top tips to protect your privacy and data
TRANSCRIPT
Top Tips to Protect Your Privacy and Data
Monday, Jan. 28th is Data Privacy Day
Data Privacy Day is held on January 28th every
year. It is an effort to empower people to
protect their privacy and control their digital
footprint and escalate the protection of privacy
and data as everyone’s priority.
Presented by:Tim Gurganus
1/28/2013
Data Privacy Day 2013
Top Tips to Protect Your Privacy and Data
January is Data Privacy Month
OIT is hosting several activities during Data Privacy Month (January) to empower campus users to protect their privacy and to control their digital footprint.
All events will be held in DH Hill Library Auditorium 12pm – 1pm
Tuesday: “What Data is sensitive and How do we keep it private?”
Thursday: “Data Protection, Privacy and the Law”
NCSU Privacy Month website:
http://go.ncsu.edu/dpm2013
Top Tips to Protect Your Privacy and Data
Student Data Privacy @ NCSU
The University publishes an directory online. You can control what
information is displayed using the instructions in this document:
http://www.ncsu.edu/registrar/forms/pdf/privacyblock.pdf
You can update or remove your personal information by logging into the MyPack portal at: http://mypack.ncsu.edu
Under the FOR STUDENTS tab in MyPack Portal, select
Privacy Settings.
Top Tips to Protect Your Privacy and Data
Faculty/Staff Data Privacy @ NCSU
The University publishes an directory online. You can update or remove your
personal information by visiting this website:
https://ssl.ncsu.edu/directory/updatelisting.php
The University also maintains other personal information about you that you
can view and update in the MyPack Portal: http://mypack.ncsu.edu
Under the FOR Faculty and STAFF tab in MyPack Portal, select Employee Self-Service and then Personal Information
Top Tips to Protect Your Privacy and Data
Pick Good Passwords• Passwords should be hard to guess and longer is better
• Use good passwords with strength appropriate for the importance of the site.
– Banking website password should be stronger than a forum site
– If a site stores your credit card info, it should have a stronger password
– Use different passwords for different websites or types of websites
• Online Banking
• Personal Email
• Unity ID
• Online shopping
• Facebook, Twitter, LinkedIn, Pinterest
Password strength testing
• If you have an idea for a password, test it here: https://passfault.appspot.com/password_strength.html#menu
Top Tips to Protect Your Privacy and Data
Be Careful of Linked Accounts• If your email account can be used to reset the password for your
Bank account, the passwords should be different and at least thesame strength
• Avoid connecting too many accounts and be wary of using your Facebook or twitter account to login to sites that are not well known
• Firefox plug-in shows password use and re-usehttp://connectioni.st/2012/01/visualize-your-password-reuse.html
Password strength testing
• If you have an idea for a password, test it here: https://passfault.appspot.com/password_strength.html#menu
• Password suggestions: https://onyen.unc.edu/cgi-bin/unc_id/services
Top Tips to Protect Your Privacy and Data
Manage your passwords
• If you store passwords in your web browser, set a master password
• Consider using a password vault like Keepass from:http://keepass.info
– Works in Windows, Linux and Mac
– Works in Android, iPhone, Blackberry and Windows phone
– Password vault is opened with a master password
– Passwords are encrypted while in memory
– Once you find a password, double click on it to copy it to the clipboard then paste it in the login screen
– Keepass can automatically clear the clipboard after a certain time has passed.
• Use a mnemonic or association to help you remember the password chosen for a given login
Top Tips to Protect Your Privacy and Data
Gmail Email Security and Privacy
• Setting up mail delegation -http://support.google.com/mail/bin/answer.py?hl=en&ctx=mail&answer=138350
• You can delegate access to your Gmail to another person so they can read, send, and delete messages on your behalf.
• For example, you can delegate e-mail rights to an admin in your organization, or you could delegate your personal email access to your spouse.
• The delegate can also access the other person's contacts by clicking the Contacts link. Clicking the To, Cc, or Bcc links in the mail compose window will also bring up your contacts.
• You won't be able to give anyone permission to change your account password or account settings, or chat on your behalf.
• Only delegate email access to a trusted person
• This is one of the settings you should check if your account has been compromised
Top Tips to Protect Your Privacy and Data
Gmail Email Filters and Forwarding
• Email filters and forwarding are another way to share access to email
• You can set up filters to forward messages that meet specific criteria.
• You can create 20 filters that forward to other addresses.
• You can maximize your filtered forwarding by combining filters that send
to the same address.
• Setting up a forward:
http://support.google.com/mail/bin/answer.py?hl=en&ctx=mail&answer=
10957
• Creating filters:
http://support.google.com/mail/bin/answer.py?hl=en&answer=6579
• Filters and forwards should be checked after an account is compromised
Top Tips to Protect Your Privacy and Data
Displaying Images or Remote Content and Privacy
• Be aware that displaying images or other remote content in an email may communicate to the sender that you read the email or identify you to the sender
Top Tips to Protect Your Privacy and Data
Displaying Images or Remote Content and Privacy
• Be aware that displaying images or other remote content in an email may communicate to the sender that you read the email or identify you to the sender
Top Tips to Protect Your Privacy and Data
Did you know ???
• The Wall Street Journal says companies are increasingly connecting consumers' real-life identities to where they hang out online.
• The newspaper cited a Georgia man shopping for a car who input his name and contact information on a car dealer's website.
• While this data went to the dealership, it also was transmitted to a company that tracks the online movements of people shopping for vehicles. The company then was able to pair the man's personal information with an analysis of the automotive websites he had visited and hand over all of this data to the car dealer, which could use it to more easily land a sale.
• One company that can pull off this kind of data mining is Dataium LLC,based in Nashville, Tenn.
• Describing itself as "the world's largest compiler of online automotive shopping behavior," Dataium says every month it "observes over 20 million automotive shoppers across over 10,000 automotive websites and then aggregates, indexes and summarizes this data into intelligent insights."
Top Tips to Protect Your
Privacy and DataMore and more, You are being tracked online:
How it works:http://online.wsj.com/article/SB1000142412788732478440457814
3144132736214.html#project%3DANONYMITY1208%26article
Tabs%3Dinteractive
1. When you visit a website, a tracking company like
Dataium or DataLogix put a cookie on your computer
2. As you visit other sites that also use data tracking
companies, the cookie data gets updated using your
computer browser’s id.
3. If at some point you enter your real name on a
website, like to register, your ID is connected with
the cookie information collected earlier.
Top Tips to Protect Your Privacy and Data
• Sites are sharing personally identifiable
information and some personal information
(age, zip code) with 3rd parties– Ask.com
– Linkedin.com
– Photobucket.com
– Match.com
http://online.wsj.com/article/SB10001424127887324784404578143144132736214.html
#project%3DANONYMITY1212%26articleTabs%3Dinteractive
Top Tips to Protect Your Privacy and Data
When you login to a site, other companies may
access the data from your profile via:• Image Advertising on the pages
• Social network code such as Like, Google+, LinkedIn or Tweet
– If you are signed in to Facebook and go to a site with a Like button, the site can know your Facebook identity even if you don’t click on the Like button
• Advertising banners, headers, sidebars and footers
– Some use transparent images that you will not see
Top Tips to Protect Your Privacy and DataFirefox Browser Settings
• Remember history, search history
downloads
• Don’t Accept tracking cookies
• Don’t Accept third party cookies
• Cookie Expiration
Accept third-party cookies:
If selected, Firefox will accept cookies from http://site2.com when you are visiting
http://site1.com.
Some advertisers use these types of cookies to track your visits to the various websites on
which they advertise.
If you are concerned about this, you can disable third-party cookies in Firefox.
Top Tips to Protect Your Privacy and DataFirefox Browser Settings
•Firefox allows you to show your cookies by name and content.
•Here you see all the cookies related to Twitter
Top Tips to Protect Your Privacy and DataFirefox Browser Settings
• See saved passwords and remove or show them
• Firefox can protect sensitive information such as saved passwords and
certificates by encrypting them using a master password.
• If you create a master password, each time you start Firefox, it will ask
you to enter the password the first time it needs to access a certificate or
stored password.
Top Tips to Protect Your Privacy and DataFirefox Browser Settings
• Pages you view are normally stored in a special cache folder for quicker
viewing the next time you visit the same page.
• You can specify the amount of disk space the cache can use here.
• You can also immediately clear the contents of the cache.
Top Tips to Protect Your Privacy and DataFirefox Browser – Private Browsing
Firefox 3.5 and later versions support Private Browsing mode which has its own cache, history and cookies that are not stored after you exit private browsing mode.
Private browsing doesn’t save any data, but does not make you anonymous.
Top Tips to Protect Your Privacy and DataInternet Explorer 8 – Private Browsing
Internet Explorer 8 supports InPrivate Browsing and InPrivate Filtering– they are related, but not the same
Top Tips to Protect Your Privacy and DataInternet Explorer 9 – Private Browsing
Internet Explorer 9 supports InPrivate Browsing and Tracking Protection Filtering
To use Tracking Protection, you must download a block list or buildone of your own
Top Tips to Protect Your Privacy and DataInternet Explorer 8 – Privacy Settings
Cookie handling is controlled by the setting of the slider
Top Tips to Protect Your Privacy and DataInternet Explorer 9 – Privacy Settings
Cookie handling is controlled by the setting of the sliderInternet Explorer 9 added a setting for physical location requests
Top Tips to Protect Your Privacy and DataInternet Explorer – Security Settings
Internet Explorer divides websites into zones. Most sites are in the internet zone and are trusted less than those the Local intranet or Trusted sites zones.
Top Tips to Protect Your Privacy and DataInternet Explorer – Security Settings
Sites can be added to the local intranet and trusted sites manually
Top Tips to Protect Your Privacy and DataInternet Explorer – Security Settings
If a site is more trusted, then more features are enabled like:
• File download
• Prompting for file download
• Running unsigned ActiveX
scripts
• Downloading of fonts
• Pop-up blocker
enable/disable
• Smart Screen filter
enable/disable
• Enabling Javascript
• Opening files based on
content not extension
Top Tips to Protect Your Privacy and DataInternet Explorer – Security Settings
Known bad sites can be added to the Restricted sites zone.
Many web page actions are disabled for sites in the Restricted sites zone.
Top Tips to Protect Your Privacy and DataInternet Explorer – Cookie and Cache Settings
Internet Explorer doesn’t support a master password
to protect access to stored passwordshttp://www.howtogeek.com/68231/how-secure-are-your-saved-internet-explorer-passwords/
Top Tips to Protect Your Privacy and DataInternet Explorer – Cookie and Cache Settings
The Default location of the cookie files is:
XP: C:\Documents and Settings\your user name\Cookies
Win7: c:\users\your user name\appdata\roaming\microsoft\windows\cookies\low
Top Tips to Protect Your Privacy and Data
Web browser settings• Do not track browser plugins, Ad blockers
• Abine Do Not Track Me browser plug-in for Firefox,
Internet Explorer, Safari and Chrome
http://www.abine.com
• Cool feature that shows what tracking sites it blocks on a page
• Browser plugins like NoScript , Updated
Adblocker or AdBlock Plus will also block
some tracking images and scripts
Top Tips to Protect Your Privacy and Data
Encryption
Wherever possible, use SSL connections for:Web � HTTPSEmail � IMAPSCommand shell � SSHFile Transfer � sftp or secure Web-DAVIM � try an IM client plug-in called Off the RecordRemote Desktop � MS RDP is encrypted, VNC is not
Yahoo, Microsoft, Facebook, Twitter and Google have a setting tomake HTTPS the default for your account anytime you connect
Be aware that mobile apps use encryption less often than their PC counter parts
� communicate sensitive data on your PC if you have a choice
Top Tips to Protect Your Privacy and Data
Encryption
Top Tips to Protect Your Privacy and Data
Use Wireless encryption (WPA or WPA2) if possible
If no wireless encryption is available, encrypt with a VPN
NCSU VPN: http://vpn.ncsu.edu
Only encrypts communication with NCSU campus, not the whole internet
Use a VCL: vcl.ncsu.edu RDP is encrypted
Some free full tunnel VPN services• http://www.zeropaid.com/news/94826/top-5-free-vpn-services/
– SecurityKiss
– Cyberghost
– Hotspotshield
– These all have quotas and speed restrictions, but will encrypt your communication if • Your application or website doesn’t have an option to encrypt
– Some instant messaging
– CIFS file sharing
– You are in a bind and your wireless connection is not encrypted
– For Mobiles: a popular (not free) one is http://news.cnet.com/8301-1009_3-57562928-83/private-wifi-takes-its-vpn-mobile/
Top Tips to Protect Your Privacy and Data
Social network privacy
Facebook maintains at least 57 categories of personal data on every user including:
• Deleted wall posts
• Deleted messages
• E-mail addresses you’ve used
• Deleted friends list
• Date and time of log-ins
• Last known geographic location, including longitude and latitude.
Top Tips to Protect Your Privacy and Data
Some statistics from June 2012 study of Facebook privacy
• Some people are sharing too much.Our projections suggest that 4.8 million people have used Facebook to say where they planned to go on a certain day (a potential tip-off for burglars) and that 4.7 million “liked” a Facebook page about health conditions or treatments (details an insurer might use against you).
• Some don't use privacy controls.Almost 13 million users said they had never set, or didn’t know about, Facebook’s privacy tools. And 28 percent shared all, or almost all, of their wall posts with an audience wider than just their friends.
• Facebook collects more data than you may imagine.For example, did you know that Facebook gets a report every time you visit a site with a Facebook “Like” button, even if you never click the button, are not a Facebook user, or are not logged in?
Top Tips to Protect Your Privacy and Data
Some statistics from June 2012 study of Facebook privacy
• Your data is shared more widely than you may wish.
Even if you have restricted your information to be seen by friends only, a friend who is using a Facebook app could allow your datato be transferred to a third party without your knowledge.
• In 6/2012 survey, 25 percent said they falsified information in their profiles to protect their identity, up from 10 percent twoyears ago
Top Tips to Protect Your Privacy and Data
What Facebook data says about you:
Top Tips to Protect Your Privacy and Data
Social Networks and Privacy
Who is using social network data?: Insurers, Admissions officers, Law Enforcement, Jury Selection consultants, Employers, IRS, INS, Criminals
Services such as Social Intelligence scours public postings on Facebook and other social networks as part of a background check.
Among the red flags employers look for, the company says, are sexually explicit photos or videos, racist remarks, and evidence of illegal activities. It also reports that 69 percent of human-resource officers have rejected job applicants based on social media reviews that turned up any of those flags.
“We can now collect information on buying behaviors, geospatial and location information, social media and Internet usage, and more,” says a recent report from Novarica, a New York-based research and consulting firm serving insurers and financial service companies.
“Our electronic trails have been digitized, formatted, standardized, analyzed and modeled, and are up for sale. As intimidating as this may sound to the individual, it is a great opportunity for businesses to use this data.”
Top Tips to Protect Your Privacy and Data
Social Networks and Privacy
General Facebook privacy settings:
Facebook postings have privacy settings, so before you post a photo, you can select public or just friends to determine who can view the photo
– Audience selector setting: only me, friends, list of friends, public
– It remembers what you chose last time and that is the default next time
Also there is a timeline visibility control– Allows you to hide something from your timeline, but allow it
to show up in other places like search results, relationships ornews feed
Deleting an item from Facebook is also a way to control what is there.
Top Tips to Protect Your Privacy and Data
Ways to Protect yourself on Facebook:• Regularly check your exposure. Each month, check out how your
page looks to others. Review individual privacy settings if necessary.
• Protect basic information. Set the audience for profile items, such as your town or employer. And remember: Sharing info with “friends of friends” could expose it to tens of thousands.
• Know what you can’t protect. Your name and profile picture are public. To protect your identity, don’t use a photo, or use one that doesn’t show your face.
• “UnPublic” your wall. Set the audience for all previous wall posts to just friends.
• Turn off Tag Suggest. If you’d rather not have Facebook automatically recognize your face in photos, disable that feature in your privacy settings. The information will be deleted.
Top Tips to Protect Your Privacy and Data
Ways to Protect yourself on Facebook:
• Block apps and sites that snoop. Unless you intercede, friends can share personal information about you with apps. To block that, use controls to limit the info apps can see.
• Keep wall posts from friends. You don’t have to share every wall post with every friend. You can also keep certain people from viewing specific items in your profile.
• When all else fails, deactivate. When you deactivate your account, Facebook retains your profile data, but the account is made temporarily inaccessible. Deleting an account, on the otherhand, makes it inaccessible to you forever.
Top Tips to Protect Your Privacy and Data
Consumer Reports video with privacy setting
recommendations:http://www.consumerreports.org/cro/video-hub/electronics/computers--internet/how-to-set-privacy-controls-on-
facebook/16952110001/1594690835001/
• Setting Wall post audience
• Permissions on viewing past wall posts
• Timeline Restrictions
• Photo viewing restrictions
• Using Restricted lists
• Restricting information available to Facebook Apps
Top Tips to Protect Your Privacy and Data
Social Networks and Privacy
Facebook Graph Search is an Awesome Tool for Phishing Attackshttp://www.networkworld.com/news/2013/011613-facebook-graph-search-is-an-265890.html
Facebook announced this week its upcoming Graph Search capability, which is a search engine that allows you to find things based on relationships and context -drawing from the limitless pool of Likes, tags, and check-ins posted by a billion Facebook members.
You can search based on people, places, friends, and interests. For example, you can do a search for "friends who like The Beatles and live in Chicago," or "Italian restaurants my friends have visited nearby."
Richard Wang, manager at Sophos Labs, says "Graph Search might be a startling eye-opener for many. This will probably lead more users to discovering that they have shared more than they expected and gives scammers and phishers the opportunity to target particular groups of people."
While you'll only be able to see items shared to public or shared to you specifically by your friends' privacy settings, many Facebook users aren't aware of or don't properly use the security and privacy controls so everything they post on the social network will be easily discoverable by cyber criminals.
Currently, there is no way to opt-out of graph search
Top Tips to Protect Your Privacy and Data
Social networks and Privacy
How to control what shows in Graph Search on Facebook
• If you're worried about what Graph Search might uncover, you'll need to revisit their privacy settings to see what's visible.
• To do so, click the gear icon at the top-right corner of the site and click "Privacy Settings." The "Who can see my stuff?" section will dictate what's visible in searches.
• Check the "Timeline and Tagging" section on the left sidebar, and review who can see photos and posts that you've been tagged in. (When in doubt, limiting it to "Friends" is the best option.)
• Keep in mind that users can still hide their Facebook timelines from other search engines, such as Google. To do so, click the gear icon at the top-right corner of the site, click to "Privacy Settings" and look for "Do you want other search engines to link to your timeline?" in the "Who can look me up?" section.
Top Tips to Protect Your Privacy and Data
Facebook and Online Privacy
• If offensive or dangerous content is posted on your page:
If you click report link, you can contact the person that
posted the offensive content or a third party
You can also report the content to Facebook directly too
there is a support tab to track your complaint
• Facebook help center - what to do if your account is
hacked, removing account of someone impersonating you
- basics of privacy on Facebook- what’s new on Facebook – policy changes
Top Tips to Protect Your Privacy and Data
Facebook and Online Privacy• It is up to you to untag yourself in Facebook photos
http://www.networkworld.com/community/blog/facebook-photos-opt-out-or-tag-youre-it
You can customize your privacy settings to disable your name from appearing in suggested tags, however your "friends" can still tag you manually.
• The only official way to remove the tagged name is to join Facebook and setup privacy settings as follows:
– Go to your Facebook menu, select "Privacy Setttings."
– Click "Customize settings"
– Scroll to the "Things others share" section, "Photos and videos I'm tagged in" item, and click "Edit Settings.
– Select "Customize."
– Select "Friends Only," "Only Me," "Specific People"
– Click "Save Setting."
Top Tips to Protect Your Privacy and Data
Pinterest and Online Privacy
As of May 2012:
• Pinterest has surpassed all other social media sites and has earned the
coveted spot of “number three” in terms of users behind Facebook and
Twitter.
• When you use your Facebook account to create a Pinterest profile,
Pinterest accesses your personal information to automatically have your
account start following common connections.
• You also have the option to establish your profile using your Twitter
account, which does not trigger auto-follow, I'm told.
Top Tips to Protect Your Privacy and Data
Pinterest Privacy Settings
• Access and change information in your profile page at any time, and choose whether your profile page is available to search engines;
• Link or unlink your Pinterest account from an account on anotherservice (e.g., Facebook or Twitter). For some services (like Facebook), you can also choose whether or not to publish your activity on Pinterest to that service.
• Create or be added to a secret board. Secret boards are visible to you and other participants in the board, and any participant may choose to make the contents of the board available to anyone else. For example, another participant may invite someone else to the board, make the board available to an app they use to view Pinterest, or even just take an image from the board and email it to their friends.
Top Tips to Protect Your Privacy and Data
Pinterest Privacy Settings – Creating a Private
Board
Summary• Keep you computer or smartphone patched
visit: http://browsercheck.qualys.com
• Choose good passwords
• Manage your passwords• Be careful how you link on-line accounts
• Use encrypted communication• Enable Do Not track features in your web browser
• Use encrypted wireless
• Don’t over share on Social Networks
• You can find this presentation on Classmate
• NCSU Privacy Month website: http://go.ncsu.edu/dpm2013
Top Tips to Protect Your Privacy and Data