Subscribe
Printer Friendly
Share this PageJanuary, 2006
I've seen a number of stories, most recently in yesterday's Times Online, that describe surprise and fear over what Google knows about its users.
This is silly, in my opinion.
Sergey Brin and Larry Page - Founders of Google
The Times Online headline is "Big Google is Watching You" and the article states:
"Google has an extraordinary amount of information about its users. It logs all the searches made on it and stores this information indefinitely. Because every computer has a unique IP (internet protocol) address, every visit to every website can be traced back to the computer making it — a fact which is well known in geek circles but remarkably under-publicised outside them."
and
"Users of Google’s Gmail service, who are already having their e-mails scanned to place targeted ads, have given the company their identity, a full record of all their searches and copies of all their e-mails, stored indefinitely. Users of Google’s Toolbar are inadvertently giving the company a list of not just all their searches but also of every single website they visit. And, as the lawsuit makes clear, all this information is potentially vulnerable to subpoena."
Maybe I'm one of those geeks that realizes that this happens on virtually EVERY web site you visit.
What's a Log File and What Does it Look Like?
When you visit a web site, most will keep a log of what information is requested along with the IP address of who requested it. What does the log file look like? Here's a real sample from the Fight Identity Theft site:
192.168.1.100 - - [29/Sep/2005:09:56:28 -0400] "GET /how-to-report-scams.html HTTP/1.1" 200 22806 " http://search.yahoo.com/search?p=how+to+report+a+scam" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
So here's what this glob of code shows...
- First is the person's IP address (I changed it to protect the visitor's privacy)
- The date and time of the request
- What was requested (in this case, our "How to Report Scams" page)
- The referring web site (in this case, the person did a Yahoo search for "how to report a scam")
- The type of browser being used (Microsoft Internet Explorer 6)
- And the operating system (Windows NT 5.0 = Windows 2000)
This is how web sites work. They collect data and log the data for later analysis (e.g. "How many people visit my homepage?" "What did a person search for to find my web site?", etc.)
What Information Are You Sharing and Can You Hide It?
So what information are you sharing as you browse the web? ShowIpAddress.com is one of many sites that will show you what a log file can capture about you. The only personally identifiable piece of information is your IP address. That number is assigned to you by your Internet Service Provider (ISP). One way or another that number can be traced back to you as an individual, even if you are surfing during work at a Fortune 500 company or other large organization.
Does that make you scared, angry, or just plain nervous? Maybe it should, maybe it shouldn't. In either case, you can browse anonymously if you choose.
There are many products and services that allow you to web surf anonymously. Most will route your requests through their servers, thus hiding your IP address. Anonymizer.com has been around for a long time and they provide a service where you can use their site to browse anonymously for free.
But, back to Google...
Are they evil because they log this information? Powerful, yes, because so many people use their services, but I wouldn't say evil.
When I choose to sign up for a service like Gmail, I know that they will be reading my email content so they can serve up related ads. That's how they make money. That's how I can have a 2.5 gigs of free storage for my messages. Yahoo has a similar policy. Same with MSN Hotmail.
When I choose to use Google search I have to know that they log what I'm searching for and analyze it to spot user patterns. The same thing happens at Yahoo and MSN.
I have to realize that sites, like Google, store this information and will use it to improve their product and to make money. I also have to realize that it could be handed over to the government.
This is all part of the trade-off we make every day between security/privacy and convenience. If you are extremely concerned with privacy you probably shouldn't be using the internet and you certainly shouldn't sign up for a service that clearly states it will read and store your email messages. If you're concerned that your search history or email messages could be revealed at a later date you should consider using a product that protects your anonymity, like Anonymizer.
Here's the bottom line...
When information is aggregated, abuses, information leaks, subpoenas, and profiteering can occur. When it does occur it should be exposed and fought. I just don't see where Google has done anything evil or different than any other web site on the internet.
Feel differently? Then please append a comment to this story.
Derrell and Terrell Brittenum of Memphis, TN have been charged with forgery, theft by deception and financial identity fraud for purchasing a 2005 Dodge Magnum last June 2005 in Atlanta using someone else's identity.
The twins recently appeared on the most-watched show in America - American Idol. Evidently they were excellent performers and had moved on to the next round in Hollywood, CA. Unfortunately for them they've now been dropped from the show based on their actions.
Here's a before photo:
And an after photo:
E!Online reports that:
"Both brothers were released from jail on bond Sunday morning and were preparing to travel to Los Angeles for the next round of eliminations when they received word that their presence was no longer welcome.
Though the twins may have blown their shot at Idol worship, they reportedly have other opportunities to consider. Bennett claims to have been contacted by "several" record labels interested in signing the brothers."
Great! Evidently some record labels are still interested in these gentlemen. Maybe their arrests will give them additional "street cred."
Whatever sells records, I guess...
The U.S. Federal Trade Commission reported earlier today that they received more than 255,000 complaints regarding identity theft in 2005. That's up from 247,000 reported in 2004. Total fraud reports topped 686,000.
So what trends show up in the report? Well, here are a few:
- Identity theft again was the top vote-getter with 37% of all fraud complaints. No surprise there.
- More fraud involving wire transfers. The percentage of Internet-related fraud complaints with “wire transfer” as the reported payment method more than tripled between calendar years 2003 and 2005, increasing by 12 percentage points. Be careful before wiring money to anyone! Most lottery scams and Nigerian email scams usually involve wiring money to people. Don't do it!
- Geographic areas with the highest per-capita problems with identity theft? Phoenix-Mesa-Scottsdale, AZ; Las Vegas-Paradise, NV; and Riverside-San Bernardino-Ontario, CA.
- Number of complaints where no money was lost went up from 24% in 2003 to 32% in 2005. Some of you are getting smarter!
- Email is increasing as a means to scam you. It is the #1 method to reach victims and has increased from 26% to 35% in the past 2 years.
The complete report can be downloaded in Adobe Acrobat format from the FTC web site.
Can five million Britians be duped? Yes, according to a study done by the British consumer protection organization Which?. Which? contacted more than 1000 Brits to see how widespread the scam problem is in the U.K. The results?
- More than 28 million of 60 million citizens had been exposed to one or more scams.
- Five million of those 28 fell victim to a scam.
- The most popular scam related to "an automated phone call that invites people to claim a prize. A third of adults have received such a call and two million have responded, usually by calling a premium-rate number, which can cost up to GBP 1.50 ($2.70 U.S.) a minute."
The funny thing is that I've even seen people outside the U.K. fall victim to these international lottery scams. Here's a typical email that arrived in our honeypot inbox this week:
As I was saying, I've received email from U.S. residents wondering if they'd really won after receiving an email like this. They never questioned how they'd won even though they weren't residents of the country where the lottery was held and had never even entered the lottery.
Greed makes us stupid, doesn't it? That's what the scammers count on.
UPDATE!
Many of you have also received snail mail versions of this scam. In this scam you receive a letter saying you've won as well as a check for $3,000 - $4,000 dollars to cover the taxes and processing fees - supposedly.
Anyway, listen up people.
This is a scam. The check is fake.
It may initially be accepted at your bank but will eventually be worth absolutely nothing. So when you deposit it and then send them a check from your account, you will lose money.
Ask yourself... Why would they send you a check and then have you send them a check right back for the same amount? Does that make sense? It does if you're trying to scam someone.
No, this won't be a post about some political scandal in Iraq.
Instead, I wanted to post an scam email — one where a supposed American soldier wants to share some of Saddam Hussein's booty (booty here meaning "Plunder taken from an enemy in time of war.")
Here's the email:
I haven't seen an email like this since "Bradon Curtis" a "special forces commando" working in Afghanistan wanted to send us some Taliban money a few years ago.
As always, these emails should produce more laughs than greed as they land in your in-box. The scam is one of the oldest in the book and will involve you giving up more and more money as you try to get your grubby, greedy mitts on 7.2 million of Saddam's money.
If you're a victim of identity theft, you will likely need to contact banks, credit card companies, and department stores. Most companies have what's called an Interactive Voice Response (IVR) in place to "help" you.
These systems can be very frustrating, especially when you're stressed out and just need to talk to a fellow human being to work out your problems. That's where the IVR Cheat Sheet comes in handy.
Paul English, Boston resident and CTO of travel search engine company Kayak.com, decided to take matters into his own hands and create a cheat sheet for major institutions in the U.S. and the U.K.
Here are some examples of what you'll find:
- Trans Union - 800-916-8800. No cheat is necessary. Just press 2 and you're connected directly to a real person.
- Bank of America - 800-900-9000 and press 0.
- MasterCard - 800-MC-ASSIST and then press 000 on each menu.
- PayPal - 402-935-7733 and then say "agent."
- eBay - 800-322-9266 and then press 0,0.
Isn't this fun! The list contains over 259 companies as well as a how-to guide for companies that aren't listed.
Here's the link: The IVR Cheat Sheet
Peer-to-Peer (P2P) file sharing networks exist so people can download free mp3 files, DVDs, movies, etc. They work by having each member of the network share some personal files while downloading files from other people's computers. Share and share alike, right?
This has understandably driven the RIAA (Recording Industry Association of America) as well as the people in Hollywood crazy. So crazy that they are suing people they catch sharing copyrighted materials. We're not going to go into the ethics either way on this argument. Maybe some other time...
The problem is that people are not only sharing their ripped CDs and DVDs, they're also sharing (accidently, I'm guessing) sensitive files on their hard drive like tax returns, bank statements and cancelled checks.
A blogger recently decided to do a few searches on Gnutella, a major P2P network, for sensitive documents. It took him only 10 minutes to find a handful.
Take a look at what he dug up... (maybe it's your tax return)
What is the lesson you should learn?
- Avoid P2P networks PERIOD! The software that enables the network is often full of spyware and the files you download can be infected with viruses and other malware. Not good.
- Keep control of other users on your computer, especially if they are teenagers. If they install file-sharing software on your computer it may be your tax return (along with your SSN, DOB, address, etc.) showing up all over the internet.
- If you do decide to use file sharing software, make sure you've clearly designated a single folder to share and make sure you don't accidently drop your scanned bank statements in the folder.
Now that more of you are ignoring, shredding, or opting out of the junk mail that arrives in your mailbox every day, the Direct Mail departments in companies around the world are having to get smarter and sneakier in order to survive.
Here are a few examples of what they'll do to get you to open up that steaming piece of junk mail:
From the blog, Joel on Software "How Many Lies Can You Find in One Direct Mail Piece?"
Joel dissects a direct mail piece from Earthlink, disguised to look like an overnight letter from FedEx. He quickly finds a dozen lies and distortions without even opening up the package!
From the excellent Signal to Noise blog "Fatalist Junk Mail":
Jason shows off a new direct mail piece with a fake credit card showing through the envelope window along with the words "REMOVE CONTENTS before you discard."
Apparently they're trying to exploit the training you've received to shred credit offers in order to get you to open their lame offer.
Sounds desperate to me...
The Sober worm we talked about earlier will possibly start clogging email inboxes on January 6 or even January 5.
If you aren't running anti-virus software (huh?) or haven't updated your definitions file recently, you'll want to so in the next day or so. If not, you could be one of the computers spreading more Nazi propoganda.
So where can you scan your computer for free? Here are a few ideas:
- http://housecall.trendmicro.com/
- http://us.mcafee.com/root/mfs/default.asp
- http://www.pandasoftware.com/products/ActiveScan.htm
These services will allow you to scan for free, but you'll probably have to pay a small fee to remove anything they find. In either case, it's best to know if you're clean (or not).
Think your check is safe after you fill it out? Think again...
Your writing can be removed using a procedure called "check washing." A solvent is used - usually rubbing alcohol or nail polish remover - to fade out or completely remove what you've put on your check.
Here's a before and after picture:
The check is now ready for a new amount (I'm guessing larger than $10) and a new recipient.
An even better trick for the forger is to cover your signature so it remains in place while everything else is removed.
So how can you avoid becoming a victim of this trick?
Use the right pen.
Based on the excellent testing of Sean Kane, he found that gel pens worked best at resisting these check washing procedures.
See the whole experiment and complete results on Sean's site.
Special Offers
Connect With Us
We invite you to become a fan of Fight Identity Theft or just join in the discussion.
Subscribe to Breaking News
Subscribe to Fight Identity Theft and receive top stories and breaking news via email.
Recent Blog Entries
Blog Archives
- November, 2009 (1)
- October, 2009 (6)
- September, 2009 (2)
- August, 2009 (3)
- April, 2009 (2)
- February, 2009 (3)
- January, 2009 (8)
- December, 2008 (8)
- March, 2008 (1)
- January, 2008 (1)
- December, 2007 (3)
- November, 2007 (2)
- October, 2007 (3)
- May, 2006 (1)
- March, 2006 (4)
- February, 2006 (4)
- January, 2006 (10)
- December, 2005 (7)
- July, 2005 (3)
- June, 2005 (4)
- May, 2005 (5)
- March, 2005 (1)
- Credit (12)
- Fraud (36)
- Government (20)
- Identity Theft (36)
- Junk Mail (5)
- Phishing (10)
- Privacy (18)
- Scam (29)
- Technology (47)
- Telemarketing (2)
- Viruses (10)
- Visitor Stories (1)
- Worms (10)
