Feed aggregator

Please enjoy the seventh preview of Sketch Cards from our artists. Rick and Morty Trading Cards Season 2 are coming soon! Links to contact the artists can be found below the images of their work.

 

I've been doing an extensive amount of reading into European mythology this week about the Irish, Celtic & its relation to deep significance into the historical events that shaped Europe. This little tidbit on Wikipedia got me;"The monarchy of England was itself thrown into turmoil during the last phase of the Hundred Years' War to 1453, and the Wars of the Roses (1460–85), and as a result, Needleshttp://www.blogger.com/profile/11243274667834930867noreply@blogger.com0

The fifth block for MooglyCAL2019 is courtesy of KatiDCreations! It includes a number of options to give it a unique look – get all the details below! Disclaimer: This post includes affiliate links; materials provided by Red Heart Yarns, Furls Crochet, and Chetnanigans. Just getting started with the Crochet Along? CLICK HERE for the intro [...]

The post MooglyCAL2019 – Afghan Block #5 appeared first on moogly. Please visit www.mooglyblog.com for this post. If you are viewing this on another site they have scraped the content from my website without permission. Thank you for your support.

0

US cybersecurity and data privacy laws are, to put it lightly, a mess.

Years of piecemeal legislation, Supreme Court decisions, and government surveillance crises, along with repeated corporate failures to protect user data, have created a legal landscape that is, for the American public and American businesses, confusing, complicated, and downright annoying.

Businesses are expected to comply with data privacy laws based on the data’s type. For instance, there’s a law protecting health and medical information, another law protecting information belonging to children, and another law protecting video rental records. (Seriously, there is.) Confusingly, though, some of those laws only apply to certain types of businesses, rather than just certain types of data.

Law enforcement agencies and the intelligence community, on the other hand, are expected to comply with a different framework that sometimes separates data based on “content” and “non-content.” For instance, there’s a law protecting phone call conversations, but another law protects the actual numbers dialed on the keypad.

And even when data appears similar, its protections may differ. GPS location data might, for example, receive a different protection if it is held with a cell phone provider versus whether it was willfully uploaded through an online location “check-in” service or through a fitness app that lets users share jogging routes.

Congress could streamline this disjointed network by passing comprehensive federal data privacy legislation; however, questions remain about regulatory enforcement and whether states’ individual data privacy laws will be either respected or steamrolled in the process.

To better understand the current field, Malwarebytes is launching a limited blog series about data privacy and cybersecurity laws in the United States. We will cover business compliance, sectoral legislation, government surveillance, and upcoming federal legislation.

Below is our first blog in the series. It explores data privacy compliance in the United States today from the perspective of a startup.

A startup’s tale—data privacy laws abound

Every year, countless individuals travel to Silicon Valley to join the 21st century Gold Rush, staking claims not along the coastline, but up and down Sand Hill Road, where striking it rich means bringing in some serious venture capital financing.

But before any fledgling startup can become the next Facebook, Uber, Google, or Airbnb, it must comply with a wide, sometimes-dizzying array of data privacy laws.

Luckily, there are data privacy lawyers to help.

We spoke with D. Reed Freeman Jr., the cybersecurity and privacy practice co-chair at the Washington, D.C.-based law firm Wilmer Cutler Pickering Hale and Dorr about what a hypothetical, data-collecting startup would need to become compliant with current US data privacy laws. What does its roadmap look like?

Our hypothetical startup—let’s call it Spuri.us—is based in San Francisco and focused entirely on a US market. The company developed an app that collects users’ data to improve the app’s performance and, potentially, deliver targeted ads in the future.

This is not an exhaustive list of every data privacy law that a company must consider for data privacy compliance in the US. Instead, it is a snapshot, providing information and answers to potentially some of the most common questions today.

Spuri.us’ online privacy policy

To kick off data privacy compliance on the right foot, Freeman said the startup needs to write and post a clear and truthful privacy policy online, as defined in the 2004 California Online Privacy Protection Act.

The law requires businesses and commercial website operators that collect personally identifiable information to post a clear, easily-accessible privacy policy online. These privacy policies must detail the types of information collected from users, the types of information that may be shared with third parties, the effective date of the privacy policy, and the process—if any—for a user to review and request changes to their collected information.

Privacy policies must also include information about how a company responds to “Do Not Track” requests, which are web browser settings meant to prevent a user from being tracked online. The efficacy of these settings is debated, and Apple recently decommissioned the feature in its Safari browser.

Freeman said companies don’t need to worry about honoring “Do Not Track” requests as much as they should worry about complying with the law.

“It’s okay to say ‘We don’t,’” Freeman said, “but you have to say something.”

The law covers more than what to say in a privacy policy. It also covers how prominently a company must display it. According to the law, privacy policies must be “conspicuously posted” on a website.

More than 10 years ago, Google tried to test that interpretation and later backed down. Following a 2007 New York Times report that revealed that the company’s privacy policy was at least two clicks away from the home page, multiple privacy rights organizations sent a letter to then-CEO Eric Schmidt, urging the company to more proactively comply.

“Google’s reluctance to post a link to its privacy policy on its homepage is alarming,” the letter said, which was signed by the American Civil Liberties Union, Center for Digital Democracy, and Electronic Frontier Foundation. “We urge you to comply with the California Online Privacy Protection Act and the widespread practice for commercial web sites as soon as possible.”

The letter worked. Today, users can click the “Privacy” link on the search giant’s home page.

What About COPPA and HIPAA?

Spuri.us, like any nimble Silicon Valley startup, is ready to pivot. At one point in its growth, it considered becoming a health tracking and fitness app, meaning it would collect users’ heart rates, sleep regimens, water intake, exercise routines, and even their GPS location for selected jogging and cycling routes. Spuri.us also once considered pivoting into mobile gaming, developing an app that isn’t made for children, but could still be downloaded onto children’s devices and played by kids.

Spuri.us’ founder is familiar with at least two federal data privacy laws—the Health Insurance Portability and Accountability Act (HIPAA), which regulates medical information, and the Children’s Online Privacy Protection Act (COPPA), which regulates information belonging to children.

Spuri.us’ founder wants to know: If her company stars collecting health-related information, will it need to comply with HIPAA?

Not so, Freeman said.

“HIPAA, the way it’s laid out, doesn’t cover all medical information,” Freeman said. “That is a common misunderstanding.”

Instead, Freeman said, HIPAA only applies to three types of businesses: health care providers (like doctors, clinics, dentists, and pharmacies), health plans (like health insurance companies and HMOs), and health care clearinghouses (like billing services that process nonstandard health care information).

Without fitting any of those descriptions, Spuri.us doesn’t have to worry about HIPAA compliance.

As for complying with COPPA, Freeman called the law “complicated” and “very hard to comply with.” Attached to a massive omnibus bill at the close of the 1998 legislative session, COPPA is a law that “nobody knew was there until it passed,” Freeman said.

That said, COPPA’s scope is easy to understand.

“Some things are simple,” Freeman said. “You are regulated by Congress and obliged to comply with its byzantine requirements if your website is either directed to children under the age of 13, or you have actual knowledge that you’re collecting information from children under the age of 13.”

That begs the question: What is a website directed to children? According to Freeman, the Federal Trade Commission created a rule that helps answer that question.

“Things like animations on the site, language that looks like it’s geared towards children, a variety of factors that are intuitive are taken into account,” Freeman said.

Other factors include a website’s subject matter, its music, the age of its models, the display of “child-oriented activities,” and the presence of any child celebrities.

Because Spuri.us is not making a child-targeted app, and it does not knowingly collect information from children under the age of 13, it does not have to comply with COPPA.

A quick note on GDPR

No concern about data privacy compliance is complete without bringing up the European Union’s General Data Protection Regulation (GDPR). Passed in 2016 and having taken effect last year, GDPR regulates how companies collect, store, use, and share EU citizens’ personal information online. On the day GDPR took effect, countless Americans received email after email about updated privacy policies, often from companies that were founded in the United States.

Spuri.us’ founder is worried. She might have EU users but she isn’t certain. Do those users force her to become GDPR compliant?

“That’s a common misperception,” Freeman said. He said one section of GDPR explains this topic, which he called “extraterritorial application.” Or, to put it a little more clearly, Freeman said: “If you’re a US company, when does GDPR reach out and grab you?”

GDPR affects companies around the world depending on three factors. First, whether the company is established within the EU, either through employees, offices, or equipment. Second, whether the company directly markets or communicates to EU residents. Third, whether the company monitors the behavior of EU residents.

“Number three is what trips people up,” Freeman said. He said that US websites and apps—including those operated by companies without a physical EU presence—must still comply with GDPR if they specifically track users’ behavior that takes place in the EU.

“If you have an analytics service or network, or pixels on your website, or you drop cookies on EU residents’ machines that tracks their behavior,” that could all count as monitoring the behavior of EU residents, Freeman said.

Because those services are rather common, Freeman said many companies have already found a solution. Rather than dismantling an entire analytics operation, companies can instead capture the IP addresses of users visiting their websites. The companies then perform a reverse geolocation lookup. If the companies find any IP addresses associated with an EU location, they screen out the users behind those addresses to prevent online tracking.

Asked whether this setup has been proven to protect against GDPR regulators, Freeman instead said that these steps showcase an understanding and a concern for the law. That concern, he said, should hold up against scrutiny.

“If you’re a startup and an EU regulator initiates an investigation, and you show you’ve done everything you can to avoid tracking—that you get it, you know the law—my hope would be that most reasonable regulators would not take a Draconian action against you,” Freeman said. “You’ve done the best you can to avoid the thing that is regulated, which is the track.”

A data breach law for every state

Spuri.us has a clearly-posted privacy policy. It knows about HIPAA and COPPA and it has a plan for GDPR. Everything is going well…until it isn’t.

Spuri.us suffers a data breach.

Depending on which data was taken from Spuri.us and who it referred to, the startup will need to comply with the many requirements laid out in California’s data breach notification law. There are rules on when the law is triggered, what counts as a breach, who to notify, and what to tell them.

The law protects Californians’ “personal information,” which it defines as a combination of information. For instance, a first and last name plus a Social Security number count as personal information. So do a first initial and last name plus a driver’s license number, or a first and last name plus any past medical insurance claims, or medical diagnoses. A Californian’s username and associated password also qualify as “personal information,” according to the law.

The law also defines a breach as any “unauthorized acquisition” of personal information data. So, a rogue threat actor accessing a database? Not a breach. That same threat actor downloading the information from the database? Breach.

In California, once a company discovers a data breach, it next has to notify the affected individuals. These notifications must include details on which type of personal information was taken, a description of the breach, contact information for the company, and, if the company was actually the source of the breach, an offer for free identity theft prevention services for at least one year.

The law is particularly strict on these notifications to customers and individuals impacted. There are rules on font size and requirements for which subheadings to include in every notice: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “More Information.”

After Spuri.us sends out its bevy of notices, it could still have a lot more to do.

As of April 2018, every single US state has its own data breach notification law. These laws, which can sometimes overlap, still include important differences, Freeman said.

“Some states require you to notify affected consumers. Some require you to notify the state’s Attorney General,” Freeman said. “Some require you to notify credit bureaus.”

For example, Florida’s law requires that, if more than 1,000 residents are affected, the company must notify all nationwide consumer reporting agencies. Utah’s law, on the other hand, only requires notifications if, after an investigation, the company finds that identity theft or fraud occurred, or likely occurred. And Iowa has one of the few state laws that protects both electronic and paper records.

Of all the data compliance headaches, this one might be the most time-consuming for Spuri.us.

In the meantime, Freeman said, taking a proactive approach—like posting the accurate and truthful privacy policy and being upfront and honest with users about business practices—will put the startup at a clear advantage.

“If they start out knowing those things on the privacy side and just in the USA,” Freeman said, “that’s a great start that puts them ahead of a lot of other startups.”

Stay tuned for our second blog in the series, which will cover the current fight for comprehensive data privacy legislation in the United States.

The post The not-so-definitive guide to cybersecurity and data privacy laws appeared first on Malwarebytes Labs.

Hjalmar’s farewell to Örvar-Oddr after the Battle of Samsø (1866), by Mårten Eskil Winge

Hello friends!

I’m still recovering from the Bridge of the Damned Kickstarter, so we’re going to keep this week’s post short and sweet.

I know some of you have been wondering how to make higher-level starting characters in Torchbearer. This is for you.

This is playtest material. We’ve made lots of characters up to third level and been pretty satisfied with them, but we haven’t tried heroes of even higher level in play. If you use these rules and bring the characters to the table, let me know how they play!

Creating a Higher-Level Character

1. Create a first-level character
2. Spend advancement tests (pass or fail) as per the table to the right:
3. Choose level benefits
   1. Magicians and rangers gain one new spell of the appropriate level per spell slot
4. Reduce Nature to buy the following effects. Each costs 1 Nature:
   
   1. Increase an ability or skill by 1
      
   2. Buy a new Wise
      
   3. Buy a new Trait
      
   4. Increase a Trait by 1
      
   5. Buy a new known spell

source
Two new (old) Omniverse posts from Google+ were released today. Give her movie opening this weekend, Captain Marvel (or Ms. Marvel) gets her due in "This Woman, This Warrior," and just out of February, I examine the birthdays of both Superman and the original Captain Marvel in "Leap Day."

The post 1276 appeared first on Looking For Group.

"THREE times Randolph Carter dreamed of the marvelous city, and three times was he snatched away while still he paused on the high terrace above it. All golden and lovely it blazed in the sunset, with walls, temples, colonnades and arched bridges of veined marble, silver-basined fountains of prismatic spray in broad squares and perfumed gardens, and wide streets marching between delicate Needleshttp://www.blogger.com/profile/11243274667834930867noreply@blogger.com0

It took only a year, but the first official release for the Sentinels of Echo City RPG (Deluxe Edition) is now available.

The Stalwart Age has its roots in many places. Its heart is in 1980s comics and pop culture serials of the early 20th century. It’s got DNA from Flash Gordon and Buck Rodgers. It’s got a touch of Basic D+D, the Marvel Phile from Dragon Magazine, and a smattering of Star Wars. It’s a hybrid of my childhood. This first issue is larger than future issues will be: I needed some room to set up the central story.

Each issue will have an introductory piece (like this one), a short story set in the Stalwart Age featuring the iconic Doc Stalwart and his infamous rogue’s gallery, and some new material for the Sentinels of Echo City Deluxe Edition RPG, providing game stats and rules expansions that tie to the story for that month. And yes, I plan for this to be a monthly release. I love writing about Doc and his world, and I am having a lot of fun fleshing out the history of the world that is outlined on the SoEC (Deluxe Edition) core rules.

Despite the decline in the number of ransomware infections over the last year, there are several ransomware families that are still active. Ransom.Troldesh, aka Shade, is one of them. According to our product telemetry, Shade has experienced a sharp increase in detections from Q4 2018 to Q1 2019.

When we see a swift spike in detections of a malware family, that tells us we’re in the middle of an active, successful campaign. So let’s take a look at this “shady” ransomware to learn how it spreads, what are its symptoms, why it’s dangerous to your business, and how you can protect against it.

Troldesh spiked in February 2019

Infection vector

Troldesh, which has been around since 2014, is typically spread by malspam—specifically malicious email attachments. The attachments are usually zip files presented to the receiver as something he “has to” open quickly. The extracted zip is a Javascript that downloads the malicious payload (aka the ransomware itself). The payload is often hosted on sites with a compromised Content Management System (CMS).

Part of the obfuscated Troldesh Javascript

As the sender in Troldesh emails is commonly spoofed, we can surmise that the threat actors behind this campaign are phishing, hoping to pull the wool over users’ eyes in order to get them to open the attachment.

The origin of Troldesh is believed to be Russian because its ransom notes are written in both Russian and English.

Target systems are running Windows OS. Victims will have to unzip the attachment and double-click the Javascript file to get the infection started.

Ransomware behavior

Once deployed, the ransomware drops a lot of numbered readme#.txt files on the infected computer after the encryption routine is complete, most likely to make sure that the victim will read at least one of them. These text files contain the same message as the ransom note.

Targeted file extensions

Troldesh looks for files with these extensions on fixed, removable, and remote drives:

.1cd, .3ds, .3fr, .3g2, .3gp, .7z, .accda, .accdb, .accdc, .accde, .accdt, .accdw, .adb, .adp, .ai, .ai3, .ai4, .ai5, .ai6, .ai7, .ai8, .anim, .arw, .as, .asa, .asc, .ascx, .asm, .asmx, .asp, .aspx, .asr, .asx, .avi, .avs, .backup, .bak, .bay, .bd, .bin, .bmp, .bz2, .c, .cdr, .cer, .cf, .cfc, .cfm, .cfml, .cfu, .chm, .cin, .class, .clx, .config, .cpp, .cr2, .crt, .crw, .cs, .css, .csv, .cub, .dae, .dat, .db, .dbf, .dbx, .dc3, .dcm, .dcr, .der, .dib, .dic, .dif, .divx, .djvu, .dng, .doc, .docm, .docx, .dot, .dotm, .dotx, .dpx, .dqy, .dsn, .dt, .dtd, .dwg, .dwt, .dx, .dxf, .edml, .efd, .elf, .emf, .emz, .epf, .eps, .epsf, .epsp, .erf, .exr, .f4v, .fido, .flm, .flv, .frm, .fxg, .geo, .gif, .grs, .gz, .h, .hdr, .hpp, .hta, .htc, .htm, .html, .icb, .ics, .iff, .inc, .indd, .ini, .iqy, .j2c, .j2k, .java, .jp2, .jpc, .jpe, .jpeg, , .jpf, .jpg, .jpx, .js, .jsf, .json, .jsp, .kdc, .kmz, .kwm, .lasso, .lbi, .lgf, .lgp, .log, .m1v, .m4a, .m4v, .max, .md, .mda, .mdb, .mde, .mdf, .mdw, .mef, .mft, .mfw, .mht, .mhtml, .mka, .mkidx, .mkv, .mos, .mov, .mp3, .mp4, .mpeg, .mpg, .mpv, .mrw, .msg, .mxl, .myd, .myi, .nef, .nrw, .obj, .odb, .odc, .odm, .odp, .ods, .oft, .one, .onepkg, .onetoc2, .opt, .oqy, .orf, .p12, .p7b, .p7c, .pam, .pbm, .pct, .pcx, .pdd, .pdf, .pdp, .pef, .pem, .pff, .pfm, .pfx, .pgm, .php, .php3, .php4, .php5, .phtml, .pict, .pl, .pls, .pm, .png, .pnm, .pot, .potm, .potx, .ppa, .ppam, .ppm, .pps, .ppsm, .ppt, .pptm, .pptx, .prn, .ps, .psb, .psd, .pst, .ptx, .pub, .pwm, .pxr, .py, .qt, .r3d, .raf, .rar, .raw, .rdf, .rgbe, .rle, .rqy, .rss, .rtf, .rw2, .rwl, .safe, .sct, .sdpx, .shtm, .shtml, .slk, .sln, .sql, .sr2, .srf, .srw, .ssi, .st, .stm, .svg, .svgz, .swf, .tab, .tar, .tbb, .tbi, .tbk, .tdi, .tga, .thmx, .tif, .tiff, .tld, .torrent, .tpl, .txt, .u3d, .udl, .uxdc, .vb, .vbs, .vcs, .vda, .vdr, .vdw, .vdx, .vrp, .vsd, .vss, .vst, .vsw, .vsx, .vtm, .vtml, .vtx, .wb2, .wav, .wbm, .wbmp, .wim, .wmf, .wml, .wmv, .wpd, .wps, .x3f, .xl, .xla, .xlam, .xlk, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xps, .xsd, .xsf, .xsl, .xslt, .xsn, .xtp, .xtp2, .xyze, .xz, and .zip

Encryption

Files are encrypted using AES 256 in CBC mode. For each encrypted file, two random 256-bit AES keys are generated: One is used to encrypt the file’s contents, while the other is used to encrypt the file name. The extensions mentioned above are added after the encryption of the filename.

Protect against Troldesh

Malwarebytes users can block Ransom.Troldesh through several different protection modules, which are able to stop the ransomware from encrypting files in real time.

Real-time protection against the files in our definitions stops the ransomware itself:

Our anti-exploit and anti-ransomware modules block suspicious behavior:

Meanwhile, Malwarebytes’ malicious website protection blocks compromised sites:

Other methods of protection

There are some security measures you can take to avoid getting to the phase where protection has to kick in or files need to be recovered.

• Scan emails with attachments. These suspicious mails should not reach the end user.
• User education. If they do reach the end user, they should be informed not to open attachments of this nature or run executable files in attachments. In addition, if your company has an anti-phishing plan, they should know who to forward the email to in the organization for investigation.
• Blacklisting. Most end users do not need to be able to run scripts. In those cases, you can blacklist wscript.exe.
• Update software and systems. Updating software can plug up vulnerabilities and keep known exploits at bay.
• Back up files. Reliable and easy-to-deploy backups can shorten the recovery time.

Remediation

If you should get to the point where remediation is necessary, these are the steps to follow:

• Perform a full system scan. Malwarebytes can detect and remove Ransom.Troldesh without further user interaction.
• Recover files. Removing Troldesh does not decrypt your files. You can only get your files back from backups you made before the infection happened or by performing a roll-back operation.
• Get rid of the culprit. Delete the email that was the root cause.

Decryption

Even though AES 256 is a strong encryption algorithm, there are free decryption tools available for some of the Troldesh variants. You can find out more about these decryption tools at NoMoreRansom.org (look under “Shade” in the alphabetical list).

Victims of Troldesh are provided with a unique code, an email address, and a URL to an onion address. They are asked to contact the email address mentioning their code or go to the onion site for further instructions. It is not recommended to pay the ransom authors, as you will be financing their next wave of attacks.

What sets Troldesh apart from other ransomware variants is the huge number of readme#.txt files with the ransom note dropped on the affected system, and the contact by email with the threat actor. Otherwise, it employs a classic attack vector that relies heavily on tricking uninformed victims. Nevertheless, it has been quite successful in the past, and in its current wave of attacks. The free decryptors that are available only work on a few of the older variants, so victims will likely have to rely on backups or roll-back features.

IOCs

Ransom.Troldesh has used the following extensions for encrypted files:

.xtbl
.ytbl
.cbtl
.no_more_ransom
.better_call_saul
.breaking_bad
.heisenberg
.da_vinci_code
.magic_software_syndicate
.windows10
.crypted000007
.crypted000078

Contacts: Novikov.Vavila@gmail.com Selenadymond@gmail.com RobertaMacDonald1994@gmail.com IPs TCP 154.35.32.5 443 outgoing Bitcoin: 1Q1FJJyFdLwPt5yyZAQ8kfxfeWq8eoD25E Domain : cryptsen7fo43rr6.onion

The post Spotlight on Troldesh ransomware, aka ‘Shade’ appeared first on Malwarebytes Labs.

Red Heart Croquette is a yarn unlike any other! So let’s get up close and personal with this new yarn in this month’s Moogly Yarn Love yarn review – and get some free patterns to make with it! Disclaimer: This post was sponsored by Red Heart Yarn, but all opinions are my own. This post includes [...]

The post Yarn Love: Red Heart Croquette appeared first on moogly. Please visit www.mooglyblog.com for this post. If you are viewing this on another site they have scraped the content from my website without permission. Thank you for your support.

0

Cryptozoic Entertainment today announced that it will sell products in all categories and offer several exclusives at Emerald City Comic Con, March 14-17 at the Washington State Convention Center in Seattle. At Booth #1233, Cryptozoic will feature Treasure Kraken, an ECCC-exclusive variant of a vinyl figure from the popular CryptkinsTM line. In addition, it will sell Classic Mera, a Cryptozoic-exclusive limited variant of the DC Bombshells: Series 3 figure. Cryptozoic will also offer Outlander Trading Cards: Convention-Exclusive Graded Cards and ECC-exclusive Rick and Morty Trading Cards Season 2: Metallic Cards. 

Classic Star Wars
From 1981-84, the Star Wars newspaper comic strip was written by Archie Goodwin and drawn by Al Williamson. I am a big fan of Williamson particularly with sci-fi, and these stories, while hardly standouts, are serviceable, and will make you nostalgic for the days before Star Wars became a genre unto itself with an immense backstory.

Peter Cannon: Thunderbolt #1
You know, of course, that Alan Moore had at one point pitched the idea of that would become Watchmen using the characters DC had acquire from Charlton Comics. One of those was Peter Cannon aka Thunderbolt, who was the initial inspiration for Ozymandias. Morrison used the Charlton characters in a way that referenced Watchmen in Multiversity, by DC had lost the rights to Peter Cannon by that time.  Enter Dynamite and Kieron Gillen, who (mild spoilers) pits one version of Peter Cannon against another, with the fate of the world at stake.

Martian Manhunter #3
I keep telling you this is good.

conversation hearts :: king cole zig zag :: pinks
winter’s day charade :: coopknits socks yeah! :: danburite 
spring stripes vanilla latte :: must stash yarns :: theory 
Well guys, I’m officially hitting the reset button on this year since it feels like hibernation season is almost over. It’s been a rather tough winter healthwise but we are all finally on the mend. Even my laptop got sick. But today the sun is shining brightly and I finally figured out how to blog from my phone using a new to me app for blogger so now I can share all of the winter woolens completed so far.

Of course there are plenty of socks! January’s pair was inspired by the cold winter walks that were taken when we couldn’t stand to be inside all day long. After knitting with greys and blues, the next pair was a wish for Spring. Nothing makes me happier than fun colorful stripes combined with speckles. February’s was Valentines Day themed.

It’s funny how seasonal my sock knitting is. I love choosing yarns and patterns that celebrate the different holidays that are sprinkled throughout the year. So with that in mind, I decided to start a holiday sox box. The goal is to have fun knitting socks for all of my favorite holidays throughout the year with the bonus of having finished socks to wear next year when those holidays roll around again. Feel free to join in :)

I hope that you are all staying healthy and having fun with your knitting & crafting!

How about a round of freebies? It’s your clicks that tell us the top projects for each Hookin On Hump Day – and this round, they all just so happen to be free! Even better, we’ve got a bit of variety, so read on to get all the fab links – and then add your [...]

The post Hookin On Hump Day #186: A Yarny Link Party! appeared first on moogly. Please visit www.mooglyblog.com for this post. If you are viewing this on another site they have scraped the content from my website without permission. Thank you for your support.

0

Blue Eagle Armed Transport Star Ship  Blue Eagle Class Pirate Transport  Number Appearing :1-3  Hull Type : FR (19 structure points, Piloting skill -9%)  Armor: Reactive (46)  Reactor: Expanded Drive Class: A Maneuvering  thrusters: none Jump Drive: Yes  Sensors: military  Jamming systems: -30%  Armaments:3 heavy recoilless  cannons in automated units  Ammo: Enough to Needleshttp://www.blogger.com/profile/11243274667834930867noreply@blogger.com0

The original work is found Here Among the very undercurrent of the dreamstream is a place where no sane person ventures. A little piece of the human unconsciousness that rolls under a forbidden moon & has never seen the light of a proper sun. The winds howl like banshees & the periods of light & darkness are followed by the horrors of now. The very landscape rolls & changes according toNeedleshttp://www.blogger.com/profile/11243274667834930867noreply@blogger.com0

March is National Crochet Month, and at Furls, that means fantastic deals all month long – and giveaways too! Read on for details! Disclaimer: This post was sponsored by Furls but all opinions are my own; this post includes affiliate links. Furls hooks are like no other – ergonomic and beautiful, they have a variety [...]

The post Celebrate NatCroMo 2019 with Furls! appeared first on moogly. Please visit www.mooglyblog.com for this post. If you are viewing this on another site they have scraped the content from my website without permission. Thank you for your support.

1

Before Cambridge Analytica made Facebook an unwilling accomplice to a scandal by appropriating and misusing more than 50 million users’ data, the public was already living in relative unease over the privacy of their information online.

The Cambridge Analytica incident, along with other, seemingly day-to-day headlines about data breaches pouring private information into criminal hands, has eroded public trust in corporations’ ability to protect data, as well as their willingness to use the data in ethically responsible ways. In fact, the potential for data interception, gathering, collation, storage, and sharing is increasing exponentially in all private, public, and commercial sectors.

Concerns of data loss or abuse have played a significant role in the US presidential election results, the legal and ethical drama surrounding Wikileaks, Brexit, and the implementation of the European Union’s General Data Privacy Regulations. But how does the potential for the misuse of private data affect the average user in Vancouver, British Colombia; Fresno, California; or Lisbon, Portugal?

To that end, The Malwarebytes Labs team conducted a survey from January 14 to February 15, 2019 to inquire about the data privacy concerns of nearly 4,000 Internet users in 66 countries, including respondents from: Australia, Belgium, Brazil, Canada, France, Germany, Hong Kong, India, Iran, Ireland, Japan, Kenya, Latvia, Malaysia, Mexico, New Zealand, the Philippines, Saudi Arabia, South Africa, Taiwan, Turkey, the United Kingdom, the United States, and Venezuela.

The survey, which was conducted via SurveyMonkey, focused on the following key areas:

• Feelings on the importance of online privacy
• Rating trust of social media and search engines with data online
• Cybersecurity best practices followed and ignored (a list of options was provided)
• Level of confidence in sharing personal data online
• Types of data respondents are most comfortable sharing online (if at all)
• Level of consciousness of data privacy at home vs. the workplace

____________________________________________________________________________________________________________________________

For a high-level look at our analysis of the survey results, including an exploration of why there is a disconnect between users’ emotions and their behaviors, as well as which privacy tools Malwarebytes recommends for those who wish to do more to protect their privacy, download our report:

The Blinding Effect of Security Hubris on Data Privacy

____________________________________________________________________________________________________________________________

For this blog, we explored commonalities and differences among Baby Boomers (ages 56+), Gen Xers (ages 36 – 55), Millennials (ages 18 – 35), and Gen Zeds, or the Centennials (ages 17 and under) concerning feelings about privacy, level of confidence sharing information online, trust of social media and search engines with data, and which privacy best practices they follow.

Lastly, we delved into the regional data compiled from respondents in Europe, the Middle East, and Africa (EMEA) and compared it against North America (NA) to examine whether US users share common ground on privacy with other regions of the world.

Privacy is complicated

If 10 years ago, someone had asked you to carry an instrument that could: listen into your conversations, broadcast your exact location to marketers, and allow you be tracked as you moved between the grocery aisles (and how long you lingered in front of the Cap’n Crunch cereal), most would have declined, suggesting it was a crazy joke. Of course, that was before the advent of smartphones that can do all that and more, today.

Many regard the public disclosure of surreptitious information-gathering programs conducted by the National Security Agency (NSA) here in the US as a watershed moment in the debate over government surveillance and privacy. Despite the outcry, experts noted that the disclosures hardly made a dent in US laws about how the government may monitor citizens (and non-citizens) legally.

Tech companies in Silicon Valley were equally affected (or unaffected, depending on how you look at it) by Edward Snowden’s actions. Yet, over time, they have felt the effects of people’s change in behaviors and actions toward their services. In the face of increasing pressure from criminal actions and public perception in key demographics, companies like Google, Apple, and Facebook have taken steps to beef up the encryption of and better secure user data. But is this enough to make people trust them again?

Challenge: Put your money where your mouth is

In reality, particularly in commerce, we may have reservations about allowing companies to collect from us, especially because we have little influence on how they use it, but that doesn’t stop us from doing so. The care for the protection of our own data, and that of others, may well be nonexistent—signed away in an End-User Licensing Agreement (EULA) buried 18 pages deep.

Case in point: Students of the Massachusetts Institute of Technology (MIT) conducted a study in 2017 and revealed that, among other findings, there is a paradox between how people feel about privacy and their willingness to easily give away data, especially when enticed with rewards (in this case, free pizza).

Indeed, we have a complicated relationship with our data and online privacy. One minute, we’re declaring on Twitter how the system has failed us and the next, we’re taking a big bite of a warm slice of BBQ chicken pizza after giving away your best friend’s email address.

This begs the question: Is getting something in exchange for data a square deal? More specifically, should we have to give something away to use free services? Has a scam just taken place? But more to the point: Do people really, really care about privacy? If they do, why, and to what extent?

In search of answers

Before we conducted our survey, we had theories of our own, and these were colored by many previous articles on the topic. We assumed, for example, that Millennials and Gen Zeds, having grown up with the Internet already in place, would be much less concerned about their privacy than Baby Boomers, who spent a few decades on the planet before ever having created an online account. Rather than further a bias, we started from scratch—we wanted to see for ourselves how people of different generations truly felt about privacy.

Privacy by generations: an overview

This section outlines the survey’s overall findings across generations and regions. A breakdown of each generation’s privacy profile follows, including some correlations from studies that tackled similar topics in the past.

• An overwhelming majority of respondents (96 percent) feel that online privacy is crucial. And their actions speak for themselves: 97 percent say they take steps to protect their online data, whether they are on a computer or mobile device.
• Among seven options provided, below are the top four cybersecurity and privacy practices they follow:
  • “I refrain from sharing sensitive personal data on social media.” (94 percent)
  • “I use security software.” (93 percent)
  • “I run software updates regularly.” (90 percent)
  • “I verify the websites I visit are secured before making purchases.” (86 percent)
• Among seven options provided, below are the top four cybersecurity faux pas they admitted to:
  • “I skim through or do not read End User License Agreements or other consent forms.” (66 percent)
  • “I use the same password across multiple platforms.” (29 percent)
  • “I don’t know which permissions my apps have access to on my mobile device.” (26 percent)
  • “I don’t verify the security of websites before making a purchase. (e.g. I don’t look for “https” or the green padlock on sites.)” (10 percent)

This shows that while respondents feel the need to take care of their privacy or data online, we can deduce that they can only consistently protect it at least most of the time and not all the time.

• There is a near equal percentage of people who trust (39 percent) and distrust (34 percent) search engines across all generations.
• Across the board, there is a universal distrust of social media (95 percent). We can then safely assume that respondents are more likely to trust search engines to protect their data than social media.
• When asked to agree or disagree with the statement, “I feel confident about sharing my personal data online,” 87 percent of respondents disagree or strongly disagree.
• On the other hand, confident data sharers—or those who give away information to use a service they need—would most likely share their contact info (26 percent), such as name, address, phone number, and email address; card details when shopping online (26 percent); and banking details (16 percent).
• A small portion (2 percent) of highly confident sharers are also willing to share (or already have shared) their Social Security Number (SSN) and health-related data.
• In practice, however, 59 percent of respondents said they don’t share any of the sensitive data we listed online.
• When asked to rate the statement, “I am more conscious of data privacy when at work than I am at home,” a large share (84 percent) said “false.”

Breaking it down

There are many events that happened within this decade that have shaped the way Internet users across generations perceive privacy and how they act on that perception. The astounding number of breaches that have taken place since 2017 and the billions of data stolen, leaked, and bartered on the digital underground market—not to mention the seemingly endless number of opportunities for governments, institutions, and individuals to spy and harvest data on people—can either drive Internet users with a modicum of interest in preserving privacy to (1) live off the grid or (2) completely change their perception of data privacy. The former is unlikely to happen for the majority of users. The latter, however, is already taking place. In fact, not only have perceptions changed but so has behavior, in some cases, almost instantly.

We profiled each age group in light of past and present privacy-related events and how these have changed their perceptions, feeling, and online practices. Here are some of the important findings that emerged from our survey.

Centennials are no noobs when it comes to privacy.*

It’s important to note that while many users who are 18 years old and under (83 percent) admit that privacy is important to them, even more (87 percent) are taking steps to ensure that their data is secure online. Ninety percent of them do this by making sure that the websites they visit are secure before making online purchases. They also refrain from sharing sensitive PII on social media (86 percent) and use security software (86 percent).

Jerome Boursier, security researcher and co-founder of AdwCleaner, is also a privacy advocate. He disagrees with Gen Zeds’ claims that they don’t disclose their personally identifiable information (PII) on social media. “I think most people in the survey would define PII differently. People—especially the younger ones—tend to have a blurry definition of it and don’t consider certain information as personally identifiable the same way older generations do.”

Other notable practices Gen Z admit to partaking in are borrowed from the Cybersecurity 101 handbook, such as using complicated passwords and tools like a VPN on their mobile devices, while others go above-and-beyond normal practices, such as checking the maliciousness of a file they downloaded using Virus Total and modifying files to prevent telemetry logging or reporting—something Microsoft has been doing since the release of Windows 7.

They are also the generation that is the most unlikely to update their software.

Contrary to public belief, Millennials do care about their privacy.

This bears repeating: Millennials do care about their privacy.

An overwhelming majority (93 percent) of Millennials admitted to caring about their privacy. On the other hand, a small portion of this age group, while disclosing that they aren’t that bothered about their privacy, also admit that they still take steps to keep their online data safe.

One reason we can cite why Millennials may care about their privacy is that they want to manage their online reputations, and they are the most active at it, according to the Pew Research Center. In the report “Reputation Management and Social Media,” researchers found that Millennials take steps to limit the amount of PII online, are well-versed at personalizing their social media privacy settings, delete unwanted comments about them on their profiles, and un-tag themselves from photos they were tagged in by someone else. Given that a lot of employers are Google-ing their prospective employees (and Millennials know this), they take a proactive role in putting their best foot forward online.

Like Centennials, Millennials also use VPNs and Tor to protect their anonymity and privacy. In addition, they regularly conduct security checks on their devices and account activity logs, use two-factor authentication (2FA), and do their best to get on top of news, trends, and laws related to privacy and tech. A number of Millennials also admit to not having a social media presence.

While a large share (92 percent) of Millennials polled distrust social media with their data (and 64 percent of them feel the same way about search engines), they continue to use Google, Facebook, and other social media and search platforms. Several Millennials also admit that they can’t seem to stop themselves from clicking links.

Lastly, only a little over half of the respondents (59 percent) are as conscious of their data privacy at home as they are at work. This means that there is a sizable chunk of Millennials who are only conscious of their privacy at work but not so much at home.

Gen Xers feel and behave online almost the same way as Baby Boomers.

Gen Xers are the youngest of the older generations, but their habits better resemble their elder counterparts than their younger compatriots. Call it coincidence or bad luck—depending on your predisposition—or even “wisdom in action.” Either way, being likened to Baby Boomers is a compliment when it comes to privacy and security best practices.

Respondents in this age group have the highest number of people who are privacy-conscious (97 percent), and they are no doubt deliberate (98 percent) in their attempts to secure and take control of their data. Abstaining from posting personal information on social media ranks high in their list of “dos” at 93 percent. Apart from using security software and regularly updating all programs they use, they also do their best to opt out of everything they can, use strong passwords and 2FA, install blocker apps on browsers, and surf the web anonymously.

On the flip side, they’re second only to Millennials for The Generation Good at Avoiding Reading EULAs (71 percent). Gen Xers also bagged The Least Number of People in a Generation to Reuse Passwords (24 percent) award.

When it comes to a search engine’s ability to secure their data, over half of Gen Xers (65 percent) distrust them, while nearly a quarter (24 percent) chose to be neutral in their stance

Baby Boomers know more about protecting privacy online than other generations, and they act upon that knowledge.

Our findings of Baby Boomers have challenged the longstanding notion that they are the most clueless bunch when it comes to cybersecurity and privacy.

Of course, this isn’t to say that there are no naïve users in this generation—all generations have them—but our survey results profoundly contrast what most of us accepted as truth about what Boomers feel about privacy and how they behave when online. They’re actually smarter and more prudent than we care to give them credit for.

Baby Boomers came out as the most distrustful generation (97 percent) of social media when it comes to protecting their data. Because of this, those who have a social media presence hardly disclose (94 percent) any personal information when active.

In contrast, only a little over half (57 percent) of Boomers trust search engines, making them the most trustful among other groups. This means that it is highly likely for a Baby Boomer to trust search engines with their data over social media.

Boomers are also the least confident (89 percent) generation in terms of sharing personal data online. This correlates to a nationwide study commissioned by Hide My Ass! (HMA), a popular VPN service provider, about Baby Boomers and their different approach to online privacy. According to their research, Boomers are likely to respond “I only allow trusted people to see anything I post & employ a lot of privacy restrictions.”

Lastly, they’re also the most consistent in terms of guarding their data privacy both at home and at work (88 percent).

“I am immediately surprised that Baby Boomers are the most conscious about data privacy at work and at home. Anecdotally, I guess it makes sense, at least in work environments,” says David Ruiz, Content Writer for Malwarebytes Labs and a former surveillance activist for the Electronic Frontier Foundation (EFF). He further recalls: “I used to be a legal affairs reporter and 65-and-up lawyers routinely told me about their employers’ constant data security and privacy practices (daily, changing Wi-Fi passwords, secure portals for accessing documents, no support of multiple devices to access those secure portals).”

Privacy by region: an overview of EMEA and NA

A clear majority of survey respondents within the EMEA region are mostly from countries in Europe. One would think that Europeans are more versed in online privacy practices, given they are particularly known for taking privacy and data protection seriously compared to those in North America (NA). Although being well-versed can be seen in certain age groups in EMEA, our data shows that the privacy-savviness of those in NA are not that far off. In fact, certain age groups in NA match or even trump the numbers in EMEA.

Comparing and contrasting user perception and practice in EMEA and NA

There is no denying that those polled in EMEA and NA care about privacy and take steps to secure themselves, too. Most of them refrain from disclosing any information they deemed as sensitive in social media (an average of 89 percent of EMEA users versus 95 percent of NA users), verify websites where they plan to make purchases are secure (an average of 90 percent of EMEA users versus 91 percent of NA users), and use security software (an average of 89 percent of EMEA users versus 94 percent of NA users).

However, like what we’ve seen in the generational profiles, they also recognize the weaknesses that dampen their efforts. All respondents are prone to skimming through or completely avoiding reading the EULA (an average of 77 percent of EMEA users versus 71 percent of NA users). This is the most prominent problem across generations, followed by reusing passwords (an average of 26 percent of EMEA users versus 38 percent of NA users) and not knowing which permissions their apps have access to on their mobile devices (an average of 19 percent of EMEA users versus 17 percent of NA users).

As you can see, there are more users in NA that are embracing these top online privacy practices than those in EMEA.

All respondents from EMEA and NA are significantly distrustful of social media—92 and 88 percent, respectively—when it comes to protecting their data. For those who are willing to disclose their data online, they usually share their credit card details (26 percent), contact info (26 percent), and banking details (16 percent). Essentially, the most common pieces of information you normally give out when you do online banking and purchasing.

Millennials in both EMEA and NA (61 percent) feel the least conscious about their data privacy at work vs. at home. On the other hand, Baby Boomers (85 percent) in both regions feel the most conscious about their privacy in said settings.

It’s also interesting to note that Baby Boomers in both regions appear to share a similar profile.

Privacy in EMEA and NA: notable trends

When it comes to knowing which permissions apps have access to on mobile devices, Gen Zeds in EMEA (90 percent) are the most aware compared to Gen Zeds in NA (63 percent). In fact, Gen Zeds and Millennials (73 percent) are the only generations in EMEA that are conscious of app permissions. Not only that, they’re the less likely group to reuse passwords (at 20 and 24 percent, respectively) across generations in both regions. Although Gen Xers in EMEA have the highest rate of users (31 percent) who recycle passwords.

It also appears that the average percentage of older respondents—the Gen Xers (31 percent) and Baby Boomers (37 percent)—in both regions are more likely to read EULAs or take the time to do so than the average percentage of Gen Zeds and Millennials (both at 18 percent).

Gen Zeds in NA are the most distrustful generation of search engines (75 percent) and social media (100 percent) when it comes to protecting their data. They’re also the most uncomfortable (100 percent) when it comes to sharing personal data online.

Among the Baby Boomers, those in NA are the most conscious (85 percent) when it comes to data privacy at work. However, Baby Boomers in EMEA are not far off (84 percent).

With privacy comes universal reformation, for the betterment of all

The results of our survey have merely provided a snapshot of how generations and certain regions perceive privacy and what steps they take (and don’t take) to control what information is made available online. Many might be surprised by these findings while others may correlate them with other studies in the past. However you take it, one thing is clear: Online privacy has become as important an issue as cybersecurity, and people are beginning to take notice.

With this current privacy climate, it is not enough for Internet users to do the heavy lifting. Regulators play a part, and businesses should act quickly to guarantee that the data they collect from users is only what is reasonably needed to keep services going. In addition, they should secure the data they handle and store, and ensure that users are informed of changes to which data they collect and how they are used. We believe that this demand from businesses will continue at least for the next three years, and any plans or reforms that elevate the importance of online privacy of user data will serve as cornerstones to future transformations.

At this point in time, there is no real way to have complete privacy and anonymity when online. It’s a pipe dream in the current climate. Perhaps the best we can hope for is a society where businesses of all sizes recognize that the user data they collect has a real impact on their customers, and to respect and secure that data. Users should not be treated as a collection of entries with names, addresses, and contact numbers in a huge database. Customers are customers once again, who are always on the lookout for products and services to meet their needs.

The privacy advocate mantle would then be taken upon by Centennials and “Alphas” (or iGeneration), the first age group entirely born within the 21st century and considered the most technologically infused of us all. For those who wish to conduct future studies on privacy like this, it would be really, really interesting to see how Alphas and Centennials would react to a free box of pizza in exchange for their mother’s maiden name.

[*] The Malwarebytes Labs was only able to poll a total of 31 respondents in Gen Zed. This isn’t enough to create an accurate profile of this age group. However, this author believes that what we were able to gather is enough to give an informed assessment of this age group’s feelings and practices.

The post Labs survey finds privacy concerns, distrust of social media rampant with all age groups appeared first on Malwarebytes Labs.

Dungeons & Dragons started as a game about treasure hunting. The rules awarded as much of 80% of total experience points for finding gold, so no one missed the point. Co-creator Gary Gygax knew a thirst for gold resonated with players. “If you, the real you, were an adventurer, what would motivate you more than the lure of riches?” (See The Fun and Realism of Unrealistically Awarding Experience Points for Gold.)

D&D no longer awards experience points for gold, but for all the game’s storytelling and heroics, treasure hunting remains the game’s core motivation.

Treasure drives characters to take risks. Safe characters leave the sarcophagus alone and the chest unopened. Safe choices make D&D boring. A treasure hunter risks undead and traps for a chance at riches, which makes the game fun. But players who take risks for no chance of gold feel like chumps, and feeling like a chump isn’t fun.

In D&D, parties of characters join together in a group venture. Players can come up with endless characters, but for the game to work, they must invent characters able to cooperate to reach a shared goal. That’s the magic of treasure hunting. Whether characters aim to feed the orphans or to swim in coins like Scrooge McDuck, they can all quest for gold. (See A Role-Playing Game Player’s Obligation.)

Treasure hunting resonates. When our characters strike it rich, we all feel a vicarious thrill.

In a global campaign like the D&D Adventurers League, treasure becomes a vital, universal aim. In a home game, the players can agree to create characters who only dream of defending the trees. But in a game where players join strangers in an undertaking set by whatever adventure the dungeon master prepared, treasure hunting gives everyone a goal we can share.

For the D&D Adventurers League’s eighth season, the campaign’s new rules stop characters from keeping the gold and magic they find in an adventure. Instead, for each hour of play, characters gain a treasure point spendable on magic items. When characters level, they get an allowance of gold. (See My Dungeons & Dragons Adventurers League Quick Reference Sheet for a compact introduction to the new rules.) When I counted four ways the new rules reshape the campaign, I felt optimistic about the changes. I knew the bar on keeping treasure defied D&D’s original nature, but perhaps the game had outgrown base motivations. Players could still roleplay a hunger for gold. Now, after seeing the rules for six months of play, I’m ready to rate the revised campaign.

The new rules reached their goals of opening adventures to more styles of play and reducing the exploits players used to claim the best magic items. (See The Adventurers League Campaign Rules Offered a Game. How Gamers Played to Win..) However, one change in particular hurt the league.

Preventing characters from keeping the gold they find damages D&D’s foundation.

Ironically, the new rules arrived with two hardcover adventures that showcase D&D’s classic aim of treasure hunting. In Waterdeep: Dragon Heist, the characters race to claim a hoard of 500,000 gp—except league characters can’t keep any of it. In Waterdeep: Dungeon of the Mad Mage, characters risk the perils of a massive dungeon for riches, which league characters can’t keep. The safe play sees characters working to monetize Trollskull Manor. Why brave dungeons when you can reach franchise agreements? “Our group isn’t so much an adventuring party as an adventuring sub-committee.”

Because my players left home to play D&D, their characters ventured into Undermountain. But they kept asking why, and a little enthusiasm died. Players who take risks for no chance of gold feel like chumps, and feeling like a chump isn’t fun.

Season eight’s gold allowances brought one positive change: Characters gain far less gold than they used to. For the league’s first seven seasons, players gained tons of gold, but found nowhere to spend it—except on healing potions. Before season 8, characters had access to effectively unlimited healing potions. (See D&D’s Designers Can’t Decide Whether Characters Must Rest for Hit Points and Healing, but You Can Choose.) Also before season 8, the cost of magic such as Heroes Feast and Simulacrum hardly dented the wealth of characters able to cast the spells. If a tier 3 party brought a cleric, they routinely ignored fear and poison and laughed at yuan-ti and green dragons. If they brought a level-13 wizard, they gained a spare and the pair won D&D for everyone. Before, gold served as a motivation that players roleplayed. Now, gold becomes a motivation they value for spells, healing, and armor. The smaller gold supply forces players into spending choices, and choices make games fun.

A simple fix could solve the trouble. Make gold a reward that characters keep, and then write adventures that award less gold. The league could gain the benefits of limited wealth, without ripping the treasure hunting from the heart of D&D.

Of course, such a change leaves years of league and hardcover adventures that award way too much gold.

Prolific league DM Tom Christy created a set of Adventurers League Recommendations that offers a solution: Limit the gold awards to a set amount per advancement checkpoint earned. Alternately, the league’s content catalog could list updated treasure amounts for each hoard awarded in an adventure. The league administrators could avoid this job by giving volunteers a budget based on each adventure’s expected play time, and letting them crunch the numbers. The hardcovers lack play times, but the league boasts many members who recorded the times they spend playing each chapter in character logs. Surely someone could collect the data.

As much as players seem to dislike the level-based gold allowances, they favor using treasure checkpoints to buy unlocked magic items. To players, finding and unlocking a useful magic item feels rewarding, especially now that another player can’t snatch the item away for “trade bait.” Plus, the system frees adventure designers from having to stock most scenarios with bland items like +1 weapons just so every character can find usable items.

Still, the treasure-point system would benefit from a couple of tweaks:

• Unlock superior items in adventures, while limiting the evergreen and seasonal unlock items to broadly-useful but less extraordinary items. At Winter Fantasy, players joked about all the adventures that unlocked drift globes and rings of warmth—great for cozy nights scribing franchise agreements. Some epic adventures failed to unlock anything at all. Remember when epics promised special rewards? Meanwhile, even for level-appropriate characters who play safe, the season unlocks some of the game’s most powerful items. Who cares what an adventure brings when anyone can claim a cloak of invisibility or staff of the magi?

• When characters unlock magic items during the course of an adventure, let them borrow treasure points to claim the item immediately. No one enjoys waiting to play with new toys. The need to bank treasure points particularly frustrates new and lapsed players returning to D&D. New players find a toy they can’t use because of legalese that makes no sense in the game world. Returning players just think D&D no longer resembles the game they used to love. (Credit Tom Christy’s proposals for this idea too.)

For almost 50 years, the vicarious joy of finding treasure brought players to D&D. To thrive, the Adventurers League must recapture some of that thrill.