Security and privacy experts have cautioned people for quite some time about being too “braggy” on social media, indicating that certain posts can come back to haunt you.

It doesn’t take a lot of imagination to envision someone breaking into your home when you post vacation photos while you’re at the beach, and that very behavior has been warned about for a long time. It’s even become a pop culture joke, with social media users saying things like, “Sure I’m in Paris, but my brother is house sitting… don’t bother coming over!” But the new trend of people actually posting photos of their boarding passes, passports, and other key travel documents is actually far more dangerous than possibly inviting a thief to your address.

Boarding passes contain a short security code, which basically serves as a temporary password on your ticket. Airlines issue these to compartmentalize your information. When the barcode or QR code on your ticket (or on your smartphone’s screen) is scanned, some pieces of your personal data may pop up there as well like a frequent flyer number, passport number or date of birth.

It takes no effort for someone with the right know-how to read the information from your posted picture, log into your account, and wreak havoc. Some possibilities include taking ownership of your ticket, printing themselves a new boarding pass, changing your passport number in the account to reflect someone else’s identity, accessing your frequent flier miles, and even purchasing new tickets for themselves on your dime.

Yet, this behavior is inexplicably common. According to one source, there were 92,000 search results on photo-sharing social media site Instagram that contained the hashtag “#boardingpass.” These include everything from a photo of a smiling person clutching the small piece of paper to photos that are actually fully zoomed in so the complete information is available.

All the experts can safely tell you is that this behavior is awfully close to throwing your identity out there for the internet to use. Take the safer route and wait to post a picture until you have something neat to share from your trip.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

There’s a popular app—currently, the third most popular free app for iPhone and iPad, with more than 62 million users worldwide—that is not only a parents’ nightmare for their kids’ health and well-being, but is also a privacy pitfall.

Called Sarahah and developed by Zain al-Abidin Tawfiq, the app is supposed to let the user’s connections leave anonymous compliments to brighten their day, along with “constructive criticism.”

Perhaps there was some honorable intent behind it. After all, how do you tell your co-worker that he has a problem with bad breath, or tell your best friend that her fiancé is having an affair? Unfortunately, that’s not the kind of “helpful” criticism users have reported receiving. Instead, there have been character attacks, hateful rhetoric about users’ lifestyles, racist hate speech, and even instructions to “just kill yourself already.”

What makes the messages even worse is the functionality of the app: these statements supposedly come from someone you know, which is far more damaging than hate from an anonymous stranger on the internet.

Now, researchers have discovered yet another problem with Sarahah. As in any instance in which someone makes an app available for free, there’s got to be a monetization trap-door. If the app isn’t making money through things like in-app purchases or advertising, then there’s a very good chance the terms and conditions of the app allow for data gathering and sale to third parties.

According to Zachary Julian, senior security analyst at Bishop Fox, Sarahah nabs your entire address book from your contacts and email account, then uploads it to its own servers. The company issued a statement shortly after the discovery, stating that it was designed to help your contacts find you on the app and that this functionality will be removed in later versions of the app. However, that information is a goldmine to advertisers, spammers, and hackers. The ability to grab 18 million people’s contacts lists can easily mean exponentially larger pools of potential spam recipients and scam victims.

It’s always important to understand the flaws in the latest software craze before you unleash it on your device and to investigate these apps and platforms thoroughly before installing them. Your data, your identity, and even your physical safety can be at risk.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

A case that will be decided before the US Supreme Court has brought some unlikely supporters together. Fourteen major tech giants have all voiced their support for increased consumer privacy protections, including a well-known telecom provider.

Verizon has long been known for cooperating with law enforcement and government agencies when it comes to customers’ data, but much of that stems from a ‘70s-era ruling concerning the communications providers. When that ruling was created, the most a search of a specific landline telephone account could provide was call length, location, and who placed the call. It didn’t indicate the content of the call or the actual identity of the person who engaged in the phone call.

Now, however, everything has changed. Today’s cellular phones can provide the full content of text messages and emails, GPS coordinates to the various locations where the phone had been used, voice recordings of calls and messages, geotagged photographs, biometric markers like fingerprints and facial recognition, and address books filled with hundreds of contacts. And that’s why Verizon feels that there needs to be a fresh look at the laws protecting individuals’ privacy.

The case before the Supreme Court, Carpenter v United States, actually focuses on the specific location information that a cell phone provides. Law enforcement officials are able to follow the phone as it “pings” different cellular towers, as well as triangulate the phone’s position based on multiple towers. That means the police can place the suspect at the scene of a crime at an exact moment in time; attorneys argue that this violates the individual’s Fourth Amendment rights unless the officers have a search warrant.

There are always different sides to any legal story, and in order to reach the country’s highest court, the issue must also address a never-before-heard series of arguments. That’s precisely the stand that Verizon, Facebook, Apple, Microsoft, and other companies who’ve filed the brief are stating: the times are changing, the technology is evolving, but we’re still relying on laws and rulings that were made in a time when the industry couldn’t have even envisioned the smartphone. This case serves as an important reminder that our legal protections and our privacy rights need to keep up with the latest technology, perhaps more now than ever before.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

In the digitally connected world we live in, we sometimes discover that increasing our convenience means sacrificing some of our privacy.

Unfortunately, there appears to be a growing consumer mindset that giving up your personal information, your daily activity, and your physical location are just the price you have to pay to use that latest in time-saving technology.

One company that has come under fire over the years for a lax approach to customer privacy is Uber. The ride sharing company’s model is truly a game changer in the world of freelance-driven customer service, but their entire function hinges on knowing where you are by tracking your cell phone. It’s literally how a driver knows where to and when to pick you up. The ease with which you can find a ride depends on the driver who is closest to your location being able to take the fare.

As a result, Uber has faced a laundry list of privacy complaints, some of them intentional and some purely accidental. For its part, the company’s stance tends to be that they cannot increase productivity and reduce customers’ wait times without access to this level of private information.

The trade-off for the customer is that software developers and engineers cannot make improvements to their products without analyzing data about how well the system works. In Uber’s case, though, everyone from the driver to the IT department to the marketing department had access to your location, your cell phone’s unique identifying serial number, and more. In light of efforts to improve their public image and increase customer trust, they’ve now unveiled an open-source software tool that can still allow them to improve their business model without exposing your information to an endless line of employees.

Uber’s new FLEX system relies on what they’re calling “elastic sensitivity.” It means giving users only the information they need to do their job without letting them see data they don’t need. By making this tool available in the open-source format, Uber is encouraging other companies to use the tool, tweak it to suit their business needs, and even improve it for everyone involved.

This renewed focus on privacy couldn’t come at a better time for both Uber and the public. Data breaches continue to set records each year for the numbers of events that have taken place, especially in the Business sector. While many people think of highly-skilled hackers in these breaches, in far too many cases it occurred accidentally as a result of an employee unintentionally exposing the victims’ data or by an “insider” who has access to the information. More efforts such as this one could lead to a dramatic improvement in preventing both of those kinds of needless data breaches.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Privacy continues to be a hot topic right now, and fortunately, there are some pretty strict laws in effect to help ensure that you have a measure of control over your information. While these laws can and do get broken all the time, they still serve as a safety net that provides for legal prosecution following wrongdoing.

When a new technology or capability crops up, privacy advocates immediately start to wonder how this will affect people and their data, and a recent report about tech giant Apple has experts pondering the pros and cons. The innovators behind the iPhone, iPad, and a host of other advancements are looking into a way for consumers to store their complete medical histories in their iPhones.

This isn’t to be confused with the information in your device’s pre-installed Health app. That app will store optional information like your height and weight, your blood type, and your emergency contact, along with serving as a small fitness tracker to give you a sense of how much effort you’re putting forth. Instead, Apple is talking about records like your last blood test, that MRI of your knee that you had three years ago (complete with the actual images), and so much more.

If you’re the least bit privacy-minded, you should check your fitness tracker now because your heart rate probably just shot up a little. In this era of record setting data breaches, hacking events, and ransomware attacks, the last thing you might want is a handheld device storing your most personal physical data.

But at the same time, if you use your smartphone the way most consumers do, it can already provide a thief with access to your bank account, your address, your account logins, pictures of your children, and more. If you’re able to safeguard your phone to the point that you can keep a criminal out of your bank account (typically with things like a strong password and two-step authentication), you can keep him out of your medical records, too.

Why would Apple even want to consider putting consumers at this much risk—while also taking on the potential liability for having a billion customers’ medical data compromised? Currently, the process of exchanging medical information among different doctors’ offices and hospitals is not streamlined. It involves privacy waivers and records requests, and then there’s the issue of tech compatibility; not all facilities use the same systems, so sometimes they share your files and those records can’t be opened by the person requesting it. Apple’s plans would make the process of sharing vital data more straightforward and completely compatible.

As with all new innovation, there are security concerns that have to be thought out and addressed. Some innovation might seem invasive or even scary, but many of those concerns can be overcome with thorough understanding of the technology involved and strong safeguards.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

For a few years, medical researchers have been working on technology to make our medical care safer, more comprehensible, and more accessible. Things like the internet of things-connected devices have included pacemakers that send data readouts to your cardiologist over wifi and glucose meters that tell your insulin pump how much of a dose you need. These connected medical innovations have helped patients around the world. Unfortunately, they’ve already gained the attention of cyber criminals, too.

In the handheld device realm, there have been a wide variety of apps for tracking everything from your weight to your blood sugar readings to your ovulation calendar. With those apps, the user gets their personal information from a separate external source and then logs it into the app to get an overview of their health. Now, however, medical developers have moved towards a more streamlined approach; several companies have created devices that literally interact with the smartphone itself, such as a blood glucose meter that actually plugs into the device’s headphone jack and processes the blood sample on a strip at the end. The phone’s screen then displays the results and stores the information in the associated app.

Now, the medical community has harnessed the power of connected communication with a new approach to affordable and ease of access medical care. Downloadable apps have allowed mobile device users to “visit” their doctors for common ailments and triage services through video chats.

Different app companies employ doctors and nurse practitioners who take appointments or virtual walk-ins for everything from stomach bugs to earaches to the common cold. These apps let individuals see to their own care rather than taking off work, waiting in a doctor’s office for hours, and ultimately finding out that they have a common ailment. They also allow doctors to see their patients and discuss the symptoms, as well as prescribe medications and order lab work from a local facility while deciding if more in-depth, in-person care is warranted.

But where does the hacker come in? IoT medical devices have already been found to be vulnerable to hacking, and aftermarket medical add-ons can suffer the same security flaws. At the same time, doctor visit video apps are a genuine medical visit, meaning that HIPAA regulations apply, medical records are established and stored, insurance claims are filed, and payments are made. Any of those characteristics can open the door to identity theft if they’re not handled carefully especially in the cases of medical data breaches…

TIP: Updating your mobile privacy settings and not connecting your apps to unsecure public Wi-Fi networks is a great place to start when it comes to protecting your sensitive information.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Security conferences are an invaluable source of insight into the ways that cybercriminals operate, but they also highlight the “what ifs” of tech-based threats.

These potential methods of criminal activity might not have been used in a reported cyber crime yet, but there’s an excellent chance that if the researchers have discovered them and are demonstrating them for the industry, then criminals already know about them, too.

At one recent conference, researchers demonstrated a surprising new twist on a technology that many of us use every day. Bluetooth capabilities allow our devices to connect with each other wirelessly, like talking on our phones in hands-free mode while we drive or printing a document without plugging in a cable. This same capability, though, can be used to track our movements without our knowledge.

Because Bluetooth devices have a unique identification number, it only takes a few simple pieces of readily available, inexpensive hardware to create a device that scans the vicinity for Bluetooth signatures. While it would require the user to physically be in the area to get your signal, researchers found that it would take very little effort to set up multiple scanning devices within a geographic area and use it to follow your trail.

There’s another consideration to keep in mind, and that’s the Bluetooth identifiers in our vehicles.

Things like the tire sensor that alerts you to low air pressure are working via Bluetooth, and as such, a hacker could potentially track your vehicle in real time, down to the hour and the minute you left home and the route you traveled.

While that isn’t a pleasant thought, there are admittedly some harmless reasons why someone would want to track you via Bluetooth, like when you receive a notification message that says you’re near a Starbucks. However, it’s also important to note that there aren’t a lot of reasons why someone would want to do something malicious with this capability. We could become somewhat paranoid and envision various scenarios, but they aren’t entirely realistic.

So what’s the takeaway for the public?

It’s important to know that the technology works like this and that someone could come up with a way to use your own device to harm you. It’s always important to understand what privacy considerations we’re giving up when we adopt new technology. Fortunately, just like avoiding public wifi connections over concerns about hacking, if you are concerned that someone is tracking you in this way, simply turn off the Bluetooth on your device when you’re not using it.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

The internet went a little crazy with security buzz the day rumors circulated that Facebook founder and CEO Mark Zuckerberg covers the camera and mic jack on his laptop with a little sticker.

What’s the big deal about that? It spoke to the conspiracy theory-style belief that our technology could be spying on us at any time. While it might seem like just another urban legend about computers and technology, there might be more fact than fiction to the rumors about your webcam or microphone.

As it turns out, your installed camera or webcam and the accompanying microphone used to be powered by add-on software, like a Flash player or a driver. That meant you had to have compatible and updated software running behind the scenes to be able to use these tools. When laptops started coming with an installed camera and tiny mic, it only made sense that the software the runs it was also pre-installed, too.

And that’s where hackers come in.

With the camera installed—and let’s face it, it’s always on at the click of a button—and the software already in place to make it work on any site you want, it wasn’t a huge leap for outsiders to find a way to activate your camera and microphone remotely, namely through remote access Trojans. That’s a horrifying thought if your child’s laptop is on the desk in her room when she changes clothes, but it’s an even more terrifying thought if you’re the CEO of a billion-dollar company and there are meetings taking place in your office…in full view of your camera and audio range of your mic.

In order to avoid the threat, you have some options.

1. The first is to cover your laptop’s camera with a sticky note.

2. You can also disable the camera and the microphone in your computer’s settings, but depending on which operating system and model computer you have.

Tips for Android and iPhone here.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

New changes are coming to one of the internet’s favorite social media sites, Twitter. The 140-character shout out platform has recently announced the proposed changes to its users’ privacy settings, targeted advertising preferences, and data sharing.

Data gathering and privacy are hotly contested topics, especially in today’s connected world. An in-depth look at the terms and conditions for many websites might surprise you, especially when it comes to the permissions you granted over your personal information. By creating an account and clicking the “I Agree” box, you might be giving a third-party a peek into your computer use, your browsing history, your identifying information, and more.

Fortunately, the same climate that has made us cautious about sharing our information has also made companies realize that they have to safeguard our data if they want to keep us as customers. By announcing these policy changes and providing opt-out choices for many of the changes, Twitter is acknowledging that its users value a measure of privacy.

Here are some things you should know about where your information can end up, and what you can do about it:

1. Longer Storage

If you visit websites that have something called “embedded tweets,” your visits to those sites were logged by Twitter’s computers. It’s not as invasive as it sounds; instead of thinking of it as a sign-in desk at a security checkpoint in the airport, think of it more like someone looking up from that desk and saying, “Oh look, John was here.”

So why does Twitter bother? It helps them say to advertisers, “John visited [insert name] website, so he must like [whatever that website has to do with]. That makes him a potential customer, so you can send a tweet that shows up in John’s feed.”

That still might sound like you’re being followed, but remember, these targeted ads from online retailers are what make websites like Twitter free. Someone has to pay the people who operate the site, and advertising means those companies pay for it instead of the users.

Twitter will begin storing your visits to those sites for 30 days instead of 10 days, in order to be able to paint a better picture of your interests for advertisers.

2. The Big, Bad Data Sharing

This one is a little more involved and has some privacy experts proceeding with caution. Twitter is not only able to see that you visited a certain website, they can also link your browsing back to your account by authenticating the device you used to log in. Their new changes will allow them to sell what they know to third-parties, including any information they happen to know about you from your device, like your email address.

Fortunately, you have to give your consent for them to share it with those partners; Twitter assumes you gave your consent when you signed into your account, so if you don’t want a certain company to get your information, you have to go into your data settings and revoke that permission. It’s simple, just a matter of toggling the yes/no switch on your screen.

3. You Can Change Your Settings

If you don’t like the idea of Twitter following you around the internet and telling other people what you’re up to, there are some settings changes you can make.

Simply log into your account, then go to Settings and Privacy > Privacy and safety > Personalization and data. In there, you’ll find the options you need to control more of your information. You’ll also see the option to find out what categories of ads you can be sent, and make necessary changes.

Remember, using social media is a choice, and if the thought of others knowing your online behaviors doesn’t sit well with you, then you’ll have some homework to do to make sure your data isn’t gathered and shared. You can start by deactivating accounts whose practices you don’t agree with, or only visit sites that don’t share information with data collectors.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

It’s been called the biggest lie on the internet: “I have read and agree to the terms and conditions.”

For most of us, blindly checking that box and clicking “accept” are just a part of everyday life. After all, what’s the alternative to agreeing without knowing those terms? It’s either spend hours reading a novel-length legalese description of how the app functions, or not using the app by clicking “cancel.”

Now, researchers at Carnegie Melon University have created an Android-based app that will set up a profile for you based on your answers to some easy-to-understand privacy questions. Your answers will demonstrate your feelings about your security and privacy.

Do you care if advertisers send you targeted information, for example? Some users find it creepy to search for a new lawn mower online and then suddenly have their sidebars and email inbox filled with ads for lawn mowers. On the other hand, some users not only feel like it’s the price we pay for an affordable internet but also understand that if you really were searching for a new lawn mower, you’d probably like seeing ads for sales and discounts in your area.

There’s a strange catch-22 to using the app, though. It only works on Android, and on devices whose owner has allowed non-vetted, third-party apps to install. That characteristic is considered notoriously unsafe smartphone behavior as it allows you to accidentally download virus-ridden apps as well. However, the app does have a very handy feature that might make up for it, and that’s notifications that alert you to the fact that you’re about to share more information than your privacy profile’s comfort level allows.

Fortunately, there are a handful of things you can do if you’re not an Android user or you’re not ready to let an app gather up your privacy preferences.

1. Go to your settings and check your permissions. For each and every app you download, you can decide what access you give it, such as being able to use your camera and microphone, using information from your contacts list, and more.

2. You can generate a “clean” email address that you don’t use for anything but the device, meaning your personal email inbox won’t receive ads or spam that are generated due to your browsing history with the device.

3. Finally, you can turn off location settings on your phone, or at least deny apps individually the ability to figure out where you are. That will also help keep your apps from using and transmitting your location, but remember that some apps (like your GPS) will need it in order to function.


If you think you may be a victim of identity theft, contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530.