Posts

Is Your Wireless Carrier Tracking Your Surfing Habits (Maybe)

,

Oh what your mobile phone carrier knows and tracks about you! A one-page document from the Justice Department‘s cybercrime division shows how cell phone companies record and retain your call and surfing activity (calls, text messages, web surfing and approximate location). Here’s a summary of how each company retains your information (full details in the image below):

  • Verizon Wireless – rolling one-year records of cell tower usage & what phone accessed what web site
  • AT&T / Cingular – ongoing records of cell tower usage since July of 2008
  • T-Mobile USA – doesn’t keep any data on Web browsing activity
  • Sprint Nextel’s Virgin Mobile – 3 month record of text content
  • Other than Virgin Mobile and Verizon, none of the carriers keep texts but they keep records of who visited a particular web site.
  • Verizon keeps some information for up to a year that can be used to ascertain if a particular phone visited a particular Web site
  • Sprint Nextel’s Virgin Mobile keeps the text content of text messages for three months. Verizon keeps it for three to five days. None of the other carriers keep texts at all, but they keep records of who texted who for more than a year.
  • AT&T keeps up to seven years of records of who texts who — and when, but not the message content. Virgin Mobile keeps that data for two to three months.

Readily available via a simple Internet search, this document shows how cellphone companies in the U.S. treat data about their subscribers’ cell phone use.

Bring privacy and security expert John Sileo in to scare the care into your next audience. Identity theft, data breach, social media exposure and human manipulation keynote training.

Supercookie Monster Eating Your Privacy for Lunch

, ,

You already know that every word you type on your browser is being tracked and used to profile and deliver highly-relevant advertisements to you (Big Brother Lives in Your Browser). And you know that most websites install “cookies” onto your computer in order to store relevant information about you (account numbers) that make surfing more convenient, and to gather information that allows advertisers to know more about you. You probably even know how to delete them.

But new research has shown that deleting cookies doesn’t always help. A new breed of cookies, called supercookies, can reconstruct all of your profile history even after the cookie has been deleted. MSN.com and Hulu.com just got caught using supercookies to track your surfing habits in stealth mode (you have no way of knowing that it’s happening, and you can’t do anything about it). The Wall Street Journal had this to say about supercookies and history stealing:

Hulu and MSN were installing files known as “supercookies,” which are capable of re-creating users’ profiles after people deleted regular cookies… The spread of advanced tracking techniques shows how quickly data-tracking companies are adapting their techniques… [“history stealing”] peers into people’s Web-browsing histories to see if they previously had visited any of more than 1,500 websites, including ones dealing with fertility problems, menopause and credit repair… Supercookies are stored in different places than regular cookies… | WSJ 8/18/11Supercookies on WSJ for non-subscribers.

So here is the simple scenario of why this matters to you: Your daughter is doing a high-school report for a business class on bankruptcy. In her research, she visits sites like creditrepair.com, poorcredithelp.net, wiki.answers.com/Q/How_do_you_repair_bad_credit, all while being tracked by small pieces of software (cookies and supercookies) that embed themselves on your computer. The software is probably developed by an internet software company like Epic Media Group and installed on the websites above. Let’s say you have set up your security software to delete cookies at the end of each browser session. Your daughter closes out of the session, deleting the cookies that have tracked her history on sites dealing with poor credit. The cookies are deleted.

But the supercookies remain, so that when you log on to a credit card web site to apply for a new card, they know that you (actually it wasn’t you) have been surfing on sites that indicate you might have bad credit. Instead of sending you to a signup page for a credit card with a 15% annual fee, they send you to a page offering a card with a 23% fee. The credit card company has paid for that profile information on you. And you will never know it and you can’t easily delete it.

So what is the solution? That’s just it, there really isn’t one at this point, which is why you should be concerned. Long term, you can contact your congress person and all those other things you won’t probably do to encourage them to pass digital privacy regulations. In the meantime, be careful of where you surf, because you are being watched closely.

_______________________________________

John Sileo is the award-winning author of Privacy Means Profit and a keynote speaker on social media privacy, identity theft prevention and manipulation jujitsu. His clients include the Department of Defense, Blue Cross, Pfizer and Homeland Security. Learn more at www.ThinkLikeASpy.com or contact him directly on 800.258.8076.

iPhone and Droid Want to Be Your Big Brother

, ,

Remember the iconic 1984 Super Bowl ad with Apple shattering Big Brother? How times have changed! Now they are Big Brother.

According to recent Wall Street Journal findings, Apple Inc.’s iPhones and Google Inc.’s Android smartphones regularly transmit your locations back to Apple and Google, respectively. This new information only intensifies the privacy concerns that many people already have regarding smartphones. Essentially, they know where you are anytime your phone is on, and can sell that to advertisers in your area (or will be selling it soon enough).

The actual answer here is for the public to put enough pressure on Apple and Google that they stop the practice of tracking our location-based data and no longer collect, store or transmit it in any way without our consent.

You may ask, “don’t all cell phone carriers know where you are due to cell tower usage?” Yes, but Google and Apple are not cell phone carriers, they are software and hardware designers and should have no real reason (other than information control) to be tracking your every move without your knowledge. Google and Apple are not AT&T or Verizon, therefore they should not be recording, synching and transmitting your location like it appears they are.

Both companies are trying to build huge databases that allow them to pinpoint your exact location. So how are they doing it? By recording the cell phone towers and WiFi hotspots that you pass and that your phone utilizes. This data will ultimately be used to help them market location based services to their audience, which is a market that is expected to rise $6 billion in the next 3 years.

The Wall Street Journal found through research by security analyst Samy Kamkar, the HTC Android phone collected its location every few seconds and transmitted the data to Google at least several times an hour. It transmitted the name, location and signal strength of any nearby WiFi networks, as well as a unique phone identifier. This was not as personal of information like what the Street-View cars collected that Google had to shut down some time ago.

So what do we do now? According to the Wall Street Journal, neither Apple or Google commented when contacted about these findings, so it is hard to know the extent of how they are using the data collected. Right now, there really isn’t much you can do to stop GPS tracing of your location without your consent. Of course you could power down your phone, but we are all way too additcted to these handy little digital Swiss Army Knives to do that. You can turn of GPS services, but again, that makes it impossible to use maps and other location-based apps.

The actual answer here is for the public to put enough pressure on Apple and Google that they stop the practice of tracking our location-based data and no longer collect, store or transmit it in any way without our consent.

While this may be the future of privacy, it is better that we are aware of what may come rather than remain in the dark about the possibilities of technology.

John Sileo is the President of The Sileo Group and the award winning author of four books, including his latest workbook, The Smartphone Survival Guide. He speaks around the world on identity theft, online reputation and influence. His clients include the Department of Defense, Pfizer and Homeland Security. Learn more at www.ThinkLikeASpy.com.

Internet Explorer 9 Privacy Feature Limits Tracking

,

Microsoft has announced that the latest version of Internet Explorer will offer users a new anti-tracking privacy feature. This will help prevent marketing and advertising companies from watching where you surf and what you do online without your consent. Users will be able to set their preferences to prohibit companies from obtaining sensitive tracking information. This is a first step in the right direction – browsers should step up as the first line of defense against unwanted information collection.

This comes at a time where advertisers want to reintroduce the use of deep packet inspection in order to more closely watch and market to consumers online.  This method reads and analyzes raw packets of your personal data as they travel across the Internet – for obvious reasons deep packet inspection has been the subject of much controversy. Internet users are becoming more aware that what they do online is not private and are beginning to ask for tools to protect their browsers from spying.

Internet Explorer already offers InPrivate Filtering, a feature that works on blocking third-party scripting and tracking devices. This is only a temporary solution that is not very reliable because it often fails to block many tracking devices.

The new changes are no surprise, due to increased concerns on browser tracking. Both consumers and the government have been working to allow a more “opt-in and opt-out”  friendly version of internet browsing.  The FTC called for  a “do not track” button on browsers in order to block any kind of third-party usage tracking.

Tracking Protection Lists would potentially be a finer-grained equivalent, allowing users to opt out of some or all tracking systems depending on their preferences. Tracking Protection Lists will be an opt-in-feature and Internet Explorer 9 will not provide any lists themselves.  The lists will update weekly and most likely come from third parties and privacy advocacy groups.The lists will be useful to prevent the kind of spying that is getting many companies into trouble.

Support for Tracking Protection Lists will first arrive in a release candidate of Internet Explorer 9. Redmond did not give a date for this, but it is likely to be early next year.

Big Brother Lives in Your Browser

The world is spying on you, and you don’t really even know it. A recent investigation by the Wall Street Journal concludes that spying on consumers in order to sell their data is one of the fastest-growing internet businesses. Here is a summary of the most striking findings:

“The Study found that the nation’s 50 top websites on average installed 64 pieces of tracking technology onto the computers of visitors, usually with no warning… the Journal found new tools that scan in real time what people are doing on a Web page, then instantly assess location, income, shopping interests and even medical conditions. These profiles of individuals, constantly refreshed, are bought and sold on stock-market like exchanges.”

The tracking software records and analyzes your browsing patterns. It knows if you’re surfing porn sites, researching bipolar disorder or watching teen movie trailers. With startling accuracy, it interpret’s these patterns and sells the information to websites, sometimes within seconds, that want access to your wallet. What’s the big deal, you ask? Why not let them market to us in highly targeted ways?

That seems reasonable, within limits. According to John Sileo, Identity Theft Expert and author of the newly released book on information survival, Privacy Means Profit, “We are all slowly being boiled like frogs. This month, Big Brother knows which movies I ‘Like’,  what keywords I typed into Google and what books I checked out at the library. Next month they’ll attach our name, address and credit profile to the database so that they can instantly evaluate whether I should be their customer. Because they erode our privacy over time, we don’t notice that we’re being boiled alive!”

According to the Journal, if the tracking software estimates that you are a low income individual, you will likely be shown a higher interest rate credit card when you visit the Capital One website. If you’ve been researching bipolar disorder on Dictionary.com (which downloads 234 tracking programs onto your computer without alerting you), the next insurance website you visit might no longer have a policy that fits you. In another example listed in the article, banks are beginning to consider looking at the credit worthiness of your social networking friends to determine your credit worthiness.

“We can’t just blame this on the businesses that want to market to us,” says Sileo. “They exist to make money and strive to advertise to us in the best way possible. But we don’t have to just sit around and give away all of our precious information.” Sileo recommends a handful of steps we can take to keep our selves out of the hot water, including:

  • Delete the cache of tracking cookies on your computer that share information without your consent
  • Customize the privacy settings in your browser to minimize information leakage and to regularly delete tracking software like cookies
  • Use the “Private Browsing” feature in Safari, Firefox and IE when you don’t want your browsing history stored on your computer
  • Lock down your social networking profiles so that marketing companies can’t skim your personal information
  • Consider using anonymizing software like the Tor Project, Abine or Better Privacy
  • Understand that when you are on the Internet, you are being tracked, and surf accordingly

John Sileo’s identity was used to commit a series of felonies and steal more than $300,000 from his business customers.

His story and how you can avoid the same are detailed in his new book, Privacy Means Profit (Wiley, August 2010).

John speaks professionally to organizations that want to protect their profits against identity theft, social media exposure and corporate espionage. His recent clients include the Department of Defense, FDIC, FTC and Pfizer.

Learn more at ThinkLikeASpy.com.