Top Tips to Protect Your Privacy and Data Monday, Jan. 28th is Data Privacy Day Data Privacy Day is held on January 28th every year. It is an effort to empower people to protect their privacy and control their digital footprint and escalate the protection of privacy and data as everyone’s priority.

Presented by: Tim Gurganus 1/28/2013 Data Privacy Day 2013 Top Tips to Protect Your Privacy and Data January is Data Privacy Month

OIT is hosting several activities during Data Privacy Month (January) to empower campus users to protect their privacy and to control their digital footprint.

All events will be held in DH Hill Library Auditorium 12pm – 1pm Tuesday: “What Data is sensitive and How do we keep it private?” Thursday: “Data Protection, Privacy and the Law”

NCSU Privacy Month website: http://go.ncsu.edu/dpm2013 Top Tips to Protect Your Privacy and Data

Student Data Privacy @ NCSU

The University publishes an directory online. You can control what information is displayed using the instructions in this document:

http://www.ncsu.edu/registrar/forms/pdf/privacyblock.pdf

You can update or remove your personal information by logging into the MyPack portal at: http://mypack.ncsu.edu

Under the FOR STUDENTS tab in MyPack Portal, select Privacy Settings . Top Tips to Protect Your Privacy and Data

Faculty/Staff Data Privacy @ NCSU

The University publishes an directory online. You can update or remove your personal information by visiting this website:

https://ssl.ncsu.edu/directory/updatelisting.php

The University also maintains other personal information about you that you can view and update in the MyPack Portal: http://mypack.ncsu.edu

Under the FOR Faculty and STAFF tab in MyPack Portal, select Employee Self-Service and then Personal Information Top Tips to Protect Your Privacy and Data

Pick Good Passwords • Passwords should be hard to guess and longer is better • Use good passwords with strength appropriate for the importance of the site. – Banking website password should be stronger than a forum site – If a site stores your credit card info, it should have a stronger password – Use different passwords for different websites or types of websites • Online Banking • Personal Email • Unity ID • Online shopping • , Twitter, LinkedIn, Pinterest

Password strength testing • If you have an idea for a password, test it here: https://passfault.appspot.com/password_strength.html#menu Top Tips to Protect Your Privacy and Data

Be Careful of Linked Accounts • If your email account can be used to reset the password for your Bank account, the passwords should be different and at least the same strength

• Avoid connecting too many accounts and be wary of using your Facebook or twitter account to login to sites that are not well known

• Firefox plug-in shows password use and re-use http://connectioni.st/2012/01/visualize-your-password-reuse.html

Password strength testing • If you have an idea for a password, test it here: https://passfault.appspot.com/password_strength.html#menu • Password suggestions: https://onyen.unc.edu/cgi-bin/unc_id/services Top Tips to Protect Your Privacy and Data

Manage your passwords • If you store passwords in your web browser, set a master password • Consider using a password vault like Keepass from: http://keepass.info – Works in Windows, Linux and Mac – Works in Android, iPhone, Blackberry and Windows phone – Password vault is opened with a master password – Passwords are encrypted while in memory – Once you find a password, double click on it to copy it to the clipboard then paste it in the login screen – Keepass can automatically clear the clipboard after a certain time has passed. • Use a mnemonic or association to help you remember the password chosen for a given login Top Tips to Protect Your Privacy and Data

Gmail Email Security and Privacy • Setting up mail delegation - http://support.google.com/mail/bin/answer.py?hl=en&ctx=mail&answer=138350 • You can delegate access to your Gmail to another person so they can read, send, and delete messages on your behalf. • For example, you can delegate e-mail rights to an admin in your organization, or you could delegate your personal email access to your spouse. • The delegate can also access the other person's contacts by clicking the Contacts link. Clicking the To , Cc , or Bcc links in the mail compose window will also bring up your contacts. • You won't be able to give anyone permission to change your account password or account settings, or chat on your behalf.

• Only delegate email access to a trusted person • This is one of the settings you should check if your account has been compromised Top Tips to Protect Your Privacy and Data

Gmail Email Filters and Forwarding

• Email filters and forwarding are another way to share access to email • You can set up filters to forward messages that meet specific criteria. • You can create 20 filters that forward to other addresses. • You can maximize your filtered forwarding by combining filters that send to the same address. • Setting up a forward: http://support.google.com/mail/bin/answer.py?hl=en&ctx=mail&answer= 10957 • Creating filters: http://support.google.com/mail/bin/answer.py?hl=en&answer=6579

• Filters and forwards should be checked after an account is compromised Top Tips to Protect Your Privacy and Data

Displaying Images or Remote Content and Privacy • Be aware that displaying images or other remote content in an email may communicate to the sender that you read the email or identify you to the sender Top Tips to Protect Your Privacy and Data

Displaying Images or Remote Content and Privacy • Be aware that displaying images or other remote content in an email may communicate to the sender that you read the email or identify you to the sender Top Tips to Protect Your Privacy and Data

Did you know ??? • The Wall Street Journal says companies are increasingly connecting consumers' real-life identities to where they hang out online. • The newspaper cited a Georgia man shopping for a car who input his name and contact information on a car dealer's website. • While this data went to the dealership, it also was transmitted to a company that tracks the online movements of people shopping for vehicles. The company then was able to pair the man's personal information with an analysis of the automotive websites he had visited and hand over all of this data to the car dealer, which could use it to more easily land a sale. • One company that can pull off this kind of data mining is Dataium LLC, based in Nashville, Tenn. • Describing itself as "the world's largest compiler of online automotive shopping behavior," Dataium says every month it "observes over 20 million automotive shoppers across over 10,000 automotive websites and then aggregates, indexes and summarizes this data into intelligent insights." Top Tips to Protect Your Privacy and Data More and more, You are being tracked online:

How it works: http://online.wsj.com/article/SB1000142412788732478440457814 3144132736214.html#project%3DANONYMITY1208%26article Tabs%3Dinteractive

1. When you visit a website, a tracking company like Dataium or DataLogix put a cookie on your computer

2. As you visit other sites that also use data tracking companies, the cookie data gets updated using your computer browser’s id.

3. If at some point you enter your real name on a website, like to register, your ID is connected with the cookie information collected earlier. Top Tips to Protect Your Privacy and Data

• Sites are sharing personally identifiable information and some personal information (age, zip code) with 3 rd parties – Ask.com – Linkedin.com – Photobucket.com – Match.com

http://online.wsj.com/article/SB10001424127887324784404578143144132736214.html #project%3DANONYMITY1212%26articleTabs%3Dinteractive Top Tips to Protect Your Privacy and Data

When you login to a site, other companies may access the data from your profile via: • Image Advertising on the pages • Social network code such as Like, Google+, LinkedIn or Tweet – If you are signed in to Facebook and go to a site with a , the site can know your Facebook identity even if you don’t click on the Like button • Advertising banners, headers, sidebars and footers – Some use transparent images that you will not see Top Tips to Protect Your Privacy and Data Firefox Browser Settings

• Remember history, search history downloads • Don’t Accept tracking cookies • Don’t Accept third party cookies • Cookie Expiration

Accept third-party cookies : If selected, Firefox will accept cookies from http://site2.com when you are visiting http://site1.com .

Some advertisers use these types of cookies to track your visits to the various websites on which they advertise. If you are concerned about this, you can disable third-party cookies in Firefox. Top Tips to Protect Your Privacy and Data Firefox Browser Settings

•Firefox allows you to show your cookies by name and content. •Here you see all the cookies related to Twitter Top Tips to Protect Your Privacy and Data Firefox Browser Settings

• See saved passwords and remove or show them • Firefox can protect sensitive information such as saved passwords and certificates by encrypting them using a master password . • If you create a master password, each time you start Firefox, it will ask you to enter the password the first time it needs to access a certificate or stored password. Top Tips to Protect Your Privacy and Data Firefox Browser Settings

• Pages you view are normally stored in a special cache folder for quicker viewing the next time you visit the same page. • You can specify the amount of disk space the cache can use here. • You can also immediately clear the contents of the cache. Top Tips to Protect Your Privacy and Data Firefox Browser – Private Browsing

Firefox 3.5 and later versions support Private Browsing mode which has its own cache, history and cookies that are not stored after you exit private browsing mode. Private browsing doesn’t save any data, but does not make you anonymous. Top Tips to Protect Your Privacy and Data Internet Explorer 8 – Private Browsing

Internet Explorer 8 supports InPrivate Browsing and InPrivate Filtering – they are related, but not the same Top Tips to Protect Your Privacy and Data Internet Explorer 9 – Private Browsing Internet Explorer 9 supports InPrivate Browsing and Tracking Protection Filtering

To use Tracking Protection, you must download a block list or build one of your own Top Tips to Protect Your Privacy and Data Internet Explorer 8 – Privacy Settings

Cookie handling is controlled by the setting of the slider Top Tips to Protect Your Privacy and Data Internet Explorer 9 – Privacy Settings

Cookie handling is controlled by the setting of the slider Internet Explorer 9 added a setting for physical location requests Top Tips to Protect Your Privacy and Data Internet Explorer – Security Settings Internet Explorer divides websites into zones. Most sites are in the internet zone and are trusted less than those the Local intranet or Trusted sites zones. Top Tips to Protect Your Privacy and Data Internet Explorer – Security Settings

Sites can be added to the local intranet and trusted sites manually Top Tips to Protect Your Privacy and Data Internet Explorer – Security Settings

If a site is more trusted, then more features are enabled like:

• File download • Prompting for file download • Running unsigned ActiveX scripts • Downloading of fonts • Pop-up blocker enable/disable • Smart Screen filter enable/disable • Enabling Javascript • Opening files based on content not extension Top Tips to Protect Your Privacy and Data Internet Explorer – Security Settings Known bad sites can be added to the Restricted sites zone.

Many web page actions are disabled for sites in the Restricted sites zone. Top Tips to Protect Your Privacy and Data Internet Explorer – Cookie and Cache Settings

Internet Explorer doesn’t support a master password to protect access to stored passwords http://www.howtogeek.com/68231/how-secure-are-your-saved-internet- explorer-passwords/ Top Tips to Protect Your Privacy and Data Internet Explorer – Cookie and Cache Settings

The Default location of the cookie files is: XP: C:\Documents and Settings\your user name \Cookies Win7: c: \users \your user name \appdata \roaming \microsoft \windows \cookies \low Top Tips to Protect Your Privacy and Data Web browser settings • Do not track browser plugins, Ad blockers • Abine Do Not Track Me browser plug-in for Firefox, Internet Explorer, Safari and Chrome http://www.abine.com • Cool feature that shows what tracking sites it blocks on a page

• Browser plugins like NoScript , Updated Adblocker or AdBlock Plus will also block some tracking images and scripts Top Tips to Protect Your Privacy and Data

Encryption Wherever possible, use SSL connections for: Web  HTTPS Email  IMAPS Command shell  SSH File Transfer  sftp or secure Web-DAV IM  try an IM client plug-in called Off the Record Remote Desktop  MS RDP is encrypted, VNC is not

Yahoo, Microsoft, Facebook, Twitter and Google have a setting to make HTTPS the default for your account anytime you connect

Be aware that mobile apps use encryption less often than their PC counter parts  communicate sensitive data on your PC if you have a choice Top Tips to Protect Your Privacy and Data

Encryption Top Tips to Protect Your Privacy and Data

Use Wireless encryption (WPA or WPA2) if possible If no wireless encryption is available, encrypt with a VPN NCSU VPN: http://vpn.ncsu.edu Only encrypts communication with NCSU campus, not the whole internet Use a VCL: vcl.ncsu.edu RDP is encrypted

Some free full tunnel VPN services • http://www.zeropaid.com/news/94826/top-5-free-vpn-services/ – SecurityKiss – Cyberghost – Hotspotshield – These all have quotas and speed restrictions, but will encrypt your communication if • Your application or website doesn’t have an option to encrypt – Some instant messaging – CIFS file sharing – You are in a bind and your wireless connection is not encrypted – For Mobiles: a popular (not free) one is http://news.cnet.com/8301- 1009_3-57562928-83/private-wifi-takes-its-vpn-mobile/ Top Tips to Protect Your Privacy and Data

Social network privacy

Facebook maintains at least 57 categories of personal data on every user including:

• Deleted wall posts • Deleted messages • E-mail addresses you’ve used • Deleted friends list • Date and time of log-ins • Last known geographic location, including longitude and latitude. Top Tips to Protect Your Privacy and Data

Some statistics from June 2012 study of Facebook privacy

• Some people are sharing too much. Our projections suggest that 4.8 million people have used Facebook to say where they planned to go on a certain day (a potential tip-off for burglars) and that 4.7 million “liked” a Facebook page about health conditions or treatments (details an insurer might use against you). • Some don't use privacy controls. Almost 13 million users said they had never set, or didn’t know about, Facebook’s privacy tools. And 28 percent shared all, or almost all, of their wall posts with an audience wider than just their friends. • Facebook collects more data than you may imagine. For example, did you know that Facebook gets a report every time you visit a site with a Facebook “Like” button, even if you never click the button, are not a Facebook user, or are not logged in? Top Tips to Protect Your Privacy and Data

Some statistics from June 2012 study of Facebook privacy

• Your data is shared more widely than you may wish. Even if you have restricted your information to be seen by friends only, a friend who is using a Facebook app could allow your data to be transferred to a third party without your knowledge.

• In 6/2012 survey, 25 percent said they falsified information in their profiles to protect their identity, up from 10 percent two years ago Top Tips to Protect Your Privacy and Data What Facebook data says about you: Top Tips to Protect Your Privacy and Data

Social Networks and Privacy Who is using social network data?: Insurers, Admissions officers, Law Enforcement, Jury Selection consultants, Employers, IRS, INS, Criminals Services such as Social Intelligence scours public postings on Facebook and other social networks as part of a background check. Among the red flags employers look for, the company says, are sexually explicit photos or videos, racist remarks, and evidence of illegal activities. It also reports that 69 percent of human-resource officers have rejected job applicants based on social media reviews that turned up any of those flags. “We can now collect information on buying behaviors, geospatial and location information, social media and Internet usage, and more,” says a recent report from Novarica, a New York-based research and consulting firm serving insurers and financial service companies. “Our electronic trails have been digitized, formatted, standardized, analyzed and modeled, and are up for sale. As intimidating as this may sound to the individual, it is a great opportunity for businesses to use this data.” Top Tips to Protect Your Privacy and Data Social Networks and Privacy General Facebook privacy settings:

Facebook postings have privacy settings, so before you post a photo, you can select public or just friends to determine who can view the photo – Audience selector setting: only me, friends, list of friends, public – It remembers what you chose last time and that is the default next time

Also there is a timeline visibility control – Allows you to hide something from your timeline, but allow it to show up in other places like search results, relationships or

Deleting an item from Facebook is also a way to control what is there. Top Tips to Protect Your Privacy and Data

Ways to Protect yourself on Facebook: • Regularly check your exposure. Each month, check out how your page looks to others. Review individual privacy settings if necessary.

• Protect basic information. Set the audience for profile items, such as your town or employer. And remember: Sharing info with “friends of friends” could expose it to tens of thousands.

• Know what you can’t protect. Your name and profile picture are public. To protect your identity, don’t use a photo, or use one that doesn’t show your face.

• “UnPublic” your wall. Set the audience for all previous wall posts to just friends.

• Turn off Tag Suggest. If you’d rather not have Facebook automatically recognize your face in photos, disable that feature in your privacy settings. The information will be deleted. Top Tips to Protect Your Privacy and Data

Ways to Protect yourself on Facebook: • Block apps and sites that snoop. Unless you intercede, friends can share personal information about you with apps. To block that, use controls to limit the info apps can see.

• Keep wall posts from friends. You don’t have to share every wall post with every friend. You can also keep certain people from viewing specific items in your profile.

• When all else fails, deactivate. When you deactivate your account, Facebook retains your profile data, but the account is made temporarily inaccessible. Deleting an account, on the other hand, makes it inaccessible to you forever. Top Tips to Protect Your Privacy and Data

Consumer Reports video with privacy setting recommendations: http://www.consumerreports.org/cro/video-hub/electronics/computers--internet/how-to-set-privacy-controls-on- facebook/16952110001/1594690835001/

• Setting Wall post audience • Permissions on viewing past wall posts • Timeline Restrictions • Photo viewing restrictions • Using Restricted lists • Restricting information available to Facebook Apps Top Tips to Protect Your Privacy and Data

Social Networks and Privacy

Facebook Graph Search is an Awesome Tool for Phishing Attacks http://www.networkworld.com/news/2013/011613-facebook-graph-search-is-an-265890.html Facebook announced this week its upcoming Graph Search capability, which is a search engine that allows you to find things based on relationships and context - drawing from the limitless pool of Likes, tags, and check-ins posted by a billion Facebook members.

You can search based on people, places, friends, and interests. For example, you can do a search for "friends who like The Beatles and live in Chicago," or "Italian restaurants my friends have visited nearby."

Richard Wang, manager at Sophos Labs, says "Graph Search might be a startling eye- opener for many. This will probably lead more users to discovering that they have shared more than they expected and gives scammers and phishers the opportunity to target particular groups of people."

While you'll only be able to see items shared to public or shared to you specifically by your friends' privacy settings, many Facebook users aren't aware of or don't properly use the security and privacy controls so everything they post on will be easily discoverable by cyber criminals.

Currently, there is no way to opt-out of graph search Top Tips to Protect Your Privacy and Data

Social networks and Privacy

How to control what shows in Graph Search on Facebook

• If you're worried about what Graph Search might uncover, you'll need to revisit their privacy settings to see what's visible.

• To do so, click the gear icon at the top-right corner of the site and click "Privacy Settings." The "Who can see my stuff?" section will dictate what's visible in searches.

• Check the "Timeline and Tagging" section on the left sidebar, and review who can see photos and posts that you've been tagged in. (When in doubt, limiting it to "Friends" is the best option.)

• Keep in mind that users can still hide their Facebook timelines from other search engines, such as Google. To do so, click the gear icon at the top-right corner of the site, click to "Privacy Settings" and look for "Do you want other search engines to link to your timeline?" in the "Who can look me up?" section. Top Tips to Protect Your Privacy and Data Facebook and Online Privacy • If offensive or dangerous content is posted on your page: If you click report link , you can contact the person that posted the offensive content or a third party

You can also report the content to Facebook directly too there is a support tab to track your complaint

• Facebook help center - what to do if your account is hacked, removing account of someone impersonating you - basics of privacy on Facebook - what’s new on Facebook – policy changes Top Tips to Protect Your Privacy and Data Facebook and Online Privacy • It is up to you to untag yourself in Facebook photos http://www.networkworld.com/community/blog/facebook-photos-opt-out-or-tag- youre-it You can customize your privacy settings to disable your name from appearing in suggested tags, however your "friends" can still tag you manually. • The only official way to remove the tagged name is to join Facebook and setup privacy settings as follows: – Go to your Facebook menu, select "Privacy Setttings." – Click "Customize settings" – Scroll to the "Things others share" section, "Photos and videos I' tagged in" item, and click "Edit Settings. – Select "Customize." – Select "Friends Only," "Only Me," "Specific People" – Click "Save Setting." Top Tips to Protect Your Privacy and Data

Pinterest and Online Privacy

As of May 2012: • Pinterest has surpassed all other social media sites and has earned the coveted spot of “number three” in terms of users behind Facebook and Twitter. • When you use your Facebook account to create a Pinterest profile, Pinterest accesses your personal information to automatically have your account start following common connections.

• You also have the option to establish your profile using your Twitter account, which does not trigger auto-follow, I'm told. Top Tips to Protect Your Privacy and Data

Pinterest Privacy Settings • Access and change information in your profile page at any time, and choose whether your profile page is available to search engines; • Link or unlink your Pinterest account from an account on another service (e.g., Facebook or Twitter). For some services (like Facebook), you can also choose whether or not to publish your activity on Pinterest to that service. • Create or be added to a secret board. Secret boards are visible to you and other participants in the board, and any participant may choose to make the contents of the board available to anyone else. For example, another participant may invite someone else to the board, make the board available to an app they use to view Pinterest, or even just take an image from the board and email it to their friends. Top Tips to Protect Your Privacy and Data

Pinterest Privacy Settings – Creating a Private Board Top Tips to Protect Your Privacy and Data

Summary • Keep you computer or smartphone patched visit: http://browsercheck.qualys.com • Choose good passwords • Manage your passwords • Be careful how you link on-line accounts • Use encrypted communication • Enable Do Not track features in your web browser • Use encrypted wireless • Don’t over share on Social Networks

• You can find this presentation on Classmate

• NCSU Privacy Month website: http://go.ncsu.edu/dpm2013