Instagram has Terrible Account Security

A few days back, someone reached out to me suspecting that their Instagram account had been hacked. What followed was me helping them work through every available way to lock down their account and then convincing them that they had done everything and it didn’t seem like it was hacked. In the process, though, as a proof-of-concept, I followed the same procedure I helped them go through. That brings me to what I learnt about Instagram and its account security practices.

I am obsessive about the security of my online accounts, including ones that I only use occasionally. I don’t repeat passwords, I have 2FA enabled on all such services, and I use an authenticator app for it to avoid the possibility of SIM swapping. I am not an expert, but I am curious, cautious and fairly literate on security best practices. With this, I started investigating what different ways exist to identify if an Instagram account had been hacked, and what can be done to salvage it.

Instagram offers a simple ‘Login Activity’ page that provides a list of locations and devices from which your account was accessed. A quick glance at it and I suspect it comes from the IP address location provided by ISPs. (Instagram does not have access to the location data on my phone.) It potentially has duplicates of the same device, so is not foolproof, but it is a good sanity check. If there’s no device-location pair on this list that you don’t recognize (and haven’t received an email from Instagram telling you about a recent login), there’s a low probability that your account could be hacked. Great.

But what if there is an unknown device there? What do you do then? Well, you try to kick them out. Step one would be to log that device out, but that leaves the possibility that it will be able to log back in, almost immediately. Why, you ask? Well, Instagram has a surprisingly ridiculous setting, ‘Saved login information’, that is turned on by default, and saves the login information to the mobile app. So, even if you log a device out, chances are that it can log back in almost immediately given the login information is saved. Not good, but not alarming either. After all, it is a Facebook product.

So how do you actually force a login from every device? Astonishingly, there’s no way to do this. Articles all over the internet will tell you to change your password, which will force a password entry on every device. I tried that, and it worked, but only sort of.

At this point, Instagram logs out every other device that was previously logged in to the account. Cool. However, when you try to login again, it gives you a choice: a) Use Facebook to login, or b) Enter the new password (without a 2FA prompt or email notification about login). (b), in and of itself, is terrible, but it is (a) that got me even more worried. I disconnected my Facebook account from Instagram a few years back. And despite Instagram’s constant attempt to lure me into re-connecting them with dark patterns, I have resisted and consciously ensured I do not connect them together.

I tapped ‘Use Facebook to login’. Lo and behold, I was in my Instagram account! No new password, no 2FA code, no email from Instagram about a new login, no email from Facebook about my Facebook account being used to login to another service. I was in. Business as usual.

I was dazed. I checked Facebook to see if any other ‘app’ was connected to my account or had used Facebook for login. Nada.

To recap, I changed my password on a 2FA enabled, Facebook-disconnected Instagram account. On a different device, I could login to my Instagram account without my password, 2FA code or authenticating my Facebook account. I didn’t receive an email from Instagram or Facebook about the login.

In real world, what this means is that if someone gains access to your Facebook account, they can probably extend it and gain access to your Instagram account. Someone will keep chasing a red herring and try to beef up their Instagram security, all while the perpetrator can conveniently gloss over all of those changes by simply using Facebook to login to Instagram every single time, with not even a whiff to the victim.

Ludicrous.

Why I Use Apple Maps

For over 3 years now, since I moved to USA, I have primarily relied on Apple Maps for all of my travel and mapping needs. And the reasons for it, in more or less my order of priority, are pretty simple:

• Apple Maps has all the places and locations I have ever wanted to go to. There hasn’t been a single place that I have tried to go to and not found it on it.
• Ever since I started using it in 2016, it has never got me to a wrong place or put me on an incorrect route.
• It has eerily accurate travel time predictions, and others agree. Waze may estimate the shortest times, but they are rarely ever accurate. Google Maps is better, but still has variability. Apple, on the other hand, usually predicts the exact time or slightly over. For me, that translates ETAs into TAs ;).
• Privacy. This is a big, recurring and extremely important topic for me. I do not want one company to have all my data, use it for profiling me, follow me around the web and sell that data to target me with ads.
• It is fast. Blazing fast. While Google Maps has continued to get more bloated over the years, Apple Maps has gotten faster. Vector maps do that, you know? That also means I haven’t really needed to ‘download maps for offline use’ (which Apple Maps does not offer). The cache is pretty reasonable so just routing to a place or exploring it has added the maps for to my device.
• Speaking of offline use: It reroutes successfully even when I am offline and make a wrong turn or miss a turn!
• The timing and space between Apple Maps notifications for upcoming turns matches the prep time I need to make a turn or take an exit.
• While it doesn’t have the bells and whistles of Google Maps, it does maps right and that’s all I usually care about.
• I have found Apple Maps’ lane guidance to be much more accurate.
• With iOS 13, Apple Maps has added an incredible new amount of features that includes locations of signals and stop signs and included that for even better guidance (’turn right at the next light’!).

I Went to Statue of Unity

Almost about a month ago, I visited the Statue of Unity (SoU), Sardar Vallabhbhai Patel’s statue near Baroda. Hailed as the biggest statue in the world, this was my first experience of visiting a tourist destination in India after living and traveling in USA for over 3 years. Here are some of my thoughts and observations from that visit, in approximate order of my visit:

• I was there on 26th December, 2019. The tickets to go to the observation deck were sold out, so I could only walk up to the foot of the statue (more on that later).
• My first (and most consistent) observation throughout was the sheer mismanagement of the whole operation. The site had 3 attractions, the statue itself, a garden and a dam viewpoint. The only way to travel from one of the parking lots to these attractions was to take a bus setup and run by the SoU complex. However, I could not choose where I went. I was forced to go from parking - statue - dam - garden - statue - parking, getting off at each step, walk fairly significant distances, wait in long lines, before being able to get into the next bus. Talk about compounding delays…
• Every photo, hoarding, symbol in the SoU complex was attributed to Narendra Modi and (to a lesser extent) Vijay Rupani. I mean, just look at this bus run by SoU for transport in the area (not in the photo is a circular logo of Statue of Unity on the far left, of the same size as other circles). The photos of Modi and Rupani are, unsurprisingly, larger than the statue or Sardar Vallabhbhai Patel! Or look at the website for this statue, which maintains the same theme.

  

• The dam was fine. It was a dam and there was nothing grand about it. Maybe I am colored by my visits to Hoover and Glen Canyon dams, but my dad agreed that there was nothing to see in the dam.

  

• One thing that I found weird was that the focus was on the downstream of the dam. Every other dam I have visited focuses on showcasing the upstream and the reservoirs created by those dams. Personally, I feel like that has provided me a better perspective into the significance of the dam. Here, I thought the visit to the dam was absolutely pointless.
• The ‘Valley of Flowers’ was underwhelming. There were few flowers that you wouldn’t find in most places in India. The view of the statue, from here, however, was actually pretty neat.
• The statue was massive and pretty cool. However, at the end, it was just a statue and there was nothing more to it.
• The light and sound show, just after sunset, however, was exceptional. It was a great summary of the life and times of Sardar Vallabhbhai Patel. I learnt a little more about him and his work than I did before.
• The story of Patel and his work in the country, sadly, left out significant (but important) parts of history that matter. The story mentioned the troubles into getting the princely states of Junagadh and Hyderabad into the Dominion of India, but conveniently skipped any mention of Jammu and Kashmir, which Patel offered to Pakistan in exchange for Junagadh.
• Similarly, the whole show spoke of Jawaharlal Nehru exactly zero times. I felt that was inauthentic and inaccurate given how instrumental Nehru was in the integration of princely states into modern India.
• On the contrary, the show talked of Modi, his vision and his hard work a few too many times. The last 5 minutes of the show basically melted into a Narendra Modi cheerleading festival, including playing an audio of a speech Modi gave! I thought it was ridiculous that any politician, any CM, or any PM should be: a) accredited for building a statue, no matter how grand; and b) have his speech about him building the statue appear in a show meant to describe someone else’s life and work. It is narcissistic and egotistical.
• I realize that misinformation about Jammu and Kashmir and Jawaharlal Nehru serve the current dispensation, but I sincerely think distortion of history to appease a single party’s politics only furthers the divide in our country.

I am glad I went to Statue of Unity. I learnt a little more about Patel, but a lot more about my country.

Sapiens by Yuval Noah Harari

Over the years, one thing that consistently bothered me was my inability to read and finish books. I started a lot of books, but finished rarely any. Over time, I lost interest in reading books. I read a lot of articles, blogs and news stories, some tens of thousands of words long, but I never got around to reading books.

In late November, I decided that I wanted to change this about myself and that I wanted to read more. For that, I needed a book that would keep me hooked, keep me interested. Over the last year, I had read and heard a lot of praise for Sapiens, and I was certain that that was the book I wanted to read. And so, it was.

I just finished reading the book last night, and to say it was an eye-opener, is an under-statement. It is an astute account of the rise of homo sapiens, the various revolutions that have occurred over the last several millenia, and goes on to lucidly describe the dominant (and other theories) surrouding each one of them.

One of its primary gifts to me was a new perspective. I had accepted humanity as it exists today (capitalism, social structure, religions, agricultural practices, etc.) without sufficiently understanding how they came to be. I now understand a little more about the story of the homo sapiens than I ever did.

Harari helped me learn more by questioning the why, which I hadn’t earlier, out of my arrogance, ignorance or both.

One of the most profound quotes of the book appears in the ‘Afterword’ and summarises everything the book goes over ever so succintly:

Seventy thousand years ago, homo sapiens was still an insignificant animal minding its own business in a corner of Africa. In the following millenia it transformed itself into the master of the entire planet and the terror of the ecosystem. Today it stands on the verge of becoming a god, poised to acquire not only eternal youth, but also the divine abilities of creation and destruction.

Here’s to the next book, and then a few more .

Merriam-Webster Word of the Year 2019: They

There were a few things towards the end of 2019 that made me happy. ‘They’ being chosen as word of the year, was one among them.

Over the last year, I have started using ‘they’ frequently as pronouns for people whose pronouns I did not know, and it started from something really simple: I choose to not give pronouns to someone else. I want to let them be them, pick their pronouns, respect their identity, and not judge them.

I’m not perfect, and I’m still learning. But I’m extremely glad that in 2019, my word of the year was the same .

Another Website Update

I have had my personal website since early 2012. Since then, I have used a typical website hosting model and relied heavily on CMSes like WordPress to help me host things that I write.

Over time, I have realized I was ambitious with what I set out to do and didn’t actually keep up with the various sub-sites that I created. That led to many of those WP installations becoming unused. However, in the 7+ years since, across multiple website hosting provider migrations and services, it was a painful process to keep those sites running. So, recently, I archived those sub-sites.

When I archived all those sub-sites, I realized my website was pretty lean and mostly composed of static pages, except the CMS used for my micro blog. I also stumbled upon the world of static site generators at about the same time.

It took a while, but I found a solution that made me happy in Hugo for generating my micro blog, and moved away from complex hosting solutions to a GitHub-linked Netlify website. That brings us to now .

Look around, and let me know if you see anything out of the ordinary and let me know. Ah, I also route mail for my domain through ImprovMX now!

For All Mankind

Among the first set of Apple TV+ shows, ‘For All Mankind’ excited me more than others. Over the last few days, I have watched some of the released episodes and I’m really impressed by it. I think it is a compelling story-line.

The plot of the show is fairly simple: What if Russians landed a human on the moon before the USA? How would the space race unfold after that event? How swiftly would space progress unfold thereafter?

Having throughly enjoyed another alt-reality show (I’m looking at you, ‘The Man in the High Castle’), ‘For All Mankind’ was supposed to be right up my alley, and I haven’t been disappointed .

Archived Blogs

I have been guilty of not updating some of my old blogs for years now. Namely, my ‘Unwind’ and ‘I Talk Tech’ blogs. Even though they were unused, I still had to maintain their WordPress installations over the years as I migrated across web hosts and migrations. It was laborious to keep updating WordPress to the latest version for zero-traffic web blogs.

Today, I finally migrated them off a static WordPress installation that I had moved to a few months back (that was riddled with broken links and no theme CSS), to my Tumblr. My old posts from ‘I Talk Tech’ are now available here, and from ‘Unwind’ are here. In the future, I expect my tech and leisure posts to be posted right here, so Tumblr only exists as a dump for my previous posts.

What Narendra Modi Should Fix

A few days ago I posed a question to Twitter asking people what their tipping point for supporting Modi was? To put it in a different way, if you support Modi today (and / or have for the last 5+ years), what is the one thing, that if he does it, would make you cease supporting him.

It is not a very difficult question (but it can be). If you are someone that does support someone, anyone, something, I think this is a question you should ask yourself. I often ask the same of myself, and it helps me in understanding why I prefer something or someone over the other.

When it comes to Narendra Modi, though, while I was neutral about how I feel about him governing the country pre-2014, over time I have definitely grown to be more critical about his policies, style of politics and opposing what India has and is becoming, under his governance. I think he has made grave mistakes and strayed from the path of serving the country, while further dwelling in the arrogance of power.

So with this, I wanted to share a little bit more about what I would like to see done, which would make me feel more ambivalent about him.

1. Stop systematically disseminating communal disharmony: Our Constitution enshrines and holds secularism as a founding principle. Be an embodiment of the principles encapsulated in the book you swore on. Unite the country, stop dividing it.
2. Don’t treat the economy like sandbox: Accept the mistakes incurred in the past (demonetization, implementation of GST, ba../11.data-scienceSUs, etc.) and move towards fixing them. Mistakes in economic policy do not live in their own walled environments, they have far reaching effects on just every aspect of life in the country. Enough has been said about each aspect of the economy, and there are definite mitigation steps advised by many eminent economists.
3. Put an end to systematic disinformation: One thing that is fundamental to me and my understanding of the world is data. The lack of reliable data from the government to independently verify its claims on a multitude of things, in every area, (be it GDP, jobs numbers, electrification, cleanliness efforts, etc.) is a problem. The lack thereof creates ripe ground for a vicious cycle of potential lies, that deepen the cracks in a society. This would work two-fold: 1) Leave no room for confusion, criticism or fake news, and 2) Add trust in the government.

That’s it. Not a long list, aye :)?

U.S. National Park Service

It has been just over 3 years since I have been in the USA, and in this time I have come to realize that one of my favorite things about USA is the National Park Service. I have visited more than 15 national parks in various parts of the country, hiked across most of them, and marvelled at the things I saw. I have experienced snow-clad mountains, scorching deserts, canyons that have been shaped over millions of years, hot springs sitting on volcanoes, tiny streams, glacial lakes, and rivers with lush waterfalls. No 2 parks were the same and I have never felt underwhelmed at the end of each day.

Some of the reasons I love national parks are:

• The ease and accessibility to explore some of the most untouched parts of the world, be it mountains, rivers, deserts or forests.
• The way these parks are maintained (by NPS), supported by rangers, and the facilities (roads, water filling stations, restrooms, hotels, restaurants) that are created with minimal disturbance to the surrounding areas.
• The flexibility that allows me to decide how much time I spend in the park, from hours to days, and guides that help me do the same.
• The well-designed scenic drives that help showcase some of the popular sights in the park from the convenience of a car.
• The detailed and charted maps for hikes that ensure a safe trip in the park.
• The rewards, in the form of never-seen-before landscapes that make every drop of sweat on difficult hikes worthwhile.

Onto getting my US NPS Passport stamped at every remaining NPS location .