Can I consider WhatsApp secure?

A couple of weeks ago, OpenWhisper systems announced that its Signal secure protocol has been imbedded into Facebook's WhatsApp instant messaging application. The question I receive daily is "should I consider my Whatsapp communications protected now?"

Before signal there was OTR

Before using the Signal protocol, it looks like the WhatsApp team evaluated the OTR (off the record protocol). OTR provides encrypted point to Point communication but it requires a real time collaboration of the users (aka both have to be online to secure the transmission) which isn't practical for WhatsApp. So they went fishing for something else and stumbled upon Signal.

The Signal difference

Signal actually created an encryption model using the text messaging approach, where messaging is encrypted but it is asynchronous (both parties don't need to be online simultaneously for it to work).

Although text messaging is simple, the complexity of the encryption is model is high.

The protocol was called axolotl. The salamander it is named for has self healing capabilities and the axolotl protocol also has self healing properties.

To simplify it for mass consumption, the procotol was renamed the Signal protocol and now has open source libraries. Cryptogrsphers have been able to build fully function encryption programs comptible with the consummer Signal apps.

Now powering Whatsapp

The integration is now complete in the latest version of Whatsapp on all platforms.

Users running these versions now get full end to end encryption for every message they send and every Whatsapp call they make. All the benefits of the signal protocol are now built in.

We have confidentiality which means the communication is encrypted.

We have integrity which means message alterations will be detected and fail the verification transaction.

Authentication is possible (which is good) but you need to take extra steps to do so. Keep reading.

Participant consistency is also important but defaults to off (has to be enabled manually).

They also claim to have destination validation, which requires the above 2 to work, so technically it is available and built in.

They have forward secrecy which means a future compromise of a private key will not allow the decryption of past messages.

They have backward secrecy, which means a past compromise of a private key will not compromise future protected communications. Keys are constantly being changed and re-negotiated.

They have message unlinkability, which means messages are independent, asynchronous, can arrive independently or be missing, without affecting the fucntioning or efficiency of the entire system.

Message repudiation is also there, which means the sender can deny sending a message. This works because the receiver can forge a message that looks like it came from the other party. Which means none of the participants can claim (to a 3rd party) that a message originated from the other party with verifiability. All that can be claimed is that the sender or the recipient sent the messages. To most this seems bad but in the world of security, this is a good think.

Simple but complex

We all know Whatsapp is a simple to use product but the actual encryption is very complicated and therefore beyond the scope of this post.

As an example, they create static Diffie Hellman encryption keys. Then they create a set of ephemeral keys. Then they use a triple Diffie Hellman protocol to exchange their ephemeral keys and they use a Diffie Hellman key agreement 3 times to take their private key and the other person's ephemeral public key and create a key agreement.

The other user takes his private key and the other persons Diffie Hellman public key to create a second agreement. Then they take the ephemeral keys and use that with Diffie Hellman to get a third set of keys and they concatenate all of these together to create a master session key.

The ratchet

In an interactive protocol a ratchet is where you evolve a key that you agree upon as you send messages back and forth. You ratchet the key forward.

The problem is that this requires real time communications. The innovation here is that they developed an offline ratchet using a hash. Each time both parties are online at the same time, an online ratchet is performed and resynchronize the offline ratchet hash.

First sessions establishment

In real time communications you can create a shared key in realtime. But how do you do this is an asynchronous model with someone you have never messaged before?

To solve for this issue, when you register your Whatsapp client with the server, your client pre seeds the server with 100 ephemeral public keys and assigns an ID to each. This means someone wanting to send you a message for a new communication stream, picks up one of those keys in order to bootstrap a secure message.

They use this public key and place it back on the server until you are online. When you come online, that blob is sent back to you. Your client will never allow the re-use of that public key (by removing it from the pending ephemeral key list). This one time use prevents certain types of attacks.

Perfect encryption

Knowing that Moxie (from OpenWhisper systems) worked on it and reading all the documentation, it looks like they implemented a perfectly designed asynchronous encrypted messaging system.

The one caveat & other thing

The one major exception is that you cannot be sure who you are talking to (authentication).

Threema, my favourite truly perfect encrypted and private messaging system, solves this by only guaranteeing authentication when you physically scan the QR code of the other participant's public key.

To solve this, Whatsapp provide a (per communication thread) QR code or 60 decimal digit user verification code. This code contains both parties encryption keys.

So the problem is you need to perform this verification at least once per conversation thread. This guarantees there is no middleman. Where you can't visually exchange codes, you can read the 60 digit code to each other. If the codes are different, it means there is a man in the middle.

For some reason if the codes change, you are not automatically notified. But under account security, you can enable this notification.

Go to Settings, then Account, then Security, and ensble the switch

Everyone needs to turn this on (participant consistency). The only time a code should should change during a conversation is if the other party installs the app on a new device (or a reset device), in which case you will already likely know and can disregard the alert.

I also want to remind readers that although the messages themselves are encrypted, there is still metadata. There is no technological way to communicate without leaving a trail of metadata today. Metadata is data about your data : such as who you communicate with, how often and how much data you exchange with each other.

Whatsapp is not open source

Many security researchers dislike closed source security applications because there is no way to independently validate the implantation (aka. Know for sure that no one has implemented a back-door or injected malicious code.)

Technology is only as good as its implementation and although the encryption math is perfect, applications rarely are. At some point we have to put our crazy hats down and trust that companies are tying to do the right thing for their users.

Conclusion

Facebook has done a very good job and with the flip of a switch, they have gifted 1B people with easy to use and powerful encryption. I still love Threema because it has better authentication but the truth is none of my contacts use it.

I am excited that more people will be brought into the wonderful world of encryption and have their discussions protected.

Users have a love or hate relationship with loyalty programs. You either love them, because they deliver amazing value, or hate them because you think they’re a worthless scam.

A 2014 McKinsey report showed that companies with loyalty programs (55 publicly traded North American & European companies were surveyed) had the same or less growth than those that had no loyalty programs : 4.4 vs 5.5% per year since 2012. Companies with strong visible loyalty programs seemed to also have EDITDA margins 10% less than companies without loyalty programs in the same sector.

On the flip side, companies with strong and vibrant loyalty programs seemed to have better market capitalization. In fact over a 5 year period, companies with loyalty programs outpaced those without. This may stem from the hope that these loyalty programs will help those organizations drive long-term growth.

The future of loyalty is upon us

No the future of loyalty points isn’t bitcoin, but rather the technology that allows bitcoin to work: the blockchain.

The easiest way to think about these 2 parts is that the blockchain is the operating system and bitcoin is simply one application running on that operating system.

What is the blockchain?

The blockchain is a public ledger that records every legitimate transaction permanently. Once recorded, the record cannot be altered, deleted or changed. Blockchain uses a distributed consensus model, which means no one person, government, group or organization can force changes onto it.

The blockchain is what allows complete strangers who have never met and will probably never meet to conduct a trust-based exchange completely transparently without having to trust each other and without having to go through a central trusted third party (government, bank, notary, lawyer, etc.)

The other characteristic of the blockchain is that it can enable trust-based transaction while maintaining total privacy and anonymity. It can but it doesn’t have to. It all comes down to how it is used.

The blockchain is moving beyond Bitcoin

Until recently, no conversation about the blockchain was possible without talking about bitcoin. People often confused one for the other, but this is changing. Large financial companies are evaluating use of the blockchain to simplify cross-border transactions while improving trust and reducing costs.

If someone is able to marry absolute verified identity to blockchain technology then we could even see very old school lawyer based (expensive) processes move to this medium and become much cheaper and digitally fast (think of marriage, voting, buying/selling of property, etc.).

I believe that in the next 5-10 years the blockchain will become the holder of digital truth, it will completely change many traditional business processes and will provide a level of digital truth that is unmatched even in the real world.

What does bitccoin have to do with loyalty?

Gift cards moving to blockchain because of fraud

The National Retail Foundation says that gift cards have been the number one requested gift for 8 years in a row. CEB TowerGroup say 125 billion dollars have been loaded onto gift cards in 2014.

Like all items of great value, there are bad people out to steal and the industry is constantly challenged with fraud. Until the recipient uses the card, anyone in the chain can steal money from it by copying the unique identification number (processor, distributor, retailer, giver).

How bad is fraud? the National Retail Foundation says 78% of retailers have been victims of gift card fraud.

Benefits of the blockchain for gift cards

Using blockchain technology could eliminate gift card fraud or theft. Each transaction is given a unique identifier, which means someone can’t use the incoming gift card identifier to spend the money. It also means the receiver can verify that the transaction is authentic and that no one else has used the received gift card, since everything is recorded in the blockchain. Once the blockchain powered gift card is stored in a digital wallet, the only person that can spend it is the true owner of the wallet since all transactions are protected by an owner-known private key. The blockchain would prevent “double spending” of a card so a fraudulent bad actor can’t sell a used gift card to an unsuspecting victim.

What’s the motivator for brands and companies

In addition to helping curb fraud, it is also much cheaper to perform a blockchain based transaction (typically about 1 penny). This includes the full life cycle of a transaction from issues, transfer to use. Compare this to most modern plastic card-based systems that cost about $1.50 per transaction.

Blockchain gift cards and the user experience

The technology may be advanced and the protection fantastic but the experience can be simple. Companies have started using bitcoin and blockchain in the back end to improve security while being completely transparent to the end users. The user receives a card and uses it as normal.

Back to Loyalty Programs

If I have airline miles, but would rather trade them for coffee loyalty points, I have to go through one of the traditional trading platforms. These platforms have preset transfer amounts and take a huge cut of the transaction.

In a world where loyalty points are digitally held in a blockchain backed system, I see the rise of highly competitive, open and transparent marketplaces where customers could trade or sell these loyalty points using an open market (supply and demand) system.

The traditional loyalty points systems will be converted to merchant issued currencies. Instead of issuing Aeroplan miles for every mile flown, Air Canada could issue Air Canada cryptocurrency that a traveller could then use to buy upgrades, tickets, amenities, on board goodies, etc. Once we move to this model, these different branded cryptocurrencies could be traded like any other currency. I could trade Tim Hortons cryptocurrency for Air Canada cryptocurrency at a fair market rate.

Trading the branded cryptocurrencies

Trading various branded cryptocurrencies in a fair, open and transparent market means everyone will see the real time value of the branded cryptocurrencies they hold.

It could be used as a market measurement of trust in a company. If the market believes that XYZ airline may go under, then its branded cryptocurrency may be severely discounted, whereas a trusted brand’s cryptocurrency may be much more expensive and used as the “gold standard” for value measurement.

Instead of wasting money on expensive consultants to conduct brand valuation, companies could look at the fair market trading value of their cryptocurrency. The company can then use this as a means of measuring its marketing or PR investments.

How it benefits the customer

Branded cryptocurrencies become a fraud-resistant, immediately tradable commodity. This means I can sell the thing I don’t want and get more of what I want immediately.

In the traditional loyalty model, I conduct a transaction with a merchant (e.g. Fly on Air Canada) but only receive my loyalty rewards in the future (could be days, weeks or months later). In the branded cryptocurrency world, I would receive my “points” immediately when I check into my flight at the gate and can then use this currency to buy goodies on the flight. If I stay in a hotel, I could use their cryptocurrency immediately in the hotel restaurant. This means customers are incentivized to use points faster then and there. It’s better for the customer. It’s better for the merchant. It’s better for the brand.

Financial benefits to companies issuing branded cryptocurrrencies

When a loyalty point is issued, it becomes a liability on the books for that company. Some new entrants are claiming that branded cryptocurrency may change this.

The founders of Ribbit.me claim that if a company issues branded cryptocurrency on the blockchain using an algorithm, it creates an asset for the receiver without a countervailing liability for the issuer because the liability lies with the blockchain itself. If this turns out to be true (and only time will tell if governments will approve this), then companies will be able to take millions of dollars of liabilities off their books.

Conclusion

I believe the market will force companies to adopt this new model, and it will be a significant shift for many.

Ultimately it will democratize the world of loyalty programs and be better for every participant involved.

• It will improve trust
• Completely get rid of fraud
• Drive down transaction costs
• Force companies to be responsive
• Create a fair trading open and transparent marketplace that would allow customers to have more of what they want and divest from things they don’t

  <img src="https://ekiledjian2.micro.blog/uploads/2025/1d92c3ad4c.jpg" alt="">

  <img src="https://ekiledjian2.micro.blog/uploads/2025/a681f7a25a.jpg" alt="">

  <img src="https://ekiledjian2.micro.blog/uploads/2025/08c550585c.jpg" alt="">

[caption id="" align=“alignnone” width=“5397”] Image by US department of agriculture used under creative commons license [/caption]

Communication isn’t only about carefully crafted words. Negotiations aren’t about arguments and leverage. A good experienced negotiator will marry strong arguments & leverage to carefully practised body language.

There have been dozens of studies and research papers on the power of body language during negotiations. An MIT one measured a negotiator’s ability to convince a jury (body language was accurately measured using a body worn device). It turns out that the right body language can significantly improve the negotiators chances of closing a deal (or convincing a jury in this case). The key takeaways were standing upright, facing the jury and speaking in a lower tone.

So clearly there is something to this body language mumbo-jumbo and it is worth studying and practising. To get you started, here are some tips:

• While your partner is talking, don’t look down, shuffle papers or mentally start thinking about your next argument. Actively listen to what your partner is saying. Show genuine interest.
• Try to measure your partner’s general modality and body responses. How do they typically sit. How do they talk (modality). How much eye contact do they typically make. How much do they move around. Do your homework and prepare. Know the baseline body language cues of your partner and you will be able to spot variations. You can also use this information to mirror them and more easily build rapport.
• Look for gesture clusters. Some movements are nothing too complex but sometimes a person will exhibit a series of body gestures together that happen during specific situations. As an example, maybe your partner crosses his arms regularly and you shouldn’t read too much into this. But if he crosses his arms, taps his foot and does XYZ then it means ABC. Look for these cluster gestures, try to figure out what they mean and record it for future negotiations.
• Last but not least, feet. Look at the feet. They can show impatience, boredom, etc. If you want to come across as strong and trustworthy, feet your feet still.

A true leader captivates the attention of his audience almost immediately and hold it without fail. Certainly being self-confident and a good wordsmith are important but the reality is that body language plays a much more important role.

When you walk in front of an audience, most have already made up their minds about you before you utter your first word. This isn’t magic but basic physiology. This non-verbal communication is a combination of many factors including your posture, tone, facial expression, eye contract, arm and hand movements and more.

Study after study have confirmed that we evaluate a person’s credibility, likeability or trustworthiness within seconds of meeting them.

This primal evaluation comes from the brain’s limbic system. These are the structures that are responsible for memory and emotions. It is our brain’s first response system. As soon as it receives information, it determines whether there is a threat. It’s automatic and almost immediate.

Most of us don’t live with the constant treat of tiger attacks but this basic human system is still alive and well.

Another interesting fact is that body language interpretation seems to be uniformly coherent across different cultures. Basic emotions (fear, anger, etc.) are the same everywhere.

I have been in hundreds of meetings where participants have crossed their arms. Regardless of the reason why, this is seen as a primal sin in body language interpretation. It comes across as cold and unwelcoming. So what is the opposite? Use an open body stance. - This means face your speaker. Don’t sit diagonally from them. Don’t swing your chair back into a semi-sleeping position. Don’t talk to them over your shoulder. - Synchronize your body movements with the other person. If the person is leaning slightly towards the table, do the same. This is often called mirroring. - Nod occasionally to show you are following the conversation (don’t just sit there like a tree stump). - Smile sometimes if acceptable - Sit with your legs and arms uncrossed. - Don’t fidget (including your feet), bite your nails or wipe your forehead.

So a good leader must be authoritative and confidence inspiring. Maintain good posture. Speak at a comfortable pace and pronounce your words clearly. Keep your eyes (comfortably) focused on the other person.

In an increasingly connected world, even the smallest companies can afford video conferencing services which means there will be more and more opportunities for people to judge you based on your body language.

The best tip I can give you is to practice speaches and presentation in front of a mirror, a friend or to record it. You may have ticks or habits that aren’t immediately apparent to you. Practice, learn, practice, learn & repeat.

[caption id="" align=“alignnone” width=“1090”] Image by Becky Wetherington  used under creative commons license [/caption]

Last minute work on school assignments was the norm for most university students. They wait until the last minute then “pull an all-nighter”.

Many feel that this pressure to deliver makes them work better but recent scientific evidence shows that this may actually be completely false.

It seems pressure may actually stifle innovation and creativity. It pushes you down a conventional path.

Some of the most successfully entrepreneurs are people that have learned to deal with pressure. Even when carrying the weight of the world, they are cool, calm and in control.

Be mindful

Any yogi or meditator will extort the virtues of living “in the moment”.

Think about the last time you were waiting in the lobby to be interviewed for a job. In this particular situation, most people feel stressed. They feel fear. They feel eager. Their body reacts to this stress by releasing cortisol. They may sweat a little and even have some nervous ticks.

None of these is ideal for creativity. You are rarely putting your best foot forward in these stressful situations.

But remember that the stress you feel isn’t because of something that is happening then and there (in the moment). It is because you are worried about what you think may happen.

If you are able to be “in the moment”, then you will release the stress and shine like the star you are meant to be.

The research

Professor Teresa Amabile (from Harvard Business School) conducted research into creativity in the workplace and discovered that employees under pressure almost never performed optimally when completing tasks. Funny enough many thought they were optimally creative but measurably they were not.

Rear my article Monotasking is the new productivity hack

Read my article How to set personal goals, which talks about starting with the end in mind.

Stress Physiology

Epinephrine and norepinephrine are stress hormones produced when you feel stressed. It is the physiological response know as flight or fight. These hormones help you move faster during emergencies.

The other hormone produced during excessive stress is cortisol. Psychology Today called Cortisol The Stress Hormone public enemy No 1

Excess cortisol in your system can lead to a host of health issues including weight gain, osteoporosis, digestive problems, cancer and much more (1, 2, 3.

In addition to wreaking havoc on your body, it can have devastating effects on your mind.

Stress creates free radicals

Cortisol creates a surplus of the neurotransmitter glutamate. Glutamate in turn creates free radicals that attack brain cells (similar to how rust affects metal).

Stress makes you forgetful and emotional

One of the early symptoms of stress is becoming forgetful and emotional.

Studies show that stress causes a reduction in brain electrical activity associated with memories and an increase in activity associated with emotions.

Stress negatively impacts intelligence

I wrote about stress on creativity and stress makes your brain seize up. Think about our primitive ancestors and how they reacted when being chased by a lion. The fight or flight response means your physical characteristics are improved, your reactions are improved but your reasoning and logic suffer. After all you don’t need deep critical thinking when running to save your life.

How can you handle pressure?

First thing first, remember that regardless of how important you think your job is, you aren’t performing brain surgery. Our job is important to us but it isn’t critical to the survival of all humans so chill. Take it easy on yourself.

When feeling stressed about an upcoming situation, ask yourself, “whats the worst that can happen? Then realize that things aren’t actually that bad and relax.

Olympic athletes spend as much time mentally preparing as they do physically. They mentally perform their duties over and over to ensure they are relaxed when they need to perform. It becomes automatic and routine. If you are heading into an interview and you know you will be stressed, prepare and practise.

The second tip is to mentally practice over and over. Make sure you know what the ideal final result looks like and focus on that.

I ran the information security team for a large multinational manufacturer that was regularly attacked. By constantly practising the incident handling processes, our handlers were calmer and more confident when the real thing did happen.

Confidence is the third technique I want to share.

Having confidence in yourself will usually lead to less stress and increased productivity.

When handling an incident, it is easy to get overwhelmed. You are dealing with a skilled adversary out to get you. They are technically strong, well funded and extremely motivated. It is easy to get overwhelmed and freeze up. But I always tell my people to be optimistic. Regardless of how bad it may seem in that moment, I truly believed that things would get better. And my ensuring my team believed in that as well, it makes the process easier to manage and made my people more productive and efficient.

Optimism is the fourth technique.

[caption id="" align=“alignnone” width=“2667”] Image by EFF Photos  used under Creative Commons License [/caption]

[caption id="" align=“alignnone” width=“2592”] Image by Antony Stanley  used under creative commons license [/caption]

Frequent and infrequent travellers usually are confused about what food products they are legally allowed to bring back. Since many of my readers are American, I will write about USA regulations.

Americans coming back home with food

It is important to ensure you comply with these import control rules as breaking them can be punished with a slap on the wrist of a very severe high cost fine. The US CBP website says >“Failure to declare food products can result in up to $10,000 >in fines and penalties.”

You should checkout the special US Customs and Border Protection webpage entitled Travellers bringing food into the U.S. for personal use

The (partial) list of acceptable imports : - Condiments such as ketchup (catsup), mustard, mayonnaise, Marmite and Vegemite and prepared sauces that do not contain meat products

• Olive oil and other vegetable oils

• Bread, cookies, crackers, cakes, granola bars, cereal and other baked and processed products

• Candy and chocolate

• Cheese- Solid cheese (hard or semi-soft, that does not contain meat); butter, butter oil, and cultured milk products such as yogurt and sour cream are not restricted. Feta cheese, Brie, Camembert, cheese in brine, Mozzarella and Buffalo Mozzarella are permissible (USDA Animal Product Manual, Table 3-14-6). Cheese in liquid (such as cottage cheese or ricotta cheese) and cheese that pours like heavy cream are not admissible from countries affected by foot-and-mouth disease (FMD). Cheese containing meat is not admissible depending on the country of origin.

• Canned goods and goods in vacuum packed jars (other than those containing meat or poultry products) for your personal use

• Fish- personal amounts of fish, shrimp, abalone and other seafood are allowed and can be fresh, frozen, dried, smoked, canned or cooked

• Dried Fruit- things like apricots, barberry, currants, dates, figs, gooseberries, peaches, prunes, raisins, tomatillos, and zereshk (USDA Miscellaneous and Processed Products Manual, Table 3-69)

• Liquid milk and milk products intended for use by infants or very young children are admissible if in a reasonable amount or small quantity for several days' use.

Note: Milk and milk products from goats must be accompanied by a USDA import permit if from regions classified as affected with foot-and-mouth disease (FMD) or Rinderpest.

• Powder drinks sealed in original containers with ingredients listed in English. However, admissibility is still under the discretion of the Customs and Border Protection (CBP) Agricultural Specialist.

• Juices- commercially canned (USDA Miscellaneous and Processed Products Manual, Table 3-75)

• Tea- commercially packaged and ready to be boiled, steeped or microwaved in liquid. Coca, barberry and loose citrus leaves are prohibited (USDA Miscellaneous and Processed Products Manual, Table 3-148)

• Coffee- roasted or unroasted if there is no pulp attached. (USDA Miscellaneous and Processed Products Manual, Table 3-48)

• Spices- most dried spices are allowed except for orange, lemon, lime and other citrus leaves and seeds, lemongrass, and many vegetables and fruit seeds

• Honey- comb honey, royal jelly, bee bread, or propolis if it is not intended to be fed to bees (USDA Miscellaneous and Processed Products Manual, Table 3-100)

Canadians coming back home with food

If you are a Canadian travelling back home, you have a similar webpage from the Canadian Food Inspection Agency called What can I bring Into Canada in terms of food, plant, animal and related products?. The webpage is comprehensive and worth taking a look. This webpage is also important for Canadians that want to shop for food in the US and bring it back to Canada for consumption.

  <img src="https://ekiledjian2.micro.blog/uploads/2025/88cf7c9e7d.jpg" alt="">

[caption id="" align=“alignnone” width=“3330”] Image by Manoj Vasanth  used under creative commons license [/caption]

The Paris Terror attacks were a stark reminder that the world is a dangerous place. It is now and has always been but this should prevent you from exploring this great big beautiful world of ours.

There are tips to stay safe, of course, and one of those is to “Be Prepared”. In my previous blog post, Travel tips when travelling alone, I talk about doing your homework but it’s important enough for me to re-mention it here again.

Many government websites list travel advisories but also provide important information about the countries you will be visiting. As an example some Asian countries have this nasty tradition of convincing young male travellers to visit certain bars where they end up paying 10–20 times normal prices for drinks (and these are pay up or else type shady places).

If you are American, you want to consult all the information the state department has for your destination. In addition to that site, visit the US embassy webpage for that location (if it exists).

Regardless of your country of citizenship, it is also a good idea to checkout the foreign ministry information pages produces by other countries such as: - UK Foreign and CommonWealth Office

• US Center for Disease Control and Prevention Travel Webpage

• Public Health Agency of Canada Travel website

• Government of Canada travel country advisories

"Chance favours the prepared."

As many of you gear up for holiday travel, you may have the lingering concern of losing your luggage. Most airlines will credit you a couple of hundred dollars for a lost and unrecoverable bag, but this rarely covers the actual cost of the contents. You can also buy insurance but that doesn’t help when you are standing around the carousel waiting to start your vacation and your luggage never shows up.

Do bags really get lost?

SITA’s baggage report 2015 provides some interesting industry information. Passenger numbers rose 5.5% from 2013 to 2014. The Passengers Without Bags (PaWoB) statistic rose to 7.3 bags per thousand passengers (previous year was 6.96).

The statistic is more worrisome than some realize.

The low-tech solution

There are many high-tech solutions (think GPS trackers) but these are techniques you have to perform to locate your bag. A less high tech but very effective product is Trace Me.

Trace Me is a plastified card with a unique identifying bar code. You register this code online. When an airport staff scan it (or law enforcement, baggage handlers, etc.), you are notified via text message letting you know where it was scanned . It also tells the scanning agent whom the bag belongs to. Then the airline performs its delivery magic to reunite you with your “stuff”.

Who is SITA and How does this work?

SITA is a Geneva-based airline technology provider. Trace Me uses their WorldTracer global bag-tracing and matching system.

WorldTracer was developed by SITA in co-operation with IATA and is a global lost and found system for luggage. WorldTracer is used at 2,800 airports worldwide so Trace Me will work in most airports worldwide.

WorldTracer stores your tracking information in their database and is a member of the Worldtracer system. As soon as any WorldTracer user scans the unique bar code, they are presented with your information and Trace Me knows your luggage was scanned (when, where and by which entity).

Where can I buy it

If you search the web, there are a handful of online retailers that sell it. The most popular one seems to be TravelSmiths at a cost of $19.

In an effort to meet departure times, some airlines (worldwide) seem to have adopted an earlier than printed (on the boarding pass) boarding start process. This doesn’t seem to be happening at every airport with every airline but I have been hearing about this more and more from readers, airline employees and frequent flyer contacts.

This means that if you aren’t there a bit early, you may not board the plane early enough to get space in the coveted overhead bin. This is even more problematic for frequent flyers with special boarding privileges that may not be aware and get stuck having to gate check their carry-on bags.

The moral or the story is to show up to your gate at least 20 minutes before the printed boarding time on your boarding pass.

  <img src="https://ekiledjian2.micro.blog/uploads/2025/9b80b01865.jpg" alt="">

  <img src="https://ekiledjian2.micro.blog/uploads/2025/7f47695e52.jpg" alt="">

  <img src="https://ekiledjian2.micro.blog/uploads/2025/1bac97b973.jpg" alt="">

[caption id="" align=“alignnone” width=“3181”] Image by Jacob Bøtter  used under Creative Commons License [/caption]

We live in hectic times. For most of us, there will always be more work than hours in a day and we need to find some mechanism to prioritize work and stay sane.

There are hundreds of books on time management (my personal preference is the Getting Things Done methodology by David Allen).

Regardless of your chosen time management framework, there is an important time management principle called the 80/20 principle. This principle applies to work and life. It shows how effort and effort value are not balanced.

Remember student life

Most students know that they spend only the last few days ,before the finals, cramming and getting ready. Most often this yield’s the desired grade and you move on. This means that the little sprint at the end yielded the desired result. You could have studied religious every week for the entire semester and you probably would have achieved the same or very similar level of performance.

Business profits

In most businesses, 20% of the products/services yield 80% of the profits.

The 80/20 rule

The rule is that (roughly) 80% of the desired results will be generated by 20% of the effort.

Typically a small number of decisions/work effort result in the biggest gains for the organization.

The purpose of this framework isn’t to argue an exact split. Most people call it the 80/20 rule but the actual split can be 70/30 or 99/1.

The imbalance is everywhere even in linguistics

Imbalance is everywhere. You deal with it daily without realizing it. Sir Isaac Pitman discovered that 700 of the most common English language words make up 2/3 of every conversation. By extending the definition to include derivatives of those words, the ratio becomes almost 80%.

How it applies to your work

If we assume that this phenomenon is real and then apply it to your work, it means 80% of your time is spent on activities that generate very little return or value.

Think of all the activities you participate in today (or you cause to happen if you are the boss) that steal valuable productivity such as meetings, reports, etc.

My accepting this simple fact as valid, you can start asking yourself which of your calendar bookings are likely a waste of your time (aka they generate the least amount of value).

Large fast food chains try to iron out inefficiencies through carefully analyzed time and motion studies. You can do the same quickly by just thinking about value and trying to optimize your time.

Look at your company profits

List all of your company products/services and rank them by profits generated. You will likely find that 20% of your products/services generate the bulk (maybe 80% or so) of your profits.

By knowing this, you can prioritize these in the short term and ensure your teams are maximizing value by pushing and investing in these lines. It is also a chance to perform some risk assessment and determine what risks exist for these products and how you can react.

You may even decide to cut down on your less valuable products/services this reducing corporate complexity and overhead. In some cases making you a more nimble and reactive organization. In study after study, we see that the least complex organizations typically perform the best.

A tool when negotiating

When preparing to negotiate, each side will produce a list of desired outcomes. If you prepare your list by keeping the 80/20 rule in mind, you will be able to narrowly focus on what really matters to your organization. This narrower list also gives you more room to manoeuver because you can concede on some of the less important elements.

A tool when targeting customers

By knowing which 20% of customers generate 80% of your profits, you can concentrate your marketing dollars more intelligently. You can also ensure that you provide incredible customer service for these important customers and make them feel special.

The 80/20 rule in life

This rule also applies to your personal life. It means that some personal relationships are more important (more rewarding) than others. A simple way of looking at this is that 20% of your friends generate 80% of friendship value (joy, support, etc.).

When applied to friends, it is less mathematical and more introspectual but is a fantastic exercise. Are you spending your time with the people giving the most back to you?

I recommend everyone plan a couple of days every 6 months to sit and perform some deep introspection. This is a valuable time when you can decide where you want to be in 5/10/20 years. It gives you a chance to take a snapshot of your as-is situation and determine if you are where you thought you would be by now. Now add to this the 80/20 rule. 20% of actions delivery 80% of your life satisfaction. Figure out the “stuff” that is less valuable and try to change it. If work is not contributing to your overall life satisfaction then make a plan to change it. If your relationship with your partner isn’t contributing to your overall life satisfaction then make a remediation plan (counselling, honest discussions, or in extreme cases separation).

Remember that 80% of your life satisfaction comes from 20% of your activities. Try to waste less time with the other 80% of your time by replacing it with better more rewarding “things”.

The 80/20 rule in time management

Many executives I have worked with typically run after the work that is the loudest or seems the most urgent. In Getting Things Done, you learn to capture all open loops (commitments of work not yet completed) and then use this list to prioritize your work for the upcoming days, weeks and months.

If you apply 80/20 thinking to GTD, you will highlight the activities that actually generate the most “bang for your buck” and push everything else down the list.

Conclusion

This is a very simple concept to understand but much harder to implement. It is powerful because of its simplicity and it has proven to work over and over. Trust in its power and use it.

In addition to Information Security, I have negotiated hundreds of contracts over the last 20 years totalling in the billions of dollars.

There are many schools teaching different “techniques” but the worst of the worst are those that have a win/lose strategy. These dinosaurs negotiations models believe in “winning at all costs” and are very easy to spot in the wild.

Techniques of the stupid negotiator

The win/lose strategy negotiators are the stupidest of the bunch. As previously mentioned, the techniques are easy to spot and I wanted to share some of them with you here:

• lowballing They typically start the negotiations with unreasonably low bids and then never make significant concessions. They make small insignificant moves. Any flexibility on your part is seen as a sign of weakness and will fuel their “cheapness”.

• no authority negotiators They typically send low-level henchmen into the negotiations and do not give them any authority to make concessions. This means every request has to be sent back to the home base for analysis making the process painfully slow.

• Emotional attacks They typically see emotions as a weakness and will use it against you. This means they may try to bully you. Walk out of the talks at various points in the negotiations infuriated by something you requested. In extreme cases they may use someone of the opposite sex who will break down (often crying) during the negotiations to “win” the negotiations.

Now that you know some of their tactics, you will quickly realize you are negotiating with the “stupid” negotiator and typically you may want to simply walk away and find other options. If other options are not available, ensure you clearly set your negotiation parameters ahead of time (minimum price, volume, important terms, etc.) and ensure you stick to them. Don’t allow yourself to be played.

There is no pie

In this 1980’s style of negotiation (the stupid win/lose style), participants believe that there is a finite amount of pie and that you must fight to win the biggest piece.

The problem is that with this style of negotiations, both parties typically end up with sub-optimal results regardless of who actually “won” the negotiations.

Modern negotiations

The modern negotiator understands that the best outcome is a win/win scenario where the needs of each party are met as much as possible. A good healthy negotiation means everyone wins and everyone is optimally satisfied.

Let’s say you need to acquire outsource IT services and you manage to beat a vendor over the head and “convince” them to accept an unreasonably low rate. You may think you won because you got a “good price” but the reality the vendor will now do everything to cut corners to control costs. This means they will spend all their energy cutting, negotiating and arguing instead of figuring out how to help optimize service delivery.

The secret to modern negotiation

There is one undeniable secret weapon in the modern negotiators arsenal : trust. Without trust, there cannot be a win/win negotiation.

This means that even before you start “negotiating”, it is important to build a relationship with the other party. Spend the time to learn about each participants goals and needs. Figure out what brings them to the table and what the ideal outcome would be for them. You need to trust them and they need to trust you.

Let’s get back to stupid

I want to share with you some of the most used techniques by these badly trained old age stupid negotiators. My hope is by knowing their techniques, you will be better able to react and ultimately win.

Power of the negotiator

Every participant has different sources of power available to them during the negotiation.

In your office life, when negotiating with your boss, he/she has the power to reward or punish you. But often the levers of power are much more subtle and not always known (there is rarely perfect information).

Power can come from desperation, power of precedents (knowing someone else that got a specific deal), power of expertise, power of credentials, etc.

The message here is that you should ensure you have prepared all possible power sources. Additionally it is important to remember that power is perceived power and not absolute. You may think you are entitled to the same deal as another similar company (power of precedents) but may not realize they bought twice as much as you or that they brought another deal to the table.

Get the other party to invest

Every economics student learns about the concept of sunk costs. Wikipedia defines it as “In economics and business decision-making, a sunk cost is a cost that has already been incurred and cannot be recovered.” In Economics 101 we learn that sunk costs should not impact our analysis of continuing or killing a project.

Unprepared investors often make this mistake. They sink thousands into a stock whose price keeps dropping. Instead of limiting their losses and “getting out”, they keep adding to their losing position hoping it will turn around. They are using the sunk cost (all the investments up to this point) as a major deciding factor, whereas they should make a clear analytical decision on the chances the stock will actually appreciate from this point on regardless of these sunk costs.

One technique is to get the other party to invest heavily in the negotiations process. When buying a car, this could be “forcing” the sales rep to show you every car in the dealership, then test drive everyone, give you a detailed walk-through of every car, etc. When you finally are ready to make a decision a couple of days later, he will likely bend over backwards because of all the time he has already invested.

In a corporate environment, if you extend the negotiation process and the sales team has flown in from out of town, they may be more inclined to be “flexible” because they don’t want to walk away empty-handed.

This means that before you start the negotiations, you have an honest discussion with all stakeholders in your company and you agree on a common set of goals before ever walking into that boardroom. Know exactly what you want, what you are willing to invest, what you are willing to concede and agree that you will walk away if those conditions can’t be met.

Chance favours the prepared

The negotiation process starts much earlier than your first face to face meeting. Know the situation of your counterpart (aka do your homework). The more you know the better the outcome will be.

When negotiating a salary increase with your boss, the negotiation starts much earlier than the meeting where you ask for more money. It starts weeks before where you try to determine next year’s budget. You try to figure out how the company is doing and how that performance will exert pressure (if any) on your boss. You should check out the salary range for others doing your job in similar companies. You should figure out when your boss is more likely to be “happy and agreeable”. etc.. etc.. etc…

In a corporate negotiation scenario, some of this information collection may happen during the formal meetings. You should determine how much information you are willing to divulge, at what rate, when, how and to whom. Typically the counter-party will divulge some information but will then expect you to reciprocate accordingly. Are you willing to play ball? Make sure you determine this with your team before the counter-party ever shows up.

Time may be your friend

Any deadlines your counter-party may have could be used as an advantage. If you are negotiating with a supplier and know their end of quarter/end of year is in 2 weeks, but you have no such deadline, you come from a position of power. They may be willing to negotiate much more to ensure a deal closes within that window.

On the other hand, you may have a subscription licence with a fixed expiry date for a product critical to your business. If you wait too long and negotiate too close to that deadline, the OEM may not be flexible because they know you are working against the clock. And because time is tight, they may also assume alternatives are out of the question.

If you are working against a fixed deadline, start the negotiation as early as possible to ensure you are not bullied into a bad deal. If possible, prepare a plan B (alternative solution) that can be implemented if a reasonable deal cannot be reached. If the alternative is reasonable then the counter-party loses their position of authority and will likely be fairer.

Make it personal

Good negotiators know that making it personal generally helps your cause. Making it personal means being friendly and likeable. Make sure the counter-party sees you as human and not a big unfriendly grey corporation.

In extreme American jury based court cases, defendants have been declared not guilty, even though there is enough evidence to clearly assign blame. In these cases the jury sometimes sees the prosecutor as arrogant, mean, vindictive and “on a mission”.

Don’t be a prick. Always be kind and caring. Remain cool, calm and in control.

Whether I’m coaching a junior fresh out of school or a seasoned executive with 30 years of experience, almost everyone tells me they are overloaded and that their personal life is suffering.

We have been raised to separate (or try to at least) our work and personal lives. After all, they are very separate things.

Right? WRONG!

A good example is improving your health. Improving your health means eating better and exercising more but it also means reducing stress. So to holistically improve your health, your plan must include both personal actions and work time related actions.

Kanban

My last employer was large multinational manufacturing organization that benefitted greatly from the concepts of Kanban and Lean manufacturing.

Next time you walk into your local supermarket, look at the fresh produce section. How many products do they carry? The larger stores carry an impressive amount but they typically only carry products that they know will sell. Produce also has limited shelf life, so this means they order their products as close to the sale date as possible (predicting demand).

A key concept in Kanban is Just In Time ordering and manufacturing. Toyota, the creator or Kanban, used this Just in Time system to cut inventory costs and optimize the workflow, they set up visual board showing the assembly flow for the entire factory. If you walked into my last employer’s manufacturing site, every employee knew what would be worked on that day, how fast they would have to work and any potential issues that have been logged in the last 30/60 days. This visual information allowed the employees to work knowing what was coming and therefore made them more productive.

Kanban in your personal life

You are a person, so how does this apply? Regardless of your time management strategy of choice (mine is Getting Things Done), you need to “capture all of your open loops” and place them in a trusted system.

Related articles - The four truths about Getting Things Done (GTD)

• The Getting Things Done (GTD) Weekly Review Process

• The Getting Things Done Workflow (GTD)

• Getting Things Done may be the most important business skill

• How do I start using GTD?

By capturing everything you have committed to doing but haven’t already completed, you create a visual dashboard of everything in the “pipeline” and at the same time you benefit from clearing your mind.

Just In Time manufacturing in your personal life also means that you keep your actual “today workflow” (or Work In Progress tasks) to a bare minimum. There is no use trying to finish 24 things at the same time. By properly managing your to do list and then prioritizing appropriately, you are able to spend your time on the handful of most valuable activities.

Setting up your personal system

The main concept in Kanban is making the work visual. Anyone that has worked with me knows I need a whiteboard in the office and typically more than one.

My last whiteboard had these columns on it: - Capture (where everything not processed went) - Next Action (the very next actions for the chosen work to be done). This also included items I wanted to QA from my team before defining as completed. - Waiting for (when I was waiting for something from someone else) - Done this week (completed items I tabulated every week)

This is the visual part of Kanban and is step 1.

Step 2 is to ensure you have captured all of your open loops. Chose a method for capturing everything you have committed to but haven’t yet done so you can get it out of your head (capture everything from buying groceries to signing that multi-billion dollar contract).

Step 3 in the Kanban system is to determine an optimal yet realistic workflow rate. How much can you reasonably accomplish this hour/day/week?

Weekly Review & Kanban workflow

Before you start your weekly review, you must ensure all of your open loops are captured. To do this, I recommend going over your notes from meetings, capture column on your whiteboard, reviewing your calendar, going through your email and everywhere else you could have a task that you will need to accomplish.

Once it is captured, based on your high-level work/life goals, you can determine that are the most pressing X elements you should get done during this planning phase (can be daily but I recommend a weekly approach). Everything you commit to doing should go on your board in the next Actions column. Ultimately these will be the most important items. The items most aligned with your work and life goals.

You then pull work from the Next Action column, action it and complete it then move it to the Done column. By writing things you have completed, it is a positive reminder that things are moving in the right direction (we often forget). Every time you look at it, you will feel like you accomplished something and it will fuel your continued work.

Tracking

One important element of Kanban in our manufacturing environment was tracking of performance metrics to identify issues. The same applied to your personal implementation of Kanban.

You coloured markers and commitments to track deviations from expected performance. If you miss a due date, write it in red. If you notice something takes longer than expected, write it in orange, etc. At the end of the week (during your weekly review) you can review these metrics and figure out, “what’s going on”. Is it that something is taking you longer than expected regularly (i.e. financial review)? Maybe this is because you are lacking some of the required skills, you are improperly planning the work, etc. By knowing what deviated and why, you can implement a permanent corrective action.

[caption id="" align=“alignnone” width=“800”] Image by king dams used under Creative Commons License [/caption]

We have been tracking an organized spearfishing attack occurring on LinkedIn since early October 2015. Since many of my contacts weren’t aware, I decided to publish this quick post.

This is a simple attack where a “bad actor” creates a fake LinkedIn page with actual connections. Pretending to be a recruiter, they encourage applicants to visit a special CV submission page which infects your computer with malware.

1. Always be weary of new connections on LinkedIn offering something interesting. Just because you have common connections doesn’t mean they are real or trustworthy.
2. When applying for a job, always visit the company website directly by entering the URL yourself (not clicking on a link) and visit the careers section.
3. Be careful and don’t be too trusting on the internet

Profiles

In the past, scammers had incomplete profiles with major language issues. In this attack, it seems the profiles are complete with full (fake) job history, education and even LinkedIn group memberships.

A quick analysis of a handful of these profiles reveals much of the content is stolen from valid pages. Images are stolen from the internet. Career summaries are stolen from valid LinkedIn users. Job history is stolen from actual job postings.

A series of these profiles are created and used to endorse each other making these profiles look authentic and trustworthy.

Attribution

Interestingly this attack seems to match activity discovered by Cylance in December 2014 in file called Operation Cleaver

The Cylance report lists domains being faked and we see some of those re-used in this attack. Domains include:

• Teledyne-Jobs.com
• Doosan-Job.com
• NorthropGrumman.net

To be clear there are other domains being used but these are examples of domains seen in the Cylance attack and the newer one.

Conclusion

The moral of the story is be careful. Treat your CV and personal information as valuable assets and protect them. Don't blindly trust anyone on the internet regardless of how "connected" they seem to be to your network. Don't trust endorsements.

   [caption id="" align="alignnone" width="598"]<img src="https://ekiledjian2.micro.blog/uploads/2025/eb7c38936f.jpg" alt=" Don't know where this came from originally or I would give proper attribution. ">  Don't know where this came from originally or I would give proper attribution. [/caption]