Archive for the ‘Issues’ Category

Why does a town of 8,300 people need an armored vehicle and a SWAT team?

Posted: July 24, 2013 by IntentionalPrivacy in Personal safety, Privacy, Vulnerabilities
Tags: , , , ,

I recently read an article called the “Rise of the Warrior Cop” in the Wall Street Journal. Ordinarily, I would tend to blow off an article such as this.

Except there are too many articles like these:

Reasonable search and seizure? It’s supposed to be a right guaranteed by the Fourth Amendment of the Bill of Rights.

Filter bubbles and online privacy …

Posted: July 15, 2013 by IntentionalPrivacy in Browser Vulnerabilities, Privacy, Security or Privacy Initiatives
Tags: , , , , , , , ,

A filter bubble is when the results of doing an Internet search are targeted to you–your likes, your age, your location, your click history, and other aggregated information–meaning that you don’t see objective results when you search. It also means that advertiser links can be targeted more closely to what you might purchase. For an interesting look at filter bubbles, check out this information page at https://duckduckgo.com/?kad=en_US. The comments at the bottom of the page are very enlightening.

But is your information private when you search using DuckDuckGo? Maybe. You can read more about Web privacy and the NSA at Duck Duck Go: Illusion of Privacy and CNN’s How the U.S. forces Net firms to cooperate on surveillance.

For a more in-depth look at how Google personalizes your searches, read Personalized Search for Everyone and look at your Google Web History here [you must be signed in to a Google account to view this page]. You can turn off search history personalization by following instructions here.

To see who’s tracking you as you surf the Web, install a Firefox add-on called Collusion; it’s eye-opening!

For more reading on the NSA and privacy, read Bruce Schneier’s Crypto-Gram Newsletter; always fascinating!

How your privacy can be invaded …

Posted: June 22, 2013 by IntentionalPrivacy in Privacy, Social media
Tags: , , , , ,

This article about how you give up your privacy from CNN is eye-opening, http://www.cnn.com/2013/06/13/living/buzzfeed-data-mining/index.html?iid=article_sidebar

I tried the link listed in the article http://youarewhatyoulike.com/. I thought their specific findings were interesting although not all that accurate.

Data Mining Is Scary

How does shopping affect my privacy?

I like the products that Target carries and the stores are usually clean and well-stocked. You can even sometimes find a clerk to help you when you need one. But I am seriously creeped out by the amount of data they carry on each person who shops there. A couple of weeks ago, I bought some items at Target and the clerk was very aggressive about getting me to sign up for their “REDcard.” The REDcard is a Target-branded debit card that allows you to save an extra 5% on your purchases from their stores. I declined, saying  I wanted to find out more information before I signed up and I was also in a hurry, but the clerk kept pushing, which only reinforced my decision not to sign up. My husband was surprised at my decision because I like to save money. But I value my privacy and I also don’t like feeling I’m being railroaded into a hasty decision that I might regret later.

When I got home, I immediately started researching the Target REDcard. I am not the only person to find their data-mining tactics offensive. If you’re interested, you can read this NY Times article on how organizations data mine an individual’s shopping habits http://www.nytimes.com/2012/02/19/magazine/shopping-habits.html?_r=5&ref=business&pagewanted=all&

Credit.com also wrote a series of articles on the Target REDcard:

What’s the bottom line?

  1. Read those pesky agreements that you receive when you sign up for any kind of debit/credit card. If you don’t like the terms, don’t accept the card.
  2. The Electronic Frontier Foundation has some great articles on protecting your privacy. I highly recommend “4 Simple Changes to Stop Online Tracking.”
  3. You can remove tracking cookies specific to a website by following these directions http://www.ehow.com/how_6367641_remove-amazon-tracking-cookies.html or you can decide not to accept any third-party cookies.
  4. Install browser tools such as Ghostery or AdBlockPlus, and enable Do Not Track.
  5. Here’s an article on how to opt out of Facebook’s ads http://gizmodo.com/5989550/how-to-opt-out-of-facebooks-new-targeted-ads

Child Identity Theft

Posted: June 21, 2013 by IntentionalPrivacy in First Steps, Identity theft
Tags: , , , ,

Do you check your child’s credit reports?

It’s really important that you check your child’s credit report while he or she is a child because a child whose identity is stolen can have problems finding a job, getting credit, or renting a place to live after they become an adult. The older the records, the more difficult they are to clean up. How can someone get credit in the name of a juvenile? Credit reporting agencies do not have a foolproof way to check age when financial information is posted, so it is difficult for them to know that the victim is a child.

And what if your school has a data breach? Yes, that happens. You can check different types of breaches that have been made public at http://www.privacyrights.org/data-breach

Also think about what information you allow to be public about your children … on Facebook, at schools or school events, through Twitter.

For more information about protecting your child’s identity, consult the Identity Theft Resource Center article on “Identity Theft and Children.” http://www.idtheftcenter.org/artman2/publish/v_fact_sheets/Fact_Sheet_120.shtml The FTC also has a very good article on child identity theft at http://www.consumer.ftc.gov/articles/0040-child-identity-theft

NSA peepers

Posted: June 9, 2013 by IntentionalPrivacy in Cell phone, Privacy, Social media
Tags: , , , , ,

Coming on the heels of the Verizon snooping story last week is a remarkable article by The Washington Post that alleges the NSA collects data, codenamed “PRISM,” from “Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, Apple.” http://www.washingtonpost.com/investigations/us-intelligence-mining-data-from-nine-us-internet-companies-in-broad-secret-program/2013/06/06/3a0c0da8-cebf-11e2-8845-d970ccb04497_story.html Make sure you watch the video also.

Then there’s the AP surveillance case, which you can read about here.

One of my favorite quotes from one of my favorite movies, Sneakers, is where Cosmo saysThere’s a war out there, old friend. A world war. And it’s not about who’s got the most bullets. It’s about who controls the information. What we see and hear, how we work, what we think… it’s all about the information!”

Yes, I believe that’s true.

Business Insider wrote another article here about a statement issued by US Director of National Intelligence James R. Clapper Jr., which declares PRISM is used lawfully to gather foreign intelligence.

What can you do about snooping?

  • Don’t use Facebook, Yahoo, Hotmail, Gmail, Skype, YouTube, etc.
  • Maintain your super secret data on an encrypted computer running something like SELinux using TEMPEST technologies that never connects to the Internet. Never!
  • Don’t use a cell phone to make important calls and don’t carry a cell phone with you. In fact, don’t make important calls from land lines either.
  • Have your super secret conversations in person in a windowless room that you’ve swept for bugs.
  • You ought to be shredding your discarded paperwork anyway!

I mean, I could go on … but is any of this practical? Not really (except for the shredding).

The ACLU says:

In 2012, Sens. Ron Wyden (D-Ore.) and Mark Udall (D-Colo.) wrote, “When the American people find out how their government has secretly interpreted the Patriot Act, they are going to be stunned and they are going to be angry.”

Am I surprised about the WP expose article? No. The sad thing? Do I feel safer because of this snooping? No, not really. Yes, I understand that there have to be tradeoffs between privacy and security.

Electronic car fobs hacked by car thieves

Posted: June 6, 2013 by IntentionalPrivacy in Identity theft, Issues, Personal safety, Vulnerabilities
Tags: , , ,

Electronic car fobs broken by car thieves

I’ve said it before and I’ll say it again: Do not leave valuables in sight in your car. TODAY goes on to recommend that you don’t leave your garage door opener or your car registration in your car either. You’re leaving yourself open to a home invasion and identity theft as well.

Is anybody surprised that Gmail Vault permanently stores drafts of email?

Posted: June 3, 2013 by IntentionalPrivacy in Privacy
Tags: , , ,

I read an article at SC magazine yesterday about how Gmail Vault saves every draft of every email–as well as versions of drafts–timestamped, sent or unsent, from a Gmail account that uses Vault. Vault is an email storage service that costs $5/month for organizations that use Google Apps.

If the organization that you work for uses Gmail for their email server, then they could have access to every email in Vault without even having to ask for your credentials. Note: this doesn’t mean that your organization will access your email, or even that it’s legal, but they could have access if they wanted it.

What does this mean to you?

  1. Don’t assume you have privacy in organizational email. You really don’t.
  2. Don’t assume your personal email is private, unless you use some kind of encrypted email program. Think of any information sent in email as being sent on a postcard.
  3. Don’t send personal email from your organization’s email, even those pictures of cute kittens.
  4. Don’t receive personal email to your organization’s email. Not only is it unprofessional, but do you want your boss to have the possibility of knowing … about family, medical, or financial issues? (Or see those pictures of cute kittens?)
  5. If you need to start an email that you’re not sure you want to send, write it out on paper. That can be shredded and will be difficult to reconstruct.

That article brings up another question: How can you encrypt personal  email? There are some alternatives to investigate to see if one of them will work for your situation. Here are some providers of free, secured email:

  • A Canadian company called Hushmail offers free encrypted email. You can see what they offer at https://www.hushmail.com/. But anyone you send Hushmail to has to have a public encryption key or also sign up with Hushmail.
  • S-Mail is an Irish company; their email encryption service is also free. You can investigate them further at http://s-mail.com/
  • Comodo SecureEmail also has a version that’s free for personal use, which works with Windows. Comodo is an international company with a US headquarters based in Clifton, NJ. Their product is explained here http://www.comodo.com/home/email-security/secure-email.php

I’m going to test drive each of them and report back on ease of use.

http://www.scmagazine.com.au/News/344955,google-vault-saves-every-gmail-draft-youve-ever-written.aspx

Leave no trace …

Posted: May 31, 2013 by IntentionalPrivacy in Cell phone, Privacy, Security or Privacy Initiatives, Social media
Tags: , , , ,

I ran across this new app called “Wickr,” available from the iTunes store. I haven’t tested it yet, but it sounds amazing. It is supposed to be available for Android soon. Best of all, the basic version is FREE.

What does Wickr do? It’s an app that sends encrypted communications—photos, video, texts, email—to people you trust. Then, at a predetermined time, that communication will self destruct. It uses Advanced Encryption Standard (AES), Elliptic Curve Diffie-Hellman (ECDH), and Transport Layer Security (TLS) algorithms for encryption, which Wickr talks about here https://www.mywickr.com/en/downloads/RSA_Security_Announcement.pdf

Caveat: Don’t lose your password! You lose access to your account. Also, make sure that you read the “Frequently Asked Support Questions” before you install the app, so that you understand how it works.

More stories about Wickr:

http://news.cnet.com/8301-1009_3-57462189-83/wickr-an-iphone-encryption-app-a-3-year-old-can-use/

http://www.npr.org/2012/12/04/166464858/online-privacy-fix

http://bits.blogs.nytimes.com/2012/06/27/an-app-that-encrypts-shreds-hashes-and-salts/

How Authentication Can Save Your Information

Posted: May 26, 2013 by IntentionalPrivacy in Identity theft, Privacy, Social media, Tips, Vulnerabilities
Tags: , , , , , , , , , ,

Twitter recently added a new security feature that allows you to have your phone send a security code that you use as your passcode when you log in. While it’s true that using more than one type of account verification can make your account safer, does Twitter’s new two-factor authentication really make your account safer? Maybe not. Watch Josh Alexander explain it in this YouTube video and decide for yourself: Personally, I agree with Josh Alexander that Twitter’s SMS-based two-factor as presented in the video doesn’t go far enough to protect your information.

What makes a safer log-in? Well, believe it or not, when your bank makes you enter your user name on one screen [hopefully using HTTPS; there should be a lock somewhere on the page] and then the next screen has a picture that you chose and/or asks a challenge question or might even save information about your computer like the IP address. If the picture is wrong or you expected challenge questions that didn’t appear, don’t log in! If you log in from a different computer, you may get one or more challenge questions that you must answer before you’re authorized to enter your account. Adding SMS onto one or more of these authentication methods might make your log-in safer.

Yes, it’s painful, but it’s safer.

Why is what the bank does safer than what Twitter’s doing?

Because if you’re not really at the bank’s site, the hackers won’t  know which picture you chose or the correct challenge questions to ask you. Hackers can’t (yet) make a bank website using your picture or the correct challenge questions, so it won’t be your account log-in.

What else makes online banking safer? According to this article http://news.yahoo.com/blogs/upgrade-your-life/banking-online-not-hacked-182159934.html, use WPA2 on your home wireless router, make sure your computer is virus free (OS patched, use an up-to-date antivirus program), and don’t use public Wi-Fi nor public computers. Another tip: Don’t choose challenge questions that anyone could easily find out about you, such as your mother’s maiden name. Under some circumstances, you can use your phone for online banking. Make sure you use a password screen lock on your phone. They also recommended that you have a remote wipe program installed on the phone; if your phone is lost or stolen you can remotely delete all the data off your phone. (Yes, remote wipe actually works. I tried it and bricked my iPhone, but the Apple Geniuses came through like champs!)

Payment cards that are Near Field Communication (NFC) are experiencing charging errors in the UK

Posted: May 19, 2013 by IntentionalPrivacy in Financial vulnerabilities, Privacy, Vulnerabilities
Tags: , ,

Payment cards that are Near Field Communication (NFC) are experiencing charging errors in the UK

What is NFC you say? It’s a card that is intended to work without it having to touch the card reader. The problem is some people are getting charged twice even though they didn’t take the card out of their wallets or purse. It’s a good idea to get a RFID-shielding cover for your debit / credit cards and your passport. Or you can make a cover from aluminum foil, instructions here http://www.rpi-polymath.com/ducttape/RFIDWallet.php

Note: the cover might not keep the card or passport from being read entirely, but it will cut down on the distance that the contents can be read at.

I do not recommend trying to damage the RFID chip.

This story is a timely reminder to keep an eye on your financial transactions!

Older Entries
Newer Entries