Your Privacy At Risk
Everyone is Collecting Information | Safer Browsing | Social Media
Digital Rights Management | What is Spyware? | Spyware Removal
Even if we think we have nothing to hide, all of us, whether world leaders or ordinary citizens, have good reason to be concerned.
— TomDispatch
Everyone is Collecting Information
Everyone is collecting vast amounts of information about you — governments, businesses and the sites you visit on the Internet.
Your privacy is at risk like it has never been before.
Protect Your Identity
Everyone that asks you to fill out a form — whether a paper form or on-line — is collecting personal data.
Once you provide that information, it is no longer in your control. While everyone is diligent in collecting your information, they are less likely to be as careful in protecting that information — particularly if an opportunity to profit comes along.
You only need to look at the way Facebook, Hotmail and others so quickly changed their privacy policies to enhance their profitability. You're on your own when it comes to protecting your identity.
Learn how to avoid giving information away (including protecting other people's email addresses) and how to remove spyware (software on your computer that reveals information about your surfing habits — including toolbars).
Governments Collecting More Personal Information
Governments are collecting more about you and your Internet activities. You can find out more about this issue at:
- The Eternal Value of Privacy.
- Privacy International — privacy-related news, issues and resources (reports can be searched by topic, country, company name or report title).
- anonymizer.com's Knowledge Center has news and advice about online privacy and profiling (identity theft).
- Privacy Rights Clearinghouse.
Other reports about privacy and surveillance:
- A race to the bottom — privacy ranking of Internet service companies.
- Ten international organizations trying to hack into your computer.
- Google faces more government demands for user info.
Less than 50 percent of the government requests for user data were complied with in Canada, Chile, France, Hong Kong, Mexico, the Netherlands, Russia, Turkey and South Korea.
- Online privacy: using the Internet safely.
- What can the government do? is a report about U.S. surveillance techniques including Internet tracking authorized by the USA PATRIOT Act.
- Integration of Drones into Domestic Airspace: Selected Legal Issues (PDF–363KB) discusses the legal issues surrounding small drones and personal privacy.
- The Internet goes on Strike has links to information about the U.S. SOPA and PIPA bills that threaten due process and freedom on the Internet. (Does the U.S. really want to censor like China does primarily for the benefit of Hollywood?)
Apple Unique Device Identifiers Hacked
Reports came out in early September 2012 that the hacker group LulzSec had obtained a file on an FBI computer that contained information about up to 12 million Apple devices including the Unique Device Identifier (UDID/UUID) and related personal information such as phone numbers, addresses and zip codes leading to potential identity theft.
- Abine's Online Privacy Blog raises the question:
What does that mean for your privacy?
- Only 1 million of the estimated 12 million UDIDs are listed and not all information was released, but enough for many users to be able to determine if your device is included in the stolen list and to verify LulzSec's claims.
- Check to see if your device is listed.
- The FBI denies the hacking incident but the incident raises the question of why this information was vulnerable in the first place.
Update: The actual source of the data was the Blue Toad publishing company and Apple no longer allows app developers and it is recommended that you update your applications to ensure you're running versions altered to not track your UDID. Unlike a password, the UDID is impossible to change. This article gives the story.
Safer Browsing
Cookies Report on Your Web Habits
People have become more aware of the amount of information that is collected about them while they are on the Internet using such devices as cookies. You can deal with cookies using some of the many utilities available on the Net or by using the tools provided by modern browsers (I recommend using the most recent version of Firefox).
Help is Pending…or is it?
Current browsers have the capability of telling a site that you don't want to be tracked. But that assumes that a site will bother to respond.
Opt-Out Cookies
Another option is to use the services of a site such as the Network Advertising Initiative which offers to place an "opt-out" cookie on your computer for certain ad servers such as DoubleClick.
Flash Cookies
Many sites use flash cookies (more accurately, Local Shared Objects or LSOs) that are not deleted when you remove traditional cookies. Adobe provides information on how to manage or disable LSOs, but ignorance makes most users vulnerable to exploitation by sites that use them.
CCleaner is capable of cleaning flash cookies, but this is not enabled by default.
Your Choice of Browser Matters
Firefox Recommended | Internet Explorer | Google Chrome
The browser you use to surf the Web will make a different in not only what tools are available to you or how convenient the browser is, but also in terms of how much information you share in the process and what those gathering that information do with it.
Ixquick's StartPage privacy page has information about how simply using a search engine can leave behind a history that can last for years.
The problem is made even more dangerous as companies like Google become more powerful, purchase companies in areas they traditionally didn't have access, then combine data about their users between these companies.
Use A More Secure Browser for Viewing the Web
Use another browser to minimize the security risks, particularly if you are using Windows.
Firefox is my recommendation. Not only is it more secure, but it more closely follows web standards, making your experience a better one with current web content trends.
Clear Private Data
You should clear your privacy data (cookies, saved form information, cache and authenticated sessions) before and after on-line banking (or similar sites where there is the risk of revealing personal information of greater value).
Click the orange Firefox button then select Options from the Options menu. (If the Firefox toolbar is showing at the top, click on Tools then Options.)
Once the Options dialogue box appears, click on the Privacy tab and check Always clear my private data when I close Firefox. You can choose which items get removed in the settings.
Checking Ask me before clearing private data you'll be bothered by the reminder every time you close Firefox.
Internet Explorer Simply Too Vulnerable
Internet Explorer (IE) is a major security vulnerability within Windows and therefore should not be used as your primary browser when surfing the Internet.
Microsoft made IE a key component of the Windows installer — a significant security vulnerability when surfing the Web. You can help reduce the risk by enabling the following settings:
- Current versions of IE can check sites for forgeries (sites looking to exploit your trust of the real site) if you authorize it during installation.
- Check "Prevent programs from suggesting changes to my default search provider" in IE's addons.
Security risks are not unique to Internet Explorer but its reach is deep into the Windows operating system, making it more vulnerable to security issues than any other browser.
You may need to use IE for some legitimate tools:
- Windows Update makes significant changes to your system that requires access to key Windows components (Microsoft Update is built into Windows Vista and 7).
- Microsoft Fix it solutions need to run in Internet Explorer.
- Symantec's AutoFix Tool must run in Internet Explorer in order to be able to make the necessary changes to Windows files.
- Microsoft's Windows Update plug-in for Firefox is not recommended because this makes Firefox more vulnerable.
Internet Explorer 6 Dangerous and Obsolete
Internet Explorer 6 is more vulnerable than any other browser. Even Microsoft has joined in a campaign to get rid of Internet Explorer 6 begun by .Net Magazine in 2009 because this decade-old browser is holding back development of the Web. Even though it's use in North America is plunging (now less than 1.2% of Canadian users and less than 0.8% of U.S. users), countries like China continue to be strong users.
Google Chrome: Collecting, Collecting, Collecting…
Google Chrome (initially based upon the open source Mozilla code) has become very popular because it is much smaller and potentially faster than other browsers (at least as long as you don't use addons).
Chrome does this, in part, by keeping the user's data on their servers rather than on the user's computer. This is part of what is referred to as "being in the cloud" so people have access to their data from any number of computers, phones and tablets. This is convenient but does remove your ability to fully control your own information.
Social Media
Social media is a very important aspect of privacy because so much is collected by these systems, including facial recognition software, comparative and linked data (such as the "Like" button) and more.
The social media section has moved to its own page:
Digital Rights Management
Digital Copyright Management
Sony Plays Big Brother
Sony BMG has placed a secret program (rootkit) on your computer to deny your ability to copy CDs and DVDs. The rootkit hides the software that Sony places there to prevent copying, but this cannot be easily removed and has the potential for releasing user information or otherwise acting like malware/spyware.
The rootkit and the legal agreements that Sony included with it have some serious side-effects, described in The Sony BMG Rootkit Scandal by Natali Helberger at IvIR, Amsterdam (a European university Faculty of Law).
Essentially, XCP interferes with the computer memory, crashes Windows applications and/or the complete operating system and can provide a safe-haven for viruses and worms. If the user tries to remove the rootkit, the system may malfunction or disable the CD-ROM drive and potentially disable Windows. It affects only Windows 2000, XP and 2003 Server.
The original research on the BMG rootkit is found on Mark's Sysinternals Blog—your best source for more information on this topic.
Spyware/Malware
Your Personal Information For Sale
However, it may shock many to know that some companies have even placed secret software (spyware) in their otherwise useful “free” computer programs or on their websites to retrieve personal information for sale to other companies.
Internet companies, whose apparent “business model” is the exploitation of consumer trust and ignorance, are sneaking their spyware systems into our machines for their own purposes.
—Steve Gibson of Gibson Research Corporation
What is their Privacy Policy?
You need to protect yourself from such installations. You should always read and understand the privacy policy of any site before you choose to give personal information. You need to check this policy from time-to-time as the privacy policy might change for a number of reasons including purchase of the company or a new business plan.
That said, it becomes increasingly impossible to read the privacy policy of every website (or to understand the complex language used) A study by researchers at Carnegie Mellon concluded:
…if the average American were to actually read every single privacy policy of every single web service that she used in a year…[t]he average user would have to spend between 181 and 304 hours each year reading privacy policies.
— “Disappearing Phone Booths: Privacy in the Digital Age”
You need to assume that sites without a privacy policy do not have your best interests at heart. (See this site's a privacy policy.)
Big Names Don't Necessarily Mean Safety
Some of the software and sites that have been known to collect such information are listed on Gibson Research Corporation's Suspected Spyware page. The extent of this secret information collection may shock you. It includes such programs as Real Player, Go!Zilla, CuteFTP and Comet Cursor.
Even if some of the incidents that have been reported were either oversights or have been corrected, it doesn't mean that you can relax. Company policies change and often do change. In many cases, short-term profits have proven to be more appealing than long-term loyalty to these companies.
Spyware is Profitable
Unlike viruses, spyware is extremely profitable. By redirecting your browser to "shopping guides" or porn sites without your knowledge they can take advantage of increased advertising rates for the ads on those sites because of increased, albeit unwarranted, traffic.
Spyware Removal
Getting Rid of Spyware
Beware of Fake Spyware-removers
There is a disturbing trend of placing ads on websites that appear to "find" spyware on your system. They offer to remove it if you purchase their product. Don't fall for these tactics. Most, if not all, are rip-offs or fakes. Eric Howes maintains a list of these on his Rogue/Suspect Anti-Spyware Products & Web Sites page.
Legitimate (Helpful) Spyware Removal Products
Security suites should contain software for removing spyware from your system and to protect you from future infections.
Recommended Solution
I recommend ZoneAlarm Extreme Security or Internet Security Suite.
Other Safe Solutions
However, some folks don't run a suite and many free solutions require you to put together several products for complete protection. Never run more than one product at a time (or they may conflict and then provide no protection). I recommend the following stand-alone products and services if you don't have built-in protection:
- Lavasoft's Ad-Aware
will do a deep scan of your system to check for spyware. There is a built-in updater and this program will safely remove spyware from your system. There are Free (not for commercial use), Pro and Total Security versions. If you're using an older version, you should upgrade (uninstall the old version first). - Gibson Research Corporation
projects include Opt Out and ShieldsUP! in Steve Gibson's goal to protect privacy in his It's MY Computer! campaign. - XP-AntiSpy is a freeware application that will disable some of the suspect built-in update and authentication "features" in Windows XP. If the page appears in German, simply click on either the British flag or English version link.
- Spybot — Search & Destroy is another program that checks for spyware. It also requires installation.
- Counterexploitation provides information about privacy and other issues and includes a solution for removing WebHancer if Ad-Aware or the Add-Remove Programs doesn't do it for you (or if you can't get access to the Web afterwards).
- SpyCop is designed to find computer monitoring spy programs, and is the most powerful solution available anywhere for doing so, looking for 310 possible spy programs. US$49.95.
- MooSoft's The Cleaner will detect and remove Trojan Horses that other programs can miss. Registration is US$29.95.
Obtaining More Information About Spyware Removal
The following links will tell you more about spyware and direct you to legitimate spyware removal resources:
- Gibson Research Corporation offers some excellent information about this issue and documents how a download assistant was able to track information that included his name, email address and the GUID code from his computer (a Microsoft identifier that is unique to each computer in the world).
- SpywareInfo speaks of such issues as browser start-page hijacking and provides a fix.
Hardware Keyloggers
You may also want to check for the presence of a hardware keylogger — a small device about the size of an AA battery that is plugged in-line with your keyboard in order to record your keystrokes. Since keyloggers are hardware their operation is not detectable using software.
Detecting Keyloggers
Note: this device looks similar to a keyboard adapter used to connect an older keyboard to a new computer or a newer keyboard to an older computer. Such an adapter would have a different connector on each end and would be a legitimate device on your computer. If the connectors look the same it may be a keystroke logger.
These devices may be installed by your employer. Courts have recognized the right of your employer to monitor the use of a company-owned computer.
Software Keyloggers
There are also software keyloggers like the one used by a New York man to gather over 450 bank account passwords in Kinko's stores while people used the computers to log into their bank accounts. He created new accounts and transferred money into the false accounts. There is software that will detect these like Advanced Anti Keylogger.
Public Access Computers
You need to be very careful about using public-access computers (like the ones at Kinko's or in an Internet Café). Assume that your computer activities are being monitored, and avoid providing user names/passwords or credit card information on these connections.
You might wish to ensure that you can clear the cache before you use these to enter user names and passwords. Virtually all will use Internet Explorer, which leaves you open to those vulnerabilities. You cannot ensure there is no keylogger device, so you may wish to reconsider the need to access banking or other sensitive information.
Some systems offer a way that doesn't use the keyboard. You can see an example in the login page for Islandnet.com. Look for the little virtual keyboards beside the username and password entry.
More About Related Issues
Protecting Your Online Identity
The following related pages offer more information about protecting your online identity:
- Social Media — Are You Sharing Too Much?
- Encryption — Protecting Your Data
- Passwords — Protecting Your Electronic Signature
- Avoiding Spam — Unsolicited Emails and Mailing Lists
- Phishing & Identity Theft — Obtaining Information by Deceit
- Proper Email Address Etiquette — Using To:, CC: & BCC: Correctly
Securing Your Computer
The following related pages offer more information about securing your computer:
- Security Basics — Preventing Unauthorized Access
- Security Strategies — Avoiding Infections
- Firewalls — Your First Line of Defense
- ZoneAlarm Security — Recommended Firewall Products
- Anti-Virus Protection — Current Alerts, Strategies, Hoaxes & Software
- Encryption — Protecting Your Data
- Passwords — Protecting Your Electronic Signature
- Web Security — Vulnerabilities in Internet Software
- Windows Security — Vulnerabilities in Windows
www.RussHarvey.bc.ca/resources/privacy.html
Updated: February 24, 2014