Technocreep (29 page)

An example of indirect snooping would be to view the Page Source of your Facebook Profile. Among other things, it will have a bunch of nine digit or so numbers that correspond to people. A WikiHow article claims that you can use these to find out who is viewing your page.
348
My own experimentation, and a few off-the-record chats with folks at Facebook, suggests that things have changed since this method worked. After all, trying to torture your Facebook profile to give up hidden information is not a supported feature of the service.

The other thing people often want to track on Facebook is being “unfriended” by someone. That's a lot easier. You can simply look at your friends list and see who has gone missing. This means they either unfriended you or de-activated their Facebook account. Since this can be tedious, there are apps like like “Unfriend Finder” to automate the process.
349

Periodically clear out your computer's history, cache files, and other digital detritus.

Web browsers have a “clear history” button and the best choice is probably “clear everything.” This might mean you have to re-enter something like a bank account number later, but would you rather have it stolen by a hacker? In fact, if you can live without having your browser remind you where you surfed earlier today, simply tell it to “keep no history.” Programs to scrub down the rest of your computer are available, both for free (e.g. CCleaner) and for a fee (e.g. Privacy Eraser Pro), and you should use one or more on a regular basis.

Organize Your Digital Life Compulsively.

Knowledge definitely is power in our information-rich environment. Having a transaction receipt, copy of an email, or log of a phone call can make all the difference when you are dealing with a company or institution that already knows a lot about you. Excellent digital record-keeping is also invaluable if you have the misfortune to become the victim of identity theft.

Fortunately, computer storage is trending towards zero cost, so there's no reason you can't archive your data, just like major corporations do. There is also a wide range of software, such as NeatReceipts, Mint, and Evernote that will assist you in the process of organizing your digital life.

Yes, there are privacy risks associated with each of these. Mint asks for the passwords to your banking accounts. Only you can decide if you trust Mint (owned by Intuit, the dominant makers of tax software) enough to provide that information in return for the benefits offered. In a similar fashion, you might use NeatReceipts to scan all sorts of sensitive data onto your laptop, then leave the whole thing in a taxicab or at airport security.

Here are some tips to consider:

Password protect all your devices.

It just takes a few extra seconds and will deter most casual intruders. It also can have some legal force because, depending on where you live, it can be a criminal offense to try to break into your locked device. Also, you should set your phone to lock itself after a reasonable period of inactivity.

The next level of protection is to encrypt your entire hard disk.

This is especially relevant to laptops that are traveling with you, since it will make it difficult if not impossible for someone to access the data on it. The dominant current operating systems, Windows 8 and OS X for the Mac, can do this automatically and seamlessly for you. If you are running something else, there are a range of free (e.g. TrueCrypt) and commercial (e.g. Checkpoint Full Disk Encryption) products to consider.

Choose your password well.

Experts advise using complex passwords, and certainly not words in the dictionary of any language. Those can be compromised by the automated brute force attack of just trying all the words. You should also use a different password at each site since there have been high profile password compromises of companies like Adobe and LinkedIn. These can put you at risk if you have used the same password on other sites. If you have problems remembering passwords, consider either a hardware or software password manager. These have their own risks but, when used properly, can certainly help protect you.

Never put passwords, credit card numbers, or anything else that is truly sensitive into an email.

Aside from the ability of governments and corporations to snoop, emails are favorite places for thieves to try to mine your data. They can go through, finding passwords to other accounts you have set up, and even changing them so you don't have access anymore. The day you rush out of the airport lounge without logging off from your email account might be the day that a lot of your sensitive information is stolen and possibly sold online.

Beef up your authentication.

Businesses have long used “multi-factor” authentication such as keyfob security tokens that display a changing number that must be ­entered along with a password. This builds on the idea that security can be enhanced by a combination of “something you know” (e.g. a password), “something you have” (e.g. a keyfob), and something you are (e.g. a fingerprint or hand geometry).

You can use your smartphones as a kind of keyfob, at least to protect your Google accounts. Just turn on that company's optional “two-step verification.” Then, when Google's computers see you coming from a new device, they'll require an access code that's sent to you via your phone.

Get ready for biometrics.

The 2013 introduction of the iPhone 5s with TouchID fingerprint was expected to bring biometric identification squarely into the consumer mainstream. The fact that it was hacked within days by using a photograph and a fake finger demonstrated that the problem of secure and convenient identity authentication will be with us for a long time. However, new products coming down the pike, such as the Myris eye scanner, will soon bring biometrics to the masses.
350

The Sandy Hook school shootings inspired the creation of the Smart Tech Challenges Foundation, whose goal is to reduce gun violence through technology innovation. It is already spawning practical projects such as a gun that reads the owner's fingerprint and one that can only be fired by the person wearing an RFID-chipped wristwatch.
351

Get a digital shredder.

Actually there are plenty of programs that have this capability, even for free, so it's no big deal to wipe files, disks, etc. The getting organized part is a bit harder. There are rules (often a seven-year retention period) for financial records, but what about your old love (e-)letters? Your baby's first scrawlings on a tablet? All those family photos that you really never liked?

For non-financial data, this is a totally subjective decision based on weighing the pros (someday you might want to write your autobiography or look back fondly at that lost love) vs. the cons (you're running for office and somebody finds a politically incorrect rant in your old files). The main thing is to think about data retention in an organized way, and of course, wipe clean (or physically destroy) any digital media before it leaves your home or office for the trash or the recycling depot.

Build yourself a sandbox.

For years, software developers have isolated test and production systems so that their inevitable mistakes won't bring something like an airline reservation crashing down around them. You can find software (e.g. VMware and Sandboxie) to create an isolated environment on your own computer. Another approach is to just wipe everything off a soon-to-be-retired machine and re-purpose it as your “sketchy machine.” Use it for anything you think might cause security problems, after having loaded it up with virus checkers and other anti-malware software. Don't use it for anything important or sensitive, and be ready to wipe and “re-image” it. The downside of this approach is that you might have an infected machine on your network for a period of time.

Guard Your Digital
Persona
Like a Hawk and Cover Your ­Digital Tracks.

In the 1950s, some parents would send their children down to the corner store for a jug of milk and a loaf of bread with instructions to “put it on our account.” Don't try that today! Instead of your family's reputation, your identity and ability to function in society is now tied to an impersonal, automated, and, it appears, quite vulnerable system of numbers and codes.

No matter where you shop, from Target to Neiman Marcus, you run the risk of hackers getting access to your credit or debit card data and other information. Both of those retailers, and countless others, have been the victims of hacker penetrations. That type of activity is beyond your control, but there are some commonsense tips you can use:

Prefer credit over debit cards.

You are definitely safer using a credit card than a debit card because, at the time of purchase, you are spending the card issuer's money. They are keenly interested in protecting that, and have elaborate ­anti-fraud measures. In most cases, you'll have zero liability for unauthorized credit card transactions. If your debit card is hacked, you run the risk of your bank account being emptied, and a protracted fight with your bank to prove it wasn't you who did it.

You could pay cash (or Bitcoin).

Sure, there's a risk that you'll be robbed in the street, and you will miss out on credit card perks like frequent flyer miles and extended warranties. But immunity from hacking and protection from credit card fraud may outweigh these benefits. Then again, cash may be on its way out. Just try to use it to buy a drink on an airplane, or even to pay your telephone bill.
352
Even Canada's Passport Office now refuses to accept cash. As for Bitcoins, and other digital currencies, great idea—but good luck checking into a hotel or renting a car with them.

Monitor your accounts online regularly.

Almost all financial institutions provide the option of online access to your account, and that has major advantages. Printed statements in your mailbox or your unshredded trash can be a gold mine for identity thieves. In fact, if you are not 100% confident about the security of your postal mail, you might consider having the physical credit cards shipped to you care of your bank branch. That little extra effort could pay off in increased security.

Assuming you have set up online access, it's possible to check your accounts regularly, and you definitely should. The earlier you catch something amiss and report it to the financial institution, the safer you are going to be. During the 2013 scandal over hacker ­penetration of retail giant Target, one CNN security expert urged everyone who had shopped there to cancel each of their credit cards and request a new one because “you'll have it in two or three days.” Of course, if forty million or so customers actually took his advice, it would be more like two or three months. Still, if you have any suspicion that your card is being misused, it is better to be safe than sorry.

Set up a Google Alert on your name.

You can use the power of Google to keep a close watch on what is being said about you online. Just go to
google.com/alerts
and put in your name (and any variants) in quotation marks. Sure, you'll get some false hits. I know far too much about a musician and a golfer who share the name “Tom Keenan.” Still, if someone is ranting about you online, this might bring it to your attention.

Use a privacy-friendly search engine.

The business model of major search engines, and certainly Google, is to serve up advertising to you, preferably for things you might want to buy. Advertisers pay for the privilege, and your eyeballs are even more valuable if you have been profiled and can be targeted.

Simply typing terms into the box of a search engine can have serious consequences. An accused killer's admission that he did a Google search for “how to dissolve a body” certainly didn't win him any friends in a courtroom.
353

Perhaps the best known search engine that promises not to track you is
duckduckgo.com
. The folks behind it give a fascinating illustration of how search engines leak personal information about you based on your searches on
www.donttrack.us
. They illustrate how a Google Search for “herpes” is sent to Google along with your browser and location, which may be used to identify you.
354
This can influence the kind of ads you are shown, as this information follows you around online. Just as you start that big business presentation—ads for herpes treatments appear.

Creepy tracking by search engines is not just a theoretical vulnerability. Real people have complained about having their privacy invaded in creepy and disturbing ways.

A man in Canada searched on Google for “CPAP” (continuous positive pressure airway machines, which are used for sleep disorders). In a later surfing session, he was looking at a comic strip that had nothing to do with the medical device and was creeped out to see ads for CPAP devices displayed by Google.

He filed a complaint with Canada's Privacy Commissioner who ruled that “Google's online advertising service used sensitive information about individuals' online activities to target them with health-related advertisements, contrary to Canadian privacy law.” Google promised to mend its ways.
355

Check your environment for things that should not be there.

Earlier in
Technocreep
, we learned about CreepyDOL, an unobtrusive $57 snooping device that someone could plug into the wall at your favorite coffee shop, airport terminal, or public library. The odds are good it would sit unnoticed there for weeks, intercepting everyone's Wi-Fi traffic. While you may not have the technical expertise to sweep for bugs, there's nothing wrong with asking “what's that?”—whether it's a box plugged into an outlet or some new icon on your smartphone.

Be Info-Stingy.

Many stores routinely ask for your postal code, telephone number, or some other piece of identifying information at the checkout. Savvy Canadians give out H0H 0H0, a valid postal code that happens to belong to Mr. and Mrs. Claus. Americans, of course, tend to rattle off 90210 as their fake zip code. A California woman successfully sued retailer Williams-Sonoma, Inc. for demanding her zip code, then using it to locate her home address.
356
The main reason to “just say no” to that checkout clerk is to continuously remind yourself to be very stingy in giving out any personal details.