NYC Digital Safety

You’re securely logged in, using HTTPS, and you’ve taken care to update your devices, but your email inbox may contain scam messages. This is part of a technique called phishing, where people try to manipulate others into revealing private data like passwords or social security numbers. As in fishing with an “f”, these scams use a baited hook to draw the target in, usually in the form of a text, email, or phone call that seems to be from a legitimate source, such as a recognized service provider, a government agency, or even a trusted friend.

In one phishing scam, an email appearing to be from a service provider directs the recipient to a fake website to enter login data verifying their account — and that’s when malicious hackers obtain the data. A classic scam involves a message from an official serving in an overseas government. The sender asks permission to transfer a large sum of money into the recipient’s account for safekeeping, promising of a percentage of the funds as a reward… if the recipient provides account details and numbers for the transfer.

In another common scam, someone gets a text, email, or social media message appearing to be from or about a friend in serious distress. The sender requests an emergency transfer of funds. This scam, exploiting personal information about relationships and directed at a specific individual, is an example of a targeted attack called “spear phishing.”

These are tell-tale signs that a message might be a phishing attempt. Approach any message from an unknown source with caution, examine addresses carefully, and never provide personal data in response to a message. In fact, it’s best not to reply at all. If a message that claims to be from a friend, government agency, or service provider is concerning, contact them via another channel, such as a verified phone number you’ve used in the past. Phishing messages may contain links to malware, so avoid clicking on links in those messages, opening attachments, and of course sending any reply.

Secure Messaging

Remember, all information on the internet is sent via open, shared networks, so we need to encrypt messages, especially when the content is personal or sensitive. Standard encryption is not totally foolproof, but it’s highly effective in most cases. Check if your email provider uses encryption, and remember: if your recipient’s provider doesn’t encrypt, your message is very vulnerable.

The popular webmail service Gmail now shows a warning “unlocked” icon if you are composing an email to an address that does not support encryption. A question mark indicates an email address that cannot be verified. If you or your customers are gmail users, be extremely cautious when you see these signs.

If you or a patron have serious concerns about messaging security, there are applications that use end-to-end encryption, in which only the sender and recipient can read the message. End-to-end encryption prevents any third party from reading your message. Messaging and email apps such as Whatsapp, Signal. Telegram, Protomail and Hushmail all use this end-to-end encryption. See the resources list for more on end-to-end encryption.

Avoiding Malware

Malware is a tool cybercriminals and other bad actors use to gain access to your computer, data, and resources. A type of malware called “spyware” gathers data from your devices and sends it back to the person or persons who created the malware. Another type of malware, called ransomware, locks you out of your system until you pay the malware creator. Malware can send out spam emails from your account, control your webcam, search and destroy files, and hijack software programs.

Viruses and worms are two subtypes of malware. Worms are replicated quietly without affecting files and data, while viruses insert their own code into targeted software on your computer, and can corrupt or delete files and data, and disable programs. Keep an eye out for slow processing speeds. It’s a sign your machine might be infected by a worm or virus.

Here’s a list of some simple things you can do to avoid malware. The main message is to be intentional and aware of what files, links, messages and windows you’re interacting with online.

If you or your library user think you’re infected, there are a number of steps you can take. You can start by inspecting your devices, applications, and files yourself, and then using anti-virus scanners and software as needed.

Minimizing Your Digital Footprint

Your digital footprint is made up of all the traces of activity you’ve left on the web. It is composed of social media activities and connections, posts or comments on blogging sites, media sharing sites like youtube, review or news sites, and more. It includes data tracked by cookies and other means, as well as your search history across devices. Your footprint contributes to your online reputation — who you are online — and it helps corporations and other online actors gather data to profile you.

As this quote from the Our Data Bodies project shows, it’s difficult for many of us to understand where and how our information is being used online, and by whom.

We can learn how companies and other entities plan to use our data by examining User Agreements and Terms of Service for the services, platforms, and software we use. These contracts make explicit the privacy exchanges we might make in order to use an app, a platform, a site or a service. For information on how your library uses data, you may check your library’s privacy policy.

One way your digital footprint can spread quickly is through Third Party applications, where a third party mediates an interaction between you and a website: for example, a log-in to Spotify via Google or Facebook. While this arrangement seems convenient, you are allowing data sharing, collection, and tracking across platforms. Is this a worthwhile value exchange?

Many social networking platforms are in the business of selling you and your patrons’ data. It’s their core business model. However, on many platforms, you can adjust preferences to control how your data is used. Social media platforms will continue to track you, but there are steps you can take to control how that data is used and shared online. We’ll go through this list step by step, using Facebook as an example.

Facebook’s general privacy settings let you control what information about you is public, such as your phone number or email address, how your profile shows up in search engines, and if your posts are by default public. You can advise your patrons to adjust these settings based on their own risks and concerns around data privacy.

In the Facebook settings menu, under Apps, and then under Apps, Websites and Plugins, you can see and adjust what Facebook data third party apps can access. Here, third party app “AirBNB” is selected. By default this app can access everything on the list. Using the buttons at right you can change these settings. For each app, you also have the option of removing access from your account completely, though those apps will keep data you’ve already shared with them.

In the Facebook settings menu, under ads, your customers can adjust how Facebook buys and sells data about you for advertising. You and your library users can prevent Facebook from using data from brokers, marketing firms, or third party apps about your activity while OFF the platform to show you Facebook ads. You can prevent Facebook from using your activity while ON the platform to sell targeted elsewhere on the web, via its ad services business. Facebook and others will continue to track you, but your data may be less useful to them. If you change these settings, some of ads you see may be less relevant to you. Facebook will still use your activity IN its own platform to show you Facebook ads.

Also in the Ads settings, you and your patrons can specify what information Facebook can use to show you targeted ads. Facebook still collects and uses this data, but it will not use it in tailoring ads to you. There are many other options in the setting menu to explore, including location settings and facial recognition. You can also request your information, as well as delete your profile under settings.

Your personal data — and that of your library users — is valuable. Be intentional about what data you bring to the system, what you share, where, and with whom. Consider the benefit to you. Keep in mind the risks, but also the tools you have to protect yourself.