Posts Tagged ‘privacy’

Do you check your child’s credit reports?

It’s really important that you check your child’s credit report while he or she is a child because a child whose identity is stolen can have problems finding a job, getting credit, or renting a place to live after they become an adult. The older the records, the more difficult they are to clean up. How can someone get credit in the name of a juvenile? Credit reporting agencies do not have a foolproof way to check age when financial information is posted, so it is difficult for them to know that the victim is a child.

And what if your school has a data breach? Yes, that happens. You can check different types of breaches that have been made public at http://www.privacyrights.org/data-breach

Also think about what information you allow to be public about your children … on Facebook, at schools or school events, through Twitter.

For more information about protecting your child’s identity, consult the Identity Theft Resource Center article on “Identity Theft and Children.” http://www.idtheftcenter.org/artman2/publish/v_fact_sheets/Fact_Sheet_120.shtml The FTC also has a very good article on child identity theft at http://www.consumer.ftc.gov/articles/0040-child-identity-theft

NSA peepers

Posted: June 9, 2013 by IntentionalPrivacy in Cell phone, Privacy, Social media
Tags: , , , , ,

Coming on the heels of the Verizon snooping story last week is a remarkable article by The Washington Post that alleges the NSA collects data, codenamed “PRISM,” from “Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, Apple.” http://www.washingtonpost.com/investigations/us-intelligence-mining-data-from-nine-us-internet-companies-in-broad-secret-program/2013/06/06/3a0c0da8-cebf-11e2-8845-d970ccb04497_story.html Make sure you watch the video also.

Then there’s the AP surveillance case, which you can read about here.

One of my favorite quotes from one of my favorite movies, Sneakers, is where Cosmo saysThere’s a war out there, old friend. A world war. And it’s not about who’s got the most bullets. It’s about who controls the information. What we see and hear, how we work, what we think… it’s all about the information!”

Yes, I believe that’s true.

Business Insider wrote another article here about a statement issued by US Director of National Intelligence James R. Clapper Jr., which declares PRISM is used lawfully to gather foreign intelligence.

What can you do about snooping?

  • Don’t use Facebook, Yahoo, Hotmail, Gmail, Skype, YouTube, etc.
  • Maintain your super secret data on an encrypted computer running something like SELinux using TEMPEST technologies that never connects to the Internet. Never!
  • Don’t use a cell phone to make important calls and don’t carry a cell phone with you. In fact, don’t make important calls from land lines either.
  • Have your super secret conversations in person in a windowless room that you’ve swept for bugs.
  • You ought to be shredding your discarded paperwork anyway!

I mean, I could go on … but is any of this practical? Not really (except for the shredding).

The ACLU says:

In 2012, Sens. Ron Wyden (D-Ore.) and Mark Udall (D-Colo.) wrote, “When the American people find out how their government has secretly interpreted the Patriot Act, they are going to be stunned and they are going to be angry.”

Am I surprised about the WP expose article? No. The sad thing? Do I feel safer because of this snooping? No, not really. Yes, I understand that there have to be tradeoffs between privacy and security.

Electronic car fobs broken by car thieves

I’ve said it before and I’ll say it again: Do not leave valuables in sight in your car. TODAY goes on to recommend that you don’t leave your garage door opener or your car registration in your car either. You’re leaving yourself open to a home invasion and identity theft as well.

I ran across this new app called “Wickr,” available from the iTunes store. I haven’t tested it yet, but it sounds amazing. It is supposed to be available for Android soon. Best of all, the basic version is FREE.

What does Wickr do? It’s an app that sends encrypted communications—photos, video, texts, email—to people you trust. Then, at a predetermined time, that communication will self destruct. It uses Advanced Encryption Standard (AES), Elliptic Curve Diffie-Hellman (ECDH), and Transport Layer Security (TLS) algorithms for encryption, which Wickr talks about here https://www.mywickr.com/en/downloads/RSA_Security_Announcement.pdf

Caveat: Don’t lose your password! You lose access to your account. Also, make sure that you read the “Frequently Asked Support Questions” before you install the app, so that you understand how it works.

More stories about Wickr:

http://news.cnet.com/8301-1009_3-57462189-83/wickr-an-iphone-encryption-app-a-3-year-old-can-use/

http://www.npr.org/2012/12/04/166464858/online-privacy-fix

http://bits.blogs.nytimes.com/2012/06/27/an-app-that-encrypts-shreds-hashes-and-salts/

Twitter recently added a new security feature that allows you to have your phone send a security code that you use as your passcode when you log in. While it’s true that using more than one type of account verification can make your account safer, does Twitter’s new two-factor authentication really make your account safer? Maybe not. Watch Josh Alexander explain it in this YouTube video and decide for yourself: Personally, I agree with Josh Alexander that Twitter’s SMS-based two-factor as presented in the video doesn’t go far enough to protect your information.

What makes a safer log-in? Well, believe it or not, when your bank makes you enter your user name on one screen [hopefully using HTTPS; there should be a lock somewhere on the page] and then the next screen has a picture that you chose and/or asks a challenge question or might even save information about your computer like the IP address. If the picture is wrong or you expected challenge questions that didn’t appear, don’t log in! If you log in from a different computer, you may get one or more challenge questions that you must answer before you’re authorized to enter your account. Adding SMS onto one or more of these authentication methods might make your log-in safer.

Yes, it’s painful, but it’s safer.

Why is what the bank does safer than what Twitter’s doing?

Because if you’re not really at the bank’s site, the hackers won’t  know which picture you chose or the correct challenge questions to ask you. Hackers can’t (yet) make a bank website using your picture or the correct challenge questions, so it won’t be your account log-in.

What else makes online banking safer? According to this article http://news.yahoo.com/blogs/upgrade-your-life/banking-online-not-hacked-182159934.html, use WPA2 on your home wireless router, make sure your computer is virus free (OS patched, use an up-to-date antivirus program), and don’t use public Wi-Fi nor public computers. Another tip: Don’t choose challenge questions that anyone could easily find out about you, such as your mother’s maiden name. Under some circumstances, you can use your phone for online banking. Make sure you use a password screen lock on your phone. They also recommended that you have a remote wipe program installed on the phone; if your phone is lost or stolen you can remotely delete all the data off your phone. (Yes, remote wipe actually works. I tried it and bricked my iPhone, but the Apple Geniuses came through like champs!)

Do you think more public surveillance cameras will make you safer? Will they make you feel safer? Or will they allow the authorities to track down perpetrators more easily? Reason.com’s article “Saying Privacy Is ‘Off the Table,’ NYC Police Commissioner Demands more Surveillance Cameras” is very enlightening.

DHS can seize your electronic devices at border

Posted: February 11, 2013 by IntentionalPrivacy in Privacy, Traveling
Tags: , , ,

Read this article at http://www.wired.com/threatlevel/2013/02/electronics-border-seizures/ about how the Department of Homeland Security (DHS) can seize and search your electronic devices at the border without cause. The border as defined by DHS extends 100 miles inland from the physical US border.

How long can they keep your devices? It’s not really defined, although according to the Electronic Frontier Foundation (EFF), devices are usually return within 5 days.  How long can DHS keep your data and what can they do with it? Again, according to the EFF, procedures are not clear for handling sensitive or confidential data.

If you need to travel with electronics, the EFF has a guide on how to “make your data less vulnerable at the border” at https://www.eff.org/deeplinks/2010/11/effs-guide-protecting-devices-data-border. Always make sure that you back up your data before traveling, just in case any of your electronic devices are confiscated, lost, stolen, or damaged.

If you value your privacy, the EFF website is worth reading on a regular basis.

Facebook and More Privacy Issues…

Posted: February 8, 2013 by IntentionalPrivacy in Privacy
Tags: , ,

Read this article about a new feature that Facebook has in beta. If you value your privacy–even if you don’t have a Facebook account–it will scare you.  http://slashdot.org/topic/cloud/facebooks-graph-search-kiss-your-privacy-goodbye/ As Jeff Cogswell, the author, recommends, try the three searches at the middle of the page https://www.facebook.com/about/graphsearch/privacy.

I don’t post much on Facebook, but I still don’t like it! Not one little bit.

What is Universal Plug and Play? It is a protocol that allows network devices to talk to each other and it often runs on devices unless it is turned off. I have listed a few examples of devices that might have it enabled, which include such devices as home routers, printers, smart TVs, IP cameras, and home automation systems, but there could be many other types of devices that could have it turned on.

The first thing to check is your home router. How do you find out if your router is vulnerable? Rapid7 is a security research firm that has a free website-based tool that will check your router, available here http://upnp-check.rapid7.com/. Click the button “Scan My Router.” You do not have to install any software. It should take about 30 seconds to run.

If you want to check more than your router, there is a program on that page that you can download and run.

There is also a link to a page listing answers to frequently asked questions as well as a link to a more in-depth, technical explanation if  you’re interested.

A data broker is someone who collects information on people. Exactly where does a data broker get that information and what do they with the information once they have it? The easy answer is they get this information from a variety of sources— both public and nonpublic—and resell it to other companies.

The FTC is requiring nine data brokerage companies to explain how they get this information and what they do with it. The nine companies that the FTC is requiring answers from are:

  1.  Acxiom,
  2.  Corelogic,
  3.  Datalogix,
  4.  eBureau,
  5.  ID Analytics,
  6.  Intelius,
  7.  Peekyou,
  8.  Rapleaf, and
  9.  Recorded Future

In the US, information that is collected and used for credit, employment, insurance, or housing is protected by the Fair Credit Reporting Act (also known as FCRA). Medical information is protected by  the Health Information Portability and accountability Act (HIPAA). There are no laws that govern the privacy of other types of data that can be gleaned from public records and purchased from other companies. The FTC states that the collected information is used to benefit consumers in many ways, such as fraud protection, and that this collected information also enables companies to better market their products and services.

But what about privacy?

The FTC wants data brokers to give consumers more transparency, in other words:

  1. What information do data brokers collect?
  2. Where do data brokers collect it from?
  3. Who has access to the information collected? Where is the information stored and how is it protected?
  4. How can consumers see what information has been collected on themselves?
  5. If the information the data broker has collected is incorrect, how does a consumer fix it?
  6. Can consumers opt out of having their personal information sold by a data broker?
  7. What tools exist to help consumers?

You can find more information about this topic at the FTC website: http://ftc.gov/opa/2012/12/databrokers.shtm

In March, 2012, the FTC published a guide for businesses and policymakers entitled “Protecting Consumer Privacy in an Era of Rapid Change.” To access this guide, click this link: http://ftc.gov/os/2012/03/120326privacyreport.pdf