Reuters Money
How to protect your computer from supercookies
You probably didn’t know it while it was happening, but until this summer popular websites including Hulu and MSN were tracking their users’ travels through the internet with the use of so-called “supercookies” — a much more invasive type of behavior-tracking program than traditional cookies that is also harder to circumvent. When privacy advocates turned up the heat, both sites said they stopped the practice.
Facebook was recently accused of using supercookies, too, but pronounced that it does not track its users beyond their actions on the Facebook site.
It’s clear that established sites want to distance themselves from supercookies and what they represent. But what’s not clear is what firms are still using them and what they can do once installed on your computer. The difficulty with monitoring is that the bit of code dropped into your web browsers for the ”super” version of cookies is difficult to delete and can actually reappear elsewhere on your computer if you do delete them — and they track your use of other sites. The cookies most of us are used to dealing with simply tell sites you’ve been there before so they can remember your preferences and deliver behavioral advertising.
The fear of what could happen if a site does drop one of these little tracking devices into your browser has prompted a request last week from members of Congress for a Federal Trade Commission Investigation into whether they are deceptive and invade your privacy. Representatives Edward Markey and Joe Barton, co-chairs of the Congressional Bi-Partisan Privacy Caucus asked the agency to look at the implications of supercookies. Meanwhile, a number of prestigious privacy groups want to see an investigation of Facebook’s use of them.
Tracking software raises concerns Having your every move on the web tracked can be worrisome. If a company doesn’t like your web profile, could it drop you from qualifying for their best offers? Would your bank use them? Could your personal and financial information fall into the wrong hands? There’s precious little information about the repercussions of this tracking software.
“Supercookies are the latest attempt from companies to conquer the last frontier of privacy,” says Martin Lindstrom, author of Brandwashed: Tricks Companies Use to Manipulate Our Minds and Persuade Us to Buy. “Where cookies store a small but essential set of insights about our surfing patterns, supercookies can store up to (25 times as much) and are stored in disguised file formats in folders different from the spots where you typically would find cookies.”
Supercookies can even go back in time to report on your behavior, he says. Even when companies say they aren’t using supercookies, Lindstrom says the answer can be misleading, since they are often dispensed by third parties through advertising networks.
Data breach victims more likely to be fraud targets: Study
Victims of data breaches are far more likely to become the victims of fraud than other consumers and credit card issuers need to do more to protect their customers, a new study from the firm Javelin Strategy & Research found.
About four percent of consumers are victims of fraud, Javelin said, but if you’ve been a victim of a data breach, that risk rises to 17 percent.
The annual report from Javelin comes on the heels of a flurry of massive data breaches that exposed millions of consumers’ personal information, credit card numbers and other details and punctuates the real risks victims face. The sophistication of hackers has been particularly problematic, the company said.
Breaches of customer data from Sony customers exposed more than 100 million accounts and came following an attack on email marketing giant Epsilon. But it was the far smaller attack on Citigroup in May that really ratcheted up the pressure on banks as lawmakers started pushing hard for a data notification law.
“A new wave of hacker attacks threatens the current security model, resulting in a call to action for issuers to take a strong look at the processes in place for detection and prevention of fraud,” said Philip Blank, Javelin’s managing director of security, risk and fraud.
About $37 billion was lost last year in the U.S. to credit card fraud, Javelin said. New account fraud — when an account is created in someone else’s name after their identity is stolen — was the biggest area of loss at $17 billion.
Even though losses per consumer are often in the thousands, fraud victims are protected from having to pay the fraudulent charges. However, the process of clearing up the charges can be extremely time consuming. Javelin said the mean amount of time for a consumer to resolve someone opening a new account in their name is 49 hours.
The good thing about credit card fraud, from a cardholder’s stand point, is that ultimately the issuer is liable for fraudulent transaction amounts. Still, the investigative process can take a while and you will be wholly involved in it. Moreover, there are a number of things that can go wrong and your credit history may suffer as a result. So just because someone else is paying for it, does not mean that you will necessarily get off scot-free. http://blog.unibulmerchantservices.com/c redit-card-issuers-do-poorly-at-detectin g-well-at-resolving-fraud
Facebook photo tagging: Cool or creepy?
If your face is among the hundreds of millions of images on Facebook — by your own doing or not — you’ve got a stake in a worldwide debate over a technical change that has privacy advocates in a lather.
The colossal social network has been adding facial recognition software to its arsenal to automate the practice known as tagging, or adding people’s names to photos. Facebook already possesses a massive database of images connected to names that would continue to grow from the photos you add and the names you associate unless you specifically reject the practice.
Facebook has already acknowledged it is cooperating with regulators in the European Union, who have raised questions. And now the company is facing a call for an investigation by the U.S. Federal Trade Commission.
The Electronic Privacy Information Center (EPIC) and other privacy groups have joined together to file a complaint with the FTC after Facebook said it was using biometrics and had been rolling out the technology for months.
Facebook say there’s nothing wrong with what it’s doing and that for any user concerned about privacy issues there’s an easy out.
“We launched Tag Suggestions to assist people when they are tagging their friends in photos. We announced the tool in December 2010, and it was covered widely,” the company said in a statement. “Now that we have begun to roll this out more widely, we are notifying people of its availability, and how it works. Tag Suggestions are only made to people when they add new photos to the site, and only friends are suggested. No action is taken on a person’s behalf, and all suggestions can be ignored. ”
The company said the feature has already led to the addition of “hundreds of millions of tags. This data, and the fact that we’ve had almost no user complaints, suggests people are enjoying the feature and are finding it useful.”
No wonder the public doesn’t complain about the phone and email tapping powers the government has under the “Patriot” act — we are so conditioned to living in the fishbowl called Facebook. FB and FBI are becoming hard to distinguish.
Consumer groups embrace “do not track” bill
When you’re on the web you might notice the ads seem conspicuously on point. They might be on topics you have searched for or are connected to where you live or work.
Just in case you thought it was coincidence, be assured that it is quite by design thanks to cookies — little bits of information collected by your browser — and other memories your software shares.
The idea of companies collecting information about your interests, habits and other details about what you do online has privacy rights advocates pushing for restrictions and disclosures to consumers so you can simply reject the practice when you choose to.
Senator John D. Rockefeller introduced a bill consumer advocates are hailing for requiring websites to allow people to opt-out of being tracked.
“Recent reports of privacy invasions have made it imperative that we do more to put consumers in the driver’s seat when it comes to their personal information,” Rockefeller said in a statement. “I believe consumers have a right to decide whether their information can be collected and used online.”
The bill has generated excitement among those who advocate for privacy and consumer protection.
“We hear a lot about consumer empowerment, but this legislation would actually give real power to consumers who want to keep their online activities private,” said Susan Grant, the Consumer Federation of America’s director of consumer protection.
FTC asks Congress for identity theft protections
With millions of consumers losing billions of dollars and immeasurable time and aggravation due to identity theft, it’s time to require greater protections for Social Security numbers, the Federal Trade Commission told a congressional committee.
As a consumer, your Social Security I.D. is how you are recognized when it comes to taxes, government benefits and credit. But when Social Security information gets into the wrong hands, it’s also key to stealing your money and privacy.
The FTC in its testimony from Maneesha Mithal, director of the agency’s Division of Privacy and Identity Protection, told Congress that to better protect Americans from identity theft the following actions should be taken:
- the establishment of national consumer authentication standards “to verify that consumers are who they purport to be.”
- the creation of national standards to reduce the public display and transmission of Social Security numbers.
- the adoption by Congress of national data-security standards.
- the requirement that organizations notify affected consumers when their data has been breached.
Consumers are a constant target for thieves as the process of stealing has become something that can be done with the use of databases and computer programs — a far higher volume version of the old-fashioned pickpocket or purse snatch. Witness the recent theft of millions of email addresses and user names.
The value of that data is in thieves trying to use it to pry out additional information that could lead to accounts and money being unlocked.
In the testimony, Mithal said use of Social Security numbers has become such a prevalent tool for job applicants, credit applicants and government benefit applicants that they are easier to steal and of more value to thieves. It is important, she noted, that an alternative method of identifying people is developed.
Email theft: Is your company sorry?
What do Tastefully Simple, Hilton, Chase, Kroger, AbeBooks, 1800Flowers.com and Ethan Allen have in common? They’re among the dozens of companies doing business with marketing giant Epsilon forced to alert customers of a privacy breach.
How did they tell them? By email, of course. Did they apologize for the worry and the bother? Some did.
Prism Money analyzed email communications from more than 20 companies. One of the nicest apologies came from BeachBody.com: “We regret that this incident has occurred and apologize for any inconvenience this may cause you.”
Others expressing sorrow or regret include Brookstone, Ethan Allen, Walgreens, Kroger, Tastefully Simple, Disney Destinations, Target and Chase. Among those not apologizing: Hilton, AbeBooks, Citi and HSN.
Does it matter?
“Offering an apology is always good idea,” said Ed Tagliaferri, executive vice president at DKC Public Relations in New York City and an expert in crisis communications. “You’re obviously sorry that a problem occurred and had a negative impact on your customers, so why not say that? It conveys that there is a human side to your company, you appreciate the trouble that has been caused and you’re taking the matter seriously.
“An angry consumer can view no apology as a sign of buck-passing, insensitivity, or arrogance. But with that apology, it’s also important to make clear you’re looking into why the incident occurred and taking steps to make sure it doesn’t happen again.”
Breaches are a fact of life: So, how to protect yourself? We conduct regularized, quarterly (and ad hoc) security training. We followed this book’s advice: “I.T. WARS: Managing the Business-Technology Weave in the New Millennium.” Just Google “IT WARS” (or search Amazon) – that author has the forward view for all sorts of best practices and progressions. My copy is dog-eared and highlighted to death. Stay safe out there!
Ashley from http://paydayloansonlineking.com
Email theft: 5 ways to avoid phishing attacks
With the extraordinary theft of millions of email addresses collected by some of the nation’s biggest companies, it’s time to think about the likely result — phishing attacks — and how to avoid becoming a victim.
If you have accounts with Citigroup, Capital One, The College Board, Walgreen, HSN or TiVo there’s a reasonable chance some con artist is trying to figure out how to get in touch with you — and not to be Facebook friends. They want to dupe you into giving them more information than they have right now.
Here’s what they’ve got: Your name (maybe just your first name) and your email address. Here’s what they want: The good stuff like your home address, phone number, Social Security Number and — of course — account numbers. Now they’re going to release a hailstorm of somewhat targeted emails intended to get you to believe they’re real, perhaps even referencing the theft itself.
Don’t just assume you’re too smart to become a victim. Thousands of consumers every month fall victim. These are not just people who are gullible or lack web savvy.
All sorts of people fall victim because the crooks have gotten very sophisticated, perfectly (sometimes) mimicking real communications from companies you do business with.
The big difference — and what you need to watch out for — is that the phishing emails are going to be angling for information from you. The real companies would never ask you for that kind of information in an email. Sometimes their attempts to con you will be well masked, like asking you to click on a link to go to their site to “update” your account information or some such rouse. Here are five ways to avoid phishing attacks.
Don’t click links in your emails. In most browsers, you can run your mouse over a link to see where it really goes. The crooks will often create URLs intended to confuse you — instead of yourbank.com/accounts they might use yourbank/accounts/and hide the real URL somewhere way over to the right.
It may sound extreme, but consider limiting or not doing financial business on the web. Online access to bank and credit card accounts simply creates opportunities for fraud. I can easily recognize phishing emails, because I don’t have online access to my bank and credit card accounts. I can call them for information in real time, and I get written statements monthly. Maybe too much access is too much access.
Privacy: How to protect yourself from data brokers
Every day a collection of companies and individuals search the vast universe of public records and gather information about you. They’re the same companies, in many instances, that advertise that you can find out who’s looking for you or get information on other people.
Not to be too scary, but once that information gets around, it’s hard to get it back.
It could include anything from your home phone number to where you live and used to live, when you got married and to whom, and what you paid for your house. The information, largely, is contained in public records. For many, it’s not information you would freely post to the web. But in today’s world of sharing all sorts of information on social networks, sometimes it is, and that information can often be found and shared, too.
“Consumers should be concerned because it is virtually impossible to prevent your information from being collected, repackaged and sold to the highest bidder,” said Amber Yoo, spokeswoman for the advocacy group Privacy Rights Clearinghouse.
One company came up with the idea of selling consumers the right to have their personal information turned invisible. US Search charged about 5,000 people $10 a piece to “lock” their records. The company was accused of misleading consumers by the Federal Trade Commission and last week agreed to settle the case and give back everyone’s money.
But privacy rights activists say this was no victory for consumers, since nothing about the ruling deals with how these companies should conduct business, and really just highlights the vast concerns about firms trying to profit from collecting personal information about you.
“The bigger problem is that FTC decisions finding that companies were deceptive do nothing to establish clearer privacy standards,” said Washington, D.C.-based privacy consultant Bob Gellman. “The Commission needs to issue rulings that specific practices are unfair.”
Think of it, there are actually such voyeurs online… if you would put them in another world they would jump fences and poke their beady eyes through windows, they’d stare at you from bathroom sinks, they surly would… bother decent people; beg ya pardon, but which of which is which you prefer and what sort of query you might have?
Well, if we’re having such Wild Wild West as Yoo describes it above, we should Hang ‘Em really, really High.
Unfortunately the well meaning author got many basics wrong. The only known true way to avoid super Flash cookies is to run the Add-ons “Better Privacy” and “Ghostery.” Deleting all cookies and your cache are also both only partially correct and ineffective. The only real solution to managing conventional cookies is to run “Cookie Whitelist With Buttons.” This app blocks ALL conventional cookies until the user green lights them. This way the user can log into trusted sites and block all other cookies. The conventional system allows all cookies- good, bad and lots of clutter, allows them to build up to system clogging levels, the users then only delete them on a whim and delete the good with the bad…
Turning off Flash is a partial solution( and there are apps to manage Flash as well) and another benefit to toggling Flash is it is one of the leading causes of browser crashes.
Noscript is perhaps the single best security add-on EVER!- but it has next to nothing to do with blocking Flash cookies.
Privacy mode on all browsers is oversold and irrelevant. Privacy mode( aka porn mode) only PARTIALLY hides browsing tracks on the user’s computer itself- and the browsing tracks are easily found out by others- outsiders or any savvy user can easily find the results.
I run one of the leading web app collections that puts all of these concepts together and it is 100% free. You can get it here: http://is.gd/xXyQd8
Please note that the only browser truly capable of complete privacy and security is Firefox 3.6- NO other browser comes even close- including the newer versions of Firefox. Firefox 4,5,6…. cannot run more than a few add-ons without having a meltdown and therefore are completely unsafe. All other browsers only pay lip-service to add-ons and really are nothing more than ad-delivery devices and are designed to inhibit- not enhance privacy.
Most browsers these days also include features such as advertising opt-outs which are only marginally effective. Despite their maker’s claims of privacy ALL browsers without massive modifications leave users totally to the wolves. Firefox is the only browser based upon an open sourced model making it the only browser with an effective selection of add-ons. With all other browsers being proprietary their add-on catalogs will remain miniscule and pathetically small.
You can get the good (currently 3.6.23) version of Firefox here: http://www.oldapps.com/firefox.php After downloading and installing FF it is critical to go to tools, options, advanced, update and “Ask me what I want to do.” NEVER allow any program to automatically update without your permission and refuse all updates of Firefox beyond the 3.6 series as all versions of 4,5,6… are built on badly flawed platforms that render security impossible. They badly attempt to mimic Google’s Chrome browser by achieving raw speed by making security and running add-ons virtually impossible.