Privacy vs. security: what’s the difference?

As your Internet Service provider, EarthLink is committed to keeping you informed of technology tips to help manage your digital life. Below our partner Symantec shares information on how to manage mobile privacy across multiple apps. Article by Symantec.


When it comes to privacy vs. security, it’s a good idea to have both. Each can impact your digital health. But what’s the difference?

Privacy and security are related. Privacy relates to any rights you have to control your personal information and how it’s used. Think about those privacy policies you’re asked to read and agree to when you download new smartphone apps.

Security, on the other hand, refers to how your personal information is protected. Your data — different details about you — may live in a lot of places. That can challenge both your privacy and your security.

Some people regard privacy and security as pretty much the same thing. That’s because the two sometimes overlap in a connected world. But they aren’t the same, and knowing how they differ may help you to protect yourself in an increasingly connected world.

What’s the difference between privacy and security?

Here’s an example. You might share personal information with your bank when you open a checking account. What happens after that? Here are three possible outcomes, all related to your personal information (not to the money you may have deposited in the checking account).

  1. Your privacy and security are maintained. The bank uses your information to open your account and provide you products and services. They go on to protect that data.
  2. Your privacy is compromised, and your security is maintained. The bank sells some of your information to a marketer. Note: You may have agreed to this in the bank’s privacy disclosure. The result? Your personal information is in more hands than you may have wanted.
  3. Both your privacy and security are compromised. The bank gets hit by a data breach. Cybercriminals penetrate a bank database, a security compromise. Your information is exposed and could be sold on the dark web. Your privacy is gone. You could become the victim of cyber fraud and identity theft.

It would be great if your risks began and ended with that theoretical bank. But your personal information is likely all over the connected world — in government offices, at healthcare providers, at stores and restaurants, and in many of your online accounts. You might say it’s everywhere — not literally, but it’s certainly in enough places that it’s out of your control.

If a cybercriminal accesses that information, it could be off to the races. Your privacy and security could both get trampled.

What’s the difference between privacy and security in computer terms?

Cyber security products can help protect your privacy and security — sometimes at the same time.

For instance, consider a VPN — a virtual private network. It’s a security product that acts like a tunnel for your information and your activity on the internet, encrypting all the data that you send or receive on your device. It’s like an online version of sitting with your back to a wall when you don’t want someone else to see what you’re doing on your computer or phone when you’re at a café or airport.

Are some app developers adding features simply to gain access to permissions? It’s a possibility, but something we can’t provide a definitive answer to. Ultimately, it may be up to the user to ask if these additional features are essential to the function of the app and if it’s worth granting permissions for features that only provide marginal benefits.

Here’s how a VPN helps you win two ways:

  • Privacy: It helps to block websites, internet browsers, cable companies, and internet service providers from tracking your information and your browser history.
  • Security: It helps protect you from others accessing your personal information and other data.

Tips for protecting your privacy and security

  • It’s smart to do business with companies and organizations that value your privacy and take measures to protect your personal information. But there are things you can do, too, to help protect your privacy and boost your security.Here are some examples:
    • Limit what you share on social media and online in general.
    • Shred important documents before tossing them in the trash.
    • Guard your Social Security number. Keep it in a secure place and don’t give it out if possible. Ask if you can provide another form of identification.
    • Safeguard your data and devices. This might include enlisting the help of computer virus protection, a secure router, Wi-Fi protection, and identity theft protection services.
    • Understand how the information you’re giving away could be used. Read an organization’s privacy policy before signing up for an app or service. Remember, if the app or service is free, the company may make its money by selling your data. Consider taking a pass.

How long do I have to think about privacy and security?

Privacy vs. security will remain a hot topic. Why? Because your information will likely pop up in more and more places.

Your world is getting more connected, not less, and your information has value. People will try to profit from it in legal and illegal ways.

The best advice about privacy vs. security: Take care of both.


For more information about protecting yourself with Norton products from EarthLink, go to  Security and Tools.


© 2018 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo,  Norton, Norton by Symantec,  are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries.

Top Apps & What you Need to Know

By Ben Halpert, Founder Savvy Cyber Kids, an EarthLink partner

At Savvy Cyber Kids, we encourage parents and grandparents to get involved in their children’s and grandchildren’s digital lives. This means knowing what they are doing on their devices, on the platforms they engage on and who they are ‘playing’ with – their friends, followers and so on.

In reality, it’s hard to be involved without getting involved yourself. If you don’t know what a certain social media platform is or if you are not familiar with the games and apps that your children are playing, it’s hard for you to converse about them with your child or grandchild. And, it’s equally hard to know what might be of concern to you.

To that end, it’s interesting to look at what are the most popular apps.


Top Paid Apps on iOS

  1. Human Anatomy Atlas 2019: Complete 3D Human Anatomy
  2. Facetune: The Original Selfie Editor
  3. HotSchedules: Employee Scheduling App
  4. Sky Guide: View Stars Day or Night
  5. Dark Sky Weather: Up To An Hour In Advance Weather Reports
  6. Forest – Stay Focused: Screentime Moderation
  7. Afterlight 2: All-In-One Phot Editor
  8. The Wonder Weeks: Baby Development Calendar
  9. SkyView: Explore The Universe
  10. Cute CUT Pro: Full Featured Video Editor


Top Free Apps on iOS

  1. YouTube
  2. Messenger
  3. Instagram
  4. Snapchat
  5. Facebook
  6. Netflix
  7. Google Maps
  8. Gmail
  9. Remind: School Communication
  10. WhatsApp Messenger


Top Free Apps on Android

  1. Hello Stars - Game
  3. Word Link- Game
  4. Tomb of the Mask - Game
  5. Tik Tok- including - Game
  6. Helix Jump - Game
  7. PLANK! - Game
  8. Wish - Shopping
  9. Rise Up - Game
  10. Messenger


Top Paid Apps on Android

  1. Minecraft – Game
  2. Bloons TD 6 - Game
  3. Roller Coaster - Game
  4. Pocket City - Game
  5. HotSchedules
  6. Hitman Sniper - game
  7. Fake GPS Joystick & Routes Go – Proximity Re-Writer
  8. Basic Education – Educational Game
  9. Geometry Dash – Game
  10. Nova Launcher - Customizable, Performance-Driven Home Screen

It’s really great to see popular apps that are devoted to intellectual curiosity, be it human anatomy or astronomy - even the weather.

But even with the presence of apps like human Anatomy Atlas, Sky Guide and Sky View, the preponderance of apps that are popular are overwhelmingly devoted to social media – be it the apps themselves (like YouTube, Messenger, Instagram, Snapchat and Facebook) or the photo editing tools that create a social media friendly version of reality, like Facetune and Cute CUT.

Do you know how your child or grandchild engages on social media? It’s always worthwhile to talk to your child or grandchild about the pressures to maintain a social media presence. This can have a negative impact on the investment they put into IRL (real-life) relationships and they’re real life responsibilities like school, extra-curricular activities, family relationships and SLEEP! Apps like Facetune and other photo editing services can send a message to your child or grandchild that they are not good enough the way they are. It’s probably worth observing how much time your child or grandchild invests in a selfie. How many photos did they take? How much time did they spend editing it? What did they edit?

These lists are also heavily weighted by a fondness for gaming. There’s a lot of talk these days about gaming addiction and, no doubt, kids can spend way too much time trying to level up within a game. It’s important for you to know which games your child is playing so that you can look at the privacy settings. You need to know who your child is playing with. Is it strangers or only people they know in real life?  You need to know how players communicate with one another within a game. Are strangers communicating with your child or grandchild as they play a game?

By looking at this list together, you can start all sorts of conversations with your child or grandchild. First, learning which one of these apps they use and then exploring how to use it.

Remember, getting involved in the digital lives of your children and grandchildren isn’t just so you can look out for potential pitfalls. It’s also about finding a new way to connect with your child or grandchild – in their virtual worlds where they are already immersed. It’s about seeing if you can find fun and joy with your child or a grandchild in their digital world.


Savvy Cyber Kids educates and empowers digital citizens, from parents and grandparents, to teachers and students. Sign up for their free resources to help you navigate today’s digital world with cyber ethics.

Mobile Privacy: What Do Your Apps Know About You?

As your Internet Service provider, EarthLink is committed to keeping you informed of technology tips to help manage your digital life. Below our partner Symantec shares information on how to manage mobile privacy across multiple apps. Article reposted from Gillian Cleary, Senior Software Engineer at Symantec. 


Just how much personal information are your apps gathering? And do they really need so much?

The average smartphone user these days has between 60 and 90 apps on their device. Most of these apps request some sort of information about you and the device you are using. They may want to know your name, your email address, or your real-world address. But because smartphones are so powerful, they can also get quite a bit more than that, such as your exact location. Some apps will even request access to the device’s camera or microphone.

While all of this is done with the user’s consent, you may be surprised at the level of access some apps have to personal data. Did you know that 45 percent of the most popular Android apps and 25 percent of the most popular iOS apps request location tracking, for example? Or that 46 percent of popular Android apps and 25 percent of popular iOS apps request permission to access your device’s camera? Some Android apps even ask you to give them access to your SMS messages and phone call logs.

Under the microscope

In order to find out what kind of data your apps may be looking for, we decided to put the most popular to the test. We downloaded and analyzed the top 100 free apps as listed on the Google Play Store and Apple App Store on May 3, 2018. For each app, we tried to find out two main things: how much personal information was the user sharing with the app and which smartphone features the app accessed?

Neither practice is inherently suspicious. In most cases, information is shared and device permissions are enabled with the user’s consent. And there is usually a very good reason why apps require either. For example, a taxi app will need to be able to access a user’s location in order to tell the driver where to go. Instead, we were more interested in whether any apps were requesting excessive access to information or if app developers were doing everything they could to protect users’ privacy.

Personal information

One of the first things we looked at was the amount of personally identifiable information (PII) that apps requested users share with them. Email addresses were the most common piece of PII shared with apps and were shared with 48 percent of the iOS apps and 44 percent of the Android apps analyzed. The next most common piece of PII was the username (which is usually someone’s full name as they’ve entered it on social networking sites or on the app), which was shared with 33 percent of iOS apps and 30 percent of Android apps. Phone numbers, meanwhile, were shared with 12 percent of iOS apps and 9 percent of Android apps. Finally, the user’s address was shared with 4 percent of iOS apps and 5 percent of Android apps.

However, these stats don’t fully account for the full amount of PII being shared with apps.

Several apps integrate with social media so that the user can log into the app using their social media account and allow the app to post directly to the social networking site. For the user, this means they don’t need to manage passwords for every app, can invite friends to play mobile games, and share app info on their timeline.

But this symbiotic relationship also allows the app to collect user data from the social media account, while also allowing the social media service to collect data from the app. In the case of iOS apps using social media integration, we were able to see what PII was being shared. However, in the case of Android apps, we weren’t. This was because the apps in question all employed Facebook’s widely used Graph application programming interface (API) and the Android version of Graph uses certificate pinning, which prevented us from seeing what PII was being shared (we’ll discuss certificate pinning in more detail later).

Therefore, when we say that email addresses are shared with 44 percent of the Android apps, that figure could be higher because some Android apps use the Facebook Graph API and this may share an email address with them too.

Facebook Graph may be familiar to some people because it was used by Cambridge Analytica to compile personal information relating to 87 million Facebook users. This information was reportedly then used in targeted social media campaigns directed at voters during the 2016 U.S. presidential election campaign. Facebook responded to this incident by significantly tightening up its API and restricting the amount of personal information that can be shared through it.

While Facebook Graph may be the best-known integration service, it isn’t the most widely used. Of the apps we analyzed, 47 percent of Android apps and 29 percent of iOS apps offered the Google integration service, while 41 percent of Android apps and 26 percent of iOS apps offered the Facebook Graph API service.

Some permissions are more risky than others

Aside from personal information, apps will also need permission to access various features on your mobile device. For example, if you want to take a picture using Instagram, the app will need permission to use your device’s camera.

There is a massive amount of permissions an app could request, but not all permissions are the same. For that reason, we took a closer look at what we term “risky permissions” - permissions that could provide access to data or resources that involve the user's private information or could potentially affect the user's stored data or the operation of other apps. Examples of risky permissions include access to the user’s location, contacts, SMS messages, phone logs, camera, or calendar.

What did we find? Camera access was the most requested common risky permission, with 46 percent of Android apps and 25 percent of iOS apps seeking it. That was closely followed by location tracking, which was sought by 45 percent of Android apps and 25 percent of iOS apps. Twenty five percent of Android apps requested permission to record audio, while 9 percent of iOS apps did. Finally, 15 percent of Android apps sought permission to read SMS messages and 10 percent sought access to phone call logs. Neither of these permissions are available in iOS.

Two things should be stressed when talking about risky permissions. Firstly, they require the user’s permission to access this data. And secondly, just because we’ve called them risky permissions doesn’t mean they shouldn’t be granted. As explained before, there’s usually a reason they’re required. Instead, they should be seen as permissions the user should exercise more caution about granting, asking themselves if the app really does need this permission and if they’re comfortable granting it to this particular app. For example, do you really want to give an app access to your calls and text messages simply to provide personalized alerts?

Interestingly, in cases where we were analyzing both the Android and iOS versions of apps, some Android apps requested more risky permissions than their iOS counterparts. Seven Android apps requested access to SMS messages, while their iOS versions did not. One Android app requested access to phone call logs, while its iOS version did not. While neither permission is available in iOS, it does beg the question of why these permissions were requested in the Android version while the iOS version can do without them.

Are all permissions necessary?

Do some apps request too many permissions? We took a closer look at several that seemed to request a lot. The first was the Android horoscope app “Zodiac Signs 101 – 12 Zodiac Signs & Astrology", which has been downloaded more than 1 million times. Among the permissions it sought were:

  • Precise user location
  • Access to user’s contacts
  • Send and receive SMS messages
  • Receive MMS messages
  • Permission to directly call phone numbers
  • Permission to reroute outgoing calls
  • Access to phone call logs
  • Access to camera
  • Read/write contents of USB storage
  • Read phone status and identity

The second example we looked at was the Android flashlight app "Brightest Flashlight LED - Super Bright Torch", which has 10 million installs. Included in the list of permissions it sought were:

  • Precise user location
  • Access to user’s contacts
  • Send SMS messages
  • Permission to directly call phone numbers
  • Permission to reroute outgoing calls
  • Access to camera
  • Record audio via microphone
  • Read/write contents of USB storage
  • Read phone status and identity

Do these apps really need all of these permissions? In each case, there were features in the app which made use of the permission. For example, Brightest Flashlight LED offers the user extensive customization options and the ability to make it flash in different ways when the user receives incoming calls or texts. In order to do that, it would need access to calls and messages.

Are some app developers adding features simply to gain access to permissions? It’s a possibility, but something we can’t provide a definitive answer to. Ultimately, it may be up to the user to ask if these additional features are essential to the function of the app and if it’s worth granting permissions for features that only provide marginal benefits.

Lax security practices

Worryingly, a small number of the apps we examined employed very poor security and privacy practices. Four percent of the Android apps and 3 percent of the iOS apps requesting risky permissions didn’t have any privacy policy. Ideally, every app should have a privacy policy which states clearly what data is being collected, where it is being stored, who it is being shared with, and so on.

Meanwhile, only a minority of apps implement certificate pinning at login: 8 percent of Android apps and 11 percent of iOS apps. What is certificate pinning? It’s a security precaution that helps prevent attackers intercepting supposedly secure communications. It does this by ensuring the app only communicates with a server using the correct security certificate.

However, there are differing opinions about certificate pinning. For example, Apple says it doesn’t recommend that apps do their own certificate pinning, as it’s an approach that can lead to overall fragility and problems in enterprise environments.

Bamboozled by privacy policies

Even when apps do have privacy policies, users can still find it difficult to keep track of what they are consenting to. While each app has its own set of permissions and privacy policies, there are several complicating factors.

  • While some apps are self-contained, there are many that require additional apps or links to third party websites to function correctly (e.g. display advertising) or provide additional functionality, such as installing themes or providing additional levels in games. Some of these may be third-party apps.
  • Each additional app may have its own privacy policy (or none) and the user cannot assume the top-level app’s privacy policy covers subsequent app downloads.
  • However, most apps will disclaim any responsibility for use of the data by third parties.

In short, while you may be sure of your ground when it comes to a single app with a single privacy policy, once additional apps are plugged into it, the picture becomes increasingly complex, particularly when it comes to third-party apps.

Is this something to be concerned about? A significant number of apps that request risky permissions are tied to third-party apps. Of the Android apps that require risky permissions, 40 percent have links to third-party apps. Either normal app functionality is interrupted with advertisements or there were links to third-party apps for normal functionality (for example purchase links to seller sites). Meanwhile, 16 percent of the iOS apps that require risky permissions have links to third-party apps.

Guarding your privacy

How to avoid granting excessive permissions

Before you install an app:

  • Read the permissions required for the app.
  • Think about why an app needs the permissions it requests. If the permissions seem excessive, ask yourself if it’s likely they are there simply to acquire data about you.
  • Read the privacy policy. If there's none, or if it's impossible to determine from it where your data will go, don't install the app.

If you have already installed the app:

  • In the case of Android apps, you can remove unnecessary permissions by going to the Settings menu and then clicking on Permissions. Removing permissions may cause a poorly designed app to stop working. Well-designed apps will indicate if they need a permission when you attempt to perform the function that requires it.
  • In the case of iOS apps, you can remove unnecessary permissions by going to the Settings menu and then clicking on Privacy.

How to protect your personal information

  • Read the privacy policy on each social networking site and app you use.
  • Ideally, don't sign into an app using your social networking site account. If you do, check what data the app will receive from the social network account.
  • If you do sign into apps using your social network account, be frugal about how much information you provide in your public profile on social networking sites.
  • When you post data to a social networking site from an app, think about whether you want the social networking site to have this information about your app.

How to check what apps are using data from your Facebook account

  • Go to the small down-arrow at the top right of the homepage and select Settings.
  • Select “Apps & Websites in the menu on the left to discover what apps are actively using your data.
  • Select each app to view and edit the permissions on the data it uses.

How to check what apps are using data from your Google account

You can also review and edit which apps are using Google for sign in and what information is being shared with them.

© 2018 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo,  Norton, Norton by Symantec,  are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries.

Every small business should be using video in their marketing

Nothing engages like video.

Video is a powerful platform to promote your business, your services or simply to get your message out telling prospects why you stand out from your competition. Get the scoop on how Video Marketing can work for your business in our infographic below.

Video helps boost your marketing in a number of ways:

  • Improve your ranking in Google: Video is an effective way to engage visitors on your website, increasing the amount of time visitors stay on your website. Google takes visit duration into account when determining page ranks, on grounds that if people are spending a lot of time on your website, it must have quality content.
  • Showcase your brand’s personality: Use video to showcase your brand’s personality. Use video to introduce your brand to newcomers, answer your website visitors’ questions, or create an emotional bond through humor. Create a favorable and lasting impression.
  • Improve results: Businesses that include video on their website generally see higher engagement rates, higher click-through rates, and higher conversion rates.

Use video to promote your business on Vimeo, social media, and add video to your website to engage your visitors.

EarthLink has a special offer: Get a new logo for your business, and we’ll include a logo reveal video! As a business, you get one chance to make a great first impression with customers. Work with a designer to create a custom logo that you can use on your website, social, in print, and everywhere else. Plus, right now you can launch your new logo with a logo reveal video, included with your logo design! Check out sample designs and logo reveal videos: Call 1-866-528-0117 to speak with an online marketing consultant to learn more.

Are You Cyber Healthy? A Refresher Course On How To Stay Safe Online

By Ben Halpert, Founder Savvy Cyber Kids, an EarthLink partner

When you consider a list of your most valuable assets—the items that you value the most and have taken steps to insure and protect—you’re probably thinking of a piece of art or a family antique, cherished jewelry and, of course, your loved ones. But think again, and ask yourself: What are you doing to protect your less visible assets that are both valuable to you and to others—those with self-serving and malicious intent?

I’m talking about data. Hackers who steal private information only succeed because the owners of this information didn’t value it enough to protect it. The lesson here is that you need to be thinking about what others value, not just about what you value, and protect accordingly.

Today’s IT systems, if managed by trained and well-resourced individuals, provide a good defense against data thieves. So good, in fact, that hackers frustrated by these defenses use phishing strategies to convince individuals to simply give them access to the data. A common hacking technique, phishing, involves an adversary crafting an email, text message or social media message that is written to compel the recipient to click a hyperlink or open an attachment. The next step typically involves you entering your authentication details to access a bank account, email account, social media account or other online service. The part of human nature that compels us to click and open anything sent our way has made phishing the most widely used technique to get people to give up their access credentials.

There are a few actions you can take to help ensure that you, your business and your family members are not easy targets.

  • Stop reusing passwords. I know: This a challenging request. We’re expected to log in to multiple websites every day, with each one requiring you to authenticate yourself with a username and password. To save you from having to remember hundreds of username and password combinations, use a reputable password manager.
  • Enable multi-factor authentication (also called strong authentication or two-factor authentication) on all accounts that accept it. Essentially, this is a step beyond the username/password combination. The multi-factor aspect can be a text message sent to your phone, an email sent to the address you have on file with a service provider, a challenge request from an authenticator app (such as DUO or Google Authenticator), a voice call to a phone number on record or some other way to verify that you are actually the one trying to gain access to your account. Another strong option is to use your fingerprint as your means of access, which you can do with an increasing number of apps.
  • Verify that the person or organization that sends you an email, text or social media message with a link or attachment to click is the real sender. You can call them or go directly to their website—don’t click the link and assume that the website it takes you to is authentic. For example, if you receive an email from your bank or email provider asking you to reset or verify your password, open a new browser page and type the main service provider site address yourself and then login to see if indeed they need you to take any action. One general caveat: Most reputable businesses and organizations don’t send you emails requesting you to reset your password unless you’ve already told them that you’ve forgotten it. So if you receive such an email, chances are good that it’s a fake
  • Update everything. It is important for you to update all devices and software on a regular basis and when notified by the manufacturer or creator. Anytime an update (often called a patch) is available, a fix was made to a known problem with that device or software. Perhaps there is a way for someone to remove all the information off of a computer or device. Or maybe there is a way for someone to remotely turn on the video camera on your device and take inappropriate videos.
  • Protect yourself from viruses. Install (and keep updated) an anti-virus product. Antivirus products can protect you from certain attacks. And yes, even Mac computers should have anti-virus software too.
  • Backup your data. Data is the most important aspect of your computer. Computer hardware can fail, data can be corrupted by a virus, computers can be lost, stolen, or destroyed. You can – and should – make wise choices to prevent any of this from happening. But it’s equally wise to regularly use data backup software that can help protect and restore your data when something goes wrong.
  • Beware of public Wi-Fi. Free public wireless networks lack strong security protections, making it easy for hackers to capture passwords and gain access to your credit card and bank account information as you shop or conduct other financial transactions online. Experts advise that its ok to use free WiFi to watch a video or read the news, check the weather or traffic conditions or check on an airline flight to see if it’s on time. But don’t use it for anything requiring a log-in.

Be aware, stay vigilant and fight your basic instinct to click and open anything sent to you. Make these changes, and you will enhance the security posture of your family, your business and your data.

EarthLink and Norton have tools to help you stay safe online. Visit our Security and Tools section to learn more about Norton Security Online, Wi-Fi Privacy and EarthLink's Online Backup.


Savvy Cyber Kids educates and empowers digital citizens, from parents and grandparents, to teachers and students. Sign up for their free resources to help you navigate today’s digital world with cyber ethics.

Security Alert: New Extortion Tricks Using Your Password!

Your online security is important to us, below are recent occurrences regarding online security scams.

Password Extortion

There is an increase in activity from emails that claim to have your account username and password from a "questionable" website. These cyber criminals are asking for bitcoin ransom payments or they will share your activity with user contacts.  More information can be found on this forum at  and

Scam Alert Trends

Below is an article from the Federal Trade Commission highlighting recent online threats that could impact your security. Vacation rental fraud and credit card processing scams are just a few of the recent alerts. Recognize the warning signs and read more at

EarthLink Known Scams

Furthermore, we shared last month that there are several known online scams you should be aware of with the EarthLink brand being compromised. Stay up to date and read about these recent customer service and email phishing attempts at

The online security landscape changes daily. Make sure you are educated and armed to protect you and your family.