5.5: Legal and Ethical Concerns

When you create a GitHub repository it requests a license type. Review the license types

Summarize the discussions and personal analysis on Software Licenses/Options, Digital Rights, and other Legal and Ethical thoughts from this College Board topic.

The class and my partner talked about the incense in digital spying and how nothing is ever truly free. Products like google are paid for by your information and therefore advertising. We also talked about how patterns are usually a good thing. It allows for innovation to be profitable and therefor faster. However, we thought some copyrights are being held to advantage the companies holding them and not society. Companies like disney have held copyright over character for ridiculous amounts of time. I agree with the class here and also think the same things

Make a license for your personal (blog) and Team repositories for the CPT project.

My group decided to use the MIT license for a number of reasons on both our front and back ends:

• It is widely accepted and many people are already familiar with it
• It's simple and easy to understand so people will not be intimidated by any restrictions
• It is allowed with all of our apis and gh pages

5.6: Safe Computing

Describe PII you have seen on a project in CompSci Principles.

Many students have chosen to use a login in and sign up feature on their sites. This requires them to hold sensitive information in their databases. I think this is a good example of how PII can be a bad thing even if it is not malicious. I personally do not trust myself or my classmates with my information because none of our databases are necessarily secure.

What are your feelings about PII and your personal exposure?

I use a variety of steps to keep my PII at a low online:

• I always use a second email unless it is professional related
• If a website requires a phone number, I use an emulator if they don't have protection against it
• I use caution when signing up for sites that are not well known
• I also use different passwords on every site and a local password manager to keep them all as complicated as possible

Describe good and bad passwords? What is another step that is used to assist in authentication.

A bad password could:

• Contain your name, birthday or other info associated with you
• Be the same across all sites A good password could:
• Use a variety of symbols and letters
• Be suggested by a password manager like keychain on mac

Try to describe Symmetric and Asymmetric encryption.

Symmetric encryption uses 2 keys to both encrypt and decrypt the data. It is more simple to implement and makes sense for non commercial or indie products, like what we are working on. For large companies with massive amounts of private data, they need to use asymmetric encryption to keep their data highly secure. It uses only 1 secret key only on the backend

Provide an example of encryption we used in AWS deployment.

Some people used encryption to store passwords on a public api. I thought this was a cool idea and researched it. I think it is an effective approach but I also think it would make more sense to implement a password checker which returns a unique account key every time you log in

Describe a phishing scheme you have learned about the hard way. Describe some other phishing techniques.

I have been lucky not to have fallen for any phishing schemes. Some phishing techniques are:

• Using a fake website to convince users to input their data
• Emailing people with links that are attempting to take local data of their computer
• And much more

Test your knowledge - extra