Web

Should I put my phone number online?

Recently a controversy erupted over Facebook Phonebook, an app that shares users’ phone numbers without permission. Generally, Facebook can only share your number if you posted it and made it public via your privacy settings. However, by synching with your smartphone’s contacts, this app can share a phone number that has not been published.  (This link will show you exactly how to hide your number on Facebook, though it won’t prevent your friends from possibly sharing your number with Phonebook.)

All of this talk has led me to wonder:  should I put my phone number online?

I don’t know about you, but I am really paranoid when it comes to putting my details online. I don’t just worry about the ultra-sensitive information, like bank details and card numbers. I worry about my identity, my name, date of birth, my address and my phone number.

I’ve given the issue some thought to try to work out what it is that I am worried about and whether I am being a little too cautious. After all, I have found it useful to look up my friends’ phone numbers on social media sites when my phone has let me down, so why should I withhold the same information from them? I am quite security conscious, so I probably have less to worry about than the average internet user.

But what might the average internet user have to worry about?

Banking scams

By far the most common threat is that which gives a criminal direct access to your finances. Your bank details can be stolen in a number of ways. There is no point in making it even easier by broadcasting your account numbers, card numbers or passwords. Other information, like your address and number, might be useful if it comes paired with your bank details, but they are not usually needed for criminals to make a profit from your account.

Social sabotage

By social sabotage I mean anything that could ruin your reputation with your peers. You can socially sabotage yourself by allowing your boss to see a photo of you hosting a late night party in the office. Your (one time) friend can publish the picture without your consent. Both of these problems are common and they are a reason to be careful about who you invite into your social circles and of what you say and do.

A lesser problem is that your account is hacked and your reputation is ruined by an action supposedly performed by you. This is not as common. It is most likely to happen if you have immature friends, rebellious children or a jilted ex-partner and can be prevented by having a completely secret and impossible-to-guess password.

Identity theft

This is where you would have to worry about putting your address and phone number online. It is not very likely to happen though. It is most likely to happen as part of a banking scam and for that, as already mentioned, your phone number and address tend to be of secondary importance compared to your card numbers and account details.

The other thing you should know is that if anyone wants to find your address and phone number online, the chances are that they already can. It doesn’t matter if you did not publish them anywhere yourself. Phone directories are online and have been for some time. I found three services in Finland alone that claimed to be able to give me the personal details of people I know if I logged in to their services. For the USA, there are sites like Spokeo.

These sites do not only give out your phone number and address, regardless of whether you know their existence, but they often collate other data. They will tell other people what you have posted in Yahoo! Groups (the titles of these posts are visible even if the group is private). They will gather your date of birth, gender, relationship status. Some may even gather photos of you. Your house. Your children. Whatever seems to be related to you online.

All this information is out there already. These sites just make it easier to find. Most of the time no-one is going to use those sites and there is no need to worry. If you are paranoid then you can search for yourself and hunt down all the places your information is being leaked from. Usually the only reason to be this paranoid about your data is if you know that someone is out to get you! By this I mean that you are involved in a legal matter or that your livelihood relies on your reputation.

Data loss

There’s a very small chance that this problem will occur to you as an act of sabotage. You’ll suffer the loss of information from your online accounts, finding it deleted one day. This is most likely to happen because someone who is very close to you is angry with you. If this is happened to you, though, it is the second thing you should consider.

Before you rush to accuse someone of tampering with your accounts be aware that it is far more likely that an error with the software or website you use has caused your data to vanish. Always check with customer services first or search the internet to see if anyone else has the same problem at the same time.

Espionage

Do you hold a crucial place in a business? Are you a government official? Are you a rebel to a strict governmental regime? Perhaps you’re a celebrity? Have a stalker? Messy divorce? No? Then you probably won’t ever have to worry about this.

If you ever intend to answer ‘yes’ to the above questions then it is a good idea to become more security savvy. Reading this blog is a good start, well done.

If you can answer ‘yes’ already, then you might be one of the few who are justified in being really paranoid and withholding most or all personal details from the online world. At the very least, seek advice relative to your position.

If you’ve skipped to the end looking for a summary, then the answer to whether you should put your phone number (or address) online is:

It depends.

It is probably online already, but that does not mean that many people will know where to look for it.

  • If you are going to broadcast it in many public places, think very carefully about who that public is. There’s no need to give all of your jilted lovers your new number, or to invite calls from the Rick Astley Fan Club that you left all those joking insults with. If that’s the kind of thing you get up to, keep your personal details to yourself.
  • If you are going to put your phone number and address into a web form, think carefully about the legitimacy of the site you are on. Is it Amazon or amateur porn? If it is not a bona fide company, then do not give away your details.
  • If your address and bank details are requested, by all means be suspicious and double-check everything. To be safe, never give away more details than the bare minimum required by a service.
  • It doesn’t hurt if you refuse to use online services that are not essential to you if they ask for too many details.

Finally, if you want to respond to this article, please don’t call me! Leaving a comment on the blog will do nicely.

Melody-Jane.

CC image by nathanmac87.

More posts from this topic

sign license

POLL – How should we deal with harmful license terms?

We blogged last week, once again, about the fact that people fail to read the license terms they approve when installing software. That post was inspired by a Chrome extension that monetized by collecting and selling data about users’ surfing behavior. People found out about this, got mad and called it spyware. Even if the data collection was documented in the privacy policy, and they technically had approved it. But this case is not really the point, it’s just an example of a very common business model on the Internet. The real point is what we should think about this business model. We have been used to free software and services on the net, and there are two major reasons for that. Initially the net was a playground for nerds and almost all services and programs were developed on a hobby or academic basis. The nerds were happy to give them away and all others were happy to get them for free. But businesses run into a problem when they tried to enter the net. There was no reliable payment method. This created the need for compensation models without money. The net of today is to a significant part powered by these moneyless business models. Products using them are often called free, which is incorrect as there usually is some kind of compensation involved. Nowadays we have money-based payment models too, but both our desire to get stuff for free and the moneyless models are still going strong. So what do these moneyless models really mean? Exposing the user to advertising is the best known example. This is a pretty open and honest model. Advertising can’t be hidden as the whole point is to make you see it. But it gets complicated when we start talking targeted advertising. Then someone need to know who you are and what you like, to be able to show you relevant ads. This is where it becomes a privacy issue. Ordinary users have no way to verify what data is collected about them and how it is used. Heck, often they don’t even know under what legislation it is stored and if the vendor respects privacy laws at all. Is this legal? Basically yes. Anyone is free to make agreements that involve submitting private data. But these scenarios can still be problematic in several ways. They may be in conflict with national consumer protection and privacy laws, but the most common complaint is that they aren’t fair. It’s practically impossible for ordinary users to read and understand many pages of legalese for every installed app. And some vendors utilize this by hiding the shady parts of the agreement deep into the mumbo jumbo. This creates a situation where the agreement may give significant rights to the vendor, which the users is totally unaware of. App permissions is nice development that attempts to tackle this problem. Modern operating systems for mobile devices require that apps are granted access to the resources they need. This enables the system to know more about what the app is up to and inform the user. But these rights are just becoming a slightly more advanced version of the license terms. People accept them without thinking about what they mean. This may be legal, but is it right? Personally I think the situation isn’t sustainable and something need to be done. But what? There are several ways to see this problem. What do you think is the best option?   [polldaddy poll=8801974]   The good news is however that you can avoid this problem. You can select to steer clear of “free” offerings and prefer software and services you pay money for. Their business model is simple and transparent, you get stuff and the vendor get money. These vendors do not need to hide scary clauses deep in the agreement document and can instead publish privacy principles like this.   Safe surfing, Micke     Photo by Orin Zebest at Flickr

April 15, 2015
BY 
webpage screenshot TOS

Sad figures about how many read the license terms

Do you remember our stunt in London where we offered free WiFi against getting your firstborn child? No, we have not collected any kids yet. But it sure was a nice demonstration of how careless we have become with user terms of software and service. It has been said that “Yes, I have read then license agreement” is the world’s biggest lie. Spot on! This was proven once again by a recent case where a Chrome extension was dragged into the spotlight accused of spying on users. Let’s first check the background. The “Webpage Screenshot” extension, which has been pulled from the Chrome Web Store, enabled users to conveniently take screenshots of web page content. It was a very popular extension with over 1,2 million users and tons of good reviews. But the problem is that the vendor seemed to get revenues by uploading user behavior, mainly visited web links, and monetizing on that data. The data upload was not very visible in the description, but the extension’s privacy policy did mention it. So the extension seemed to be acting according to what had been documented in the policy. Some people were upset and felt that they had been spied on. They installed the extension and had no clue that a screenshot utility would upload behavior data. And I can certainly understand why. But on the other hand, they did approve the user terms and conditions when installing. So they have technically given their approval to the data collection. Did the Webpage Screenshot users know what they signed up for? Let’s find out. It had 1 224 811 users when I collected this data. The question is how many of them had read the terms. You can pause here and think about it if you want to guess. The right answer follows below.   [caption id="attachment_8032" align="aligncenter" width="681"] Trying to access Webpage Screenshot gave an error in Chrome Web Store on April 7th 2015.[/caption]   The privacy policy was provided as a shortened URL which makes it possible to check its statistics. The link had been opened 146 times during the whole lifetime of the extension, slightly less than a year. Yes, only 146 times for over 1,2 million users! This means that only 0,012 % clicked the link! And the number of users who read all the way down to the data collection paragraph is even smaller. At least 99,988 % installed without reading the terms. So these figures support the claim that “I have read the terms” is the biggest lie. But they also show that “nobody reads the terms” is slightly incorrect.   Safe surfing, Micke   PS. Does F-Secure block this kind of programs? Typically no. They are usually not technically harmful, the user has installed them deliberately and we can’t really know what the user expects them to do. Or not to do. So this is not really a malware problem, it’s a fundamental problem in the business models of Internet.   Images: Screenshots from the Webpage Screenshot homepage and Chrome Web Store    

April 8, 2015
BY 
Online Surfing in Different Countries

POLL: What country do you want to use for your online surfing?

Online surfing has been around for a while now, and it keeps getting better as technology continues to improve. Websites are better, responsive to different devices, more interactive, and feature a more diverse range of content. All in all, online surfing has managed to stay cool for a very long time. In fact, during a recent interview, Mikko Hypponen specified online surfing as the thing that he’d miss the most if the Internet were to suddenly disappear. The Internet may not suddenly disappear tomorrow, but it is in danger of slowly eroding. While technologies have been steadily improving what people can see and do online, other interests have been trying to develop new ways to regulate and control people’s behavior. Questions about what you can see and do online used to face technical constraints, but now these are transitioning to issues about what other people want you to see and do. Noted anthropologist and author David Graeber recently remarked in an interview with the Guardian that control has become so ubiquitous that we don’t even see it. Geo-blocking is a regulative measure that seems to confirm Graeber’s views. PC Magazine concisely defines it as the practice of preventing people from accessing web content based on where they are (determined by their IP address). Geo-blocking and other types of regional restrictions are used by both companies and governments, and for a variety of purposes (for example, enforcing copyright regimes, running regional sales promotions, censorship, etc.). Freedome is a user-friendly VPN that gives people a way to re-assert control over what they can see and do online. It encrypts communications, disables tracking software, and protects people from malware. It basically gives people the kind of protection they need to surf the web while staying safe from the more prominent forms of digital threats. It also helps people circumvent geo-blocking by letting them choose different “virtual locations”. Virtual locations let people choose where they want to appear to be when they’re surfing online. So if a user selects Canada as their location, the websites they visit will think they are located in Canada. If they select Japan, websites will think they’re in Japan. I’m sure you get the idea. Choosing different virtual locations lets web surfers bypass these geo-blocks so that their access to content remains unrestricted. They can watch YouTube videos reserved for American audiences, access Facebook or Twitter when vacationing in a country that blocks those services, and avoid other measures that attempt to prevent them from enjoying their digital freedom. Freedome recently added Belgium and Poland as new choices, giving Freedome users a total of 17 different places to surf from. But the list needs to keep expanding to keep the fight for digital freedom going, so the Freedome team wants to know: where do you want to do your online surfing? [polldaddy poll=8754876] [Image by Sari Choch-Be | Flickr ]

March 27, 2015
BY