Tag Archives: online privacy

Beware Facebook Quizzes

By Tracey Dowdy

Which Disney mom are you? Which Hogwarts house do you belong in? Only a true genius will score 100 percent on this quiz. 

How many times a day do you see a quiz like this pop up in your Facebook feed? You may have even been tempted to test your knowledge or play along because the topis piques your interest. That’s no coincidence. Facebook’s complex algorithms and data-gathering technology have been gathering information on users since it’s inception, and one of the most effective ways is through quizzes. 

According to CBC Information Morning tech columnist Nur Zincir-Heywood, though these quizzes may seem innocuous and fun, taking them leaves you vulnerable to identity theft or fraud. “Never do these,” said Zincir-Heywood, a cybersecurity expert who teaches in the computer science department at Dalhousie University in Halifax, Nova Scotia. 

But it’s not just Facebook itself that’s gathering information. Security experts, media literacy groups, The Better Business Bureau, and law enforcement agencies across the country warn that hackers and scammers – not Facebook itself – are behind many of these social media quizzes, collecting, using and profiting from the personal information you share.

Zincir-Heywood cautions that social media quizzes often ask the same questions your financial organizations use for security purposes to verify your identity when you need to change your password or access your account without a password such as your mother’s maiden name or the name of your first pet.

Though the different questions may not all be on the same quiz, multiple quizzes can collect enough information to enable a cybercriminal to access your banking or credit card information.

“Maybe they are watching [your] social media in general, they know your location, they know other things about you,” Zincir-Heywood said. “All of these then put together is a way to collect your information and, in your name, maybe open another account or use your account to buy their own things. It can go really bad.”

She offers the following tips to protect yourself from their more nefarious side of social media quizzes: 

  • Be careful. Just like in real life, nothing is ever really free. Those quizzes offered on social media actually aren’t free, they come with a hefty cost – your personal information is data mined for companies to use in targeted advertising, or for cybercriminals to sell on the dark web.
  • If you can’t resist the temptation, use fake information, especially for sections that ask for similar information to security questions used by your financial institutions. For example, if you are asked, ‘What’s the name of your childhood best friend,’ use a fake name.
  • Remember, once you take these quizzes, you can’t take back the information you’ve provided. Keep a close eye on your online transactions for unusual or unauthorized banking or credit card activity.

Tracey Dowdy is a freelance writer based just outside Washington DC. After years working for non-profits and charities, she now freelances, edits and researches on subjects ranging from family and education to history and trends in technology. Follow Tracey on Twitter.

 

Delete and Stop Sharing Voice Recordings with Amazon, Google, and Apple.

How concerned are you about your smart device randomly recording your conversations? Not to be an alarmist, but after revelations that “The ‘Big five’ tech companies – that’s Google, Amazon, Facebook, Apple, and Microsoft – have all been recording and listening to private conversations, all in the name of “improving services,”  you should be concerned. 

Of course, since they were exposed, Google, Apple, and Amazon have either suspended having humans review voice recordings or have begun allowing people to opt-in or out. 

If you have lingering concerns about your privacy, there are ways to prohibit strangers from listening to your voice commands and erase your interaction history from your Google Home, Amazon Echo, and HomePod. Here’s how:

Amazon

Earlier this year, CNET exposed Amazon for keeping transcripts of users Alexa recordings, even after the audio portion of the interaction had been deleted by the user. 

In the Alexa app, go to Settings > Alexa Privacy > Manage Your Alexa Data. Then tap the toggle switch that says “Use Voice Recordings to Improve Amazon Services to Develop New Features.”

Google  

In September, Google agreed that it would no longer store recordings of users’ voices by default. Now users who engage with their Google Assistant will have to opt-in when setup their Google Assistant if they want to have their voice recorded or reviewed by human monitors through the Voice & Audio Activity (VAA) program.

Go to myaccount.google.com > Web & App Activity. Then, uncheck the box that says “Include voice and audio recordings.”

Apple 

Back in August, Apple announced it would no longer listen to Siri recordings without your consent, and they can only receive your audio data should you choose to opt-in. 

If you opt-in but later change your mind, go to your Settings > Privacy > Analytics and Improvements > Turn off Improve Siri & Dictation.

Delete your voice recordings

Amazon

Amazon offers two Alexa commands that allow users to delete voice transcripts by asking Alexa.  Say, “Alexa, delete what I just said,” or “Alexa, delete all my commands from today.”  

If you prefer to delete your entire history, open the Alexa app and go to Settings > Alexa Privacy > Review Voice History > Delete All Recordings for All History.

Google

To delete your voice command history, go to myaccount.google.com > Data and Personalization > Web & App Activity > Manage Activity > tap the three stacked dots at the top of the screen > Select Delete activity by and choose from the options listed – all-time, last hour, last day, etc. Then tap Delete to confirm.

You can also tell Google to delete your entire voice command history by saying “Hey Google, delete everything I just said.” 

Apple

Apple’s iOS 13.2 update finally allows users to delete all of their recordings. Open your Settings > Siri & Search > Siri & Dictation History > and select Delete Siri & Dictation History.

Tracey Dowdy is a freelance writer based just outside Washington DC. After years working for non-profits and charities, she now freelances, edits and researches on subjects ranging from family and education to history and trends in technology. Follow Tracey on Twitter.

Prevent Data Mining in Android Apps

By Tracey Dowdy

 At a time when sites like Facebook, Google, Amazon, and others are facing scrutiny for their data breaches as well as data mining, it comes as no surprise that over 1,000 Android apps have been doing more than a little harvesting of their own. Not only are they violating your privacy, they’re doing it behind your back, and without your consent.

Research has found that some apps – with no permissions enabled – actually piggyback off other apps you’ve given permission, even pulling data from your Wi-Fi connection. If you’ve ever seen ads in one app or your browser for an item you searched for in a completely different app, that’s data mining at work.  The good news is that Android Q is nearing release, and Google has promised it has security patches coming to correct the issue.

In the meantime, there are steps you can take to limit the amount of spying those apps can do.

Use common sense when giving apps permission to access data. Think about it – if it’s necessary for the app to have access to your location in order for it to function – e.g. Google Maps – then allow permission. On the other hand, do the developers over at Candy Crush need to know your location? Should they have access to your contacts or camera? Be especially mindful if an app asks for access to your microphone – last year it was discovered that the official La Liga league app used the microphone and GPS of user’s smartphones to surreptitiously identify venues broadcasting matches. But you can easily prevent this by denying an app permission to access unnecessary data in the first place.

Another simple way to limit access is to enable or disable app permissions one by one. When you install an app, disable permissions, then go back and turn on specific permissions individually.

  • Go to Settings
  • Select Apps or Application Manager
  • Choose the app that you want to change by selecting
  • Choose which permissions to turn on and off, for example, your microphone or camera.

You can also allow Google Play Protect, built into Android, to scan for potentially dangerous or invasive apps.

  • Go to Settings
  • Choose Security
  • Select Google Play Protect. A list will populate with all apps that have been scanned with any suspicious apps flagged as potentially dangerous.

Another smart option is to turn off Location Services, a prime target for trackers.

Go to Settings 

  • Tap Location
  • Select Google Location Settings
  • Toggle off for Location Reporting and Location History
  • You can also delete your location history
  • If you need your location enabled for a specific app, you can manually toggle it on then toggle off again when you’re done.

One final way to protect your privacy is by disabling location services in your photos.

  • Go to the Photos app.
  • Tap the menu and choose
  • Select Remove geo location.

Another way is to open the photo, tap the three stacked dots, select Info and choose No location. You can also go into a submenu below the map and click Remove Location.

Tracey Dowdy is a freelance writer based just outside Washington DC. After years working for non-profits and charities, she now freelances, edits and researches on subjects ranging from family and education to history and trends in technology. Follow Tracey on Twitter.

 

Remove or Reduce Your Digital Footprint

By Tracey Dowdy

I recently took a break from Facebook. Not because I have concerns about privacy – I do – and not because I take issue with the amount of fake news disseminated on the site – I do – but because it had become too much of a distraction and for the sake of my ever-shrinking attention span, it was time to step away.

However, if you’re like a growing number of Americans concerned with their internet footprint, you may be considering stepping off the grid altogether. Though you can’t really completely erase yourself from the web, there are ways to reduce your online presence significantly. Full disclosure, it’s going to be a lot of work, but these tips and tools can help.

  • Start with social media. How many social media profiles do you have? Facebook, Twitter, Instagram, WhatsApp, Tumblr? Alignable? Don’t stop there – what about the oldies like MySpace and Friendster? Did you have a blog back in the day? Move on to e-commerce. Are you an Amazon Prime shopper? Zulily? Gap? To delete your profile, go to Settings, and search for terms like “deactivate,” “remove,” or “close your account.” If you can’t figure out how to delete the account, either Google “How to delete (MySpace) account or, as Eric Franklin from CNET suggests, replace your actual information with a fake profile.
  • Check with your landline or cell phone company and make sure you’re not listed on their White Pages. If you are, request they remove your listing.
  • Data collection companies – or data brokers – make a living collecting information about you on everything from what brand of coffee you like to your favorite moisturizer. They then sell this data to companies who themselves use the information for targeted advertising. StopDataMiningMe has a master list of most of the biggest collection companies, and you can use their site as a hub to search and remove yourself from each record individually. Another option is to use a site like DeleteMe or OneRep to do the work for you. For an annual fee, DeleteMe and OneRep go through and remove your information from websites and lists and will follow up after a few months to be sure you haven’t been re-added to sites.
  • Think about the sites you’ve created profiles and subscribed to. Do you read the New York Times online? Time Magazine? Buzzfeed? Reddit? See? I warned you this was going to take a while.
  • If someone has posted your personal information online without your consent, and the pagemaster won’t take down the data, you can submit a legal request to Google to have it removed. There’s no guarantee they’ll honor your request, but it’s a start, and just because you’ve been denied once doesn’t mean a second or even third request will be rejected.
  • Remove yourself from outdated search results. Sometimes your name or personal information may still show up in a Google search even after it’s been removed from the site. That’s because it’s cached on one of Google’s servers. At this point in the game, your only recourse is to submit the URL to Google and request they update their server, but they may or may not agree to remove it.

Erasing your online presence is a daunting task, and even though eradicating yourself isn’t an option, it is possible to reduce your online footprint significantly. 

Tracey Dowdy is a freelance writer based just outside Washington DC. After years working for non-profits and charities, she now freelances, edits and researches on subjects ranging from family and education to history and trends in technology. Follow Tracey on Twitter.

How To Protect Your Privacy Online

Simple Steps Can Thwart the Hackers

By Tracey Dowdy

Unless you’ve just stepped out of a time machine or awakened from a coma, you are aware that several celebrities had their personal photos shared without their consent last week. The hack garnered media attention mainly because celebrities were involved: higher profile hack = higher profile coverage + higher profile attorneys. Unfortunately, this isn’t uncommon in an age of revenge-porn and sites like My Ex where individuals post nude photos in retaliation for break-ups.

While most of us don’t have nudies we’d like to keep out of the public eye, we have plenty of other personal information and photos we’d prefer to keep private. These tips should help:

Be Proactive.

PC Magazine recently posted a list of the best antivirus software solutions for 2014, including both free and paid options. Microsoft includes a basic antivirus system in Windows 8 but keep in mind that Microsoft simply wants everyone to have a baseline. Windows Defender on its own is not enough. Mac’s tend to be much harder to hack than PC’s due to built-in security protections such as XProtect, Gatekeeper and “Malware Removal Tool” (MRT). Also, OS Leopard prevents non Apple based software from being downloaded, which further reduces the risk of picking up a virus.

Once you’ve downloaded an antivirus solution, keep it updated. You aren’t fully protected if you aren’t up-to-date. Remember, just as some viruses in nature develop drug resistant strains, online hackers will continue to work around new security settings.

Be Careful of Links.

Any time you see a link – in an email, a Facebook posting, Twitter feed, etc. – take the time to evaluate whether it’s from a trusted source. Do you know the person? Is the email/tweet/message really from the person it says it’s from? Can you trust the content description or is there a chance that what appears to be a picture of a squirrel waterskiing is actually porn or some type of malware?

Beware of “Phishing”.

Phishing is a fraudulent attempt to steal your personal information. What appears to be a legitimate request to update personal information is in fact a clever ruse to steal that data. These attacks don’t just come via the Internet. At least 3 times in the last 12 months I’ve received a phone call purporting to be from Microsoft warning me of a virus on my computer or offering to help because they’ve noticed my computer is “running slow.” All I have to do is allow them remote access to my computer and they’ll be glad to help. Microsoft is not calling. It’s a call centre in India. Trust me, they aren’t there to help.

Even more devious is “spear phishing,” where the scammer will do his homework by Googling you, perusing your social media or other online profiles so when they call, they can pose as a trustworthy source. Just last year in our area, a group of seniors were targeted by individuals posing as grandchildren who had gotten into trouble and needed money for bail, a bus ticket or groceries. The seniors shared banking information to allow money to be direct deposited in the scammers bank accounts and the seniors lost thousands of dollars.

Use 2-Step or 2-Factor Authentication.

Instead of simply logging in with a password, 2-step authentication links your accounts to another device – usually your phone – so when you attempt to log in, a text is sent with an additional security code. This way, if someone tries to hack into your account without your phone, they’re locked out. Gmail, Twitter, Facebook and many others offer this option.

Don’t Trust Requests for Personal Information.

If you created an online account with a reputable site like PayPal, they already have your information. If you get an email purporting to be from Paypal asking you to follow the link and update your information, beware. Instead, go to Paypal and talk to Customer Support. Ask if they recently tried to contact you.

Lock It Down.

Your smartphone, your laptop, your tablet, any device – just lock it down. Set your screensaver to prompt for a password, enable the lock screen on your phone, and password protect your home network.

Protect Your Financial Information.

Never do your online banking on a public Wi-Fi network. Readily available freeware allows the person sitting next to you at Starbucks to eavesdrop on your email as easily as your conversation. And although I feel like it’s stating the obvious, don’t send money to anyone you don’t know. If the offer seems too good to be true, trust me, it is. Bill Gates donates millions to charity every year but he isn’t doing it by asking you to share his photo on Facebook, nor will he send you $5,000 if you repost his photo. Clicking on those links runs the risk of allowing scammers access to your Facebook profile and other sensitive information.

Password Protection Is Critical.

Internet security professionals recommend using a random combination of upper and lower case letters, symbols, and numbers when you formulate a password. And here’s a tip about those security questions asked as an added level of protection: lie, lie, lie. If your mother’s maiden name is MacDonald, say it’s Abramowitz. If your first pet was Mr. Fluffy, say it was Boomer. In other words, be very careful of providing answers that are easy to find by someone who knows you, could read your blog, browse your Facebook profile, or look up information that’s part of a public record.

Better yet, use a password manager to store and organize your passwords. Many are guilty of using the same password for multiple sites, because it’s just too much work to remember them, or they keep a list of passwords in a desk drawer, in a note on their phone, or in a file labelled “Passwords” on their desktop (shudder). Two of the best are Dashlane 3 ($29.99) and LastPass 3.0 ($12.99 but a free version is also available); both are compatible with Apple, PC and Android devices.

Keeping your personal information isn’t easy but it’s worth the work. Think of it this way: You wouldn’t hand the keys to your house to a random stranger on the street, so why would you leave the front door unlocked to your virtual home?

Tracey Dowdy is a freelance writer based just outside Toronto, ON. After years working for non-profits and charities, she now freelances and researches on subjects from family and education to pop culture and trends in technology.