You’ve heard it all before.
If you’re on the Internet, you’re probably being monitored. If you’re using a free service, you’re giving up some of your privacy as a payment. If you post something online, you have to assume that it could easily be shared with anyone with an Internet connection.
But that doesn’t mean you have to give up your privacy when you turn on your PC or phone. Here are 5 basic resolutions that will help you make sure that prying eyes can’t get easy access to your data online.
1. I will have a strong, unique password for every account that contains private information.
If you’re super concerned about protecting your privacy, you’ll use unique, unguessable passwords for all your accounts and update them 3-4 times a year. For your most important accounts, this is essential. But for your webmail, banking and Facebook accounts, if you have them, good password hygiene is a must. Here’s a system to create strong passwords you’ll remember.
2. I will go “Friends only” on Facebook.
Sharing your digital life with your friends only won’t guarantee your privacy — ask Randi Zuckerberg. But it will help limit your potential leakage from private to public. Facebook isn’t completely private, of course, ever. But if you want to share everything, Twitter or a blog are probably better options.
3. If I use Gmail, I will turn on two-factor authentication.
If you use your Gmail for business, the extra-layer of security of two-factor authentication is essential. Just make sure that your phone also has some sort of anti-theft or Find My iPhone app installed in case a thief gets ahold of your device. You may also want to clear your Google history, if you’re not interested in that existing.
4. I will log out of any account I’m not using and lock my PC and phone when it’s not in use.
This is just good common sense that I personally ignore on a regular basis. Not in 2013! It reduces how you’ll be tracked, it makes it less likely your own accounts will be used against you.
5. I will keep my software updated.
Our smartphones and PCs are actually quite secure if we keep them patched and protected with update system and security software. This, as you know, can be time consuming, so I’ll update as they come up and for my PC, I’ll use F-Secure’s free Health Check.
[Photo by Triple Tri]
This year’s Mobile World Congress (MWC) is coming up next week. The annual Barcelona-based tech expo features the latest news in mobile technologies. One of the biggest issues of the past year has enticed our own digital freedom fighter Mikko Hypponen to participate in the event. Hypponen, a well-known advocate of digital freedom, has been defending the Internet and its users from digital threats for almost 25 years. He’s appearing at this year’s MWC on Monday, March 2 for a conference session called “Ensuring User-Centred Privacy in a Connected World”. The panel will discuss and debate different ways to ensure privacy doesn’t become a thing of the past. While Hypponen sees today’s technologies as having immeasurable benefits for us all, he’s become an outspoken critic of what he sees as what’s “going wrong in the online world”. He’s spoken prominently about a range of these issues in the past year, and been interviewed on topics as diverse as new malware and cybersecurity threats, mass surveillance and digital privacy, and the potential abuses of emerging technologies (such as the Internet of Things). The session will feature Hypponen and five other panelists. But, since the event is open to public discussion on Twitter under the #MWC15PRIV hashtag, you can contribute to the conversation. Here’s three talking points to help you get started: Security in a mobile world A recent story broken by The Intercept describes how the American and British governments hacked Gemalto, the largest SIM card manufacturer in the world. In doing so, they obtained the encryption keys that secure mobile phone calls across the globe. You can read a recent blog post about it here if you’re interested in more information about how this event might shape the discussion. Keeping safe online It recently came to light that an adware program called “Superfish” contains a security flaw that allows hackers to impersonate shopping, banking, or other websites. These “man-in-the-middle” attacks can be quite serious and trick people into sharing personal data with criminals. The incident highlights the importance of making sure people can trust their devices. And the fact that Superfish comes pre-installed on notebooks from the world’s largest PC manufacturer makes it worth discussing sooner rather than later. Privacy and the Internet of Things Samsung recently warned people to be aware when discussing personal information in front of their Smart TVs. You can get the details from this blog post, but basically the Smart TVs voice activation technology can apparently listen to what people are saying and even share the information with third parties. As more devices become “smart”, will we have to become smarter about what we say and do around them? The session is scheduled to run from 16:00 – 17:30 (CET), so don’t miss this chance to join the fight for digital freedom at the MWC. [Image by Hubert Burda Media | Flickr]
Our history is full of doomsday prophecies. Statistics show that they are wrong to about 100%, and that seems to be accurate as we still are here. :) Vint Cerf is not that pessimistic when predicting a digital dark age. His doomsday only affects our data, but that’s scary too. So what is this all about and how does it affect us ordinary mortals? Mr. Cerf is reminding us about one of the fundamental challenges in electronic data processing. The technology is still very young and sometimes unreliable. A special problem is the longevity of storage media. A traditional photographic print can last several hundreds of years and the oldest preserved writings are thousands of years old, but electronic data media longevity is measured in tens of years. And on top of that comes the rapid technology development that can make media incompatible before it breaks. Digital storage may become a black hole, you put things there but get nothing out. This could lead to a dark era from which we have almost no digital memories, according to him. But how realistic is this horror scenario? Let’s fill in some points that Mr. Cerf left out. The digital technology actually enables infinite life for our data, if used right. The old photograph starts to slowly degrade from day one and no copy of it is perfect. Digital info can be copied to a new media an infinite number of times without degrading quality. Any digital media has a limited lifetime. But the rapid technology development will silently solve this problem for most people. The computer becomes too old and slow before the magnetism starts to fade on the hard disk, and everything is copied to a fresh new computer. (* The need to regularly copy data to fresh media will also solve the compatibility problems. You will normally never need to access media that is more than some 5 – 10 years old. And media that young is still compatible. The floppy disks that usually are shown to illustrate incompatible media are over 25 years old. (* But what about the file formats? It will be easy to implement support for our current file formats in tomorrow’s computer systems. That will be done if there is a need for it. So don’t worry if you are using the common standard file formats like JPG-images, MS Word or PDF-documents. They will no doubt be supported for a long time. But this may be an issue if you are using some exotic and less common format. We are entering the era of cloud storage. Our data is transferred to professionally managed data centers that take care of both backup and periodical media renewal on our behalf. Sure, they can fail too. But they are in generic a lot more reliable than our own homebrewed backup procedures. The use of cloud storage introduces a new threat. How long will the cloud company be around? A good thing to think about before selecting where to store the data. Another big threat against our data is our own attitude. Handling digital data is very easy, including deleting it. We need to understand the value of our data to make sure it is preserved. Last but not least. A very big threat against all data, analog or digital, is inability to find it. My piles of old slide photo boxes are of little use as they only have some labels with year and place. Looking for a particular shot is a nightmare. But my digital collection can easily be searched for place, time, equipment, technical data, keywords, etc. The pre-digital era was really the dark age seen from this perspective! So to wrap up. Yes, the digital revolution brings new challenges that we need to be aware of. But luckily also good tools to deal with them. Digital storage will no doubt lead to personal data loss for many persons. Disks crash every day and data is lost. So there is a true risk that digital storage leads to a personal dark age for you, unless you handle your data right. But there’s absolutely no need to talk about a digital dark age in a broader sense. Historians will easily get enough information about our society. It doesn’t matter if some of us have lost our files, there’s still plenty to work on. Actually, data overload will be a more likely problem for them. Good news. The sky is not falling after all! Safe surfing, Micke (* This is assuming that you keep your files on the computer. These problems will become real if you archive files on external media, store it away for later use and remember them some 20 years later.
We have repeatedly countered the arguments that people don’t have anything to hide, and can comfortable ignore the privacy threats on the Internet. That’s a very unwise attitude and here’s some more examples why. We have also talked a lot about on-line scams and how to avoid them. A key challenge for any scammer is to be trustworthy in the eyes of the victim. And this is where your data enters the picture. I have written a story about how a scammer can be more convincing if he knows your travel plans. Let’s cover a more business-oriented case this time. A controller at a firm in Omaha, Nebraska received mails from the CEO asking him to make a series of money transfers to China, and he transferred a total of $17.2 millions. Yes, you guessed it. The sender was not the CEO and a scammer made a nice profit. The obvious lesson we learn in both these cases is naturally that mail isn’t trustworthy. Mail itself does not provide any kind of sender authentication. The sender address is easily faked. Authentication of the other part must rely on the mail contents, a cryptographic signature or information that only the perceived sender can know. And this leads us to the less obvious lesson we can learn here. It looks like the Ohama-scammer had information about the victim. He knew who can handle money transfers. He also knew that the CEO had some business in China, which made the transfers sound legit. He probably also knew that this person doesn’t meet the CEO face to face daily as that would have ruined the scam. Part of this info is publicly available, like the name of the CEO. We don’t know how he got hold of the rest, but it is obvious that it helped the scammer. So here we have an excellent example of how criminals can utilize tiny grains of info to scam huge piles of money. But what should this Ohama-company have done differently? The controller should have called the CEO to verify the transactions. The company should analyze what info the scammer had, and go through their security policies. And that is pretty much what private persons should do too. Learn to think critically when someone approaches you by mail and verify the sender if in doubt. Also guard all your data to make this kind of targeted attack as hard as possible. This company responded by firing the controller. That's not an option for you if you fall for a scam and let go of your own money. Safe surfing, Micke PS. Was it right to fire the controller? Hard to say. Part of the responsibility naturally lies on the one who was gullible enough to trust an e-mail. But it also depends on if the company had proper rules in place for validating transfer requests. Did he break any concrete rules when sending the money? If he didn't, then the company is responsible too. Photo by Images Money