Let’s Encrypt hit a major milestone today when its first free and automated cert went live.
Tag Archives: Privacy
Why Every Company Should Have a One-Page Privacy Policy
Most companies know you won’t read their 45-page privacy policy before downloading their app. I suspect they also know that their privacy policy needs to change. The problem is, when you gloss over a privacy policy, you could be giving software makers access to your personal information. Once you click the “I accept” button, your data could be theirs.
When my daughter was 10 years old, she asked to download a single-player, non-web connected game on her mobile device. Aimed at 8-12 year old children, the game required the user to accept an agreement that was illegible on a mobile phone. Looking more closely, I discovered that the app claimed the right to collect information including but not limited to my daughter’s name, profile, photos, telephone numbers, email address, contacts, GPS location, browser history and chat or messaging activity, without clearly explaining what the company did with that information or who it might share it with.
As you can imagine, I said “no” to downloading the game. However, that experience was my motivation to launch a campaign to simplify these privacy policies. At Mobile World Congress in March, I announced that AVG would produce a one-page privacy policy that is simple and transparent, and I challenged other companies to do the same. This week, out of our commitment to make the Internet safer for everyone, AVG has fulfilled on this promise with our latest privacy policy.
What’s a one-page privacy policy?
AVG’s one-page privacy policy is an at-a-glance summary of which data our company will collect or won’t collect and an explanation of how and why the data may be shared. We believe our users have the right to understand how and where their information will be used.
AVG’s users are important to us, and we want to earn and keep their trust. A simple and transparent privacy policy helps strengthen this relationship with our customers. A recent study shows that almost half of respondents (49 percent) report that lack of trust prevented them from downloading apps or using them once installed. Over a third (34 percent) said lack of trust stopped them from buying any mobile apps and services. I believe that the more consumers are clearly told the full extent to which companies collect their personal information, the less likely they will be to download new apps or software.
We see the world around us beginning to change: devices now capture new kinds of sensitive information, including health data through wearables and biometric devices and information from smart-home devices. Users must understand what companies will do with their personal information before they hit the “I agree” button. And, they should understand this clearly and at a glance, not having to read pages and pages of a privacy policy. Users have a right to control their own information, and companies have the obligation to be transparent about their company’s use of this information. Here at AVG, we’ve created a simple, one-page, graphical summary for our users of what we will and won’t do with data. I continue to challenge other companies to do the same. Let us know what you think.
Preparing Us and Our Kids for Digital Playgrounds
Recent research of parents in the United States, conducted by Harris Poll on behalf of AVG, shows the ubiquitous rise in the number of kids with mobile devices while exploring important issues in our digital family dynamics.
We found 51% of connected kids receive a device before the fifth grade. With that level of smartphone, tablet and Internet access reaching into lower age groups, it’s clear that today’s schoolyards and playgrounds now extend to the online world.
As a new parent working in tech, I think a lot about the ever-increasing use of connected devices and social media in our families and its effects on us as parents. We are on the frontline of this new issue where the security and privacy of our kids is a major cause of concern. In the real world you can see who is bullying whom but online that’s not always clear.
Of course, it’s not just cyberbullying that we (parents and non-parents) need to be concerned about; but access to a lot of PG-rated and above material that is just one click away. As our new research indicates; unfortunately, many parents don’t monitor their kids’ online activities closely. Only half of parents of children aged 3-17 (51 percent) said they check their child’s activity weekly, one in five check it less than once a month or not at all (nearly two in ten) and just over half (56 percent) say they know the password to their child’s device.
Interestingly enough and coinciding with our research, another report surfaced last week on ABC’s Good Morning America about kids installing secret mobile apps that let them hide their online activities, like photos and texts. Yahoo Tech’s editor Dan Tynan, who was interviewed on the topic, gave this simple advice: turn off the ability to install apps without parental approval.
(Currently, our research suggests only four in ten parents have installed a parental block on their kids’ devices.)
Tynan’s recommendation echoes that of my colleague, AVG’s Sr. Security Evangelist Tony Anscombe, who offered his own sage advice to parents of school age children in a Back to School Tips column last week. Tony is also the author of the book “One Parent to Another,” an excellent resource which is available here.
My baby is less than one-year-old, so I’m a long way off from having to deal with many of these issues but I know my day is coming. I was particularly struck by a recent Parents Magazine article on the topic of “Parenting in a Fakebook World” that chronicled many of the pressures that start at an early age in raising a family in our Instagram-happy, Pinterest-perfect culture. If you haven’t read it, I highly recommend it.
Securing every family member online is a major focus for us at AVG and we will continue to devote a lot of time to understanding the dynamics and needs of digital families, as well as offering tools for help make the online world a safer one for our kids.
So, stay tuned for more here on www.now.avg.com.
Just Like Old Days: IOT Security Pits Regulators Against Market
A panel discussion at the Security of Things Forum debated the need for regulation to ensure the security and privacy of connected devices.
Jessy Irwin on Password Security, Opsec and User Education
Dennis Fisher talks with Jessy Irwin of 1Password about her path into the security world, the many security challenges in the education sector, the password-security problem, and security jewelry.
TLS Implementations Vulnerable to RSA Key Leaks
A number of TLS software implementations contain vulnerabilities that allow hackers with minimal computational expense to learn RSA keys.
Customers of UK’s Metro Bank targeted by Twitter fraudsters
Be on the lookout for copycat social media accounts which may be attempting to lead your customers astray.
The post Customers of UK’s Metro Bank targeted by Twitter fraudsters appeared first on We Live Security.
Will your kids ever have privacy?
A study carried out by the Global Privacy Enforcement Network (GPEN), involved over 29 privacy enforcement authorities in 21 countries. It found that only a third of websites had effective control of the information collected on our kids.
Understanding what happens to the personal information of your children needs to be high on the agenda of all parents. I’m not sure it’s understood due to the covert way that the data is being collected. Have you ever tried reading the privacy policy that accompanies websites and apps? if you haven’t then I am fairly certain your kids haven’t.
Imagine someone knocking on your door and asking for your child’s email address and access to their friends contact details. You would be shocked at the audacity of the request and send them away with nothing. When our kids go online or use apps, this very information is being given up without thought about what happens to it.
When something is free, such as an app or web service, it’s not because the company developing it is just being nice. Companies need to make money so that they can fund innovation that will keep us functional and entertained. One of the ways they can do that is by using our data. As consumers, especially when it’s our kids, we need to understand the trade off between free and acceptable data collection and use.
In a recent BBC article about the GPEN findings, Mr Adam Stevens, head of the UK’s Information Commissioner’s Office, said: “The most common concern domestically was a lack of information being provided about how their information would be used.”
The study identified concerns with 41% of the websites examined and that a minority of sites had an accessible way to allow families to delete data.
It’s important that we engage with our kids and teach them the value of their data. They need to understand how apps and services they’re accessing are using their personal data, and we need to guide them on what is acceptable usage.
Data breaches are now common place, and with vast amounts of personal data being collected and stored the consequences for our kids could be significant.
While I would not encourage kids to tell untruths, I might encourage them to have a modified set of data for use online, for example: their place of birth could be anywhere and the day of their birth does not need to be the real one, however their year and month of birth should not differ from reality as the reputable websites and apps deliver content that is age appropriate.
I personally have multiple email addresses: one for my serious stuff like banking and family communication, and an account that I can burn if it becomes compromised or I start getting too much spam. While this maybe a complicated thing for our kids to do, the principal behind this is something worth educating kids about.
Follow me on Twitter @TonyatAVG
‘InstaPolicing’: Police departments are monitoring social media
The golden rule of social media is ‘think before you post.’ In the age of Instagram and living in the moment online, people sometimes forget how that one digital moment can now and forever be captured.
It happens to the best of us – and it is also happening to the worst of us, sometimes with real consequences.
In terms of the latter, social media has become a tool for law enforcement to fight crime almost since its inception. Now, Instagram photos have become a popular mechanism for helping police to track criminals who, you might say, are ‘selfie-incriminating’ themselves on social media.
The San Francisco Police Department, for example, has dedicated resources for monitoring Instagrams to track individuals of interest, and the program has yielded results. Officer Eduard Ochoa, who has been SFPD’s “Instagram Officer” for a number of years, has monitored and tracked individuals who were on probation and observed them doing things in violation of their probation. In one case, a minor on probation posted photos of himself in possession of a firearm. The Instagram spottings allowed officers to perform a probation search, and in the course of the investigation firearms were found.
Recently, an appeals court ruled that those Instagram photos of the incident were admissible even though no one who was present when the photographs were taken testified. (You can read the court ruling here.) The individuals involved were also wearing the same clothes as they were in the Instagram photos when police arrived, which no doubt helped seal the deal.
The SF Police Officers Association’s newsletter singled out Ochoa and other officers for performing “an extremely intensive investigation using the most modern techniques provided by our new electronic age” to locate the suspect in a shooting.
“If the criminals are getting smarter and more tech savvy, so should the police department,” SFPD spokesman Officer Albie Esparza told a reporter for Marketwatch.
The Instagram officer is only one example of police using social media to fight criminals. Many departments across the country now use Facebook, YouTube and Twitter in police work. According to a 2013 social media survey from the International Association of Chiefs of Police, 96% of police departments were using social media in their policing, and more than 80% said it was helping solve crimes. (Of course, it works both ways, and the defense can find evidence of alibis on social media as well.)
Indeed, while social media usage is now commonplace in law enforcement, one item of concern is that guidelines and procedures to govern it may be lagging. According to a November 2014 study by LexisNexis, “Social Media Used in Law Enforcement,” 52% of the law enforcement agencies surveyed lacked procedures governing social media use. Further, Government Technology research found there is little training when it comes to social media usage by law enforcement departments.
Policies and guidelines for law enforcement using social media seem critical. As Police Chief Magazine reported in a 2013, “Written policies will ensure that agency executives know what their employees are doing and why they are doing it, as well as protect citizens’ privacy and civil rights and liberties…Many agencies already have policies to protect civil rights and civil liberties. Agencies should include references to agency privacy protections when drafting social media policies to collect intelligence and investigate crimes.”
In Minnesota, where police used Instagram photos to make indictments in a weapons-for-sale scheme, ACLU executive director Chuck Samuelson noted: “The law has not caught up with social media and other technology used to share and gather personal information and even law-abiding citizens should be aware that their personal information is being collected by all sorts of organizations and can be used against them.”
It would seem, as in many aspects of our digital lives, vigilance and ongoing work needs to be done to keep pace with the technology innovation, in order protect us all – our rights, our privacy and our security.
(Note to Hollywood: There’s plenty of material here to create a new series, CSI InstaPolice.)
A London NHS clinic leaks 780 patients’ details.
The 56 Dean Street clinic in London accidentally released the names and email addresses of 780 patients who have attended HIV clinics.
In a statement released on their website, a spokesperson for Chelsea and Westminster Hospital NHS Foundation Trust stated:
“We can confirm that due to an administrative error, a newsletter about services at 56 Dean Street was sent to an email group rather than individual recipients.
“We have immediately contacted all the email recipients to inform them of the error and apologise. Any concerned patients can call 020 3315 9555 and 020 3315 9594.”
In an interview with BBC Dr. Alan McOwan has said that, “Not everybody on the list is HIV positive.”
This data breach comes on the heels of a similar incident that occurred earlier last month to UK based holiday company Thomson. The 56 Dean Street clinic data breach, while unfortunate, again underscores the importance of having appropriate data security policies and procedures in place, as well as the need for employee training on the handling and protection of sensitive data.
The cost of a data breach can affect more than your bottom line, it can affect lives too. So if you’re in doubt about the security of your own IT infrastructure, download AVG’s Small Business IT Security Guide or take the AVG Small Business IT Security Health Check now to find out what you can do to help prevent security and data breaches.
If you need comprehensive protection against online threats for your business PCs, network and email, take a look at AVG Internet Security Business Edition.
