Tag Archives: data security

December 2, 2014 · 11:20 am

An Extra Serving Of Data

I hope everyone had a lovely Thanksgiving. While you were cooking or trying to fight the traffic and weather to get to Aunt Sally’s, Twitter was busy deciding to help themselves to your data. I kid you not. This was how they put it:

twitter fail image

(Photo credit: Wikipedia)

To help build a more personal Twitter experience for you, we are collecting and occasionally updating the list of apps installed on your mobile device so we can deliver tailored content that you might be interested in. If you’re not interested in a tailored experience you can adjust your preferences at any time (read below). Additionally, if you have previously opted out of interest-based ads by turning on “Limit Ad Tracking” on your iOS device or by adjusting your Android device settings to “Opt out of interest-based ads,” we will not collect your apps unless you adjust your device settings.

Generally, Twitter has been pretty good about explaining how they invade your privacy.  When you think about it you probably realize that Twitter analyzes your tweets, retweets, location, and the people you follow to figure out which “Promoted Tweets” (a.k.a. ads) to show you.  Hopefully you know that all those little “tweet this” buttons around the web gather information about you as well.  OK, maybe it’s not exactly personally identifiable information, but I think we all know it’s not critically important for ad targeting to have your name.  Knowing that you are you (a unique identifier) across devices and services means someone knows a hell of a lot more about you than you might want them to know.  Adding one more bit of data – your name – is not difficult.

For example.  Do you want Twitter knowing you installed a dating app?  Do you want them serving ads on your timeline based on the dating app?  How about ads on your phone or computer outside of the Twitter environment?  It’s coming.  Just as Facebook, which gathers the same data (oh, you didn’t know?) is getting to the same place.

To Twitter’s credit, the page I linked above explains how to opt out of this data theft.  But why not make it opt-in?  I realize that a personalized web and mobile ad experience can be better for some folks and delivers much better results for the marketer, but someone needs to take a step back before they help themselves to another serving of my personal data.  It makes me sad and uncomfortable that we’re still having this discussion.  You?

Leave a comment

Filed under digital media, Huh?

Tagged as , , , , , , ,

November 12, 2014 · 2:03 pm

Let’s Go Phishing!

Google put out a fascinating white paper on phishing attacks. No, it has nothing to do with a great jam band. If a title like Handcrafted Fraud and Extortion: Manual Account Hijacking In The Wild doesn’t get your attention, you’re not curious enough! It’s an interesting study on how online accounts are hijacked, usually leading to financial losses, stolen identities, and lots of other bad stuff.

The short version is that it’s basically human engineering – no fancy software involved. Taking advantage of people’s good natures, thieves mislead the recipients of their emails to give up details such as account login credentials or bank card information. Yes, there may be fake web pages involved (you DO know how to spot a fake, malformed URL, right?) but most of how these thieves hack in is based on ignorance, laziness, or both.

What can you do about this? Google recommends you should report suspicious-looking messages and you should type in URL’s to visit websites directly to login, rather than clicking through a link in your email program. As it turns out, there is also a pretty effective method for combatting phishing attacks called 2 step authentication.  Most platforms – Google, Facebook, Twitter, and others – use it and you should activate it for your accounts.  It means you’ll get a code texted to you which you must input to log in.  Does it add 15 seconds to a log in?  Yes, but it makes it extremely difficult for someone to hack your account unless they steal your phone too.  As the study shows, device theft is not at all a prevalent issue for hacking and this method has allowed Google to stop 99% of hijackings in the last few years.

It’s a good business lesson too.  We should spend more time thinking about systems that will prevent issues.  I suspect many of us think a lot about backups to repair damage but not enough about how to prevent it in the first place.  It may not be technology or software we need.  As with phishing, a bit of training and a heightened awareness of potential threats to the business can prevent a lot of fixing later on.

You agree?

Leave a comment

Filed under Helpful Hints, Thinking Aloud, Uncategorized

Tagged as , , ,

June 16, 2014 · 11:42 am

Canada Gets It Right

I’m not a lawyer and I don’t even try to play one on TV.

English: Supreme Court of Canada building, Ott...

(Photo credit: Wikipedia)

That said, the screed today is one citizen’s view of something that happened with our neighbors to the North and why I think it should serve as an example for us.  As has been happening here, the Canadian government is trying to expand the scope of warrantless, voluntary disclosure of personal information via digital.  There are bills before the legislature which would permit many of the same activities that have been occurring here for years to go on in Canada.   These include the warrantless disclosure of data to law enforcement as well as immunity from any criminal or civil liability  for companies that do so.  The Canadians are also considering allowing organizations to disclose personal information without consent (and without a court order) to any organization that is investigating a contractual breech or possible violation of any law.  Read that carefully – ANY organization – including non-governmental.

The other day things changed:

The Supreme Court of Canada issued its long-awaited R. v. Spencer decision, which examined the legality of voluntary warrantless disclosure of basic subscriber information to law enforcement. In a unanimous decision, the court issued a strong endorsement of Internet privacy, emphasizing the privacy importance of subscriber information, the right to anonymity, and the need for police to obtain a warrant for subscriber information except in exigent circumstances or under a reasonable law.

Revolutionary?  One might think, except we’ve had a similar law on our books for a hundreds of years.  It’s called the Fourth Amendment and it protects each of us from unreasonable searches and seizures.  It also states the government must have warrants which are specific as to what the search is about.  No fishing trips permitted.  I’ll wait while the lawyers tell me I’m missing nuance and maybe I am.  That said, I’m outraged and sickened by what has been occurring with much regularity over the last 13 years and the fact that companies are complicit in allowing fishing trips by government.  It’s just as bad in my book that businesses grab data from users without explicit permission nor do they disclose what data is taken, how it is to be used, and when it is sold to third parties.

Today isn’t meant to do anything except call your attention to the issue.  If you’ve not been paying attention to it you should.  No one can enter your home without permission or a warrant.  Why would you allow them into your digital home without either?

Leave a comment

Filed under digital media, Huh?, Thinking Aloud

Tagged as , , , , ,