Standing in long lines, waiting to get into your favorite singer’s concert could soon be a thing of the past.

Ticketmaster has announced a new wave of technology that is already testing at certain venues in limited markets. Now, instead of handing over your ticket or scanning your phone’s screen at a concert, sensors can capture a peek at your face and compare it to your stored facial parameters. Just smile and wave as you breeze through the turnstile, right?

However, the process, which takes less than a second, is far from foolproof. Developed in conjunction with Blink Identity—a company that has developed this technology for military applications in the Middle East—Ticketmaster’s use of this kind of tool has already got security experts scratching their heads. What happens to your stored facial data? Who else can use it? How is it being protected?

More importantly, if Ticketmaster can use a nanosecond glimpse of your face to identify you in a crowd, then who else can do it, and how will it be used?

There are some less obvious concerns than the futuristic “what if” of using this technology for mass surveillance. First, there’s very little in the way of legislation concerning this kind of recognition and tracking, at least in the U.S. Only three states—Illinois, Texas, and Washington—have laws to protect the public from the unauthorized use of their faces or other biometric markers like iris scans or fingerprints and there are no federal laws in place at this time.

Another key issue is understanding who may already have this data and who can access it as a third-party to that company. Facebook, for example, rolled out facial recognition quite some time ago based on photographs that users uploaded and tagged with names. Any company that is entitled to use Facebook’s stored data could potentially use facial images and accompanying usernames. Currently, a class-action lawsuit over this practice is still underway.

Self-incrimination is another chief concern among advocates for stricter control over facial recognition. If merely walking down a street means surveillance cameras can spot you and put you near the scene of a crime at the correct time of day, the burden of proving the case shifts from investigators proving that you’re guilty to you having to prove you’re not.

Finally, a new report by The Independent demonstrates that facial recognition as a crime-fighting tool was ineffective in 98 percent of the cases. These findings, culled from freedom of information requests, found that only two out of 104 alerts were able to identify facial recognition from public surveillance cameras in the U.K. correctly.

As new technologies are developing and implemented, it’s important that lawmakers work to keep up with the potential uses—and abuses—of the innovation. While legal precedents remain, it will be up to consumers to determine for themselves what level of biometric use will make them comfortable.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Following the recent Facebook/Cambridge Analytica incident, the social media giant is taking steps to help users have a better understanding of their terms of service, as well as, allowing users to personalize their settings.

The Facebook terms and data policy have been updated to explain how they collect, use and share data from your profile. And it’s requiring you to review before going further with your social session.

Users can now remove information they no longer wish to share. This includes religious views, political views and dating preference. Facebook will allow users to adjust privacy settings to pick who gets to see this information. However, if users decide to provide this information, Facebook will use it to personalize features and products tailored to your preferences.

As far as the ads that appear on your Facebook page, you can now control whether or not they use your data to personalize them. Facebook can collect when you make online purchases, download apps, like a partner’s page and when you make an in-store purchase from one of their partners. So if you purchase a phone online, you might see ads for phone cases and phone chargers. If you decide to disallow Facebook from collecting your data you will still receive ads; they will just be randomized.

Facebook is also allowing users to turn off facial recognition. This technology helps Facebook recognize when you appear in photos, videos and the camera. It also helps protect you from strangers using your photo, find photos you’re in that you’re not tagged in and tell people with visual impairments who is and is not in a photo. However, you can still tag yourself in photos and report fake profiles if you do decide to turn off the face recognition option.

Users can go to their settings at any time to make these changes. All of this information is on Facebook’s updated terms, data policy and cookies policy. It also states that Facebook will clarify how they are using data so users can make decisions on whether or not they want that data collected.

The most important privacy setting isn’t in your account, though, it’s in your own behavior. Never post anything—a photograph, a viewpoint, or even an offhand reply to someone else’s post—that you would not want shared with others.

For toll-free, no-cost assistance, contact the Identity Theft Resource Center at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

There is a hoax going around based on speculation in a now-deleted article, one that claims Facebook will owe all of its users $17,000 each. The article was suddenly removed, but that hasn’t stopped others from repeating its message that Facebook users are entitled to a payout.

The issue behind the hoax is the recently uncovered misuse of profile information for around 87 million Facebook users. Investigations are still underway into exactly what happened and how far the misuse went, but a third-party app paid Facebook for access to members’ profiles, then apparently sold that information to other sources.

When the article about the compensation was first written, it cited a UK privacy law and mentioned that Facebook could be responsible for paying its UK users that amount, if a court found reason to order it. As with any kind of rumor, the claim morphed a little every time it made the rounds until other sources began stating it as a fact.

Hoaxes like this one rarely harm people who read them, but users need to worry about scammers who are taking advantage of the buzz surrounding this event. Even if Facebook was somehow found to be at fault in this event, the type of information that was accessed by outsiders isn’t the “sensitive” data that might trigger credit monitoring, no-cost credit reports or other compensation.

For more information about whether or not your profile was accessed and what apps and websites can even see your information, visit Facebook’s Help Center and search for the name of the company that accessed millions of users’ accounts, Cambridge Analytica.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

It’s easy to understand why a lot of users enjoy meeting new people and new potential love interests through the Tinder platform.

Unfortunately, there have been some encryption issues in the past. The “full-sized” website seems to be relatively secure, according to a recent security analysis, but the mobile device app had problems with encryption. That’s especially troubling when you look at the volume of messages that are passed along via Tinder. The company has reported traffic levels of 1.6 billion messages sent between users each day and, without secure encryption, someone with the right skillset can intercept, gather, or even alter a user’s messages and images.

Now, a new security issue has been reported to the company. Rather than just being able to break into your messages with other users, a researcher was able to exploit a security hole in Tinder in combination with Facebook’s Account Kit tool, and actually take over a user account. Fortunately, the researcher was actively looking to see if there was a problem; he contacted Tinder and Facebook with the details of the flaw, enabling them to issue a security update.

Cybersecurity issues are a daily battle and can seem more like an ongoing war. The bad guys find new ways to steal data or manipulate it, and the good guys rush to reinforce the security and protect the people. Every time a new security measure is created, hackers find another way to break through the defenses and experts step in to correct it.

That leaves the users trapped in the middle, and unfortunately, there have been catastrophic identity theft events as a result. Rather than shunning all technology or apps in an effort to protect yourself, you can develop some good security habits instead:

1. Watch out for oversharing

Whether it’s too much personal information or even a picture that you wouldn’t want to fall into the wrong hands, think of your data as being thrown into a giant mixing bowl. The person who’s supposed to receive it is the only one who should be able to access it, and in a perfect cyber world that would be true. If you remember that someone else could reach into that bowl and grab it instead, you might be less likely to share something that could hurt you.

2. Lower-level security is fine for lower-level results

If you’re using your laptop in a coffee shop to search through online job boards for employment, you’re probably safe. But that same coffee shop’s Wi-Fi connection also makes it so those same job boards are no place to enter your Social Security number or other sensitive information. The same is true for sites like Tinder. Swiping right to meet a new person is fine, but sharing personal details and images is best left to more secure communication methods and not an app.

3. Always make sure your device software is up-to-date

Anytime you’re using a socially connected platform, it’s important to make sure your antivirus and anti-malware software is installed and up-to-date. Remember, if you don’t install the latest updates, you’re not protected against the latest threats.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

The world has enjoyed Comic-Con, DragonCon, WriterCon, and more…so now it’s time to take on PrivacyCon.

No, you won’t need to cosplay as your favorite piece of antivirus software or the latest ransomware attack mode in order to take advantage of the event (although that might be interesting), but rather you’ll want to focus on the latest innovations and expert findings surrounding our privacy.

According to the Federal Trade Commission, who is once again hosting this event, “The 2018 PrivacyCon will expand collaboration among leading privacy and security researchers, academics, industry representatives, consumer advocates, and the government…The 2018 event will focus on the economics of privacy including how to quantify the harms that result from companies’ failure to secure consumer information, and how to balance the costs and benefits of privacy-protective technologies and practices.”

In order to understand the changing landscape of privacy in the connected, digital era, the FTC will examine a few key topics as part of PrivacyCon, including the greatest threats to our privacy and the costs associated with reducing (or even eliminating) those threats. From a business and industry standpoint, experts will weigh in on the costs and benefits of moving to personalized, tailor-made security solutions rather than the more common “off the shelf” and a one-size-fits-all approach.

Interestingly, the FTC will also be exploring the relationship between businesses and consumers’ own privacy preferences. Individuals have been cautioned for a quite some time to ask the hard questions about how their information will be securely stored and who will have access to it; companies have been urged to reevaluate what data they gather and store, and why. This relationship between industries and the level of consumer comfort will finally be addressed.

Finally, PrivacyCon will focus on what steps lawmakers can take to mitigate the threat of data privacy fails, keeping in mind that every industry has unique needs for data and very specific threats that target it.

PrivacyCon is a free, open event that the public is invited to attend. Those who cannot travel to Washington, DC for the event are invited to join in via webcast of the live proceedings. In order to join in, visit the PrivacyCon page on the day of the event; the link will appear at the top of the screen ten minutes before it launches.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Public Wi-Fi Hijacked at Coffee Shop

Tech users have been warned for years about the possible hazards involved in connecting over public Wi-Fi.

While retailers, restaurants, hotels, airports, and other businesses offer this service as a convenience—and let’s face it, as an incentive—to customers, it’s also a potential trap. Hackers can also be on the same connection without your knowledge, and with the right tools and know how they can monitor your activity and steal your data.

Typically, consumers have been warned to avoid conducting sensitive business over shared public connections, waiting until they get home or back to work to log into email or online banking. But a new report of hijacking over public Wi-Fi targets your computer in a brand-new way, no matter what you’re using it for.

report has surfaced about a Starbucks Wi-Fi connection in Bueno Aires that was being used to mine the cryptocurrency Monero by hijacking its customers’ phones and mobile devices. A tech-savvy customer noticed a significant delay in his internet speed, and when he ran a scan to uncover the problem, he found code that had been injected into his computer. He brought it to the attention of the coffee chain’s corporate office, who investigated further.

In this case, Starbucks and its employees weren’t the culprits. Instead, the activity was being conducted by the local internet service provider (ISP) who supplied the Wi-Fi connection to the coffee shop.

Mining cryptocurrency is not illegal, depending on how you go about it, but it does require intense levels of processing. That’s why someone at the ISP was hijacking multiple customers’ computers to do it for them.

For what it’s worth, the customers’ computers were not believed to have been harmed and their accounts weren’t touched, but that does not make this right or acceptable. Taking over someone’s computer without their permission is a violation of their privacy. It is still unknown how many customers were affected or how long this scheme had been going on. It’s also not certain how the malware that infected their computers in the first place can potentially lead to other issues down the road.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might think that growing up as the child of a Silicon Valley CEO would be paradise. After all, they have more money than some countries’ gross national products, access to some of the most influential and famous people in the world, and oh yeah, all those shiny cool gadgets.

As it turns out, when your dad invents the tablet computer or owns the operating system to most of the computers on the entire planet, that doesn’t mean you’re getting your hands on a hot new gadget anytime soon.

A new report has found that Gates and other big names in Silicon Valley have very strict rules for their kids concerning things like owning a cellphone, using a social media account, and having unlimited access to the internet. HINT: they don’t get to have those things.

Instead, Bill and Melinda Gates’ rule was that their kids couldn’t have a cellphone until age fourteen; they also set strict limits on the hours per day of allowed screen time, including no devices at dinner or within a set amount of time before bed. According to another report, Steve Jobs’ kids weren’t even allowed to have an iPad when it came out.

Others have already asked the question, “If that’s the case, what do these technology top dogs know that the rest of us don’t?” The answer is quite simple: NOTHING.

As parents, these executives understand that unfettered access to anything—whether it’s social media, screen time, or gummy bears—isn’t in a child’s best interests. More importantly, they’re setting the example that it is ultimately the parents’ job to stay on top of their kids’ digital lives and connected activity, while still affording them the use of innovative and helpful technology.

Third-party companies have brought additional safety and monitoring features to devices like smartphones, tablets, and laptop computers, but those can come with their pitfalls. If parents are convinced that these safety nets are going to catch every threat, then they’re not only mistaken, they’re setting their kids up for potential hazards.

Instead, it’s better to adopt some family rules concerning the use of technology:

1. Screen time limits

It’s not just the studies on how screens affect developing brains. Setting limits on mobile devices or technology also teach kids moderation, something that can result in healthy habits in other areas of their lives.

2. Explain the threat

Ongoing discussions with your kids at different stages of their development are important for keeping them safe, not just in their digital lives but in their everyday lives, too. You wouldn’t try to explain all the ramifications of drug addiction or drunk driving to your toddler, and you wouldn’t try to explain identity theft, online predators, or cyberbullying to them, either. Keep your safety talks relevant and age-appropriate, and keep the doors of communication open.

3. Stay up-to-date yourself

You can’t very well help your kids navigate their connected lives if you don’t know the latest innovations yourself. This includes learning about the coolest new apps, the latest social media site “everyone” at school is using, and more. From there, it’s important to talk about how these innovations work, what possible threats they pose, and establishing family rules for using them…or not.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

With the record-setting numbers of data breaches and compromised consumer records, you might think becoming a victim is inevitable. If you can’t control whether or not someone breaks into a major network or leaves a vast database of customer data unsecured online, then you can’t control things like identity theft, either…right?

Not exactly. Obviously, preventing large-scale data breaches is out of the consumers’ hands, and there are treasure troves of stolen credentials available to criminals on the dark web. But that kind of activity isn’t the only way that individuals’ information is leaked online. Sometimes, our everyday tech behaviors can put our personal identifiable information and financial information at risk of theft.

Data Privacy Day (DPD), officially hosted the National Cybersecurity Alliance is an international effort held annually on Jan. 28 to create awareness about the importance of respecting privacy, safeguarding data and enabling trust.

There is perhaps no better way to kick off your new year than by taking part in the various events surrounding this important day. You can get involved by sharing content with a local group at a community center, get a better understanding of the issues, or simply setting aside some time in your day to take stock of your own cybersecurity strengths and weaknesses.

Of course, you don’t have to wait to begin working towards better data protection. You can start right now with things like:

Some things might be out of your hands, but that doesn’t mean throw in the towel. Your information very well could be “out there,” but getting a good sense of your data privacy and protecting it to the best of your ability can reduce your risk of additional cybercrimes.

For more information, check out the full Data Privacy Day resource guide by the NCSA.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

For many people, the holidays are a time for thinking of others. But now more than ever, it’s important to give yourself an extra special gift this year, the gift of identity protection. Just like any other kind of gift giving, there are a wide variety of options to meet every budget.

Free – What’s better than the perfect gift? A free perfect gift! Luckily, there are lots of things you can do for your privacy that won’t cost you a dime, but that can do wonders for protecting your data:

  • Install a VPN – A virtual private network is a “tunnel” onto the internet that lets you surf the web away from prying eyes. Many quality VPNs offer a “freemium” account, meaning the lowest amount of data is free but there are monthly subscriptions if you need more. If the free level fits your budget best, you can turn your VPN on and off when you need it most, such as for logging into your bank account or paying your credit card bill online.
  • Check your credit reports –  You can request one free credit report per year from each of the three major credit reporting agencies. If you stagger your requests—one in January, one in May, and one in September, for example—you’ll get an ongoing peek at your credit report throughout the year. Click here for the list of agencies, their addresses, and their requirements for requesting your report.
  • Text alerts – Finding out that someone is using your identity is upsetting enough, but finding out months or even years after the fact can be devastating. You can work to prevent that kind of discovery by signing up for alerts, when available, with different companies like your credit card company and your financial institution each time your accounts are used.

Low to Medium Cost – There are a few items that come with a modest price tag, but can be good investments towards your identity protection:

  • A personal shredder – Your personal documents are a sought-after source of information for identity thieves. A home model cross-cut shredder can help you dispose of identifying information before anyone can gain access to Shredding papers like health insurance statements, bill stubs, credit card offers, and anything else that can be traced back to you is a good idea.
  • Document destruction service – If you have the volume for it, signing up for a document destruction service may be right for you. It’s especially important if you own a business that is responsible for other people’s sensitive information. Some services will notify you when they’ll be in your area with their mobile shredding vehicle, while others will actually place a locked bin at your home or office to secure the documents until they retrieve it.
  • Software – The VPN mentioned above can also be had for a nominal cost, and it’s a good idea if you spend a lot of time online using sensitive information. Of course, strong antivirus and antimalware software are very important, no matter what level of tech user you are; prices for this software run a fairly broad spectrum, so read up on which one would be right for your needs before you buy.

Higher Cost – For some people, a higher price on personal protection is worth it. It may be true for anyone who has already had information compromised, or who has the type of job or income that makes them a particularly lucrative target for hackers and identity thieves:

  • Credit monitoring – There are services that offer different levels of protection at different price points, and they will actively monitor your credit report for anything out of the ordinary. You can be alerted immediately if anyone opens a new line of credit using your Social Security number, for example.
  • Data breach insurance – Again, if you own a business that handles other people’s sensitive information, you might be interested in paying for data breach insurance. This covers you in the event your network or computers are hacked and your customers’ information compromised. Depending on the coverage you choose, it may pay for your customers’ credit monitoring in the event their information is stolen through your company.

No one can prevent every kind of cybercrime or identity theft, but the small changes you make now can help you be less of a target. Connect with the ITRC through our toll-free call center at (888) 400-5530, or on-the-go with the new IDTheftHelp app for iOS and Android.

If you’ve been using technology for any amount of time, hopefully, you understand the need for sound password security. By using a secure, unique password on all of your accounts, you can help minimize the risk of account takeover and identity theft. However, a strong password isn’t foolproof.

study by Google and UC Berkley found that hackers manage to steal nearly 250,000 usernames and passwords every week, simply by asking for them in phishing emails…and that’s only one method of a cyberattack. That doesn’t even take into consideration the theft of this data by methods like keylogging, viruses that sift through your computer for information, and data breaches.

One newly deployed security measure that’s gaining ground with businesses and experts alike is the verbal passphrase. This is a spoken word combination or statement that the account holder must say before the representative can share any details or take any action on the account. By requiring this phrase, you’re able to verify your account ownership without having to speak sensitive information like your birthdate or your Social Security number.

A verbal passphrase also solves another common identity theft problem: rampant requests for verification from outsiders. Too many phishing attempts contain the same all-too-believable story, namely that there’s a problem with your account and they need to you to verify your username and password. What intelligent consumer wouldn’t be concerned enough to fall for it? Even though sources have warned consumers repeatedly not to fall for the old “account verification” ploy, it obviously happens hundreds of thousands of times a week.

With a verbal passphrase, even the customer service rep might not have access to your more sensitive information. Why should they? They wouldn’t need it if you were able to clue them into your identity with something as simple as, “It rains a lot on my birthday,” for example.

This method of securing your account works to fight some problems, and it’s another tool in your privacy toolbox aimed at keeping prying eyes out of your information while allowing you easy access. Adding this step, alongside things like password security, two-factor authentication, and good habits involving emails or texts can help reduce your risk of losing control over your accounts.

If you found this information useful, please consider donating to the Identity Theft Resource Center to help us keep our services free to the public.