Safe and Savvy | On Safe and Savvy we blog about how to protect your online life and the irreplaceable content on your computer.

ANNOYING: Facebook opts you into broadcasting your location through your friends

September 1, 2010
By Sandra

You know that you are sharing thing on Facebook. But if you privacy settings are “friends of friends” or “everyone”, your friends may be broadcasting your information into their friends’ feeds without even knowing it.

This means that if you start using Facebook Places and your friends comment on a location you check into, it could end up in your friend’s friends’ “Top News” feed.

Theoretically, your trip to Hooters three weeks could appear in a friend of a friend’s feed. And it could ruin any chance you might with an attractive friend of friend who saw your visit—and her friend’s comments cheering you on—come up in her Facebook Top News. Or your mom could comment on a picture from your birthday party and unintentionally share it with everyone in her feed—including all the cousins who weren’t invited.

And the worst part is that every time Facebook adds a new feature—like Facebook Places—it automatically opts you into broadcasting your activity through your friends.

This is not a huge privacy issue because Facebook is only sharing your info with the people you intended them to, “friends of friends”. But it is annoying. Sharing should be intentional.

The introduction of Facebook Places means that it isn’t just your words and media that are being broadcast. Now your physical location could be “newsworthy” to the friends of your friends.

How to stop your friends from broadcasting your information

Go to “Privacy Settings”. Find “Applications and Websites” and click on “Edit Your Settings”. Click on “Info accessible through your friends” and unclick “Places I check into” or anything else you’d rather only be shared intentionally.

How to stop Facebook from automatically opting you into sharing new features through friends

On the “Application, Games and Websites page” click “Turn off all platform applications.” This will also opt-you out of any application on Facebook. It also makes it unnecessary for you to determine what kind of information you want to share through your friends.

If you turn platform applications or add an application to your page, Facebook will opt you back into sharing everything except “Interested in and looking for” and “Religious and political views”. At least Facebook realizes that there are some things about you that you don’t want your friends broadcasting.

That’s how you prevent your shared information from being broadcast. For more information about Facebook safety, check out How to Save Face: 6 Tips for Safer Facebooking and the F-Secure Facebook page.

Cheers,

Sandra

Leave a comment

Can I Stalk You?: An Intro to Location-Based Service Security

Share this

August 31, 2010
By Jason

You have to make the decision.

You may have been invited to use a location-based service like Foursquare or Gowalla already. If not, you can expect that you will before 2010 is over. Or, more likely, you’re going to get an email telling you that one of your friends has checked you into a location using Facebook Places.

And when this happens, you have to decide: Do I need everyone to know where I am?

Okay. Maybe you aren’t letting “everyone” know where you are. It’s just your “friends” on a location-based service. But many Foursquare users also tweet their location to their public timeline, which means that everyone—at least, everyone who cares—could figure out exactly where you are.

Background on Location Services

Google Latitude, which allows you to broadcast your location twenty-four hours a day, has been around for more than a year. And once it got over some initial privacy concerns, it basically became another one of Google’s innovative yet obscure services that not too many people use.

To date, only 4% of Americans have tried one a location-based service, and only 1% use one on a weekly basis, according to Gartner. People are not showing much interest in leaving digital breadcrumbs wherever they go.

So why even think about this niche of a niche?

First of all, more and more people are getting GPS (global positioning system) enabled smartphones. This makes cool apps like our free Anti-Theft for Mobile possible, and it makes it easy to broadcast your location. And more importantly, Facebook is getting into the location game.

How Will Facebook Change the Game?

Facebook Places has only been introduced in the United States and Canada, but it has already sparked so much interest in location-based social networking that its competitor Foursquare just passed the 3,000,000 registration mark, which means that it’s only 547,000,000 users behind Facebook.

With a user base of more than half a billion people around the globe, Facebook intends to push location networking into the mainstream. It also has added another level to these types of services by allowing users to check their friends into locations. And of course, this could allow for some mischief.

The Potential for Mischief

Using Places, your Facebook friends could check you into places you shouldn’t be like a bar during your lunch hour. But in reality, they could always could lie about you in status updates. Even worse, any of your friends could also easily tag your name in an embarrassing photo you may or may not be in.

(To prevent anyone on Facebook seeing you tagged in friends’ photos and videos you may not approve of, go to “Privacy Settings”> “Customize Settings”> “Photos and videos I’m tagged in”> “Customize”> “Only Me”)

And you may already be using a location-based service now without realizing it. The website ICanStalkU.com is trying to make people aware that many smartphones are automatically tagging photos with location data. You can turn off location tagging on your phone, using ICanStalkU’s handy guide.

Now, you are probably wondering: could using location-based services be dangerous?

The Potential for Physical Danger

It’s possible to imagine a scenario where someone could stalk you using the data you’re sharing on Foursquare or Facebook Places. But if you’re using Facebook at all, especially without practicing safer Facebooking, you’re making a stalker’s life easier.

USA Today’s Kim Komando describes a scary real-life scenario. Using Foursquare , a stranger found and contacted a woman as she was eating dinner in a restaurant . That’s the kind of scenario most of us would like to avoid.

If you have any concerns about being profiled or stalked, be very careful about any sort of geolocation services, and social media in general. A recent case suggests that, at least in the U.S., restraining orders are valid in cyberspace. But “better safe than sorry” is a good mantra to repeat while using the mobile Internet.

If you’re living in Mexico City where kidnapping occurs at “alarming rates“, using a service that broadcasts your exact physical situation would be insane. However, if you’re living somewhere where you feel safe in general, geolocating probably won’t add any more danger into your life than any social network would.

If that’s worth the risk of running into someone you didn’t want to see, give it a try. But don’t expect Foursquare to protect your privacy. Here’s a good source of information on how to secure your “check-ins” for Foursquare. You can these basic privacy concepts—like checking in to a destination as you leave—to most any location service.

If you’re an adult who is smart about what you share online, there aren’t many new security risks inherent in using location services. Maybe you’re opening your private life to an annoying work colleague or pesky marketer. However, participating in a social network does mean that in a way you’re trusting your safety to your friends on the Internet.

It comes down to this: if in the pit of your stomach you feel any concern about making your location known, don’t do it.

Property Theft

F-Secure Security Advisor Sean Sullivan points out that a thief is going to learn a lot more staring at your driveway than at your Facebook page. By using a location service you are making your schedule public, but you’re hopefully not publishing an exact record of who is at your home at any given time. The bad guys may know you’re out, but they don’t know who else is home.

On rare occasions, Facebook has been used to facilitate a crime. But the same could be said for the white pages.

Facebook becomes dangerous when you “friend” people that you do not really know. Social networks make it easy to connect with people from your past or people who you’d never meet. But your information is only as safe as the most questionable member of your network. If you decide to share your location, take an extra close look at your friends list and defriend some people if you have to.

Privacy

What you probably think most when you think about privacy is: How will this affect my ability to get a job I want?

Do you need your next boss to know that you at Taco Bell 5 times in March? Will being the “mayor” of a local pub help you during salary negotiations?

Will employers ever check applicants Foursquare accounts. Maybe not. But if they may well check your Facebook page, unless you’re in Finland or possibly Germany. And there they could find your Facebook Places data, unless you’ve carefully set your privacy settings.

This is something you need to think about before you start publishing your whereabouts. While most services intend to limit your data to your chosen friends, there is always a possibility that your social media data can go public.

The privacy of young people is a much more serious concern. Children with cell phones need to be instructed on how to use location-based services safely, if at all.

Experts have said that said teenage girls are most likely to be the victims of cyberextortion. Not too surprising. “Jailbait” websites specialize in gathering provocative pictures of young girls, which may or may not have been posted by the girl herself.

What if your child’s pictures ended up in a lurid site like that with the location information tagged to the image? That’s a privacy problem that could escalate into something much more dangerous. So let know your children know how to disable the geotagging settings on your their phones now.

Conclusion

We are at the dawn of a new era in social networking. Perhaps in a few short years we’ll all know where everyone is all the time. And as that happens, you know that the bad guys will come up with ways to use this technology against us. But for now, it’s a new frontier that might be worth exploring. Perhaps location-based fun will add layers to your life you never imagined, the way Facebook and Twitter have.

Or you just may want to disable Facebook Places now and forget that you ever were invited to join a location-based service.

CC image by: David Fisher

1 Comment

3 ways Facebook could fight spam

Share this

August 25, 2010
By Jason

Once upon a time, Spam was a salty lunch meat. Then it became unwanted email. Then spam became anything on a webpage that was self-serving, repetitive or annoying. And now Facebook has taken spam—like everything else on the Internet—and made it way easier to share with your friends.

The excitement and connectivity that lured 550 million people to the largest social network ever created is now being used to spread an incessant torrent of spam. Most of this junk is so obvious as to be harmless. But the reason that it exists is that it works—F-Secure Labs is finding that Facebook spam seems to be more effective than email spam, with conversion rates as high as 47%. This has led some to predict that Facebook spam may soon rival its email equivalent. And one bad click can always lead to a scam that wastes your precious time, money and brainpower.

How much spam is out there? If you search enough terms that spammers are fond of, Facebook may recommend that you become friends with a spam profile.

Keeping tabs on 550 million users can’t be easy. But it’s the kind of challenge every Internet site might like to have. And minimizing spam is also a key to making Facebook a safer place.

Facebook has shown a willingness to respond with criticism by offering some improvements to its privacy controls. Recently, it announced a new campaign against “abusive trolling”. And just yesterday, Facebook announced that it had joined the board of the anti-spam group MAAWG. It’s a good sign that changes are coming.

But while we are waiting, here are three humble suggestions to help Facebook fight spam.

1. Imitate Twitter
According to Twitter, spam on its site once made up as much as 11% of all tweets. That number is now hovering around 1 to 2%—based on Twitter’s reporting.

How has Twitter done this? It appears that its tech team looks a few key behaviors that indicate a tendency to spam. These behaviors include “follower churn”, which is quickly following and unfollowing other accounts, and repetitive posts and links. It’s relatively easy to have your account suspended by Twitter, especially if you’re successful at spamming. Facebook could easily track links that are being repetitively linked and block the links and/or suspend the users.

Twitter also has a “report for spam” link on every profile. Facebook doesn’t have such an option. You can “Report/Block this Person” but you can’t identify “Spam” as the reason for reporting the profile. The closest option is “Fake Profile” but as Sean Sullivan in the F-Secure Labs points out, that’s probably there to stop people from being Homer Simpson. And you can see how well that works.

It would be nice if Facebook had a “report for spam” link on every profile. But you can understand why it would not want to do this. If just 0.5% of profiles were identified as spam, that would mean 2,250,000 profiles would need to be analyzed, though you can quickly get a sense of what a spam profile usually looks like. It seems that Twitter has come up with a system that bubbles up the most egregious spammers in a way that Facebook hasn’t.

Something else Twitter has done was to make the fight against spam public with its @spam account. Facebook has a page for Security and a Safety center where it shares tactics to help users protect their PCs and themselves. A Facebook Spam page would be a much-needed hub for spam fighters to gather and summon inspiration.

2. Help CSI: Miami clean up that wall!
Facebook pages create a new gray area for brands. The page definitely represents the brand, but it has to exist within Facebook’s framework.

So here’s the problem. You’re CSI: Miami, one of the most popular television shows in the United States. You have well over 3,100,000 “likes” and you want them all to connect or aggregate or evangelize or do whatever you want your fans to do. But the problem is that generally your wall is filled with spam for bargain sites or sites that promise that you can see who views your profile—which must be every Facebook user’s dream since it’s an incredibly common lure for spam and scams.

So who’s responsible for all the spam? CSI: Miami or Facebook.

Do we really expect CSI: Miami to hire a full time staff to edit posts and piss off its real fans by mistakenly deleting a real comment now and then? Do we want to rely on Facebook to deal promptly with the thousands of posts that must get reported every day? Or do we want to give up and say, spam is going to happen so let it happen.

Another option is to not let people post to the page’s wall. The community can still comment on your posts, but there spam will seem even more obvious and will be reported even more quickly. You’re getting the community building you wanted without diminishing your brand with wanton spamming.

3. Use photo recognition to fight photo spam
Recently Wired.com’s Epicenter blog asked, “Why Are There So Many Porn Ads on Britney Spears Facebook Page?” It seems that Ms. Spears’ page’s photo gallery was filled with lots of photos with captions that led to porn or escort sites. Many of the photos Wired found weren’t just duplicated in the gallery—they’re starting to appear again and again all over Facebook.

By forming a partnership with a photo recognition site like Tin Eye, Facebook could identify the images that are being used and reused to spam for sites that are not safe for kids and definitely not safe at work. The goal would not be to eliminate the images, but the spammers themselves.

Sadly, your email, the Internet as a whole and Facebook be completely spam free any time soon. But there is a lot more that can be done to to sift out digital pollution. Just ask Twitter.

What do you think? What else should be done?

Leave a comment

LOST: All My Backed Up Photos (AKA Checked Your Backed Up Files Lately?)

Share this

August 24, 2010
By aliafs

I lost 5 year’s worth of photos the other day. It happened a few days ago, when I started hearing an odd grinding sound coming from the hard disk (HDD) while I was using my PC. What I didn’t know then was that HDDs have an effective ‘shelf life’, after which their performance starts degrading. In my case, what appeared to be a mechanical failure very quickly led to the HDD ‘dying’ on me.

At the time, I was confident I could restore all my important files, and especially my precious digital photos, because I did actually do a backup (sometime last year). Unfortunately, as it turns out, I couldn’t find most of my backup CDs. Of the 3 disks I could find, 1 turned out to be corrupted. That one rotten CD happened to contain my only copies of all the photos taken during my college days.

To say I was upset would be putting it mildly. Still, you might as well profit from my sorry experience, so let me offer a few thoughts for your consideration when you’re next backing up your files (with special reference to digital photos).

1. Be Aware of shelf lives

Until someone figures out how to code data onto diamonds, there are no incorruptible, impervious digital storage mediums. HDDs, CDs and DVDs will all eventually die. Keeping in mind a storage medium’s ‘probable expiry date’ can help you avoid a nasty shock and prepare to replace it when necessary.

Sadly, there’s no real consensus on how long a HDD in a home user environment could realistically be expected to last, though there’s a lot of anecdotal ‘evidence’ and some studies in business environs, such as Google’s 2007 study (here in PDF). Still, a useful rule of thumb would be to expect a HDD to be usable for about 5 years or so, and plan your computer maintenance/upgrades accordingly.

CDs and DVDs, though by far the most popular external storage medium for most consumers, are also more prone to failure, since they can be exposed to more physical damage than an HDD (humidity, direct sunlight, clumsy handling, a frisky cat, etc). Like HDDs, there are no major studies conclusively stating how long they should last in a home environment (though there are informal studies, such as this one from Tech Arp). In fact, with so many variables to be taken into account, the most that can be said for a CD’s or DVD’s shelf life is: It will last a few years, unless it gets damaged or you’re just plain unlucky.

2. Occasional housekeeping is still needed.

I’ve learned the hard way that it’s a good idea to spot-check my backups from time to time, just to make sure they’re still readable, rather than wait until I need to recover the files. Ideally, backups would be checked for integrity every few months. In the messy, stressed-out real world however, once a year would probably be more realistic. Whatever your personal schedule, this is the time to go through all the files saved to check they can be read, and to replace any storage media that starts acting up.

3. Sharing your photos as ‘social backing up’

Though the cost of storage media has been steadily dropping, buying all the necessary storage space can still put a dent in your wallet. Plus, you still have to deal with physically managing and maintaining them. If you don’t have too many photos you need to save, and don’t mind sharing them with others, you might consider trying the following:

Give copies to friends
This only really works with group or event photos (because even close friends probably won’t want your private family snapshots), but sharing group/event digital photos with your friends is a nice way of sharing the memories – and if something happens to the photos on one computer, you can always ask a friend for another copy of the set. Incidentally, this was how I managed to recover most of my lost photos.
Upload to free online services, e.g., Flickr, Picasa Web Albums or Facebook
A friend of mine who works as a flight attendant saves many of his best photos onto Flickr, so he can access them even when traveling. Another uses Picasa Web Albums to share photos with faraway friends and save space on his HDD. Of course, there are privacy and security issues involved in doing this, so uploading private photos may not be wise. But if you want a storage source that’s accessible online, don’t want to pay for physical or online storage and are willing to live within the limitations, then this may be for you.

4. Multiple backups aren’t just for the paranoid.

Backing up your most important files is good. Making multiple backups is better, if you’re concerned that something might happen to the backups.

How far you take this is really up to you. One of the Quality Assurance analysts in our Response Lab set up multiple hard drives in a RAID array on his home PC, and also has backups on a Network Attached Storage (NAS) system (more about that below); plus he’s contemplating keeping another copy of his important files in an external HDD at the office. 3 backups in 3 different locations, in multiple media types.

OK, so maybe you don’t have to go that far. But having multiple backups in multiple media types in separate locations give you the option of recovering your photos if something happens to the stuff on one medium, or in one location.

As an example, in my case, I originally had my photos saved on 1 HDD and 1 CD – and both went kaput. After enduring the trouble of retrieving my photos from friends, I’ve now upgraded my backup ‘strategy’ to 2 separate HDDs (though both in the same computer), with one for frequent access and one for long-term storage; 2 DVDs (stored safely elsewhere) as a separate long-term storage – and a copy on a USB Flash drive, just in case….

So What Are My Options?

If money is no concern, or you have a lot of data, or you want more features than are offered by free services, it’s time to think of Your Backup Strategy. Figuring out a backup strategy is actually a rather personal task, since it has to take into account:

How much data (digital photos, or whatever) you need to back up
How much time you you can dedicate to backing up on a regular basis
Your finances, and to some extent, your lifestyle (backing up can be more of a hassle if you travel a lot, for example)
Your tech-savviness, or whoever’s savviness you can call on (e.g., a neighbour’s nephew amiable friend who can help you)
What storage medium is available in your area, or is easily obtainable

Since all the above can vary from person to person, the best backup strategy is really whatever works best for you in keeping your stuff safe. Here’s a few last thoughts on the various storage choices available:

Hard disks (HDD)
Whether external or internal, a HDD is often the first choice for people wanting to backup backup their digital photos. The disadvantage of using HDDs is their comparatively high price. Still, as prices of HDDs continue to drop, you could consider treating them like (unwieldy) DVDs. For professional photographers, who typically shoot hundreds of photos at an event (with each photo of a gigantic size), an article on All About Photography suggests getting a separate HDD for each major function, rather than putting all the photos on a single large drive. The HDDs for each event can subsequently be archived. Also, to help you gauge a HDD’s lifespan, there are utility programs that track the HDD’s health, so that hopefully you can replace the HDD before it takes a swan dive.

CDs & DVDs
CDs and DVDs (whether it’s CD-R, CD-RW, DVD-R or DVD-RW) are cheap, easy-to-use and portable, making them the most popular external storage media. The main drawback of CDs (and to a lesser extent, DVDs) is that they require the most care in handling, and probably the most frequent maintenance to replace corrupted disks. On the other hand, they’re are so cheap that for some users it can be more cost effective to make multiple copies of files on CDs and just periodically replace any faulty ones.

USB flash drives
USB flash drives (aka thumb drives, USB drives, etc) have a slightly suspect reputation at the moment, with their persona non grata status at many offices and their role in recent malware outbreaks (Worm:W32/Autorun). Still, when proper precautions are taken, a USB flash drive can be most convenient for frequent backups. As a caveat, USB flash drives only became popular within the last five years and I can’t find any studies about how long they ‘normally’ last under real-world use, so keep in mind this medium may also have a shelf life to be accounted for.

Online Storage
In the last couple years, online storage has become a viable option for most consumers, and there are plenty of online backup services available. This type of storage is most suited for users who value accessibility and less physical management – and have a decent, reliable Internet connection. Of course, we’ve got one – our Online Backup service – but you can also search online; among the plethora of online storage services available, there will probably be one to suit your specific needs.

Network Attached Storage (NAS)
Once solely the province of corporations and now available to home consumers, NAS systems are a kind of off-site, centralized data storage unit that a computer can connect to for file saving and sharing. Some of the advantages of an NAS system is that it can be accessed by any computer in the home network; as a standalone, low-energy system, it might be more cost-effective to run than sticking multiple HDDs into a standard PC; and it can have multiple HDDs. Personally, I haven’t tried this yet, but for users who particularly value accessibility and potential for file sharing, an NAS system might be worth researching.

And after considering all that, it’s just a matter of seeing what’s right for you, backing up regularly – and hoping you never accidentally lose your data. Or photos.

CC image by: Roman Pinzon-Soto

2 Comments

F-Secure Internet Security Impresses AV-Test

Share this

August 19, 2010
By Sandra

We just got a bit of good news that we’d like to share. The Independent IT-Security Institute’s AV-Test has certified F-Secure Internet Security 2010.

In a battery of tests that used 200 client and server systems, AV-Tests found that Internet Security delivered when it came to defending and restoring your system. Andreas Marx, CEO AV-Test, said, “It’s good to see that F-Secure Internet Security does not only offer a high protection and a good repair, but at the same time, it has less impact on the system from the usability point of view.”

And we’re especially proud of our Usability score — 5.5 out of 6.0 possible points, the highest score archived during this review. It’s our goal to protect you in a way that has almost no impact on your PC. AV-Test says that we’re doing a pretty nice job of this.

AV-Test also gave us credit for one of our strengths—keeping your computer from turning into zombie that can be exploited by cybercriminals. Marx said, “The detection and removal of actively running stealth malware such as rootkits was no problem for F-Secure Internet Security, but for many other reviewed products.”

We promise not to strain our arm patting ourselves on the back. And we won’t rest on our laurels. The bad guys never give up so we work hard every day to give you the kind of security that makes it so you don’t have to worry about your security.

Cheers,

Sandra

Leave a comment

4 ways to get Google out of your life

Share this

August 16, 2010
By Jason

Google’s mission is “to organize the world’s information and make it universally accessible and useful.” And to fund this mission, it creates advertising that is “interesting” to you. That way you will click on more ads and generate more income for Google.

Is that so wrong?

Well, like Facebook and nearly every other major site on the Internet—with the exception of Wikipedia—Google is a business. And it’s an incredible business. The Google search engine is perhaps the most important knowledge tool ever created. AdWords, Google’s contextual advertising service, revolutionized the Internet, created new markets and laid the groundwork for web 2.0.

And as the tech behemoth from Mountain View, California grows and grows, it continues to accumulate a vast array of data about its users’ web activity. Google knows more about most of us than we’d like to admit. Basically it knows what you searched last summer… and last night… and few minutes ago.

Millions of people allow Google to monitor their web activity in exchange for the free use of its incredible resources—from Maps to Voice to Earth. Sometimes it’s easy to forget that by getting into the minds of Internet users, Google generates billions in revenue. Recently, however, we’ve been reminded in several ways that Google is definitely a business—a business with the power and scope to do nearly anything it likes.

First, Google Buzz opted Google users into a social network that very few people actually wanted to be a part of. Then, came reports that Google Street View teams we’re sucking up Wi-Fi data as they roved the world taking pictures of almost everything. And now, Google is engaged in negotiations that could alter the future of the wireless web.

The real damage of these questionable activities is hard to gauge. F-Secure Security Advisor Sean Sullivan points out that Google itself discloses very little personal information about users. It just makes your data a lot easier to find.

Still you have to decide: do you trust Google? Or rather, do you want Google—or any business—to use intimate details about your online behavior to market to you more effectively? And would you be okay with your online activity somehow becoming public in the future?

If you’ve decided you’ve want a little less Google in your life, here’s how to do it.

1. Sign out
You’re probably signed into Google now. You may not remember when you did it or why, but when you’re signed in, every action you take is associated with your Google account. You don’t have to be signed in to use Google Search, News or Maps.

But when you sign up for a Google account for a service like Gmail or blogger, you’re in. Your search history is now being tracked and being used to market to you more effectively.

Is there any harm to that? That’s for you to decide. Google’s mantra is “Do No Evil”, but you’re relying on its definition of “evil”. So it’s your choice. If you can live without Gmail, Google Reader, Google Alerts, etc., go ahead and sign out. It’s that easy. You can also avoid Google completely and use Bing, but you may already be signed in there, too. And of course, you’re then deciding to trust Microsoft more than Google.

2. Opt out of Google Ad preferences
We’ll assume that if you’re still reading you’ve decided that you’re not giving up your Gmail and you don’t mind been logged into your Google account as you click around. You still can keep Google from using your history to induce you to buy more things.

Just go to www.google.com/ads/preferences now. Then press the “Opt Out” button. Depending on which browser you’re using, you may have to download a “plug-in”.

Of course, now the ads you see may be less “interesting”, but that may be a good thing.

3. Clear your search history
Could your search history ever be used to harm you? It probably won’t ever be used against you in a court of law. But it could be used by a nosy house-guest who wants to prove that you’re a chronic self-Googler (self-Googler – n. a person who Google’s his or her own name). Or maybe your significant other could “accidentally” find out what you were really researching when you couldn’t sleep?

If that’s the case, you have much bigger privacy problems than Google.

There are definite advantages to retaining your Google history. You could replicate research you’ve already done, or find a site that seems to have slipped into oblivion. Before you decide one way or another, it’s a good idea to look at your History.

Go to https://www.google.com/history/ now. You may be amazed at how often you’ve used Google’s Search, Image Search, Blog Search, etc.

If you’re a little dazed and can’t decide whether this is a good thing or not, you can “Pause” your Web History now and come back when you’re not seeing stars. If you’re certain that there’s no good use to all this information existing on any database anywhere, you can take action now. Click on “Remove”. Then select “Clear entire Web History »”.

If you’re sure, your history will be gone. In addition, your all tracking will be paused. Now you if you’re really serious, you can go ahead and erase your browser’s history.

4. Un-Google yourself
You probably know that almost every country in the industrialized world—except Finland—permits employers to Google search applicants as a part of the hiring process. This makes almost every mention of you on the Internet a little part of your résumé.

When Google began organizing the web, you were a more than a decade younger. Your youthful indiscretions may have faded into your memory but, Google doesn’t forget.

Wired has put together a very useful guide on “How to Un-Google” yourself because Google wont’ do it for you.

Having control of the search results for your name is not only crucial when you’re looking for a new job. Think about the Green Revolution in Iran when it was reported that the government was using the web to track the activity of dissidents and their families abroad. In this rare instance, Google search results could have been a matter of life and death.

6 Comments

Organized Crime in the 21st Century

Share this

August 11, 2010
By Jason

For many people, the term “organized crime” conjures images of Al Capone, Lucky Luciano, The Godfather. You know, the mafia. The stereotypical Mafioso of the twentieth century was well-dressed, soft-spoken. He demanded respect. His mere presence suggested danger. And even if you took him down, you’d have to deal with the “Family”.

According to MafiaMob.com, any “made” member of the mafia has to swear an oath to 5 principles:
1. A code of silence – Never to “rat out” any mafia member. Never to divulge any mafia secrets. Even if they were threatened by torture or death.
2. Complete obedience to the boss – Obey the boss’s orders, no matter what.
3. Assistance - To provide any necessary assistance to any other respected or befriended mafia faction.
4. Vengeance - Any attacks on family members must be avenged. “An attack on one is an attack on all.”
5. Avoid contact with the authorities.

This mythic hierarchical culture of silence is responsible for a powerful bond that keeps law enforcement at a distance. And the model is so profitable that it has been replicated all over the world many times over. Billions if not trillions of dollars have been made through what we call organized crime.

However, the emergence of communications technology has not been kind to mobsters. Surveillance through phones and other bugging devices along with racketeering laws have made crime families less off a domineering force in the twenty-first century, though they still play a significant role in the drug and human trafficking trades.

Many criminals have figured out actually going out and committing crimes in person is a risk not worth taking—especially when we live with world where nearly anyone with a PC and an Internet connection can commit crime from the comfort of home. A In the United States alone more than $559 million in loss (link goes to a PDF) was reported to the FBI in 2009 as the result of cybercrime. And that’s just the amount reported.

While cybercriminals often join online communities and conspire with others, cybercriminals are typically loners. Deb Shinder, a former police officer and current IT professional, has profiled the common characteristics of a person who uses the Internet to break the law:

Some measure of technical knowledge (ranging from “script kiddies” who use others’ malicious code to very talented hackers).
Disregard for the law or rationalizations about why particular laws are invalid or should not apply to them.
High tolerance for risk or need for “thrill factor.”
“Control freak” nature, enjoyment in manipulating or “outsmarting” others.
A motive for committing the crime – monetary gain, strong emotions, political or religious beliefs, sexual impulses, or even just boredom or the desire for “a little fun.”

Cybercrime, according to Shinder is anything from downloading cracked software to outright fraud. And when it comes to committing fraud, digital crooks are as canny and ruthless as any mobster. But unlike the mafia and hackers, most cybercriminals have no code and little respect for law enforcement.

What was the most common scam of 2009? Imitating the FBI itself. It’s like Al Capone making a fortune posing as Elliot Ness—even if Ness was never as involved with Capone as Hollywood would like us to believe.

It’s never been easier to become part of organized crime. You could buy a “phish kit” and be in “business” in hours. No need to be “made” or even put on your pants. Right now, you can find your way into one of the many hacking communities and start cracking away.

Many digital crimes look legitimate—at first. But when a product you ordered doesn’t show up or fraudulent charges start appearing on your credit card, the result of any theft is the same: loss of money and time.

Here are the most commonly reported cybercrimes in the US for 2009:

There may not be any direct physical intimidation or violence involved, but the psychological harm of having your financial life plundered has real world consequences. That’s why authorities around the world actively track and prosecute cybercriminals, with increasing success.

It’s a new world. Technologically savvy criminals use stolen identities and fake IP addresses to create the code of silence that mobsters once enforced by blood.

Cybercrime is a solitary craft that can be practiced from a flat in Eastern Europe or a cybercafé in Beijing. You don’t need muscle and you don’t need assistance. But if you get caught, you’re just like Al Capone.

You’re going to need a very good lawyer.

Cheers,
Jason

CC image credit: kait jarbeau

Leave a comment

How to Save Face: 6 Tips for Safer Facebooking

Share this

August 5, 2010
By Jason

1. Know what you’re getting into
Facebook is a business. It exists to take your online activity and turn it into revenue. Facebook will always be free. But there is a cost. You’re paying by being exposed to advertising and allowing limited disclosure of your online activity.

How limited? You could sit down for a while and read Facebook’s Privacy Policy. But you’ll probably need a few hours and some black coffee.

So here’s a short version: basically everything you post, every person you friend, every group you join will be made public to your “friends”, “friends of your friends” or “everyone”—depending on your privacy settings.

To you this may be simple. You assume that everything you’ve posted could be available to the whole world. Others are still learning. People have lost their jobs as a result of things they’ve posted on Facebook. And when this happens, the newly unemployed person will usually claim that s/he thought that the post was private.

So joining a social network is a leap of faith. On a social network, not only do you have to trust the site to follow its privacy policy, but you also have to trust your friends. Will they reveal your secrets? Will they pass on bad information and scams to you?

And, more importantly, you have to trust yourself to share the right things.

On Facebook, you are exposing your private life in ways you may not even realize. 79% of companies review an applicant’s online information (which is completely illegal in Finland but acceptable in most of the world). Your financial future could depend on how well your profile and your photos and friends list represent you. So think before you post—always.

2. Secure your PC
What does 500,000,000 people on one website look like? To cybercriminals, it looks like a gigantic, unsecured goldmine.

Online gangs and scammers are working twenty-four hours a day to exploit the trust we have for our online friends. Updated Internet security is a must before you use Facebook or any social site. In addition, you have to make certain that your PC is updated with the most recent application system software, which can be time-consuming. F-Secure’s free Health Check makes that easy.

3. Use a unique, strong password
‘Password’ is not a good password. Neither is ‘123456’ or your pet’s name or your name any information that is available publicly on your Facebook profile.

Creating a strong, complex password that you can remember is the key to keeping strangers out of your account. Here’s a simple password system we recommend. You should also use different passwords for your all of your various accounts, especially your email accounts, to keep one hack from becoming a total nightmare.

For extra protection, never let browser remember your password, and lock your PC when you step away from it—especially if you’re living with young children and/or parents and/or anyone, really.

4. Filter your friends
Facebook works overtime to connect you with as many people possible. When you first join, the site combs through your email account to suggest as many people as possible. Then as you use the site it will suggest more email contacts. Email someone new and Facebook will suggest that you become friends.

Run out of contacts, you’ll see friends of friends, brands you might like, your ex.

It’s a strange social dynamic. When see the person’s picture, it feels like this person wants to be your friend. But who knows? All you can be sure of is that Facebook wants you to be friends.

So ask yourself this: Does everyone you email need to be your Facebook friend?

Some people have found that their best friends in the real world make lousy Facebook friends. There are a lot of people who can find you who may not like reconnecting with. According to a recent survey, 70% of Facebook users avoided becoming friends with their bosses.

Maybe you want to limit Facebook to your friends and family and leave professional connections to Twitter and LinkedIn. There’s no perfect formula, but it’s important to have some filter, some limit on what you share with whom. How do you say no when someone you don’t want to offend makes a friend request? Facebook makes this easy. You can just ‘ignore’ the request. That’s a nice way to frame it!

Want to stop Facebook from combing through your email contacts? You can remove your contacts by clicking here. But if you’re using a Facebook app on your phone, first you’ll have to disable the Facebook synchronization feature on your phone.

Want to stop Facebook from suggesting you as a friend to others? Go to “Privacy Settings” click on “Settings” for “Basic Directory Information”. When you get there, set “Search for me on Facebook” to “Friends Only”.

Always remember this: If anyone solicits you directly about money, assume it’s a scam. Ignore and defriend that profile immediately. An easy way to defriend someone is to go to their profile and scroll down the left column until you find “Remove from Friends”.

5. Click carefully
The biggest dangers on Facebook are the links that appear on your wall. With one bad click, you could end up on a site that attempts to serve you malware or scam you using phishing tactics. One, bad ‘like’ and you could end up spamming all of your friends. That’s why you have to remember that links are not your friends.

The most popular Facebook scams involve gift cards and hilarious videos and diet advice. So far most attacks on the site have been more annoying than harmful. But without vigilance, you can be sure that vicious scams and malware are heading your way.

The best antidote to bad links is Internet security with browsing protection. You can double-check any link before you click it by copying it (right-click on it in Windows) and pasting it into F-Secure’s free Browsing Protection.

Prevention is your best cure. Realize the more sensational or strange or generic a link is, the more likely it is to be malicious. Again, links are not your friends. Apply the same caution you’ve learned to use when you’re checking email to checking Facebook. And just because your friend or family linked something, doesn’t mean you have to click on it.

6. Don’t rely on Facebook to protect your privacy
The whole point of Facebook is to “connect and share with the people in your life.” But there’s a point, for nearly everyone, where all the connecting and sharing can be too much—especially as your information becomes increasingly available to people who aren’t necessarily “in your life.”

So whenever you use Facebook, you have to ask yourself two things: Who do I want to see what I’m doing? And how would I feel if the whole world saw this?

There’s no technical tool to stop your friends from sharing your information. But Facebook does offer you the tools to control who sees your activity. That’s why you need to get to know your privacy settings.

Start at “Account”> “Privacy Settings”. Then click on “Settings” for “Basic Directory Information” . This is where you decide who can find you and what they’ll see when they do.

You get to decide. How easy do you want to make it to find you on Facebook? Which is more important to you: privacy or connection.

If you’re more interested in connection, select “Everyone” for the top three settings “Search for me on Facebook”, “Send me a friend request” and “Send me a message”. Then consider making all the other settings “Friends Only”. This will encourage people to become your friend, and it gives you more power over your information.

Next you can click back to “Privacy Settings” and set how you share on Facebook.

You can go with the preset options or customize each category individually.

Your safest bet is “Friends Only.” You may want to want to open your activity to “Friends of Friends”; however, there is certain information that you should not make available to “Everyone”. This includes your birthday, your email address and IM, your phone number and address, political and religious beliefs and your family and relationships.

Why? All of this information may be public somewhere else, like a phone book, but you’re simply making too much identifiable information public in one easily accessible place. There may not be enough there for true identity theft, but you are giving a stranger enough information to pose as you online convincingly, which could be a problem if some potential employer or date is checking out your online presence.

You may also want to uncheck the box that says “Let friends of people tagged in my photos and posts see them.” This way you won’t unintentionally draw attention to an image one of your friends may not want others to see.

If you’re very interested in your privacy, you should continue and edit your Application and Website Settings.

Here you should do two things. 1) Remove any applications you aren’t using. 2) Click on “Turn off all platform applications”. Then you can select which applications you don’t ever want to show up on your wall ever again. That’s right. You can say goodbye to FarmVille forever, if you want to.

You can also turn off all platform applications, which will keep your friends from automatically sharing your information with the applications they’re using. Not a bad idea.

Next you can click on “Game and application activity”. Click “Customize” and select “Only Me” to keep all of your Game and application activity to yourself, which is a good idea if you’re friends with people (read: co-workers) who may judge how you spend your time.

After that, take a look at “Info accessible through your friends”. Here you’ll see all the information that is available to the applications your friends decide to use. That’s right, your friends share all this information automatically with the applications they use.

Once you see that screen, you may want to go back to “Turn off all platform applications”. Why not turn it off until you have a good reason to turn it on?

Now we’re at “Instant Personalization”, which is controversial because Facebook opted all of its users into it. Of course, it warned everyone through an update to its Privacy Policy, but you probably didn’t take the time or coffee needed to figure that out.

So what does Instant Personalization do? It shares your information with three Facebook partner sites: Docs, Yelp and Pandora. Could more partners be added? Yes. Could you just opt out of one or two? Yes. Just click on Docs, Yelp or Pandora and then click on “Block Application.”

Again, unless you know you want to share information with these sites, it’s a good idea to opt out for now.

If you made it this far, you will be rewarded. We are now at, perhaps, the most important Facebook privacy setting: “Public Search”.

You probably heard how recently the information of over 100 million Facebook users was made available for download. All of that information was public before a security researcher took it and turned it into one downloadable file. Those 100 million Facebook users probably had enabled public search.

This is where get to decide if the whole world can find your Facebook profile and information. With one click, your profile could become the top result of a Google search for your name. If you want to avoid disclosure of your information to the world, you may want to start by limiting who can search for you. I recommend that you do not click the box to “Enable public search”.

So those are the tools Facebook gives you to protect your information. They’re complex, and that’s probably on purpose. Facebook is not shy about encouraging it’s users to share and share and share. That’s why you have to remember that Facebook (and your friends) can’t share anything you don’t post to the site.

So be careful not to post anything that can be used against you. This includes travel plans and itineraries, complaints about bosses, co-workers and customers, company secrets, threats… Has anyone actually had a home robbed after posting plans on Facebook? Yes, indeed.

There are a million things you shouldn’t post. And you are the only person who can decide what you SHOULD share with Facebook and the world. So choose wisely.

Bonus tip: Use Facebook’s one true security feature
Facebook’s one true security feature is simple but powerful. Facebook will inform you anytime any new device accesses your account. That means if some PC or smartphone you’ve never used before logs into your account, Facebook will email you.

To turn this feature on, go to “Account Settings”. Then select “Account Security”.

Just click “Yes ” and then “Submit”.

Now, what do you do if you find out that someone beside you accessed your account? Change your password immediately. On the “Account Settings” page find “Password” and click “change”.

OK. That’s all I know about making Facebook safer a place for you and your friends. For ongoing tips you can follow F-Secure on Facebook. Do you have any tips to add?

7 Comments

Is it worth sharing my personal information?

Share this

August 3, 2010
By sarahfs

Privacy. Social media. There is a paradox somewhere between there. How much privacy shall we expect from social networking media, which are built on the basis of sharing our personal information?

As we are busy announcing our presence to the world via Facebook, Twitter, Foursquare and numerous other services, let’s understand the value in disclosing our personal details.

The good

A little bit of appropriate disclosure could be advantageous. Done right, your online profile could attract the right kind of attention. Say that you are a fresh graduate or someone looking for a (new) job; why not use the online profile page as an informal extension to your resume?

In a study conducted by Microsoft in December 2009, 79% of hiring managers and recruiters revealed that they review applicants’ online information before making a hiring decision. So, pad up that profile page with details that would put you in a favorable position. Include a link to your online portfolio to showcase your work and achievement.

Show your personality. It’s okay to leave that picture of you having a drink with some friends (provided that it was not a wild night, and you are not underage). But also try to sneak some pictures of you volunteering at the homeless shelter, or spending the summer in Africa with Engineers without Borders. Present yourself as a well-rounded person, someone with multiple interests and can get along well with others.

The bad

Your information is a commodity that companies sought after. People are less inclined to fill out online survey and even more reluctant to be approached on the street. But in social media, people casually mention about a product on their or their friends’ page whether in the comment or simply clicking the “Fan” or “Like” button.

Whatever product preferences that you mentioned might be used for targeted marketing. You might receive e-mails containing product recommendations, trials, etc. In a worse situation, in some countries where customer’s privacy policy is not strictly enforced yet, your contact information might be passed from one company to another, resulting in more unrequested spam mails clogging your inbox or unwanted SMSes or unsolicited phone calls.

The ugly

This is where the worst happens—your online information is being harvested for malicious intentions. Your e-mail address is a favorite target for spammers and phishers. With spam, you could be on either receiving or sending end. Spammers often crawl the web, searching for e-mail addresses which would be the recipients of their spam mails. Some would go to a greater length, using your e-mail addresses to generate and distribute spam on their behalf.

Then, there are phishers who set their eyes on accounts that possess real cash value such as online banking, online gaming, iTunes, etc. Phishers often disguise themselves as someone you trust in order to trick you into revealing sensitive information. A common method is to spoof the “From” address in e-mail, pretending to be someone in authority and then ask the recipients to verify some information at a forwarded link.

In general, our information might be available anywhere on the Internet, but social media receive the huge blame because most details are concentrated there, ready to be harvested. Whether you like it or not, more and more social networking services are making their way to us; you might be tempted to sign up. The best practice is to protect your own online privacy. Set the right privacy setting for your account, and more importantly, be smart about what you post online.

Image credit to Rob Pongsajapan

1 Comment

Don’t get burned this summer!

Share this

August 2, 2010
By Richard B

It’s the time of year when many of us will be packing our bags and jetting off for that well-earned holiday.

Most of us will have a great time, and return with tales of fun and relaxation. But for some the enjoyment may be tainted by a holiday theft.

However, there are some measures you can take to minimize the chances of getting parted from your money or belongings, I have put together a little list of tips which I hope will be of help to you.

It makes sense to take a prepaid credit card with you instead of your normal cards. Top it up by telephone transfer every couple of days. This means if anyone steals the card (or more likely, steal the card details) you will only lose the money that has been moved to the card.
Try not to show off your wealth by wearing expensive watches and Jewelry. There are of course exceptions to this. Say you are in the casino at Monet Carlo, for example.
Do not walk on your own in poorly lit areas late at night.
Keep your baggage locked when moving between locations and in the airport.
Download the free copy of F-Secure Mobile Anti Theft so if your phone is stolen you can lock it remotely, even wipe the content if you think it’s gone for good. The paid version of mobile security will also allow you to track where your phone is.
Put your important travel documents in a safe while you are out.
Whatever you do, don’t put all your important documents in a single folder and bring it to the beach.
Minimize the amount of information you have in your wallet/purse, do you really need your driving license and all your bank cards at the local market?
Never put down valuable items unless your hand is attached to it.
Agree taxi prices before you get in, especially from the airport.