Keeping safe online

The threats – real and perceived

[First posted 10 September 2020; minor changes 21 June 2021]

Luckily, there’s plenty of advice and guidance available – often slanted particularly towards our demographic (ie oldies) …

Those two sites are particularly easy to follow and understand, but others are equally informative and targeted.

Your bank probably has guidance which it publishes online and which is accessible to everyone, not just their customers …

I’ll return to further information, guidance and references at the end of this post, but first we need to look at a few issues, discuss some terminology that’s widely used and try and tease out what’s really important, and what’s just an inconvenience and then it’s up to you to judge where you find yourself on the scale of …

Terrified -> Apprehensive -> Sensibly Aware -> Relaxed -> Unconcerned

First let’s distinguish the difference between online security and online privacy. These are two different issues which are however linked. Sometimes you have to relinquish some privacy to receive a service – unless you choose to pay for it (and I’ve long been an advocate of paying for services if they do a job that is necessary); exactly how much privacy are you prepared to relinquish?

Security on the other hand is an absolute – you should not be prepared to accept less than your very best efforts . We’ll deal with that in the third part of the post.

How do you relinquish your privacy, and how much of a loss of privacy is acceptable?

Some services could not be offered without income from adverts, or paid-for advertising – eg Facebook, Twitter and Instagram; and some eg Google and Amazon track and provide information to resellers if you don’t block them from doing so. As an example of how much value Google sees in getting knowledge of what you’re doing and where you’re doing it, they paid Apple $8bn recently to remain as the default search engine for any browser that’s running on an Apple device!

Incidentally, if you clicked on that link you might have been asked whether you wanted to accept cookies – what exactly are they, and what do they do. This article from Norton explains what they do quite well …

Essentially, they record what you do on a website so that when you return to it some of the settings are remembered and applied. Cookies do however also have a downside in that some can also act to track your activity once you’ve left the site. For that reason, you should disable in your browser the ability of third-parties to glean information from a cookie, and also to prevent them tracking your activity once you’ve left the site. You can at anytime, clear the cookies from your browser, and indeed on some internet browsers set them up to delete cookies when you leave (close the window) the site. The browser I use – Firefox – alerted me the first time I went to the site to the fact that Norton was using a Fingerprinting cookie itself …

Another thing you should consider is whether you want adverts to be shown, or not. You might get a request to enable adverts when you visit a site, the answer you supply will be held in a cookie in the browser – that’s how cookies work. Firefox, Brave and Microsoft Edge, by default, block most, if not all, adverts. These are often annoying and having a browser that blocks adverts, or if you use Chrome – using an ad-blocker like AdBlock Plus often makes for a more “pleasurable browsing experience” by limiting the intrusion you might feel upon your privacy.

Which brings us to browsers and search engines

Search engines are not created equal! Whilst Google is often thought to be the same as the internet and is often mistaken to be an internet browser itself, it is in fact just one of a range of possible search engines that you can use to look for information on the internet. It uses a platform called Chromium to display the results of its searches to you through a browser called Chrome. However, other browsers – Microsoft’s new Edge, Brave and Opera all use the same underlying Chromium technology – the difference being they don’t track what you’re doing “to present the content that most meets your needs” (Google’s philosophy) and in some cases (eg Brave) they can actually prevent tracking of your browsing history. For the reasons given above, I use either Brave or Firefox as my internet browser and I’m leaning more to the latter nowadays as it seems quicker and more secure as well.

So what safe and private search engine could you use as an alternative to Google. I use DuckDuckGo

… but others I could have used might have been Bing, Yahoo or another one you might choose from this article or the list of other articles at the end of it …

There are many specialist search engines (as explained in the above article) that can give you much better, and more targeted results than a broad-spectrum Google search.

Finally, no discussion of Privacy can ignore Social Media and Facebook in particular. These applications, if left to their own default settings, are effectively personal information mining engines. They grab what information they can from you, and sell it on to whoever is willing to pay for it; or are indeed the platform for data mining, vis the Cambridge Analytica affair.  Online retailers are not exempt from this and Amazon for instance has a wonderful record of your browsing history! Are you sure you know what it’s doing with that information? So look at this table taken from a recent Which? supplement – Staying Secure in a Digital World – and just check whether you need to change your settings if you use any Social Media apps …

So that’s Privacy dealt with.


Should you be frightened?

The take away message I want you to have is Frightened – no; cautious – yes!

Online banking is very secure – a recent survey in Which? produced the following scores …

… plus you are protected and most of the banks are increasingly opting to adopt an online and mobile guarantee to refund you where you’ve been the innocent victim of a fraud. Here for instance is Barclay’s “Online and Mobile Banking Guarantee.”

They really don’t want to shell out money, so they are trying to educate us to be wise to scams. So let’s take a scam test

Banks are also often supplying software free (or at reduced cost) for you to install to protect your machine, to protect you from fraud – and of course themselves from having to pay out! I was recently offered a piece of software called Malwarebytes by the NatWest and although I have an Apple Mac computer which are well known to be relatively secure from Viruses, Spyware, Trojans and other malware, I installed it. I was pleased to note that I didn’t have any malware on the machine.

Surprisingly you might think … it’s safer to use the mobile app on your phone, or tablet to do online banking and retail purchases than a web browser. This is because the app on the mobile device has to be verified by Google for Android (Google Play Store) or Apple for iOS/iPadOS (Apple Store). Whereas a browser could be infected, or compromised with malware. [That’s something I’ve learnt whilst preparing this post!!!]

When you’re out and about and NEED to do an online transaction from your mobile – use cellular rather than WiFi. The latter can be really open to “sniffers”. [I must admit I try to avoid doing online transactions when away from a domestic network.]

Whilst we’re at it, you might like to think about doing a Detox on your phone, and even consider installing Firefox as the browser of choice rather than Chrome (Android) or Safari (Apple) on your mobile device …

So we come to phishing and pharming, vishing and smishing – I kid you not! We’ll leave aside spear phishing because we’re not important enough for that – it’s used to target “corporations” and individuals within them! [Please excuse me not going into details on any of these. You can follow the links for further information.]

However the most scary scam I’ve been made aware of is one that befell a member of my family when they were distracted sufficiently to become the victim of SIM swapping.

I discussed this with the Cardiff U3A Computer Group last June and you can  read the updated post here.


What should you do to protect yourself?

Some of these pieces of advice are really quite straightforward, but some require some intervention by yourselves.

  • Keep your operating software up to date. This is particularly true if you’re a Windows user, and even more true if you are still running an older version of Windows than Windows 10. If you’re using Windows XP, Windows Vista or even Windows 7 you should seriously consider disconnecting your machine from the internet because even if you’ve got anti-malware software running this is probably not protecting you against the latest threats.
  • Install anti-malware, or anti-virus software, particularly if you’re a Windows user. Don’t pay more than you need to. Windows Defender from Microsoft is Free and for our demographic relatively undemanding and unsophisticated users, more than sufficient. Keep it up-to-date as well! [As I said previously, your bank might be offering free software as well.]
  • Keep the software you use regularly up to date as well. Consider removing any software from your machine that you don’t use – this is because software vulnerabilities are discovered sometimes quite a while after the software was first released. It will also save you disc space!
  • Be cautious over installing extensions into your browser. These are often extremely useful and valuable tools, ie password managers, Dropbox, note taking, Google Back up and Sync, but if you don’t get them from the official sources then you might be importing vulnerabilities, eg spyware and trojans to your system.
  • Very seriously consider logging-out from social media and other retail sites when you’ve finished using them, especially Facebook, you just don’t know what tracking and logging of what you do, even where you are, if you leave yourself logged in on a mobile device.
  • Free software is both a boon and a curse. Only download open source software from a reputable site such as Softpedia, and never try and get proprietary software for free. Read this article about Free download sites if you want to know more.
  • Remember the golden rule 1 – if it seems too good to be true, it probably is, so steer clear!
  • Remember the golden rule 2 – don’t speak to strangers (an oldie but goldie that one); in other words if you don’t know where an email has come from – ignore it; if the website address looks a little strange – do an internet search on the company or organisation to check if the address you’re looking at is a spoof of the proper one.
  • Have more than one email address. Use one as your personal address, then use other ones that you can “throw away”when you need to register to a website, but you’re unlikely ever to go back to it again. Or have an email address (UserID) specifically for online purchases. Splitting things like this reduces the risk of you being the victim of fraud.
  • Seriously consider using an email service that is NOT connected to your Internet Service Provider (ISP). If you decide to change your ISP, and you should review them periodically, then you will have real problems if your email address is linked to their service!
  • You’ve got Spam filters running? Of course you have – but you better check! Probably your ISP, or email provider (eg Gmail, Yahoo, Microsoft Outlook or Hotmail) is filtering out what it thinks is spam, but occasionally some gets through. If that’s the case then you can always look at the real sender of your message. Take a look at the examples below …

You can also apply filters to divert incoming email into different folders in your email system. That reduces the amount of Junk that you need to review. [I’ve also advocated using the “native” email application for your device rather than rely on the web-based service the email provider has. Thus on a Windows device – use Windows Mail (or Outlook); on a Mac use Mail. You can then easily synchronise your email between devices from multiple email accounts. Tidy!]

So we come to Passwords …

… this is the point at which you need to consider intervention and changing your behaviour! You might also need to do a fair bit of work, but it’s worth it if you want to have a secure internet experience.

Let’s just see what using an insecure Password can lay yourself open to. Type in the word Password, or ABC123 from the link above – frightening eh!?

The most common password I use – and I know I shouldn’t reuse the same password, but I am human – has not been discovered on any pwned site. Phew!

What about the combination of your email address with your password – has that been “pwned” (ie stolen through a data breach)? Try typing your email address into the link above.

Oh no! I’ve been pwned … but it was a long time ago and I’ve changed my password many times since then!
Ah! That’s better – my “throwaway” email and passwords are “safe”!

And if you want to see a list of which websites have been breached, it’s alarmingly long!

So … use a unique password for everywhere you sign on. There’s lots of tricks to achieve this; some of which I wrote about in a post quite a long time ago …

… but the real change of behaviour is to use a Password Manager – again I wrote about this a little while ago and linked it to using Two Factor Authentication, which is also covered in the same post …

Password managers

I use LastPass, but other common ones are Dashlane and 1Password. Please make up your own minds after reading some Reviews and seriously consider using one.


Slides from talk given to Bridgend U3A

Keeping safe online

Slides from talk given to Cardiff U3A

Staying safe online

References

These may not be available in your Public Library, hopefully that isn’t the case.

… but these are available … Which? webpages – Scams & older people

I seriously do recommend signing up for the Which? Scam Alert Service – sign up for an email alert – and I seriously recommend you NOT broadcasting other people’s warnings to you about scams; they could be old, they could be inaccurate, they could be scams in themselves.

Look on the Age UK webpages – Staying safe in your digital world and specifically How to stay safe online

Your bank will undoubtedly have Internet Security webpages. Mine has a Security Centre web presence and particularly they provide a number of Fraud Guides

I could give a million references to changing your privacy settings on Social Media, but here are a couple relating to Facebook, perhaps the most challenging service of the lot.

First – what Facebook unchallenged will want to get from you. You are able to disable (prevent) all or some of these … Sign up for Facebook – this is not sign-up site, it’s just one to educate you on the privacy you might give up without realising before you sign up (but of course you can run the checklist at any time); then How to change settings on Facebook and finally Securing Facebook: Keep your data safe with these privacy settings.

How do you delete photos from Google Photos?

Seems a pretty easy question to ask. Should be a relatively easy question to answer. Wrong! It’s a minefield of complication and you can quite easily find yourself deleting images from places you don’t want them to be deleted from. In this article I’m not going to even attempt to enter the minefield but after this easy one …

How do you delete photos from Google Photos on the web but not from the Camera Roll on your iOS (iPhone/iPad) device …

Google Photos will only delete photos from your Camera Roll if you grant it permission to do so.  If you delete from https://photos.google.com/ and then go to your phone app you will have an assistant card asking for permission to “Remove it from this device”  If you dismiss the card the photo will remain in the Camera Roll.

… I’m just going to refer you to these three articles …

First the generic article that covers all eventualities and takes into account the place of  Backup and Sync in the process for the Android world

How to delete Photos from Google Photos but Not from Phone

note the important piece of text in this article …

“While keeping a file on Google Photos and deleting it from a device is easy, it’s not simple to do so the other way round. When you delete a synced photo from the Google Photos app, it gets wiped from your phone and the cloud storage.”

… so take care and read what follows in that article.

For the iOS (iPhone/iPad) world

How to Delete photos from iPhone but Not from Google Photos

… so heaven help you if you’ve got both Android and iOS devices; the process is not the same for both!

Lastly, and to fully understand what’s going on, it’s important to perhaps try to understand how Google Photos actually works. You can do this by reading this article …

What happens when you Delete photos from Google Photos.

… if that hasn’t made you feel suicidal, can I just wish you the best of luck. Perhaps buying a new phone, or taking out a Google One subscription is the only answer.

Could that be the reason why it’s so complicated to delete a Photo from Google Photos?

====

You might also find these articles from Google useful. Firstly an introduction to Backup and Sync and how it works with photos and videos (hint, it doesn’t actually do any sync’ing) …

Back up photos and videos

… then, a guide to help you work out what size of image/video you might want to backup and sync (or upload) to Google Photos on the web …

Choose the upload size of your photos and videos

… you perhaps need to refer to this post to see why this might be important.

 

Changes to Google Storage

If you’ve got a Google account – you use Google Photos, Google Drive (and the Google Docs suite) or Gmail – you’ll probably have received an email telling you about the changes that Google are making to the way it calculates how much of the 15Gb of storage the company allocates to you has been used. They have also spelled out clearly when they will delete content that has been inactive for more than two years.

This post relies heavily (almost verbatim) on information already available on Google’s Help Pages – which should always be taken as the main source for information.

Currently each Google Account includes 15 GB of free storage quota, which is shared across Gmail, Google Drive, and Google Photos. You can add to your storage quota by purchasing a Google One membership (where available). To learn more about your quota, see what items count towards your storage.

Prior to June 1, 2001

The following items count against your storage quota

  • Original quality photos and videos backed up to Google Photos
  • Gmail messages and attachments, including your Spam and Trash folders
  • Most files in Google Drive, including PDFs, images, and videos

If you go over your storage quota

  • You can no longer upload new files or images to Google Drive
  • You can’t back up Original quality photos and videos to Google Photos
  • Your ability to send and receive email in Gmail may be impacted
  • You can still sign into and access your Google Account

After June 1, 2001

The following additional items will count against your storage quota:

  • High quality and Express quality photos and videos backed up to Google Photos after June 1, 2021. Learn more about this change.
  • Files created or edited in collaborative content creation apps like Google Docs, Sheets, Slides, Drawings, Forms and Jamboard.
    • Only files created or edited after June 1, 2021 will count against your quota.
    • Files uploaded or last edited before June 1, 2021 will not count against your quota.

And this is how your usage impacts your data

If you do not use Gmail, Google Drive (including Google Docs, Sheets, Slides, Drawings, Forms or Jamboard) or Google Photos for 2 years, your content within the inactive product(s) may be deleted (after reasonable advance notice).

If you go over your storage quota

  • You can’t upload new files or images to Google Drive.
  • You can’t back up any photos and videos to Google Photos.
  • Your ability to send and receive email in Gmail can also be impacted.
  • You can’t create new files in collaborative content creation apps like Google Docs, Sheets, Slides, Drawings, Forms and Jamboard. And until you reduce your storage usage, neither you nor anyone else can edit or copy your affected files.
  • You can still sign into and access your Google Account.

When you have been over your storage quota for 2 years, your content in Gmail, Google Drive (including Google Docs, Sheets, Slides, Drawings, Forms and Jamboard files) and Google Photos may be deleted.

So it’s time to do a stock take of what Google Storage you’re using. You’ll see something like this if you’ve got an active Google account …

Seeing how you may be using your Google Storage, with June 1st approaching might seem pretty frightening to you, so you might need some help to know what you should do, and whether purchasing a Google One plan might be right for you …

What happens when you’re over quota

When you’re over quota, it means you’re using more storage space than you have available. If you’ve been over quota for 2 years or longer, and you have not freed up or purchased more space to get back under quota, all of your content may be removed from Gmail, Drive and Photos. But before that happens, we will:

  • Give you notice using email and notifications within the Google products. We will contact you at least three months before content is eligible for deletion.
  • Give you the opportunity to avoid deletion (by paying for additional storage or removing files)
  • Give you the opportunity to download your content from our services. Learn more about how to download your Google data.

How to go back under quota

We provide access to storage management tools that help you identify ways to free up storage space at https://one.google.com/storage. Another option to free up space is to download your files to your personal device and then delete them from your cloud storage.

However …

If you want more storage space for Gmail, Drive, and Photos, you can upgrade to a larger storage plan with Google One.  You can click on the link “Get more storage” from the page that you should have arrived at above, and you’ll be offered the opportunity of purchasing a Google One Storage Plan …

But what happens when you’re inactive?

When you have been inactive in Gmail, Google Drive (including Google Docs, Sheets, Slides, Drawings, Forms, Jamboard or Sites files) or Google Photos for 2 years, all of your content may be removed from that product. But before that happens, we will:

  • Give you notice using email and notifications within the Google products. We will contact you at least three months before content is eligible for deletion.
  • Give you the opportunity to avoid deletion (by becoming active in the product)
  • Give you the opportunity to download your content from our services. Learn more about how to download your Google data.

If you’re a Google One member with no outstanding payment or quota issues, you are considered active.

Important: As an example, if you’re inactive for 2 years in Photos, but still active in Drive and Gmail, only your Google Photos content will be deleted. Content in Gmail and Google Drive (including Google Docs, Sheets, Slides, Drawings, Forms and Jamboard files) will not be deleted if you are active in those products.

How to stay active in these products

The simplest way to keep your data active is to periodically visit Gmail, Google Photos, and Google Drive (and/or collaborative content creation apps like Google Docs, Sheets, Slides, Drawings, Forms, Jamboard and Sites) on the web or through a Google app. Make sure you’re signed in and connected to the internet.

Please note that you may have multiple accounts set up on your device. Activity is considered by account, not by device. Make sure you’re using the services for all accounts on which you wish to remain active.

The article from Google concludes with some FAQ which you might like to refer to, including one answer on how to preserve content from a loved one if they pass away and the use of their Inactive Account Manager.

In another article, I will attempt to answer the vexed question of how to delete photos from Google Photos in your storage plan, your computer and your device the way that you want them to be deleted, ie not deleting them all, just deleting them from the place you want them deleted!!!!

Lastly, here’s a link to how to delete files (and reduce the count against your quota) from Google Drive.

The new WhatsApp Terms and Conditions of Use

Let’s start with this passage from the article in The Register referred to below where the founder of WhatsApp talks about his reasons for creating WhatsApp …

“When WhatsApp was acquired by Facebook in 2014, it promised netizens that its instant-messaging app would not collect names, addresses, internet searches, or location data. CEO Jan Koum wrote in a blog postAbove all else, I want to make sure you understand how deeply I value the principle of private communication. For me, this is very personal. I was born in Ukraine, and grew up in the USSR during the 1980s

One of my strongest memories from that time is a phrase I’d frequently hear when my mother was talking on the phone: ‘This is not a phone conversation; I’ll tell you in person.’ The fact that we couldn’t speak freely without the fear that our communications would be monitored by KGB is in part why we moved to the United States when I was a teenager.

Two years later, however, that vow was eroded by, well, capitalism, and WhatsApp revealed it would be “coordinating more with Facebook,” and gave people the opportunity to opt out of any data sharing. This time around, there is no opt-out for the sharing of data with Facebook and its tentacles. Koum left in 2018.”

So this all started 4 years ago, when WhatsApp announced a change to their Terms and Conditions (Ts&Cs) – the first change in many years, and the first since being taken over by Facebook. It was possible to opt out of this change which was announced as only to “improve the experience of Facebook users” (that’s kind of them – do I believe that?).

I don’t know whether I chose to opt out, I suspect I did, but I have no way of knowing!!! Whatever … I only had 30-days to opt out then, and I can’t go back and opt-out now.

I was alerted to the current impending change on February 8th, which is a take it, or leave it choice by this article in a well respected techie (UK-based) blog – The Register. It’s subsequently been updated, and may be updated again I suspect as more information is squeezed out of Facebook.

Before Christmas in a meeting of the Cardiff U3A Computer Group, I referred to the repatriation of UK-data to the US as a consequence of Brexit. So far Facebook and Google (and there could be more) have announced their attention to do just that, and others will undoubtedly follow. Free from Europe, our government has said we will follow GDPR (it had very little option), but the US tech companies see the wisdom of not having a European base for their (our) data and are hopeful of less stringent Federal privacy restrictions under a new Democratic Party controlled Senate committed to introducing legislation.

Once out of the European protection, we in Britain could in the course of time, and after the repatriation of Facebook data to California (read the article above), be deemed not to be part of the European area and so the protection offered by WhatsApp/Facebook suggested in this article in “The i“, would cease to apply. So the short-term acceptance of these Ts&Cs thinking they don’t apply to us, might be scuppered should the data-hosting move to the US.

No certainties, just doubts and that’s where mistrust comes in.

As of today, I’m at a loss to know what to advise or do. I’m hopeful of further clarification in the days to come, but I’ll leave acceptance of the new Ts&Cs to the last few days before February 8th.

Your comments and thoughts most welcome.

Why do I dislike Facebook (Fb)?

I was challenged with this question last Thursday when I told my family about the intended changes to the WhatsApp Terms and Conditions of Use. I didn’t reply to my IT-savvy son until this morning when I was first asked to agree to these new Ts&Cs. This is what I wrote …

“It starts with trust, and then you work away from that. It’s what a company does with information and whether you can then trust them to handle it properly. Google+ was a closed system that you opened up; Fb is an open system that even though it has Privacy Controls – which you need a degree to work out how to set them – essentially allows them to do anything with what appears on their platform.

You take a photo – you don’t retain copyright, you assign that right to them when you publish to the platform. You can’t opt out of adverts (understandably – that’s how they make there money) – you are conned into thinking that in allowing them, you will get a better experience.

For whom? For you – no, they’re just an annoyance to me, but for others they just drive people to buy stuff they might not want/need. For them – yes, that’s how they drive income and more.

So it’s the more that’s more interesting and insidious because what they do with that information leads to targeting people with posts, hence my reference to Brexit and Trump. [I had said in my brief first reply – Cambridge Analytica, Brext and Trump.] The algorithms behind the scenes work the data and susceptible people get targeted with posts as well, not just adverts. I could go on, but as I said – it’s all about Trust, and Fb as a company is one that I just don’t trust.

Getting data from WhatsApp was something they committed at take-over they wouldn’t do. Now they are starting to do just that. Next step targeted adverts on a platform which is advert free; then “posts from others you might be interested in” – not the encrypted ones, but ones from Public Figures. Then “oh! dear” we have to drop encryption because of new privacy laws in the US. [Aside: is it a coincidence that Google, Twitter and Fb appear to be more privacy focussed since the Republicans lost control of the Senate and they just might want to be on the right side of the argument that’s going to come in the US in the next four years ].

So I always logout of Fb to stop them tracking me; I suspect that WhatsApp will have a mechanism that prevents a user from being disconnected so Fb with these new Ts&Cs will be tracking as well as getting the other personal info from users.

Please feel free to comment either on the post.