For a few years, medical researchers have been working on technology to make our medical care safer, more comprehensible, and more accessible. Things like the internet of things-connected devices have included pacemakers that send data readouts to your cardiologist over wifi and glucose meters that tell your insulin pump how much of a dose you need. These connected medical innovations have helped patients around the world. Unfortunately, they’ve already gained the attention of cyber criminals, too.

In the handheld device realm, there have been a wide variety of apps for tracking everything from your weight to your blood sugar readings to your ovulation calendar. With those apps, the user gets their personal information from a separate external source and then logs it into the app to get an overview of their health. Now, however, medical developers have moved towards a more streamlined approach; several companies have created devices that literally interact with the smartphone itself, such as a blood glucose meter that actually plugs into the device’s headphone jack and processes the blood sample on a strip at the end. The phone’s screen then displays the results and stores the information in the associated app.

Now, the medical community has harnessed the power of connected communication with a new approach to affordable and ease of access medical care. Downloadable apps have allowed mobile device users to “visit” their doctors for common ailments and triage services through video chats.

Different app companies employ doctors and nurse practitioners who take appointments or virtual walk-ins for everything from stomach bugs to earaches to the common cold. These apps let individuals see to their own care rather than taking off work, waiting in a doctor’s office for hours, and ultimately finding out that they have a common ailment. They also allow doctors to see their patients and discuss the symptoms, as well as prescribe medications and order lab work from a local facility while deciding if more in-depth, in-person care is warranted.

But where does the hacker come in? IoT medical devices have already been found to be vulnerable to hacking, and aftermarket medical add-ons can suffer the same security flaws. At the same time, doctor visit video apps are a genuine medical visit, meaning that HIPAA regulations apply, medical records are established and stored, insurance claims are filed, and payments are made. Any of those characteristics can open the door to identity theft if they’re not handled carefully especially in the cases of medical data breaches…

TIP: Updating your mobile privacy settings and not connecting your apps to unsecure public Wi-Fi networks is a great place to start when it comes to protecting your sensitive information.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Security conferences are an invaluable source of insight into the ways that cybercriminals operate, but they also highlight the “what ifs” of tech-based threats.

These potential methods of criminal activity might not have been used in a reported cyber crime yet, but there’s an excellent chance that if the researchers have discovered them and are demonstrating them for the industry, then criminals already know about them, too.

At one recent conference, researchers demonstrated a surprising new twist on a technology that many of us use every day. Bluetooth capabilities allow our devices to connect with each other wirelessly, like talking on our phones in hands-free mode while we drive or printing a document without plugging in a cable. This same capability, though, can be used to track our movements without our knowledge.

Because Bluetooth devices have a unique identification number, it only takes a few simple pieces of readily available, inexpensive hardware to create a device that scans the vicinity for Bluetooth signatures. While it would require the user to physically be in the area to get your signal, researchers found that it would take very little effort to set up multiple scanning devices within a geographic area and use it to follow your trail.

There’s another consideration to keep in mind, and that’s the Bluetooth identifiers in our vehicles.

Things like the tire sensor that alerts you to low air pressure are working via Bluetooth, and as such, a hacker could potentially track your vehicle in real time, down to the hour and the minute you left home and the route you traveled.

While that isn’t a pleasant thought, there are admittedly some harmless reasons why someone would want to track you via Bluetooth, like when you receive a notification message that says you’re near a Starbucks. However, it’s also important to note that there aren’t a lot of reasons why someone would want to do something malicious with this capability. We could become somewhat paranoid and envision various scenarios, but they aren’t entirely realistic.

So what’s the takeaway for the public?

It’s important to know that the technology works like this and that someone could come up with a way to use your own device to harm you. It’s always important to understand what privacy considerations we’re giving up when we adopt new technology. Fortunately, just like avoiding public wifi connections over concerns about hacking, if you are concerned that someone is tracking you in this way, simply turn off the Bluetooth on your device when you’re not using it.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

The internet went a little crazy with security buzz the day rumors circulated that Facebook founder and CEO Mark Zuckerberg covers the camera and mic jack on his laptop with a little sticker.

What’s the big deal about that? It spoke to the conspiracy theory-style belief that our technology could be spying on us at any time. While it might seem like just another urban legend about computers and technology, there might be more fact than fiction to the rumors about your webcam or microphone.

As it turns out, your installed camera or webcam and the accompanying microphone used to be powered by add-on software, like a Flash player or a driver. That meant you had to have compatible and updated software running behind the scenes to be able to use these tools. When laptops started coming with an installed camera and tiny mic, it only made sense that the software the runs it was also pre-installed, too.

And that’s where hackers come in.

With the camera installed—and let’s face it, it’s always on at the click of a button—and the software already in place to make it work on any site you want, it wasn’t a huge leap for outsiders to find a way to activate your camera and microphone remotely, namely through remote access Trojans. That’s a horrifying thought if your child’s laptop is on the desk in her room when she changes clothes, but it’s an even more terrifying thought if you’re the CEO of a billion-dollar company and there are meetings taking place in your office…in full view of your camera and audio range of your mic.

In order to avoid the threat, you have some options.

1. The first is to cover your laptop’s camera with a sticky note.

2. You can also disable the camera and the microphone in your computer’s settings, but depending on which operating system and model computer you have.

Tips for Android and iPhone here.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

New changes are coming to one of the internet’s favorite social media sites, Twitter. The 140-character shout out platform has recently announced the proposed changes to its users’ privacy settings, targeted advertising preferences, and data sharing.

Data gathering and privacy are hotly contested topics, especially in today’s connected world. An in-depth look at the terms and conditions for many websites might surprise you, especially when it comes to the permissions you granted over your personal information. By creating an account and clicking the “I Agree” box, you might be giving a third-party a peek into your computer use, your browsing history, your identifying information, and more.

Fortunately, the same climate that has made us cautious about sharing our information has also made companies realize that they have to safeguard our data if they want to keep us as customers. By announcing these policy changes and providing opt-out choices for many of the changes, Twitter is acknowledging that its users value a measure of privacy.

Here are some things you should know about where your information can end up, and what you can do about it:

1. Longer Storage

If you visit websites that have something called “embedded tweets,” your visits to those sites were logged by Twitter’s computers. It’s not as invasive as it sounds; instead of thinking of it as a sign-in desk at a security checkpoint in the airport, think of it more like someone looking up from that desk and saying, “Oh look, John was here.”

So why does Twitter bother? It helps them say to advertisers, “John visited [insert name] website, so he must like [whatever that website has to do with]. That makes him a potential customer, so you can send a tweet that shows up in John’s feed.”

That still might sound like you’re being followed, but remember, these targeted ads from online retailers are what make websites like Twitter free. Someone has to pay the people who operate the site, and advertising means those companies pay for it instead of the users.

Twitter will begin storing your visits to those sites for 30 days instead of 10 days, in order to be able to paint a better picture of your interests for advertisers.

2. The Big, Bad Data Sharing

This one is a little more involved and has some privacy experts proceeding with caution. Twitter is not only able to see that you visited a certain website, they can also link your browsing back to your account by authenticating the device you used to log in. Their new changes will allow them to sell what they know to third-parties, including any information they happen to know about you from your device, like your email address.

Fortunately, you have to give your consent for them to share it with those partners; Twitter assumes you gave your consent when you signed into your account, so if you don’t want a certain company to get your information, you have to go into your data settings and revoke that permission. It’s simple, just a matter of toggling the yes/no switch on your screen.

3. You Can Change Your Settings

If you don’t like the idea of Twitter following you around the internet and telling other people what you’re up to, there are some settings changes you can make.

Simply log into your account, then go to Settings and Privacy > Privacy and safety > Personalization and data. In there, you’ll find the options you need to control more of your information. You’ll also see the option to find out what categories of ads you can be sent, and make necessary changes.

Remember, using social media is a choice, and if the thought of others knowing your online behaviors doesn’t sit well with you, then you’ll have some homework to do to make sure your data isn’t gathered and shared. You can start by deactivating accounts whose practices you don’t agree with, or only visit sites that don’t share information with data collectors.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

It’s been called the biggest lie on the internet: “I have read and agree to the terms and conditions.”

For most of us, blindly checking that box and clicking “accept” are just a part of everyday life. After all, what’s the alternative to agreeing without knowing those terms? It’s either spend hours reading a novel-length legalese description of how the app functions, or not using the app by clicking “cancel.”

Now, researchers at Carnegie Melon University have created an Android-based app that will set up a profile for you based on your answers to some easy-to-understand privacy questions. Your answers will demonstrate your feelings about your security and privacy.

Do you care if advertisers send you targeted information, for example? Some users find it creepy to search for a new lawn mower online and then suddenly have their sidebars and email inbox filled with ads for lawn mowers. On the other hand, some users not only feel like it’s the price we pay for an affordable internet but also understand that if you really were searching for a new lawn mower, you’d probably like seeing ads for sales and discounts in your area.

There’s a strange catch-22 to using the app, though. It only works on Android, and on devices whose owner has allowed non-vetted, third-party apps to install. That characteristic is considered notoriously unsafe smartphone behavior as it allows you to accidentally download virus-ridden apps as well. However, the app does have a very handy feature that might make up for it, and that’s notifications that alert you to the fact that you’re about to share more information than your privacy profile’s comfort level allows.

Fortunately, there are a handful of things you can do if you’re not an Android user or you’re not ready to let an app gather up your privacy preferences.

1. Go to your settings and check your permissions. For each and every app you download, you can decide what access you give it, such as being able to use your camera and microphone, using information from your contacts list, and more.

2. You can generate a “clean” email address that you don’t use for anything but the device, meaning your personal email inbox won’t receive ads or spam that are generated due to your browsing history with the device.

3. Finally, you can turn off location settings on your phone, or at least deny apps individually the ability to figure out where you are. That will also help keep your apps from using and transmitting your location, but remember that some apps (like your GPS) will need it in order to function.


If you think you may be a victim of identity theft, contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. 

Parents have been cautioned for decades about the need to monitor their children’s internet use in order to avoid various threats.

Whether it’s online predators, identity thieves who steal information, sites, and downloads that are rife with viruses, parents have the never-ending job of ensuring their young ones have fun and freedom while still avoiding every manner of risk.

Now that we’ve entered the mobile device age, parents have an even harder job. Video and music content can easily be accessed without permission, and many of the sites that advertise “free” top-rated content to young users are actually filled with viruses. Games can be downloaded instantly after a friend shows it to them at school, and the app may be able to steal unbelievable amounts of personal information through their permissions.

As always, predators can use a wide variety of apps to find and connect with your child.

Even more frightening, many apps have notifications that alert your child to a new message automatically; depending on your settings, your child can see these messages all throughout the day, even when you think they aren’t online and even when you’re not around to help them through it.

Recently, news headlines have flooded the global media about a popular app that targeted young people, encouraging them to commit acts of violence, self-harm, and even suicide. Russian authorities have supposedly arrested the app’s developer in connection with multiple reported suicides, although the list of charges is very vague. Schools around the US have now warned parents about the dangers of the app, but fortunately, it is beginning to look a lot like an internet “urban legend;” that doesn’t mean there aren’t copycat apps and other developers waiting to do something similar, though.

While there are countless “monitoring” apps to help you stay on top of your child’s mobile device activity, nothing will ever replace accurate, age-appropriate information and awareness. No matter how you choose to help your child be aware of online dangers, there is no other tool in your arsenal that compares to open conversation. Besides the need for ongoing talks as new dangers and new freedoms arise, it’s vital that your children understand there is no mistake they can ever make online that you cannot help them address and correct. Criminals who prey on young people are using fear of humiliation and fear of parental repercussions as their weapons, so stripping away that fear through open dialogue can literally mean the difference between life and death.


If you think you may be a victim of identity theft, contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App.

You know the saying: “Nothing is ever deleted from the internet, and nothing is ever private.”

While there are some obvious exceptions to that rule, it serves as a good mantra for how you should treat your digital content. Photos, social media posts and accounts, and other personal internet activity may be set to the strictest privacy settings possible, but they can still be stolen and used for someone else’s gain.

The recent news about dating site Tinder is a perfect example. Stuart Colianni wrote a software script that was able to “scrape” more than 40,000 pictures from the site at the push of a button. These pictures had been uploaded by Tinder users, some of them to be used as their profile pictures, and others just to provide more information about them to potential matches.

Colianni uploaded those images to a folder online, then made it available for anyone who wanted to use it. He even established a public domain license, and within the first three days of being available, more than 300 people had downloaded them.

What would possess someone to publicly expose the photos of people with private dating site pictures? In this particular case, it really just comes down to selfish gain. Colianni has been working for some time on an improvement to current facial recognition innovations, and he wanted a collection of faces of people who all live in the same geographic region. The Tinder users he targeted all live in the San Francisco Bay area, and presumably, once his programming “learns” their faces, he can walk the streets in search of these people. This data set created from the stolen images isn’t exactly being used to break the law, but it was a pretty underhanded way to get access to a lot of different faces.

Unfortunately, what Colianni did might not even be illegal. By agreeing to open Tinder accounts and by uploading the pictures themselves, the users made it possible for someone else to see them. In fact, if Tinder had actually sold the photos to Colianni, this wouldn’t even be a news story; their terms of service that you agree to when you create your account clearly state that they’re allowed to use any photos you post on their site, pretty much in any way they want to.

However, Tinder didn’t sell the photos, and they’re not very pleased about Colianni’s use of their customers’ content. They’ve issued a statement to the effect that it violates their user terms, and that they’re launching an investigation.

While the details of this issue continue to emerge—and undoubtedly, new terms of service or even privacy regulations could come of it—it’s a shining example of how your online content is not as “protected” as you might think. It’s important to understand that stealing your photo and using it in another way is not only possible but in some cases, it isn’t even considered wrong. Protect yourself and your family by talking about safe photos and posts, safe places to upload them, and safe practices for protecting your privacy.


If you think you may be a victim of identity theft, contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App.

In the fight to protect your privacy, there are a few tools at your disposal. One tool, MAC address randomization, has long been thought of as a way to keep prying eyes off your internet connections, no matter where you were.

What is a MAC address? It is a unique multi-digit number that identifies your device when it connects to the internet. If you connect over a public Wi-Fi connection, someone who’s monitoring your MAC address will know when you connect again in the future, when you disconnect, and so on. But techxperts learned a simple trick a long time ago: by generating new, random MAC addresses each time you connect, you should be able to avoid having public Wi-Fi owners track your movements or activity. This tracking is typically used for advertising purposes, like sending you an online ad if you happened to pass by that store again, but in some cases it could be used to find out when you enter a competitor’s store, for example. For some consumers, that’s a little too much like Big Brother watching.

Unfortunately, MAC address randomization has now been found to be not quite as foolproof as we originally thought. A new study by researchers at the US Naval Academy uncovered flaws and vulnerabilities that allowed them to track one hundred percent of the devices they were following. There’s a very technicalexplanation of the researchers’ findings in this article, but the takeaway is that this technique may not do anything to protect your privacy after all.

There’s a long-standing rule of the thumb when it comes to privacy and technology: you’re not as safe as you think. We have software to thwart viruses, firewalls to prevent malicious code from sneaking in over the internet, VPNs to “trick” spies into not seeing our activity or knowing our location, parental control filters to keep our children safe online, and so much more. But the end result is that hackers keep finding workarounds to the protective measures we rely on. Does that mean we just ignore the danger and not install these safety protocols? Of course not. But there is a very important truth that all tech users must understand.

Nothing will ever replace diligent attention to your online accounts and internet activity. Whether it’s trying to avoid being “followed” over public Wi-Fi or preventing your ISP from selling your history and data to advertisers, taking your own privacy steps is critical. Relying solely on technology without safeguarding your information and your family for yourself is too big a risk.

If you think you may be a victim of identity theft, contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App.

Privacy advocates and law enforcement are currently at odds over this issue when it comes to internet activity. In a recent case, a search warrant has been issued to Google over an identity theft crime.

The victim in the case had funds stolen from their bank account, and the transactions were completed due to a fake U.S. passport.  With so much information about the victim used in the crime—including name, birthdate, a photo, and Social Security number—someone may have gained access to this person’s personal data online.

The search warrant in question is what has experts concerned. Authorities investigating the case want Google to turn over any information they have, including IP addresses, for anyone who searched for the victim’s name online between December 2016 and January 2017. A judge has found sufficient reason for the information to be turned over to the police, and has signed off on the warrant.

As might be expected, Google is not pleased by this request. Anyone is free to use the search engine, whether they create a Google account or not, so providing the IP address of every individual who searched for that name would not necessarily mean they’d uncovered the guilty party. Moreover, there’s a matter of trust at stake; tech users aren’t fond of having their internet activity tracked and they certainly don’t want that information turned over to the authorities.

This type of conundrum is a fact of the digital age, and it’s possible that it will only grow as new forms of internet crimes and new methods of investigation come along. As with any type of criminal matter, it’s important to weigh the right to privacy against the needs of society, and vice versa.

If you think you may be a victim of identity theft, contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App.

A recent 50-48 Senate vote seeks to overturn privacy regulations enacted under the Obama administration.

The rule basically barred internet service providers (ISPs) from gathering, storing, and then selling your internet use to advertising firms or other interested parties. The privacy regulations were enacted last fall by the Democratic majority at the Federal Communications Commission, something Republican leaders have been working to undo.

These regulations in no way interfered with the work of law enforcement, but instead pertained primarily to advertisers. So what’s wrong with advertisers knowing a little bit of information about you? After all, advertising makes the internet affordable, and wouldn’t you rather only see ads for products you actually want?

Take this example. Mastercard filed a patent in 2015 for a concept that allows it to track your purchases and then sell that information online. One of the proposed purposes is reportedly figuring out what size clothing you buy, what types of food you buy, whether you have a gym membership or not…and then informing the transportation companies about your approximate size based simply on your purchase history. In theory, this could be used to spread passengers’ weight evenly throughout the plane, train, or bus, but privacy advocates fear that it’s really about discriminating against overweight consumers by charging larger passengers a higher fare.

In a much more ominous case, law enforcement officials were granted a warrant that was served to Google, demanding all of the IP addresses—the “signature” that individual computer connections are assigned when online—for everyone who searched for a specific person’s name over a two-month period. The name belongs to a victim of identity theft, and officials want to locate everyone who looked up the victim’s name. Google, who states that it doesn’t even have the technology to track and provide that information, has refused to comply on the grounds that IP addresses are not as foolproof as something like fingerprints and therefore don’t provide the name of the actual perpetrator.

Some politicians say this move to strip away the privacy regulations won’t change anything about consumers’ internet privacy, but techxpertsdisagree. One of the chief rules in these regulations is that your ISP has to get your permission before turning over your internet browsing history, the apps you use, your health and fitness information (something that’s gathered if you use a fitness tracker, for example), and your physical location.

One of the interesting features about today’s current political climate is the fresh wave of activism that citizens are engaged in nationwide. More and more consumers are reaching out to their representatives and weighing in on a large number of hot-button topics, and advocates expect that this issue will be no different. Individuals who wish to contact their Representatives—as the vote will now go to the House—can locate their names and contact information by clicking here.

If you think you may be a victim of identity theft, contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App.