Privacy Alert: 10 Biggest Threats of 2010
2010 could go on record as the year the privacy mess hit the proverbial fan.
Companies such as Apple, AT&T, Facebook, and Google all got nailed for sharing users' personal data in big ways, accidentally or otherwise. Police officers were caught tracking people's movements via cell phones, while Web advertisers tracked surfers' virtual movements via hard-to-kill cookies. Schools spied on their students, mobile apps spied on their owners, and the feds caught heat for getting a little too personal with their security searches.
But the biggest privacy headlines of 2010 weren't necessarily the biggest threats, while some lesser-known incidents had far more serious implications. How dangerous are these privacy issues to you? In this rundown, we use the Department of Homeland Security's threat level system to rate the threats, and we provide suggestions on how you can protect yourself.
Be careful out there.
1. Google's Wi-Fi Spying
Threat Level: GREEN
Google's Wi-Fi spying debacle didn't start out evil. By using its Street View vans to map out open Wi-Fi networks, Google could provide better location data to mobile users. If you use Google Maps from your phone, it could employ nearby wireless networks to determine where you are, no GPS required.
The problem: Besides the Wi-Fi network's name and location, Google's Street View vans were accidentally slurping up unencrypted data--including user passwords and e-mail messages. Over three years, Google gathered 600GB of extra data in more than 30 countries, resulting in international sanctions, civil lawsuits, and an FCC probe.
Even so, the impact on average consumers is minimal, says Peter Eckersley, senior staff technologist for the Electronic Frontier Foundation. You're in greater danger of being spied on by nosy neighbors or creeps parked outside your house.
The solution: Password-protect your wireless network (duh) and use encrypted HTTPS connections to browse the Web when possible (see item #3 below).
2. The iPad E-Mail Leak
Threat Level: GREEN
If you bought one of the first Apple 3G iPads, an obscure security group may have purloined your e-mail address.
Last June, Goatse Security exploited a hole in AT&T's Website that displayed an iPad owner's e-mail address when it encountered an HTTP request containing that user's ID number. Goatse flooded AT&T.com with URLs containing random 20-digit numbers and collected 114,000 e-mail addresses of iPad owners. It then shared a few of them with Gawker.
The good news? The Goatse hack didn't reveal passwords, so the group couldn't access information beyond your name. And you're in select company--ABC's Diane Sawyer, New York Mayor Michael Bloomberg, and top government and military officials also had their addresses stolen.
The solution: None needed. AT&T quickly closed the hole--and if a spammer wants your e-mail address, there are easier ways to get it. So is the iPad magical and life-changing yet?
3. Facebook Wi-Fi-Jacking
Threat Level: YELLOW
Updating your Facebook status from a Wi-Fi café? A stranger can log in to your account and pretend to be you. Blame Firesheep, a free Firefox plug-in that captures login cookies as they fly by unencrypted. Programmer Eric Butler wrote the program to demonstrate how much data people send "in the clear" without realizing it. Using Firesheep, a hijacker can access your account on Facebook, Twitter, and two dozen other sites. Any information you thought was private now isn't. Feeling naked yet?
The failure of sites such as Facebook and Twitter to require secure logins is "an enormous privacy problem," says the EFF's Eckersley. "Google demonstrated this could be done on a colossal scale at minimal cost with Gmail. Now we need to get the rest of them to do that."
The solution: Use EFF and the Tor Project's HTTPS Everywhere plug-in for Firefox to force sites to use SSL encryption if available. And don't log in to sites containing sensitive info from a public network.
4. 'Naked' Security Scans
Threat Level: BLUE
If Firesheep doesn't make you feel naked, passing through airport security might. Major U.S. airports and federal buildings are deploying body scanners that can peer through clothing, rendering you virtually nude to security guards viewing the scan.
It gets worse. Last August, the U.S. Marshals Service in Orlando, Florida, admitted to storing some 35,000 body scans it was supposed to have destroyed. Naturally, some of those found their way onto the Net.
The Electronic Privacy Information Center filed suit against the Department of Homeland Security, attempting to keep airports from deploying the machines. A wave of protest ensued, including everybody from ordinary people to members of the Allied Pilots and U.S. Travel Associations.
The solution: In lieu of a scan, you can opt for an "If you touch me there, you'd better buy me dinner and a movie first" full-body frisk. But we don't think you'll feel any less violated.
5. Mobile Malware
Threat Level: YELLOW
The smartphone in your pocket is catnip to malware authors, yet mobile security is barely on most people's radar, says Winn Schwartau, chairman of security vendor Mobile Active Defense.
Kaspersky Lab identified the first malware known to target Android phones last August, and rogue code targeting jailbroken iPhones and iPads has been available for over a year. Schwartau agrees with estimates that 20 percent of all Android and iPhone apps may be infected.
"Mobile apps are the best hostile-code delivery system ever invented," Schwartau says. "The entire mobile space is in chaos."
The solution: Before you install a new app, do some sleuthing to suss out potential red flags; avoid apps from unfamiliar vendors or sites. "Install Gotcha 1.0 from Bob's App Store?" says Schwartau. "I don't think so."