#0024: Preparing a Helping Hands tool for effective use
Preamble
This article covers the modifications necessary to get a box fresh Helping Hands tool ready for service. The specific version of this tool being the pictured unit. A version that consists of a small horizontal metal bar that is mounted onto a weighted base. The bar then has three adjustable arms attached to it. Two terminating in metal crocodile clips, and the third in a magnifying glass. This unit although useful and good quality for it’s price, it is also cheaply made, and mass produced. As such it requires some preparations before it can be used to good effect.
What is a Helping Hands tool
At its core a Helping Hands is a tool that consists of an adjustable jig with arms that terminate in spring loaded grabber clips. These clips are designed to hold materials and workpieces in place. This is in order to assist the user when working on them; for example: holding wires in place for tinning, or in preparation for a soldered connection.
Helping Hands are also known as “Third hands” or “X-tra Hands” depending on marketing. Although there are likely to be variants in design due to marketing, the basic tool is the same. It consists of some form of adjustable jig, with two or more grabber clips attached to it. Many variants also have adjustable arms that terminate with either a magnifying glass, or a light source of some description. They may also come with things that are specialised for a specific task: such as a soldering iron holder, or a mini microscope mount. However these are outside of the scope of this article. We will only be discussing the rather cheap and generic example unit that is pictured.
Modifications
Mod #1: Padding the crocodile clips’ jaws
The first necessary modification is rather obvious when you have a new unit in your hands. The actual clips that hold the various workpieces and materials: are crocodile clips. Crocodile clips complete with serrated teeth and a fairly powerful spring ready to push those teeth into anything that comes between it’s jaws. These needless to say leave noticeable teeth marks on anything softer than the clips’ steel when in use.
I recommend using several layers of heat shrink tubing to pad the teeth. This is because heat shrink tubing is generally tough enough to make it resistant to being pierced by the teeth’s serrations. Apply a layer of heat shrink to each jaw in turn. Then heat it so that the heat shrink, shrinks into a fitted profile on the teeth. Keep adding and heating layers in this manner until you are satisfied that the serrations of the teeth are sufficiently padded and will no longer damage anything that the clip holds. At this point, you may wish to trim off any excess tubing with a side cutter.
In my opinion heat shrink tubing is a good candidate for this application due to the fact that it does hug the profile of the teeth so well, while still padding the biting edge off of the metal. This clinging to the peaks and troughs the teeth is important because it allows the clip to still have an effective mechanical grip on the workpiece.
Additionally the rubber material that heat shrink is made from also assists in effectively gripping the held object using friction. This is useful when it comes to holding metal objects, especially cylindrical ones like telescopic radio antennae. A mechanical grip alone is likely to slip, coupled with the springs: I can see the jaws throwing out objects. A friction grip is necessary to hold low friction hard-surfaces such as metals.
Other reasons why heat shrink tubing is well suited to this particular application, consist of: firstly, the rubber material it is made of is relatively heat resistant (i.e. it takes continuous high temperatures, or a direct flame to effectively melt it). This means that the user can use solder irons and hot air around it without worrying about having to either clean or refit their Helping Hands tool. As would be the case if they used electrical tape for example.
Secondly, it is also a mild insulator of heat, this prevents heat from easily conducting into the metal clip and into the larger frame of the tool. Why is this important? It means that the user can use a soldering iron with a lower thermal mass effectively. Whereas without insulating off the greater frame of the Helping Hand tool, it will conduct away the thermal energies from the point of application. e.g. whilst soldering a joint on a metal object such as an antenna terminal.
This will require either a higher temperature setting (as a bid to compensate for the leeched energies), and deal with the associated risks and drawbacks; or having to simply use another soldering iron with a higher thermal mass. Alternatively it should be said that, insulating the metal clips in this manner really might not even have a significant effect on for example soldering performance, it largely depends on use case specifics. If you are for example using a 10 Watt USB soldering iron, well then you’ll need all the help that you can get; including this. Whereas for a more average setup, you may not be noticeably affected either way.
Mod #2: Hot glue in the clips connecting arm joints
This is an often overlooked modification that you can make to effectively extend the working life of the product. It simply involves getting a hot glue gun and pumping hot glue into the connecting joint that attaches the crocodile clips to the main jig. This is needed because the out-of-the-box setup only has those joints held in place using a friction fit between the metals of the clip and the jig arm. Unfortunately as you use the tool and rotate the clips, it will loosen the metal’s spring pressure that holds it in place until the clips just slide off. Repeatedly.
Additionally, re-tightening the friction fit using a pair of pliers will not keep the clip in place for long, just delay it falling out for a little while. Unfortunately in my case the entire clip arm kept falling out and no amount of tightening made the clip arm stay in it’s cradle, as effectively as the initial friction fit did. Hot gluing them in place however fully prevents the clip arm from sliding out of it’s cradle. It really made a very strong bond. One that is better than the original friction fit. The only trade off is that the crocodile clip can no longer rotate at the wrist joint where the friction fit connection was. Instead all rotational adjustments need to be made at the arm’s elbow joint from now on.
You might’ve wondered as to how exactly does this laughably simple modification actually extend the working life of the tool. Well, I will endeavour to answer this question with another question (or more). Have you ever had a tool that kept falling apart on you when you needed it to just work? Falling apart in moments where you might already be somewhat stressed trying to fix something broken? Maybe even whilst on a time limit? In that moment, have you ever grabbed the offending tool cursed it out, then promptly threw it into the trash? That’s how pumping those annoying joints with hot glue will extend this tools working lifespan. It’ll help this tool effectively keep it’s head down and just do it’s job.
Closing thoughts
These are simple enough modifications and are rather ubiquitous with regards to this particular tool. Even the image of the ‘dabbing’ Helper hands on the Wikipedia page for this tool, has the same teeth mod. Although they used electrical tape. Which in my opinion is an inferior material to use. Firstly its a less permanent solution due to the material’s general strength, meaning that sooner or later the teeth are going to poke through it. Additionally, it is also more susceptible to heat; meaning that if the user solders a wire for example too close to the clip they run the risk of melting the electrical tape.
That being said, small mods like these are most definitely better than nothing, and worth mentioning in order to help people not overlook them due their rather trivial nature. This is because little mods like this are easy to implement and can help the user make the most of their cheaper tools in general. Even if you are half-arsing it by using electrical tape, says the out-of-touch heat shrink tubing elite.
#0022: Equipment recommendation list for a hobbyist repair technician
behold mein craphouse
Preamble
This is a quick and dirty list of the equipment (tools, and consumables) I use, specifically with regards to repairing devices. Hopefully, this list proves useful to any other hobbyist repair technicians or people interested in electronics in general. The equipment list is split into three categories based on need: Necessities, Nice-to-haves, and Useless dreck. Each item has a quick summary explaining it’s use relative to it’s category. Other than the broad categories, the items are in no particular order.
Quick list
Necessities:
Temperature controlled soldering iron
Leaded solder
Lead-free solder
Tweezers
Bench power supply
A good vacuum desoldering pump
Desoldering braid
Pry tools
Isopropyl alcohol
Rosin flux
Multi-bit screwdriver set / screwdriver set
A cheap multimeter
PPE: safety glasses
PPE: gloves
Spares and parts
LCR component tester
Side cutter
Digital camera
Portable computer
Helping hands
Hot air SMD rework station
Kapton tape
Shrink wrap
Lighter
Pen and pad
Small containers
Work mat
Mobile light source
Cleaning supplies
Nice-to-haves:
Soldering iron tip tinner
A good wire stripper
Solder mask and UV curing torch
Oscilloscope
Hot glue gun
Soldering gun
PCB board holder
Precision screwdriver set
Desktop fan
Filter mask
Temperature sensor module
Isolation transformer
Useless dreck:
Cheap vacuum desoldering pump
Cheap wire stripper
Flux pens
Alcohol based liquid flux
Heated vacuum desoldering pump
Soldering iron sponge
Necessities
Temperature controlled soldering iron
A variable temperature setting is needed to work effectively with materials with different melting points and thermal mass conductivity.
Leaded solder
More versatile and friendly to work with than the lead-free variant due to it’s lower melting point and better flow. Necessary to perform maintenance on a soldering iron tips (tip tinning).
Lead free solder
If you have leaded solder, then lead free solder is largely redundant if all you primarily care about is solder effectiveness. Lead-free solder does however have it’s use cases. The main trade off between them is that leaded solder is more effective as a solder, however lead-free doesn’t contain lead, which is toxic. Any use case where you definitely do not want lead in the device, lead-free would be the way to go. A good example of this, is any device that comes in contact with foodstuffs such as kitchen appliances.
Tweezers
Tweezers are needed to manipulate tiny components, such as surface mounted components. They are also useful for holding materials affected by heat. Get a firm pair of metal tweezers, the cheap ones bend when you exert force on them, meaning that you lose control on the object you are gripping. It also means that you cannot grip the object tightly, otherwise the tweezer will start to bend. I recommend having multiple tweezers, an L-bend pair of tweezers for comfortably interfacing with SMD components, and a larger (stronger) pair of straight tweezers (with teeth/grips) for general use.
Bench power supply
Necessary for powering a range of devices and components under test. It needs to have variable voltage outputs and a current limiter. It also needs to be able to provide enough power for powering the devices under test.
A good vacuum desoldering pump
Although generally less effective at removing solder from a joint than a length of flux infused desoldering braid would be, it is still very useful due to it’s reusability. It helps me keep my recurring materials cost down.
Desoldering braid
This is probably the best way to actually remove solder from a solder joint. Works best when infused with additional rosin flux.
Pry tools
A small collection of pry tools will assist in opening the various plastic clips that you will encounter when opening consumer devices.
Isopropyl alcohol
An excellent cleaning agent and light solvent. Useful for effectively removing many materials, from adhesive, to rosin flux, and even good for removing water (moisture) from devices.
Rosin flux
Necessary agent for assisting solder to flow effectively. Additional flux is necessary in many cases where the flux that comes within flux core solder is insufficient, or in cases of desoldering a joint without first applying additional (flux core) solder to the joint.
Multi-bit screwdriver set / screwdriver set
A good set of screwdrivers (including security bits) is basically mandatory for a repair tech of any stripe. They facilitate the access and disassembly of devices, necessary for repair.
Cheap multimeter
A multimeter is an absolute necessity. At the most basic level, a multimeter is used to test suspect components to gage their health and functionality. They have many functions that a very useful, such as continuity, voltage, current, and resistance testing. However they also have some gimmicky functions (at lest in the cheaper models), such as NCV testing, or transistor testing (which is not very good on multimeters in general).
Generally cheaper multimeters are fine for low voltage applications, such working on battery operated consumer devices. Their core functions are accurate enough that it shouldn’t become an issue. However if you are wanting to work on higher voltage devices. Such as mains powered devices, than a more expensive notable name brand multimeter (e.g. Fluke) is necessary at that point due to it’s safety feature set.
PPE: Safety glasses
You will use some form of safety glasses sooner or later. The only question is whether it happens before or after something either sharp or hot flies straight into your eyeballs.
PPE: Gloves
Very useful for handling hot materials, and/or isolating your skin form various toxic, corrosive, or abrasive materials. This could include anything from lead metal, to battery acid, to liquid plastic. Get gloves appropriate to the materials you’ll be handling.
Spares and parts
How can you call yourself a repair tech, if you don’t have at least some spare parts or devices either laying around; or stuffed into boxes somewhere. Either bought or salvaged, it really doesn’t matter. What matters is that there are many discrete parts in devices that are virtually irreparable. Basically this includes every small component from passives, such as: resistors, diodes, and capacitors; to active componentry such as integrated circuits and transistors. They’ll all need replacing once they’ve fried.
LCR component tester
This is a good addition to a multimeter. It’s typically used to test various components’ inductance (L), capacitance (C), or resistance (R). I however predominantly use mine to gauge the health of electrolytic capacitors, by testing their equivalent series resistance. I personally bought mine when I got into recapping old monitors. However, you can also us an LCR meter to identify various unlabelled components, such as SMD (surface mounted device) capacitors, resistors, and transistors.
Side cutter
A nice little sharp side cutter is invaluable when it comes to performing various tidying up jobs around a PCB circuit. These little clippers are great for trimming the leads of through hole components, and cutting smaller gage wires that are nestled deep in a device. It also functions as a good as wire stripper, however user’s will have to carefully strip the insulation from cables.
Digital camera
I use a digital camera to document my exploration through a device. That way I have evidence of how it looked before I started messing with it’s insides. An example use case would be documenting which random coloured wires were soldered where. By the time the user finds and fixes a fault within a device, details such as the specific configuration of wires connecting to any given board may slip their mind. So it helps in such circumstance to have documented evidence.
Computer
I typically use my small old (intel atom) laptop computer. I use it to host tutorials (both video and textual), datasheets, schematics, and for use as a typewriter to jot down notes if I don’t want to use a pen and pad for whatever reason. One could also load on the thing various entertainment media for getting through long sessions of laborious work. Basically music and audio books. Additionally, I also use it to store catalogues of the photographs I take when assessing devices.
When it comes to work bench computers, I have a general preference for computers that are inexpensive and that use very little power to operate. Inexpensive, because they are likely to get damaged in one way or another. Either by off-spray, a slip with a blade, a drop, melt damage, anything really. And low power, because the computer is also most likely going to be powered on for extended periods of time, most likely just displaying documents whilst playing music in the background. Essentially, not really doing much in terms of processing computations. So an older small portable with a lower power processor is ideal for this use case.
On the other hand a desktop for example is likely unsuitable for this task, both due to it’s power consumption, and due to the desk space that it will require. Additionally, there is also the temptation with a more powerful rig, to ‘take a short break’ by playing video games, or rabbit holing youtube videos. Such distractions are painful experiences on an intel atom processor, hence its likely to keep a person on task easier.
Helping hands
Helping hands hold workpieces in place securely, enabling the user to work on them confidently. They may initially seem like a ‘nice-to-have’. However I find that for many things, such as soldering wires together, or connecting various cables to plugs; helping hands that can hold all these small fiddly components are exceptionally helpful.
Hot air SMD rework station
An SMD rework station is just a fancy name for hot air station. It has a nozzle that outputs air hot enough to melt solder. If you are working with miniscule surface mounted devices or components, then an SMD rework station is something that you really aught to have. Especially when it comes to installing or removing larger surface mounted devices such as IC (integrated circuit) chips.
Kapton tape
A great companion to a hot air station is the Kapton tape. This is a heat resistant adhesive tape. It is useful in that it allows an operator to localise any heat from the hot air station, by applying the insulative kapton tape to the surrounding componentry. Kapton tape is especially useful in preventing many tiny components from accidentally falling off a PCB when the user applies heat to a large neighbouring component. This happens a lot when dealing with any larger logic ICs, because they tend to be surrounded with many tiny surface mounted ceramic capacitors. Which are needed to provide them with apt power.
Shrink wrap
A great step up from using electrical tape to insulate connections in wires is by using shrink wrap. Shrink wrap is more water resistant and offers a more permanent and professional looking insulation to connections.
Lighter
A lighter is a great cheap alternative to a hot air station or heat gun, when you want to shrink heat shrink.
Pen and pad
Good for taking on the fly notes and sketching schematics, diagrams, or what have you. I think that nothing beats the convenience of using a pen and pad to jot down whatever pops into mind.
Small containers
A couple of small containers on the desk are an absolute must for working continuously in an organised manner. I have several knocking about; including a long metal tray for holding screws, a small pot for holding small garbage like solder from a vacuum pump or wire and tape trimmings, and a glass ashtray for holding various components. It’s good to have several little containers like this with dedicated uses.
Work mat
A good mat is necessary to protect your work table from any damage. I personally use a small cutting mat for everything, including soldering. Although a silicon heat map would be more appropriate for that, but a cutting mat has more general applications. Mats are especially useful for tables with multiple uses, such as writing or drawing. Tables that are better left unscratched and flat.
Mobile light source
Mobile light sources include devices like: torches or desk lamps. These are necessary for seeing small details, such as silkscreen on an IC chip, and especially useful for photography which often requires higher levels of light for the camera to capture details properly.
Cleaning supplies
Every repair will need a good clean at some point. This is a bit of a catch all category for the general cleaning stuff that I use. I keep a fair range of stuff close to hand. Firstly, I have a couple of dirty rags or shop towels, these are for either really dirty devices, or devices that are contaminated with something that means I’ll have to chuck the rag after use. Secondly I have some clean microfibre cloths for wiping down display screens and the like. These are for light dusting and polishing jobs essentially. Thirdly, I have a paintbrush which I use for cleaning dust out of difficult areas on devices, such as from between the fins of a heatsink or from a populated PCB board in general. Essentially for removing the bulk of dust from uneven and crowded surfaces.
I also carry cleaning solutions. In addition to the solvents like isopropyl alcohol, I also carry two spray bottles. One is filled with tap water and the other is filled with a 10:1 tap-water and washing up liquid mix. The dilute washing up liquid, I use as a catch all cleaning agent. Its good as a basic emulsifier, allowing me to remove oils from a device. It is also generally good for removing random sticky stains and substances from a device without damaging it. For example as an initial wet wipe down of a filthy monitor screen. The clean water bottle is used to aid the removal of any sticky residue that may linger after the application of the washing up solution. I keep cleaning with just water until the device chassis (or screen, or whatever) has no residue of any cleaning agent left on it.
Additionally I also use cue tips or earbuds. These are very effective at cleaning in very localised areas. I mostly couple these with some isopropyl alcohol; by soaking the earbud’s head in alcohol it can very effectively remove both caked on dry thermal paste or wet paste from CPUs without leaving any residue or contaminants.
Nice-to-haves
Soldering iron tip tinner
This is a specialised tool that just cleans soldering iron tips. It’s more convenient to use than tinning a soldering iron manually using leaded solder. But the results are basically the same.
A good wire stripper
A good wire stripper is a tool that will quickly and reliably strip insulation from wire. Its a tool of convenience, enabling a user to strip wire in a fraction of the time that it would take to do so with a side cutter or knife.
Solder mask and UV curing torch
If you work a lot with PCBs. For example repairing water damaged PCBs that have violently short-circuited to the point that they incurred burnt out sections. After scraping out all potential conductors such as the burnt out materials. A solder mask paste, is useful for sealing and insulating the damaged sections afterwards. It is what I consider a permanent and professional repair. The accompanying UV torch, assists the solder mask in drying quickly. A hacky alternative to filling blown holes in PCBs with solder mask, would be to use hot glue.
Oscilloscope
Oscilloscopes are useful if you get into analysing and repairing devices that deal with a lot of logic or sound signals. Things like computers and audio amplifiers. Where you’ll need to measure the signal outputs of various ICs in order to track down where the fault lies.
Hot glue gun
This is the hacks best friend. I use it a lot in in prototypes and as a way to make “temporary” repairs to various devices. Its great for filling in gaps in repaired plugs, and chassis, and even for setting electronics into a box.
Soldering gun
A powerful (~200 Watt) soldering gun is useful in any instance where you need a significant jump from the everyday soldering iron. It has the thermal mass and watt output to effectively solder to large heatsinks, such as a metal chassis. Soldering guns are also useful for effectively melting/welding plastics when coupled with a wide tip and low temperature setting.
PCB board holder
Useful for securing a workpiece. It is as useful as the helping hands, but more specialised due to it’s design being specialised for holding PCB boards only.
Precision screwdriver set
If you already have a screwdriver kit or the multi-bits kit you may either encounter screws that are too small for your screwdriver set, or screws that are deeply recessed into a device. The thin channel of the screws recession may be too deep and/or too thin for the larger screwdrivers.
Desktop fan
Its just a fan. It blows the fumes away from your face as you work, and helps cool workpieces down quicker. It’s nice to have when you want it, but in most cases it is unnecessary.
Filter mask
Necessary if you work with any really toxic fumes. I am not talking about rosin flux fumes when I say toxic. I’m referring to using a filter mask when melting/welding plastics.
Temperature sensor module
A largely single use tool that is good for calibrating a temperature controlled soldering iron (which has the function of temperature calibration).
Forceps
This is good for reaching deep into larger devices and clipping to and pulling specific objects around.
Isolation transformer
If you intend to work on any mains powered devices, then an isolation transformer is a must for safety concerns. Its another line in defence between you and death by electricity.
Useless dreck
Cheap vacuum desoldering pump
They don’t generally have the suction necessary to be worth using.
Cheap wire stripper
They tend to cut deeper than the insulation and cut strands within the wire. They are not better than a set of clippers or even a knife. There is no reason to use this type of wire stripper above more general tools.
Flux pens
They tend to contain diluted low quality rosin flux that lost the majority of it’s effectiveness of helping solder flow, in return for being in a true liquid form. Which allows it to wick in the pen. If you want a low quality flux in pen form. This is for you. It may useful for applications of SMD soldering. However it doesn’t make a notable difference over soldering with just flux core solder.
Alcohol based liquid flux
The flux is less effective due to being diluted in alcohol. Its effectiveness is reduced to the point that it doesn’t have a notable difference over using a flux core solder alone. The flux itself however is much easier to apply because it is a liquid. Rather than the pure rosin flux which is an amber like solid, or flux paste. This type of flux tends to be marketed as a no mess or no residue flux, that claim is true. However it is not a very effective flux.
Heated vacuum desoldering pump
The one I have, had a fragile tip that cracked due to the heat and use. It is also a thermoregulated unit; that has no way for the operator to control the actual temperature output. It outputs heat that can easily damage a work piece if held on it too long, at the same time it may not melt the solder in a timely manner. The actual vacuum pump mechanism however is serviceable.
Soldering iron sponge
I generally do not like soldering iron sponges due to the fact that they require watering first, and when you actually use it to clean solder off of the soldering iron, the cold moisture of the sponge causes a sudden thermal loss in the iron. Meaning that the user will have to wait for the iron to reheat after each cleaning. I just find that the iron wool tip cleaners are just superior as they do not require prep to clean the soldering iron, nor do they cause thermal loss in the iron, and finally they even clean the tip better than the sponge does. Tip cleaners can scrape oxidation from the iron’s tip, which the wet sponge can not.
Closing thoughts
I should mention that the categories of tools are based on my particular use cases, skill set, and preferences. Yours may and likely will vary. I have categorised the tools according to my general needs; putting the core list of tools that I use with most projects in ‘necessities’, the specialised tools that I seldom use but enjoy having in ‘nice to haves’; and finally the tools that I either did not enjoy using or had other tools (including general use tools) that did their jobs better, into the ‘useless dreck’.
Just because I categorised the various tools as such does not mean necessary that others would do the same. A lot of it is based on taste and personal priorities as well. The various rosin flux products come to mind as a good example of this. The ones in the ‘useless dreck’ categories are not without merit, it’s just that I did not care for them.
I hope this crude little list is of some value (if not then at least entertaining) to you.
In a bid to make more immediately useful content, I’d like to start recommending some of the various tools that I use. In this case it is an online service. Namely Mozilla’s Firefox Monitor; or more to the point, it is actually the website: haveibeenpwned.com (HIBP), which Firefox Monitor uses to enable it’s service.
What do they do?
In essence Firefox Monitor and HIBP are used to check whether or not an email address is associated with a recorded data-breach. Keyword: “recorded”. It does this by using a database of known breaches provided by haveibeenpwned.com.
The purpose of this service is to allow people to ascertain whether or not, an online account (and the user information there in) associated with the email address: has been compromised in a known data breach; and thus in need of immediate remedy. Things like: changing passwords, recovery phrases, and generally being aware that any potentially sensitive information associated with that account, such as: full name, mother’s maiden name, GPS location, education, birth date, telephone, city, school, or business information has now circulated within the hacker community.
Additionally, it helps to know which company is to blame for the spike in volume of spam and phishing emails, that will most certainly accompany said breach. I don’t know about yourself, but that’s something I’d certainly like to know.
Why is this service important?
It is my belief that every solution begins with awareness, the awareness of the problem. Only then can we move to better the situation. This tool gives you exactly that.
In my opinion, the main reason why I think this tool is important is because the companies involved in the data breaches themselves are loath to make their customers aware of them. Even though it is in their user’s best interests; it is not in the businesses best interests to advertise any breaches beyond the legally mandated/enforced minimum. Furthermore, who knows what that actually even is when dealing with global or multinational companies that operate over many legal jurisdictions. This is especially true when dealing with larger companies with entire legal teams at their disposal.
This service is important because (still just my opinion): companies in general tend to quietly patch any security vulnerabilities as they find them, and move on hoping no-one has noticed. This is especially true when there is no internally confirmed security breach.
Whenever a confirmed breach does happen, the first thing that the company responsible does is downplay the scope and severity of it. This may (and probably does) include: not even publicly reporting the breach until it is already made public elsewhere, often at a much later time. In many cases there is even resistance to acknowledge fault after the breach is made public. This is most likely a bid to exonerate themselves of any potential legal liabilities involved.
At the very least acknowledgement of fault could be seen as weakness. Weakness that will shake public confidence in the company and/or service. Therefore it is in their best interest to maintain the general illusion of control and/or competence. It’s corporate PR 101. It’s just a shame that the company and it’s users’ interests don’t align within this circumstance.
Why should people use these tools?
Both Mozilla Firefox Monitor and HIBP are free to use publicly available tools. Both tools come from reasonably trusted sources. Firefox Monitor is the product of an open-source community driven effort, giving it a certain level of transparency. And HIBP was developed by Troy Hunt, an authority on the topic of digital security. Even if you don’t know who Mr Hunt is (and I didn’t prior to this post), the fact that the Mozilla team decided to use his HIBP database for Firefox Monitor means that they are vouching for it.
More importantly, the tools themselves can assist an individual with regards to protecting their personal information online. They do this by allowing the individual that exact thing that I mentioned earlier: awareness. Awareness of whether or not that person’s email associated account information has been circulated, and which company is at fault for it.
For example: if you used the tool and because of it now know that, an account associated with your email with company X has been breached; and along with that breach your “security questions” were revealed. Then now you know to both remove, and not to use those particular security questions, with any future account … ever. As they are basically permanently compromised. Forewarned is forearmed.
taken from https://github.com/mozilla/blurts-server
Difference between Firefox Monitor and haveibeenpwned?
Firefox monitor is a very slimlined version of the HIBP tool that gives the lay user just what they need, without overwhelming or putting off said lay user. It is rather idiot proof; merely requiring user’s to input their emails and press enter. That’s it. Firefox monitor also has been bundled in with a few basic articles on good security protocol, that may be helpful to the average user. Common sense stuff a lot of it, but you know what they say about common sense.
Although Firefox is the simpler tool to use, it must be said that HIBP is a far more robust tool. And the one that I recommend. This is because in addition to searching email addresses, it allows searching via: passwords, and domain names. The website also allows users to browse a catalogue of breached websites without running a search. Extracts below.
Ever wondered how many accounts have been breached because they used the password “love”? Wonder no more. According to HIBP, its 356006 times.
I have also perused a nice little selection of companies from HIBP’s catalogue of known breaches that you may find interesting.
Personal experience with a data breach.
Just an aside if anyone is interested. From reading the above “Why is this service important?” section, you might have gotten the idea that I may be ever so slightly cynical about the companies involved in security breaches like these.
Frankly speaking, whenever data breaches do happen, I do not consider the corporations involved to be “victims” of cybercrime, as many others seem to do. It is a nauseating sentiment. One that condones bad behaviour. This is because it is my personal belief that the vase majority of the cases are due to one core thing: a dereliction of duty. Them failing in their duty to protect the data that they collected. Little more.
In addition to consuming the various news articles about data breaches over the years. Ones that had the general themes of corporate incompetence. Like for example: employees carrying around sensitive data on unencrypted thumb-drives, only to lose them on the train. I also have a few examples of companies that leaked my very own personal information. All of this has coloured my opinions thus.
The most memorable is the online virtual tabletop gaming website roll20.net. The thing that rubbed me the wrong way about them is that at no point during the process did they ever take any accountability for allowing it to happen. They did eventually outline what information was taken, but they never offered an apology for their lax in security. Instead they covered it up with boiler plate (legal friendly) corporate speak.
Example: “The investigation identified several possible vectors of attack that have since been remedied. Best practices at Roll20 for communications and credential cycling have been updated, with several code library updates completed and more in development.” Assuming that is indeed true, the same could literally be said by any company involved in a similar data breach – just change the names.
Although from what I understand by reading the article that they linked in their post, technically (purely technically) this appears as though it’s not their fault. But rather it was due to the underlying technology that they used. At least that is the implication presented. I’d argue that they still made the decision to use said tech, and thus vouched for it by doing so. Making them responsible, at least tangentially. At least enough for a simple sorry. The closest their customers got to an apology was a “Frankly, this sucks.” Writing it in an official company blog post that they passed for a conclusive public report; authored by Jeffrey Lamb, the Data Protection Officer.
I remember thinking at the time that whoever was writing this was good at the bland formalities of corporate speak, but otherwise is (and excuse my French): a fucking dickhead. You have to keep in mind reader, that they only knew of their own data breach because of a third party report. One that was published months after the fact. The report was published in February of 2019, and the breach happened (according to Mr Lamb) sometime late 2018. No apology warranted, not even for missing the hack, until a third party told you about it months after the fact. They then go on write their conclusive report in august of 2019. So nearly a year, between data breach and the final public debrief, where they outline exactly what data was exposed. I call that incompetence. “Data Protection Officer” more like resident salary sucker.
The ultimate lack of accountability is what really rubbed me up the wrong way here. And why would they be accountable, there is little in the way of consequence it seems for these messes. There are even examples of customers defending roll20 in the comments, referring to them as “victims” of cybercrime. They aren’t the victims here idiot, you are! I’ll include some choice examples of this for your entertainment. Its customers like that, that make businesses feels like they don’t have to be accountable either for their actions, or in this case general inaction with regards to proactively protecting customer data. Please read through the example comment thread.
You really can’t reason with people like that. They have too much emotional stock in a corporation to admit to themselves that they got screwed by it. There were even people actually praising roll20 for it’s meagre efforts. A sum total of 2 blog posts, some notice tweets/emails, and for patching a hole in their own boat. Thanks roll20, stellar job. Shame about all my cargo sinking to the seafloor for the bottom feeders to enjoy. I mean you only lost my full name, my IP address (so my physical location), my password, oh and some of my credit card data. Don’t worry about that roll20 (not like you would), that’s my problem. Fuck those types of customers. Wankers.
Moving on. Another example of a gormless entity losing my data is ffshrine.org. A final fantasy fan site that I registered with in 2010 I believe; and haven’t used that account since 2010. Ideally, they would have flagged the account as non-active and deleted it after a couple of years. But alas, instead they just kept whatever details I gave them for the five years until their 2015 data breach. Where they lost subscriber passwords and email addresses. No warning email post event, nothing. Radio silent. I had a similar experience with tumblr back in the day. Radio silent. No accountability. Are you sensing a theme here, dear reader?
Closing thoughts.
I have written far more here then I initially wanted to, so I will keep this summary short. Tools like haveibeenpwned and Firefox Monitor are things that you as an individual can use to help protect yourself in cyberspace. They can help you take proactive measures to safeguard your own data. They can also show you evidence that the large corporations really aren’t as professional or as infallible as they like to appear.
And that when, they make mistakes; mistakes such as losing your data. It is often you that has to bare the brunt of the repercussions, with little if any repercussions to them. Maybe they incur a temporary stock dip. But the fact of the matter is, they’ll recover from it. However whatever data you provided them for safe keeping, well that’s now permanently out there. Enjoy.
For example. To this day I still get phishing emails that say something like: “hey MY_FULL_NAME, YOUR_BANK has detected multiple login attempts using PASSWORD_FROM_FFSHRINE.ORG to login. We have frozen your account because we suspect fraudulent activity. Follow the obviously dodgy link provided and give us your security questions to fix this.” Although I can recognise a phishing scam when I see one, many technology illiterate users can not.
And make no mistake, the companies that were lax in their security. The one’s that have the attitude that breaches happen; are the exact ones to blame for the perpetuation of the black market information economy. An economy that preys on people; the real victims. The people who trusted these corporations with their data, thinking it in safe hands. Not the corporations themselves whose lack of diligence and general incompetence allowed for the data that they were trusted with to be exposed.
Jeez… that got a bit preachy towards the end. Didn’t it? Sorry about that. It’s just seeing companies fobbing off their responsibilities, and then seeing customers with Stockholm syndrome defending these same companies against criticism – really ruffles my feathers.
