Your details are currency. Be careful

 In ITC's Threat of the Week

Your details are currency. Be careful

There have been two disturbing reports of yet more personal information theft and abuse. We wonder if either of these will surprise you.

You may have seen a Facebook quiz doing the rounds, which produces a map of your most used words on Facebook since you signed up. A nice little distraction from finishing your blog, essay, spreadsheet or doing anything useful.

The problem is that when signing up to this so called ‘quiz’, you hand over a bunch of personal stuff including:

  • Name
  • Sex
  • Profile picture
  • Birthday
  • Hometown
  • Current city
  • Educational history
  • IP address and other information relating to your device

The really smart guys at Comparitech broke this story this week, pointing out that 16 million people had fallen for what is basically a scam. The company that runs this scheme is called Vonvon.me. They lull victims into a false sense of security by saying they will not share your data without permission, however by agreeing to their terms and conditions, you have implicitly given this permission. Very, very sneaky and what’s more, you have even agreed that they can keep and share your details if you delete your account.

There are loads of these detail exfiltration apps and memes doing the rounds and our advice is to never trust them. Just don’t do it.

If you want to check which of these nasties you have signed up to on Facebook, Graham Cluley, a very knowledgeable and informative security guru has this advice:

To tweak the bits of information to which your Facebook apps have access, click on the lock icon on Facebook’s top right corner. Next go to “See More Settings”, followed by the “Logged in with Facebook” list under the Apps section. You can then click “x” to remove apps you don’t trust or recognize.

Right then, deep breath and onto our second personal detail spy in the sky. Step forward Microsoft!

Regular readers might remember us moaning and hollering about the data stealing ‘features’ built in and active by default in Windows 8.1 and 10, some weeks ago.

In an apparently extraordinarily sneaky manoeuvre, Microsoft may have given the impression that they had removed the DiagTrack or Diagnostic Tracking service, but guess what? You got it, they just renamed it, to: Connected User Experiences and Telemetry Service

As before, this is enabled by default. Here is what Microsoft say it collects:

Examples of data we collect include your name, email address, preferences and interests; browsing, search and file history; phone call and SMS data; device configuration and sensor data; and application usage.

WHAT? This is (in our opinion) an outrageous breach of trust and is further soiling the reputation of Microsoft and more specifically Windows 10. It would appear that there is no such thing as a ‘free’ upgrade.

You can disable this spyware in the services control panel. Enterprise sysadmins should look to make this happen in your standard builds.

To wrap up this week’s blog, it has come to our attention that Anonymous has taken down an ISIL website and replaced the contents with an advert for Viagra and a message to calm down. We wonder how hard that was.

If you would like to discuss privacy or security, we are available. Contact us on: 020 7517 3900 or enquiries@itcsecure.com.

Author: Kevin Whelan

Recent Posts

Leave a Comment