MONEY

Facebook’s New Tool Will Help Keep Your Account Secure

527558155
traffic_analyzer—Getty Images

Introducing "Security Checkup"

Keeping your Facebook account safe just got a whole lot easier.

Starting today, the social networking giant will start introducing a new feature called Security Checkup. The new tool, which will roll out gradually, will guide users through a number of steps meant to improve account security.

Those steps include upgrading passwords, turning on login alerts, and the ability to log out of any active Facebook session—like one you accidentally left open on a public computer or your friend’s phone.

The entire process closely resembles the company’s current Privacy Checkup, which lumps current Facebook features into an easier-to-use interface. Facebook says the Security Checkup, which is supposed to be an improvement, is still in the testing phase. The company plans to make the feature available to more people based on user feedback.

Facebook

 

 

MONEY online privacy

Never Share These 3 Things on Social Media

couple taking a photo in London
Frank and Helena—Getty Images

Because ID thieves love it when you do.

The digitalization of information and the popularity of social media may put consumer privacy at risk more now than ever. Some social media users, teenagers especially, may be unaware that the information they share — from their location to their paycheck — could be used for identity theft and fraud. About 92% of teenagers post their real name, 82% list their date of birth and 71% show their city or town of residence on their social profiles, according to Pew Research Center. While oversharing has become a problem, consumers could stop it by being careful what they post on social media.

Here are three kinds of information to never share on social media.

1. Driver’s License Details

Some users may be tempted to post their first driver’s license on social media to boast about their accomplishment or laugh at a silly photo. However, a valid ID card, such as a driver’s license, will contain your date of birth, picture and other personal identifiable information that thieves could copy.

Avoid sharing personal information that may lead to identity theft, including your date of birth and Social Security number. Access to this information could allow identity thieves to open new lines of credit, committing fraud and wrecking your credit score in the process. You can monitor your credit for changes that may signal identity theft by checking your free annual credit reports or using a credit monitoring service. You can also check your credit scores for free every month on Credit.com.

2. Vacation Itinerary & Location Data

While you are excited to share pictures about your fun vacation to exotic locations, do not share information about your getaway beforehand on social media, such as how long you will be gone and where you are going.

Not only do potential thieves know that you will be out of your home for that period of time, they could take advantage of your absence and burglarize your property. If you also use geotagging for your posts to show your location or list the city where you live, burglars could use this information to target your home.

3. Bank Account Information

Posting any kind of financial information in a public space could perpetuate fraud. Although some people might use social media to post about their first paycheck from a new job in their excitement, they should not display images of their paycheck because it contains bank account information. In 2014, law enforcement authorities charged a huge identity theft ring that looked for victims’ financial information via Instagram postings of paychecks, CNNMoney reported.

The victims showed images of their paychecks with the hashtag #myfirstpaycheck, which held bank account and routing information. With this information, the thieves were able to make fake checks and steal from businesses.

More From Credit.com:

TIME pubdesk

How Your Cell Phone Knows If You’ve Been Laid Off

Cell phone data reveals more than your call log

Your cell phone is pretty good at tracking your schedule. Say, you typically call your mom during lunch on Tuesday or you call you child everyday at 3:30 p.m. to make sure they got home from school. Or it’s Thursday happy hour and you’re calling to say you’ll miss dinner again this week.

So, the moment your schedule changes, your cell phone is often the first to reap the evidence. And it looks like that shift in calling patterns is a pretty good indicator if you’ve lost your job, according to new research.

A team of professors from top universities across the country looked at millions of cell-phone records from an unidentified European country from 2006 to 2007. In one city of 15,000 people, about 1,100 workers were laid off from an auto-parts manufacturing plant. The researchers identified those people and followed their call logs to compare them to those of a control group of workers still employed.

Researchers found that those who were laid off made and received 21% fewer calls after a month out of the job compared to the working group. They also didn’t move around as much. Their calls originated from 15% fewer cell-phone towers. Essentially, the workers who lost their jobs where less social and less mobile than their employed counterparts.

This may sound like more creepy big brother than helpful, but the implications could be huge. Using this kind of tracking on a large scale could better reveal the larger trends in the unemployment rate for an area, possibly even weeks before government surveys are released.

The researchers don’t have access to any U.S. data, nor do they have ongoing records from the European nation—there’s major privacy concerns even if the data could be anonymized. So, for now, the research is simply proof of concept.

This article originally appeared on Fortune.com

TIME France

French Lawmakers Approve Controversial Surveillance Bill

French surveillance measures vote in Parliament
Ian Langsdon—EPA The French parliament is seen in session shortly before holding a vote to adopt new surveillance rules, in the Assemblee Nationale building, in Paris on May 5, 2015.

It would allow intelligence services to put cameras in terror suspects' homes without prior authorization from a judge

(PARIS)—France’s lower house of Parliament has approved a bill aimed at legalizing broad surveillance of terrorism suspects that has drawn an outcry from advocates of civil liberties.

The bill was passed Tuesday with 438 votes in favor and 86 against.

Lawmakers from both the Socialist majority in Parliament and the conservative opposition supported the bill, which will now move to the Senate for further discussion.

The bill was proposed long before the January Paris attacks by Islamic extremists to update a law left essentially untouched since 1991. But the government has said it has become more urgent with each person who has become radicalized.

The new law would entitle intelligence services to place cameras and recording devices in suspects’ homes and beacons on their cars without prior authorization from a judge.

Instead, they would need to request authorization from an independent nine-person panel composed of magistrates, lawmakers and a communication expert — with exceptions in cases of special threats.

One of the most sensitive measures would force communication and Internet firms to allow intelligence services to install electronic “lock-boxes” to record metadata from all Internet users in France. The metadata would then be subject to algorithmic analysis for potentially suspicious behavior.

The data would be anonymous, but intelligence agents could follow up with a request to the independent panel for deeper surveillance that could yield the identity of users.

Either the panel or people who believe they are unfairly under surveillance could appeal to administrative judges.

Opponents say the bill legalizes highly intrusive surveillance methods without guarantees for individual freedom and privacy.

A protest called by a group of privacy advocates, human rights groups and unions to denounce “highly intrusive surveillance methods” gathered hundreds of people Monday near the National Assembly.

Reporters Without Borders said the bill “poses a grave new threat to the confidentiality of journalists’ sources” and pointed out that it “contains no safeguards for protected professions, including journalists.”

MONEY privacy

Will the New Consumer Privacy Bill Protect You?

person using smartphone in dark
Kohei Hara—Getty Images

A proposed law would beef up your rights when your data is leaked or stolen.

Legislation that would establish new nationwide privacy protections for American consumers was introduced by a group of high-profile Democratic senators on Thursday, including Pat Leahy (Vermont) and Elizabeth Warren (Massachusetts). The Consumer Privacy Protection Act would establish federal standards for notification of consumers when their data is lost or stolen, greatly expand the definition of private information beyond financial data, and allow existing state privacy laws to remain in force. Geolocation data and images would be covered by its data leak disclosure rules, for example.

“Today, data security is not just about protecting our identities and our bank accounts, it is about protecting our privacy. Americans want to know not just that their bank account and credit cards are safe and secure, they want to know that their emails and their private pictures are protected as well,” Sen. Leahy said. “Companies who benefit financially from our personal information should be obligated to take steps to keep it safe, and to notify us when those protections have failed.”

Consumer groups cheered the proposal, saying it offered a fresh approach to consumer privacy.

“This is a step forward. This is the first time you get something new in federal legislation. Usually it scales back (protections) in state law,” said Justin Brookman, director of consumer privacy at the Center for Democracy and Technology. “It’s good to see some new thinking on the issue, something that actually adds new protections for a lot of people.”

“Everyone from the NSA to the local grocer has become a consumer of our data. So many pieces of our data are being collected, stored, shared and sold, either without our knowledge or ability to understand the process,” said Adam Levin, privacy expert and chairman and founder of Credit.com. “It is long overdue that we expand the definition of ‘personally identifying information’ as well as the protections necessary to safeguard our privacy and data security and require quick notification when our PII is exposed.”

The legislation would require social media firms or cloud email providers to notify consumers if their accounts are compromised, Brookman said. Currently, most disclosure rules apply only to financial information such as credit card numbers.

The legislation comes on the heels of a similar White House proposal called “The Consumer Privacy Bill of Rights Act of 2015,” but goes several steps further than the administration’s proposal, said Susan Grant of the Consumer Federation of America. The White House proposal would allow federal law to supersede state laws, potentially diminishing consumer rights. It also requires demonstration of actual harm before requiring notice.

“(We believe) that federal legislation will only be helpful to consumers if it provides them with greater privacy and security protection than they have today. Most of the bills that we have seen in Congress would actually weaken existing consumer rights and the ability of state and federal agencies to enforce them,” Grant said. “(This bill) takes the right approach, requiring reasonable security measures, providing strong consumer protection and enforcement, and only pre-empting state laws to the extent that they provide less stringent protection.”

Most significant: The legislation creates entire new classes of protected information. Private information is divided into seven categories. Compromise of any one of them would require companies to notify consumers. They are:

  1. Social Security numbers and other government-issued identification numbers;
  2. Financial account information, including credit card numbers and bank accounts;
  3. Online usernames and passwords, including email addresses and passwords;
  4. Unique biometric data, including fingerprints;
  5. Information about a person’s physical and mental health;
  6. Information about a person’s geolocation;
  7. Access to private digital photographs and videos.

Leahy has repeatedly proposed legislation since 2005 that would establish a nationwide notification standard called the Personal Data Privacy and Security Act; it has not passed. While co-sponsors of this new bill include Al Franken (Minn.), Richard Blumenthal (Conn.), Ron Wyden (Ore.) and Edward J. Markey (Mass.), there are, notably, no Republican co-sponsors. That probably dooms the bill, says Brookman.

“They didn’t get a GOP co-sponsor, and that’s not a great sign. Still, having the bill out there is good for dialog on the issue,” he said.

More from Credit.com

This article originally appeared on Credit.com.

TIME Advertising

YouTube Is Targeting Kids With ‘Deceptive’ Ads, Advocates Say

Groups have filed an FTC complaint over ads on new video app

Google’s new child-friendly version of YouTube has too many ads that target kids, consumer advocates say.

The new app, YouTube Kids, offers a streamlined version of the massive video site with a focus on kids’ content. But consumer advocates say the large number of ads and ad-like programming in the app run afoul of rules that regulate how advertisers can market to children on television.

In a complaint filed with the Federal Trade Commission, advocates say YouTube Kids ignores television advertising safeguards that prevent businesses from jamming kids’ television shows full of marketing messages. For example, YouTube Kids hosts branded channels for corporations such as McDonald’s and Fisher-Price that feature programming that could be thought of as commercials, which is a practice that is limited on traditional TV, according to the complaint. Advertising and programming are too intermixed within the app for developing children to distinguish between the two, the complaint says. “There is nothing ‘child friendly’ about an app that obliterates long-standing principles designed to protect kids from commercialism,” Josh Golin, associate director of Campaign for a Commercial-Free Childhood, said in a press release that calls YouTube Kids “deceptive.”

YouTube has pushed back against the complaint, arguing that an ad-supported, free platform is a great offering for kids. “We worked with numerous partners and child advocacy groups when developing YouTube Kids. While we are always open to feedback on ways to improve the app, we were not contacted directly by the signers of this letter and strongly disagree with their contentions,” a YouTube spokesperson said in an email.

Signatories of the complaint included the Center for Digital Democracy, the Campaign for a Commercial-Free Childhood and the American Academy of Child and Adolescent Psychiatry.

TIME apps

Everything You Need to Know About Snapchat’s New Emoji Feature

Different levels of emojis show a hierarchy of friendships

Snapchat has launched a major update that allows users to recognize their closest friends, but it’s based on a fairly complicated tier system of emojis.

A series of Friend Emojis will now appear on incoming snaps from people you connect with the most, reports Tech Crunch.

The new feature replaces the public ‘Best Friends’ list, which was ditched last year after privacy concerns. Previously, anyone in a user’s contact list could see who they sent the most snaps to. But Friends Emojis are totally private and only the user can see them.

To break it down, there are six possible emojis that will appear next to the six people you snap with the most, including a gold heart next to your absolute BF. You’ll see a smirk if you are their BF but they are not yours. Here are others explained:

There’s also a ‘Needs Love’ section that reminds you to connect with old friends you haven’t snapped with in a while. And as part of the same update, Snapchat has introduced a new camera mode that can be used in low-light.

[Tech Crunch]

Read next: This Poo Emoji Dress Is Perfect for Your Next Date

Listen to the most important stories of the day.

TIME celebrities

Get Out of Your Car Within 100m of George Clooney’s Italian Villas and You’ll Be Fined Up to $550

A lakeside view of George Clooney's villa Oleandra on Lake Como, northern Italy, taken Thursday, July 8, 2004.
Antonio Calanni—Associated Press A lakeside view of George Clooney's villa Oleandra on Lake Como, northern Italy, taken Thursday, July 8, 2004.

Drive on sir, nothing to see here

The mayor of Laglio, Italy has warned that anyone who sets foot within 100 meters of George and Amal Clooney’s twin luxury villas overlooking Lake Como will be fined up to €500 ($550.)

Robert Pozzi, mayor of the small picturesque village in northern Italy, issued the ordinance to protect Clooney, his wife Amal and their guests’ privacy while they vacation in their glitzy properties, reports the Telegraph.

Anyone who leaves their car or boat within 100 meters of Clooney’s Villa Oleandra and adjoining Villa Margherita will be liable to pay the hefty fine.

The Gravity and Oceans 11 star bought one of the exclusive villas in 2002, but after fans and paparazzi flooded the town and set up camp near his home, Clooney bought the adjoining property to ensure his privacy.

Before the couple’s wedding last year, a similar exclusion zone was enforced around the homes to protect the pair from snooping photographers

[Telegraph]

MONEY privacy

It Took Just One Email to Compromise the Leaders of the Free World

G20 Summit Leaders
Reuters

Many of the world leaders who attended last year’s G20 summit in Brisbane had their personal data compromised. The cause? Human error.

Whether an autofill mishap or a “What in the name of God were you thinking?” move, somebody’s shrimp is on the barbie at Australia’s immigration department after an officer there emailed President Obama’s passport number and other personal information to an organizer at the Asian Cup football tournament. And before you think otherwise: Yeah, it matters.

An Australian freedom of information request recently revealed that the personally identifiable information (PII) of many of the world leaders who attended last year’s G20 summit in Brisbane — including President Obama, Russian President Vladimir Putin, German Chancellor Angela Merkel, China’s President Xi Jinping, India’s Prime Minister Narendra Modi, Japan’s Prime Minister Shinzo Abe and UK Prime Minister David Cameron — was accidentally leaked by a government employee. Worse, there was an attempt to sweep this mess under the rug.

The freedom of information request revealed that an immigration official notified Australia’s privacy commissioner about the walkabout presidential/prime ministerial PII shortly after the misdirected email was received by its startled recipient.

“The personal information which has been breached,” an email notifying the privacy commissioner stated, “is the name, date of birth, title, position nationality, passport number, visa grant number and visa subclass held relating to 31 international leaders (i.e., prime ministers, presidents and their equivalents) attending the G20 leaders summit.”

“The cause of the breach was human error. [Redacted] failed to check that the autofill function in Microsoft Outlook had entered the correct person’s details into the email ‘To’ field. This led to the email being sent to the wrong person.

“The matter was brought to my attention directly by [redacted] immediately after receiving an email from [the recipient] informing them that they had sent the email to the wrong person.

“The risk remains only to the extent of human error, but there was nothing systemic or institutional about the breach.”

The decision not to inform any of the world leaders was based on the fact that the recipient of the wayward email had deleted it from their computer and then deleted the deleted email from the “deleted items” folder.

The Inevitable Weak Link

Unlike code, with its right/wrong, open/closed approach to data, humans make a lot of mistakes. Sometimes those mistakes have catastrophic results. The Target breach is a good example of this. The retailing icon didn’t properly segment data, and someone at a heating and air conditioning company with a Target contract, and unknowing access to far more systems than anyone could have imagined, clicked on a phishing link in a fraudulent email that ultimately allowed hackers to access its point-of-sale systems — in other words, human error. Subsequently, multiple warnings from Target’s own security protocols — indicating the presence of malware — were overridden by someone(s), also human error.

In the G20 instance, the damage was most likely not great — at least to the world leaders in question. That said, Steve Wilson, a principal analyst focusing on digital identity and privacy at Constellation Research told the Guardian, “What I’d be worried about is whether that level of detail could be used to index those people in different databases to find out more things about them.”

Wilson went on to hypothesize: “If you had access to other commercial data sources you could probably start to unpack their travel details, and that would be a security risk.”

Now comes the unavoidable question: When it involves the protection of a president or prime minister, is “most likely safe” an acceptable standard? For a government employee to send out such internationally sensitive information in an email and for a privacy commissioner to decide not to notify anyone that the breach had occurred needs to get tagged as “human error” as well. (If anyone should know better, one would assume it might be the “privacy” commissioner, yes?) One of the more crucial protocols in a data compromise is transparency, at least with respect to those who have been exposed. If you’re not aware of the fact that you are in harm’s way, how can you possibly protect yourself?

You may remember the scene in the 2006 remake of the Pink Panther where Clouseau, played by Steve Martin, gets his hand stuck inside a vase. He asks the casino owner if the item is valuable, and is told that it’s a worthless imitation. Mindful of that information, Clouseau slams the vase on a desk to free his hand, breaking both in the process.

“But that desk,” the casino owner says, “was priceless.”

So now anyone wanting to get their hands on that PII knows where it isn’t, but they also have some clues as to how to piece it together, and where it might be. (Of course, no hacker has ever raised deleted files from the dead.) They also now know that Australia has porous defenses, even if their vulnerabilities exist only at the level of a human resources failure to properly train employees on data security best practices. But then there’s the question of the privacy commissioner’s handling of the situation, which none of this explains. Sigh…

The leak of PII belonging to world leaders is an extremely serious matter. For years many have warned that any system is only as secure as its weakest link … and that humans are almost always the weakest link. So the beat goes on.

This story is an Op/Ed contribution to Credit.com and does not necessarily represent the views of the company or its partners.

More from Credit.com

This article originally appeared on Credit.com.

MONEY

You’ll Be Freaked Out to Learn How Often Your Apps Share Your Location

using smartphone at night
Alamy

Most of us are unaware of just how much location sharing is going on with our smartphones.

Even for researchers experienced at examining technology that might be invasive, this warning was alarming: “Your location has been shared 5,398 times with Facebook, Groupon, GO Launcher EX and seven other apps in the last 14 days.”

The warning was sent to a subject as scientists at Carnegie Mellon University were studying the impact of telling consumers how often their mobile phones shared their location and other personal data. Software was installed on users’ phones to better inform them of the data being sent out from their gadgets, and to offer a “privacy nudge” to see how consumers reacted. Here’s how one anonymous subject responded when informed a phone shared data 4,182 times:

“Are you kidding me?… It felt like I’m being followed by my own phone. It was scary. That number is too high.”

Mobile phone users are told about the kinds of things that might be shared when they install apps on their phones, but they have a tendency to “set and forget” the options. That means a single privacy choices, usually made in haste when clicking “install,” governs thousands of subsequent privacy transactions.

“The vast majority of people have no clue about what’s going on,” said Norman Sadeh, a professor in the School of Computer Science’s Institute for Software Research, who helped conduct the study.

But when consumers are reminded about the consequences of choices they make, “they rapidly act to limit further sharing,” the researchers found.

The study covered three weeks. During week one, app behavior data was merely collected. In week two, users were given access to permissions manager software called AppOps. In week three, they got the daily “privacy nudges” detailing the frequency at which their sensitive information was accessed by their apps.

Researchers found that the privacy managing software helped. When the participants were given access to AppOps, they collectively reviewed their app permissions 51 times and restricted 272 permissions on 76 distinct apps. Only one participant failed to review permissions. The “set and forget” mentality continued, however. Once the participants had set their preferences over the first few days, they stopped making changes.

But privacy reminders helped even more. During the third week, users went back and reviewed permissions 69 times, blocking 122 additional permissions on 47 apps.

Nudges Lead to Action

“The fact that users respond to privacy nudges indicate that they really care about privacy, but were just unaware of how much information was being collected about them,” Sadeh said. “App permission managers are better than nothing, but by themselves they aren’t sufficient … Privacy nudges can play an important role in increasing awareness and in motivating people to review and adjust their privacy settings.”

Of course, it’s hard to say if the research participants would have kept futzing with their privacy settings, even inspired by nudges, as time wore on. Sadeh suspected they would not: Privacy choices tend to wear people down. Given the new types and growing numbers of apps now in circulation, “even the most diligent smartphone user is likely to be overwhelmed by the choices for privacy controls,” the study’s authors said.

The findings will be presented at the Conference on Human Factors in Computing Systems in Seoul, South Korea, next month. The research is supported by the National Science Foundation, Google, Samsung and the King Abdulaziz City for Science and Technology.

For now, what can smartphone users do to better protect themselves? It’s not easy. For example: A study by IBM earlier this year found that roughly two-thirds of dating apps were vulnerable to exploitation, and in many cases, would give attackers location information. The AppOps software used in the Carnegie Mellon study used to be available to Android users, but was pulled by Google in 2013. The firm said the experimental add-on to the Android operating system had a tendency to break apps. So Android users are left to manually review app permissions one at a time — not a bad way to spend time the next time you are waiting for a bus. It’s always a good idea to turn off location sharing unless you know the software really needs it, such as map applications. IPhone users have the benefit of privacy manager software, but it doesn’t offer great detail on how data is used, and it doesn’t offer privacy nudges or any other kinds of reminders. A manual review is best for iPhone users, too.

More from Credit.com

This article originally appeared on Credit.com.

Your browser is out of date. Please update your browser at http://update.microsoft.com