AXEL.org

information security

A Beginner’s Guide to Staying Safe Online

Every week it seems a new security breach is hitting the headlines so we can be forgiven for thinking the online world is a dangerous place.

Earlier this year, Facebook was lambasted for sharing user data with third party apps, while those with Androids were shocked to learn that their mobile was tracking their every move thanks to built-in location tracking tacked onto Maps and Photos.

And then there was the Amazon Echo incident, where customers realized their every interaction was being gathered together to build a case about who they are and their shopping habits.

So yes, we’d be forgiven for thinking the online world is a scary place.

Sure, the internet has impacted our lives in amazing ways, but there is a dark side just like with everything else.

But because we’ve been so eager to dip our toes into the countless benefits that the internet brings (being able to communicate with anyone, anywhere is pretty priceless), we’ve lost some of our personal privacy along the way. It’s kind of an exchange – we let you do this in exchange for this information about yourself.

This isn’t about to stop anytime soon.

We like the freedom to contact someone on the other side of the world with the click of a button. We like being able to next-day-deliver something we’ve coveted for all of five minutes. We like being able to read our favorite news stories without having to shell out for a hard copy.

Handing over our data for online freedom is the price we pay. Everything we do on the web leaves a digital trail that can be swept up and used by corporations and governments.

The problem is in the transparency of it all. Legalese in tiny fonts that are unreadable with the naked eye pull the wool over users’ eyes. We want to sign up to Twitter so we can see what everyone’s saying about the latest celebrity scandal, so we blindly tick the “yes” box without really agreeing to have our data scraped through and sold on for who knows what purpose.

Giving away even the tiniest snippets of data about yourself can leave you at risk from less-than-stellar companies, but there are steps you can take to limit how much data is siphoned from your internet activity.

If you’re not tech savvy and don’t know how to navigate the ins and outs of the World Wide Web, let us help you out.

Encrypt Your Email

Email is not going anywhere anytime soon. In 2017, more than 270 billion emails were sent, a number that’s set to increase to 320 billion by 2020.

We hear all the time about email accounts getting hacked, and this form of online communication has been hailed as the absolute worst for security. This is because a single email message gets passed around several different servers before it reaches its final destination.

You can keep the content of your messages private with encryption. Some email providers already offer this as standard, but for others you might need to download an add-on or a plugin. When it comes to the metadata that accompanies your emails though (the sender, receiver, time stamps etc), there’s nothing you can do as the internet routing system needs this information to do its job.

Hide Your History

We often get sucked into a wormhole on the internet and find ourselves knee deep in cute cat videos when all we wanted was to find a review for the new washing machine we’ve got our eye on.

It’s hard to believe that anyone would be interested in the meandering trail we took to get to the cat videos, but this information can be used by companies to know what sites we visit the most and how we get from one to the other.

This log of sites you visit is known as your “clickstream”, and you can take a look right now at the online journey you’ve taken over the past day by simply clicking “History” and then “Full Browsing History” when your browser is open.

This information isn’t private unless you always browse the web in Incognito mode so the sites don’t retain your Cookies (watch the video below to understand what Cookies are), or to download a free tool that obscures your clickstream.

Video:

Get Savvy with Your Social

It always seems to be social media sites hitting the headlines with privacy concerns (we’re looking at you, Facebook), and that’s because social channels are filled with a bounty of information about their users; from date of birth to restaurants you regularly check into and your closest friends, these sites literally have an incredible low-down on you.

But again, it’s the price we pay to stay in the loop and to share filtered pics with our nearest and dearest.

The best advice here for eliminating any chance of your data being scraped and used elsewhere is to delete all of your social media accounts.

If that seems too drastic, give yourself peace of mind by having your accounts on the highest security settings possible (here’s a great guide to help you do that) and leaving out any identifying information like your date of birth or your home town.

We can’t control what others post on social media (and sometimes they’ll post stuff about us that disappears into the ether), but we can control what we hand over to the grasping hands of big corporations.

Leave Your Location Out of It

There’s something thrilling about checking into a new place, whether we’re humblebragging about visiting the latest high-end restaurant or simply want people to know that we’re Out There Having Fun.

But location data can be incredibly valuable if it falls into the right hands.

Think about it: not only are you providing information about where you are and what you’re doing there, you’re handing over data like what time of day you like to do that activity, and you’re even giving nearby locations the chance to target you with ads while you’re in the vicinity.

The answer here is simple: turn off your location when you don’t need it and avoid using sites that require you to “check in” or need location information.

Other Things You Can Do

Encrypting your email, being elusive with your social media information, and avoiding the lure of “checking in” are good starting points for protecting your online data privacy.

But, taking it further, you can ensure that your password across everything is not something that can easily be guessed. Instead of having a password, go for a passphrase that is made up of multiple words, numbers, and symbols.

And, when it comes to your search engine habits, be ruthless.

Many of the big search engines make a note of your searches and build a profile of you to serve up relevant ads. If you want to avoid this, you need to avoid the big guys and instead use a search engine that doesn’t track your every search term (the oddly-named DuckDuckGo is good for this).

Protecting online data is a big concern for most internet users, but for the tech-phobic it can be truly terrifying, especially if you don’t even know how to start protecting yourself.

Hopefully these tips will point you in the right direction and help you get your privacy back under control, pronto.

Read This Before Downloading That New App

Last year, the total number of mobile app downloads worldwide was calculated to be 178.1 billion.

And that number is only expected to go up this year, as more and more apps continue to show up on the market and draw our attention.

In fact, with over 5.8 million apps available to download today, you’ve probably had a lot of conversations about that amazing thing you can do on your phone because of a new app.

But have you discussed the safety of those apps you’ve been downloading, and whether or not the data on your phone is still secure?

“Using Apps Safely” might sound like a boring topic—I mean, come on, who cares about that when they’re busy taking a quiz to find out which Disney princess they are—but it’s extremely important for every user to be aware of and informed about the potential dangers of some of the apps on today’s market.

Every new app should pass certain criteria before being downloaded. And there is a huge reason why.

Read This Before Downloading That New App

Apps Cultivate Data

App safety isn’t exactly a new discussion topic, but it’s one that isn’t always taken seriously. Today’s apps are new and exciting and full of promises. You can do practically anything with one—from important things like locking your front door…

…to really important things like proving you’re a true Game of Thrones fan with a Hodor keyboard (really).

But with every app you use, it cultivates more data.

What’s more, mobile marketing is making a bigger appearance because businesses are fully aware of the monetary potential that apps now carry. And this means that the data we cultivate while using our various apps is becoming more and more desirable.

How much data do we cultivate while using apps?

Think about it: We live with our phones connected to our hands; we communicate with friends and coworkers, we answer emails, we track our health, we calculate our caloric input, we shop for clothes, we keep tabs on our bank accounts… we even let our devices memorize our faces.

Just last year, Statista calculated that app users spent 77% of their valuable time on their three most-frequented apps.

Read This Before Downloading That New App

That’s a lot of time spent on apps, and a lot of data created while using them. For marketers, it means a gold mine of monetary potential.

Read This Before Downloading That New App

Using Apps = Making Money

As we open our various apps, make in-app purchases, and tap on one link after another, some companies are tracking our behavior because it gives them a better picture of who we are and what motivates us to click “buy.”

This is why we have to pay attention to the integrity of every app we download. Some companies are sneaky about the data they collect and how they handle the data that they collect. It’s valuable stuff, and there’s a lot of it, so they’ve figured out an easy way to get what they want without you catching on—which is through their apps.

And that, of course, means our data privacy concerns need to extend into the world of apps.

So if we know the potential danger of downloading an untrustworthy app, then why are so many everyday users careless about which ones they download?

I mean, you wouldn’t let just anybody into your house to rifle through your closet, read your mail, browse through your personal journals, and then use that information to make money, right? So why would you allow an app to essentially do the same thing to the data on your phone?

The answer to that is this: the ease and excitement of downloading a new app far outweigh any potential threats that the app might pose.

Because of this, many of us tap the download button without giving a second thought to the app’s safety and then suffer the consequences of having downloaded a “Trojan” app—one that hides a brutal invasion.

Suddenly, we go from operating our phone to holding a data-laden device in our hands that’s being operated by hackers.

But here’s the good news: you can learn to spot a potentially malicious app before it harms you.

And you can feel more confident about the safety of your apps by checking certain things before tapping that download button. It’s easy to enjoy the benefits of some of those amazing apps out there if we just learn how to perceive whether an app is safe or not.

So, before you download anything new, make sure to run that app past a few safety checkpoints to ensure that it upholds data safety practices.

It’s easy to enjoy the benefits of some of those amazing apps out there if we just learn how to perceive whether an app is safe or not.

Read This Before Downloading That New App

4 Checkpoints An App Should Pass Before Downloading

Imagine it’s a Sunday afternoon, it’s raining, everyone you know is too busy for you, and even your dog doesn’t want to look at you. You’re bored—and you want to download that cool new app and figure out all the incredible stuff it does.

If you’re bored out of your mind, you might be tempted to throw caution to the wind and hit “download” without a second thought.

But before you do that, remember that you like your data better when it’s not being exploited—so take a few minutes and double-check to see if that new app can pass these 4 safety checkpoints.

Checkpoint One: The Integrity of the App’s Marketplace

Where is that app coming from? The best route to take when downloading an app is to start from a reputable market source. Read through their privacy policies and whether or not they hold their developers accountable to their strict policies (for example, here are Apple’s developer guidelines and Google’s policy for developers). Reputable marketplaces will have strict privacy policies and guidelines and have a history of expelling violators.

Checkpoint Two: The Reviews

Read the reviews. Are the ratings high, or at least reasonable? Did any reviewers mention that they downloaded the app and were invaded by malware? Or, does every single review seem positive and fake? Some app developers will hire people to leave fake reviews in order to boost their ratings. Take some time to read through a good mix of the app’s reviews and evaluate whether it seems safe or not.

Checkpoint Three:  The Company

Does the company that created the app seem safe and reputable, or does it seem questionable? Go to the company’s website and read about their history, maybe find out about their team, and see if they are a legitimate company and not some clueless app tinkerer trying to throw bad apps into the mix. Trustworthy companies aren’t going to risk their business by putting out a nasty app.

Checkpoint Four: The Privacy Policy

Before ever allowing an app to take up space on your device, take the time (I know it doesn’t sound fun, but trust me, it’s worth it) to read the company’s privacy policy in order to learn exactly WHAT information they plan on acquiring and HOW they plan to use that information.

A lot of untrustworthy apps have questionable policies that fly under the radar because most people don’t want to bother with taking the time to read through its technical lingo. Don’t let this tactic get you—read through the policy and find out whether that app will be accessing data and selling it to third parties or using it in other ways for monetary gain.

Essentially, any new app you’re checking out should come packaged with a privacy policy that you can trust your data with and that is clear and honest about its intentions.

(In fact, if you want to see an example of a solid policy right now, check out the AXEL privacy policy. We’re kind of proud of it.)

Read This Before Downloading That New App

Happy App-ing

There are plenty of bad apps out there that you will want to avoid, but there are also plenty of really awesome apps out there that might actually transform the way you do things in the best possible way.

It’s up to you to be aware of the benefits and dangers of today’s apps and to assess whether the one you’re about to download will protect your private data or put it at risk.

And remember: although there are some app developers out there who want to hack your data with their invasive app, there are also a large number of trustworthy developers out there who know how to combine innovative tools with strong privacy protection.

So don’t worry—you can have fun and do amazing things on your phone while also protecting your data.

Facial Recognition Technology and What It Means for Data Privacy and Protection

Imagine walking into a store, picking up a pint of milk, heading to the cash desk, shooting the cashier a smile, and going on your merry way.

No card, no cash, no phone; just your face as a tool.

This might not be a far cry from what the future holds thanks to facial recognition.

Today, cameras are no longer just vessels to take pictures and record videos with. Instead, they are being fitted with biometric technology which can identify humans and perform key activities, like unlocking a smartphone or, more amazingly, making payments.

Take the recent news story of a man who was caught at a music festival via facial recognition. Technology picked the suspect out of thousands of revelers – crazy, right?

In other news, Europeans have blasted Facebook for providing them the chance to “turn on” the app’s facial recognition feature, only to find out later on that the message was sent in error.

It’s safe to say that facial recognition is causing a stir in a lot of different industries.

What Is Facial Recognition?

Typically used as a security system, facial recognition uses technology to verify a person’s features via a digital image stored in a database. The technology essentially examines the elements on someone’s face and matches it against images already stored to identify said person.

Though it has been around since 2009, the technology has only recently made waves in the retail world and for smartphone developers.

Take Alibaba, the Chinese version of Amazon, that lets people pay with a smile using facial recognition in its stores.

That scenario at the start of the post doesn’t seem so far off now, does it?

But perhaps the most popular place we’re seeing facial recognition pop up is in the world of smartphones. We just have to look at the latest iPhone X with its built-in Face ID capability to see where things might be headed.

This particular feature uses biometric authentication to let iPhone users unlock their devices simply by looking at the screen. It’s kind of like the finger-print Touch ID system that was used on previous iPhones, but the Face ID element now also lets users access Apple Pay, the App Store, iTunes, and other third-party apps by just showing their face.

When the new iPhone was released, Apple itself put forward a hefty claim. They said there was a 1 in 1,000,000 chance that someone could open up another person’s phone using Face ID – a pretty vast improvement from the 1 in 50,000 chance of someone having the same fingerprints as you.

It’s not just used for access rights either.

Let’s head to the city of Shenzhen in China for a moment. Here, facial recognition is used to identify jaywalkers in CCTV footage before showcasing their faces on a big screen in an attempt to shame them.

Compared to simply using your face to unlock a phone, this seems a little more dramatic, right? Kind of like it’s been taken straight from the pages of 1984.

Basically, facial recognition is being used in many different ways because it’s more convenient. I mean, just looking at your phone is a much easier way to unlock it than having to hold your finger down on a button or type in a password.

But, while we’re constantly told we’re all unique and no two faces are the same, how secure is facial recognition really? It may well be more convenient, but does convenient mean secure?

In an attempt to trick Face ID, Wired Magazine bought hundreds of expensive masks and brought biometric hackers on board to see just how secure this new technology was on the iPhone X.

Guess what? They failed to beat the system, but that doesn’t mean there aren’t other security and privacy issues.

You Can’t Hide Your Face Away

While our passwords are predominantly kept a secret (unless you’re careless enough to leave them lying around or make them so easy even a 3-year-old could guess them), our faces are on show for everyone to see all the time.

Tech aside, we use our faces to verify ourselves to friends, family, and colleagues every single day.

But here’s the difference: when we’re verifying ourselves in real life, our faces are also combined with our traits, like our voice or our personality, which adds an extra dimension to the party.

With tech-based facial recognition, this isn’t the case – yet.

Say, for example, you’ve been captured by criminals and they want to hack into your smartphone to get some really juicy information you’ve got stored there. If you’ve got a password, they might have to work a little harder than normal to get into it, but with facial recognition they just need to hold the phone in front of your face.

Disappointingly easy, right?

There are steps being made to eliminate the chance of this happening (though hopefully you’ll never be taken captive by criminals in the first place). Face ID now uses machine learning to analyze expressions to figure out whether you really want to unlock your phone.

If that sounds crazy, it’s probably because it kind of is. What it basically means is that Face ID won’t work if you’re not awake or conscious, or simply not facing your phone.

But apart from the probably very minimal chance of someone getting captured by criminals who want to gather intel from their smartphone, there are other very real worries that come with facial recognition, like:

  • Where is the face data stored?
  • Who can access the data?
  • What else will the data be used for?

This just shows that, despite the advances in tech bringing weird and wonderful benefits, there are also significant concerns surrounding it, particularly because the data being used and held is biometric (or extremely sensitive) data.

Because of this, data privacy is one of the biggest worries.

Think about it: no data is completely safe, so your very unique and sensitive face data could potentially be accessed and used by third parties without your consent if the system is hacked.

But perhaps the creepiest part of it all is the fact that Face ID and other facial recognition technologies operate in an “always on” manner. This means the technology is automatically activated as soon as it sees your face.

No buttons. No confirmations. Just your face.

Which means, in a weird and even more 1984-style way, it is always watching you through your front facing camera.

It’s constantly collecting live data that needs to be stored somewhere, which raises the ultimate privacy question: are we constantly being watched and who is watching us?

Is There an Answer to It All?

With data as sensitive as this, there’s always going to be growing pains. Over the next two years, the technology we know now might be completely extinct and something else entirely might have become a front runner in the facial recognition world.

But for now, all we know is that businesses that use facial recognition need to acknowledge how they capture data and what they use it for. At the moment, the best way for them to do this is to combine strong knowledge (which is something like a password; something you know) and inherence (which is something like facial recognition or an iris scan; something you are).

This two-factor security method will minimize the chance of hackers getting access to devices, but this starts right at the very beginning. For facial recognition to be completely effective as a security measure, it needs to be embedded from the development stage and a built-in part of the technology.

So, next time you see a camera, smile. You never know who might be watching.

Looking Ahead: You Own Your Vehicle, But Who Owns Your Vehicle-Generated Data?

If we pause for a moment and think to the future of smart cars, half of us probably start daydreaming of zipping around in sleek flying machines while the other half starts eyeing their plastic model of the Batmobile hanging from the rearview mirror.

But have you ever stopped to think about what’s actually happening with the technological developments of cars? Already we have vehicles with cameras to help you back out of the driveway, touch screens installed into the dash, and the capability of calling your husband to start cooking that pizza before you get home.

We also have connected cars, which have embedded mobile broadband chips and the ability to communicate with other cars in a way that drastically reduces the number of roadside accidents.

And beyond that, we have cars that drive themselves.

As our vehicles are getting smarter, they’re also producing more data. This means your data privacy concerns are not only limited to your personal computer and the apps that your teenage daughter is using—your data privacy concerns now have to do with the car sitting in your driveway that has the capability of generating, recording, and sharing data.

It is projected that there will be over 380 million connected vehicles by 2021.

Your Valuable Data

Cars have evolved beyond basic machinery and are now becoming vehicles of data, capable of sharing where you’re going, how fast you got there, how many people went with you, and what kind of music you listened to.

With sensors and cameras being incorporated into the makeup of vehicles, they can now collect more data than ever before, and this data can be used and analyzed to make more money.

So your vehicle-generated data is the type of information that companies will want to know in order to learn how to better market their products to you, and it’s information that you want to be aware and in charge of.

As the number of data-gathering cars increases, consumers will want to become more aware of what kind of data their car is generating, as well as who keeps that type of private information.

Who Has That Information Now And Who Wants It?

Currently, data-generating vehicles are still in their early years, and it will be a number of years until most vehicles are as up-to-date, so the tug between data ownership is most heavily on the side of the car manufacturers.

But for how long? Who knows.

Without regulation, companies have access to everything within a very large sphere of people’s lives. Think of the amount of data!

And who might be eyeing your vehicle-generated data like a burger fresh off the grill?

Well, really any industry that would gain from learning about a consumer’s driving habits such as speed and regular routes, phone calls, radio or phone usage…even your personal conversations.

For example, this could include radio stations that want to better know what everyone’s listening to. It could include companies who develop car stereo systems and want to know how to cater to their technological-advancing drivers, or insurance companies tracking how many times you use your phone while driving so they can adjust your rates accordingly. It could even include car seat manufacturers who want to do a study on how fast or how carefully most parents drive, and then use that information to design their car seats and market them in a specific way.

Companies like these will want to know things like how you drive, your age, your income, what you buy, or if you have kids. This is the type of information that is pure gold for businesses because it enables them to “know” you and improve the way they market their products to you.

These days, private information is currency, and industries want it for their own gain.

Industries want to make money, and so they want your information.

Suddenly there is yet another massive data mine that consumers need to be aware of as they go about their lives. Just as you would protect your information as you use your phone or computer, now it’s incredibly important to begin thinking about where your vehicle-generated data is going and how you need to protect it.

Today, self-driving cars can generate one gigabyte of data per second, which means just five minutes of driving will produce more data than your iPhone could handle. With this amount of data being gathered, all kinds of business opportunities are arising, and before long the moneymaking data vultures will begin circling above your car.

So the next time you’re driving to work, think about the data that is being generated with every mile, every Bluetooth connection, and every radio station change—those little things we all do without thinking twice. The data your car is generating is valuable and coveted and needs to be secured and protected.

Hack Attack

Worried about your computer getting a virus? Well, what if your car was at risk too?

Yet another source of concern is the safety of your vehicle-generated data from attackers. As vehicle technology continues to evolve, the security of your car desperately needs to adapt with the times. Attackers will move on from mobile phones and laptops to the car sitting in your garage or parked on the street.

Vehicles have become gold mines, and this makes them valuable targets for hackers and malware.

No one with a smart phone or computer wants their device to be targeted for private information and details to be stolen. The same goes for today’s vehicles.

The Cost Of Convenience

Imagine this: your check engine light just turned on and you take it to a mechanic for repairs. Your repairman has access to the data stored on your car and it tells him exactly what’s wrong with it. This would revolutionize the auto-mechanic industry. It expedites the mechanic’s job and therefore saves the consumer money.

But at what cost?

We need to be aware of what we are giving away in the name of convenience.  Are the small perks worth the encroachment of privacy? Are they worth the monetization of your data?

Are they worth the very real possibility of someone analyzing every word of every personal conversation and phone call you’ve ever had in your vehicle, including that one with your spouse after celebrating your anniversary, or that one you had with your daughter after picking her up from school?

A Step In The Right Direction

In a recent proposal by a California senator, the contest between vehicle data ownership was confronted and a new bill was unveiled that would allow vehicle owners to see their car’s data and decide whether or not they wanted to share it.

This is an encouraging step in the right direction. But so much more is needed.

As consumers we need to be aware of what is happening in the ever-changing world around us. We need to be realistic in terms of how the marketplace views our data and us: money.

Protecting Your Data

It is our responsibility to hold both the automobile industry and lawmakers accountable for the protection of our rights. We need to mandate transparency from our automakers and require advancements in security and privacy. Additionally, we need to stay current with the knowledge of our rights and our legal protection as new bills are put into place.

The vehicle industry has previously had practically nothing to do with technology and little-to-no need for the security of such. Having no prior experience in this field, automakers need to begin bringing in software analysts, networking engineers, and data scientists to begin shaping the security and privacy we as consumers need.

But we also need consumers to be aware of what is going on.

We need to be aware that our vehicles are becoming data-generating machines on wheels, we need to be aware of what we are sacrificing in the name of comfortable convenience, and we need to be aware of the steps we need to take in order to protect ourselves.