Somebody's Tracking You

Two days ago, Alasdair Allan and Pete Warden revealed that iPhones have been recording detailed locational data for almost a year. Lest you think you're safe because you don't have an iPhone, there's now talk that Android phones store locational data as well.

Not only is this information stored on my phone, it's backed up to my Mac, giving anyone who has access to my computer access to everywhere I've been since June 16, 2010.

How do I know this? Because I downloaded iPhoneTracker, an application that accesses the file on my Mac and, conveniently, allows me to view my location on a map by week.

What does this mean? Why is Apple storing this information? I can't wait to hear.

Here are some of the plots of my location data taken from the iPhoneTracker application.

Wide area view:

Regional view:

Street-level view:

My Social Networking Policy

Facebook. Twitter. Blog. I use those and other online social networking services, and each of them enriches my life in unique ways. I feel more connected with family and old friends than ever before, and I’ve had the opportunity to get acquainted with several engaging individuals that I didn’t know well, or know at all.

On the flip side, these technological wonders also give me a unique opportunity to make an ass of myself before the entire planet. Much of what I say is visible to the world and can be read by anyone and archived, potentially, forever. A seemingly-clever quip I might make today might look very disturbing years later, especially if the context is lost.

So it seems important for me to articulate a policy on how I use social networks. Maybe by doing so my friends will understand better how I behave on the Internet. Also, maybe it will inspire them to consider how they should use these services.

Facebook

Facebook is where I like to interact with people I know. So there are two keys for me having someone as a friend on Facebook. First, I have to know the person in real life. Second, that person and I have to have a mutual desire to interact.

From time to time, I go through my list of friends and remove those I rarely interact with. There are several reasons for doing this, one or two of which I’ll discuss later, but “defriending” someone isn’t any sort of personal reflection on that person. It usually means that the interaction I have with that person on that site, if any, is no longer pertinent. 

Recently I had upwards of 250 Facebook friends, and I culled the list to less than 100 based on this policy.

If I get a friend request from someone I don’t know, I’ll ignore it. If I get a request from someone I do know, but not well, I’ll accept it and see whether we have engaging interaction over the next several weeks. Then I’ll evaluate whether to keep him or her on my list.

Twitter

Twitter is the foundation for my interaction with both people I do know and people I don’t. I have Facebook set to update my status when I "tweet" on Twitter, so the two work in tandem.

But there’s more to the site. Twitter might seem like people shouting disjointed thoughts in a single, loud, crowded room, but it’s more than that. It’s a place where I have made connections with persons I don’t know.

There’s a lot more to Twitter than meets the eye. Several of its more savvy users search Tweets for things that interest them, and respond to those Tweets. For those who use it that way, Twitter becomes a fun community of people with common interests.

Often I’m on Twitter keeping up with comments on live shows, such as American Idol or Arkansas Razorbacks football. Some of my best Twitter buddies I’ve met during those interactions. I won’t ever get to meet most of them in real life, but I follow them and enjoy their perspective on several things.

So it’s my policy on Twitter to make my tweets public for the world to see, and I’ll allow anyone to follow me on Twitter so long as they aren’t spammers.

Blog

My web log is a place for me to express thoughts and opinions that take more than 140 text characters to say. My blog is updated rarely because most of what I want to communicate can be done on Twitter.

My blog has taken different tacks over the 7+ years I’ve been using it. It’s gone from amusing anecdotes to opinions on gadgets and back again to more personal discussion.

But as for policy, there have been some rules that I follow when I blog. I never mention names when it comes to particular persons (other than myself). It’s not a platform for me to rant unless I believe my rants are entertaining.

I’d like to take my blog in a more personal direction, but I don’t want to get into too many details because it’s an open book for the world to read. Those who reflect on their experience from, say, recovering from surgery are sharing details that might best be left private. Perhaps someday they wouldn't want their employer (or potential future employers) to know details about their health issues, so they should be careful.

Other thoughts

I am very careful about how I mention my employer and work-related situations on any of my social sites. Sure, I’ll mention a frustrating day at work, or maybe generally touch on a humorous situation that might have happened, but it ends there. I don’t want to drag workplace situations into the public arena.

How I interact with coworkers also concerns me. Recently I was promoted higher into middle management at my company. I’m concerned about the dynamic my new position causes with some of my coworkers, and I’m reluctant to interact with them. After all, I can’t imagine having your boss on Facebook would be very much fun. As a result, I defriended several of my coworkers trying to be sensitive to the situation they’re in because of my new role.

So there you have it. My policy on social interaction. If you ever find me missing on your friends list, please don't take it personally.

Wi-Fi Hotspots and Theft of Your Personal Data

Ever use an open Wi-Fi network at Starbucks, Panera, McDonalds or elsewhere? Do you mind sharing all the information contained your email account, Amazon account, Facebook, etc., with strangers? If so, you'll want to read this.

Last week one of my favorite podcasts, Security Now!, discussed a new Firefox browser add-on called Firesheep. That software makes it easy for someone sharing certain kinds of network connections (e.g., wireless hotspots) to access personal data maintained on several websites.

According to Steve Gibson, host of Security Now!, the following applications are included:

Amazon, Basecamp, bit.ly, eNom, Facebook, Foursquare, GitHub, Google, Hacker News, Harvest, The New York Times, Pivotal Tracker, Twitter, ToorCon, Evernote, Dropbox, Windows Live, Cisco . . . Slicehost, Gowalla, and Flickr.

Most of, if not all, these sites take precautions to make sure users' passwords are not readable when they log on. Immediately afterward, however, these sites revert to unencrypted communication using a certain methodology for tracking individual users after they've logged in.

It's at that point that it becomes fairly easy for someone else use that tracking mechanism to have the same access to the site as the person who just logged into it.

The ultimate solution is for these sites to maintain an encrypted link with users for the entire session rather than just while entering passwords.

That's going to take a while, but thanks to Firesheep, that might become a priority for each of these websites now.

Meanwhile, steer clear of open wireless hotspots unless you use VPN or some other way of securing your connection. Hotspots offering encryption known as WPA (which most home wireless users have by default) provide some protection against this hack.

Where your data is most at risk

Recently it came to light that Google is restricting its employees' use of Microsoft Windows-based PCs in favor of the Mac OS X and Linux operating systems. According to inside sources, this is a direct result of an incident reported by Google earlier this year in which their systems (as well as at least twenty other major tech companies) were compromised with the apparent goal of extracting private information from known human rights activists in China as well as others around the globe expressing support of Chinese human rights.

Microsoft has confirmed that one of the vectors utilized in the attacks was a specific flaw in Internet Explorer, and they subsequently released a security update to patch every supported version of Internet Explorer: versions 5.01, 6, 7 and 8. Some of these flaws have existed in their software for nearly 11 years!

There was thoughtful discussion resulting from my last post about how safe our private information is up in "the cloud," and the Google incident illustrates cause for concern. But while many worry about what happens to their information once it leaves their homes, I'm much more concerned about the wealth of information concentrated all in one place: your home computer.

Based on analyses of top security risks, it appears your personal data is more at risk on your home computer than it is on websites such as Turbotax or Google. And if your home PC is anything like mine, it contains a gold mine of information all in one place, including:

• Records of financial transactions for several accounts in financial software, such as Quicken;


• The means to transfer money, such as though online banking of Paypal;


• Credit card information and online shopping account logins;


• Several years of tax information on tax preparation software such as Turbotax.

Some fairly recent reports suggest that over half of all the PCs in the U.S. are infected with some sort of malicious software ("malware"). How can you be sure your PC isn't one of them?

Much of this malware is invited on computers by installing "free" software. Others can be installed by navigating to a web page. And still others can seek out your computer (via your Internet connection) and install themselves without your having to do anything.

The best password scheme in the world can't help you if someone has installed software on your PC monitoring everything you type. Does this freak you out? Maybe it should. Think about all the resources and tools that most companies use to keep their systems and data secure. Shouldn't we take our home computer security seriously as well?

So here are some computer safety tips:

• Keep your software up to date. Most PC infections could have been prevented merely by diligently applying software patches as they're released.


• Run malware prevention and antivirus software, such as Microsoft's free Security Essentials suite.


• Consider alternatives to Internet Explorer, such as Google Chrome or Firefox.


• Steer clear of shady websites.


• Don't invite malware on your computer by downloading "free" software, or any software extensions or updates from web sites you don't know and trust.


• Avoid peer-to-peer file sharing technologies such as Bittorrent, Limewire, etc.

I'd like to hear from you. Do you think the threat is real, or are the media (and yours truly) overreacting? Do you know anyone who has suffered from cyber attacks?

These shoes weren't made for walking

Nancy Sinatra's boots may be made for walking, but the shoes I chose to wear during my San Antonio River Walk adventure clearly weren't. Now that I'm resting my aching (and somewhat blistered) feet on a leather ottoman in front of a comfy chair, I'm taking a moment to reflect on my day.

When business brought me to San Antonio I took the opportunity to stay another night at my own expense. On my way from the airport to the hotel I saw the cab's fare meter tick past $45 (one way). That meant that going from my hotel to anywhere was going to cost more than I had expected.

After my conference ended at noon, I was determined not to let my spirits get dampened despite the fact that there were thunderstorms, torrential rain downpours and flooding. I gritted my teeth in anticipation of the expense of a cab ride downtown.

Besides getting blisters, my day included stopping by the Alamo to pay my respects,

Walking along the River Walk (after, mercifully, it stopped raining)

Seeing a 3D movie at IMAX with 60+ frightening little munchkins (actually their screams and giggles throughout the movie actually made it more fun),

And, not one, but two Tex-Mex meals (hey, when in Rome . . .).

Despite the fact I can hardly walk, I had an enjoyable day. I only wish I had friends here to share it with.

How to Deal With Spiders

With all of the creepy-crawly critters emerging as the weather warms up, I thought it would be helpful to post a flowchart explaining how I deal any type of spider. Click on the flowchart to download a copy.

 

 

Shopping Online Safely

One of my readers told me that monoprice.com recently had issues with credit card fraud. I wasn't aware of that, and I'm grateful he pointed that out.

You can read Monoprice's version of what happened by clicking here.

I take for granted that people take precautions when shopping online, but there are a lot of very smart people I know who have been the victims of online fraud. There are risks whenever shopping online because we can't control what happens to our personal financial information once we pass it along.

But not to worry. You can read some tips about online shopping at this website, but I'd like to offer some advice.

Credit cards only

Never use anything other than a credit card when shopping online. You are protected by law from fraudulent charges, and most credit card companies will cover 100 percent of the charges after the investigation is complete. Generally you don't have to pay the disputed charges while the investigation is underway.

People who pay by debit card or electronic check, on the other hand, can find their bank accounts wiped out, and it could be a while before they get their money back.

Bottom line, if you don't want to (or can't) use a credit card, please don't shop online.

Minimize other risks

There are several ways that financial information can be stolen. Let's take a look at (in my opinion) the top two things under our control to prevent this.

Watch out for phishing attempts. Many people are tricked into giving up their financial information voluntarily. I like to think I'm savvy, but I've almost fallen for some of the more clever phishing attempts out there.

Keep your computer secure. Sources vary widely (and many of them are out to sell something), but a significant percentage of home computers are infected with malware without their owners' knowledge. Your computer may be sending personal information that you type to thieves. Some tips:

• keep your computer software up-to-date;


• use antivirus and malware detection software from a reputable source. Microsoft offers excellent protection for free.


• avoid using computers to shop online other than your own.

That's all for now. Oh, and let's be careful out there!