Recently in Corporate Category
1. Do not perform Google Searches while signed into your account.
This is the simplest way to ensure Google does not capture search history associated with your user ID/profile. As an alternative, keep your Google account signed in on one browser (e.g. Firefox) and use another browser operating under privacy protection mode (e.g. Chrome's Incognito Mode) to conduct searches. This is not fool proof -- google can certainly be smart enough to identify signed in sessions and non-signed in sessions originating from the same IP address...but it's a start.
Please note all steps below assume you are signed into your Google account
2. Remove your Google History
- Navigate to http://www.google.com/history
If web history is enabled:
- Click the button says "View History"
- Click "Remove All Web History"
Doing this automatically stops the future collection of web history. If you ever wish to resume history collection, simply click the "Resume" button.
3. Remove your YouTube History
- Click on "YouTube" in the toolbar at the top of the page
- On the right of the page, click your username and select "Video Manager"
- On the left side of the page, click the "History" button
- Click the "Clear Viewing History" button, confirm your choice when the pop-up displays
- Refresh the page/click the "History" button again
- Finally, click "Pause Viewing History"
- In Gmail, click on the cog/wheel in the upper right corner
- Click Mail Settings
- Click Chat
- Ensure "Never save chat" history is enabled
5. Remove old e-mail from GoogleNavigate to https://mail.google.com/mail/u/0/?tab=wm#all/p99999 and look at the date on the e-mails, these are the oldest e-mails stored in your Google Account.Take a walk through memory lane...Scary, huh?
To remove these e-mails from Google Servers:
- Click the cog/wheel in the upper right corner of Gmail
- Select "Mail Settings"
- Select "Forwarding and POP/IMAP"
- Click "Enable IMAP"
- Download a mail client such as Thunderbird, Outlook, Apple Mail, etc
- Follow directions to setup mail client: http://support.google.com/mail/bin/answer.py?hl=en&ctx=mail&answer=75726
- Using the mail client, create a local email storage file= such as an outlook PST or a Thunderbird local folder
- Download all e-mails from Google to your local storage
- Delete all e-mails from Google
- Repeat this every month, ensuring only the last six months of e-mail stay on Google's Servers
6. Android Phone - Web Browser
- Open your Web Browser
- Click the Menu Key on your phone
- Select "More"
- Select "Settings"
- Clear your history, cache, and location access.
- Suggest disabling "Enabled location" to prevent future websites from accessing your location.
Security Best Practices for your Google Account
While not related to the impending privacy changes, the follow steps are two important functions to enable on your Google account.
7. Google Mail Connection
- In the Gmail settings, click on the "General" settings tab
- Ensure "Browser Connection" has "Always use https" enabled
8. 2-Step verification
2-Step verification is similar to what major banking websites are now using. This service provides stronger security protection on your account. The process is very simple: Once activated, you will need to verify the device(s) you frequently sign into your google account from. Your home computer, your work computer, your iPad, etc. To do this, Google will send you an SMS text message with a unique code. You will be required to enter both your password and this code to verify the device you are signing into Google with. This will prevent people from accessing your account from unauthorized devices/computers.
- Navigate to https://www.google.com/settings/
- Under "Security" find the 2-step verification item
- Click "Edit" -- walk through the sign up process.
I can't wait to see this in action and I hope Evidon pushes out in new directions for privacy notice/choice. I'd love to see Evidon build on Aza Raskin's privacy icon project. Evidon and its partners will reach a large audience and can use their bully pulpit to advance changes in the standard idea of notice and consent (choice). More granular control over opting-in/opting-out or programs? Something even more radical? This is a big technological step forward for providing smart notice/choice, why not try out more new ideas?
I would also like to see Evidon and its partners use this platform for testing new approaches to advertising, information collection, notice, and choice. For example:
Testing the impact of a truly opt-in model on ad impressions: "Would you like to see ads on this site?"
Testing the impact of opt-in information collection: "Advertising network XYZ would like to collect browsing habits: Yes/No."
We've only been able to speculate on the outcome of this type of granular control, perhaps Evidon could give us some proof.
These guidelines will help create a more secure app/site. However, they will not, by themselves, decrease privacy risks. Design your app/site to be privacy-conscious.
I love seeing research like this surface and I give Nik credit for approaching facebook multiple times before publishing. His post is fairly technical but his intro boils it down nicely into layman's terms.
It seems Dave Winer's (@davewiner) post titled "Facebook is scaring me" may have prompted Nik's post after sitting on the data for more than a year. And all of this, of course, after the recent announcements at F8, which prompted renewed privacy concerns regarding facebook's new timeline profile and frictionless sharing features.
It amazes me how often the privacy pot gets stirred, even with pending legislation looming over a largely unregulated industry. You'd think they might lay low on making these drastic and norm-challenging changes.
I can't help but wonder if this was the original intention of G+ or a strategic shift that happened after the announcement of the National Strategy for Trusted Identities in Cyberspace (NSTIC) in April, 2011.
Eric also said that G+ use is completely optional. Users are not required to join the service and users who dislike the policy can easily walk away**.
Will Eric Schmidt's comments impact your use of G+? Do you believe anonymous/pseudonymous access should be allowed?
**Google has made it very easy to close out your Plus account. Access https://plus.google.com/u/0/settings/general and look under the "Services" section. Follow the "Delete profile and remove associated social features."
While the attack vector (phishing) was not advanced, the exploit code was. As the F-Secure article points out, RSA could not have defended against this brand new threat via antivirus or other network/system defense. However, proper training of employees on opening suspicious attachments could have prevented the whole thing.
My favorite detail in the post is that an RSA employee uploaded the e-mail to VirusTotal. This is speculation, but I can imagine the additional virus scanning occurred immediately after opening the file and seeing the actions (see video on F-Secure post). I can further imagine the "oh, crap" reaction of the person who watched, on their screen, as one of the leading security product providers got owned.
Building an organizational culture of security and privacy can go a very long way. Training and awareness is a critical complement to any enterprise defense strategy. You can deploy millions of dollars worth of defense systems and still be compromised by the actions of a dedicated and resourceful adversary and the actions of one, untrained, employee.
A closing note: In the beginning of August the RSA breach was revealed, through an EMC earnings calling, to have cost $66 million to investigate, mitigate, and help customers.
LinkedIn has recently opted-in their user base into a third-party advertising agreement that allows for use of name and photos in those advertisements. Follow the directions below to opt-out:
- Click on your name on your LinkedIn homepage (upper right corner). On the drop-down menu, select "Settings"
- From the "Settings" page, select "Account*"
- In the column next to "Account", click "Manage Social Advertising
- De-select the box next to "LinkedIn may use my name, photo in social advertising"\
Steven created a great graphic for assisting you you in opting-out. Click here.