Each year, I test hundreds of new and different items that compete to find a place in my everyday carry kit (EDC). To be clear, my EDC is build for the urban environment and not wilderness survival. 

4 years ago, I tested and fell in love with the Glo-toob lights and it has been part of my kit ever since. I just realized I have never written about it an wanted to share it with you. 

Why not use a cheap glow stick?

Anyone that is building a serious EDC kit knows that you need redundancy. My main everyday carry (EDC) flashlight is the OLight S15R baton with a rechargeable battery. My secondary flashlight is the Ti3 by thrunite (which uses easy to find AAA batteries). there are times when you need a glow stick type of light and for those times, I rely on the Glo-Toob.

Why not use a cheap $5 glow stick? The typical (even high quality) glow stick or Chemical light stick is first and foremost not environmentally friendly (it is disposable and an environmental pollutant). Anyone that has carried them knows that they leak (which also means it won't work when you need it). Plus once you activate it, that's it.

Most of the time, I need it for 5 minutes, 60 minutes or even 180 minutes but that's it. With a chemical glow stick, once you activate it, it's end of life. 

Why I chose the Glo-Toob

I knew I wanted something else as my everyday carry glow stick alternative, but it took several tries until I found the Glo-toob.

First thing you notice is the solid construction (it can withstand the rigors of constant travel and being bumped in a pocket, bag or briefcase). It's waterproof to 200 feet (60 meters). I have taken it night scuba diving to 135ft and have never had issues but it's most common use is in rain or snow and it has worked flawlessly.

It is a small rounded cylinder which means it is small enough for everyday carry. This is something you overlook until you start carrying it all the time. Small and light are critical and the Glo-toob is 10/10 on both points (weights 34g with the battery).

It can be powered with different types of batteries (depending on the model) but I chose the AAA powered one (Original GT-AAA). As I travel and carry this with me, I need to know that I can buy the required power source for my gadgets easily and AAA batteries are available in every street corner anywhere in the world.

The last point was that it had to provide a 360 degree stream of light (similar to a glow stick), which it does. 

Using it

I own 2 GT-AAAs: one with a white LED and one red a one. It has 3 modes (you activate by twisting the cap on and off) high intensity (100%), low intensity (25%) and rapid strobe. Other models offer up to 11 modes and I saw a Chinese competitor with 21 modes but... and the but here is that simple is better. If I need to use this in an emergency, I don't want to fiddle with my EDC gear. By having only 3 modes, choosing the right one is simple.

In low power mode, it is a great long lasting marker light that you can strap on a dog collar or backpack. In high powered mode, it is a great emergency light (during a power outage) or a light you can give the kids without worrying about it breaking.

I have used it while camping to mark our campsite. I have used it when I had to stop on the side of a busy highway at night as a safety beacon. I have used it as a market when canoeing at night. I have used it during power outages and once when  I was stuck in a stopped elevator.

I have used it in high powered mode for about 6-7 hours (with a single AAA battery).

Negative comments

When working on a review, I scour the internet looking for comments (positive or negative) from other users. In this case, I saw a handful of comments touching similar points and I wanted to address these ones:

• disappointed by the amount of light : this is not a flashlight replacement. If you buy it thinking it is you will obviously be disappointed. This is a replacement for a chemical glow stick.
• leaked during a dive : With over 85 dives under my belt, I can tell you that I have lived through all kinds of equipment failure at depth. That's one of the reasons everything is done in twos. You never dive alone, you have 2 regulators, etc. Anytime you are in a remote location (whether on land or in the water), you need backups for all your primary systems. Failures happen either because the gear is defective, improperly maintained or improperly used. 
• worked only a couple of times : I have 2 of these lights and other friends have bought them after testing my units. My units have been in my EDC kit for 4 years now and even after diving, camping and being abused in torrential rain and deep snow, they perform flawlessly. Of the 10 or so units owned by friends and acquaintances, none have failed. It's important to realize that any electronic product can fail and buying it from a reputable reseller (like Amazon) means you have someone to contact if you do need a warranty replacement. 

The Chinese knockoffs

Search AliExpress.com for Glo-toob, EDC warning light or a combination of these types of keywords and you will find hundreds of listings selling these types of tubular lights. I ordered 3 of them ranging from 8.99-14.99 and most ended up being branded EDCGear. 

These are cheap knockoffs and you can feel it immediately. The plastic is light and flimsy. The units have cheap O-rings and none of them lasted more than a couple of uses. The light quality wasn't as good. Build and construction weren't as good and all 3 died immediately when I performed the sink dunking water test (even though they were marketed as waterproof). 

Sometimes the Chinese versions as just as good but this is not one of them. Save yourself the frustration and buy the original from a retailer that will stand behind the warranty.

Conclusion

Priced at around 4-5 times the price of a high quality chemical glow stick, these Glo-toobs are a great investment and will quickly become part of your EDC, camping and survival gear. I love them and recommend them.

It seems every time there is a terrorist attack, governments around the world use it as an opportunity to chip away at encryption. The latest attack was the UK Home secretary, Amber Rudd, who called WhatsApp's end-to-end encryption "completely unacceptable". She then adds that there should be “no hiding place for terrorists”.

Encryption is publicly known mathematics and there is no way to put the "cat back in the bag". If encryption is banned for law abiding Joe and Jane public, it makes everyone less safe but terrorists will simply use their resources and public encryption libraries to write their own encrypted programs and do their evil work. 

Minister Rudd's comments are the clearly from someone that doesn't understand the technology and how it is the fundamental underpinning of our entire technological society. Anytime you perform online banking, file your taxes with the government online or request a government service, you are using an encrypted channel of communication called TLS. It is the technology that makes using sensitive services on the internet possible. 

Banning encryption would mean no more online shopping, banking or anything else that requires privacy. So banning would not be accepted by our always online generation.

Government would counter this argument by saying they "simply" want a back door and not a ban on encryption. A backdoor would allow intelligence and police to more easily perform investigations while keeping general encryption alive. 

As a security professional, let me be clear that this is simply not possible. The minute a backdoor is implemented, it becomes a vulnerability that threat actors would attempt to find and exploit (organized crime, nation-state actors, foreign rogue governments, etc).If the Snowden and Vault7 leaks have shown us anything, it is that even government has issues keeping secrets. The reason encryption works is that it is based on mathematics and remains perfectly secure even though all the protocols, formula and applications are well know. 

Creating a backdoor for the good guys means you are also creating it for the bad guys. 

The Vault7 leak showed that governments have already solved the Whatsapp encryption issue by hacking the end device. When hacked, government can see pre/post encryption messages and therefore they are able to get the information they need. Yes it requires more work but every job has its challenges. This would bypass the encryption of Signal, Whatsapp or any other encrypted communicator.

Terrorism is a bad thing that affects as all. It is the worst of humanity being manifested because of hatred and misunderstanding of one another. Politicians are targeting encryption because it is the easy target but it isn't the right one.

As a geeky security professional, I will always be able to protect myself by rolling my own encryption, but the general population won't. Considering everything about us can now easily be stolen from our smartphone, I'm worried about any weakening of encryption. Just think about everything stored on your device (location history, contacts, social networks, where you have been and what you have done, health information, etc) and how you would feel if someone had access to all of it without your knowledge. 

We need technically knowledgeable politicians that will fight the good fight (against terrorism) without trying to neuter good wholesome public protecting technologies. It's like saying we will ban pools because there were 3,536 fatal non-boat related drownings in 2015 (there are over 8M pools public and private in the USA). We can't let a small batch of rotten apples contaminate the entire batch of cider.

The media loves stories about how Google, Facebook and Microsoft are tracking users and profiling them. These stories sell papers and draw in eyeballs. What they don't tell you is that your ISP actually has more visibility into what you do online than any of those giant service providers. 

If you don't see what the big problem is, read this article : How Target knows you are pregnant through data analytics. You may not realize it but the bread crumbs you leave behind are incredibly valuable to marketers, insurers and anyone else interested in using psyops to trick you.

Choose your ISP wisely

The most important fist step is choosing an ISP that will stand up for user privacy. When I moved to Toronto, I went with Teksavvy that seemed to have a more open corporate policy regarding the protection of customer information and at least says they try to limit data collection.

Choose an ISP (if possible) that has policies protecting you.

HTTPS

I have been extolling the virtues of SSL/TLS for 10+ years and Google gave the machine a kick in the but when it started favoring secure connection in its search results. Anytime you see https and that green lock icon near the URL, it means all traffic to and from that site is encrypted and cannot be modified, copied or eavesdropped on. All very good things.

A group of small to medium sites still didn't want to go through the cost and hassle of implementing TLS but a consortium called Let's Encrypt made the process easy through automation and free. Large internet site providers like Wordpress and Squaresapce jumped on-board and offered this as a checkbox addon to any site they host. So now there i no excuse.

As a user, you have to remember to force the connection to the secure https protocol (since most sites still support both and not all automatically redirect to the secure version.) Enter the free browser plugin called HTTPS Everywhere. 

HTTPS Everywhere

EFF makes this browser extension so that users connect to a service securely using encryption. If a website or service offers a secure connection, then the ISP is generally not able to see what exactly you’re doing on the service. However, the ISP is still able to see that you’re connecting to a certain website. For example, if you were to visit [www.eff.org/https-eve...](https://www.eff.org/https-everywhere,) your ISP wouldn’t be able to tell that you’re on the HTTPS Everywhere page, but would still be able to see that you’re connecting to EFF’s website at https://www.eff.org

While there are limitations of HTTPS Everywhere when it comes to your privacy, with the ISP being able to see what you’re connecting to, it’s still a valuable tool.

If you use a site that doesn't have HTTPS by default, email them and ask them to join the movement to encrypt the web.

VPNs

In the wake of the privacy rules repeal, the advice to use a Virtual Private Network (VPN) to protect your privacy has dominated the conversation. However, while VPNs can be useful, they carry their own unique privacy risk. When using a VPN, you’re making your Internet traffic pass through the VPN provider’s servers before reaching your destination on the Internet. Your ISP will see that you’re connecting to a VPN provider, but won’t be able to see what you’re ultimately connecting to. This is important to understand because you’re exposing your entire Internet activity to the VPN provider and shifting your trust from the ISP to the VPN.

In other words, you should be damn sure you trust your VPN provider to not do the shady things that you don’t want your ISP to do.

VPNs can see, modify, and log your Internet traffic. Many VPN providers make promises to not log your traffic and to take other privacy protective measures, but it can be hard to verify this independently since these services are built on closed platforms. For example, a recent study found that up to 38% of VPN apps available for Android contained some form of malware or spyware.

Below, we detail some factors that should be considered when selecting a VPN provider. Keep in mind that these are considerations for someone who is interested in preventing their ISP from snooping on their Internet traffic, and not meant for someone who is interested in protecting their information from the government—a whistleblower, for instance. As with all things security and privacy-related, it’s important to consider your threat model.

• Is your VPN service dirt-cheap or free? Does the service cost $20 for a lifetime service? There’s probably a reason for that and your browsing history may be the actual product that the company is selling to others.

• How long has your VPN provider been around? If it is relatively new and without a reliable history, you’d have to trust the provider a great deal in order to use such a service.

• Does the VPN provider log your traffic? If yes, what kind of information is logged? You should look for one that explicitly promises to not log your Internet traffic and how active the VPN provider is in advocating for user privacy.

• Does the VPN provider use encryption in providing the service? It’s generally recommended to use services that support a well-vetted open source protocol like OpenVPN or IPSec. Utilizing these protocols ensures best security available.  

• If your VPN provider uses encryption, but has a single shared password for all of the users, it’s not sufficient encryption.

• Do you need to use the VPN provider’s proprietary client to use the service? You should avoid these and look for services that you can use with an open source client. There are many clients that support the above-mentioned OpenVPN or IPSec protocols.

• Would using the VPN service still leak your DNS queries to your ISP?

• Does the VPN support IPv6? As the Internet transitions from IPv4 to the IPv6 protocol, some VPN providers may not support it. Consequently, if your digital device is trying to reach a destination that has an IPv6 address using a VPN connection that only supports IPv4, the old protocol, it may attempt to do so outside of the VPN connection. This can enable the ISP to see what you’re connecting to since the traffic would be outside of the encrypted VPN traffic.

Now that you know what to look for in a VPN provider, you can use these two guides as your starting point for research. Though keep in mind that a lot of the information in the guides is derived from or given by the provider, so again, it requires us to trust their assertions.

Tor

If you are trying to protect your privacy from your Internet company, Tor Browser perhaps offers the most robust protection. Your ISP will only see that you are connecting to the Tor network, and not your ultimate destination, similar to VPNs.

Keep in mind that with Tor, exit node operators can spy on your ultimate destination in the same way a VPN can, but Tor does attempt to hide your real IP address, which can improve anonymity relative to a VPN.

Users should be aware that some websites may not work in the Tor browser because of the protections built in. Additionally, maintaining privacy on Tor does require users to alter their browsing habits a little. See this for more information.

It’s a shame that our elected representatives decided to prioritize corporate interests over our privacy rights. We shouldn’t have to take extraordinary steps to limit how our personal information can be used, but that is clearly something that we are all forced to do now. EFF will continue to advocate for Internet users’ privacy and will work to fix this in the future.

Since the tightening of US border entry rules, readers have been emailing asking:

Canadian readers (and non-US) travelers to the US wanted to know what the new tighter controls mean when crossing into the US. 

The first important truth most travelers need to accept is that "entering another country is a privilege and not a right". Although the controls may have tightened a bit, they haven't changed materially. Having visited over 40 countries in the last 30 years, I accept the fact that anytime I cross a national border, I am subject to the controls of that country and prepare accordingly.

The cardinal rule of information security is "know your risk". The first step is to determine all your risk factors (status entering that country, data you will be traveling with, travel history, your background, travel risk level of the region you are entering, etc).

Before you leave

1. Minimize the amount of information you travel with. People often forget the treasure trove of information they carry on a daily basis. Your smartphone (as an example) contains all your contacts, login information for all your social networks, health information, GPS location history, networks you have connected to, etc. Anytime you cross a border (not just the USA but this applies to any national border crossing), the agents are tasked with protecting that county and may "take" any information you are entering the country with to determine your traveler risk. Do not take anything you wouldn't want to hand over.
2. Minimize the amount of devices you travel with. This may sound stupid but I have seen business travelers cross the border with a personal smartphone, work smartphone, a personal tablet, a work tablet and a work laptop. Understand that anything you enter the country with can be seized or taken  for analysis. With all the Snowden, Vault7, Wikileak dumps, its clear that if a border agent touches your device, you shouldn't use it anymore. You should assume it has been permanently hacked. Where possible, do not bring devices with you. If you do, try to bring "disposable" devices you wouldn't mind throwing away if need be.

What should I do before crossing the border?

1. Remove all information from your devices that you do not absolutely need to bring with you.
2. Anything you could need, try to move it to the cloud and securely delete your local copy.
3. Delete any apps from your smartphone for which you don't want to hand over login credentials to.
4. If you use a password vault solution synchronized with the cloud, you may want to delete that (Lastpass, 1Password) and reinstall it after you enter the country.
5. If you use a cloud synchronized 2-factor authentication solution, you may want to delete that (Authy) and reinstall it after you enter the country.
6. If you can, leave the device at home. If you have a work phone, bring it with you but leave your personal back home.  Instead of bringing a tablet, try to load your content on the smartphone.
7. If you can, travel with the least complex device possible (chromebook instead of a laptop or tablet instead of a laptop)
8. Ensure device encryption is turned on.
9. Turn off your devices before crossing the border.
10. Switch the unlock mechanism from fingerprint to password based.

At the border

Never lie to a border agent. Never! Ever! Ever!

Any foreigner that refuses to comply with a border agent request (any border not just the USA) will likely be turned away and sent back to their home country. In extreme cases, you can even be bared from entering that country again.

This means that you are "forced" to comply with any request made by the border agent. If asked for your device password, you can provide it and cooperate or defy them. If you defy the request, they will likely take the device and send it for investigation while denying you entry (maybe even keeping you for secondary questioning). Either way, once you "lose control" of your device, you should assume it has been permanently hacked and that a clean re-install will not make it trustworthy again.

They may also ask you for your social media login information. Even if you do not have the app installed on your devices, they know you have an account and can ask for the credentials. Never lie. Refusing to cooperate can cause you to be detained for additional questioning and given an entry ban.

What should I do while crossing the border?

1. Always be polite and respectful. Remember the agent is doing his/her job.
2. Never lie. Always be truthful. 
3. If asked to hand over a device or password, I would do it without putting up a fight. Once you are at the border, you have decided you are engaged and have to cooperate. 

After crossing the border

If your work device was accessed at the border, notify your company information security group immediately. 

If your personal device was accessed, you have to think long and hard about what you want to do. Know that there may be a permanent (un-removable) backdoor or tracker installed on the device. In some cases even a complete factory reset won't remove it. What do you want to do? In the security space, we recommend throwing the device away and buying a new one but this is a personal decision especially with a $1000 smartphone, tablet or laptop.

Also if they accessed your device or asked for your social media login information (username/password), assume they downloaded you social graph (all of your contact info and the contact info of your contacts). I would change all my social media passwords and double check my account information (email address, recovery phrases, telephone numbers, etc). Also notify your network that you lost control of your social media account and to be extra vigilant with requests and the information being shared with you. 

Other recommendations

If you travel to the US regularly, think about applying for a Nexus card (if you are a Canadian). Having a Nexus card means you have been deeply vetted and all of your fingerprints are on file. My experience has been that the Nexus has made crossing into the USA much easier. 

If you are a tech neophyte, take the time to read up on device security and security best practices. The truth is you are solely responsible for your privacy and security.

There are plenty of reasons to love WIFI (over wireless). It's free, fast and usually reliable. Often times though, its not a WIFI network you control (think coffee shop, retail store, mall, fast food joint, etc). Sure WIFI is ubiquitous but most of it is controlled by someone else which means is could and should be considered a hostile environment.

Man In The Middle Attack

A Man In The Midle (MITM) attack is an oldie but goodie. It allows a third party to intercept your communication. If successfully performed, an attacker can present a fake "hacker version" of a site you are trying to visit in the hopes of infecting your machine or harvesting your credentials.

An innocent use of this technology is when a WIFI provider intercepts your web browsing request (when you first connect to their network) and injects a logon or terms acceptance page (captive portal). This is a benign use of the technology but bad actors can use this to inject malicious code to infect your computer or trick you.

What you should do: Ensure any site you visit requiring a login or requesting private information is using an encrypted SSL/TLS connection (aka the green lock icon in Chrome). Look for a URL that starts with https instead of just http. Make sure the lock icon is green. 

We are seeing more and more sites switch to encrypted https but many have not made the jump yet. You should also add a free browser plug-in called HTTPS Everywhere. It is a free plug-in developed by the Electronic Frontier foundation and the TOR project which automatically rewrites requests to the secure https protocol when supported by the site. 

Fake WIFI networks

This is a very easy to use trick that is successful any time I have tested it. I basically setup a very strong signal WIFI network with carefully chosen (trustworthy sounding names) that get users connecting to it and then I simply do what I want to do and resend the traffic to the local establishment's free WIFI network thus performing a Man In The Middle attack. 

I can even use the same WIFI name as the local establishment's and your device will automatically connect to my rogue network if my signal is stronger (that's why automatic connections to untrusted WIFI networks can be a very bad thing unless you are always on VPN). I can create one of these network with cheap devices but my preferred tool is the WIFI pineapple. 

What you should do: Be weary if you see multiple networks with the same name at your local coffee shop. It doesn't always mean there is an attack happening but it should give you pause. The real solution is to always use a VPN network when connecting to a WIFI network you don't directly control.

Collecting your wireless information

Sniffing network traffic is a technique used by corporate network administrators to collect information to perform debugging and to try and identify system issues. Sniffing is basically collecting all (some or most) traffic flowing over a network. In the wireless world, this is made incredibly easy and can be done by hackers without anyone's authorization. All it requires is a special (cheap) wireless network card configured to startup in a special mode and then they can capture all the traffic flowing over the wireless network. Once you had the hardware, you simply need a free software like Wireshark to start capturing all wireless traffic. 

Anyone interested in WIFI testing should buy a WIFI Pineapple. You can't call yourself a real security pro without one. I'll wait while you go and buy from from here. (no that is not an associate link and I do not get anything for recommending them. It is just an awesome product).

What you should do: Ensure any site you visit requiring a login or requesting private information is using an encrypted SSL/TLS connection (aka the green lock icon in Chrome). Look for a URL that starts with https instead of just http. Make sure the lock icon is green. Encrypted traffic can be captured but is all garbled up and useless to the attacker. Or you can use a VPN service (which I will talk more about later).

Stealing cookies

No.. not cookies from a coffeeshop but cookies used by websites to authenticate your session. Most websites drop a session cookie in your browser after you log in so you don't have to log-in every-time you visit the site operators page. Most major sites go to great lengths to protect this cookie but many don't and attackers will try to steal these when patrons use unencrypted websites. By stealing the cookie and using it from the same location, many sites will be tricked into thinking the user is logged in and will allow him/her to perform actions without additional checks.

What you should do: Ensure any site you visit requiring a login or requesting private information is using an encrypted SSL/TLS connection (aka the green lock icon in Chrome). Look for a URL that starts with https instead of just http. Make sure the lock icon is green. Encrypted traffic can be captured but is all garbled up and useless to the attacker. Or you can use a VPN service (which I will talk more about later).

Peekaboo I see you

When organizing a security test for a company, my preferred method of attack is attacking the bag of mostly water (aka the human). Humans are usually careless, clumsy and easy to trick. It is much easier to compromise a human than an IT system.

Shoulder surfing is the art of looking over someone's "shoulder" as they type protected information info a computer system. This could be a building entry code, the PIN for your ATM card or a site password. 

This is an especially easy attack when you are in a crowded area where it feels normal to have people close by (packed coffee shop with tight tables, a bus, etc).

What you should do: When I travel, I have a 3M privacy filter on my computer screen to make it more difficult for people around me from seeing my private on-screen information from onlookers. Additionally I always cover any keypad when entering my PIN and never enter passwords when in a crowded area. The important thing is to realize this could happen and pay attention to your surroundings. 

What about that VPN option

My next article will be about 1 or 2 VPN providers that I trust and use but for now, I'll write about what a VPN is. A Virtual Private Network is a special technology that creates a secure connection between your device and that of the VPN provider. That means anyone eavesdropping (digitally) on your WIFI or LTE connection will only see garbled 

Of course the VPN provider will see all of your traffic as they send it to the general internet from their servers but at least you protect yourself from local WIFI attacks. Additionally, anytime you use an https site, that traffic is protected and even your VPN provider cannot see the content of that traffic.

As an example: 

I am sitting in a coffee shop browsing facebook via their mobile website. Their mobile website is protected because it uses TLS (https). I distrust public WIFI, I also have a VPN active.

This means that my connection (all traffic to and from the internet to my device) is encrypted inside that protected VPN tunnel [from my device until the server of the VPN provider] thus no one in the local coffee shop sees where I am browsing and what I am sending/receiving. This protects you from all those local attacks.

Because I am using the facebook website on my device, it is also using protected https which means traffic for that site is encrypted a second time between me and Facebook. This means that the VPN provider knows I visited facebook but can't see anything else.

Obviously you have to trust the VPN provider not to profile you but this is much better than trusting a coffee shop WIFI or even your wireless LTE carrier.

The US Government is moving to kill a law preventing carriers from selling user data to the highest bidder. This means even your home internet provider or wireless carrier will probably start tracking your every move on the internet and selling it to marketing companies. Many people should start thinking about running a permanent VPN from their home router to the internet to protect themselves from this type of profiling.

For those that want a fast, easy and reliable VPN appliance, read my review of the InvizboxGO here. 

As we learn more about how much data the intelligence community collects and what their capabilities are (Vault7), it reinforces the mantra of having good security hygiene. If you weren't using VPN while on (untrusted) WIFI connections, then you should be. 

I consider untrusted any WIFI network I don't directly control. I even use VPN (normally) when on LTE because I don't trust my wireless carrier.

VPN hardware galore

Appliances properly designed and maintained should make most tasks easier and safer. VPNs and TOR are no exception. Kickstarter and IndieGogo are full of entrepreneurs promising easy security. Unfortunately most fall flat because they are simply re-badged Chinese products with a crappy interface. 

The worst of the bunch are un-maintained products with tones of exploitable vulnerabilities leaking your data with every transaction. Invizbox was a Kickstarter funded company and their first product, a small gumbox sized WIFI anonymization router worked as advertised. It's major drawback was the requirement to have a physical connection to the internet and it was slow. Oh so slow. 

The design team came back with a vengeance and released the InvizBoxGO late last year.  The invizboxGo is a small battery powered device that will secure your WIFI connections and work as a battery backup if you need it. 

The InvizboxGo is sold with an optional "white labelled" VPN service. When you buy the VPN service, you receive the "enhanced" TOR experience which basically means it uses VPN for the first hop to the TOR network thus protecting even that flow of traffic.

It also supports "pluggable transport" (description). Basically pluggable transport is a technology which allows you to change how the TOR traffic looks thus allowing you to bypass anonymity blocking tools (corporate or governmental).

A coming soon feature to force connections to htts when available (like a hardware implementation of https everywhere). 

You can also review the Invixbox firmware sourcecode on . The team hopes that this transparency will:

• prove there are no backdoors
• allow researchers to find and highlight vulerabilities
• give the team immediate trust

InvizBoxGo Easy Setup

The testing

I ran the InvizboxGo through a gauntlet of technical tests (while on VPN) and it passed every single one:

• does not leak DNS queries when in VPN mode (go here to test)
• does hide your actual IP address (go here to test)
• does not leak IP or DNS information via JAVA or Flash ( Go here to test)
• protecting P2P traffic. Although I do not condone or encourage the use of P2P tools to steal protected media, there are dozens of legitimate uses for P2P technology. It is important to ensure your VPN product protects you while using P2P and Invizbox did. You go to this site and the find the Torrent Address Detection. You download their magnet link into your P2P client of choice then activate the test. If it shows your real IP or DNS, you are not protected. You should only see your VPN address here.
• InvizboxGo is not subject to WebRTC leaks when in VPN mode (go here to test

I conducted my tests via VPN because that is what most users will likely use. If you are technical enough to use TOR, you can do your own testing.

Yes it did slow down my connection to the internet but that depends on a tone of factors. The amount of slowdown will be based on your ISP (potential throttling of VPN traffic), connectivity between you and your chosen VPN endpoint, number of hops, traffic on the net, encryption overhead, etc Overall there was a slowdown (which is normal) but not enough for me to panic.

The killer feature

The InvixboxGo was delivered with the promise of auto-update. The creators promised to keep the device updated to add functionality and patch vulnerabilities. This update should be automatic if you keep your device connected regularly. 

So far I have received one update (during my 2 months of testing) and think this is a big plus if they keep it up.

Issues with the InvizboxGo

My first complaint is that it works well for most captive portals (hotel and airport) but I have not been able to connect it to a corporate portal or WIFI requiring username/password to connect. I was told this issue is logged and that they will investigate.

The second issue is that the device doesn't have a physical ethernet port. Most of my connections are WIFI but recently I have stayed in top tier hotels that have only had Ethernet in the rooms which meant I had to use another Ethernet to WIFI device then use Invizbox to secure my connection. 

I would have liked some kind of additional add on that would allow me to use an Ethernet connection (for WAN) when required.

Conclusion

Overall this is a fantastic unit  that I enjoy using. It is fairly speedy, reliable and easy to use.

Automation can be help with simple tasks like converting a webpage to PDF or can become a complex monster saving you hundreds of hours a year. Until the Workflow app came to IOS, true automation was an Android only benefit.

The $5 app is now permanently free because Apple acquired them. 

The Workflow app has been around for a couple of years and is a distant cousin (functionally) to IFTTT. It allows users to string together a series of actions, tasks, conditions and inputs and perform all kinds of useful tasks.

It can:

• Encode media
• Record Audio
• Post on social media
• Automate app functionality where a URL scheme is exposed
• Send emails
• Pull RSS feeds
• much much more

What we don't know yet is what Apple will do with the team and the app. It was made free but there is always the risk Apple will kill the app and move some of the functionality to:

• a new Apple branded app
• into a new version of IOS
• into a new service running on iCloud

Yes Wikileaks released a very large chunk of CIA information dubbed Vault7 that explains some of the hacking capabilities of the US intelligence service vis-a-vis consumer electronics. Obviously this "isn't good" from a privacy perspective because if the US intelligence community has these capabilities, other nation-states may also have them. 

After going through some of the information, I want to dispel some of the FUD (Fear Uncertainty and Doubt).

Are Whatsapp or Signal hacked?

I have written about Whatsapp security and professed my love for Signal . Many readers messaged me in a panic asking if these apps had "weak" security and had been breached by the CIA. 

Signal and Whatsapp encryption was not broken. 

The CIA would compromise the smartphone (iphone or Android) and then would install malware that would record audio, text or video before the Whatsapp/Signal encryption. 

The Wikileaks statement reads like this:

So the short answer is no, these messaging apps were not compromised and their security is still good. Every security researcher know you must must must secure the endpoint because it is normally the weakest link in the chain. Here is proof. 

The security of Signal protocol was recently reviewed during a security audit and it passed with glowing colors. The EFF also rates Signal as an "all green" messaging app. 

Is the CIA hoarding 0 zero vulnerabilities?

We don't know what the CIA is really doing but based on the Vault7 Wikileak, I would say no. Very few 0 day attacks seem to be mentioned in the dump and any that were are being actively used. Nothing in the leak seems to indicate a hoarding of 0 zero vulnerabilities for emergency use.

The attacks mentioned in the leaks may be worrisome to John or Jane Doe but they are nothing new for anyone working in security. They seem to be leveraging "stuff" we already know about the Information Security circles. Yes they sometimes buy advanced attacks from brokers or researchers but most of what I read, I expected them to have.

Nothing I read would indicate that the CIA digital attack toolkit is better than that of the NSA. It is safe to assume the NSA has much stealthier and more powerful tools.

Do I break my Smart TV?

Don't throw away your Smart TV just yet. We learned that the CIA can hack your Smart TV and turn it into an espionage tool by running hacking software via USB port on the TV. Let me say that again, via USB port. 

Nothing in the document indicates that they can do this remotely via the internet. In security, we always assume that it is impossible to protect an asset if a bad actor can gain physical access to it. Nothing new here. 

Attribution

There are 2 pieces of malware in the wild that were thought to have come from China and Russia but can now likely be attributed to the CIA. These leaks provide enough information for security companies to now make educated assumptions about malware sources they know about and are trying to identify the source of. 

A colleagues working for a US security company said that they can now attribute 2 malware to the CIA previously thought to have come from China or Russia. He said his company will now use the info in these leaks to built signatures to detect and remediate some of the vulnerabilities mentioned here. 

Does this hurt the CIA. I would say no. There are enough vulnerability brokers in the dark market and the CIA has enough money to quickly rebuild a new toolkit.

Are these advanced hacking techniques?

No. They may seem advanced for the average Joe but there wasn't anything monumental or earth shattering for a security researcher. Funny enough, I've been chatting with one of my employees about a new tool from Hak5 called Bash Bunny. The Bash Bunny seems to be more advanced than many of the techniques revealed in this document. 

Is my tech safe?

The BBC published a good article documenting the reaction from major consumer tech manufacturers. 

As expected, Apple provided a lengthy response and committed to working with its security team to plug as many of the holes as quickly as possible.

Samsung provided this response

Notably absent (at least while I write this) is a response from Google about the vulnerabilities in Android that were actively exploited. As we know, not all Android phones receive timely updates and even those that do have some worrisome vulnerabilities. 

For the general consumer that is not being targeted by a nation-state intelligence agency, as long as you adhere to good security practices, an a Google branded Android phone will be just as safe as an Apple iPhone. I cannot recommend buying an Android phone from any other manufacturer as updates may be slow or non-existent. 

If you are in a job were security is critical, i would still contend that the iPhone is likely more secure because of the way Apple locks everything down.

Conclusion

I won't lose any sleep over the CIA leak. Yes it confirms that the US intelligence apparatus is actively targeting consumer hardware but we all assumed they were doing this anyway. Nothing in this leak revealed anything new and I would assume the NSA Signals Intelligence team is still the king of the hill. Sure the CIA seems to have a couple pocket knives but the NSA still has that 10" Rambo knife strapped to its belt.

 Also assume anything the US is doing can be easily replicated by other nation state actors. Do you really want foreign governments to have these abilities and your own (Canada, US, UK, Australia, etc) not to?

A question I receive regularly is about what makes up my EDC kit. The first article I wanted to publish was about my pen. This is no ordinary pen. It is a magical pen that accepts over 200 different types of ink refills (roller-ball, ballpoint or D1). It is a beautiful pen made from aircraft grade titanium, which makes it super durable, light and incredibly beautiful. 

I have used hundreds of pens from a cheap BIC all  the way to an exclusive Montblanc. After everything is said and done, the TI Arto from Big Idea Designs is the one I chose to carry everyday (at work, during travel or at play). 

Why? First this wonderfully designed and carefully crafted pen accepts over 200 different types of ink refills (without hacking or modification). This means I can buy ink refills anywhere in the world and know it works. It even accepts the Uni-ball Signo DX without any modification. This is a highly prized refill by pen lovers worldwide but it never fits into these pen bodies. It works wonderfully in the TI Arto. How? Because the creative team at Big Idea Designs created a cone head that tightens as you screw it and therefore can securely hold almost any type of pen head in place. This internal compression cone is what makes this pen stand apart and is the secret to how it can accept 200+ ink refills. It is easy to use but will require a little fidgeting as you adjust it (when replacing the ink).

It is built from titanium which means it is extremely light and durable. I carry it in my wallet pocket along with a lighter and aluminium plate wallet and it has held up well. 

Overall I highly recommend the TI Arto. It will be a useful and beautiful part of any EDC kit delivering a lifetime of use.

link

Example of Refills accepted by the pen without modification. This is grows every week.

Pen Name / Refill Name

Rollerball Style Refills

•Avant Pen Refills (0.5mm)
•Bic Velocity Gel Refill 0.7mm (Medium)
•Bic Velocity Gel Refill 1.6mm (Bold)
•Cross Gel Rolling Ball Refill 0.7mm
•Cross Porous Point Felt Tip Refills (Fine & Medium)
•Dong-A Fine Tech RT Pen Refill (GRC-43)
•Duke Rollerball Refill (Medium)
•Faber-Castell Ceramic Rollerball Refill 0.5mm
•Foray (Office Depot) Replacement Refills
•Foray (Office Depot) Replacement for Schmidt Rollerball Refills
•Foray (Office Depot) Replacement for Waterman Rollerball Refills
•Lamy M63 Refill
•Moleskine Gel Refills (0.5 and 0.7 mm)
•Mont Blanc Fineliner Refills
•Mont Blanc 163 Rollerball Pen Refills (F) & (M)
•Monteverde Rollerball Refill (Mont Blanc Style Replacements)
•Monteverde Mini Rollerball J22 Refill for Mini Jewelria Pens
•MUJI 0.5mm Refill
•Ohto C-304P Ceramic Rollerball Pen Refill – 0.4mm
•Ohto C-305P Ceramic Rollerball Pen Refill – 0.5mm
•Ohto C-307P Ceramic Rollerball Pen Refill – 0.7mm
•Ohto C-310P Ceramic Rollerball Pen Refill – 1.0mm
•Ohto F-300 Fude Pen Brush Refill
•Pentel EnerGel BLN105 Rollerball Pen Refill – 0.5mm
•Pentel EnerGel LR7 Gel Pen Refill – 0.7 mm
•Pentel EnerGel LR10 Gel Pen Refill – 1.0 mm
•Pentel EnerGel LRN5 Needle-Point Gel Pen Refill – 0.5 mm
•Pentel EnerGel LRN7 Needle-Point Gel Pen Refill – 0.7 mm
•Pentel HyperG Retractable KL257 Series (LR7 & KLR7)
•Pentel Sliccies Gel Multi Pen Refill (XBGRN3A) – 0.3 mm
•Pentel Sliccies Gel Multi Pen Refill (XBGRN4A) – 0.4 mm
•Pentel Sliccies Gel Multi Pen Refill (XBGRN5A) – 0.5 mm
•Pentel Slicci Techo Mini Gel Pen Refill (BG503) – 0.3 mm
•Pilot Ageless Future Gel Pen Refill (BLGS-7) – 0.7 mm (2 Colors)
•Pilot B2P Bottle to Pen Gel Ink Pen Refill – 0.7mm
•Pilot Frixion Ball Gel Multi Pen (LFBTRF refill) – 0.38mm
•Pilot Frixion Ball Gel Multi Pen (LFBTRF refill) – 0.5mm
•Pilot Frixion Ball Gel Multi Pen (LFTRF refill) – 0.38mm
•Pilot FriXion Ball 2 Biz Gel Pen Refill – 0.38 mm
•Pilot Frixion Erasable Gel Pen Refill (LFRF30P4) – 0.4mm
•Pilot Frixion BLS-FR5 (LFBK-23EF-B refill) – 0.5mm
•Pilot G2 Refills (America’s #1 selling ink gel pen, 0.38, 0.5, 0.7, &1.0mm)
•Pilot G2 Pro
•Pilot G6
•Pilot Hi-Tec-C Cavalier 0.4mm (Has more ink than the standard Hi-Tec-C refill)
•Pilot Hi-Tec-C Coleto 0.3mm (LHKRF-10C3) 15 different colors
•Pilot Hi-Tec-C Coleto 0.4mm (LHKRF-10C4) 15 different colors
•Pilot Hi-Tec-C Coleto 0.5mm (LHKRF-10C5) 15 different colors
•Pilot Hi-Tec-C Slim Knock Gel Pen Refill (LHSRF-8C3) – 0.3mm – 3 Colors
•Pilot Hi-Tec-C Slim Knock Gel Pen Refill (LHSRF-8C4) – 0.4mm – 3 Colors
•Pilot Hi-Tec-C “Standard” – 0.25mm (BLS-HC25)
•Pilot Hi-Tec-C “Standard”- 0.3mm (BLS-HC3)
•Pilot Hi-Tec-C “Standard”- 0.4mm (BLS-HC4)
•Pilot Hi-Tec-C “Standard”- 0.5mm (BLS-HC5)
•Pilot Juice Gel Ink Series Refill 0.38, 0.5, 0.7mm (LP2RF) – (3 Colors)
•Pilot Precise V5 RT/V7 RT, named Hi-tecpoint V5 RT/V7 RT in Europe
•Pilot Q7 Needle Point Refill 0.7mm (BLS-GCK-7 / LHKRF-8C7)
•Pilot V ball RT (BLS-VB5RT)
•Pelikan Roller Refill 338 Rollerball
•Platinum Gel Pen Refill (BSP-60S) 0.5mm
•Platinum Gel Ball Pen Refill (GSP-80N) – 0.5 mm
•Roting TIKKY Liner Refill – 0.5mm
•Sakura R-GBH Ballsign Gel Multi Pen Refill – 0.4 mm (4 Colors)
•Sakura R-GBP Ballsign Knock Gel Pen Refill – 0.4 mm (3 Colors)
•Schmidt Safety ceramic roller 888 Fine
•Schneider Topball 850
•Staples Classic Grip Pen 0.7mm Gel (#31581)
•TUL GL1 Gel Pen Retractable Needle Point Fine 0.5mm
•Uniball Signo DX 0.28mm Refill (UMR-1-28)
•Uniball Signo DX 0.38mm Refill (UM-151)
•Uniball Signo DX 0.5mm Refill (UMR-1-05)
•Uniball Fanthom Erasable Gel Pen Refill (UFR-122) – 0.5 mm (3 Colors)
•Uniball Impact RT 1.0mm Bold (Signo UMR-80)
•Uniball Style Fit Gel Multi Pen Refill (UMR-109) – 0.28, 0.38, 0.5mm (16 Colors)
•Uniball Signo RT Gel 0.38mm & 0.5mm (UMN-138)
•Uniball Signo (UMN-152)
•Uniball Signo 0.28mm (UMN-82)
•Uniball Signo 0.38mm (UMN-83)
•Uniball Signo 207 Gel Refill 0.7mm (UMR-87, UMR-85)
•Uniball Jetstream 0.38 (SXR-38)
•Uniball Jetstream 0.5mm (SXR-5)
•Uniball Jetstream 0.7mm (SXR-7)
•Uniball Jetstream 1.0mm (SXR-7)
•Uniball Jetstream 1mm (SXR-10)
•Uniball Mitsubishi Liquid Ink Rollerball Pen Refill(UBR-300)- 0.5 mm
•Visconti Rolling Ceramic 0.7mm (AA40)
•Waterman Rollerball Refill
•Zebra Sarasa Clip Pen Refill – 0.7mm (JF-Refills for Sarasa, Sarasa SE, Sarasa Clip)
•Zebra JF-0.4 Sarasa Gel Pen Refill – 0.4 mm (4 Colors)
•Zebra JF-0.5 Sarasa Gel Pen Refill – 0.5 mm (4 Colors)
•Zebra JJ2 Gel Ink Refill
•Zebra J15 Gel Ink Refill
•Zebra JJZ15 Gel Ink Refill
•Zebra JJ21 Gel Ink Refill
•Zebra Sarasa Dry Gel Ink Rollerball Refill (JLV-0.4) – 0.4 mm (3 Colors)
•Zebra Sarasa Dry Gel Ink Rollerball Refill (JLV-0.5) – 0.5 mm (3 Colors)
•Zebra Gel Ink Rollerball Refills (RBJF5) – 0.5mm (3 Colors)
•Zebra JT-0.4 Sarasa Gel Pen Refill (RJT4-BK)- 0.4 mm
•Zebra RJF3 Gel Ink Refill
•Zebra RJF4 Gel Ink Refill
•Zebra RJF5 Gel Ink Refill
•Zebra RJF10 Gel Ink Refill
•Zebra Sarasa (NJK-0.4) – 0.4mm
•Zebra Sarasa (NJK-0.5) – 0.5mm

Ballpoint Style Refills

•Ballograf Original Ballpoint Pen Refill (4 Colors)
•Ballograf Pocket Ballpoint Pen Refill (2 Colors)
•Bic Pro+ 1.0mm Pen Refill
•Diplomat EasyFLOW Ballpoint Pen Refill
•Caran D’ache Goliath Refill
•Faber-Castell Ballpoint Pen Refill (Medium)
•Faber-Castell Scribero Gel Ink Roller Refill
•Fisher Space Pen “PR” Series Refills – 15 Different Refills
•Fisher Space Pen “U” Series Refills (UF1, UF2, UF4) – 3 Colors
•Foray (Office Depot) Ballpoint Refill for Parker Refills
•Foray (Office Depot) Replacement For Mont Blanc Ballpoint Refills
•Foray (Office Depot) Ballpoint Refill for Waterman Refills
•Kaweco Soul G2 Refill 1.0mm
•Kaweco Sport Roller Ball Pen Refill (This is a smooth Rollerball gel ink)
•Kokuyo FitCurve Ballpoint Pen Refill (PRR-SJ7D) – 0.7 mm (3 Colors)
•Lamy M22F Refill – Fine, Med, Broad
•Metaphys Locus 3Way Multi Pen Refill – 0.5mm
•Midori Brass Bullet Ballpoint Pen Refill – 0.5 mm
•Moleskine Ballpoint Refill
•Mont Blanc Ballpoint Refills (F) & (M)
•Monteverde Needle Point Refill (Fine)
•Monteverde Soft Roll P13 – Colored inks
•Monteverde Soft Roll P15- (Superbroad, Medium, Ultrafine)
•Ohto P80-05NP Needlepoint Ballpoint Pen Refill 0.5mm
•Ohto P80-07NP Needlepoint Ballpoint Pen Refill 0.7mm (writing width is 0.35mm)
•OhtoPS-205NP Extra-Fine Ballpoint Pen Refill 0.5mm (writing width is 0.35mm)
•Ohto PS-207NP Extra-Fine Ballpoint Pen Refill 0.7mm
•Ohto 893NP Needle-Point Ballpoint Pen Refill – 0.3 mm
•Ohto 895NP Needle-Point Ballpoint Pen Refill – 0.5 mm
•Ohto 897NP Needle-Point Ballpoint Pen Refill – 0.7 mm
•Parafernalia Ballpoint Pen Refill
•Parker Ballpoint Pen Refill (Broad, Medium, Fine)
•Parker GEL Ballpoint Pen Refill (Medium)
•Parker Quinkflow Ballpoint Pen Refill (Medium, Fine)
•Pelikan Giant Ballpoint Pen Refill 337 (Broad, Fine, Medium)
•Pentel Rolly C4 Ballpoint Multi Pen Refill (BKSS7) – 0.7 mm (4 Colors)
•Pentel (KFLT8) Ballpoint Pen Refill
•Pentel Selfit Ballpoint Pen Refill (BKS7H-AD)- 0.7 mm
•Pentel Vicuna XBXST5-A Refill – 0.5mm
•Pentel Vicuna BXM5H Refill – 0.5mm
•Pentel Vicuna BXM7H Refill – 0.7mm
•Pilot BRFV-8EF Acro Ink Ballpoint Pen Refill – 0.5 mm (3 Colors)
•Pilot BRFV-8F Acro Ink Ballpoint Pen Refill – 0.7 mm (3 Colors)
•Pilot BRFN-30F Ballpoint Pen Refill – 0.7 mm
•Pilot BRFN-30M Ballpoint Pen Refill – 1.0 mm
•Pilot BTRF-6F Ballpoint Pen Refill – 0.7 mm (3 Colors)
•Platignum Standard Ballpoint Pen Refill
•Sailor Pica Kirei Anti-Bacterial Ballpoint Multi Pen Refill – 0.7 mm(3 Colors)
•Sailor Pica Kirei Anti-Bacterial “Mini” Ballpoint Multi Pen Refill – 0.7 mm (3 Colors)
•Sakura R-NOB Ballpoint Pen Refill ( SAKURA R-NOB#49) – 0.7 mm
•Schmidt P900 B Ballpoint Pen Refill (Broad, Medium, Fine)
•Schmidt P950M MegaLine Pressurized Ballpoint Pen Refill (Medium)
•Schmidt 4889 MegaLine Pressurized Pen Refill
•Schmidt 9000M EasyFlow Pen Refill
•Schmidt P8900 Super Bowl Refill (Fine)
•Schneider Express 735 Pen Refill (Broad, Medium, Fine)
•Schneider Slider 755 Pen Refill (Extra-Broad, Medium)
•Sheaffer Ballpoint Refill II (Medium)
•Sheaffer K Ballpoint Refill
•Sheaffer T Ballpoint Refill
•Stabilo Ballpoint Refill
•Stabilo EASYgel Refill
•Tombow BR-ZLM Ballpoint Pen Refill
•Uni SXR-80-05 Jetstream Ballpoint Multi Pen Refill – 0.5 mm (4 Colors)
•Uni SXR-80-07 Jetstream Ballpoint Multi Pen Refill – 0.7 mm (4 Colors)
•Uni Power Tank High Grade Ballpoint Pen Refill – 0.7 mm
•Visconti Ballpoint Pen Refill AA49 1.4 (Broad)
•Visconti Gel Refill AA38 (Broad, Medium, Fine)
•Zebra F-Refill Ballpoint Pen Refill – 0.7 mm (2 Colors)
•Zebra G-301 JK-Refill Gel Pen Refills – 0.7 mm (2 Colors)
•Zebra SK-0.4 Ballpoint Pen Refill – 0.4 mm (2 Colors)
•Zebra SK-0.7 Ballpoint Pen Refill – 0.7 mm (4 Colors)
•Zebra Stylus Pen LV-Refills – 1.0mm
•Zebra Zmulsion Ink Pen Refill – 1.0 mm (EQ-1.0)

D1 Style Refills

•Acme Black 4FP Four-Function Pen Ballpoint Pen Refill
•Acme Highlighter 4FP Four-Function Pen Multi Functional Pen Refill
•Aurora Mini Medium Point Ballpoint Pen Refill
•Caran D’ache Ecridor XS Mini Refill
•Cross Matrix Ballpoint Pen Refill
•Cross Micro Ballpoint Pen Refill
•Kaweco D1 Soul Ballpoint Refill
•Lamy M21 Ballpoint Pen Refill
•Lamy M55 Tripen Marker Refill (Orange Highlighter)
•Monteverde Soft Roll Ballpoint Pen Refill – D1 (628)
•Ohto R-4C5NP Needle-Point Ballpoint Pen Refill – 0.5 mm
•Ohto R-4C7NP Needle-Point Ballpoint Pen Refill -0.7mm
•Parker Mini Ballpoint Refills
•Parker Vector 3-in-1 Ballpoint Refills
•Pelikan 38 Ballpoint Refills
•Pentel XBXS5-A (0.5mm)
•Pentel XBXS7-A (0.7mm)
•Pentel Vicuna XKBXES7 Ballpoint Pen Refill – D1 – 0.7 mm
•Pilot BRF-8M & BRF-8F-B 0.7mm Refills
•Pilot Hi-Tec-C Slims (LHRF-20C3-B 0.3mm)
•Platinum BSP-60 Series
•Platinum BSP-100
•Platinum SBSP-120S Hybrid Ink Ballpoint Refill
•Retro 1951 D-1 Ballpoint Refill
•Rotring Tikky 3-in-1 Ballpoint Refills – 0.7mm (2-Colors)
•Staedtler Multi Pen Ballpoint Refill (92RE-09)- D1 – 0.7 mm
•S.T. Dupont Mini Olympio Ballpoint Pen Refill
•Tombow Outdoor Pen Refill (BR-VMP)
•Tombow VS Ballpoint Pen Refill (BR-VS) – D1
•Uni SXR-200 Jetstream Ballpoint Multi Pen Refill (0.5 and 0.7mm)
•Zebra Tele-scopic Slide Ballpoint Pen Refill – 4C – 0.7mm
•Zebra ESB-0.7 Emulsion Ink Ballpoint Pen Refill – D1 – 0.7 mm
•Zebra JSB-0.4 (RJSB4-BK)
•Zebra JSB-0.5 (RJSB5-BK)
•Zebra Sharbo X Ballpoint Multi Pen Refill Component – D1
•Zebra Sharbo X Gel Ink Multi Pen Refill Component – D1

I have been an Evernote user since September 26 2008 (8 years 5 months 8 days). Many of those years were spent as a paying premium customer, but at the end of 2016, I decided it was time to leave. I wanted to share why I am leaving and my plans to replace it.

The Evernote I loved

From the very beginning, Evernote was a wonderful company to support. It was this scrappy upstart that was committed to building a "100 year company" (link) and was incredibly committed to its customers. It believed in openness and came to market with original ideas. It was unlike anything else being offered at the time.

The original founding leaders had this crazy open-dialog podcast that gave listeners an inside look into the company. The freemium model Evernote pioneered worked like a charm. Evernote constantly moved premium features into the free tear and was constantly challenged to make newer & better features for the 5% of their paying premium customer-base. 

Every platform I tested had an Evernote client that worked relatively well and within minutes of setting up a new device, everything I had captured was there waiting for me. It was a wonderful time.

The app was lightning fast and reliable. Sync was blazing and worked every time. Text recognition (even in images and attachments) was super accurate. I was happy.

Even though I didn't need most of the premium features, I started paying a premium membership to support the company. It was my one key app. I used it as my reference folder, as my to do manager (GTD), my list making application, etc. It become an extension to my brain. 

I was an Evernote ambassador, talking about it every chance I had and bringing more and more people into the fold. Everyone that joined Evernote thanked me. Everyone loved it, even those on the free tier. It offered incredible value to everyone that took the time to use it. Search Amazon for Evernote and you get 1,145 products from Moleskin notebooks to books to help organize your life using Evernote. 

Then July 20th 2015, they announced via a blog post that Phil Libin would be leaving the company and his replacement was this polished executive named Chris O'Neill. Other executives also left (such as Max Levchin). Little did we know O'Neill had plans to dramatically change the service we had come to love and depend on.

The Bad Changes

The new Evernote price

The first major shock was the change in pricing. My beloved Premium membership almost doubled in price and the functionality of the free/plus service dropped. 

When prices increase, consumers will evaluate all possible alternatives and determine if the new price is still the best choice for him/her.

For $10 more a year, I can buy an Office 365 home subscription shareable with 5 family members. Everyone on my accounts is entitled to all of the Microsoft Office apps (Word, Excel, Powerpoint, etc), plus each user receives 1TB of online OneDrive storage and of course Microsoft made it's OneNote app free for everyone on all platforms.

As a customer of Evernote, I was asking myself if spending an extra $10 and moving to Office 365 home made sense. For most consumers, it will.

The second was the downgrade if you chose not to pay these new higher prices. You were limited to sync on only 2 devices and your free monthly upload allowance was 60MB which meant it become unusable (for free) for most users.

The junkening

Over the years, Evernote lost its way and tried to become the everything app for everyone (a swiss Army knife). It had a food memories app.

The Evernote Food app allowed you to capture memories of great food you had enjoyed in restaurants (logging pictures, location, friends with you, etc). 

It bought a screen-capture and markup tool called Skitch and after a couple of updates, killed it (moving some of its features into its already bloated core Evernote app).

It had and killed many other apps (A contact app, a meeting app, Flash cards, etc).

Over the years it's main app, the Evernote Client (Mac, Windows), became a bloated mess of slowness and crashing. They migrated from their own data center to the Google Cloud platform ( earloier this year) promising faster and better service. The blog post on February 8 2017 mentions :

All good sentiments but I haven't seen any benefits as a customer. Evernote is still an expensive bloated mess. 

Breaking their own rules

In 2011, Evernote published the 3 laws of data protection:

1. Your Data is Yours
2. Your Data is Protected
3. Your Data is Portable

The fist rule is clear, my data is mine and the only thing Evernote was going to do to it was normal operational tasks the ensure they can deliver the services I was expecting. The new Evernote wanted to add a machine learning function for its premium users and as part of that change tried to update its Terms of Service. This change was so viciously attacked by its users that in December 2016, they were forced to roll-it back and tried to reframe the conversation.

The worry was that the changed language gave Evernote employees the right to "read" your notes as they attempted to spot check and validate their new Machine Learning tools. The reversal meant the change would now be opt-in. This never should have happened the way it did. It showed clear gap in their change management and product management processes.

The second rules stated that :

This seems to conflict with their unilateral attempt to change the privacy language to enable their Machine Learning feature but.... The next part of this rule is:

Evernote had a couple of issues with data availability but the biggest was one that affected "some Mac users" and caused attachments to get deleted (article here). 

So far, Evernote has failed on the first 2 of their data protection laws. The third law was about data portability. The law said:

Ask anyone that has a large collection of notes with tags and dozens of folders, there is no graceful way to export your data in a usable format. Attachments are exported with their original file names (not the note name) and all structure is lost (tags and folder are lost).

I as one of the people that asked for Evernote to make a better export feature to ensure they met their own portability commitment. I wasn't sure how it should work, but knew it needed something better.

As you added more and more notes, this feature became more important and the lack of it became a glaring issue. As much as they say you can export in HTML, the exported data is useless. 

So they failed to meet their own 3 rules of data protection. 

No Markdown Support

As a technical Evernote user, I was part of their forums, UserVoice feature request system and always answered their user surveys. A feature I have wanted for years was Markdown formatting support (which would improve note compatibility). Their standard response was always that this was not part of their road-map. I wasn't the only one clamoring for Markdown support. Their forums listed thousands of users asking for it. 

Unfortunately Evernote was clearly not interested. 

Less consumer more business 

In an interview with The Verge,  Chris mentions the wants a more balanced customer base (less consumer and more corporate. This clearly shows in the steps they have taken and ancillary services they have killed.

Consumer services have been killed (Food, Flash Cards, etc) while corporate ones have been maintained (Evernote Work Chat a slack competitor and Presentation mode a Powerpoint competitor).

Changing competitive landscape

As Evernote continues to squeeze its free tier customers and makes paid tiers more expensive, it's primary competitor, Microsoft OneNote, has gone free for everyone on every platform. Additionally Google has its Keep/Google Docs combo and Apple its's Pages/Apple Notes combo. All of its chief competitors are offering more and more functions for free.

Others like Dropbox have launched services like Dropbox paper offering their existing subscribers cool new Evernote competing features. 

When I started using Evernote, it was the defacto standard integration partner for every app or service that I used. Almost every app I had on my Windows, Mac, Android, iPhone or iPad integrated with Evernote. As Evernote alienates its customers and more competitors enter the market, this is becoming less and less true. There was a huge benefit to knowing everything you had would work with Evernote, as this slowly disappears, that advantage also disappears. 

The Best Evernote Alternative

Having tested dozens of services, there isn't a really good alternative an Evernote power user will like but you have to accept this reality and move on. Evernote has clearly shown disdain for its consumer users and so the search for an alternative is ongoing.

The closest to Evernote has been Microsoft OneNote. OneNote is now free for everyone, getting more polished and feature rich with every update and they are clearly targeting Evernote users. It will definitely take some getting use to but it is a close enough alternative that most users will be extremely satisfied.

Microsoft OneNote works on most platforms, even on an Apple watch. 

In my quest to free my notes, I will be testing Clevernote.io more on that in coming weeks. 

I have gone through the period of grief and have accepted the fact that there is no "perfect" migration tool or strategy. I will lose some functionality and context around my Evernote notes but that's the cost of admission.

We are also seeing new companies pop up and try to fill the new Evernote void. One such startup service is called Bear. 

Bear is a beautiful simple note taking app that reminds me of Evernote's beginnings. It only works on iPhone, iPad and Mac today but who knows what the future will hold. A Bear Pro subscription is $15. 

Conclusion

I don't think the ship has yet sailed for Evernote and they can recapture their glory days if management does the right things but I am doubtful. Many have called Evernote the "broken Unicorn" and I agree. Most companies will stick with the good and trustworthy Microsoft and won't fork over hundreds of thousands a year to Evernote.

And unless Evernote changes course quickly, it will lose its core base of users (those who have been unofficial ambassadors over the years). 

So my recommendation is start the grieving process now and looking at alternatives. 

I've been a Google GMAIL user from the start and get excited when Google releases new features. The sultan of search has increased the inbound attachment limit to 50MB (from 25MB). Outbound attachment size is still capped at 25MB.

This change is rolling out to users and should hit everyone in the next week.

Google announcement here.

Canadians don't have a lot of wireless connectivity choices and this sad reality is reflected in the high prices we pay. I have previously written about Sugar Mobile and their not for everyone mediocre but cheap offering.

Today they have been dealt a blow by the CRTC (read the CRTC ruling here). The CRTC ordered Sugar Mobile to stop using the Rogers network (improperly) within 50 days. 

Obviously Sugar Mobile is disappointed by the ruling and has published this statement on their website.

The Canadian market needs competition to drive innovation and hopefully make the market more competitive. It looks like one option has been taken off the table.

Related Articles:

• Free unlimited video calling when you travel
• KnowRomaing cuts mobile costs when travelling

At Mobile World Congress

KnowRoaming (a Toronto based telecom company) has announced a partnership with global handset producer TCL Communications. 

Three upcoming Alcatel handsets will have the KnowRoaming SoftSim embedded in the phones. This means users will gain access to the global KnowRoaming network (50+ countries) and benefit from reduced roaming rates.

Armenia is a country located in the southern Caucasus region. Christianity is said to have first arrived in Armenia in the year 301 AD, making it one of the oldest Christian nations in the world. The Armenian king Tiridates III was converted to Christianity by St Gregory the Illuminator after being tortured and imprisoned by the king himself. St Gregory is also credited with curing the king of a debilitating illness. Christianity then quickly spread throughout Armenia and became the country's national religion.

Who is Gregory the Illuminator?

Gregory the Illuminator was the man who first introduced Christianity to Armenia. He was also responsible for converting the Armenian king Tiridates III to the Christian faith.

Why did King Tiridates III torture and imprison Gregory the Illuminator?

King Tiridates III tortured and imprisoned Gregory the Illuminator because he was trying to prevent Christianity from spreading throughout Armenia.

How did Gregory the Illuminator convert the Armenian king Tiridates III to Christianity?

Gregory the Illuminator is said to have converted the Armenian king Tiridates III to Christianity after healing him of a debilitating

Branches of Christianity in Armenia

There are two main branches of Christianity in Armenia: the Armenian Apostolic Church and the Catholic Church. The Armenian Apostolic Church is an autocephalous Eastern Christian church that recognizes the authority of the Catholic Church but is not in communion with it. On the other hand, the Catholic Church is in full communion with the Pope and the rest of the Catholic Church.

Christianity has played a significant role in the history and identity of the Armenian people. Armenia was the first country to officially adopt Christianity as its state religion, and the Armenian Apostolic Church has played a central role in the country's history and culture. Christianity has also been a source of strength and comfort for Armenians during times of hardship, such as the Armenian Genocide.

Beliefs of the Armenian Apostolic Church:

• The Bible is the authoritative source of religious teachings.

• There is one God who exists in three persons: the Father, the Son, and the Holy Spirit.

• Jesus Christ is both fully human and fully divine. He was born of a virgin, lived a sinless life, and died on the cross to save humanity from its sins.

• Jesus rose from the dead and ascended into heaven. He will return to judge the living and the dead.

• Humanity is fallen and in need of salvation. Salvation comes through faith in Jesus Christ.

• The church is the body of Christ on earth, consisting of all those who have been saved by grace through faith in Jesus Christ.

• The church is led by bishops, who are successors of the apostles.

• The sacraments are outward signs of inward grace, instituted by Christ, that give us communion with God. There are seven sacraments: baptism, confirmation, Eucharist, penance, anointing of the sick, marriage, and ordination.

• We will experience both physical and spiritual resurrection. At the end of time, Jesus will return in glory to judge the living and the dead, and those who have been saved will spend eternity in heaven with God.

• The Armenian Apostolic Church is in communion with the Catholic Church and the Eastern Orthodox Churches. However, it is not in communion with the Protestant churches.

What are the differences in beliefs between the Catholic and Armenian Apostolic Church?

The main differences in beliefs between the Catholic Church and the Armenian Apostolic Church are as follows:

• The Armenian Apostolic Church does not recognize the authority of the Pope.

• The Armenian Apostolic Church teaches that Jesus Christ is both fully human and fully divine, while the Catholic Church teaches that Jesus Christ is true God and true man.

• The Armenian Apostolic Church does not believe in purgatory, while the Catholic Church does.

• The Armenian Apostolic Church allows for the marriage of priests, while the Catholic Church does not.

• The Armenian Apostolic Church believes that the sacraments are outward signs of inward grace, while the Catholic Church believes that the sacraments are instituted by Christ and confer grace upon those who receive them.

Why is the Armenian Apostolic Church not in communion with the protestant churches?

The Armenian Apostolic Church is not in communion with the protestant churches because of differences in beliefs, such as the following:

• The Armenian Apostolic Church teaches that the Bible is the authoritative source of religious teachings, while many protestant churches teach that the Bible is not the only authority.

• The Armenian Apostolic Church teaches that there is one God who exists in three persons, while many protestant churches teach that there is only one person in the Trinity.

• The Armenian Apostolic Church teaches that humanity is fallen and in need of salvation, while many protestant churches teach that humanity is not fallen and does not need salvation.

• The Armenian Apostolic Church believes in seven sacraments, while many protestant churches do not believe in any sacraments.

• The Armenian Apostolic Church teaches that we will experience both physical and spiritual resurrection, while many protestant churches teach that we will only experience spiritual resurrection.

• The Armenian Apostolic Church teaches that Jesus will return in glory to judge the living and the dead, while many protestant churches teach that Jesus has already returned or will not return.

OpenSignal uses its millions of mobile users to map and test global wireless connectivity and they just released their latest global review summary. The 2 main takeaways are that wireless connectivity speeds are improving globally and users are still leveraging WIFI when available. 

Canada is the only western country to reach 20Mbps wireless speeds, making us the 12th best in the world. Our wireless may be expensive but at least it ranks well for performance. As expected, South Korea has kept its crown as the king of wireless speeds. 

For those wondering, our closest neighbor and friend, the United States of America ranks at the 20th position with a speed of 12.48Mbps. 

Talk to me about WIFI

Canada ranks 4th as it related to time on WIFI. Canadians spend on average ~60% of their time connected to WIFI. Again we rank better than the US at 10% more WIFI time than them. 

Link

I've written about Roam Mobility before:

• Real World testing and Review of the Roam Mobility Service
• Roam Mobility now has US 4G LTE Service
• Roam Mobility Breeze unlocked GSM phone review
• Roam Mobility released new plans
• Comparing T-Mobile's Tourist plan with Roam Mobility
• Roam Mobility offers competitive US roaming for Canadians

Today Roam Mobility is launching new monthly plans that include unlimited talk, text and data. It is a middle of the ground offering between their day plans and their 3-month snowbird ones.

Although these plans were originally designed for Canadian travelers heading to the USA, it is really applicable to anyone going to the US (Europe, Asia, Middle East, etc).

At launch, there are 2 monthly plans (30 day) which both include unlimited talk and text but differ in their data offering:

• 1GB of 4G LTE for $39.95
• 4GB of 4G LTE for $64.95

Once you consume all of your data, you get unlimited 2G data. In my testing, the TMobile LTE network is excellent but their 2G network is so so.

All you need is a non-expired Roam Mobility SIM card and then you can choose these plans on their website.

Why a Canadian should choose Roam Mobility

Telus, Rogers and Bell have all started to offer special Roaming plans ($5-7 per day) where you consume your home monthly plan when in the US. The attractiveness of this plan is the ease of use. You keep your same SIM and number. 

Most Canadians have limited data plans and the risk you run is the overage charges once you've eaten your monthly allocation. With Roam Mobility, you have to switch SIM cards but you are given ample 4G LTE and even if you do bust your cap, you get unlimited 2G connectivity. At least there won't be any $50-100 surprises at the end of the month.

What is my review of Roam Mobility

I have tested almost every conceivable USA travel solution from Roam Mobility, KnowRoaming all the way to buying local SIM cards upon landing. I have found the Roam Mobility solution to be the most robust one I have used.

KnowRoaming provides "unlimited" data for $US8 a day but it is slower 3G. Additionally during my last trip to San Francisco, I couldn't get inbound calling to work and finally gave up after 45 minutes on the phone with their support person. I didn't have my Roam SIM so I was stuck paying the Telus $7 a day fee.

So for USA only travel, I would buy a couple of Roam Mobility cards and use them.

Link to monthly plans page

1 - Random.org

Random.org has been one of my favorite sites for a long time. It uses atmospheric noise to generate its randomness which is much better than the logical pseudo-random generators used by many sites and service.

You choose the password parameters you need and it generates wonderfully random passwords to use with your password manager of choice.

Link

2 - Symantec Identity Safe

Symantec has been a mainstay of the security market since the 90s and they bought a company called PCTools (and its Secure Password Generator). As a PC Tool vendor, they will try to make you download their privacy tools but I wouldn't recommend their password vault.

Use the password generator on the right side of their site to generate high quality complicated passwords with the required complications. As an example, the above complications generated this password for me : dr-cr+wreF5p.

Link

3 - Wolfram Alpha

Wolfram Alpha is a powerful knowledge engine created by the brainiacs behind mathematica, It is a superb tool I use regularly for problem solving but it also generate random passwords. Head over to their knowledge engine and enter Generate Strong Password. Then press the equal sign. 

Then choose the complications you want and press the equal sign again to generate you password.

then it generates your wonderful password

you press on Plaintext and copy it into your favorite website or password manager.

Link

4 - Lastpass password generator

My 2 favourite password managers are Lastpass and 1Password. Both have the capbility to generate strong passwords and you should use that functionality if you have those those. Considering most of Lastpass is now free to use, you really have no excuse.

But Lastpass also offers a web based secure password generator which is clean, easy to use and efficient. 

When you scoll up on that page after choosing your complications, you get a wonderfully generated password of your can click the button and have another one created for you.

5 - GRC Ultra High Security Password Generator

GRC is the home of Gibson Research Corporation. It is owned by Steve Gibson the Grand Poobah of internet security. He found the first spyware and wrote the first anti-spyware app. He is considered one of the most prominent security professionals and makes tones of tools available on his site. 

His site generates perfectly random long complex 64/63 character passwords and he then explains why his passwords are high quality. If you are interested in geeking out, its a wonderful read. 

Link

In an uncertain world where kidnapping for ransom is an all too common occurrence, many hostage negotiators use the no-concession policy. They justify this position by explaining that paying a ransom makes it more likely that the perpetrators will try it again and often times the ransom is used to fund illegal or terrorist organizations.

Although I have seen very little empirical evidence to prove that this no-concesion approach is more desirable than paying the ransom, this mentality was brought into the digital age when cyber-ransoms, cyber-extortions and crypto-malware became prevalent. 

More and more companies though have started to take a different approach and are now prepared to pay ransom in exchange for saving their networks, devices and information. To meet these demands quickly, some companies have started to store bitcoin as a risk mitigation strategy.

Why this change of heart? Many of the most popular well written malware was actually designed to ensure victims could recover their data when the ransom was paid. This attention to detail and solid customer service by the bad guys, means victims are now relatively certain that they will be saved if they pay the ransom. 

Sure paying the ransom means funding organized crime and will likely fuel the next wave of crypto-malware but companies have a duty to protect their organization (rather than take the moral high ground).

This change in mindset is so pronounced that traditional physical K&R (kidnap & ransom) negotiation experts have started to test the cyber-extortion and cyber-ransomware negotiation space. 

True verifiable numbers are hard to find but firms like Recorded Future ( a cyber intelligence company) has stated that it believes the cyber-ransom market has now reached the 1B$ mark. Kaspersky says a company is cyber-attacked every 40 seconds.

Obviously crypto-malware can be counter-acted by proper, regular offline backups but many companies don't start a robust recovery program until it's too late. They either pay the ransom or lose their data. Its that plain and simple.

Right now the advantage is with the attacker. Corporate information security groups have to bat 100% to keep the company safe. This is expensive, time consuming and not always achievable. The attacker just need to infect 1 machine on the network and then can propagate and move laterally from there. 

Companies have started to jump on the Ransomware protection bandwagon. An EDR &"next-generation AV" company called Cybereason offers a free product called RansomFree. They claim it protects against 99% of ransomware by monitoring how applications interact with files on your computer. Did I mention RansomFree is free? I haven't used their product and thus can't recommend it but it does seem to be useful and could really help the average consumer ensure they don't end up getting victimized.

It is clear that this malware is written by extremely skilled and determined threat actors. This isn't code written in somebody's basement but rather a professional extortion company with developers, quality assurance and even customer support to ensure a paying customer is taken care of. 

So the question is will your company prepare by buying and storing bitcoin? If you will, how much should you store? that is the new question.

1 - Buy day-passes online

Most airlines will allow passengers to buy a lounge access day-pass online.

As an example, you can buy a day-pass from Air Canada for access to their own lounge for $25 if you are travelling on a Latitude fare. 

United Airlines offers airport lounge access day-pass for $50 here.

2 - Buy day-passes at the airport

Check directly with your airline. If if your airline doesn't own its own named lounge at the airport, they often have deals with private lounges offering them at competitive prices. As an example, Canadian airline Westjet has partnered with private lounge operators in the various regions it travels (Canada, Europe, Caribbean) to. Westjet offers airport lounge access at very competitive prices.

Some vacation package wholesalers also offer (add-on) lounge access to their customers. As an example, Signature vacations (in Toronto, Vancouver, Edmonton & Winnipeg) sells lounge access to all vacation pass holders. 

3 - Buy access to an independent airport lounge

Some airlines do not offer any type of (direct or indirect) lounge access. Other times companies buy the cheapest ticket they can find which means you may fly 10 different airlines and therefore not gain priority privilege access on any one particular airline. These are the times you may need to buy access to one of the independent lounges. 

If you travel to different airports, you may want to join one of the independent airport lounge access networks like:

• Priority Pass
• Lounge Pass
• Lounge Club

As an example, Priority Pass offers access to 1000 airport lounges worldwide. Priority Pass (sold in Canada) offers 3 levels of membership:

1. Standard($99 a year). Every access will cost $27 for the member or guests.
2. Standard Plus ($249 a year). Member receives 10 annual visits. Additional visits or guests cost $27 each.
3. Prestige ($399 a year). Member receives unlimited lounge access and guests can buy access for $27. 

Some credit cards have standing agreements with these lounge access  wholesalers and allow you to buy access without having to pay an annual membership fee. As an example, Diners Club Canada offers members access to worldwide lounges at affordable prices.

Here is an example of their Canadian airport lounges you can buy access to. Access to a lounge in Toronto is about $US30.

4 - Get a credit card with lounge access

If you travel a lot, it may make sense to use a travel credit card that includes access to airport lounge (either free or a pay per use without requiring an annual membership to a lounge network).

Credit Walk (Canada) has published an interesting article comparing various credit card lounge access programs.

Sleeping in Airports (USA) also has an article about credit cards offering lounge access.

5 - Buy a refundable business class ticket

Some travel forums (e.g. maphappy, boarding area, view from the wing ) recommend that you buy a full price refundable business class ticket for travel the same day as your regular discounted ticket, use the lounge and then refund the ticket. 

I have never used this technique and you should make sure the ticket is still refundable if you use the lounge. I know airlines like United have started implementing lounge access software that will help curb this type of abuse but I know this still works on some airlines. 

6 - Buy lounge access from other passengers

You can sometimes buy lounge access from other travelers on classified type sites at discounted rates (eBay, Craigslist, etc). Make sure you check any restrictions that may apply.

7 - Use a Smartphone App for lounge access

There are travel smartphone apps like Loungebuddy (IOS & Android) . 

Loungebuddy offers on the spot lounge access purchased on your smartphone without requiring an annual subscription.

UPDATED: Microsoft has extended the promo until June 30 2017.

Outlook.com Premium is now out of beta and is being offered at the super affordable price of $US19.95 until March 2017. If you need a custom domain, you can buy one directly from Microsoft for $US10 per year. After the promo, the price will rise to $US49.99

So what do you get?

• Custom domain for five users - You can create personalized email addresses (Outlook premium) for up to 5 people.
• Information sharing - Outlook Premium automatically configures information sharing between all of your user accounts (up to 5) for calendar, contacts and documents. Unlike other services, Microsoft Outlook Premium automatically configures the sharing so it is super simple. We don't know the shared space allocation yet (via OneDrive) but regardless, its a good deal.
• Ad-free inbox - You get a clean ad-free outlook.com experience. This means no graphical ads in outlook.com or onedrive.com.

This offer will expire March 31 2017 so jump on it now. Did I mention you will be renewed at lower rate in the future also? Get the offer here.

The same services on Google's GMAIL would cost $5 per user per month ($60 per year). If you activate all 5 users, it would cost you $300 on GMAIL ($19.99 on Outlook Premium).