How to get off ‘lists,’ reduce junk mail, email

junkmail

Source: How to get off ‘lists,’ reduce junk mail, email, clarionledger.com

PDF: getting-off-lists

When I talk to people about the work I do in this column, one of the most-asked questions is how they can get off the “lists”. If you’re tired of the constant barrage of junk clogging your mailbox and inbox, there are ways to stop the madness — or at least slow it down. So, every now and then, it’s a good opportunity to refresh ourselves on this topic.

Everybody knows the feeling of opening your mailbox and getting a handful of mail — only to find out most of it consists of solicitations to try a new satellite TV provider, buy a new car or sign up for a credit card. Email users are familiar with the constant barrage of spam that clogs their inboxes.

The first thing to remember about these lists is that your name got on them in some way. And in some cases, that holds the key to stopping or slowing future solicitations. Sometimes, it’s in your control, but most often, it’s not. Many companies collect and sell information about consumers, and any company can buy a list of names, addresses, phone numbers and email addresses to fit their needs. Want to zero in on consumers ages 50-60 in a certain neighborhood? It can be done. Want to find people who bought cars in the last year with certain income levels? It’s available.

Often, these companies buy lists from other companies that have sold you something. If you have provided any information about yourself (for example, if you filled out a warranty card), that information may be bought and sold. If you visited certain websites, your browsing information might go to a company that installed a “cookie” to track your activities. It would be nearly impossible for someone to remain “off the grid” completely (though that hasn’t stopped people from trying).

If you think direct mail is dead, think again. In the past few years, the rising costs of printing and competition from other media have challenged the direct mail industry, but it’s not going away anytime soon. Technology is helping companies make better investments in their solicitations; the last thing any company wants is for its expensive printed piece to go directly into the trash or recycling bin.

The good news is you can cut down on the number of unsolicited mailings, calls and emails you get. Here are a few suggestions for cutting down on the clutter:

  • Prescreened” credit offers: Credit card and insurance companies love to find new customers, and they often do it by purchasing lists of “prescreened” consumers. These are people who haven’t really “prequalified” for offers, but would be likely candidates.

You can opt out of these for the next five years, or permanently. (The opt-out service is operated by the major credit card reporting companies.) To opt out for five years, call 1-888-5-OPT-OUT (1-888-567-8688) or visit www.optoutprescreen.com. If you want to make it permanent, you can start that process at the same website, but you’ll have to sign and return a Permanent Opt-Out Election form. Keep in mind you’ll have to provide some basic information including your Social Security number. This is one of the rare times it’s OK to give out your Social Security number over the phone.

  • Direct mail/email: The Direct Marketing Association’s Mail Preference Service lets you opt out of receiving unsolicited direct mail from many national companies for five years. Within a few weeks, your mail volume should drop. However, you should remember that companies aren’t required to use this service. To register, visit www.dmachoice.org. This is also where you can register your email address to opt-out of receiving commercial emails, but it’s not likely to put a significant dent in your spam folder. The best way to do that is to use a good filtering system; most major email providers have some tools to help you identify spam emails and keep them quarantined in a separate folder (or not letting them through in the first place).

It’s important to note you’ll never be able to completely stop the bundle of flyers and solicitations that come to every mailbox (believe me, I’ve tried). You can, however, cut at least some of the catalogs and flyers. Catalog Choice (www.catalogchoice.com) and PaperKarma (www.paperkarma.com) are two services that promise to let you take control of direct mail. Catalog Choice is web-based; PaperKarma is a smartphone app that allows you to take a photo of the mail piece and submit a request to stop. And some companies, like ValPak and RedPlum, have their own opt-out services. To stop getting Redplum coupons, visit http://bit.ly/1FvtPKx. To stop ValPak coupons, visit http://bit.ly/1Lf7YxG.

If you’re really diligent, you may find your mailbox is largely empty soon; in the process, you’ll have saved companies some money, reduced the trash going into landfills, and perhaps saved a tree or two.

When your TV spies on you

tv-spies-on-you

dailybeast.com

Source: When your TV spies on you, clarionledger.com

PDF: vizio

The novel “1984” by George Orwell was required reading for a generation of students. This dark 1949 novel tells the story of government functionary named Winston Smith, who lives in a dystopian world full of surveillance equipment, run by a brutal government bent on controlling every aspect of life. Every home and many public spaces have “telescreens,” large television sets that not only carry government propaganda, but have cameras documenting everything that happens. Nothing is off-limits to “Big Brother’s” prying eyes.

While the world Orwell describes might not much resemble the world we see every day, some privacy experts have been increasingly concerned in recent years about the way our activities are being monitored, not only by the government but also by private corporations. We’ve known for years about companies that collect and sell information about nearly everything we do online. But a recent revelation has many privacy advocates wondering just how far this can go.

Vizio, one of the world’s largest manufacturers and sellers of internet-connected “smart” televisions, last week signed a $2.2 million settlement of charges by the Federal Trade Commission and New Jersey’s attorney general that it installed software on its TVs to “collect viewing data on 11 million consumer TVs without consumers’ knowledge or consent.”

According to the complaint, in 2014 Vizio and a subsidiary company used the sets to collect data from various attached devices and services and paired it with demographic data supplied by Vizio owners such as age, sex, income, marital status and household income. Then, the company sold the information to third-party companies, who used it to market products and services to Vizio customers.

The complaint alleges Vizio’s data tracking — which occurred without viewers’ informed consent — was unfair and deceptive, in violation of the FTC Act and New Jersey consumer protection laws.

Of course, it’s common knowledge that nearly all our online activities are subject to eavesdropping. Sometimes, it’s with our knowledge and consent; other times, it’s sneaky and illicit, and sometimes, is valuable in unexpected ways. For example, law enforcement agencies have sought to collect data from such devices as Amazon’s Alexa and Google’s Home to help provide evidence of crimes.

And such activities are increasing. The “Internet of Things” — in which even common household devices such as thermostats and refrigerators are becoming “smart” and connected through the web — has become a reality before our eyes. “Smart-house” technology promises to make things more convenient for us, but it also comes at a price that may include our privacy.

It’s worth noting that Vizio didn’t break the law by collecting the information in the first place, but rather by not informing consumers it was tracking and using it. And it’s not the first; CNET reported in 2015 that some Samsung TVs equipped with certain voice-activated commands might happen to catch conversations occurring in the room, but Samsung was quick to note this capability was clearly disclosed.

Regardless, it’s clear the electronic devices available on the market today come with a lot of interactivity, which some argue makes for a better experience for the customer. Others, though, worry that all these interactive technologies could be creating a world in which someone’s watching our every move. For consumers trying to balance convenience with privacy, the best solution might be a balancing act between the two.

Are apps tracking your kids?

AdobeStock_55647705.jpeg

Stock Photo

via Moak: Are apps tracking your kids?, clarionledger.com

When we install a new app on our smartphones or other devices, most of us will quickly give our consent to the verification screen that pops up, which asks us to verify our privacy preferences. It might ask for permission to peruse your social media profile, provide location information, and even post to Facebook and other social media on your behalf. Because you’re in a hurry to get the app loaded, it’s easy to click “OK” and get on with our lives.

Few of us pay attention to this small (but important) question, but the apps we download could actually be providing a lot of information about us to companies who want to track our movements and preferences, monitor our activities and even gather information about us to sell to others.

Since many devices have “geo-location” capabilities, they can detect where your smartphone (and, by extension, you) are, with an impressively small degree of error. Some devices can even track your location in stores, figure out what merchandise you might be examining and predict your purchasing habits with amazing accuracy. Of course, if you’re OK with this, it’s not a problem. But for many people, it would be disturbing if they knew how much information was being shared without their knowledge or consent.

But a recent case has illustrated that apps can be gathering much more than you think. A Singapore-based company called InMobi will pay nearly $1 million in civil penalties and implement a comprehensive privacy program to settle Federal Trade Commission charges it deceptively tracked the locations of consumers without their knowledge to serve them geo-targeted advertising.

“InMobi tracked the locations of hundreds of millions of consumers, including children, without their consent, in many cases totally ignoring consumers’ express privacy preferences,” said Jessica Rich, director of the FTC’s Bureau of Consumer Protection. “This settlement ensures that InMobi will honor consumers’ privacy choices in the future, and will be held accountable for keeping their privacy promises.”

Among the FTC’s allegations is that InMobi mispresented that its advertising software would only track consumers’ locations when they opted in and in a manner consistent with their device’s privacy settings. “According to the complaint,” noted the FTC, “InMobi was actually tracking consumers’ locations whether or not the apps using InMobi’s software asked for consumers’ permission to do so, and even when consumers had denied permission to access their location information.

The company, which has reportedly reached more than a billion devices worldwide through thousands of popular apps, has a huge global footprint. The FTC alleges inMobi “created a database built on information collected from consumers who allowed the company access to their geolocation information, combining that data with the wireless networks they were near to document the physical location of wireless networks themselves. InMobi then would use that database to infer the physical location of consumers based on the networks they were near, even when consumers had turned off location collection on their device.”

InMobi stands accused of violating the Children’s Online Privacy Protection Act by collecting this information from apps that were clearly directed at children, “in spite of promising that it did not do so.” The complaint noted that InMobi’s software tracked location in thousands of child-directed apps with hundreds of millions of users without following the steps required by the act to get a parent or guardian’s consent to collect and use a child’s personal information.

Under the terms of the settlement, InMobi was originally assessed a $4 million civil penalty, which is suspended to $950,000 based on the company’s financial condition. In addition, the company will be required to delete all information it collected from children and will be prohibited from further violations of the Children’s Online Privacy Protection Act.

The company will also be prohibited from collecting consumers’ location information without their affirmative express consent for it to be collected, among other conditions, and must create an extensive privacy program, with monitoring and independent auditing every two years.

The FTC has some good tips at http://1.usa.gov/28PC3K5 to help you learn more about device tracking.

Patient information released without OK, feds say

AdobeStock_94761244.jpegvia Moak: Patient information released without OK, feds say, clarionledger.com

A company that produces Electronic Health Records has agreed to settle allegations from federal regulators that it allowed sensitive health information to be posted online without letting patients know it would be disclosing the information.

In 2012 and 2013, California-based Practice Fusion, described by the Federal Trade Commission as a “cloud-based electronic records company,” allegedly began posting online patient reviews of doctors it had collected, but failed to tell the patients the details of how they would be used. In some cases, sensitive information allegedly appeared in the reviews.

“Practice Fusion’s actions led consumers to share incredibly sensitive health information without realizing it would be made public,” said Jessica Rich, director of the FTC’s Bureau of Consumer Protection. “Companies that collect personal health information must be clear about how they will use it — especially before posting such information publicly on the Internet.”

Electronic Health Records have been controversial, with advocates promising they will create a more seamless experience for patients who see multiple providers, help lower costs through greater efficiency and reduce the risk of errors. But privacy watchdogs have warned that consumer information could be compromised if the information is not handled with great care. In a 2012 survey conducted by Xerox, just over a quarter of Americans said they wanted their records to be digitized. It should be noted Practice Fusion wasn’t accused of allowing the compromise of EHR data, but of failing to give proper notification to patients before posting the information online.

Federal laws require any business that handles sensitive health information to go to great lengths to protect that information, with stiff penalties for violations. And consumers must be informed of any intent to share that information (that’s why you get those annual notices about protecting your privacy and have to sign separate privacy acknowledgement forms when you visit the doctor).

According to the FTC’s complaint, Practice Fusion began a public-facing, health care provider directory in 2013, including reviews of physicians. To populate the reviews, Practice Fusion began sending emails to patients of physicians who had contracted with Practice Fusion to provide electronic health records services. The emails allegedly were sent to “help improve your service in the future,” and asked them to answer questions about their recent visit to the doctor.

But when consumers discussed their recent visit, they often included details and could leave their name and contact information. For example, one consumer talked about a depressed child, another revealed she was concerned about a yeast infection and another spoke of a “Xanax prescription.”

Although the company didn’t admit any wrongdoing, it noted in a statement that it had discontinued the system in 2013. “The proposed consent agreement is not related to our core businesses, nor how we have operated the survey feature since April 2013,” noted a statement on the company’s website. “The complaint associated with the consent agreement does not allege that anything that we are currently doing is problematic.”

The FTC’s announcement didn’t disclose any monetary penalties, but did note the agreement prevents Practice Fusion from “misrepresenting the extent to which it uses” information. In addition, it must “clearly and conspicuously disclose — separate and apart from a privacy policy, terms of use or other similar document — that it is making such information publicly available and obtain consumers’ affirmative consent.”

Feds crack down on data brokers

via Feds crack down on data brokers, clarionledger.com, 1/2/2015

If you live even part of your life online, chances are, data brokers know about you. These companies live in the shadows of the e-commerce world, quietly gathering information about consumers, then reselling that information to others. Most of the time, we don’t hear much about these companies, but in recent years, as several high-profile data brokers have been the subject of information breaches by hackers, some of their activities have come to light.

Federal regulators last week lowered the boom on one data broker that allegedly sold sensitive information of hundreds of thousands of people who had signed up for payday loans through third-party websites. The Federal Trade Commission announced the action this week in a news release.

Nevada-based LeapLab, which does business as a data broker, is accused of buying the personal information from payday loan websites known as publishers, then reselling it to other companies who then used the information to solicit business from the consumers and, in some cases, make unauthorized withdrawals from their accounts. Consumers, most of whom were looking for quick cash through payday lenders, had to enter their personal information into the websites’ applications. The sensitive information included the consumers’ names, addresses, phone numbers, social security numbers and bank account information.

“This case shows that the illegitimate use of sensitive financial information causes real harm to consumers,” said Jessica Rich, Director of the Federal Trade Commission’s Bureau of Consumer Protection. “Defendants like those in this case harm consumers twice: first by facilitating the theft of their money and second by undermining consumers’ confidence about providing their personal information to legitimate lenders.”

According to the FTC complaint, LeapLabs sold “approximately five percent of these loan applications to online lenders, who paid them between $10 and $150 per lead,” but then sold the “remaining 95 percent for approximately $0.50 each to third parties who were not online lenders and had no legitimate need for this financial information.” The alleged misuse included unsolicited emails, text messages or calls, and other data brokers, and in a related case, a company called Ideal Financial Solutions is accused of misusing the information from 2.2 million consumers (about 16 percent of which came from LeapLabs).

Money Magazine recently wrote about the topic, noting that the data broker world not only relies on digital information, but it also gathers nuggets from such mundane sources as consumer warranty applications, store loyalty cards and sweepstakes entries. Congress has been studying the issue, but until you can have more control over what data brokers know – and can sell – about you, here are a few things you can do:

Stop using cookies. Now, while we have all had more than our share of chocolate-chip variety over the last few weeks, I mean the kind of cookies that keep track of where you go and what you do on the Internet. Cookies make our lives easier by remembering who we are, and even in some cases remembering our passwords for us. But there is a price to pay: using cookies gives valuable information to web providers, who could then turn around and sell that information to data brokers.

Be choosy about entering store loyalty programs. When you sign up, you are giving permission for them to market to you. That may be what you want, but keep in mind that it could be used for other purposes as well.

Be careful what information you volunteer. Ever wonder why stores and restaurants want you to sign up for that sweepstakes promotion? While there is a chance (however small) you’ll win some prize, the chances are 100 percent that the person collecting the information will win. Your information is valuable to data brokers. A friend of mine, while trying to educate people about how gullible we all are, once put up a picture of a red sports car at a state fair, and had a set of signup forms next to it, but with no mention of the promotion, what the rules were, or how the information would be used. The forms asked for things like Social Security Numbers, names of children, and what bank they used. Dozens of people filled out the forms without giving it a second thought. Fortunately, he was just trying to prove a point and exposed the scheme to everybody who signed up. But, unfortunately, it’s likely that others would not be so harmless. It’s a good idea to check it out thoroughly before you volunteer any information.

While it may seem harmless to fill out a few blanks, you could be causing yourself more headaches in the future.

Medical billing company settles FTC charges they deceptively used personal health information

If you’re in business and handle any information that could even be remotely considered Protected Health Information (PHI), you hopefully already know there are strict guidelines for collecting, handling and disposing of that information. Even inadvertently giving of someone’s name to a third party could be considered a breach of HIPAA (the Health Insurance Portability and Accessibility Act) and other privacy laws.

Companies which fail to secure PHI adequately can be subject to strict fines, and even minor incidents can get you in hot water fast. For consumers, the red tape can be maddening, but ultimately, healthcare providers are responsible for using the information only for its intended purpose, and must inform consumers how they intend to use that information. (That’s why you had to sign privacy document the last time you went to the doctor). Your personal medical history is a potential gold mine to companies which would love to market products and services to you, and privacy advocates have warned for years that releasing such information could be used to the detriment of consumers.

As one Atlanta-based company found out recently, regulators don’t use kid gloves with companies accused of violating the law. PaymentsMD, LLC and its former CEO Michael Hughes had set up a “patient portal” where consumers could go to pay their medical bills and view their billing histories. All well and good, until they allegedly decided to use the information for other purposes.

In 2012 (according to a complaint filed by the Federal Trade Commission (FTC), read it here, the company and a “third party” began to use the information to develop extensive patient medical profiles. Using the portal registration process, the FTC alleges, the company “altered the registration process for the billing portal to include permission for the company and its partners to contact healthcare providers to obtain their medical information.”

PaymentsMD allegedly used the consumers’ registrations to “gather sensitive health information from pharmacies, medical testing companies and insurance companies to create a patient health report. The information requested included the prescriptions, procedures, medical diagnoses, lab tests performed and the results of the tests, and more. The complaints allege the company contacted pharmacies located near the consumers, without knowing whether the consumers in question were customers of the particular pharmacy.”

In all but one case, companies contacted for data actually refused the requests, and once PaymentsMD began informing customers that it was attempting to collect consumers’ health information, angry consumers began calling. The result was an FTC action and a settlement announced this week. Under the terms of the settlement, PaymentsMD and Hughes must destroy any information collected related to the Patient Health Report service. In addition, the respondents are banned from deceiving consumers about the way they collect and use information, including how information they collect might be shared with or collected from a third party, and they must obtain consumers’ affirmative express consent before collecting health information about a consumer from a third party.

“Consumers’ health information is as sensitive as it gets,” said Jessica Rich, director of the FTC’s Bureau of Consumer Protection. “Using deceptive tactics to gain consumers’ ‘permission’ to collect their full health history is contrary to the most basic privacy principles.”

The HIPAA legislation, passed in 1996, endeavors to protect the privacy of patients. Specifically, the law requires businesses to protect a broad range of information, including any information which:

“(A) is created or received by a health care provider, health plan, public health authority, employer, life insurer, school or university, or health care clearinghouse; and
(B) relates to the past, present, or future physical or mental health or condition of any individual, the provision of health care to an individual, or the past, present, or future payment for the provision of health care to an individual.”

According to the Office of the National Coordinator for Health Information Technology (which operates under the U.S. Department of Health and Human Services) and other sources, here are a few ways to protect yourself:

  1. Don’t share any medical information with anyone who doesn’t have a legitimate need to know.
  2. Be careful what you post online about your health.
  3. To comply with Electronic Health Record (EHR) requirements, many health professionals are using “patient portals”, which may allow you access. When signing up, use strong passwords which aren’t easy to guess. The same goes for health information that’s stored on your home computer or devices.
  4. Shred any documents containing personal information before trashing them.
  5. If you store health information online (such as through Microsoft Health Vault or other apps), be sure to find and read the privacy policy, which details how the site will protect your personal information.  (If you can’t find a privacy policy, find another site.)
  6. Finally, if you’re asked to complete checkboxes to allow your personal information to be used, read carefully. In this particular scheme, consumers were given the option to check off several boxes at once; they were unwittingly agreeing to letting PaymentsMD gather more information.

Protecting your banking data on smartphones

With the recent rise in data breaches which compromised the personal information of millions of Americans, crooks have made alarming inroads into the data landscape. With millions of cell phones accessing their bank accounts billions of times each week, it’s more important than ever for us to protect our data stored on cell phones and other mobile devices.

The American Bankers Association (ABA) on Wednesday released a survey showing that one in 10 consumers prefer banking on their mobile devices, a tenfold increase since 2001.

Indeed, according to figures released earlier this year by the Federal Reserve, around 87 percent of U.S. residents 18 and over had access to a mobile device, with 6 of 10 of those considered smartphones and connected to the Internet. A third of those reported using their phones to do online banking, including checking their balances, transferring funds, making payments and even depositing checks.

And banks are trying to keep up with the demand, adding new features all the time to increase convenience for their customers. (Look for voice control soon; it’s already been rolled out at some banks, such as USAA Bank.) But all those fingers tapping on all those screens have attracted the attention of thieves. Ultimately, any site is only as secure as its security measures, so it’s up to us to make sure we don’t make bigger targets of ourselves as we enjoy the convenience.

“Mobile banking provides an unprecedented level of convenience for bank customers, and while it is a safe way to conduct banking transactions, customers need to remember that any device used to connect to the Internet is vulnerable,” said Frank Keating, ABA president and CEO. “Customers play an important role in the work that banks do to protect data.”

ABA suggests following these 12 steps to protect your mobile device:

  • Use the passcode lock on your smartphone and other devices. This will make it more difficult for thieves to access your email, texts and other information if your device is lost or stolen.
  • Log out completely and close the app when you finish a mobile banking session.
  • Watch out for public Wi-Fi. Public connections aren’t very secure, so don’t perform banking transactions on a public network. If you need to access your account, try disabling the Wi-Fi and switching to your mobile network.
  • Use caution when downloading apps. Apps can contain malicious software, worms, and viruses. Beware of apps that ask for unnecessary “permissions.”
  • Download the updates for your phone and mobile apps.
  • Avoid storing sensitive information like passwords or a social security number on your mobile device.
  • Beware of mobile phishing. Avoid opening links and attachments in emails and texts, especially from senders you don’t know. And be wary of ads (not from your security provider) claiming that your device is infected.
  • Wipe your mobile device before you donate, sell or trade it using specialized software or using the manufacturer’s recommended technique. Some software allows you to wipe your device remotely if it is lost or stolen.
  • Tell your financial institution immediately if you change your phone number or lose your mobile device.
  • Be aware of “shoulder surfers”. The most basic form of information theft is observation. Be aware of your surroundings especially when you’re punching in sensitive information.
  • Protect your phone from viruses and malicious software, or malware, just like you do for your computer by installing mobile security software.
  • Report any suspected fraud to your bank immediately.

Is your car tracking you?

It’s a spy-movie staple: wanting to keep tabs on an opponent’s vehicle, the spy sneaks up behind the car, implants a tiny tracking device under the bumper, and the vehicle can be tracked anywhere it goes. Although the technology may have at one time seemed exotic, today’s vehicles allow just about the same result in myriad ways – many with the full knowledge of drivers.

When we get into our cars, most of us don’t pause to consider the possibilities that someone is tracking our every move – or could if they wanted to. But the fact is that our cars are full of little electronic devices that monitor the car’s vital statistics. Any mechanic can hook into your car’s data center and download various pieces of information. But the recent revelations of just how far spy agencies can and will go in pursuit of personal data have raised concerns about just how clear are the fishbowls in which we all live. And those fishbowls now have wheels.

Particularly, privacy advocates are growing nervous about the pervasiveness of data being collected, based on fears that the information could be used against us. The National Highway Traffic Safety Administration (NHTSA) reports 96 percent of new cars are equipped with a “black box” of sorts called an Event Data Recorder (EDR) device, which collects data from crashes. The NHTSA requires EDRs in all new cars by September 1. EDRs collect information about speed, direction, seat belt usage and other factors. They only keep a few seconds of data, but that’s enough to provide critical information about what might have caused a crash, and factors that might have caused injury or death. Safety advocates argue that data is valuable in making safer cars.

But EDRs have a potential dark side, too. Insurance companies and attorneys can also gain access, using the information to place blame or aid in prosecution. And criminals have demonstrated they can hack the black boxes, even to the point of changing VINs (Vehicle Identification Numbers) so the car can be more easily stolen.

The use of EDRs has been regulated in 16 states, and some Congressmen earlier this year proposed a bill to limit their use.

Of course, the EDR is just one of many technologies which could be telling interested parties the specifics of our driving habits. Many of these are self-imposed, such as allowing location data on our cellphones. Some are safety features, such as GM’s OnStar or Mercedes’ Mbrace, but they are constantly collecting data about a vehicle’s location, speed, braking and many others. It’s important to note that these features bring security, comfort and convenience to our in-vehicle experiences, but also raise some thorny issues.

Insurance companies are getting in on the act, too. State Farm’s Drive Safe and Save program and Progressive’s Snapshot use different technologies to gather information on driving habits, which may then be used to “train” drivers by incentivizing them with potential discounts.

Regardless of whether you care or not about how much information is being collected about you, most Americans don’t like Big Brother snooping around. If you’re one of them, it’s important to be vigilant. Here are a few things Consumer Reports suggests to help minimize the information you’re sharing:

  1. Stay anonymous. Don’t share self-identifying infor­mation such as your Facebook status or publicize your location on social media.
  2. Scrub the data. When selling a car, clear the navigation system of recently visited addresses, or adjust the settings so that the system doesn’t save locations that you input.
  3. Read the fine print. Every company has a privacy policy, but many people don’t read it. Read it, and know what it says about your rights.
  4. Cancel the data flow. If you’re selling a car that has a telematics system or if you decide not to use it anymore, contact the company to let it know. Confirm what happens after you opt out and what is done with previously collected data.
  5. Don’t leave a trail. If you’re concerned about the security of other information sent from your car, use cash instead of electronic toll-collection devices such as E-ZPass. Also, don’t just turn off your cell phone; take out the battery, because phones still have tracking capabilities even when they’re shut off.
  6. Think security. Don’t leave a portable GPS or any other electronic device in your car; take it with you. Lock your glove box if that’s where you keep your insurance and regis­tration information. And use a valet key instead of handing over your personal car keys.

To read more about the use of EDRs, you can download a comprehensive study produced by the Congressional Research Service.

What Part of “Unsubscribe” Do You Not Understand?

via What Part of “Unsubscribe” Do You Not Understand? | Consumer Watch, clarionledger.com, 4/16/2013.

When it comes to my daily email traffic, I consider myself to be a gardener of sorts. Every day, I plant, water and weed the constant stream of messages. But with four separate accounts to monitor, I find myself constantly “weeding” (looking for ways to decrease the messages I don’t want to get). There is a pretty good spam filter on most of my accounts, so I’m sure I don’t see a lot of the junk that would normally be coming in and clogging my inbox. Occasionally, one slips through and I do hear from my Dear Sister in Nigeria, begging me to help her hide her late husband’s estate from the vicious government (and it’s all totally legit, she reassures me); or from MyLife, telling me they have found somebody I randomly searched for two years ago; or from those wonderful folks in Missouri who want to make sure I know about their ironclad auto warranties.

So, when I saw the message today from Fast Company magazine urging me to reconsider my decision to re-up my subscription (it was free anyway), I looked for the “unsubscribe” link. There wasn’t one per se, but rather a link to “update your email preferences.” So I clicked on it. (Now, it’s important to remember that there are some pretty stiff laws that govern the sending of E-mail spam. The CAN-SPAM Act of 2003 went a long way towards helping customers get off the lists of legitimate companies. The vast majority of legitimate companies are very good about quickly honoring your requests to unsubscribe.)

Anyway, I digress. When I clicked on the link, it took me to Fast Company’s“Subscriber Customer Care”. On that page, I was asked to provide a new email address (the window was populated with my current address), then to answer two questions from the publisher, Mansueto Ventures LLC. Both asked me to respond “yes” or “no” to whether I wanted the company to send me email. To be fair, the “no” radio buttons were pre-checked. But here’s the deal: I wanted to unsubscribe, not answer more questions.

Another email, this one from AT&T about job listings (no, AT&T, although Tampa’s a nice town, I do not want to be a student intern there) also arrived in my inbox today. There was an unmistakable “unsubscribe here” link. I clicked on it, and was immediately rewarded with a website that said, “Unsubscribe successful.”

Now, the Federal Trade Commission (which enforces the CAN-SPAM Act) provides some guidance in its Implementation Guide for Businesses. Specifically, the document advises companies, “You can’t charge a fee, require the recipient to give you any personally identifying information beyond an email address, or make the recipient take any step other than sending a reply email or visiting a single page on an Internet website as a condition for honoring an opt-out request.”

Looking at my experience today, the publisher of Fast Company got so near the boundary line they were practically standing on it. Although it was all on one page, I did have to answer their questions. Unfortunately, there is currently no law requiring companies to provide an “instant unsubscribe” link, although thankfully those are becoming more and more common. The FTC remains noncommittal about howunsubscribe requests are handled. A complaint would at this point be superfluous; it was a little annoying, but not really worth a rant.

Now, there are two obvious questions: 1) Is it really a good idea to click the “unsubscribe” or “manage my preferences” links? and 2) Do they really take your name off the lists? In answer to question 1, it depends. Most experts agree that most companies that are interested in maintaining their reputations than scamming you are going to comply. However, we all know that there a lot of companies out there who are not. Bottom line on that one: exercise caution in clicking on any links in an unsolicited email. Keep in mind that scammers use the “phishing” technique to make you think an email is legitimate. So, if in doubt, just delete the email. If they send you messages every day, report it as spam to your Internet Service Provider, and use services like Outlook’s Rules. If you are getting too much email from a provider you know, clicking unsubscribe is probably OK.

In answer to question 2: Again, legitimate companies are going to comply with the law; others are not. So again, be careful. You’ve got a lot of tools at your disposal as an email user, so use them. After all, you should be the one to decide, not some spammer who sends out millions of emails every day; you can stop them entirely.Perhaps the best “unsubscribe” is really to never see the annoying messages at all.

Now’s a good time to change those passwords

via Now’s a good time to change those passwords | Consumer Watch, clarionledger.com, 1/16/2013

Several years ago, the offices where i worked were burglarized. The thieves kicked in the back door and stole several computers, mine among them. When the burglars were finally caught, they told the police that they had sold one of the computers to another person, who then gave it to his girlfriend. The boyfriend kept calling the thief back, though, to find out the password, without which the computer was useless without extensive hacking. I had always insisted on strong passwords, and it gave me some satisfaction to know that the thieves weren’t able to access any sensitive information.

Passwords are one of the necessary safeguards which many take for granted. Unfortunately, since most of us have many passwords to remember, it can be tempting to use the same password over and over, or to choose something really easy to remember. The problem with that is that if it’s easy for you to remember, it’s probably also easy for hackers.

Each year, Internet security site SplashData.com publishes a list of the passwords most commonly encountered by hackers who post their results online. It’s interesting — and maybe a bit scary — to see how many people use the most common passwords. So here is the list. Here’s the list, and whether the rankings have changed.

# Password Change from 2011
1. password Unchanged
2. 123456 Unchanged
3. 12345678 Unchanged
4. abc123 Up 1
5. qwerty Down 1
6. monkey Unchanged
7. letmein Up 1
8. dragon Up 2
9. 111111 Up 3
10. baseball Up 1
11. iloveyou Up 2
12. trustno1 Down 3
13. 1234567 Down 6
14. sunshine Up 1
15. master Down 1
16. 123123 Up 4
17. welcome New
18. shadow Up 1
19. ashley Down 3
20. football Up 5
21. jesus New
22. michael Up 2
23. ninja New
24. mustang New
25. password1 New

If your passwords are on this list, now would be a good time to change them. Remember, a password is a lot like locking your car. If a thief really, really wants in, and has the right tools, he can probably get in. however, a good door lock will make it take longer, and hopefully he won’t want to take the extra risk, and will move on. Having to crack a password might make it harder for your data to be compromised.

The longer the password, the better. Randomness is also desirable, such as tgfde23$9. I like to create totally random sequences, and store them on an app called Keeper. Keeper and similar apps allow you to store passwords securely (although the app continually bugs me to upgrade.)

The bottom line: taking a few minutes now to create better passwords could save you a lot more later.