April 20, 2013 is "Secure Your ID Day." To learn more about how you can protect yourself and your sensitive personal information, visit the Better Business Bureau website. The site lists participating BBB groups in various states.
If you can't attend a local event, then browse these tips and suggestions from the BBB to keep your sensitive personal information secure. Other resources that consumers may find helpful:
Posted on Friday, April 19, 2013 at 09:58 AM in Advice / Tips, Fraud, Identity Protection, Identity Theft | Permalink | Comments (0)
Last week, a reader suggested the DuckDuckGo.com search engine. Like most people, through the years I used a variety of search engines: first Yahoo, then Alta Vista, Google, and most recently Bing. DuckDuckGo has a very simple, easy-to-read privacy policy:
"DuckDuckGo does not collect or share personal information. That is our privacy policy in a nutshell..."
The DuckDuckGo privacy policy also explains why you should care about what other search engines do:
"... when you search for something private, you are sharing that private search not only with your search engine, but also with all the sites that you clicked on (for that search). In addition, when you visit any site, your computer automatically sends information about it to that site..."
Other search engines collect your search terms. And, the list of information your computer sends to them includes its operating system brand and version, screen size and resolution, your ISP, and your IP address. And that information may also be shared with affiliates or partner companies. DuckDuckGo.com doesn't do any of this.
ConsumerSearch lists the advantages and disadvantages of DuckDuckGo. In March 2012, PCWorld said:
"...[DuckDuckGo]t also doesn't track users: no personal information is collected, shared, or used to customize individual users' search results. So, anyone searching on a particular term in DuckDuckGo will get the same results... DuckDuckGo also offers benefits including the capability to use shortcuts to directly search many websites..."
And, there are DuckDuckGo mobile apps.
I ran several searches to see what DuckDuckGo retrieves. Its search results don't seem to missing any pages other search engines deliver. Besides the privacy benefits, I like the cleanness and lack of clutter at DuckDuckGo. A long time ago, the Google search engine used to be this way.
To learn more about DuckDuckGo.com, read about how it does not track your online usage. And, read this page about the Filter Bubble. Then, decide for yourself.
If you use DuckDuckGo, what's your opinion or experience with it?
Posted on Thursday, January 31, 2013 at 01:28 PM in Identity Protection, Privacy | Permalink | Comments (2)
Where I live and work, it seems that most people have smart phones, and love to use them. However, I am getting the impression that many, if not most, have no idea how to protect themselves and their sensitive personal data. While discussing good data security habits, I have been asked the following question by several smart phone users:
Where do I find anti-virus software for my smart phone?
While most people understand the need and take action to protect their desktop and laptop computers with anti-virus software, it doesn't seem to translate to mobile devices. Some feel that their smart phones are immune to computer viruses and malware. Actually, experts warn that malware can infect your smart phone in 4 ways: text messages, email, Bluetooth, and web surfacing. So, I spent a few minutes the other day showing a person how to find anti-virus apps for her new Samsung galaxy III smartphone.
To find anti-virus apps for your smart phone, start with the app store your device is configured with. You can also visit Androidapps.com and select:
Android App Directory > Tools > Security
Next, you'll see a list of familiar brands of anti-virus software providers. Kaspersky, McAfee, Norton, and others. Some brands offer bundle opportunities to protect several devices you might have at home: laptops, tables, and smart phones; or devices for several family members. Shop around, read the service agreements, and shop wisely.
Got an iPhone or iPad? Start shopping here for data security apps. For users with mobilde devices that run Windows® or other operating systems, start shopping here.
I wish that the industry called the devices "handheld computers" or "pocket computers" because that is what the devices are.The phrase "smart phone" seems antiquated for mobile devices that do so much more than make and receive telephone calls.
Posted on Tuesday, December 04, 2012 at 08:58 AM in Advice / Tips, Identity Protection, Mobile, Technology, Teens/Youth | Permalink | Comments (3) | TrackBack (0)
While the U.S. Senate probes data brokers and consumer privacy issues, a recent study by Trusted ID provides some insights into how consumers view data brokers:
The survey was conducted online between August 23 and September 5, 2012, with a national sample of 2,960 Americans.
Earlier this year, the data broker Spokeo paid $800,000 to settle charges by the U.S. Federal Trade Commission (FTC) that it allegedly violated the Fair Credit Reporting Act by operating as a credit reporting agency and by maketing consumers' profiles to companies in several industries without implementing methods to protect consumers as required by the FCRA. The complaint (Adobe PDF) filed by the FTC, in June 2012 in the Central District Court in California, read in part:
"Spokeo assembles consumer information from 'hundreds of online and offline sources,' such as social networking sites, data brokers, and other sources to create consumer... In its marketing and advertising, [Spokeo] has promoted the use of its profiles as a factor in deciding whether to interview a job candidate or whether to hire a candidate after a job interview. Spokeo purchased thousands of online advertising keywords including terms targeting employment background checks, applicant screening, and recruiting. Spokeo ran online advertisements with taglines to attract recruiters and encourage HR professionals to use Spokeo to obtain information about job candidates' online activities. Spokeo has affirmatively targeted companies operating in the human resources, background screening, and recruiting industries... Spokeo profiles are consumer reports because they bear on a consumer's character, general reputation, personal characteristics, or mode of living and/or other attributes listed in section 603( d), and are "used or expected to be used... in whole or in part" as a factor in determining the consumer's eligibility for employment or other purposes specified in section 604."
Consumers can conclude a couple things from this. First, sloppy data practices by data brokers can abuse consumers' information. Second, what you share online in social networking sites can affect whether or not you get a job, or even get an interview. In the rush to make money and create new revenue streams, social networking sites now use your information in ways you didn't originally intend. The I've Been Mugged blog first reviewed Spokeo in 2010.
Download the Trusted ID survey results in the, "Consumer Perspectives - Data Brokers In Review" report (Adobe PDF).
Posted on Monday, October 29, 2012 at 08:58 AM in Corporate Responsibility, Identity Protection, Privacy, Report / White Paper, Statistics, Survey | Permalink | Comments (0) | TrackBack (0)
The ProtectYourIDNow site contains a wealth of information for consumers, plus local events by state. I visited the website to see what's available this year. There are some interesting statistics about how consumers don't protect themselves nor their sensitive personal information:
"68 percent of people with public social media profiles shared their birthday information (with 45 percent sharing month, date and year); 63 percent shared their high school name; 18 percent shared their phone number; and 12 percent shared their pet's name-all are prime examples of personal information a company would use to verify your identity."
While it may feel nice to receive birthday congratulations from your "friends" on social networking websites, the fact is that your birth date is a sensitive and critical piece of personal information that data brokers (and identity thieves) use to distinguish between multiple people with the same name. Experts warn consumers to stop doing these seven things on Facebook and other social networking websites. Some other interesting statistics:
"Seven percent of Smartphone owners were victims of identity fraud... 32 percent of Smartphone owners do not update to a new operating system when it becomes available; 62 percent do not use a password on their home screen... 32 percent save login information on their mobile device... Young adults, aged 18-24, took the longest to detect identity theft - 132 days on average... the average cost ($1,156) was roughly five times more than the amount lost by other age groups... Children may be 51 times more likely than adults to have their identity stolen..."
The NPYIW website includes tips to protect yourself, informative videos, advice about what to do if you are a victim of identity theft and fraud, and an online quiz to test your knowledge about identity theft and fraud. Sponsors of NPYIW include the National Foundation for Credit Counseling, the National Sheriffs Association, the National Association of Triads, the Consumer Federation of America, the Council Of Better Business Bureaus, the U.S. Federal Trade Commission (FTC), the Identity Theft Resource Center, the National Crime Prevention Council, the Credit Union National Association, and many others.
Did you attend a NPYIW event? If so, share your experience below.
Posted on Tuesday, October 23, 2012 at 08:58 AM in Advice / Tips, Current Affairs, Fraud, Identity Protection, Identity Theft, Mobile, Privacy, Statistics | Permalink | Comments (1) | TrackBack (0)
A recent survey by the Pew Research Center investigated how mobile device users manage their privacy. The survey included both cell phone users and smart phone users. Key findings:
"54% of app users have decided to not install a cell phone app when they discovered how much personal information they would need to share in order to use it; 30% of app users have uninstalled an app that was already on their cell phone because they learned it was collecting personal information that they didn’t wish to share. Taken together, 57% of all app users have either uninstalled an app over concerns about having to share their personal information, or declined to install an app in the first place for similar reasons."
It is good to read that consumers are not blindly downloading and using mobile device apps, since prior studies have documented sporadic and inconsistent access to privacy policies for mobile apps. After pressure from the California Attorney General, several companies (e.g., Amazon.com, Apple, Google, hewlett-packard, Microsoft, and Research In Motion) that operate mobile app stores agreed to improve app privacy policies disclosing the personal data collected, stored, and shared. Earlier this month, researchers at M.I.T. documented privacy abuses by mobile apps that tracked consumers without notice nor consent. And, the U.S. Federal Trade Commission published guidelines for businesses that develop and market mobile device apps.
The Pew survey found that almost one-third, 31% of all smart phone users surveyed, have lost their device or had it stolen. Among users 18 to 24 years of age, about 45% had either lost their device or had it stolen. The survey authors concluded:
"Smartphone owners are generally more active in managing their mobile data, but also experience greater exposure to privacy intrusions"
The table below highlights this conclusion:
| Activity | Smart Phone Users | Cell Phone Users |
|---|---|---|
| Back up phone contents | 59% | 21% |
| Cleared browsing or search history | 50% | 14% |
| Turned off location tracking | 30% | 7% |
| Experienced lost or stolen device | 33% | 29% |
| Somebody accessed device in a way that felt like a privacy intrustion | 15% | 8% |
Pew conducted the nationwide survey, in both English and Spanish, of 2,254 adults (age 18 and older) during March 15 to April 3, 2012. Download the Pew report: "Privacy and Data management on Mobile Devices."
Posted on Monday, September 10, 2012 at 09:48 AM in Identity Protection, Mobile, Privacy, Report / White Paper, Social Networking, Statistics, Survey | Permalink | Comments (4) | TrackBack (0)
Everybody loves getting the latest smart phone. What to do with your old one? Perhaps, you plan to sell it on eBay or donate it to a charity. Whatever you decide, be sure to remove all sensitive data from it. Otherwise, you could create an identity theft and fraud problem for yourself.
The sensitive data on your smart phone isn't just your list of contacts and their phone numbers. The sensitive data also includes your passwords, email, browser history, calendar, and photos -- the things that document when and where you go both online and in the real world. The sensitivity of both your online passwords and browser history should be obvious. With access to your email, identity criminals could hack into your financial accounts and reset your online passwords. That would be an identity-theft disaster.
How to safely dispose of an old smart phone? Before selling or donating an old smart phone, security experts advise consumers to:
But that may not be enough. Accessdata, a computer forensics firm, performed an analysis last year of several popular smart phones available on the resale market. Almost all had sensitive data from the prior owners. As Dark Reading reported:
"The phones were the iPhone 3G, Sanyo 2300, HTC Wildfire, LG Optimus, and HTC Hero... Even though all of the Android phones had been wiped through a factory reset, four of the five phones also included information that would take someone with forensics tools and knowledge to extract from more hidden storage locations... Some of the details available within those four phones included user account information, Social Security numbers, geolocation tags for where the user had taken pictures using the phone, deleted text messages, and a resume. "
In this case, the only secure option is to go old-school: wrap it in cloth and then take a hammer to your old smart phone -- even the older clamshell types. Don't try to resell or donate it. Most consumers don't have access to industrial-strength hard-drive shredding services.
What did you do with your old smart phone? How did you remove any sensitive data from it? Or are your old devices gathering dust in a drawer or closet at home?
Posted on Friday, June 29, 2012 at 04:28 PM in Advice / Tips, Identity Protection, Mobile, Privacy, Report / White Paper, Social Networking, Technology | Permalink | Comments (5) | TrackBack (0)
The Office of the Privacy Commissioner in Canada has introduced a graphic novel designed to help teens and youth use the Internet safely with mobile devices. If you haven't read it, I highly recommend it. It is an easy read and it clearly describes some good, basic data security habits.
The graphic novel (Adobe PDF - 4.5 M Bytes) is good for youth (and their parents) everywhere, and not just in Canada. The skills needed to safely use mobile devices and maintain privacy are universal.
In the United States, the Federal Trade Commission (FTC) offers the "Heads Up: Share With Care" guide (Adobe PDF) for youth at the OnGuard Online website.
Posted on Tuesday, June 12, 2012 at 09:58 AM in Advice / Tips, Canada, Current Affairs, Government, Identity Protection, Identity Theft, Mobile, Privacy, Social Networking, Teens/Youth | Permalink | Comments (5) | TrackBack (0)
With the increase in identity theft and fraud during the past few years, many banks have increased their security efforts to fight identify fraud. This includes proactively flagging or automatically denying credit card purchases in another country. This increased security has both good and bad news.
The good news: consumers are better protected against fraud. The bad news: valid purchases by cardholders traveling outside the the country may be denied. The last thing anyone wants to experience is a denied credit card purchase when you are in a different country and low on cash in the local currency.
To avoid this, I notified my credit card issuers before my recent vacation travel. Credit card issuers will want to know your card number, travel destinations, travel start/stop dates, and cardholders traveling.
The letter I used, which you are welcome to adapt for your upcoming trip:
"This regards the [insert Visa/Discover/MasterCard/Amex/etc.] account ending XXXX. I am the cardholder for the above account. This letter is to inform you that I will be traveling on vacation from November 22, 2011 to December 9, 2011, and visiting the following locations: Mexico, Guatemala, Panama, and Colombia (Cartagena). Hence, you will see purchases on my [insert Visa/Discover/MasterCard/Amex/etc.] card at these locations, and from the XXXXXXXXX cruise line."
With some credit card issuers, you can report upcoming travel via a toll-free phone number. I prefer a written letter which documents the communication. The address to use is on your monthly statement. Check the website for your bank or credit card issuer about how to report upcoming travel.
Posted on Monday, January 02, 2012 at 08:58 AM in Advice / Tips, Banks, Credit Cards, Identity Protection | Permalink | Comments (0) | TrackBack (0)
Last week, I met a friend for lunch to discuss her new business venture. After lunch, we moved our discussion to a nearby coffee shop. While there, my friend surfed the Internet using her mobile device and the coffee shop's public WiFi network.
When we finished our discussion, I suggested that she change her passwords for the websites she visited, since she had signed into with HTTP connections instead of HTTPS connections. (My friend had not heard about PrivateWiFi.) During the subway ride home, I began to wonder what a comprehensive list for consumers would be of tips about how to securely use public WiFi networks, at places like airport lounges and coffee shops.
If you aren't familiar with the identity-theft threat, about a year ago there were many articles about the Firesheep Web browser plugin, which allows hackers at public WiFi hotspots to monitor nearby consumers' online sessions and steal account log-in passwords. A recent tweak of Firesheep allows it to steal your Google web history. Not to be outdone, the newer Droidsheep app allows hackers to monitor and steal from mobile devices running the Android operating system.
With tools like these, the identity-theft and fraud damages can be extensive. Thieves can send spam from your email and/or social networking website accounts, or steal money from your bank accounts.
So what can a consumer do to protect their data? This Hot Spot Hacker article offers several good tips for using your mobile device securely at public WiFi networks:
"1. Set your laptop or smart phone so you have to manually select the Wi-Fi network. You may need to change the default setting
2. Make sure you know the exact name of the establishment's Wi-Fi network and connect only to it. Don't be fooled by look-alikes."
These two tips are good reminders because it is easy to set your mobile device to automatically connect at coffee shops you visit repeatedly, and forget about WiFi network security.
"3. Avoid any hot spot that your device lists as "unsecured." Keep in mind that even if a password is required, a hot spot can still be unsecured."
This tip cannot be over emphasized. Of course, it is preferable to use WiFi networks that require a password log-in, but that is just a start. A password log-in is not complete security. For full security, the entire session must be encrypted, because browser cookie and other files transmitted during the session contain personal data hackers can abuse:
"4. If your device shows the site as secured, pay attention to what kind of encryption it lists. WEP (Wired Equivalent Privacy) is an early system, dating from over a decade ago. If it's WEP, treat the network as not secure. WPA (Wi-Fi Protected Access) is better, and WPA2 is best of all."
Most people I know have no idea what brand of wireless encryption to look for and to use. Now you know. Here's what else you need to know about WiFi network security:
"5. If you send personal data over a Wi-Fi link, do so only to an encrypted website. You can tell a site is encrypted if you see the letters "https" (the "s" stands for "secure") at the beginning of its Web address. Also, look for a lock icon on the top or bottom of pages throughout the site."
So, what can a consumer do to use WiFi networks safely and securely? One suggestion:
"6. Before using a public Wi-Fi network, install such software as Force-TLS and HTTPS-Everywhere, which are free add-ons to the Firefox browser. They make sure you use encryption features available on websites you visit. Virtual private network software — some of it free, some not — can also add security."
You could also use PrivateWiFi. And, there are more WiFi network security tips. To learn more, visit the Hot Spot Hacker article. If your mobile device uses the Android operating system, watch this Droidsheep video.
Posted on Friday, October 07, 2011 at 09:58 AM in Advice / Tips, Identity Protection, Mobile, Privacy, Retail | Permalink | Comments (3) | TrackBack (0)
Love your smart phone or tablet? Then password protect it:
Posted on Tuesday, August 16, 2011 at 10:58 AM in Advice / Tips, Identity Protection, Privacy | Permalink | Comments (6) | TrackBack (0)
The U.S. Federal Trade Commission (FTC) has launched the Living Life Online website to help teens and tweens stay safe online, make good choices online, and understand the consequences of their online choices. A companion print guide (PDF, 3.4 MBytes) explains the website. Both include short articles, activities, quizzes, and an ask-the-expert column, all to help kids learn how to think critically:
"As you live your life online and off, some behaviors can help you be more successful: asking questions to help you figure out what’s real and what’s hype; thinking about things to do – or not – that can help you keep safe; figuring out ways to act that can help you treat others the same way you’d like to be
treated."
The guide addresses topics including sexting, cyber-bullying,online manners, your personal information to protect, photo-sharing, how to avoid cell-phone bill shock, and much more:
"What you post could have a bigger "audience" than you think. Even if you use privacy settings, it’s impossible to completely control who sees your social networking profile, pictures, videos, or texts. Before you click send, think about how you will feel if your family, teachers, coach, or neighbors find it. Once you post information online, you can’t take it back. You may think that you’ve deleted information from a site – or that you will delete it later. Know that older versions may exist on other people’s computers... Get someone’s okay before you share photos or videos they’re in."
The print guide includes resources (e.g., worksheets and information) for parents to encourage discussion with their kids. I found the Living Life Online website thin on interactivity and not nearly as robust as it could (should) be to fully engage kids. The website is more a webpage. A better implementation could have presented separate website sections for children and parents. Hopefully, this is the draft version of the webiste and enhancements will be released soon.
The print guide is a good resource for kids and parents to start the process of learning and discussing good decision-making online. Kids living in the USA must ultimately learn who the FTC is and how to use its resources -- chiefly to recognize phishing, to protect their sensitive personal information, and to file identity theft and fraud complaints.
With a variety of topics, the Living Life Online print guide is a good first step to help kids learn to make good decisions online. What do you think of the guide?
Posted on Monday, August 15, 2011 at 12:28 PM in Advice / Tips, Federal / U.S. Government, Identity Protection, Privacy, Teens/Youth | Permalink | Comments (0) | TrackBack (0)
Here is an opportunity to win some cash! PrivateWiFi, a provider of secure wireless services, is operating a contest via Twitter. Tweet your biggest privacy and security concern and you might win one of the following prizes:
The contest started July 12 and ends Friday, July 22. Browse contest rules. You can enter multiple tweets. After the deadline, PrivateWiFi will select the three winning tweets. To enter the contest, tweet your online privacy and security concerns to @PrivateWiFi and use the hashtag #ilikeprivacy. Here is my entry:
@PrivateWiFi Banks selling consumers' debit card shopping habits to 3rd parties. Broken trust & don't know where data goes. #ilikeprivacy
Here are a few other entries:
"SarahaADowney My biggest privacy concern is the collection, sale, & public display of personal data on people search websites. #ilikeprivacy"
"TomBarten my biggest privacy concern is not knowing, and not being able to find out, what happens to your personal data. #ilikeprivacy"
"CAPAPA Privacy-invasive provisions of the negotiated-in-secret Anti Counterfeiting Trade Agreement #ACTA #ilikeprivacy"
So, visit Twitter.com or fire up the twitter app on your mobile device and enter the contest today!
Curious? A few related articles:
Posted on Saturday, July 16, 2011 at 10:58 AM in Contest / Promotion, Identity Protection, Mobile, Privacy, Social Networking | Permalink | Comments (0) | TrackBack (0)
First, to avoid identity theft and fraud consumers need to first know the ways which identity thieves try to steal your sensitive personal information:
To combat these theft methods, the Los Angeles County Sheriff's Department suggests these 12 tips for consumers to protect themselves:
1. Identity theft starts with the misuse of your personal identifying information such as your name, Social Security number, credit card numbers, or other financial account information.
2. Check your credit report from each of the three major credit bureaus every year.
3. Open your credit card bills and bank statements right away. Review your statements and close unused accounts. Be aware if bills don’t arrive on time. It may mean that someone has changed contact information to hide fraudulent charges.
4. Don’t carry your Social Security card or PIN numbers in your purse or wallet because of what can happen if they fall into the wrong hands.
5. Avoid giving any personal information over the phone, mail, or Internet unless you know who you are dealing with. Give it to them in person instead.
6. Criminals pretend they are collecting money for victims of a natural disaster. Sometimes they claim to be police officers and ask for donations.
7. Elderly people are frequently targeted in money scams. Keep a helpful eye for elderly family members and vulnerable neighbors.
8. Make sure that you disconnect your laptop from a broadband or a shared connection when you are not using it.
9. Avoid offers and pop-up ads that sound too good to be true. They want you to enter your information so they can access all of your personal information.
10. Remove your name from mailing lists for pre-approved credit offers. Pre-approved credit card offers are a target for identity thieves who steal your mail. Have your name removed from credit bureau marketing lists. Call toll-free 888-5OPTOUT (888-567-8688).
11. Only enter personal information on secure Web pages that encrypt your data in transit. You can often tell if a page is secure if "https" is in URL or if there is a padlock icon on the browser window.
12. If you’re going to use a mail box, do so during or close to the posted pick up hours. Better yet, drop your mail off at your local post office. Retrieve mail promptly and discontinue delivery while out of town.
Posted on Monday, June 20, 2011 at 08:58 AM in Advice / Tips, Credit Cards, Credit Reporting Agencies, Fraud, Identity Protection, Identity Theft | Permalink | Comments (7) | TrackBack (0)
I have been a happy and satisfied McAfee Internet Security Suite user for the past 12+ years on several desktop and lately laptop computers at home. I have written in this blog about anti-virus software, anti-phishing softare, and the need for consumers to keep the anti-virus software on their home computer current. I do.
Given this, I was concerned to read in the June 2011 issue of Consumer Reports magazine about an extremely low rating of the McAfee Internet Security 2011 software. The 31-point rating was far below the 65-point rating of BitDefender. This low rating was the opposite of my experience with the McAfee anti-virus software. I really like and use heavily the McAfee SiteAdvisor browser plugin.
So, I wrote to McAfee asking them what they thought of this low rating by Consumer Reports, and their plans to address it. I received this reply via e-mail:
"From: McAfee NA Customer Service
Sent: Wednesday, May 11, 2011 8:43 PM
Subject: RE: McAfee Customer Service - SR-xxxxxxxxx
Dear George,
Thank you for contacting McAfee Customer Service. I understand that you are disappointed with the McAfee ratings that has provided by Consumer Reports magazine.
George, I would like to inform you that the results in the area of virus and firewall protection in this one particular review, are disappointing to us as we always strive to earn top ratings and therefore the rankings for our various products.
However, the review results are a direct opposite of the test results shown in reviews performed across the top anti-malware vendors by other testing organizations like NSS Labs and AV-Comparatives. Also, the article in Consumer Reports shows nothing more than an overview chart of ‘their findings’ and it is not clear how the various products were specifically tested by Consumer Reports.
In spite of this, let me assure you that McAfee takes this test seriously and remains dedicated to further improving threat detection. In doing so, we are continually working to enhance our malware detection processes including through our Global Threat Intelligence, and through our company-wide Trust & Safety Initiative. Please be confident that McAfee remains relentlessly focused on security.
You may also contact us by phone by dialing 1-866-622-3911. Our business hours are from 8 am to 8 pm CST, daily. xxxxxxxxx is the Service Request number for this issue. You can quote this number in your further contacts. For all your future Service and Support needs, please visit http://service.mcafee.com. Thank you for contacting McAfee Customer support!
Sincerely,
Rengarajan K.
McAfee Customer Service-Tier 1
PC World reviewed McAfee Internet Security 2011 and rated it 3.5 of 5 stars. A prior blog post discussed some of NSS Lab's findings. I revisited the NSS Labs website and downloaded the Q3 2010 NSS Labs review of consumer anti-malware products. NSS Labs rated McAfee Internet Security highly on several measures, and recommended it plus two other products. You can download the NSS review for free (PDF).
I plan to continue using McAfee software and will watch for more test results by other independent labs.
What anti-virus software do you use/ Why?
Posted on Thursday, June 09, 2011 at 08:58 AM in Identity Protection, Technology | Permalink | Comments (0) | TrackBack (0)
If you want an explanation of the role and scope of data mining companies and information brokers, the video below provides a pretty good overview, with engaging graphics. It highlights all of the various ways companies collect personal information about consumers. And, "invasion" is an accurate description.
This blog does not endorse the online service mentioned. Consumers should shop around and read the contractual fine print and terms of any online service before purchase, to determine if the product or service meets your needs.
Posted on Friday, April 08, 2011 at 08:58 AM in Advice / Tips, Identity Protection | Permalink | Comments (0) | TrackBack (0)
With all of the online threats, malware, and tracking some consumers have turned to anonymous web browsing. To learn more, I discussed the Cocoon anonymous web browsing service with Brian Fox, cofounder and Chief Technology Officer at Virtual World Computing (VWC), producer of Cocoon.
I've Been Mugged: What is your position and duties at Get Cocoon?
Brian Fox: I am co-founder and CTO of VWC. I am the principal inventor of the technology and process in the Cocoon service. Jeff Bermant is the other co-founder, and the primary owner of the itch that needed scratching.
Mugged: How and why did Virtual World Computing start offering anonymous web browsing?
Fox: We believe everyone has a right to use the Internet securely and privately, and without the risk of getting malware. We see that the Internet is the next generation of communication, after Pony Express, Telegraph, and Telephone. Why should we as a society accept that this form of communication be less private and secure than its previous forms?
Mugged: How secure are your company’s web servers?
Fox: Today, our servers are housed in a tier 3 secure facility. Our servers run SE Linux, which is the Linux that was modified by the NSA to increase security and compartmentalization. Because we run Linux, we are not vulnerable to Windows-based viruses. Because we run SE Linux we are not vulnerable to any currently known linux-based attack. We believe that our servers are extremely secure.
What consumer data is retained on your servers and for how long?
That's up to you. You can choose to not save any data in your Cocoon account, and that's your prerogative. We feel there are benefits to having your history stored securely, encrypted and available to you, and only you, whenever and wherever you want. Everyone has experienced the scenario of having found some piece of information while on one computer, say at home, and then had difficulties finding that same info when they want it at work. With Cocoon, your history, bookmarks, logins, passwords, notes, are all available to you on any computer where you've installed Cocoon. And you are the only one who has the key to unlock that encrypted information. But it's your call, never save the data or leave it there as long as you like and delete it when you close your account, it's up to you.
On my laptop, I use the Better Privacy add-on with Firefox to regularly delete the web browser cookies that websites save to my laptop. How is Cocoon different?
Cocoon prevents cookies from being stored on your computer at all. They are stored in your Cocoon account. Today, Cocoon doesn't offer an option to delete cookies on a periodic basis (which of course, can only happen while Firefox is running :-) Instead, we supply an option to delete your Cocoon stored cookies whenever you log out. We are building a feature that lets you specify for which websites Cocoon should not delete stored cookies. We feel this offers you the best of both worlds - you can keep the cookies that you want (e.g., login cookies for Gmail or sourceforge), and delete all of the other cookies (e.g., banking, etc.).
Version 3.0+ of the Firefox browser already has a feature called “Start Private Browsing.” How is Cocoon different?
Private browsing mode on Firefox does not provide you with anonymous browsing and only prevents your browsing and cookie history from being saved on your computer. On the other hand, Cocoon prevents both websites and your ISP from knowing what sites you've visited, as well as keeping all tracking information off your computer. It does this at the same time as giving you the option to keep that history or those cookies stored securely if you want.
Many consumers like to use free (unsecure) WiFi at places like coffee shops and airports. How does Cocoon protect consumers in these situations?
Cocoon makes every website on the Internet encrypted and secure, even on free open WiFi. When you log into Cocoon, you create a secure connection between you and Cocoon preventing man-in-the-middle attacks like Firesheep.
Version 4.0 of the Firefox web browser offers a Do Not Track feature. How does Cocoon compare with this?
Firefox 4.0, like Chrome and IE9, all offer an option to be added to Do Not Track lists - but these lists rely on voluntary compliance by advertisers to join and/or honor - and the user is responsible for activating these systems. Cocoon's method is proactive - a service that lets you take control without needing advertisers to agree to anything.
What types of consumers or professionals (e.g., attorneys, financial advisors, etc.) can best benefit by using Cocoon?
Although anyone can benefit from features such as stopping spam by using Mailslots (disposable anonymous email addresses), professionals such as lawyers, doctors, and financial advisors –- who work with highly private data– can directly benefit from the protection Cocoon offers stopping malware from infecting their computers and potentially stealing personal data, and having secure connections while on WiFi networks. Everyone deserves the peace of mind that comes from knowing their information is private, secure and malware-free.
How might a consumer use Cocoon while traveling on business or vacation?
In addition to being protected on open WiFi networks, I've appreciated that once I securely log into Cocoon I have access to all my login and passwords even on my wife's computer - and once I log out I know that that information is not on her computer, it's still safely stored in my account on Cocoon.
How flexible is the Cocoon configuration, so consumers can switch to normal browsing mode when visiting trusted websites, like their bank?
The configuration of Cocoon is so seamless it is almost invisible. There's actually no need to turn off Cocoon when visiting any site. If you choose to bypass the protections of Cocoon, there is a "pause" or "un-lock" button right on the toolbar for you.
Many consumers like comprehensive services/software. What are Get Cocoon’s plans to provide an umbrella service covering a user’s computer, tablet, and smart phone?
Great question, and it's definitely in the works. We've tested Cocoon with the Firefox browser on various systems and will be offering other options soon. IE is the next to roll out and others to follow. We are particularly focused on the needs of the mobile user, and have products and service enhancements in store for them.
What do you see in the future for anonymous web browsing software?
While anonymity is an important feature of Cocoon, we feel that it is only one part. We feel that privacy is not synonymous with anonymity. For instance, I am happy to do this interview, but there is a limit to what information I will divulge. That is because my personal privacy is important to me. In the future, we feel that both inward and outward facing privacy will be de rigueur, and we know that Cocoon customers will be enjoying that -- as well as additional features that will be necessitated by changes in online behavior, such as voting, reviews, and the like.
Is there anything else you want consumers to know about Cocoon and/or your company?
Cocoon is created by a team of people who strongly believe in the rights of people to use the Web privately and securely. We believe that the Internet is a resource for the world, and not just for a select few. Our mission is to enable access, privacy, and security on the Internet to anyone who desires it. Our feature creation is driven by the needs of our users, and we ensure that there are many ways to communicate with us - even anonymously!
Thanks to Brian Fox for discussing Cocoon with the I've Been Mugged blog.
Posted on Monday, April 04, 2011 at 08:58 AM in Advice / Tips, Identity Protection, Privacy, Technology | Permalink | Comments (6) | TrackBack (0)
A few weeks ago, I blogged about personal identity information values -- shopping and acting online consistent with what you deem important. eGov precently published comments by the European Union (EU) Justice Commissioner, Vivianne Reding, about privacy for individuals. Reding's view of privacy for individuals in an online digital world includes four pillars:
1. The “right to be forgotten” - a combination of consumers' right to withdrawn or opt-out of any data collection efforts by companies, and the burden on companies to prove first that they have a need to archive and store the sensitive personal information of consumers they have already collected.
2. "Transparency" - to build consumers' trust, companies should fully disclose and inform consumers about what personal data they collect about consumers and why, how they use the personal data collected, the names of all third-party companies they share personal data with, the rights of consumers for remedies when consumers' rights are violated, and the risks with the personal data companies ask consumers to share.
3. "Privacy by default" - in too many instances companies build websites with privacy controls that are so complicated and convoluted that consumers can't effectively make their personal data private. In these websites, there really isn't any privacy and the websites' privacy controls don't reflect consumers' true consent. Reding believes that this situation must change, and that private should mean private.
4. "Protection by data location" - privacy standards for EU citizens should be consistent regardless of where consumers' personal data is stored. For example, if an EU resident's personal data is collected and stored by a U.S.-based company, then that company must comply with EU privacy standards, not U.S. privacy standards.
All of these pillars make perfect sense to me, but I see the fourth pillar being particularly tough. It's logical extension would force a website operator to konw, track and comply with a multitude of countries' varying privacy policies. My impression is that many corporate executives would be unhappy with having to work within the boundaries of all four pillars (not just the fourth), when they usually don't have to today.
I especially agree with Reding about the risks stated in the second pillar. Explanations about risks from sharing personal data apply to all consumers, but especially to youth who don't yet understand how business works and how companies use personal information. The risks and consequences should be explained to consumers about personal data that companies may make public permanently that consumers cannot make private again.
Over at the Guardian UK, columnist Mayes contests Reding's second pillar:
"But does the "right to be forgotten" really have a sound basis? In British law there is no right to be forgotten, but there are a host of laws to protect your identity and personal data... But to say there should be a right to be forgotten is to say we can live outside society. We can't."
To me, it's not about living "outside of society." For a lot of perfectly valid reasons, a consumer may decide to live off the grid, or entirely off-line. It is about consumers' control; the ability to control when and where your sensitive personal information is archived. Without the second pillar, there is no real control for consumers.
What do you think of these four pillars?
Posted on Monday, March 21, 2011 at 08:58 AM in Corporate Responsibility, Europe, Government, Identity Protection, Privacy | Permalink | Comments (0) | TrackBack (0)
Like many bloggers, I want readers to easily comment on bog posts and keep out the spammers. It is a tricky balance to achieve. Like many bloggers, this blog requires commenters to enter a name, email and website address. Despite these rules, including the Terms of Service policy, spammers continue to submit off-topic comments that are clearly advertising and unrelated to the blog post topic.
To effectively keep out the spammers, some bloggers have turned to the Facebook Comments Plug-in as a solution to verify users and to screen out the spammers. Some notable blogs like CrunchGear have implemented the Facebook Comments Plug-in -- at least on a trial or temporary basis. Other bloggers have seen their comments traffic decline as Facebook membership has risen. Some bloggers like the new Facebook Comments Plugin -- at least on others' blogs and not yet theirs.
For this blog, I have made the decision not to switch to the Facebook Comments Plug-in. Why? As I see it, the disadvantages outweigh the advantages.
The chief advantage is that Facebook Comments Plug-in requires commenters to use real identities (or at least identities as "real" as they have been created on Facebook). And, I am happy with the current comment system Typepad.com provides. The disadvantages I see of the Facebook Comments Plug-in:
Loss of control and of content: the comments become the property of Facebook. Upon terminating the Facebook Comments Plug-in, I would lose those comments. There are several valuable comment threads in this blog, with some running as long as two years. My readers and I have learned a lot from the comments submitted, and I would never give up this valuable content.
Comprehensive Solution: my preferred commenting solution must be comprehensive and allow users to choose how they want to identify their selves. As TechCrunch noted:
"Facebook comments don’t support Twitter or Google logins. It doesn’t yet allow sites to archive their comments to make backups..."
Readership Usage: this blog has more followers on Twitter than on Facebook. This blog has more followers via e-mail than on Facebook. So, the comments approach must factor in this actual readership usage.
Mistrust: having written repeatedly about Facebook's privacy missteps and class-action lawsuits. I have learned that Facebook will consistently act in its own self-interest. I don't trust Facebook. I trust Facebook to continue to make public at some date members' sensitive person data it had previously deemed private. That abuse is something I would not subject my readers to.
Corporate Blocks: many companies block access to Facebook in the workplace. That alone is probably a deal-killer. Discussions of identity theft, data breaches, and privacy require access to this blog.
Lack of Disclosure: at times, Facebook doesn't disclose to members everything it is doing, like censoring members time line.
Extensive Tracking: in a prior post i wrote about how Facebook Social Plug-ins perform tracking around the Web. The commenter verification advantage is not enough to subject my readers to more tracking by Facebook.
Buggy Interface: having used Facebook for several years, I have noticed many bugs and errors. I am not going to subject my readers to that.
On supposed benefit of the Facebook Comments Plug-in is that it will bring more readers, and commenters, to your blog. This blog has been optimized for search/SEO, so getting new readers has not been a problem. Currently, monthly readership is about 19,000 page views monthly, an increase of greater than 45% compared to a year ago.
To summarize, any plug-in solutions have to be consistent with my identity information values.
As always, I value my readers' opinions and comments. Let me know below what you think about the Facebook Comments Plug-in.
Posted on Wednesday, March 09, 2011 at 10:28 AM in Identity Protection, Privacy, Social Networking | Permalink | Comments (11) | TrackBack (0)
At some point during our work careers, we all look for a new job. Given the recent, ongoing economic downturn, many people are looking for work. When applying for a new job, potential employers usually perform a background check of applicants. What happens when the background check includes wrong information? The following story explains what happens.
Channel 7 News, the ABC News affiliate in San Francisco, reported the story of Patrick Chad Padilla, who applied for a security job position at a Walmart store in Sacramento, California. After the third interview, Padilla was offered the job pending a background check. Walmart withdrew the job offer when the background check turned up problematic information.
After looking at the the background check Walmart, Padilla noticed that the report contained information about Patrick Saenz Padilla, who Channel 7 News would later discover is a criminal serving time in a New Mexico prison. Despite the middle name differences, Walmart insisted on using the faulty background check and refused to offer Padilla the job.
Hello? Does anybody at Walmart use their brains?
Obviously not. Brain-dead bureaucracies operate in the private sector, and not just in government agencies.
This story is important for several reasons. First, multiple companies made errors in this story. Walmart's errors are clear. Second, Padilla applied for a job at Roseville Hyundai later and the same thing happened again. The faulty background check stopped another job offer.
Third, there are some sensible guidelines governing the proper use of background checks by companies. In at least one instance, an employer started a new policy demanded Facebook passwords from both job applicants and current employees without any suspicion of wrongdoing. (That policy has since been suspended for a 45-day review.)
Fourth Acxiom, the provider of the background check service definitely shares some of the blame for Padilla's job-search difficulties. Acxiom clearly made mistakes by combining information about two different people into a single report. From the news story, it isn't clear that Acxiom has corrected Padilla's profile information. The middle name difference should have been easy to spot, but Acxiom either missed it, or ignored it. And Padilla suffered the consequences.
This is not the first incident with an erroneous background check. In this incident in Kansas last year, the local sheriff's office helped the affected job applicant clear his name.
Background checks are necessary, as employers can't hire convicted criminals for certain jobs. A wide variety of companies use Acxiom products and services, including Sony Ericsson Mobile Communications, Urban Mapping, Blackboard, USA Swimming, Senior Checked, Windstream, and General Motors. At its mid-year 2010 conference, the National Association of Professional Background Screeners (NAPBS®) Background Screening Credentialing Council (BSCC) announced that Acxiom and several other companies had achieved compliance with its Background Screening Agency Accreditation Program (BSAAP).
Although this class-action against Acxiom was ultimately unsuccessful in the courts, it did reveal that Acxiom buys a lot of its information about consumers from various states' motor vehicle agencies.
A recent survey by The Black Book of Outsourcing rated Acxiom number one in customer satisfaction for IT outsourcing. Well, Acxiom may help its IT department customers save money, but I wonder how reliable that customer satisfaction rating is. Would consumers rate Acxiom highly? My guess is Padilla wouldn't rate Acxiom highly.
Fifth, background-check concerns are not only about Acxiom, but also apply to other companies that provide similar services. CNN Money listed some of the companies, including Rapleaf, that provide background checks based on the collection of consumer data from public records. The Wall Street Journal published a similar list of what it called "scrapers." LewRockwell.com published a similar list of companies consumers should consider removing their profile data from.
Sixth, when private companies offer products and services based on their collections of sensitive consumer information, there has to be a method to discover and correct mistakes and erroneous entries. This process exists with the major credit reporting agencies, but not with companies like Acxiom. As Channel 7 News reported:
"There's no federal or state agency that's making these companies actually clean up their records and make them accurate..."
Getting pack to Padilla's story: later, Walmart reversed itself and encourage Padilla to apply for a different job. What? Is Walmart serious? After all of the obvious mistakes and blunders, Walmart couldn't do the right thing, apologize, and simply offer the job to Padilla?
Meanwhile, Padilla had moved on to work for another company. I wouldn't work at Walmart either after this poor treatment. It signals that Walmart probably treats vendors, suppliers, and its employees just as poorly.
If this story upsets you (and I truly hope that it did upset you), I encourage you to write to your elected officials and tell them:
Have you been denied a new job due to an error-filled background check? Have you lost a job offer to an erroneous background check? We'd like to hear your experiences, and if you were able to correct the problem.
Posted on Thursday, February 24, 2011 at 09:28 AM in California, Corporate Responsibility, Identity Protection | Permalink | Comments (4) | TrackBack (0)
© 2007 - 2012. George Jenkins. All Rights Reserved.
Recent Comments