Privacy vs. Business Intelligence

Here are some things any web site can find out about the visitor:

Data points I can know about you:

Privacy on the Internet
  • Your IP address
  • Your physical location
  • Your computer name
  • Your operating system
  • Your browser
  • Your screen size
  • Your device (if mobile)
  • Potentially your phone number (if mobile)
  • How you got to my site (from search? From social? Referral? Typing the address directly in?)

Data points Google can tell me about you

  • What language you speak (or surf in)
  • Your location
  • Your interests
  • Your education level
  • Your age
  • Your gender

There are a number of things you can to protect yourself and to better control what information you share and with whom it gets shared.

The first and most obvious thing is to set privacy for social media sites. You should also set security on your mobile device(s) so that no one can access it if they find it. One of the biggest things you can do to protect your privacy is turn off all the convenient features on your mobile device like location awareness. You do lose the convenience but you do gain a degree of privacy – though keep in mind that as long as your cell phone is on, you are trackable.

Consumer reports has a list of 66 things you can do to protect your privacy. Try several of these to begin protecting your privacy.

One of the conundrums we face is who to let in to our “circle” and who to keep out. When I got my new phone with fingerprint unlocking technology, I was excited. But my son pointed out that Google now has my fingerprint.

As a business / web site owner, it is important to recognize that your visitors all want and expect some level of privacy. But we all want to understand the details of WHO is visiting the site, WHY they are there and WHAT they want to accomplish. Google, with its Analtyics tool, hides demographic and other data from you if there is so little of it that you could begin to identify actual people. Their idea if to give you broad information to understand the demographic groups that come to your site. But wow, wouldn’t it be cool to know that right now, Jim Adams, aged 39, with a wife, Naomi and two children in 1st and 3rd grade just clicked on a link in your web site – oh and by the way his phone number is ***. That info sounds great to business owners until they realize they don’t want the sites they visit to know that information about them.

If you are struggling to determine how much data to collect, how to interpret it, or how to organize the data, give us a call. We’d be glad to help. Reach Brian at 303-268-2245 ext. 4

SHARE THIS:

Privacy, Apps and You

What’s App?

That was a lame heading but this is not a lame topic.

Do you have a mobile phone? I think by now everyone (but the pastor at my church who still uses a flip phone) has a mobile phone with a data plan.

And you have apps on it.

Have you read the permissions you agree to when you install an app? It might actually be worth reviewing. Here are just a few that I have agreed to (without really paying attention):

Facebook can:

  • Read my calendar events plus confidential information (hmmm. Why does FB need access to confidential info about my events?)
  • Add or modify calendar events and send email to guests without owner’s knowledge (what?)
  • Modify my contacts
  • Read the contents of my usb storage

Why in the world does FB need to do any of these things? But if I say no, no Facebook.

That’s fine. FB is social. You might decide to do without. Not needed. But what about that map app you use? In getting great directions, what are you giving up?

Google Maps can:

  • Add or remove accounts on my device (why?)
  • Directly call phone numbers (without my knowledge?)
  • Modify or DELETE the contents of my USB storage (what happens if my pictures go missing?)
  • And then of course it always knows my precise location.

Pause and consider that for just a moment. I keep my phone in my breast pocket almost all the time. Google knows not only the address of where I work but the exact location of my desk in my building. That might not sound too bad. Are you one of those who tweets, facebooks and other mobile activities while in the bathroom? Google not only knows what you’re doing in the bathroom (if they know where my desk is, they know where your bathroom is), it also therefore knows how often you go there. It also knows how long you’re there. Creeped out yet?

These and other app makers are private companies and you have an agreement with them as to how they will handle your data.

But then there is our government demanding access to your data to these companies. And in some cases our government is actually demanding encryption that is below a level it should be so they can snoop. Which then makes our (your) data accessible not only to the company you agree to share it with, but probably with the government and even potentially with hackers that take advantage of this lower level of encryption.

Do I sound like a lunatic? Read the story about how our government insisted on a backdoor that caused problems last week for a lot of folks.

Normally I end these articles with a “Need help? Give us a call” plug but there really isn’t much that can be done unless you’re ready to unplug. If you do, let me know before you go – I’d like to learn if folks really are unplugging.

SHARE THIS:

You’ve Got to be Kidding Me! Privacy on the Internet

Privacy is something no one should assume while surfing the Internet. EVERY SINGLE move you make on the Internet is recorded on numerous server logs around the world. The only expectation of anonymity comes from the fact that the sheer volume of data is so overwhelming that honing in on your data is unlikely.

Unless . . .

Unless you are on someone’s radar. Then following you is as easy as putting a “Follow me” sign on your back and having someone follow you.

Yet even knowing this I have been astonished lately. On February 1st my tablet – which doesn’t have a cellular service plan on it – notified me through Google that I had only walked four miles in January but eight in December. No, I don’t have a pedometer app installed. No I didn’t ask for Google to tell me this information. No I have no idea why they decided to tell me this. They did tell me that they collected this information through location information that Google uploads from time. But of course with no cell information I’m still baffled. I’m guessing that it tracks me until I drop off of wifi on my way to and from the car.

Over a month ago the facebook app on my tablet told me I needed to agree to new permissions for it to update itself. I looked at a few of the permissions and balked. Yesterday I tried to open FB and it informed me it wouldn’t work until I updated it.

Here are the permissions that I had to agree to for Facebook to update:

  1. Allow Facebook to read my text messages
  2. Add and modify calendar items – WITHOUT MY KNOWING about the changes
  3. Connect and disconnect from wifi
  4. Modify and delete items from USB media
  5. Record audio
  6. Get my location
  7. Take pictures and videos
  8. Add and remove accounts on my device, create accounts and set passwords
  9. Modify social media contacts, read my call log, read my contacts
  10. Download files without notification

Some of those are rather disturbing. Why on earth would Facebook want to change my calendar without me knowing? Why should Facebook delete files from USB media? I can see it now. I have my presentation all ready to deliver and Facebook decides it isn’t good enough and deletes it?

Why would Facebook need to control my camera? Are they going to surreptitiously take pictures and videos of me? I can’t wait to see the picture of me picking my nose posted for me.

I might even be willing to grant Facebook this access – they are a private company after all and they’ve promised to keep my information secure. But thanks to Edward Snowden we know that the government has access to pretty much all the data that large firms like Google and Facebook have access to. Which disturbs me. Does it disturb you?

SHARE THIS:

Stay Secure with a Strong Password

Not too long ago hackers stole 32 million user passwords and exposed them on a web site. An enterprising security company, Imperva, did some analysis of all these passwords. Guess what they learned?

Your password probably isn’t strong enough. If you thought you were being clever by changing your super easy to guess password from “123456” (like 290,000 users had) to something more difficult like “123456789” you are in the same boat as the nearly 78,000 users who use that as their password. Oh, and “Password” was used by 62K users.

Some other not-so-clever passwords to avoid include:

  • 12345
  • iloveyou
  • princess
  • rockyou
  • 1234567
  • abc123
  • Nicole
  • Daniel
  • babygirl
  • monkey
  • Qwerty
  • 654321

What can you do to make your password more secure but not require a Ph.D. to remember? It needed be as difficult as you think:

  1. Make sure your password is 7 or more characters in length
  2. Change an easy to remember word by turning letters into numbers, e.g., password -> pa55word
  3. Use an upper case letter in a different spot, e.g., pa55wOrd
  4. Change a letter to a special character, e.g., p@55wOrd
  5. Use one or more spaces, e.g., This is my p@55wOrd
  6. Use really long sentences that are easy to remember and type, e.g., This will always be my p@55wOrd
  7. Change your password regularly. Did you know that February 1 is National Change Your Password Day? Or if that doesn’t work for you, change it twice a year when the time changes.

For most users, following 3 or more of the tips above will keep you safe on the Internet. But any system can be hacked. Once you develop a good password, don’t tape it to your monitor or beneath your keyboard.

SHARE THIS:

Which Big Brother is Watching?

When I was a kid I understood that concern over big brother watching was that the government would be prying into every part of our lives and monitoring what we do. That threat still exists and is encroaching more and more but there are now other “big brothers” that we need to watch out for.

There are two companies that know more about you than you might realize. One is Facebook. As the Wall Street Journal points out, Facebook can tell what sites you’re on, even if you’re no longer logged in to Facebook. The scary part, from my point of view, is what the director of engineering says – what really matters is “What we say as a company and back it up”. But, even if they include this tracking capability in their terms of service, who’s to say they won’t change their terms of service on us?

I’m a big fan of Facebook and use it every day. I leave the browser open and switch back to it at various times. I’m not saying stop using Facebook. I am saying that we, as users of this service, need to be aware of what they are doing and continue to hold their feet to the fire to make sure they aren’t abusing their access to our lives and information.

Right now the biggest “big brother” in my life is Google. Google goes with me everywhere. Google knows where I am at all times. Google knows what I’m searching for, what sites I visit, who my friends are, and a whole lot more. Here are just a few of the ways that Google has access to my (and perhaps your) information:

  • My Droid phone has GPS enabled
  • I have a Google account on my computer and web history enabled
  • Whenever I visit a site with Google Analytics installed, Google has the capability of seeing that it is me visiting the site.
  • When I do a search on Google, it provides me local results even if I’m not logged in (tracks my location by my IP address).
  • Google serves up personalized ads when I’m reading my gmail account – ads based on the content of the emails. Are they reading my email?
  • When I had Google+ on my phone, it AUTOMATICALLY uploaded all videos and images to my account. Think about how interesting that could become!

So as you use these technologies, remember that Big Brother is watching. And decide how to use it accordingly.

SHARE THIS:

Can’t do Business the Same Old Way

online poker news

During a meeting with a potential client this week I made a casual inquiry, asking which payment processor they currently used for the ecommerce web site.

“Oh, we do it manually” they said. It turns out they use an antiquated system that sends them the customer’s credit card information via email. They then take that information and run it through their Point of Sale software to charge the account.

Oops. That is a dangerous if not illegal procedure.

Emails, by their very nature, travel from computer to computer across the internet. There are ample opportunities for one of these relaying computers to cache a copy of the email, with the customer credit card information. This then creates an opportunity for the information to not be secure. If this data is encrypted, it is reasonably secure. If not, it is a ticking time bomb. I don’t want to be there when the ticking stops.

Once the email has arrived, a host of other security issues arise:

  • Is the network secure?
  • Is the computer secure?
  • What happens with the email after the transaction has been processed?
  • Was it printed out?
  • If it was printed out, what is done with the print out after the transaction has processed?

In Colorado it is, to my understanding, illegal to store a hard copy of the complete credit card number of a customer.

If you are a merchant and aren’t sure if your system is compliant, a good place to get started is https://www.pcisecuritystandards.org/merchants/.

Another valuable source is EduCyber Endorsed SGP Services. Give Sean a call at 303-697-7799.
 

SHARE THIS:

Online Privacy vs. Convenience and Communication

The latest trend in social media is “Location Aware” services whether it be Twitter, Facebook or the latest up and coming site, Foursquare. I’m an avid user of Foursquare, checking in mostly at public locations like restaurants, coffee shops and taverns but also at our office and even on my deck (one of my favorite places to be).

Seems pretty cool to let people know where you are, doesn’t it? Sometimes you might be bragging, “Waiting for roller coaster at DisneyWorld” and sometimes a bit more mundane, “Coffee at Starbucks with Tom”. But even letting your circle know that you’re talking to Tom might be a signal that the project is on, that the relationship has been solidified or even that you and Tom are an item again.

Emarketer’s report on Privacy and Geolocation shows that men and young people are much more likely to use location based media. It is a trade off. To have the convenience of sharing with friends (so they can join you or envy you or make decisions about where to go for the evening) you have to give up some privacy.

I read a very interesting article today in the Guardian on Foursquare and Cyberstalking. What can I say but understand the risks as you engage in location based media? You can also check out SafetyWeb.com, a site dedicated to helping parents keep their kids safe online. This is a fee for service site but they focus on keeping people safe and, for example, offered the tip of checking in on location-based social media AS YOU ARE LEAVING instead of when you arrive.

In any case, be aware that when you share your location, more than just your friends might be watching.

SHARE THIS:

An Email Address By Any Other Letter

Shakespeare may have said that a rose by any other name would smell as sweet, but who would have imagined that email address starting with any other letter would get less spam?

Say what? A researcher in England discovered that, for real email addresses, those beginning with less common letters receive less spam. So that means that if your name is Mike Xanowitz, you might want to have your email address as xanowitzm@mydomain.com instead of mxanowitz@mydomain.com. M’s, you see, get more spam than X’s.

This is just one study but the results feel right to me. Think about it another way. mike@mydomain.com sounds pretty general, even if mydomain.com isn’t so well known. xanowitz@mydomain.com on the otherhand is pretty specific. So if I were trying to send unsolicited commercial messages (otherwise known as spam) to this domain, I might get lucky and guess that mike@ is a valid email address. But unless I know Mike personally and know how to spell his last name, I’m unlikely to simply guess at xanowitz@ and be right.

Does it mean anything to you? Perhaps not if you already have an established email. If however you’re in the process of creating a new email address, consider a lesser used first letter such as x, y or z for your email address.

SHARE THIS:

Small Business and Email Privacy

Most small business owners go to great lengths to protect their client communications from outsiders while also making sure those communications are kept so that they have something to refer back to. What would happen though if your Internet Service Provider (ISP) shared those records?

You’d go crazy, right? Well what would you say if they shared your email with the government, unbeknownst to you? Since your ISP ensures that your email gets to  you, and since you’d be mad at them if it didn’t get to you, did you know they had a copy of my email?

What am I getting at? Well today, June 19, 2007, a federal appeals court affirmed that as business owners we have an expectation of privacy of emails, even emails stored on your ISP’s server. The ruling says that the government has to get a warrant to get those emails. This is definitely a win for small business owners (large businesses typically have all their emails stored on their own servers).

SHARE THIS: