top tips to protect your privacy and data

Top Tips to Protect Your Privacy and Data

Monday, Jan. 28th is Data Privacy Day

Data Privacy Day is held on January 28th every

year. It is an effort to empower people to

protect their privacy and control their digital

footprint and escalate the protection of privacy

and data as everyone’s priority.

Presented by:Tim Gurganus

1/28/2013

Data Privacy Day 2013


January is Data Privacy Month

OIT is hosting several activities during Data Privacy Month (January) to empower campus users to protect their privacy and to control their digital footprint.

All events will be held in DH Hill Library Auditorium 12pm – 1pm

Tuesday: “What Data is sensitive and How do we keep it private?”

Thursday: “Data Protection, Privacy and the Law”

NCSU Privacy Month website:

http://go.ncsu.edu/dpm2013


Student Data Privacy @ NCSU

The University publishes an directory online. You can control what

information is displayed using the instructions in this document:

http://www.ncsu.edu/registrar/forms/pdf/privacyblock.pdf

You can update or remove your personal information by logging into the MyPack portal at: http://mypack.ncsu.edu

Under the FOR STUDENTS tab in MyPack Portal, select

Privacy Settings.


Faculty/Staff Data Privacy @ NCSU

The University publishes an directory online. You can update or remove your

personal information by visiting this website:

https://ssl.ncsu.edu/directory/updatelisting.php

The University also maintains other personal information about you that you

can view and update in the MyPack Portal: http://mypack.ncsu.edu

Under the FOR Faculty and STAFF tab in MyPack Portal, select Employee Self-Service and then Personal Information


Pick Good Passwords• Passwords should be hard to guess and longer is better

• Use good passwords with strength appropriate for the importance of the site.

– Banking website password should be stronger than a forum site

– If a site stores your credit card info, it should have a stronger password

– Use different passwords for different websites or types of websites

• Online Banking

• Personal Email

• Unity ID

• Online shopping

• Facebook, Twitter, LinkedIn, Pinterest

Password strength testing

• If you have an idea for a password, test it here: https://passfault.appspot.com/password_strength.html#menu


Be Careful of Linked Accounts• If your email account can be used to reset the password for your

Bank account, the passwords should be different and at least thesame strength

• Avoid connecting too many accounts and be wary of using your Facebook or twitter account to login to sites that are not well known

• Firefox plug-in shows password use and re-usehttp://connectioni.st/2012/01/visualize-your-password-reuse.html

Password strength testing

• If you have an idea for a password, test it here: https://passfault.appspot.com/password_strength.html#menu

• Password suggestions: https://onyen.unc.edu/cgi-bin/unc_id/services


Manage your passwords

• If you store passwords in your web browser, set a master password

• Consider using a password vault like Keepass from:http://keepass.info

– Works in Windows, Linux and Mac

– Works in Android, iPhone, Blackberry and Windows phone

– Password vault is opened with a master password

– Passwords are encrypted while in memory

– Once you find a password, double click on it to copy it to the clipboard then paste it in the login screen

– Keepass can automatically clear the clipboard after a certain time has passed.

• Use a mnemonic or association to help you remember the password chosen for a given login


Gmail Email Security and Privacy

• Setting up mail delegation -http://support.google.com/mail/bin/answer.py?hl=en&ctx=mail&answer=138350

• You can delegate access to your Gmail to another person so they can read, send, and delete messages on your behalf.

• For example, you can delegate e-mail rights to an admin in your organization, or you could delegate your personal email access to your spouse.

• The delegate can also access the other person's contacts by clicking the Contacts link. Clicking the To, Cc, or Bcc links in the mail compose window will also bring up your contacts.

• You won't be able to give anyone permission to change your account password or account settings, or chat on your behalf.

• Only delegate email access to a trusted person

• This is one of the settings you should check if your account has been compromised


Gmail Email Filters and Forwarding

• Email filters and forwarding are another way to share access to email

• You can set up filters to forward messages that meet specific criteria.

• You can create 20 filters that forward to other addresses.

• You can maximize your filtered forwarding by combining filters that send

to the same address.

• Setting up a forward:

http://support.google.com/mail/bin/answer.py?hl=en&ctx=mail&answer=

10957

• Creating filters:

http://support.google.com/mail/bin/answer.py?hl=en&answer=6579

• Filters and forwards should be checked after an account is compromised


Displaying Images or Remote Content and Privacy

• Be aware that displaying images or other remote content in an email may communicate to the sender that you read the email or identify you to the sender


Did you know ???

• The Wall Street Journal says companies are increasingly connecting consumers' real-life identities to where they hang out online.

• The newspaper cited a Georgia man shopping for a car who input his name and contact information on a car dealer's website.

• While this data went to the dealership, it also was transmitted to a company that tracks the online movements of people shopping for vehicles. The company then was able to pair the man's personal information with an analysis of the automotive websites he had visited and hand over all of this data to the car dealer, which could use it to more easily land a sale.

• One company that can pull off this kind of data mining is Dataium LLC,based in Nashville, Tenn.

• Describing itself as "the world's largest compiler of online automotive shopping behavior," Dataium says every month it "observes over 20 million automotive shoppers across over 10,000 automotive websites and then aggregates, indexes and summarizes this data into intelligent insights."

Top Tips to Protect Your

Privacy and DataMore and more, You are being tracked online:

How it works:http://online.wsj.com/article/SB1000142412788732478440457814

3144132736214.html#project%3DANONYMITY1208%26article

Tabs%3Dinteractive

1. When you visit a website, a tracking company like

Dataium or DataLogix put a cookie on your computer

2. As you visit other sites that also use data tracking

companies, the cookie data gets updated using your

computer browser’s id.

3. If at some point you enter your real name on a

website, like to register, your ID is connected with

the cookie information collected earlier.


• Sites are sharing personally identifiable

information and some personal information

(age, zip code) with 3rd parties– Ask.com

– Linkedin.com

– Photobucket.com

– Match.com

http://online.wsj.com/article/SB10001424127887324784404578143144132736214.html

#project%3DANONYMITY1212%26articleTabs%3Dinteractive


When you login to a site, other companies may

access the data from your profile via:• Image Advertising on the pages

• Social network code such as Like, Google+, LinkedIn or Tweet

– If you are signed in to Facebook and go to a site with a Like button, the site can know your Facebook identity even if you don’t click on the Like button

• Advertising banners, headers, sidebars and footers

– Some use transparent images that you will not see

Top Tips to Protect Your Privacy and DataFirefox Browser Settings

• Remember history, search history

downloads

• Don’t Accept tracking cookies

• Don’t Accept third party cookies

• Cookie Expiration

Accept third-party cookies:

If selected, Firefox will accept cookies from http://site2.com when you are visiting

http://site1.com.

Some advertisers use these types of cookies to track your visits to the various websites on

which they advertise.

If you are concerned about this, you can disable third-party cookies in Firefox.


•Firefox allows you to show your cookies by name and content.

•Here you see all the cookies related to Twitter


• See saved passwords and remove or show them

• Firefox can protect sensitive information such as saved passwords and

certificates by encrypting them using a master password.

• If you create a master password, each time you start Firefox, it will ask

you to enter the password the first time it needs to access a certificate or

stored password.


• Pages you view are normally stored in a special cache folder for quicker

viewing the next time you visit the same page.

• You can specify the amount of disk space the cache can use here.

• You can also immediately clear the contents of the cache.

Top Tips to Protect Your Privacy and DataFirefox Browser – Private Browsing

Firefox 3.5 and later versions support Private Browsing mode which has its own cache, history and cookies that are not stored after you exit private browsing mode.

Private browsing doesn’t save any data, but does not make you anonymous.

Top Tips to Protect Your Privacy and DataInternet Explorer 8 – Private Browsing

Internet Explorer 8 supports InPrivate Browsing and InPrivate Filtering– they are related, but not the same

Top Tips to Protect Your Privacy and DataInternet Explorer 9 – Private Browsing

Internet Explorer 9 supports InPrivate Browsing and Tracking Protection Filtering

To use Tracking Protection, you must download a block list or buildone of your own

Top Tips to Protect Your Privacy and DataInternet Explorer 8 – Privacy Settings

Cookie handling is controlled by the setting of the slider

Top Tips to Protect Your Privacy and DataInternet Explorer 9 – Privacy Settings

Cookie handling is controlled by the setting of the sliderInternet Explorer 9 added a setting for physical location requests

Top Tips to Protect Your Privacy and DataInternet Explorer – Security Settings

Internet Explorer divides websites into zones. Most sites are in the internet zone and are trusted less than those the Local intranet or Trusted sites zones.


Sites can be added to the local intranet and trusted sites manually


If a site is more trusted, then more features are enabled like:

• File download

• Prompting for file download

• Running unsigned ActiveX

scripts

• Downloading of fonts

• Pop-up blocker

enable/disable

• Smart Screen filter

enable/disable

• Enabling Javascript

• Opening files based on

content not extension


Known bad sites can be added to the Restricted sites zone.

Many web page actions are disabled for sites in the Restricted sites zone.

Top Tips to Protect Your Privacy and DataInternet Explorer – Cookie and Cache Settings

Internet Explorer doesn’t support a master password

to protect access to stored passwordshttp://www.howtogeek.com/68231/how-secure-are-your-saved-internet-explorer-passwords/

Top Tips to Protect Your Privacy and DataInternet Explorer – Cookie and Cache Settings

The Default location of the cookie files is:

XP: C:\Documents and Settings\your user name\Cookies

Win7: c:\users\your user name\appdata\roaming\microsoft\windows\cookies\low


Web browser settings• Do not track browser plugins, Ad blockers

• Abine Do Not Track Me browser plug-in for Firefox,

Internet Explorer, Safari and Chrome

http://www.abine.com

• Cool feature that shows what tracking sites it blocks on a page

• Browser plugins like NoScript , Updated

Adblocker or AdBlock Plus will also block

some tracking images and scripts


Encryption

Wherever possible, use SSL connections for:Web � HTTPSEmail � IMAPSCommand shell � SSHFile Transfer � sftp or secure Web-DAVIM � try an IM client plug-in called Off the RecordRemote Desktop � MS RDP is encrypted, VNC is not

Yahoo, Microsoft, Facebook, Twitter and Google have a setting tomake HTTPS the default for your account anytime you connect

Be aware that mobile apps use encryption less often than their PC counter parts

� communicate sensitive data on your PC if you have a choice


Encryption


Use Wireless encryption (WPA or WPA2) if possible

If no wireless encryption is available, encrypt with a VPN

NCSU VPN: http://vpn.ncsu.edu

Only encrypts communication with NCSU campus, not the whole internet

Use a VCL: vcl.ncsu.edu RDP is encrypted

Some free full tunnel VPN services• http://www.zeropaid.com/news/94826/top-5-free-vpn-services/

– SecurityKiss

– Cyberghost

– Hotspotshield

– These all have quotas and speed restrictions, but will encrypt your communication if • Your application or website doesn’t have an option to encrypt

– Some instant messaging

– CIFS file sharing

– You are in a bind and your wireless connection is not encrypted

– For Mobiles: a popular (not free) one is http://news.cnet.com/8301-1009_3-57562928-83/private-wifi-takes-its-vpn-mobile/


Social network privacy

Facebook maintains at least 57 categories of personal data on every user including:

• Deleted wall posts

• Deleted messages

• E-mail addresses you’ve used

• Deleted friends list

• Date and time of log-ins

• Last known geographic location, including longitude and latitude.


Some statistics from June 2012 study of Facebook privacy

• Some people are sharing too much.Our projections suggest that 4.8 million people have used Facebook to say where they planned to go on a certain day (a potential tip-off for burglars) and that 4.7 million “liked” a Facebook page about health conditions or treatments (details an insurer might use against you).

• Some don't use privacy controls.Almost 13 million users said they had never set, or didn’t know about, Facebook’s privacy tools. And 28 percent shared all, or almost all, of their wall posts with an audience wider than just their friends.

• Facebook collects more data than you may imagine.For example, did you know that Facebook gets a report every time you visit a site with a Facebook “Like” button, even if you never click the button, are not a Facebook user, or are not logged in?


Some statistics from June 2012 study of Facebook privacy

• Your data is shared more widely than you may wish.

Even if you have restricted your information to be seen by friends only, a friend who is using a Facebook app could allow your datato be transferred to a third party without your knowledge.

• In 6/2012 survey, 25 percent said they falsified information in their profiles to protect their identity, up from 10 percent twoyears ago


What Facebook data says about you:


Social Networks and Privacy

Who is using social network data?: Insurers, Admissions officers, Law Enforcement, Jury Selection consultants, Employers, IRS, INS, Criminals

Services such as Social Intelligence scours public postings on Facebook and other social networks as part of a background check.

Among the red flags employers look for, the company says, are sexually explicit photos or videos, racist remarks, and evidence of illegal activities. It also reports that 69 percent of human-resource officers have rejected job applicants based on social media reviews that turned up any of those flags.

“We can now collect information on buying behaviors, geospatial and location information, social media and Internet usage, and more,” says a recent report from Novarica, a New York-based research and consulting firm serving insurers and financial service companies.

“Our electronic trails have been digitized, formatted, standardized, analyzed and modeled, and are up for sale. As intimidating as this may sound to the individual, it is a great opportunity for businesses to use this data.”



General Facebook privacy settings:

Facebook postings have privacy settings, so before you post a photo, you can select public or just friends to determine who can view the photo

– Audience selector setting: only me, friends, list of friends, public

– It remembers what you chose last time and that is the default next time

Also there is a timeline visibility control– Allows you to hide something from your timeline, but allow it

to show up in other places like search results, relationships ornews feed

Deleting an item from Facebook is also a way to control what is there.


Ways to Protect yourself on Facebook:• Regularly check your exposure. Each month, check out how your

page looks to others. Review individual privacy settings if necessary.

• Protect basic information. Set the audience for profile items, such as your town or employer. And remember: Sharing info with “friends of friends” could expose it to tens of thousands.

• Know what you can’t protect. Your name and profile picture are public. To protect your identity, don’t use a photo, or use one that doesn’t show your face.

• “UnPublic” your wall. Set the audience for all previous wall posts to just friends.

• Turn off Tag Suggest. If you’d rather not have Facebook automatically recognize your face in photos, disable that feature in your privacy settings. The information will be deleted.


Ways to Protect yourself on Facebook:

• Block apps and sites that snoop. Unless you intercede, friends can share personal information about you with apps. To block that, use controls to limit the info apps can see.

• Keep wall posts from friends. You don’t have to share every wall post with every friend. You can also keep certain people from viewing specific items in your profile.

• When all else fails, deactivate. When you deactivate your account, Facebook retains your profile data, but the account is made temporarily inaccessible. Deleting an account, on the otherhand, makes it inaccessible to you forever.


Consumer Reports video with privacy setting

recommendations:http://www.consumerreports.org/cro/video-hub/electronics/computers--internet/how-to-set-privacy-controls-on-

facebook/16952110001/1594690835001/

• Setting Wall post audience

• Permissions on viewing past wall posts

• Timeline Restrictions

• Photo viewing restrictions

• Using Restricted lists

• Restricting information available to Facebook Apps



Facebook Graph Search is an Awesome Tool for Phishing Attackshttp://www.networkworld.com/news/2013/011613-facebook-graph-search-is-an-265890.html

Facebook announced this week its upcoming Graph Search capability, which is a search engine that allows you to find things based on relationships and context -drawing from the limitless pool of Likes, tags, and check-ins posted by a billion Facebook members.

You can search based on people, places, friends, and interests. For example, you can do a search for "friends who like The Beatles and live in Chicago," or "Italian restaurants my friends have visited nearby."

Richard Wang, manager at Sophos Labs, says "Graph Search might be a startling eye-opener for many. This will probably lead more users to discovering that they have shared more than they expected and gives scammers and phishers the opportunity to target particular groups of people."

While you'll only be able to see items shared to public or shared to you specifically by your friends' privacy settings, many Facebook users aren't aware of or don't properly use the security and privacy controls so everything they post on the social network will be easily discoverable by cyber criminals.

Currently, there is no way to opt-out of graph search


Social networks and Privacy

How to control what shows in Graph Search on Facebook

• If you're worried about what Graph Search might uncover, you'll need to revisit their privacy settings to see what's visible.

• To do so, click the gear icon at the top-right corner of the site and click "Privacy Settings." The "Who can see my stuff?" section will dictate what's visible in searches.

• Check the "Timeline and Tagging" section on the left sidebar, and review who can see photos and posts that you've been tagged in. (When in doubt, limiting it to "Friends" is the best option.)

• Keep in mind that users can still hide their Facebook timelines from other search engines, such as Google. To do so, click the gear icon at the top-right corner of the site, click to "Privacy Settings" and look for "Do you want other search engines to link to your timeline?" in the "Who can look me up?" section.


Facebook and Online Privacy

• If offensive or dangerous content is posted on your page:

If you click report link, you can contact the person that

posted the offensive content or a third party

You can also report the content to Facebook directly too

there is a support tab to track your complaint

• Facebook help center - what to do if your account is

hacked, removing account of someone impersonating you

- basics of privacy on Facebook- what’s new on Facebook – policy changes


Facebook and Online Privacy• It is up to you to untag yourself in Facebook photos

http://www.networkworld.com/community/blog/facebook-photos-opt-out-or-tag-youre-it

You can customize your privacy settings to disable your name from appearing in suggested tags, however your "friends" can still tag you manually.

• The only official way to remove the tagged name is to join Facebook and setup privacy settings as follows:

– Go to your Facebook menu, select "Privacy Setttings."

– Click "Customize settings"

– Scroll to the "Things others share" section, "Photos and videos I'm tagged in" item, and click "Edit Settings.

– Select "Customize."

– Select "Friends Only," "Only Me," "Specific People"

– Click "Save Setting."


Pinterest and Online Privacy

As of May 2012:

• Pinterest has surpassed all other social media sites and has earned the

coveted spot of “number three” in terms of users behind Facebook and

Twitter.

• When you use your Facebook account to create a Pinterest profile,

Pinterest accesses your personal information to automatically have your

account start following common connections.

• You also have the option to establish your profile using your Twitter

account, which does not trigger auto-follow, I'm told.


Pinterest Privacy Settings

• Access and change information in your profile page at any time, and choose whether your profile page is available to search engines;

• Link or unlink your Pinterest account from an account on anotherservice (e.g., Facebook or Twitter). For some services (like Facebook), you can also choose whether or not to publish your activity on Pinterest to that service.

• Create or be added to a secret board. Secret boards are visible to you and other participants in the board, and any participant may choose to make the contents of the board available to anyone else. For example, another participant may invite someone else to the board, make the board available to an app they use to view Pinterest, or even just take an image from the board and email it to their friends.


Pinterest Privacy Settings – Creating a Private

Board

Summary• Keep you computer or smartphone patched

visit: http://browsercheck.qualys.com

• Choose good passwords

• Manage your passwords• Be careful how you link on-line accounts

• Use encrypted communication• Enable Do Not track features in your web browser

• Use encrypted wireless

• Don’t over share on Social Networks

• You can find this presentation on Classmate

• NCSU Privacy Month website: http://go.ncsu.edu/dpm2013
