Like Moths to Flame

 

If you research the history of Halloween, you'll come across the notion that All Hallows Eve celebrations almost always included bonfires. Insects attracted to the blazes in turn attracted bats, who waited in the trees until enough bugs swarmed to make a satisfying meal.

 

  

 

Like moths to flame, contemporary consumers are drawn to sexy new technologies that promise to make our lives easier, save us money or connect us to our friends. We fight to stand in line for hours (even days) for the newest smartphone, clamor for our space in the cloud and flock to the latest and greatest online banking tools. As we swarm these new technologies, a different kind of predator is close by, waiting patiently for the right moment to swoop.

 

Are you sufficiently spooked? Good. :) Read on to find out how you can keep some of these data and privacy pillagers at bay.   

 

Little Hairs on the Back of Your Neck

Do you ever feel like you're being followed? Perhaps that's because you are. While it may not be the boogeyman who's hot on your trail, there are many groups of watchers who have made it their business to know as much about you as possible.

 

Each day, we are tracked by the 'smart' systems, mobile apps, personal communication devices and other surveillance platforms that have become commonplace in our daily lives. In an effort to educate more people about the data trails they are leaving behind (and the companies, data bureaus and marketers who are sniffing out that trail), I created this new infographic.

 

 

Please feel free to forward it on to your friends, colleagues and family members. My goal with this is to start conversations about all the ways in which our personal data is used throughout each day, so I hope you get engaged in such discussions.  Let me know if you have any revelations you want to share as a result! 

 

For those of you in charge of or influencing your company privacy policies, consider how you are gathering and sharing your customers' data. Are you doing so in a manner that is transparent and compliant?

 

Here's another excellent infographic, this one about the comprehensive profiles Google is capable of building based on all the information we voluntarily share.

 

Here's yet another infographic on how valuable your online information is to burglarsNotice all they can get off of *your* social network sites...and those of your friends, family and co-workers. Be aware of what you put out there! 

 

Haunted by Outdated Images

Most of us have met someone in real life after seeing an online profile picture and thought, "Hmm, now that's not what I expected."

 

Yes, some people are purposely misrepresenting themselves; others are stuck in a bit of denial about the aging process; still others just don't have the time to update a years-old picture. But there is an entirely different segment of people who may have no idea where or how their very outdated (and even sometimes recent) headshots are being used. Those people are email users who send messages to Gmail accountholders.

 

Reportedly, Google has begun inserting profile pictures into the email it delivers to its Gmail users - unbeknownst to the sender. If a Hotmail user, for example, sends an email to a Gmail user, Google may - on its own and without permission - insert a photo, including one that is outdated or inappropriate.

 

My friend Alec recently told me about how he was exchanging emails with a home contractor, and he complimented the photo that accompanied his email (the contractor in a Navy officer's uniform). The home contractor was shocked and explained that his Comcast email doesn't have such an avatar. As it turns out, Gmail had automatically inserted the home contractor's Google+ photo into his emails without permission. 

  

Can you imagine if the U.S. Postal Service opened your mail and inserted a photo of you? It's kind of the same, only Google+ isn't under the same federal restrictions as the USPS.

 

Although not surprising, coming from a company whose representative recently proclaimed Gmail users have "no legitimate expectation of privacy in information," it's just one more reminder that what you put online can (and probably will) come back to haunt you, even in surprising locations (like the photoless emails you sent to a friend).    

 

 

The Creepy Way Facebook Advertisers Use You

Gmail isn't the only online platform guilty of repurposing your photos. Facebook and its advertisers, too, have become really good at using your image to inspire your friends' confidence in the products they are pushing.

 

A friend who recently experienced this said, "I did not realize that 'friending' [a company on Facebook] to get coupons probably means I've agreed to be used in their ads. Seeing a friend's picture [used this way] makes me suspicious my picture is doing the same thing on other people's Facebook pages."

 

What I find particularly interesting is the way Facebook explains away its practices with this statement, (which you can see for yourself if you follow the prevention steps below): "Everyone wants to know what their friends like. That's why we pair ads and friends."

 

Fortunately, there is a way to stop Facebook from using your profile picture in advertisements.

 

1) Go to "Privacy Settings"

2) Click on the "Ads" tab on the left hand side.

3) In the Third Party Sites section click on "Edit"

4) In the drop down menu, click "No one" and then "Save Changes"

5) In the Ads & Friends section click "Edit"

6) In the drop down menu, click "No one" and then "Save Changes"

 

NOTE: You cannot opt out of receiving Sponsored Stories, which are essentially another type of ad. If you like a story on a brand page or share that you engaged with a brand, that brand can pay Facebook to ensure that it shows up in yours and your friends' timeline feeds.

  

  


What Pickpockets and Mailbox Thieves Do Next

That petty criminal who steals your purse or helps himself to your mail probably has his eyes on a larger prize. Take a look at how these thieves attempt to use their stolen goods to create much bigger payday.

  • Paper check thieves rinse ink from paper and reissue the check - and sometimes many checks - to themselves or their buddies.  
  • Credit card thieves not afraid of heights climb on roofs and block transaction authentication systems from communicating with home base - with aluminum foil! (Thanks to my Facebook friend Dan B. for pointing out this story.)
  • Petty smartphone thieves, you may be surprised, aren't always after your data. Most want the cash (iPhones go for up to $200 on the black market!). However, the criminals they are selling to DO like your data. (A student at one of my privacy classes recently shared her experiences in just such a situation.)
  

Invisible Privacy Threat Wraps Around You

The smart wristwatch made its way onto many a morning show and newspaper this past month. Those of us in the privacy community are concerned about any wearable device (think Google Glass) that has the ability to record images and audio - mainly because it can do so virtually undetected.

 

With traditional recording devices, the person capturing sound or visuals has to make an obvious show of their device to capture an image. With a wristwatch, however, you can easily record a conversation without anyone knowing. With Google Glass, you can film an entire scene in secret. The later example has even caused some establishments to ban wearable devices.

 

As this article in gizmag says, "There is a rather obvious privacy concern with [smart watches] to bear in mind before ordering. While it's perfectly fine to record things you yourself have said, recording what other people are saying could lead to problems. Especially if you don't warn them in advance."

 

Privacy Professor Stops for a Spell

My speaking tour will be winding down soon, as I'm taking a break from traveling in November and most of December. But I still have several great places to visit! See below, and if I'm going to be in your neck of the woods, certainly get in touch. 

 

Need Help?

 

If you need any help with information security or privacy training and awareness, or if you must comply with HIPAA and need help (especially important now that the Omnibus Rule has gone into effect), please check out my Compliance Helper site or get in touch with me; I would love to help you!

  

You Have My Permission to Share

 

I receive a lot of requests to repurpose the information contained in these Tips messages, so I wanted to drop a quick note in here to say, "Yes, I approve!" Please use the following attribution so that others will know where to find me if they have additional questions about the material you pass along.

 

Source: Rebecca Herold (a.k.a. The Privacy Professor), privacyguidance.com[email protected].

 

 

While the last thing I want is for you to be a scaredy cat this Halloween, I do want you to be aware of the many ways your information is being gathered, shared and used. It's good practice to keep up on the latest snares - how else can you keep yourself out of one?

 

 

 

Have a boo-tiful Halloween!

   

Rebecca

Rebecca Herold, CISSP, CIPM, CIPP/US/IT, CISM, CISA, FLMI 
The Privacy Professor�
Rebecca Herold & Associates, LLC
Mobile: 515.491.1564