March 28th, 2012 by Hide My IP
The Federal Trade Commission (FTC), the arm of the government responsible for creating and enforcing national privacy policy, has published a report about how American businesses should protect the privacy of consumers and recommends the ways companies should give consumers greater control over the data that is collected about them. As part of the report, called “Protecting Consumer Privacy in an Era of Rapid Change: Recommendations For Businesses and Policymakers,” the FTC also calls for Congress to consider creating general privacy legislation, data security and breach notification legislation, and data broker legislation.
The report calls on American businesses to use best practices when it comes to privacy, specifically it calls for :
- Privacy by Design - companies should build in consumers’ privacy protections at every stage in developing their products. These include reasonable security for consumer data, limited collection and retention of such data, and reasonable procedures to promote data accuracy;
- Simplified Choice for Businesses and Consumers - companies should give consumers the option to decide what information is shared about them, and with whom. This should include a Do-Not-Track mechanism that would provide a simple, easy way for consumers to control the tracking of their online activities.
- Greater Transparency - companies should disclose details about their collection and use of consumers’ information, and provide consumers access to the data collected about them.
In an attempt to not burden small businesses, the report concludes that these recommendations should not apply to companies that collect non-sensitive data from less than 5,000 consumers a year.
“If companies adopt our final recommendations for best practices – and many of them already have – they will be able to innovate and deliver creative new services that consumers can enjoy without sacrificing their privacy,” said Jon Leibowitz, Chairman of the FTC. “We are confident that consumers will have an easy to use and effective Do Not Track option by the end of the year because companies are moving forward expeditiously to make it happen and because lawmakers will want to enact legislation if they don’t.”
Data Brokers
The report takes a swipe at data brokers – who exist solely to buy, collate, and sell highly personal information about consumers, often without consumer consent or their knowledge about how this data is being used. The FTC reminds data brokers that existing legislation already gives consumers the right to access information held about them by data brokers. But it also recommends that data brokers make their operations more transparent and create a centralized website where consumers can get information about their practices and their options for controlling data use.
Concerns over data brokers rose last year after an investigation by The Associated Press which found that many such brokers frequently store incorrect or outdated information, including criminal records. The investigation found that some people were denied jobs because a data broker had incorrectly reported them as a convicted felon. Last year the data broker HireRight Solutions Inc. was forced to settle a class-action lawsuit for $28.4 million after widespread complaints about inaccurate records led to legal action against the company.
Do-Not-Track
The work done by the major browsers (like Firefox and Chrome) to develop do-not-track technology has been commended by the FTC. With DNT users have a choice about whether to be tracked by third parties as they move across the web. The World Wide Web Consortium, the group which defines the various technology standards for the Internet, are currently developing a universal web protocol for Do Not Track. “The Commission will work with these groups to complete implementation of an easy-to-use, persistent, and effective Do Not Track system,” the report says.
March 22nd, 2012 by Hide My IP
‘Everyone has a price’ is the old saying and it is certainly true today where privacy is concerned. In a world where personal data is traded like any other commodity, the European Network and Information Security Agency (ENISA) – a centre of network and information security expertise for the EU – has published a study about consumer behavior in relation to the disclosure of personal information during a purchase or transaction.
In a set of controlled experiments, Dr Nicola Jentzsch and his team discovered that people have a natural built-in mechanism to protect their privacy but only if it doesn’t cost them anything. Under the experiments the participants simulated buying tickets for a movie from one of two sellers. One of the sellers asked for more personal data (e.g. their cell phone number) than the other. If the price was the same at both sellers, the majority of purchases were made with the privacy-friendly service (about 83% of all tickets sold). But, if there was a price difference (where the vendor asking for more information was cheaper) most of the participants (more than two-thirds) happily revealed the information to get the tickets cheaper.
Another interesting aspect of the study is that of those who opted to go with the privacy-unfriendly service, some participants tried to cheat the system by supplying false information (like giving their name as Donald Duck) in an attempt to get the discount. To offset this tendency the researchers used a lie detector to ensure only truthful information was given! After buying the tickets the participants were asked if they had concerns about whether the ticket seller would protect their information. A majority of users expressed concerns with only about 0.7% of participants saying that they are ‘not interested at all’ if organizations that collect personal data also protect this information.
What is startling about this study is the price difference. Were the tickets, which asked for the mobile phone number, half price? At a 33% discount? No, the difference in the price was just $0.65. Just over half a dollar, that is what private information is worth!
The report make several recommendations, one of which is “Personal data protection and privacy is a human right. The European Commission, EU Member States and data protection authorities should enforce a clear and consistent legal data protection framework.” This should also be true in the USA.
It seems that asking for more personal information than is necessary is becoming a “normal” part of online life. According to the ENISA report “43% of Internet users say they have been asked for more data than necessary when trying to obtain access to or use an online service.” It is essential that online users avoid (as much as is possible) services that request unnecessary amounts of data. Once you have handed over private information there is no way to get it back. Worse still, it seems as if greedy workers are willing to break confidentiality rules (and privacy policies) to make some extra money on the side. An investigation by the UK’s Sunday Times has found “corrupt Indian call center workers” sold confidential personal data of more than 500,000 customers to cyber criminals and marketing firms.”
Use your common sense. Don’t reveal what isn’t necessary. Use privacy friendly services, even if they cost $0.50 more!
March 15th, 2012 by Hide My IP
In the fight for online freedom and the right to privacy there are three main ways in which action can be taken. The first is for each individual to protect their online identity by using the right privacy software and applying common sense to their online activities. The second is to protest (like the Internet Blackout Day in January) and the third is to use the law. It is this third option which is being used this week by a group of 13 individuals in Texas, who have filed a class action, and by two congressmen who have sent Apple a letter asking Timothy Cook, Apple’s chief executive, to make representatives available to brief an Energy and Commerce subcommittee.
The class action is being brought against 18 tech companies including Facebook, Twitter, Foursquare, Yelp and the makers of the popular game Angry Birds for stealing contacts from Android and iOS powered smart phones without the owner’s permission or knowledge. The lawsuit is in response to a story which broke in February when a blogger noticed that the social networking service Path uploaded a phones entire address book to its servers. This resulted in Path issuing an apology, deleting its entire collection of user uploaded contact information from its servers and issuing a new version of its app. But it soon turned out that other social networking apps did exactly the same thing and hence the lawsuit.
The plaintiff’s complaint is that the contacts in a mobile phone, which includes physical and e-mail addresses, job titles and birthdays as well as phone numbers, are some of the most personal data that owners carry on their wireless mobile devices. And they claim that the defendants have made, distributed and sold apps that, once installed on a wireless mobile device, surreptitiously harvest, upload and illegally steal the owner’s address book data without the owner’s knowledge or consent.
The complaint then goes on to quote from the New York times: “The address book in smartphones — where some of the user’s most personal data is carried— is free for app developers to take at will, often without the phone owner’s knowledge. . . Companies that make many of the most popular smartphone apps for Apple and Android devices — Twitter, Foursquare and Instagram among them — routinely gather the information in personal address books on the phone and in some cases store it on their own computers… While Apple says it prohibits and rejects any app that collects or transmits users’ personal data without their permission, that has not stopped some of the most popular applications for the iPhone, iPad and iPod — like Yelp, Gowalla, Hipsterand Foodspotting — from taking users’ contacts and transmitting it without their knowledge.”
“We’re making some fairly serious allegations against the big boys,” the plaintiffs’ attorney, Jeff Edwards, told the Austin American-Statesman. “We’re saying, ‘Hey, you took something that didn’t belong to you, and you’re making a profit off it.’”
Congress it seems is also interested in how apps can get hold of a user’s data. This week Representative Henry A. Waxman, a California Democrat, and Representative G.K. Butterfield, Democrat of North Carolina, sent a letter to Apple’s CEO Timothy Cook asking for further clarification on how applications for the iPhone, iPad and iPod Touch are allowed to access photos without a user’s knowledge. In fact this is the second letter the pair have sent to Apple. Having received Apple’s reply to their first letter, Waxman and Butterfield wrote back to Apple saying that Apple’s reply did “not answer a number of the questions raised about the company’s efforts to protect the privacy and security of its mobile device users.”
Rather than asking for another reply from Apple, this time the two ranking members of the Subcommittee on Commerce, Manufacturing, and Trade are asking Apple to make available representatives to brief staff on the committee.
March 11th, 2012 by Hide My IP
For many, Twitter is a casual, harmless way to publish their musings, moments and mutterings to friends and loved ones. A quick tweet that your cat just had kittens or that your baby just said “Mama” is received with oohs and aahs from grandma. But, Twitter is also a serious Internet phenomena with celebrities and politicians garnering thousands even millions of followers who hang on every word they write. Lady Gaga has now over twenty million (that’s 20,000,000) followers, Barack Obama over twelve million, CNN’s breaking news service over six million and so on. With thousands of tweets being published every minute this huge amount of data is rich for the pickings, especially for marketers.
Until recently only the last 30 days of tweets were available for companies to search and normal users could only search messages from the past seven days. But now Twitter has partnered with a company called Datasift to create a huge, searchable Twitter archive. The new archive will be used by market research companies to search and analyse Twitter updates since January 2010.
The new service, which absorbs and processes 250 million tweets every day, has already attracted lots of customers for Datasift who say that it has almost 1,000 companies who are waiting to access the service.
Datasift are very proud of their new service and are talking about their achievements to overcome the massive technological challenge to processes so much data. But privacy advocates are more concerned with the implications of what Datasift are doing. “People have historically used Twitter to communicate with friends and networks in the belief that their tweets will quickly disappear into the ether,” argued Gus Hosein, executive director of Privacy International in an interview with the BBC. “The fact that two years’ worth of tweets can now be mined for information and the resulting ‘insights’ sold to businesses is a radical shift in the wrong direction.“ The Electronic Frontier Foundation, an online rights and privacy group, have described the service as “creepy”.
Creepy is the right word… Imagine a friend who records all your conversations and, after two years, sends you an MP3 of a conversation you have while walking in the park. Creepy indeed! Tweets are no longer innocent status messages that soon fade into the ether, soon forgotten and hard to archive. No. Now Tweets are stored, analysed and processed to build up marketing information. Worse still, if you have set your account to add location data to your tweets, this information is also processed and analysed. Fortunately it is fairly easy to switch off the storing of location data with your tweets and Twitter also has the ability to delete location information from old tweets. However Twitters location data support page carries the ominous warning: “It is important to note that deleting location data in your settings does not guarantee the information will be removed from all copies of the data on third-party applications or in external search results.”
One little glimmer of good news is that “private” Twitter accounts (which are not public and only allows followers to see tweets” or tweets that have been deleted are not included in this searchable archive. As with all social networking sites, whether it is Twitter, Facebook or LinkedIn – if you aren’t happy with what you write being completely public then don’t post it.
March 2nd, 2012 by Hide My IP
It has been an interesting week with regards to privacy with Google switching to its new privacy policy and an EU Justice Commissioner announcing that Google is violating European law by doing so. Under the new policy Google will be collecting, collating and analyzing the online activities of every Google user across all of its services including search, Gmail, Google+, your phone (via Android) and YouTube. This data will be used to construct a profile of each user which Google will then use to target users with adverts and offers. Although this doesn’t sound that ominous at first – as really if I need to see ads then I would rather they would be about things that might interest me – the full scale of Google’s privacy invasion hasn’t yet been realized. Will these profiles record our health situation, our political opinions, our religious affiliations and our financial concerns?
While the “big boys” battle over policy, law and self regulation, there are some practical things that each and every Internet user can do to limit how much information they share with companies like Google.
The first place to start is with your IP address. This is an address assigned to your computer while it is connected to the Internet. It is similar to a phone number or postal code, but for computers. Each and every time you access the Internet this IP address is recorded. Worse than that, your IP address reveals where you are in the world and who is your ISP. It is time to become anonymous, to slip into the shadows. The easiest way to do this is to use the Hide My IP software. With it you can hide your online identity, surf anonymously and encrypt your Internet connection. If you need anonymity for more than just web browsing you should use a fully fledged Virtual Private Network (VPN) like FoxyVPN. Once using a VPN not even your ISP can tell what you are doing on the net.
Once you have the right software on your computer, it is worth visiting Google’s Privacy Tools page. Here you find out what Google knows about you and you can change your privacy settings for services such as Blogger, Calendar, Docs, Gmail, and Picasa. The Google Dashboard (part of the privacy tools) also has a “Me on the Web” section that can help you understand and manage what people see when they search for you on Google.
It is also worth using the ”private browsing” feature of your web browser. Known as InPrivate Browsing in Microsoft’s Internet Explorer, Incognito in Google’s Chrome, and Private Browsing in Firefox and Apple’s Safari, using it will increase security and help protect your privacy online. Using it for sites like Gmail, Facebook etc will make it harder for other sites to track you.
Of course the best way to limit what third parties know about you is to avoid sharing the information in the first place. At a time when incidents of identity theft is rising, avoid giving too much away. On social networking sites it is best to not to provide unnecessary detail, and use the privacy controls to limit others access to your data. Never post pictures which you might regret others seeing (even in five years from now) and never divulge your holiday plans or other private information online. The hard reality is that avoiding social networking sites all together will increase your privacy.
February 24th, 2012 by Hide My IP
The Obama administration has released details of a consumer-privacy strategy to help protect users online. Dubbed the “Consumer Privacy Bill of Rights”, it is being positioned as a blueprint for privacy in the information age. Key elements include clear guidance on what consumers should expect from those who handle their personal information, and a set of expectations for companies that process and use that personal data.
“Never has privacy been more important than today, in the age of the Internet, the World Wide Web and smart phones,” Pres. Barack Obama wrote in a cover letter for the report. “In just the last decade, the Internet has enabled a renewal of direct political engagement by citizens around the globe and an explosion of commerce and innovation creating jobs of the future. Much of this innovation is enabled by novel uses of personal information. So, it is incumbent on us to do what we have done throughout history: apply our timeless privacy values to the new technologies and circumstances of our times.”
In specific terms the proposals calls for:
Individual Control
Consumers have a right to exercise control over what personal data companies collect from them and how they use it.
Transparency
Consumers have a right to easily understandable and accessible information about privacy and security practices.
Respect for Context
Consumers have a right to expect that companies will collect, use, and disclose personal data in ways that are consistent with the context in which consumers provide the data.
Security
Consumers have a right to secure and responsible handling of personal data.
Access and Accuracy
Consumers have a right to access and correct personal data in usable formats, in a manner that is appropriate to the sensitivity of the data and the risk of adverse consequences to consumers if the data is inaccurate.
Focused Collection
Consumers have a right to reasonable limits on the personal data that companies collect and retain.
Accountability
Consumers have a right to have personal data handled by companies with appropriate measures in place to assure they adhere to the Consumer Privacy Bill of Rights.
Probably the most powerful of the provisions is the right of Individual Control. The report says that companies should provide consumers appropriate control over the personal data that consumers share with others and over how companies collect, use, or disclose personal data. With the recent scandals about how much data companies like Facebook and Google collect about their users, the ability to be able to opt-out or at least exercise some form of control is long over due. In talking about individual control the report says that “companies should enable these choices by providing consumers with easily used and accessible mechanisms that reflect the scale, scope, and sensitivity of the personal data that they collect.” Additionally, the report says, “companies should offer consumers clear and simple choices, presented at times and in ways that enable consumers to make meaningful decisions about personal data collection.” With regards to opt-outs, something sorely missing from Google’s recent privacy policy changes, companies should offer consumers means to withdraw or limit consent that are as accessible and easily used as the methods for granting consent in the first place.
It isn’t clear if this privacy bill of rights will ever make its way into law. The report repeatedly uses phrases like “encourage stakeholders”, “codes of conduct” and “discretion in how [to] implement them.” However there is hope as the text does mention working “with Congress to enact these rights through legislation,” while Obama wrote “my Administration will work to advance these principles and work with Congress to put them into law.” The report does also recognize the need for FTC enforcement to ensure that responsible companies are not disadvantaged by competitors who play by different rules.
February 17th, 2012 by Hide My IP
In another blunder by a top social networking site, Twitter has confirmed that its iPhone app copies the entire address book from a users’ smartphone and stores the data on its servers, for up to 18 months, without the users’ permission. As with many privacy breaches, the “need” to take private, confidential data comes wrapped in innocence and convenience. In the case of Twitter it is the “Find Friends” feature. This feature, which uploads names, phone numbers and email addresses, is used to identify possible friends who also use Twitter. Twitter’s blatant privacy blunder has two parts. First the app should notify the user that it will now upload the entire contents of the users’ address book to Twitter’s servers. This is something that isn’t make clear by the app, but it might be written somewhere in tiny print in Twitter’s privacy policy. Secondly the data should never, never be stored. Even if I do want Twitter to snoop around my address book to automatically find my friends and even if I might let them upload my data to their servers to do this, I will never give my permission for this upload to remain on their servers for 18 months. This upload should be temporary and deleted as soon as the find friends search is complete.
What about other social networking sites?
The first time this problem was seen, was not with Twitter but with Path, a social media service which provides a “simple way to keep a journal, or ‘Path’, of your life on the go.” Developer Arun Thampi was looking into the way the Path protocol worked when he noticed that his entire iPhone address book (including full names, emails and phone numbers) was being sent to Path. He blogged about his discovery, this in turn caused the CEO of Path David Morin to issue an apology: “We made a mistake. Over the last couple of days users brought to light an issue concerning how we handle your personal information on Path, specifically the transmission and storage of your phone contacts.” Path then issued a statement that it had deleted the entire collection of user uploaded contact information from its servers.
This then caused privacy experts to start looking at other socail networking sites including Facebook, FourSquare, Instagram, Foodspotting and Yelp. It turns out that they all send data from your smartphone’s internal address book to their servers. Several do so without first asking permission. Instagram and Foursquare now ask for permission, but only after the issues found at Path.
Apple and Congress
Apple run a very tight ship when it comes to their App Store with apps taking days (even weeks) to be approved before being published. According to Apple’s guidelines: “Apps that read or write data outside its designated container area will be rejected” and “Apps cannot transmit data about a user without obtaining the user’s prior permission.” Unless you are Twitter, Facebook or Path that is! This slip-up by Apple has led two US congressmen to write to Tim Cook, the CEO of Apple, asking why the company allows the practice on the iPhone. In the letter they ask if “this incident raises questions about whether Apple’s iOS app developer policies and practices may fall short when it comes to protecting the information of iPhone users and their contacts.”
Back to Twitter
Path issued new versions of their app (for iPhone and Android), as have Instagram and Foursquare. It seems that Twitter will do the same:
“We want to be clear and transparent in our communications with users. Along those lines, in our next app updates, which are coming soon, we are updating the language associated with Find Friends – to be more explicit,” Twitter spokeswoman Carolyn Penner said to the BBC.
February 10th, 2012 by Hide My IP
The problem with digital media (as opposed to physical media like books and real photographs) is that it is very hard to delete. What do I mean by that? On a computer just deleting a file doesn’t actually mean it has gone, it just means that the file has been marked as deleted and when you ask the computer to display a list of files in a folder the deleted files are skipped. However the actual data is still on the hard drive. This problem is multiplied once you upload something to the Internet because a) you don’t have any control over the server where the file is stored, b) the viral nature of the Internet means that files can be quickly copied and cached and so multiples instances can come into existence in just seconds.
The problem was illustrated this week by CNN who published a report condeming Facebook for keeping images live and available on the Internet three years after they were deleted! According to Facebook its older systems for storing uploaded photos “did not always delete images from content delivery networks in a reasonable period of time even though they were immediately removed from the site.” Where I am guessing Facebook defines “a reasonable period” as anywhere under five years! The problem is synonymous with deleted files on a hard drive. Although the deleted photos no longer appear in a user’s photo album, they do actually still exist and can be accessed years after they were deleted via a direct link.
The persistent photos issue was first discovered in 2009 when Ars Technica noticed that even if a Facebook user had second thoughts about a picture they had posted and deleted from their album, it remained accessible if anyone had a direct link to the image file in question. At the time Facebook said it was “working with [its]content delivery network (CDN) partner to significantly reduce the amount of time that backup copies persist.”
The ramifications of this action by Facebook are huge. The CNN report highlights the story of one Facebook user who discovered that a friend had innocently posted a picture of his toddler crawling naked on the lawn. He asked his friend to take it down, which he did. This was back in May 2008. Today, nearly four years later, the picture is still online! There is a whole gamit of photos that people have posted online which they then later decide to remove including photos of ex-boyfriends or ex-girlfriends, ex-husbands or ex-wives and all those embarrassing photos which seemed funny at the time but then later, once sanity had returned, you realised that it was better to delete them.
I am very sensitive about photos of my children being posted online. I just don’t do it. But from time to time others, who are unaware of my wishes post photos of them. Even if I ask them to remove them (which they nearly always do) the damage has been done.
So what can you do?
- Never, never, never upload pictures in haste. Always check what you are uploading. Once you hit the upload button and they disappear into the ether, it is almost impossible to ensure proper deletion.
- Never, never, never upload photos of other people without their permission. This is an invasion of privacy.
- Make sure you use tools like Ace File Shredder which prevents deleted files (on your hard disk) from being recovered.
February 4th, 2012 by Hide My IP
The company whose mantra is “do no evil” has been accused this week of doing evil when it announced some big changes to its privacy policy. The controversial changes mean that Google will get rid of over 60 different privacy policies across the company and replace them with one. There are two reasons for concern. Firstly Google will now monitor and collate user activity across all of its major Web services including YouTube, Gmail, and its search engine. The videos you watch, the things you search for and your email will all be cross-referenced and analysed by Google, who are now basically spying on you. “Our new Privacy Policy makes clear that, if you’re signed in, we may combine information you’ve provided from one service with information from other services” wrote Alma Whitten, Director of Privacy, Product and Engineering. The second concern is that there is no opt-out except to either a) stop using Google products all together or b) sign-in and sign-out every time you move from say Gmail to YouTube or YouTube to Google Search, so that Google can’t track your movements.
Microsoft has been quick to comment on these new changes (as they want users to move over to their products). ”The changes Google announced make it harder, not easier, for people to stay in control of their own information,” said Frank Shaw Corporate Vice President for Corporate Communications at Microsoft, in a blog post. “We take a different approach–we work to keep you safe and secure online, to give you control over your data, and to offer you the choice of saving your information on your hard drive, in the cloud, or on both.”
Of course, Google has been collecting this information all along, however this is the first time that it will start combining the data across its services to create a full profile of each of its millions of users. However the problem is that there is no way that we can really comprehend the implications of Google collecting all this data across all of its services. Will the profile it builds about you include information about your health, political opinions, religion and financial concerns? Is the giant computer system portrayed in the popular Person of Interest TV show starting to become a reality?
The irony here is that according to Google’s Privacy principles users have the right to make meaningful choices to protect their privacy – “People have different privacy concerns and needs. To best serve the full range of our users, Google strives to offer them meaningful and fine-grained choices over the use of their personal information.” This is no longer true with the new Privacy Policy. There are no meaningful choices other than yes or no and there is certainly no fine-grained control of any sort.
However there is something positive to say about Google’s latest privacy move, it does simplify everything. Who had the time, energy or experience to read 60 different privacy policies? Now there is just one. And in all fairness Google have tried to write it in a simple to understand manner. Of course that doesn’t mean it is a good policy!
You can preview the changes here. Google’s new Privacy Policy will take effect from March 1, 2012.
January 27th, 2012 by Hide My IP
O2, a wireless telecommunications company in the United Kingdom, caused privacy problems for its customers this week when it “mistakenly” started sending out the phone number from mobile handsets to every website the user visited over 3G. According to O2, some routine maintenance had the unintended effect of exposing the phone numbers.
It is standard industry practice for telecommunications companies to share a user’s cell phone number with “selected trusted partners.” Mobile network operators say this is so that these “selected trusted partners” can bill users for premium content such as downloads or ring tones and to identify customers using the network’s special services. What happened is O2′s case is that the routine maintenance changed the white list of trusted third parties to include almost every site on the Internet.
There are two important lessons here. The first, is that every time you use an Internet enabled device, be it a computer, tablet, cell phone or Internet enabled TV, you leave behind a digital finger print. Some devices intentionally send data, about you, to the service provider. As in the case of cell phones, the mobile operators deliberately send out your phone number so that you can be identified and billed. The second lesson is that when a company makes a mistake there is the potential for all of your data to be exposed.
It is the second point that merits further consideration. I will assume that O2 made a genuine mistake. And maybe in this case the harm done was minimal. According to its blog the only information websites had access to was the phone’s number and that could not have been linked to any other identifying information. However recent months have shown that service providers and web sites can fail spectacularly to protect users privacy. Back in December, Facebook performed routine maintenance on its site and upgraded its software. As a result a flaw opened up which allowed people to start downloading private pictures from other people’s accounts. Because of this Facebook’s founder Mark Zuckerberg had pictures from his private collection downloaded and posted publicly. Luckily for Mark all the pictures were nice and friendly. Although Facebook quickly fixed the mistake, don’t be fooled for one moment in thinking that this is the last time private information will be exposed online – on Facebook, or anywhere else.
At the end of last year hackers broke into the website of Strategic Forecasting, a publisher of global intelligence analysis. As a result of the security breach personally identifiable information and related credit card data was taken and posted onto the Internet. Then to add injury to insult, the hackers started to use the credit card information to make donations to charities! As a result of this Stratfor offered all of its affected customers one year of free identity protection coverage with identity protection company CSID.
The real question is this: who will pay if your identity gets stolen or your credit cards get used by online criminals? The management of Stratfor acted professionally and indemnified their customers. But there are millions of websites in the world, and a large portion of those hold private information about their users. If one of them gets hacked or performs routine maintenance that exposes your data, who will protect you?
The answer, of course, is no one! You need to take action to ensure that your private information does become public. First, think before sharing any private information – from personal details like your address, phone number and SSN details to photos, video clips, financial information and documents. Second, be discriminating about how and with who (meaning websites as well as people) you share personal information. Third, use a privacy tool like Firewall Fortify (which secures your Internet connection by monitoring your sensitive information) to protect your online privacy.
