Trails End Computer Club

Bulletin for the month of JUNE 2015


MEETINGS WILL

 CONTINUE

IN THE FALL


SPECIAL INTEREST GROUPS:

If you would like to meet in a small group to discuss special computer related subjects or form a Special Interest Group lets discuss it.

Our bulletin is also available on line by visiting tecc.apcug.org and clicking on bulletin.


tecc.apcug.org

See Bulletin Selector, Lessons Selector, 
Top Downloads, Top Web Sites & APCUG Benefits.

It's loaded with ideas, how  to's, learning and
Education sites.

Upcoming Events

Wednesday DECEMBER 2, 2015 Meeting
  Thanks for making the 2014/2015 season a success. The Computer Club will continue with meetings in December. In the meantime there will be a monthly e-mail and bulletin. Near the end of each month the email announcement will be sent out with a link to the bulletin that is published on the Computer Club web site www.tecc.apcug.org.


IraWhat are Websites Doing With Your Personal Information?

by Ira Wilsker

 WEBSITES:

http://www.govtech.com/data/How-Do-Websites-Use-Your-Data.html

https://identity.utexas.edu/privacycheck-for-google-chrome

https://identity.utexas.edu/idwise

https://identity.utexas.edu/strategic-partners

https://chrome.google.com/webstore/detail/privacycheck/poobeppenopkcbjejfjenbiepifcbclg

https://www.ghostery.com

             You have likely noticed that the banner ads and other forms of advertisements on many of the web pages visited appear to "coincidently" be for many of the same items that you have recently searched for online.  You may even notice that many of these ads are also from many of the same online sellers whose web pages you have recently visited.  In some cases, you may also see online ads for direct competitors of previously visited websites, offering many of the same or similar products that you have looked at on other websites.  It should not be surprising that the owners of many websites, as well as many third party advertisers, use a variety of tracking technologies to gather information on you, as an individual, the types of websites that you visit, and the products and services viewed.  While many users find this targeted advertising interesting and useful, and even possibly necessary in order to support "free" web sites and online services, many others consider the gathering of such personal information as a gross violation of personal privacy.

            Some of the more common methods of compiling and distributing this personal information and shopping preferences are the placement of "tracking cookies" on the user's device; web bugs or web beacons (small graphic files which transmit information when opened, often 1 pixel in size); and the dissemination (sale) of personal information entered on a website.  Cookies are small, alpha-numeric and text based pieces of data which are by default, placed on the hard drive or other storage of the device being used to view a website; while some types of cookies are benign and necessary to compile shopping carts, store passwords and other login information, and save other information that can speed the web process, some other types of cookies may not be so desirable.       The most common type of unwanted cookies is often known as "tracking cookies", which are typically placed on the hard drive or other storage medium, just as other cookies, but these cookies can also be read by other third parties as a method of gathering information about the user, mostly for targeted marketing purposes.  There are many companies that have a lucrative and highly profitable business selling access to the tracking cookies which they have previously been placed in storage, most often by simply visiting a web page.  Almost all browsers give the users the option to control which cookies can be saved and accessed, but the default is to accept all cookies.  Tracking cookies that are currently saved in the device storage can often be easily and quickly removed by most of the reputable (and often free) security scanners, such as Malwarebytes (malwarebytes.org) and SuperAntiSpyware (superantispyware.com).

            What many users might find shocking is that they unknowingly and explicitly allowed many of the websites that they visit to place tracking cookies and other marketing information on their computers and smart devices.  When I mention this to users at some of my security and privacy presentations, some of those present get very agitated, and vehemently deny that they ever gave permission for websites to place such information on their computers and other devices.  My typical response is something to the effect of "Did you ever read the privacy statement on those websites when displayed, or simply click on the "I Agree" box when first visiting them?"  Most of the honest, but still aggrieved users, acknowledge that they never fully read the privacy statements on the websites visited, with the typical response being that the privacy statement is too long to read, or it is written in "legalese" which they cannot readily understand, so they simply "agree" in order to get access to that particular website.

            Complex privacy statements, often blindly agreed to, have been a popular tool to legitimize the placement of that website's or other third party commercial tracking information on your computer, smart phone, tablet, or other device.  These tracking devices are often a significant source of revenue for the website owner, and are often utilized by some of the largest and most reputable online vendors.  In a recent article by Omar L. Gallaga, of the Austin American-Statesman, dated  May 11, 2015, and reprinted by "Government Technology", Gallaga wrote, "How Do Websites Use Your Data?  A new tool in Google Chrome puts website privacy policy language in plain English, letting you easily know whether your email address is shared or the site has access to your Social Security number, and if it tracks your location."

PrivacyCheck           This free new tool, currently only available for Google's Chrome browser, is "PrivacyCheck", a Chrome browser extension (plug-in) which was developed by the Center for Identity at the University of Texas - at Austin (identity.utexas.edu).  According to the Center for Identity, "PrivacyCheck is a browser add-on intended to provide consumers an overview of the ways in which companies use their personal data in a graphical, ‘at-a-glance’ format.  ...  PrivacyCheck surpasses existing add-ons, apps, and certifications by using a Data Mining algorithm to access the text of any webpage.  The user provides the URL for the company’s privacy policy and PrivacyCheck searches the page, returning icons that indicate the level of risk for several types of PII (Personally Identifiable Information)".  PrivacyCheck can be downloaded for Chrome from the Chrome web store at chrome.google.com/webstore, and entering "PrivacyCheck" in the search box.  The latest version of PrivacyCheck, as I am typing this, is version 1.0.5, dated May 14.  It is important to know that federal and state laws require businesses with a web presence to post their privacy policies, and there are often harsh penalties for violating those posted privacy policies.

            To use PrivacyCheck to determine the degree of privacy risk on a particular web site, download and install PrivacyCheck from the Chrome web store (chrome.google.com/webstore).    Once installed, open the selected website using the Chrome browser, and locate the privacy statement, often linked at the very bottom of the webpage; open the privacy statement page.  On the top right of the Chrome address bar is a small icon which is light brown in color, and has what appears to be a lower case "i" within a brown circle; click on that icon.  Once clicked, "Browse to a privacy policy and click Start".  Within seconds a series of 10  larger icons will appear, with an easy to comprehend green, yellow, and red coloration, indicating the degree of privacy risks associated with that privacy policy and website. 

            Moving the cursor over each of the large icons will explain what it represents: the "envelope" icon represents what the website does with the user's email address, red indicating that the website uses, sells and shares the email address to others; the second icon represents the magnetic stripe on a credit card, and indicates what the site does with credit card information; the three asterisks "***" represent what is done with the user's social security number, green indicating that it is not collected or otherwise used; the "megaphone" indicates the marketing use of your private information, red indicating that the website sells your information to others for marketing purposes; the "compass" icon indicates what the website does with detected location information, red indicating that the website sells the user's location information to third parties; the sixth icon, circular with two eyes, indicates the policy on information gathered from children; the "badge with star" icon indicates the distribution of information to law enforcement, red indicating that the site will provide information to law enforcement without a warrant or subpoena; the "open book" indicates the policy on posting privacy policy changes and giving the opportunity for users to opt-out; the "pie chart" icon indicates whether or not the user can modify his own information; the tenth icon, which looks like a cloud with directional arrows, indicates what the website does with aggregated information, yellow indicating that aggregated information is distributed, but personally identifiable information has been removed. 

            PrivacyCheck is an excellent method to determine what commercial websites are really doing with your personally identifiable information (PII), but its major weakness is that it (currently) only works with the Chrome web browser.  Users of other browsers may find some privacy utilities that provide significant privacy protection while online.

            On all of my PCs, as a browser add-on, I have been using a free, popular browser extension called "Ghostery" (www.ghostery.com), which will seamlessly run on computers using any of the major and popular browsers including Firefox, Chrome, Opera, Safari, and Internet Explorer, as well as on mobile devices running the Android and iOS operating systems.  According to its website, Ghostery claims to have, "The largest tracker database on the internet, constantly growing;  Ghostery has the largest tracker database available on the web. We meticulously select, profile and cull over 2,000 trackers and 2,300 tracking patterns."  Ghostery displays the tracking information on almost every web page opened, and gives the user the ability to allow or block trackers as desired.

            Our personal privacy should be taken very seriously.  Once third parties have access to our personal information, it is virtually impossible to get it back.  Most of the browsers offer an option or setting to control privacy, which may be called "Do Not Track", "Reject Third Party Cookies", or some similar name.  By using PrivacyTracker, Ghostery, browser privacy settings, and other utilities, our individual privacy may be better protected.


Tech Support Scam – Received a Tech Support call lately?

By Phil Sorrentino, Member of The Computer Club, Florida

http://scccomputerclub.org

Philsorr.wordpress.com

philsorr (at) yahoo.com

This is a very nasty, and possibly costly, scam. It preys on people’s concern that their computer might be running slow or might be infected with a virus or some other type of malware. It typically starts with a call from, ostensibly, “Microsoft or Windows or Dell or some other, known Computer Manufacturer’s Tech Support” organization. And it can end with the computer owner paying for basically nothing, and giving the scammer his credit card information.

Let’s make the point here: Microsoft says “You will never receive a legitimate call from Microsoft or our partners to charge you for computer fixes.” So, never respond to a call of this nature; just hang up.

There seem to be many variations on how the scam can get started. Sometimes you will get a call from the “Microsoft or Dell Tech Support Desk” saying that they have noticed that there is a virus, or errors, on your computer. Sometimes it is started with a pop-up window on your screen while you are browsing the internet. The window (in a variety of different wordings) indicates that you have been infected by a virus and you should call a particular number to remove the virus. Calling that number puts you in contact with the scammer’s bogus “Tech Support Desk”. Once you are on the phone with the “Tech Support” technician, the scam begins.

This scam is very insidious because the victim may never even realize that he has been scammed. There are many variations on the details of the scammer’s interaction with the computer owner once the call has been made; but basically the steps are: the scammer demonstrates, to the computer user, that there is a virus on the computer; the scammer offers to remove the virus for a fee ($199 to up to $549, which may be negotiable); the computer user accepts the offer to remove the virus and pays for it with a credit card; the scammer charges the credit card for the agreed upon fee; the scammer “fixes” the computer; the scammer demonstrates that the computer now has no viruses; the computer user thanks the “Tech Support technician” for his help.

The scammer uses a variety of ways to show you that there is a problem. One such ploy is; the scammer asks you to open the computer’s Windows Event Log Viewer to show that there is problem. The scammer attempts to win your confidence by showing you that your system has “Errors”. When you open the Windows Event Log Viewer, you see errors which lends credence to the scammer’s statement that you have a virus. (The scammer relies on the fact that whenever you open the Windows Event Log, you will see some type of error or warning listed, which is quite normal.) Another way the scammer shows you that there is a problem is to have you view files that look like problems, but are really just views of a file that are not typically seen by the average user, but are quite normal. Still another technique is to have you run the Configuration Utility. You see “stopped” next to some services or programs and the scammer states that “the fact that those programs or services are stopped indicates that there has been some damage to the computer”. (In truth, it is normal to have some programs or services that are stopped, which may not be obvious to the average computer user.)

So, how can we tell if a scam attempt is in progress? Here are some tip-offs to help you recognize a scam attempt. The first tip-off is that they, the scammer, called you. Note well that, Microsoft, Dell, or any other major company’s tech support organization is not very likely to use their resources to get in touch with users to fix their computers. (The scammer may tell you that they are doing this as a Public Service; don’t buy into it.) If a Tech Support issue arises with a computer, it is incumbent on the user to contact the appropriate Tech Support organization. The user should make the contact with a known phone number!

A very strong indicator that a scam attempt is in progress is that the “Tech Support technician” will ask you to go to a Website and Install a Tool so that they can Remotely Connect to your computer in order to “fix” the problem. This can be a very good, legitimate, way of having a legitimate Tech Support technician fix your problem, if you truly have a problem, and if you called Tech Support. (There are a few free remote control software tools available just for this purpose, such as TeamViewer and GoToMyPC.) However, if they called you and you then give the scammer control over your computer, the scammer now has the ability download malware (viruses, rootkits, Trojan horses, key-loggers, etc.) to your computer. This malware could then lead to future problems.

This may be another tip-off: the Caller ID on the phone says “Microsoft, Tech Support”, or something similar, which gives the appearance of a legitimate number. Remember, he called you. (Spoofing Caller ID information, I’m told, is extremely easy to do, with Voice Over IP technology. Brighthouse or Verizon phones employ VOIP technology.)

A strong indication that a scam may be is progress is that the “Tech Support” technician claims that your computer is “sending out errors”, or is “sending out SPAM”, or is “infected with a new virus that is undetected by current virus protection software”, or something similar. This is an attempt to create fear that the computer is infected and to scare you into taking action to correct the situation.

Another tip-off may be that the Tech Support technician has a heavy foreign accent, but he uses a name that sounds like it is of western origin. He will definitely have an explanation for why he does this, but don’t buy into it. (Though, I have talked to a legitimate Tech Support technician, “Bob”, with a heavy foreign accent from Dell who was very helpful, so this may not be the best way to identify a scam.)

I haven’t gotten a call, yet, but I have heard of many recent experiences. If you do get a call from “Microsoft Tech Support”, just hang up. If you are having a problem with your computer, call the appropriate Tech Support organization, using a number you are confident is correct (not one that you get from a pop-up window). With the number of people in Sun City Center receiving these calls, this area code may be a prime target for these scams.

I’d like to thank Computer Club Member and Instructor, Matt Batt, for bringing the severity of this scam to my attention. Matt has seen the results of many of these scams and has heard of many computer users experiences with this scam.


Submit Your article; deadline for next bulletin is Tuesday noon each week. Only what you write may be published. We cannot publish other peoples work without written permission. Simply click here EDITOR AT TECC and paste your write-up to submit it.
Share your computer experiences with other members. We need articles to publish in the TECC Bulletin.

UPDATE YOUR MEMBERSHIP INFORMATION Change your e-mail address, unsubscribe to this bulletin, etc.  Use link below.
UPDATE YOUR MEMBERSHIP