Email remains one of the most critical communication tools for businesses, nonprofits, and government organizations. Unfortunately, it is also one of the most heavily targeted attack surfaces. In 2023, Microsoft disclosed one of the most dangerous Outlook vulnerabilities seen in years: CVE-2023-23397.

What made this vulnerability particularly concerning was not just its severity, but the fact that it could be exploited with little to no user interaction. A victim did not need to click a link, open an attachment, or even read the message. Simply receiving a specially crafted email could be enough to expose credentials that attackers could then use to compromise accounts, steal information, and establish long-term persistence.

Understanding how CVE-2023-23397 worked and how organizations can protect themselves remains important today because many of the techniques used by attackers continue to be effective against poorly secured environments.

What Is CVE-2023-23397?

CVE-2023-23397 is a privilege escalation and credential theft vulnerability affecting Microsoft Outlook for Windows.

The flaw abused Outlook’s handling of reminders and notification sounds. An attacker could create a specially crafted email, calendar invitation, or task request that referenced a file located on a malicious SMB (Server Message Block) share controlled by the attacker.

When Outlook attempted to access that remote resource, Windows would automatically attempt to authenticate to the attacker’s system using the victim’s Net-NTLM credentials.

Because this process occurred automatically, the victim often never realized anything had happened.

The attacker could then capture the authentication hash and use it in:

• Pass-the-Hash attacks
• Credential relay attacks
• Lateral movement within a network
• Exchange or Microsoft 365 account compromise
• Additional privilege escalation activities

This made CVE-2023-23397 particularly dangerous because it effectively transformed Outlook into a credential harvesting mechanism.

Why Was It So Serious?

Most phishing attacks rely on convincing users to take an action:

• Click a link
• Open an attachment
• Enter credentials
• Approve MFA requests

CVE-2023-23397 removed much of that requirement.

A malicious email could trigger the authentication attempt automatically, allowing attackers to collect credentials without relying on user awareness or training.

For organizations that lacked modern authentication controls, the consequences could be severe.

Once attackers obtained valid credentials, they could:

• Access mailboxes
• Search sensitive communications
• Download attachments
• Impersonate users
• Establish persistence
• Conduct business email compromise (BEC) attacks

In many documented incidents, attackers leveraged stolen credentials to maintain access long after the original email had been delivered.

The Connection to Malicious Inbox Rules

One of the most common post-compromise activities associated with Outlook and Exchange attacks is the creation of hidden inbox rules.

After gaining access to an email account, attackers often create rules that:

• Forward copies of all incoming mail to external accounts
• Redirect messages from specific individuals
• Delete security notifications
• Move invoices and payment requests to hidden folders
• Hide evidence of compromise from the victim

These rules can remain active for weeks or months before discovery.

In a Business Email Compromise (BEC) scenario, attackers frequently monitor conversations between vendors, customers, executives, and accounting staff. They wait for a payment opportunity and then inject fraudulent banking information into an otherwise legitimate email thread.

The result can be significant financial losses despite no malware ever being installed on a workstation.

Who Was at Risk?

The vulnerability primarily affected:

• Microsoft Outlook for Windows
• Organizations using Exchange Server
• Microsoft 365 users with Outlook desktop clients
• Hybrid Exchange environments

While Outlook Web Access (OWA) itself was not directly vulnerable to CVE-2023-23397, compromised credentials obtained through the attack could subsequently be used to access OWA, Exchange Online, and other Microsoft 365 services.

Organizations that relied heavily on legacy authentication protocols faced particularly high risk because stolen Net-NTLM credentials could be leveraged more easily.

How Microsoft Addressed the Vulnerability

Microsoft released security updates that corrected the vulnerable behavior within Outlook.

Organizations should ensure that:

• Outlook clients are fully patched
• Windows systems receive regular security updates
• Exchange environments are maintained and monitored
• Legacy authentication methods are disabled where possible

Microsoft also provided detection scripts and guidance to help administrators identify potentially malicious messages that exploited the vulnerability.

However, patching alone is not enough.

Prevention and Deterrence Strategies

1. Keep Outlook and Windows Updated

The most important defense is ensuring all systems receive security updates promptly.

Organizations should maintain:

• Automated patch management
• Vulnerability scanning
• Asset inventories
• Update verification procedures

Unpatched systems remain attractive targets long after vulnerabilities become public.

2. Enforce Multi-Factor Authentication (MFA)

MFA significantly reduces the value of stolen credentials.

Even if attackers obtain passwords or authentication hashes, MFA can prevent successful account access.

Whenever possible:

• Require MFA for all users
• Require MFA for administrators
• Eliminate MFA exceptions
• Use phishing-resistant MFA methods where practical

3. Disable Legacy Authentication

Legacy authentication protocols are frequently abused after credential theft.

Organizations should disable:

• Basic Authentication
• POP3 (unless required)
• IMAP (unless required)
• SMTP AUTH where unnecessary

Modern authentication methods provide stronger protections and better logging.

4. Monitor Mailbox Rules

Administrators should routinely review mailbox rules for suspicious behavior.

Look for:

• External forwarding addresses
• Hidden rules
• Automatic deletions
• Unusual redirects
• Recently created rules

Many compromises are discovered only after investigators review mailbox configuration changes.

5. Restrict External Auto-Forwarding

A simple but highly effective control is disabling automatic forwarding to external email addresses.

Many organizations have no legitimate business need for unrestricted forwarding.

Blocking external forwarding can prevent attackers from silently siphoning email even if an account becomes compromised.

6. Deploy Advanced Email Security

Solutions such as:

• Microsoft Defender for Office 365
• Advanced threat protection platforms
• Security information and event management (SIEM) tools
• Managed detection and response (MDR) services

can help identify suspicious behavior before significant damage occurs.

7. Review Sign-In Logs Regularly

Microsoft 365 administrators should routinely monitor:

• Unusual login locations
• Impossible travel events
• Failed login attempts
• New devices
• Suspicious OAuth application activity

Early detection often makes the difference between a minor incident and a major breach.

Final Thoughts

I originally saw this kind of exploitation long before Office was a cloud service offering. PDF dropping executables were usually the delivery mechanism, but lately everyone seems to refer back to this CVE, and thus my focus on it.

CVE-2023-23397 serves as a reminder that modern cyberattacks do not always require users to make mistakes. In this case, a specially crafted Outlook message could trigger credential theft automatically, potentially leading to mailbox compromise, malicious forwarding rules, financial fraud, and long-term persistence.

Organizations should view this vulnerability as more than a historical event. It highlights the importance of layered security controls, including timely patching, multi-factor authentication, disabling legacy authentication, monitoring mailbox rules, and maintaining strong Microsoft 365 security practices.

The lesson from CVE-2023-23397 is clear: protecting email is no longer just about stopping phishing clicks. It is about securing the entire identity and messaging ecosystem before attackers can turn a single email into a full-scale compromise.

References

• Microsoft Security Response Center – CVE-2023-23397
• Microsoft Security Blog – Guidance for Investigating Attacks Using CVE-2023-23397
• Microsoft Security Response Center – Microsoft Mitigates Outlook Elevation of Privilege Vulnerability
• National Vulnerability Database (NVD) – CVE-2023-23397
• Canadian Centre for Cyber Security Advisory on CVE-2023-23397
• Palo Alto Networks Unit 42 Threat Brief – CVE-2023-23397

The post CVE-2023-23397: How a Single Outlook Email Could Lead to Silent Email Theft appeared first on Hold No Virtue....

Microsoft 365 has become the productivity platform of choice for organizations of all sizes. It provides powerful tools for email, collaboration, file sharing, communication, and business operations. However, as Microsoft 365 adoption has increased, so has the number of cybercriminals targeting organizations through compromised email accounts, business email compromise (BEC), phishing attacks, malicious file sharing, and unauthorized access attempts.

Many organizations mistakenly assume that because they are using Microsoft 365, they are automatically protected against modern cyber threats. While Microsoft provides a solid foundation of security capabilities, protecting a Microsoft 365 environment requires ongoing monitoring, threat detection, incident response, user awareness, and security expertise that many organizations simply do not have available internally.

This is where solutions such as Sherweb’s Office Protect can significantly strengthen an organization’s security posture.

The Growing Threat to Microsoft 365 Environments

Cybercriminals increasingly target Microsoft 365 accounts because they often serve as the gateway to an organization’s most valuable assets:

• Email communications
• Financial records
• Customer information
• Employee data
• SharePoint files
• OneDrive content
• Teams conversations
• Business applications integrated through Microsoft Entra ID

A single compromised account can provide attackers with access to sensitive information, allowing them to:

• Send fraudulent invoices
• Redirect payments
• Steal confidential data
• Deploy ransomware
• Create hidden mailbox rules
• Conduct internal phishing campaigns
• Impersonate executives or vendors

Many attacks are designed to remain undetected for weeks or months, allowing criminals to gather information before executing financial fraud schemes.

Common Risks Without Advanced Monitoring

Organizations that rely solely on default configurations or limited administrative oversight often face several significant risks.

Business Email Compromise (BEC)

BEC attacks remain one of the most financially damaging cybercrime categories worldwide. Attackers gain access to a mailbox and monitor communications until an opportunity arises to manipulate payments, banking information, or vendor relationships.

Because these emails originate from legitimate accounts, they can be extremely difficult for employees to identify.

Suspicious Login Activity

Cybercriminals frequently attempt to access Microsoft 365 accounts using:

• Stolen passwords
• Credential stuffing attacks
• Password spray attacks
• Leaked credentials from third-party breaches

Without active monitoring, suspicious sign-ins from foreign countries, anonymous proxies, VPN services, or unusual devices may go unnoticed until damage has already occurred.

Unauthorized Mailbox Rules

One of the first actions attackers often take after compromising an account is creating hidden mailbox rules.

These rules can:

• Forward email externally
• Delete security notifications
• Move messages into hidden folders
• Conceal communications from users

The victim may continue using their account without realizing critical messages are being intercepted.

Malicious OAuth Applications

Modern attackers increasingly exploit OAuth permissions rather than stealing passwords. Users may unknowingly grant a malicious application access to:

• Email
• Contacts
• Calendars
• Files
• Teams data

Even after a password reset, the malicious application may retain access if not properly identified and removed.

Internal Account Compromise

Once an attacker gains access to one account, they often use that trust relationship to target coworkers.

Employees are far more likely to trust:

• Internal email messages
• Teams chats
• Shared documents
• File requests

This allows attackers to expand their access rapidly throughout an organization.

Why Security Alerts Alone Are Not Enough

Many Microsoft 365 tenants generate security alerts, but alerts only provide value when someone is actively reviewing and responding to them.

A common misconception is that security notifications automatically stop attacks. In reality:

• Alerts may go unread.
• Administrators may not understand their severity.
• Small organizations may not have dedicated security personnel.
• Threats occurring after business hours may remain unchecked.

Cyber incidents rarely occur at convenient times.

Organizations often discover compromises only after:

• Customers report suspicious emails.
• Vendors question payment requests.
• Financial losses occur.
• Regulatory reporting obligations arise.

The Value of Sherweb Office Protect

Sherweb Office Protect helps bridge the gap between basic Microsoft 365 security and a more proactive security strategy.

Office Protect provides centralized security management designed specifically for Microsoft 365 environments and offers enhanced visibility into security risks that many organizations would otherwise miss.

Key benefits include:

Enhanced Security Monitoring

Office Protect continuously monitors tenant activity and identifies potentially suspicious events, helping administrators detect issues before they escalate into major incidents.

Security Posture Management

The platform evaluates Microsoft 365 security settings and identifies areas where security controls can be strengthened.

This helps organizations implement best practices and reduce unnecessary exposure.

User Risk Visibility

Administrators gain visibility into risky behaviors and potentially compromised accounts, allowing them to prioritize remediation efforts and focus resources where they are most needed.

Simplified Security Administration

Many organizations struggle to navigate Microsoft’s extensive security ecosystem.

Office Protect provides a more streamlined interface and consolidated security insights, making it easier to manage Microsoft 365 security without requiring specialized expertise.

Faster Incident Detection

The sooner suspicious activity is identified, the less damage an attacker can cause.

Early detection can mean the difference between:

• A password reset and minor cleanup
• A major breach requiring legal, regulatory, and financial remediation

Security Is a Process, Not a Product

No security solution can eliminate all risk. Effective cybersecurity requires multiple layers working together, including:

• Multi-factor authentication (MFA)
• Strong password policies
• Security awareness training
• Email protection
• Endpoint protection
• Backup and recovery
• Continuous monitoring
• Incident response planning

However, organizations that lack visibility into their Microsoft 365 environment are often operating with significant blind spots.

Office Protect helps reduce those blind spots by providing additional monitoring, security insights, and administrative controls that improve an organization’s ability to detect and respond to threats targeting Microsoft 365.

Final Thoughts

Microsoft 365 is one of the most targeted business platforms in the world. As cybercriminals continue to refine their tactics, organizations must move beyond the assumption that default settings alone provide adequate protection.

The financial and operational impact of a compromised Microsoft 365 account can be severe, including fraud, business disruption, reputational damage, regulatory consequences, and loss of customer trust.

By implementing additional security controls and leveraging solutions such as Sherweb Office Protect, organizations can improve visibility, strengthen defenses, and reduce the likelihood that a single compromised account becomes a major business incident.

Cybersecurity is no longer just an IT concern—it is a business risk management requirement. Investing in stronger Microsoft 365 security today can help prevent costly incidents tomorrow.

The post Securing Your Microsoft 365 Tenant: Why Native Security Isn’t Always Enough appeared first on Hold No Virtue....

Day one, he walked into the office and asked, “How many people clicked the phishing email?”

The IT manager sighed. “About 40%.”

“That’s bad,” said the consultant.

“Actually,” replied the manager, “that’s an improvement. Last year it was 90%.”

Determined to fix things, the consultant launched mandatory security awareness training.

A month later, he sent a fake phishing test:

Subject: FREE PIZZA IN THE BREAK ROOM

Within two minutes, 73 employees clicked.

Within five minutes, someone replied-all:

“There is no pizza. This is another one of Kevin’s stupid tests.”

The consultant was disappointed.

Then he noticed the CEO had clicked too.

He walked into the CEO’s office and asked, “Why did you click it?”

The CEO shrugged.

“Because if there was free pizza and I didn’t click, I’d look stupid.”

The consultant updated the training.

Next month he sent another test:

Subject: IMPORTANT PAYROLL CORRECTION — ACTION REQUIRED

Only three people clicked.

Huge improvement.

Then payroll called.

Every employee had received the email, panicked, and immediately called payroll to ask if their paycheck was safe.

The payroll department suffered a complete operational collapse for six hours.

The consultant proudly reported a phishing click rate of only 1.5%.

The CFO stared at him.

“You shut down payroll for an entire day.”

“Correct.”

“And you consider that a success?”

“Absolutely.”

“How?”

The consultant pointed at his report.

“Nobody entered their password.”

The CFO rubbed his temples.

“Kevin…”

“Yes?”

“Next month, send the pizza email.”

The consultant smiled.

“Already scheduled.”

The post Phish-testing is fun… appeared first on Hold No Virtue....

1. Climate Change and Unpredictable Weather Patterns

One of the most significant contributors to the coffee price surge in 2025 is climate change. Coffee crops are extremely sensitive to changes in temperature, rainfall, and altitude. Brazil, the world’s largest coffee producer, has suffered repeated bouts of drought and unseasonal frosts that have severely damaged coffee plantations.

Poor weather significantly impacted the 2023-2024 harvests, leading to reduced yields and lower-quality beans. Meanwhile, regions like Vietnam and Colombia have also experienced shifting rain patterns and soil degradation, making coffee cultivation more challenging and less predictable.

Sourcing coffee from impacted regions has become so difficult that even my brokers are sourcing alternatives now rather than offering a premium price. This is the rub: We’re talking about unavailability, not high pricing. Robusta is now surging to premium arabica pricing when it used to be the cheapest and easiest bean to source.

2. Supply Chain Disruptions and Transportation Costs

The lingering effects of the COVID-19 pandemic and geopolitical unrest continue to strain global supply chains. Ports in Latin America and Southeast Asia are experiencing delays, with container shortages and inflated shipping costs making it more expensive to transport green coffee beans.

Freight costs have surged, particularly from export hubs in Brazil, Honduras, and Ethiopia to major consumption markets like the United States and Europe. Roasters and wholesalers are forced to absorb these higher costs or pass them on to consumers.

In speaking with my primary broker, who buys by the container, not by the bag, I learned that the cost of shipping is getting unreasonable, and is directly affecting retail pricing, where there used to be enough of a gap between the cost to source and retail pricing expectations. Again, this forces everyone in the business to adjust or fail.

3. Geopolitical Tensions and Tariff Policies

Trade tensions and the imposition of tariffs have further intensified the coffee price surge. In early 2025, new U.S. tariffs on imported agricultural products, including green coffee, have driven up costs for American roasters and distributors. Paramount Coffee Company and other major U.S. brands have announced price increases to offset the new duties.

Political instability in key coffee-exporting nations has also contributed to market uncertainty. Unrest in Ethiopia and economic instability in parts of Central America have disrupted exports and led to speculative price hikes on coffee futures markets.

Unfortunately, Custom Roasted is also in the same boat. Prices will have to go up to accommodate for all the changes and instability.

4. Rising Global Demand and Changing Consumer Preferences

The global appetite for coffee continues to grow. Consumption is expanding rapidly in emerging markets, particularly across Asia and the Middle East, where café culture is gaining momentum. Simultaneously, established markets like the U.S. and Europe are seeing an uptick in at-home coffee consumption.

This increased demand is stretching an already tight supply. Moreover, the rising popularity of specialty coffee, sustainable sourcing, and organic options is driving up production costs. Farmers are incentivized to adopt new techniques and certifications, which are often more expensive to implement and maintain.

More people are drinking coffee as mass marketing and distribution is enabling coffee companies to get their product in front of virtually everyone on the planet. The big trend and variety of options is allowing every home to have their own preference of coffee as well as their own preference in brewing it, meaning the demand is going to probably rise even more. The impact on continued increased demand is almost certainly going to reinforce the pricing increases we see. The primary beans I source for blends have increased in price by almost 60%, meaning the cost to get the bag in your hands is going up regardless of who is producing it.

5. Labor Shortages and Production Costs

Coffee farming remains labor-intensive, and many producing countries are experiencing labor shortages. Factors such as urban migration, aging farming populations, and lack of incentives have left plantations understaffed during critical harvest periods.

In addition to labor shortages, the cost of inputs such as fertilizers, water, and energy has risen sharply. These cost pressures are being transferred throughout the supply chain, from farmers to exporters to retailers.

Regarding the farmers, I am going to say something that a lot of people will get riled up for – I do not believe Fair Trade is improving the industry, I kindof equate them with an HOA(homeowners association), except it’s basically inserted itself into the entire industry that gets to say, without a lot of justification, what is best for farmers to produce coffee, with little if any thought towards the costs of production. Coffee isn’t grown in Irish plantations like corn in Kansas. 90% of coffee is farmed in places where electricity isn’t even guaranteed. What fair trade doesn’t advertise is that the financial burden of producing fair trade coffee increases the cost of operation in farms by more than 50%.I might write about the details in this more later, but with all the other factors and craziness in the industry, I think Fair Trade is probably one of the first supply chain factors that needs some serious re-evaluation. I have linked them in this article in case you want to form your own opinion.

6. Currency Fluctuations and Inflation Pressures

Fluctuating currency exchange rates have compounded the issue. The depreciation of local currencies in major coffee-producing countries like Colombia and Indonesia makes exports more profitable in theory, but also exposes local markets to inflationary pressures.

Simultaneously, inflation in importing countries erodes purchasing power, making it more difficult for businesses and consumers to absorb higher prices. This dynamic has resulted in tighter margins and increased volatility in coffee pricing.

7. Speculation and Futures Market Volatility

The coffee futures market has become more volatile in recent years, driven in part by investor speculation. With traditional investments underperforming due to global uncertainty, commodities like coffee have become an attractive option for short-term gains.

As more investors enter the market, futures prices rise, regardless of the underlying supply-demand balance. This speculative activity adds further pressure to real-world coffee prices, affecting contracts and long-term planning for producers and buyers.

What It Means for the Industry and Consumers

For producers, the high prices offer both opportunities and risks. While many farmers are seeing higher revenues, the volatility and rising costs of production make long-term planning difficult. Smallholder farmers, who produce most of the world’s coffee, are especially vulnerable to price shocks and market instability.

For roasters and retailers, price increases necessitate difficult decisions. Passing costs onto consumers risks alienating price-sensitive buyers, while absorbing costs can shrink already thin profit margins. Many are turning to contract renegotiations and exploring alternative sourcing strategies to hedge against future disruptions.

For consumers, the impact is direct and noticeable. From a morning cup at the local café to a bag of beans at the grocery store, prices have increased across the board. Specialty coffee drinkers may feel the pinch the most, as premium offerings carry even higher markups.

Outlook: Is Relief on the Horizon?

Industry analysts suggest that while the current surge is unlikely to last forever, coffee prices will remain elevated for the foreseeable future. Stabilization depends on a range of unpredictable factors, including climate normalization, resolution of trade conflicts, and investments in sustainable production.

Emerging technologies such as AI-driven agriculture, precision irrigation, and improved supply chain logistics may help offset some challenges in the long run. For now, stakeholders across the coffee ecosystem must brace for continued volatility and adapt strategies accordingly.

Conclusion

The 2025 coffee price surge is the result of a perfect storm of environmental, economic, political, and market-driven forces. As these dynamics continue to evolve, stakeholders at every level—from farmers to café owners to daily drinkers—must stay informed and proactive. Understanding the root causes of this complex issue is the first step toward building a more resilient and sustainable global coffee industry.

The post The Cost of Coffee – Key Factors in Global Price Increases appeared first on Hold No Virtue....

Google accounts have many options that can enhance your privacy.

As Google accounts become increasingly central to our digital lives—handling everything from email and calendar to cloud storage and navigation—it is vital to take control over what data is collected, how it is used, and how well it is protected. For those concerned with privacy, including cybersecurity professionals, privacy advocates, or individuals at higher risk of surveillance or abuse, configuring your Google account properly is essential.

This guide outlines the key privacy and security settings you should adjust to minimize unnecessary data collection and improve your overall privacy posture.

1. Start with Google’s Privacy Checkup

Google offers a helpful overview via its Privacy Checkup tool, which provides step-by-step instructions to manage data settings across services.

Get started: https://myaccount.google.com/privacycheckup

This tool walks you through the most common privacy settings. However, deeper configuration is necessary for those serious about limiting data exposure.

2. Adjust Activity Controls

Navigate to: https://myaccount.google.com/activitycontrols

Here you can pause or disable several categories of activity tracking:

• Web & App Activity: Disable to prevent tracking of search history and activity in Google services.
• Location History: Disable to stop storing your GPS data from mobile devices.
• YouTube History: Pause or disable to prevent tracking of videos watched or searched.
• Voice & Audio Activity: This is often a sub-option under Web & App Activity—disable it to prevent storage of audio recordings from Assistant or other Google services.

When these are disabled, Google stops logging new activity in these areas, although previously stored data may still exist unless you explicitly delete it.

3. Limit Ad Personalization

Google uses your activity data to build an advertising profile. You can disable this by visiting:

Ad Settings: https://adssettings.google.com/

• Turn off Ad Personalization.
• Review interests and demographics and manually remove any categories.
• Check if any third-party advertisers have access and revoke them if desired.

Google’s advertising infrastructure is vast, and opting out significantly reduces the targeting fidelity, even if it does not stop all ads.

4. Lock Down Your Google Profile

Visit your Google profile at: https://myaccount.google.com/profile

Audit the information you’ve provided and make the following adjustments:

• Remove any sensitive or unnecessary information (e.g., address, phone number).
• Change visibility settings on each profile field to “Only You” wherever possible.
• Avoid uploading a profile picture if anonymity is a concern.

This limits how much of your identity is exposed to others through services like Gmail or Google Meet.

5. Revoke Third-Party App Access

Visit: https://myaccount.google.com/security-checkup

Review any connected third-party apps or services that have access to your account. Revoke access for any you no longer use or don’t trust. This includes apps using OAuth to access Drive, Gmail, or Calendar.

6. Improve Login Security

Enable two-factor authentication by visiting your security settings at:
https://myaccount.google.com/security

• Turn on 2-Step Verification.
• Prefer app-based authenticators like Google Authenticator or Authy.
• Consider using a hardware security key (e.g., YubiKey) for phishing-resistant authentication.

Also review:

• Devices that are currently signed in.
• Recently detected security events.

Remove old devices and investigate anything suspicious.

7. Set Data Deletion Rules

To minimize long-term data storage, set your Google account to auto-delete activity after a short time frame.
Visit: https://myactivity.google.com/delete-activity

• Set auto-delete for all categories to every 3 months or less.
• Consider performing a manual deletion of all stored data for “All time” if you’re just starting.

8. YouTube Privacy Settings

Visit your YouTube privacy settings: https://www.youtube.com/account_privacy

• Set your subscriptions, liked videos, and playlists to Private.
• Disable watch and search history if not done earlier through Activity Controls.

9. Gmail and Google Workspace Settings

In Gmail:

• Open Settings ? General.
• Disable “Smart Compose” and “Smart Reply” if you don’t want Google to analyze your writing.

In Chat and Meet settings:

• Disable Google Meet and Chat integrations unless actively used.

10. Google Maps and Location Data

Visit: https://www.google.com/maps/timeline

• Turn off Location History if not already done.
• Clear stored location history.
• Navigate to “Your data in Maps” and disable personalized map features.

11. Chrome Sync Settings (Optional)

If you use Chrome and are logged in with your Google account, review your sync settings at:
Visit: chrome://settings/syncSetup (copy into your Chrome address bar)

Disable synchronization for:

• History
• Passwords
• Open tabs
• Autofill data

This prevents Google from storing and syncing sensitive data across devices.

12. Data Portability and Deletion

To back up your data or prepare to delete your account:

• Use Google Takeout: https://takeout.google.com/
• Account deletion (if needed): https://myaccount.google.com/deleteaccount

Google provides extensive documentation and options for downloading your data, including Drive files, email, and more.

Final Thoughts

While you cannot completely de-Google your life without abandoning its services altogether, configuring your account using the steps above drastically reduces your exposure to tracking and surveillance. Regular audits of your Google account settings, careful app permissions, and proactive deletion of stored activity can help you retain control over your data.

For more information and Google’s own privacy documentation, visit:

• Google Account Help
• Google Safety Center

The post How to Harden Your Google Account for Maximum Privacy appeared first on Hold No Virtue....

I Like Big Dogs
By: Not Sir Bark-a-Lot

? I like big dogs and I cannot lie
You other trainers can’t deny
When a Great Dane walks in with that wrinkly face
And that tail just whips your place, you get sprung! ?

Wanna pull up tough,
‘Cause you noticed that fluff was stuffed!
Deep in the fur she’s wearin’
I’m hooked and I can’t stop starin’
Oh, doggo! I wanna walk ya
And take your big paws for a jog-a
My vet tried to warn me
But those jowls you got
Make me so corny!

Ooh, Ruffadoodle smooth coat
You say you ain’t got float?
Well, shake it, shake it
‘Cause your drool game’s woke!

I’m tired of lil’ pups smilin’
That yappin’ sound ain’t stylin’
Take a Rottweiler or a Bernese
And feed ‘em double cheese, please!

So, fellas! (Yeah!)
Fellas! (Yeah!)
Has your dog got fur that sheds? (Heck yeah!)
Tell ’em to bark it! Bark it!
Bark that floofin’ fluff!
Big dog got woof!

I like big dogs and I cannot lie
You other dog moms can’t deny
That when a Saint Bernard lumbers in
With that keg under his chin
You drool! ?

I like ’em furry, burly, hefty
With tongues hangin’ long and messy
A Malamute or a Newfie ride?
You better clear the couch — that dog’s wide.

So I’m lookin’ at shelters daily
Tryna rescue one that’s Bailey
Mastiffs, Ridgebacks, or a big ol’ mutt
If it clears the fence, I’m strut!

Some people like ’em purse-sized
But those little yips I despise
So I roll with Labs and Huskies
Who leave my car seats dusky

If you’re big and you’re barkin’ loud
Come on over, you’ve made me proud
Dial 1-900-BIG-DOGS now
And teach me how to bow-wow!

The post I like big Dogs! appeared first on Hold No Virtue....

Bad things happen when you expect the world to exist according to your whims.

Don’t expect heroes, but encourage them.

People are going to be people, it’s great to hope they’re going to be amazing, but you’re setting your self up for disappointment if you expect consistent social acceptance or heroism. It’s great to hope for it. It’s even okay to help people be their best version of themselves, thats what people do for each other right? I guess maybe its the pragmatist in me that is also saying “If you tell them its mandatory they are going to flip out.”

That’s pretty much what happened according to SFGate

About 15 years ago, I came up with this awesome program to drive engagement and improve public perception of the work my team was doing. 2-4 times a year we were going to shine. A few times a year, we were going to, instead of a regular work day, help on Habitat for Humanity builds. You can call it what you want, helping people, teambuilding, character improvement, improving public awareness was my gig. You would think this is a really cool thing. So many good people on our teams, amazing people. But you know what…half of them we’re pretty pissed off. You see some people arent here to do anything but what they want. Its a fact of life. They arent evil though.

The level of consideration it takes to prioritize something that does not directly or tangibly benefit people over their own wont is actually pretty considerable. It’s not bad manners, it’s not poor social engagement…it’s just their prerogative is not aligned with whatever you’re intending. Everyone seems surprised when some employee that makes mad money doesnt want to do something he or she doesnt want to do. Doesnt make them a bad person…just means they dont want to do something.

But what happened on our little Habitat program? My people @#$%ing 100% revolted. No joke. I had to actually sit down and remediate my own @#$%ing program because of it. I lost friends over this, no joke. The program completely flatlined and my awareness and charity program fell apart.

Learning this the hard way wasn’t fun.

Regardless of the workload, the type of work, or the character of the people affected…you will find a boundary you dont want to cross twice even in requesting something small, like asking for help loading office supplies. In new york, you can’t even get on a damn latter to do something yourself, you have to hire a damn porter($40/per hour for dude that climbs ladders) and if you dont you’re open to a business-killing state case against you because porters unions lost wages.

In today’s banter it’s about someone who (as an engineer) doesnt want to have to make food deliveries for a delivery service we ALL use…seems like an abstract but it isnt. People dont want to do what they dont want to do, and I will go so far as to say even if its helping people. So an engineer the makes bank doesnt want to do a delivery for Doordash. Doesnt make them evil, yall.

But now lets say DURING COVID said person that drives almost never gets told they have to go out and deliver cheeseburgers because of some corporate policy. I would say no too. Its not like lives are on the line, and I know damn well it doesnt make me evil.

Fast food isnt an essential service. So corporate policy or not, there is an argument here that maybe its not exactly the time to be telling employees they have to go out into the wild and risk exposure so that someone can get their wings on.

Yes its probably an unpopular opinion, but its not like its someones last meal, we’re talking about a company policy that really has no place in our current social safety outlook.

Having in the past required people to help build houses periodically for families that dont have homes 4 days a year taught me alot about human nature. Stop expecting everyone to be shine like a rockstar. Hope for it YES…but expecting if of them pisses them off.

I write rants like this occasionally under the tag “No More Stupid” if you want more. Dont hold your breath though I dont post often

Be amazing to one another.

-T

The post Vilifying people for being people… appeared first on Hold No Virtue....

The post testpost for coffee appeared first on Hold No Virtue....

The post test post for security appeared first on Hold No Virtue....

So…here it goes. My subtweeting is usually to avoid the crazy mob of pundits’ fans and their socks. Maybe someday I’ll shift a focus to being an influencer, but right now most of what I see is people using their powers to rile up their fans with shit-poor information.

The bigger problem with this, is that it is inspiring conflict, not resolution. Inspiring people to act and protect is beautiful. Inspiring people to suppress, to harm, or do violence, by word, inference, or gesture…that makes one part of the problem.

If the response is violence, suppression, or harm, it means that the system is either incapable of addressing the problem, or there is an agenda that specifically seeks to condone/promote the disparity.

If you’re wondering why there isn’t more oversight, simply look at everyone not voting for it. That’s literally all that is necessary. Vote them out, and vote representatives in that support term limits.

It might take a decade, but the end result will be all of the old good-ol’ boys will be gone, and younger, less corrupted representatives will only get 8 years(or whatever) to make their difference. The old guys will not be able to maintain their status quo.

We would also see quickly, a more diverse representation. Is the majority still white? Yep, but not for long. By creating/supporting initiatives that lessen the strength of minority votes, institutional agendas remain entrenched.

I hate to say it, but look at Russia. Putin’s playbook was a long long game, and it worked. Ignore that he’s scary as hell, but he systematically realign most of Russia to his agenda. I think honestly that’s the same playbook we’re seeing from the political institution now.

A small change in policy now nudges demographics to a more controllable voting situation. Think of it as non-geographic gerrymandering. And here we are, letting it happen, year after year, letting the same people do the same things to us.

Vote them out…vote them out and for heaven’s sake, don’t let them stay and continue to do harm.

The post Subtweeting #521 appeared first on Hold No Virtue....