Keeping your Online Footprint Private

Every second, 12 people online become a victim of cybercrime.[1]

Many of us want to maintain social media accounts, store files online, and utilize search engines, yet keep our privacy. These are not necessarily mutually exclusive. Here are some tips to keep your online footprint private.

Something from nothing

The 21st Century version of identity theft is synthetic-identity fraud, combining real (typically stolen) and fake information to create a new identity to open fraudulent accounts and make fraudulent purchases.[2] Thieves play a long con, spending years building credit for a fictional person. Criminals start a new “credit file” with a synthetic identity which is created when someone applies for a loan, even if it is not granted. Lenders who approve loans based on these synthetic credit files helps those files become a credit report which is how a fictitious individual can receive credit cards. Criminals can spend thousands of dollars and disappear without a trace. Banks end up spending hours chasing people who don’t even exist.[3] U.S. District Judge Mark H. Cohen stated in a sentencing hearing, “this is basically abusing the credit system, of frankly, this country.”[4] Typically those at risk are individuals who do not frequently use their credit, if at all, children and the elderly. According to consulting firm Javelin Strategy & Research, synthetic identify losses are increasing; TransUnion has an outstanding balance of $355 million owed by synthetic identities.[5]

File-Sharing Services

File-sharing is a convenient place to store documents, and collaborate with others, however, it may not be the best option for your business. Steve Wozniak, Apple co-founder, stated, “The more we transfer everything onto the Web, onto the cloud, the less we’re going to have control over it.”[6] 

Your IT department will be the first to tell you that there is no control over which users can drop or edit files. They cannot control employees’ access to shared files which may pose a privacy risk. Dropbox does not allow companies to view an audit log, so if data is leaked, there is no way to find out who may have accessed it.[7]

In 2016 hackers have stolen over 60 million account details for online cloud storage platform Dropbox.[8] Although the breach was previously disclosed, only now has the severity and number of users affected come to light. Luckily, Dropbox reportedly does not appear to be listed on any of the major dark web marketplaces where this sort of data is often sold. The value of this kind of data diminishes in value if it is adequately secured and in this case, Dropbox protects passwords with a strong hashing bcrypt which would make it difficult for hackers to identify the true password. 

Re-Create your [browsing] History

Delete your Google or Yahoo search history. Google’s efficacy is helped by its personalized search system. It uses your past searches to yield the most relevant results to you. Though not risky at first glance, this can be quite influential on the results of open source research investigators may conduct. If you want to take it a step further, delete your cookies. Cookies are text files memorized by browsers that contain details on your particular website visits. You can also turn off the personalized search by clicking “Search Tools” > “All Results” > “Verbatim.”

To search with no fear of receiving any personalized results, you may want to consider using specialized search engines, such as, Duck Duck Go (“DDG”). DDG does not collect any information about the user, no IP address or cookies. It also automatically points you in the direction of encrypted (ie. secure) websites. Users can also opt in to ad-free searches in advanced settings.

Social Media Accounts Get Hacked Too

In 2016, it was reported that the data stolen from LinkedIn in 2012 was up for sale on the dark web. The information for sale includes emails and passwords of 117 million LinkedIn users. The hacker who goes by the name “Peace” is reportedly selling the data on The Real Deal for 5 bitcoins (approx. $56,563.02).[9] 

Your Facebook, Instagram, and Snapchat accounts aren’t safe either. In September 2017, six million Instagram accounts were hacked and hackers created an online database where cyber criminals could order private user details for $10 per search.[10]

If you’re curious about the data that Facebook stores on you, download your data: if you go to your Facebook settings and click Download a copy of your Facebook data you will see everything that has been stored about you.

https://www.facebook.com/settings

https://www.facebook.com/settings

 

Check out your privacy settings and make sure you’re not oversharing with apps that you downloaded or how advertisers have profiled you by clicking on Privacy > Apps and Privacy > Ads.

Protect your privacy by making your friends list only viewable by you.

Some are going the extra mile and deleting their profiles entirely. Kevin Matthew, a former systems administrator who owns a small web developing company, created a script that takes deleting your Facebook profile to the next level. “‘Poison’ or obfuscate all our data such as timeline posts, likes, comments and other information that we have submitted to Facebook’s systems.”[11] The script replaces posts, comments, and likes with random data five times, over the course of three months and let the new data sit until it poisons your historical backup and anonymizes your data. It should be noted that this is advertised as a proof of concept as it violates Facebook’s terms of service.

All Wi-Fi is not created equal

It is important to know that it is not recommended to bank online at a Wi-Fi café or in your hotel room even on your own computer. Your logon information can be easily intercepted, should there be someone waiting on you to make this mistake. The same goes for banking online on your smart phone.

Safe Browsing Tips

  • Although it is inconvenient, use different passwords for every account you have; avoid using the same password for Facebook and your online banking account, for instance.
  • Update your anti-virus and anti-malware.
  • Use the most up to date internet browser, some of the updates that are made are security ones.
  • Change your passwords regularly and use alpha, numerical, and symbols if you can. The best option is creating a memorable passphrase, stringing a few words together would take millions of years for a computer to hack.
  • Use an HTTPS connection this helps ensure a secure connection to your social media account or email. 
  • Use a two-factor authentication.
  • Check out https://haveibeenpwned.com/ to see whether your email address or associated accounts has been hacked and to receive notifications of any such occurrence.

 

[1] https://www.wsj.com/articles/the­new­id­theft­thousands­of­credit­applicants­who­dont­exist­1520350404

[2] https://www.investopedia.com/terms/s/synthetic-identity-theft.asp

[3] https://www.forbes.com/sites/alanmcintyre/2018/02/07/the-battle-against-synthetic-identity-fraud-is-just-beginning/#619a39ab4ca0

[4] https://www.wsj.com/articles/the­new­id­theft­thousands­of­credit­applicants­who­dont­exist­1520350404

[5] https://www.wsj.com/articles/the­new­id­theft­thousands­of­credit­applicants­who­dont­exist­1520350404

[6] http://www.businessinsider.com/steve-wozniak-cloud-computing-will-cause-horrible-problems-in-the-next-five-years-2012-8

[7] https://www.business2community.com/cloud-computing/6-reasons-dropbox-isnt-secure-enough-business-0795298

[8] https://motherboard.vice.com/en_us/article/nz74qb/hackers-stole-over-60-million-dropbox-accounts

[9] https://scopeweekly.com/2016/05/24/linkedin-accounts-hacked-in-2012-damages-coming-out-now/

[10] https://www.telegraph.co.uk/technology/2017/09/04/six-million-instagram-accounts-hacked-protect/

[11] https://www.shift8web.ca/2018/03/delete-facebook-how-to-poison-obfuscate-and-purge-your-facebook-data-before-deleting-your-account/#0

Talia Cohenonline privacy, research, investigation, social media