An article from Private WiFi’s CEO, Kent Lawson, raised interesting points about online privacy attitudes among younger people.

The article presented some interesting thoughts from Ella Hickson, a young playwright. Ella notes she is more aware of the value of privacy and puts forth the idea that most of the younger generation thinks in terms of an “inner circle of friends” and “our public self.” She further relates that we want this public self or persona out there “on billboards,” and that the whole point of this carefully constructed and controlled persona is that “it is seen.”

As she noted in the piece:

“I think the kind of ‘all hanging out there’ that we see on social networking sites, etc., is more duplicitous than it seems. The things that we have total access to are, of course, highly controlled by those that are putting it there for the most part. Very rarely is anything being posted ‘about’ someone that they aren’t posting themselves.”
I can’t disagree with Ella, and find her comments very insightful. Most postings on social networking sites are carefully controlled by the person who “owns” the page. We can think of this persona as our billboard where we advertise the self we want people to see, and what they get to see is very definitely filtered by what we want them to know about us. She is absolutely correct in that we don’t put our dirty laundry on Facebook, just the “good stuff.”

Where I see a flaw in her outlook on privacy is in a lack of knowledge about how many different types of exploits are used to trap personal information, both for “legitimate” marketing purposes, and by those who wish to do us harm.

It should be remembered that in regarding social media sites, we users are their income stream, not their customers. Their customers are the many entities that want to access our information for sales and marketing purposes. Mobile apps and social networking apps and games want access to our user information for a marketing reason.

And, many of those who would do us harm are very bright and capable, and find many ways to “social engineer” or otherwise exploit our public presence to gain information that is then used to harm us.

Preventing Online Crime

Stalking, identity theft, scams, and other criminal acts all succeed best when the perpetrator has knowledge of his or her intended victim. The fact that the information the criminal started with was our public information does not make it any less useful. As an example, about a year ago I spent a few hours investigating geo-tagging,” which is where a cellphone or smartphone takes a photo and embeds the GPS location information directly in the image file. Most current phones with cameras have this ability, and each device may or may not be configured to geo-tag each photo.

Having read about this, I was curious to find out whether photos posted to Facebook would have the information, and whether it was difficult to use. I downloaded about 20 photos from a variety of friends’ Facebook pages. Most did not have the embedded location information, but four of them did. Using that information and Google Maps, I was able in a few seconds to see the location, and even zoom in and look at the home involved.

That’s more than a little scary – that’s a great tool for a Facebook stalker.

The point I am making is not specific to this one type of exploit, but rather that we should all be very careful about having a complacent attitude regarding our privacy and security. Certainly there is a lot of our personal information “out there in the cloud,” and being used by a large variety of companies with which we have dealings. But there is a significant area of “privacy responsibility” that resides directly with each individual. In that context, it is a really good idea for all of us, including twenty-something young adults, to also pay close attention to our public persona.

Ask anyone who has been denied a job because of party pictures shared publicly; that is not identity theft, per se, but it certainly can have an impact. The point is that collecting a variety of information about an individual is a fairly powerful way to build an identity profile, and what you publicly post is certainly a great starting point.

This article was originally posted by PRIVATE WiFi, a personal VPN software that encrypts your data in public wireless hotspots. Using our easy software prevents identity thieves from hacking into your emails, online banking, social media accounts, and other personal information. To sign up for a FREE three-day trial, visit privatewifi.com.

We welcome you to post/reprint this article, as written, giving credit to the author and linking back to www.private-i.com.

The introduction of the smartphone into the technology platform revolutionized the use of the cellphone. Suddenly, activities and actions that required a stationary device, or a device connected to wireless internet became activities on-the-go. Now, the smartphone’s capabilities have surpassed those ever associated with a small mobile device. Cellphones went from being solely used for telephone calls, to nearly replacing the use of computers.

Nowadays, smartphones are used to place and receive phones calls, text messages, email, online banking known as mobile banking, document generation and sharing, social networking, bill paying, gaming, etc. Almost any activity can be supported by the small mobile device. These activities are made possible by the introduction of applications, known as apps. Just like programs have to be downloaded to a computer, apps have to be downloaded to a smartphone to carry out the desired commands.

When it comes to the smartphone, safety comes second to that of the computer. However, it doesn’t mean users cannot take security measures to ensure they are being protected. One of the greatest threats to users is applications. As a result of security holes, certain app developers create apps designed to steal user data, and gain access to information they would otherwise not have access to. For example, Malware is a common threat. In its essence, Malware is malicious software intended for malicious purposes. It has the ability to damage and disable computer systems. Since a smartphone is in many ways like a computer, it is a target.

When users download an app, and the app is malicious, it can download Trojans, viruses, worms, etc. to the device. These may install keylogger software, spyware, bonnets, and so on. The intent of the software is to follow user activities to obtain personal information. This information can then be used by criminals for financial gain – committing financial fraud, and in some cases identity theft.

The best rule of thumb is to verify the legitimacy of the applications being downloaded to a smartphone. As it is, apps require access to a significant amount of data, so ruling out applications can be a great step to take. In addition, reading the apps’ reviews can be helpful. Usually other users will define in their posts the problems they have had with the application. Users need to be weary of what they download, therefore, if the user doesn’t feel comfortable with the information the app is requesting access to, the best thing to do is to not download the app.

Truth of the matter is no one can protect a smartphone better than its user. It all boils down to the apps the user is downloading, and the activities or commands being carried. Although the responsibility of protecting a device is the users’, there are security software apps that scan for malware and spyware. These can be a helping hand.

Many professionals view air-travel days as an opportunity to get some extra work done, pay bills online, or distract themselves during their commute by surfing the internet. The convenience and ease of use of modern laptops and iPads have made it easy to stay connected in route. As a result, public Wi-Fi is now commonplace in most major airports and even becoming more common on the airplanes themselves. As with most technological conveniences these days, in addition to the obvious advantages, wifi in airports pose additional risk to consumers who may not be aware that they’re in potentially dangerous ‘hot zones’ for identity theft.

Public wifi is a beacon for those who would seek to harvest your personal information through your internet connection. Free wireless networks are usually not password protected, or have a password that’s publicly available. This means that every time you sign on to a public wifi connection, you’re essentially sharing a connection with any and all strangers in the area. In an airport especially, even more so than in a coffee shop or other place usually associated with public wifi, the number of strangers in your immediate vicinity is usually much higher. Any and all of those have the potential ability to access the same network connection you’re using. All it takes is one malicious user on your network to cause you a lot of trouble.

Anytime you access public connections to the internet, your computer is more exposed to the threats of malware or viruses which may be present on another’s laptop, not to mention the threat of a nefarious fellow traveler snooping through your shared files, shoulder surfing to watch you input your passwords, or otherwise monitoring your internet activity. Most people don’t realize that when sharing a network internet connection with someone, there is no additional firewall or security in place to protect the information stored on your computer. This quite naturally makes places like airports and other areas that offer free public wifi very attractive to would-be identity thieves.

If you can avoid using public wifi altogether, do so…if you just can’t resist checking the scores or the weather while waiting to board your flight or arrive at your intended destination, try to avoid doing potentially dangerous activities like online banking, filing tax returns, or checking any email accounts that might have valuable information stored in it; as this information could be harvested from your machine and used against you. If you know you will be traveling often and find yourself using public wifi normally you may want to look into getting a personal VPN. A personal Virtual Private Network will help protect you against the dangers of public wifi.

If using public wifi unprotected, be wary of any wireless network that shows up with a stronger signal than the network offered by the known provider (in other words, if you’re in the American Airlines terminal, you shouldn’t choose that random linksys server over the one labeled “Americanterminal1access” for example). Often potential hackers will generate their own network signal to have others “hook up” to them, exposing all their information. Other network users will see the stronger signal and connect to it unwittingly, without realizing that they’ve just voluntarily offered up anything that isn’t independently password protected for viewing by the thief.

When using your home wireless connection, ensure that it’s always password protected. Remember, you never know who else may be online.

Facebook – the social network giant has posed the opportunity for its users to vote on changes to their privacy policies. The focus wraps around how the network uses ‘user’ information through data collection practices and the use of that data for advertising. The giant is aiming at providing clear explanations to its users of how information is shared. In other words, users will have options to control how their information is shared. The voting was opened on June 1, 2012 and will close June 8, 2012.

 

Although some consider this to be a way to engage users, some say that users are not actually voting on policies, but rather voting for the old policy or the new policy. The old policy, per se, involves more complex language – harder for the user to decipher. On the other hand, the new policy is more transparent – easier and clearer for the user to understand. Co-Chair and Director, Jules Polonetsky of the organization Future of Privacy Forum feels “they’re going through with a vote because they promised a vote, but they’re really not going to end up with anything useful.”

According to The Inquisitr, users will find the following on the social network site:

‘Recently, Facebook provided revisions to its SRR and Data Use Policy to, among other things, improve the documents by adding examples and detailed explanations to help users better understand their policies and practices; comply with the law; incorporate feedback from the Irish Data Protection Commissioner’s Office, other regulators, and users; and reflect the addition of new products and services, like Timeline.’

So, if users want to vote, they have until Friday, June 8, 2012 to do so. However, keep in mind that in order for the results of the voting to even matter and taken into consideration, more than 30% of Facebook users have to vote. If that is not the case, the question then, is there anything useful in the process at all?

Last spring, it was revealed that iPhones and Android mobile phones send individual’s “user location data” back to their respective companies, Apple and Google. Initially the news was met by an angry uproar from citizens concerned that their right to privacy was being collectively violated. It didn’t slow down sales of either iPhones or Androids however, both of which posted significant gains last year. While Google is quick to point out that the information is stored anonymously, consumer concern has prompted Reps. Ed Markey (D-Mass) and Joe Barton (T-Texas) to call on the Federal Trade Commission to investigate whether Google’s privacy policies violate a previous settlement reached with the FTC last year.

This is in addition to the ongoing FTC antitrust probe into Google and Google+. Last June Google was answering questions about apparent manipulation of search results to accommodate its own products. The more recent probe includes Google +, and questions whether Google + has been given preferential treatment in Google’s vast network of online products and services. “The FTC is examining whether the company unfairly increases advertising rates for competitors and ranks search results to favor its own business, such as its networking site Google. According to the latest report, the FTC wants to find out “whether the company is using its control of the Android mobile operating system to harm competition.”

Google’s opponents have called for an investigation into Google’s search protocols for some time. Responding to reports of an imminent investigation, which originally surfaced in June of last year, FairSearch.org applauded the news. FairSearch.org represents companies such as Expedia, Travelocity, Kayak and Microsoft; all entities that have objected to Google’s actions.

“Google engages in anticompetitive behavior across many vertical categories of search that harms consumers,” the organization said in a statement. “The result of Google’s anticompetitive practices is to curb innovation and investment in new technologies by other companies.”

As of May 2011, Google had a 65.5 percent share of the U.S. search market, compared to 16 percent for Yahoo and 14 percent for Microsoft’s Bing. The European Commission began a similar antitrust investigation into Google’s search practices last year after numerous complaints from small businesses. That case is still pending. The gist of the FTC probe, prompted by the Senate, is that 1) since Google is a dominant gatekeeper to access competitive commercial opportunity online, and 2) if it deceptively represents that it is an equal opportunity search engine, 3) then favors the search results with Google products and services, then 4) Google is effectively using deceptive practices to steal the competitive opportunity of competitors and depriving Internet users’ of free choice to choose competing products and services.

While it is so far unclear what the long-term ramifications are for Google, the fact that this call to investigate has widespread bi-partisan support in Washington could lead to more trouble for the information conglomerate before all is said and done. Most recently Apple was subpoenaed regarding the Apple iOS use of Google products on their smartphones. Should Google be found to have violated the terms of their 2011 settlement, serious punitive action from the federal government may be in Google’s future.

“FTC and Google’s Ongoing Battle and its Implications:” was written by Matt Davis. Matt is a Victim Advisor at the Identity Theft Resource Center. We welcome you to post/reprint the above article, as written, giving credit to and linking back to ITRC Blog.

Just how is it that companies always seem to know just how to advertise to us? Ever get a chill up your spine when Target sends you a coupon for the exact type of jacket you’d been thinking of purchasing for the last week? If it feels like internet marketers know what products you’re likely to be interested in, it’s because they do. It is well known that internet activity can be tracked by marketers and used to more effectively reach the consumers who are likely to be interested in the product or service they offer. What is less widely understood is how different websites track your information, and how they use it. Simply changing your privacy settings in your browser can limit the information that you share across the entire spectrum of internet advertising. But what if you want to go deeper?

 

In order to truly understand how each site you interact with tracks your information, and just who they share it with, would require the consumer to read each individual privacy policy for every single website they frequent. By law the terms of use and related privacy policy must outline exactly what information they harvest from you, exactly how they use it, and with whom they are sharing it. There is no law however, against making your terms of service long, using lots of tiny print, or against writing it in legalese jargon that makes it very difficult for the average consumer to understand.

There is a company with a new product that seeks to address this particular issue. PrivacyChoice has developed a digital service that indexes and disseminates privacy policies from a multitude of various websites, and has developed a scale designed to rate these sites based on how they collect and use your personal data. Their idea is to provide a one-stop easy tool that will allow consumers, site publishers, and administrators to compare various privacy policies across a given field at a glance. The hope is that not only will this spur more careful web shopping and browsing by the consumer, but will also provide greater exposure to how companies act with your information, making it advantageous from a public relations perspective for companies to create stronger privacy policies, and to encourage more responsible handling of consumer data.

Specifically, PrivacyChoice measures whether a website shares personal user data with other sites, how long the site retains that data, and whether there is a confirmation process to confirm eventual deletion of that data. Users who visit privacyscore.com can search for Web sites they wish to have scored. Users also can download a plug-in app for their web browsers that, when activated, will show a privacy score at the top of each Web site they visit. There is also a downloadable plug-in that will function like an additional tool-bar in your browser that will show you the privacy score of various sites as you surf the web.

“What Is PrivacyScore and What Does It Do?” was written by Matt Davis. Matt is a Victim Advisor at the Identity Theft Resource Center. We welcome you to post/reprint the above article, as written, giving credit to and linking back to the ITRC Blog.

A company called OneID is developing some innovative and interesting solutions to identity and password security. Vinod Khosla, Founder of Khosla Ventures, one of the principle groups that invested heavily in bringing OneID to market, briefly outlined why his company was willing to infuse 7 figures of capital into this relatively unknown company in the information security space.

“We believe OneID will attract the most forward-thinking businesses to offer a more secure alternative to the way we sign in to sites and share personal information.”

Information security is an issue for every consumer today. In attempting to make their personal information as secure as it can be, consumers are routinely expected to handle a multitude of different usernames and passwords across various internet portals to manage each of their virtual profiles or identities. This obviously can be problematic, forcing the account user to choose between remembering literally dozens of different username/password combinations, or using the same username/password (or close derivatives) for multiple account credentials. Sadly, there is a great deal of potential damage which can occur if through cyber hacking or phishing, any one of these online identities is exposed. A hacker will understand that the email address and password for your Facebook account that they just harvested will likely be very similar to credentials used for your financial accounts.

When the hacker successfully opens a user account, it can often place the account owner in a “guilty until proven innocent” scenario, where they must actively prove they are not responsible for a certain online action or transaction credited to their identity. Businesses that rely on online transactions must invest more and more in password security, fraud mitigation processes, and consumer compensation issues. And, this problem is definitely not going away. As the prevalence of online commerce continues to grow, so too will the issues surrounding digital security.

The idea behind the OneID approach is to allow both consumers and online businesses to benefit from a highly secure digital identity system without sacrificing convenience. For consumers, the advantage will be that they will no longer need to remember multiple usernames and passwords; allowing for greater control of their personal, financial and credit card information. For online businesses, OneID hopes to provide a one-stop convenient, secure, and relatively thrifty solution to the digital authentication problem. It remains to be seen whether or not this will significantly reduce the costs and headaches associated with digital identity verification, but what is clear is this is an innovative, elegant new solution in the battle against digital fraud and identity theft. Now, which version of “GreenElephantTusks” did I use for my Yahoo password…..

“Introduction to the “OneID” System” was written by Matt Davis. Matt is a Victim Advisor at the Identity Theft Resource Center. We welcome you to post/reprint the above article, as written, giving credit to and linking back to ITRC Blog.

Facebook privacy seems to be an ever more common theme of discussion. While the positive uses for Facebook and social networking platforms like it are numerous, use is not without risk. Aside from malicious use of personal information stored on Facebook, controlling how you share your information is an imperative skill set for anyone who has a Facebook page and makes a living in the corporate world, where unflattering pictures or posts could result in a negative impact on one’s career. It’s important to note that photos and posts you’re tagged in can show up on your profile even if you didn’t post them yourself.

The best way to take control of what shows up on your Facebook is to understand how to control the privacy settings related to Facebook tags. Here is how you do it:

From your home page which displays your news feed. Click the drop down menu tab in the top right corner, designated by a down facing arrow directly to the right of the “home” button. From there click the “privacy settings” option. That will bring you to a page where you can customize what information you share and with whom. About half way down this page is a section that’s labeled “timeline and tagging” with an “edit settings” button directly to the right of it.
From this page you can control what things you can be tagged in and where it will appear. For those in the professional world, it is wise to select the option that requires all tags to be pre-approved by you the user, before it can show up on your profile page.

This way, no matter how inappropriate you behave on Friday night, you can rest assured the co-workers in your office won’t be snickering at them on Monday morning. You can approve the tags you like and reject the ones you don’t. Learning how to manage the flow of information displayed through Facebook is an essential practice for most users, and especially those with a professional reputation to protect. Spending 20-30 minutes perusing through this section is all it should take to be comfortable with the settings and it could save you a mountain of trouble later on.

“How to Stop People from Tagging You in Facebook Pictures” was written by Matt Davis. Matt is a Victim Advisor at the Identity Theft Resource Center. We welcome you to post/reprint the above article, as written, giving credit to and linking back to ITRC Blog.

Most of us at some point in our lives have had to struggle our way through the difficult task of sorting through old pictures, scrap books, and family albums of a deceased friend or relative. The idea being that family members and loved ones may cherish the memories associated with these deeply personal reminders of a person’s life and experiences.

As more and more of these types of photos, albums, and shared experiences are becoming digitalized in social media platforms like Facebook, a new legal dispute has arisen, and has become more and more common. It involves the loved ones of someone who passed wanting access/ownership rights to photos, posts, and digital information shared on (and therefore owned by) Facebook.

Under Facebook’s current policy, deaths can be reported in an online form. When the site learns of a death, it puts that person’s account in a memorialized state. Certain information is removed, and privacy is restricted to friends only. The profile and wall are left up so friends and loved ones can make posts in remembrance. Facebook will provide the estate of the deceased with a download of the account data “if prior consent is obtained from or decreed by the deceased or mandated by law.”If a close relative asks that a profile be removed, Facebook will honor that request, too.

The problem is, for those of us without the foresight to leave our consent for family members with access our “digital estate,” loved ones longing for access to the shared memories on Facebook may be at a loss. The current standard operating procedure upon notification of a death seems to be to change passwords and lock down the account, prohibiting even close relatives from gaining access. Currently several states are pushing legislation through that would grant users rights to their “digital estate,” which would allow family members to have a kind of shared ownership right of the material on their loved one’s Facebook page. Right now, the only option for concerned relatives may be to bring legal action to compel Facebook to grant them access.

While it is stated in the Facebook terms of use that any and all material posted becomes the property of Facebook, with the rise of the digital age it is about time that social media users had more control over use and ownership of the personal material they post. Hopefully digital estate laws will catch on and become commonplace in the US over the next several years.

“Facebook Profiles and the Deceased” was written by Matt Davis. Matt is a Victim Advisor at the Identity Theft Resource Center. We welcome you to post/reprint the above article, as written, giving credit to and linking back to ITRC Blog.

Traveling overseas offers a unique set of risks for American consumers. Travelers by necessity have to carry several pieces of sensitive information like a passport, bank cards, drivers license, and an assortment of additional documents that could put them at risk if lost or stolen.

So the next time you’re traveling abroad, be mindful of a few tips you can use to reduce your risk of becoming an identity theft victim while in another country.To protect your identity while you travel within your own country or abroad, it’s a good idea to take the following precautions:

oversea travelTravel light: and we don’t mean that you should leave behind the extra set of shoes and winter coat. Leave behind unnecessary credit cards, bank cards, social security card – anything you have in your wallet that you won’t need on your trip. The less information you bring, the less you put at risk.

Make copies of your passport, driver’s license, and any credit cards you plan to take with you: Leave one copy with a friend or family member you can call while on your trip and keep one copy with. If your stuff is stolen while traveling, you will have the information you need to lock down your credit and start the process of obtaining new documents.
Leave the checks at home: You won’t need them while traveling, and most places have significant restrictions on check-writing these days anyway. Besides, checking account fraud is one of the most difficult types of identity theft from which to recover. Use cash and credit cards while traveling and pay the bill when you get home.

If you have a hotel safe, use it: Many hotel employees have access to your room and there is tremendous risk of burglary while you’re out. If the safe in your room is not working, ask for a room with one that does.

All that being said, there are so many wonderful places to travel throughout this world of ours and these tips will help you do so more safely! So get out there and see how amazing travel can be…oh and don’t forget your sunscreen!

“Guarding your Personal Documents While Traveling Abroad” was written by Matt Davis. Matt is a Victim Advisor at the Identity Theft Resource Center. We welcome you to post/reprint the above article, as written, giving credit to and linking back to ITRC Blog.