Archives for August 2018

August 23, 2018

Read This Before Downloading That New App

Last year, the total number of mobile app downloads worldwide was calculated to be 178.1 billion.

And that number is only expected to go up this year, as more and more apps continue to show up on the market and draw our attention.

In fact, with over 5.8 million apps available to download today, you’ve probably had a lot of conversations about that amazing thing you can do on your phone because of a new app.

But have you discussed the safety of those apps you’ve been downloading, and whether or not the data on your phone is still secure?

“Using Apps Safely” might sound like a boring topic—I mean, come on, who cares about that when they’re busy taking a quiz to find out which Disney princess they are—but it’s extremely important for every user to be aware of and informed about the potential dangers of some of the apps on today’s market.

Every new app should pass certain criteria before being downloaded. And there is a huge reason why.

Apps Cultivate Data

App safety isn’t exactly a new discussion topic, but it’s one that isn’t always taken seriously. Today’s apps are new and exciting and full of promises. You can do practically anything with one—from important things like locking your front door…

…to really important things like proving you’re a true Game of Thrones fan with a Hodor keyboard (really).

But with every app you use, it cultivates more data.

What’s more, mobile marketing is making a bigger appearance because businesses are fully aware of the monetary potential that apps now carry. And this means that the data we cultivate while using our various apps is becoming more and more desirable.

How much data do we cultivate while using apps?

Think about it: We live with our phones connected to our hands; we communicate with friends and coworkers, we answer emails, we track our health, we calculate our caloric input, we shop for clothes, we keep tabs on our bank accounts… we even let our devices memorize our faces.

Just last year, Statista calculated that app users spent 77% of their valuable time on their three most-frequented apps.

That’s a lot of time spent on apps, and a lot of data created while using them. For marketers, it means a gold mine of monetary potential.

Using Apps = Making Money

As we open our various apps, make in-app purchases, and tap on one link after another, some companies are tracking our behavior because it gives them a better picture of who we are and what motivates us to click “buy.”

This is why we have to pay attention to the integrity of every app we download. Some companies are sneaky about the data they collect and how they handle the data that they collect. It’s valuable stuff, and there’s a lot of it, so they’ve figured out an easy way to get what they want without you catching on—which is through their apps.

And that, of course, means our data privacy concerns need to extend into the world of apps.

So if we know the potential danger of downloading an untrustworthy app, then why are so many everyday users careless about which ones they download?

I mean, you wouldn’t let just anybody into your house to rifle through your closet, read your mail, browse through your personal journals, and then use that information to make money, right? So why would you allow an app to essentially do the same thing to the data on your phone?

The answer to that is this: the ease and excitement of downloading a new app far outweigh any potential threats that the app might pose.

Because of this, many of us tap the download button without giving a second thought to the app’s safety and then suffer the consequences of having downloaded a “Trojan” app—one that hides a brutal invasion.

Suddenly, we go from operating our phone to holding a data-laden device in our hands that’s being operated by hackers.

But here’s the good news: you can learn to spot a potentially malicious app before it harms you.

And you can feel more confident about the safety of your apps by checking certain things before tapping that download button. It’s easy to enjoy the benefits of some of those amazing apps out there if we just learn how to perceive whether an app is safe or not.

So, before you download anything new, make sure to run that app past a few safety checkpoints to ensure that it upholds data safety practices.

It’s easy to enjoy the benefits of some of those amazing apps out there if we just learn how to perceive whether an app is safe or not.

4 Checkpoints An App Should Pass Before Downloading

Imagine it’s a Sunday afternoon, it’s raining, everyone you know is too busy for you, and even your dog doesn’t want to look at you. You’re bored—and you want to download that cool new app and figure out all the incredible stuff it does.

If you’re bored out of your mind, you might be tempted to throw caution to the wind and hit “download” without a second thought.

But before you do that, remember that you like your data better when it’s not being exploited—so take a few minutes and double-check to see if that new app can pass these 4 safety checkpoints.

Checkpoint One: The Integrity of the App’s Marketplace

Where is that app coming from? The best route to take when downloading an app is to start from a reputable market source. Read through their privacy policies and whether or not they hold their developers accountable to their strict policies (for example, here are Apple’s developer guidelines and Google’s policy for developers). Reputable marketplaces will have strict privacy policies and guidelines and have a history of expelling violators.

Checkpoint Two: The Reviews

Read the reviews. Are the ratings high, or at least reasonable? Did any reviewers mention that they downloaded the app and were invaded by malware? Or, does every single review seem positive and fake? Some app developers will hire people to leave fake reviews in order to boost their ratings. Take some time to read through a good mix of the app’s reviews and evaluate whether it seems safe or not.

Checkpoint Three: The Company

Does the company that created the app seem safe and reputable, or does it seem questionable? Go to the company’s website and read about their history, maybe find out about their team, and see if they are a legitimate company and not some clueless app tinkerer trying to throw bad apps into the mix. Trustworthy companies aren’t going to risk their business by putting out a nasty app.

Checkpoint Four: The Privacy Policy

Before ever allowing an app to take up space on your device, take the time (I know it doesn’t sound fun, but trust me, it’s worth it) to read the company’s privacy policy in order to learn exactly WHAT information they plan on acquiring and HOW they plan to use that information.

A lot of untrustworthy apps have questionable policies that fly under the radar because most people don’t want to bother with taking the time to read through its technical lingo. Don’t let this tactic get you—read through the policy and find out whether that app will be accessing data and selling it to third parties or using it in other ways for monetary gain.

Essentially, any new app you’re checking out should come packaged with a privacy policy that you can trust your data with and that is clear and honest about its intentions.

(In fact, if you want to see an example of a solid policy right now, check out the AXEL privacy policy. We’re kind of proud of it.)

Happy App-ing

There are plenty of bad apps out there that you will want to avoid, but there are also plenty of really awesome apps out there that might actually transform the way you do things in the best possible way.

It’s up to you to be aware of the benefits and dangers of today’s apps and to assess whether the one you’re about to download will protect your private data or put it at risk.

And remember: although there are some app developers out there who want to hack your data with their invasive app, there are also a large number of trustworthy developers out there who know how to combine innovative tools with strong privacy protection.

So don’t worry—you can have fun and do amazing things on your phone while also protecting your data.

August 21, 2018

The Hidden Danger of Virtual Worlds

On a summer afternoon, a number of Microsoft employees were invited to attend a training seminar.

But, instead of grabbing a pen and heading to the boardroom, they plugged themselves into a set of headphones and fired up Second Life.

This online social “game” was huge for a number of years in the early 00s, mainly because it offered average, everyday citizens an escape from the monotony of real life. Through a digitized landscape, users could create new “lives” that were as hedonistic as they chose.

For Microsoft employees, the pixelated replica of the Microsoft building was the location of their training seminar. But it wasn’t just Microsoft that jumped on the bandwagon – big-name rock stars lined up to perform virtual gigs and real-life travel companies sent correspondents into the melee to report on the latest developments.

For all intents and purposes, Second Life was real life – except you could enjoy it from the comfort of your own home.

The “game” (a term which should be used loosely in this context because, well, there’s actually no way to win at Second Life) was inspired by Snow Crash, the 1992 novel by Neal Stephenson. In the book, citizens navigate around a digital world created and run by independent entrepreneurs – a concept that’s becoming more and more real by the day.

The purpose of Second Life isn’t to gather as many gold coins as possible or figure out a mission set by a wiry old wizard. Instead, it is simply a digital escapist fantasy that allows users to be whoever they want and do whatever they want away from the restrictions of the real world.

While the possibilities were (and still are) endless in Second Life, one phenomenon was quick to surface; that normal people submersing themselves in the game were acting pretty much the same as they would in real life. This made it a fascinating environment to study the social behaviors of people in a pre-built stage.

Sure, stories emerged of people having affairs on Second Life that affected real-world marriages but, for the most part, people used it to escape reality and… do pretty much the same as they were doing in their real lives.

What is the Metaverse?

Let’s backtrack for a minute.

The Metaverse is a term that dates back to Stephenson’s sci-fi novel. It was the name given to the virtual world in which the characters interacted and lived, and it’s now the term being given to a blockchain project that essentially aims to replicate the real world in a digitized format.

In Snow Crash, “players” moved around as Avatars while the central strip – known as “the Street” – could be built on by developers, creating an even more entangled version of reality.

The goal of the Metaverse project is to build an entire universe where digital assets and digital identities are the basis of transactions to create a new kind of ecosystem that has the potential to completely change human society.

Even back in 1992, Stephenson had an insightful eye into what the future might hold for humanity. Today, our lives resemble those of the characters in the book – our work and lives are becoming more and more digitized, with people spending more time online than offline.

The way we communicate has undergone a complete transformation, where we now send clipped messages via the internet rather than having to face talking to real people. Soon, we might see even more transfers – both human and asset based – taking place on the blockchain which will shift the entire economic world.

It can be a hard pill to swallow, but some might argue we’re already halfway there. Enter the New Reality.

With people increasingly living their lives out online, there’s one big elephant in the room that keeps bubbling away below the surface – data privacy.

The Metaverse and its Effect on Data Privacy

In the real world, we don’t have to enter a username and a password to wake up in the morning and, when we pass people on the street, our full names and addresses aren’t typed out in a bubble above our heads.

Online it’s a different story. And, in fact, with the likes of Second Life and social platforms like Twitter and Facebook, users seem to be actively willing to hand over their information to access their feeds.

This raises the question of whether privacy will soon be regarded as an outdated social need or whether it will evolve into something else entirely. At the moment, the rules of the online world are considerably more open and vague than those in the real world, but this might have to change when the Metaverse comes into play.

Why?

Because so far, most virtual reality games and landscapes are built in a “walled garden” format. They run behind corporate firewalls and aren’t interconnected in any way. When you enter one world, you’re essentially caged in and avatars can’t travel between two different digital worlds. In this case, security isn’t necessarily a priority, because data isn’t being transferred from the hands of one corporation to another.

The problem arises when virtual worlds are built on open source software. This means avatars can travel between different virtual landscapes. And, for now, the majority of these platforms are built by developers in their spare time, which means that security is a low priority for them.

Take OpenSimulator, as an example. This software powers over 300 different public worlds and even more private ones, covering an area of 15,000 square kilometers. The software means anyone can set up a virtual world via the Oculus Rift without having to break the bank.

MOSES, one of the worlds built with OpenSimulator, is owned by the US Army, and the problems with security are already doing the rounds. At the moment, it’s difficult to know how to go about addressing data security issues when this new digital landscape is so new (despite its fictional origin in the 90s).

For now, it seems, the Metaverse is an experimental place to dabble in the future of humanity. The fresh excitement of it and the relatively unknown future it holds means security isn’t necessarily a priority for developers.

But soon, when more and more people start venturing into their online lives, we’ll have to sit down and seriously think about what data privacy means in this new landscape, particularly when it comes to things like authentication, content protection, and secure communications.

But, if Second Life is anything to go by, the population of people who are ready and willing to escape reality and immerse themselves in an online parallel universe are more concerned with who they will be there than who will take their information.

August 14, 2018

6 textbook examples of how NOT to respond to a Data Breach (Seriously guys?)

Yahoo: Do nothing and pray it goes away

Why are we surprised at this?! When Yahoo suffered a breach in 2013, it decided to just keep quiet about the 3 billion accounts that were compromised. Surely this would prove to be an effective strategy?

LOL.

The news broke a whole FOUR years later, in 2017, that 3 billion accounts had been hacked, which is more than the company claimed in 2016, which is the first time anyone heard anything about a data breach. We shouldn’t really be surprised, as “do nothing and pray it goes away” has been Yahoo’s MO for quite some time now.

FriendFinder Networks: Take days to respond and then downplay the incident in a vague press release

FriendFinder Networks is a company that you’d reeeally want to keep your data secure. It operates AdultFriendFinder, a “sex and swinger community,” and when it suffered a breach in 2016, the response was slow and the press release was tepid. The company affirmed that it “encourages users to change their passwords,” and appeared to put most of the onus on the users, commenting that it would contact users “to provide them with information and guidance on how they can protect themselves.” Seriously?

This press release came after days of speculation, which is actually forever if you are a user of an adult website waiting to find out if your data has been made public.

Equifax: Fail to patch software, take forever to disclose breach, let execs sell their shares

Equifax has one of the shadiest timelines of this group, and competition was stiff here!! After failing to patch a known vulnerability in March 2017 in widely used open source software Apache Struts, the data of 143 million US customers was potentially exposed in May 2017. Then on July 29th, days after the breach was discovered, executives sold off nearly $1.8M worth of Equifax shares. Hmm….this looks bad, but maybe there’s something we don’t know here. (Read: there’s not. It’s bad.)

Ticketmaster: Pretend it’s not happening

Ticketmaster was alerted to a possible breach in April of 2018, but decided to do its best impression of an ostrich and just pretend it wasn’t happening until it received apparently irrefutable (or un-buryable) evidence on June 23rd. Online bank Monzo released a statement shortly afterward saying it spotted the breach in April, but Ticketmaster said nah after an internal investigation revealed no evidence of any such breach.

I’m confused. Are we just letting companies investigate themselves now? This is not how any of this should work. Anywho….

Facebook: Deny deny deny

Facebook didn’t suffer a breach. Instead, it voluntarily gave away a treasure trove of user data and then informed us that we had all agreed to it in the terms and conditions. Whoops – we should have read those, but they’re just so boring, and no one can recall seeing a line item that said “we will give away all your data, suckers, and there’s nothing you can do about it LOL.” I think I would have remembered that…..

To its credit, Facebook did admit that its data had been “improperly shared,” but didn’t go so far as to call it a breach. They didn’t go so far as to call us suckers either, but that doesn’t mean it isn’t true.

Exactis: Leave us all in suspense as if our data’s safety was a plot point in a Mission Impossible movie

None of this is entertaining, you guys. Apparently there is a “database with pretty much every US citizen in it” floating around the internet, according to security experts. That seems pretty bad.

But even worse, the company associated with the breach has stayed silent for days, which is deeply bumming out 230 million of us who would kindly like to know if our personal information is available online.

The bottom line

Data breaches are inevitable. Attackers are targeting companies on a daily basis. But ignoring the fact that a data breach has occurred, failing to patch a known vulnerability, putting the onus of dealing with a breach on users, and – most obviously of all – selling off your stock when you have insider information of a breach doesn’t help anyone. Companies need to be honest when they think a breach has occurred, or they risk losing their customers’ trust. And as our data multiplied exponentially, trust is becoming scarce.