and head to menu > Settings > General > Personal Privacy to control what data is collected and shared. Disable the data-sharing options here.

We recommend just uninstalling Avast. But, if you want to leave it installed and disable the data collection, this is Browser Exten-sions Are Only Part of the Problem Antivirus software often bundles browser exten-sions that collect de-tailed data for market-ing purposes. In Octo-ber 2019, Adblock Plus creator Wladimir Pal-ant cataloged the way several Avast browser extensions gather and transmit data about people’s browser histo-ries. An AVG browser extension was doing the same thing, too—that’s not surprising, as Avast bought AVG a few years ago.

Google and Mozil-la cracked down, re-moving the browser extensions from the

Do you use Avast’s antivirus? By default, Avast collects your web browsing activity and offers it to market-ers through a subsidi-ary named Jumpshot. Companies who pay Avast can view full “clickstream data” to see what Avast users are doing online. Here’s how Michael Kan puts it over at PCMag:

The data collected is so granular that clients can view the individual clicks users are making on their browsing ses-sions, including the time down to the milli-second. And while the collected data is never linked to a person’s name, email or IP ad-dress, each user histo-ry is nevertheless as-signed to an identifier called the device ID, which will persist un-less the user uninstalls the Avast antivirus product.

Avast says this data is “anonymized,” but PCMag and Mother-board were able to link it to individuals. For

example, if you know which Amazon user bought a specific prod-uct at a specific second on a specific date, you can identify the “anonymized” individu-al and then look back through their browsing history.

Avast Harvests the

Data Through Its

Desktop Antivirus If you have Avast in-stalled with the default settings, your browsing history is being sold to marketers through Jumpshot. This data isn’t collected through Avast’s browser exten-sion. Instead, it’s col-lected through the main desktop Avast antivirus application.

When you install Avast, you’ll see a prompt asking whether you want to share data. Most people who clicked “I agree” proba-bly didn’t realize every-thing they agreed too.

If you have Avast in-stalled, you can open the Avast application

Avast’s Collects and Sells Your Browsing History

Monthly Reminders:

Run Malwarebytes

Run Super Anti-

spyware

Manually Update

Windows

Run computer

clean-uo

SVECC Newsletter Sunland Village East Computer Club

Volume 17 Issue 2

February 2020

S V E C C

Selling Data 2

Encrypting Drives 3

Passwords 4

Passwords 5

Calendar 6

Security Tips 6

Exit laughing 8

Inside this issue:

Chrome Web Store and Mozilla Addons site until Avast made some changes. They’re now available for download once again. It’s not clear ex-actly how much the data collection was lim-ited, but Avast is also more “transparent” in its privacy policy.

While Google and Mozilla can crack down on what an antivirus company’s browser extensions can do, no one’s stopping a com-pany like Avast from collecting data using its desktop application. That may be one rea-son why Avast is en-gaging in such whole-sale data collection through its desktop ap-plication.

We recommend against installing your antivirus’s browser ex-tensions, but you can’t avoid privacy problems just by avoiding the browser extensions.

Free Antivirus Soft-ware Has to Be Paid For Somehow Free antivirus software has to make a profit somehow, so it’s no surprise that compa-nies like Avast have turned to gathering and

monetizing their cus-tomers’ data.

In the past, Avast has even incorporated a “shopping” feature that added advertisements to other web pages as you browsed. Avast no longer does that, but the data collection doesn’t feel entirely out of character.

As we pointed out back in 2015, free antivirus software really isn’t “free” anymore. Many antivirus companies have turned to chang-ing your default search engine, swapping your browser’s homepage, and integrating extra software “offers” into their installers. Today, many other antivirus applications are likely tracking your browsing and, presumably, sell-ing that data.

What Antivirus Software Doesn’t Track You? Not every free antivirus necessarily tracks you. We haven’t examined every antivirus out there. Some might pro-vide a free trial that doesn’t collect and sell data, instead attempt-ing to sell you the com-pany’s paid antivirus product.

For example, Wladimir Palant, who exposed the data collection in Avast and AVG’s browser exten-sions, said in response to a comment that he hasn’t found any indi-cation Kaspersky’s free antivirus is spying on its users. However, back in 2019, Kaspersky was previ-ously injecting a unique identifier into web browsing traffic that would have allowed its users to be identified online.

We recommend Mi-crosoft’s Windows De-fender, which is inte-grated into Windows 10. Microsoft’s antivi-rus doesn’t have an agenda beyond keep-ing malware off your computer. It doesn’t track your web brows-ing. It doesn’t try to upsell you any extra software, although Mi-crosoft does offer more advanced security soft-ware contracts for busi-nesses.

We also like and rec-ommend Malwarebytes, which we’ve found does a good job of de-tecting and removing junk software. The free version of Malware-bytes can’t run in the background.

Page 2

Avast’s Collects and Sells Your Browsing History

SVECC Newsletter

While Google and

Mozilla can crack

down on what an

antivirus

company’s browser

extensions can do,

no one’s stopping

a company like

Avast from

collecting data

Last month I described a BIOS password problem that I had to solve. This month, we’ll look at other password locks such as those used for protecting hard drive data.

One of the added fea-tures of Windows 10 Pro over the Home edition capabilities, is the ability to encrypt a drive to pro-tect all data and files con-tained on that drive from unauthorized access. An administrator can select a drive from the File Explor-er app and turn on the BitLocker option from the right mouse button option list. The user must then select an encryption key using any combination of uppercase and lowercase letters, numbers or sym-bols up to 64 characters long. It is critical to record this password as it will be impossible to access the files afterwards without this key. Windows will prompt you to save this key on your cloud ac-count, or in a file or by printing it before encrypt-ing the drive.

I recently had a customer who had a broken Sur-face PC and needed to recover some business files from the drive. The first place they’d taken it to had told them that it was not possible to ac-cess the data, not be-cause it was encrypted, but because the drive was a solid-state circuit board, as is usually found

in tablets and many Macs, and did not have the usual SATA drive connector. Having used many drives of this type before, I had the correct adapter to convert it to a SATA type connector. That was when we dis-covered that it had been locked using BitLocker. It prompted us to enter the key and the owner had no idea what that key may be. I told them that without the key I could not access the data for them. They were advised to check all of their pa-perwork to see if it was recorded somewhere. Fortunately, when the PC was purchased, the Bit-Locker key was written on their bill of sale by BestBuy! When they re-turned later with the key, we were able to access the data and transfer the files to a USB stick.

If you need to encrypt just specific files or folders and not a complete drive, there are several alterna-tives available. For exam-ple, Word and Excel pro-vides for the ability to pro-tect a document by apply-ing the ‘protect document’ option to the file through the Word or Excel op-tions. Adobe Acrobat can also be used to protect PDF type files. In certain versions of Windows, namely Windows 10 Pro, Windows 7 Professional, Windows 7 Ultimate, Win-dows 7 Enterprise, Win-dows 8 Pro or Windows 8 Enterprise also come with

an Encrypting File Sys-tem (EFS), which lets you encrypt any kind of file, as well as whole folders and subfolders. Users with a Home edition of Windows will need to use either the Office Suite encryption or a third-party solution, such as True-Crypt, VeraCrypt or 7-Zip. EFS is applied by select-ing the folder or file, se-lect the properties/advanced through a right button click, and then select the ‘encrypt con-tents to secure data’ op-tion. This encryption is applied using the logon ID and password so it is not as secure as that used by the BitLocker and I’m not sure what would happen if the pass-word used by that ID was removed using a pass-word removal tool. Possi-bly the data would stay encrypted and still require the original password to allow the files/directories to be accessed.

Many USB drives also offer their own encryption system for the files on that drive, but I would be hesitant to use these as the proprietary nature of the program may cause problems later.

Dan’s Desk

Encrypting a Drive

By Dan Douglas

Encrypting a Drive

Volume 17 Issue 2 Page 3

Many USB drives

also offer their

own encryption

system for the

files on that drive,

but I would be

hesitant to use

these

In support of Safer In-

ternet Day, Google

conducted research to

gain insight into be-

havior that might be

putting users at risk,

with password issues

being a primary con-

cern.

The internet by default

is not always safe,

which is why Safer

Internet Day on Feb. 5

exists—it’s a day to

educate and remind

users about the steps

that should be taken

to reduce cyber-

security risks.

But what are the un-

safe things that users

are doing online?

Google conducted a

study along with a

Harris Poll of 3,000

Americans over the

age of 16 to try to

gauge the current

state of safe, or in

many cases unsafe,

internet usage.

Among the key find-

ings in the study is

that there is a clear

gap between user

perception and reality

for cyber-security. Six-

ty-nine percent of re-

spondents rated

themselves highly for

how they protect their

accounts, even

though the responses

to other questions in

the poll would seem to

indicate otherwise.

"I found it sad, though

not terribly surprising,

that two in three peo-

ple [65 percent] reuse

the same password

for multiple accounts,"

Emily Schechter,

product manager of

Chrome security at

Google, told us "Using

unique passwords is

important for good

password manage-

ment, and tools like

password managers

can help you easily

generate and store

strong unique pass-

words."

The use of the same

password for multiple

accounts puts users

at elevated risk from

data breaches. At-

tackers are increas-

ingly making use of

credential stuffing at-

tacks, where pass-

words stolen from one

site are "stuffed" and

attackers attempt to

reuse them on other

sites to gain access.

Improper practices

surrounding pass-

words is a key theme

in Google's Safer In-

ternet Day research.

Less than a quarter

(23 percent) of re-

spondents indicated

Page 4

Password Reuse Remains a Barrier to Safer Internet Use

SVECC Newsletter

In support of Safer

Internet Day, Google

conducted research to

gain insight into

behavior that might be

putting users at risk,

with password issues

being a primary concern.

that they believe hav-

ing long passwords is

a good best practice

for cyber-security. Re-

membering pass-

words was a pain

point identified by 60

percent of respond-

ents, yet only 24 per-

cent noted that they

make use of a pass-

word manager appli-

cation.

Generational Dif-ferences

The study also found

variances in how dif-

ferent age groups

make use of safer in-

ternet practices.

"There wasn’t a clear

winner in regard to

which generation un-

derstands and practic-

es strong security be-

haviors, but there

were some interesting

trends around genera-

tional differences," It

was noted that Gen Z

(16-24-year-olds) is

more likely to use two-

factor authentication

(2FA) and more regu-

larly update their

desktop, mobile and

web applications. But

Baby Boomers (50+-

year-olds) are more

likely to use a unique

password for each of

their accounts (40

percent vs. 35 percent

overall).

Safer Internet Day Security Tips

There are several key

security tips that

Google has for users

to help reduce risk

and create a safer in-

ternet experience.

Keep software updated. Security vul-nerabilities are patched regularly in applications, and at-tackers often look for

unpatched victims to exploit. Use unique pass-words. Reusing the same password on multiple sites might seem convenient for users, but it also makes it easier for an attacker as well. Make Use of two-factor authentica-tion. With 2FA, even if a user's password is stolen, a second password (or "factor") is needed to gain ac-cess. Set up a recovery phone number or email address and keep it updat-ed. Having proper re-covery information helps users get back into accounts if ac-cess is lost.

While tips like keeping

software updated or

using unique pass-

words may not seem

super exciting, they

can go a long way to-

ward improving your

security posture.

Password Reuse Remains a Barrier to Safer Internet Use

Volume 17 Issue 2 Page 5

While tips like keeping

software updated or using

unique passwords may

not seem super exciting,

they can go a long way

toward improving your

security posture.

you. Please see http://bit.ly/2Y2KRBo

Did you get an Ama-zon Alexa during the holidays? If so, are you aware that while it is listening for the wake-up phrase, it is listening AND record-ing everything it hears? Check out the Amazon Alexa Priva-cy page: click on Alexa Privacy and review voice history. Furthermore, there are fake setup apps

portable devices transmit information about you and your “doings” when the app opens. This in-formation comes from an investigation by a company that has resulted in the EU banning those apps unless they are rewritten to notify us-ers and asking per-mission to use the data. You are warned that this aggregates under a unique iden-tifier that can reveal information about

for Alexa. Searching for the setup, you'll find an app near the top called "Setup for Amazon Alexa" by One World Software. That's the fake. This app actually climbed the Apple popularity chart to among the top ten, and it was worse for the Android and Google Play folks. For Alexa, the official version is de-veloped by AMZN Mobile, so look for that before down-loading. And it shows

Page 6

Security Tips Facebook and Android

SVECC Newsletter

.Security Tips – Feb-ruary 2020

By David Shulman, WPCUG Weekly Up-date editor, inter-group liaison, and a co-organizer of WPCUG’s Meetup

www.wpcug.org / in-tergroupliaison (at) wpcug.org

Attention Facebook and Android users: Apparently, some platforms and appli-cations on those

SUN MON TUE WED THU FRI SAT

1

2 3 Computer Club

4 no Fix-it Tuesday

5 6 7 8

9 10 Computer Club

11Patch and

Fix-it Tuesday

12 Linux Meeting

13 14 15

16 17 Computer Club

18 Fix-it Tuesday

19 20 21 22

23 24 Computer Club

25 Fix-it Tuesday

26 27 28 29

February 2020

up in the Apple App Store's Music sec-tion, not Utilities. If you have an Alexa-enabled Fire tablet, the real app is down-loaded automatically.

“San Diego School District Hacked, 500,000 Employees and Students Possi-bly Affected” was the headline in the San Diego Union-Tribune. The takeaway for all of us no longer in school or working in schools is: DO NOT provide personal, un-changeable infor-mation about your kids or grandkids to school systems that do not need it, and demand that the schools secure the information they probably need to le-gitimately run their institution. See http://bit.ly/2F8bi10

Is privacy an ongoing concern for you? Check out Po-gowasright.org. This website, founded in 2006 by two people who loved Pogo and thought that the icon-ic cartoon with the caption “We have met the enemy and

he is us,” drawn by Walt Kelly was the motivation for their website.

Five biometric securi-ty measures to keep you safer in 2019. Fingerprint and facial recognition, gait anal-ysis, and behavioral, palm, and voice bio-metrics are some of today's cutting-edge biometric technolo-gies that can help identify and authenti-cate users. See: http://bit.ly/2CdTZcY.

Secret Win-

dows Hotkey

Instantly Makes

Your Start

Menu Bigger

Windows: If your Start menu isn’t quite big enough for all your tiles you can quickly make it big-ger by pressing Con-trol+Up.

Try it out now: just open the start menu, then use the key-board shortcut. You can also use Con-trol+Down to make it smaller, if you over-due things (we did). Failing that, you can also manually re-size the start menu like you can any other window. Thanks to the incomparable @SwiftOnSecurity for the tip.

Security Tips

Volume 17 Issue 2 Page 7

Is privacy an

ongoing concern

for you? Check

out

Pogowasright.org.

This website,

founded in 2006

by two people

who loved Pogo

Founded for the Residents of

Sunland Village East Mission: To help each other learn about Computers

Membership is open to all residents of SVE

Dues are $20.00 each or $30.00 family per year

Due October 1st

then began removing the cream with a tissue. 'What's the matter, asked Larry 'Giving up?'

Larry's kindergarten class was on a field trip to their local police station where they saw pictures tacked to a bulletin board of the 10 most wanted crimi-

nals. One of the young-sters pointed to a picture and asked if it really was

the photo of a wanted person. 'Yes,' said the policeman. 'The detec-tives want very badly to

capture him.' Larry asked,"Why didn't you

keep him when you took his picture ? "

A new teacher was trying to make use of her psy-chology courses. She

started her class by say-ing, 'Everyone who thinks they're stupid, stand up!'

After a few seconds, Little Larry stood up. The

teacher said, 'Do you think you're stupid, Lar-ry?' 'No, ma'am, but I

hate to see you standing there all by yourself!'

Larry watched, fascinat-ed, as his mother smoothed cold cream on her face. 'Why do you do that, mommy?' he asked. 'To make myself beauti-ful,' said his mother, who

Little Larry attended a horse auction with his

father. He watched as his father moved

from horse to horse,

running his hands up and down

the horse's legs and rump, and chest. After a

few minutes, Larry asked, 'Dad, why are you doing that?' His father replied, 'Because when I'm buy-

ing horses, I have to make sure that they are

healthy and in good shape before I buy. Larry,

looking worried, said, 'Dad, I think the UPS guy

wants to buy Mom ...'

Little Larry

Check us out at

svecc.com

SVECC

President

Dick Moon

Check us out at

svecc.com

SVECC

People helping

People