PRIVACY INFORMATION FOR YOUR PUBLIC PROTECTION
“A Good Reputation is More Valuable than Money”
TRUST – “Almost all conflict is a result of violated expectations.” – Dr. Blaine Lee
“A computer lets you make more mistakes faster than any invention in human history – with the possible exceptions of handguns and tequila. — Mitch Ratliffe, Technology Review, April 1992”
- What happens at Facebook should stay at Facebook.
What do Facebook, the CIA and your magazine subscription list have in common? Maybe more than you think The Pentagon’s National Security Agency, which specialises in eavesdropping and code-breaking, is funding research into the mass harvesting of the information that people post about themselves on social networks. Combine that with data from social networking websites with details such as banking, retail and property records, allowing the NSA to build extensive, all-embracing personal profiles of individuals.
Guide to Facebook Security pdf See Security and Privacy
- The Evolution of Privacy on Facebook timeline from 2005 – 2010
To manage your privacy on Facebook, you will need to navigate through 50 settings with more than 170 options NYT
- MUST SEE VIDEO: Hacking Facebook Privacy by Chris Conley
- Groupon collects data and 3rd parties do whatever they like with it.
If you use Facebook Connect with Groupon, you’ve automatically given access to your profile information for use allowable under Facebook’s and Groupon’s terms of service.
- Diaspora* Roll Your Own social network
Ilya Zhitomirskiy, Dan Grippi, Max Salzberg, and Raphael Sofaer decided to that wouldn’t force people to surrender their privacy to a big business. They have called their project Diaspora* and intend to distribute the software free, and to make the code openly available so that other programmers can build on it. Share what you want, with whom you want.
- K12 Security Disaster Plan
- Harriton High Webcam Spy Busted (Chutzpa – No one arrested )
- Cell Phone Secrets
- Microsoft Global Criminal Compliance Handbook, 24 Feb 2010
- Whistle Blowers
- Facebook Billionairs
- ISP’s and the Government
- ISP’s and Illegal Downloading Warnings
- Can they hear me now?: a security analysis of law enforcement wiretaps
- How to Report Fraud
- SSN NOT REQUIRED FOR THE DOCTORS OFFICE OR HOSPITAL
- State of Trust
- Technology Quotes
Protect Your Privacy
[ . . . Is AES (the federally-approved algorithm that won an open international competition for a new standard block cipher in 2001) part of an elaborate conspiracy to lull us into a sense of complacency while enabling the government to secretly spy on us? Perhaps, but the likely truth is far less exciting, and ultimately, probably more comforting.
The answer is that faced with encryption, capable investigators in federal and local law enforcement have done what they have always done when new technology comes around: they’ve adapted their methods in order to get their work done. Widespread encryption, rather than shutting down police wiretaps, has actually pushed them in a more reliable — and accountable — direction.
This is because while traffic encryption is highly effective at preventing wholesale, un-targeted interception, it does surprisingly little to prevent targeted government eavesdropping in the complex architectures of modern computing and communication technologies. Today’s encryption algorithms are believed to be effectively secure in practice, in the sense that they make it infeasible for even an adversary with the resources of a government to obtain cleartext from ciphertext without access to the key. But a government eavesdropper doesn’t have to limit itself to that scenario for a wiretap target. They can instead exploit the fact that the cleartext (or the keys to decrypt it) for almost all encrypted traffic today is typically available, somewhere, on a general-purpose computer that is exposed to government access, either explicitly or through surreptitious means. And as systems become more sophisticated and incorporate more features, the exposure of cleartext and keys to third party access tends to increase correspondingly. . . .]
Protect Your Privacy
TruePosition a Pennsylvania company, a holding of the Liberty Media is the most important global geolocation company you’ve never heard of. “It’s like that line about Keyser Soze from The Usual Suspects — the greatest trick the devil ever pulled was convincing the world he didn’t exist,” Soghoian says. “They’ve done the same thing. Staying entirely below the radar.” TruePosition markets something it calls “location intelligence,” or LOCINT, to intelligence and law enforcement agencies. TruePosition calls that “geofencing.” As a company white paper explains, its location tech “collects, analyzes, stores and displays real-time and historical wireless events and locations of targeted mobile users.” [ Wired Article ]
A little-noticed Fox News story from 2009 is a rare exception — and discloses little about its foreign clients. TruePosition tech can just as easily identify and monitor networks of dissidents. TruePosition has quietly taken that tracking technology global. In the U.S., Varano says, TruePosition sells to mobile carriers — though it’s cagey about whether the U.S. government uses its products. But abroad, it sells to governments, which it won’t name.
TruePosition’s location tool, known as Uplink Time Difference of Arrival or U-TDOA, calculates the time it takes a signal travelling from a mobile device to reach sensitive receivers installed in the transceiver station of a cell tower. (The receiver itself is said to resemble a pizza box.) Determining the difference in time it takes for the signal to reach receivers in different towers, determined by servers called Wireless Location Processors, calculates the phone’s location. The company says it has receivers installed in about 75,000 cell towers around the country.
Notice that the location tech here has nothing to do with GPS. It’s network-based, rather than dependent on a GPS receiver inside a handset. It’s not reliant on any line of sight to a satellite. That’s a point of pride within TruePosition. GPS has accuracy and precision woes in dense urban areas and the indoors. Or inside the trunk of a car. The accuracy requirements for E-911 top out at 300 meters. TruePosition says U-TDOA is accurate to within 50 meters. All the company does is enable a geolocation security system for its clients to use. How they use it is up to them — and the relevant laws of the countries that employ it.
Protect Your Privacy Control Your Camera ICanStalkU.com
Disabling Geo-Tagging on your phone is easy. Check our list of common phones.
Whistle Blowers WikiLeaks + Hyperlocal = Localeaks
Inspired by WikiLeaks, the City University of New York Graduate School’s Entrepreneurial Journalism program created Localeaks, a simple online form that allows users to send anonymous tips to more than 1,400 newspapers in the United States. The secure Web connection encrypts the files and text, destroying the originals and deleting metadata, such as cookies, that could enable tracing. If the targeted newspaper or newspapers express interest, a temporary secure file transfer is established.
“90% of what is thought shouldn’t be said; 90% of what is said shouldn’t be written;
90% of what is written shouldn’t be published;
90% of what is published shouldn’t be read;
90% of what is read shouldn’t be remembered. — Israel Salanter”
“I’m not anti-social; I’m just not user friendly”
Netiquette – Anti Social Network Tools – Social Dynamics of the New Media
1) How to be polite online.
You don’t want to offend your real-life friends but you don’t want to be annoyed by them either. New services seek to re-create that easy, unhurtful form of avoidance online.
Enemybook, Snubster allow Facebook users to link up with their nemeses.
Kevin Matulef, who is doing a doctoral thesis on algorithms at MIT, designed Enemybook, a software application that lets people list enemies below friends on their personal Facebook page. He describes the program as “an antisocial utility that disconnects you to the so-called friends around you.” Enemybook is one of several new online applications developed by computer-savvy twentysomethings who say they are tired of bogus online friendships.
2) Blocking and Muting services = Deception + Plausible Deniability.
You can now blame the technology for your failure to do something that is socially appropriate.
- TweetAgora, which lets users block unwanted tweets without the tweeter ever knowing.
- Twittelator Pro allows you to tap a button that says “mute” and, voila, her friends’ tweets are blocked. Best of all, they’re totally oblivious that they have just been silenced. You can also pick up the ‘lite’ version dubbed ‘Twittelator’ for free.
- Ex-Blocker blocks social networking posts from ex-girlfriends, -boyfriends, and other undesirables. You can block up to four people.
- Avoidr uses information from Foursquare, the social network on which users share their location with friends, to tell people which establishments to avoid to dodge someone who has moved to their zero list.
- The Fridge – create your own private social network “Invite only”. Safe from the parents, boss, or those pesky stalkers.
- Reclaim Privacy is an open-source browser-based privacy scanner that automatically inspects your Facebook privacy settings and denotes settings that are risky privacy-wise. Concerned Facebookers can drag the Scan for Privacy bookmarklet to their browser’s bookmarks toolbar, log in to Facebook and click to see which settings “might be unexpectedly public.”
What Are The Privacy Risks of Geotagging?
-Will geotagging start to show up in discovery?
-Will jury instructions be edited to include rules against geotagging?
-Will lawyers research the geo-tagging activities of parties to litigation?
-Will the rules of ethics ever address geotagging (or social media for that matter)?
PROTECT YOUR DIGITAL LIFE
If you have a GPS system in your car and if you have things stolen from the car
including a garage door remote control. It can be used by a thief to break into your home and continue to steal even more. Thieves can use the GPS to guide them to your house. They then can use the garage remote control to open the garage door and gain entry to the house.
Example: If the thieves stole your car when and knew the owners were at the football game, they knew what time the game was scheduled to finish and so they knew how much time they had to clean out the house. It would appear that they had brought a truck to empty the house of its contents.
Something to consider if you have a GPS:
Don’t put your home address in it. Put a nearby address (like a store or gas station) so you can still find your way home if you need to, but no one else would know where you live if your GPS were stolen.
MOBILE PHONES: How to list the names – your contacts
Do not disclose the relationship between you and the people in your contact list.
If your wallet, credit cards, and cell phone are stolen:
Avoid using names like Home, Honey, Hubby, Sweetheart, Dad, Mom,
they can be texted asking for the pin # to your ATM account (cause you forgot it) then go right over and clean out the account.
Cell Phone Privacy
It’s Tracking Your Every Move and You May Not Even Know
PROTECT YOUR PUPLIC INFORMATION
Example: Take your info out of SPOKEO
Spokeo, Inc. 556 S Fair Oaks Ave Ste 101-179 Pasadena, CA 91105 US
ABC News gives a good overview of the Spokeo.com’s data aggregation services:
Spokeo aggregates publicly available information from phone books, social networks, marketing surveys, real estate listings, business websites, and other public sources. Spokeo does not originate data or publish user-generated content. Rather, Spokeo indexes third-party data in ways similar to Google or Bing. Spokeo does not control or maintain any aggregated third-party data, and therefore cannot guarantee its accuracy or currentness. Spokeo does not publish directory listings for children under 18.
How to opt-out of Spokeo:
Go to: http://www.spokeo.com
Enter your name and locate your entry.
Copy or otherwise note the exact URL of your entry.
Go to: http://www.spokeo.com/privacy
Enter the URL that you found above, a valid e-mail address, and the captcha code. Click on “Remove Listing” …
You should receive an e-mail with a clickable URL to finish the removal process, which appears to be effective immediately.
and there are many more – – – –
You may wish to contact the official custodians of public records that contain sensitive information about you, such as your county’s land records office, to determine how to remove your information from the public record.
(The process of having public records sealed typically requires a court order.) This process will ensure that the information is not available to the public, to or to any other public records information provider. There are exceptions to this rule, as a courtesy these databases may allow law enforcement, certain government officials or employees, and individuals with court protection orders the option to opt out their information.
HOW TO OPTOUT OF ZABASEARCH
Zabasearch offers to put a “filter” on so your information doesn’t show up but to stop this requires legal action with the state.
Please note that any time your identifying information appears in a public record in a manner which is different from the record you opted out, it will again appear in a database system. (For example, if your address or area code changes your new information will again appear unless you opt out the new record.)
To “opt out“ from having your public information being viewable on the some databases will want to verify your identity and require faxed proof of identity. Proof of identity can be a state issued ID card or driver’s license. If you are faxing a copy of your driver’s license, cross out the photo and the driver’s license number. We only need to see the name, address and date of birth. We will only use this information to process your opt out request. Please fax to 425-974-6194 and allow 4 to 6 weeks to process your request.
Social Media is it really necessary for you?
TAXONOMY, FOLKSONOMY and TAGS – Thomas Vander Wal, the information architect credited with coining the term Folksonomy.
The Best Reputation is No Reputation At All
- “Reputation continues to be made by many acts and lost by one.”
- “Reputation is character minus what you’ve been caught doing. — Michael Iapoce”
- “Reputation, n.: What others are not thinking about you.”
- “98% of the adults in this country are decent, hardworking, honest Americans. It’s the other lousy 2% that get all the publicity. But then, we elected them. — Lily Tomlin”
Subpoenas and Online Service Providers January 21, 2011
There are two kinds of subpoenas that federal law enforcement can serve on internet service providers and online communications companies if they want to spy on a users’ email or Twitter account. Both kinds frequently have gag-orders attached – which means, users are none the wiser that their account has been breached. And both types of subpoenas are being served to ISPs at an unprecedented rate. The ACLU’s Jameel Jaffer explains why what you don’t know can hurt you.
National Security Letters and Gag Orders January 21, 2011
The most serious kind of subpoena – called a ‘National Security Letter’ – used to have a lifetime gag-order automatically attached. That is until Nicholas Merrill appealed his and won the right to talk about it. Despite 50,000 national security letters a year there are only three organizations who have ever won the right to say they got one. Nick Merrill explains why he’s the exception and the rule.
What You Don’t Know Will Hurt You
Why you need to be careful with your information / assert your right to privacy.
Identity Theft: Has your info been stolen? You wouldn’t know unless the store reported it. Organizations rarely report breaches to law enforcement. Most organizations suffering breaches that don’t require public disclosure don’t call in law enforcement, mainly because they consider it an exposure risk, as well as an effort with little or no payback. And those that do have their own rules about reporting to law enforcement. Some require nondisclosure agreements, and that’s something the FBI traditionally won’t agree to. There’s also the question of who to call — local law enforcement, the FBI, or the Department of Homeland Security?
A breached company calling local law enforcement would provide the information investigators need, the proper forensic evidence, and leads that will help them prosecute the case. Sadly, Law enforcement doesn’t know what to ask for. Alerting law enforcement that your organization has been “owned” just doesn’t cut it because that will get lost in translation. If you say, ‘My systems were breached’ in a way that the penal code describes it, and that you suffered [X] dollars in damages, and customer records were exposed to potential identity theft, now you’ve given the cops something they can work with.
How to Avoid becoming a victim of on credit card fraud.
FIX ERRORS ON YOUR CREDIT CARD REPORT:
Credit Repair in 30 days. What to do If you suspect you’re a victim of identity theft. Credit Repair in 30 days reporting agency, Free credit report, INTERNET FRAUD, Get errors fixed.
How to Minimize Credit and Debit Online
Credit cards come with a legally mandated protection that limits you to a certain maximum loss in the event of fraud. At this time, it’s $50. A debit card is more like direct access to your bank account and there is no protection against fraud. Some debit cards have “overdraft protection” which means that if your account balance goes below $0, the bank will loan you money. So if you have $5,000 in overdraft protection and $5,000 in your account, someone can spend $10,000 of your money and your bank will expect you to pay them the $5,000. One easy way to minimize the exposure of your card is to use a service like PayPal, where you’re authorizing each transaction manually.
Pre-Packaged Time Cards
Buy pre-loaded cards at large retail stores. You can get online time for multiplayer games, iTunes store credit, Amazon gift cards, etc. Parents: you can also purchase gift cards for many online stores and services; this limits your risk if you want to give someone a spending spree at an online store but don’t want to give them your own account and password.
To more or less completely protect yourself from online fraud, you can set up one of these accounts at a local bank, then use the account as the backing account for PayPal. That way, you can exactly control how much of your money is exposed to the internet at any given time – simply deposit checks into that account at an ATM,then spend the money online. If the bank offers you “overdraft protection” you should decline it. You may also get a debit card with the account and, as long as there is no overdraft protection on the account, you
can use the debit card online as well – your total possible loss is whatever amount of money you keep in that account.
If you have a main bank account where you keep the rest of your money, you should not use that account for online bill paying or banking
Marcus Ranum on 2011 Security Outlook
TEDxMidAtlantic – Marcus Ranum – 11/5/09