Thursday, October 18, 2018



TECH



De-Monetize Me
Online Data Protection 101: Don't Let Big Tech Get Rich Off Your Info

Personal information is the currency on which much of the internet depends. It's gathered everywhere, often without people's knowledge, and it effectively pays the bills on many free services and apps we take for granted. Depending on how radical you are, you could see this as a fair trade in exchange for services—or as companies extracting free labor from the internet-using populace.
The Scope of the Problem
Understanding this ecosystem is difficult, but removing yourself from it is even harder. For starters, years' worth of your information is already in the possession of numerous legal data-broker sites.
In the course of writing this longer feature about how companies turn your data into money, I looked at and purchased information from several data brokers. I then took stock of the sheer bulk of information I had knowingly and unknowingly provided to social-media services. It's staggering.
That's not even considering the volume of my personal data that is invisible to the outside world—locked up inside the databases of publishers, third-party advertising companies, search sites such as Google, and so on. That data is compiled, sliced, diced, perhaps anonymized, and distributed entirely outside my control.
Then there's the information that has been stolen. Some of this I know about. My Social Security number (among other things) was stolen during the now-legendary Office of Personnel Management hack, in which data stored by a major government office was exfiltrated. It's a running joke of mine that privacy doesn't really matter much to me, since the Chinese government can probably check my credit.
But hopelessness is boring. If technology got me into this mess, I can try to use technology to get me back out.
Cleaning Up the Mess
Abine's DeleteMe$129.00 at Abine service looks within data broker and public records aggregator websites to find personal information for sale. The service costs $129 per year for one person and $229 per year for a second person. As with LifeLock and similar services, you have to provide Abine with a good amount of personal information in order to get it removed elsewhere. Because data brokers have differing requirements to have information removed, Abine asks that you uA handful of these services respond instantly, but most take between a day and a week to process DeleteMe's requests. Some can take up to six weeks, which DeleteMe chalks up to the requirement of some services that a request for data removal be snail-mailed. Part of what you're paying for with DeleteMe is to have someone else handle the tedious follow-ups and continued tracking of personal information. My personal information could, eventually, find its way back on to any of these sites.
Security researcher Troy Hunt runs the site HaveIBeenPwned.com, which aggregates the information from mass data breaches into a searchable service. This includes data that was disclosed by the companies but also public dumps of the data from the bad guys. Type in your email, and you can see which of your accounts were exposed.
According to the site, my information was involved in breaches from 17 sites and three public information dumps. So my data is already floating around the Dark Web, likely being sold and repackaged over and over again.
Hunt doesn't offer a tool to address these breaches. Instead, he gives the same advice I or any other security professional would: Change your password to something complex and truly unique, and turn on two-factor authentication (2FA).
What's 2FA? There are three generally recognized factors for authentication: something you know (such as a password), something you have (such as a hardware token or cell phone), and something you are (such as your fingerprint). Two-factor means the system is using two of these options. In practice this means performing another action, like entering a six-digit code from an app, after entering a password.
As for the information exposed in the breach, it's as good as gone. But knowing which sites are at the highest risk is useful. It's also an opportunity to decide whether these are worthwhile services. While requesting that a site or service delete your account might not always work (some just archive it in Last, most password manager software includes tools to check for breached accounts and warn you against recycling passwords. Some programs even highlight sites where you've recycled passwords and automatically change them for you.
Going Forward
While working on my larger story, I tried to leave as small a data footprint on the web as possible. I don't believe it's possible to avoid all data collection and still be either A) alive or B) a contributing member of modern American society, but it is possible to cut back. And it's absolutely possible to become more aware of the information you spread.
Email Addresses
Email has been around so long that it seems mundane and even expendable, but it's still enormously valuable. Email addresses are useful identifiers and a direct means of access to consumers on the web. While we at PCMag have been telling people for years to stop recycling passwords and to let a password manager do the heavy lifting, we've been quiet on the subject of email addresses. A recycled password is bad, but a recycled email address is significant, too. There just hasn't been a good tool for managing a bunch of email addresses.case you come back), it's worth a shot.pload an anonymized image of your state-issued ID.
Abine Blur$39.00 at Abine, however, is one such tool. From the same company that created DeleteMe, Blur is a suite of privacy tools that includes a password manager and masked email addresses. Just enter a real email address on the Blur website, and install its browser extension. Any time you're prompted to enter an email address, Blur pops up and offers a masked alternative. Emails sent to your masked address will be forwarded by Blur to your real address. Best of all, you can generate and destroy new masked addresses on the fly. That's much better than clicking on unsubscribe and hoping.
I've been using masked emails for a few weeks, and I'm impressed. With two clicks, I've separated a service from my identity, and I let my password manager (I use LastPassFree at LastPass) generate and remember long, weird passwords. That said, I have bumped into a few sites that wouldn't accept the email addresses Blur created. Perhaps the email domain has been blacklisted. This was the exception, though, and I've had little issue with the service.
Phone Numbers
Phone numbers are enormously important identifiers, because a phone number almost always represents an individual person, thanks to cell phones. And unlike with other identifiers, individuals have to receive and maintain a phone number. This means each number is, to a certain extent, verified. So it's a good idea to limit the extent to which your phone number is spread.
If you can, decline making it available to apps that request it. Don't allow apps to scour your contacts list to match you with your friends. Try not to add your phone number to forms unless absolutely necessary.
Unfortunately, we can't keep our phone numbers truly secret. For one thing, you probably want to get calls and texts. For another, you have to provide a phone number to some companies in order to receive 2FA codes.
You can limit the spread of your phone number simply by creating another one. Google Voice, an excellent and largely seamless service, creates a phone number that will forward to as many devices as you like. You can make and receive calls from the Google Voice app and even send and receive texts. For years, I have given out my Google Voice number instead of my phone number. But I've found that some 2FA services won't accept a Google Voice number.
An Abine Blur account can also be used to create disposable phone numbers. Making a call with your number from Abine costs $0.01 to connect and $0.01 per minute, which is small potatoes compared with the $3.00 of call credits you're given each month.
Both Google Voice and Abine Blur limit you to one dummy phone number. The Burner app, however, lets you create and destroy numbers at your convenience. I haven't tested this app and cannot speak to its efficacy or security, but it's a really neat idea.
Payment Methods
Credit cards are enormously convenient, but unlike cash, they leave paper trails. The issuing bank or credit card company has a list of everything you've purchased. And like phone numbers, each card is usually tied to a single individual. They also require some effort to get and maintain.
I advise people to avoid using debit cards as much as possible, simply because you have more consumer protections with a credit card. But for privacy and security, I recommend avoiding using your actual credit card number whenever possible. This is easy to do if you have a recent Apple or Android smartphone. Mobile payment apps like Apple Pay, Google Pay, and Samsung Pay all tokenize your credit- and debit-card information. That is, they create a bogus number that is connected to your actual card number.
Tracker Blockers
As you move across the web, sites assign trackers and cookies to you. Some of these let the site remember who you are and deliver a custom experience every time you stop by. That's useful if you always adjust the text size on a news site, for example. But other cookies and trackers are used to trace your movements across the web to observe your habits or target ads.
Fortunately, you can block many trackers and cookies using any number of ad and tracker blockers. I prefer Privacy Badger from the Electronic Frontier Foundation (EFF), but there are many others. Ghostery, TunnelBear$4.17 at TunnelBear - 2 Year Plan, and Abine Blur are good options, and several ad blockers are available for iOS and Android, too.
Note that using these blockers can sometimes break websites. A blocker might, for example, prevent a site from communicating with the service that stores all its images, or it could prevent you from submitting an online form. Privacy Badger and others include toggles for each of the trackers and cookies on a site, letting you whitelist, blacklist, or temporarily allow an individual service. You can also set most blockers to whitelist an entire site.



Max Eddy
at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

  TECH ASUS ROG OLED Gaming Laptop With RTX 4090 Is $450 Off And More Mobile Deals For Gamers In theory, it is an incredibly awkward time to...

  • (no title)
    TECH In Memoriam: The Tech That Died in 2018 A bongo enthusiast once said, "time is a flat circle," which is a pretentious...
  • (no title)
      HONOR Model 60 Pro: Sparkling design and camera configuration confirmed by teaser image Honor is not due to unveil the Honor 60 series for...
  • (no title)
      OPPO New and unprecedented model Find X6 will debut with a huge photo sensor Oppo has a strong smartphone lineup lately, offering great fo...