Tag Archives: Privacy

Avira

Facebook Is Getting More Secure Thanks to OpenPGP

Leave a comment

In order to achieve this goal Facebook just announced in a blog post that is now offering you the ability to encrypt e-mails via OpenPGP, an email encryption system.

“To enhance the privacy of this email content, today we are gradually rolling out an experimental new feature that enables people to add OpenPGP public keys to their profile; these keys can be used to “end-to-end” encrypt notification emails sent from Facebook to your preferred email accounts. People may also choose to share OpenPGP keys from their profile, with or without enabling encrypted notifications”, says Facebook

So basically the social network will allow you to give it your public key so that mails you might receive from Facebook (for example password resets) will be encrypted.  You can also enable encrypted notifications: Facebook will then sign outbound messages using your key so that you can be sure the emails are genuine.

The encryption system Facebook is using is OpenPGP where the PGP stands for “Pretty Good Privacy”. It’s one of the most popular standards when it comes to protecting email and should really serve its purpose well. Read this article if you want to find out more about Public Key Cryptography and PGP – it really will make the whole technique easier to understand.

The post Facebook Is Getting More Secure Thanks to OpenPGP appeared first on Avira Blog.

AVG

Got privacy? Fewer than 10% of Americans feel in control of their data

Leave a comment

It’s a tricky tightrope we walk between security and privacy. The newest report by Pew Research shows that Americans value their privacy and, paradoxically, are only too aware that they don’t have it.

The report, released May 20, highlighted what Pew terms “data insecurity.”

  • Nine in ten adults say being in control of who can get information about them and controlling what information is collected about them is important.
  • Only 9% of respondents felt they had a lot of control over how much information was collected about them and how it was used; and just 6% of the Americans surveyed felt that they could depend on the government to keep their data secure.
  • In the neighborhood of seven in ten people were not confident their activities and records recorded by online advertisers, social media sites and search engines would remain private and secure.

“The majority of Americans believe it is important – often very important – that they be able to maintain privacy and confidentiality in commonplace activities of their lives. Most strikingly, these views are especially pronounced when it comes to knowing what information about them is being collected and who is doing the collecting.”

We at AVG know this well. Pews report mirrors the attitudes that have shown up in our own research and studies conducted with the Mobile Economic Forum.  In our 2014 survey with MEF, we found that 72% of mobile consumers are not happy sharing personal data such as location or contact details when using an app, and one-third (34%) say trust prevents them from buying more goods and services using their mobile device.

The good news is that it looks like people are increasingly aware of their digital footprint and taking action.  For example, according to the Pew survey, 59% cleared their cookies or browser history; 47% refused to provide personal information not relevant to a transaction; 25% used a temporary username or email address; and 24% gave inaccurate or misleading information about themselves.

If you’re like those in the majority of the Pew survey and increasingly worry about your privacy, I urge you to take action.

At the very least, you can take advantage of our free AVG PrivacyFix app to help you manage your online profile across multiple social media platforms, and on all your devices, from one simple interface.  This includes adjusting privacy settings, stopping ad targeting, and blocking tracking.

In the meantime, the tide may be turning for privacy. A lawsuit brought by the American Civil Liberties Union led to a U.S. federal appeals court ruling in May that found that the NSA’s bulk phone call metadata-gathering program is illegal. (If you’re an insomniac you can read the 97-page ruling here.)

Obviously, we all want a strong national security program, and if rooting out terrorist cells is to have any success, a communications intelligence network is paramount. But there is another equally important imperative represented by the Fourth Amendment. The Fourth Amendment protects all Americans against unreasonable searches by the government. It’s a fine balance between the two mandates and goes directly to the Constitution.

The court ruling is a serious matter, and there may be broader implications. Surely, the natural question is then do these consumer rights apply to all digital footprints, including cyberspace?

Stay tuned.

AVG

Watch your data! 80% of UK identity fraud is happening online

Leave a comment

A new report from  the UK fraud prevention service, Cifas shows that incidences of identity fraud rose by 27% in the first three months of 2015 with nearly 35,000 confirmed cases.

In fact, identity theft was so prevalent that it very nearly constituted half (47%) of all recorded cases of fraud.

The report also highlighted the fact that 80% of all identity fraud in the first quarter was attempted or perpetrated online and that credit card and bank account details were the most common targets for attackers to pursue.

As Detective Chief Superintendent Dave Clark, from the City of London Police explains “By following some simple procedures, such as creating strong passwords, protecting internet connected devices with up-to-date security software and not sharing too much personal information online, we can make life much more difficult for the identity fraudsters.”

 

How can you help keep your data safe from fraud?

Creating a strong password

Creating a strong and memorial password doesn’t need to be difficult. We’ve created an easy to follow infographic that explains exactly how it’s done in three simple steps.

AVG’s Michael McKinnon also has some great advice on simple mistakes you can easily avoid when creating a password.

Video

Four Password Mistakes to Avoid

 

Get up-to-date security software

Like Detective Chief Superintendent Dave Clark explained above, having up-to-date security software is important on all of your devices. Importantly, protecting your devices is neither expensive nor complicated. AVG has a number of free security solutions that can help protect your PC, Mac or Android device. AVG Zen also makes it incredibly easy to manage the security, performance and privacy of multiple devices all from one screen.

 

Don’t give up your personal information

While you should try not to “overshare” online anyway, taking the time to learn about “phishing” and how to avoid it can you detect scams and hoaxes online so that you don’t unknowingly hand over your valuable information to an attack.

AVG’s Tony Anscombe has some great advice to avoid phishing:

Video

How to Avoid Phishing

 

Title image courtesy of actionfraud.police.uk

Avast

Avast Data Drives New Analytics Engine

Leave a comment

Did you know that Californians are obsessed with Selfie Sticks from Amazon.com? Or that people in Maine buy lots of coconut oil?

Thanks to Jumpshot, a marketing analytics company, you can find this information – as well as more useful information – by using the tools available at Jumpshot.com.

What may be most interesting to you is that Jumpshot is using Avast data to drive these unique insights. We provide Jumpshot with anonymized and aggregated data that we collect from scanning the 150 billion URLs our users visit each month. Using Jumpshot’s patent-pending algorithm, all of the personally identifiable information is removed from the data before it leaves Avast servers. Nothing can be used to identify or target individuals. Avast COO Ondřej Vlček explains the data stripping algorithm in an Avast forum topic.

Jumpshot infographic showing Amazon.com shopping cart values and the most popular products by state. Anonymized Avast browser data was used to create this information. Click here to see the full infographic.

Jumpshot infographic showing Amazon.com shopping cart values by state. Anonymized and aggregated Avast browser data was used to create this information. Click here to see the full infographic.

Data security, of course, is very important to us. We go to great lengths to keep our users safe, and have never shared any data that can be used to identify them. We never have and never will.

We are aware that some users don’t want any data – no matter how generic and depersonalized it is – to be used in market analysis. This is why we clearly state during the installation of our products what information we collect and what we do with it, and offer our users the ability to opt out from having that data collected. We believe we are unique in our industry in offering an opt-out, but we do so because we respect that choice to be our users to make, not ours. We’re grateful that more than 100 million of our users, when given a clear choice, have chosen not to opt out, and we thank you.

The foundation of our business is trust, and trust only exists with honesty.

We have always strived to have an honest relationship with our users, and we will continue to do so. Currently we do not make any money from this relationship but it is an experiment as to whether we can fund our security products indirectly instead of nagging our users to upgrade. As most people are aware, most all products we use every day—Chrome, Facebook, Firefox, WhatsApp, Gmail, etc.—are indirectly funded by advertisements. In most cases though, the products directly examine what users are doing and provide them targeted advertisements. Although we suspect some security companies are doing this, we do not believe it is the proper approach. Instead, we think that this anonymized, aggregated approach is much better to maintain the trust relationship that we think is so important between us and you, our loyal users.

As always, thank you for your support and patronage. Together we continue to make the Internet a safer place for all of us.

AVG

Android’s factory reset may leave data behind

Leave a comment

We’ve given tips in the past about what you could do with an older smartphone, and a few of those involved donating it to charity or selling it. A vital step before doing either of these is to perform a factory reset to clear out your data. New research has emerged that says that a factory reset may not be enough to keep your data safe from some more advanced data retrieval techniques.

Researchers at Cambridge University have just released a study outlining several flaws in the way most Android handsets handle factory resets. The issue arises from the way devices store information on flash memory. Reading data has a negligible impact on flash drives, but writing new data to them can cause considerable wear.

To prolong the drive’s health, instead of deleting content directly (“writing off” the data), flash drives will instead designate memory blocks where the data resided as “logically deleted”–meaning they are available to be overwritten.

So when you perform a factory reset, those “logically deleted” content blocks aren’t being overwritten, as they are already considered “empty” by the system. Given enough time and the right tools, the researchers were able to retrieve personal data such as photos and chat logs. They were also able to retrieve the master tokens for automatically signing in to Gmail and other Google apps as well as Facebook apps an alarming 80% of the time.

 

How to protect your data

If you are looking to sell or donate your phone, there are a few things you can do  to help keep your data private. We suggest you do all of these steps:

 

Encrypt your phone before factory resetting your data.

Devices running Android 3+ or above all allow you to encrypt your phone. The option can generally be found in the settings under the Security tab. Encrypting your phone before the reset ensures that any data that survives the factory reset has to be decrypted.

The Cambridge researchers were able to retrieve some encrypted data and run brute strength attacks until they found the right passwords. So make sure you create a long password of over 15 characters, using upper and lower cases, numbers and symbols: a longer, more complex password would take years to crack. Ideally, use a password generator: you don’t have to remember this password, since you’re “erasing this data”. Now complete the factory reset.

 

Remove your device from your Google account

From a browser on a new device, go to myaccount.google.com. Under Sign-in & Security you’ll find the Device activity & notifications section, which allows you to review all the devices currently connected to your account.

Device Activity

Select your old device, and Remove it. This will prevent any automatic sign-ins from your old device.

Remove device

 

Change your account passwords

Changing passwords regularly is simply good digital hygiene, so it makes a lot of sense to change your passwords when changing devices. Even if a hacker were to somehow retrieve your passwords to your Facebook or Google accounts after the factory reset, they would no longer work.

 

Though the risks of your data being exploited this way are relatively low, it pays to take extra precautions. With these three steps, you should be reasonably secure from even a determined criminal.

As always, stay safe out there!