Info

Are Your Online Activities Being Tracked? (Spoiler: Yes)

by at

Ever do a search on Amazon and then have the same exact product you were looking at pop-up as an ad on a web or social media site? The reason this happens is in part to the fact that most Internet web-based services and Internet service providers actively monitor your network traffic.

This is not as nefarious as it seems but your browsing habits are for sale and are highly valued by retailers and marketing companies. Very often an individual actually has consent to some level of  tracking by simply agreeing to use a service. Still, there are ways you can limit what information about your online habits that your web browser is exposing.

One quick way is by using the Electronic Frontier Foundation’s (EFF), a San Francisco-based digital-rights advocacy group, site called Panopticlick.  This site evaluate’s your web browser’s privacy quickly and non-invasively and then provides suggestions on how to limit the about on information which is leaking out.

The EFF provides a description of  Panopticlick in a blog post. What Panopticlick does is to check your browser for four types of browser security. Does the browser:

  1. Block tracking ads, which harvests information from your browser without consent.
  2. Block invisible trackers, which are protocols sites implement to harvests user data, again without consent)
  3. Allows ads and scripts from third parties.
  4. Blocks fingerprinting, which identifies a user based on unique browser data.

While there are plenty of browser exertions out there that help to block trackers, the EFF promote their Privacy Badger. It should also be noted that Panopticlick site only scans for those security issues the Badger mitigates. Still, using the EFF scanning service and the extension is a great start to better privacy!

Credit Freezing and Unfreezing: Now Free!

by at

When Equifax was hacked a while back there was social media outrange when their solution was for individuals to freeze their credit reports. The issue? They would change the individual a fee to freeze your credit report and then another to unfreeze.  The Economic Growth, Regulatory Relief and Consumer Protection Act enacted in May 2018 had the hidden benefit that it is now free in every state to freeze and unfreeze your credit file and that of your dependents.

If you’ve been holding out because you’re not particularly worried about ID theft, here’s another reason to reconsider: The credit bureaus profit from selling copies of your file to others, so freezing your file also lets you deny these dinosaurs a valuable revenue stream.

Individuals much contact each of the three major credit bureaus to file a freeze/unfreeze request:

Equifax Freeze Page
800-685-1111

Experian
888-397-3742

TransUnion
By Phone: 888-909-8872

What is Multi-Factor Authentication?

by at

The traditional method for accessing online systems is through the use of a login name and password. An active online user may have hundred login / password sequences to remember. Trying to remember of those sequence inevitably leads to people using the same login and password sequence or writing them down somewhere.  Sometimes over, and over, and over again. Once could call this single-factor authentication since one only really needs to remember the password associated with an email address.

The problem with single-factor authentication is that to remember passwords people generally use stuff they know like people’s names, dates, etc. This puts a person at risk since if the credentials for one account are discovered then access to multiple online accounts is a click or two away. To help individuals protect their online accounts an increasing number of providers have implemented alternative authentication methods.

Multi-factor authentication is a method of confirming a user’s identity only after successfully presenting two or more pieces of information from independent categories of credentials  – factors – as a way to confirm their identity. These factors may include knowledge (high school mascot?), a possession (a phone to call), and inherence (biometric info like a fingerprint).

Two-factor authentication is the more commonly use subset of multi-factor utilizing a combination of only, you guessed it,  two factors. An everyday example of two-factor authentication is using an ATM. ATM’s requires a correct combination of a bank card (a possession) and a PIN (knowledge) to allow a transaction. A popular two-factor approached used online involves sending a unique code to the phone paired with your account or using a code generator like Duo.

To protect oneself one should take advantage of two-factor and multi-factor authentication if an online provider uses them. They are reliable methods of verification. If neither are available, consider using a Pass Phrase rather than a simple password

 

What is this GDPR Thing and Why Should I Care?

by at

You may have seen a flood of updated privacy policies from your online service providers flooding your in-box over the past couple months. These are the direct result of new data privacy laws, the General Data Protection Regulation (GDPR) taking  effect across the European Union (EU) today. These laws provide consumers with more control over their personal data.

What Is It?

GDPR was ratified in April 2016 and establishes a single set of personal data protection rules across Europe.  Companies and online service providers outside the EU are subject to this regulation when they collect data concerning any EU citizen. Personal data is defined as any information relating to a person who can be identified directly or indirectly including information that can be linked back to an individual. There is no distinction between personal data about an individual in their private, public or work lives.

Companies will be required to implement appropriate technical and organizational measures in how they handle and process personal data. Data protection safeguards must be appropriate to the degree of risk associated with the data being collected and held. If there is a data beach and any of the laws were not properly applied fines could be as high as 20 million Euro or 4% of annual revenue, whichever amount is higher.

Since US companies with EU citizens as customers must follow DGPR laws US citizens may benefit from the laws.

Why Should I Care?

The theft or accidental disclosure of an individual’s data by an online service provide exposes that individual to any number of potential issues. The intent of the law is to provide individuals with more control over which data on them is being collected and places significant restrictions on how companies manage data to reduce of eliminate that exposure.

Under GDPR companies obtaining data from individuals must detail the purpose of data and how it will be used, if the data will be transferred internationally , how long it will stored. Individuals retain the right to access, lodge a complaint, or withdraw consent at any time. They also have the right to be forgotten. The data must be erased if it is no longer needed for the reason it was collected.

If any company experiences a data breach, they must notify the individuals whose data was stolen must be informed with 72 hours. This is in contrast to many more recent security breaches which come out in the news months later.

Another part of the regulation requires that consent for the company to collect data must be given by the individual by a clear affirmative action. This consent does not need to be explicitly given and can be implied by the person’s relationship with the company. Any data being collected and retained must be for specific, explicit and legitimate purposes.

Resources

Russell and Fuller. GDPR For Dummies. 2017. Wiley & Sons.

 

Want to Delete Your Facebook Account? Not So Fast ….

by at

Many people that decided to quit Facebook after the revelations over the data sharing practices of some of their partners. What some have learned when trying to delete their account is that it is not as simple as hitting the delete button.

To permanently delete Facebook account:

  1.  Select Quick Help in the top-right corner, then Search.
  2.  In the Search field enter delete account.
  3. Select How do I permanently delete my account? from the search results.
  4. You will be given you instructions to “log into your account and let us know.” Select the let us know link.
  5. Then follow the steps: Enter your password and solve the security captcha.

The thing to remember is one just  makes a request to delete an account.  Facebook delays the process and will automatically cancel a request if the account is log into during that time period.  Make sure to delete the app from all devices since if one of them access an account will cancel the request.

Deactivation

The alternative to deleting an account is to deactivate it. After one deactivates their account everything goes back to normal the next log in, as if nothing has happened. Deactivating is not the same as deleting. Deactivating one’s Facebook account simply hides information from searches and Facebook friends. Although nothing is visible, the account remains intact on Facebook’s servers.

  1. Go to settings and click General.
  2. Select Manage your Account.
  3. Select Deactivate your Account and type in your password.
  4. You will be shown  photos of “friends” you’ll miss (“Eric will miss you”) followed by a survey to detail reasons for leaving.
  5. After all that, select Deactivate.

 

Resources:

https://www.wired.com/story/how-to-delete-your-facebook-instagram-twitter-snapchat/?mbid=social_twitter&mbid=social_twitter

*Don’t Press 1* : Neighbor Spoofing

by at

Odds are this HAS happened to you.

A call comes through on your phone. The caller ID  shows it is coming from the same area code AND the same

https://www.flickr.com/photos/mag3737/5982743771

https://www.flickr.com/photos/mag3737/5982743771

first three digitals as your phone number. Your first though is that it has to be a neighbor or someone in the community calling. Sometimes it is YOUR number calling you!

However, when you pick up it isn’t a neighbor. Far from it. It turns out top be someone selling an exclusive vacation deal – just “Press 1” and you will get a fantastic price! This technique, called neighbor spoofing, uses an automated robocaller that generate a fake caller ID number that will almost match your number.  It is an illegal activity to trick you into picking up and respond to their questions in an attempt to giving out or confirm personal information.

A robocall is a pre-recorded automated call, usually for telemarketing purposes.  While some robocalls are legitimate (emergency weather alerts), many calls can be predatory or deceptive.  In August 2017, the FTC issued a warning to Hurricane Harvey victims about a flood insurance scam in which homeowners were advised that their flood premium was past due. According to the Robocall Index, maintained by YouMail, 2.6 billion robocalls were placed in July 2017 alone! The FTC reports that robocalls are the top complaint received by the agency.

On the Do Not Call list? It doesn’t matter. The scammers are engaging in illegal activity so why would they obey the registry? What can you do? Unfortunately, the scammers will keep calling. But following the first two suggestions below are important in trying to reduce the number of calls.   

Don’t Answer

When one sees a number they think is a neighbor the first reaction / behavior is to answer since there may be a problem! However, by simply answering such a call thinking it is a neighbor may subject you to even more calls.  There is an underground market for phone numbers for individuals that pick up or respond to questions. Numbers on such lists on are used by robocallers with increased frequency.

Don’t Respond or Confirm

If you do pick up and you can tell it is a robocall, hang up right away. Do not engage the caller and certainly do not respond to any requests to press additional numbers. DON’T PRESS 1. Pressing any number, even if it is responding to their suggestion that doing so will take you off their list, only confirms your number is active and that they reached a live person.

Some people love to engage telemarketers for entertainment, but doing so may actually put you an their “call frequently” list.

Do Block

There is a reason it is called “spoofing.” It prevents you from knowing where the call is really coming from. It may be coming from out of the country! One approach is an block a particular numbers. However, by the time you do that the same scammers have probably moved on to a different number.  While it do takes a bit of work and is annoying, you could systematically block callers, even though it will seem like a finger in the dike approach.

 

What Information Are You Sharing with Facebook Apps ?

by at

The vast majority of Facebook users do it. We install apps built into Facebook and just click through all the questions without reading. We go to a website which are prompter to create a new account or “log in” with Facebook. Logging in with Facebook is easier since who needs yet another account to remember? How many times have you done this? You might be surprised. No. Shocked.

In both of these situations you are not granting access Facenbook itself to any new data, Instead you are granting access to your information by a third party.  According to Facebook, each app that you log in with you automatially agree to share at the very least your gender, the networks you belong to, your username and user ID, and your full name and profile picture. You also grant access to your full friends list and any other public information that you have included on your Facebook profile.

This issue is at the center of the Cambridge Analytica data scandal. The political research firm was able to access data on more than 50 million Facebook users through a third-party personality quiz application call “thisisyourdigitallife”, without the knowledge or consent of any of those users.

To see what apps have your data:

  • Select the drop-down menu on the top-right side of Facebook on the website or mobile appand select “Settings.”
  • Select the “Apps” option (on the left side of the page on the website. Scroll down the to the settings page on the mobile app).

This will display all the apps that you have granted access to and to which data:

If you wish to delete an app on the website hover over it and then the “X” button to remove. You may wish to do a little housecleaning on a regular basis and delete any apps you no longer use. Any data that was previously shared will still be in the possession of the app developer, however. They just won’t get any new data.

You can also manage the data sharing settings for apps you still want to use. If you select the pencil “edit” icon while hovering over the app you will see all the data options you are sharing with that app. Deselect data options any that you wish not to share with them.

The important takeaway is that you need to stay diligent and anytime you access a new Facebook app or use “log in with facebook” to immediately edit these options

The Human Operating System

by at

When people think about cybersecurity the first things that come to mind are hardware breaches and software bugs. After all, those are the topics which make the highly news and social media streams. However, for the most part there are limitations that an individual can do to prevent those from happening.

Photo: https://www.flickr.com/photos/143601516@N03

An organization can spend all the money it can on trying to secure themselves using the the latest and greatest cybersecurity technology in an effort to block a cyberattack. However, there is one security risk that can’t be solved by a consultant or easily secured: YOU.

All devices have an operating system. Those operating systems need to be continuously updated and patched to prevent a cyberattack. Similarly, humans have an operating system. Unlike a device, however, each human runs their own operating system. The challenge is that no two human operating systems are alike. Each consists of a complex set of behaviors built on life experience, belief systems, education, and any number of skills.

Yet, there are specific behaviors which any number of human operating systems do engage. It is those behaviors which hackers identify and exploit.

The purpose of this blog is to discuss ways in which human operating systems are being exploited and what individuals can do to patch themselves to minimize future hacker exploits.

About

by at

The goal of this blog is to communicate issues related to cybersecurity and the impact on individuals, as well as libraries.

For over 25 years I’ve been working where libraries and technology intersect. I developed the first library user-focused web site at Ohio State and one of the first health sciences-oriented library web sites (the Biomedically – Oriented Navigator of Electric Services, or BONES) in the country.

I was a founding member of HeathWeb, an evaluative resource for identifying quality online health information, the project manager for Prospero, an open source document delivery system and  also led a project team the developed go.OSU, the Ohio State University branded URL shortening service.

My contributions to the profession were recognized by Library Journal being named as a Mover and Shaker in 2005, by the Medical Library Association as a part of two teams that won the Frank Bradway Rogers Information Advancement Award and by the National Library of Medicine bring awarded a (Woods Hole) Biomedical Informatics fellowship..