Smartphone Pictures, Exif, and Personal Privacy

Smartphone Pictures, Exif, and Personal Privacy

They’re everywhere. In our homes. Offices. Schools. They contain sensitive information about us, identify our children, and have enough data about us to let criminals walk right into our homes. I’m talking, of course, about the digital photos on your smart phone.

An over-dramatization? Perhaps, but not by a lot. Recently there’s been a lot of chatter online about digital pictures and privacy. You’ve probably seen the Facebook status updates or buzz on other social media channels about how cell phone pictures can be a danger to your family’s safety. Snopes.com even posted about it recently and gave the topic a green light, which means after reviewing the facts they deem it true. The pictures you take with your smartphone can rat you out to the world.

The truth of the matter is that most devices with cameras these days (most notably smartphones) can add GPS or other location-aware data to your digital images, and can also add dates, times, and other information that could be used to track you down, much like they helped track down a high-profile antivirus software developer who was being sought after by authorities in late last year. This data is called “Exif” (Exchangeable image file format) and can be used to pinpoint your location when a photo was taken. Standalone digital cameras don’t often automatically add this information, but it’s best to check with the manufacturer to be certain.

A sample scenario of a potential privacy breach is as follows: Let’s say you take a picture of your kids at your home with your iPhone. If you don’t have your privacy settings set up in such a way that the Exif data is stripped, the latitude and longitude of where you took the picture is now embedded in the file. Upload that to your blog and now people can grab your image, parse out the Exif data, and find the approximate location of your home. It doesn’t take a tech genius to figure out that within a few hours anyone who saw that picture can be at your doorstep.

Fortunately it’s usually a pretty straightforward task to strip out Exif data (see “verexif.com“, “imageoptim.com” for Macs, or just do a Google search for “remove photo exif data” for more resources). To prevent geo-tagging information to be added to your images in smartphones in the first place, use this guide:

  • iOS 6:
    • Open Settings > Privacy > Location Services
    • Find the entry for Camera and swipe the button to the “OFF” position.
  • Android:
    • Because the User Interfaces for each Android device is different for each manufacturer, it’s not as easy to tell you how to turn off Exif geo-tagging. The settings are likely under the “Settings” icon, but the exact path may be different. You may need to hunt a bit for the option.
    • Note: There are apps that you can download which can help. Find out more details on this blog: “How to Scrub the EXIF Data from Photos on Your Android Phone Before Sharing Them“.

The up side to all of this is that certain social networks such as Facebook and Twitter proactively strip out Exif data, but that can change in the future and I personally wouldn’t trust it if you’re really concerned about data telling the world where your pictures were taken. Your best bet is to prevent the Exif geotagging from happening in the first place by being proactive about it with your devices.

Image courtesy of clanlife

If you're looking for great anti-virus software that won't break the bank, try StopSign. You don't pay extra for tech support for difficult malware, and our web protection software just works. Download & install StopSign to find out why our members choose us over the other options.

Online Safety for Kids

Online Safety for Kids

It’s getting close to the middle of the school year for most kids, and by now they’re probably pretty comfortable with the swing of things. As such, you’re probably finding your kids on the home computer surfing the Internet, “studying” online (haha), and chatting with their friends the web. As a parent and a tech geek, I’m all for kids learning and playing online. But as the school year progresses, most kids become lax in their safety consciousness when online.

It’s always a good idea to remind your kids about the importance of online safety, but here are three things you should make sure to keep on top of all year long:

  • Don’t give out personally identifiable information:

    First names are probably fine, but a last name should always be kept under wraps from anyone your kids interact with online. Other things to keep quite about are the locations of their home and school, frequent hangout spots, and after-school schedules. The last thing you want is some creepy stranger taking a 3 hour drive to visit your kid at little league!

  • Keep kids social networking profiles private:

    Places like Facebook allow kids (and adults) to post anything they want at any time they want, with little to no repercussions. Make sure that your kids don’t accidentally invite a web perv into their online life with an open and public profile.

  • Let an adult know about cyberbullying:

    Cyberbullying is no joke, and it’s happening more and more. Be sure to keep an open and honest dialog with your kids about online harassment, whether it’s about them, their friends, or someone they know at school. No child should have to live in fear or shame because of a cyberbully.

If you keep those three things alive and well during the entire year, your kids will have a much better, and safer, time on the Internet.

If you're looking for great anti-virus software that won't break the bank, try StopSign. You don't pay extra for tech support for difficult malware, and our web protection software just works. Download & install StopSign to find out why our members choose us over the other options.

January 28th, 2011 is World Data Privacy Day

January 28th, 2011 is World Data Privacy Day

Friday, January 28th, 2011 is World Data Privacy Day. With a New Year comes a new time to stop and think about how data privacy affects you and your family. Whether you’re accessing information online by a mobile device, social networking sites like Twitter or Facebook, or if you’re using other online services, information you type in, request, or log in with is being captured and acted upon by others.

As a Digital Citizen, it’s up to you to watch the watchers… to ensure that your data is being handled properly by the sites and services you choose to use. As such, you should educate yourself on how sites are tracking your information, storing your data, or processing your logins. If you don’t, who will?

For more information about data privacy, you can visit our blog posts tagged with “Privacy“, or the Washington State Attorney General’s page on Internet safety. Feel free to also check out the StopSign privacy policy for details on how we deal with privacy issues. You can also leave a comment below with any questions if you like.

If you're looking for great anti-virus software that won't break the bank, try StopSign. You don't pay extra for tech support for difficult malware, and our web protection software just works. Download & install StopSign to find out why our members choose us over the other options.

Rise of the LSO, AKA the “Super Cookie”

Rise of the LSO, AKA the “Super Cookie”

Since the dawn of the first web browsers dragging themselves from the sea to the land and gasping air for the first time (or something like that), there has been someone who wanted to track what’s happening in the browser. Whether it’s for remembering settings, keeping items in a shopping cart, or aiding in online marketing, the ubiquitous browser cookie has been a staple of the Internet since the early days of the Mosaic browser.

Today, however, there has been an evolution in the browser cookie life cycle, and it’s known as the LSO (Local Shared Object, AKA a “Flash cookie”). It’s not called the Super Cookie because it can leap buildings in a single bound, but rather because, like the Man of Steel, super cookies are pretty darn close to impervious when normal humans like you or I attempt to get rid of them.

What’s the difference between a browser cookie and a super cookie?

The super cookie is both scary and fascinating. Unlike its cousin the browser cookie, the super cookie is a Flash-based cookie that is stored in a different location on a computer than a browser cookie, can be much larger than the 4K allotted the browser cookie, and is much more difficult to uninstall (or even find on your PC) than the cookies you’re used to dealing with. In short, it’s a nightmare to deal with and opens up all kinds of privacy concerns.

What can I do about the super cookie?

Now, whether you want to keep or kill the super cookie is up to you. Like the browser cookie, a super cookie is only as evil as its creator, and most developers will likely use the LSO to make things like tracking general customer information easier vs. attempting to waylay your privacy and sell your data to the highest bidder. However, there are enough differences between browser cookies and Flash super cookies that it’s kind of a “Wild West” situation right now in the Land of Cookies.

If you’re afraid of someone using super cookies for evil (and lets face it, that’s a possibility), there are several ways to suppress or remove the LSO super cookie:

  • Manual deletion:

    The most tech savvy method to remove the super cookie, manual deletion is probably best suited for the technically minded. A super cookie is usually found in the “Flash Player” directory on your computer, but can be stored elsewhere. Use the search tool on your PC an look for the *.sol file extension.

  • Better Privacy (Firefox addon):

    If you use Firefox you can add the Better Privacy plugin to your install and let the addon work its magic on your LSOs.

  • Disable/remove Flash:

    Not a fan of Flash in the first place? Don’t care about certain videos or online games? If so, just disable or full-on remove the Flash player from your computer. If it works for iPhone users, it might work for you, too.

  • Visit Adobe:

    Adobe has a tool that you can use to update your settings quickly and easily. Just go to http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager03.html and set the “Global Storage Settings” to “Zero”. This will prevent new flash cookies from being put on your computer, but if you have any right now you’ll still have to remove them as described above.

As you can see, updating, removing, or changing the behavior of Flash super cookies is kind of a pain right now. But like always, we have to roll with the punches, right? Now that you know about the LSO, check them out every now and again and see if you want to keep them around or not.

If you're looking for great anti-virus software that won't break the bank, try StopSign. You don't pay extra for tech support for difficult malware, and our web protection software just works. Download & install StopSign to find out why our members choose us over the other options.

Are Browser Cookies Bad?

Are Browser Cookies Bad?

Browser cookies are an interesting topic, because it seems that anyone who knows anything about them has an opinion. Privacy-minded folks probably won’t give them a good review. Online merchants will tell you they’re invaluable. Most people probably fall somewhere in the middle.

If you don’t know much about browser cookies, read on for a brief description of what they are, what they can do, and what to look out for.

What is a browser cookie?

Browser cookies (AKA “cookies”, or “web cookies”) are text files that reside on your computer. Cookies get onto your computer by visiting a website that sets a cookie on your machine. A browser cookies lifetime can be updated by the website that sets the cookie, but as a user, you can always delete cookies at will through your web browser.

What kind of websites use browser cookies (and why)?

Any type of website can use cookies. If you’ve ever been to sites like Google, eBay, or Amazon then your computer has received a cookie. Some sites use cookies to keep track of preferences, such as what color you want a theme to be, or if the login mechanism should remember your username so you don’t have to keep typing it in. A cookie can also be used to keep track of what’s in your online shopping cart so the website can check you out faster or suggest other items you may be interested in.

Since anything that can be described in text can be set in a cookie, the possibilities are endless for what can be put in a browser cookie. The results are in a key=value format, but the key and value are determined by whomever writes the code, so they can be anything; the content can even be encrypted if the developer wants it to be.

What concerns should I have regarding browser cookies?

Can a browser cookie infect you with a virus or spyware? No, not directly. Browser cookies aren’t executable like software programs; they’re just text files. However, they can be used to track things you see, click on, etc. and are therefore technically a privacy concern. If you are concerned with remaining completely private and anonymous on the Internet, cookies probably won’t be your favorite topic.

Even though browser cookies themselves can’t cause problems, cookies can be used as part of the overall process in a malicious scheme. Cookie hijacking, where a third party intercepts your browser cookies on a non-secure connection, is a possibility, and that can lead to things like spyware and loss of privacy.

Are browser cookies bad? Are browser cookies good?

The answer, it seems, depends on many factors. Who (or rather, what website) wrote the cookie? What are they using it for? Is the information kept for use by the site only, or is tracking data passed to third parties? Does the website require cookies for the site to function? Does the website put sensitive information about you or your browsing session in the cookie data?

You can crack open any cookie on your machine to view the contents (remember: they’re just text files), so if you’re really concerned about what’s in a particular cookie, check them out in your browser and see what’s going on. Most cookies are pretty safe, especially those from the Amazons and eBays of the world, but you never know until you start poking around. If you’re really concerned, just be sure to keep your antivirus and/or antispyware software up-to-date and be careful about where you’re surfing. If you do those things, chances are pretty good you’re going to be OK.

If you're looking for great anti-virus software that won't break the bank, try StopSign. You don't pay extra for tech support for difficult malware, and our web protection software just works. Download & install StopSign to find out why our members choose us over the other options.

Who Do You Trust?

Who Do You Trust?

There are millions of websites online and many of them offer things you can buy, download, or receive by some method. They’ve got the stuff, and you want the stuff, but you’re worried that somehow/someway your info will get leaked out. So how do you know who you can trust with your personal information or credit card numbers?

One good way to determine who you can trust is by checking the website for trust, verification, or privacy seals/certificates from trusted third-party sources. There are companies out there whose job is vetting company’s and websites and ensuring that they are safe, secure, and legitimate. In most cases the seal/certificate will be a link back to the issuing company with details on who they are, what they do for the original site you clicked on, and what level of trust or security you can place on the site.

There are many options when it comes to third-party accreditation or authentication, but here are some of the more popular options: (Disclaimer)

  • Verisign:

    According to their website, “VeriSign is one of the most trusted and recognized brands on the Internet (Synovate/GMI research, September 2009)”, and the VeriSign Trust™ Seal is a widely-recognized program for monitoring sites for malicious software and website authentication.

  • BBB Online:

    A long-time favorite of consumers, the Better Business Bureau is one of the most widely trusted third party organizations that vets businesses. The BBB uses their own Standards of Trust as a “comprehensive set of policies, procedures and best practices focused on how businesses should treat the public – fairly and honestly in all circumstances.”

  • TRUSTe:

    As noted on the TRUSTe website, “For over a decade, TRUSTe’s online privacy services and trustmarks have enabled businesses to strive for the highest standards in online privacy and customer satisfaction.”

A seal or certificate from any of the aforementioned companies would be a good indicator of trust, as long as there’s a legitimate relationship between the site and one of the 3 companies listed above. Before you go entering your credit card number or other personally-identifiable information, be sure to click on those seals and certificates to make sure the website is actually part of their program. It’s easy to put up a picture of the seal/certificate with no real affiliation with the third party site, so be sure to do your own check first.

StopSign uses Verisign’s services and is also an accredited BBB company.

If you're looking for great anti-virus software that won't break the bank, try StopSign. You don't pay extra for tech support for difficult malware, and our web protection software just works. Download & install StopSign to find out why our members choose us over the other options.