Phones have become quite sophisticated devices recently, hence the term “smartphone”. They can connect to the internet, download programs, and keep track of your life. All useful features.
Phones can also be used to spy on you, as some people in United Arab Emirates discovered. In this case a network carrier (Etisalat) sent their customers an update that installs on their BlackBerry phones. They told their customers that the update was “required for service enhancements.”
What they didn’t tell their customers is that the update contains spyware made by a company called SS8 Networks. This spyware sent information to their company using the phone (which incidentally drained their batteries from uploading so much data).
It’s still unclear what this spyware actually does, or why it was installed on their customers’ phones. You can read more information on this incident here.
In theory phone spyware could activate the phone’s microphone and/or camera and send information to another site. Or it could intercept SMS’s and phone calls. And so many phones these days also GPS receivers in them so spyware could also theoretically keep track of your location. This is all scary stuff.
There isn’t much we can do about this threat at the moment, if your life or work involves privacy then consider using an old phone with limited features instead of today’s smartphones.
When you visit a web site then later visit another web site, your web browser keeps a history of these sites. You can see this history by going to your browser’s menu and clicking on History.
In the past this history was private because it exists only on your PC. But recently it’s been proven that it’s possible for web sites to get a peek into your browser history. This could be a privacy concern for some people. Here’s how it works.
Some people have come up with some clever code they can place on their site. It basically asks your browser if you’ve visited a particular site before. For a demonstration click here and click on the Get Started link in the centre. Don’t worry, nothing bad will happen, it’s just a demonstration.
So how does this affect you?
You just need to be aware that privacy on the internet is fairly limited these days. If you have something to hide (for whatever reason) or you’d just like a bit more privacy, there are steps you can take to prevent this. It’s a bit technical for beginners but with a bit of effort it’s achievable.
- Some browsers now have a “privacy” mode. For example, Google Chrome calls it “incognito”. Privacy mode doesn’t keep track of which sites you’ve been to.
- You can use Firefox and install something called the “NoScript addon”. This will block the code I mentioned above.
Yesterday a web site published a hack for Facebook that lets anyone read anyone’s profile. It was possible to read details such as location, gender, relationship status, political views, religious views, etc. It didn’t matter what privacy settings people had set, this hack made it all visible.
Today Facebook have acknowledged the problem and fixed it.
This is a good reminder that when you publish information online, you lose some control over it. If something is so private that you can’t risk others seeing it then don’t publish it.
You can read more about the exploit here.
A business owner in USA had been twittering about his upcoming holiday, and provided further updates when they’d left home for their holiday. Then their home was burgled. Was is chance or did someone know the house would be empty via Twitter?
It’s not possible to know but it certainly raises awareness about how safe it is to tell strangers about your travel plans. And this doesn’t just apply to Twitter, but to any social site where you’re giving personal information to strangers.
Read the full article here.
Social web sites are all the rage these days, such as Facebook, MySpace, Twitter, and there are hundreds of less popular ones as well. The idea with them is that all your friends and family can join and you can share aspects of your life such as photos and comments.
Often these same sites will ask for other passwords, in an effort to help you find more of your friends and family. For example, when you sign up to Badoo.com it asks you for your MSN username and password. They do this so they can log into MSN with your account, get a list of your contacts, and invite them to join Badoo. Facebook can do this too only on a grander scale.
It’s good in theory but there are some large risks involved. When you sign up and are prompted to enter your MSN details (or any other account), consider these questions:
- Who runs Badoo? Is it some guy sitting at home with no one to answer to?
- Do you trust the company (such as Badoo) and all of their employees?
- Do they store your MSN password? (You have no way of knowing this for sure)
- Have their servers been hacked and is someone else also capturing your password? (Again you have no way of knowing this, web sites get hacked every day)
You can see where this is leading. If you enter your other passwords into someone’s web site you’ve lost control and put yourself at some risk.
So when you sign up to a new site and it asks you for other passwords you already have, your initial reaction should be to refuse. Then consider if the benefits of doing so are worth the risk.
I’d like to thank our regular reader Nick for bringing this issue up.
Limewire is a P2P file sharing program that’s been around for a long time. People use it to share files, and unfortunately most people use it to trade illegally copied music and movies (copyright violation).
When you install Limewire you need to turn some options off, otherwise it could also share your personal documents with everybody. Personal documents include Word files, your photos, etc.
If you use Limewire versions 4 or 5 click on this link and follow the instructions shown.
And if you’re wondering who would be silly enough to share private documents on a P2P network, here are some real life examples the article gives:
- An executive at a Manhattan production company accidentally leaked over 2,700 documents including the names, birth dates, and social security numbers of contractors, as well as scripts of episodes currently in pre-production
- A paralegal/transcription service leaked more than 5,000 documents including medical records and confidential attorney/client information
- A bookkeeper at a food service company leaked thousands of files including scanned driver’s licenses, social security, and insurance cards
AllFacebook has listed 10 privacy settings they recommend if you worry about how your personal details are shared with the public. The settings are listed below, together with my comments:
- Use Your Friend List – This is just grouping friend according to your own social circles, and you can apply privacy policies to each group. Makes sense since not all friends are created equal.
- Remove Yourself From Facebook Search Results – This prevents people finding you on Facebook, good for school teachers etc.
- Remove Yourself From Google – This prevents Google indexing your details. I believe this is a good thing, sometimes Google knows too much about about people.
- Avoid the Infamous Photo/Video Tag Mistake – This setting lets you control who can see photos of you.
- Protect Your Albums – This is similar to item 4, it also limits who can see your photos.
- Prevent Stories From Showing Up in Your Friends’ News Feeds – It basically stops gossip.
- Protect Against Published Application Stories – Some Facebook applications are silly and embarrassing, this tip explains them.
- Make Your Contact Information Private – You can control who gets to see your phone number, email address, etc
- Avoid Embarrassing Wall Posts – You can prevent friends posting embarrassing things on your Facebook wall.
- Keep Your Friendships Private – You can prevent others seeing your friend list.
The article explains these 10 things in great detail, with screen shots. It’s easy enough for anyone to follow. Read it here.
This one of those legal spyware programs I mentioned recently. Mobile Spy is used to secretly record SMS and calling data on a phone. It already existed for Symbian and Windows Mobile phones – now it’s available for iPhones.
They claim it runs in a stealth mode to make it difficult to detect. It silently records all SMS text messages and information about all calls. It then uploads this information to a private account on the web.
Apparently future versions of this program will also capture GPS information and details of any emails sent or received.
Why is this legal?
I can’t really comment on the legal side, and it would be different in each country. The company that makes it, Retina-X Studios, is selling this product to worried parents or employers to monitor their children/staff.
How is it installed?
Someone has to have physical access to the iPhone to install it. They need to purchase the program (US$99), and it seems the phone needs to be "jailbroken" – a hack that voids the phone’s warranty.
How can you prevent it?
Firstly, don’t lend your iPhone to people or leave it lying around.
I’m not aware of any anti-virus programs for the iPhone that detects this yet but I have my bets on F-Secure, they’re fully aware of what’s happening here. I’ll post an update when something new comes up.
A keylogger is a small program that sits on your PC quietly capturing each key you press on your keyboard. It either logs each keystroke to a file, or sends it off somewhere on the internet.
It’s used to spy on people. By capturing keystrokes your login and password can be revealed, as well as other confidential information. And usually they’re what’s known as “stealthy” programs – most of the time you wouldn’t know it’s there.
Where do they come from?
There are quite a few keyloggers available. Most are written by hackers (the bad kind). A few are written by commercial software companies (more on that below).
Are they legal?
Usually no. They’re used as spyware to capture your passwords which is illegal in most places.
How can you detect them?
Use a good anti-spyware program. Most antivirus packages come with this feature these days, others are available separately. There are free ones too. Search Google for current a list.
But there’s another kind of keylogger that you can’t detect this way. You can buy a little plastic device that plugs in between your keyboard and your PC. Since it’s directly connected to the cable hanging off your keyboard it can detect every key stroke and record it. Someone has to have physical access to your PC to install it (and to later remove it). You need to look at the back of your PC where the kayboard plugs in to detect it. Search here for a list of these devices.
Recently a US court has looked at a commercial keylogging company called CyberSpy and decided it’s illegal. They’ve ordered CyberSpy to stop selling their software (called RemoteSpy). Unfortunately there are too many alternatives for people keen on spying and stealing passwords. More on this here.