There are two companies that know more about you than you might realize. One is Facebook. As the Wall Street Journal points out, Facebook can tell what sites you’re on, even if you’re no longer logged in to Facebook. The scary part, from my point of view, is what the director of engineering says – what really matters is “What we say as a company and back it up”. But, even if they include this tracking capability in their terms of service, who’s to say they won’t change their terms of service on us?

I’m a big fan of Facebook and use it every day. I leave the browser open and switch back to it at various times. I’m not saying stop using Facebook. I am saying that we, as users of this service, need to be aware of what they are doing and continue to hold their feet to the fire to make sure they aren’t abusing their access to our lives and information.

Right now the biggest “big brother” in my life is Google. Google goes with me everywhere. Google knows where I am at all times. Google knows what I’m searching for, what sites I visit, who my friends are, and a whole lot more. Here are just a few of the ways that Google has access to my (and perhaps your) information:

• My Droid phone has GPS enabled
• I have a Google account on my computer and web history enabled
• Whenever I visit a site with Google Analytics installed, Google has the capability of seeing that it is me visiting the site.
• When I do a search on Google, it provides me local results even if I’m not logged in (tracks my location by my IP address).
• Google serves up personalized ads when I’m reading my gmail account – ads based on the content of the emails. Are they reading my email?
• When I had Google+ on my phone, it AUTOMATICALLY uploaded all videos and images to my account. Think about how interesting that could become!

So as you use these technologies, remember that Big Brother is watching. And decide how to use it accordingly.

During a meeting with a potential client this week I made a casual inquiry, asking which payment processor they currently used for the ecommerce web site.

“Oh, we do it manually” they said. It turns out they use an antiquated system that sends them the customer’s credit card information via email. They then take that information and run it through their Point of Sale software to charge the account.

Oops. That is a dangerous if not illegal procedure.

Emails, by their very nature, travel from computer to computer across the internet. There are ample opportunities for one of these relaying computers to cache a copy of the email, with the customer credit card information. This then creates an opportunity for the information to not be secure. If this data is encrypted, it is reasonably secure. If not, it is a ticking time bomb. I don’t want to be there when the ticking stops.

Once the email has arrived, a host of other security issues arise:

• Is the network secure?
• Is the computer secure?
• What happens with the email after the transaction has been processed?
• Was it printed out?
• If it was printed out, what is done with the print out after the transaction has processed?

In Colorado it is, to my understanding, illegal to store a hard copy of the complete credit card number of a customer.

If you are a merchant and aren’t sure if your system is compliant, a good place to get started is https://www.pcisecuritystandards.org/merchants/.

Another valuable source is EduCyber Endorsed SGP Services. Give Sean a call at 303-697-7799.
 

Seems pretty cool to let people know where you are, doesn’t it? Sometimes you might be bragging, “Waiting for roller coaster at DisneyWorld” and sometimes a bit more mundane, “Coffee at Starbucks with Tom”. But even letting your circle know that you’re talking to Tom might be a signal that the project is on, that the relationship has been solidified or even that you and Tom are an item again.

Emarketer’s report on Privacy and Geolocation shows that men and young people are much more likely to use location based media. It is a trade off. To have the convenience of sharing with friends (so they can join you or envy you or make decisions about where to go for the evening) you have to give up some privacy.

I read a very interesting article today in the Guardian on Foursquare and Cyberstalking. What can I say but understand the risks as you engage in location based media? You can also check out SafetyWeb.com, a site dedicated to helping parents keep their kids safe online. This is a fee for service site but they focus on keeping people safe and, for example, offered the tip of checking in on location-based social media AS YOU ARE LEAVING instead of when you arrive.

In any case, be aware that when you share your location, more than just your friends might be watching.

Say what? A researcher in England discovered that, for real email addresses, those beginning with less common letters receive less spam. So that means that if your name is Mike Xanowitz, you might want to have your email address as xanowitzm@mydomain.com instead of mxanowitz@mydomain.com. M’s, you see, get more spam than X’s.

This is just one study but the results feel right to me. Think about it another way. mike@mydomain.com sounds pretty general, even if mydomain.com isn’t so well known. xanowitz@mydomain.com on the otherhand is pretty specific. So if I were trying to send unsolicited commercial messages (otherwise known as spam) to this domain, I might get lucky and guess that mike@ is a valid email address. But unless I know Mike personally and know how to spell his last name, I’m unlikely to simply guess at xanowitz@ and be right.

Does it mean anything to you? Perhaps not if you already have an established email. If however you’re in the process of creating a new email address, consider a lesser used first letter such as x, y or z for your email address.

You’d go crazy, right? Well what would you say if they shared your email with the government, unbeknownst to you? Since your ISP ensures that your email gets to  you, and since you’d be mad at them if it didn’t get to you, did you know they had a copy of my email?

What am I getting at? Well today, June 19, 2007, a federal appeals court affirmed that as business owners we have an expectation of privacy of emails, even emails stored on your ISP’s server. The ruling says that the government has to get a warrant to get those emails. This is definitely a win for small business owners (large businesses typically have all their emails stored on their own servers).