We talk a lot about privacy on the net nowadays. Some claim that privacy is dead, and you just have to cope with it. Some are slightly less pessimistic. But all agree that our new cyber-society will redefine and reduce what we once knew as personal privacy.
The privacy threat is not monolithic. There are actually many different kinds of privacy threats and they are sometimes mixed up. So let’s set this straight and have a look at the three major classes of privacy.
This is about controlling what data you share with your family, spouse, friends, colleagues etc. Tools for doing this are passwords on web accounts, computers and mobile devices, as well as your privacy settings in Facebook and other social media.
This is the fundamental level of privacy that most of us are aware of already. When this kind of privacy is discussed, it is usually about Facebook privacy settings and how to protect your on-line accounts against hackers. Yes, protection against hacking is actually a sort of privacy issue too.
Who knows most about your life? You, your spouse or Facebook? Chances are that the service providers you use have the most comprehensive profile on you. At least if we only count data that is stored in an organized and searchable way. This profile may be a lot wider than what you have shared yourself. Google knows what you Google for and your surfing habits are tracked and blended into the profile. The big data companies also try to include as much as possible of your non-digital life. Credit card data, for example, is low-hanging fruit that tells a lot about us.
But what exactly are they doing with that data? It’s said that if you aren’t paying for the product, then you ARE the product. The multitude of free services on the net is made possible by business models that utilize the huge database. Marketing on the service provider’s own page is the first step. Then they sell data to other marketing companies or run embedded marketing. And it gets scary when they start to sell data to other companies too. Like someone who consider employing you or who need to figure out if you’re a high-risk insurance customer.
The main problem with provider privacy is that there aren’t any simple tools to guard you. The service provider can use data in their systems freely no matter what kind of password you use to keep outsiders out. The only way to master this is to control what data they get on you, and your own behavior is what matters here. But it is hard to live a normal cyber-life and fight the big-data companies. I have posted some advice about Facebook and plan to come back to other aspects of the issue in later posts.
The security and privacy of Internet is to a large extent enforced by legislation and trust, not by technical methods like encryption. But don’t expect the law to protect you if you do a crime. Authorities can break your privacy if there is a justified need for it. This can be a good compromise that guards both our privacy and security, as long as the authorities are trustworthy.
But what happens if they aren’t? Transparency and control are after all things that make the work harder for authorities, so they don’t like it. And a big threat, like terrorism for example, can easily be misused to expand their powers far beyond what’s reasonable. Authority privacy really becomes an issue when the working mode changes from requesting data on selected targets to siphoning up a broad stream of data and storing it for future use. There has been plenty of revelations recently showing that this is exactly what has happened in the US.
There can be many problems because of this. It is, first of all, apparent that data collected by US is misused. The European Union and United Nations are probably not very dangerous terrorist organizations, but still they rank high on the target list. Data collected by authorities is also supposed to be guarded well and used for our own good only. But keep in mind that a single person, Edward Snowden, could walk out with gigabytes of top secret data. He did the right thing and spoke out when his own ethics couldn’t take it anymore, and that’s why we know about him. But how many secret Snowdens have there been before him? More selfish persons who have exchanged data for a luxury life in some other country without going public. Maybe your data? Are you sure China, Russia or Iran don’t have some of the data that the US authorities have collected about you?
And let’s finally play a little game to remind us about how volatile the world is. Imagine that today’s Internet and computer technology was available in 1920. The Weimar republic, also known as Germany, was blooming in the golden twenties. But Europe was not too steady. The authorities had Word War I in fresh memory and wanted to protect the citizens against external threats. They set up a petabyte-datacenter and stored all mails, Facebook updates, cloud files etc. This was widely accepted as some criminal cases had been solved using the data, and the police was proud to present the cases in media. The twenties passed and the thirties brought depression and new rulers. The datacenter proved to be very useful once again, as it was possible to track everybody who had been in contact with Jews and communists. It also brought a benefit in the war to come because many significant services were located in Germany and foreign companies and state persons had been careless enough to use them. The world map might look different today if this imaginary scenario really had happened.
No, something like that could never happen today, you might be thinking. Well, I can’t predict the future but I bet a lot of people were saying the same in the twenties. So never take the current situation for granted. The world will change, often to the better but sometimes to the worse.
So lack of authority privacy is not something that will hurt you right away in your daily life. Your spouse or friends will not learn embarrassing details about you this way, and it will not drown you in spam. But the long term effect of the stored data is hard to predict and there are plenty of plausible harmful scenarios. This really means that proper privacy legislation and trustworthy authorities is of paramount importance for the Internet. A primary set of personal data is of course needed by the authorities to run society’s daily business. But data exceeding that should only be collected based on a justified suspicion, and not be kept any longer than needed. There need to be transparency and control of this handling to ensure it follows regulations, and to keep up peoples’ trust in the authorities.
So what can I do while waiting for the world to get its act together on authority privacy? Not much, I’m afraid. You could stop using a computer but that’s not convenient. Starting to use encryption extensively is another path, but that’s almost as inconvenient. Technology is not the optimal solution because this isn’t a technical problem. It’s a political problem. Political problems are supposed to be solved in the voting booth. It also helps to support organizations like EFF.
The user register of AshleyMadison has been hacked. You don’t know what that is? Well, that’s perfectly fine. It’s a dating site for people who want to cheat on their spouses. Many dislike this site for moral reasons, but there is apparently a demand for it. The Canadian site has some 37 million users globally! Some user data has already been leaked out and the hackers, calling themselves Impact Team, have announced that they will leak the rest unless the site shuts down. So this hack could contribute to many, many divorces and a lot of personal problems! "We will release all customer records, profiles with all the customers' sexual fantasies, nude pictures and conversations and matching credit card transactions, real names and addresses." The Impact Team This is one hack in a long row, not the first and certainly not the last site hack where user data is leaked. But it is still remarkable because of the site’s sensitive nature. Think about it. What kind of information do you store in web portals and what bad could happen if that data leaks out? If you are cheating on your spouse, then that is probably one the most precious secrets you have. Disclosure of it could have devastating effects on your marriage, and maybe on your whole life. Millions of users have put their faith in AshleyMadison’s hands and trusted them with this precious secret. AshleyMadison didn’t misuse the data deliberately, but they failed to protect it properly. So it’s not that far-fetched to say that they cheated on the cheaters. What makes the AshleyMadison hack even worse is the site’s commercial nature. Users typically pay with a credit card issued in their own name. They can appear anonymously to their peers, but their true identities are known to the site owner, and stored in the database. So any leaked information can be linked reliably to real people. The sad thing is that the possibility of a leak probably never even crossed the mind of these 37 million users. And this is really the moral of the story. Always think twice before storing sensitive information in a data system. You must trust the operator of the system to not misuse your data, but also to have the skills, motivation and resources to protect it properly. And you have very poor abilities to really verify how trustworthy a site is. This is not easy! Refraining from using a site is naturally the ultimate protection. But we can’t stop using the net altogether. We must take some risks, but let’s at least think about it and reflect over what a compromised site could mean. This hack is really interesting in another way too. AshleyMadison is a highly controversial site as cheating is in conflict with our society’s traditional moral norms. The hack is no doubt a criminal act, but some people still applaud it. They think the cheaters just got what they deserved. What do you think? Is it right when someone takes the law in his own hands to fight immorality? Or should the law be strictly obeyed even in cases like this? Can this illegal hacking be justified with moral and ethical arguments? [polldaddy poll=8989656] Micke Image: Screenshot from www.ashleymadison.com
There wouldn't be billions people online every moment of every day if everyone was getting scammed all the time. Online security is, in many ways, better than ever, as are the sites designed to attract our attention. But exploits and the crooks that want to exploit us still exist, enjoying advanced malware-as-service models proven to steal our data, time and money. And with the awesome number of people online, scams only need to work a tiny percentage of the time to make the bad guys rich. We're sure you're savvy enough to avoid most trouble. But for everyone else you know, here are 5 common scams to look out for. 1. Ransomware. This scam, which F-Secure Labs has been tracking for over 5 years, prospers because it offers incredible returns -- to the scammer. "It estimated it would cost $5,900 (£3,860) to buy a ransomware kit that could return up to $90,000 in one month of operation," the BBC reports. It works like this. You suddenly get a message saying that your files are being held and you need to pay a ransom to release them. Sometimes the scam pretends to be from a police organization to make them extra scary: Anonymous cyber-currencies like bitcoin have made the scam even more appealing. "That's what really enabled the ransomware problem to explode," our Mikko Hypponen said. "Once the criminals were able to collect their ransom without getting caught, nothing was stopping them." They really do take your files and they generally will give them back. Ironically, their reputation matters since people will stop paying if they hear it won't work. Mikko recommends four ways to defend yourself from this -- and almost every scam: Always backup your important files. Ensure software is up-to-date. Be suspicious of message attachments and links in email. Always run updated comprehensive security software. He adds, "Don't pay money to these clowns unless you absolutely have to." 2. Technical support scams. "In a recent twist, scam artists are using the phone to try to break into your computer," reports the U.S. Federal Trade Commission. "They call, claiming to be computer techs associated with well-known companies like Microsoft. They say that they’ve detected viruses or other malware on your computer to trick you into giving them remote access or paying for software you don’t need." Never give anyone who calls you unsolicited your private information or access to your computer. As a matter a fact, don't do that even if the call is solicited. If you feel the call may actually important, ask who they are calling from and then contact the organization directly. For more tips visit the FTC site. 3. Facebook freebies. Free iPad! Free vacation! Free gift card! If it's free, it's on Facebook and it comes from someone you do not know or trust directly, assume it's a scam. At best it's a waste of your time, at worst it could end up costing you money. Unfortunately, there are only two things you can do to avoid these scams. Don't follow people who share crap like this on Facebook and don't click on things that seem too good to be true. "There is no way a company can afford to give every Facebook user a $25.00, $50.00 or $100.00 gift card," Facecrooks, a site that monitors these scams, reminds you. "A little common sense here tells you that something is way off base." So be suspicious of everything on Facebook. Even friends asking for money. 4. Loan scams. Scammers are smart. They know that the more a person is in financial need, the more desperate she or he becomes. For this reason, loans of various kinds -- especially mortgages that are in foreclosure -- are often lures for a scam. Once they have your attention, they may use a variety of tactics to dupe you, the FTC explains. They may demand a fee to renegotiate your loans for lower payments or to do an "audit" of what you're paying. It may even go far enough that they'll ask you directly or trick you into signing over your house to ease the pressure from your creditors. There are many warning signs to look out for. Keep in mind that if you're ever in doubt, the best step is to back off and seek advice. You can also tell the person you're going to get a second opinion on this from a lawyer. If the person you're dealing with insists that you not or freaks out in any other way, it's a good sign you're being taken. 5. Money mule scams. These scams are a variation on the 419 scams where a foreign prince asks you to hold money for him. All you have to do is wire him some first. But in this case you may actually get the money and be used as a tool of organized crime. A money mule illegally transfers money for someone in exchange for some of the take. Many law-abiding people get drawn into this crime while searching for jobs or romance, which is why your should stick to legitimate sites if you're seeking either of those things. Greed and the lure lottery winnings and inheritances is also used as a lure for potential victims. Trust is the most important thing on the internet. Anyone who trusts you too quickly with offers of money or love is probably scamming you. Cheers, Sandra [Image by epSos .de | Flickr]
My wife had to remind me to look up from my smartphone. We were traveling on the one-lane coastal road that connects Sorrento with Italy's Amalfi coast. I looked down and saw the Li Galli islands, which according to local legend are where the sirens beckoned the hero of Homer's Odyssey into the rocks. In Naples, my iPhone had been my tour guide, allowing me to get pizza recommendations from my friend and then scout out when was the best time to eat, according to the reviews. It had brought us to the Museo Cappella Sansevero to see Veiled Christ and helped us chose a gelateria from the hundreds of options. And now I was plotting our visit to the beachfront town of Positano. If you're addicted to your mobile device or checking in online, you know it can improve or ruin your vacation. And missing a great view could be the least of your worries. You should look up from your phone occasionally, but you can stay connected and safe with a few precautions. 1. Lock your devices. You wouldn't leave post-it note with your PIN on your ATM card. So don't invite strangers into your phone to turn off your anti-theft app and start digging through your digital life. Use an unguessable passcode on all your devices and set your devices to lock. 2. Don't bank or shop on a public computer. Strange computers can have strange keyloggers or some other malware that could slurp up your information. (If you have to use a public computer to get on Facebook, for instance, use a one-time password.) 3. Clean up your phone. You hear lots of news reports about how gross and covered with bacteria our phones are. But the inside suffers from the same buildup of crap. "Phones and computers always store information about what you do. Internet browsers store a history," Security Advisor Sean Sullivan told us. "Apps create temporary files where they store stuff to help them run faster. A lot of apps and websites have passwords and contact information about you stored." Our free Booster app makes cleaning your device easy. 4. Assume you're being watched. What do using a ATM and logging into your MacBook Pro both say to crooks? I have money that you could take. While you're sightseeing, you become the sight criminals are seeing. You use a money belt to hold your passports, cash and credit cards -- or you should. So use the same caution whenever looking at a screen. 5. Practice safe Wi-Fi and use a VPN. If you're using someone else's Wi-Fi -- whether you're at a motel, coffee shop or a rental you booked through AirBnB -- it's someone else's Wi-Fi. Even five-star hotel network isn't 100 percent safe. So don't expect others to watch out for you. "You often have to choose between using free Wi-Fi hotspots or paying roaming charges to use your mobile connection," Sullivan said. "Using a VPN like Freedome gives you a secure funnel that lets you use public Wi-Fi connections without assuming the risks." 6. Before you go, store your important passwords and PIN codes in a safe location. Have you ever struggled with forgotten passwords or PIN codes after a relaxing summer break? Why not being a bit smarter this year, so store your passwords in a password manager, and they are there waiting for you when you come back. You can download F-Secure KEY for free for your iPhone, iPad or Android phone here. Cheers, Jason [Photo by Giuseppe Milo | Flickr]