Online safety just takes a little common sense

Originally posted 08/02/2011 on lubbockonline.com

Google has backed off the 'real name' on Google+ policy. That's good, but it takes both more and less than pseudonyms to be safe online. The internet is a wild and wooly place. If you're not careful you can reveal a lot more of yourself than you intend.

So what kinds of things do you need to do to protect yourself? It's not very hard. There are three simple things you can do that will help you stay safe:

• You can't take it back. Once you put something online it's out there. You can delete every copy you can find, but you'll never know who read it or how many copies were made of it.
• The internet is not the place to put your darkest secrets. If there is ANYONE you would not want to see what you are about to post, don't post it.
• Be careful what you put online. Without even trying we are far more exposed after a few days (maybe even hours) of online activity. When you tell about your pets, your childhood, you hobbies, you are giving people information that can be used to attack you.

It's very easy to give up too much information online, but you can protect yourself without having to sever all ties to the online world. Just use a little common sense makes your online experience more fun and a lot safer.

Online Safety: Remember what your mother told you

It's not often you see someone saying the same things you would do to protect yourself "in the real world" apply in the virtual world, too. US CERT Cyber Security Tip ST05-014, "Real world warnings keep you safe online" uses some old sayings to demonstrate that very point: 

    * Don't trust candy from strangers - Anyone can post anything on the internet, so don't accept anything as truth until you've verified it. Watch out for spam and phishing emails - and remember that email addresses and URL's can be spoofed. Make sure you know where you're information is coming from.

    * If it sounds too good to be true, it probably is - How many times have you seen an add on a page or a pop-up window proclaiming that you are the 1,000,000th visitor to a site? All you had to do was give them some information to claim your prize! How many emails have you received claiming to have millions just waiting for you to claim them? This type of scam predates email by decades. Don't let greed get the better of you. You're more likely to hit the jackpot on every lotto drawing for a month than you are to actually recieve money (or anything good) from one of these scams, or their cousins, the "let us scan your computer" popup.

    * Don't advertise that you are away from home - Autoresponders, the email auto replies you can setup for when you're away from your desk, are a wonderful thing. But don't give any more information than absolutely necessary. "I will be in training all week and will be able to answer email sporadically, if at all" is probably ok. "On vacation in Aruba from 9-12 to 9-24! Woohoo!" isn't.

    * Lock up your valuables - If someone can access your computer they may be able to access or steal personal information. Maybe even information you didn't realize was on your computer. Usernames and passwords, bank account information, all kinds of things that can either give them access to things you don't want them to have, or things that will allow them to figure our what you might use as a username or password and gain access to things you don't want them to have.

* Have a backup plan - Regular backups help recover from data loss caused by successful attacks, hardware failure, carelessness or accidents. They can also help you determine what kind of damage may have been done. Unfortunately, if a successful attack isn't discovered for a long time backups may be compromised, too.

Some other usefull CERT articles:

Using Caution with Email Attachments

Avoiding Social Engineering and Phishing Attacks

Reducing Spam, Identifying Hoaxes and Urban Legends

Recognizing and Avoiding Spyware

Google accidentally spys on open WiFi

Ben Rooney of cnnmoney.com reports that the Google has admitted that it's Streetview cars have been collecting data from open WiFi hotspots. Google first admitted to collecting the publicly broadcast information of open hotspots, things like the network names and router numbers, on April 27th. But after being asked for more information, Google says that they discovered more data was being collected - private data in the packets being transmitted across the network. Supposedly the code that gathered data packets was accidentally entered into software used to gather public information on WiFi.

The software changes channels five times a second, so only bits and pieces of data would be gathered. Encrypted data, like the communications between you and your bank account, cannot be read, so it won't have been compromised by Google's illicit scans.

Google is, of course saying that it was an accident. In response they have stopped all scanning of open WiFi by their streetview cars until they can repair and replace the faulty software. They have arranged for a third party to review the software and the data collected from public WiFi networks.

This is a major blunder by Google. Whether it was a case of pushing the envelope to see what the reaction would be or an honest mistake, it's going to hurt Google's reputation. This one I tend to believe was an accident. In many nations it is illegal to tamper with electronic communications. Google may want to gather and use information, but breaking the law to do it isn't good business.

Could Buzz become Facebook for education?

In his blog entry on ZDNet, "A social networking call to arms" Christopher Dawson looked at Google as the potential social networking provider for education and business. He makes some good points. In the past Google has been considered a nemesis of personal privacy for their retention of user search and email data long after the fact. But they have responded to their users concerns by limiting the time data is kept, and when they made the major blunder at the introduction of Buzz were quick to fix the problem. Facebook, on the other hand, is continually expanding what user information is considered public without consulting users or seeming to care about their wishes. Schools have to keep certain data private, and Facebook does not allow that.

There was a time when Facebook might have been useful as a tool for teachers. That time is long past. But a social network run by Google could work. Google does not make change their privacy policy every six months (or less) in an effort to make more of the user data public. And Google has experience providing secure services in the cloud to businesses already. They already have most of the ingredients of a successful social media site if they can find a way to tie them all together. Google Search, Google Reader, Youtube, Blogger and Google's handling of privacy issues are some pieces of the puzzle. All Google needs is a way to package them together that satisfies the privacy and security needs of educational institutions while providing the social experience people want.

Facebook exposes private chats

In the Bits blog Nick Boltin reports on the Facebook bug that exposed private chats to public scrutiny. Facebook claims the bug was only live a few hours, and has shut down chat until the bug can be fixed (perhaps by the time you read this). This can't help Facebooks reputation in the eyes of the Electronic Frontier Foundation or Senator Charles Schumer (D, NY). Senator Schumer is one of the Senators calling on the FTC to craft privacy guidelines for social networks.

I'm not sure this was really an accident. Yes, I'm being paranoid and cynical, but the Facebook business model is to push for users to make everything public. I wouldn't be surprised if this was a 'live test' to see what kind of reaction results from this "bug".

Tori Pennington could have lived

Last Saturday Tori Pennington's body was found by her 12 year old son. In Tuesdays Avalanche-Journal Robin Pyle reported that she was allegedly killed by a man she met through an online dating service. At the time I'm writing this not a whole lot is known, other than she had been talking with Dustin Kendrick online and over the phone for an undisclosed amount of time. It is presumed that this was their first face-to-face meeting. This isn't the first online relationship in Lubbock to end in murder. In 2004 Joanna Rogers disappeared and was later found dead in the Lubbock Landfill. Her killer was initially connected to her by chat records and emails on his computer. We can only guess at the number of people in Lubbock who have been beaten by people they met online but never reported it.

Sometimes bad things happen. But often they can be avoided, and meeting online doesn't have to be any more dangerous than any other way to meet people. So here I am going to suggest a few steps to take when meeting people online. They won't guarantee your safety, but they will at least reduce the risk. They aren't in order of importance because they are all important.

• If you're looking for dates online, go to a large, reputable site that does at least a little checking on it's members. The final call is still up to you, but every extra bit of screening helps.


• Spend plenty of time getting to know them online before meeting in person. The longer you interact and the more you see of their actions, the more likely you're seeing "the real them."


• Don't give them your address or home phone. Give a cell phone number - in most cases you can't get an address by looking up a cell phone number on the internet. With land lines you can.


• I don't care how nice he (or she) is, the first few times you meet in person, don't meet at home, a hotel, or any place you will be alone. That includes going there after the dinner, movie, whatever. Meet in public places, preferably with friends. They will probably see things you don't - good and bad.  You will have to judge at what point you feel 'safe' being alone, but the first date definitely isn't it.


• Alchohol impairs judgment. Drink little or none the first few dates.


• When you do decide it's ok to meet in more private places, make sure someone knows where your going. Having a friend call to check up on you isn't a bad idea, and it can give you an out if you're getting uncomfortable.

To find more ideas for safely dating people you meet online, google "online dating guide" or "safe online dating."

My prayers go out to Tori Pennington's family, especially her children.