Have you ever heard of the Electronic Communications Privacy Act of 1986? I hadn’t either, not until Senator Patrick Leahy (D-Vermont) moved to update it this year with a new amendment that make it more difficult for government agents to access data on remote servers containing information about who you’ve been talking to, where you’ve been and what you’ve seen.

Our social networks say a lot about us. When you register with a Website like Facebook, you voluntarily give up personal information like your name, photo, and phone number in exchange for the privilege of access to a network that makes it easy to keep in touch with friends and family. Facebook then makes money aggregating that information for sale to advertisers looking to target groups of potential customers with specific ages and interests. It’s an information economy, and to be clear, Facebook cleaves to a privacy policy that only permits the sharing of “non-personally identifiable attributes” with advertisers.

Though encryption is a strong way to safeguard passwords, personal information, and other sensitive data, it can be confusing due to the acronyms and technobabble that surround the topic.

Many encryption utilities--such as the BitLocker feature in Windows 7 Ultimate, or the Rohos Mini Drive utility for protecting info on a thumb drive--are available. But my favorite tool covers all the bases: It's free, it's easy, it's effective, and it works on all major operating systems. TrueCrypt lets you create virtual encrypted drives. Versions are available for Windows, Mac OS X, and Linux; if you install it on several machines running different OSs, you can open your encrypted files from a network share, thumb drive, or other shared storage device.

Responding to yet another user uproar, Facebook recently made efforts to simplify its privacy controls and introduce some other welcome changes. They're good steps to take--but considering that Facebook had to be forced to respect users' basic wishes regarding their own information, it suggests a serious disconnect in how the company and its users view privacy.

In January, CEO Mark Zuckerberg had said that his company was updating its systems to "reflect what the current social norms are." So when Facebook announced in April that it would automatically enroll users into new features such as Instant Personalization--which handed users' publicly available Facebook info to selected Websites that users visited--the implication was that users' wishes, not the company's bottom line, prompted the move from a largely private system shared only with approved friends to a largely public system that freely gave data to search engines, marketing companies, and anyone else who wanted it.

Attacks employing poisoned PDF files have leaped to the top of the threat list, according to statistics from major security companies. Symantec reports that suspicious PDF files skyrocketed in 2009 to represent 49 percent of Web-based attacks that the company detected, up from only 11 percent in 2008. The next-most-common attack, involving a good old Internet Explorer flaw, was far behind at 18 percent.

In a typical scenario, crooks might hijack a legitimate site and insert a PDF file made to exploit flaws in Adobe Reader. They then link to that PDF via social-engineering lures such as spam or comments on a blog or social network. Even astute users who check the link would see a legit domain. Not knowing the site was hacked, they would be more likely to download and open the file.

I recently received two Facebook e-mail notifications that set my security spider-sense tingling. Nothing was obviously wrong with the e-mail messages, which said that my friend had tagged a photo of me and then commented on it. But something about a reference to an app named "Who stalks into your profile" just didn't feel right.

So I checked it out. I dug into the e-mail header to make sure that it was from Facebook--it was. A search for the app's name didn't turn up any warnings. The app's installation page didn't give me any obvious clues, either. Still, I let my paranoia have its day, and I sat on the app.

Forget cookies--even the ultrasneaky, Flash-based "super cookies." A new type of tracking may identify you far more accurately than any cookie--and you may never know it was there.

The method pulls together innocuous data about your browser, such as plug-ins, system fonts, and your operating system. Alone, they don't identify you. Together, they're a digital fingerprint.

For the first time, hackers have become the biggest cause behind publicly reported data breaches, according to a recent report.

The Identity Theft Resource Center began tracking the cause of reported breaches three years ago. For the past two years, the top cause was what the ITRC calls "data on the move"--typically a lost laptop with unencrypted data, or even a lost briefcase. That changed in 2009, when about one out of every five data breaches had a hacker behind it.

As cloud computing speeds ahead, privacy protections are too often being left in the dust.

Loosely defined, cloud computing involves programs or services that run on Internet servers. Despite the buzz surrounding it, the idea isn't new--think Web­mail. But huge benefits, such as being able to gain access to your data from anywhere and not having to worry about backups, have led more people to leap to the Internet to do everything from writing documents and watching movies to managing their businesses. Unfortunately, privacy is often still stuck at home.

If you use Gmail, Google Calendar, Google Docs, or any of the ever-growing array of Google services, you may have cringed at the trove of personal data the company has gathered. To allay concerns, Google launched Dashboard, a single page housing privacy controls and settings for most of its services.

The Dashboard page, accessible at google.com/dashboard, gives you an overview of calendars or documents you share, your chat history, and sites you've authorized to access your Picasa pictures or Gmail contacts (such as a social networking site that can use your contact list to help you find other users, à la Facebook). You'll also find a list of search queries you've performed while logged in to Google. If you use the Google Toolbar and have enabled the Web history feature, you'll see your browsing history, too.

This fall, more than 20,000 stolen usernames and passwords for such Webmail providers as AOL, Gmail, Hotmail, and Yahoo appeared on Pastebin.com, a programmer's Website.

The Webmaster, Paul Dixon, wrote that "for reasons unknown," some "miscreants" posted the data on his site. Dixon removed the stolen info, which Microsoft and some security researchers theorize was gathered through phishing attacks.

Even if you delete normal tracking cookies regularly to evade tracking by snooping sites and eager advertisers, little-known Flash cookies may be making an end run around your attempts to preserve your privacy.

Flash cookies (also known as local shared objects or LSOs) can save certain Adobe Flash-related settings--storing preferences for watching Flash video on a certain site, for example, or caching a music file for better playback.