Online Safety and Privacy Tips

This living topic explores various facets of online safety and privacy. It covers the potential dangers of social media platforms for children, the impact of privacy policies on advertising and user data, the importance of managing multiple email addresses to protect against phishing and scams, and the satisfaction differences between professionally and self-monitored home security systems. Additionally, it discusses the risks associated with 'tethered' devices that remain under manufacturers' control and the ongoing legal matters such as the Cash App data breach settlement. Readers will find practical advice and expert opinions on how to safeguard their digital lives effectively.

Article Timeline

Newest
  • Newest
  • Oldest
Article Image

'Meltdown' and 'Spectre' flaws cause huge security concerns

Earlier this week, reports began to surface of a design flaw in certain Intel computer processor chips that put consumers at increased risk of cyberattack.

Though details of the issue were not immediately released to the public, experts said that fixing the vulnerability affected both consumers and companies that relied on the processors, and that a fix for the issue could cause huge slowdowns in online services and device performance.

In response to the reports, Intel issued a statement saying that the vulnerability did not just affect its processors, that any performance slowdowns would not be significant, and that solutions were currently being worked on to fix the issue.

Shortly after the announcement, a great deal of information about the two vulnerabilities – called Meltdown and Spectre, respectively – were revealed. Reports now indicate that the problem affects a much broader range of consumer electronic devices, as well as information hosted on servers in cloud computer networks.

Meltdown and Spectre

While Meltdown and Spectre could both allow hackers to access users’ personal data, they differ in how they actually go about accomplishing that task and how many devices they affect.

Meltdown affects nearly every Intel chip made in the past decade or two, as well as certain high-end microprocessors produced by ARM. Hackers who want to exploit the flaw could potentially do so by accessing the kernel memory areas found in users’ devices that store personal information such as passwords, log-in information, and cached files.

Luckily, security experts say that Meltdown is not difficult to protect against because it can be addressed with software patches. While these patches may still come with a performance penalty, estimates from various companies indicate that only certain tasks may be affected and at lower rates than originally predicted.

Unlike Meltdown, the Spectre flaw may be much more difficult to deal with and may affect all microprocessors currently on the market – including those made by Intel, ARM, and AMD.

Reports suggest that fully protecting against a Spectre attack may require changing how processor chips are designed, though some aspects of the flaw may be protected against through software updates.

While Spectre’s description paints a grim picture, companies and security experts say that the flaw is much harder for hackers to exploit.

Cloud-based services at risk

One of the more worrying aspects of both the Meltdown and Spectre flaws is their potential to help hackers steal information from consumers who use cloud-based services.

Hackers who manage to infect a consumer’s electronic device with malicious software or malware could potentially use the flaws to steal data from other users operating on the same server for a cloud-based service.

Companies such as Google, Microsoft, Amazon, and Citrix have all issued advisories for users of their cloud services on how to best protect themselves from these attacks. On Wednesday, Amazon also announced that it would be patching its systems to further protect users, and upcoming patches from both Google and Microsoft have also been scheduled.

Other affected companies such as Apple, AMD, and ARM have also released statements addressing the issue.

Earlier this week, reports began to surface of a design flaw in certain Intel computer processor chips that put consumers at increased risk of cyberattack....

Smart household devices may be your biggest security blindspot

New research from Parks Associates shows 41 percent of U.S. homes with wifi plan to purchase a smart appliance or other wifi-connected household device in the next 12 months.

The international research firm says the most commonly purchased devices will include smart smoke/CO detectors, thermostats, and lights. These products will join the billions of devices that make up the increasingly popular Internet of Things (IoT).

Each of these devices has its own internet protocol (IP) address and is connected to the internet, just like a PC or tablet. While they offer lots of benefits in terms of better energy efficiency and convenience, they also pose a silent risk: minimal to no security.

Denial-of-service attack

Just over a year ago, hackers harnessed tens of millions of unsecured smart devices like thermostats, home security systems and even printers to launch a massive denial-of-service (DOS) attack against major web sites like Amazon, Netflix, and Twitter. The attack prevented consumers from reaching these sites for several hours.

Dyn, the sites' common DNS provider, said its investigation showed that many of the compromised smart devices had been infected with a malware called Mirai, which is a botnet.

This attack was directed at Dyn, but the threat to individual consumers is just as possible and in many ways, more invasive. 

Security software firm Trend Micro reported a steady increase in the number of attacks on smart appliances–interfering with individuals’ use of their lights, home security systems, thermostats and even TVs and baby monitors.

Additionally, the company expressed concern for voice controlled devices such as Siri, Alexa, Cortana, and Google Assistant, which can also retrieve information and control household appliances if connected. 

Perhaps most concerning of all, Trend Micro cautions that device manufacturers can collect and store data and create online user profiles that could be vulnerable to hacks.

In testimony before the Senate Select Committee on Intelligence earlier this year, Director of National Intelligence Daniel Coats said too many IoT devices come from unregulated, low-cost foreign manufacturers that skimp on security to stay competitive.

Worse, he said some devices do not have a way to be “patched” to retrofit security measures and make them less vulnerable.

What to do

To protect themselves, Trend Micro experts say smart device users should not anything that does not have some means of authentication, such as a username and password. 

When setting up their new device, users should be prompted to change the factory settings default username and password. Default passwords like "admin" are incredibly easy for a hacker to figure out.

Encryption is another important feature to protect your smart device. The manufacturer will probably spell out the type of encryption it uses, but Trend Micro recommends Googling the model number for any possible security issues consumers have reported.

New research from Parks Associates shows 41 percent of U.S. homes with wifi plan to purchase a smart appliance or other wifi-connected household device in...

Article Image

Staples Addresses Security Concerns In Used Computer Sales

Just because you delete a file from your computer hard drive, it doesn't mean the data is gone. Special software can bring the deleted files back to life.

That's why Connecticut Attorney General George Jepsen voiced concern when he learned office supply retailer Staples was selling used and refurbished computers whose hard drives had not been completely initialized. But after his office intervened, Jepson now says his concerns have been addressed.

According to Jepsen, Staples has changed the process it uses to clear the hard drives of personal information of previous owners at stores in Connecticut.

Jepsen approached the Massachusetts-based company in June to present his concerns. Based on the company's subsequent actions, he says he has now closed his investigation.

Issue first arose in Canada

Jepsen wrote to the company after reading a report that more than one-third of the used and refurbished computers, memory cards and USB flash drives sold by Staples Canada still held private customer information.

“I am pleased by the quick response by Staples to address the issue and in time for the holiday shopping season,” Jepsen said. “I am assured the company’s new procedures will clear the hard drive of refurbished computers before they are offered for re-sale.”

Staples told the Attorney General that its stores in Connecticut and across the United States only resell HP computers returned to the store within 14 days of purchase. They do not sell other used computers or used storage devices. No issues similar to those in Canada had been reported to Staples in the United States.

In response to the Connecticut probe, Staples said it adopted a new, enhanced procedure for clearing used computers. The process seeks to prevent even specialized software from accessing information of any previous user.

Once the process is completed, a store manager inspects the computer, verifies its status and signs a sticker placed on the box, which states the product was used previously and has been reset to original factory settings.

Staples agrees to change the way it sells used computers...

Classmates Sued Over Content-Sharing Arrangement


Two Classmates.com members have sued the well-known social networking site, accusing it of exposing members' personal information to unknown parties without giving a proper warning.

The suit, filed in federal court in Seattle, concerns a January 30 e-mail announcing that the site was coming up with ways to let more people use Classmates from around the Internet without having to visit Classmates.com.

To do that, we're about to start making your public Classmates content available to people using a variety of sites and devices, including Facebook and the iPhone, the message continued. This content can include your name, photos, community affiliations, and more Look for our new Facebook app: We're about to release a Facebook application that lets people curious about their old friends and schoolmates explore our class lists and member activity.

The e-mail insisted that Classmates care[s] about your privacy as much as we do your ability to catch up with your past, and that it was accordingly updating our privacy policy to make these new features possible, and you're able to opt out.

But plaintiffs Thomas Ferguson and Patrick Fahy say that the e-mail is presented in such an innocuous and favorable manner that Users would not even be tempted to 'opt out' of the new policy. They specifically complain that most Classmates users have no idea what an 'app' or 'application' is or does, and that Classmates members are never explicitly warned that the new policy will expose the personal information of Classmates Users to millions of persons.

Older users

The plaintiffs' first point -- that the website doesn't adequately explain how users' information will be shared -- is especially salient in light of Classmates' unique demographics.

Among social networking sites, Classmates has the largest number of users over 65 -- fully eight percent of that demographic is registered with the site. Since most of those users aren't also registered with Facebook or MySpace, assuming that they'll know what an app is, much less how it works, is a stretch at best.

Finally, Ferguson and Fahy point out that Classmates has 'pre-clicked' the option to permit disclosure of personal information via the Applications; that is, it forces consumers to take affirmative action in order to opt-out. This type of 'negative option' is well-known to be confusing to consumers, according to the complaint.

Classmates' privacy modification was part of a strategy to tap into Facebook's more than 100 million users, and direct their attention to the store of information accumulated over the years on the Classmates Web site, according to the plaintiffs. It has done this despite the fact that (unlike Classmates) Facebook has been repeatedly sued for violating its users' privacy rights and mishandling information contained on its Web site.

Classmates, which launched in 1995, has around 40 million members and 3.5 million paid subscribers. Despite its relative antiquity, in 2006 Nielsen Online ranked the site third in unique visitors per month -- behind only MySpace and Blogger.

The site has not been especially popular with ConsumerAffairs.com readers, many of whom have repeatedly tried to cancel their accounts, but continue to be billed for the service. As Jamie of Weatherford, Tx, wrote last week:

Classmates.com is a ripoff. Can't get them to stop charging my credit card although I cancelled my membership over 6 months ago. You can call and never get a human on the phone. They're always "experiencing an unusual high volume of calls" and your placed in the que to wait and wait. Try online contact with no success either.

The suit accuses Classmates of breach of contract, unjust enrichment, and violations of the Electronic Data Privacy Act and the Washington Consumer Protection Act. The proposed class -- consisting of all registered users of the site -- is seeking an injunction and unspecified damages.

2 Classmates.com members have sued the well-known social networking site, accusing it of exposing members' personal information to unknown parties without...