How do I know if I have a cyberstalker?

A lot of people out there seem to be creeped out at the thought that they might have a stalker following their online activities. They want to know who is viewing their profiles, looking at their photos, reading their status updates and how often.

On Facebook, there have been many applications advertised to let you find this information and all of them are fakes. It’s a good thing, too. These applications may satisfy your curiosity, but they treat all of the friends that you added to your profile as potential stalkers. Even if it were possible to find a Facebook application that reveals your profile views, by using that application to find stalkers you would become the very thing that you were trying to avoid. You’d be stalking your friends’ online activities and snooping on actions that they believed were their own, private actions.

Recently, professional site LinkedIn have removed anonymity from profile views, based on a user setting. MySpace have a similar feature: if you want to see who views your profile, you must let them see your activity. If you consider how frequently Facebook is changed, it seems that there is every chance that Facebook will add the same feature in the future. Facebook also have a disturbing policy of enabling new settings by default. It hasn’t happened yet, but it is a reason to be vigilant. If you want to sacrifice your privacy in order to satisfy your curiosity it should be your choice and the choice of those who do not want to sacrifice their privacy should be respected as well.

So, do you have a stalker?

The first thing to get clear in a discussion about stalking is what stalking actually is. That way we can avoid persecuting and humiliating innocent people with the reputation-damaging label “stalker”.

A stalker is not someone who views your social profiles. It is not someone who views your page a lot. It is not someone who views your photos and it is not even someone who downloads them. None of these activities automatically make someone a stalker.

If you are really being stalked it is a serious matter. It is illegal in at least some countries, as a form of threat and harassment.

The US legal definition states that not only do you have to be followed, but it is “with the intent to place that person in reasonable fear of death or serious bodily harm” (I suggest you read the whole definition here).

Cyber stalking also involves high levels of harassment, distress and the intent to track down and meet a person in the physical world. To reduce the chance that someone can trace you in the physical world you can read our guides on using location-based Facebook and how to use Twitter safely.

I have to suggest that before you accuse someone of being a stalker you should think very carefully. Are you really under threat of death or injury just because someone views your photos online? Photos that you published yourself? Because when you put things online, your social profiles, your location, your pictures, your thoughts, your job description, you are publishing it.

If you are reading this and you do have a real stalker, if you are living in fear of physical harm, then contact local law enforcement.

Now that I have that warning out of the way, I can give you some practical tips in case you are curious about how much your profiles are getting viewed. I know that a lot of people have encountered this blog by searching for ways to discover so-called stalkers or to find out how to track people online better. I know because I can see how searchers came to this site. Yes, I can see that.

If you look around you can find there are several sites and services that give you viewing statistics. I already mentioned the features in MySpace and LinkedIn, which allow you to see the details of your viewers so long as you are willing to reveal your details to them. That’s a nice way to do it.

Blogging sites offer statistical views of how many views you have for each post and where the posts have been linked. This is still somewhat anonymous, but that should be fine. It is still a lot of information.

YouTube even have a little statistics area that can be opened up from underneath each video that tells you the age, gender and country of the video’s viewers and which link or search brought them to the video.

Facebook? The best advice I can give you is this: Why don’t you just ask?

Ask your friends and they might even tell you. You can also use common sense: Find out who comments most often and who ‘likes’ the most photos and status updates; the chances are that they view your profile the most often and that they are also very active Facebook users.

Of course, going through your Facebook Friends’ list and removing anyone you do not trust personally is always a good idea.

Here on Safe and Savvy we have a lot of posts related to online privacy. If you are still curious then take a look at our archives and subscribe to our RSS Feed.

More posts from this topic

Mikko Hypponen What Twitter knows

5 things Twitter knows about you

At Re:publica 2015, our Chief Research Officer Mikko Hypponen told the main stage crowd that the world's top scientists are now focused on the delivery of ads. "I think this is sad," he said. [youtube https://www.youtube.com/watch?v=pbF0sVdOjRw?rel=0&start=762&end=&autoplay=0] To give the audience a sense of how much Twitter knows about its users, he showed them the remarkable targeting the microblogging service offers its advertisers. If you use the site, you may be served promoted tweets based on the following: 1. What breakfast cereal you eat. 2. The alcohol you drink. 3. Your income. 4. If you suffer from allergies. 5. If you're expecting a child. And that's just the beginning. You can be targeted based not only on your recent device purchases but things you may be in the market for like, say, a new house or a new car. You can see all the targeting offered by logging into your Twitter, going to the top right corner of the interface, clicking on your icon and selecting "Twitter Ads". Can Twitter learn all this just based on your tweets and which accounts follow? No, Mikko said. "They buy this information from real world shops, from credit card companies, and from frequent buyer clubs." Twitter then connects this information to you based on... your phone number. And you've agreed to have this happen to you because you read and memorized the nearly 7,000 words in its Terms and Conditions. Because everyone reads the terms and conditions. Full disclosure: We do occasionally promote tweets on Twitter to promote or digital freedom message and tools like Freedome that block ad trackers. It's an effective tool and we find the irony rich. Part of our mission is to make it clear that there's no such thing as "free" on the internet. If you aren't paying a price, you are the product. Aral Balkan compares social networks to a creepy uncle" that pays the bills by listening to as many of your conversations as they can then selling what they've heard to its actual customers. And with the world's top minds dedicated to monetizing your attention, we just think you should be as aware of advertisers as they are as of you. Most of the top URLs in the world are actually trackers that you never access directly. To get a sense of what advertisers learn every time you click check out our new Privacy Checker. Cheers, Jason

May 15, 2015
BY 
WhatsApp Scams

WhatsApp Scams: 3 Things you Need to Know

F-Secure Labs reported this week on a new WhatsApp scam that’s successfully spammed over 22,000 people. Spam seems to be as old as the Internet itself, and is both a proven nuisance AND a lucrative source of revenue for spammers. Most people don’t see what goes on behind the scenes, but spammers often employ very sophisticated schemes that can expose web surfers to more than just ads for Viagara or other “magic beans”. Spam typically tries to drive Internet traffic by tricking people into clicking certain websites, where scammers can bombard unsuspecting web surfers with various types of advertising. Profit motives are what keep spammers working hard to circumvent spam blocks, white lists, and other protective measures that people use to try and fight back – and it can pay off. Numerous spammers have been indicted and suspected of generating hundreds of thousands of dollars in revenue from their spam campaigns, with one study projecting that spammers could generate in excess of 3.5 million dollars annually. While most spam circulates via e-mail, the popularity of services like WhatsApp is giving spammers new resources to exploit people, and new ways to make money. Here’s a few ways spammers and cyber criminals are using WhatsApp to make money off users: Following Malicious Links: One way that cyber criminals use WhatsApp to scam people is to trick them into following malicious links. For example, a recent scam sent SMS messages to WhatsApp users telling them to follow a link to update the app. But the message was not from WhatsApp, and the link didn’t provide them with any kind of update. It signed them up for an additional service, and added a hefty surcharge to victims' phone bills. Sending Premium Rate Messages: Premium rate SMS sending malware was recently determined by F-Secure Labs to be the fastest growing mobile malware threat, and WhatsApp gives cyber criminals a new way to engage in this malicious behavior. Basically the users receive a message that asks them to send a response – “I’m writing to you from WhatsApp, let me know here if you are getting my messages”, “Get in touch with me about the second job interview”, and various sexual themed messages have all been documented. Responding to these messages automatically redirects your message through a premium rate service. Spanish police claim that one gang they arrested made over 5 million euros using this scheme – leaving everyday mobile phone users to foot the bill. Manipulating Web Traffic: A lot of spam tries to direct web traffic to make money off advertising. As you might imagine, this means they have to get massive numbers of people to look at the ads they’re using for their scams. Scammers use WhatsApp to do this by using the app to spread malware or social engineer large numbers of people to visit a website under false pretenses. F-Secure Labs found that people were being directed to a website for information on where they could get a free tablet. In March there was a global spam campaign claiming people could test the new WhatsApp calling feature. Both cases were textbook scams, and instead of getting new tablets or services, the victims simply wasted their time spreading misleading spam messages and/or exposing themselves to ads. WhatsApp and other services are great for people, but like any new software, requires a bit of understanding to know how to use. Hopefully these points give WhatsApp users a heads up on how they can avoid spam and other digital threats, so they can enjoy using WhatsApp to chat with their friends. [ Image by Julian S. | Flickr ]

May 8, 2015
BY 
Cyber Espionage

Getting Cozy with Cyber Espionage

Espionage – it’s not just for James Bond type spies anymore. Cyber espionage is becoming an increasingly important part of global affairs, and a threat that companies and organizations handling large amounts of sensitive data are now faced with. Institutions like these are tempting targets because of the data they work with, and so attacks designed to steal data or manipulate them can give attackers significant advantages in various social, political and industrial theaters. F-Secure Labs’ latest malware analysis focuses on CozyDuke – an Advanced Persistent Threat (APT) toolkit that uses combinations of tactics and malware to compromise and steal information from its targets. The analysis links it to other APTs responsible for a number of high-profile acts of espionage, including attacks against NATO and a number of European government agencies. CozyDuke utilizes much of the same infrastructure as the platforms used in these attacks, effectively linking these different campaigns to the same technology. “All of these threats are related to one another and share resources, but they’re built a little bit differently to make them more effective against particular targets”, says F-Secure Security Advisor Sean Sullivan. “The interesting thing about CozyDuke is that it’s being used against a more diverse range of targets. Many of its targets are still Western governments and institutions, but we’re also seeing it being used against targets based in Asia, which is a notable observation to make”. CozyDuke and its associates are believed to originate from Russia. The attackers establish a beachhead in an organization by tricking employees into doing something such as clicking a link in an e-mail that distracts users with a decoy file (like a PDF or a video), allowing CozyDuke to infect systems without being noticed. Attackers can then perform a variety of tasks by using different payloads compatible with CozyDuke, and this can let them gather passwords and other sensitive information, remotely execute commands, or intercept confidential communications. Just because threats like CozyDuke target organizations rather than individual citizens doesn’t mean that they don’t put regular people at risk. Government organizations, for example, handle large amounts of data about regular people. Attackers can use CozyDuke and other types of malware to steal data from these organizations, and then use what they learn about people for future attacks, or even sell it to cyber criminals. The white paper, penned by F-Secure Threat Intelligence Analyst Artturi Lehtiö, is free and available for download from F-Secure’s website.  [ Image by Andrew Becraft | Flickr ]

May 4, 2015
BY