Social networking sites, like Facebook, often won’t let you join without revealing your birth date. But who says you have to share your real birthday? That information anchors almost all of your most sensitive data—your bank records and credit history, even your social security number. But chances are you’ve given out that information to a host of websites, from social networks to online retailers, without a second thought.
“If I know your birth date and your birth location, I have a 90 percent chance of being able to steal your financial information,” said Sell. “Here’s what you can do instead: Put misinformation out there, like the wrong birth date, the wrong birth place. I do searches on random things when I’m bored. You’re trying to feed [Google] a bunch of misinformation so it doesn’t have an accurate description of you.” More here.
To avoid attack, Sell said, “you need to be tougher to get than everyone else.”
THINK ABOUT WHAT DATA YOU’RE GIVING OUT, AND TO WHOM
By the same token, why should you have to share personal information like your birth date with every website you log onto? Does the New York Times really need to know your home address just because you’ve signed up for a digital subscription? More here.
Simply keeping in mind that most of these sites don’t need your data—and have no right to ask you for it—will make you more privacy-conscious in the future, and will remind you to opt out of providing personal information whenever possible, Sell said.
Apps like Twitter and Instagram give you the option of tagging your posts with a precise location; some, like Foursquare, are entirely built around the feature. Most even make geotagging the default, so that you’re forced to dig through the app’s settings to opt out. And, every time an app updates, the settings may revert to the default. More here.
COVER YOUR CAMERAS
Whenever she’s speaking at a security event, or just talking up Wickr on the street, Sell hands out small vinyl stickers and tells people to run home and cover their front-facing cameras. “Last year, we taught the kids [at r00tz] how to turn on the inner-facing camera on your smart TV,” said Sell. “It’s an easy hack that people all over the world use to blackmail people. It’s not even illegal, depending on where they come from.”
Any camera that looks into your home, whether it’s from your smartphone, your laptop, or your television set, can easily be activated by a hacker and used to pull details from your personal life, track your daily movements and online habits, or blackmail you with a lurid photograph. More here.
READ THOSE RIDICULOUSLY LONG PRIVACY AGREEMENTS
Facebook’s latest experiment in emotional manipulation is a reminder that those privacy policies you mindlessly accept—which Sell thinks should be termed “ownership policies,” in the name of transparency—contain some pretty wacky built-in clauses, like, say, implicitly consenting to participate in behavioral studies. When you accept one of these policies, “you’re agreeing to a free, worldwide, transferable license for eternity, for everything you put into that service,” she said.
DON’T TRUST FITBIT (OR ANY OTHER APP, FOR THAT MATTER)
Most fledgling apps haven’t taken the time to identify and plug security holes, as evidenced by the recent Yo hack. “These are startups with a small budget,” said Sell. “They’re going for Minimum Viable Product,” pushing out the app’s core functions as quickly as possible, with little time for extensive testing and development, “and they’re collecting lots of information on us. All the health apps and health devices out there, they really scare me.”
It goes back to thinking about who really needs your data, and why. Are the enhanced analytic features of FitBit really better than an old-fashioned pedometer, once you take into account the amount of hackable data the fitness tracker is collecting? More here.