Safer Internet: What Do You Have to Hide?

Quotes | Summary | Who's at Risk | Types of Info | Identify Theft, Credit Freeze | Farfetched Example? |
References: General | Attacks,Leaks | Equifax, Credit Bureaus & Freezes |
Face | Financial | Health | Home | Identity Theft | Location | Vehicles | Voting

---

Quotes

• "What happens in Vegas... ends up on YouTube." ~Tim Lebrecht
• "There are only two types of companies... Those that have been hacked
  and those that will be hacked." ~Robert Mueller, FBI Director, 2012.
  Steve's addition: some companies don't know they've been hacked, don't care, or hide/deny it.
• "If you give me six lines written by the hand of the most honest of men,..
  I will find something in them which will hang him." ~Cardinal Richlieu
• "If you think it, don't say it. If you say it,... don't write it.
  If you write it -- don't be surprised". ~Soviet proverb
• "Data is the new... oil." ~Your personal information is now the world's most valuable commodity
• "We live in what's called an open society, which of course means...
  they open our emails, open our phone records, and open our medical records." ~Jay Leno
• "Even if you're not doing anything wrong,... you are being watched and recorded." ~Edward Snowden
• "Surveillance is the... business model of the internet." ~On internet privacy, be very afraid
• "Reality #1: Bad guys already have access to... personal data points that you may believe
  should be secret but which nevertheless aren't, including your credit card information,
  Social Security number, mother's maiden name, date of birth, address, previous addresses,
  phone number, and yes -- even your credit file.
  
  Reality #2: Any data point you share with a company will in all likelihood eventually be hacked,
  lost, leaked, stolen or sold -- usually through no fault of your own. And if you're an American,
  it means (at least for the time being) your recourse to do anything about that when it does happen
  is limited or nil.
  
  Once you've owned both of these realities, you realize that expecting another company to
  safeguard your security is a fool's errand, and that it makes far more sense to focus instead
  on doing everything you can to proactively prevent identity thieves, malicious hackers or
  other ne'er-do-wells from abusing access to said data." ~Krebs: What the Marriott Breach Says About Security
• Your data -- the abstract portrait of who you are, and, more importantly,
  of who you are compared to other people -- is... your real vulnerability
  when it comes to the companies that make money offering ostensibly free services to millions of people.
  Not because your data will compromise your personal identity. But because it will compromise your
  personal autonomy. "What these companies are doing is building little models, little avatars,
  little voodoo dolls of you. Your doll sits in the cloud, and they'll throw 100,000 videos at it to see
  what's effective to get you to stick around, or what ad with what messaging is uniquely good at
  getting you to do something."
  
  With 2.3 billion users, "Facebook has one of these models for one out of every four humans on earth.
  Every country, culture, behavior type, socio-economic background," said Raskin. "With those models,
  and endless simulations, the company can predict your interests and intentions before you even know them...
  Without having to attach your name or address to your data profile, a company can nonetheless compare
  you to other people who have exhibited similar online behavior" ~Why data, not privacy, is the real danger
• "I give the fight up: let there be an end, a privacy,... an obscure nook for me.
  I want to be forgotten even by God." ~Robert Browning
• "Arguing that you don't care about the right to privacy
  because you have nothing to hide... is no different than saying
  you don't care about free speech
  because you have nothing to say." ~Edward Snowden
• "It's impossible to move, to live, to operate at any level... without leaving traces,
  bits, seemingly meaningless fragments of personal information." ~William Gibson
• "The internet is just... a world passing notes around a classroom." ~Jon Stewart
• "Some might say 'I don't care if they violate my privacy; I've got nothing to hide.'...
  Help them understand that they are misunderstanding the fundamental nature of human rights.
  Nobody needs to justify why they 'need' a right: the burden of justification falls on the one seeking
  to infringe upon the right. But even if they did, you can't give away the rights of others because
  they're not useful to you. More simply, the majority cannot vote away the natural rights of the minority."
  ~Edward Snowden, on caring about privacy 5/21/2015
• "My name is Avery Ryan. I was a victim of cyber crime... Like you, I posted on social media,
  checked my bank account balance on line, even kept the confidential files of my psychological practice
  on my computer. Then I was hacked, and as a result, one of my patients was murdered. My investigation
  into her death led me to the FBI, where I joined a team of cyber experts to wage a war against a
  new breed of criminal hiding on the Deep Web...infiltrating our daily lives in ways we never imagined
  ...faceless...nameless...lurking inside our devices, just a keystroke away. It can happen to you." ~CSI: Cyber 2015-2016

Summary

• Who's at Risk? have SSN? use credit card? post on social media? read privacy policies? high-profile?
• Types of Info contacts, financial, location, medical, passwords, ...
• Identify Theft, Credit Freezes
• Example -- farfetched, or is it?
• References

Who's at Risk?

• Everyone's information, even a fragment, can valuable to someone for
  profiling, money (e.g., advertisers, hackers) and/or control (e.g., governments, abusers).
• [1] Anyone who has ever had a loan or credit card -- very likely affected by 9/2017 Equifax breach
• [1] Anyone whose SSN, email or other sensitive details have been
  or will be leaked by a careless company or incompetent government agency
• [1] Anyone who's posted to Facebook or other social media
• [1] Anyone unaware of current recommended privacy and security practices.
• [2] Anyone who's read privacy policies and changed some settings -- there's always more to review / do
• [3] Any high-profile target: celebrity, politician, business, political dissident,
  investigative journalist, whistleblower

Types of Info

• Contact information: home address, phone, email -- yours and family
• Vital Statistics: your birthday, birthplace, family members
• Financial information: SSN, credit cards, purchases, tax returns, bank statements
• Your current and past locations -- via smartphone or car
• Photos
• Medical information: health records, DNA
• Biometrics: fingerprints, face scans, movement (motion sensors)
• Password(s): if a password is stolen, login to that site and change it, before a hacker does
  -- hopefully, you have devious security question answers
  and/or 2-factor authentication for any sensitive accounts.
• However, if you re-used that password for other sites -- a big no-no -- you'll have to scramble...
• Email, chat, and other communication history
• Browsing behavior -- current and historical {List. TCYOP-4: 87-98; TCYOP-3: 73-74}; browser 'footprint'
• Personally-identifiable vs. anonymously-aggregated information; content vs. metadata
• Data across different sites via cookies or IP address (or 'browser fingerprint')
  can be mined/aggregated to reveal patterns, and lead to individuals
• How anonymous/unique are you: zip code + birthdate + gender?
• Other devices: voting systems, (smart)TV, set-top/streaming box, game console,
  smart watch, health/fitness trackers, home automation, car; section: "Internet of Things" (IoT)
• Others' devices: cameras, wearable technology
• NYT quiz: How Many Times Has Your Personal Information Been Exposed to Hackers?
• NIST Quiz: Are you Safe Online?
• Pew: Cybersecurity Knowledge Quiz
• haveibeenpwned.com check if you have an account that has been compromised in a data breach;
  pwned (gaming term) = totally dominated, conclusively defeated
• HPI Identity Leak Checker check whether your email address, along with other personal data
  (e.g. telephone number, date of birth or address), has been made public on the Internet
  where it can be misused for malicious purposes

Identity Theft

• A good place to start: FTC: identitytheft.gov
• 2023 cyber-attacks targeted a vulnerability in the MOVEit filesharing technology used by
  many federal & state agencies and corporations around the world. This exposed personal information
  of millions of people, including social security numbers in many cases.
• e.g., MOVEit hack spawned over 600 breaches but is not done yet -- cyber analysts Reut; 8/8/2023
• Your bank or financial institution may offer a free credit monitoring service; set up credit freezes (below).
• If you have ever had a loan, mortgage or credit card,
  you are very likely affected by the Equifax breach (9/2017)
  -- with at least your birthdate, name, address, SSN available to hackers worldwide
• Equifax grand leak total (5/2018): 146.6 million names, 146.6 million dates of birth,
  145.5 million social security numbers, 99 million addresses
  and 209,000 payment cards (number and expiry date) exposed;
  also 38,000 American drivers' licenses and 3,200 passport details
• You may be vulnerable due to other past or future leaks
  from other companies or government agencies with sloppy security.
• However, there are still some things you can do to minimize the damage
  -- many of them free (with some redundancy)
• Closely monitor credit card activity for unrecognized charges
  with your credit card companies -- at least monthly, but preferably more often.
• Set up SMS and/or email notifications and fraud alerts with your credit card company
  for charges over certain amounts or from certain sources, esp. online, international.
• Check your credit report & score, e.g., annualcreditreport.com free; creditkarma.com
• If your credit card is missing or stolen, in addition to checking your report,
  you can set up notifications/alerts with some credit agencies.
• optoutprescreen.com: to reduce mailed credit and insurance offers
  which might be stoken from your mailbox; opt-out for 5 years (electronically), for life (via mail)
• File your income taxes as early as possible -- and setup an online account with IRS
  to review past tax returns -- so that a hacker doesn't file early (with your SSN) and claim a refund,
  or steal your info/identity: Get Transcript; View Your Tax Account

Check/Freeze Credit Reports

• Freeze credit reports with all 3 major credit reporting agencies
  -- to prevent future applications for mortgages, auto loans, credit cards with your SSN
• Federal law now requires credit bureaus to offer security freezes free of charge,
  and they're much simpler to set up than in the past;
  some states used to charge $10; unfreezes should also be free?
• A freeze accomplishes the same thing as a lock, but with a freeze, your rights are defined by law.
• With credit locks, the credit bureaus set the rules;
  the lock option is more prominent on their websites -- but I've provided direct links for setting up freezes below
• If you set up only a lock earlier with EquiFax (or the other agencies),
  re-enroll with a freeze; note: any pre-existing lock will be removed, e.g., TrustedID Premier
• Save the generated PIN, e.g., in your password manager, in order to unfreeze
  when applying later for a new loan or credit card.
• Equifax: Freeze
• TransUnion: Freeze
• Experian: Freeze
• Innovis: Freeze; lesser known than the 'big 3' credit agencies, but since it's free, why not?
• National Consumer Telecom and Utilities Exchange for telecommunication, pay TV and utility accounts
• Some credit/identity monitoring services may be free (with ads):
  e.g., CreditKarma.com; or included in membership, e.g., ProtectID (AAA)
• Credit agencies and others may offer some free credit/identity monitoring services,
  but beware of paid upgrades for these and other services -- they're often unnecessary,
  duplicative, overpriced, e.g., Equifax: Complete Premier, Family Plan, ID Patrol
  do you really want to trust and reward the company (Equifax) that leaked your info in 2017?;
  or Lifelock which paid FTC fines for deceptive advertising?

Farfetched Example?

CALLER: Is this Gordon's Pizza?

GOOGLE: No sir, it's Google Pizza.


CALLER: I must have dialed a wrong number. Sorry.

GOOGLE: No sir, Google bought Gordon’s Pizza last month.


CALLER: OK. I would like to order a pizza.

GOOGLE: Do you want your usual, sir?


CALLER: My usual? You know me?

GOOGLE: According to our caller ID data sheet, the last 12 times
you called you ordered an extra-large pizza with three cheeses,
sausage, pepperoni, mushrooms and meatballs on a thick crust.


CALLER: OK! That’s what I want.

GOOGLE: May I suggest that this time you order a pizza
with ricotta, arugula, sun-dried tomatoes and olives
on whole wheat gluten free thin crust?


CALLER: What? I detest vegetables.

GOOGLE: Your cholesterol is not good, sir.


CALLER: How the hell do you know?

GOOGLE: Well, we cross-referenced your home phone number with your
medical records. We have your blood test results for the last 7 years.


CALLER: But I do not want your rotten vegetable pizza!
I already take medication for my cholesterol.

GOOGLE: Excuse me sir, but you have not taken your medication regularly.
According to our database, you purchased a box of 30 cholesterol tablets
only once, at Drug RX Network, 4 months ago.


CALLER: I bought more from another drugstore.

GOOGLE: That doesn’t show on your credit card statement.


CALLER: I paid in cash.

GOOGLE: But you did not withdraw enough cash
according to your bank statement.


CALLER: I have other sources of cash.

GOOGLE: That doesn’t show on your last tax return unless you bought
them using an undeclared income source, which is against the law.


CALLER: WHAT THE HELL?

GOOGLE: I'm sorry, sir, we use such information only
with the sole intention of helping you.


CALLER: Enough already! I'm sick to death of Google, Facebook, Twitter, WhatsApp
and all the others. I'm going to an island without internet,
cable TV, where there is no cell phone service
and no one to watch me or spy on me.

GOOGLE: I understand sir, but you need to renew your passport first.
It expired 6 weeks ago.

References

• {TCYOP-3: 13-17; TCYOP-3: 11-15}
• sections: Refs: Attacks,Leaks; Equifax, Credit Bureaus & Freezes; Face; Financial;
  Health; Home; Identity Theft; Location; Vehicles; Voting
• topics: credit freeze, data imports, dating, DNA, elections, FOIA, haveibeenpwned.com,
  hospitals, pacemakers, revenge porn, surveillance
• companies/organizations: Anthem, Apple, Ashley Madison, Blue Cross, Comcast, Deloitte,
  Delta, Dow Jones, Equifax, Facebook, FDA, Google, Hyatt, IRS, &J, Kickstarter, Lifelock, Medicare,
  Orbitz, Panera, Scottrade, Sears, Strava, SWIFT, T-Mobile, Tinder, Uber, Under Armour, Whole Foods
• see course sections: Malware: cyberwar, ransomware; Shopping: Payment / Credit Cards
• Wikipedia: Information Privacy; Privacy Law; operations security (opsec)
• Wikipedia: revenge porn sexually explicit media that is distributed without the consent of the individual(s) involved
• Predict My Profile predicts psychological traits from digital footprints of human behaviour, e.g., Facebook or blog posts
• Keep Your Data Secure With a Personalized Plan interactive; choose devices; needs; situations; Consumer Reports
• Security News This Week
  each weekend, WIRED rounds up the security vulnerabilities and privacy updates that deserve your attention
• How to Add Extra Security Layers to Your Phone or Tablet
  new features in Apple’s iOS 18 and Google’s Android 15 can lock up apps with sensitive information and even hide them from view; NYT; 11/20/2024
• Considering ID Theft Protection? A Cybersecurity Expert Breaks Down the Facts CNet; 11/19/2024
• You Should Run a Privacy Audit on Your iPhone LH; 8/28/2024
• How to Avoid Online Scams and What to Do if You Become a Victim NYT; 8/10/2024
• It's not worth paying to be removed from people-finder sites, study says
  the best removal rate was less than 70%,
  and that didn't beat manual opt-outs; Ars; 8/8/202
• Welcome to Scam World NYT; 4/21/2024
• EFF adds Street Surveillance Hub so Americans can check who's checking on them EFF Street Surveillance hub; Reg; 1/22/2024
• Eight Steps to Protect Your Digital Privacy After a Bad Breakup LH; 1/12/2024
• How to Remove Your Personal Info From Google by Using Its 'Results About You' Tool set up alerts for whenever your home address, phone number, and email address appears in Search; Wired; 9/3/2023
• Americans Flunked This Test on Online Privacy NYT; 2/7/2023
• How to rescue your hacked account: Facebook, Instagram, Snapchat, and more
  Apple, Facebook, Google, Instagram, Snapchat, Spotify, TikTok, Twitter; Verge; 10/17/2022
• The Default Tech Settings You Should Turn Off Right Away
  Apple, Google, Meta, Amazon, Microsoft; NYT; 7/27/2022
• Steps to Simple Online Security: Extra security for financial and health data;
  What to do if you think you've been hacked NYT; 4/22/2022
• Your Digital Footprint: It's Bigger Than You Realize CNet; 4/4/2022
• 6 Ways to Delete Yourself From the Internet Wired; 1/3/2022
• How a Burner Identity Protects Your Inbox, Phone, and Credit Cards
  Private email forwarding: SimpleLogin;
  Throwaway email: Maildrop;
  Virtual credit card: Privacy;
  Second phone number: Google Voice;
  All-in-one burner identity: MySudo;
  NYT; 6/28/2021
• What Would Happen If All Personal Data Leaked at Once? Giz; 9/7/2020
• 9 Apps to Boost Your Phone's Security and Privacy Wired; 8/16/2020
• Privacy Threats in Intimate Relationships
  those closest to us know the answers to our secret questions, have access to our devices,
  and can exercise coercive power over us; 6/5/2020
• Giving People Property Rights In Data Will Not Solve Privacy, But... TD; 6/1/2020
• BlackBaud affected SOU Foundation donors; 5/2020
• Work-from-Home Security Advice 3/19/2020
• Here's How to Protect Yourself When Your Data Inevitably Leaks
  2FA; different userids/passwords; Giz; 3/4/2020
• Infosec Buzzword Bingo: 2020 Edition MB; 2/11/2020
• Researchers Find 'Anonymized' Data Is Even Less Anonymous Than We Thought MB; 2/3/2020
• Phone Hacks Can Happen to Anyone. Here's How to Protect Yourself.
  vacation clues, hotel Wi-Fi and inadequate verification procedures; NYT; 1/31/2020
• Want Your Personal Data? Hand Over More Please NYT; 1/15/2020
• Novelists, poets and artists imagine life in the age of surveillance NYT; 1/3/2020

Attacks, Leaks

• haveibeenpwned.com check if you have an account that has been compromised in a data breach;
  pwned (gaming term) = totally dominated, conclusively defeated; now available via 1Password
• What to Know About the Latest Social Security Number Breach NYT; 8/15/2024
• The Massive AT&T Data Breach Doesn't Affect Just AT&T Customers. Here's How to Protect Yourself. NYT; 7/16/2024
• Rite Aid says breach exposes sensitive details of 2.2 million customers Ars; 7/16/2024
• Apple Explains How to Identify Social Engineering Attacks TB; 7/15/2024
• How to tell if your online accounts have been hacked TC; 7/14/2024
• RockYou2024: 10 billion passwords leaked in the largest compilation of all time 7/4/2024
• Microsoft reveals how hackers breached its Exchange Online accounts BC; 1/16/2014
• Microsoft network breached through password-spraying by Russian-state hackers MFA not used? Ars; 1/19/2024
• MOVEit, Capita, CitrixBleed and more: The biggest data breaches of 2023 TC; 12/27/2023
• The 23andMe User Data Leak May Be a Million Times Worse Than Believed due to credential stuffing? Wired; 10/18/2023
• Take These Steps to Protect Your Data After a Cyberattack
  if you're a Dish, SlingTV, or Boost Mobile customer, you need to protect yourself now; LH; 4/7/2023
• A look at 2022's worst breaches, leaks, ransomware attacks,
  state-sponsored hacking campaigns, and digital takeovers, including at least two Twilio breaches Wired; 12/31/2022
• What to Do if Your Password Is Exposed in a Data Breach Giz; 7/27/2022
• The Worst Hacks and Breaches of 2022 So Far Wired; 7/4/2022
• The Biggest Hacks of 2021 (So Far) Giz; 10/7/2021
• Reset Your Twitch Password Right Now LH; 10/6/2021
• Company That Routes Billions of Text Messages Quietly Says It Was Hacked
  hackers had unauthorized access to Syniverse's system for years; Vice; 10/4/2021
• Fallout begins for far-right trolls who trusted Epik to keep their identities secret
  colossal hack of Epik, an Internet-services company popular with the far right, has been called the
  “mother of all data lodes” for extremism researchers; WaPo; 9/25/2021
• T-Mobile has been hacked yet again -- but still doesn't know what was taken
  Data reportedly includes SSNs, driver license numbers,
  and more for 100 million people; Ars; 8/16/2021
• Update Your Snapchat Password Immediately
  Snapchat users are receiving repeated 2FA login alerts, and no one knows why; LH; 6/24/2021
• Mystery malware steals 26M passwords from 3M PCs Ars; 6/9/2021
• Ten Years Of Breaches In One Image
  Nearly 8 billion usernames have leaked since June 2011; Verge; 6/8/2021
• In epic hack, Signal developer turns the tables on forensics firm Cellebrite
  to infect investigators' computers; Ars; 4/21/2021
• No password required: Mobile carrier exposes data for millions of accounts
  Q Link Wireless made data available to anyone who knows a customer's phone number; Ars; 4/9/2021
• How to Check if Your Phone Number Is in the Huge Facebook Data Leak checker; Giz; 4/5/2021
• Reset Your Ubiquiti Passwords Right Now LH; 4/1/2021
• There's a vexing mystery surrounding the 0-day attacks on Exchange servers
  a half-dozen groups exploiting the same 0-days is unusual, if not unprecedented; Ars; 3/11/2021
• Microsoft's 'Crazy Huge Hack,' Explained Exchange Server; Giz; 3/8/2021
• Hackers Just Looted Passenger Data From Some of the World's Biggest Airlines
  SITA / Star Alliance; Giz; 3/5/2021
• How A Cybersecurity Firm Uncovered The Massive Computer Hack NPR; 12/21/2020
• More Hacking Attacks Found as Officials Warn of 'Grave Risk' to U.S. Government SolarWinds; NYT; 12/17/2020
• Spotify resets passwords after a security bug exposed users’ private account information
  over past 7 months, data exposed may have included email address, preferred display name,
  password, gender, and date of birth -- only to certain business partners of Spotify; TC; 12/10/2020
• A hacker is selling access to the email accounts of hundreds of C-level executives
  Office 365 and Microsoft accounts of CxO, President, Director, ...; ZD; 11/27/2020
• What to Do About the Data Leak That Hit 8 Major Hotel Booking Sites
  Agoda; Amadeus; Booking.com; Expedia; Hotels.com; Hotelbeds; Omnibees; Sabre; LH; 11/9/2020
• How to Know If You’ve Been Hacked, and What to Do About It Wired; 7/19/2020
• A Brazen Online Attack Targets V.I.P. Twitter Users in a Bitcoin Scam
  employees who had access to internal systems had their accounts compromised in a
  'coordinated social engineering attack'; NYT; 7/15/2020
• Should You Worry About MGM's Latest Data Breach?
  142 million MGM Resorts guests; LH; 7/14/2020
• Police Are Buying Access to Hacked Website Data MB; 7/8/2020
• The Worst Hacks and Breaches of 2020 So Far Wired; 7/3/2020
• How Have I Been Pwned became the keeper of the internet’s biggest data breaches
  10 billion+ breached accounts; TC; 7/3/2020
• Hacks Are Always Worse Than Reported: Nintendo's Breached Accounts Magically Double TD; 6/10/2020
• What to Do if Your Old LiveJournal Password Was Leaked LH; 5/28/2020
• EasyJet admits data of nine million hacked BBC; 5/19/2020
• GoDaddy Was Apparently Hacked Last Year, So Check Your Hosting Account Credentials Giz; 5/5/2020
• Nintendo account hack FAQ: What happened, who's at risk, and how you can secure your ID PC; 4/24/2020
• 10 Billion Wrecked Accounts Show Why You Need 'Have I Been Pwned' LH; 4/9/2020
• Marriott says 5.2 million guest records stolen in another data breach TC; 3/31/2020
• Dear Ashley Madison user. I know everything about you. Pay up or else.
  Emails threaten to publish intimate details unless members pay a hefty ransom; Ars; 2/1/2020
• Iranian hackers have been 'password spraying' the US grid
  State-sponsored group "Magnallium" has been probing US utilities for the past year; Ars; 1/12/2020

Equifax, Credit Bureaus & Freezes

• The Secret Checking Account Reports You Should Be Monitoring LH; 7/22/2024
• The Difference Between a Credit Freeze and a Credit Lock (and When to Use Each) LH; 5/16/2024
• TransUnion Failed to Quickly Place or Remove Freezes on Credit Reports
  The Consumer Financial Protection Bureau accused the credit bureau, one of three major
  credit reporting agencies, of "lying to consumers." NYT; 10/27/2023
• Identity Thieves Bypassed Experian Security to View Credit Reports 1/9/2023
• How to Handle a Suspicious Inquiry in Your Credit Report LH; 10/7/2020
• Your Equifax settlement $125 isn’t coming, but banks get their $5.5M Ars; 5/19/2020

Face

• A Face Search Engine Anyone Can Use Is Alarmingly Accurate
  PimEyes, $30/mo.; NYT; 6/26/2022

Financial

• IRS to adopt Login.gov as user authentication tool 2/22/2022
• IRS says taxpayers wanting to access their accounts online will not be subjected to facial recognition if they choose to ID themselves in "a virtual interview" NYT; 2/21/2022
• To Get the Most From Social Security, Log On
  a variety of online tools can guide retirees looking to make the most of this benefit; NYT; 1/28/2021
• Hacker Tricked Robinhood Support Into Revealing Data Of 5 Million Users TD; 11/15/2021
• Robinhood Hack Compromises Millions of Customer Email Addresses and Names Giz; 11/8/2021
• Use This IRS Security Tool to Protect Yourself From Refund Fraud
  Identity Protection PIN Opt-In Program; info; Giz; 12/4/2020
• Some Robinhood users say someone sold their investments and withdrew funds;
  Robinhood says users' personal email accounts were compromised, not its systems BB; 10/9/2020
• How Not to Become a Victim of Social Security Fraud Calls NYT; 3/6/2020
• Intuit Is Buying Credit Karma. Should You Cancel Your Account?
  effect on Equifax settlement? other options; NYT; 2/28/2020
• Why the IRS Wants You to Do Your Taxes Early protect your identity and prevent tax refund fraud; LH; 2/4/2020

Health

• HowStuffWorks: Will your electronic medical record be safe?
• I'm Worried About My Dad's Heart. So We Got Him an Apple Watch CNet; 12/23/2022
• How to protect your privacy when using mental health care apps NPR; 7/18/2022
• In a Post-Roe World, the Future of Digital Privacy Looks Even Grimmer NYT; 7/13/2022
• 11 Online Privacy Tips for Getting an Abortion Giz; 5/6/2022
• How to Protect Your Digital Privacy if Roe v. Wade Falls Wired; 5/5/2022
• How to Carry Your Covid Health Data on a Smartphone
  add SMART Health Cards to Apple and Google wallet apps;
  save a photo; NYT; 12/1/2021
• The Garmin Ransomware Hack Is Horrifying
  fitness tracking companies are vulnerable troves of sensitive data and aren't taking your privacy seriously; MB; 7/28/2020
• Despite qualms from some experts, Google and Apple's exposure notification API
  enables the most privacy-respecting approach to contact tracing in history TD; 5/20/2020
• Emergency Surveillance During COVID-19 Crisis 3/20/2020
• Why is the healthcare industry still so bad at cybersecurity? Ars; 2/9/2020
• Inside Google's Quest for Millions of Medical Records WSJ; 1/11/2020

Home

• How Your Landlord Could Be Tracking You
  Key fobs and other smart-access technologies make it easier for us to get in and out of our homes
  -- but they're also a privacy hazard; NYT; 12/17/2019

Identity Theft

• Wikipedia: Identity Theft; credit freeze aka credit report freeze, a credit report lock down,
  a credit lock down, a credit lock or a security freeze; 'In the credit origination process, access to a credit report
  is critical for a lender to make a risk assessment. Because a credit freeze effectively stops any access to the credit report,
  it places a block in the process of issuing credit. Individuals who freeze their credit reports must therefore unfreeze
  their reports before they wish to apply for credit themselves'
• HowStuffWorks: How can I find out what information exists about me online?;
  How Identity Theft Works; Is there such a thing as a free credit report?
• HowStuffWorks: How can I erase my identity and start over?
• About: How To Remove Your Information from Public Websites
• OR: credit freeze, fraud alert; search data breaches
• Privacy Rights Clearinghouse: Consumer Guides
• Protect Yourself From Identity Theft AAA Via, pp 26-27 Nov/Dec 2020
• Should You Use a 'Dark Web Scan' to Protect Your Identity? LH; 10/23/2020
• Never Email Your Social Security Number, I Am Begging You LH; 7/1/2020
• 'Pure Hell for Victims' as Stimulus Programs Draw a Flood of Scammers
  criminals have used people’s Social Security numbers, home addresses and other personal information
  -- much of which was available online from past data breaches — to assume their identities and bilk them
  out of their stimulus checks and unemployment benefits; portal allows people to enter a new bank account
  address for the government to send them their money, but it requires only a few pieces of data for verification:
  a Social Security number, an address, a phone number and a date of birth; NYT; 4/23/2020
• Scam Awareness Soc. Sec. Admin.: Office of the Inspector General; 1/2020

Location

• US Military Is Buying Location Data From Data Brokers,
  Including Data Pulled From US App Users TD; 11/20/2020
• Six Reasons Why Google Maps Is the Creepiest App On Your Phone
  1. Google Maps Wants Your Search History
  2. Google Maps Limits Its Features If You Don't Share Your Search History
  3. Google Maps Can Snitch On You
  4. Google Maps Wants to Know Your Habits
  5. Google Maps Doesn't Like It When You're Offline
  6. Google Makes It Seem Like This Is All for Your Own Good;
  Vice; 11/12/2020
• The Best Privacy-Friendly Alternatives to Google Maps
  easiest to use and most up to date -- use privacy settings; OpenStreetMap; OsmAnd; Apple Maps; Here; Wired; 9/11/2020
• How Your Phone Is Used to Track You, and What You Can Do About It NYT; 8/19/2020

Vehicles

• HowStuffWorks: How can you use in-car Internet?
• Is Your Driving Being Secretly Scored?
  the insurance industry, hungry for insights into how people drive,
  has turned to automakers and smartphone apps like Life360; NYT; 6/9/2024
• We explore the apps that are quietly tracking drivers’ habits NYT; 6/9/2024
• Mozilla Says Modern Cars Are Data Collection Nightmares on Wheels TB; 9/7/2023
• Carmakers Strive to Stay Ahead of Hackers NYT; 3/18/2021
• Insecure wheels: Police turn to car data to destroy suspects' alibis NBC; 12/29/2020

Voting

• Internet Voting still insecure
• Voted in America? This Site Doxed You voteref.com; 11/6/2024
• Voting Security Has Come A Long Way Since 2016 — But Vulnerabilities Remain NPR; 11/3/2020
• Election 2020: a primer on how hackers are targeting the election
  and what officials are doing to protect it CNet; 10/27/2020
• 12 Cyber Threats That Could Wreak Havoc on the Election
  Attacks on Data, Access, and Availability:
  1. Ransomware
  2. Advance Voter Data Manipulation
  3. Day-of Vote Interruption
  4. Actual Vote Manipulation
  5. Messing With Reporting
  6. Distributed Denial-of-Service Attacks
  7. Infrastructure Attacks
  Information Operations:
  8. Hack-and-Dump
  9. Misleading Voting Information
  10. Voter-Targeted Disinformation
  11. Social Media Threats
  12. The Tweeter-in-Chief; Wired; 10/22/2020
• Ransomware Attacks Take On New Urgency Ahead of Vote NYT; 9/27/2020
• Don't Trust Facebook for Voting Information LH; 7/20/2020
• Amid Pandemic and Upheaval, New Cyber Risks to the Presidential Election NYT; 6/7/2020
• Q&A: Eugene Spafford on the Risks of Internet Voting 6/5/2020
• Putin Is Well on His Way to Stealing the Next Election Atl; 6/2020
• A Mobile Voting App That's Already in Use Is Filled With Critical Security Flaws Voatz; MB; 3/13/2020
• Despite Cybersecurity Risks And Last-Minute Changes, The 2020 Census Goes Online NPR; 3/2/2020
• 1 Simple Step Could Help Election Security. Governments Aren't Doing It using .gov domain; NPR; 1/29/2020
• 2020 Political Campaigns Are Trying To Avoid A 2016-Style Hack NPR; 1/28/2020

---