"In the future, everyone will be anonymous for 15 minutes." So said the artist Banksy, but following the rush to put everything online, from relationship status to holiday destinations, is it really possible to be anonymous - even briefly - in the internet age?

That saying, a twist on Andy Warhol's famous "15 minutes of fame" line, has been interpreted to mean many things by fans and critics alike. But it highlights the real difficulty of keeping anything private in the 21st Century.

"Today, we have more digital devices than ever before and they have more sensors that capture more data about us," says Prof Viktor Mayer-Schoenberger of the Oxford Internet Institute.

And it matters. According to a survey from the recruitment firm Careerbuilder, in the US last year 70% of companies used social media to screen job candidates, and 48% checked the social media activity of current staff.

Also, financial institutions can check social media profiles when deciding whether to hand out loans.


Meanwhile, companies create models of buying habits, political views and even use artificial intelligence to gauge future habits based on social media profiles.

One way to try to take control is to delete social media accounts, which some did after the Cambridge Analytica scandal, when 87 million people had their Facebook data secretly harvested for political advertising purposes.

While deleting social media accounts may be the most obvious way to remove personal data, this will not have any impact on data held by other companies.

Fortunately, in some countries the law offers protection.

In the European Union the General Data Protection Regulation (GDPR) includes the "right to be forgotten" - an individual's right to have their personal data removed.

In the UK the that is policed by the Information Commissioner's Office. Last year it received 541 requests to have information removed from search engines, according to data shown to the BBC, up from 425 the year before, and 303 in 2016-17.

The actual figures may be higher as ICO says it often only becomes involved after an initial complaint made to the company that holds the information has been rejected.

But ICO's Suzanne Gordon says it is not clear-cut: "The GDPR has strengthened the rights of people to ask for an organisation to delete their personal data if they believe it is no longer necessary for it to be processed.

"However, this right is not absolute and in some cases must be balanced against other competing rights and interests, for example, freedom of expression."

The "right to be forgotten" shot to prominence in 2014 and led to a wide-range of requests for information to be removed - early ones came from an ex-politician seeking re-election, and a paedophile - but not all have to be accepted.

Companies and individuals, that have the money, can hire experts to help them out.

A whole industry is being built around "reputation defence" with firms harnessing technology to remove information - for a price - and bury bad news from search engines, for example.

One such company, Reputation Defender, founded in 2006, says it has a million customers including wealthy individuals, professionals and chief executives. It charges around £5,000 ($5,500) for its basic package.

It uses its own software to alter the results of Google searches about its clients, helping to lower less favourable stories in the results and promote more favourable ones instead.


"The technology focuses on what Google sees as important when indexing websites at the top or bottom of the search results," says Tony McChrystal, managing director.

"Generally, the two major areas Google prioritises are the credibility and authority the web asset has, and how users engage with the search results and the path Google sees each unique individual follow.

"We work to show Google that a greater volume of interest and activity is occurring on sites that we want to promote, whether they're new websites we've created, or established sites which already appear in the [Google results pages], while sites we are seeking to suppress show an overall lower percentage of interest."

The firm sets out to achieve its specified objective within 12 months.

"It's remarkably effective," he adds, "since 92% of people never venture past the first page of Google and more than 99% never go beyond page two."

Prof Mayer-Schoenberger points out that, while reputation defence companies may be effective, "it is hard to understand why only the rich that can afford the help of such experts should benefit and not everyone".


So can we ever completely get rid of every online trace?

"Simply put, no," says Rob Shavell, co-founder and chief executive of DeleteMe, a subscription service which aims to remove personal information from public online databases, data brokers, and search websites.

"You cannot be completely erased from the internet unless somehow all companies and individuals operating internet services were forced to fundamentally change how they operate.

"Putting in place strong sensible regulation and enforcement to allow consumers to have a say in how their personal information can be gathered, shared, and sold would go a long way to addressing the privacy imbalance we have now."

[Source: This article was published in bbc.com By Mark Smith - Uploaded by the Association Member: Jay Harris]

Categorized in Internet Privacy

In Summary

  • Every time you use your Android device, access YouTube, Instagram or WhatsApp, even your internet provider is in on it - Big Brother is watching.
  • A fraudster now has key information that could allow them access banking details, government accounts etc.

According to University of Massachusetts psychologist, Robert Feldman, 60 per cent of people lie at least once during a 10-minute conversation. Especially when you are trying to appear likeable, not offend, capable or competent. Do you know who you never lie to though? Google.

Indeed, there is a high probability that Google knows you better than your spouse. The phrases you search for reflect your likes and aspirations, fears and trepidations - whether that is: News from Migori…Causes of red rashes...Arsenal vs Tottenham results…Best colleges for accounting …or How to get divorced (sssh don’t tell the wife!).

If you think these are private conversations between you and your search engine, think again.


Every time you use your Android device, access YouTube, Instagram or WhatsApp, even your internet provider is in on it - Big Brother is watching. Who dares to say no when you are browsing the internet and the pop-up screen appears asking if you consent to The ‘Cookies’.

I normally agree to these vaguely threatening messages, as I wish to continue using the site and who knows what will happen if you don’t accept.

As Al Franken, former US senator, says of the tech companies: “Accumulating massive troves of information isn’t just a side project for them. It’s their whole business model…We are not their customers; we are their product.”

And the problem is not so much that your search for ‘how many calories in a chocolate bar’, makes you a good candidate for Cadbury’s ads.

The issue is whether all the other data that is collected about you is used as innocuously or in a worst-case scenario, is secure from hackers.

Do you use Facebook?


The people’s republic of Facebook has over two billion netizens. It’s bigger than China, bigger than India and more populous than the whole of the African continent.

Its de-facto leader, Mark Zuckerberg, has unwittingly inherited many of the same headaches as a world leader. For instance, how to keep the peace.

The fact that Facebook may know more about you than your own government, makes it vulnerable to the sophisticated deceptions of unethical players whether it is Cambridge Analytica or Russia interfering with US election results; or other rogue elements such as terrorists using your platform to recruit followers for their misinformed ideologies.

And you know how John and Mary post photos of their new baby girl Waceke on their timeline, telling you the birth was at 3.02am, and of course that mother and baby are well at Mater Hospital in Nairobi? Well, they have just unwittingly created a digital footprint that exposes their child to identity theft in the future.


A fraudster now has key information that could allow them access banking details, government accounts etc.

Dear parents, there is a name for what you are doing. It’s called ‘sharenting’ meaning the over-sharing of children’s information on social media.

And if you live in the land of the Eiffel tower, your child could sue you for this. Let alone that in 18 years’ time, Waceke may cringe at having her future beaus or potential employers viewing half-naked toddler pics.

And you know how these days if you take a photo on an iPhone, it will be stored together with the name of your exact location.

Without your knowledge, this information may be shared. The answer to protect our individual online privacy may be global regulation. However this will take eons and we can’t live without the internet till then. So in the meantime, be safe. Be careful what you share.

[Source: This article was published in nation.co.ke By ADEMA SANGALE - Uploaded by the Association Member: Jason bourne]

Categorized in Internet Privacy

[This article is originally published in cpomagazine.com written by  - Uploaded by AIRS Member: Robert Hensonw]

In an age where the Internet is simply an indispensable part of life, the use of a search engine is possibly at the foundation of the user experience. This is a world where near instantaneous access to information is not simply a ‘nice to have’ for researchers and writers, it is at the bedrock of our modern consumer society. Is the way in which we find takeout food, restaurants, household furnishings, fashion – and yes even friends and lovers. In short, without search engines, the machine that powers our modern world begins to falter.

We are increasingly reliant on search engines – but it may be instructive to understand just how much data Google is now handling. Within Google’s range of products, there are seven with at least one billion users. In its privacy policy, Alphabet (Google’s parent company) outlines its broad and far-reaching data collection. The amount of data the company stores is simply staggering. Google holds an estimated 15 exabytes of data, or the capacity of around 30 million personal computers.1

However, it is worth noting that Google is not alone in the search engine space. There are other players such as Microsoft’s Big. Yahoo Search and Baidu. All of them are mining data. However, there can only be that one ‘Gorilla in the Sandpit’ – and that is undoubtedly Google. To explore just how search engines may infringe on our rights to privacy Google gives us a yardstick to what they would characterize as ‘best practice’.

Nothing in life is free … Including search engines

Consumers are becoming increasingly aware that the old maxim of ‘nothing in life is free’ is even more applicable than when it was penned. In fact, there is an associated saying ‘if something is free you are getting exactly what you pay for.’

Herein lies the problem with the use of search engines. They offer an essential service – but that service is certainly not free of cost. That cost is a certain level of intrusion into our lives in the form of search engine companies like Google gathering data about our online habits and using that data to fine-tune marketing efforts (often by selling that data to third parties for their use).

But that is only the outcome of using a search engine. For many consumers and consumer advocate groups, the real problem lies deeper than that. It revolves around awareness and permission. Are search engine companies free to gather and use our data without explicit permission- can we opt out of such an arrangement?

The answer is both yes and no. Reading search engine company user agreements it becomes clear that we (at least historically) we have been empowering companies like Google to use the data that they gather in almost any way that they see fit. But lately, we have seen a huge effort by search engine companies to make sure that consumers are aware that they can limit the amount of data that is gathered. That was not always the case – user agreements are almost never perused with great care. Most people are not freelance attorneys and are defeated by the legalese and intricacies of most user agreements and outlines of a privacy policy.

However, the real problem is that although the gathering of data and the leveraging of that data for profit may represent a betrayal of the relationship between consumer and search engine company there is a larger issue at stake, beyond even the right to privacy – and this is data security.

Google has a far from the perfect record as regards security – but it is better than many other tech companies. However, mistakes do happen. In 2009, there was a bug in Google docs that potentially leaked 0.05% of all documents stored in the service. Taken as a percentage this does not seem like a terribly large number, but 05% of 1 billion users is still 500,000 people. Google has no room for error when it comes to data protection.

Another fact worth noting is that Google’s Chrome browser is a potential nightmare when it comes to privacy issues. All user activity within that browser can then be linked to a Google account. If Google controls your browser, your search engine, and has tracking scripts on the sites you visit (which they more often than not do, they hold the power to track you from multiple angles. That is something that is making Internet users increasingly uncomfortable.

Fair trade of service for data

It may seem that consumers should automatically feel extremely uncomfortable about search engines making use of the data that they gather from a user search. However, as uncomfortable as it may seem to some consumers are entering into a commercial relationship with a search engine provider. To return to a previous argument ‘there are no free lunches’. Search engines cost money to maintain. Their increasingly powerful algorithms are the result of many man hours (and processing power) which all cost huge amounts of money. In return for access to vast amounts of information, we are asked to tolerate the search engine companies use our data. In most instances, this will have a minimum impact on the utilitarian value of a search engine. Is this not a tradeoff that we should be willing to tolerate?

However, there is a darker side to search engine companies harvesting and using data that they have gleaned from consumer activity. Take for instance the relationship between government agencies and search engine companies. Although the National Security Agency in the United States has refused to confirm (or deny) that there is any relationship between Google and itself there are civil rights advocates who are becoming increasingly vocal about the possible relationship.

As far back as 2011, the Electronic Privacy Information Center submitted a Freedom of Information Act request regarding NSA records about the 2010 cyber-attack on Google users in China. The request was denied – the NSA said that disclosing the information would put the US Government’s information systems at risk.

Just how comfortable should we be that the relationship between a company like Google and the NSA sees that government agency acting as a de facto guardian of its practices and potential weaknesses when it comes to data protection – and by extension privacy?

It’s complicated

The search for a middle ground between the rights of the individual to privacy and the bedrock of data protection vs the commercial relationship between themselves and search engine companies is fraught with complexities. What is becoming increasingly clear is that a new paradigm must be explored. One that will protect the commercial interests of companies that offer an invaluable service and the rights of the individual. Whether that relationship will be defined in a court of law or by legislation remains to be seen.

Categorized in Search Engine

 Source: This article was Published staysafe.org - Contributed by Member: Grace Irwin

The online world offers a wealth of resources for education, entertainment, and connection with other people. Unfortunately, the internet also poses new dangers, and those dangers threaten teens especially. The following guide provides the resources necessary for both parents and their teens to safely utilize the Internet.

There are plenty of horror stories: one boy discovered that an entire website had been set up to denigrate him and encourage others to harass him at school. Another young woman was abducted by a man who had posed as a teen online, traced her to her home through the personal information she’d given out, and then stalked her to discover when she’d be home alone.

Even the non-horror stories are troubling: one young woman found that an entire suite of social media accounts had been set up to impersonate her online. She wasn’t harmed personally by this crazy scheme, but others are less lucky: half a million teens have had their financial histories blemished from the start due to identity theft. And online scams abound—from prom dresses ordered online that turn out to be cheap knock-offs to software that secretly downloads itself and steers browsers to dangerous corners of the internet.

Online life is as fraught with peril as real life, and it can be much harder for parents to monitor the risks their kids are taking in the virtual world. But as with the other challenges of growing up, getting knowledgeable about internet safety for teens, talking over your concerns with the teens in your life, and arming them against the obvious dangers can build your relationships with them—and prepare them for adulthood.

94% Percent of Teens who Use a Mobile Device go Online Daily (source: Pew Research Center)

Start with the Hardware

You should start your child internet protection plan with one of the most vulnerable aspects of your teen’s online life, and one that may not be obvious because it’s there in plain sight. But if your teen has a laptop of their own (or if they routinely borrow yours) it can lead to a world of trouble. Left unattended in a public place, a laptop—which may offer unfettered access to e-mail accounts, personal information, and even vital passwords and credit card numbers—can be gone in seconds. So if you want to boost your teen’s cybersecurity, start by protecting their laptop.

At a bare minimum, insist that they set up password protection on their computer. This may act as a deterrent: a thief having to choose between unattended laptops may not choose one that’s locked down with a password. The next step is a physical lock: computer cables are inexpensive and will allow your teen to leave their seat at the library or a coffee shop without having to decide whether or not to bring their computer into the bathroom.

You can go an extra step by turning on the laptop’s locator function, which comes as a native feature in Apple OS and iOS, with PC versions available for installation on other platforms. This will allow you to locate the computer if it’s lost, and delete the data on the computer if it falls into the wrong hands.

Finally, you should talk to your teen about the type of information they leave on their laptop. It may be tempting to record all their vital passwords and other useful information, but of course, doing so puts them at risk if someone steals it or manages to access it in some other way. At the very least, any files that they use to store this kind of sensitive information should be password protected.

Malware, Viruses, and Spyware

  1. Set Up Password Protection
  2. Turn on the Locator
  3. Discuss Sensitive Information

Protecting your computer means much more than physical protection, as important as that is. Much of the information on your computer can also be accessed by malicious software that can make its way onto your hard drive any time you connect to the internet, and sometimes when you’re connected to any network at all.


Malware is a generic term for all malicious software.


Among the types of malware is the Virus, a piece of software that will secretly enter a computer’s operating system and manipulate it into actions that damage it or hinder its performance.

Trojan Horse

Trojan horses are apparently innocuous applications or utilities that are used by hackers to insert malware into your operating system.


Spyware is malicious software that allows a third party to take information off your computer without your knowledge.

The frightening thing about malware is that you may not even know it’s on your computer until you look for it. If your teen complains about their computer’s performance, though, or if they claim that their web browsers are “acting weird” (prompting browsers to flood the screen with pop-up windows and erratic results on search engines are two common symptoms of computers infected with spyware), take action immediately.

What’s more, if your teen downloads a trojan horse, it’s entirely possible that they’ll give the harmless-looking software all the permission it needs to damage your computer or steal vital information, including passwords and credit card numbers. So in addition to a robust virus detection program, it’s essential that you warn teens—and other users of your household computers—to be aware of the risks of downloading software from the internet, and to be leery of downloading any type of application from a non-reputable vendor.

Fortunately, there are some straightforward ways to protect your teen’s computer: anti-virus software will take care of many of the greatest threats to your computer. Some manufacturers, like Apple, will provide anti-virus software for free, as will many internet service providers. Note, though, that anti-virus software needs to be updated to be effective.

Protect Your Mobile Hardware

Many of the same precautions you take with your laptops should be taken with mobile phones, tablets, and other devices that might contain similar types of sensitive information, or might be used to access personal information via the internet. Encourage your teen to use password protection and enable the device locator function on every device they own.

At the same time, it’s not a good idea for teens to allow apps, in general, to use location services, since these may reveal where they live. Many devices will allow you to select what apps can use your location, so it might be worth the time to sit down with your teen and look at their phone or tablet’s location settings—to make sure, for example, that when they put a picture of their dog up on Instagram, they won’t also post your home address.

Everyone loves the camera function on their phones, but they present another risk that comes with mobile devices. Even with the location function turned off, photos taken and shared online can, by sending landmarks out over social networks, provide almost as much location information as a phone’s location services function. Suggest to your teen that they take some care in choosing what shots to share, so they don’t reveal too much about where they live.

ID Theft

So why is it so risky for a teen to reveal where they are? Revealing credit card numbers, or passwords to online merchant accounts presents an obvious risk. But why would an address—or a photograph that gives their address away—cause problems?

Unfortunately, teens are just as susceptible to identity theft as adults, and for teens, the consequences of someone using their information to apply for a credit card or access other financial resources can be just as bad, if not worse, than the consequences for an adult. Since teens don’t have a credit history already, having an identity thief run down their credit rating can make building a decent credit history an uphill battle from the very start.

Even apparently innocuous information, like an address or a birth date—information that many people, not just teens, will sometimes include in their social media profiles—can be enough for a criminal to apply for a credit card, for example. And while you may stay on top of what they post on social media, teens, like adults, can also give out that information in an act of forgetfulness. Online quizzes or surveys are sometimes really just mechanisms by which scam artists try to get useful intel (a quiz might ask “what’s your mother’s maiden name?” for example, in order to get the answer to one of the most popular security questions).

Teens should be cautioned against putting up too much identifying information online. Birthdates are out; addresses should be, too. Even if the information doesn’t seem like it’s going to be collected in any permanent way, there’s still a chance that it will be, and that it will be used by a scam artist to destroy a teen’s financial reputation before they’ve even had a chance to build it.

“Unfortunately, teens are just as susceptible to identity theft as adults.”

Scams and Online Shopping


  • Only Make Sales Through Reputable Platforms
  • Look Out for Hidden or Extra Fees 
  • Review Your App Subscriptions 
  • Limit Your Teen's Online Spending

Online scam artists have other schemes besides identity theft, however. Online shopping presents its own dangers. In the notorious case mentioned above, a teenaged girl thought she was buying an expensive prom dress at a bargain price only to discover that the dress she received in the mail didn’t match the online photo at all. It was cheaply made, poorly fitted, and impossible to return.

Again, these are risks that even adults fail to see in time, but you can help your teen avoid getting taken in by insisting on having a look at any purchase they make online. You can also insist that any sales go through reputable vendors like Amazon, or that, at the very least, they go through reputable sales platforms like eBay, where it’s possible to get purchase protection and the site’s management provides tools and assistance in resolving customer complaints.

Some scams involve more than just a single purchase. Teens should, for example, be aware of one scam that promises “free” ringtones but charges a high monthly fee that the teen might not be aware of until it shows up on your credit card statement.

Both these online scams involve disreputable businesses. But some online shopping risks are harder to spot. The teen years are probably too late for the “I didn’t know” excuse for in-app purchases, the $800 iTunes bills that are the stuff of legend. But some smartphone apps involve “subscriptions” that it’s easy to forget about, and that can ding your credit card for three, four, or five dollars on a weekly basis.

So it makes sense to review your accounts on iTunes or other app marketplaces to make sure such subscriptions aren’t adding up. If they are, the best recourse is just to mention them to your teen and ask them to be more careful in the future.

Finally, there are ways to limit your teen’s online spending. iTunes offers an “allowance” feature that will deposit a set amount in an iTunes account on a regular basis rather than simply giving the account unlimited access to a credit card. Many online marketplaces, from Amazon to Google Play, offer gift cards that can be redeemed online (this approach also keeps teens using more reputable retailers). Many online retailers will also accept cash cards—that is, what are essentially prepaid credit cards–as payment. And if you’re interested in high-tech solutions, you might want to look into VeeLoop, an app that allows your teen to seek your approval for items in their virtual shopping carts before an online vendor processes their purchase.

Social Media: Online & In Public

As bad as they are, scams and malware aren’t the only online dangers. Social media has dramatically expanded the amount of their lives that teens can live online. And while social media allows teens to keep up with friends and family, even across vast distances, a lot of life’s dangers have followed them online as well.

Remember: social media is designed to convince users that they’re a part of a community. And while they do function as virtual communities, it’s easy to forget how many people can be privy to online conversations between friends. That’s why many teens may, without thinking, reveal vital information of the kind that’s most useful for ID theft and other criminal acts. Beyond that, wherever kids congregate, there’s a possibility for hurtful or inappropriate behavior, and the virtual world is no different.

There are many social networks, but here’s a look at some of the most popular.



Many teens will have a profile on Facebook without using it much. Even so, Facebook’s platform allows for interactions with strangers, and its various levels of privacy and multiple means of sharing can make what seem like private interactions more public than a user may realize.


Like Facebook, Twitter isn’t the most popular teen social media platform, and while teens should continue to take care with it—and parents should be aware that there’s no way to prevent teens from coming across adult material, and no particularly effective means of stopping harassment—it’s tamer than some online outlets.


Instagram is much more popular among teens, and it’s based primarily on sharing images which people in a user’s network can then comment on. Because it’s based on images, Instagram can tempt teens to post embarrassing or inappropriate images online, but it has similar privacy settings to Facebook, which means that the user can exercise some control over who can see their content.


Snapchat takes Instagram a step further: it’s also based on sharing images presented as an occasion for comments. These images disappear after a few seconds, however, so things that appear on Snapchat may seem to be gone forever. As it happens, however, most devices can capture any images that appears on its screen. And while Snapchat now notifies users that when someone takes a screen grab of an image they’ve put up, some apps allow users to circumvent this feature. As a result, Snapchat is even more likely to lure teens into thinking an inappropriate or embarrassing picture will never be seen again.

This may seem like an unmanageable array of platforms—and this list leaves out some other, less-used sites as well. But if you’re concerned about your teen’s online life, there are some easy ways to keep tabs on what they’re up to. You can ask what platforms they use most frequently and check their profile pages.

You can also use a search engine to search for your teen’s name and see what results you get: if their social media profiles appear in search results, they may not be using their privacy settings appropriately. If that’s the case—and even if it isn’t—sit down with your teen and look at each social network site’s privacy settings to make sure that no sensitive information or embarrassing material can come in reach of people they don’t know. And if you’re active on social media, one simple way to keep up with your teen’s online life is to follow or friend them yourself.

Given the various ways social media platforms make it easy to share photos, you may also want to talk to your teen about what constitutes “embarrassing” or “inappropriate.” It’s possible that they may have a different perspective than you, of course, but it’s also possible that they’re defining those terms without taking into consideration how far an image can spread, and how permanent it may be. Knowing that a future love interest, or an elderly relative, might someday see a comment or image they post online may change the teen’s perspective.

Meeting People Online: Stalkers and Predators

All parents fear the possibility of their child coming in contact with strangers who mean to do them harm. The risk of that happening through online interactions, and through social media, in particular, is very real. That’s because sensitive information isn’t only a boon to scammers hoping to profit off of identity theft: carelessly spread information, and thoughtless interactions with unknown people, can also put teens at risk of encountering stalkers, predators, and others who could harm them physically or emotionally.

One threat that’s easier to avoid is that of the stalker, a person who gradually gathers information about a person in order to harass them or violate their privacy. You should remind your teen that even the blandest photo can reveal information about their age, what school they go to, where they live, and even times that they’re most likely (or least likely) to be alone. Privacy settings may help prevent the wrong people from getting that information, but teens should also use that awareness to restrict what they’ll give away in their profiles, pictures, or in an ordinary exchange of comments or messages.

Predators—people who work to gain a youth’s confidence either in order to build an inappropriate relationship or in order to lure them into inappropriate behavior—are a bigger online safety concern. Many of the most popular social media sites or apps, including Instagram and Snapchat, are effectively electronic messaging services, and beyond the world of social media, teens can often get drawn into online forums, chat rooms, or other venues where they can have extended exchanges with people they don’t know.

These virtual interactions have been a boon for online predators: according to statistics put out by the FBI and United Nations, at any given time there are 750,000 predators online looking to foster inappropriate, and sometimes illegal, relationships with teens. And there have been bad outcomes: teens have been lured into abductions and into sexual situations, and have been subject to sexual assault as a result of relationships begun online. And there’s a chance that none of the exchanges leading up to such an outcome will be easily visible to parents.

750,000 Predators are online looking to foster inappropriate relationships with teens at any given time.

One way to prevent such horror stories is simply to educate the teen. The website onlinesense.org, for example, offers a list of ways to recognize someone who’s trying to lead you into a potentially dangerous situation. For example, predators will:

  • Want to have private conversations with their targets.
  • Insist that their online relationships be kept a secret. 
  • Ask their targets to provide personal information, like their addresses, their full names, or phone numbers. 
  • Tend to do some stalking online to uncover information about their targets—and then make a show of how much they know. 
  • Ask their targets a barrage of questions in order to get their targets to release more personal information. 
  • Try to convince their targets that everything they’re doing, and all the information they’re revealing, is perfectly normal.

Many of these behaviors would, of course, be easily spotted as obnoxious or creepy if they were done by a stranger the teen met in person, and that’s probably the best way to communicate the warning signs here: ask the teen to imagine themselves alone in a strange place with a stranger pestering them with questions or telling them to keep their meeting a secret. Remind them, too, that in the online world, it’s easy for someone to assume an identity: the 12 year old girl mentioned at the beginning of this article had been convinced by her abductor that he was also a teen, even though he was in his mid thirties. So don’t just encourage your teen to imagine a stranger asking them questions: have them imagine a stranger wearing a mask.

If you suspect your teen may already be in contact with someone who doesn’t have their best interests at heart, it may be daunting to bring up the subject. Again, though, linking the issue to real life may be your best bet. You can, as you would with real acquaintances, ask to be (virtually) introduced. If a teen seems to be spending an inordinate amount of time in chat rooms, you can set limits as you would on any other social activity—and insist on being able to view browser histories in order to keep track. You can approach one of the teen’s trusted peers, older relatives, or mentors and ask them to do a reality check or inquire what’s going on. Teens often rebel against control, but they’re also often swayed by genuine and respectful concern.

When the Predators Aren’t Strangers: Online Bullying

Unfortunately, your teen’s emotional well-being may not be threatened by strangers only. Online bullying is a real possibility as well and can have devastating effects, leading to long-term problems with self-esteem. Bullying can also lead to depression and (in some tragic instances) suicide.

As with real-life bullying, the shame associated with the experience can make it difficult for a teen to seek help or advice. Because the online world provides harassers with potentially unassailable anonymity, this, too, can make the teen unwilling to speak out. So it’s important to look for signs. If your teen:

  • Is avoiding online activities (such as gaming or social media) that they used to enjoy, and yet don’t seem to have traded these activities for something else they like to do
  • Seems to be relieved when coming away from their computer or device, as if they’ve just had an unpleasant experience
  • Seems to be routinely dismayed by messages they receive or by other interactions with people on their mobile device or computer
  • Are suddenly becoming much more secretive about their online experiences
  • Are showing signs of depression

They may be subject to bullying online.

If that’s the case, though, what can you do? You should, first of all, try to talk to your teen. According to Sameer Hinduja and Justin Patchin of the Cyberbullying Research Center, your first step should always be to sit down, ask what’s going on, provide unconditional support without “freaking out,” and very much take a problem-solving approach to the situation. Document the abuse, be ready to report it to the authorities and keep lines of communication open between you.

Understand, too, that even if your teen isn’t being bullied, they may very well know of someone who is. If you can, encourage your teen to report bullying, if only to you. And just in case, remind them that in many jurisdictions the online harassment that we call cyberbullying is actually a crime, and can have serious repercussions for them if they’re involved. Even if they never become a cyber bully themselves, the fact that bullying is illegal may be enough for them to convince friends or acquaintances not to join in when others do it.

58% Of Teens Have Downloaded an App to Their Cell Phone or Tablet

How to Handle Gaming

One online community in which bullying is especially prevalent is online gaming. Not that bullying is an unavoidable feature of such games: many teens may find a valuable social outlet in the community that springs up around their favorite role-playing game, or around the online component of their favorite console games. What’s more, many games themselves teach valuable lessons about teamwork, problem-solving, and other important developmental skills.

At the same time, however, online games, just like neighborhood sports, can be an occasion for trash talk which then escalates to harassment or bullying. Especially for a teen whose social life revolves around an online community, the effect can be traumatic. As with other types of bullying, keep tabs on your teen’s mood and behavior, and try to look for signs that you might have a problem. Nor is bullying the only risk that online games present. Often games will include forums for online communication, and these can serve as tools for predators in the same way as social media.

Finally, like other online activities, online gaming can gradually take over more and more of a teen’s life until it becomes an addiction.

If you’re concerned about this prospect, here are some tell-tale warning signs of internet gaming addiction:

  • Obsessively thinking about gaming, even when the teen isn’t playing.
  • Lying about gaming activities—to family and friends
  • Deep distress when gaming activities are curtailed for any reason. 
  • Lack of interest in other activities, and neglect of hygiene, schoolwork, or other responsibilities, whether in the household or outside of it.

If you suspect that your teen may be addicted to gaming, the first approach, as always, is to talk to them. Try to set limits and seek to tie the privilege of gaming to responsibilities they may be neglecting. If these approaches don’t work, you might want to try counseling or other professional help. A video game addiction is unlikely to be as damaging or difficult to overcome as an addiction to alcohol or drugs, but soldiering on against it without help is just as likely to damage your relationship with your teen.

Should My Teen Have a Blog?

Absolutely! Blogging—and webcasting videos via YouTube—can be a great creative outlet, and may inspire your teen to acquire the skills and dedication of a successful blogger, or the technical savvy (and even greater dedication) that a successful video channel requires. What’s more, bloggers, Youtubers, and podcasters (people who disseminate audio content via iTunes or other platforms) can in rare instances earn money from their efforts, which adds a key incentive for teens to persevere.

At the same time, these outlets present some of the same dangers as other online activities. They can be a way for stalkers and predators to learn personal information about your teen, and—even more than social media—they put your teen’s actions, attitudes, and behaviors on public display, putting them at risk of later embarrassment or shaming, and even possible legal consequences if they say the wrong thing.

If your teen is putting content online, be sure to go over with them the various risks of putting out personal information on the internet. And you may also want to lay down some ground rules, such as requiring all content to get your approval before it’s put out for the rest of the world to see.

92%A survey of more than 600 teens found that nearly all shared their real name and photos of themselves, and most shared their school name, birthdate, and where they lived.

Some Common Sense Guidelines

In a world full of screens, it may seem futile to fight them for your teen’s attention. And yet you are your teenager’s anchor to the real world, and you may be the only one in their lives seeking to protect them from life’s dangers. That being the case, here are some general internet safety tips you can try as you work to keep your teen safe online.

  • Insist that your teen employ privacy settings on Facebook, Instagram, and other social media platforms. If the teen uses a shared computer for their online life, make sure that the computer stays in a common area in the house. This shouldn’t be done so you can look over their shoulders, but rather so you can get a glimpse of how their online life affects them (an essential for cyberbully prevention) and keep tabs on the amount of time they’re spending. If you’re concerned, this will also allow you to check their browser history.
  • Enforce general norms against screen use and online activity. “No phones at the table” is a good place to start, as is a set time to turn screens and phones off, enforced on school nights, or on any night when the teen needs to show up somewhere the next morning. If these limits turn out to be bigger battles than you expect, that will at least alert you to potential problems
  • Resist allowing the teen to use screens or phones in their rooms, even if those devices are properly theirs. Phones may be too much of a battle (and may be impractical to enforce), but try to keep their gaming screens, tablets, or computers out. This will help them get better sleep, and will once again allow you to get a glimpse of how they’re conducting themselves online
  • If you want to more closely monitor your teen’s online activities, consider taking advantage of some of the apps or software designed for that purpose, including Net Nanny, which allows you to control what websites your kids access, and will even warn you if your teen searches for an objectionable term. Secure Teen keeps call logs and allows you to read text messages. Teen Safe does all of this and more—including locking teens out of messaging when they’re driving and allowing you to track them via GPS.

In the end, remember that helping your teen through life’s challenges—online and offline—is as much about communication as it is about control. Given enough time and the endless resources of the internet, teens can usually circumvent even the best apps and cheat the tightest household restrictions. But they won’t be able to hide their emotions if they have a problem, and whatever happens, they’re still going to want your approval. So take teens’ online lives seriously, but don’t forget that their online lives are still their lives, and part of the process by which they become adults.

Categorized in Internet Privacy

When reading Wikipedia’s 1992 Ten Commandments of Computer Ethics you can easily substitute “Internet” for “computer” and it’s amazing what you see…., for example the 1stCommandment “You shall not use the Internet to harm other people.”  Here are all Ten Commandments of Internet Ethics (with my minor edits):

  1. You shall not use the Internet to harm other people.
  2. You shall not interfere with other people’s Internet work.
  3. You shall not snoop around in other people’s Internet files.
  4. You shall not use the Internet to steal.
  5. You shall not use the Internet to bear false witness.
  6. You shall not copy or use proprietary software for which you have not paid (without permission).
  7. You shall not use other people’s Internet resources without authorization or proper compensation.
  8. You shall not appropriate other people’s intellectual output.
  9. You shall think about the social consequences of the program you are writing or the system you are designing.
  10. You shall always use the Internet in ways that ensure consideration and respect for your fellow humans.

For those of us who used the Internet 1992 it’s great to see that the Ethics of the Internet in 1992 (from the Computer Ethics Institute) applies in 2016!

Source: This article was published vogelitlawblog.com By Peter S. Vogel

Categorized in Internet Ethics

A new form of malware hit the internet Tuesday, shutting down systems across Europe and impacting companies from the U.S. to Russia. Unfortunately, the attack, which early reports indicate seems to have hurt Ukrainian organizations and agencies more in particular, is still largely a mystery for security researchers.

A form of ransomware, the malware encrypts a victim’s PC and demands that they pay $300 in exchange for the keys to unlock their computer or lose all of their data. The attack even managed to affect radiation monitoring equipment at the exclusion zone around the Chernobyl nuclear disaster site, forcing workers to rely on manual checks instead.

Cybersecurity firms originally believed the malware to be a perviously known form of ransomware called Petya, but Kaspersky Lab says it’s actually a different, unknown version kind of ransomware, causing the cybersecurity company to dub it NotPetya.

Interestingly, the Petya/NotPetya software uses a Microsoft (MSFT) Windows vulnerability similar to the one exploited by the WannaCry 2.0 ransomware which hit the web a few weeks ago. But it looks like that exploit, which was originally used by the NSA and called EternalBlue, is just one of three attack points this ransomware takes advantage of.

If your computer is infected with malware, your best bet is to simply erase the entire system. Ransomware programs sometimes require you to pay in Bitcoin, an anonymous currency that can’t be tracked.

However, criminals have increasingly begun demanding payment in the form of iTunes or Amazon gift cards, since the average person doesn’t know how to use Bitcoin, according to McAfee’s Gary Davis.

The amount you have to pay to unlock your computer can vary, with some experts saying criminals will ask for up to $500.

To be clear, ransomware doesn’t just target Windows PCs. The malware has been known to impact systems ranging from Android phones and tablets to Linux-based computers and Macs.

Where it comes from

According to Davis, ransomware was actually popular among cybercriminals over a decade ago. But it was far easier to catch the perpetrators back then since anonymous currency like Bitcoin didn’t exist yet. Bitcoin helped changed all that by making it nearly impossible to track criminals based on how victims pay them.

There are multiple types of ransomware out there, according to Chester Wisniewski, a senior security advisor with the computer security company Sophos. Each variation is tied to seven or eight criminal organizations.

Those groups build the software and then sell it on the black market, where other criminals purchase it and then begin using it for their own gains.

How they get you

Ransomware doesn’t just pop up on your computer by magic. You actually have to download it. And while you could swear up and down that you’d never be tricked into downloading malware, cybercriminals get plenty of people to do just that.

Here’s the thing: That email you opened to get ransomware on your computer in the first place was specifically written to get you to believe it was real. That’s because criminals use social engineering to craft their messages.

For example, hackers can determine your location and send emails that look like they’re from companies based in your country.

“Criminals are looking are looking up information about where you live, so you’ll click (emails),” Wisniewski explained to Yahoo Finance. “So if you’re in America, you’ll see something from Citi Bank, rather than Deutsche Bank, which is in Germany.”

Cybercriminals can also target ransomware messages to the time of year. So if it’s the holiday shopping season, criminals might send out messages supposedly from companies like the US Postal Service, FedEx or DHL. If it’s tax time, you could receive a message that says it’s from the IRS.

Other ransomware messages might claim the FBI has targeted you for using illegal software or viewing child pornography on your computer. Then, the message will tell you to click a link to a site to pay a fine — only to lock up your computer after you click.

It’s not just email, though. An attack known as a drive-by can get you if you simply visit certain websites. That’s because criminals have the ability to inject their malware into ads or links on poorly secured sites. When you go to such a site, you’ll download the ransomware. Just like that, you’re locked out of your computer.

How to protect yourself

Ransomware attacks vulnerabilities in outdated versions of software. So, believe it or not, the best way to protect yourself is to constantly update your operating system’s software and apps like Adobe Reader. That means you should always click that little “update” notification on your desktop, phone, or tablet. Don’t put it off.

Beyond that, you should always remember to back up your files. You can either do that by backing them up to a cloud service like Amazon (AMZN) Cloud, Google (GOOG,GOOGL) Drive or Apple’s (AAPL) iCloud, or by backing up to an external drive.

That said, you’ll want to be careful with how you back up your content. That’s because, according to Kaspersky Lab’s Ryan Naraine, some ransomware can infect your backups.

A ransomware attack screen designed to look like an official message from the F.B.I

Naraine warns against staying logged into your cloud service all the time, as some forms of malware can lock you out of even them. What’s more, if you’re backing up to an external hard drive, you’ll want to disconnect it from your PC when you’re finished, or the ransomware could lock that, as well.

Naraine also says you should disconnect your computer from the internet if you see your system being actively encrypted. Doing so, he explains, could prevent all of your files that have yet to be encrypted from being locked.

Above all, every expert I spoke with recommended installing some form of anti-virus software and some kind of web browser filtering. With both types of software installed, your system up to date, and a backup available, you should be well-protected.

Oh, and for the love of god, avoid downloading any suspicious files or visiting sketchy websites.

What to do if you’re infected

Even if you follow all of the above steps, ransomware could still infect your computer or mobile device. If that’s the case, you have only a few options.

The first and easiest choice is to delete your computer or mobile device and reinstall your operating system. You’ll lose everything, but you won’t have to pay some criminal who’s holding your files hostage.

Some security software makers also sell programs that can decrypt your files. That said, by purchasing one, you’re betting that it will work on the ransomware on your computer, which isn’t always the case. On top of that, ransomware makers can update their malware to beat security software makers’ offerings.

All of the experts agree that the average person should never pay the ransom — even if it means losing their files. Doing so, they say, helps perpetuate a criminal act and emboldens ransomware makers.

Even if you do pay up, the ransomware could have left some other form of malware on your computer that you might not see.

In other words: Tell the criminals to take a hike.

Source: This article was published Yahoo Finance By Daniel Howley

Categorized in Internet Privacy

Companies like Paul Bunyan Communications, AT&T and Comcast have made public announcements pledging that their values remain unchanged in the face of the FCC ruling that now allows them to sell customer data.

(TNS) — BEMIDJI — Internet providers locally and nationally have stated they won't collect and sell Web browsing history.

The responses follows the passage of federal legislation this week allowing internet service providers to sell their customers' web browsing history. The legislation is a reverse of an Obama administration era privacy rule through the Federal Communications Commission.

Regionally, Paul Bunyan Communications stated in a press release that regardless of what the law allows, it won't sell members' web browsing history.


"Our members' privacy is of the utmost importance to our member-owned and governed cooperative," Gary Johnson, the CEO and general manager of Bemidji-based Paul Bunyan Communications, said in the release. "We have never sold member web browsing history and have no plans to do so in the future regardless of what the rules and regulations may allow.

"We feel it is extremely important to reassure our customers that our cooperative will not sell their web browsing history," Johnson said. "Any provider who sells their customers' web browsing history without their consent is putting profits ahead of the trust of its customers and we believe that flies in the face of common decency, customer privacy and certainly our cooperative values and principles."

Other companies across the country made similar statements, such as Comcast.

"We do not sell our broadband customers' individual web browsing history. We did not do it before the FCC's rules were adopted and we have no plans to do so," said Comcast's Chief Privacy Officer Gerard Lewis in a release, according to Reuters Media.

AT&T, meanwhile, said in a statement that the company, "will not sell your personal information to anyone, for any purpose. Period," Reuters reported.


Source : govtech.com

Categorized in Internet Privacy

A US House committee is set to vote today on whether to kill privacy rules that would prevent internet service providers (ISPs) from selling users’ web browsing histories and app usage histories to advertisers. Planned protections, proposed by the Federal Communications Commission (FCC) that would have forced ISPs to get people’s consent before hawking their data – are now at risk. Here’s why it matters.

What kind of personal data do internet service providers want to use?

Your web browsing patterns contain a treasure trove of data, including your health concerns, shopping habits and visits to porn sites. ISPs can find out where you bank, your political views and sexual orientation simply based on the websites you visit. The fact that you’re looking at a website at all can also reveal when you’re at home and when you’re not.

If you ask the ISPs, it’s about showing the user more relevant advertising. They argue that web browsing history and app usage should not count as “sensitive” information.

What’s changed?

The FCC has privacy rules for phones and cable television, but they didn’t apply to internet service providers. In October 2016 the agency introduced broad new privacy rules that prevent companies such as AT&T, Comcast and Verizon from collecting and selling digital information about individuals including the websites they visited and the apps they used.

The new rules – dubbed the Broadband Consumer Privacy Proposal – would require broadband providers to get permission from subscribers before collecting and selling this data. Currently broadband providers can track users unless individuals opt out. The new rules were due to come into play as early as December 2017.

“Getting these rules was probably the biggest win in consumer privacy in years. If the repeal succeeds it would be pretty bad,” said Jeremy Gillula, from the Electronic Frontier Foundation.

How could ISPs use my personal data?

They sell it to advertisers. Having all the data relating to your browsing behavior allows them to offer highly personalized targeted advertising at a premium to big brands, which are injected into your browsing experience. AT&T already tried such a program but killed it just before the FCC introduced the new privacy rules.

Meanwhile, Verizon attempted to insert undetectable “supercookies” into all of its mobile customers’ traffic, which allowed them to track all their browsing behavior – even if a web user was browsing in incognito mode or clearing their cookies and history. The company was sued for $1.35m by the FCCfor not getting customer permission to track them.

Do all ISPs want to harvest our data?

No, not all ISPs want to abolish the privacy protections. A list of several smaller providers – including Monkeybrains.net, Cruzio Internet and Credo Mobile – have written to representatives to oppose the decision. “One of the cornerstones of our businesses is respecting the privacy of our customers,” they said.

How does this differ from the way Google and Facebook use our data?

It’s much harder to prevent ISPs from tracking your data. You can choose not to use Facebook or Google’s search engine, and there are lots of tools you can use to block their tracking on other parts of the web, for example EFF’s Privacy Badger.

Consumers are generally much more limited for choice of ISP, in some cases only having one option in a given geographical area. This means they can’t choose one of the ISPs pledging to protect user data.

Are any rules keeping ISPs in check?

In January the major ISPs signed a voluntary set of privacy principles, pledging to insist on opt-in consent before sharing “sensitive” information such as social security numbers and opt-out choice for “non-sensitive” customer information. Unfortunately, browsing history was included as “non-sensitive”.

These principles are based on rules created by the Federal Trade Commission, which used to be able to punish ISPs for violating customers’ privacy but is prohibited from regulating common carriers.

So how can users protect their browsing history?

You need to encrypt all your internet traffic. Some websites (like the Guardian) are already encrypted – marked out with HTTPS at the beginning of the URL – but ISPs would still be able to see which websites you have visited, just not the individual pages.

To mask all of your browsing behavior you can use a VPN service (which incurs a subscription cost) or try using Tor.

“Both make everyday browsing more complicated,” Gillula said.

Author : Olivia Solon

Source : theguardian.com

Categorized in News & Politics

Cloudflare, which operates a widely used web content delivery network, announced a security bug on February 23 that caused sensitive data to leak from its customers’ websites.  The exact number of websites potentially affected is unknown but some estimates place the total in excess of 5 million. The Google security researcher who discovered the bug – nicknaming it “Cloudbleed” after the 2014 Heartbleed bug – reported it to Cloudflare on February 18, 2017.  Cloudflare disabled the compromised software and stopped the leak later the same day.

The leaked data reportedly included passwords, private messages, encryption keys, session cookies that would let an attacker log into an account without a password, IP addresses and other data.  Leaked data was exposed to search engine crawlers, which began to automatically cache the data, thus complicating remediation.

As of this writing there have been no publicized reports that leaked data has been exploited and Cloudflare has published analysis concluding that the vast majority of its customers probably were not affected.  However, operators of millions of websites and their users are left to wonder whether they were affected and what they should do next.

Below is a summary of what we know now and our thoughts on next steps.

What is Cloudflare?

Cloudflare makes a web content delivery product used by 6 million customers to enhance website performance and security.  When you visit a website in Cloudflare’s network, your request for the site is automatically routed to Cloudflare, which uses routing techniques and its own copy of the site’s static content to load the site faster than it would conventionally.

Cloudflare also offers features designed to enhance the security of web content, such as rewriting unencrypted http content to encrypted https, using “server-side exclude” technology to ensure data is seen only by its intended audience, and obfuscating email addresses.

What does the Cloudbleed bug do?

The bug was found in a parser used to power three security features – https rewrites, server-side excludes, and email obfuscation.  To execute these features, Cloudflare saves website content and data to memory for parsing.  The bug caused this data to leak – at random – into code of web pages in the Cloudflare network such that when you visited a web page, that page would include leaked data from an entirely different Cloudflare-supported website.

What type of information was leaked?

The Google researcher who discovered the bug gave this report:

I’m finding private messages from major dating sites, full messages from a well-known chat service, online password manager data, frames from adult video sites, hotel bookings. We’re talking full https requests, client IP addresses, full responses, cookies, passwords, keys, data, everything.

Cloudflare’s CTO initially reported that end-user passwords, authentication cookies, OAuth tokens used to log into multiple website accounts, and encryption keys were at risk of exposure.  In its most recent blog post, Cloudflare reports that it has not yet found any instances of passwords, credit cards or health records among leaked data but that leakage of this and other sensitive data cannot be ruled out.  In addition, Cloudflare has emphasized that leakage occurred randomly and leaks would include a mixed bag of both potentially sensitive data and useless non-sensitive “noise”.

Where did leaked data go?

Leaked data could be stored in the browser caches of users who unwittingly downloaded leaked data, was cached by search engines like Google, Bing and Yahoo, and may have been saved by other bots that roam the Internet.  While Cloudflare worked with search engines to remove 770 cached instances of leaked data from 161 different domains before announcing the bug and was unable to find leaked data on sites like Pastebin, researchers subsequently reported that leaked sensitive data is still discoverable in search engines.

When did the leak become active?

As early as Sept. 22, 2016, when the https rewrite feature was first enabled.

The period of greatest exposure was between February 13, 2017 (when the email obfuscation feature was migrated to the compromised parser) and February 18, 2017 (when the compromised features were disabled).

How many Cloudflare customers were affected?

Cloudflare has not provided an official estimate but its latest blog post reports that it found data of approximately 150 Cloudflare customers among the more than 80,000 cached pages that have been purged by the search engines.  The post provides some useful analysis of the probability of a leak based on a website’s level of traffic.  For example, a site that made 250-500 million requests to the Cloudflare network per month is expected to have leaked 25-56 times.  Cloudflare estimates that the 99% of its customers sending fewer than 10 million requests per month probably had no leak at all.  The post also reports that a maximum of 6,457 websites could have triggered the bug.  However, because the websites that triggered the bug pulled information from other websites in Cloudflare’s network, the number of affected Cloudflare customers is unknown and could be much higher.

Has any data been exploited?

Cloudlfare reports that it has found no evidence of the bug being exploited before it was patched.

What is the risk to individuals?

The risk to specific individuals is difficult to evaluate at this stage.  The good news is that Cloudflare acted quickly to remediate the bug and purge known instances of leaked data from search engine caches—all before any reported instances of the bug being discovered or exploited by malicious actors.  In addition, the random distribution of leaked data across the Internet may limit the kind of accumulation of data in one place that would make it easier for a malicious actor to exploit it at scale.  Finally, according to Cloudflare’s analysis, the risk of a leak appears to be low for 99% of its customers.

The bad news is that some of the leaked data – including passwords, encryption keys, authentication tokens and conversations – is clearly sensitive and potentially exploitable to the extent it is still discoverable in search engine caches or elsewhere.

What should companies do now?

Like the Heartbleed bug before it, Cloudbleed is the latest internet security bug to expose a wide swath of the Internet to potential data leaks while in most cases leaving no way to conclusively confirm whether or not a particular company’s or individual’s data was leaked or exploited.  While Cloudbleed may pose low risk to most websites according to Cloudflare, its customers should take this news seriously given the sensitivity of the data exposed and the media attention that the bug has attracted.  Following some basic incident response best practices can help companies mitigate risk and assure customers and partners that appropriate steps are being taken.

  • Evaluate the impact. Companies that use Cloudflare should evaluate the impact to their own websites and any potentially sensitive data that those sites process, while continuing to follow new developments.  A careful reading of Cloudflare’s initial and follow-up posts, as well as the post by the Google security researcher who discovered the bug, followed by inquiries with Cloudflare, are a good start.
  • Take mitigating action. Because the Cloudbleed bug has been patched, efforts should focus on mitigating risk to potentially impacted individuals.  Cloudflare has recommended that concerned customers invalidate and reissue persistent secrets, such as long lived session identifiers, tokens or keys (the company says that customer SSL keys were not exposed and do not need to be rotated).  Other options include:
    • Informing customers about Cloudbleed and its potential impact.
    • Recommending that customers change passwords and use two-factor authentication to protect accounts
    • Forcing a change of administrator credentials for potentially impacted sites
    • Forcing a change of customer passwords
    • Requiring customers to log back into websites without changing passwords (if not already required by invalidating session identifiers)

The right approach will vary for each company based on its own business, the operational costs of making these changes, the sensitivity of the data it handles and the probability of data leakage based on the volume of traffic it sends through Cloudflare.  Companies should perform their own risk assessments in determining the appropriate mitigating steps, weighing both the probability that leaked data could be exploited and the potential impact to the company and individuals if it is.  It is a good idea to document this analysis as part of your incident response process (discussed below).

  • Search for your data. Although Cloudflare took steps to purge leaked data from search engine caches, there have been reports on social media that leaked data remained discoverable after Cloudlfare’s purge.  Thus, potentially affected companies should make a reasonable effort to discover whether their own data is still searchable as part of their incident response efforts.  Whether these searches are performed with the assistance of security incident response vendors or in-house, it is advisable to document the methodology used for the search, why it is believed to be sound and the results of the searches.
  • Develop a communications strategy. Cloudbleed has attracted significant media attention and it is only a matter of time before companies are asked whether they are affected.  Proactively communicating your company’s response to Cloudbleed and efforts to investigate can help alleviate concerns and demonstrate that your company takes security seriously.  This message can be relayed through support emails, customer notices or talking points tailored to customers or other external parties who may inquire.  However, like any external communication relating to an information security incident, these messages should be carefully crafted with the assistance of legal counsel and other relevant internal stakeholders before distribution.
  • Consider security incident notice obligations. Companies should consult legal counsel to assess whether even potential leakage of data triggers breach notification obligations under legal or contractual obligations. While most legal breach notification requirements would not be triggered by unconfirmed potential data leakage, the question is worth closer examination if health data or other particularly sensitive data is at issue or if the company is subject to stringent contractual security incident notification requirements.
  • Initiate an incident under your incident response plan. Companies are increasingly required by law, contractual obligations or internal policy to follow a security incident response plan that addresses how to detect, respond to and mitigate security incidents affecting sensitive data.  If you have an incident response plan and handle sensitive data with potential exposure to Cloudbleed, this is a great reason to formally initiate in incident and respond according to your plan.  Doing this, and documenting the effort, can help you ensure a sound response and demonstrate that you responded responsibly in the event auditors, customers or governmental investigators inquire.  You will also learn something about how well your incident response plan works and what can be done to improve it.

Author : David Navetta & Boris Segalis

Source : http://www.dataprotectionreport.com/2017/03/cloudbleed-bug-impacts-large-swath-of-the-internet/

Categorized in Internet Privacy

Middle-aged people who consider themselves tech-savvy are a prime target for internet fraudsters, according to research by the insurer Aviva.

More than a million over-45s have fallen victim to an online scam, even though two thirds call themselves “tech adopters” who embrace new devices.

Aviva’s Real Retirement Report found that those aged between 45 and 64 were more likely to be conned than those between 65 and 74 and are almost as at risk as the over-75s.

The survey showed that 6 per cent of over-45s with internet access had been victims of scams, compared with 4 per cent of 65 to 74-year-olds and 8 per cent of over-75s.

Author : Philip Aldrick

Source : http://www.thetimes.co.uk/edition/business/internet-fraudsters-take-aim-at-savvy-over-45s-qmp7jwrmh

Categorized in Internet Privacy
Page 1 of 4

airs logo

Association of Internet Research Specialists is the world's leading community for the Internet Research Specialist and provide a Unified Platform that delivers, Education, Training and Certification for Online Research.

Get Exclusive Research Tips in Your Inbox

Receive Great tips via email, enter your email to Subscribe.

Follow Us on Social Media

Book Your Seat for Webinar - GET 70% OFF FOR MEMBERS ONLY      Register Now