Twitter Stealing Smartphone Contacts

February 17, 2012 — Hide My IP

In another blunder by a top social networking site, Twitter has confirmed that its iPhone app copies the entire address book from a users’ smartphone and stores the data on its servers, for up to 18 months, without the users’ permission. As with many privacy breaches, the “need” to take private, confidential data comes wrapped in innocence and convenience. In the case of Twitter it is the “Find Friends” feature. This feature, which uploads names, phone numbers and email addresses, is used to identify possible friends who also use Twitter. Twitter’s blatant privacy blunder has two parts. First the app should notify the user that it will now upload the entire contents of the users’ address book to Twitter’s servers. This is something that isn’t make clear by the app, but it might be written somewhere in tiny print in Twitter’s privacy policy. Secondly the data should never, never be stored. Even if I do want Twitter to snoop around my address book to automatically find my friends and even if I might let them upload my data to their servers to do this, I will never give my permission for this upload to remain on their servers for 18 months. This upload should be temporary and deleted as soon as the find friends search is complete.

What about other social networking sites?
The first time this problem was seen, was not with Twitter but with Path, a social media service which provides a “simple way to keep a journal, or ‘Path’, of your life on the go.” Developer Arun Thampi was looking into the way the Path protocol worked when he noticed that his entire iPhone address book (including full names, emails and phone numbers) was being sent to Path. He blogged about his discovery, this in turn caused the CEO of Path David Morin to issue an apology: “We made a mistake. Over the last couple of days users brought to light an issue concerning how we handle your personal information on Path, specifically the transmission and storage of your phone contacts.” Path then issued a statement that it had deleted the entire collection of user uploaded contact information from its servers.

This then caused privacy experts to start looking at other socail networking sites including Facebook, FourSquare, Instagram, Foodspotting and Yelp. It turns out that they all send data from your smartphone’s internal address book to their servers. Several do so without first asking permission. Instagram and Foursquare now ask for permission, but only after the issues found at Path.

Apple and Congress

Apple run a very tight ship when it comes to their App Store with apps taking days (even weeks) to be approved before being published. According to Apple’s guidelines: “Apps that read or write data outside its designated container area will be rejected” and “Apps cannot transmit data about a user without obtaining the user’s prior permission.” Unless you are Twitter, Facebook or Path that is! This slip-up by Apple has led two US congressmen to write to Tim Cook, the CEO of Apple, asking why the company allows the practice on the iPhone. In the letter they ask if “this incident raises questions about whether Apple’s iOS app developer policies and practices may fall short when it comes to protecting the information of iPhone users and their contacts.”

Back to Twitter

Path issued new versions of their app (for iPhone and Android), as have Instagram and Foursquare. It seems that Twitter will do the same:

“We want to be clear and transparent in our communications with users. Along those lines, in our next app updates, which are coming soon, we are updating the language associated with Find Friends – to be more explicit,” Twitter spokeswoman Carolyn Penner said to the BBC.

Posted in Privacy and Security. Tags: , , , . No Comments »

Facebook’s Deleted Photos That Never Go Away

February 10, 2012 — Hide My IP

The problem with digital media (as opposed to physical media like books and real photographs) is that it is very hard to delete. What do I mean by that? On a computer just deleting a file doesn’t actually mean it has gone, it just means that the file has been marked as deleted and when you ask the computer to display a list of files in a folder the deleted files are skipped. However the actual data is still on the hard drive. This problem is multiplied once you upload something to the Internet because a) you don’t have any control over the server where the file is stored, b) the viral nature of the Internet means that files can be quickly copied and cached and so multiples instances can come into existence in just seconds.

The problem was illustrated this week by CNN who published a report condeming Facebook for keeping images live and available on the Internet three years after they were deleted! According to Facebook its older systems for storing uploaded photos “did not always delete images from content delivery networks in a reasonable period of time even though they were immediately removed from the site.” Where I am guessing Facebook defines “a reasonable period” as anywhere under five years! The problem is synonymous with deleted files on a hard drive. Although the deleted photos no longer appear in a user’s photo album, they do actually still exist and can be accessed years after they were deleted via a direct link.

The persistent photos issue was first discovered in 2009 when Ars Technica noticed that even if a Facebook user had second thoughts about a picture they had posted and deleted from their album, it remained accessible if anyone had a direct link to the image file in question. At the time Facebook said it was “working with [its]content delivery network (CDN) partner to significantly reduce the amount of time that backup copies persist.”

The ramifications of this action by Facebook are huge. The CNN report highlights the story of one Facebook user who discovered that a friend had innocently posted a picture of  his toddler crawling naked on the lawn. He asked his friend to take it down, which he did. This was back in May 2008. Today, nearly four years later, the picture is still online! There is a whole gamit of photos that people have posted online which they then later decide to remove including photos of ex-boyfriends or ex-girlfriends, ex-husbands or ex-wives and all those embarrassing photos which seemed funny at the time but then later, once sanity had returned, you realised that it was better to delete them.

I am very sensitive about photos of my children being posted online. I just don’t do it. But from time to time others, who are unaware of my wishes post photos of them. Even if I ask them to remove them (which they nearly always do) the damage has been done.

So what can you do?

  1. Never, never, never upload pictures in haste. Always check what you are uploading. Once you hit the upload button and they disappear into the ether, it is almost impossible to ensure proper deletion.
  2. Never, never, never upload photos of other people without their permission. This is an invasion of privacy.
  3. Make sure you use tools like Ace File Shredder which prevents deleted files (on your hard disk) from being recovered.

 

Posted in Privacy and Security. Tags: , , , . No Comments »

Google Makes Big Changes to its Privacy Policy

February 4, 2012 — Hide My IP

The company whose mantra is “do no evil” has been accused this week of doing evil when it announced some big changes to its privacy policy. The controversial changes mean that Google will get rid of over 60 different privacy policies across the company and replace them with one. There are two reasons for concern. Firstly Google will now monitor and collate user activity across all of its major Web services including YouTube, Gmail, and its search engine. The videos you watch, the things you search for and your email will all be cross-referenced and analysed by Google, who are now basically spying on you.  “Our new Privacy Policy makes clear that, if you’re signed in, we may combine information you’ve provided from one service with information from other services” wrote Alma Whitten, Director of Privacy, Product and Engineering. The second concern is that there is no opt-out except to either a) stop using Google products all together or b) sign-in and sign-out every time you move from say Gmail to YouTube or YouTube to Google Search, so that Google can’t track your movements.

Microsoft has been quick to comment on these new changes (as they want users to move over to their products). ”The changes Google announced make it harder, not easier, for people to stay in control of their own information,” said Frank Shaw Corporate Vice President for Corporate Communications at Microsoft, in a blog post. “We take a different approach–we work to keep you safe and secure online, to give you control over your data, and to offer you the choice of saving your information on your hard drive, in the cloud, or on both.”

Of course, Google has been collecting this information all along, however this is the first time that it will start combining the data across its services to create a full profile of each of its millions of users. However the problem is that there is no way that we can really comprehend the implications of Google collecting all this data across all of its services. Will the profile it builds about you include  information about your health, political opinions, religion and financial concerns? Is the giant computer system portrayed in the popular Person of Interest TV show starting to become a reality?

The irony here is that according to Google’s Privacy principles users have the right to make meaningful choices to protect their privacy – “People have different privacy concerns and needs. To best serve the full range of our users, Google strives to offer them meaningful and fine-grained choices over the use of their personal information.” This is no longer true with the new Privacy Policy. There are no meaningful choices other than yes or no and there is certainly no fine-grained control of any sort.

However there is something positive to say about Google’s latest privacy move, it does simplify everything. Who had the time, energy or experience to read 60 different privacy policies? Now there is just one. And in all fairness Google have tried to write it in a simple to understand manner. Of course that doesn’t mean it is a good policy!

You can preview the changes here. Google’s new Privacy Policy will take effect from March 1, 2012.

Posted in Privacy and Security. Tags: , . No Comments »

You Can’t Assume That Big Companies Are Protecting Your Privacy

January 27, 2012 — Hide My IP

O2, a wireless telecommunications company in the United Kingdom, caused privacy problems for its customers this week when it “mistakenly” started sending out the phone number from mobile handsets to every website the user visited over 3G. According to O2, some routine maintenance had the unintended effect of exposing the phone numbers.

It is standard industry practice for telecommunications companies to share a user’s cell phone number with “selected trusted partners.” Mobile network operators say this is so that these “selected trusted partners” can bill users for premium content such as downloads or ring tones and to identify customers using the network’s special services. What happened is O2′s case is that the routine maintenance changed the white list of trusted third parties to include almost every site on the Internet.

There are two important lessons here. The first, is that every time you use an Internet enabled device, be it a computer, tablet, cell phone or Internet enabled TV, you leave behind a digital finger print. Some devices intentionally send data, about you, to the service provider. As in the case of cell phones, the mobile operators deliberately send out your phone number so that you can be identified and billed. The second lesson is that when a company makes a mistake there is the potential for all of your data to be exposed.

It is the second point that merits further consideration. I will assume that O2 made a genuine mistake. And maybe in this case the harm done was minimal. According to its blog the only information websites had access to was the phone’s number and that could not have been linked to any other identifying information. However recent months have shown that service providers and web sites can fail spectacularly to protect users privacy. Back in December, Facebook performed routine maintenance on its site and upgraded its software. As a result a flaw opened up which allowed people to start downloading private pictures from other people’s accounts. Because of this Facebook’s founder Mark Zuckerberg had pictures from his private collection downloaded and posted publicly. Luckily for Mark all the pictures were nice and friendly. Although Facebook quickly fixed the mistake, don’t be fooled for one moment in thinking that this is the last time private information will be exposed online – on Facebook, or anywhere else.

At the end of last year hackers broke into the website of Strategic Forecasting, a publisher of global intelligence analysis. As a result of the security breach personally identifiable information and related credit card data was taken and posted onto the Internet. Then to add injury to insult, the hackers started to use the credit card information to make donations to charities! As a result of this Stratfor offered all of its affected customers one year of free identity protection coverage with identity protection company CSID.

The real question is this: who will pay if your identity gets stolen or your credit cards get used by online criminals? The management of Stratfor  acted professionally and indemnified their customers. But there are millions of websites in the world, and a large portion of those hold private information about their users. If one of them gets hacked or performs routine maintenance that exposes your data, who will protect you?

The answer, of course, is no one! You need to take action to ensure that your private information does become public. First, think before sharing any private information – from personal details like your address, phone number and SSN details to photos, video clips, financial information and documents. Second, be discriminating about how and with who (meaning websites as well as people) you share personal information. Third, use  a privacy tool like Firewall Fortify (which secures your Internet connection by monitoring your sensitive information) to protect your online privacy.

Posted in Privacy and Security. Tags: , . No Comments »

Internet Blackout Day Starts in Protest Against PIPA and SOPA

January 18, 2012 — Hide My IP

Today, Wednesday January 18 2012, is Internet Blackout Day, a movement which has caught the attention of the world’s media, that aims to raise awareness of legislation known as PROTECT IP Act (PIPA) and Stop Online Piracy Act (SOPA) and how this legislation is a threat to online privacy, threatens freedom of speech, and hampers Internet innovation.

Scores of websites from personal blogs to big sites like Wikipedia, Mozilla, Reddit, Tucows, and BoingBoing have joined the campaingn to protest against SOPA and PIPA by blacking out their websites for 24 hours. Today’s visitors to the English Wikipedia site will be presented with messages intended to raise awareness about the proposed legislation, and encouraging them to share their views with their elected representatives, and via social media.

So what is the problem? In a nutshell it is Hollywood versus people downloading films and music for free. These big media companies and their allies in Congress are billing the legislation as a new way to battle online copyright infringement. But it will do little to stop infringement online. What it will do is compromise online privacy and inhibit online expression.

Under the proposed legislation government and private parties would be granted unprecedented power to interfere with the Internet’s underlying infrastructure. The government would be able to force ISPs and search engines to block users’ attempts to reach certain websites. But the USA doesn’t own the Internet, it is global. As Tucows wrote on their site “a ‘Made in the USA’ solution will no more work to stop the problems talked of than would one made in any other single nation state. Worse, the US has been at the forefront of ensuring that the Internet has remained free and a platform for innovation for the last fifteen years.” Even the White House has stated that it “will not support legislation that reduces freedom of expression, increases cybersecurity risk, or undermines the dynamic, innovative global Internet.”

First Amendment expert Marvin Ammori points out, “The language is pretty vague, but it appears all these companies must monitor their sites for anti-circumvention so they are not subject to court actions ‘enjoining’ them from continuing to provide ‘such product or service.” And according to the Electronic Frontier Foundation (EEF), venture capitalists have said en masse they won’t invest in online startups if PIPA and SOPA pass.

Under PIPA the government will have the power to make US Internet providers block access to infringing domain names as well as have the ability to sue US-based search engines, directories, or even blogs and forums, to have links to these sites removed. To the wrong judge (one who probably hasn’t even used the Internet), innovative sites like Tumblr, SoundCloud, even YouTube in its early days, could be seen as piracy heavens because mixed in with the self expression, art and calls for freedom of speech will be TV footage, movie clips and music.

The recent social uprisings in Tunisia, Egypt, and Libya all used the Internet and social media to allow citizen to speak out against injustice. If the US passes laws like SOPA and PIPA then it looses any right to criticize freedom of speech in other countries and it provides a model for unscrupulous governments to adopt similar laws and hinder free expression.

Please take action by contacting Congress through the Electronic Frontier Foundation’s action center. It only takes a moment and it can make a big difference.

Other sites of interest are: http://americancensorship.org/ and http://fightforthefuture.org/pipa/.

Posted in Privacy and Security. Tags: , , , . No Comments »

New AOL Instant Messenger Raises Privacy Concerns

January 13, 2012 — Hide My IP

AOL recently released a new Beta version of its popular Instant Messenger program known as AIM (AOL Instant Messenger) but its new features are raising some privacy concerns. First of all, AIM now logs all of your conversations on AOL’s servers and keeps them there for up to two months (and maybe for ever if AOL have some kind of archiving system, which wouldn’t be unusual). The rationale behind this is that now AOL users can see a history of their chats from any device running the software, a great convenience apparently! But what it means is that all your chats are now recorded and stored and could be made available to any law enforcement agency with the right paper work. And bizarrely AOL might not have to tell you if the Feds have been taking a peak at your conversations. Anyone remember the Bill of Rights?

Although AIM does have an “off the record” mode, this is can only be applied on a per contact basis and users of alternative (but compatible) clients like iChat or Pidgin can’t access this “off the record” mode. Worse still, there is “no off the record” mode for the group chat feature with all group chats being automatically logged.

Another privacy concern with the new preview version of AIM is that it now scans all private IMs for URLs and pre-fetches any URLs found in them. The word “private” in private IM is obviously lost of AOL. As is often the case, the new feature is meant to aid and help the end user. In this case AOL have added the ability to embed pictures and videos into instant messages. But to do this they scan the text of EVERY message for ALL links then download the content of the link to see if it is a picture or a video. Rather than adding support for the popular services like YouTube (which all have easily recognizable links), AOL are trying to be too smart and the resulting solution is way to broad and potentially dangerous. Rather than letting the individual users download the content of links sent to them, now AOL will do it for you and store the results on their servers. Lesson to be learned… Be careful what links you send in your IM’s as AOL are watching.

Worse still, if a link sent via an IM points to a private server (not publicly listed in the search engines etc) then AOL will send its little “bots” over to that private server to start downloading content. But what if the link contains authentication information like a username or password? What if the link is an unsubscribe link which AOL follows and unwittingly unsubscribes you from a service or mailing list?

All of this is part of the global move towards “the cloud”, meaning data which is stored out there somewhere on the Internet and not locally on your PC or mobile device. My recommendation is that users do not upgrade to the latest version of AIM until AOL fixes these privacy-unfriendly features or introduces certain safe guards and/or encryption to stop unwelcome third parties listening in on your conversations.

Posted in Privacy and Security. Tags: , , . No Comments »

January 28 is Data Privacy Day

January 6, 2012 — Hide My IP

Momentum is gathering for Data Privacy Day, which will be held on January 28, with events scheduled on the day and during the surrounding weeks. The brainchild of the National Cyber Security Alliance (NCSA), the event is sponsored by some big industry names including Intel and eBay Inc. Data Privacy Day is designed to promote awareness about the many different ways our personal information is collected, stored, used, and shared. And hopefully educate net citizens about the best ways to protect their personal information.

The privacy landscape of today is much different to that of say 25 years ago. Today our identities, locations, purchases and online histories are stored digitally and analysed constantly. How to control online privacy is as much a question for individual users as it is for the big web sites (like Google and Facebook), businesses, Internet Service Providers (ISP), and state and federal governments.

The DPD website has a number of education resources for Teens and Young Adults as well as Parents and Kids. Included are educational presentations and scripts for use in junior high and high school classrooms and a collection of online resources and videos designed for especially for parents and younger children.

It is important  that we constantly educate ourselves, our families and our friends about online privacy. Use the DPD day as an opportunity to remind people that almost every activities on the Internet leaves a digital foot print. Use the resources on the DPD site and tell people about this Privacy Blog. Education and prevention is the key rather than waiting until your identity has been stolen or your house robbed because of online privacy mistakes.

“This year, we encourage all digital citizens to take an active role in learning safe practices and behaviors. We encourage people to follow the basic advice from the STOP. THINK. CONNECT. campaign and protect their personal information. It is our collective and shared responsibility to help make the Internet a safer environment in which people have the ability to protect the privacy of their personal information, and it starts with three simple steps: STOP. THINK. CONNECT.” said Michael Kaiser, executive director of the National Cyber Security Alliance.

How can I protect my information from being misused?
According to a survey by the NCSA, 54 percent of Americans are extremely concerned about loss of personal or financial information. So what can you do? Here are five tips for better online privacy. Share them with your friends and family. Keep safe and stay protected.

  • Create strong passwords (including letters and symbols) and don’t use the same password over and over again.
  • Keep your OS (Windows, OS X) up to date. Also keep your anti virus software updated.
  • Beware of unsolicited messages (via email or within social networking sites like Facebook) with links to unknown websites.
  • Scan your computer regularly for malware and rootkits.
  • Use privacy tools like Hide My IPCookie Crumble and Firewall Fortify to protect your online privacy. You should also strongly consider using a virtual private network (VPN) like FoxyVPN.
Posted in Privacy and Security. Tags: , , . No Comments »

GoDaddy, The Stop Online Piracy Act (SOPA) and Privacy Tips for 2012

December 30, 2011 — Hide My IP

As 2011 comes to a close our thoughts move to 2012 and what it has in store for us. Leaving aside the customary promises of diets and to be better, we should each take a moment to consider the digital footprint we left in 2011 and how we can better protect our privacy (and the privacy of our families) during 2012. The coming year will see greater battles for online privacy than any previous year. Social networking will continue to dominate and I predict that there will be at least two major online privacy scandals during the next twelve months.

The legislative outlook is bleak for 2012. The U.S. House Committee on the Judiciary is currently considering the Stop Online Piracy Act (SOPA) or  H.R. 3261 as it is officially known. Although the act is well intentioned (in that it wants to stop piracy), the act is badly put together. Its broad language allows almost any attempt by a private individual to protect his or hers online privacy as an attempt to cover illegal activities. Today, GoDaddy announced it was withdrawing its support for SOPA in response to a boycott urging users to migrate away from the domain name register. GoDaddy now joins a long list of those objecting to SOPA. Earlier this year Google, Facebook, Twitter, eBay, Mozilla, Yahoo, AOL, and LinkedIn wrote a letter to important members of the U.S. Senate and House of Representatives, saying SOPA poses “a serious risk to our industry’s continued track record of innovation and job creation, as well as to our nation’s cybersecurity.” Also the European Parliament has adopted a resolution stressing “the need to protect the integrity of the global Internet and freedom of communication by refraining from unilateral measures to revoke IP addresses or domain names.”

While the politicians blunder about, there are many things that each individual can do, so here are our top privacy tips for 2012:

  • Time to change your passwords. Been using the same password for the last few years? It is time to change. Your password is the single barrier between you and online criminals. Should they manage to break into your email, eBay or PayPal accounts (not to mention any online financial services you use) they will be able to duplicate your identity as well as steal money from your accounts. Make sure your password are strong and contain more than just letters (e.g. good passwords contain letters, numbers, and symbols).
  • Shutdown any unused accounts. Did you sign up for a website for service in 2011 and in fact don’t use it. Close the account. Unused online accounts are a liability and could be used by hackers as a stepping stone to your more important accounts.
  • Become more unfriendly! The “problem” with social networks is that everyone wants to be your friend. Do you really want an ex-colleague from a place where you worked 10 years ago to see your family photos? The pressure is to accept all and any friend invitations. Don’t. Go through your list and remove anyone that isn’t close or can’t be trusted 100% with your holiday snaps.
  • Start 2012 with the aim to minimize personal information sharing. Only fill in the mandatory fields on any web form. Many forms ask for lost of unnecessary information, but only certain fields are mandatory (normally marked with an asterisk). Don’t trust websites with your personal information (just look at the mess Facebook has made of its users privacy). Don’t give more information than needed.
  • Make sure your online shopping is encrypted. Make sure you are using the latest version of your web browser and check that you are using a secure site if you need to enter your credit card details. Look for a padlock symbol in the bottom right of the browser window and check that the website address begins with ‘https://’. Modern browsers (like Chrome and Mozilla) support Extended Validation SSL Certificates, and the address bar willturn green when you are on a secure site.
  • Beware of identity theft attempts during 2012′s big events. There are lots of big global events scheduled for 2012 including Super Bowl XLVI, the London Olympics, and the 57th US presidential election. It is “traditional” for cyber criminals to launch phishing scams during these events. Beware of bogus retailers setup for identity theft attempts or email scams that contain links or attachments which take users to malicious websites or spread malware.
  • Enhance your PC’s security. Use privacy tools like Hide My IPCookie Crumble and Firewall Fortify to protect your online privacy. You should also strongly consider using a virtual private network (VPN) like FoxyVPN.
Posted in Privacy and Security. Tags: , , , , . No Comments »

Download Files Via BitTorrent Anonymously

December 15, 2011 — Hide My IP

Downloading files via BitTorrent has its legitimate as well as illegal uses. Many companies like Ubuntu offer their files via BitTorrent, but at the same time it must be recognized that BitTorrent is also used to share files which infringe copyright laws.

For the uninitiated BitTorrent is a peer-to-peer download network that uses the computers of hundreds (if not thousands) of individuals to share a file. To download the complete file, different chunks are grabbed from all the different computers who are sharing the data. This way it spreads the load away from traditional download servers to individual PCs and increases the potential bandwidth available. To use it, a BitTorrent client needs to be installed on your PC (there are multitudes of variations available for Windows, Mac and Linux).

However all this sharing isn’t anonymous. As chunks of files are downloaded records are kept about who has what bit so that other computers can connect and the chunk passed on. It doesn’t take too much imagination to realize that a fake BitTorrent client can connect to the network and see who is sharing what. In fact the entertainment industry has been doing just that for years now. However this information has never really been readily available as an easy to search index. Until now that is.

Youhavedownloaded.com is a new website which lists all your recent BitTorrent downloads for everyone to see. The site can’t track every single file being downloaded on the Internet, however it has managed to collect data on nearly 2,000,000 files downloaded by over 53,000,000 users.

“We just want to remind people that the Internet is not a place to expect privacy,” said Suren Ter-Saakov, one of the brains behind the site. “Nowadays many people use it without understanding what information they leave behind. Also, even those who understand choose to ignore it quite often.”

The sites biggest failings however is with regards to dynamic IP addresses. Many Internet providers provide users with a modem which when it connects to the Internet gets a different dynamic address each time it connects. If the modem is switch off (for example at night) then the next time it connects it will have a different address.

When asked about this Suren Ter-Saakov responded: “We don’t bother ourselves to separate dynamic IPs. The site is just for show. However we have time-stamps. 3.3.3.3 might be a dynamic IP – however it belonged to a certain person at 12:12am 12/12/2011.” The implication is that together with the records from an Internet provider the exact user of any given address at any given time can be discovered.

So the key question of course is, how can you download using BitTorrent without having your IP address recorded, tracked and displayed for everyone to see.

The answer is simple. Use a virtual private network (VPN) like FoxyVPN. A VPN is a special way to connect to the Internet by creating an encrypted link from your computer to a server on the Internet. All network traffic from your PC will go out onto the Internet via the remote VPN server. This means that all your web surfing, emailing and downloads using services like BitTorrent will appear as if they come from the VPN server and not your PC. This means that any data stored on the BitTorrent network will show your VPN provider while you remain anonymous. In fact your Internet service provider won’t even be able to tell what you are doing on the net.

Posted in Privacy and Security. Tags: , , . No Comments »

Facebook and the Myth of Passive Online Privacy

December 9, 2011 — Hide My IP

It is unusual for me to write two posts back to back about Facebook, but the events of this week mean I am obliged to write a second Facebook post. Last week’s post ended with comments from Facebook’s founder Mark Zuckerberg where he pointed out that  it is normal to be skeptical about Facebook’s role in how hundreds of millions of people share their personal information online. “Even if our record on privacy were perfect, I think many people would still rightfully question how their information was protected,” he said.

It looks as if those comments have come back to haunt Zuckerberg as this week photos from his private photo collection where posted online. The problem was entirely Facebook’s. It wasn’t an issue of a stolen, lost or hacked password. The very complex software which runs the site was updated and in doing so it allowed normal users to see other people’s private photos.

Although Facebook quickly fixed the mistake, don’t think for one second that this is the last time private information will be exposed online – on Facebook, or anywhere else, because it will.

Online privacy isn’t passive
Security and privacy aren’t passive in the real world and equally they aren’t in the online world. Nobody leaves their house unlocked and doors open and then hopes that a thief doesn’t break-in. No one goes to the park and puts their money, cell phone and car keys on a bench and then goes for a walk around the park hoping nobody will take their money (and phone and probably car too). At home and out in the world we are all active in protecting ourselves, our families and our property. Internet users need to be active about privacy.

Myth
Users seem to have an undiscriminating trust for web sites. Like the old adage, “don’t believe everything you read”, don’t trust the Internet with your personal and private data. Just because a site is big or popular doesn’t mean it won’t leak (intentionally or unintentionally) your private data onto the Internet. The good news for Mark Zuckerberg was that there were no embarrassing photos of him found. However family photos are private. Mark trusted his photos to his own service and his own service failed to protect his data.

Passive online privacy is at best a myth. To stay safe online you need to be active:

  • Think before sharing any private information – from personal details like your address, phone number and SSN details to photos, video clips, financial information and documents.
  • Be discriminating about how and with who (meaning websites as well as people) you share personal information.
  • Be vigilant in using the different privacy controls available.
  • Use privacy tools like Hide My IP, Cookie Crumble and Firewall Fortify to protect your online privacy.

2011 has seen several major high-profile security breaches at trusted companies like Sony, Citigroup and PBS. In Sony’s case, hackers stole the personal information of over 100 million registered users of its online gaming services including the PlayStation Network (PSN).

Be active not passive. Don’t leave yourself exposed.

Posted in Privacy and Security. Tags: . No Comments »
« Older posts «
»