PC Pitstop is proud to welcome our friends at Windows Secrets as guest contributors. The weekly Windows Secrets Newsletter brings you essential tips for Windows, applications, and computing on the Internet.
By Jan Bultmann/Windows Secrets
Frequent Internet users get mixed messages about data privacy.
We worry about data miners and identity theft but put our life stories up on Facebook. Here are some basic steps to enhance your personal security.
Are we confused or just careless about our privacy? On the one hand, we hear plenty of stories about the data-mining and aggregation techniques used by companies and various governmental agencies around the world, as well as by criminals seeking to use social engineering to trick people out of money or processor power.
At the same time, social-networking sites such as Facebook, Twitter, and LinkedIn — which many people see as legitimate and benign — ask for more and more information about our past, our employment, and our interests. With almost every iteration of these sites, the Internet presses more deeply into our privacy.
You have good reason to think twice before filling out every field your social-networking site presents to you. In case you forget the varieties of Internet perils out there, here are reminders of what’s not in your interest when some people get their hands on your data. After that, to cheer you up a little, are 10 tips on how to protect your privacy.
A flourishing black market for personal data
You undoubtedly know that cybercriminals gather personal data to steal identities and money. Users can suffer damage to their personal credit and even jeopardy to their physical safety. But you might not know that most cybercriminals sell your data to other criminals.
Criminal networks exchange huge databases of personal information that can be used for everything from scamming credit-card companies to creating botnets — networks of personal computers that have been compromised and are controlled remotely and secretly. Botnets can be used to launch denial-of-service attacks, for example, without the computer owners ever knowing anything is amiss.
Criminals also use personal data to assemble elaborate social-engineering scams, in which they might impersonate you online to gather information from others you know or to trick your online acquaintances into clicking dangerous links that lead to spoofed websites. Most of us know such scams dupe people into downloading viruses or spyware onto their computers, but it still happens — frequently.
Online information is searchable. Powerful Internet search engines and data-crunching tools make it easy for criminals to build a full profile of you, even if the information about you online is distributed over many different social networking sites or posted by many different people.
It doesn’t hurt to remember that any data published online is there forever. Depending on the privacy policy of the company holding the data, your formerly private information might ultimately be seen by anyone on the Internet.
Personal data can get online a number of different ways.
-
You shop or do business on the Web. Any time you set up an online account, buy goods online, register for contests, take part in surveys, download free software, or simply surf the Web, you provide data to businesses, governments, and other organizations.
Businesses use your personal data to verify who you are when you complete a transaction. They also record your preferences so that they can deliver personalized content or special offers. A business’s retention of your personal information also allows it to offer you conveniences: you don’t have to enter your shipping address again and again.
-
You exist: therefore, you have official records. Records maintained by government agencies are searchable. For example, photos of your house (and a statement of its value), your birth certificate, and copies of your signature might all be easily available.
Professional associations or nonprofits might reveal your full name, workplace, and donation history.
-
You freely participate in social-networking sites. You or your friends might post enough information on social-networking sites for criminals to assemble a fairly complete picture of your life.
Ten tips for data privacy
Here are tips for how to protect your personal information.
-
#1. Use unique Forgot your password? questions: One of the most frequent ways hackers break into the social networking accounts of celebrities and public figures is by clicking the Forgot your password? link on the signin page. The site verifies the person’s identity by posing questions that can easily be answered about most people with a simple Web search: Where did you go to high school? What is your father’s middle name? Whenever you can, write your own custom password questions that have answers no one could easily find. If you have to use default questions, make up more-secure answers — just make sure you can remember them.
-
#2. Protect your friends: Don’t let social-networking services scan your e-mail address book. When you sign up for a new social network, it often offers to save you time by scanning your address book to see whether your contacts are already on the network. Some sites then send e-mail messages to everyone in your contact list — or to everyone you’ve ever sent an e-mail message — without warning you that they’re going to do it.
-
#3. Check privacy policies: Before you provide any data to a website, read its privacy policy. The policy must clearly explain what data the website gathers about you; how it is used, shared, and secured; and how you can edit or delete it. If the site doesn’t have a privacy policy, don’t use it.