Monday, August 1, 2011

Private browsing really isn't

Originally published 3/29/11 on lubbockonline.com/glasshouses


Do you use the private browsing feature of your browser? Though they may have different names for it, the major browsers all have some type of private browsing available. All of them do pretty much the same thing. From the description of Private Browsing in Opera:

Private tabs

To browse without leaving any trace of the websites you visit, you can use a private tab. This is especially useful if you are using someone else's computer, or planning a surprise that you want to keep secret. When you close a private tab, the following data related to the tab is deleted:

  • browsing history
  • items in cache
  • cookies
  • logins


It looks really good - but your browser isn't the only thing gathering info about you on the web. The explanation given on Google Chrome's private browsing page is pretty clear:

Browsing in incognito mode only keeps Google Chrome from storing information about the websites you've visited. The websites you visit may still have records of your visit. Any files saved to your computer will still remain on your computer.

For example, if you sign into your Google Account on http://www.google.com while in incognito mode, your subsequent web searches are recorded in your Google Web History. In this case, to prevent your searches from being stored in your Google Account, you'll need to pause your Google Web History tracking.


If you're using private browsing it will protect you from people finding out what you're doing online by checking your browser, but it won't protect you from the data and logs kept by the your ISP, the ous servers your data travels through, and of course, the sites you visit. Private browsing isn't really private except on the computer the browser is running on.

Killeen ISD student records found "blowing in the wind"

Originally published 3/28/11 on lubbockonline.com/glasshouses


Andy Ross of the Killeen Daily Herald reports that Killeen Independent School District documents containing students identifying information, including Social Security numbers, were found "blowing in the wind."

According to a school district spokesperson, the school district doesn't have policies on shredding documents. It hasn't used Social Security numbers to identify students since 2008, so these documents may be older than that. Not that it matters, since about the only way you can change your Social Security number is to go into the Witness Protection program.

The school district does have guidelines regarding personal information on staff and students, but if it doesn't include shredding documents before disposal it doesn't mean much. Dumpster diving is still one of the best ways to get information on individuals or businesses - and apparently these records weren't even in a dumpster.

There are state and federal laws covering the use of student data. I suspect some of them may have been broken here, but whether it was the school or someone they payed to dispose of the records I have no idea.

I wonder what policies and procedures LISD has in place to protect and properly dispose of student records? I hope that LISD's policies are more comprehensive and better enforced that those in Killeen.

Encrypt your Facebook sessions to protect data when it takes the scenic route through China

Originally published 3/25/11 on lubbockonline.com/glasshouses


CIO Online reports that Facebook traffic coming from AT&T servers was accidentally routed through China and North Korea. This might not be a concern, but unless you're connecting to Facebook using an encrypted connection everything that you do can be monitored by network operators. China is known for spying on it's users, and once your data is on the Chinese network, it's just like any Chinese users data. Any data you look at on Facebook could be monitored and/or saved for later analysis as it goes through China.

But if you encrypt your data, the network operators can't see it. Encrypting your login to Facebook is easy. Just make sure your Facebook bookmark is set to "https://www.facebook.com" and everytime you login your username and password will be encrypted. But once you login Facebook defaults back to an unencrypted connection. Facebook does realize that you may want to have everything you do on Facebook encrypted, and have a setting to allow that. Go to the 'Account' menu,select 'Account Settings' and scroll down to 'Account Security' then click on 'change'. Check the "Browse Facebook on a secure connection (https) whenever possible" box.

It's almost always a good idea to use encryption on the web. It doesn't use much processing overhead and protects your information as it goes from point 'A' to point 'B'. If you use Firefox there's even an add-on called "https everywhere" that will use https to connect to any website that support https.


Photobucket

Facebook + Separation + defriend = Jail Time?

Originally published 3/24/11 on lubbockonline.com/glasshouses


Ben Muessig at AOL.com reports on another case of someone shooting themselves in the foot on Facebook. The headline says it all: "Man Charged with Poligamy after defriending his first wife on Facebook."Richard Leon Barton, Jr became estranged from his first wife in prison. They hooked up again on Facebook after he got out.

That's fine, but then Richard defriended his wife. But he didn't have his privacy settings locked down, so she was able to see the pictures he posted of him and his second wife.

Oops. He hadn't divorced wife #1 yet.