Security is becoming more and more of an issue with websites – both for business owners on how to keep their site secure and for consumers on how to protect their privacy. There is a concept that is gaining in popularity called Differential Privacy.
While the initial work in this area is over 10 years old, on September 5th Google announced it is open-sourcing it’s differential privacy library. The concept is to add “noise” to data so that a data scientist can extract information from the database without being able to identify specific persons.
In this age of tech intruding every further into our personal lives – with Alexa, Siri and Cortana listening in on the most intimate details of our lives – privacy of the individual is becoming increasingly compromised and therefore increasingly important to the individual.
Differential privacy has the potential to put some of that privacy back in place while at the same time placating the data-hungry data-crunching super computers that are driving innovation in AI, IoT and so many other areas of life.
Most business owners we interact with want all the data they can get about people visiting their site but at the same time don’t want to share their own personal information with other sites. We get it. With data breach after data breach, it is important to know that your privacy is being protected. At the same time, I want to know that someone from that company I’ve been targeting for two months just visited my website.
This is a constantly shifting line that has no clear response on how to lay it out for your site. But this differential privacy that Google has just open-sourced (made available for all to use) may be one of the steps in the right direction.
Not sure if your site is handling privacy well? Give us a call at 303-268-2245. We’re happy to help you evaluate your site.
Here are some things any web site can find out about the visitor:
Data points I can know about you:
Your IP address
Your physical location
Your computer name
Your operating system
Your screen size
Your device (if mobile)
Potentially your phone number (if mobile)
How you got to my site (from search? From social? Referral? Typing the address directly in?)
Data points Google can tell me about you
What language you speak (or surf in)
Your education level
There are a number of things you can to protect yourself and to better control what information you share and with whom it gets shared.
The first and most obvious thing is to set privacy for social media sites. You should also set security on your mobile device(s) so that no one can access it if they find it. One of the biggest things you can do to protect your privacy is turn off all the convenient features on your mobile device like location awareness. You do lose the convenience but you do gain a degree of privacy – though keep in mind that as long as your cell phone is on, you are trackable.
Consumer reports has a list of 66 things you can do to protect your privacy. Try several of these to begin protecting your privacy.
One of the conundrums we face is who to let in to our “circle” and who to keep out. When I got my new phone with fingerprint unlocking technology, I was excited. But my son pointed out that Google now has my fingerprint.
As a business / web site owner, it is important to recognize that your visitors all want and expect some level of privacy. But we all want to understand the details of WHO is visiting the site, WHY they are there and WHAT they want to accomplish. Google, with its Analtyics tool, hides demographic and other data from you if there is so little of it that you could begin to identify actual people. Their idea if to give you broad information to understand the demographic groups that come to your site. But wow, wouldn’t it be cool to know that right now, Jim Adams, aged 39, with a wife, Naomi and two children in 1st and 3rd grade just clicked on a link in your web site – oh and by the way his phone number is ***. That info sounds great to business owners until they realize they don’t want the sites they visit to know that information about them.
If you are struggling to determine how much data to collect, how to interpret it, or how to organize the data, give us a call. We’d be glad to help. Reach Brian at 303-268-2245 ext. 4
That was a lame heading but this is not a lame topic.
Do you have a mobile phone? I think by now everyone (but the pastor at my church who still uses a flip phone) has a mobile phone with a data plan.
And you have apps on it.
Have you read the permissions you agree to when you install an app? It might actually be worth reviewing. Here are just a few that I have agreed to (without really paying attention):
Read my calendar events plus confidential information (hmmm. Why does FB need access to confidential info about my events?)
Add or modify calendar events and send email to guests without owner’s knowledge (what?)
Modify my contacts
Read the contents of my usb storage
Why in the world does FB need to do any of these things? But if I say no, no Facebook.
That’s fine. FB is social. You might decide to do without. Not needed. But what about that map app you use? In getting great directions, what are you giving up?
Google Maps can:
Add or remove accounts on my device (why?)
Directly call phone numbers (without my knowledge?)
Modify or DELETE the contents of my USB storage (what happens if my pictures go missing?)
And then of course it always knows my precise location.
Pause and consider that for just a moment. I keep my phone in my breast pocket almost all the time. Google knows not only the address of where I work but the exact location of my desk in my building. That might not sound too bad. Are you one of those who tweets, facebooks and other mobile activities while in the bathroom? Google not only knows what you’re doing in the bathroom (if they know where my desk is, they know where your bathroom is), it also therefore knows how often you go there. It also knows how long you’re there. Creeped out yet?
These and other app makers are private companies and you have an agreement with them as to how they will handle your data.
But then there is our government demanding access to your data to these companies. And in some cases our government is actually demanding encryption that is below a level it should be so they can snoop. Which then makes our (your) data accessible not only to the company you agree to share it with, but probably with the government and even potentially with hackers that take advantage of this lower level of encryption.
Normally I end these articles with a “Need help? Give us a call” plug but there really isn’t much that can be done unless you’re ready to unplug. If you do, let me know before you go – I’d like to learn if folks really are unplugging.
Privacy is something no one should assume while surfing the Internet. EVERY SINGLE move you make on the Internet is recorded on numerous server logs around the world. The only expectation of anonymity comes from the fact that the sheer volume of data is so overwhelming that honing in on your data is unlikely.
Unless . . .
Unless you are on someone’s radar. Then following you is as easy as putting a “Follow me” sign on your back and having someone follow you.
Yet even knowing this I have been astonished lately. On February 1st my tablet – which doesn’t have a cellular service plan on it – notified me through Google that I had only walked four miles in January but eight in December. No, I don’t have a pedometer app installed. No I didn’t ask for Google to tell me this information. No I have no idea why they decided to tell me this. They did tell me that they collected this information through location information that Google uploads from time. But of course with no cell information I’m still baffled. I’m guessing that it tracks me until I drop off of wifi on my way to and from the car.
Over a month ago the facebook app on my tablet told me I needed to agree to new permissions for it to update itself. I looked at a few of the permissions and balked. Yesterday I tried to open FB and it informed me it wouldn’t work until I updated it.
Here are the permissions that I had to agree to for Facebook to update:
Allow Facebook to read my text messages
Add and modify calendar items – WITHOUT MY KNOWING about the changes
Connect and disconnect from wifi
Modify and delete items from USB media
Get my location
Take pictures and videos
Add and remove accounts on my device, create accounts and set passwords
Modify social media contacts, read my call log, read my contacts
Download files without notification
Some of those are rather disturbing. Why on earth would Facebook want to change my calendar without me knowing? Why should Facebook delete files from USB media? I can see it now. I have my presentation all ready to deliver and Facebook decides it isn’t good enough and deletes it?
Why would Facebook need to control my camera? Are they going to surreptitiously take pictures and videos of me? I can’t wait to see the picture of me picking my nose posted for me.
I might even be willing to grant Facebook this access – they are a private company after all and they’ve promised to keep my information secure. But thanks to Edward Snowden we know that the government has access to pretty much all the data that large firms like Google and Facebook have access to. Which disturbs me. Does it disturb you?
Your password probably isn’t strong enough. If you thought you were being clever by changing your super easy to guess password from “123456” (like 290,000 users had) to something more difficult like “123456789” you are in the same boat as the nearly 78,000 users who use that as their password. Oh, and “Password” was used by 62K users.
Some other not-so-clever passwords to avoid include:
What can you do to make your password more secure but not require a Ph.D. to remember? It needed be as difficult as you think:
Make sure your password is 7 or more characters in length
Change an easy to remember word by turning letters into numbers, e.g., password -> pa55word
Use an upper case letter in a different spot, e.g., pa55wOrd
Change a letter to a special character, e.g., p@55wOrd
Use one or more spaces, e.g., This is my p@55wOrd
Use really long sentences that are easy to remember and type, e.g., This will always be my p@55wOrd
Change your password regularly. Did you know that February 1 is National Change Your Password Day? Or if that doesn’t work for you, change it twice a year when the time changes.
For most users, following 3 or more of the tips above will keep you safe on the Internet. But any system can be hacked. Once you develop a good password, don’t tape it to your monitor or beneath your keyboard.
When I was a kid I understood that concern over big brother watching was that the government would be prying into every part of our lives and monitoring what we do. That threat still exists and is encroaching more and more but there are now other “big brothers” that we need to watch out for.
There are two companies that know more about you than you might realize. One is Facebook. As the Wall Street Journal points out, Facebook can tell what sites you’re on, even if you’re no longer logged in to Facebook. The scary part, from my point of view, is what the director of engineering says – what really matters is “What we say as a company and back it up”. But, even if they include this tracking capability in their terms of service, who’s to say they won’t change their terms of service on us?
I’m a big fan of Facebook and use it every day. I leave the browser open and switch back to it at various times. I’m not saying stop using Facebook. I am saying that we, as users of this service, need to be aware of what they are doing and continue to hold their feet to the fire to make sure they aren’t abusing their access to our lives and information.
Right now the biggest “big brother” in my life is Google. Google goes with me everywhere. Google knows where I am at all times. Google knows what I’m searching for, what sites I visit, who my friends are, and a whole lot more. Here are just a few of the ways that Google has access to my (and perhaps your) information:
My Droid phone has GPS enabled
I have a Google account on my computer and web history enabled
Whenever I visit a site with Google Analytics installed, Google has the capability of seeing that it is me visiting the site.
When I do a search on Google, it provides me local results even if I’m not logged in (tracks my location by my IP address).
Google serves up personalized ads when I’m reading my gmail account – ads based on the content of the emails. Are they reading my email?
When I had Google+ on my phone, it AUTOMATICALLY uploaded all videos and images to my account. Think about how interesting that could become!
So as you use these technologies, remember that Big Brother is watching. And decide how to use it accordingly.
During a meeting with a potential client this week I made a casual inquiry, asking which payment processor they currently used for the ecommerce web site.
“Oh, we do it manually” they said. It turns out they use an antiquated system that sends them the customer’s credit card information via email. They then take that information and run it through their Point of Sale software to charge the account.
Oops. That is a dangerous if not illegal procedure.
Emails, by their very nature, travel from computer to computer across the internet. There are ample opportunities for one of these relaying computers to cache a copy of the email, with the customer credit card information. This then creates an opportunity for the information to not be secure. If this data is encrypted, it is reasonably secure. If not, it is a ticking time bomb. I don’t want to be there when the ticking stops.
Once the email has arrived, a host of other security issues arise:
Is the network secure?
Is the computer secure?
What happens with the email after the transaction has been processed?
Was it printed out?
If it was printed out, what is done with the print out after the transaction has processed?
In Colorado it is, to my understanding, illegal to store a hard copy of the complete credit card number of a customer.
The latest trend in social media is “Location Aware” services whether it be Twitter, Facebook or the latest up and coming site, Foursquare. I’m an avid user of Foursquare, checking in mostly at public locations like restaurants, coffee shops and taverns but also at our office and even on my deck (one of my favorite places to be).
Seems pretty cool to let people know where you are, doesn’t it? Sometimes you might be bragging, “Waiting for roller coaster at DisneyWorld” and sometimes a bit more mundane, “Coffee at Starbucks with Tom”. But even letting your circle know that you’re talking to Tom might be a signal that the project is on, that the relationship has been solidified or even that you and Tom are an item again.
Emarketer’s report on Privacy and Geolocation shows that men and young people are much more likely to use location based media. It is a trade off. To have the convenience of sharing with friends (so they can join you or envy you or make decisions about where to go for the evening) you have to give up some privacy.
I read a very interesting article today in the Guardian on Foursquare and Cyberstalking. What can I say but understand the risks as you engage in location based media? You can also check out SafetyWeb.com, a site dedicated to helping parents keep their kids safe online. This is a fee for service site but they focus on keeping people safe and, for example, offered the tip of checking in on location-based social media AS YOU ARE LEAVING instead of when you arrive.
In any case, be aware that when you share your location, more than just your friends might be watching.
Shakespeare may have said that a rose by any other name would smell as sweet, but who would have imagined that email address starting with any other letter would get less spam?
Say what? A researcher in England discovered that, for real email addresses, those beginning with less common letters receive less spam. So that means that if your name is Mike Xanowitz, you might want to have your email address as firstname.lastname@example.org instead of email@example.com. M’s, you see, get more spam than X’s.
This is just one study but the results feel right to me. Think about it another way. firstname.lastname@example.org sounds pretty general, even if mydomain.com isn’t so well known. email@example.com on the otherhand is pretty specific. So if I were trying to send unsolicited commercial messages (otherwise known as spam) to this domain, I might get lucky and guess that mike@ is a valid email address. But unless I know Mike personally and know how to spell his last name, I’m unlikely to simply guess at xanowitz@ and be right.
Does it mean anything to you? Perhaps not if you already have an established email. If however you’re in the process of creating a new email address, consider a lesser used first letter such as x, y or z for your email address.