Features

Not so IDLE hands: FBI program offers companies data protection via deception

The FBI's IDLE program uses "obfuscated" data to hide real data from hackers and insider threats, making data theft harder and giving security teams a tool to spot illicit access.

Enlarge / The FBI’s IDLE program uses “obfuscated” data to hide real data from hackers and insider threats, making data theft harder and giving security teams a tool to spot illicit access.
Getty Images

The Federal Bureau of Investigations is in many ways on the front lines of the fight against both cybercrime and cyber-espionage in the US. These days, the organization responds to everything from ransomware attacks to data thefts by foreign government-sponsored hackers. But the FBI has begun to play a role in the defense of networks before attacks have been carried out as well, forming partnerships with some companies to help prevent the loss of critical data.

Sometimes, that involves field agents proactively contacting companies when they have information of a threat—as two FBI agents did when they caught wind of researchers trying to alert casinos of vulnerabilities they said they had found in casino kiosk systems. “We have agents in every field office spending a large amount of time going out to companies in their area of responsibility establishing relationships,” Long T. Chu, acting assistant section chief for the FBI’s Cyber Engagement and Intelligence Section, told Ars. “And this is really key right now—before there’s a problem, providing information to help these companies prepare their defenses. And we try to provide as specific information as we can.”

But the FBI is not stopping its consultative role at simply alerting companies to threats. An FBI flyer shown to Ars by a source broadly outlined a new program aimed at helping companies fight data theft “caused by an insider with illicit access (or systems administrator), or by a remote cyber actor.” The program, called IDLE (Illicit Data Loss Exploitation), does this by creating “decoy data that is used to confuse illicit… collection and end use of stolen data.” It’s a form of defensive deception—or as officials would prefer to refer to it, obfuscation—that the FBI hopes will derail all types of attackers, particularly advanced threats from outside and inside the network.

Going proactive

A recent FBI Private Industry Notification (PIN) warned of social engineering attacks targeting two-factor authentication.

Enlarge / A recent FBI Private Industry Notification (PIN) warned of social engineering attacks targeting two-factor authentication.

In a discussion about the FBI’s overall philosophy on fighting cybercrime, Chu told Ars that the FBI is “taking more of a holistic approach” these days. Instead of reacting to specific events or criminal actors, he said, “we’re looking at cyber crime from a key services aspect”—aka, what are the things that cybercriminals target?—”and how that affects the entire cyber criminal ecosystem. What are the centers of gravity, what are the key services that play into that?”

In the past, the FBI got involved only when a crime was reported. But today, the new approach means playing more of a consultative role to prevent cybercrime through partnerships with both other government agencies and the private sector. “If you ever have the opportunity to go to the courtyard at FBI Headquarters, there’s a quote there. ‘The most effective weapon against crime is cooperation, the efforts of all law enforcement and the support and understanding of the American people.’ That can not be more true today, but it expands from beyond just law enforcement to the private sector,” Chu said. “That’s because we’re facing one of the greatest threats that our nation has ever faced, arguably, and that’s the cyber threat.”

An example of that sort of outreach was visible in a case Ars reported on in March—that of the casino kiosk vendor Atrient. FBI Las Vegas field office and FBI Cyber Division agents picked up on Twitter posts about an alleged vulnerability in Atrient’s infrastructure, and the agents connected the company and an affected customer with the researchers to resolve the issue (which, in Atrient’s case at least, went somewhat awry). But in these situations, the FBI now also shares information it gathers from other sources, including data gathered from ongoing investigations.

Sharing happens a lot faster, Chu said, when there’s a “preexisting relationship with our partners, so we know exactly who we need to call and vice versa.” And information flows faster when it goes both ways. “Just as we’re trying hard to get the private industry information as fast as possible, it’d be a lot more effective if we’re getting information from the private industry as well,” he said. Exchanging information about IP addresses, indicators of compromise, and other threat data allows the FBI to aggregate the data, “run that against our databases and all our resources, and come up with a much stronger case, so to speak, against our adversaries,” Chu noted, “along with trying to attribute or identify who did it will prevent further attacks from happening.”

Some information sharing takes the form of collaboration with industry information sharing and analysis centers (ISACs) and “Flash” and “Private Industry Notice” (PIN) alerts on cybercrime issues. And to build more direct relationships with companies’ security executives, the FBI also offers a “CISO Academy” for chief information security officers twice a year at the FBI Academy in Quantico, Virginia. Attendees are indoctrinated on the FBI’s investigation approaches, and they learn what kind of evidence needs to be preserved to help spur investigations forward.

But for some sectors of particular interest, the FBI is now trying to get a deeper level of collaboration going—especially with companies in the defense industry base (DIB) and other critical infrastructure industries. The FBI sees these areas as crucial industry-spanning networks, and it hopes to build a defense in-depth against cyber-espionage, intellectual property theft, and exposure of other data that could be used particularly by other nations in a way that could impact national security or the economy.
That’s precisely where IDLE comes in.

5G deployment stands ready to supercharge the Internet of Things

ISO27001 Services

Rest easy knowing we have your ISO27001 covered

ISO27001 is an Information Security Management System (ISMS) that is a systematic approach to managing personal and sensitive information and data so that it remains available, confidential and intact. It can help businesses of all sizes, in any industry sector to keep information assets secure and avoid data breach, hacks and compromise. The key benefit of ISO27001 is that it demonstrates in a real-world way that your organisation is secure and that you can be trusted to keep data secure helping to attract and retain business.

ISO 27001 is one of the most popular information security standards in the world, with certifications growing by more than 450% in the past ten years. It is recognised globally as a benchmark for good security practice, and enables organisations to achieve accredited certification by an accredited certification body following the successful completion of an audit.

ISO 27001 supports compliance with a host of laws, including the EU GDPR (General Data Protection Regulation) and the NIS Regulations (Network and Information Systems Regulations).

The more you know, the better.

Implementing ISO27001 is a lengthy process with highly technical detail. Luckily, our qualified security consultants are here to help define your scope and install your ISMS, with experience in helping businesses of all sizes to identify risks and vulnerabilities, our experts can implement a robust ISMS. 

At the end of this process, we want you to be fully prepared for your audit(s) through providing expert support, therefore we’ve simplified the jargon to give you a clear understanding on what ISO27001 is.

complete integration

Bespoke or off-the-shelf framework that's integrated as a whole.

business specific

Framework elements that are specific to your business.

business alignment

Perfectly aligned, business branded documentation and processes.

retain knowledge

Effective communication and training throughout the business.

Benefits
incident management
Discover how ISO27001, combined with our experts and knowledge, can benefit your business both financially and professionally.
  • Reduce the change of a security breach.
  • Fulfil internationally recognised security requirements.
  • Control your IT risks.
  • Ensure systematic detection of technical and process vulnerabilities.
  • Minimise your IT risks of possible damage and costs.
  • Lower your costs through more effective management.
  • Implement information and data confidentially.
  • Increase your level of trust with all your partners, customers and the public.
  • Gain a competitive edge with ISO27001 compliance.
  • Implement a tried and tested framework for addressing security compliance requirements.
Features
We solve the compliance problems that plague professional businesses. Our consultants work with you to help establish ISO27001 in your workplace.
  • From start to finish
  • Delivery from across all, or part of, the compliance life cycle.
  • Delivery options
  • Delivery off-the-shelf or bespoke or anywhere in between.
  • Great support
  • Friendly and accessible engagement.
  • Committed to you
  • Focused on delivering our services according to your business objectives.
project management
Training

One of the most important aspects around Compliance is training personnel to be compliant and remain compliant. People are often the weakest link, with 35% of all incidents caused through personnel whether deliberately or accidentally. This is why it is so important for your organisation to ensure that your personnel receive the compliance training that they need.

Discover how ISO27001, combined with our experts and knowledge, can benefit your business both financially and professionally.
  • Business specific training
  • We produce training materials specifically fo your business.
  • Wide variety of resources
  • Documentation, videos, images, PowerPoint slides or quizzes. The options are endless.
  • System integration
  • Integrating training resources into your learning management system (LMS) using our Moodle publishing platform or hosting your training on our platform.
  • Engaging end prodcut
  • We turn all resources into an educational training product.

Benefits of working with us

With us, you can skip the headache and be confident that your business is compliant. We take the pressure off of you and guide you through the compliance life-cycle one step at a time.

Guaranteed certification

We guarantee ISO27001 certification providing you follow our advice.​​

Wide range of tools

ISO27001 methodologies, tools, processes and documents off-the-shelf to save you cost, time and effort

Highly Skilled Experts

Experienced consultants that have successfully delivered ISO27001 in challenging situations.​

Modular

Delivering all or only those aspects of ISO27001 that you need saving costs, time and effort.

any business. any size

Across different industries and organisations of all sizes, delivering ISO27001 successfully.​​

Real-world experience

You benefit from our real-world consultant expertise, not just academic and certification knowledge.​

No surprises

Our pricing, proposals and delivery are completely transparent.

Timely delivery

For most small businesses, we can put ISO27001 fundamentals into place within 3 months.

Our approach

We are flexible and modular. This means that we can flex and size according to your business requirements.

connect_final

Connect

We understand your business objectives in regard to ISO27001 and engage with the stakeholders and customers that have a vested interest in ISO27001 compliance and can help with successful delivery.

prepare

Prepare

Having understood your business objectives for ISO27001 and security, we are in a position to present what success looks like. We take on-board comments and modify as a result. The outcome is a strategy and plan for successful delivery.

visualise

Implement

We then can present the working methodologies, tools, processes, documents and training to implement your ISO27001 compliance requirements.

implement

Auditing and Monitor

We can now support you in your final ISO27001 audit . We are available to present the ISO27001 audit on your behalf or to lend assistance.

As a result of the audit, any further improvements to your ISO27001 implementation can be quickly and easily implemented.

As trusted by

We transform the way these companies manage their security.

Other services
Contact us

I created my own deepfake—it took two weeks and cost $552

Compliance services

Awareness is key

There are many statutory, regulatory and elective compliance standards. ITSecurity.Org have worked with all of the security related standards and can deliver cost-effectively, flexibly according to business requirements. Choose the specific compliance requirement below for more information on how we can deliver for you.

ISO27001

The Information Security Management Systems Standards (ISMS).

ISO27002

The more detailed Information Security Management Systems Standards (ISMS).

GDPR

The EU requirements for privacy and data protection.

ISO22301

The standard for Business Continuity.

PCI DSS

Standard for merchants taking electronic payments.

Data Protection Act 1998/2018

The UK statutory requirements for Data Protection.

Delivery throughout the compliance life cycle

To keep operations running smoothly, you need to be compliant in every aspect of your business. We help business owners understand how to be compliant and empower their employees to follow and understand the most up-to-date rules and regulations. We’re here to guide you every step of the way.

Documentation

Accessible documentation including policies, standards, procedures, guidelines and training.

Defined Processes

Tailored processes aligned with your business and internal practices.

Security audits

Audit preparation and support to ensure your business passes compliance requirements.

Bespoke training

Specialised training for your business, targeting all areas regardless of role.

Run a better business

One of the most important aspects around Data Protection is training personnel to be compliant and remain compliant. people are often the weakest link with 35% of all incidents caused through personnel whether deliberately or accidentally. This is why it is so important to your organisation to ensure that your personnel receive the compliance training that they need.

Training

It all comes down to retaining knowledge. We give businesses training in the ever-changing world of compliance. Helping you stay up to date and address changes before they become problems.

  • Wide range of resources specific to your organisation: documentation, videos, photos, images, PowerPoint slides and quizzes are just a few ways we can help. 
  • We can turn all your resource into an engaging educational training product.
  • Integration into your Learning Management System (LMS) using our Moodle publishing platform or your training can be hosted on our training platform.

Transform the way you manage your business

With us, you can skip the headache and be confident that your business is compliant. We take the pressure off of you and guide you through the compliance life-cycle one step at a time.

data protection officer
Benefits

We have a proven track record of successful delivery with a wide range of clients.

  • Across different industries and all size organisations, meeting specific business objectives and goals.
  • Methodologies, tools, processes and documents off-the-shelf to save you cost, time and effort in achieving your compliance requirements.
  • Experienced consultants that have successfully delivered in challenging environments.
  • Delivering only what you need, saving costs, time and effort.
data-protection-officer-close-up-374820
Features

We have a proven track record of successful delivery with a wide range of clients.

  • Delivery across all, or part of, the compliance life-cycle.
  • Delivery of bespoke requirements.
  • Friendly and accessible engagement.
  • Entirely focused on delivering according to your business objectives.

Our approach

We are flexible and modular. This means that we can flex and size according to your business requirements.

connect_final

Connect

We understand your business objectives and engage with the stakeholders and customers that have a vested interest in compliance and can help with successful delivery.

prepare

Prepare

Having understood your business objectives we are in a position to present what success looks like. We take on-board comments and modify as a result. The outcome is a strategy and plan for successful delivery.

visualise

Implement

We then can present the working methodologies, tools, processes, documents and training to implement your compliance requirements.

implement

Auditing and Monitor

We can now support you in the final audit being available to present the audit on your behalf or to lend assistance.

As a result of the audit, any further improvements can be quickly and easily implemented.

Other services
Contact us

Ars Technica’s ultimate board game gift guide, 2019 edition

Ars Technica’s ultimate board game gift guide, 2019 edition

It’s that time of year again—time to buy more board games than you possibly have time to play.

To aid you in your quest, we’ve once again updated our massive board game buyer’s guide for the year by adding new entries, pruning some old ones, and bringing things in line with our current thoughts. This isn’t necessarily a list of our favorite games of all time; it’s just a big list of games we’re recommending in 2019. The list is divided into sections that cater to different audiences, and we think there’s something here for just about everyone.

Whether you’re looking to pick up your next cardboard obsession or need a gift idea for your weird cousin who’s always going on about “efficient resource trade routes,” you’re in the right place.

Table of Contents

For fun, here’s a giant gallery of the box art for every game in this guide:

Note: Ars Technica may earn compensation for sales from links on this post through affiliate programs.

Guidemaster: Nine gift ideas for the tech enthusiast in your life

  • There are many statutory, regulatory and elective compliance standards. ITSecurity.Org have worked with all of the security related standards and can deliver cost-effectively, flexibly according to business requirements.
Compliance Badge ISO27001

ISO27001

The Information Security Management Systems Standards (ISMS) ISO27001

ISO27002

The more detailed Information Security Management Systems Standards (ISMS) ISO27002

Compliance Badge 22301

ISO22301

The standard for Business Continuity Business Continuity

Data Protection Act 1998/2018

The UK statutory requirements for Data Protection Data Protection

Compliance Badge GDPR

General Data Protection Regulation (GDPR)

The EU requirements for privacy and data protection GDPR

Payment Card Industry Data Security Standard (PCI DSS)

Standard for merchants taking electronic payments PCI-DSS

Benefits

Proven track record of successful delivery

data protection officer

Features

Modular and flexible

Our approach

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.

connect_final

Connect

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. 

prepare

Prepare

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. 

visualise

Visualise

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. 

implement

Implement

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. 

connect_final

Connect

Lorem ipsum dolor sit amet

prepare

Prepare

Lorem ipsum dolor sit amet

visualise

Visualise

Lorem ipsum dolor sit amet

implement

Implement

Lorem ipsum dolor sit amet

Why clients choose us to help with their [service name]

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.

Professional & Courteous

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.

Highly Skilled Experts

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.

Timely Delivery

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.

A deep understanding of IT Security

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.

advice you can trust

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.

In depth training & support

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.

Other services
Contact us

Win part of a $4,500 prize pool in the 2019 Ars Technica Charity Drive

Just some of the prizes you could win by entering our Charity Drive sweepstakes.

Enlarge / Just some of the prizes you could win by entering our Charity Drive sweepstakes.

It’s once again that special time of year when we give you a chance to do well by doing good. That’s right—it’s time for the 2019 edition of our annual Charity Drive.

Every year since 2007, we’ve been actively encouraging readers to give to Penny Arcade’s Child’s Play charity, which provides toys and games to kids being treated in hospitals around the world. In recent years, we’ve added the Electronic Frontier Foundation to our annual charity push, aiding in their efforts to defend Internet freedom. This year, as always, we’re providing some extra incentive for those donations by offering donors a chance to win pieces of our big pile of vendor-provided swag. We can’t keep it (ethically), and we don’t want it clogging up our offices anyway. So, it’s now yours to win.

This year’s swag pile is full of high-value geek goodies. We have over 50 prizes amounting to over $4,500 in value, including game consoles, computer accessories, collectibles, smartwatches, and more. In 2018, Ars readers raised over $20,000 for charity, contributing to a total haul of more than $300,000 since 2007. We want to raise even more this year, and we can do it if readers really dig deep.

How it works

Donating is easy. Simply donate to Child’s Play using PayPal or donate to the EFF using PayPal, credit card, or Bitcoin. You can also support Child’s Play directly by picking an item from the Amazon wish list of a specific hospital on its donation page. Donate as much or as little as you feel comfortable with—every little bit helps.

Once that’s done, it’s time to register your entry in our sweepstakes. Just grab a digital copy of your receipt (a forwarded email, a screenshot, or simply a cut-and-paste of the text) and send it to [email protected]l.com with your name, postal address, daytime telephone number, and email address by 11:59pm ET Monday, January 6, 2020. (One entry per person, and each person can only win up to one prize. US residents only. NO PURCHASE NECESSARY. See official rules for more information, including how to enter without making a donation. Also refer to the Ars Technica privacy policy.)

We’ll then contact the winners and have them choose their prize by January 31 (choosing takes place in the order the winners are drawn).

The prizes

Here are quick descriptions of some of the biggest, most desirable prizes in this year’s contest. See page two for a complete list of available prizes.

Gears 5 Xbox One X bundle

Get in on 4K gaming with this console bundle. It includes a black 1TB Xbox One X, a downloadable copy of Gears 5, two controllers, a controller charging dock, an art book, Gears 5 novelization, a Marcus Fenix toy, a branded Rockstar energy drink can, and more.

GAEMS G170 Sentinel Personal Gaming Environment

Take your HD gaming on the go with this combination console carrying case and 17.3″ IPS FHD display. It features improved sound quality and viewing angles over previous GAEMS carrying cases, and it comes with a power supply, accessory bag, cables, and a remote control.

Logitech G Powerplay wireless charge gaming mouse set

Enjoy the freedom of a wireless gaming mouse without the hassle of having to stop the action to plug in or replace the batteries, thanks to the wireless induction charging in the G Powerplay charging mat. This includes the charging mat (with hard and soft surfaces), G703 and G903 series mice, accessories, and cables for wired gaming options.

Sega Genesis Mini and “Tower of Power” accessories

The Genesis Mini is one of the finest “plug and play” retro consoles out there. But it becomes even cooler with the cosmetic “Tower of Power” set, which adds a miniature replica Sega CD, 32X, and a Sonic the Hedgehog cartridge to the mix. While the “Tower of Power” bundle is on sale in Japan, this US edition was provided exclusively to press.

Nothing grabbing your eye yet? The next page has dozens more prizes you can win by entering. Have a look!

Can 5G replace everybody’s home broadband?

Artist's impression of how fast your house might one day be with 5G mobile broadband.

Enlarge / Artist’s impression of how fast your house might one day be with 5G mobile broadband.
Aurich Lawson / Getty

When it comes to the possibility of home broadband competition, we want to believe. And in the case of 5G mobile broadband, wireless carriers want us to believe, too. But whether or not technological and commercial realities will reward that faith remains unclear. As with 5G smartphones, the basic challenge here sits at the intersection of the electromagnetic spectrum and telecom infrastructure economics.

When delivered over millimeter-wave frequencies and their copious amounts of free spectrum, 5G can match the speed and latency of fiber-optic broadband, with downloads of 1 gigabit per second and ping times under 10 milliseconds. But on those frequencies of 24GHz and up, signals struggle to reach more than a thousand feet outdoors. Carriers can fix that by building many more cell sites, each with its own fiber backhaul, but a fiber-to-the-block build-out may not be appreciably cheaper than fiber-to-the-home deployments. And while residences don’t move and don’t mind wireless antennas larger than a shirt pocket—unlike individual wireless subscribers—residences also have walls that often block mmWave signals. (Presumably also unlike individual wireless subscribers.)

The other frequency flavors of 5G (the low- and mid-band ones) don’t suffer mmWave’s allergies to distance or drywall. But they also can’t match its speed or its spectrum availability—which in the context of residential broadband means they may not sustain uncapped bandwidth.

So as much as residential customers might yearn for an alternative to their local telecom monopoly—or for any form of high-speed access besides laggy connectivity from satellites in geosynchronous orbit—5G doesn’t yet rank as a sure thing. There’s a promise, but many things still need to go right for that promise to be fulfilled.

Or, as New Street Research analyst Jonathan Chaplin phrased things in an email: “If your fundamental question is ‘will 5G allow you to dump Comcast’ the answer is absolutely! Depending.”

Verizon’s bet on millimeter-wave broadband

Consider the 5G Home service that Verizon Wireless launched in parts of Houston, Indianapolis, Los Angeles, and Sacramento in October 2018 (later expanded to parts of Chicago).

At $70 a month for unlimited data—with a $20 discount if you have a $30 or higher Verizon Wireless smartphone plan—and with download speeds from 300 to 940 megabits per second, the service would compare well with cable even if so many cable Internet plans didn’t include data caps and slap on modem-rental fees.

Reddit threads about the service in Houston, Sacramento and elsewhere offer a mix of praise for its performance (including reports of upload speeds in the range of 200Mbps, significantly faster than what most cable services offer) and complaints about it not being available at individual redditors’ addresses.

Verizon's 5G Houston coverage as of December 2019, with 5G "Ultra Wideband" in dark pink. For an idea of how much of the Houston metro this covers, you can zoom out from the same location at <a href="https://www.google.com/maps/place/Houston,+TX/@29.733833,-95.429167,14z/data=!4m5!3m4!1s0x8640b8b4488d8501:0xca0d02def365053b!8m2!3d29.7604267!4d-95.3698028">this Google Maps link</a>.

Enlarge / Verizon’s 5G Houston coverage as of December 2019, with 5G “Ultra Wideband” in dark pink. For an idea of how much of the Houston metro this covers, you can zoom out from the same location at this Google Maps link.

“Towards the beginning of service, there were a few firmware issues with the modem Verizon provided, but they patched that within a month,” said a software engineer in Sacramento who asked not to be named. “Since then, there’s not been significant downtime that I noticed.”

“Overall I’m happy with my 5G,” wrote another 5G Home user in Houston who runs a crisis-management firm. “No downtime that I can remember. I don’t have my exact speeds but it seems pretty quick. More than enough for my TV streaming and Web surfing.”

“There were only a few short (less than 30 min?) cases of 5G service downtime that I can recall, and they were all mostly toward the beginning of my service, so I imagine they were able to fix those stability issues quickly enough,” wrote Vincent Garcia, a software engineer in Sacramento. “My speeds seem to be the same as when I first got the service: 300-600 Mbps down, 120-140 Mbps up.”

Garcia noted one other benefit: “One interesting thing I’ve noticed is that other ISPs in my area seem to have stepped up their game in terms of value (at least in terms of their initial contract period).”

One early fear raised about millimeter-wave 5G, that it would suffer from “rain fade” akin to what cuts out satellite-TV reception during showers, doesn’t yet appear to have emerged as a serious problem. Those Reddit discussions about Verizon’s service don’t mention it, while a Twitter search reveals no firsthand reports of rain-faded 5G.

Ashutosh Dutta, a research scientist at the Johns Hopkins University’s Applied Physics Laboratory, pointed to a 2019 study by researchers at the Indian Institute of Information Technology Kalyani and the University of Calcutta’s Institute of Radio Physics and Electronics in West Bengal, India. They found that “proper fade mitigation techniques” can keep even heavy rain from disrupting millimeter-wave communication at frequencies up to 40 GHz. Verizon’s 5G Home, at 28 and 39 GHz, sits on the forgiving side of that line.

Guidemaster: 10 tech gifts to improve the home office

It's not easy to please everyone when it comes to gifting. But trust us, everyone could use a password manager.

Enlarge / It’s not easy to please everyone when it comes to gifting. But trust us, everyone could use a password manager.
Tara Moore / Getty Images

So far, our 2019 holiday gift guide series has covered gifts for those on a budget, gifts for frequent travelers, and gifts for the home. Today, we’re turning our attention to the office and general productivity needs.

Below you’ll find another hand-picked batch of recommendations based on a year’s worth of product testing. These are thoughtful yet pragmatic gifts to help improve your friends’ and family’s work spaces through technology. From password managers to keyboards to business-friendly laptops, we know firsthand that each of the products below can make productive time less of a slog.

Note: Ars Technica may earn compensation for sales from links on this post through affiliate programs.

1Password

1Password

Most workplaces require you to have more usernames and passwords than you’d like. Instead of clicking that “forgot password” button once a week, 1Password can help organize and store all of your work and personal account credentials. As long as you can remember one password, the program will do the rest of the heavy lifting.

1Password keeps all of your usernames and passwords, along with secure notes, credit card numbers, and other sensitive information of your choosing, in a vault that’s secure using AES-256 bit encryption and a secret key that only you know. It also syncs across all of your devices, allowing you to quickly log in to any of your accounts with just a couple taps or clicks. 1Password also has browser extensions for the most popular browsers so, when you inevitably create a new account somewhere on the web, you can quickly save it to 1Password without thinking twice about it.

Solid security, seamless integration, and ease of use have made 1Password one of my most used programs on a daily basis. It’s sped up my workflow immeasurably, and I spend much less time fumbling with temporary passwords and emailed security codes thanks to it. And at $2.99 per month, it’s one of the most affordable ways you can make your work and personal lives a little bit easier.

(Ars Technica may earn compensation for sales from links on this post through affiliate programs.)

Nekteck 4-port 72W USB Wall Charger

The Nekteck 4-port 72W USB Wall Charger.

Enlarge / The Nekteck 4-port 72W USB Wall Charger.
Jeff Dunn

If your loved one has many devices that often need charging at the same time, the Nekteck 4-port 72W USB Wall Charger should make their day-to-day less of a headache. It’ll keep them in arm’s length of four USB charging ports, including a 60W USB-C Power Delivery (PD) port that’s capable of refilling nearly all recent smartphones and many Ultrabooks and MacBooks (15-inch MacBook Pro notwithstanding) at maximum speeds. Nekteck includes a three-foot USB-C to USB-C cable in the box, and there are three 12W USB-A ports alongside the PD port that can charge other accessories at a more traditional rate. (Just note that the whole thing can only output 72W total at a time, so you won’t get the full 12W out of each USB-A port if more than one is in use simultaneously.)

The charger connects via an AC outlet, but at 3.14×3.74×1.97 inches, the station itself won’t chew up a ton of room on a desk. It’s also been certified by the USB Implementers Forum—a body headed by Apple, Intel, and other tech giants that looks over the USB spec—so you can be confident that it won’t fry anyone’s devices over time. Plus, at $30, it’s good value for the amount of power it packs.

Nekteck 4-port 72W USB Wall Charger product image

Nekteck 4-port 72W USB Wall Charger

(Ars Technica may earn compensation for sales from links on this post through affiliate programs.)

Logitech Craft

The Logitech Craft keyboard.

Enlarge / The Logitech Craft keyboard.
Valentina Palladino

A good wireless keyboard can be hard to find, but Logitech’s Craft is one of the more luxurious ones that stands out. Primarily, it’s a solid keyboard that’s relatively quiet and has decent travel, and the experience doesn’t falter even after months of continuous use. It also has a great battery life—it charges via USB-C and will last weeks on a single charge, even when used every day for hours at a time. It conveniently connect to your PC via Bluetooth or the included universal USB receiver as well.

A peculiar perk is the dial that sits at the Craft’s top-left corner. It can be programmed using Logitech options (along with other mappable keys) to do different things like adjust volume, switch tabs, and edit a photo’s contrast and brightness, and more depending on the program you’re currently using. That makes it a natural pick for creatives who will find the dial’s precision better than that of a trackpad or a mouse, but it’s also just a convenient tool for regular users as well.

Logitech Craft product image

Logitech Craft

(Ars Technica may earn compensation for sales from links on this post through affiliate programs.)

Listing image by Logitech