Note: This Privacy Guide is under development and we want you to help us make it better! Sound off in the Comments section and tell us what you think we should cover to make this 2015 Privacy Guide the best!
Worried about your online privacy? With everybody from the US government to your next-door neighbor trying to get a hold of your data, it is only fair that you should worry about your cyber security.
The internet is a part of modern society’s DNA, which is why every public spot has a WiFi these days. But unfortunately the security risks have only escalated over time. WiFi hotspots at public places like coffee shops, restaurants, libraries, malls, parks, trains and buses are usually free, and require no authentication. In fact, usually all you have to do is to register your phone and email address the first time you log in to the WiFi network.
Ensuring Privacy On Public Wifi Hotspots
The root of the security problem lies in the fact that public WiFi Hotspots lack authentication. This gives hackers the margin they need to mess with the system. They can do anything from duplicating your data off the WiFi router, to coming in between your smartphone/tablet and the router so that all your data goes through them first. Here are a few examples of the numerous ways in which connecting to a public WiFi HotSpot can be damaging to your privacy.
The worst part about the public WiFi HotSpot security risk is that there is no way to know if you are being attacked by hackers. Hackers use public WiFi HotSpots as data pools where they sit and violate your privacy to collect your data. At the end of the day they assess the collected data to short-list the people who sent the most relevant data over the internet and launch pre-planned attacks.
For instance, checking your email and bank account on your smartphone might be a routine activity for you, but it is a jackpot for the hacker at the coffee shop at the corner. The hacker will quietly collect your information, and keep track of your accounts; and he won’t make his move until there is a large sum in your account.
Hack Attacks that Changed the Online Privacy Forever
You would be wondering why we are even writing about the hack attacks in a privacy guide. Well before we proceed any further we would like to clarify that the ultimate goal of writing this detailed privacy guide is to let you know of all the harms and threats present on the internet and how you can keep yourself safe. As stated above, a decade ago internet was a blessing; but now it is a necessity.
With the technology progressing faster than ever, it has become really hard to stop it from bringing everything on the internet. Yes, the internet has helped the mankind in many ways and it is, indeed, one of the greatest inventions of the 20th century, but there is absolutely no shame in admitting that it has also exposed the users to many threats.
The evolution of internet has brought prosperity as well as troubles for the users – where people consider themselves truly blessed to have the access to internet for it connects them with the world really quickly, they despise it because they can be robbed off their assets and other monetary gains in the blink of an eye.
We are going to highlight some of the major hack attacks of 2014 that have not only raised a few eye-brows but also have changed the way we used to look at the hack attacks. Before we list any one of them, we must tell you that the perpetrators are still at large and this is what the cyberworld has come to.
Heartbleed
Those who understand what online privacy really is will never forget the excruciating pain that was inflicted upon them by a bug in OpenSSL website servers. Such was the intensity that at one point, it was estimated that more than half a million websites that were registered with trusted authorities were vulnerable to the Heartbleed bug.
What made the bug effective? You might ask. Well, here is the deal: the Heartbleed bug was dangerous because it had found vulnerability in OpenSSL cryptographic library. The attackers could get away with stealing ALL your data (including name, phone number, address, credit card numbers, account numbers, passwords) without leaving a trace.
As soon as the bug was found and news of major hack attacks came from all across the world, the developers and engineers came up with repairs for Android and iOS devices. However, the Android users were still in danger and it was recommended to everyone to change their passwords before April 07th, 2014. While the bug was declared as “catastrophic” by the likes of Bruce Schneier, Heartbleed had captivated the world for no-good for about a month or so.
eBay
On the eve of 21st May 2014, news regarding eBay’s hack broke on TV and the internet. In one-of-its-own-kind hack attack, the officials at eBay confirmed that they were unaware of the attacks until the third week of May. According to them, the hack attacks took place throughout February and March. The announcement saw eBay’s share value going down by 1.73%, denting their brand value even further.
According to the details, the perpetrators had used the login details of the employees of eBay to extract all the confidential information of their customers. While the officials refrained from commenting on how they got access to the employees’ emails and passwords, it was concluded that the hackers had used the ‘phishing’ tactics to get hold of the email addresses of the employees.
In one of the biggest cyberattacks of all times, the data of 145 million users was stolen. It included their names, social security numbers, phone numbers, addresses and much more. The officials came forward almost immediately and said that they had not received any ‘evidences’ of monetary losses. But with a data of more than 145 million users available, the users were left helpless and exposed to the evils of the internet.
JP Morgan Chase Bank
Affecting approximately 76 million households, this attack was only discovered in July and made public in late August last year. The officials, who were looking into the matter when they made the discovery, had initially ruled out the possibility of a massive breach. Since it was a direct attack on the banking industry, the hackers had also got access to the confidential details of 7 million small businesses.
The bank representatives made it clear when they came out to address the public that the bank had remained unaffected from a financial breach. According to them the hackers had got access to the names, email addresses, postal addresses and phone numbers of the customers and their financial details were safe.
But keeping their best interests in mind, JP Morgan had already started issuing new Credit Cards to the customers and had asked them to change their email addresses’ passwords. When the hack attack was discovered, the hackers had already paved their way into 90 different servers of the bank. The attack was directly linked with the Russian hackers.
Sony Entertainment
If we could give an Oscar for the most controversial hack attack of the year, we would give it to Sony Entertainment Hack Attack. As discussed above, some of the hack attacks were purely for monetary gains, while the others had some other motives behind them. The Sony Entertainment Hack Attack belonged to the latter category.
This was a high-profile hack attack. The hackers had breached the servers and computers of the employees of Sony. From getting their hands on unreleased movies to sensitive company data, the hackers intimidated the Sony employees and officials by threatening them to release the movies on the internet.
And that is exactly what they did. They released one of the most controversial movies “The Interview” online before it was even officially released. The hackers had threatened the Sony officials to remove the movie from their data base and not to release it because it had allegedly “ridiculed” the North Korean leader. This led the investigators to believe that North Korea was behind the attacks and it had called upon its expert hackers in retaliation to the controversial movie – an idea that was proved wrong later on.
iCloud Hack
If there was a hack attack that easily surpassed the others in terms of media coverage, public outrage, and cry for censorships, it was iCloud hack. In a ‘much targeted’ hack attack, the private pictures of many celebrities including Jennifer Lawrence, Rihanna and Kirsten Dunst were leaked online. Not only were they shared publicly but the pictures were taken down only after the celebrities had reacted and sent legal notices.
While it was a feast for some of the internet users, the others had absolutely despised and smashed Apple to the core for poor protection of its users’ data. The officials at Apple added more fuel to the fire when they responded with a ‘much targeted attack’ statement. ‘The Fappening’ did top the list when it came to gathering more sympathies, apologies and media coverage.
Wifi Hotspots As Malware Distribution Points
In other cases, WiFi Hotspots are used as distribution points to inject malware into the smartphones and tablets of unsuspecting and unsecured WiFi users. Usually malware apps are designed to carry out targeted operations in order to violate your privacy by collecting your credit card details and other sensitive information.
Malware also targets the media in your mobile device. Your data is collected and periodically uploaded to the software designer in the background.
Wifi Routers May Be Hacked
The worst case scenario is when hackers hack into the WiFi router itself. There is no hope and no anti-virus or anti-malware that can save you if that happens. Hackers will be able to collect your data and they will be able to track your IP address.
Wifi Hotspot Safety Measures
Encrypt
Try to use encryption tools to encrypt all the data that is sent/received from your phone. Encryption will render your data useless for any hacker who intercepts it with the intention of exploiting it.
Make sure that all your browsing sessions are encrypted when you are using the internet for any personal and/or sensitive reasons. Look in the URL field and make sure that it starts with ‘https’. This does not necessarily guarantee impenetrable security but every little bit helps these days.
Switch Off When Not In Use
You ensure the privacy of your home by keeping the door shut – and you need to do start doing the same for your mobile device. Remember to switch your smartphone’s WiFi off when you don’t need it. This will hinder data transmissions (sending/receiving) from any malware that may have managed to get into your device.
Fake Wifi Hotspots
No Privacy Guide can be complete without talking about Evil Twins. The only thing worse than a hacked WiFi, is a fake Wifi! Most people tend to set their phones on auto-detect-and connect for WiFi HotSpots. Hackers know this and love to setup fake WiFi HotSpots (also known as ‘Evil twins’).
These HotSpots are designed to look like other regular HotSpots in the area and offer a charade of websites for you to access. All the information you enter when connected to these WiFi HotSpots will go straight to the hacker. It is the worst form of privacy penetration because it is almost as if you gave the perpetrator complete remote access to your system.
Get Confirmation
Never connect to a WiFi HotSpot until you have verified the authenticity of the connection from an individual directly associated with the HotSpot. So if you walk into a coffee shop and your smartphone picks up a free WiFi HotSpot that sounds like it is for the coffee shop customers, make sure to confirm with one of the staff before you connect to it. Hackers usually set up their data traps in public places.
Ensuring Privacy On Facebook
One of the biggest privacy challenges that haunt internet users today is the Facebook dilemma. You can’t live with it, and you can’t live without it!
I am not talking about fake Facebook profiles and pages. That is kindergarten stuff. I am not worried about the 600,000 Facebook accounts that are hacked daily. I am talking about the threats from Facebook (and our use of Facebook) that place our privacy at risk!
I am talking about the data that is generated and collected when you use Facebook, the integrity of the data, the value that it holds, and the damage it can cause if it ever falls into the wrong hands.
Facebook Beacon: The First Blow To User Privacy
If you were a Facebook user in 2007, you were a part of the Facebook Beacon program.
Facebook Beacon came out in November 2007 as a Marketing system to help Facebook implement targeted ads. It was an opt-out system, which means that everybody on Facebook (including you and me) was a part of this system.
Opt-out systems like Facebook Beacon are designed to collect your data cunningly. They are rolled out as standard features that are applied on all users without question.
Facebook reads your entire browsing history and has made deals with popular websites to share your data with them.
Don’t connect with Facebook!
You were a part of Facebook Beacon, and now you are now part of Facebook Connect. Facebook Connect uses third-party data, just like Facebook Beacon. The only difference is that Facebook Connect took lessons from Facebook Beacon and does everything in the background, keeping users in the dark.
Every time you visit a website and log on through the window that says ‘Connect with Facebook’. You give permission for your data to be shared between Facebook and the website in question, the moment you click on the ‘Connect’ button.
Facebook’s ‘Connect’ is a single sign-on login system that launched in December 2008, after Facebook Beacon crashed and burned:
According to findings published by a joint research team from Indiana University and Microsoft Research:
“Using a single sign-on login initiates a conversation between the website a user is currently visiting and the provider of the identifying account. The website asks for certain information to be verified, and the account provider responds with a thumbs-up or thumbs-down. But, as with most conversations, there is room for misunderstanding”
This misunderstanding is the crack in the system through which hackers, government surveillance programs and cybercriminals get through.
Facebook’s Targeted Ads
The problem with specially targeted ads is that they are created and shown after a close analysis of your online browsing and buying habits. This means that none of your activity remains personal and/or private.
Why does Facebook work so hard to make targeted ad campaigns work? Because Facebook made $6.99 in ad revenue in 2013 and forecasts by Business Insider expect this figure is to rise to $18 billion by 2016.
Every time you click the ‘Like’, ‘Share’ or ‘Comment’ button, your activity is recorded. Facebook keeps careful track of your social and surfing preferences, and makes money from advertisers by giving you ads that are related to your internet browsing history.
The Problem With Targeted Ads
Some people feel that targeted ads serve a positive purpose and help make the internet more useful. However, the dark side of collecting data to create a virtual sketch of your identity for the production of targeted ads, is that it creates vulnerability.
The vulnerability created in sharing personal data with a company that stores user data can be seen in the large number of hack attacks that took place in 2014.
De-Activating Targeted Ads
You can opt out of Facebook’s Targeted ads by using this platform created by the Digital Advertising Alliance to help deactivate targeted ads.
Since Facebook employs different marketing systems for desktop and smartphone users, you will have to opt-out separately on your mobile device.
Android users can opt-out by de-selecting the ‘Opt-out of interest based Ads’ option in the Google Settings menu.
iOS users will find the deactivation feature in the ‘Advertising’ section of the ‘Privacy’ settings.
Opting out on your mobile device is very important, because Facebook collects data on everything from your search history to your signal strength and battery power levels.
Facebook Knows What You Did Last Summer
Data collection and analysis requires the use of advanced systems and algorithms. These systems and algorithms are created by some of the most intelligent minds on the planet.
For instance, Facebook knows that you have the same Facebook account working on your computer at home as you do on the Smartphone in your pocket and your computer at work. By simply logging the time stamps in addition to your activity, Facebook knows what you like on the move, over the weekends, and when you are at home.
Managing Your Friends Lists
Facebook insists that putting up more personal data is the best way to share your life with your friends. The catch is that not everybody is your friend, and your privacy settings are not as readily adjustable as the dynamics of your social circle. Today’s friend might be tomorrow’s enemy, and giving your enemy complete access to your photos and details is a recipe for disaster.
The average number of friends per Facebook user is 130. When was the last time you audited your friend list?
Countless Facebook users around the world will admit to the fact that cyber stalking other people on Facebook would have been an impossible guilty pleasure to indulge in if it wasn’t for Facebook’s complicated privacy settings that make it nearly impossible to successfully keep things private.
Simply setting your privacy settings from the central menu is not enough. Your friend’s friend might be your enemy, and a picture that you post with limited visibility might end up on your enemy’s wall when your friend likes/shares it.
The key to ensuring your privacy on Facebook is to start by auditing/editing your friends list.
I personally have only three lists that I use: Friends, Limited Profile, and Restricted Profile. Only green-light the people you meet or communicate with frequently. This will allow you to make sure that everything you share on Facebook remains within your trust circle.
Facebook offers a handy tool that you can use to view your Facebook profile from the eyes of anybody in your friends list. Simply click on the menu button next to ‘Message’ on your profile and select ‘View As’ to activate the feature.
In an ideal world I would ask you to stop using Facebook altogether. I would ask the UN to shut Facebook down and ask Facebook to give Facebook users a portion of the money they made from their data. But the truth is that Zuckerberg is going to make millions off our data tomorrow because we can’t stop posting our pictures and updating our statuses and checking on our friends to see what they’re up to.
Hello NSA, Is That You Looking into My Computer?
Every time you make a phone call, or use internet on your device, the NSA collects your data without any regard for legal or ethical obligations/principles. What started off as the PRISM surveillance program in 2007, has grown to a point where the NSA is now collecting users’ data from at least nine tech giants of the cyber world.
We do not mean to offend anyone but people who believe that complete internet freedom still exists are either shortsighted or have no idea about the unchecked surveillance demons of the internet. It may be hard to believe, but the US government has been regularly monitoring your communication over phone calls, emails, VoIP services and other internet means since (at least) 2001.
If you think you are safe from the unjustifiable online surveillance because you have done no harm to anyone, you are sadly mistaken. The US government states very clearly that it will do EVERYTHING to ensure that the general public remains safe and peace prevails in the region.
Is the Surveillance Umbrella limited to US residents?
A simple and short answer to this question is: no. The official NSA website has a map that is mean to describe the degree of surveillance that is carried out across the world. For the record, this map is bull!
Regions Affected by Online Surveillance of NSA that show privacy violations (Green = Minimum Surveillance, Yellow = Moderate Surveillance, Orange = Heavy Surveillance, Red = Maximum Surveillance)
The NSA claims that it internet surveillance is moderate in the US and heavy monitoring is reserved for South Asian countries. Security experts and whistle blowers consider the map to be a blatant lie. An increasing volume of evidence proves that American users are the ones who are actually heavily monitored.
Edward Snowden, the NSA whistleblower, has exposed the NSA’s suspicious activities. He is hiding from the intelligence sources like FBI in Russia and Japan. Mr. Snowden has recently claimed that the US and UK, in a collaboration, have hacked into the world’s biggest SIM manufacturing company – renowned for distribution of SIM cards all over the world, to keep a track of your movements and to tap all the communication made over the phones.
Is There Any Way to Stop the Online Surveillance?
While people may not know this but there is a certain way with which you can not only prevent yourself from being spied on, but you can also achieve 100% anonymity over the internet. Some of you might be familiar with a VPN service; it assigns you a new IP address and encrypts your data with numerous algorithms to make sure it remains safe from the claws of the NSA.
The NSA, on the other hand, if somehow manages to trace your data, is left with no other option but to dispose it off because it cannot be decrypted. Various VPN service providers work their best to keep your data protected. The implementation of military grade encryption by VPN service providers is an indication of how seriously do they take the online security of their users.
Problems with Smartphone Apps
The NSA, and other surveillance agencies have gone on to try various ways to hack into your devices to get complete knowledge of your daily routine activities and your confidential information. Imagine downloading an app that runs in the background, and sends your device ID, email address, password and credit card details to third parties.
The idea is absolutely scary and frightening, no? According to a research, the smartphone users will increase from 1.5 billion users to 2 billion by the end of 2018. The vast number tells you only one aspect of the story. Undoubtedly people are moving to the virtual world more quickly than ever, but there lies a problem that needs to be addressed before it haunts us all in the future.
The more the smartphone users; the more the opportunities for snoopers, hackers and surveillance agencies to break into your systems and devices. The attacks may not be direct in nature; and by that we mean the agencies and snoopers can make you install malicious apps in your phones to keep an eye on you.
Installing Third Party Apps – Bad Move
Is it a bad move, you ask? Yes it is. Installing a third party app is basically allowing your phone to pass on your information to others. According to a research by Kaspersky, almost 90% of the mobile malware is designed to hit the Android platforms. Even though iOS is considered as a heaven for the app users, it has also been subjected to various malicious app hack attacks.
Apple – known for its strong SSL web protection and jailbreak-free app store, was affected with more than 400 third party apps that did not only expose the users to the hackers but also left them vulnerable to the online surveillance agencies. The attack was, however, confined to the Chinese region only.
Similarly clicking on the fancy ads in the Android apps is also one of the reasons why your security is regularly compromised without your knowledge. There is a reason why President Obama is asked to stick too BlackBerry for official use, even though, he personally likes to use the Apple products.
How to Overcome the Problems of Third-Party Smartphones Apps
If you think your online security should not be violated, stop using third party apps. If you are an Apple user, do not jailbreak your device. It destroys the additional layer of security that works as a shield to protect you from the snoopers. Similarly if you are an Android user, do not download and install an app, outside of the Google PlayStore.
The apps in the PlayStore are safe (most of them) and are included after Google clears them of all sorts of malware. Before installing and agreeing to the terms of apps, always check what the app will access in return. If the app isn’t popular and asks for the access to your Gallery and Messages, rethink, would you want to install something that might harm your online privacy in return.
Conclusion: Every Man for Himself
We live in a world in which every man must fight for his own cyber security. Yesterday it was MySpace, and before that it was Friendster, and before that it was Hi5, and there is no way to know what bandwagon we will be getting on tomorrow. But what we do know is that the threats to our privacy are only going to increase in the coming years. The responsibility to take precautionary measures to protect your privacy in the face of these odds falls on your shoulders.