Posts

Facebook knows what you said, EVEN IF YOU DELETE B4 POSTING!

Self-censorship on Facebook

Do you ever delete the words you type on Facebook before you hit post?

Have you ever started to type a status update that you thought was hilarious…until you realized your boss might not appreciate your 8th-grade humor? So what’d you do? You quickly hit the delete key and watched your comment disappear forever, right? Not exactly.

What if you are ready to make a snarky comment to Greg, the upperclass jerk who stole your high school girlfriend (and is about to get a divorce, ha ha), but decide to take the high road just before hitting the “post” button and instead, wish him well on his pending journey of love (despite the fact that it’s bound to fail)?

No harm done, right?  You never hit the post button, so no one ever saw it! Well, it turns out that’s not quite how it works in Facebook Land.

Sauvik Das, a Ph.D. student at Carnegie Mellon and summer software engineer intern at Facebook, and Adam Kramer, a Facebook data scientist, conducted a study of 5 million English-speaking Facebook users in which they studied aborted status updates, posts on other people’s timelines, and comments on others’ posts.  Specifically they looked at what they called “self-censored” texts, entries of more than five characters that were typed out, but not posted.

Now, let’s make it clear that the researchers did not reveal what the actual content of the posts they analyzed were – just how common it is for self-censorship to occur.  You see, Facebook stores information as you type, much like Gmail saves draft messages automatically as you type them.  In other words, it is definitely  possible for Facebook to store information on what you typed, whether you post it or not!

Why wouldn’t they want to see what you deleted – it’s the most honest version of what you think (and then think better of sharing as you step back a bit).

So far Facebook has not used the information for their own benefit, but they are very interested in it nonetheless.  As Das and Kramer put it: “Last-minute self-censorship is of particular interest to SNSs [social networking services] as this filtering can be both helpful and hurtful. Users and their audience could fail to achieve potential social value from not sharing certain content, and the SNS loses value from the lack of content generation.”  In other words, Facebook could be making money off of what you aren’t posting through lost advertising opportunities.

The lesson is a good one – be mindful of what you type on any social networking site, as it will always be somewhat public, permanent and powerful, EVEN IF YOU DELETE IT BEFORE POSTING. 

John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

Biometrics are Like Passwords You Leave EVERYWHERE

Biometrics are like passwords, but worse.

Biometrics are like passwords that you leave everywhere (fingerprints, facial recognition, voice patterns), except that unlike passwords, you can’t change them when they’re lost or stolen. It’s easy to change your password, a bit harder to get a new retina. Like passwords, risk goes up as they are stored globally (in the cloud) versus locally (on a physical device).

In addition to the biometrics mentioned above that most of us have come to accept as commonplace, there are many other methods in use or under exploration:

  • hand geometry
  • vascular pattern recognition (analyzing vein patterns)
  • iris scans
  • DNA
  • signature geometry (not just the look of the signature, but the pen pressure, signature speed, etc.)
  • gait analysis
  • heartbeat signatures

At the 2014 Annual International Consumer Electronics Show, inventors displayed dozens of devices using biometrics, some of which will become just as commonplace as fingerprints in the near future, some of which will not catch on and be replaced by something even more amazing.  Some of the hot biometrics items this year:

  • Tablets that measure pupil ­dilation to determine whether you’re in the mood to watch a horror movie or a comedy.
  • Headbands, socks and bras that analyze brain waves, heart rates and sweat levels to help detect early signs of disease or gauge a wearer’s level of concentration.
  • Cars that recognize their owner’s voice to start engines and direct turns and stops, all hands-free.

(Do a search for “current biometric uses” if you want to be entertained for a while!)

Some less outlandish examples that are currently in place:

  • Barclays Bank in Britain utilizes a voice recognition system when customers call in.
  • Some A.T.M.s in Japan scan the vein pattern in a person’s palm before issuing money
  • World Disney World in Orlando, Fla., uses biometric identification technology to prevent ticket fraud or illegitimate resale as well as to avoid the time-consuming process of photo ID check.
  • Biometric passports contain a microchip with all the biometric information of holders as well as a digital photograph
  • Law enforcement agencies, from local police departments, to national agencies (e.g., the FBI) and international organizations (including Europol and Interpol) use biometrics for the identification of suspects. Evidence on crime scenes, such as fingerprints or closed-circuit camera footage, are compared against the organization’s database in search of a match.
  • Child care centers are increasingly requiring parents to use biometric identification when entering the facility to pick up their child.
  • And, of course, the most popular example has to be the use of fingerprint sensors on the iPhone to unlock the devices.  It will also increasingly be linked to mobile payment services.

So, the million-dollar question is: Are Biometrics a Better Way to Protect Your Personal Identification?

The answer is yes…and no.

  • Biometrics are hard to forge: it’s hard to put a false fingerprint on your finger, or make your iris look like someone else’s.

BUT…

some biometrics are easy to steal.  Biometrics are unique identifiers, but they are not secrets. You leave your fingerprints on everything you touch, and your iris patterns can be observed anywhere you look.  If a biometric identifier is stolen, it can be very difficult to restore.  It’s not as if someone can issue you a new thumbprint as easily as resetting a new password or replacing a passport. Remember, even the most complex biometric is still stored as ones and zeros in a database (and is therefore imminently hackable). 

  • A biometric identifier creates an extra level of security above and beyond a password

BUT…

if they are used across many different systems (medical records, starting your car, getting into your child’s day care center), it actually decreases your level of security.

  • Biometrics are unique to you

BUT…

they are not fool-proof.  Imagine the frustration of being barred by a fingerprint mismatch from access to your smartphone or bank account.  Anil K. Jain, a professor and expert in biometrics at Michigan State University  says (emphasis mine), “Consumers shouldn’t expect that biometric technologies will work flawlessly… There could and will be situations where a person may be rejected or confused with someone else and there may be occasions when the device doesn’t recognize people and won’t let them in.”

The scariest part of the biometrics trend is how and where the data is stored.  If it is device specific (i.e. your fingerprint data is only on your iPhone), it’s not so bad.  But if the information is stored on a central server and unauthorized parties gain access to it, that’s where the risk increases.  A 2010 report from the National Research Council concluded that such systems are “inherently fallible” because they identify people within certain degrees of certainty and because biological markers are relatively easy to copy.

I also feel compelled to mention the inherently intrusive nature of biometrics.  While it’s true that using facial-recognition software can help law enforcement agencies spot and track dangerous criminals, we must remember that the same technology can just as easily be misused to target those who protest against the government or participate in controversial groups.  Facebook already uses facial recognition software to determine whether photos that users upload to the site contain the images of their friends.  Retailers could use such systems to snoop on their customers’ shopping behavior (much like they do when we shop online already) so that they could later target specific ads and offers to those customers.

How long before we have truly entered into Tom Cruises’s Minority Report world where we are recognized everywhere we go?   “Hello Mr. Yakamoto and welcome back to the GAP…”

John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

Identity Theft Expert John Sileo on The Rachael Ray Show

John Sileo appeared on CBS’s The Rachael Ray Show on January 29, 2014 to talk about the latest identity theft trends and threats.

Rachael asked John to go into one of their audience members homes and pick it apart from a privacy standpoint. John took a look at everything, from items hidden under the mattress to filing cabinets, trash cans, computers, mobile devices and more. Take a look to learn how to bulletproof your home and self against identity theft.

John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

Identity Theft Speaker Shares Latest Statistics on Cost of ID Theft

id theft costI got my start as an identity theft speaker. I write and speak on the importance of being vigilant about protecting yourself from identity theft and online fraud from many angles: the stress of trying to reestablish your credibility, rebuilding relationships, regaining control of your personal information, perhaps even fighting to stay out of jail as I had to do. So while I’m an identity theft speaker, my motivation is always completely human. We as humans make flawed decisions about how we fail to prepare for things like identity theft. We as humans are the ones that make the difference in fighting this crime. As it turns out, our wealth is at risk.

According to the Bureau of Justice Statistics (BJS), there is one more important reason to be especially careful: financial implications.   In the latest National Crime Victimization Survey, identity theft cost Americans $10 billion more than all other property crimes.  To be exact, identity theft cost Americans $24.7 billion compared to just $14 billion for household burglary, motor vehicle theft, and property theft combined.  The $24 million is made up of direct losses (money thieves got by misusing a victim’s personal or account information) and indirect losses (such as legal fees and bounced checks), with the majority coming from direct losses.

Now, you wouldn’t dream of going off for the night and leaving your front door wide open, or leaving your car keys in plain sight, but how many of us do the equivalent with our identities? Do you surf on free WiFi at your favorite café, while in the airport or at your hotel? Have you locked down your smartphone with a passcode, limited location tracking and turned on the built-in privacy and security settings? Have you ever customized the share settings in your favorite social network? Maybe not.

Here are some key points from the BJS report:

  • 85% of theft incidents involved the fraudulent use of existing accounts, rather than the use of somebody’s name to open a new account.
  • People whose names were used to open new accounts were more likely to experience financial hardship, emotional distress, and even problems with their relationships, than people whose existing accounts were manipulated.
  • Half of identity theft victims lost $100 or more.
  • Americans who were in households making $75,000 or more were more likely to experience identity theft than lower-income households.

Identity thieves have also begun targeting smartphone and social media users, knowing that user ignorance and the learning curve associated with using sites make it easy to hit the bull’s-eye.

In addition, the increase in occurrences of data breaches puts us even more at risk.   Javelin Strategy & Research found that someone who is a victim of an online data breach becomes 9.5 times more likely to have their identity stolen.

For solutions to these and many other identity theft and data breach problems, check out identity theft speaker John Sileo’s book, Privacy Means Profit: Prevent Identity Theft and Secure Your Bottom Line.

John Sileo is an author and highly engaging speaker on internet privacy, identity theft and technology security. He is CEO of The Sileo Group, which helps organizations to protect the privacy that drives their profitability. His recent engagements include presentations at The Pentagon, Visa, Homeland Security and Northrop Grumman as well as media appearances on 60 MinutesAnderson Cooper and Fox Business. Contact him directly on 800.258.8076.

Target Data Breach Touches 40 Million In-Store Shoppers

If you are one of the 40 million customers who have used a credit or debit card at Target stores in the United States between November 27 and December 15, you’d better start checking your accounts for fraudulent activity.  Target confirmed that the data stored on the magnetic strip of cards (customer names, debit or credit card numbers, and card expiration dates) were taken, along with the three-digit security codes  (CVVs) often imprinted on the backs of cards.

The type of data stolen would allow thieves to create counterfeit credit cards and, if pin numbers were intercepted, would also allow thieves to withdraw cash from ATM machines.  Only in store purchases are at risk, so online shoppers need not worry.

Target spokeswoman Molly Snyder would not comment on how customers’ data were stored or encrypted prior to the attack, saying that would be part of the ongoing investigation.  Target immediately notified law enforcement authorities and financial institutions, and the issue is being investigated by the Secret Service and a third-party forensics firm.

This breach is one of the largest ever of American consumer data, nearly matching that of TJX (TJ Maxx and Marshalls stores), which experienced a data breach in 2007 that affected more than 45 million customers.  2013 has been a particularly bad year for breaches overall.  Overall, one in four Americans have been told that some personally identifiable information has been lost or compromised because of data breaches, according to a recent report from Experian, and the pace of attacks is expected to continue rising through 2014.

In a letter sent to Target customers, Target officials say those who have noticed irregular activity on their accounts should call the firm at 866-852-8680.  In addition, all Target shoppers should:

  1. Review their credit card activity online on a daily basis to monitor for suspicious activity.
  2. Set up automatic account alerts with your credit card provider to quickly detect any misuse of cards.
  3. Visit AnnualCreditReport.com to see if there are any newly established, fraudulent accounts set up.
  4. Cancel your credit card if they notice any suspicious behavior. If it’s a debit card, I would cancel it no matter what given that it connects directly to your bank account. Make sure to transfer balances, miles and to switch any auto-pay accounts to the new card.
  5. Freeze your credit with the 3 credit scoring bureaus.
  6. Consider ID Theft monitoring services to help you keep track of abusive behavior of your information online.

John Sileo is an author and highly engaging speaker on internet privacy, identity theft and technology security. He is CEO of The Sileo Group, which helps organizations to defend the data that drives their profitability. His recent engagements include presentations at The Pentagon, Visa, Homeland Security and Northrop Grumman as well as media appearances on 60 Minutes, Anderson Cooper and Fox Business. Contact him directly on 800.258.8076.