Tag Archives: cookies

Breach Brief – Exactis

Who is Exactis and what do they know about me? That is the question you need to be asking.  No, you haven’t heard of Exactis but they may have exposed some of your most personal information to hackers. You, along and the everybody else in the U.S.

Exactis is a major data gathering company based in Palm Coast, FL. The Exactis website describes the company as a compiler and aggregator of business and consumer data. Exactis claims to have a store of information it refers to as a “universal data warehouse” that contains 3.5 billion consumer, business and digital records. Exactis claims these records are updated monthly. According to Exactis’ LinkedIn profile it is a privately owned company with only 10 employees. Exactis gathers this information from cookies on personal computers. credit and debit transaction records and other sources.

Now you should ask what do they know about me? The exposed records contains more than 400 different characteristics that include whether the person smokes, what their religion is and whether they have dogs or cats. But, according to Wired.com some of the information is inaccurate or outdated.

Your next question is; how did this happen? According to security researcher Vinny Troia the company leaked the data of 340 million individuals by storing it on an unsecured server accessible through the internet. According to Wired.com Troia discovered what he describes nearly two terabytes of data. 

Troia reported the data breach to both Exactis and the FBI. Exactis reacted by securing the data so that it’s no longer accessible.

But now ask; did criminals know this? Did they access the information? The answer to that question is unknown. But since Exactis has not admitted to the data breach and it is no longer accessible no one really know how many people are affected. According to Wired.com Troia found two versions of the database each holding an estimated 340 million records. This number breaks down into 230 million consumers records  and 110 million on business contacts.  

But Marc Rotenberg, the executive director of the non-profit Electronic Privacy Information Center said,  “The likelihood of financial fraud is not that great , but the possibility of impersonation or profiling is certainly there. Rotenberg stated that while some of the data is available in public records, much of it appears to be the sort of non-public information that data brokers aggregate from sources like magazine subscriptions, credit card transaction data sold by banks, and credit reports. “A lot of this information is now routinely gathered on American consumers,” Rotenberg adds.

 

 

See and Block Who’s Tracking You Online

canstockphoto19683471Privacy on the Internet is a rare commodity. Currently 85 percent or more of black people are online. Most black people own a smartphone or other mobile device. And most black people have no idea how easy it is to track exactly who you are, where you are, who you call, text or email and pretty much everything else you do online. You are being watched like a prisoner.

Trying to stop this constant tracking is a tough task and the law is no help. Congress and industry have little or no incentive to stop this incessant invasion of privacy. Part of the problem is that consumers have yet to get really angry about this activity.

There are people fighting for your privacy online but its an uphill battle to say the least. The Electronic Frontier Foundation (EFF) and Disconnect, Internet privacy right groups and a group of web companies have lauched a new “Do Not Track” (DNT) standard meant to encourage website owners and advertisers to respect your online privacy. Unfortunately this is a voluntary standard and companies are free to agree, or not to agree, to adhere to the new standard.

Big players like Yahoo! and Microsoft have not come out in favor of the new standard. Microsoft announced in April that it was no longer enabling ‘Do Not Track’ as the default state in Windows Express settings.

A year ago Yahoo! said that ‘Do Not Track’ settings would no longer be enabled on its site saying; “we have yet to see a single standard emerge that is effective, easy to use and has been adopted by the broader tech industry.” But Yahoo! has agreed to honor the ‘Do Not Track’ setting on the Firefox browser as part of a search deal. So both companies are openly admitting they are tracking you.

Companies that have agreed to honor the new ‘DNT’ standard include publishing site Medium, analytics service Mixpanel, ad and tracker-blocking extension AdBlock, and privacy search engine DuckDuckGo.

Millions of black people are using social media. And the God of social media is Facebook. But did you know that Facebook is probably the biggest data collector in the history of civilization? Because people are giving it to them.

But who is using Facebook to track your Internet activity? How do you block them?

First of all keep in mind that advertisers may not not know your name and other personal information about you. But that is just a maybe. We don’t know what they know and they ain’t telling. Legally, they don’t have to.

But here are the steps to see and block advertisers that are tracking your Facebook profile from Businessinsider.com.

First go to the settings button on your Facebook page.

Facebook settingsFacebook

Scroll down and click “Settings.”

Facebook settingsFacebook

Inside the settings menu, click on Apps.

Facebook settingsFacebook

This looks like a list of apps that are signed into your account. But pay close attention to the “show all” option at the bottom of the list …

Facebook settingsFacebook

Voila! The list of apps tracking me is so long I have to make this super zoomed-out view to see them all:

Facebook settings

Facebook

On each app, there is an Edit function and a delete “x” mark. Let’s look at what QuizUp, the hot new trivia mobile game app, knows about me.

Facebook settingsSettings

QuizUp knows my email, birthday, and current location. Because it’s a mobile app on my phone, it also knows my phone number. But that’s not all …

Facebook settingsFacebook

Click this little “?” symbol on “basic info” and it turns out that QuizUp is getting a bunch more info about me, too, including a list of all my friends and my profile picture!

Facebook settings

(Source: Businessinsider.com)

You can control this information by clicking on the “x” symbol to delete the app’s access to your Facebook account. That might mean the app won’t work, however.

Review each app to either edit its permissions or delete its access to you on Facebook entirely. It’s a bit time-consuming — but otherwise you’re just giving these people free data.

Another thing black people need to be aware of is that companies are using your email to spy on you. Much of the email you recieve from an advertiser or even a company you do business with is loaded with spying technology.

To see who is tracking your email, or in this case Gmail, you can use a browser extension tool named UglyEmail to see what companies are tracking your Gmail email.

UglyEmail shows you if your email is being tracked. And email being tracked in Gmail will have a tiny eye attached to it. Your inbox will look something like this.

UglyEmail

One of the ways that your email is tracked is a technology known as pixel tracking. Pixel tracking is when a tiny image, about 1 pixel in size, is inserted in an email. The image is invisible to the email recipient but it has a code that tells the server to call the sender when the email is opened.

To block that you can use a browser extension known as PixelBlock. PixelBlock will block that pixel code from transmitting back to the sender. Email with a pixel tracking code have a red eye on them. PixelBlock will also tell you who sent the pixel and how many times they have attempted to track you.

We did mention that Facebook is the greatest collector of data in history didn’t we? Well did you know that Facebook follows you around the Internet even when you are not on the website? How do they do this?

Facebook employs over 200 different trackers that follow your online activity. These trackers come in the shape of cookies, Javascript, 1-pixel beacons, and Iframes. Tracking technologies are used to see what websites you visit, how often you visit them and other interactions with websites.

Not all cookies are used for tracking.  Many Facebook ‘Like’ buttons are used to collect and store information to be used later. Your browser communicates with a server to construct the website you wish to view. This called a request.

But keep in mind that the website you are viewing isn’t the only server your browser is talking to. Trackers from other data collectors, Facebook included, are on the site as well. You have no idea they are tracking you without privacy software. You don’t know they are there and you probably don’t wish to share your personal information with them.

To protect yorself and your information you need to use the do not track function on your browser. It may help but probably won’t competely stop the tracking. You can find a list of the five most secure browsers here.

Choose your privacy setting in the following browsers

Google Chrome

Microsoft Internet Explorer

Apple Safari

We used Facebook as an example of companies that track you online because they are the biggest offender. But undertand this, almost every website has some method of monitoring who visits it. The sometimes sell the information or just hold onto it to better serve you. Just remember AACR Internet rule #8 “There is no privacy on the Internet.”

Now you know.

 

 

 

 

Improve Your iPhone Security

Stolen cell phones are a big problem. Every year millions of cell and smartphones are stolen and most are never recovered. According to Business Insider 44% of smartphones were stolen simply because owners forgot them in public places like Starbucks. Fourteen percent were stolen from a car or house that was burglarized. Only 11% of victims had a smartphone stolen off their person. And the most common place a smartphone is stolen?  Restaurants 16% and nightclubs 11%. Only 5% are stolen as a result of street crime such as having it snatched from your hand while using public transportation.

Public theft of smartphones, especially iPhones has become a huge problem in places Like New York where 18% of all grand larcenies last year involved Apple products. As a result Democratic Rep. José E. Serrano has introduced a bill that would require all phones sold in the United States to feature a “kill switch” technology.  That technology allows consumers to wipe their data and shut down a phone completely when it’s reported stolen making it useless and of no re-sale value.

The state of Minnesota and California have already passed a law requiring all smart phones be equipped with a kill switch in case of theft. The law applies to smartphones made on or after July 1, 2015 and sold in California after that date.

According to Consumer Reports, more than 3 million smartphones were stolen in 2013 and the biggest cities had the most thefts.  Theft of smartphones rose by 26% in Los Angeles since 2011. Smartphone theft was up by 23% in San Francisco in 2013.

iPhones are extremely popular and the new iPhone 6 and 6 Plus are in heavy demand. If you own any iPhone you need to make sure its secure against theft. Even if you lose it you need to know the data is safe until you can locate it using an app such as Find My iPhone. So lets look at ways to secure your iPhone in case, just in case, something happens.

1) Get a real pass code. First things first; change that four digit access code on your phone to something more secure like a pass phrase. And not one anyone can guess. Mix those numbers, letters and characters up. Now another super security option that’s available to you is the “erase data” feature. This option will wipe everything from the iPhone’s memory after 10 failed pass code attempts. But remember this is permanent. Once the data is gone its gone…forever!  So if you forget your password often you might not want to use this option.

Here’s how you do it. Go to “Settings” –> “Passcode” (or “Touch ID and passcode”) –> “Require passcode: immediately”; “Simple passcode: off”.

Settings1

2) Don’t let your lock screen dime you out. It really doesn’t matter if you have a powerful pass code if someone looking over your shoulder can see it.  Yeah, its nice and quick to glance at your screen to see what text messages, emails and other information that hits your phone. But these messages can also contain sensitive data like confirmation codes, private appointments, financial data or some other intimate communication. So keep that lock screen from broadcasting your business.

How? Go to “Settings” –> “Passcode” (or “Touch ID and passcode”) –> “Allow access when locked” section.

3) Use two step verification for iPhone and iCloud. Quick question; do you have pictures that you only want that special someone to see? Well as you know some celebrities have had those images compromised. Don’t let that happen to you. I strongly recommend you add this layer of security for your Apple ID and iCloud. You can set up two-step verification on one or more of your devices. Two step verification means you will receive a 4-digit verification code using either SMS or the Find My iPhone service. Using the second verification means any time you sign in to manage your Apple ID, iCloud, iTunes, iBooks, or App Store purchase from any device you’ll need to verify your identity by entering both your password and a 4-digit verification code.

How? Go to https://appleid.apple.com –> “Manage your Apple ID” –> “Password and Security” –> “Two-Step Verification”.

4) Siri talks too much. Even if your phone is locked she can talk and who knows what she might say and to whom.  You don’t have to shut her up completely. But securing your phone means preventing Siri from speaking from behind a locked screen. Siri will talk with anybody so you have to teach her not to talk to strangers.

How? Go to “Settings” –> “Passcode” (or “Touch ID and passcode”) –> “Allow access when locked” section –> “Siri: off” and “Settings” –> “General” –> “Siri” –> “Allow “Hey Siri”: off”.

5) Don’t automatically sync to the iCloud.  Keep in mind that Internet rule # 6 says nothing is ever deleted. And as some celebrities discovered this is very true. Those nude images, though deleted from their phone were floating blissfully in the cloud waiting to be stolen. Not just the pictures but all the data on your phone, contacts, messages, notes, documents, pretty much anything stored on your phone. Automatic back up to the cloud is set on default in iPhones and happens the minute you plug in the charger. So the smart thing to do is to not automatically sync if you have one or more Apple devices and don’t really need to sync them daily.

How? Go to “Settings” –> “iCloud”.

Settings2

You can turn off auto sync to the iCloud.

6) Stop automatically connecting to known WiFi networks. iPhones are set to connect automatically to known WiFi hotspots without your permission. While this may seem like a really cool feature because you don’t have to do anything to switch from mobile Internet to local WiFi. But wait! Cyber criminals set up their own fake wireless hotspots in coffee shops, restaurants and hotels all the time.  You might not even know your iPhone is connected to the malicious WiFi network. The cyber criminal can steal all of your data while you sip coffee and read the paper. So you need to be aware of this or turn off this option.

How? Go to “Settings” –> “Wi-Fi” –> “Ask to join networks: on”.

7) Start using VPN.  Virtual Private Networks is almost a requirement if you want extra security on your iPhone in different wireless networks, including unknown ones. Some VPN services are free but not all. But the few extra dollars spent here is fairly cheap for keeping your data protected.

How? Go to “Settings” –> “General” –> “VPN” –> “Add VPN Configuration…”. All the information you need from here will be provided by your VPN provider.

8) No more cookies. Cookies are small files that are deposited on your phone or device by all websites. These treats may record information about you, your computer,  your smartphone, and your preferences. They allow websites to keep you logged in or display targeted ads. Unfortunately they may be very helpful to cyber criminals since they can hold credentials and other sensitive data. Cookies can be very helpful  but turning off cookies might become a bother. But think of how much more secure your data will be. 

How?  For Safari: Go to “Settings” –> “Safari” –> “Privacy & Security” section –> “Do Not Track: on”, “Block Cookies: Always Block”; For third party browsers: see similar browser settings.

Settings3

9) AutoFill, another snitch.  If somebody steals your iPhone they may be able to log in as you on a number of sites. How? Because the AutoFill option will fill in the missing user name and password. Told you AutoFill was another snitch.  Switch it off! Yeah; its inconvenient but well worth the hassle.

How?  For Safari: Go to “Settings” –> “Safari” –> “General” section –> “Passwords & AutoFill”; For third party browsers: see similar browser settings.

10)  Apps; yet another snitch. If you really want ot be shocked take a minute to read the permissions on some of the apps you download.  These apps are collecting a mountain of data. Some game apps collect information such as your location, your contacts, your pictures, your phone service provider, etc? Why? What does this app need with all your data? Remember this is a game app?   You probably have Facebook or a Google app as well. These are some of the biggest information collectors. I am convinced that a lot of apps are designed to keep you busy while they spy on you. This tip may be extreme, but if you have followed all the other recommendations offered why not go ahead with this last one. Apple’s iOS 8 offers a significant number of features and data types that just about any app can access. You need to block this. Stop these app providers from knowing everything you do and everywhere you go.

How? Go to “Settings” –> “Privacy”. Turn off all location services. Keep them off until you want ot use an app that needs the service. Go through Privacy settings one by one and turn off everything you don’t need or apps that are using this feature that you want to stop. It takes some time but it will keep some of your data secure.

This article is more about protecting you and your personal information than what you paid for that smartphone. Any device can be replaced. Try to replace your credit or money in your bank account. Or try to explain to your credit card company why you should not have to pay for those charges on your credit card. Or worse try to convince your bank you are really you after your identity is stolen. You have enough information on your iPhone that, if lost, any of these things can happen to you. Don’t let it.

Now you know

 

Online Tracking of Children Legislation

canstockphoto5147385Senate bill s1700-113, “Safeguards Against Tracking Children Online” is currently being considered in the U.S. Senate. The bill is intended to ban online tracking of children. In the bill the definition of a child is between the ages of 12 and 16 years of age. But the legislation currently being debated is very similar to rules laid out by the FTC in 2013.

The bill is intended to prohibit corporations, marketers and other web entities from collecting personal information for marketing purposes from children and minors using web or mobile applications. The bill also establishes additional privacy protections against collecting personal or geographic location information from children and minors. The 2013 FTC rules also covered web and mobile apps.

According to a 201o Wall Street Journal report  websites that attract children and teens use cookies and other tracking instruments more than sites aimed at adults. The WSJ studied  50 popular U.S. websites for children and teens. It was discovered that these sites installed 4,123 cookies, beacons, and other tracking tools on the simulated child’s computer used for the test.  That is 30% higher than tools used to track adults. 

According to Common Sense Media and the Center for Digital Democracy over 90% of adults surveyed did not believe it was okay for advertisers to collect information about a child’s location from that child’s mobile phone.

Just a year ago the Federal Trade Commission released new and tougher rules designed to limit tracking of children online. The new rules stopped the collection of  personal information for children under 13.  The FTC rules also banned tracking a child’s physical location and the collection of  photos, videos and audio files. Also banned was behavioral advertising aimed at children without parental notice and re-targeting of ads based on the child’s browser history.

After the release of the new rules in 2013 Jeffrey Chester of the Centre for Digital Democracy said, “This is an important victory for privacy rights on the Internet.” The Centre for Digital Democracy spent four years lobbying for the new rules.

“There is no more secret tracking or behavioral tracking,” Chester says.

The 2013 rule changes were applauded by many public health and consumer and digital rights groups. Also endorsing the new rules were the American Academy of Child and Adolescent Psychiatry, the Consumers Union and the Center for Science in the Public Interest.

The current Senate bill was introduced in November of 2013

Breaking It Down

First of all let me say this to black parents; don’t let a computer or tablet babysit your child! What you just read was that companies have been collecting information about your child and, in a round about way, information about you. If a child answers a simple question such as what school they attend a marketer can quickly discern your income and other data. Did you read the part where  some marketers had collected pictures, location and audio recordings of children? We have to protect our children from the onslaught of marketers who will stop at nothing to advertise to children. Why are they advertising to children? Because the earlier in life a child begins to associate with a product the more likely they will become lifelong customers. Because advertising to children creates demand for products. Because advertising to children creates profiles in data bases in some company’s computers. And those profiles tell the marketer where to advertise to that child now, where as they get older and maybe for the rest of their life. Because children are not old enough to understand the connection between online games and entertainment and product affiliation and thus are being manipulated. Advertisers have no mercy and few scruples. For example, have you noticed how many new fruit flavored beers and liquors are being advertised? These people are advertising to teens! Get them associated with some new apple flavored ale early and they will be customers for life. Clothes, cars, fast food, alcohol, technology, whatever it is . The marketers job is to get into your child’s head early.