Tag Archives: Privacy

Think celebrities are the only ones that can get hacked? Think again…

News broke on Sunday that nude photos of female celebrities were posted on the photo sharing site 4Chan. Along with the news came many theories and discussions as to how the hacker managed to collect intimate photos and videos from a long list of celebrities. While figuring out how the hacker accessed these intimate files will hopefully patch vulnerabilities, there are general steps that everyone should take now to protect their personal data.

Don’t blame the cloud

shutterstock_208714210

One of the theories circulating on the Internet is that iCloud was hacked via a vulnerability in Apple’s “Find My iPhone” app. Kirsten Dunst, one of the celebrities whose private photos were hacked tweeted the following: “Thank you iCloud”. Should Kirsten and the other hack victims be blaming the cloud though? The iCloud hack theory is just a theory, the hackers could have gained access to celebrity accounts via phishing mails or gained passwords from celebrity insiders. The hackers could have gained access to celebrity email and password combinations through breaches like the recent eBay breach or Heartbleed, which affected nearly two-thirds of all websites, including Yahoo Mail, OKCupid and WeTransfer. If the celebrities whose photos have been exposed were affected by these breaches and used the same passwords on several accounts, including iCloud, it would have been easy for the hackers to steal their personal photos.

Even if the hacker got the data by hacking iCloud accounts, the cloud should not be blamed. The hacker, first and foremost, should be blamed. However, we all should know that there are bad guys out there and we need to protect ourselves and our personal data from them. The lack of cybersecurity awareness amongst these celebrities also deserves a portion of the blame.

Know where you are saving what

Back in 2011, when nude photos of Scarlett Johansson and Mila Kunis appeared, we learned that celebrities are not immune to hacks, in fact they were specifically targeted and will probably be targeted again. It seems that many celebrities did not learn the importance of cybersecurity from the 2011 hack. Every mobile user, celebrities included, should be learning a lesson from this awful and unfortunate event and be re-thinking where they are saving their intimate and personal data.

Many mobile users are unaware of the fact that their data is no longer only saved to their hardware. Many devices and apps come with automatic cloud back up features. Cloud based back up can be a very useful tool to prevent data loss, but if you want to delete intimate photos from your device you should also remember to delete it from the cloud. 

How to protect your accounts

 

Whether the hackers gained access to the data via an iCloud vulnerability, phishing scams, or by using brute force programs there is one common denominator: passwords.

Mobile malware specialist, Filip Chytry recommends the following to protect your accounts:

  • Use strong passwords – Strong passwords are critical when it comes to protecting online accounts. Strong passwords should be at least 8 characters long, contain a combination of letters, numbers, and symbols. Ideally, you should not be able to remember your own password the first time you try to log into your account with your new password. You should update all of your passwords every three months and after news of account breaches.
  • Use different passwords for each of your accounts – It is not easy to remember different passwords for all your online accounts, but it is vital that each online account has a different and strong password. Passwords need to be thought of as keys, you wouldn’t want your house key to open your car – passwords and online accounts should be no different. Password managers like avast! EasyPass can help you secure your passwords and accounts.
  • Enable two factor authentication – Many sites and services offer two factor authentication, meaning you are required to enter a pin number sent to your mobile device, in addition to your password, in order to gain access to your account. This helps verify that the person trying to log into the account is the actual account owner and in fact a real person (not just a program trying to hack accounts).
  • Download anti-virus protection for your mobile device – Anti-virus protection, such as avast! Mobile Security, not only protects your mobile devices from malware, but can also protects you from phishing links. Phishing sites look like legitimate sites designed to trick you into giving up your log in credentials, which may be how the hackers who published the nude photos gained access to celebrity accounts.

If it can happen to them it can happen to you

We often put celebrities on pedestals, but at the end of the day they are normal people just like you and I. No one is immune to hacks per se, but being aware of where you store your sensitive data and using the proper tools to protect your data can prevent hackers from accessing it. We should all take this situation as an opportunity to learn how to protect our very personal information.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on Facebook, Twitter, Google+ andInstagram. Business owners – check out our business products.

Week in Security: Game over in Korea, cellphone snoops and phishy Bitcoins

Gamers and cellphone users were targeted by criminal groups around the world in our security news this week – with results varying from slightly eerie surveillance towers, to a gigantic data breach in which 220 million records were traded. The former were struck with a series of irritating service outages caused by a hacktivist group, plus a data breach of enormous proportions, which swept up half of South Korea’s population in a scam designed to steal virtual money and goods.

Cellphone users were left looking over their shoulders as a security news report highlighted the sale and use of tools which could track a user with high accuracy from town to town and even to other countries – and these tools are being bought not only by oppressive regimes, but by gangs.

Even more disconcerting was the discovery of at least 17 ‘fake’ cellphone towers which hacked into nearby handsets to either eavesdrop, or install spyware. The fake towers, found, oddly enough, by a company which markets handsets immune to such attacks, were found throughout America – with one, puzzlingly, in a casino….

Meanwhile, POS malware continues to multiply, and a new phishing attack highlighted how social engineering can strike anyone…

Security news: Half of South Korea breached

By anyone’s standards, it was a massive data breach – involving 27 million people, half the population, and 220 million private records changing hands. It also highlighted just how much South Korea loves playing games, as it hit adults and children alike – the breach targeted registration pages and passwords for six online gaming sites, with the aim of selling game currency and virtual goods.

The breach affected 70% of the population between the ages of 15 and 65, according to Forbes.

The sixteen hackers who were jailed had used 220 million items of personally identifying information, with the goal of breaking into online game accounts. A 24-year-old man, surname Kim, bought these records from a Chinese hacker he met in another online game in 2011, according to the Korea JoonGang Daily.

Kim and his associates are thought to have used a hacking tool known as an “extractor” to log in to accounts and steal virtual currency to and items to sell – earning in the process 400 million won ($390,919).

1,000 U.S. firms infected with credit-card-stealing POS malware

An official warning issued this week highlighted the rise and rise of malware targeting point-of-sale systems in retail outlets, with the goal of stealing credit card details – with Secret Service operatives warning that one particular strain had infected a vast number of American firms.

The United States Computer Emergency Readiness Team issued a statement saying that the “Backoff” malware was rife in U.S. businesses, taking over administrator accounts and removing customer data from several hundreds of companies. Their information was based on Secret Service estimates, after conversations with POS software vendors in America.

ESET Malware Researcher Lysa Myers says, “Malware attacks on Point of Sale (PoS) systems are coming thick and fast right now.”

Myers offers a detailed guide for businesses concerned that they may be being targeted with POS malware.

Cellphone users targeted by cyber-snoops

Cellphone users, you may be being watched – by a surveillance industry which one privacy group claims is worth $5 million a year.  This week saw an in-depth report into the export of equipment  which can track the movements of anyone carrying a cellphone – from town to town and even into other countries.

It also saw the discovery of “fake” cellphone towers known as “interceptors” in active use on U.S. soil, according to Popular Science. The technology is known, but expensive, and it’s unclear who is operating the towers, or why.

High-end surveillance technologies which penetrate networks to track users are freely on sale not only to oppressive regimes, but also to criminal gangs, according to a report by the Washington Post.

Third-party surveillance apps are, of course, widely available which allow suspicious spouses and more nefarious individuals to track the owner of a phone by surreptitiously installing and hiding such an app. Such ‘domestic spyware’ is often involved in domestic violence cases.

The gear used by oppressive regimes is of a higher level altogether. “Surveillance systems are secretly collecting these records to map people’s travels over days, weeks or longer, according to company marketing documents and experts in surveillance technology,” the Washington Post reports.

“The capabilities of surveillance technology have grown hugely in the past decade – in the hands of a repressive regime, this equipment eradicates free speech, quashes dissent and places dissidents at the mercy of ruling powers as effectively as guns and bombs, if not more so,” Privacy International says in its report.

Game Over, man! PSN taken down, other networks under attack

A new hacktivist gang disrupted and brought down several gaming services this week, including Sony’s PSN network, and the Twitch gamer-TV service, which returned only after presenters Tweeted photographs of themselves with the group’s name written on their foreheads.

Most of the attacks were basic denial-of-service attacks, and no information was lost during Sony’s network outage. The FBI took an interest when a reported bomb threat by the same group caused the diversion of a flight carrying a Sony executive, according to Reuters report.

Sony summed up in a blog post, “The networks were taken offline due to a distributed denial of service attack. We have seen no evidence of any intrusion to the network and no evidence of any unauthorized access to users’ personal information.”

It is as yet unclear what the group’s motivation is – with DDoS attacks also aimed at popular PC titles such as Blizzard’s Battle.net, Riot’s League of Legends and Grinding Gear Games’ Path of Exile.

Bitcoin phishing a cryptic success with non-users

How hot is Bitcoin right now? So hot that even non-Bitcoin users are tempted to click on phishing links referring to Bitcoin wallet sites (which they don’t use). The relative success of the attacks shows how social engineering can take many forms – and that clicking on links in ANY unsolicited email is a bad idea.

Previous Bitcoin wallet phishing campaigns usually targeted known lists of Bitcoin users. The new waves of phishing emails were targeted at corporations, rather than those with an interest in cryptocurrency. The tactic has proved a success for the criminals behind it – with nearly 2.7% of victims clicking on the malicious link embedded in the two waves of 12,000 emails.

Proofpoint, which monitored the attack, said that the high success rate proved how much the hype behind the Bitcoin wallet had caught the imagination of the general population.“Unregulated and designed for anonymity, Bitcoin represents an attractive, $6.8 billion target to cyber criminals,” Proofpoint said.

The Register’s John Leyden reported, “This high click-through rate is a concern because crooks could easily switch from Bitcoin scams to targeting curious users with DDoS malware, remote access Trojans, corporate credential phish, or other threats.”

Some things, of course, don’t change: the emails took the form of a classic “account warning” phishing email, just using a Bitcoin site instead of a bank.

The post Week in Security: Game over in Korea, cellphone snoops and phishy Bitcoins appeared first on We Live Security.

Internet privacy: Seven rules to keep secrets safe

Internet privacy is something consumers are increasingly aware of, but which is near-impossible to achieve. You are never truly invisible on the internet – just witness how quickly the Blackphone, made by encryption legends Silent Circle met its match at DEF CON.

But while the free internet relies on “watching you” to sell ads, and others watch you just because they like it, there are a few steps sensible internet users should take for those moments when a little internet privacy IS required.

Most are the basics of internet privacy - password hygiene – and good security practice on social networks.

But when it comes to things you might want to keep private – business conversations that would be of interest to a rival, hobbies such as motorcycling that might be of interest to an insurer, a few basic steps can help.

If you ARE James Bond, no security tip in the world will stop your enemies watching you – that’s their job. For most of us – from college students to small businesses to people afraid of one particular watcher, such as domestic violence survivors – some basic steps will help you stay private.

Tinfoil hats are not required. Nor is switching to a “private” browser such as Tor – although privacy-conscious users may find it surprisingly fast these days.

Rule one: Use the internet privacy tools provided by ‘the watchers’

There are good reasons to revisit the internet privacy menus on your Facebook account – and it’s highly unwise to post anything to the network that is in any way sensitive. Facebook  is not content with the trove of data provided by its own users – it deals with third-party “data broker” companies, who provide the company with encrypted lists of email addresses (for instance, of users who have bought a vacuum cleaner), which Facebook then matches against its own encrypted list. This means the company may ‘know’ more than you think it does. The only defense is to be cautious with data both inside and outside Facebook.

There are other good reasons behind people’s distrust of Facebook, and to ensure your account is locked up as much as possible. This year, the social site added hidden tracking in its ubiquitous ‘Like’ button to track users outside of Facebook pages. The new tracking method actually ignores users’ Do Not Track preference settings (the browser setting where users can choose “ask websites to not track me”). Staying logged out as much as possible is a good idea to increase your internet privacy.

Google is a major player in collecting data – every Google service from YouTube to Search collects information on signed-in users, and collates it to refer to one user profile. This is used to tailor Google ‘adwords’ – the text adverts that appear around searches and above Gmail’s Inbox – to the user. Google, however, is very open about how it all works, and you can opt out of almost everything, even if you’re a heavy user. If you do so, the only service you’ll really be unable to use is the excellent Google Now on Android, which relies heavily on search history and location history. It poses its own privacy risks, of course, if anyone looks over your shoulder…

Google itself offers a clear explanation of how its data collection works – and provides a dashboard of tools web users may wish to use to prevent themselves being tracked. For Google, personalized adverts are a service, and one you can choose not to use. Facebook’s approach is more opaque. Facebook said that it would also ignore “do not track” signals sent by browsers – a measure put in place to offer users choice on privacy – because “because currently there is no industry consensus.”

Rule two: Don’t tell the internet your age, or if you went to college

Sharing information too openly online is a bad idea – leaving you open to spear phishing attacks. But data also falls into the hands of companies which trade in it – billions of data points at once, sold to advertisers and other companies. Most of these are perfectly normal companies. Some are not. The Federal Trade Commission is investigating ‘data brokers’. The industry is thus far largely unregulated, and brokers will offer anything from anonymous data gleaned from browsing, to a mix of data, some publicly available, some from website cookies and other tracking tools. You are significantly more likely to be identifiable from your data if you share things publicly – even the fact you own a dog, or your address, or if you geolocate pictures. Take control of this data. Don’t share when you don’t have to.

internet privacy

Consumers are increasingly concerned about privacy, a Silent Circle poll found

Social networks are a prime example, but “overfilling” a profile on a blog or corporate site can also reveal details. If there’s ever a box about sharing data with other companies, make sure you tick (or don’t tick) so your data isn’t shared. Whatever happens to it, it isn’t going away. Some, not all data brokers categorise customers in a way which may impact future eligibility for financial products – categorising them as uneducated, or putting them in a category of older people, or instance. This is information you should not share publicly, as it may impact your financial future.

Rule Three: Don’t trust ‘Do Not Track’ – Incognito or Private mode are better

Many companies ignore a browser’s request not to be tracked – including high profile firms such as Facebook.  The only fix is to use Incognito or Private browsing, and not log in to Facebook as you browse.

You will still be followed by trackers (cookies and scripts embedded in most websites) as you browse, but the profile that’s built up applies to a user who disappears when the session ends. You are still, of course, not truly ‘private’ – your IP address can still be traced as having visited a particular website, but it helps. Setting your browser to delete cookies on closing also helps in this regard – but it’s not a silver bullet.

Rule Four: Don’t use Facebook log-ins on apps

Don’t imagine smartphones are any different from PCs – you will be tracked on your browser, just as you are on PC, and there are other security concerns, too. But one step is easy to take. Many apps allow users to log in using their Facebook details, which spares user the time of filling in a form.

internet privacy

However, this allows the social network to use information from the app, and apply this to its advertising profile to target adverts. Any information in the app becomes available to Facebook. If you’re worried about how much Facebook ‘knows’ about you, use email to log in instead.

Rule Five: Turn to Tails if you  really need to be private

If you are determined not to be watched, Tails is a high-end internet privacy tool – although it should be noted that it is not “spy proof”. It boots from a DVD or USB stick, and forces internet traffic through the anonymizing service Tor (all non-Tor connections are rejected). Tor is of course not immune from spying – but it’s as secure as it gets, most of the time.

When you’ve finished, Tails deletes all data from the session (it’s stored in RAM rather than in computer storage). It can be used on any computer, and leaves no trace once the session ends. You are, of course, still vulnerable to some techniques – for instance, electronic listening devices could pick up your keystrokes.

Rule Six: If you’re doing business, use a VPN, and encrypt everything you can

If you are using the internet for sensitive business reasons, use VPN software. Either provided by your company, or if you’re a small business or freelancer, use your own VPN client. Likewise, ensure you encrypt as much as you can – from emails to data stored on your PC. ESET researcher Stephen Cobb argues that encryption is now essential for business – and with the rate of data breaches seen over the past few months it’s hard to argue. Malware researcher Lysa Myers says,”The best way to protect your data from prying eyes is to make more of it unreadable to outside parties. And the best way to do this is to encrypt as much as you can both data that is saved on your hard disk, and data that you send out of your machine, via email, web or other methods.”

Rule Seven: You are never invisible online

No matter how paranoid you are, how security-conscious you are, there is always a way round your snoop-proof techniques. Unscrupulous and greedy people will find it. If you want something to stay private, don’t do it online, or on the phone. Do it in the real world. As more consumers use internet privacy tools, new unknown techniques appear to bypass them. ‘Canvas fingerprinting’ is a new technique, invisible to users, which became widespread among companies selling data to advertisers before the media were even aware of it. Requiring PCs to render a fragment of text, it bypasses “do not track” instructions to create a fingerprint which “shatters” current privacy tools, Princeton researchers say. One provider which uses the ‘fingerprinting’ technique,  touted as a replacement for cookies for advertisers keen to track users across the web, uses its scripts in thousands of sites – and reaches 97.2% of the internet population in America, according to Comscore.

The post Internet privacy: Seven rules to keep secrets safe appeared first on We Live Security.

Google dorks – FBI warning about dangerous ‘new’ search tool

The FBI has issued a warning to police and other emergency response personnel about a lethal new tool which ‘malicious actors’ have been using to deadly effect against American government institutions – Google dorks.

The warning, reported by Ars Technica, refers specifically to ‘Google dorks’  or “Google dorking” – ie the use of specialized search syntax,  using terms such as “filetype:sql”.

‘Google dorks’ refers to search syntax which allow users to search within a specific website (using the term in:url) or for specific file types, and can thus be used to search databases. Such search terms are widely known, and legal – the warning alerts units who may not be aware of the technique to secure databases properly.

Google dorks: Weapon of the ‘malicious’?

“In October 2013, unidentified attackers used Google dorks to find websites running vulnerable versions of a proprietary internet message board software product, according to security researchers,” the FBI warning says.

“After searching for vulnerable software identifiers, the attackers compromised 35,000 websites and were able to create new administrator accounts. ”

“For example, a simple “operator:keyword” syntax, such as “filetype:xls intext:username,” in the standard search box would retrieve Excel spreadsheets containing usernames. Additionally, freely available online tools can run automated scans using multiple dork queries.”

The warning refers to several online resources commonly used to automate “Google dork” queries – and offers advice on the scope of such search terms.syntax.

Shock as web users employ ‘search’

The warning also offers a useful link to Google’s own testing centre for pre-empting such attacks, the Google Hacking Database. Webmasters can use this to check whether files are “visible” to Google dorks, then hide them if they wish.

Ars Technica points out that the warning refers to “malicious cyber actors” and refers to a notorious case in which reporters were accused of “hacking” a website by using freely available information and an automated tool, GNUGet.

However, as Ars explains, the warning is not really meant to highlight a “new” technique, i.e Google dorks, but to warn webmasters to make their websites more secure.

“This warning from the DHS and the FBI was mostly intended to give law enforcement and other organizations a sense of urgency to take a hard look at their own websites’ security,” Ars comments. “Local police departments have increasingly become the target of “hacktivists.” Recent examples include attacks on the Albuquerque Police Department’s network in March following the shooting of a homeless man and attacks on St. Louis County police networks in response to the recent events in Ferguson, Missouri.”

The warning says, “Ensure sensitive websites are not indexed in search engines. Google USPER provides webmaster tools to remove entire sites, individual URLs, cached copies, and directories from Google’s index.”

The post Google dorks – FBI warning about dangerous ‘new’ search tool appeared first on We Live Security.

Surveillance fears over systems which ‘follow’ cellphone users

Concern is growing over the export of surveillance equipment which can track the movements of anyone carrying a cellphone – from town to town and even into other countries.  Such technologies are freely on sale not only to oppressive regimes, but also to criminal gangs, according to a report by the Washington Post.

Third-party surveillance apps are, of course, widely available which allow suspicious spouses and more nefarious individuals to track the owner of a phone by surreptitiously installing and hiding such an app. Such ‘domestic spyware’ is often involved in domestic violence cases.

The technology used by repressive regimes is much higher-level surveillance: specifically, the governments, gangs and other individuals monitor telecoms networks for their location records.

Surveillance systems map people for weeks

“Surveillance systems are secretly collecting these records to map people’s travels over days, weeks or longer, according to company marketing documents and experts in surveillance technology,” the Washington Post reports.

The use of such equipment is highlighted in a report, Big Brother Inc, by Privacy International, which claims that the surveillance industry has grown to be worth $5 billion per year, and that export control regulations have not kept pace with developments in such technology.

Capabilities of surveillance have grown hugely

“The capabilities of surveillance technology have grown hugely in the past decade – in the hands of a repressive regime, this equipment eradicates free speech, quashes dissent and places dissidents at the mercy of ruling powers as effectively as guns and bombs, if not more so,” Privacy International says in its report.

Mark James, security specialist at ESET, says there is a broader issue about the ownership of the data generated by such devices, and in particular the rights of the end user.

“The main concern here is the lack of international laws to protect the end user,” says James. “Without a global policy in place there will always be some countries that can be used to track people’s locations and activity.”

“With users now requiring the latest technology advancements in their mobile devices which include GPS location, mobile internet and the ability to be contacted wherever they are, it is often overlooked that this technology is two-way.

“Even if in your contract there were to be a paragraph stating that you can be monitored whenever and wherever, the likelihood of you reading it and acknowledging it exists is remote, and let’s be honest would you refuse to have the phone if this were made clear to you when you purchased it in the first place? I honestly think not.”

“This type of surveillance has been around for a while and it’s not going anywhere, all we can do is put measures in place for an independent organization to monitor its use and work harder to have an international  agreement in place to limit where this data ends up.”

Privacy International is now campaigning for more regulation of the surveillance industry, and in particular to restrict the sale of such technologies to repressive regimes. The group points to some limited successes, such as the EU Parliament’s resolution calling for stricter oversight of surveillance technology exports, and President Obama’s  executive order to prevent such exports to Syria and Iran.

The group says, “Export control regulations have not kept pace with this development, nor have companies taken it upon themselves to vet the governments to whom they sell their technology. The situation has now reached a crisis point: countries must enact strict export controls now, or be guilty of a staggering and continued hypocrisy with regard to global human rights.”

The post Surveillance fears over systems which ‘follow’ cellphone users appeared first on We Live Security.

Online fraud – POS malware has now hit 1,000 U.S. firms

More than a thousand U.S. businesses have been affected by point-of-sale malware – malicious software written specifically for online fraud – to steal information such as credit card details from companies and their customers.

The United States Computer Emergency Readiness Team issued a statement saying that the “Backoff” malware was rife in U.S. businesses, taking over administrator accounts and removing customer data from several hundreds of companies.

POS malware was a footnote in computing history until the Target breach, but the hi-tech online fraud now appears to be a growth industry. Ars Technica points out how quickly the software has evolved during the past two years, and emphasizes the direct impact on American consumers.

ESET Malware Researcher Lysa Myers says, “Malware attacks on Point of Sale (PoS) systems are coming thick and fast right now.” Myers offers a detailed guide for businesses concerned that they may be being targeted with POS malware.

Online fraud: Shop terminals under attack

“Over the past year, the Secret Service has responded to network intrusions at numerous businesses throughout the United States that have been impacted by the ‘Backoff’ malware,” the advisory stated. “Seven PoS system providers/vendors have confirmed that they have had multiple clients affected. Reporting continues on additional compromised locations, involving private sector entities of all sizes.”

The figure of 1,000 businesses comes from a Secret Service estimate, based on figures from vendors of POS software.

“Seven PoS system providers/vendors have confirmed that they have had multiple clients affected. Reporting continues on additional compromised locations, involving private sector entities of all sizes, and the Secret Service currently estimates that over 1,000 U.S. businesses are affected,” the advisory says.

Criminals target makers of software for shops

Ars refers to a recent  attack, where the attackers were able to guess the password to the system,and  installed the Backoff program. The malware disguises itself as an innocent Java component but ‘listens’ for credit card transactions, storing them and transmitting them to criminals, according to  US-CERT’s original advisory.

The US-CERT advisory advises companies, “Organizations that believe they have been impacted should contact their local Secret Service field office and may contact the NCCIC for additional information.”

 

The post Online fraud – POS malware has now hit 1,000 U.S. firms appeared first on We Live Security.

What does the future hold for our privacy?

Nothing is ever certain about our future, but when it comes to privacy, we can take a look at current trends and make some educated guesses as to what we will see tomorrow, next year, or even in 10 years’ time…

Looking at those trends, it’s clear that no matter how people’s privacy is violated and taken away, there will always be new tools to help protect it combat them and most important of all, keep people in control of their own privacy.

Innovation helps both sides of the spectrum and will lead to many games of cat and mouse moving forward into the future. To be more specific though I see two primary areas where privacy will be influenced the most in the future: anonymity and user owned data.

 

Anonymity

Being anonymous is one of the hardest things to do, if not impossible, in this day and age. With the prevalence of online tracking, government surveillance, and login systems everywhere it is very difficult to keep things to yourself unless you are willing to forgo the online world. While there are many services that start to offer “anonymous” services such as Secret and Telegram, there is always something that is connecting your device to the posts you do or the interactions you make. That’s why I see a future where pseudo-anonymity is commonplace.

Pseudo-anonymity would allow people to be anonymous to others and possibly to the application they are interacting with, but still be able to put together a profile and have an account. Adopting a pseudo-anonymous system has potential far beyond simple messaging apps and in something like Bitcoin, has the potential to really change the world.

In Bitcoin, everyone has a public address where you can see where Bitcoins are being sent to and from, and follow transactions very publicly, but you can’t actually identify the person that has the addresses unless they specifically tell you. This form of pseudo-anonymity is regarded as a positive step for privacy as it allows for direct audits and transparency of information while still letting individuals control their identifiable data.

Bitcoin is just one example of pseudo-anonymous technology, while even Facebook is taking steps to allow for Facebook login where apps cannot access your identity but rather just verify you are a person. It’s important I think to separate out task of verifying users as real people and learning their identities. That way we can have quality services supported by real users but without them having to sacrifice their privacy. Pseudo-anonymityis a good bridge for these two things.

 

User Owned Data

Right now as you browse the web there are dozens of companies that are collecting information about what you search for, what pages you visit, what you watch, and more. These companies make inferences about you such as your gender, income bracket, and marital status. They then sell this information to advertisers who will try to serve you with more relevant ads so that you are more inclined to click on them. This is the current status quo but it relies heavily on inferences and guesswork, which means there is a limit to how accurate the information can be.

Currently many companies have tried to bring user control to this aspect of online data collection, but nobody has truly succeeded. To get users to willingly hand over their data to companies, there needs to be a high enough value proposition for the users. Facebook and Google do a great job of this currently by providing free services that we use every day in return for data to be used for advertising. Other companies are still trying to crack the code on what would be valuable enough to these users. Online advertising is still in a high growth phase though and has a strong outlook to expand and grow into the future. Once advertising matures enough, it may become worth enough for other companies to be able to provide proper incentives to users in return for access to their data.

While nobody can predict the future we can help build the future we want to be a part of. The next time you sign up for a site or enter a competition in exchange for your email address and phone number, consider what information you are really giving up, who is getting access to it, and how it will be used. If we want a future where we are all more in control of our privacy we must start to take better care of our data.

 

If you have any ideas of what would be ideal in your future for privacy, let us know in the comments or drop us a line on our Facebook page at https://www.facebook.com/AVG.

California Earthquake serves up privacy reminder

This weekend’s earthquake near American Canyon has highlighted the risk of living in the Bay Area and also given us all insight to how people behave in today’s connected world.

The speed at which tweets started appearing of people sharing their experiences shows that many of us are sleeping with a connected device next to the bed that is the first thing we grab for when awoken in the middle of the night. Now though, our connected devices are no longer relegated to the nightstand, but instead are in bed with us.

After the quake, an interesting story emerged from Jawbone, the manufacturer of a fitness/sleep tracker UP. They have released data on the number of people that were woken by the earthquake based on location and the epicenter. The data is interesting, 93 percent of UP wearers in Napa, Sonoma, Vallejo and Fairfield woke up instantly, while just over half in the areas of San Francisco and Oakland. And 45 percent of those within 15 miles of the epicenter then remained awake for the remainder of the night. The data gives you some indication on the magnitude and effect the earthquake had on people.

jawbone

While the information is very interesting and offers fascinating insight into human behavior, it does also serve as a gentle reminder that as connect our lives to the Internet, that data takes on a life of its own.

I wonder if the users of fitness/sleep devices are aware that their data could be used for analysis such as this? While the data Jawbone shared was anonymous and pretty much harmless, it does make me think, what else is being collected? What other insights do they have into our daily lives?

Fitness/sleep trackers collect information about the user and most of it is of a very personal nature and includes name, gender, height, weight, date of birth and even what you eat and drink if you are logging this in the app. Now couple this with location data that is being collected and you may even be able to understand where people regularly work out or go to eat..

I use a fitness tracker and as a user I limit the sharing of my data, I have switched off the sharing through social media as I don’t think my friends and family really need to know how many steps I took today. But I do understand that many users bounce off their friends as motivation to do more exercise which is not a bad thing if that’s the way you get your motivation.

 

Checking privacy policies

It sounds boring but I would absolutely advise reading the privacy policy of a fitness tracker before purchasing/installing. It cannot hurt to be more informed about what you are agreeing to reveal about yourself and who you are happy to share that information with.

After all its your data, it should be up to you how it gets used.

 

 

How to look like an idiot on Facebook and Twitter

Looking like an idiot on social networks like Facebook and Twitter is not too difficult. Many people have achieved this state of being without much thought at all. So c’mon! With a little effort and commitment you can lose your job, get arrested, or alienate your friends! ;)

Facebook idiot

Here are the top 3 ways you can look like a total nincompoop on social media.

  1. 1. Post rants and other fun messages. Anger is a completely natural, healthy emotion. Some people think it’s a good idea to try to control it so they won’t, for example, drive their fist through the wall or punch their co-worker in the nose. But now, you can release all that pent up emotion by communicating your feelings on social media!

Like this woman: After being passed over for a promotion at work, an Arizona woman posted an angry Facebook message in reaction. How good it must have felt to let her frustration out. Since she was friends with her co-workers, they all saw it. It said,

This place is a joke!!! I wonder if I passed up a good opportunity by being at this place. I absolutely hate fake and lazy ppl!!! Ugh, the ones who actually work are the ones to blame??? WTF? #TwistedMinds.”

Those co-workers of hers, not the fake or lazy ones,  were sure to surround her with support and encouragement after reading how distressed she was.

Oh. Oops. They couldn’t encourage her. She was fired shortly after that rant.

Here’s an example of a proud daughter bragging about her father. That’s really sweet, isn’t it? Most teenagers complain about their parents, but this Florida girl took to Facebook right away to express her joy about an $80,000 age-discrimination lawsuit her father won from a former employer, a posh private school. She had plenty of classmates at the school who saw the post. She wrote,

 Mama and Papa Snay won the case against Gulliver. Gulliver is now officially paying for my vacation to Europe this summer. SUCK IT.

It’s so nice that a young girl wants to travel in Europe for the summer…all that history and culture…and the food…

Oh. Oops. The school’s administrators and lawyers also got to see her message. The lawyers were not amused, so they invoked the confidentiality order and voided her father’s settlement.

Read more on our blog about dumb things people post.

TIPS

  • Before posting, take a moment to rethink what you just entered in the newsfeed. Re-read what you wrote before hitting the publish button.
  • Take advantage of Facebook Groups or Google+ circles to make sure your messages get to the right people.
  1. 2. Let it all hang out: Ignore your privacy settings. In the excitement of daily life, it’s easy to forget how many people can read your posts. From co-workers to your mom, even strangers; virtually anyone can read your angry rant, your drunken Tweet, or see Selfies of your trip to the mall when you were supposed to be home sick in bed. When I read about this guy, I knew you’d like it too – it’s so cute.

Facebook idiot1A Florida drug dealer shared a selfie of himself in his car with a wad of cash and illegal drugs in his lap. Through the window of the car, you can plainly see a sheriff’s vehicle pulled alongside. He posted it to Facebook with a comment about how easy it was to deal drugs under cops’ noses. His friends probably got a good laugh out of that, and I’ll bet he got plenty of likes and shares.

Oh. Oops. This guy must not have heard that Facebook has privacy settings, and he apparently didn’t know that he could tweak the settings for Friends only. Since his newsfeed was set to public, that nosy Sheriff’s office was able to see the photos. They must have gotten a good laugh from it, too.

TIP:

  • Learn about Privacy settings and shortcuts on the social networks you use. This blog post will help you with Facebook, and this one with Google+.
  1. 3. Believe everything you read, and then share it!

Who doesn’t love spending a rainy afternoon watching videos of their favorite celebrities in compromising positions? Rihanna’s sex video, and that crazy Justin Bieber…what will he think of next? Filling out a little survey is no inconvenience. And if you don’t like it, there’s that famous Dislike button you can download for free. Never mind the unwanted toolbar that comes with it!

It is heartening to know that people are concerned about privacy, and many of them shared it with this notification. Too bad it was meaningless.

In response to the new Facebook guidelines I hereby declare that my copyright is attached to all of my personal details, illustrations, graphics, comics, paintings, photos and videos, etc. (as a result of the Berner Convention). For commercial use of the above my written consent is needed at all times!…

Unfortunately, sad things are also shared. This past week, 24 million people shared a video that claimed to be the last good-bye from Robin Williams. It is a fake meant to scam people out of their personal data.

// <![CDATA[
(function(d, s, id) { var js, fjs = d.getElementsByTagName(s)[0]; if (d.getElementById(id)) return; js = d.createElement(s); js.id = id; js.src = “//connect.facebook.net/en_US/all.js#xfbml=1”; fjs.parentNode.insertBefore(js, fjs); }(document, ‘script’, ‘facebook-jssdk’));
// ]]>

Many avast! users were incredulous that this type of scam could still happen, and indeed, this video and others of it’s ilk are fakes. Cybercrooks use our morbid curiosity to tempt us into clicking on wall posts, videos, and links.

TIPS

  • If you see anything questionable, don’t click the link. Rather mark the post as spam or click the X to remove it. If you are interested in the subject, search for it on a major search engine and try to find it from a reliable source.
  • Get rid of unwanted games in Account settings > Manage apps.
  • If you do fall for a clever scam, don’t beat yourself up – just change your password, and maybe notify your friends because chances are good you will unknowingly spam their newsfeed.
  • Make sure you keep avast! Antivirus updated, or if you don’t have antivirus protection, get avast! Free Antivirus for your PC or Mac and avast! Mobile Security for Android devices immediately.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on Facebook, Twitter and Google+. Business owners – check out our business products.

Twitter hacked – Cricket legend ‘Beefy’ Botham exposed

One of England’s greatest-ever cricketers, Sir Ian Botham, appeared to have had his offficial Twitter hacked yesterday as an obscene picture unexpectedly appeared on the sportsman’s feed, according to the Evening Standard.

The single post was accompanied by the message, “What are you thinking…. xx”.  Botham was rapidly warned by friend and Welsh football pundit Robbie Savage that he had had his Twitter hacked, “Mate I think you’ve been hacked.”.

Botham rapidly regained control of the account, and Tweeted, “I would like to thank the hacker….I’ve just got 500 hits in 20 mins !!”

Twitter hacked: ‘Beefy’

In his column in the Daily Mirror newspaper, ‘Beefy’ said, “For those of you on Twitter who may have seen a distasteful photo from my account yesterday, let me assure you it was the result of someone hacking into it. I’ve played a few jokes in my time, but this was pathetic.”

“My old mate and fellow Mirror columnist Robbie Savage was straight on to me to change my password – which I’ve done. I’ve also asked the boffins in the Sky tech department to see how I can stop it happening again.”

Veteran security writer and researcher Graham Cluley wrote, “Let’s hope that Sir Ian Botham has now properly secured his Twitter account and other social media assets more effectively. It would be terrible if future hacks would cause his fans to boycott his future tweets.

The only silver lining is that Ian Botham is now trending on Twitter.”

More followers after picture

Botham too saw the silver lining to the hack, saying, “If some keyboard warrior has nothing better to do than post silly pictures, more fool them. The only impact it has had on me bizarrely is to give me more followers – strange.”

A We Live Security guide to how and why passwords can be hacked – and how to stop it – can be found here.

The post Twitter hacked – Cricket legend ‘Beefy’ Botham exposed appeared first on We Live Security.