PRIVACY

PRIVACY once lost can NEVER be recovered. 

Personal revealing information is publicly available. Can privacy be protected?. Maybe not, but don't make it easy?  Here is what MTSkeptics posts about PRIVACY, GPT

This page highlights some of the more significant privacy hacks on the Internet organizations:
Along with activities:
Such Personal Aggregators steal and sell personal data such as:
        • Location and travel history
        • Family, friends, and business networks
        • Health, medical, DNA, and physical records
        • Professional and employment records
        • Forever records readily available online
        • Likes, dislikes, and preferences
        • Political and social preferences and alignment
        • Religious affiliations
        • Sexual preferences and activity
        • Legal history including criminal and minor infractions
        • Financial and credit status and history

for "a buck" to ANYBODY wanting to know.  

Huge, interconnected databases, mined by artificial intelligence tools easily expose records and routinely facilitates SCAMS, Indentity Theft, and fraud

For example, the Cambridge Analytica problem wasn't a failure of initial user's security.  It was a failure of their friends' security, which they exploited.  FACEBOOK sold Cambridge their customer's records while making no attempt to keep it private.


PERSONAL AGGREGATORS

Below is a list of internet resources that can turn up all kinds of embarrassing and potentially invasive information. 

 - PIPI is the world's leader in true identity solutions which organizations can access over 3 billion identities to validate transactions, investigate sources and enrich contacts

CVGADGET aggregates all the possible search results from various sources into one page with expandable/collapsable widgets. It’s supposed to include all the sites that HR may use to screen job applicants, so this may come in handy for your next job search.

ZABASEARCH explores a comprehensive range of public records to present mostly contact information for the person whose name you are searching. The benefit to this deep web people search engine is that it provides data, such as date of birth, addresses, phone numbers and email addresses free of charge, while many other people search sites charge for this type of information.

 - SPOKEO is a people intelligence service that helps you search, connect, and know who you are dealing with. You can use it to find old friends, identify unknown callers, or research your date. Professionals use it to find new customers or to prevent fraud.

Check If YOU Have Been PAWNED

 - HPI Identity Leak Checker, makes it possible to check whether your email address, along with other personal data (e.g. telephone number, date of birth or address), has been made public on the Internet where it can be misused for malicious purposes.

 - Have I been Pwnd website came about after what was, at the time, the largest ever single breach of customer accounts — Adobe. The website creator often did post-breach analysis of user credentials and kept finding the same accounts exposed over and over again, often with the same passwords which then put the victims at further risk of their other accounts being compromised.His FAQs page goes into a lot more detail, but all the data on this site comes from "breaches" where data is exposed to persons that should not have been able to view it.


California Attempt to Fight for Consumers

Effective 1/1/20, California law helps consumers fight against some of it -- California Consumer Privacy Act 


- - back to top


LOCATION and Travel History

Using a cell phone provides a continuous recording of the user's location by the cell companies.  Those companies in turn sell that supposedly anonymous meta-data to third parties or provide it to law enforcement.  There is no way a user can restrict such availability.  Several thousand other companies, including Google and Facebook, gather user location data via apps the users installs on their phones and computers. Those records can be somewhat avoided and limited, but in the process significantly reduce the functionality and usefulness of the app. The question is "How big of a risk is there in sharing location data."  That depends on how the user shares it.

Some data, such as that collected by the phone companies, is difficult to obtain.  Whereas other data such as that posted on Facebook might as well be on a billboard.  Nearly all the companies that collect location information promise in their terms promise not to share identifying information not otherwise authorized by the user, but some of the largest, such as Equifax, have been hacked, have sloppy security, such as Target or just ignore their own term of us, such as Snapchat and Flashlight

When it comes to assessing the risk of location sharing, there is no shortage of articles on the Internet that warn of the dangers, but let's get REAL.  No need to hyperventilate over location sharing.  There are just too many "leaks" of that information.

Location sharing has value to the user, but, when possible, users should limit it.  Both the iPhone and Android phones have security controls which limit what an app can access.  For example, Flashlight does not need to know the user's location block the app's access to it. Google Maps, Waze, FindMy Phone, FindMyFriends, etc do need to know, but limit the time these apps may retain that data (at least try to).


- - back to top


GOOGLE


What does Google know about us? Here is what Visual Capitalist says

https://www.visualcapitalist.com/what-does-google-know-about-you/


Through its various apps and services, Google can craft a robust profile on you and your activity on the internet. It uses this personal information to target customized advertisements to you, however you decide to use the internet: search, mobile phone, Gmail, YouTube, or other apps that run ads connected to the Google network.
Google stores your location (if you have location tracking turned on) every time you turn on your phone. You can see a timeline of where you’ve been from the very first day you started using Google on your phone. Click on this link to see your own data: google.com/maps/timeline

Google knows everything you’ve ever searched – and deleted (images, locations, etc).  Google stores search history across all your devices. That can mean that, even if you delete your search history and phone history on one device, it may still have data saved from other devices. Click on this link to see your own data: myactivity.google.com/myactivity
Google creates an advertisement profile based on your information, including your location, gender, age, hobbies, career, interests, relationship status, possible weight (need to lose 10lb in one day?) and income. Click on this link to see your own data: google.com/settings/ads/


Google stores information on every app and extension you use. They know how often you use them, where you use them, and who you use them to interact with. That means they know who you talk to on Facebook, what countries are you speaking with, what time you go to sleep. Click on this link to see your own data: security.google.com/settings/security…
Google stores all of your YouTube history, so they probably know whether you’re going to be a parent soon, if you’re a conservative, if you’re a progressive, if you’re Jewish, Christian, or Muslim, if you’re feeling depressed or suicidal, if you’re anorexic … Click on this link to see your own data: youtube.com/feed/history/s…

This link includes your bookmarks, emails, contacts, your Google Drive files, all of the above information, your YouTube videos, the photos you’ve taken on your phone, the businesses you’ve bought from, the products you’ve bought through Google …

They also have data from your calendar, your Google hangout sessions, your location history, the music you listen to, the Google books you’ve purchased, the Google groups you’re in, the websites you’ve created, the phones you’ve owned, the pages you’ve shared, how many steps you walk in a day … Click on this link to see your own data: google.com/takeout


This information has millions of nefarious uses. You say you’re not a terrorist. Then how come you were googling Isis? Work at Google and you’re suspicious of your wife? Perfect, just look up her location and search history for the last 10 years. Manage to gain access to someone’s Google account? Perfect, you have a chronological diary of everything that person has done for the last 10 years.

We would never let the government or a corporation put cameras/microphones in our homes or location trackers on us. But we just went ahead and did it ourselves.

Google Privacy Checkup & Security Checkup

In your Google Dashboard, you can perform a Google Privacy Checkup and a Security Checkup if you want to enhance the control you have over your online Google account data.

To run any of those Checkups, scroll down to “More ways to control your data.” Under it, click on “Security Checkup” or “Privacy Checkup.”
Google Privacy Checkup (which you can also access through this link) is meant to walk you through the main steps of adjusting the data Google uses to personalize your online experience. To get started, just click on “Start Now.”

Here is a walk through and discussion of all the 5 Google Privacy Checkup steps:

1. Manage Your Shares on YouTube: Under “Likes and subscriptions,” check the boxes next to all the options. Under “Your YouTube activity feed,” uncheck all the options. 
2. Help People Connect with You: If you have a phone number added to your Google account, make sure you uncheck both options under this section. Otherwise, people who have your number can interact with you through Google services, and view your public data as well (which can be exploited by people with bad intentions). 
3. Choose What Google+ Profile Information You Share with Others
If you want to take your Google+ profile privacy to the next level, be sure to uncheck all the options in this section (except the very last one – we’ll get to that in a bit). This way, profile visitors won’t be able to see things like your photos, videos, and community posts unless you share them publicly. 
Be sure to click on “Edit What Others See about You” if you want to tweak other settings, such as your birthday and gender. 
As for the last option under “Photos and Videos,” make sure you check it to ensure your publicly-shared photos won’t be used by Google to promote their services and products (Yes, they can actually do that). 
Click on “Edit Your Shared Endorsements Settings,” and check the option at the end to make sure Google won’t use your profile info and reviews (involved with shared endorsements) in ads. 
4. Personalize Your Google Experience: Click on the drop-down menus next to all the items on the list, and drag the slider to the “Off” position. Why? Because it will help you keep Google from saving a lot of info that’s related to your online activity. 
5. Make Ads More Relevant to You: Just click on “Manage Your Ads Settings,” and turn off “Ads Personalization.” Do that and you won’t have to constantly worry about Google using all your account data to bombard you with “relevant” ads. Naturally, that doesn’t mean you won’t see any other ads online. 
Google Security Checkup

This feature (accessible through this link as well) lets you manage most of your Google account’s security options, such as:

  • The devices associated with your account
  • Third-party apps that can access your data
  • Two-step verificationYour account’s recent security activity
Under “Recent security activity,” you can quickly check out when and where your Google account was accessed. If you notice any activity you don’t recognize, click on “Don’t recognize an event?” and follow the on-screen instructions to change your password.

If you click on “Third-party access,” you’ll get a whole list of apps that have access to your Google account data. You’ll also see what kind of data they have access to as well (click on the exclamation mark icon on the right of the app to learn more about that). If you want to remove an app from the list, just click on “Remove Access” in the lower right.

“Your devices” contains a list of devices associated with your account, and some general security tips (like a recommendation to add a screen lock to your mobile phone). Click on “Don’t recognize a device?” if you notice any suspicious activity and follow the instructions to change your password.

Lastly, to turn on two-factor authentication (which we highly recommend you do), just click on “2-Step Verification” and link an email address or phone number with your account. To add more options, access this link and follow the instructions.

Other Ways to Control Your Data

Besides Google Privacy Checkup and Security Checkup, your account’s Dashboard offers other options to control your online data, such as:“Download your data” – Very useful if you plan on erasing your online tracks (to a certain degree, of course) or if you want to delete your Google account. Just browse through all the account data you want to save, and click on “Next,” and then on “Create Archive.”

“My activity” – An overview of all your online activity that involves your Google account. You can browse through it, and delete certain activities.

“Maps timeline” – It’s an in-depth overview of the places you accessed Google from – along with the dates. 

Yes, Google actually knows stuff like that about you. If you want to see what else they know, check out this article.“Activity controls” – Here, you can tweak certain features (such as Location History or Device Information) to enhance your Google experience and protect your privacy (not completely, unfortunately – Google won’t really allow that). We’ve got a more in-depth tutorial for this here.

- - back to top

FACEBOOK

Facebook has reams and reams of data on its subscribers. It offers a similar option to download all that information. Click here to see every message ever sent, every file ever sent, all phone contacts, and all the audio messages ever sent:  https://www.facebook.com/help/131112897028467

Facebook stores everything. It stores what it thinks subscribers might be interested in, based off the things they liked, what they and their friends talk about, and from where and when they've logged in and on what device.  They also store all the stickers they’ve ever sent.

They can access subscribers' webcam and microphone at any time. The data they collect includes tracking what applications they have installed, when they use them, what they use them for. They store contacts, emails, calendars, call history, the messages sent and received, the files downloaded, the games played, photos and videos, music, search history, browsing history, even what radio stations subscribers listen to.

REF: https://www.theguardian.com/commentisfree/2018/mar/28/all-the-data-facebook-google-has-on-you-privacy

- - back to top

INSTAGRAM

Instagram knows a lot about its subscribers, and it shares that data with Facebook, which in turn uses data collected through Instagram, such as who one follows and location information, for targeted advertising and other purposes.

It has fewer privacy controls than Facebook.

Apps connected to an Instagram account can access some of its subscriber data. There haven’t been any notable data breaches on Instagram, but the more apps subscribers tie together, the more vulnerable they are to security risks. Third-party apps played a big role in the the Cambridge Analytica scandal, and the recent Google+ data bug.

Subscribers can examine what kind of data and permissions they’ve made available to other apps, and revoke access for apps by logging onto Instagram through a browser: Click the person-shaped icon in the bottom right corner > Click the gear icon in the top left > Authorized Apps > Revoke Access.

Instagram uses a number of tools to recommend new accounts to follow. One method is to periodically scan the contacts on a subscriber's phone, if they've been granted Instagram permission to access them.

Once a subscriber grants any company access to his contacts list, it's hard to know just what they'll do with it. A recent report from researchers at Princeton and Northeastern University suggests that Facebook uses information from users’ address books to target their friends with ads.

Even if a subscriber has given Instagram permission to scan his contacts, it’s not too late to rescind it. Log into Instagram > Click the person-shaped icon in the top right corner > Click the gear icon to the right of the username > Privacy and Security > Manage Contacts > Delete All.

Personal information can leave a digital trail of where one goes online. On the "Consumer 101" TV show, Consumer Reports' expert Thomas Germain explains to host Jack Rico what to do to protect online privacy.

REF:https://www.consumerreports.org/privacy/instagram-privacy-settings/


- - back to top

LINKEDIN

A lot of focus has been on Facebook. It isn’t the only place where a lot a lot of information gets shared. LinkedIn gets a lot career and interest info, and uses it to sell ads and other services. Subscribers should definitely be careful about information they post on LinkedIn, and limit the free flow of private data.

Stop Syncing Things

LinkedIn is owned by Microsoft, so it can sync with Microsoft Office to help make resumes in Word. It syncs with job and employers when members share an account via an API. It can sync to a Twitter account, so people can cross-post content to both networks.

When members connect all these accounts, they all get access to some portion of others' data. It increases the risk of LinkedIn accounts getting compromised if one of the other services gets hacked. Consult the Lifehacker REF to untether,

Keep LinkedIn out of Your Contacts
LinkedIn also asks to sync member's contacts and calendar from his phone to help find professional networks on the site. Users often do this when they create their accounts to find people they know quickly, but forget that, by “syncing” the accounts, LinkedIn can and will continue to monitor their contacts over time.
Consult the Lifehacker REF to unsync,

Turn off targeted ads
Like every social network, LinkedIn wants to show members targeted ads based on their interests.  Members can’t prevent LinkedIn from tracking them, but they can minimize how many of its partners get to see and use it. To turn off personalized ads, See REF.

Don’t be Linkedin’s Guinea Pig 
Similarly, LinkedIn shares data from its users to share insights on trends related to work, job-seeking, etc. If it isn’t public, don’t post it. See REF to turn this OFF.

An overall “rule of thumb” for giving LinkedIn information, "post information on LinkedIn only if you're ok with everyone seeing it."

LinkedIn shares data with recruiters and corporate HR professionals, including people at a member's current and past employers. It may seem like common sense, but LinkedIn is designed to extract information about one's personal and professional life. Having members share that information is always in Linkedin's best interest, even if it isn’t necessarily in a members.

For example, LinkedIn asks to let them know if a member is “actively” looking for a new job. According to the site, flipping this setting lets the site know to push a member profile to recruiters more aggressively. While doing this may help in a job search, it is also playing with fire if that member is already employed: The fine print for the feature states that, while the site takes steps to hide a member's status from his employer, LinkedIn may still share a “job-seeking” status with an employer.

While being “good at LinkedIn” may seem important because it’s a career-related service, members are probably better off leaving their account partially unfinished or unoptimized, rather than offering up more personal information than necessary to accomplish  professional networking goals.


REF: https://lifehacker.com/how-to-protect-your-privacy-on-linkedin-1830566181


- - back to top

BROWSER SPYING

For Internet searches use DuckDuckGo instead of Google. Read Friends Don’t Let Friends Get Tracked!

Use the Incognito (Chrome) or Private Window (Firefox) mode  


Browsing behavior can be tracked multiple ways —even with a VPN. Cookies allow companies to track one’s internet usage even after leaving their sites. Here is a handy guide to pruning cookies.
Strip out all identifiers when sharing URL links. Examine the URL. Often after the dot com you will see a "?" follow by a long string of characters.  Unless you are share something from a mapping app, you don't need to share the information after the "?".  It contains all kinds of unnecessary identification info.

Delete Cookies from your browser. How to Control and Delete Cookies on Your Browser

- - back to top

VIRTUAL PRIVATE NETWORK


When the internet was first being pieced together, not much thought was given to security or privacy. The internet hasn't made a lot of fundamental improvements. Only in the past few years HTTPS has become widespread.

A VPN creates an encrypted tunnel between the user and a remote server operated by a VPN service. All internet traffic is routed through this tunnel, so data is secure from prying eyes. Because traffic is exiting the VPN server, the user’s computer appears to have the IP address of said server, masking source identity and location.

Consider the public Wi-Fi network, such as in a coffee shop or airport. Because connections are plain-text over readily accessible networks personal private data, such as passwords, banking data, credit card numbers, etc. can easily be intercepted..

The home Wi-Fi network can almost be secure when the user owns it. But a the ISP can see everything and, thanks to Congress, can sell anonymized data about its customers.. VPN can help block the ISP monitoring.

When traveling abroad, a VPN can connect to a server in a different country (mostly) as usual with familiar websites using an understandable language and "spoof" user location..

The reverse is also possible.: From the comfort of home, pop over to a far-away VPN server, perhaps to access streaming video unavailable in the US.

VPNs can also grant access to government-blocked websites, which is why we're seeing VPN use being blocked in Russia and China.

For the most part, VPN clients are the same for both Windows and macOS. But marked performance differences may depend on the platform. VPNs are also available for Linux and Chromebook

Most companies offer VPN apps for Android and iPhones. However, VPNs don't always play nice with cellular connections

VPNs can only do so much to anonymize of online activities. If browsing the web anonymously is critical, such as access to the Dark Web, use Tor.

Trusting VPN privacy can be tricky. It's so important to read the privacy policy for VPN services, and to find out where a VPN company is head quartered. NordVPN, for example, operates out of Panama, and is not subject to any laws that would require it to retain user data.

PureVPN, on the other hand, handed over log information to federal investigators. Just about every VPN company says that they don't keep logs, but the extent to which they do or do not monitor usage isn't always clear..

Unfortunately, some sites and services look at VPN traffic as suspicious, and won't let allow connections. That's a real problem, especially when it's the bank.

Chromecast and other streaming protocols have problems with a VPN.

Netflix blocks most VPNs.

Some VPN companies would rather not deal with downloading via BitTorrent. Although it is not inherently illegal, it is often used to pirate copyrighted material.

In general, using a VPN is going to decrease the speed at which you upload or download data. Only extensive testing can give you some idea which service is fastest

VPNs for gaming, are few.

REF: What Is a VPN, and Why You Need One

HideMyAss Internet Privacy Tools 

- - back to top

SHARING YOUR DNA


Genetics testing companies, like Veritas Genetics, Ancestry, and 23andMe, are providing consumers with an unprecedented level of access to their personal genome. The business of personal data kits are booming.  But what are the privacy risks?  That can be answered with a simple internet search. Each of these providers swear they will protect subscriber privacy.  So why is the Pentagon not buying it?  Significant privacy leak 
The most often stated risks are:
  • Law enforcement and the federal government can pressure these companies to share your DNA
  • Hacking and poor security practices at provider.
  • Use by Insurance companies (Medical and Life) to increase premiums
  • Inaccuracies lead to bad life and medical decisions
  • Loss of guarantees if providers merge or sell portions of their business.
  • Complex privacy practices unclear to consumers
  • Discriminating use by employers
The above risk are not limited to the subscriber but have extent to family members. 

Providers have a good reason to protect subscriber DNA — their business future depends on maintaining the trust of consumers. But there are thorny issues related to genetic privacy that still today don’t have easy answers or iron-clad legislative protections. And regulators aren’t convinced they are doing right by consumers. A recent Fast Company report indicates that 23andMe and Ancestry are being investigated by the Federal Trade Commission over their policies for handling personal info and genetic data and how they share that info with third parties.
The key thing about genetic data ... it uniquely and forever identifies the subscriber. It is important to understand what the consequences are
- - back to top