Privacy vs. security: what’s the difference?

As your Internet Service provider, EarthLink is committed to keeping you informed of technology tips to help manage your digital life. Below our partner Symantec shares information on how to manage mobile privacy across multiple apps. Article by Symantec.

______________________________________

When it comes to privacy vs. security, it’s a good idea to have both. Each can impact your digital health. But what’s the difference?

Privacy and security are related. Privacy relates to any rights you have to control your personal information and how it’s used. Think about those privacy policies you’re asked to read and agree to when you download new smartphone apps.

Security, on the other hand, refers to how your personal information is protected. Your data — different details about you — may live in a lot of places. That can challenge both your privacy and your security.

Some people regard privacy and security as pretty much the same thing. That’s because the two sometimes overlap in a connected world. But they aren’t the same, and knowing how they differ may help you to protect yourself in an increasingly connected world.

What’s the difference between privacy and security?

Here’s an example. You might share personal information with your bank when you open a checking account. What happens after that? Here are three possible outcomes, all related to your personal information (not to the money you may have deposited in the checking account).

  1. Your privacy and security are maintained. The bank uses your information to open your account and provide you products and services. They go on to protect that data.
  2. Your privacy is compromised, and your security is maintained. The bank sells some of your information to a marketer. Note: You may have agreed to this in the bank’s privacy disclosure. The result? Your personal information is in more hands than you may have wanted.
  3. Both your privacy and security are compromised. The bank gets hit by a data breach. Cybercriminals penetrate a bank database, a security compromise. Your information is exposed and could be sold on the dark web. Your privacy is gone. You could become the victim of cyber fraud and identity theft.

It would be great if your risks began and ended with that theoretical bank. But your personal information is likely all over the connected world — in government offices, at healthcare providers, at stores and restaurants, and in many of your online accounts. You might say it’s everywhere — not literally, but it’s certainly in enough places that it’s out of your control.

If a cybercriminal accesses that information, it could be off to the races. Your privacy and security could both get trampled.

What’s the difference between privacy and security in computer terms?

Cyber security products can help protect your privacy and security — sometimes at the same time.

For instance, consider a VPN — a virtual private network. It’s a security product that acts like a tunnel for your information and your activity on the internet, encrypting all the data that you send or receive on your device. It’s like an online version of sitting with your back to a wall when you don’t want someone else to see what you’re doing on your computer or phone when you’re at a café or airport.

Are some app developers adding features simply to gain access to permissions? It’s a possibility, but something we can’t provide a definitive answer to. Ultimately, it may be up to the user to ask if these additional features are essential to the function of the app and if it’s worth granting permissions for features that only provide marginal benefits.

Here’s how a VPN helps you win two ways:

  • Privacy: It helps to block websites, internet browsers, cable companies, and internet service providers from tracking your information and your browser history.
  • Security: It helps protect you from others accessing your personal information and other data.

Tips for protecting your privacy and security

  • It’s smart to do business with companies and organizations that value your privacy and take measures to protect your personal information. But there are things you can do, too, to help protect your privacy and boost your security.Here are some examples:
    • Limit what you share on social media and online in general.
    • Shred important documents before tossing them in the trash.
    • Guard your Social Security number. Keep it in a secure place and don’t give it out if possible. Ask if you can provide another form of identification.
    • Safeguard your data and devices. This might include enlisting the help of computer virus protection, a secure router, Wi-Fi protection, and identity theft protection services.
    • Understand how the information you’re giving away could be used. Read an organization’s privacy policy before signing up for an app or service. Remember, if the app or service is free, the company may make its money by selling your data. Consider taking a pass.

How long do I have to think about privacy and security?

Privacy vs. security will remain a hot topic. Why? Because your information will likely pop up in more and more places.

Your world is getting more connected, not less, and your information has value. People will try to profit from it in legal and illegal ways.

The best advice about privacy vs. security: Take care of both.

_____________________________________________________________________

For more information about protecting yourself with Norton products from EarthLink, go to  Security and Tools.

 

© 2018 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo,  Norton, Norton by Symantec,  are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries.


Top Apps & What you Need to Know

By Ben Halpert, Founder Savvy Cyber Kids, an EarthLink partner

At Savvy Cyber Kids, we encourage parents and grandparents to get involved in their children’s and grandchildren’s digital lives. This means knowing what they are doing on their devices, on the platforms they engage on and who they are ‘playing’ with – their friends, followers and so on.

In reality, it’s hard to be involved without getting involved yourself. If you don’t know what a certain social media platform is or if you are not familiar with the games and apps that your children are playing, it’s hard for you to converse about them with your child or grandchild. And, it’s equally hard to know what might be of concern to you.

To that end, it’s interesting to look at what are the most popular apps.

 

Top Paid Apps on iOS

  1. Human Anatomy Atlas 2019: Complete 3D Human Anatomy
  2. Facetune: The Original Selfie Editor
  3. HotSchedules: Employee Scheduling App
  4. Sky Guide: View Stars Day or Night
  5. Dark Sky Weather: Up To An Hour In Advance Weather Reports
  6. Forest – Stay Focused: Screentime Moderation
  7. Afterlight 2: All-In-One Phot Editor
  8. The Wonder Weeks: Baby Development Calendar
  9. SkyView: Explore The Universe
  10. Cute CUT Pro: Full Featured Video Editor

 

Top Free Apps on iOS

  1. YouTube
  2. Messenger
  3. Instagram
  4. Snapchat
  5. Facebook
  6. Netflix
  7. Google Maps
  8. Gmail
  9. Remind: School Communication
  10. WhatsApp Messenger

 

Top Free Apps on Android

  1. Hello Stars - Game
  2. Hole.io-Game
  3. Word Link- Game
  4. Tomb of the Mask - Game
  5. Tik Tok- including musical.ly - Game
  6. Helix Jump - Game
  7. PLANK! - Game
  8. Wish - Shopping
  9. Rise Up - Game
  10. Messenger

 

Top Paid Apps on Android

  1. Minecraft – Game
  2. Bloons TD 6 - Game
  3. Roller Coaster - Game
  4. Pocket City - Game
  5. HotSchedules
  6. Hitman Sniper - game
  7. Fake GPS Joystick & Routes Go – Proximity Re-Writer
  8. Basic Education – Educational Game
  9. Geometry Dash – Game
  10. Nova Launcher - Customizable, Performance-Driven Home Screen

It’s really great to see popular apps that are devoted to intellectual curiosity, be it human anatomy or astronomy - even the weather.

But even with the presence of apps like human Anatomy Atlas, Sky Guide and Sky View, the preponderance of apps that are popular are overwhelmingly devoted to social media – be it the apps themselves (like YouTube, Messenger, Instagram, Snapchat and Facebook) or the photo editing tools that create a social media friendly version of reality, like Facetune and Cute CUT.

Do you know how your child or grandchild engages on social media? It’s always worthwhile to talk to your child or grandchild about the pressures to maintain a social media presence. This can have a negative impact on the investment they put into IRL (real-life) relationships and they’re real life responsibilities like school, extra-curricular activities, family relationships and SLEEP! Apps like Facetune and other photo editing services can send a message to your child or grandchild that they are not good enough the way they are. It’s probably worth observing how much time your child or grandchild invests in a selfie. How many photos did they take? How much time did they spend editing it? What did they edit?

These lists are also heavily weighted by a fondness for gaming. There’s a lot of talk these days about gaming addiction and, no doubt, kids can spend way too much time trying to level up within a game. It’s important for you to know which games your child is playing so that you can look at the privacy settings. You need to know who your child is playing with. Is it strangers or only people they know in real life?  You need to know how players communicate with one another within a game. Are strangers communicating with your child or grandchild as they play a game?

By looking at this list together, you can start all sorts of conversations with your child or grandchild. First, learning which one of these apps they use and then exploring how to use it.

Remember, getting involved in the digital lives of your children and grandchildren isn’t just so you can look out for potential pitfalls. It’s also about finding a new way to connect with your child or grandchild – in their virtual worlds where they are already immersed. It’s about seeing if you can find fun and joy with your child or a grandchild in their digital world.

______________________________________________________________________________________________

Savvy Cyber Kids educates and empowers digital citizens, from parents and grandparents, to teachers and students. Sign up for their free resources to help you navigate today’s digital world with cyber ethics.


Mobile Privacy: What Do Your Apps Know About You?

As your Internet Service provider, EarthLink is committed to keeping you informed of technology tips to help manage your digital life. Below our partner Symantec shares information on how to manage mobile privacy across multiple apps. Article reposted from Gillian Cleary, Senior Software Engineer at Symantec. 

______________________________________

Just how much personal information are your apps gathering? And do they really need so much?

The average smartphone user these days has between 60 and 90 apps on their device. Most of these apps request some sort of information about you and the device you are using. They may want to know your name, your email address, or your real-world address. But because smartphones are so powerful, they can also get quite a bit more than that, such as your exact location. Some apps will even request access to the device’s camera or microphone.

While all of this is done with the user’s consent, you may be surprised at the level of access some apps have to personal data. Did you know that 45 percent of the most popular Android apps and 25 percent of the most popular iOS apps request location tracking, for example? Or that 46 percent of popular Android apps and 25 percent of popular iOS apps request permission to access your device’s camera? Some Android apps even ask you to give them access to your SMS messages and phone call logs.

Under the microscope

In order to find out what kind of data your apps may be looking for, we decided to put the most popular to the test. We downloaded and analyzed the top 100 free apps as listed on the Google Play Store and Apple App Store on May 3, 2018. For each app, we tried to find out two main things: how much personal information was the user sharing with the app and which smartphone features the app accessed?

Neither practice is inherently suspicious. In most cases, information is shared and device permissions are enabled with the user’s consent. And there is usually a very good reason why apps require either. For example, a taxi app will need to be able to access a user’s location in order to tell the driver where to go. Instead, we were more interested in whether any apps were requesting excessive access to information or if app developers were doing everything they could to protect users’ privacy.

Personal information

One of the first things we looked at was the amount of personally identifiable information (PII) that apps requested users share with them. Email addresses were the most common piece of PII shared with apps and were shared with 48 percent of the iOS apps and 44 percent of the Android apps analyzed. The next most common piece of PII was the username (which is usually someone’s full name as they’ve entered it on social networking sites or on the app), which was shared with 33 percent of iOS apps and 30 percent of Android apps. Phone numbers, meanwhile, were shared with 12 percent of iOS apps and 9 percent of Android apps. Finally, the user’s address was shared with 4 percent of iOS apps and 5 percent of Android apps.

However, these stats don’t fully account for the full amount of PII being shared with apps.

Several apps integrate with social media so that the user can log into the app using their social media account and allow the app to post directly to the social networking site. For the user, this means they don’t need to manage passwords for every app, can invite friends to play mobile games, and share app info on their timeline.

But this symbiotic relationship also allows the app to collect user data from the social media account, while also allowing the social media service to collect data from the app. In the case of iOS apps using social media integration, we were able to see what PII was being shared. However, in the case of Android apps, we weren’t. This was because the apps in question all employed Facebook’s widely used Graph application programming interface (API) and the Android version of Graph uses certificate pinning, which prevented us from seeing what PII was being shared (we’ll discuss certificate pinning in more detail later).

Therefore, when we say that email addresses are shared with 44 percent of the Android apps, that figure could be higher because some Android apps use the Facebook Graph API and this may share an email address with them too.

Facebook Graph may be familiar to some people because it was used by Cambridge Analytica to compile personal information relating to 87 million Facebook users. This information was reportedly then used in targeted social media campaigns directed at voters during the 2016 U.S. presidential election campaign. Facebook responded to this incident by significantly tightening up its API and restricting the amount of personal information that can be shared through it.

While Facebook Graph may be the best-known integration service, it isn’t the most widely used. Of the apps we analyzed, 47 percent of Android apps and 29 percent of iOS apps offered the Google integration service, while 41 percent of Android apps and 26 percent of iOS apps offered the Facebook Graph API service.

Some permissions are more risky than others

Aside from personal information, apps will also need permission to access various features on your mobile device. For example, if you want to take a picture using Instagram, the app will need permission to use your device’s camera.

There is a massive amount of permissions an app could request, but not all permissions are the same. For that reason, we took a closer look at what we term “risky permissions” - permissions that could provide access to data or resources that involve the user's private information or could potentially affect the user's stored data or the operation of other apps. Examples of risky permissions include access to the user’s location, contacts, SMS messages, phone logs, camera, or calendar.

What did we find? Camera access was the most requested common risky permission, with 46 percent of Android apps and 25 percent of iOS apps seeking it. That was closely followed by location tracking, which was sought by 45 percent of Android apps and 25 percent of iOS apps. Twenty five percent of Android apps requested permission to record audio, while 9 percent of iOS apps did. Finally, 15 percent of Android apps sought permission to read SMS messages and 10 percent sought access to phone call logs. Neither of these permissions are available in iOS.

Two things should be stressed when talking about risky permissions. Firstly, they require the user’s permission to access this data. And secondly, just because we’ve called them risky permissions doesn’t mean they shouldn’t be granted. As explained before, there’s usually a reason they’re required. Instead, they should be seen as permissions the user should exercise more caution about granting, asking themselves if the app really does need this permission and if they’re comfortable granting it to this particular app. For example, do you really want to give an app access to your calls and text messages simply to provide personalized alerts?

Interestingly, in cases where we were analyzing both the Android and iOS versions of apps, some Android apps requested more risky permissions than their iOS counterparts. Seven Android apps requested access to SMS messages, while their iOS versions did not. One Android app requested access to phone call logs, while its iOS version did not. While neither permission is available in iOS, it does beg the question of why these permissions were requested in the Android version while the iOS version can do without them.

Are all permissions necessary?

Do some apps request too many permissions? We took a closer look at several that seemed to request a lot. The first was the Android horoscope app “Zodiac Signs 101 – 12 Zodiac Signs & Astrology", which has been downloaded more than 1 million times. Among the permissions it sought were:

  • Precise user location
  • Access to user’s contacts
  • Send and receive SMS messages
  • Receive MMS messages
  • Permission to directly call phone numbers
  • Permission to reroute outgoing calls
  • Access to phone call logs
  • Access to camera
  • Read/write contents of USB storage
  • Read phone status and identity

The second example we looked at was the Android flashlight app "Brightest Flashlight LED - Super Bright Torch", which has 10 million installs. Included in the list of permissions it sought were:

  • Precise user location
  • Access to user’s contacts
  • Send SMS messages
  • Permission to directly call phone numbers
  • Permission to reroute outgoing calls
  • Access to camera
  • Record audio via microphone
  • Read/write contents of USB storage
  • Read phone status and identity

Do these apps really need all of these permissions? In each case, there were features in the app which made use of the permission. For example, Brightest Flashlight LED offers the user extensive customization options and the ability to make it flash in different ways when the user receives incoming calls or texts. In order to do that, it would need access to calls and messages.

Are some app developers adding features simply to gain access to permissions? It’s a possibility, but something we can’t provide a definitive answer to. Ultimately, it may be up to the user to ask if these additional features are essential to the function of the app and if it’s worth granting permissions for features that only provide marginal benefits.

Lax security practices

Worryingly, a small number of the apps we examined employed very poor security and privacy practices. Four percent of the Android apps and 3 percent of the iOS apps requesting risky permissions didn’t have any privacy policy. Ideally, every app should have a privacy policy which states clearly what data is being collected, where it is being stored, who it is being shared with, and so on.

Meanwhile, only a minority of apps implement certificate pinning at login: 8 percent of Android apps and 11 percent of iOS apps. What is certificate pinning? It’s a security precaution that helps prevent attackers intercepting supposedly secure communications. It does this by ensuring the app only communicates with a server using the correct security certificate.

However, there are differing opinions about certificate pinning. For example, Apple says it doesn’t recommend that apps do their own certificate pinning, as it’s an approach that can lead to overall fragility and problems in enterprise environments.

Bamboozled by privacy policies

Even when apps do have privacy policies, users can still find it difficult to keep track of what they are consenting to. While each app has its own set of permissions and privacy policies, there are several complicating factors.

  • While some apps are self-contained, there are many that require additional apps or links to third party websites to function correctly (e.g. display advertising) or provide additional functionality, such as installing themes or providing additional levels in games. Some of these may be third-party apps.
  • Each additional app may have its own privacy policy (or none) and the user cannot assume the top-level app’s privacy policy covers subsequent app downloads.
  • However, most apps will disclaim any responsibility for use of the data by third parties.

In short, while you may be sure of your ground when it comes to a single app with a single privacy policy, once additional apps are plugged into it, the picture becomes increasingly complex, particularly when it comes to third-party apps.

Is this something to be concerned about? A significant number of apps that request risky permissions are tied to third-party apps. Of the Android apps that require risky permissions, 40 percent have links to third-party apps. Either normal app functionality is interrupted with advertisements or there were links to third-party apps for normal functionality (for example purchase links to seller sites). Meanwhile, 16 percent of the iOS apps that require risky permissions have links to third-party apps.

Guarding your privacy

How to avoid granting excessive permissions

Before you install an app:

  • Read the permissions required for the app.
  • Think about why an app needs the permissions it requests. If the permissions seem excessive, ask yourself if it’s likely they are there simply to acquire data about you.
  • Read the privacy policy. If there's none, or if it's impossible to determine from it where your data will go, don't install the app.

If you have already installed the app:

  • In the case of Android apps, you can remove unnecessary permissions by going to the Settings menu and then clicking on Permissions. Removing permissions may cause a poorly designed app to stop working. Well-designed apps will indicate if they need a permission when you attempt to perform the function that requires it.
  • In the case of iOS apps, you can remove unnecessary permissions by going to the Settings menu and then clicking on Privacy.

How to protect your personal information

  • Read the privacy policy on each social networking site and app you use.
  • Ideally, don't sign into an app using your social networking site account. If you do, check what data the app will receive from the social network account.
  • If you do sign into apps using your social network account, be frugal about how much information you provide in your public profile on social networking sites.
  • When you post data to a social networking site from an app, think about whether you want the social networking site to have this information about your app.

How to check what apps are using data from your Facebook account

  • Go to the small down-arrow at the top right of the homepage and select Settings.
  • Select “Apps & Websites in the menu on the left to discover what apps are actively using your data.
  • Select each app to view and edit the permissions on the data it uses.

How to check what apps are using data from your Google account

You can also review and edit which apps are using Google for sign in and what information is being shared with them.

© 2018 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo,  Norton, Norton by Symantec,  are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries.


Security Alert: New Extortion Tricks Using Your Password!

Your online security is important to us, below are recent occurrences regarding online security scams.

Password Extortion

There is an increase in activity from emails that claim to have your account username and password from a "questionable" website. These cyber criminals are asking for bitcoin ransom payments or they will share your activity with user contacts.  More information can be found on this forum at https://krebsonsecurity.com/2018/07/sextortion-scam-uses-recipients-hacked-passwords/  and https://isc.sans.org/forums/diary/New+Extortion+Tricks+Now+Including+Your+Password/23866/.

Scam Alert Trends

Below is an article from the Federal Trade Commission highlighting recent online threats that could impact your security. Vacation rental fraud and credit card processing scams are just a few of the recent alerts. Recognize the warning signs and read more at https://www.consumer.ftc.gov/features/scam-alerts.

EarthLink Known Scams

Furthermore, we shared last month that there are several known online scams you should be aware of with the EarthLink brand being compromised. Stay up to date and read about these recent customer service and email phishing attempts at https://www.earthlink.net/security-alert-avoid-phishing-customer-support-scams-posing-earthlink/.

The online security landscape changes daily. Make sure you are educated and armed to protect you and your family.


Clean up your phone for a better digital life

As your Internet Service provider, EarthLink is committed to keeping you informed of technology tips to help manage your digital life. Below our partner Symantec shares information how to keep your mobile phone working at maximum performance.

If you are guilty of having apps cluttered all over your screen then you are not alone. Smartphones loaded with too many apps can slow down your phone, allow third-party apps to access your data, shorten battery life or worse, crash your phone.

Every once in a while every phone needs a cleanup. This time of year  is a great time to take out the old and bring in the new. Here are a few tips to help you clean your phone.

1. Don’t want it? Delete it.

Apps are notorious for taking up space on your phone. Arrange apps in the order of usage. If you think you haven’t used an app in over a month then you probably don’t need it.

2. The backup plan.

As a general rule, regularly backup your data. This not only frees up space in your phone, it also speeds it up. If your phone is taken over by ransomware, you will still have your data.

3. How many people are in your phone?

You build contacts as you learn and grow in this world. You add them to your address book. As you move from one phone to another, you are carrying these numbers and details to the next device, and the one after that. Finally you end up with more contacts than the number of people you actually know. Go through your contacts and delete the ones you know you wont need.

4. Music, messages and maps

There was a time when music was downloaded and saved in phones. Now with Wi-Fi being available almost everywhere and apps that stream music, the need to save music has declined. Text messages take up a lot of space too. Memes, videos, gifs, etc, live in your feed and take up precious real estate. Delete them once you’ve read them. Apps like maps, ride sharing services, and other services that use geo location that run in the background and slow down your phone. Turn them off when not in use.

5. Time to change your password

Changing passwords regularly keeps your device safe from cyber attacks. Use unique passwords that use a combination of at least 10 upper and lowercase letters, symbols and numbers. The key is to make it difficult for attackers to access your information by changing your passwords every three months and not reusing passwords for multiple accounts.

6. Check for software updates and patches

Software patches and update notifications show up at the oddest moments. While it is highly recommended that you update your phone immediately upon receiving them, sometimes people can miss the notification. Check your phone’s settings, and make sure that you are running the latest version of the software. Ignoring security updates exposes your phone to vulnerabilities that can be exploited.

7. Clean on the inside and clean on the outside

Do not forget to remove your phone cover and wipe down your phone with a clean cloth. Read the cleaning instructions that came with your phone. Using wet wipes and alcohol solutions may damage the phone.

8. Safety first

Use a reliable security suite to keep your phone safe from cyber attacks. Norton Wi-Fi Privacy encrypts the data you send and receive when using an unsecured public Wi-Fi, protecting your information that may be vulnerable to attack.

Make sure you maintain the health of your phone with good cyber habits.

 

 

© 2018 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo,  Norton, Norton by Symantec,  are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries.