Archive for June, 2013

How your privacy can be invaded …

Posted: June 22, 2013 by IntentionalPrivacy in Privacy, Social media
Tags: , , , , ,

This article about how you give up your privacy from CNN is eye-opening, http://www.cnn.com/2013/06/13/living/buzzfeed-data-mining/index.html?iid=article_sidebar

I tried the link listed in the article http://youarewhatyoulike.com/. I thought their specific findings were interesting although not all that accurate.

Data Mining Is Scary

How does shopping affect my privacy?

I like the products that Target carries and the stores are usually clean and well-stocked. You can even sometimes find a clerk to help you when you need one. But I am seriously creeped out by the amount of data they carry on each person who shops there. A couple of weeks ago, I bought some items at Target and the clerk was very aggressive about getting me to sign up for their “REDcard.” The REDcard is a Target-branded debit card that allows you to save an extra 5% on your purchases from their stores. I declined, saying  I wanted to find out more information before I signed up and I was also in a hurry, but the clerk kept pushing, which only reinforced my decision not to sign up. My husband was surprised at my decision because I like to save money. But I value my privacy and I also don’t like feeling I’m being railroaded into a hasty decision that I might regret later.

When I got home, I immediately started researching the Target REDcard. I am not the only person to find their data-mining tactics offensive. If you’re interested, you can read this NY Times article on how organizations data mine an individual’s shopping habits http://www.nytimes.com/2012/02/19/magazine/shopping-habits.html?_r=5&ref=business&pagewanted=all&

Credit.com also wrote a series of articles on the Target REDcard:

What’s the bottom line?

  1. Read those pesky agreements that you receive when you sign up for any kind of debit/credit card. If you don’t like the terms, don’t accept the card.
  2. The Electronic Frontier Foundation has some great articles on protecting your privacy. I highly recommend “4 Simple Changes to Stop Online Tracking.”
  3. You can remove tracking cookies specific to a website by following these directions http://www.ehow.com/how_6367641_remove-amazon-tracking-cookies.html or you can decide not to accept any third-party cookies.
  4. Install browser tools such as Ghostery or AdBlockPlus, and enable Do Not Track.
  5. Here’s an article on how to opt out of Facebook’s ads http://gizmodo.com/5989550/how-to-opt-out-of-facebooks-new-targeted-ads

Child Identity Theft

Posted: June 21, 2013 by IntentionalPrivacy in First Steps, Identity theft
Tags: , , , ,

Do you check your child’s credit reports?

It’s really important that you check your child’s credit report while he or she is a child because a child whose identity is stolen can have problems finding a job, getting credit, or renting a place to live after they become an adult. The older the records, the more difficult they are to clean up. How can someone get credit in the name of a juvenile? Credit reporting agencies do not have a foolproof way to check age when financial information is posted, so it is difficult for them to know that the victim is a child.

And what if your school has a data breach? Yes, that happens. You can check different types of breaches that have been made public at http://www.privacyrights.org/data-breach

Also think about what information you allow to be public about your children … on Facebook, at schools or school events, through Twitter.

For more information about protecting your child’s identity, consult the Identity Theft Resource Center article on “Identity Theft and Children.” http://www.idtheftcenter.org/artman2/publish/v_fact_sheets/Fact_Sheet_120.shtml The FTC also has a very good article on child identity theft at http://www.consumer.ftc.gov/articles/0040-child-identity-theft

NSA peepers

Posted: June 9, 2013 by IntentionalPrivacy in Cell phone, Privacy, Social media
Tags: , , , , ,

Coming on the heels of the Verizon snooping story last week is a remarkable article by The Washington Post that alleges the NSA collects data, codenamed “PRISM,” from “Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, Apple.” http://www.washingtonpost.com/investigations/us-intelligence-mining-data-from-nine-us-internet-companies-in-broad-secret-program/2013/06/06/3a0c0da8-cebf-11e2-8845-d970ccb04497_story.html Make sure you watch the video also.

Then there’s the AP surveillance case, which you can read about here.

One of my favorite quotes from one of my favorite movies, Sneakers, is where Cosmo saysThere’s a war out there, old friend. A world war. And it’s not about who’s got the most bullets. It’s about who controls the information. What we see and hear, how we work, what we think… it’s all about the information!”

Yes, I believe that’s true.

Business Insider wrote another article here about a statement issued by US Director of National Intelligence James R. Clapper Jr., which declares PRISM is used lawfully to gather foreign intelligence.

What can you do about snooping?

  • Don’t use Facebook, Yahoo, Hotmail, Gmail, Skype, YouTube, etc.
  • Maintain your super secret data on an encrypted computer running something like SELinux using TEMPEST technologies that never connects to the Internet. Never!
  • Don’t use a cell phone to make important calls and don’t carry a cell phone with you. In fact, don’t make important calls from land lines either.
  • Have your super secret conversations in person in a windowless room that you’ve swept for bugs.
  • You ought to be shredding your discarded paperwork anyway!

I mean, I could go on … but is any of this practical? Not really (except for the shredding).

The ACLU says:

In 2012, Sens. Ron Wyden (D-Ore.) and Mark Udall (D-Colo.) wrote, “When the American people find out how their government has secretly interpreted the Patriot Act, they are going to be stunned and they are going to be angry.”

Am I surprised about the WP expose article? No. The sad thing? Do I feel safer because of this snooping? No, not really. Yes, I understand that there have to be tradeoffs between privacy and security.

Electronic car fobs hacked by car thieves

Posted: June 6, 2013 by IntentionalPrivacy in Identity theft, Issues, Personal safety, Vulnerabilities
Tags: , , ,

Electronic car fobs broken by car thieves

I’ve said it before and I’ll say it again: Do not leave valuables in sight in your car. TODAY goes on to recommend that you don’t leave your garage door opener or your car registration in your car either. You’re leaving yourself open to a home invasion and identity theft as well.

Is anybody surprised that Gmail Vault permanently stores drafts of email?

Posted: June 3, 2013 by IntentionalPrivacy in Privacy
Tags: , , ,

I read an article at SC magazine yesterday about how Gmail Vault saves every draft of every email–as well as versions of drafts–timestamped, sent or unsent, from a Gmail account that uses Vault. Vault is an email storage service that costs $5/month for organizations that use Google Apps.

If the organization that you work for uses Gmail for their email server, then they could have access to every email in Vault without even having to ask for your credentials. Note: this doesn’t mean that your organization will access your email, or even that it’s legal, but they could have access if they wanted it.

What does this mean to you?

  1. Don’t assume you have privacy in organizational email. You really don’t.
  2. Don’t assume your personal email is private, unless you use some kind of encrypted email program. Think of any information sent in email as being sent on a postcard.
  3. Don’t send personal email from your organization’s email, even those pictures of cute kittens.
  4. Don’t receive personal email to your organization’s email. Not only is it unprofessional, but do you want your boss to have the possibility of knowing … about family, medical, or financial issues? (Or see those pictures of cute kittens?)
  5. If you need to start an email that you’re not sure you want to send, write it out on paper. That can be shredded and will be difficult to reconstruct.

That article brings up another question: How can you encrypt personal  email? There are some alternatives to investigate to see if one of them will work for your situation. Here are some providers of free, secured email:

  • A Canadian company called Hushmail offers free encrypted email. You can see what they offer at https://www.hushmail.com/. But anyone you send Hushmail to has to have a public encryption key or also sign up with Hushmail.
  • S-Mail is an Irish company; their email encryption service is also free. You can investigate them further at http://s-mail.com/
  • Comodo SecureEmail also has a version that’s free for personal use, which works with Windows. Comodo is an international company with a US headquarters based in Clifton, NJ. Their product is explained here http://www.comodo.com/home/email-security/secure-email.php

I’m going to test drive each of them and report back on ease of use.

http://www.scmagazine.com.au/News/344955,google-vault-saves-every-gmail-draft-youve-ever-written.aspx