual appears mostly human. Due to their competitive and combative nature they excel as members of the fighting class. Half-orcs have infravision and can see 60 feet in the dark, and can speak Common, albeit in a gruff and ungrammatical fashion, and the language of Orcs. A tribe of origin should be noted, such as Orcs of the Vile Rune, as the different tribes cooperate poorly and often fight among each other.
Also, in the CREATING CHARACTERS section add a minimum of 13 Strength and a maximum of 12 Charisma.
Notes: -The level limits are reverse engineered from AD&D. For other races, most of the maximum level limits of the LBBs are one lower than that in AD&D. So, a max fighter level of 10 in AD&D gives them a corresponding max level of 9 for the LBBs (this limit is not modified by Strength as this doesn't factor in AD&D for Half-Orc Fighters).
-For OD&D, no ability score adjustments as these are AD&D additions; dwarves, elves, and hobbits don't get ability score adjustments in OD&D.

-For the Holmes entry I modified the assumption that characters appear human, as he was less humanocentric than Gygax and half-orcs appear in several Boinger and Zereth stories:

  • "Trollshead" (Dragon #31) has a number of half-orc brigands. Being brigands, these wouldn't need to look human.
  • "The Sorcerer's Jewel" (Dragon #46) has four half-orc servants of a lady in town; this is what I was thinking of - they are quickly recognizable as half-orcs to Boinger, so that indicates they aren't mistaken for humans. So orcish-looking half-orcs are okay in town in Holmes' imagined setting.
  • "Witch-Doctor" (bonus story in Tales of Peril) also has a relatively civilized half-orc character.
Written up for a post in response to a query on OD&D Discussion.
See also:

20 OD&D Backgrounds which includes "Orcish".

Gygaxian Orc Tribes
Categories: Tabletop Gaming Blogs

Towering Temple

Ten Foot Pole - Wed, 07/24/2019 - 11:11
by Don MacVittie Hellebarde Games Castles & Crusades Levels 2-3

The temple of Anu-Hittain sits atop an unnamed mesa in the desert and welcomes all who visit. But the gates are closed and smoke is pouring from the temple high above. Can you discover what has happened?

This 23 page adventure details a temple with about three levels and about forty rooms … in about nine pages. It’s not terrible. The designer does a decent job with the read-aloud and the DMs text doesn’t generally overstay its welcome. The writing needs to be more evocative and the interactivity tends to the combat side of the house … or things that lead to combat. It reminds me a lot of the mid to late 1e era before the T$R text ran out of control. 

See that cover? It’s got little to do with the adventure; the entrance is at the base of the mesa and there’s no signs that the mesa is a temple except fot the entryway and some glass windows a little ways up. So, bad cover. 

With that out of the way, this isn’t bad. It’s not particularly good either, except in the way it generally keeps itself from being bad. The read-aloud tends to the short side of things. In and out. It also tends to mention features in the room for the party to investigate. A pile of crates mory decayed than the rest, or a pile of jewels in a fountain. This leads the party, naturally, to those locations and the encounter to follow: centipedes or water snakes. This is good. A good encounter is D&D results from a kind of back and forth between the players and the DM. The DM describes someplace generally. The players follow up on the details the DM mentions as the DM mentions moe specifics of the things they follow up on. It’s a social game, a back and forth. A writing style that encourages that sort of player/DM interactivity is to be appreciated. If the read-aloud mentions a body next to a door then the players investigate, notice burn marks, and maybe now know something more about the door. 

It does fall down a bit though in being evocative. Hallways are “long” and marble is “grey” or “white.” That’s not particularly evocative. English is a rich language and substituting other adjectives/adverbs for long, grey, white, large, big, small, etc can bring along an entire host of benefits. Richer words can bring an overloaded context with them, a richer meaning. Scrubbing out the boring words and replacing them, or a word or two extra (no more) more really kick up the read-aloud to another level and make the environments much more evocative.

You can see this in other areas as well. I hesitate to call this dullness, but its a kind of abstraction of detail that leads to a kind of bland flavour. “There are four statues of Doorne” (a desert god) or “there’s a statue of a woman.” These are kind of generic. The players are sure to ask what they look like. Providing two or three extra words for each of those major objects, in order to enrich them, in turn enriches the entire room and brings it more alive for the DM and for the players and they both benefit. The DM now has a richer view of the room and can ad-lib better, while the players have a more memorable experience from the read-aloud and then also from a more inspired DM. 

There’s an aside or two to the DM in the adventure which are appealing. In one case a zombie in the next room can rush to the aid of another room. “Well, rush as fast as a Zombie can.” Likewise, selling a looted idol is referred to as “Faithful of Doorne will not take the theft of this idol well.” These are nice notes that help convey moods and scenes to the DM without a lot of text.

Of course, Room 10 doesn’t tell us that the zombie from room 9 will come in help. That’s in room 9. Which is useless in room 10 because I’m not looking at the text for two rooms at the same time, am I? This is a common mistake that designers make, this kind of idea that the DM is going to hold the entire adventure in their head at once. Or, you need to read through and take notes … in which case why didn’t the designer make things clearer in the first place? 

There are some other gaps here. There’s some flinds you can talk to, but there’s no real notes on what they know or even any overview of the situation (in the beginning of the adventure) for the DM to paraphrase. Again, read and take notes and/or hold it all in your head. The DMs text also can get long in places. It generally does a good job of keeping it short and in using paragraph breaks and whitespace to organize its information well. It falls does though, usually, in trap rooms. It gets a bit pedantic in describing things which turns the DMS text in to a quarter page or more of text. Tighter editing and less prescriptive text would be the key here, perhaps with some use of bolding. 

It can revel a bit much in the history and former uses of places, which is NOT good DM text. It’s doesn’t do this enough to really make it hard to run, and usually only in rooms with nothing else going on. Still, its padding. I’ve included a couple of example of this at the end. They don’t really add anything to the adventure in terms of players interactivity. History and background rarely do. When they do then I’m ok with their inclusion, but otherwise they just tend to distract and make it harder to find the DMs text that you need to run the room.

I sorely wish that the interactivity were a bit better. It feels like most of it is related to combat. An alter, an opened sarcophagus. A disturbed corpse. A giant idol. The amount of screwing around with stuff that leads to something other than combat is rather rare. That leads to situations where the party is loathe to interact, which is ENTIRELY the wrong lesson to teach. Let’s not view this an extremist position, of course interactivity leading to combat is ok. But there needs to be some that doesn’t also. 

So, It’s ok. Not great. More interactivity, pruning back some of that DM text, more evocative writing. All of that would pop it up a notch or two. Still, not bad. But, in 2019, with the embarrassment of riches in adventures, is there room for Not Bad?

This is $6 at DriveThru. The preview is great at six pages, showing you about fifteen rooms. You can get an idea of the read-aloud, the nature of it and if its good enough for you. The good and bad things the DMs text does. It’s a good preview.


“It is the custom of this temple that each person, before heading down one of the adjoining halls, wash their feet in this pool. That was before the attack arose.”

“This is the embalming area. This lower level of the temple has most recently been dedicated to caring for the dead, and this room is where bodies were prepared for funeral. Sallim, with the help of his water priests, turned the embalmers’ equipment upon them while they were still alive. Then the priests raised them as Ghouls for reasons that Sallim did not understand.”

Categories: Tabletop Gaming Blogs

Let’s Go to TWIST Fiber Festival!

Knitted Bliss - Wed, 07/24/2019 - 11:00


I’m really excited to be taking part in the upcoming TWIST Fibre Festival, which is next month in a lovely, forest-filled area of Quebec August 14-18th. It’s the largest fibre festival in Canada, and while I’ve been in that part of the country before (it’s stunning) I’ve never been to the festival before… so I’m

The post Let’s Go to TWIST Fiber Festival! appeared first on %%www.knittedbliss.com%%.

Categories: Knitting Feeds

Wednesday Comics: Jimmy Olsen & Dragons

Sorcerer's Skull - Wed, 07/24/2019 - 11:00
Weirdworld: Dragonmasters of Klarn
Back in 2010, I gave the rundown of Marvel's fantasy series Weirdworld. Most of it was collected back in 2015, but the story "Dragonmasters of Klarn" from 1981-1982 in Epic Illustrated and Marvel Super Action #1 by Moench, Buscema, Nebres, and Severin got left out. Marvel corrected that this week with a thin but complete collection of this story. While it's probably not as good as "Warriors of the Shadow Realm" is very much worth checking out.

Superman's Pal Jimmy Olsen #1
Matt Fraction and Steve Olsen present a humorous tale of Superman's danger-prone pal (reminiscent in tone of Fraction's FF). Olsen is banned from Metropolis by his bosses at the Daily Planet (who tolerate the cost of insuring him because he's internet fandom is the only thing keeping the venerable paper afloat in the digital age) and winds up in Gotham! Easily my favorite read last week.

Of chests — and floors — and ceiling-attacks

3d6 Traps & Thieves - Wed, 07/24/2019 - 01:04
We often eat with our eyes first. That adage seems to apply to RPG monsters as well. Sometimes, no matter how deadly or inspiring a monster entry is - that all-important illustration can make-or-break even the most ancient of dragons or the most influential of demon lords. Some monsters have even been defined by their illustrations through the years. The mimic can change its shape to look like just about any dungeon feature or furnishing. But, those early illustrations of belligerent  treasure chests have fixed that image into just about everyone's minds.

After browsing enough poorly-researched "Worst/Dumbest Monsters in D&D" articles, I feel confident in this presumption. I've even seen blogs where the question is posed: "how does a mimic move?" The premise is that a killer treasure chest just doesn't have any obvious means of locomotion.

Personally, I've never had a party encounter a mimic in the form of a treasure chest. A wardrobe, sarcophagus, door, or gargoyle statue - yes. Even though it is specifically detailed in the Monster Manual entry, the mimic is still seen today as a "mouthy treasure chest monster." Though, to be honest, I do love the imagery of it. Still, I tend to lay the blame for this on the 2nd Edition Monstrous Manual.
One thing that turned me off from 2E was the tendency to explain and define everything. For me, all this accomplished was an increased word count and decreased interest. Suddenly, every monster entry had to fill at least an entire page. Personally, I don't feel that giant sea urchins deserve an entire page - barely a mention, actually.

Anyway, it seems to be the imagery that counts. Text is entirely negotiable. The mimic attacks with a lashing pseudopod. It doesn't even bite. Still, this is the current vision of the mimic - the tongue must be the pseudopod.
Again - I do like the imagery. I just sense some disconnect between the later editions of the game that expend so much effort in detailing every aspect of the adventure, only to have so much fall through the cracks. People who ask how a mimic moves don't seem to be paying much attention. Maybe the word, "amorphous" is too obscure for the casual reader. But, now, in 5th Edition - the mimic does have a bite attack! An acidic bite attack! The toothy maw became so popular that the game itself adapted.

Through the years, I've noticed that certain types of monster will get a bad rap. Some players seem to have issues with "surprise monsters." Those creatures that blend in with the dungeon and let you just walk into their hidden clutches. Kinda makes you feel dumb sometimes. Seems unfair. Never mind that this happens in nature all the time. These monsters just get under their skin and simply aren't realistic. You know - like the rest of the typical realistic D&D world. The idea of creatures specifically evolved to thrive in a ludicrous habitat like a typical dungeon is simply untenable, for some reason.

Monsters like the mimic. The lurker above. The trapper. Hey - I can see the point. These are very specific adaptations. Though, I mostly see the logic hand-waved to the machinations of mad wizards that create wacky monsters for fun and profit. That's never been my thing. For my own setting, I've made the mimic, lurker above, and trapper one-and-the-same monster. Yep. The mimic can look like anything of stone or wood. A chest, a ceiling, a floor. It has adhesive. It is amorphous. Seriously - why bother with three separate entries for the same kind of tricky, camouflaged, shapeshifting, ambush monster?

Along the same lines, come back next time for a little chat about the nifty relationship (in my setting) between the gelatinous cube and the slithering tracker.

Categories: Tabletop Gaming Blogs

Role-Play Rambling 4.1: Final Thoughts Pathfinder Playtest

Gamer Goggles - Tue, 07/23/2019 - 23:26

In the first episode of season 4 on Role-Play Ramblings Matt shares his final thoughts on the Pathfinder Playtest. He shares where he had hiccups in the playtest and what he liked about it.


Click here to view the video on YouTube.

What I didn’t mention in the video is that every player I’m playing with is sold on the game and have preordered the core book. My two boys were so fired up that I now have a full blown campaign based on the creation of their characters. I have never based an entire story on the how the players worked together during character creation that is just out of this world.

I didn’t go into spells that much either, but my players love the way the work and Joshua  – who always plays a Rogue – has made ten spell casters since the start of the playtest!



Categories: Tabletop Gaming Blogs

Echo City Update

The Splintered Realm - Tue, 07/23/2019 - 23:01
Believe it or not, I've got several irons in the fire for Sentinels of Echo City!

First up, I've released the first issue of a brief newsletter that I plan to have as an ongoing thing (yeah, I know... but I can try). It's one page. It's free. It's got some game stuff. It has a villain I've had on the back burner for over a year. Go get it.

Second of all, I've been working diligently on the next few issues of Doc Stalwart's adventures. I have had a rough outline of where I wanted the story to go, but I didn't really know how to get there... and then suddenly the thread to bring it all together emerged. Right now, I have a first draft done of issues 3, 4, and 5! I expect those will be out monthly for the next three months to get back on track with that. I've got an issue with the Norse gods, one on the moon, and one that ends up in the desert. I'm excited about this story arc, and where it's going. 

Your device, your choice: AdwCleaner now detects preinstalled software

Malwarebytes - Tue, 07/23/2019 - 21:40

For years, Malwarebytes has held firm to a core belief about you, the user: You should be able to decide for yourself which apps, programs, browsers, and other software end up on your computer, tablet, or mobile phone.

Basically, it’s your device, your choice.

With the latest update to Malwarebytes AdwCleaner, we are working to further cement that belief into reality. AdwCleaner 7.4.0 now detects preinstalled software.

What is preinstalled software? Preinstalled software is software that typically comes pre-loaded on a new computer separate from the operating system. Most preinstalled software is not necessary for the proper functioning of your computer. In fact, in some cases, it may have the negative effect of impacting the computer’s performance by using memory, CPU, and hard drive resources. 

Preinstalled software can be the manufacturer-provided systems control panel. It can be the long-outdated antivirus scanner. It can be the never-heard-of photo editor, the wedged-in social gaming platform, the all-too-sticky online comparison shopper. 

So, why remove it? Besides the potential for performance impacts, we simply feel that when you buy a device—whether that’s a laptop for school, work, or fun—you should have the right to choose which programs are installed. That right should also apply to the types of software that can show up preinstalled with a device, before you even had a say in the matter.

Preinstalled software applications can be difficult to remove. They linger, buzzing around your digital environment while dodging simple uninstall attempts. We want to change that.

We also want to be clear here: Preinstalled software is not malicious. Instead, for some users, preinstalled applications serve more as an annoyance.

Advanced users typically prefer to remove all non-essential applications from their systems. With the latest version of AdwCleaner, we extend that capability to users of all technical abilities. AdwCleaner now allows users the option to quarantine and uninstall unnecessary, sometimes performance-degrading, preinstalled applications.

Is there a pre-packaged app that is not necessary for your machine to run? You have the option to get rid of it. Is there a pre-installed, superfluous program taking up vital space on your computer? Feel free to get rid of it.
And if you accidentally remove a preinstalled application by mistake, the newest version of AdwCleaner allows you to completely restore it from the quarantine.

You should be able to choose the programs that end up on your device. With the latest update to Malwarebytes AdwCleaner, that choice is in closer reach.

The post Your device, your choice: AdwCleaner now detects preinstalled software appeared first on Malwarebytes Labs.

Categories: Techie Feeds

The Ecology Of The Eloi For Your Old School Campaigns

Swords & Stitchery - Tue, 07/23/2019 - 19:12
There are times when conversations with friends can be engaging and eye opening such as today when I got together with friends to discuss and play a bit of Mutant Future. We began the second half of the conversation that we were having two weeks ago about HG Well's Time Machine and the Morlocks Tonight we started to talk about the Eloi and the relationship between the Morlocks & the Eloi.Needleshttp://www.blogger.com/profile/11243274667834930867noreply@blogger.com0
Categories: Tabletop Gaming Blogs

Using Gary Gygax's D3 Vault of the Drow & Queen Of The Demonweb Pits With Astonishing Swordsmen & Sorcerers of Hyperborea - A Mini Campaign Part II

Swords & Stitchery - Tue, 07/23/2019 - 17:57
The PC's are hopelessly lost in the twisting churning tunnels that lead into the underworld of Gary Gygax's Q1 Queen of the Demonweb Pits.  Now this would seem to be the end of the saga but instead I propose that its just the beginnings of the problems for the PC's. They've incurred the wraith of a whole people & they've destroyed the avatar of one of the most powerful demons of the Abyss. Needleshttp://www.blogger.com/profile/11243274667834930867noreply@blogger.com0
Categories: Tabletop Gaming Blogs

Malaysia Airlines Flight 17 investigation shows Russian disinformation campaigns have global reach

Malwarebytes - Tue, 07/23/2019 - 15:54

A little background: on July 17, 2014, Malaysia Airlines Flight 17 was shot from the sky on its way from Amsterdam to Kuala Lumpur above the Ukraine. The plane was hit by a surface-to-air missile, and as a result, all 298 people on board were killed.

At that time, there was a revolt of pro-Russian militants against the Ukrainian government. Both the Ukrainian military and the separatists denied responsibility for the incident. After investigation of the crash site and reconstruction of the plane wreck, it was determined that the missile was fired from a BUK air defense missile system.

The BUK systems originated from the former Soviet Union but are in use by several countries. Three military presences in the region possessed the weaponry identified as behind the damage. (There were also Russian forces in the region as “advisors” for the separatists.) For this reason, it was difficult to investigate who was responsible for the attack.

Here’s where cybersecurity comes into play. Social media and leaked data played an important role in this investigation. And they also play an important role in the propaganda that the Russians used, and are continuing to use, to invalidate the methods and results of the investigation.

By following the cybersecurity breadcrumbs, we can determine which information released online is legitimate and which is a deliberate disinformation. However, most casual readers don’t go that far—or can’t—as they don’t have the technical capability to validate information sources.

How can they (we) sort out fiction from fact? Here’s what we know about the investigation into MH17, Russian disinformation, and which countermeasures can be put in place to fight online propaganda.

The investigation

On June 19, 2019, the Joint Investigation Team (JIT) that was set up to investigate this incident issued warrants for four individuals that they hold responsible: They are three Ukrainian nationals and one Russian national. They were not the crew of the BUK missile launcher, but the men believed to be behind the transport and deployment of the Russian BUK missile launcher.

The Netherlands had already held Russia responsible at an earlier stage of the investigation because they found sufficient information to show that the BUK launcher originated from Russia and was manned by Russian soldiers. Both the Ukraine and Russia have laws against extradition of their nationals, so the chances of hearing from the suspects are slim-to-none. So how can we learn exactly what happened?

Finding information

Immediately after the incident, the JIT started to save 350 million webpages with information about the region where the incident took place. These pages were saved because otherwise important information could be lost or removed. By using photos and videos that were posted on social media, they were able to track back the route that the BUK system took to reach the place from which the fatal missile was launched.

Dashcams are immensely popular in Russia and surrounding countries, because they provide evidence in insurance claims. So there was a lot of material available to work with. And the multitude of independent sources made it hard to contradict the conclusions. Also, part the route could be confirmed by using satellite images made by Digital Globe for Google Earth.

By using VKontakte (a Russian social media platform much like Facebook), a Bellingcat researcher was able to reconstruct the crew that manned the BUK system at the time of the incident. And the Ukrainian secret security service (SBU) gladly provided wiretaps of pro-Russian separatists “ordering” a BUK system and coordinating the transport to the Ukraine. Bellingcat was even able to retrieve a traffic violation record confirming the location of one of the vehicles accompanying the BUK system.

Because Bellingcat is a private organization, it has fewer rules and regulations to follow as the official investigation team (JIT), which gives them an edge when it comes to using certain sources of information. If you are interested in the information they found and especially how they found it, you really should read their full report.

If nothing else, it shows how a determined group of people can use all the little pieces of information you leave behind online to draw a pretty comprehensive picture. In fact, researchers have reasons to believe that Bellingcat was stirring up enough dirt to become the target of a spear-phishing attack attributed to the Russian group Fancy Bear APT.

These attacks are suspected to have been attempts to take over Bellingcat accounts enabling the Russians to create even more confusion. The Dutch team that investigated the incident scene reported phishing and hacking attempts as well.

Creating disinformation

Russia has a special department of disinformation called the Internet Research Agency (IRA) which headquarters in St.Petersburg. They started an orchestrated campaign to put the blame for the incident with the Ukrainian military.

While the IRA would love to influence international opinion about what happened to MH17, there’s way too information (aka facts) out there that would prove them wrong. Instead, they are focusing on their domestic audience to influence the country’s own public opinion. Knowing that their government shot down a commercial airliner would not go down well. So, blogs were written that blamed the Ukrainian military and many thousands of fake accounts started pointing to those blogs. In the first two days after the disaster alone, this amounted to 66,000 Tweets. 

Every time the JIT issued new information about their findings, the IRA started a new campaign with “alternative” information. This prolonged campaign and the sheer mass of disinformation did have one advantage. The platforms that the IRA used were able to gather a lot of information about the operation and link the social media accounts that were involved.

In 2018, Twitter issued an update mentioning the IRA as they removed almost 4,000 Russian accounts believed to be associated with the group, which amassed:

10 million Tweets and 2 million images, GIFs, videos, and Periscope broadcasts

Twitter certainly wasn’t the only platform the IRA used to spread disinformation, but it’s the only platform that disclosed their information about the “fake news factory.” You can find the same disinformation posted on Facebook, VKontakte, and in the comments sections of many websites.

Their goal is simple. When the public reads 20 different stories about the same news item, they no longer know which one to believe. An interesting version promoted by the IRA was that the BUK missile must have been intended for a plane that Russian president Putin was traveling in and which had presumably passed shortly before the incident. It’s easy to track down information proving that this wasn’t true, but most readers won’t go that far.

Yet another conspiracy theory linked the Ukrainian military with Western governments. Russia has a long history of conspiracy theories that are used both to entertain the audience and to lead them away from reality.

Countermeasures against disinformation

Since 2016, the US has become aware of Russian interference in online information, communications, and even elections—but we haven’t found a surefire fix for fake news. Europe caught on a bit earlier, but in the interest of undermining democracies, a simple piece of disinformation can unravel hundreds of years of progress.

Before the United States figured out how to respond and while Europe was cautiously evaluating the online landscape, their adversaries were able to evolve and advance their disinformation techniques. Russia is not alone: there are other nations that would like to see democratic societies upended. Iran, North Korea, and China are learning from the Russians how to play the game of disinformation.

Obvious methods to counter the possible influence of disinformation are education, finding trusted sources, and transparency. But even in a democracy, these are not always the first resort for those in powerful positions.

Education empowers people to make up their own mind based on gathered information. Transparency gives them the tools to make decisions based on facts and not fiction. And finding trusted sources means first digging deep into their backgrounds, learning whether their methods of reporting are honorable, and establishing a consistent pattern of truth-telling.

You can ask yourself whether it is a good strategy to rely on the self-moderation that has been imposed on social media platform, but at the moment this is our first line of defense. US Congress has prepared legislation that would increase ad transparency, govern data use, and establish an interagency fusion cell to coordinate government responses against disinformation, but these are all laws waiting to be passed for now.

Unlimited research

Another question that is reflexively brought up by this matter is how we can increase the effectiveness of official investigators like JIT to the level of Bellingcat without giving them a free pass to hack their way into every imaginable system.

An official international “police force” might be needed to conduct investigations for the international courts that already are in place, with warrants to demand information from any source that might have it. However, this doesn’t work when suspects, such as those in the MH17 investigation, are protected from the law if they stay in their own country.

We know the courts and investigators should be provided with more adequate ways to gather evidence, but this is no easy matter to solve without jeopardizing the very free will we are trying to protect. It will require a lot of diplomacy and negotiation if we ever want to achieve this.

A little warning

Since the interest in this incident has risen again after the official disclosure of some of the main suspects, we may see a revival of MH17-related phishing campaigns. Previous campaigns pretended to be memorial sites for the victims but lead victims to fake sites that seduced visitors to allow push notifications or to download video players infected with PUPs or malware.

Stay on the lookout, as cybercriminals—whether of Russian origin or not—are always looking to capitalize on tantalizing news stories or moments of public confusion.

And when in doubt, the best advice we can give is to be cautious when exploring the Internet and view any information you read through the lens of caution. Find your trusted sources, educate yourself, and look for those who are transparent.

Stay safe, everyone!

The post Malaysia Airlines Flight 17 investigation shows Russian disinformation campaigns have global reach appeared first on Malwarebytes Labs.

Categories: Techie Feeds

How to Build a Sharpshooter Who Wins D&D (If the Rest of Your Group Doesn’t Mind)

DM David - Tue, 07/23/2019 - 11:15

The massive damage inflicted by characters built on the Sharpshooter feat can overshadow other characters and make potentially interesting encounters resemble an execution by firing squad. See Sharpshooters Are the Worst Thing in D&D, but That Speaks Well of Fifth Edition.

Sharpshooter lets characters exchange -5 to hit for +10 damage. Many players combine it with Crossbow Expert, which lets a character wielding a hand crossbow trade a bonus action for an extra attack.

This post reveals how to build on Sharpshooter to create characters able to deal the most damage. Before you play these characters, consider whether they fit your gaming group.

If your group likes pitting optimized characters against a dungeon master who thinks a Remorhaz makes a suitable first-level foe, these builds fit.

If you want to show off your min-maxing skills, skip the sharpshooter. Such easy builds may fail to impress.

Optimal sharpshooters shoot hand crossbows rapid-fire. Does the flavor of your campaign fit a character firing a toy crossbow with the manic speed of a Benny Hill clip? I suppose some players fancy a character who resembles a genre-bending gunslinger, but I suspect the build’s massive damage draws more players than its flavor. (In second edition, the highest damage came from muscle-bound characters throwing darts. No one played that for flavor either.)

In groups more interested in roleplaying and exploration, players might not mind letting your sharpshooter showboat during the battles. Or perhaps others in the group feel content in roles other than damage dealing. Perhaps the bard and wizard both enjoy their versatility, the druid likes turning into a beast and soaking damage, and nobody minds letting you finish encounters at the top of round 1.

Before playing an optimized Sharpshooter, ask your group.

Building a sharpshooter

The Sharpshooter feat is powerful because it makes each attack deal excessive damage in exchange for a manageable penalty on to-hit rolls. To make the most of Sharpshooter, create a character who (1) makes lots of attacks and (2) minimizes the penalty to hit.

Without feats or off-hand attacks, a rogue only gets one attack per turn. And with one sneak attack per turn, rogues want to be sure to hit. Taking a -5 to-hit penalty adds to the risk of losing a sneak attack. A ranged rogue can often reduce the risk by attacking from hiding to gain advantage, but Sharpshooter only makes a decent feat for a rogue, not a strong one.

Ranger and fighter make the best classes for sharpshooters. Both classes gain extra attacks through their careers, and both offer the Archery fighting style, which grants +2 to hit with ranged attacks.

Choosing a race

Most players interested in playing a sharpshooter opt for a human character. Humans can take Sharpshooter at level 1, and then Crossbow Expert at 4. Bring on the Remorhaz!

Still, levels 1-3 go fast, so an aspiring sharpshooter can choose another race without playing too long with a merely balanced character. An elf can more easily reach a 20 Dexterity while taking Sharpshooter at level 4, and then Elven Accuracy at level 8. When you have advantage on a Dexterity attack, Elven Accuracy lets you re-roll one of the dice. For most characters, this makes a weak benefit, but a fighter who chooses the Samurai archetype usually attacks with advantage. Oddly Elven sharpshooter Samurai make good characters. (But please invent an interesting backstory.)

For a crossbow-wielding sharpshooter, choose a human. At level 1, take Crossbow Master. At level 4, take Sharpshooter. (The fast advance to level 4 means a short wait for both feats.) At levels 8 and 12, increase your Dexterity.

For a longbow-wielding sharpshooter, choose a human or, for a samurai, an elf. Take Sharpshooter for your first feat, and then focus on increasing Dexterity to 20.

Building a fighter sharpshooter

Fighters can combine the Archery fighting style with more extra attacks than any other class. Action Surge lets fighters unload an extra round of attacks. Such bursts let sharpshooter-fighters kill legendary monsters in a turn, and lead the rest of the party to wonder why they showed up.

Conventional wisdom suggests that ranged attackers typically suffer weak defenses, but not fighters. Ranged fighters skip shields, but they have all the hit points and armor proficiency of a front-line fighter. Plus a crossbow expert proves deadlier in melee than a great weapon master.

The Battle Master and Samurai archetypes combine particularly well with Sharpshooter.

Battle masters gain four or more Superiority Dice that they can spend on combat maneuvers. The battle master’s Precision Attack maneuver helps make your sharpshooter attacks hit despite any penalties. “When you make a weapon attack roll against a creature, you can expend one superiority die to add it to the roll.”

Samurai gain 3 or more uses of Fighting Spirit. “As a bonus action on your turn, you can give yourself advantage on weapon attack rolls until the end of the current turn.”

Advantage from Fighting Spirit helps your Sharpshooter attacks hit despite any penalties. However, the feature takes a bonus action, which makes it a bad match for a crossbow expert. If your self respect prevents you from using a toy crossbow, play a Samurai.

For a longbow-wielding fighter, choose a human or elf. Choose the Samurai archetype. Take Sharpshooter for your first feat, and then focus on increasing Dexterity to 20. Elven characters can then opt for Elven Accuracy.

At level 15, the Rapid Strike feature often lets Samurai take as many attacks as a crossbow expert. “If you take the Attack action on your turn and have advantage on an attack roll against one of the targets, you can forgo the advantage for that roll to make an additional weapon attack against that target, as part of the same action.”

Building a ranger sharpshooter

Rangers can combine the Archery fighting style with an extra attack at level 5 and more attacks at higher levels.

For example, at level 11, rangers with the Hunter archetype use the Volley feature to launch attacks against every target in a 10-foot radius.

The best ranger sharpshooters choose the Gloom Stalker archetype. These rangers gain an extra attack on the first turn of combat, and also add an extra 1d8 to that attack’s damage. By level 5, a human with a hand crossbow can start every fight with 4 sharpshooter attacks. With a just a little luck, that amounts to 80-some points of damage. How many foes will live to the second round? Gloom stalkers can also add their wisdom to their initiative, so ask, “How many foes will live to their turn?”

At 11th level, the Stalker’s Flurry feature minimizes the chance of missing despite any penalty from Sharpshooter. “Once on each of your turns when you miss with a weapon attack, you can make another weapon attack as part of the same action.”

Categories: Tabletop Gaming Blogs

Dark Albion, HP Lovecraft's Dreamlands, & The Dungeons & Dragons PC Races For Old School Campaigns

Swords & Stitchery - Mon, 07/22/2019 - 18:37
Three times Randolph Carter dreamed of the marvelous city, and three times was he snatched away while still he paused on the high terrace above it. All golden and lovely it blazed in the sunset, with walls, temples, colonnades and arched bridges of veined marble, silver-basined fountains of prismatic spray in broad squares and perfumed gardens, and wide streets marching between delicate treesNeedleshttp://www.blogger.com/profile/11243274667834930867noreply@blogger.com0
Categories: Tabletop Gaming Blogs

On Failing High Level Play

Hack & Slash - Mon, 07/22/2019 - 17:58
The biggest sin in high level adventure design is designing low-level adventures and calling them high level adventures. It's almost as bad as sticking random monsters in random rooms and writing dozens of pages of stuff that happened before the players got there.

Here's how you successfully design high-level adventures.

High Level AdventurePart of the fun is  as you advance in the game, abilities and priorities change. Each game, each edition, goes through different phases as the players level. This is either explicit (e.g. 4th edition's level 'tier' list), implicit (5th editions power bumps at certain levels), or latent within the structure of the game (Gaining followers and needing to build a castle in 1st edition).

High-level characters have the ability to solve problems in ways that are particular to them. They don't have to accept situations. The largest flaw with most published high-level adventures is designing a limited environment and then removing the tools the players earned to force them into that environment. That isn't the way to do it.

Superior high level adventure design requires the following:

It must be player driven

post-teleport and army, players have options to redefine engagement. They can plane shift, turn invisible, fly, shadow step, or use any manner of shenanigans to be very selective about their engagements.

This means modules who's contents are dependent on forcing the player's into situations are either going to fail "pffft, I go ethereal and go home" or require you to remove their abilities often to the detriment to the setting itself, i.e. causing whole areas to be anti-magic or coming up with effects to nullify travel.

It is important we understand the nuance here—having dead magic zones or areas where planar contact is cut off or fly spells don't work is great, as long as it is a part of the setting players can visit. If your adventure site is set up that way, then it's a challenge, as long as the players choose to be there.  These things are fundamental to your campaign setting, they are the background rules for the world. When used as a tool to force an adventure, they are bullshit.

Combat must have secondary goals

One continual failure of high-level play are the amount of encounters set up with the expectations that players will fight them. It is not a safe assumption that players will need to fight a single encounter in your adventure, and if they do, it's likely they will do so on their terms.

The way you make combat satisfying is that you create situations that require the players to engage in combat to accomplish their goals. In a high level adventure, non-penultimate and ultimate fights shouldn't be designed with the expectation that players will fight them in any sort of traditional sense. They might teleport them a mile into the air, charm them to fight each other, or just create a hellish inferno filled with fireballs, rather than rolling initiative.

So combats should always be designed with the idea that there is a danger that attacks them while trying to accomplish a secondary goal. They want to open the warded door? The room fills with shadows. They find a room with prisoners, they have to save them before they are killed by demons. Always view any combat encounter as a difficulty that besets the players as they try to accomplish a task.

Is this somewhat reasonably difficult to do? Yes. That is why people are paying you to design an adventure instead of doing it themselves.

Countering without nullifying player abilities

You do have to address the players abilities to subvert encounters, but you want to do so as part of the encounter. High level players do a lot of things, you should count on them being able to do those things, not try to prevent them. Some examples follow.

Discovering the truth Assume your characters can speak with dead or force people to tell the truth, you just have to insure that telling the truth creates adventure instead of limiting it.

Flying All characters and all classes will have the ability to not engage in combats on the ground. Make sure both your encounters and environments take this into account. Will something happen when people take to the air? How do these people defend against flying intruders?

Scouting player characters can retrieve amazing amounts of information by seeing through walls, casting spells that will give specific treasure and head-counts. This ability begins as early as level 3 when players begin to use extra-sensory perception to find out head counts.

Don't create encounters that depend on the players not having their abilities or information. Create a situation where the information the characters receive creates new problems and challenges.

Abandoning the "Explore & Clear" philosophy

Hostile spaces that challenge high level adventurers, should not be 'clearable' areas. High level characters have plenty of opportunity to clear small dungeons and lairs, and such an adventure will probably not take them long, a half-hour of table planning, executing the strike, and then returning will usually not occupy more than an hour or so of gametime. So it's important that high level adventure sites are intrinsically difficult to clear, like a gateway to hell. Players won't be able to explore and kill everything in hell.

Create an adventure site that simply does not let the players gain a foothold without needing to bring other campaign resources to bear. This can include an entire fortification and city (like a giant or dwarven city), a animal lair like a giant ant hive, wizard realms with demi-planes.  Consider your adventure environment and ask yourself why the players don't just flood it with water or poison everyone inside.

Long-term consequences to choices

When designing adventures for high level characters, insure that the adventure regardless of how the players interact with it, creates consequences. You can't force players of this level to engage in activities. So make sure they understand the stakes. Do not get frustrated because players are willing to accept those consequences, that is part of the point of playing the game. They may decide to ignore your adventure location, which is a great opportunity to create new adventures—ones they might partake because they want to undo or change those consequences.

It's important to avoid a 'punishment cascade'. This is where you create a penalty for what will happen if the players refuse the call, so they won't refuse the call. Then when they do, you develop an emotional reaction ("How dare they! I spent time on this! It's disrespectful!") and so you escalate the consequences. A classic example is the players choosing to kill some non-player character that the referee is sweet on, so the encounter becomes magically tougher to punish them.

You create the long term consequence so they players can make a choice. If you make the consequence so bad, you're not really providing a choice. Some players will often feel this pressure for consequences you didn't design to be that punishing. High level campaigns thrive on organically derived play, so grant your players the opportunity to do that.

Allowing characters time to shine
I mean, hell, how many 11th level wizards have you played. Give them hordes of enemies to cut down, let situations occur where they can easily solve problems that would destroy lower level players. Set a demonic outsider right in front of the Paladin and let him melt it in one shot. Create an entire pillar of adventure a skilled thief can obviate with two skill checks. Put enough targets near your fighters and their armies to drop a whole battle unit every round.

Reaching high level is an achievement. Create multiple situations that are trivially solved by specific high level abilities. It's fun for the players to subvert expectations and turns into memorable situations. This is not as difficult as it seems, generally I'd throw in 2 extra dragons so the 15th level barbarian had something to do for 3 rounds. Accept the reality of high-level play.

Fatal dead ends
The feeling of risk should not be gone. High level mechanical play involves a lot of consistent results with occasional chaotic outliers. High level characters will generally save on a 2+, are almost untargetable or unhittable, are immune and resistant to multiple types of damage, and have many many resources to avoid danger. They will minimize any encounter that interacts with them mechanically because of their ability to address this.

So create and design encounters that side-step the mechanical systems. To wit:

"anyone in the room when the ceiling collapses dies under several tons of rock, no saving throw"

It is important that this is telegraphed of course. These aren't gotchas, but letting the players know that in spite of all their protections, they can still be crushed by Godzilla.

The important thing for design, is that these fatal encounters or parts of encounters again put something at stake for the players. Being high level usually allows them to avoid these consequences, so good adventure design for high-level characters includes situations where things are again at stake.

This is just part 1, part 2 will cover understanding the scope of high level play and examining what high level characters are capable of at higher levels of dungeons and dragons.

If you want to see these things in practice, check out Eyrie of the Dread Eye. It has only ever recieved 5 star reviews. It's one of the highest rated products ever released. One of the most critical reviewers called it one of the best adventures he's ever read. It contains in practice, each of the following above points. If you want to know what a good high level adventure looks like, well, for 5$, there's your answer.

The only reason this blog is still available and not dead while I work full-time as a writer illustrator, is because of the support it receives on patreon. Thank you to all my Patreons! 

Hack & Slash FollowGoogle +NewsletterSupportDonate to end Cancer (5 Star Rating)
Categories: Tabletop Gaming Blogs

A week in security (July 15 – 21)

Malwarebytes - Mon, 07/22/2019 - 15:50

Last week on Malwarebytes Labs, we took an extensive look at Sodinokibi, one of the new ransomware strains found in the wild that many believe picked up where GandCrab left off. We also profiled Extenbro, a Trojan that protects adware; reported on the UK’s new Facebook reporting tool, homed in on new Magecart strategies that render them ‘”bulletproof;” identified challenges faced by the education sector in the age of cybersecurity; and looked at how older generations keep up with the fast-paced evolution of tech.

Other cybersecurity news:
  • An exploit called Media File Jacking gives hackers access to the personal media files of WhatsApp and Telegram users, allowing for the interception, misuse, or manipulation of files. (Source: Venture Beat)
  • Remember the Zoom webcam vulnerability? RingCentral and Zhumu, two other video conferencing software programs, are also affected by the same flaw. (Source: BuzzFeed News)
  • A bug in Instagram that allows someone to bypass 2FA to hack any account was made public. Facebook quickly fixed the issue. (Source: Threatpost)
  • Sodinokibi isn’t the only ransomware borne from older ransomware. DoppelPaymer emerged from BitPaymer, too. (Source: Bleeping Computer)
  • Schools continue to be vulnerable on the cybersecurity side. And while ransomware is their current big problem, DDoS attacks are the second. (Source: The Washington Post)
  • FaceApp has been in hot water these past few days due to its connection with Russia. The company broke its silence and denied storing users’ photographs without permission. (Source: The Guardian)
  • EvilGnome, a new backdoor, was found to target and spy on Linux users. (Source: Bleeping Computer)
  • To prove a point, researchers made an Android app that targets insulin pumps, either to withhold or give lethal dosages of insulin, threatening patient lives. (Source: WIRED)
  • Some browser extensions are found to have collected browsing histories of millions of users. This gigantic leaking is dubbed DataSpii, and Chrome and Firefox users are affected. (Source: Ars Technica)
  • Meet Ke3chang, an APT group that are out to get diplomatic missions. (Source: ESET’s We Live Security Blog)

Stay safe, everyone!

The post A week in security (July 15 – 21) appeared first on Malwarebytes Labs.

Categories: Techie Feeds

Layers by Kristin Omdahl: a Knit and Crochet Book Giveaway

Moogly - Mon, 07/22/2019 - 15:00

Kristin Omdahl has debuted two new books: Layers: 18 Crochet Projects to Fit, Flatter & Drape and Layers: 19 Knit Projects to Fit, Flatter & Drape – that’s 37 gorgeous new patterns! To celebrate their launch, I have a quick guest post from Kristin telling us more about these books – and a giveaway for...

Read More

The post Layers by Kristin Omdahl: a Knit and Crochet Book Giveaway appeared first on moogly. Please visit www.mooglyblog.com for this post. If you are viewing this on another site they have scraped the content from my website without permission. Thank you for your support.

Categories: Crochet Life

Parental monitoring apps: How do they differ from stalkerware?

Malwarebytes - Mon, 07/22/2019 - 15:00

In late June, Malwarebytes revived its long-running campaign against a vicious type of malware in use today. This malware peers into text messages. It pinpoints victims’ movements across locations. It reveals browsing and search history. Often hidden from users, it removes their expectation of, right to, and real-world privacy.

But after we recommitted our staunch opposition to this type of malware—called stalkerware—we received questions about something else: Parental monitoring apps.

The capabilities between the two often overlap.

TeenSafe, which retooled its product to focus on safe driving, previously let parents read their children’s text messages. Qustodio, recommended by the Wirecutter for parents who want to limit their children’s device usage, lets parents track their kids’ locations. Kidguard, clearly named and advertised as a child safety app, lets parents view their children’s browsing and search history.

Quickly, the line becomes blurred. What are the differences between stalkerware apps and parental monitoring apps? What is an “acceptable” or “safe” parental monitoring app? And how can a parent know whether they’re downloading a “legitimate” parental monitoring app instead of a stalkerware app merely disguised as a tool for parents?

Malwarebytes Labs is not here to tell people how to parent their children. We are here to investigate, report, and inform.

Knowing what we do about parental monitoring apps—their capabilities, their cybersecurity vulnerabilities, and their privacy implications—our safest recommendation is to avoid these apps.

However, we understand the digital challenges facing parents today. Cyber bullying remains a constant concern, violent images and videos profligate online, and extremist content lingers across multiple platforms.

Diana Freed, a PhD student at the Intimate Partner Violence tech research lab led by Cornell Tech faculty, said she understands the appeal of these tools for parents. They advertise safety, she said.

“I believe that when parents are putting these apps on someone’s phone, they’re trying to do it to make their child safer,” Freed said. “They’re not saying ‘I don’t want my child to not have privacy.’ They think they’re doing the best they can to make this a safer place for their child.”

However, Freed explained, there is a lot to these apps that parents should know.

“Let’s assume that everyone is a good actor and wants to do the right thing,” Freed said. “But it is a matter of, is it clear to that parent what these apps are doing?”

What’s the difference?

Multiple privacy advocates and cybersecurity researchers said that, when comparing the technical capabilities of parental monitoring apps to those of stalkerware apps, the light that shines between the two is dim, if not entirely absent.

“Is there a line between legitimate monitoring apps and stalkerware apps?” said Cynthia Khoo, author of the CitizenLab report on stalkerware “Predator in Your Pocket.”

She answered her own question:

“On a technological level, no. There is no differentiation.”

Khoo explained that, when working with her co-authors on the Predator in Your Pocket paper, the team initially struggled with how to address monitoring applications that advertise themselves in benign, non-predatory ways, yet provide users with reams of sensitive information. It is the famous “dual-use” problem with stalkerware: some apps, though not advertised or designed for invasive monitoring, still provide the same capabilities.

That struggle disappeared though, Khoo said, when the team realized that apps could be evaluated by their capabilities, and whether those capabilities could violate the laws of Canada, where CitizenLab is located.

“We realized that if an app is not just providing location monitoring, if it’s collecting information from social media accounts, the private contents of someone’s phone—in Canadian law, that could be seen as unlawful interception of someone’s phone, unauthorized access to someone’s computer,” Khoo said. “Regardless of branding or marketing, that’s a criminal offense.”

Emory Roane, policy counsel at Privacy Rights Clearinghouse, said that, not only are the technical capabilities of stalkerware apps and parental monitoring apps highly similar, the capabilities themselves can be found within the type of hacking tools used by nation states.

“If you look at the capabilities: What results can be gathered from devices implanted with stalkerware versus devices hacked by nation states? It’s the same,” Roane said. “Turning on and off the device remotely, key loggers, tracking via GPS, all of this stuff.”

Roane continued: “We have to be very careful about the use of these by parents.”

Both Roane and Khoo also warned about the lack of consent allowed by many of these apps. Some stalkerware apps, like mSpy, FlexiSPY, and Hoverwatch, can operate entirely hidden from view, absent from a device’s app drawer.

Some parental monitoring apps offer the exact same feature.

Particularly concerning, we found that the app Kidguard actually reviewed the stalkerware app mSpy on its own website. In the list of pros and cons for mSpy, Kidguard listed the following as a positive:

“Operates 100% invisibly, cannot be detected.”

This invisible capability is a clear warning sign about any monitoring app, Khoo said.

“There is no legitimate reason or need to hide surveillance if it is truly for a genuine, good faith, legal, legitimate purpose,” Khoo said. “If you have the person’s consent, you don’t need to hide. If you don’t have consent, this shouldn’t be used in the first place.”

We agree.

Any monitoring app designed to hide itself from the end-user is designed against consent.

The cybersecurity risks

The cybersecurity reputations of several parental monitoring apps are questionable, as the companies behind them have left data—including photos and videos of children—vulnerable to threat actors and hackers.

In 2017, Cisco researchers disclosed multiple vulnerabilities for the network device “Circle with Disney,” a tool meant to monitor a child’s Internet usage. The researchers found that Circle with Disney had vulnerabilities that could have let a hacker “gain various levels of access and privilege, including the ability to alter network traffic, execute arbitrary remote code, inject commands, install unsigned firmware, accept a different certificate than intended, bypass authentication, escalate privileges, reboot the device, install a persistent backdoor, overwrite files, or even completely brick the device.”

In 2018, a UK-based cybersecurity researcher found two unsecured cloud servers operated by TeenSafe. Located on the servers were tens of thousands of accounts details—including parents’ email addresses and children’s Apple ID email addresses, along with their device names, unique identifiers, and plaintext passwords.

ZDNet, which covered the vulnerability, wrote:

“Because the app requires that two-factor authentication is turned off, a malicious actor viewing this data only needs to use the credentials to break into the child’s account to access their personal content data.”

Also in 2018, the parental monitoring company Family Orbit—which offers an app on iOS and Android—left open cloud storage servers that contained an eye-popping 281 gigabytes of sensitive data. The vulnerable servers, identified by an online hacker, contained photographs and videos of children.

These are just the cybersecurity flaws. This is nothing to mention the labyrinthine network of related third parties that could work with parental monitoring apps, receiving collected data and storing it across other, potentially unsecure servers littered across the web.

Steadily, the American public has begun to understand and push back on the many ways in which their data is shared with numerous third parties, often without their express, individualized consent. If it isn’t okay for adults, is it okay for children?

The privacy risks

Parental monitoring apps can give parents a near-omniscient, unfiltered view into their children’s lives, granting them access to text messages, shared photos, web browsing activity, locations visited, and call logs. Without getting consent from a child, these surveillance capabilities represent serious invasions of privacy.

Privacy Rights Clearinghouse’s Roane compared the clandestine use of these apps to a more familiar analogue:

“Would you support breaking into your child’s diary if this was the ’80s?” Roane said. “This is extremely sensitive information.”

Multiple studies have suggested that the relationship between parents and children can be significantly altered depending on the types of surveillance pushed onto them, with the age of a child playing a significant role. As a child grows older—and as their need for privacy ties closely into their autonomy—digital monitoring can potentially hinder their trust in their parents, their self-expression, and their mental health.

A few years ago, UNICEF published a discussion paper that warned of this very problem:

“The tension between parental controls and children’s right to privacy can best be viewed through the lens of children’s evolving capacities. While parental controls may be appropriate for young children who are less able to direct and moderate their behaviour online, such controls are more difficult to justify for adolescents wishing to explore issues like sexuality, politics, and religion.”

The paper also warned that strict parental controls could impair a child’s ability to “seek outside help or advice with problems at home.”

According to the science magazine Nautilus, a one-year study of junior high students in the Netherlands showed that students who were snooped on by their parents reported “more secretive behaviors, and their parents reported knowing less about the child’s activities, friends, and whereabouts, compared to other parents.”

Laurence Steinberg, a professor of psychology at Temple University, told Nautilus that when parents invade their children’s privacy, those children could be more at risk to suffer from depression, anxiety, and withdrawal. She told the outlet:

“There’s a lot of research indicating that kids who grow up with overly intrusive parents are more susceptible to those mental health problems, partly because they undermine the child’s confidence in their abilities to function independently.”

Further, in the 2012 report, “Surveillance Technologies and Children,” the Office of the Privacy Commissioner of Canada suggested that parents who rely on surveillance to keep their children safe risk stunting the maturity of those children.

Tonya Rooney, a researcher in child development and relationships at the Australian Catholic University, said in the report:  

“We need to question whether the technologies may be depriving children of the opportunity to develop confidence and competence in skills that would in turn leave them in a stronger position to assess and manage risks across a broad range of life experiences.” 

Unfortunately, this field of study is relatively new. As the children subject to parental monitoring apps reach adulthood, more can be measured, including whether those children will accept other forms of surveillance—like from domestic partners and governments.

If you’re looking for a pithy takeaway, maybe read Gizmodo’s article about a University of Central Florida study of teen monitoring apps: “Teen Monitoring Apps Don’t Work and Just Make Teens Hate Their Parents, Study Finds.”

Tough, necessary conversations

We understand that telling readers about the never-ending downsides of parental monitoring apps fails to address the likely reality that many parents have engaged in some type of digital monitoring in a safe, healthy, and openly-communicated way.

For those who have found safe passage, well done. For those who have not, the researchers we spoke to all agreed on one priority: If you absolutely insist on using one of these apps, you should discuss it with your children.

“You can openly say [to a child] ‘I am going to start looking at your location because we’re concerned and this is how we’re going to do it,’” said Freed of the IPV tech lab at Cornell. “In terms of the child’s privacy, have a conversation on the concerns and why you’re doing it, what the app you’re putting on their phone will do, what information you’ll know.”

Freed continued:

“Work through it together.”

Freed also suggested that parents could introduce only one type of digital monitoring at a time. For each additional capability—location tracking, social media monitoring, browser activity monitoring—Freed said parents should have a new conversation.

Parents that are curious about a parental monitoring app’s capabilities—including whether that app could violate privacy—should read the description available online through the App Store or the Google Play Store, said Sam Havron, another researcher and PhD student at the IPV tech lab.

“The best thing, or the closest thing, is to look at the developers’ descriptions on the marketplaces, look at the permission levels,” Havron said. He said parents could also download the app and try it out on a separate device before utilizing it on a child’s device.

Ellen Zavian, the parent of a 13-year-old boy and a member of the Tech and Safety Subcommittee for the Montgomery County Council of Parent-Teacher Associations in Maryland, suggested that parents look at the issue differently: Don’t focus so much on device software, focus on the device.

Instead of installing a screen-time-limiting app on a child’s device, or limiting what they see, or what apps they can use, remove the device entirely from the child’s room and don’t let them use it at night when they go to bed, Zavian said. Or maybe don’t let them own a device at all, which Zavian is pledging to do until her son starts eighth grade—a popular movement with parents called Wait Until 8th.

She also suggested only giving a child a Wi-Fi enabled device with no data plan, and then unplugging the home router to stop any Internet activity. Or parents could even prevent a child’s device from connecting to the home Internet, a setup that can be configured on most modern routers.

Zavian pressed on her point, making a comparison to another stressful moment in parenting—letting teenagers drive. She said there’s a difference between monitoring a teenager’s driving through apps and monitoring the teenager’s access to the car itself.

“When my friends were monitoring their kids with where they were driving to, my kids just wouldn’t have keys to the car,” Zavian said. “Why do you want to engage in that fight—you’ve got enough fights when they’re teenagers—where you say ‘I saw you went here,’ or ‘I saw you were speeding here.’”

Zavian suggested that parents remember there are always alternatives to using a parental monitoring app. In fact, those alternatives have existed for far longer, and she learned about them herself when learning to drive.

“Just like we did—you get into a car accident, you’re off the insurance,” Zavian said.

The post Parental monitoring apps: How do they differ from stalkerware? appeared first on Malwarebytes Labs.

Categories: Techie Feeds

Cryptozoic and Warner Bros. Consumer Products Announce Release of DC Deck-Building Game: Rebirth

Cryptozoic - Mon, 07/22/2019 - 13:00

Cryptozoic Entertainment and Warner Bros. Consumer Products, on behalf of DC, today announced the August 1 release of DC Deck-Building Game: Rebirth simultaneously at Gen Con and retailers everywhere. The 1-4 player game is a new evolution of Cryptozoic’s popular DC Deck-Building Game series, breaking fresh ground by adding linked Campaign Scenarios, character progression, and movement between iconic locations.

Categories: Tabletop Gaming Blogs


Subscribe to Furiously Eclectic People aggregator