Archive

Posts Tagged ‘data’

Did you get a New electronic device for Christmas?

January 6, 2012 Leave a comment

Happy New Year to everyone! Wish you all the best for this year, but most importantly, I wish you to be healthy and around your families! Also, stay safe!

Maybe for some of you Santa was kind enough and brought you new electronic devices such as a new laptop, desktop, iPad, tablet or smartphone. That sounds exciting, but have you thought what are you going to do with your old electronic device? Giving it away to charity? Selling it on a classified website, or giving it to a family member or friend? In any of these cases you should first be sure that you are not involuntarily sharring your private info and data. For this reason, E-Crime Expert presents again today some tips on how to remove this personal data from your old electronic device before being given away.

Please watch this video tutorial here:

More details are provided bellow:

A large volume of electronic data is stored on computer systems and electronic media. Much of this data consists of confidential and sensitive information, including patient records, financial data, personnel records, and research information.

If you are with a company or organization that accepts donations or properly dismantles computers, electronics, or hard drives, take them there.

If you have a computer or computer equipment that you believe is beyond repair or is too old to be useful take it to a dismantling centre.

Many computer manufacturers and computer hardware manufactures also have their own recycling or trade in programs. When you buy a new computer you could perhaps trade in the old one.

All computer systems, electronic devices and electronic media should be properly cleared of sensitive data and software before being transferred from you to another seller or dismantling centre.

Computer hard drives should be cleared by using software and then be physically destroyed. Non-rewritable media, such as CDs or non-usable hard drives, should be physically destroyed (ie. scratched, broken into pieces).

Try to destroy or dismantle you hard drive, external hard drive, printer, fax, cell phone, computer, camera, web camera, GPS, laptop because all these devices have internal memory where sensitive data is still stocked even if properly deleted manually or with a software.

When you sell an old laptop or PC, try first to “format” your device and reinstall the operating system- If you are not able to do this, at least try to DELETE:

  • All your photos, videos, music files, located on the following folders: Desktop or My Documents, My Music, My videos (Movies),
  • Archives
  • The folder that retrieves your Mail inbox on your computer
  • Recent documents folder
  • Downloads
  • Library folder
  • Data storage folder
  • Maildownloads folder
  • Info.plist document
  • Key chain, the folder that stores your passwords on a computer
  • Cookies folder
  • Calendar folder
  • Printer folder
  • Cache folder
  • Favorites folder
  • Logs folder
  • Web browser (Safari) folder
  • Sync Services folder used for cloud computing or to sync with other devices
  • Address book

Note: these folders are available on a MacBook Pro device (with Snow Leopard  OS), the order or name of the folders  may differ from computer to computer or from one operating system to another. But the principle is the same.

When you sell your used cellular phone try to do a “factory data reset” and all the information and personal settings will be removed. This is mandatory when you sell your used device.

Step 1: go to settings

Step 2: select SD&phone storage

Step 3: select Factory data reset

This should reset all your information on your phone.

Note: these folders are available on HTC Desire running on Android version 2.2. 

Any questions can be submitted to: dan@e-crimeexpert.com

Additional information can be found at: www.e-crimeexppert.com

Have you ever used any of those methods? Are you thinking to use any of them? How do you dispose of your electronic devices and gadgets you no longer use?

Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog.

Users’ rights in regards to their privacy and personal data

October 17, 2011 2 comments

In the previous blogs, E-Crime Expert presented to its readers the technical features of the Internet, Social Networking Services, applications, mobile devices, in order to help the user identify the privacy risks in regards to these new technologies. Furthermore, the social implications, history and development of these new technological development were also provided. The goal of this blog and posts it is to help users protect their privacy and personal data. Along with better protection that can be achieved by knowing the risks, technical features, social impact and popularity, another important way to protect privacy and personal data it is to enforce the legal rights.

For this reason, E-Crime Expert brings a new series that presents the European legal framework in regards to privacy and personal data in order to make its readers aware of their legal rights and better protect those legal rights.

Current EU regulatory framework concerning private information and personal data

1. Charter of Fundamental Rights of the European Union

 

 

The Charter of Fundamental Rights of the European Union hereafter CFR is part of the Lisbon Treaty.

The CFR unifies under a single document, rights enclosed under different EU laws, and International Conventions. “The scope of this Charter is to provide legal certainty for EU citizens by making fundamental right clearer and more visible”.

Under Chapter II: Freedoms, the right to protection of personal data is granted for the first time separately, autonomous from other rights or freedoms such as privacy, or privacy of correspondence (mail).

Article 8: Protection of personal data

1.     Everyone has the right to the protection of personal data concerning him or her.

2.     Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified.

3.     Compliance with these rules shall be subject to control by an independent authority”.

As this Article reads, data protection means the right of a person to know which data were gathered in regards to her person, how the data are used, aggregated, protected, and where the data are transmitted. Every person also has the right to have access to her own data and to modify the data. Data protection values are not essentially privacy related ones as they are separately addressed under Article 7 (privacy) and respectively under Article 8 (data protection) of the Charter of Fundamental Rights of the European Union. Both privacy and data protection are two distinctive fundamental rights.

The granted rights of the CFR are underlined in its Article 52 (2):

“Rights recognised by this Charter which are based on the Community Treaties or the Treaty on European Union shall be exercised under the conditions and within the limits defined by those Treaties”.

Nonetheless, the CFR does not come in the form of the legislative power of a Directive which should be implemented by each MS until the ought effect or equivalent is reached, but MS should carefully consider this Charter when they implement EU Law or take National Court Decisions. This Charter represents the foundation for the regulatory provisions discussed in the next posts, in order to protect the fundamental rights and freedoms of natural persons with regards to storage, processing, access, manipulation of their personal data.

Here it is a list with the worldwide Data Protection Authorities contact details: click here.

Stay tuned for the next post that will present the Directive 95/46 (aka Data Protection Directive).

Any questions can be submitted to: dan@e-crimeexpert.com

Additional information can be found at: www.e-crimeexppert.com

Did you know about the Charter of fundamental rights of EU?

Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog.

Web 3.0 and privacy

October 3, 2011 4 comments

In order to understand why privacy and personal data are so vulnerable in relation with the Internet and its adjacent services/platforms, E-Crime Expert developed a research study, aiming to learn what the Internet is, how it works, what Social Networking Services are and how they came into place, why SNS are so popular, how private information can be retrieved from SNS users, what is the purpose for targeting and behavioral advertising and what cloud computing is.  Today, Web 3.0 is a first post in a series that aims to understand the cause in order to provide a better effect (better privacy).

E-Crime Expert believes that users’ awareness and online education help protect their privacy and personal data. For these reasons, my research interest in the use of social network services (SNS) and search engines began when I realized that many options and features of the SNS I use (i.e. Facebook) or search engines (i.e. Google), are questionable from the user’s privacy and data protection perspective. I believe that a more in depth understanding of the their functionality, usage and applications on the newly emerging Web 3.0 (also known as Semantic Web) could help users protect their private information and personal data.

Privacy and protection of personal data are increasingly discussed and analyzed by law enforcement, advocacy groups, industry and academics, legal practitioners, and policy makers. In my previous research (LLM) Thesis, I tried answer the question: if the SNS, Facebook, is in compliance with the European Union’s Data Protection Directive 95/46/EC. Furthermore, I am trying to better understand what Web 3.0 is and how operates.

With the immersion of Web 3.0 personal data and private information cannot be fully controlled. Soon (service) providers, by employing Artificial Intelligence, may be capable to predict what people want regarding a particular search query, products or services, in order to be deliver one single choice which it supposed to be the choice sought by the user. But would this be done at the expense of privacy? It’s important for policy makers and lawmakers to be aware of these challenges in order to keep up with the continuous technological developments.

What is Web 3.0?

Tim Berners-Lee (the director of the World Wide Web Consortium which oversees the Web’s continued development, also founder of the World Wide Web Foundation, and senior researcher and holder of the 3Com Founders Chair at the MIT Computer Science and Artificial Intelligence Laboratory) has described the semantic web as a component of Web 3.0.

Computer scientists see that Web 3.0 will be more application based by functioning on “non-browser applications and non-computer based devices…but… geographic or location-based information retrieval” while using Artificial Intelligence.

Short review of the web’s development:

Web 1.0

For example, Hotmail or Yahoo’s services were all about read-only content and static HTML websites. People navigated the web through link directories of Yahoo, Hotmail or AOL! A walled garden, a portal where the user stopped and “found” everything they needed (or the provider gave them). There was no choice for users to upload their content on those portals, such as pictures or videos, and also not much choice for others to use them with or without authorization (of course excluding hackers).

Web 2.0

Web 2.0 is the user-generated web content. Users are consuming as well as contributing information through blogs, vlogs, picture sharing like Picasa or video websites like YouTube, etc. Consumers, content publishers and users are continually becoming more of the same entity. The Web seems apparently open for anyone to contribute, modify and improve but actually it is not like that because these information appliances providers such as Facebook, deliver the platform, products and services of their choice in a closed-capsule form. It is also a walled garden (rather a prison which looks like a park), but better and more efficient controlled, manipulated and “supervised”.

Web 3.0.

Also known as the semantic web where the data has its own meaning in order to deliver observational, behavioral and tailored content/advertising to individuals rather than to “crowds” by using searches and preferences made by users. Web searches would generate local results for user’s geographical area and would include websites that it “thinks” the user would like to see. Seems convenient at a first glance, but it also appears to be an invasion of users’ privacy.

Web 3.0 and Privacy

In the Web 1.0, users had control over their information by exchanging it strictly over email or on web portals (Yahoo, AOL, Hotmail) to designated recipients. In Web 2.0 the users also had more or less control of their own information by choosing which account or website where they will post videos and photos, or delete and modify these photos or videos. However, in the Web 3.0 case there is no guarantee on how users’ information is monitored, retrieved, aggregated and by who and where it is used. This Web 3.0 brings the users’ web experience to a different level where the users themselves have less and less control over their information and content.

Nonetheless that the opportunities Web 3.0 could offer are promising (faster interaction, more tailored content, services/info based on geographical location etc), these opportunities also come in a package with concerns regarding users’ personal information already available on the web, and moreover that no one really knows where this information is stored (data centers), how is exchanged/transferred (cloud computing), who controls/access it (service provider and third parties?), and what those that control and access do with the users’ data. A legitimate question is (which I have no answer for): who has control over the data about our everyday lives?  

Ultimately, those new opportunities that Web 3.0 offers will can be safely used when reliable methods for controlling the storage, access, usage, transfer, purpose, and privacy of the data will come into place either through regulatory measures, self-regulations, better enforcement, or privacy by design and users’ education.

For me the perspective of having a smart phone, laptop, PDA, my SNS account, a website which shares information they know about me feels threatening. Why?

Because a smart phone, laptop, PDA, website, online store, social networking platform, can know my home address, personal details, contact details, financial details, bank account number, login and password information, search queries, personal preferences (movies I like, music I listen to, restaurants I eat at, pubs I go to, close friends, etc), and even more personal details.

The Web 3.0 could make it easier for users to find what they are looking for online but also it could eventually go so far to the point where users will be showed/told what they like, how they dress, what to eat, and where to go and thus having less or even no control on their own preferences. Once providers or advertisers know someone’s preferences, they will deliver that particular service or advertising as being the user’s choice and it would then not matter what a user actually wants or prefers because the choices will be limited based on their preferences (previous online activity).

But the situation could be less dramatic than it sounds as long as the users know what to share in their online “life”. There will be less chances for one to know what a user likes to eat, watch or visit if that user will not make it public online or would share the least amount of personal preferences as possible. Of course this is not enough, as nowadays providers and advertisers seem to be following or “stalking” users online like one would physically chase a person in the real life. But in the meantime providing less or no information about ourselves has more chances for us to not be “labeled”. If this is the case with Web 3.0, I am concerned thinking about what Web 4.0 will be like.

For this reason, try to take care of your personal information and data now as a wise future investment when or if the Web 4.0 will come into place.

Stay tunned for the next post in this series which will present the history of SNS.

Any questions can be submitted to: dan@e-crimeexpert.com

Additional information can be found at: www.e-crimeexppert.com

Did you know what Web 3.0 is? What do you think about Web 3.0? Are you expecting a Web 4.0 as well?

Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog.

Data Safety

September 22, 2011 3 comments

Users data and personal information are very important for: subjects (users), SNS, advertisers, providers and (cyber) criminals, of course from totally different perspectives. E-Crime Expert presented several posts on how the data could be vulnerable, offline or online, with this data is important for advertisers and providers, and will start presenting a series of specific Internet-related crimes, in order to increase awareness.

Identity theft criminals that have access to all information available on Facebook os similar SNS for example, are now targeting many users. If someone posts on his public profile on Facebook his date of birth, address, phone number, educational background, work details and personal pictures, this information could be retrieved and used by criminals to counterfeit driver license, bank cards, credit scores, ID cards, make online purchases, etc. For example, if someone applies for a bank loan, by having someone’s name, address, and contact details they could counterfeit an ID. In addition, if the criminal knows the current employer of the subject, they could produce a fake letter from the employer regarding his earnings, and contractual details (i.e. part-time, full-time, permanent employee, etc, which could be used to obtain a bank loan on the victim’s name). The chances to commit identity theft are growing exponentially with the amount of information available for an individual. According to Tsujihara Alice (special Agent), the FBI calls this social engineering: With social engineering, what you can do is you can use other people and resources and not necessarily have to go in through the front door hacking through a computer. There is a lot of electronic information of our personal information stored over the Internet.”

In terms of the information stored on Facebook, a user has access to the profile information of his contact list by the way Facebook’s service platform is built. Also, some Facebook users choose or have a lack of knowledge regarding how to make their profile information unavailable to other users (different than their contacts list). The risks occurring from here are similar to those from the offline world, such as: someone is upset with another person about a soccer game in the park, for example. They know each other by name and physiognomy and the upset person goes home, and checks his “rival’s” name on Facebook, finds his profile which might come along with address, phone number, etc. Therefore, potentially the upset person could go to the home of the person he is upset with. From there unpleasant things could happen such as: physical altercation, vandalism and even more serious crimes like stalking could occur. A situation could arise online as well; for example, someone gets in a disagreement with someone else on a Facebook Fan club page, and there are chances that this dispute could be dealt with in the offline environment as explained above.

Furthermore, if a user chose to delete his Facebook account, this is not technically possible on Facebook as actually the account goes offline and is not deleted in the first instance. Cached personal data of a user will be still available on the Internet and be searchable on Google, Yahoo, and Facebook as the different versions and updates of information are stored on different servers. Moreover, even if the private information could finally be removed, it should be kept in mind that at some point it was available on Faceboook where any user could have had accessed it, downloaded it or copied it onto his computer.

Another related example of downloadable personal data vulnerabilities is the Pirate Bay example where 2, 923 users (seeds) had downloaded 171 million public profiles (including names and email addresses) from Facebook out of 500 million registered users (at that time, in 2010). One could say that this is publicly available information, which is true if we refer just to those profiles freely available to anyone on Facebook, as anyone on Facebook could access individually all this data, but the point is that this was the first time when someone could compile in a single file so much of the users’ personal information, which could be used by different people to send group emails (such as spam, or Nigerian letters), or use the phone numbers for marketing purposes, or that personal data and preferences for online advertising. Furthermore, many of those users provided personal information such as home address and date of birth, which again could be used for criminal purposes such as by people who want to make fake ID cards, or open bank accounts in somebody’s else name. Indeed as mentioned above the information was publicly available (or not public if the profiles were closed to a particular audience), if someone manually scanned all those profiles, but the possibility of compiling all this information in a single file and having access to it, opens venues for organized criminal behavior and brings up the potential weaknesses of the security of private information concerning the users of this SNS.

Any questions can be submitted to: dan@e-crimeexpert.com

Additional information can be found at: www.e-crimeexppert.com

Have you ever problems with your data? Have you ever tried to erase your online data? Would you be interested in checking the new Facebook privacy settings?

Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog.

Video: How to protect your offline and online privacy

September 18, 2011 3 comments

As announced in yesterday’s post How to protect hard copy & electronic private dataE-Crime Expert is presenting the video tutorial: “How to protect your offline and online privacy“.

A proper protection of your private data and personal information (online or offline) could protect you against identity theft, scams, child pornography, financial frauds, privacy intrusion or cyberthreats.

 

The hard-copy of this presentation could be downloaded here.

Tomorrow, E-Crime Expert is presenting what a Data Protection Officer is, what are his/her duties, why he/she is useful in an organization, how he/she can help protect your business, clients, private information, intellectual property.

Any questions can be submitted to: dan@e-crimeexpert.com

Additional information can be found at: www.e-crimeexppert.com

Have you ever used any of those methods? Are you thinking to use any of them? How do you dispose of your paper mail, bank records? How do you dispose of your electronic devices and gadgets you no longer use? Do you have additional tips you would like to share?

Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog.

How to protect hard copy & electronic private data

September 17, 2011 7 comments

As announced on yesterday’s post (Privacy: online versus offline), E-Crime Expert is presenting today “How to protect hard copy & electronic private data“.

A proper protection of your private data and personal information (online or offline) could protect you against identity theft, scams, child pornography, financial frauds, privacy intrusion or cyberthreats.

1. Offline

Never assume that anyone is not interested in your paper garbage, letters, etc.

Contact your credit card companies, banks and utility companies and ask them to make your accounts “paperless.” You can retrieve and pay your bills online and won’t have to deal with so much potentially dangerous paperwork. Keep a logbook of your bills to review at least once a month because you won’t have the incoming mail to trigger your memory.

If you need to use bank statements on paper, bills, etc, then use a paper shredder device to destroy them after expired or no need (I suggest to keep them for at least 6 month before destruction).

If you don’t have a paper shredder device, then try to see if any of your friends/family members have one and ask regularly to use it.

Also, you could ask for permission to use the existing paper shredder device at your working place if any available.

If they also do not have a shredder, try to buy in common with your friends, family, neighbors one and share it.

If this does not work for you, then another option is to keep your bills and papers with sensitive information and go regularly to the library, a printing shop, or bank where they may have a shredder that you can use.

Another option for those living in a house with a fireplace or outdoor fire pit, is to burn them regularly in those places, but carefully and respecting the fire bans and rules in your area.

If a standard hand-style shredder is more affordable, buy one and use to shred your sensitive documents. Distribute the strips into more than one recycling bag.

Another option can be to tear/rip them in the smallest pieces you can, by using your hands or scissors and after put them in separated paper containers/bags at different periods of time,.

Destroy the important parts of your documents. If you don’t have a shredder, just destroy the parts that identify you personally. Use scissors or a hole punch to obliterate your name, account number and credit card number before you throw the document away. Take a close look at your credit card bills; some include your card number in as many as five places, including buried within code numbers across the top or bottom. Destroy your name and address, and the account number along the bottom, of any checks and bank deposit slips-especially those free checks sent by credit card companies.

You could also soak them in a can/recipient where you could also add bleach, then drain and dispose of pulp in the trash. This would be my last choice as I encourage recycling, which can be done with shredded paper as well, but not when using this method.

Attend free and public community shred events. Just bring your old personal documents and papers that should be shredded.

Take your box of personal documents directly to the municipal recycling center and put it in the large recycling hopper. This will immediately mix your documents in with several tons of other paper, and it minimizes the risk of the middleman sorting through your papers, etc. It is a lot harder for someone to break into the facility and rummage through a giant steel container packed densely to the top with paper than it is to go through a few garbage bags.

2. Online

A large volume of electronic data is stored on computer systems and electronic media. Much of this data consists of confidential and sensitive information, including patient records, financial data, personnel records, and research information.

If you are with a company or organization that accepts donations or properly dismantles computers, electronics, or hard drives, take them there.

If you have a computer or computer equipment that you believe is beyond repair or is too old to be useful take it to a dismantling centre.

Many computer manufacturers and computer hardware manufactures also have their own recycling or trade in programs. When you buy a new computer you could perhaps trade in the old one.

All computer systems, electronic devices and electronic media should be properly cleared of sensitive data and software before being transferred from you to another seller or dismantling centre.

Computer hard drives should be cleared by using software and then be physically destroyed. Non-rewritable media, such as CDs or non-usable hard drives, should be physically destroyed (ie. scratched, broken into pieces).

Try to destroy or dismantle you hard drive, external hard drive, printer, fax, cell phone, computer, camera, web camera, GPS, laptop because all these devices have internal memory where sensitive data is still stocked even if properly deleted manually or with a software.

When you sell an old laptop or PC, try first to “format” your device and reinstall the operating system- If you are not able to do this, at least try to DELETE:

  • All your photos, videos, music files, located on the following folders: Desktop or My Documents, My Music, My videos (Movies),
  • Archives
  • The folder that retrieves your Mail inbox on your computer
  • Recent documents folder
  • Downloads
  • Library folder
  • Data storage folder
  • Maildownloads folder
  • Info.plist document
  • Key chain, the folder that stores your passwords on a computer
  • Cookies folder
  • Calendar folder
  • Printer folder
  • Cache folder
  • Favorites folder
  • Logs folder
  • Web browser (Safari) folder
  • Sync Services folder used for cloud computing or to sync with other devices
  • Address book

Note: these folders are available on a MacBook Pro device (with Snow Leopard  OS), the order or name of the folders  may differ from computer to computer or from one operating system to another. But the principle is the same.

When you sell your used cellular phone try to do a “factory data reset” and all the information and personal settings will be removed. This is mandatory when you sell your used device.

Step 1: go to settings

Step 2: select SD&phone storage

Step 3: select Factory data reset

This should reset all your information on your phone.

Note: these folders are available on HTC Desire running on Android version 2.2. 

Tomorrow, E-Crime Expert is presenting the video tutorial: “How to protect hard copy & electronic private data“.

Any questions can be submitted to: dan@e-crimeexpert.com

Additional information can be found at: www.e-crimeexppert.com

Have you ever used any of those methods? Are you thinking to use any of them? How do you dispose of your paper mail, bank records? How do you dispose of your electronic devices and gadgets you no longer use?

Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog.

%d bloggers like this: