Public Wi-Fi

My local police department issued this warning today:

Today’s technology can be extremely useful in our everyday activities, but also dangerous if not done so with caution. Below are some things to remember before you allow you your smart phone, tablet, lap top, or any other device to connect to a publicly shared Wi-Fi network.

1. Never utilize your online bank or credit card accounts, or shop online when connected to public Wi-Fi.
2. Be aware that criminals may set up similar network names to a restaurant, café or coffee shop to get you to us their network. When this is done, they can gain access to your personal information.
3. Make sure your smart phone is not set up to automatically connect to surrounding Wi-Fi networks.

You might ask the difference between public Wi-Fi and the one in your home.  Well, the simple answer is encryption.  Everything you send via a public Wi-Fi signal can be intercepted by someone else on that same network.  Since the transmission is not encrypted that person can read everything you send.  That includes passwords, bank numbers and private emails.

Encryption acts similarly to the locks on the doors in your home.  The locks keep people out unless they have the right key to translate the tumbler in the door.  Similarly, encryption locks your message so that someone without the proper decryption codes cannot understand what you have sent.  No locks mean that anyone can walk into your home;  no encryption means that everyone can read your post. The better the locks, the less likely that undesirable people will come in your home;  the better the encryption, the less undesirable people can read your email.

Facebook’s Requirement of ‘Authentic’ Names

I recently read a Wired article entitled, Help, I’m Trapped in Facebook’s Absurd Pseudonym Purgatory, and it reminded me of an experience I had last month.  I was at a conference and relying  upon my email and Facebook to help me maintain communication with my students, administration and clients.  I was midway in reading a message on Facebook and it shut down.  When I tried to login, I received a message that I needed to confirm my identity in order to logon.  My suspicious brain immediately assumed it was a cybersecurity problem.  With this assumption, the last thing I was going to do was to send them more information.  So, I went to the web and began to check sources regarding this problem and I found that it was really Facebook!  I checked and learned that I either had to send some ID with a picture and address.  Of course, I could send them an ID with my name, such as a driver’s license and picture, or a bill, library card, passport or other kind of document that could prove I was who I claim to be.  I was really troubled about this, but I took a photo of my driver’s license and sent it to Facebook.  Twenty-four hours later I could login to Facebook again.  I don’t really understand the evidence factor … how do they know that photo is of me?  How do they know where I live?  And, I am so glad my social security number is no longer on my driver’s license!

But, what happened?  When you sign up for Facebook, you agree to use your real name.  For several years, I used ‘Vicki Sauter.’  However, at some point, my cousin’s wife whose name is also ‘Vicki’ and who changed her last name when she got married, also joined Facebook.  We were fine until family members had friended both of us.  Then people began to get confused… they would friend her when they thought they thought they were friending me and vice versa.  The same was true with postings and messages.  Now, you know I am a computer person …. my cousin is a Lutheran minister!  The mixup could get quite confusing!  Since her middle name also begins with an ‘L,’ just using a middle initial was not going to solve the problem.  So, we solved the problem:  I changed my Facebook name to Vicki TheGeek Sauter and she changed her Facebook name to Vicki TheRev Sauter.  It was working quite well until someone “reported” me for not having an authentic name.  Believe me, everyone who came to my page knew who I was;  I assume the same was true with my cousin.  So, I gave in and sent them a copy of my driver’s license and my official name is back to Vicki Sauter (TheGeek).  The name in parentheses doesn’t even show up all of the time.

In my case, the result of going back to a name that appears on legal documents is a hassle and may cause confusion.  But, as I began to talk about it and think about it, there could be real problems.  What if someone were only known by friends using a nickname or a middle name?   I had an aunt whose name was Agnes Leone, but almost no one knew her first name (sorry dear, the secret is out), and many of us called her by a nickname, Vicki (it’s a long story).  Might she never be found by her friends?  Or, consider someone who is the victim of a stalker or spousal/child abuse.  Those folks might use a pseudonym to protect their safety.  Who knows who is looking at our profiles, especially if the security settings are not well controlled.  Someone else could ‘share’ your post and then your security is gone.  Or, what about people who join Facebook with a pseudonym because they are concerned that their employers might object to their use of social media.  Does Facebook’s needs really outweigh those people?

When I joined Facebook, no one asked me to prove who I was.  I just want them to make it easy for people to find me.  It’s fine that they know I am Vicki Sauter, but let me put back my “TheGeek” to avoid confusion.  And, figure out a way to make it safe for people who use different names

Is Amazon’s (or any website’s) advice good?

A week ago I was speaking to a staff member (whom I will call Jane, although that is not her name) of a lovely bookstore in St. Louis called Left Bank Books.  It is the kind of bookstore that every book-lover loves, with a warm atmosphere, an excellent staff, and a great collection of books. The staff really love books and they love bringing together the right book with each individual; a role we miss in not only bookstores, but all businesses these days.

Jane took exception to comments I made in my book (You’re Never Too Old to Surf: A Senior’s Guide to Safe Internet Use) about Amazon.  She was right, I had not told the whole story.  As an author, and particularly as an academic, I feel the need to fix what was a biased representation of Amazon in the book.  This blog is intended to help you see the picture in a more unbiased way, and to give “Jane” her voice with a bigger audience.

First, let me explain that there is a long-standing tension between Amazon and independent bookstores about their policies in carrying, promoting and pricing of books.  A good primer can be found online at http://www.newyorker.com/magazine/2014/02/17/cheap-words.

Jane’s concern was the comparisons of Amazon’s recommendation algorithms with trained bookselling professionals at a neighborhood store. She believed that my statements were insulting to what they do, especially since it suggests that what they do is inferior to what Amazon does.  So below is a notation of what is in the book, what is biased and what is only somewhat biased.  I present it as a conversation below, beginning with a statement directly from the book:

“The commercial sites take this level of recommendation one step further: not only do they consider your preferences when making the recommendations, they consider the preference of people like you…So, you get the benefit of everyone’s opinion without needing to talk to large number of people. Unlike your neighborhood bookstore, you don’t need to worry about Amazon.com forgetting or hiring a new clerk.”

JANE:  This passage sounds like a fairly glowing recommendation of Amazon’s algorithms, contrasted directly with neighborhood booksellers, who, you imply, your readers should “worry” about forgetting their preferences and being suddenly replaced with new employees you don’t know. Neither of which are things that happen often, by the way–our bookstore has very low turnover and we develop meaningful long-term relationships with our customers and, as I’m grateful you pointed out, are much more successful at making quality recommendations overall than a computer algorithm. However, while you mention it your email, that sentiment isn’t at all present in your book. It reads as quite the opposite.

VICKI:    I apologize that you were offended and that you perceive that I was unfavorably speaking of staff in local book stores.  I will go and read over that again, but I do not have that opinion and am not sure what I said to make you believe that I do. Throughout the book, I tried to provide physical and non-computer analogs to the topic I was explaining. All I meant at that point was that you get advice and this is what they (and many other companies) use. In fact, I laugh at Amazon’s recommendations because they are so often so far off base; they are horrible in predicting my interests, for example.

WHAT I MEANT: First, let me again state my respect for and love of Left Bank Books.  They are an EXCELLENT bookstore.  There are few bookstores that have the kind of service they provide.  In fact, even if we include bookstores I have known (and as an academic, I have been in a lot of bookstores), it is hardly rivaled, especially for service.  The staff has small turnover, and they care a lot.  Anything I have said about comparisons does not hold for Left Bank Books.  But, most neighborhood bookstores do not provide the kind of service and knowledge that Left Bank Books does.

Second,  in providing an introduction to the Internet, it is difficult to talk about purchasing online without talking about Amazon.  Amazon sells so much more than books these days and many people see it as the place to go for clothing, hardware, etc. Again, if you have a good neighborhood outlet for anything, service is probably better in the brick and mortar store than on Amazon.   However, if you don’t, there is Amazon.

Third, even other companies use the Amazon software and so it is hard to ignore.

Fourth, whether you are considering bookstores or other stores, it is important to distinguish between the locally-owned stores and the chain stores.  Local hardware stores where workers know you and your past projects provide better service than the big box stores.  You are also likely to get more customized service in a local fine clothing store than in a large department store where they don’t know you.  The issue is to a large extent, small, locally-owned businesses vs. chain stores.  Unfortunately, too often you do not get to make that choice because there just aren’t as many small local businesses as there once were.  Some chain stores try to provide that level of attention, but they are the exception, not the rule.

JANE:  I understand that the proliferation of Amazon’s software across the internet makes them a convenient example for online retail, and that they sell far more than books. However, throughout the chapter, you consistently give the example of buying a book on Amazon and finding related titles to buy as well, not any of the other consumer goods that you’ve pointed out Amazon also sells.  Frankly, I’m not keen any mention of them at all–as you point out in the chapter, “most sites have a process similar to that shown on Amazon for selecting items, filling the shopping cart and checking out,” so it was within your power to select a different example.

VICKI: Point about the book example.  A major factor in selecting Amazon was that it does sell a wide variety of products.  Most other sites sell more limited versions.  In retrospect, I should have seen the problem of cutting off my market.  Hindsight is often 20-20.

JANE:  In the absence of further commentary (the fact that many Amazon reviews are in fact paid endorsements solicited by publishers, the fact that those that aren’t paid endorsements are not usually being provided by trained professionals–essentially, that this “information” isn’t necessarily informative in the same way a simple conversation with a trained bookseller is), this reads as an endorsement of reviews in lieu of conversations with professional booksellers.

VICKI: True, some of the advice is paid for and some of the advice is provided by amateurs.  But, many many people take time to state what worked well and poorly for them.  I have seen many amazing reviews that were quite helpful to me in making a purchase – both positive and negative.  And, they do put you in a pool with “similar people” and use that to make recommendations.  However, as I said in my response to Jane, sometimes those are horrible.  For example, I have purchased baby gifts, so sometimes it makes recommendations for new baby toys.  I have a 30ish unmarried son, and so I don’t really need baby toys. Let me say clearly, if you have someone who knows you, you will do better with their advice.  However, the use of industry-leading business intelligence methods can provide you help if you don’t have that person.

Again, remember that Amazon sells more than books and it is difficult to find trained professionals at most stores these days.  And, I admit, my research specialty is business intelligence, so I like a good algorithm.  I like the algorithm when I can’t get the kind of support that Left Bank Books provides.

VICKI:  I apologize that you were offended and that you perceive that I was unfavorably speaking of staff in local book stores.  I will go and read over that again, but I do not have that opinion and am not sure what I said to make you believe that I do. Throughout the book, I tried to provide physical and non-computer analogs to the topic I was explaining. All I meant at that point was that you get advice and this is what they (and many other companies) use. In fact, I laugh at Amazon’s recommendations because they are so often so far off base; they are horrible in predicting my interests, for example.

JANE:  I appreciate your willingness to have this conversation, Vicki. This is a very meaningful issue for independent stores and writers, as Amazon and the normalization of their business practices pose a major threat to our livelihood and the health of the book industry on the whole. I appreciate your project and equipping seniors to participate in e-commerce is a worthy goal, but I wish you had chosen a training example that doesn’t refer our bookstore customers directly to another bookseller, especially one with ethics that have such real consequences for our industry and the people in it.

BOTTOM LINE: If you are going to buy my book, buy it from Left Bank Books online (unfortunately, they don’t carry it in the store).  We all need to support companies that employ well trained and passionate people like Jane.

Taxpayer Identity Theft

No one likes tax time;  there are too many forms to complete and often there is money to send.  Well, as with any situation, wait, it will get worse — and it has.  Thieves are filing taxes using your social security number and directing the refunds to themselves.  You may be unaware you are a victim until you try to file your taxes and learn one already has been filed using your social security number.  Or, you may learn from the IRS that you owe additional tax, refund offset or have had collection actions taken against you for a year you did not file a tax return.  Another way you can find you have a problem is if IRS records indicate you received wages from an employer unknown to you.  Of course the problem worsens because if they have your social security number, they may also be stealing other aspects of your identity.

This is a major problem and you need to act immediately!

If your SSN is compromised and you know or suspect you are a victim of tax-related identity theft, the IRS recommends you take these steps:

• Respond immediately to any IRS notice; call the number provided
• Complete IRS Form 14039, Identity Theft Affidavit. Use a fillable form at IRS.gov, print, then mail or fax according to instructions.
• Continue to pay your taxes and file your tax return, even if you must do so by paper.

If you previously contacted the IRS and did not have a resolution, contact the Identity Protection Specialized Unit at 1-800-908-4490.

Then, you need to address the other (non-IRS) dimensions of your identity theft.

• File a report with your local police department
• File a complaint with the Federal Trade Commission at www.identitytheft.gov or the FTC Identity Theft Hotline at 1-877-438-4338 or TTY 1-866-653-4261.
• Contact one of the three major credit bureaus to place a ‘fraud alert’ on your credit records:
  • Equifax, http://www.Equifax.com, 1-800-525-6285
  • Experian, http://www.Experian.com, 1-888-397-3742
  • TransUnion, http://www.TransUnion.com, 1-800-680-7289
• Contact your financial institutions, and close any accounts opened without your permission or tampered with.

IRS and the Internet

Last night when I came home, there was a message from the IRS indicating that I had to call a special number and give them my personal information immediately or I would be arrested.  A friend of mine received the same message via email.  Another friend, who always pays her bills on time received an email that said the IRS has filed a lawsuit and you must call ….. This email even added, “there will be no further warning.”   These were all intimidating messages, and the IRS has a reputation for being intimidating.  But, they clearly  were all scams because as the IRS Commissioner says, “[their] way of contacting you is by letter.”  They also tend not to threaten you if you don’t pay immediately.  You can view other scams allegedly involving the IRS on their fraud page at http://www.irs.gov/uac/Tax-Fraud-Alerts.

What do you do if you get this call or email?  Hang up the phone and delete the email;  then go on with your life.  Even if these people have personal information or even the last four digits of your social security number, ignore them.  Then report them.

Do you need help using the Internet?

I have a new book and it may just be the thing you have been looking for!  The name of the book is You’re Never Too Old to Surf:  A Senior’s Guide to Safe Internet Use. 

This book is for you if you have ever wanted to harness the power of the Internet, but haven’t been quite sure what that means or how to do it.  It is intended for the parents, grandparents and great-grandparents who want to use the wide range of tools that are available today on the Internet, from simply surfing the web to buying online, using email, blogs and even social networking sites.  You may have sought guidance from your child or children  only to be annoyed at their exasperated response to your questions.  Or, you may have tried it on your own, and gotten frustrated with the tools, or had some problem result from that use (or know someone who did).  You may be using the Internet, but just not feel very confident in what you are doing.  If you fall into any of those categories, I wrote this book for YOU!  Of course, if you are the child or grandchild and are having trouble explaining things to your elders, this book could help you too.

The book is available from Amazon.com and BarnesandNoble.com.  Your local bookstore can order it too.  It is published through CreateSpace, ISBN 978-1506163857.

Please give it a try and let me know how you like it.

 

Think Twice about what You Post

Today I read a post in Facecrooks (which by the way is a positive site to help you protect yourself, despite the name) about a man whose posts lead to negative consequences.  The post started with:

According to police in Philadelphia, a 19-year-old man was targeted by three robbers after he posted on Facebook and Instagram about an inheritance of jewelry he had just received.

The three robbers kicked down the door of the victim’s home at 2:30 a.m. Saturday morning, making off with a Rolex watch, several gold chains and mobile phones. Thankfully no one in the home was hurt, but the robbers have not yet been caught.

According to the Hickory Record, the robbers were caught and during the questioning, they mentioned they had heard about the inheritance.  Clearly the young man who received the inheritance never intended for strangers to know about his good luck.

This is a case of not having Facebook privacy controls set appropriately.  To check YOUR settings, go to the small arrow at the far end of the blue border at the top of your Facebook page.  Click the arrow and select “Settings” as shown below.

Checking Facebook Settings

At that point,select “Privacy” from the left menu.  You will see a screen that begins with “Who can see my Stuff.”  If you have not already set it, this probably says “everyone.”  If so, edit it and and select the “custom” button.  You might want to set that to just your friends, or friends of friends.  Or, you can set it so that only specific people can view what you post.

If you have something valuable, such as the jewelry inheritance, you want the post to be sent only to your friends, and maybe not even all of them.  You can use your lists of people to narrow the group further.  If you have it set as “everyone,” not only can everyone who happens on your page read it, but they can also share it with everyone they know.  With this kind of visibility, it is not surprising that the bad guys got the news.

You need not adjust those settings the same for everyone.  But, for valuables or for photos of children (especially with other information), it is best to limit the range of people who see your post.

Phishing

Yep, “phishing” is a real thing, and you pronounce it the same as “fishing”.  Like fishing, phishing uses bait in an effort to hook something.  Unlike fishing, phishing doesn’t look for fish, but rather for sensitive information.  Phishing attempts to use an apparently trustworthy request to gain usernames and passwords to get access to more computers and/or credit card and other financial information to get money.

The key to phishing is that the request appears to be legitimate.  An email might be constructed to have the same look as those from your bank or other financial institution.  Or, the email might appear to be a bill from a company with which you do business.  Today phishing happens withing social networking tools, such as Facebook,  too.  These might be realized as:

A game or lottery.  In this kind of phishing, you may get an email or a Facebook post that claims you have won money.  Unfortunately, to get to the money, you must send them money or access to your bank account.

A request to confirm your account  These emails or social networking program ask you to log into a system that appears to be the legitimate.  Often these are sites that are appropriately branded and look as you expect them to be, but aren’t.  Never click on a link in  the email or social networking message;  the site might not take you where it appears to be.  The better approach is to log in manually.  So, if the message appears to be from Facebook, don’t click on the link, but instead type in http://www.facebook.com and proceed from there.

A violated policy alert.  You may note an email or Facebook post that claims you have broken some policy in your email system, Facebook or some other social networking system.  These always ask you to log in and do something.  Always navigate to the site manually.  Don’t provide information unless you are sure you are on the correct site.

Photos and Videos.  It is quite common for people who have hacked one account to try to get more information by sending information to contacts that appear to be from the original owner of the account.  These messages might claim to have videos or photos of you that are not appropriate.  Or, the message might claim to have photographic proof of some gory or sensational event.  These are almost always an attempt to get access to your account.  You should ignore t hem.

Before logging in to any site, always verify that you are indeed on the main site. Careless and unsuspecting users are often fooled by these tricks.

Cybersecurity, Sony, and You

By now, I assume you have heard about the hacking of Sony’s computers last month.   Just to remind you, Sony produced a comedy film about two fellows who were supposed to assassinate Kim Jong-un, called The Interview.   There was significant publicity before the movie was released;  personally I did not find the commercials compelling and had not planned to view the movie.  Then, just before it was to be released suddenly Sony’s computers fell victim to a significant hacking attack.  Financial data, including social security numbers and identities, were released.  Equally embarrassing were the masses of personal emails which highlighted the dysfunctional nature of the film business.  In addition, the hackers “wiped” most of the computers “clean,” meaning the data are lost to Sony.  Estimates of the damage are in the millions, far more than the value of the film.

Early reports blamed North Korean hackers for this attack.  Then reports suggested that the hackers were really not from North Korea, simply “sympathizers” with North Korea.  Then the focus turned to North Korea again.  The Federal Government seems fairly sure that fault lies with the North Koreans.  However, whoever was behind the hack announced they would do no further damage if Sony never released the film.  So, Sony halted release of the movie.  It did later get released amid cries of the inappropriateness of the North Koreans censoring our media.

So, what do we know? Clearly Sony was hacked.  Evidence suggests that the intrusion had been occurring for more than a year, prior to the release of data.  Could it have been the North Koreans given their lack of technology?  We have known since 1998 of the formidable capabilities of the DPRK army’s Unit 121;  at that date, its force was 17,000 hackers (there are probably more now).   Further, North Korean officials had previously expressed concerns about the film to the United Nations, stating that “to allow the production and distribution of such a film on the assassination of an incumbent head of a sovereign state should be regarded as the most undisguised sponsoring of terrorism as well as an act of war. [emphasis added]”   Could it have been someone else who sympathizes with them?  Yes.  The Guardians of Peace have made threats against the United States, and they have the capability.

The question though is what is the impact on you?  Well, assuming you are not one of the employees or dependents whose private information or communications were released, this is primarily a wake up call is the impact that hacking can have on us as individuals and us as a society.  First, to us as individuals.  Those people whose financial data were exposed may run into a variety of problems from credit card fraud to identity theft.  Someone, whether it is Sony, the individuals themselves, or others, will need to spend much time and money to ensure that the people are made whole again.  You run the same risk every time you use a credit card (whether on or off the net), or connect to the Internet.

The more interesting question, though, is what happens to us as a society.  Sony will spend a small fortune recreating its data bases, correcting information and repairing relationships with its customers.  Of course, they will need to create a better security system to protect the recreated repositories.  That means that the costs of Sony movies will increase and we will all be forced to pay for it.  Perhaps this experience will frighten all of the studios to invest more money and so that the costs of all movies increase.  Well, today it is just a cost of doing business.

Bigger than that, however, is the threat that if another government (or perhaps another company or group of people) doesn’t like what you produce, they can affect it by hacking into your computers or even threatening to hack into your computers.  What will that do to the freedom of speech and expression in this country?  What will it do to entrepreneurship in this country?  For that matter, what will it do to the governing of this country?

In this case, the cost was primarily financial.  What happens when the hack is against our power grid,  water systems, or hospitals?  The implications of that are far worse.

We all need to be careful about computer security, and we need to think about the tradeoffs with ease of use.  And, all of us need to put pressure on corporations to improve their security systems from the bottom up.

 

 

Cyber Monday is coming

Tomorrow is Cyber Monday, the online equivalent of Black Friday.  Online vendors offer great deals  — without the crowds, lines and hassles. While I never partake in Black Friday shopping (although I do practice Small Business Saturday shopping), I always try to get some time for Cyber Monday shopping!

Ah, but it is not without its problems.  There are great deals, but those that seem too good to be true often are just that, untrue.  People will pretend to give you bargains, and even pretend to be something they are not just so they can steal your money.  So, you need to be ready for them if you are planning to shop on Cyber Monday.  These are some hints that will help you keep safe.

1. Only shop with companies you know.  Those little boutiques and great offshore stores may look like they offer great deals, but you may never get anything from them.  They should be avoided unless you are sure they exist because someone else has shopped there or you have some physical evidence that they exist.
2. Don’t click on a link from an email to get to a website.  The link may look safe, but you do not know that link will direct your browser to where it says it is going.  If you must, copy the email address that it is visible and paste it into your browser manually.  Once you arrive at the page, look at it carefully to be sure it is the intended site and not a fake site made to look like a real site.  It is easy to reproduce logos, colors and the like to make a page resemble a legitimate business page even if it is not.
3. Only provide your financial information  to websites that are secure.   Anything sent over a regular Internet connection can be captured by people with the correct knowledge and tools.  To avoid hackers having access to information such as your credit card number, you want to send the information over a secure internet connection.  Reputable stores will transfer you to a secure connection before asking for financial information.  You can tell two ways.  First, you should be able to see a locked padlock icon somewhere on your screen (it is different with different browsers, different versions and different kinds of machines).  For example, in Firefox on a PC, the padlock is at the top of the page near the “go back” button.  Also, even if you cannot find the padlock, look at the URL, or address in the locator window at the top of the page.  If it is a secure connection, the address will start with https:// (instead of the normal http://).  The “s” stands for secure.
4. Try to use just one credit card online.  In today’s world there are lots of examples of hacking both online and at the brick and mortar stores.  It is a good practice to use a credit card online that is not your main credit card.  In that way if you are a victim of fraud, you can cancel the one card and still have another for your regular purchases.
5. Keep passwords secure.  Most of us think passwords are a hassle.  While they are a hassle and it is hard to remember secure passwords or multiple passwords, they often are the only thing keeping your credit card and other personal information safe.  Keep them secure and keep them “strong” (hard to guess).  For more information on this, I recommend you look at the blog entry on passwords.
6. ALWAYS use anti-virus software, a firewall and anti-spyware software.    It is amazingly easy to pick up malware on the Internet.  (For more information, check out my blog on malware.)  Having those tools available does not guarantee that you will not have problems anymore than putting locks on your doors will prevent you from being burglarized.  But, we all lock our doors at night.

Enjoy your hassle-free shopping, but be careful.  It is easy to forget there are undesirable people in cyberspace just like there are in most communities.  Avoid them if you can!