Pete Recommends – Weekly highlights on cyber security issues May 31 2018

Subject: Should You Google Your Medical Symptoms?
Source: Consumer Reports

Ever felt an odd stomach pain or noticed a strange rash and sought guidance by typing your symptoms into Google? If so, you’re not alone, according to Consumer Reports’ latest medical privacy survey, a nationally representative phone survey of U.S. adults. But by looking up information about you or your family’s health online, you may be revealing more information than you realize.

In the past year, our survey found, 65 percent of Americans used an internet search or went to medical websites to learn about medical conditions that they (or friends or family members) might have. That’s not counting people who used their healthcare provider’s patient portal or insurance company’s website.

Nearly two-thirds of those people were aware that their searches could be stored and shared with third parties, but the possibility hadn’t occurred to the other respondents.

Looking for medical information online can lead to two potentially big problems. First, the internet is rife is unreliable health advice, which can result in false conclusions, unnecessary fear, and incorrect self-diagnosis. Second, by searching for information about your health, you may inadvertently share that personal medical data with advertisers and other third parties, putting your privacy and security at risk.

[not every search for med. symptoms is for the individual doing the search /pmw1]

Consumer Reports spoke with researchers in the field of online medical information to find out how to best use internet searches to investigate your medical symptoms. We also consulted privacy experts to find out the true risk of sharing medical information online and whether there’s a safe way to search

More sinister harms are possible, too. One problem, notes CR’s Brookman: The profiles of data that companies have on you may not be anonymous, or separated from personal identifying information, like your name, address, phone number, and more. Some companies, such as Facebook and Google, ask for that information when you sign up for their service. Other third parties may be able to pick up personal information by tracking your activity on sites that require you to log in.

Here are some tips for the next time you’re searching for medical information online:

More on Medical Privacy:

Telehealth: What You Need to Know About Online Doctors
Protect Yourself From Medical Identity Theft
Should You Try an At-Home Genetic Test?
New Digital Pill Tracks When You Swallow It
Protect Yourself From a Hospital Data Breach

Subject: CNN Wire via WPMT FOX43
Source:  Congress just made credit freezes free

You will soon be able to freeze your credit report for free, a step that can help protect you from identity theft. Many called on Congress to make freezes free after the massive Equifax breach last year that exposed the personal information of more than 146 million Americans to hackers. The provision was included in a broader bill passed by the House on Tuesday, which rolled back regulations on banks created by Dodd-Frank. The bill now heads to President Donald Trump’s desk. When you place a freeze on your credit report, it prohibits the credit rating company from disclosing your personal information, effectively preventing anyone from opening a credit card or loan in your name. You’d need to lift the freeze if you want to open a line of credit yourself.

NB various CNN RSS feeds:

Subject: Facebook Won’t Force You to Use a Phone Number for Two-Factor Authentication Anymore
Source: Gizmodo

Facebook users who want extra account security but don’t want to share their phone number with the company can now lock down their accounts with alternative two-factor authentication methods like code-generating apps, Facebook announced today.

Facebook—and many other platforms—have traditionally relied on text messaging to send authentication codes to their users. But these codes can be intercepted if an attacker manages to take control of the user’s SIM and transfer it to a new phone. More secure two-factor authentication methods, like code-generator apps and hardware tokens, have become popular ways to address this problem.

In February, Facebook faced backlash from users who discovered that the phone number they’d provided for two-factor authentication was being used to spam them with texted notifications about their friends’ activity on Facebook.


Subject: Bitcoin, cryptocurrency
Source: Homeland Security Newswire

We’ve all heard the headline stories about cryptocurrencies – they’re millionaire-makers and dream-destroyers. They’re part of a decentralized market that supports criminal activity, yada yada yada. But how do you separate facts from fiction? Here are six cryptocurrency myths you need to get on top of…

Subject: The Wayback Machine is Deleting Evidence of Malware Sold to StalkersA
Source: Motherborad via beSpacific

Motherboard: This story is part of When Spies Come Home, a Motherboard series about powerful surveillance software ordinary people use to spy on their loved ones. “The Internet Archive’s goal, according to its website, is “universal access to all knowledge.” As part of that mission, the non-profit runs the Wayback Machine, an online tool that anyone can use to digitally preserve a snapshot of a website. It provides an important public service, in that if a company tries to quietly change its policy, or perhaps a government tries to scrub a position from its website, the Wayback Machine can provide robust proof of the switch. But the Internet Archive has been purging its banks of content related to a company which marketed powerful malware for abusive partners to spy on their spouses. The news highlights the broader issue of the fragility of online archives, including those preserving information in the public interest. “Journalists and human rights defenders often rely on archiving services such as the Wayback Machine as tools to preserve evidence that might be key to demand accountability,” Claudio Guarnieri, a technologist at human rights charity Amnesty International, told Motherboard in an online chat. The company in question is FlexiSpy, a Thailand-based firm which offers desktop and mobile malware. The spyware can intercept phone calls, remotely turn on a device’s microphone and camera, steal emails and social media messages, as well as track a target’s GPS location. Previously, pages from FlexiSpy’s website saved to the Wayback Machine showed a customer survey, with over 50 percent of respondents saying they were interested in a spy phone product because they believe their partner may be cheating. That particular graphic was mentioned in a recent New York Times piece on the consumer spyware market…”

Subject: Timeshare resale scheme preyed on older adults
Source FTC Consumer Information

If you’re thinking about selling your timeshare through a resale company, research the company first. Read about this recent FTC case against Pro Timeshare Resales, and you’ll know why.

Timeshare Resales is a Florida-based company that called people – many of whom were older adults – and promised to sell their timeshare properties. The company often said it had a buyer in mind and that the sale would occur quickly. Once the timeshare owner agreed, the company would charge an up-front fee, usually of $500 to $2,500.

But, according to the FTC, the company did not sell the property quickly – or even at all. Often, it would ask for additional fees and refuse to grant refunds.

For more information, check out Timeshares and Vacation Plans. And, if you’ve been a victim of a scam, report it to the FTC.

Tagged with: for sale, scam

Blog Topics:

Homes & Mortgages

Subject: Amazon’s Plan to Scan Your Face Even Has Police Worried It’s Too Creepy, New Emails Show
Source: Gizmodo

Across the country, law enforcement agencies are teaming up with data firms to bring facial recognition to public spaces, including airports, schools, and even protests. Most of these efforts remain clouded in secrecy, but newly released documents [147-page PDF] from Oregon officials using Amazon’s facial recognition offer our clearest look yet into how cops and their tech partners are massaging the ugly truths of facial recognition, including frequent mismatches, its use on people not suspected of crimes, and how to sell the public on something so obviously creepy—a task even police aren’t sure they’re up to.

Other documents show the potential for mismatches by Amazon’s technology. In one screenshot, Rekognition identifies an image of O.J. Simpson as a 93.53 percent match with a (notably white) arrestee. It’s unclear if the matched man was even convicted of a crime—mugshots are taken when people are arrested, not when they’re found guilty. If suspects are cleared of charges, there’s no guarantee their photo will be deleted from a mugshot database.

In conjunction with the ACLU’s release of the documents, more than 40 civil rights organizations joined together to call for Amazon to end sales of Rekognition to law enforcement. The letter is addressed to Amazon CEO Jeff Bezos. From the open letter:

Subject: A clinical trial wants your DNA – what should you do?
Source: The Conversation

On May 6, the “All of Us” study started enrolling participants. This national study will be one of the largest ever examining the connection between genetics, behavior and medical outcomes, with a goal of 1 million or more participants. Anyone over the age of 18 in the U.S. can join. As a researcher who studies personalized medicine, I believe it’s important for Americans to be able to make an informed decisions in their quest for cutting-edge health care, but it does raise important questions over privacy. Given modern concerns about data security, I see positives and negatives to participating in trials like All of Us. You may question how this will benefit you and potentially compromise your privacy. Your skepticism is warranted and worthy of investigation to help you make the correct decision.

Posted in: Congress, Cybersecurity, Financial System, Healthcare, Privacy, Search Engines