Are You Protecting Your Personal Information from Newer Online Risks?
Most consumers try to protect financial and personal information when online, but are you aware of newer, emerging risks and what you can do about them? Do you manage the cookies on your computer? Do you look for security indicators before using websites? Do you know about other steps you should be taking? In this month's report, I look at these and other ways to protect your financial and personal information online against both older and more recent risks.
- Why should I care if a website is secure?
If you are accessing your financial accounts, looking at your medical records, or providing any personal information or any other private information, you'll want to protect that information. If a website is secure then that information is protected. Any messages sent between your computer and the secure website are encrypted. That means any other computers can't read the message contents.
- How can I tell if a website is secure?
For many secure websites (or secure pages on a website), the address (or URL) begins with "https" instead of "http." The browser may also indicate the current page is secure by one or both of these indications: a closed padlock and a background color in the address bar.
- What are cookies?
Cookies are text files that a website saves in memory or stores on your computer. Cookies can contain a variety of text information. Session cookies are stored in memory and are deleted when you close your browser. Persistent cookies are saved on your computer. Examples of persistent cookies include: saving your login information, saving personalization settings for a site, tracking what ads you've seen, and much more.
- Can I turn off cookies?
Yes, you can setup your browser to not accept cookies. But if you refuse all cookies, you can't access your financial information or make purchases online. Most browsers give you some control over cookies, such as allowing session cookies, blocking third-party cookies (i.e. those not from the current website), or prompting you to decide for each cookie. For Internet Explorer, look for Internet Options (under the Tools menu), click on the Privacy tab, and choose the Advanced settings button. For Firefox, look for Options (under the Tools menu) and choose Privacy. For other browsers, the settings are usually located under Privacy Options.
- What are "Flash Cookies"?
"Flash Cookies" are actually local shared objects (LSO) that are created and stored on your computer by websites. These data files are similar to browser cookies but can contain more than text data. The concern with "Flash Cookies" is website users don't know they are being used and they can't be controlled through the browser. "Flash Cookies" are sometimes used to store a copy of the information in a browser cookie so that when a browser cookie is deleted, it is recreated from the "Flash Cookie." Not controlling Flash cookies potentially exposes your information to fraudulent use.
- How can I manage "Flash Cookies"?
You can manage the settings for the Adobe Flash Player, but they aren't available through the player itself. You can control which sites can store data including whether third-party sites can store data. Even though the settings are stored on your computer, the only control is the Flash Player Settings Manager on the Adobe site. The Settings Manager has a page for each settings panel that explains each of the settings and what the choices mean. It should only take a few minutes to work through the panels.
- What are web bugs?
Web bugs are typically small (1 pixel x 1 pixel) images that are embedded in web pages or email messages. Web bugs are also called "web beacons," "clear GIFs", "invisible GIFs" or "1-by-1 GIFs." Larger images on a web page can also be used as a web bug. While the image itself isn't a problem, the information it provides to its host server can be. When your browser asks a web server for the web bug image, it provides the web server with your IP address, the time that the image was downloaded, the browser used (Internet Explorer, Firefox, Chrome, Safari, etc), and other information including cookie information if a previous web bug set a cookie. Web bugs can be used to track what ads you've seen, what web sites you've visited, if you've read an email, if an email was forwarded, and more. Browsers don't provide controls for web bugs but some browser plug-ins can. See the tools section below on how to find plug-ins.
- What about cloud computing?
- What about mobile security?
Many of us are using mobile apps to access our financial and other personal information. While the apps provided by financial institutions are generally secure, some other apps may not be. Before installing an app on your mobile device, check the app out thoroughly including the terms of service. When installing an app, consider all the terms and the program carefully before giving the app access to information like your address book, location, or other sensitive data. Also, you should never store your social security number, personal identification numbers (PINs), credit card numbers, and similar data on your mobile device.
- Are there any tools that can help?
Taking the time to learn about how and why these and other mechanisms are used will help you protect your personal information. You should be the one to decide who can see and use your personal information not someone else.
For more information
- Online Privacy: Using the Internet Safely from the Privacy Rights Clearinghouse
- Online Behavioral Tracking and New Cookie Technologies from the Electronic Frontier Foundation
- Online Privacy newsletter from Consumer Action
- Five Myths about Online Behavioral Advertising (PDF) from the Consumer Federation of America
- Adobe Flash Player Security and Privacy