Two years ago, Google drove its way into a fair amount of hot water when it accidentally (as was claimed) scooped up private data over WiFi while collecting Street View and location data. Now, the Justice Department has cleared the prolific mapsters of the wiretapping violations. The DOJ made its decision not to push for prosecution based on reports from employees and investigating key documents reports Wired. The Wiretap Act (which is the relevant one here) was argued to only pertain to "traditional radio services," by US District Judge James Ware, but neither the DOJ or FCC said they could find any evidence that Google accessed the date it snared. In an extra move of openness, the search giant has also released the entire FCC report on the Street View investigation (redacted to protect identities) which can be found in the more coverage link. So, next time you see the famous camera-topped wagons roll around, you can leave your tin hat in the closet.

Justice Department clears Google of WiFi wiretapping violations originally appeared on Engadget on Sat, 28 Apr 2012 15:33:00 EDT. Please see our terms for use of feeds.

Permalink

Meet the data brokers. There’s a whole industry full of companies who make their money buying and selling our personal information. The FTC is working on busting this dark racket wide open, but in the meantime, they’re out there. Who are they? Can we stop them? Read on to find out.

What Are “Data Brokers?”

Data brokers scrape public information like names, home addresses and purchase histories, credit card activity and other such sensitive tidbits. Then they sell it. There is nothing at all to like about this. At best, they’re Spam-as-a-Service companies. At worst, they enable violent criminals.

It’s mostly marketers who are interested in this information, particularly people who do online targeting. But many of them just sell it to whoever wants it. Here’s a horrifying example of what any crazy person with a credit card can do with this information:

"My husband was killed in March 1987. The person who killed him was tried, and convicted in 1992. The defendant went to jail and was released last July after only serving 18 yrs out of a 25-life sentence. The defendant being savvy and enraged at being incarcerated has been using been [been]verified.com to try to find 'me'."

She goes on to write that BeenVerified.com, as well as “dozens of other companies,” never responded to her attempts to be removed from a database. BeenVerified is one of the most notorious and irresponsible of these companies. Here are many more examples of its sleaziness.

The Most-Wanted List

There are tons of data broker companies. Here’s a selection to give you a sense of the kinds of language these companies use to describe their products, namely us:

More Data Brokers: Intelius Zabasearch Archives PeopleLookup US Search PeopleFinders PeekYou PublicRecordsNow USA People Search Epsilon White Pages MyLife PIPL PeopleSmart

Acxiom- “The 21st Century Marketing Funnel” - “Clean Your List: our data hygiene services start at $25.”

RapLeaf - “Upload… your customers’ emails and instantly get age, gender, and more.” - Best part: it asks for your “work email address” before you can use the free trial service.

Spokeo - “Not your grandma’s phone book.” - Its listed use cases are “Find Friends,” “Find Family,” and “Identify Unknown Callers and Emails.” I wonder what else you could do with it?

PrivateEye - “Billions of Records At your fingertips” - “You don’t have to be a member! Just enter as much info as you have about the person you are trying to find and our People Search Engine will do the rest.”

Radaris - “Radaris is a powerful search engine geared specifically to help people find one another easily despite distance and time.”

And then there’s the infamous BeenVerified. Just read the whole disclaimer on the footer of the site:

Disclaimer: While we are constantly updating and refining our database and service, we do not represent or warrant that the results provided will be 100% accurate and up to date. BeenVerified is a database of publicly available sources of information aggregated for your convenience. BeenVerified does not provide private investigator services and this information should not be used for employment, tenant screening, or any FCRA related purposes. BeenVerified does not make any representation or warranty as to the character or the integrity of the person, business, or entity that is the subject of any search inquiry processed through our service. None of the above-featured companies either sponsor, endorse, or are in anyway affiliated with BeenVerified.

You get the idea.

What Can We Do About This?

On Monday, the FTC released a detailed report calling for Congress to act to give consumers control over the data these companies gather and sell. Sites are currently not required to delete your data upon request. While the government slowly churns toward possibly someday doing something about this, there are companies out there to help individuals delete these records.

SafeShepherd is one such company, which deserves specific mention because it does such a good job of explaining the problem it solves. Its basic service is free, and it will find your info, give you privacy alerts and request removal of basic records. You can also pay for a more thorough cleansing.

SafeShepherd stays on top of all the data brokers it can find (including all the ones listed above). On average, it finds customers’ info on 11 such sites.

Keep in mind, these sites don’t have to comply with removal requests. But there are way too many data brokers to contact them all yourself, and SafeShepherd will keep trying over and over again.

For a lasting solution, we’ll need legislation. U.S. citizens who want to require data brokers to delete records on request should contact their representatives.

Lead image via Shutterstock.

Just how complex are those user agreements that most people skip reading when they sign up for Facebook or Google?

More complex than a credit card agreement or a government notice, according to a study released Tuesday by branding firm Siegel+Gale. On average, 400 survey participants who had carefully reviewed the agreements were only able to answer four out of 10 comprehension questions about the policies after their review.

What's worse, of users who did understand the policies or had them explained to them, 75% said they would change their Facebook privacy settings and 63% said they would be more careful about how they used Google in the future.

"It's time for these online giants to recognize that their policies bring an unacceptable web of complexity and risk to the lives of their users. The lack of understanding of online privacy is pervasive," said Thomas Mueller, global director of customer experience of Siegel+Gale. "Bringing greater simplicity to what Web users read online will engender trust among users and only benefit Facebook's and Google's reputation."

We've asked Facebook and Google for comment and will update as soon as we hear back from them.

Among the study's other key findings:

The comprehension rates for credit card agreements (70%) and government notices (67%) were far higher than those for Google (36%) and Facebook (39%).
Just one in five Facebook users were able to figure out how to block a third-party application or website from accessing information they shared on Facebook after reading the social network's privacy policy.
Less than one in four Google+ users could figure out whether their profile was publicly viewable to anyone after reading Google's privacy terms.

All of these issues are compounded by the fact that privacy policies, particularly those used by social networks, are ever-evolving and ever-changing. Even if a user can understand a privacy policy, it can - especially in the case of Facebook - change without their knowledge.

"This complexity erodes trust and jeopardizes online privacy," said Irene Etzkorn, executive director of simplification of Siegel+Gale. "Clearly, Facebook, Google and other online service providers operate based on consumer trust, and failure to address privacy concerns in a meaningful way will lead to consumer disenchantment and additional regulatory restrictions."

Black boxes aren't just for airplanes anymore, it seems. Though car companies have been installing the devices at their discretion since the early aughts, a new bill, ominously entitled Moving Ahead for Progress in the 21st Century, has just passed Senate approval containing a provision that would mandate the inclusion of these Event Data Recorders in all automobiles produced from 2015 and on. Privacy fans may already be reaching for those protesting pitchforks, but keep in mind this legislation still needs to pass the House of Representatives on its way to becoming law. And given its other, more controversial elements (i.e. revoking passports for unpaid back taxes), it could still head back to the recycle bin. If it does pass Congressional muster, you'll still have ownership of any collected data, so long as the court doesn't require you to hand it over. Regardless of the outcome, we wouldn't breathe a sigh of relief just yet -- your car might be snooping on you as we speak. Just check your owner's manual.

Senate black box bill could see 2015 car models ship with data recorders originally appeared on Engadget on Fri, 20 Apr 2012 13:13:00 EDT. Please see our terms for use of feeds.

Permalink

After the Associated Press published an article on March 20th about employers asking job candidates for Facebook and social media passwords, the response was, to say the least, overwhelming.

In the month since, there have been thousands of tweets and social media status updates, more than 2,000 blog posts, and hundreds of news articles on the "trend." Legislation was proposed in at least three states, and by April 9th, Maryland had hastily passed a bill. Even the federal government got involved, with Congressional committees planning hearings on the issue. For its part, Facebook reiterated its service terms, which prohibit members from sharing their passwords with anyone.

There was, of course, only one problem: Outside of a handful of specific cases (one of which dated back to 2006), the AP article provided little evidence of the "trend." And journalists who chased the story - both the mainstream kind and the digital journalists who fill blogs with fodder - failed to kick the tires on the nonstory.

Full disclosure: While I was ahead of the curve, chasing the same MSN Money story that AP chased, I was still on the bandwagon, writing a post on March 12th about what you should do if an employer asks you for your Facebook password. Like AP, I found no shortage of career coaches, HR experts and disgruntled job applicants willing to feed me quotes on the trend, but I never went back to see if the original story held up to close scrutiny.

The AP article quoted Justin Bassett, a New York City statistician who said he withdrew his job application from an unspecified company after being asked for his Facebook password, because he didn't want to work somewhere that would seek personal information from a password-protected social media profile. The article, by Manuel Valdes and Shannon McFarland, went on to make other claims, including:
"Some companies and government agencies are going beyond merely glancing at a person's social networking profiles and instead asking to log in as the user to have a look around."
"Companies that don't ask for passwords have taken other steps -- such as asking applicants to friend human resource managers or to log in to a company computer during an interview."
"Asking for a candidate's password is more prevalent among public agencies, especially those seeking to fill law enforcement positions such as police officers or 911 dispatchers."
According to E. Chandlee Bryan, a career coach and coauthor of the book "The Twitter Job Search Guide," who AP interviewed, "More companies are also using third-party applications to scour Facebook profiles... One app called BeKnown can sometimes access personal profiles, short of wall messages, if a job seeker allows it."

There was, however, very little empirical evidence to back up any of the article's claims. Consider that a big chunk of the 2004 documentary "Outfoxed" spends a considerable amount of time blasting the use of the phrase "some people" by Fox News as shoddy journalism, and you start to see the growing problem with the AP story. Beyond anecdotal evidence, there was very little to support the main assertions made in the article.

Shopping for Quotes to Fit the Story

For example, the only company cited by name as using BeKnown was Sears Holdings Inc. A company spokesperson, however, said Sears only used it to pull the most-up-to-date work history into an online application. Job candidates also have the option of filling out the online application manually, meaning it is their choice to let their potential employer access their Facebook profile.

"People keep their social profiles updated to the minute, which allows us to consider them for other jobs in the future or for ones that they may not realize are available currently," Sears spokeswoman Kim Freely told AP. The problem was that Freely's explanation was in the story's 26th paragraph - cut from almost all print and several online editions, and far too low for most bloggers and journalists who chased the story to notice.

The difference between Fox News' use of "some people" in 2004 and AP's use of "some companies" in 2012? About 40 million additional blogs, the advent of Twitter and the increased use of Facebook from a handful of college campuses to more than 850 million people worldwide. A good headline and some shoddy reporting is all it takes to make your story go viral - facts are optional.

And the problem continues: At this writing, there have been more than 50 references of "Justin Bassett" on blogs within the past week, according to Google Blog Search. Orin Kerr, a professor quoted in the initial article, comes up 292 times in Google Blog Search when linked with "Facebook" and "password."

Multiple "Sources"

After Bassett, who did not respond to requests for an interview made through a LinkedIn profile, most of the articles and blog posts reference Robert Collins, who was asked for a Facebook password during a reinstatement interview when he returned to his job as a correctional officer at the Maryland Department of Public Safety and Correctional Services. The employer - who was not contacted for comment by AP and declined comment to ReadWriteWeb - purportedly wanted to check for gang affiliations.

Another frequent source was Rob MacLeod, who claimed he was asked for social media logins during job interviews for police officer positions. Finally, on April 2nd, bloggers started tying in Kimberly Hester, a teacher's aide in Michigan, who was told to turn over her Facebook login information after a parent she had friended on the social network complained about a photo she had posted. Hester refused and was fired.

We're over the initial shock, and the coverage now has moved onto proposed legislation and career columnists advising job applicants what to do if they are asked for a Facebook password during an interview. My advice? Call me and give me the scoop - if someone is actually asked for their password or told to log in as an interviewer looks over their shoulder, I'd like to know about it. It would be refreshing to cover actual news on this alleged story.

Call us paranoid, but we're always looking for ways to preserve our privacy on the Internet. And, increasingly, most of those efforts center on the two biggest Internet destinations for most users: Facebook and Google.

Love it or hate it, it's hard to be an online denizen these days without interacting with at least one (and most likely both) of the Internet giants. We've spent the past few days scouring the Internet and have found tips - some old, but most new - on how to give yourself a sense of security when using both services.

Get Yourself Out of Google Streetview

The FCC hit Google with a $25,000 fine over how it collects data for its Streetview maps. Small money for Google, but big news for people who used this round of stories as inspiration to look up their own homes and find out they didn't necessarily like what they saw.

Google says its software automatically blurs images containing license plates and people's faces, but like any software program, it doesn't always work. And you may find other images that are revealing or just plain unflattering. Fortunately, PBS Newshour has a step-by-step primer on how to alert Google to those images and ask for them to be edited or removed.

Check Your Facebook Privacy Settings - Again

If you use a task management program like ToodleDoo or a calendar program like Google Calendar, it makes sense to put a recurring reminder in to check your Facebook privacy settings regularly. The reality is Facebook changes its user terms on a regular basis in a constant bid to open up your account and increase the amount of information you share (both knowingly and unknowingly), and we're not so sure an FTC consent decree will curb that practice entirely. We've given up on crying foul every time these policies change: It's just a fact of life on the world's biggest social network.

Facecrooks, a site the deals exclusively in using Facebook securely, has just released one of the best comprehensive guides for locking down your Facebook accounts. Follow each step, and you'll be as secure as you can possibly be on Facebook. But even the implementation of the tips that suit you on a case-by-case basis is worth considering.

Some of our favorite suggestions from the guide:

Use a dedicated email address for Facebook.
Don't allow subscribers.
Enable login notifications so you know when someone has accessed your account.
Avoid posting information such as your birthdate, your home and mobile phone numbers and your street address.
Always log out of Facebook after you finish your session.

Spend Some Time Taking the "Eazy" Way Out

PC World has a glowing review of Priveazy, which bills itself as a personal online privacy and safety consultant. Companies such as Facebook and Google hope we'll give up on trying to "untangle the privacy knot," but Priveazy, with online tutorials, quizzes and security checkups, aims to make the process of protecting online privacy, well, easy.

As PC World points out, the tool may be "a bit too simplistic" for geeks and people who "just eat and breathe Internet privacy issues." For the rest of us, however, it may be time well spent.

Faraday bags? Oh, yeah. For the sleuthing shyster in your life, Escape the Wolf has a new range of gadget cases that are engineered with one primary purpose: to avoid technical surveillance, mobile phone tracking and remote digital exploitation. As it turns out, these guys have been lurking undercover for just over a month now, but it looks as if they're now on sale to the masses -- civilians included. The Zero Traces line can hold both laptops and phones alike, with each piece capable of shielding GSM / CDMA, WiFi and Bluetooth devices from being "remotely exploited." The pain? Between $24.99 and $199.99, and you can part ways with varying levels of cash right there in the source link.

Zero Trace gadget bags dodge 'digital exploitation,' schadenfreude originally appeared on Engadget on Wed, 18 Apr 2012 01:52:00 EDT. Please see our terms for use of feeds.

Permalink

Wouldn't it be nice if we were free to surf the web free from fear of having our traffic monitored and emails scraped by the NSA? Well, if Nicholas Merrill has his way, we won't have to rely on anonymous browsers or proxy servers -- we'll have a new ISP built from the ground up to protect customer privacy. A non-profit, the Calyx Institute, will run the ISP that'll employ end-to-end encryption on web traffic, plus encrypted emails to prevent anyone other than the user, including the ISP itself, from seeing people's internet activity. Because of this structure, Calyx, quite literally, won't be able to comply with governmental requests to obtain customer traffic data under the Patriot or Foreign Intelligence Surveillance Acts. The best part is, such online privacy may cost as little as $20 a month, and Merrill has hopes to provide a similarly secure VoIP service at some point as well. Of course, the venture will only be possible if Merrill can raise the $2 million needed to get it going -- which is why he's pitching the idea to venture capitalists in Silicon Valley and the general public through crowd-sourced funding site IndieGogo. Want to help out? Hit the source below to make a donation.

Calyx Institute to create ISP that keeps customer traffic private, away from prying governmental eyes originally appeared on Engadget on Thu, 12 Apr 2012 21:22:00 EDT. Please see our terms for use of feeds.

Permalink

Facebook's massively expanding its Download Your Information service into an all-encompassing archive of the data Mr. Zuckerberg collects about your daily dose of people-stalking. DYL was introduced in 2010 and allowed you to pull down all the photos, posts, messages, friend lists and chat conversations in the archives -- but now will also offer stored IP addresses, previous names you've used, friend requests you've made, with further categories due in the future. It'll have to sate the concerns of privacy organizations worldwide, since it's rumored to collect 84 different categories of information about you (85 if you count all those Instagram photos it just bought). It'll be gradually rolled out to all 845 million users in the coming weeks and is available from your general account settings.

Facebook revealing the personal data it collects, won't spare your drunk-poking blushes originally appeared on Engadget on Thu, 12 Apr 2012 11:23:00 EDT. Please see our terms for use of feeds.

Permalink

You have your birthday listed on your Facebook profile, and at some point you got caught up in the local banking movement and decided to become a fan of your local credit union. In the friends list you have highlighted your family members, including your mother, whose profile is searchable under both her married and maiden names.

The decision to include that information is the result of three seemingly harmless and unrelated, split-second decisions. And in many cases, it's all an identity thief needs to empty out your checking account.

Sponsor

"Attackers can use this information to steal online identities, from bank accounts to email inboxes and social profiles. Not only are your accounts at risk, but you could be used as the vessel to disseminate spam and malicious profiles to your friends on Facebook," said Ellen Gomes, a spokeswoman for Barracuda Labs. "Many malicious profiles gain legitimacy among users, gathering 'friends', by having real 'friend' vouch for them, allowing these accounts to gain access to thousands of other accounts."

The success of Facebook as a company will ultimately hinge on how well it can use all of the information users share with it to help companies better target advertising. At the same time, all of that information can be used by thieves to access accounts or by other people to learn information about you that you had thought was private.

More Than Marketing Data

Take, for instance, the recent work of Peter Leone, a professor of medicine at the University of North Carolina's Center for Infectious Diseases. Leone is researching whether or not a person's circle of friends can predict whether they're at risk for sexually transmitted diseases. Real-world social networks have long been known as a good way to determine a person's STD risk level, and Leone is showing online social networks can do the same.

In the hands of your doctor, determining whether you're at risk for STDs or other diseases is, generally speaking, a good thing. Your physician can advise preventative (and, usually, less expensive) treatments. But what if your health insurer starts using that same risk information to set your premiums? You are, in effect, being penalized for something that might happen.

With Apps Like That, Who Needs Enemies?

As reported by The Wall Street Journal, all these apps and, in particular, information we share on social networks, means we can expect to start seeing details about our religious, political and sexual preferences popping up in places where we don't expect them to - and in many cases, don't want them to - appear.

The newspaper reviewed 100 apps, including its own, to determine what kind of information users were sharing. Among the newspaper's findings:

"Popular quiz games "Between You and Me" and "Truths About You" sought dozens of personal details - including the sexual preferences of users and their friends - that don't appear to be used by the app in the questions it poses to users about their friends."
"The app that sought the widest array of personal information of the 100 examined, 'MyPad for iPad,' has a two-paragraph privacy policy that says it is 'adding Privacy settings shortly'," seemingly in violation of Facebook's privacy policy.
"Dozens of apps allow advertisers that haven't been approved by Facebook within their apps, which enables advertisers including Google to track users of the apps."

Education is the Only Remedy

Facebook and other social networks will have trouble keeping up with crooks and companies mining data for unscrupulous reasons. And every new security fix or policy change will mean more new workarounds for people who want to exploit your information.

The key, according to social media consultant Jay Patel, is user education.

"We have not yet developed a stringent system or moral acumen to control or comprehend the implications of this information that is publicly available," he said. "What we need to do is educate people on the implications of privacy policies and what it means to share personal information or make it public... [and provide consumers] the honest information of how their data will be used in simple, easy-to-understand terms before they share."

And any fix, Patel said, needs to avoid stifling all the potential good that could come from increased information sharing.

"In the coming five to 10 years, we will see innovators utilize this information in positive ways, such as education, knowledge distribution, pre-emptive measures against social or physical [viral] threats, and ways to measure public sentiment," he predicted.

Image courtesy of Shutterstock.

Discuss