Category Archives: Privacy

Why has the drone industry such a bad online reputation?

Why has the drone industry such a bad online reputation?

The more disruptive the technological advances in our society, the more involved are their online reputation. This has happened to the steam engine, nuclear power, the Internet, and it has also happened to the drones during the current decade. When we talk about drones, it is impossible not to think about Star Wars and those epic battles waged by armies of machines, but in reality, the drones are not simply reduced to their military use. In fact, these unmanned machines have been particularly useful in rescuing lost or seriously injured hikers in hard-to-reach areas, as well as in the control of destructive forest fires, and in data collection in nuclear accidents, such as Fukushima, a few years ago. These are some of the thousands of non-military uses of drones, however, no matter how incredible they are, the public is not able to dissociate these remote-controlled crafts from the well-known images of bombings in Iraq or Syria, as well as the espionage activities for war. This is one of the main reasons for the bad online reputation of this industry.

So far, most drones for civilian use are small and – apparently – inoffensive. Although most were built for recreational use by buyers, many of them are used daily for data collection (for example, to measure the boundaries of an extensive property, to measure glacier displacement, to observe volcanic activity, among others.) But despite the technological advantages offered by drones, the market for these products has not been exploited to its full potential, and this is due to the unfavorable opinions of many people on the Internet about the risks to public safety, and the ease with which privacy (both physical and online) can be affected.

Media scandals are common. DJI, the world’s leading drone manufacturer, has been embroiled in an online reputation crisis due to a computer security breach. Because, among other reasons, some terrorist groups have been using drones from this company to execute their actions of espionage and bombing, DJI has taken control measures. Since this year, this Chinese company has developed a software update that forces users to indicate the geographical areas that they want to fly before using the drones; also, it checks the location of users and constantly downloads forbidden zones of flight. In case a user does not download the updates, the drone does not fly more than 164 feet away, or 98 feet in height, nor is it possible to do direct streaming.

Read also: Reconstructing a corporate Online Reputation, by ReputationDefender

This was partly due to the pressure from the authorities of several countries to comply with local and international standards. Nevertheless, a software already exists that allows DJI drones to fly through forbidden areas. This software allows you to bypass the height limits and even trick the GPS of DJI drones so that they can fly through airports, war zones, or even military installations. The software confuses the GPS of the drone to make it believe that it is flying over a safe zone, and it even makes it possible to break the limit of five hundred feet of height that DJI imposes to its drones.

The main security issue here lies in three main reasons. The first one is the immense availability of purchase of these drones. Years ago, those were items that only millionaires could afford, and they are now increasingly available to anyone (and that includes sociopaths, of course.) In addition, the great distances that these drones are able to travel without losing connection makes them a war tool difficult to control by the authorities. Finally, the versatility of these machines allows, for example, to drop a homemade bomb, or to take samples of chemical substances with the aim of stealing industrial secrets.

Image courtesy of Jeremy Keith at Flickr.com

Nonetheless, DJI has also been involved in another online reputation crisis, and this time has been due to the bad comments of its own users, especially in our country. Many of them believe that the main motivation for buying the advanced drones of this company is related to the great freedom it represents for them, and they believe that the limitations to the use of these products should come from local laws, rather than the company itself. It is a complicated case regarding who is right: Customers, or those who consider public safety and privacy.

These improvements will never be clean of controversy. Last year, the US army unveiled the production and use of insect-sized drones to carry out espionage activities in enemy territories during the current wars. These drones (some of them, the size of a mosquito,) can take DNA samples, take photos, record audio, and track a person’s location by GPS when getting into clothing or luggage. This can be a powerful weapon, or it can be seen as an Orwellian nightmare.

The problem is that if we compare the safety and privacy cons with the pros drones can offer, forbidding or limiting the use of these devices would mean a technological backwardness that could cost a lot of money and human lives.

Recommended: 9 Incredible Ways Drones Are Overcoming Their Bad Reputation

* Featured Image courtesy of Visual Hunt at Pexels.com

Please follow and like us:
How to stop looking like an unpleasant phisher

How to stop looking like an unpleasant phisher

Phishing is perhaps one of the today’s most infamous practices within the vast spectrum of the digital world. In fact, from an ORM standpoint, phishing, or being linked to carrying out phishing activities can arguably be devastating for the name of a company or a business in general. We at ReputationDefender previously stressed that when it comes to strengthening a business’s online reputation, avoiding looking like a dreary and a bothersome phisher is almost mandatory.

Phishing e-Mails are often used by all kinds of cyber criminals to trick people into providing or, better said, handing over sensitive information such as their usernames, their passwords, social security numbers, PIN numbers, credit card details, amongst others. If the phisher is successful, meaning: if the fraudulent e-Mail fulfills and accomplishes its purpose, the recipient can fall victim of a sheer array of issues, especially, identity theft, or maybe they will just find their credit card maxed out or their bank account with balance zero.

This scenario has alerted major Internet Service Providers and other mailbox providers, which is why they are seemingly becoming more aware of any incoming mail that looks like it could be a phishing attempt: anything looking like a fraudulent or malicious mail goes directly to the junk box, or, sometimes, it gets deleted upon arrival.

This being said, it is not difficult to also fall victim of being linked to phishing activities —it is not a secret that some industries seem to be more prone to suffer this kind of situations, especially, the banking or mailing industries; however, there are certainly several things a company, irrespective of its nature, can do to prevent its e-Mail campaigns being mistaken for fraudulent or phishing attempts.

This is particularly important even from the online reputation management standpoint: when it comes to developing and maintaining a strong brand, nothing seems to be more of paramount importance than trust; a lack of trust is detrimental to even the most creative and compelling marketing campaigns. The digital age, of course, also brought along a new paradigm in regard to how companies and brands convey information to their customers thanks to today’s social media platforms, improper engagement, and bad practices can spread around the globe in less than the blink of an eye.

With phishing attacks on the rise, regaining control of e-Mail channels should be no less than mandatory and essential for every company that values the trust of their clients; by making sure a company does not ask for information out of well-meant motives, any particular business will not only be able to overcome this dreary issue of being linked to phishing, but also will see an improvement in customer response rates. Be that as it may, here are several strategies a company can follow in order to work against unscrupulous copycats:

Stay away from mismatched URLs

Perhaps the most basic and common example of a phishing technique is an e-Mail asserting and reporting malicious and fraudulent activity on an account and asking the recipient to click on a link just to verify the information. This apparently innocent and harmless link could actually be hiding something terrible; in fact, bad links are hidden behind a legitimate looking link —especially those from banks— which is why recipients do not hesitate to clink on them most of the times —nor question their legitimacy. These links manage to trick people into downloading malware to their computers or accessing insecure websites.

To determine whether an e-Mail may be indeed a phishing attempt or scam, the e-Mail client looks for a specific link in the recipient’s HTML campaign where the text being displayed is an URL: if the displayed link seems to differ from the actual URL, the user gets an instant notification. Sadly, cybercriminals have become really tech-savvy, and they have come up with different ways to carry out phishing scams, to the point where these have been designed to work in a rather large variety of ways, one of which, like the aforementioned technique, consists of hiding malicious links that are seemingly legitimate. Internet and safety researchers have developed different ways to combat this increasingly used thread: they have developed software that detects fraudulent e-Mails while scanning for mismatched links.

Image courtesy of Pixabay at Pexels.com

Authentication is everything

Phishing e-Mails normally use spoofing to trick recipients and mislead them about where the e-Mail was actually sent from. Basically, a “spoofed” e-Mail is a message with a fake sender address, thusly posting as if it was sent from a trusted source; nevertheless, and unfortunately, this is not actually that hard to do because an e-Mail —the process of conveying e-Mail messages between mail servers— was not precisely designed with high standards of security in mind. And here is where authentication technology steps in authenticating e-Mail addresses validate the identity of both a company or a business and the e-Mail Service Provider.

Do not overlook the power of setting up a custom domain

Instead of getting accustomed to using the default subdomain generated for a particular account, it seems to be much better and wiser to override it with a custom domain. Custom domains are the ones referenced in every campaign a company sends, meaning it will appear in the URLs for website version links, amongst other social media platforms like Twitter, Facebook, etc. Internet Service Providers assess the domains referenced in a particular campaign in order to find out whether these match the company’s DNS records. Besides, spoofed or fake e-Mails sent by unscrupulous phishers lack that kind of customization.

Ask for information the right way

Last but not least, sometimes companies have got to ask for specific (personal) information about their customers, or ask account holders to update their information for well meant (and legitimate) purposes. For example, it is ok to let customers know about a data security breach and ask them to reset their passwords; however, most of the times, this will sound tremendously suspicious. Apply the aforementioned techniques to provide e-Mails with a good reputation and make the content look entirely trustworthy: provide explanations, choose words carefully, use customization, reference trusted websites, do not ask customers to click on a link, pose as security conscious and include a permission reminder, etc.

* Featured Image courtesy of Pixabay at Pexels.com

Please follow and like us:
Is your namesake a disreputable person? You may need help

Is your namesake a disreputable person? You may need help

Many people criticize the use of online reputation management. Critics’ main argument is ethics. According to them, every person has the reputation he deserves, and good people is protected by their good deeds. For this reason, these critics consider that eliminating or, rather, altering the online reputation of someone who has committed reprehensible acts means allowing this person to continue to get their way.

This argument is easily rebuttable. First off, because all the people who access these services do not necessarily have committed reprehensible acts (in fact, they may never have done anything wrong, they simply want to improve their digital image for SEO purposes) and, secondly, because a person’s online reputation can be negatively affected by other people’s harmful acts (revenge porn, for example.)

But there are a number of real-life cases that help to destroy this weak argument: the case of the disreputable namesake. Have you ever googled your name? Most likely, yes. Unless your name was taken from a work of fiction, or your parents have given you the strangest name that came to their evil minds, or you belong to an ancient ethnicity of very few individuals, you probably have a namesake. If you’ve never researched who your namesake is, you’re actually losing control over what that person can do, because the consequences of his/her actions can actually affect you.

Confusions of identity have always been a difficult matter to solve. The case of Will West, a prisoner of the early twentieth century, is an excellent example. In one jail (Leavenworth,) two prisoners shared the same name, were physically identical and they had been sentenced to life imprisonment for the same crimes. This case, in fact, was the origin of the fingerprints identification system. Today, although there are enough means to distinguish the identity of two people, there are still problematic cases.

Mrs. Fauzia Din, an American citizen, made an application so that her Afghan husband could immigrate to the United States and live with her. The petition was denied because a consul in Islamabad determined that her husband, Kanishka Berashk, an employee of the Afghan Ministry of Education, had ties to terrorist organizations. The Din family had to start a long process since immigration law does not allow people to obtain information on the basis of the decisions of the consuls, as these are classified. Moreover, such denials are not appealable, either to the embassy or to courts. Fixing these errors is not an easy task for sure. Usually, you can request information through the Freedom of Information Act to the American Government about your background. The problem is that if the government considers the information to be of national interest (just like terrorism,) revealing information is nearly a mission impossible. For this reason, Mrs. Fauzia Din sued the former Secretary of State, John Kerry, in charge of the operation of the American embassies.

Read also: What do you mean by reputation management?, by ReputationDefender

This is not an isolated case. Daily wager Sheoraj Singh, a low-income worker from India, was held for seven years because his name was indistinguishable from the name of a criminal who was accused of kidnap and murder. The real criminal, a wealthy man from a neighboring state, remained free thanks to a legal error, and, instead, the authorities condemned a poor illiterate worker who had no way of defending himself judicially.

Such cases are common. Secret services around the world, bank debt-collecting departments and even (and unfortunately) hitmen (among many others) confuse identities every day and make innocent people suffer.

Image courtesy of m01229 at Flickr.com

Now, what can be done here, then? Actually, it is better to prevent it than curing it. Once a crisis of reputation is going on, or, worse still, some of the unfortunate cases mentioned above, it is very difficult to repair things. For this reason, it is better to start cleaning up your digital identity. How can this be done? The best way for the public to differentiate two namesakes online is precisely by strengthening the image of one of the two. Being present on all social networks, creating permanently updated blogs and websites and appearing in the first results of Google and other search engines, not only allows people who find your name easier than your disreputable namesake (especially if you provide enough photos and information about you.) Online reputation management also allows you to excel in your business and gives you a better search engine optimization.

People who do not care about reviewing and improving their digital identities are subject to the vagaries of chance. Anything can happen on the Internet, and, in this case, an unfortunate event takes place when someone’s online reputation gets messed up by someone else’s acts. Online reputation management allows you to control these situations and shape the digital image according to your needs.

Recommended: How to Monitor Your Online Reputation

* Featured Image courtesy of Ian McBurnie at Flickr.com

Please follow and like us:
Sexting and Online Reputation: Youth Gone Wild

Sexting and Online Reputation: Youth Gone Wild

For years, institutions and individuals have definitely striven to prevent kids from sending nude photos of themselves to other kids. Parents and educators have tried to spare no efforts in educating younger generations in order for these youngsters to acknowledge the dangers in such practice. As the importance of taking a rather conservative approach, in regards to online usage and presence, has been highlighted, an issue that often comes to the fore is online reputation management —alongside the common definition of moral, which seems to be directly connected to the connotation of self-respect.

Sexting is something that has been under the radar for quite some time now; in fact, plenty of research has already been conducted in hopes of understanding the real motive behind such practice. The results, however, seem to depict a much worse danger than what generally meets the eye: even though sending nudes to another person already entails a scandal, the real danger, the one that seems to be going unnoticed —and even overlooked— is the fact that behind the mere action exists a coercive force: in some cases even a threat or a compelling manipulation from their conversation partners.

It is not a total nonsense to assert that sexting has become a somewhat popular practice amongst people, mostly youngsters. Nevertheless, given the fact that it embodies a much greater damage —sometimes beyond the individual’s online reputation—, institutions and people who actually care about the welfare of others are now seeking to develop apps that could ultimately serve as a tool for maintaining a healthy online reputation while avoiding falling victim of such reputation destroyer. It is not a secret that with the emergence of digital marketing, many companies and businesses highlighted the need for a tool that could consequently help them manage their online reputations. Apparently, those wishes echoed in companies who are now trying to help people avoid getting their online reputation destroyed by an indiscrete, unscrupulous revealing.

Readers might have or might have not already heard about Snapchat: an app that allegedly prevents people from getting their online reputation shattered just by adding a time period to the image’s exposure. Snapchat seemed to understand that the underlying issue in regards to sexting was related to primary human behavior, which is why their development focused on allowing people to send +18 material —under today’s considerations— for a shorter moment (a matter of seconds, in reality).

Should someone were fond of sending somewhat provocative material, it would be highly advisable to emphasize that their online reputation will always be at stake. Whether it is for a regular partner or for someone who they are flirting with, sending naked photos can be ultimately used, should they fall in the wrong hands, as a very powerful lever. We at ReputationDefender are aware of the magnificence of a healthy online reputation, especially under today’s digital juncture, since the degree to which it serves as a tool for thriving exceeds all the premises. Thusly, the idea behind this article is to stress the importance of control, rather than assess the moral background. Apps like Snapchat enables people to attain a certain degree of control over the material they send, furthermore, if the recipient were to take a screenshot, the app immediately notifies the sender about such event.

Image courtesy of MacQ at Flickr.com

Be that as it may, the controversy is served: does this app encourage people to incur in the rather dangerous practice of sexting? People seem to agree upon such assertion, especially when the app ranks third in the photo app downloads. Although apps like Snapchat strive to prevent the spreading of sexually explicit material, adults —and teens— will continue to share such images as part of their flirting practices, as it seems that engaging in sharing this type of graphic material is common —some would say intrinsic— aspect of human behavior. The issues become possibly hazardous when those images, that sexually explicit material comes back at them and haunts them until their reputation is finally shattered and scattered online. Imagine the scope of having nude images all over the internet: the damage spans all over the imaginable spectrum: businesses could even be forced to be closed due to such thing; deals could be inexorably ruined; business partners would back down on every possible business idea that people may have; startups looking for funds could never get to see the light; etc.

Online reputation will grow in importance as 2017 continues to unfold: the need to be aware of all possible threats that could result in harming both businesses and individual’s online reputation must definitely become one of the company’s (and people in general) top priorities should they were striving to succeed under today’s circumstances. In fact, whether it is people or businesses in general, striving to do something positive for their online reputation will definitely prevent them from suffering a total disaster.

* Featured Image courtesy of Peter M at Flickr.com

Please follow and like us:
Privacy at Risk – Key Sharing is Even More Prevalent

Privacy at Risk – Key Sharing is Even More Prevalent

SEC Consult first warned about private key sharing in November 2015. After looking at 4,000 internet connected devices using hardware from 70 makers, the international security consultancy concluded that way too many devices were accessible with the same ‘skeleton key’. Vulnerable products included anything from home routers, to Internet of Things (IoT) appliances, to industrial equipment.

Now, the situation appears to be getting rapidly worse. A recent update from SEC found a 40 percent increase in key sharing over just nine months; 4.5 million devices are currently at risk, 1.3 million more than last autumn. Key sharing is a privacy risk because it means that cracking a single code gives hackers access to numerous different devices. With the risk of leaks so high, privacy services, such as those offered by ReputationDefender are becoming even more important.

A closer look at key sharing 

The root of the problem is the replication of known encryption keys and certificates across multiple internet-connected products. These keys make up the security protocol used to access HTTPS sites. HTTPS stands for HyperText Transport Protocol Secure. In contrast to the HTTP prefix, HTTPS indicates that the connection is being protected by some form of encryption. SEC Consult studied SSH, SSL and X.509 certificates.

This might sound a bit obscure to the average internet user, but the numbers speak for themselves. SEC found two certificates duplicated most commonly: 500,000 products have been found using the first, while 280,000 web connected systems employ the second. In all, the latest research uncovered 331 matching certificates and 553 individual private keys shared across all 4.5 million products.

With a number of large scale hacks in the news recently, most people have heard about the dangers of sharing similar passwords amongst personal accounts. Essentially this is what manufacturers are doing on a larger scale. Hackers are able to extract the code from one device and then can use it to log into thousands of others or launch a ‘man-in-the-middle’ attack by decrypting a connection in progress.

Why is this happening?

Mostly it comes down to laziness on the vendor’s and manufacturer’s part. Software developer tools are sold to manufacturers with default keys already in place. In turn, little or no effort is made to individualize these security codes. Example certificates that can be extracted easily by anyone with the right technical ability are often copied right into the finished product.

SEC Consult says the increase in vulnerabilities is due to lack of security patching from vendors: insufficient firewalling by users and ISP’s, and the growing number of IoT appliances contribute greatly. In the end, the solution requires each specific device to employ an individual code. However, this would require sellers to maximize security and for manufacturers to be more responsible about the products they release.

What can you do?

To increase security, SEC Consult recommends that “end users should change the SSH host keys and X.509 certificates to device-specific ones,” but goes on to add, “this is not always possible.” The technical skill required goes beyond that of most buyers, and many devices don’t even have permission for end-users to update the security configuration. As such, there’s not much an individual can do to protect themselves against this threat except to limit the number of IoT appliances in their home, and again recognize, that any action taken on the internet is essentially public.

Please follow and like us:
Online Privacy Makeover – The Ultimate Guide Continued

Online Privacy Makeover – The Ultimate Guide Continued

There are no fail-safe measures when it comes to internet security and online privacy, but the steps listed in our previous article will make your accounts much harder to hack. Next you will need to update your internet privacy to limit public sharing of details about your location and personal life. This can be a security risk also, since access to personal data will help hackers get past the security measures you just put in place.

Online Privacy Makeover

  • Check your address – professionals who own their domain name may find that their location and personal details are available online on Whoisnet. If this is the case, contact the service where you bought your domain name, and update your privacy settings, so your data won’t be visible. Other vulnerabilities in the UK include Freelectoralrolls.com and Companies House which may list your address online. You can contact your local electoral registration office and ask to be removed from the public records. If your personal address is available through Companies House contact them directly also, and ask that anything unrelated to your professional profile be removed. If you live in the US, there are even more agencies which could list your address (Spokeo is one example). To avoid being identified you will need to contact each one and ask to have your personal data removed.
  • Check your online privacy settings – if you interact personally on social media sites, this can be a big information leak. Double-check your settings to make sure you’re not automatically sharing pictures or posts publically. If you have a lot of social media accounts, you will need to make a list and go through them all one by one to make sure you don’t miss any. Remember, if you click share on an article page, this will always be public. It’s much better to copy and paste the address into your post.
  • Verify family members – it won’t matter how careful you are about online privacy and security, if family members don’t take the same measures. This is even more important for companies based on a family name since everything relatives do online will reflect back on the brand. Admittedly pushing your family to run through all the same measures listed in this article might not be easy. Once you’ve learned the ropes, try sitting down together and making a fun interactive security day.

Other security options

You’ve completed the basic security and privacy measures listed above, but you’re still concerned about what happens if your computer or mobile phone is hacked. If this is the case you can keep going with your makeover by installing programs that will protect you in the case of an emergency.

Little Snitch and Wireshark are two options that will show exactly what data your computer is sharing. These programs warn you immediately if your computer is hacked so you can take action right away. Another important protection for your mobile phone is “Prey,” a program that lets you wipe data in the advent that your phone is ever stolen.

None of these measures are absolutely necessary if you’ve already updated and double-checked your settings as outlined above. But they do add an extra layer of protection for individuals who have reason to be concerned.

Please follow and like us:
Online Security Makeover – The Ultimate Guide

Online Security Makeover – The Ultimate Guide

Online security is a bit like the newest household chore. We know it’s important; we do our best to keep up with it, but somehow few of us are as thorough as we’d like to be. Anyone who reads this blog regularly, knows they should change passwords often, use a unique, individual password for each site, and check frequently to see if vulnerable personal data is available online. Still, how do people have time to make this part of a daily or weekly routine? Looking at the number of celebrity hacks and internet missteps, it’s clear that even the most successful people don’t fare much better.

This guide will help lay out the most important things you can do to protect yourself online. This is doubly important for high profile individuals who represent a much bigger target for hackers. Reputation damage can be a problem in almost any career and keeping security and privacy settings up-to-date will go a long way to prevent the issue.

Step-by-step guide to becoming worry-free

The following measures will take an hour at the very minimum, and probably longer depending on how tech-savvy you are. You may want to break the work down to focus on security in one session and privacy the next. Once these steps are complete, you’ll be able to get on with your life, free of immediate concern over internet vulnerabilities. If you are someone who spends a lot of time forgetting their password, you’ll probably even find things run a lot smoother!

Online security

  • Choose a password manager – this is first step in any online security makeover. It’s not as simple as it might sound given the range of password managers available, from free versions to those with a yearly fee or a one-time license cost. LastPass is the easiest and most popular option. It comes as a free download, but to include your mobile phone you will need the premium version with a US $12 yearly cost. LastPass had some security issues in 2015, but most people agree it was well handled. According to security expert Troy Hunt, “their hashing approach was solid and designed to be resilient.” LastPass is a cloud based system so your passwords will be stored in the cloud, however they will be downloaded to your computer before they are un-encrypted. Other systems like KeePass and 1Password opt for offline storage which is slightly more secure. Passwords can still be manually synced between devices, but they are stored on your computer or on a USB drive rather than the cloud. Dashlane is another well-rated option that is secure as well as easy to use, but the US $40 yearly fee can be prohibitive.
  • Update your accounts – once you’ve chosen and downloaded your password manager, you will need to go through all your accounts to store each password in your password manager. Make a list of every account you can think of, from bank accounts to social media pages, to Amazon.com and other places you order online, and go through them one by one. Unless you already have a strong password system, you will want to let the manager generate a new, unique password for each site. If you prefer to keep your existing passwords, some models like LastPass will capture these and highlight weaknesses, however it’s generally easier to let the manager generate and remember passwords.
  • Create a master-password – you will need to choose a secure, memorable master-password for the manager itself. Try using the first letters of a unique phrase and substitute capitals, numbers, and symbols for some letters. Avoid giving yourself hints that could make your master-password too easy to guess. Remember, this password will allow access to all your accounts, so it needs to be memorable for you but un-guessable to anyone else.
  • Add two-step verification – many sites like Twitter, Facebook and Gmail now offer two-step verification. It’s important to activate this measure since it will protect you in case of an online security issue with your password manager. Two-step verification will send a code to your cell phone or another email address which you will then be required to enter in order to sign on. This measure will kick in anytime you change your password or sign in from a new computer. If you think this sounds cumbersome, remember how many emails and texts you receive on a daily basis. You’ll rarely be trying to access your account without your cellphone immediately handy.

In the next article in the series, we will move on to the subject of online privacy and show you what additional steps you can take to stay protected.

Please follow and like us:
Password Memorization Difficulties? – Google Suggests the End May Be Near

Password Memorization Difficulties? – Google Suggests the End May Be Near

Many people will be happy to hear about Google’s latest project. Partnering with the password manager, Dashlane, Google is working on devising a smooth universal link that will allow Android users to log into all their apps with a single password.

Those of you who read our blog regularly, are familiar with the issues surrounding passwords that are too simple and/or duplicated across multiple sites. The recent release of stolen information from LinkedIn, Tumblr, and others highlighted how vulnerable these practices can be, giving hackers access to a number of different accounts with a single data breach. Yet at the same time, memorizing numerous fourteen character passwords, that include capitalization, numbers and symbols, is a difficult if not impossible task.

Open Yolo

Google and Dashlane are working together to create a secure system that would make password management easier by facilitating all logins through a single password. Titled Open Yolo (as in “you only login once”), this “open-source” connection would be universally accessible for all “third party apps” on the Android system. When Open Yolo is functional, users will only have to remember a single credential for their password manager. Once they log into the manager, they’ll have immediate authentication with all their accounts.

Currently, most password managers will automatically type your saved credentials into Android apps, but compatibility is uneven, and the process is cumbersome and time-consuming. Apple’s iOS system faces similar issues since many apps don’t support the feature. In most cases, users still end up needing to remember a number of complex passwords, or face resetting through an external link when they forget.

Open Yolo would be the first Open API of its kind, allowing universal access though the Android platform, regardless of the app or the password manager. Malaika Nicholas, community manager with Dashlane, says this will “increase online security” for Android users. She hopes in the future the system will become “universally implemented by apps and password managers across every platform and operating system”.

Other Google projects

Open Yolo isn’t the only Google project aimed at streamlining security. Android’s “smart-lock” system provides a number of non-traditional options for logging in using biometrics or location and some limited password sharing through Chrome. Just this year, Google added an option for simpler two-step verification known as “one-tap push notifications”. Users that choose this option will still get the security of an email or text sent to another account, but, instead of having to copy down a code and enter it, they will only need to push “yes” or “no”. to access their account.

Please follow and like us:
Brexit Update – How will Data Protection Regulations Change?

Brexit Update – How will Data Protection Regulations Change?

A few weeks ago we brought you an article focused on privacy protection laws in the UK in relation to the Brexit vote. Many in the “out” campaign highlighted the need for free—–dom from cumbersome EU regulations, such as the General Data Protection Regulation (GDPR) expected to become effective in 2018. Now that the Brexit vote has passed, it’s time for an update. How are UK privacy laws likely to change as it looks at negotiating an exit from the EU? Legal regulation of personal data is one of the many ways we can protect our clients at ReputationDefender, so this is a serious issue for us.

Britain has two choices post Brexit

There are basically two options for Britain regarding data protection after Brexit. The first is to keep data regulation exactly the same as it is in the EU, including implementation of the GDPR which is allegedly the strictest policy of its kind. This would facilitate the transfer of personal data on EU individuals into and out of Britain and keep many of the data sharing privileges the UK holds as an EU member. However as we mentioned in the previous article, many companies will face challenges in updating their systems to become compliant before the new law goes into effect.

The UK’s other option is to devise its own data protection regulation bill and negotiate a data sharing policy with Brussels as it leaves the EU. As an EU member, Britain already did have a significant voice in drafting the regulation, but it was one of many influences and an independent legislation could look quite different. Brussels is unlikely to accept a policy that offers less protection, so it’s unclear at this point whether this would be an advantage. It would probably mean that UK based companies would face costly limitations when doing business with individuals covered under EU regulations.

Negotiating with Brussels

The problems associated with a separate policy could be ameliorated by a generous agreement with the EU, but there’s no precedent to support this. The US has already faced leg

al issues in relation to its surveillance programs under the EU’s current directive. The previous data sharing agreement, “safe harbor”, was struck down last year; a new agreement is in the works, but it could face further legal challenges. Any UK legislation is likely to encounter the same issues since many feel Britain’s GCHQ network is even more invasive than the NSA. As we mentioned previously, under the new GDPR, fines for non-compliance in relation to EU data will apply to companies regardless of where they are located, so British companies will need to understand the implications of the new policy whether or not it actually protects British citizens.

Please follow and like us:
Privacy Play Speaks to General Concern About Online Protection

Privacy Play Speaks to General Concern About Online Protection

Online exposure has become such a part of our public consciousness that it’s now being reflected back at us in the work of writers and artists. This can be seen in the recent play titled “Privacy” which enjoyed a successful run in London in 2014 and just opened this summer in New York. The privacy play, written by James Graham and Josie Rourke, is a lighthearted look at what our lives have become in the internet age, as we struggle to balance “freedom,” “security” and the accessibility of online data. The British version included post-Snowden interviews with various politicians, but the American adaptation has been almost completely rewritten to be more relevant to still developing current events. Interviewees who also appear as fictional characters range from US Senators, to Intelligence Committee members, to Randi Zuckerberg, a former marketing director for Facebook.

In a preview written before the play’s official opening, Alexis Soloski of the New York Times described the “Privacy” play as, “part comedy, part documentary, part lecture-demonstration and part fourth-wall smasher.” Starring Daniel Radcliffe from Harry Potter in the lead role of “the Writer,” the play investigates how an intensely private person handles relationships, both on and offline. Audience participation via cell phone adds to the post-modern message of relativism, highlighting how easy it is to both observe and be observed online. In a magic-show-like stunt, “Privacy” appears to be able to deduce the thoughts of selected audience members exactly, mimicking how many people feel about the intrusiveness of the internet.

Privacy play wouldn’t have happened 10 years ago

When Michael Fertik founded ReputationDefender in 2006, the idea of online reputation management was still novel. It was just beginning to become clear that the amount of personal data on the internet could powerfully change someone’s life, but the idea of privacy in the virtual world wasn’t something many people thought about.

This has changed drastically over the last ten years. The number of social media sites has expanded, and many of our friendships and interactions now take place online. Every business and most individuals make some effort to control how their brand is presented. We’ve become hyper-aware of how much the internet knows about us.

Privacy a growing necessity

Daniel Radcliffe’s star-power obviously adds a lot of appeal, but this isn’t the only reason the New York version of this privacy play has become such a hit this summer. The necessity for online protection is one of the most pressing and current issues today. Every few weeks, there’s a new security threat. Governments struggle to make laws that will protect personal data online; at the same time government surveillance programs collect data which could be used to harm us in the wrong hands.

At ReputationDefender we see these concerns in our clients on a regular basis. The internet culture has brought numerous advantages, but the accompanying online privacy threat is a real one that needs to be taken seriously. This is why we work with companies and individuals to help them take control of their online profile. Effective reputation management can give individuals the freedom to decide personally what part of their lives is most shared on the internet.

Please follow and like us:

ReputationDefender LLC, 1001 Marshall St., 2nd Floor, Redwood City, CA 94063

© 2016 ReputationDefender LLC. All rights reserved.