6. Facebook's ID Giveaway
Threat Level: ORANGE
Facebook is often rightly accused of playing fast and loose with its 500 million members' data. But perhaps the site's worst privacy breach of 2010 was when Facebook and its biggest apps revealed user identities to advertisers and data brokers.
When users clicked ads on Facebook, Web links sent to advertisers contained unique IDs that could be traced back to the users' public profiles--giving the advertisers access to detailed information about a user's religion, politics, sexual preferences, and more. In other cases, app makers simply sold the user IDs to brokers.
EFF's Peter Eckersley says using Facebook IDs to extract personally identifiable information is easy for data brokers. "Tracking people is what they do," he says. "If they're sitting on a gold mine of data, they're going to dig for gold."
The solution: Use Facebook's privacy controls to keep your public profile sparse, and opt out of data-broker databases when possible.
7. Cell Phone Tracking
Threat Level: ORANGE
Geolocation services such as Facebook Places, Foursquare, and Gowalla let you tell the world what you're doing and where you're doing it, but they're voluntary. Other people may be tracking you in secret, thanks to that homing beacon in your pocket.
In September, a federal appeals court in Philadelphia ruled that law enforcement officials do not have to obtain a search warrant before obtaining location data, though a judge may still request one. (Conversely, last August the U.S. Court of Appeals for the District of Columbia ruled that a warrant is required before the feds can put a GPS tracking device on your car.) Until the Supreme Court issues a ruling or Congress enacts laws making location privacy a priority, the rules will vary depending on your location (appropriately enough). Meanwhile, private businesses can use your location data as they wish.
The solution: Turn off all of your handset's wireless antennas when you feel the urge to roam free.
8. Webcam Watchers
Threat Level: GREEN
A high school in southeastern Pennsylvania achieved international infamy after it used school-supplied laptops to secretly spy on students. Harriton High officials admitted that the school remotely operated Webcams on the district's 2400 MacBooks as an antitheft feature, capturing more than 50,000 images of students over three years.
A major kerfuffle erupted. Families sued the school district, prosecutors investigated, and the U.S. Senate held hearings. Tales of remote Webcam spying in other schools came to light. But an investigation failed to find criminal wrongdoing; the district agreed to stop remotely spying and settled the suits for $610,000.
Could this happen to you? Possibly. Any malware that can take control of your system can be used to operate a Webcam remotely. But only a handful of Webcam spy cases have ever been prosecuted.
The solution: High schoolers foiled the cams by disabling them or putting tape over the lenses when they weren't in use; you can too.
9. Zombie Cookies
Threat Level: ORANGE
Don't want online ad companies shadowing you across the Web? Simply delete their browser tracking cookies, and you're free to wander. Right? Wrong. Web advertisers have found a way to follow you anyway, using Adobe Flash cookies that automatically respawn after you delete them--hence their nickname, zombie cookies.
Last summer, privacy attorney Joseph Malley filed class-action suits against ABC, Disney, MTV, NBC, and their advertising partners, charging them with violating federal privacy and computer security laws via Flash cookies.
The solution: You can use Adobe's occasionally flaky Settings Manager, the Firefox plug-in BetterPrivacy, or CCleaner to nuke those zombies. The problem? Sites such as Pandora Radio and YouTube rely on Flash cookies--which can store up to 100KB of data--to improve media playback, and they may not work without them. So choose your undead victims with care.
10. Criminal Stupidity
Threat Level: RED
For years we've been told that online-privacy policies will protect our rights. Now it seems that many of those policies are not worth the paper they're not printed on.
Google flatly denied that it was slurping data off Wi-Fi networks--until the German government told it to check again. Facebook said it had no idea it was sharing user IDs with advertisers--until the Wall Street Journal pointed it out. Body scans weren't supposed to be retained; Webcams weren't supposed to capture teenagers in their bedrooms. Some of the biggest companies on the Web failed to play by their own rules, and didn't even realize it.
But Mobile Active Defense's Winn Schwartau says consumers are equally to blame--for clicking on spam and failing to protect their data, for sharing too much and caring too little.
"The biggest problem is criminal stupidity," he says. "If people follow basic security practices--secure their connections, pick reasonable passwords--they'll be in much better shape."
The solution: You're reading this article. That's a start.
PCWorld Contributing Editor Dan Tynan's personal threat level ranges from robin's egg blue to burnt umber, depending on his mood. Catch his snarkier side at eSarcasm (Geek Humor Gone Wild) or follow him on Twitter: @Tynan_on_Tech.