Posts Tagged privacy

Information is currency; Privacy doesn’t exist

Posted by on Wednesday, 23 April, 2014

IMG_1955Earlier today one of my dear friends shared this article and tagged me for comment: Facebook Knows Everything About You, And If You Don’t Believe Us Here’s Proof

The article details out how UbiSoft’s marketing for their new game inadvertently shows how much Facebook knows about you. This is done via their Digital Shadow site after asking you to connect to it via Facebook authentication in which you grant access to your data as housed in the social network. The article paints a F.U.D. based theme (fear uncertainty, and doubt) around an individual’s privacy and how they may want to change their settings within Facebook to tighten things down.

Here’s the thing, though: there is no privacy on the internet. Security settings and custom privacy tweaks are speed bumps at best, and theater at worst. Like a glass window next to your home’s front door, any motivated attacker can bypass these settings with some small effort. While the addition of privacy settings are indeed necessary and effective to avoid the most common of breaches, they have also worked to the larger cultures disadvantage by allowing us to be a bit more complacent and reliant upon tools to do the job of privacy control. The best privacy control you have is the ability to choose what information you share.

Be careful, though. What you share may initially seem innocuous and irrelevant to most security or privacy concerns, but as the article above and the site referenced, there are things that can be inferred and connected across the data you share to build a view of your life which you may not have intended to be visible. Simple things like your location when combined with a job title can tell me a fair estimate of income as well as likelihood of work schedules and how valuable your digital life may be. The site does a good job of holding up a mirror to anyone sharing via Facebook and how that information can be connected to build a larger, perhaps unintended picture.

What does this really mean for you, as a participant on social media channels? It means you need to make informed choices. Understand that information is a form of currency used to trade for access to these sites and deeper connections to your networks of people. In my case, I trade quite a bit of information to maintain my connections with you while also working to build domain expertise in my career as a social business strategist. I make very specific choices about how open and transparent I am with what I share via any social channel, knowing that information is at best only obscured by my privacy settings and likely will be seen by many more people I’d not intended or expected. (Oddly, it is one of the lessons I’ve learned from blogging for so long now: you may be writing for one audience, but there’s likely other audiences reading and connecting… pay attention to them as well, as there may be wonderful opportunity for growth when you identify those unknown audiences).

We can’t trust companies to maintain our privacy for us. We need to take personal responsibility for our own information, what and how we share. While this may seem like a call to lock down your profiles, it isn’t. Rather, it is a call to become more informed and to begin thinking before we share and making the choice to use our information to pay for access or connection instead of just assuming it all comes for free. There’s a cost to social interaction, and what we are willing to pay will likely differ for every individual. Knowing that cost is the first step before paying the toll by sharing your information.

 

Privacy and social engagement

Posted by on Wednesday, 28 August, 2013

IMG_5332On the heels of last week’s post about the fear of saying the wrong thing, there’s another fear that also prevents some people from engaging in social media: privacy.

Privacy and security fears have been noted as the number one biggest fear for anyone who spends time on-line. For some of these people, those fears and concerns about privacy are also preventing them from engaging in social business. While I will go on in a moment to help address some concerns and outline a few ways to tighten things down, I’ll say this first and up front: privacy on the internet is a myth. If you are engaging in any social medium, you are doing so knowing that you can be identified by the information you share and have hopefully consciously made the choice to accept that you will not have complete privacy.

Social business thrives on the building of your own digital eminence, which can’t be done anonymously. Social business transcends the digital realm and connects us to the physical world as well. Make no mistake, when we play on social sharing sites, we do so either with pseudo-anonymity or we compromise how much factual data we reveal about ourselves.

That said, the question becomes “how can I maintain some level of privacy and still be relevant on social media?”  Simply said, using your real name, but maintaining minimal other profile information will let you build your reputation based on what knowledge you share without providing any more identifying information than your name. This allows you to connect your professional career and online presences to build digital eminence and grow your career.

Most sites require very little to be in your social profiles. Typically this profile information consists of your display name, real name, and possibly location. Some may require an image, though that is easily and often addressed with a non-personal photo. Both of these have solutions which involve obfuscation to help bolster your privacy, both of which, however, go against best practices for building your own online reputation. So, at the minimum, your name will be visible. That alone can make some people uncomfortable, but that is the starting point for playing in social business: people should know who you are, as that builds trust across your network.

Beyond your name, and preferably a photo, any other bits of information you provide should be done so with the knowledge that anything you share will likely be publicly accessible. Even if you have multiple disconnected accounts, if there are common names or usernames between them, people can begin to connect those dots. Unless you have a VERY common name, the concept of security through obscurity is no longer relevant. While not mean to scare you, this is a big consideration and something to think about every time you share a link or write a post: that content will follow you. Here is a great article on a social engineering hack just published yesterday that allowed access to accounts based on shared or publicly available content.

One way to help improve some levels of privacy would be to maintain separate digital personas for personal and professional use. While I don’t necessarily recommend this approach as noted in my previous blog post on the topic, I do understand why some individuals would prefer the multiple account strategy. My recommendation for those who do adopt this method is to use your real name in your professional account only, and not for any personal account. This will help disconnect the personal content from your professional content. Likewise, only share information and content related to your professional expertise, as this will help grow your eminence but also helps protect your personal privacy if only professional content is shared.

In cases where your real name is required for a personal account (as is the case for Google+ and common practice on Facebook), you have the ability to lock down those accounts to reduce the potential for search indexing to occur and connect content from your personal and professional accounts which share the same real name.

Following are a few great articles on how you can improve privacy settings on Facebook, GooglePlus, LinkedIn, Twitter (with a tumblr bonus), and Pinterest:

Of course, there are also some simple things you can do that don’t require any configuration of preferences or settings:

  • Understand that anything you say/ post online will stay online. The internet remembers everything.
  • Manually approve or disapprove follow requests. Approve only those you know, ignore or block those you don’t. If unsure, ask who they are via DM or private message.
  • Remember that it is possible to inadvertently reveal identifying information through status updates, photographs, comments in friends’ networks, community or group membership, and other non-direct means.
  • Some may seem overtly obvious, but every day I hear of how this information has been posted and them misused: So don’t publish your date of birth, phone number, email address, or physical address. And especially not your social security, credit card, or driver’s license numbers.
  • Remember that what you post can be seen and shared by others even in a small controlled group. Always think about what you say and what photos you post as it could be reshared by someone in your network or otherwise be seen by people not in the intended audience .
  • Don’t publicize future vacation plans, especially the time you’ll be traveling.
  • Don’t use location-based services when posting to social networks.
  • Actively manage your friends lists, circles, or following/followers to ensure your own comfort level with your network.
  • Ok I kind of lied, this is a preference/setting bullet, but it is important! Check your privacy settings often. Many social sites roll out new features and new privacy settings without widespread announcements.
    .

For more tips, check out the page at PrivacyRights.org which discusses cyber stalking and steps to take to mitigate potential issues: https://www.privacyrights.org/fs/fs14-stk.htm#3

Please note that this is not a comprehensive security/privacy post, but one intended to help get you thinking about how you can manage your own privacy to the level that is right for you.

And. as always my dear friends, #StayVigilant!

Protect yourselves, stay vigilant

Posted by on Wednesday, 25 April, 2012

On Monday, I ran across a story on a local news station regarding a security breach of some DNS servers, how the FBI put a temporary safety net in place, and now how the servers will be shut down in July. This prompted a larger scale informational campaign to help computer users determine if their own systems were ‘infected’ and are using the DNS servers which are slated to go offline (when that happens, if your system isn’t using good DNS servers, you’re internet connection will be gone).

I posted this article to Facebook with the intent of spreading the word and helping people check their own systems to be sure we are all using good DNS servers. But as I went through my personal validation process to be sure that the information I am passing on is genuine, I realized there’s a lot stuff I just do and never really explain how/why. So in the spirit of knowledge sharing, here’s some tips to help you stay safe on the internet, avoid malware, and do more to protect your own privacy:

First and foremost: Lock down your privacy settings anywhere you may have an account so you can identify with whom you are sharing information. Take some time whenever you create new accounts to research and set privacy controls before doing anything else on a website.

Here’s a great write-up which explains some of the Facebook behaviours which may affect privacy, and what you can do to control it to some extent: http://www.hanselman.com/blog/FacebooksPrivacySettingsAreTooComplexForANYONEToUseChangeTheseSettingsToday.aspx

Think you’re safe if you only touch Facebook settings? Think again. Google tracks a plethora of information too. You can stop Google from tracking your history (which is tied to your Google account) and opt out of the Google ads with these three links:

  • https://www.google.com/history
    “Pause” will stop the tracking of your Google web history (searches and which links you followed from the results), while “Remove” will clear out the selected history.
  • https://www.google.com/settings/ads/
    After opting out, you’ll still see ads, but Google won’t use your personal information to target those ads specifically to you. Be sure to opt out for both Search/Gmail and ads on the web.

 

Now that I’ve touched on the two ‘biggies’, let’s focus in a bit more generally with some catch-all solutions:

I’ve personally had success with all three of these, though your mileage may vary depending on your preferences and system setup.

 

But you know what? Tools and settings aren’t enough. Sometimes it all comes down to what I called “wetware” when I was working for a content filtering company: your brain. Tools and options just don’t protect us from ourselves, which is why we need to be able to think critically and be ever vigilant (bordering on paranoid) as we surf the web.

Did a Facebook friend just read a really provocative looking article? Are you sure they did? Is that the kind of article you think your friend would spend time reading and “Like” on Facebook? Do yourself a favour and don’t click the link, it’s likely a phishing attempt to get you to allow an application access to your Facebook profile and post on your behalf; your friend is likely the latest in a long line of victims.

Before clicking links, stop and hover over it. If it goes to a known server  and is relatively ‘clean’ of characters like ? or & and doesn’t end in an active file extension (like .pl, .js.exe, etcetera) it is most likely a good link. But you need to be careful of embedded links which point somewhere other than the link text, as well as shortened links which don’t expand to show the full URL.

Which gets me closer to  the point: don’t trust links. Unless you absolutely trust the source posting the link, and the server for the link itself, don’t click it, just run a quick search instead and find the info outside of Facebook (here’s a GREAT Oatmeal cartoon which explains this without raising the spectre of malware as the reason for searching).

 

Let’s take the above article about the FBI and DNS servers as an example:

I originally saw the story posted by KPTV News on Facebook. Since I trust this account, and the story/link was consistent with other news they post, I clicked the link into the story. From there, however, I stopped trusting. Specifically, the story describes an FBI business partner in this case, and links to their site to ‘check’ your system to see if you are using the wrong DNS servers.

At this point small alarm bells start ringing in my head, but I head over to http://www.dcwg.org/ to check it out. Alarm bells are ringing even more since this site asks you to click a button to run a check, something you should never do unless you trust the source completely. Plus, I am a bit more dubious as the site runs WordPress as the engine. I should note here that while I adore WordPress as a platform, the fact that dcwg.org uses it made me immediate skeptical about the authenticity since anyone can build a WordPress site like that. Heck, I run 5 of my own WP installations, including this one; I KNOW anyone can do it!That all said, I’ll give credit to dcwg.org for acknowledging the need for trust and helping people validate the authenticity as well by pointing to FBI.gov hosted materials.

Rather than using the automated link in the original article (which was down due to heavy traffic anyway, but also because you should never trust sites that ‘fix’ your computer without doing your research), I used the following PDF from FBI.gov which outlines exactly how to check your system for this issue: http://www.fbi.gov/news/stories/2011/november/malware_110911/DNS-changer-malware.pdf

Since I trust the fbi.gov servers and pdf files to not auto-run malware on my system, I knew I’d be able to validate the issue by virtue of understanding the solution through text. I can happily say that I was indeed able to validate the authenticity of the problem, solution, and third-party business partner as trustworthy, but only after doing a little research before hand. (Now, you should all review the PDF file as well to understand how to correct your system, or at the very least, what the dcwg.org “fix” button will do to your system to correct the problem.)

While the above turned out to be a perfectly safe example, it really is the perfect scenario to explain how and why you need to check before you click, as similar tactics are exactly what caused people to click buttons and modify their DNS server settings in the first place.

Want to take privacy and protection to an even greater level? Check out the fine folks over at https://priv.ly/

This is a new tool being designed and developed by Oregon State scientists working on changing the paradigm of content sharing. Priv.ly is intended to take control away from the content hosts like Facebook and Twitter and put that control right back to the user, where it belongs. This works to remove companies’ rights to control and sell your data, putting your data privacy in your hands. If you are concerned with privacy you need to check these people out.

Stay vigilant, my friends. Protect yourself. No one else will.