Workshops for the Investigator

Finding useful information is time-consuming.  Properly evaluating information is time-consuming.   Organising information for analysis is time-consuming.  We  teach techniques that focus and refine your search results.  Then we teach you to evaluate the quality of what you find.  Finally, we teach you the best practices to organise your data for reporting.

For the Investigator, these time-consuming tasks are money in the bank if he can do the job in an organised and efficient manner.  Get a jump on the learning curve from an expert who knows the challenges facing the Investigator.

We tailor workshops for Investigators of varying experience and information literacy.

Sample topics include:

Research Strategy: plan a research strategy, choose the appropriate tools, and use them to full capacity

Evaluation Matrix: the Internet is renowned for harbouring unreliable information, but we teach you how to evaluate the data you find for relevance and quality.

Google: learn the good and bad of Google and how to use its most powerful features

More than Google: learn the strengths and weaknesses of other search engines and how to benefit from them.

The Deep Web: learn about the resources hidden from search engines.

Social Networks: learn the rules regarding the searching and using this data. Learn how to search this vast resource and how to analyse what you find.

MSOffice & OpenOffice: these are not typewriters! Learn how to use them as sophisticated information tools that save time and effort.

Information Management:  we show you the software tools and techniques that save your data and your time.

Secure Surfing: choosing the right browser and configuring it properly to leave the smallest footprint behind


FireFox V.10

The biggest change in V.10 that most Firefox users will see is the smaller number of add-ons marked as incompatible. About 80 percent of all add-ons should now be compatible. Previously, most add-ons would break when Firefox released a major update.

V.10 seems to work much better than any V.9 iteration. No more crashing and the add-ons and extensions work properly. I guess I will be able to stay with Firefox for a while yet.

Extended Support Release

Mozilla also released the enterprise version of Firefox, called ESR (Extended Support Release), which will release updates on a slower cycle (once per year) so that businesses don’t have to worry about their internal tools and security protocols failing. This should help make Firefox more popular in the corporate world.


Securing Firefox – Configuration Settings

This is about stopping the dreaded disease, Data Diarrhea. The websites you visit can leave behind a trail of data on your computer and in their server logs. All of this Data Diarrhea can identify the Investigator and this can complicate the problem he is trying to solve. Lax privacy & configuration settings may also leave the Investigator’s computer vulnerable to attack by hackers.

This article describes more advanced methods of customizing Mozilla applications, by editing the configuration files.

about:config entries

about:config is a feature of Mozilla applications which lists application settings (known as preferences) that are read from the profile files prefs.js and user.js, and from application defaults. Many of these preferences are not present in the Options or Preferences dialog. Using about:config is one of several methods of modifying preferences and adding other “hidden” ones.

Editing the user.js and prefs.js files are an alternative method of modifying preferences and recommended for very advanced users only. Unless you need a prefs.js and/or user.js file modified for a specific purpose, you should use about:config instead.

This article refers to the Firefox V. 9 edition of the browser. These entries may have adverse effects on Thunderbird and Mozilla Suite/SeaMonkey and older versions of Firefox. These settings will affect all profiles of the browser.

In Firefox, type about:config in the Location Bar (address bar) and press Enter to display the list of preferences. You may get a warning page next, just click OK and move on.

about:config > browser.display.use_document_fonts > change value to 0

0: Never use document’s fonts
1: Allow documents to specify fonts to use
2: Always use document’s fonts (deprecated)

Don’t let the site access to the fonts on your computer. That grants too much access that can be abused.

about:config > browser.sessionhistory.max_entries > change value to 2

The maximum number of pages in the browser’s session history, i.e. the maximum number of URLs you can traverse purely through the Back/Forward buttons. Default value is 50.  Set it to 2 so that the site you visit can’t see where you have been during your Investigative Internet Research (IIR) assignment.

about:config > > double click to false is a mechanism allowing web pages to store information with a web browser (similar to cookies) called “client-side session and persistent storage.” Although use of session storage is subject to a user’s cookie preferences, this preference allows it to be disabled entirely.

about:config > geo.enabled > double click to false

True is location aware browsing enabled. Default is true. You want to disable this. See for details of geolocation in Firefox.


Securing Firefox – General Privacy Settings

General Firefox Privacy Settings

The basic privacy settings in general settings, are found in the options bar in Firefox 9.0 (Firefox > Options > Options) or for iOS, Preferences.

  1. Content: Enable block popup windows and disable Javascript when it isn’t needed.
  2. Privacy: Enable the DNT (Do-Not-Track). For History, use custom settings. “Always use private browsing mode” should be enabled. “Remember my browsing history”, “Remember download history” and “Remember search and form history” should be turned off. “Accept cookies from sites”, but un-check “Accept third party cookies” as they aren’t needed often. Location bar: select “Suggest nothing”.
  3. Security: Enable “Warn me when sites try to install add-ons”, “Block reported attack sites” and “Block reported web forgeries”. Under Passwords, disable “Remember passwords for sites” and use a master password.
  4. Advanced – General – System Defaults: Disable “Submit crash reports and performance data”.
  5. Advanced – Network – Offline Storage: Check “Override automatic cache management and limit cache to 0MB space”. Further—you can un-check “Tell me when a website asks to store data for offline storage use”.
  6. Advanced – Encryption: Ensure both “Use SSL 3.0 and Use TLS 1.0” are enabled. Then click validation > check “When an OCSP server connection fails, treat the certificate as invalid”.



E-mail Reminders

You get an email or send one, then you forget all about it and find you have missed an opportunity or a deadline.  A common enough problem.

Try using FollowUpThen to solve this problem.  To remind the recipient, put a time interval in the CC field. For example, To remind yourself, put the time interval in the BCC field.  The time interval can be minutes, hours, days, weeks, or years.


The Internet Kill-Switch

A Wired How-to Wiki article,  Communicate if Your Government Shuts Off Your Internet offers an excellent insight to your options should government turnoff the Internet.

The recent PC World article: Get Internet Access When Your Government Shuts It Down Does your government have an Internet kill-switch? Read our guide to Guerrilla Networking and be prepared for when the lines get cut, shows that the situation in Egypt has spurred geeks everywhere to start building Appocalypse apps  that may be headed our way to deal with similar situations in the future.

The Open Mesh web site content is  heavy going but useful if you have the technical knowledge.

Choosing Passwords

Here are a list of articles about password security that resulted from some recent research I was conducting.

On Becoming a Web Worker — The Online Calendar

As you progress in your quest for Web Worker status you need to accept the concept of Web-based collaboration tools.

The first such tool to adopt should be your Calendar.  You may eventually have several, each with its own purpose. In this part of my little dissertation, you will learn how to manage both a shared and a private Calendar.

Google Calendar

Sharing your Calendar and giving access to your office staff will solve a lot of scheduling problems.  Your Calendar can have items from several calendars in it and you will never be lost or go AWOL ever again and you will know what other people are doing.

Security Issues

The first decision is who will have access to you Calendar.

If your office staff and others will have access to your calendar, then you may want to set-up another Google account for the calendar into which they enter events.  This calendar is shared, which means its events will be visible in your main calendar.  This is not entirely necessary but it divorces the shared calendar from your email archive.  You can also share events that you place in your personal calendar with the one you office staff use to enter events for you.

The events entered by other people can then be Copied to your calendar as your own so that you receive notifications of your agenda and individual events entered by other people.  You should look at your calendar every day for items added by other people.

It just sounds more complicated than it is.  You just have to devote set times during the day to answering email and reviewing your calendar.  I do this at 11am and at 4pm daily.

Google Docs & the Private Investigator

The Cloud & Security

Cloud computing makes knowledge work easier. In large organisations, employees  are using nothing more than dumb terminals with a browser interface and corporate e-mail is webmail, corporate documents are all on GoogleDocs, and specialized applications have a web interface, it’s easier to allow employees, partners, suppliers, and customers to access the company’s data.

The Cloud & The PI

Security is always a trade-off, and security decisions are often made for non-security reasons. In this case, the decision is usually to sacrifice security for convenience and flexibility. Corporations want their employees to be able to work from anywhere, and they loosen controls to get that. However, in Canada, a Private Investigator must consider how PIPEDA and the courts will look upon any breach at Google. The PI is not a member of some favoured elite.  If a data breach happens at Google, the Canadian PI will almost certainly be held liable for using Google Docs.

Data Breech Liability & PIPEDA

The Canadian PI has several practical reasons to be cautious when using services like Google Docs.

Read more


The MailBrowser add-in puts a sidebar to the right of your Gmail screen in Internet Explorer or Firefox, showing information about the sender of an open e-mail or any contact you search for. You can see a list of unread e-mails from the person, e-mail threads and a chart of e-mail activity.

It also lets you search through attachments and shows  thumbnails to make it easier to find what you’re looking for.  It works on Windows and Mac, Internet Explorer, Firefox and Chrome.

Gmail as a Hard Drive

Gmail Drive works with IE 5 or better to turn your Gmail storage space into a virtual hard drive where you can keep any sort of file.  Just like a local hard drive, you can move a file there by dragging and dropping and open it by double-clicking. When you save a file to Gmail Drive, it shows up as an e-mail with attachment in your inbox. If this could mean it gets sent to your smartphone, then this could be either a nuisance.

GSpace – an add-in for Firefox on Windows, Mac and Linux – adds interfaces for pictures and music. GSpace lets you manipulate files much as Gmail Drive does, but viewer to let you flip through photos, and a music mode that will play your tunes direct from Gmail.  As with Gmail Drive, your files show up as attachments to e-mails in your inbox.

Secure File Transfers

There are four common ways to transfer large files:

1. Middle-man approach
2. Direct file sharing
3. FTP
4. Multi user document repository

1. Middle-man approach

Most file transfer services use the middle-man approach. They require you to upload it first onto their server and then the recipient downloads it.  Depending upon your security requirements, these may be very dangerous as you are uploading important data onto someone else’s server without understanding exactly how they treat my data.  Furthermore, the server may not be secure from even the most inept hacker. These services usually limit file size to 2GB and they suffer from reliability problems due to dropped connections.

Read more

On Becoming a Web Worker — Gmail

Web Worker Article Series

This is part of a series of articles about using Web-based services to get through your work day no matter where you are working — in an office, on a back road in your car, or in an airport.

Web Infrastructure & Cloud Computing

The current web infrastructure includes cloud computing which has started to change how we work and how we use the Internet.

IDC Research predicts that by 2013, 1.2 billion people (that’s about one-third of the existing global working population) will form the world’s mobile workforce.

You may have a smart phone or a Blackberry and many email addresses, but you still need one Web-accessible portal to manage your email. With a little patience and thought, you can make Google a safe haven for all your email even if you normally access it elsewhere.


We all know about Google as a search engine. We all know about Gmail.  However, I am amazed at how many people fail to use Gmail, Google Calendar, Google Reader, and the other features available from a Google account.

Let’s start with creating a Google and Gmail account and look at what it can do for you.  This is the best place to start becoming a Web-Worker.  This may seem simplistic to some and rocket science to others.

Read more

This Message Will Self-Destruct

This Message Will Self-Destruct offers the ability to send an encrypted email-like message to another person either with or without a password.  As a reassurance that your message is secure, it’s never stored with TMWSD.  The optional password salts the encryption key for even more security.

Once you have entered your message and clicked on  SAVE THIS MESSAGE, you will be given a URL to pass on to the recipient.  When the intended recipient reads your message (with or without the password you may have given them) the encrypted message is deleted forever. If you lose the password your message is also lost!