[June 30, 2011] A rogues gallery of threats to Web privacy [The Philadelphia Inquirer] Tweet (Philadelphia Inquirer (PA) Via Acquire Media NewsEdge) June 30--As of mid-2011, privacy is at a low ebb on the Web. If you use a computer or a mobile device, you're seeing news about how the Web is not a secure place for your personal information. "Face it," says Scott Vernick, a privacy and data-compliance attorney for Fox Rothschild L.L.P. in Philadelphia: "Nothing's safe." So what should we worry most about? The swashbuckling Web equivalents of the pirates of the Caribbean -- hacker groups with names such as LulzSec and Anonymous? They board the online galleons of the world's biggest governments and companies, raid the holds, and scatter the contents (including personal info) all over the deep blue Web. Or should we worry about Google and Apple, grilled in Congress over privacy lapses in their software? Or should we worry most about the continued, secret sneakiness of organized crime? Thousands of just-folks see their e-mail commandeered by evil botnets, which in turn pump out spam to an unsuspecting world. Lulzed to sleep? Good news: We probably don't have to sweat LulzSec, gn0sis, Anonymous, and company. They've had a great time recently, and no mistake. Anonymous and LulzSec have been breaking into high-profile sites and wreaking havoc, just to show they can. (After a 50-day wild ride, LulzSec "announced" Saturday it was folding up shop, and there have been a series of raids and arrests from England to Iowa connected with purported members of LulzSec. But Anonymous hacks on.) Since March, hackers have compromised the FBI, the International Monetary Fund, PBS, the U.S. Senate, Lockheed, AOL, AT&T, Citigroup, Amazon, Sony, Nintendo, Spain's national police, and the Turkish government. On June 19, the two groups declared Operation Anti-Security and started breaching supposedly impregnable government sites, seemingly at will. The techie site CNET offers a dumbfounding chart (http://bit.ly/mLIz7d0) of this Mad Hatter's party of attacks and what it means for the ordinary person. But "the people to really worry about aren't this crew or these crews," says Charles Arthur, technology editor of the Guardian in the United Kingdom. "The risks that anything truly valuable of yours is going to get leaked by hackers is minimal." Damon Poeter, West Coast news reporter for PV Magazine, concurs, but adds that "if you're a person involved in a gaming network like Sony's PSN or some other network that LulzSec and other Anonymous-affiliated hackers/hacktivists tend to target, you should probably be a lot more worried." As Arthur points out, the main risk "is to your user name/e-mail and password, and if you use a system for your password rather than reusing the same one, your risk is minimal." Ogling Google, Apple. Google and Apple have faced "locationgates" in the last six months, after news that Google's Android operating platform and Apple's iPhone and iPad stored location data on users. In congressional blowback, hearings chaired by Sen. Al Franken (D., Minn.) interrogated executives. Apple has vowed to fix the problem; Google's response is less clear. Franken presented a bill to Congress last week that would, he says, address the issue. In a statement from his Washington office, Franken said that "our laws do too little to protect information on our mobile devices. . . . This legislation would give people the right to know what geolocation data is being collected about them and ensure they give their consent before it's shared with others." Things may be improving -- at least in the private sector. Many companies now notify customers if their personal info is stolen or compromised, and that practice is spreading. It's called "breach notification." "Amazingly enough," says Vernick, "no federal law makes it mandatory. Why not?" "Data is the new oil," says Michael Fertik, chief executive of Reputation.com of Redwood City, Calif. Data collection -- the legal kind -- is a huge part of the estimated $1 trillion Web business yearly. "Unfortunately," says Fertik, "everybody benefits from your data except you, the end user. It's as if everyone's genes were harvested by a small number of companies without any payment to those whose genes they are." Vernick suggests that "when you're using a website, the owner/operator should tell you what he's going to do with your personal information, and with the information that you've come to this site." Web browsers are being pressured to clean up their info-collecting acts. Mozilla Firefox 5, released June 21, says it's the first "comprehensive 'Do Not Track' browser." That is, you can tell websites you visit via Firefox, "I don't want you to collect info on me, where I am, or what my Web habits are." On his CNN Tech blog, Mark Milian notes that "all the largest browser makers except Google have instituted or have plans to include a setting in their software that allows users to opt out of tracking." You can also hire a company to seek out unauthorized private info and quell it. Reputation.com is prominent in this field. "The same tools that make so much information available on the Web also make available information about us," says Fertik. "An entire architecture exists to share information, and no comparable architecture to protect personal information." Reputation.com and comparable companies scout websites that post erroneous or damaging private information, correct or delete that info, or petition Web proprietors to take it down. The real bad guys. "The group to really worry about is, indeed, the criminals who are looking to plant viruses on your system to get bank and cc [contacts list] details," Arthur says. Poeter calls them "the criminal hackers out there who pilfer sensitive personal ID data but [unlike LulzSec and Anonymous] don't publicize their intrusions because they want to use the data themselves or sell it." There is something you can do to keep your stuff safe. Poeter reminds us: "Don't use easily guessed [or easily socially engineered] passwords, change your password frequently, and pressure organizations that have your data to invest smartly and well in their own security." Fertik's vision of the future? It sounds much like Franken's: "That people have greater and greater control over their data," Fertik says. Google that. Contact staff writer John Timpane at 215-854-4406, [email protected], or at @jtimpane on Twitter. ___ To see more of The Philadelphia Inquirer, or to subscribe to the newspaper, go to http://www.philly.com/inquirer. Copyright (c) 2011, The Philadelphia Inquirer Distributed by McClatchy-Tribune Information Services. For more information about the content services offered by McClatchy-Tribune Information Services (MCT), visit www.mctinfoservices.com, e-mail [email protected], or call 866-280-5210 (outside the United States, call +1 312-222-4544) [ Back To TMCnet.com's Homepage ]