16. Has my email been compromised?
https://hacked-emails.com/
16
17. “Because our digital identities
are so interconnected,
providing access to a single
account can often give hackers
access to others.”
PETER FERNANDEZ
17
23. Jen Golbeck
The Curly Fry Conundrum
https://www.ted.com/talks/jennifer_golbeck_the_curly_fry_conundrum_why_social_media_likes_say
_more_than_you_might_think
23
30. Further Reading - websites
•Hoffman, Chris. “Basic Computer Security: How to Protect Yourself from
Viruses, Hackers, and Thieves.” How-To Geek, 4 Apr. 2017,
www.howtogeek.com/173478/10-important-computer-security-
practices-you-should-follow/.
•Kiser, Matt. “The Normal Person's Guide to Internet Security.” GitHub,
30 Mar. 2017,
http://github.com/mkiser/WTFJHT/blob/master/guide/internet-
security.md.
•Pinola, Melanie. “Top 10 Tech Security Basics Every Person Should
Follow.” Lifehacker, Lifehacker.com, 26 Mar. 2016, lifehacker.com/top-
10-tech-security-basics-every-person-should-follow-1767148925.
30
31. Further Reading - Articles
• Breeding, Marshall. "High Security and Flexible Privacy for Library Services." Computers in Libraries, vol. 36, no.
5, June 2016, pp. 12-15. EBSCOhost.
• Fortier, Alexandre and Jacquelyn Burkell. "Hidden Online Surveillance: What Librarians Should Know to Protect
Their Own Privacy and That of Their Patrons." Information Technology & Libraries, vol. 34, no. 3, Sept. 2015,
pp. 59-72. EBSCOhost.
• Fernandez, Peter. "Through the Looking Glass: Helping Patrons Manage Passwords and Protect Their Digital
Identities." Library Hi Tech News, vol. 33, no. 9, Oct. 2016, pp. 1-5. EBSCOhost, doi:10.1108/LHTN-09-2016-
0041.
• Gressel, Michael1. "Are Libraries Doing Enough to Safeguard Their Patrons’ Digital Privacy?." Serials Librarian,
vol. 67, no. 2, Sept. 2014, pp. 137-142. EBSCOhost, doi:10.1080/0361526X.2014.939324.
• Macrina, Alison. "Protecting Patron Privacy." Library Journal, vol. 141, no. 12, 7/1/2016, pp. 38-39. EBSCOhost.
• Massis, Bruce. "The Internet of Things and Its Impact on the Library." New Library World, vol. 117, no. 3/4,
Mar. 2016, pp. 289-292. EBSCOhost, doi:10.1108/NLW-12-2015-0093.
• Nichols Hess, Amanda, et al. "Preserving Patron Privacy in the 21St Century Academic Library." Journal of
Academic Librarianship, vol. 41, no. 1, Jan. 2015, pp. 105-114. EBSCOhost, doi:10.1016/j.acalib.2014.10.010.
• West, Jessamyn. "Cybersecurity as an Extension of Privacy in Libraries." Computers in Libraries, vol. 36, no. 5,
June 2016, pp. 24-25. EBSCOhost.
31
Notas do Editor
Introduce self
So why is this discussion important? Well, we interact with technology every day. And not everyone has the same access to information, or interest in keeping up with what can be an overwhelming topic. Increasingly, libraries are one of the only places many of our patrons can go to learn about things like security and privacy.
Also I’ve filled this presentation with pop culture references and animated gifs. If this annoys you – my preemptive apologies.
So, let’s start with security. Security in libraries is multi-faceted. It includes things like security personnel, surveillance cameras, tattle-tape and RFID tags. For the purposes of today’s talk, we’re primarily focused on the social and digital aspects of security.
Malware: any program designed to enter a computer and compromise its data or processes. Includes:
Viruses: self-replicating, come in attached to other files.
Worms: self-replication, can spread with no user assistance, enter through security holes in browsers, as attachments, or bad links.
Trojans: do something other than the intended function. Often used as keyloggers for passwords or other personal information.
Bot: receives instructions from 3rd party, not always malicious.
Spyware: collects personal information.
The good news is that most threats can be prevented. You’re taking the first step here today – you’re learning about what’s out there and how to protect yourself. Practicing safe computing means taking a look before you leap or think before you click attitude. Or, if you prefer, we can apply “Trust but Verify”. We’re going to cover some of the ways you can protect yourself.
The number one thing you can do to keep your computer safe is to keep your computer updated. For most people, that means turning on automatic updates, keeping your software updated, and making sure you’re using the latest version of your operating system. This is true regardless if you’re a mac, windows, or other OS user.
Beneficial for most users, but pick ONE. You can pay for an anti-virus, but there are some good free versions out there. I personally use a free version, but you can read the reviews and
Install an ad blocker. I use Ublock origin, but there are others. You can disable it on a page-by-page basis, and, as a head’s up – if your page is loading weird, try disabling it.
Preferably automatically – save everything on a networked drive if your institution offers that service. There are many services for cloud backup, but both Windows and Mac offer built in tools to automate backups. I always recommend that important data, like family photos, are backed up in several places. If your computer is compromised for any reason, you won’t lose everything if you have it backed up.
Passwords are imperfect. The easier they are for us to remember, the easier they are to hack. However, for the time being, they are a big part of our world. So you need to learn to use good passwords!
Avoid dictionary words or identifying personal information.
Use mixed character sets.
Different passwords for different places
Consider using a password manager, such as LastPass, for an added layer of security.
I have a couple of links here for reviews of password managers. There are many options out there, but they way they work is that you can store all of your passwords in an encrypted database, so that you only have to remember a singular master password. I personally use LastPass, which has a mobile application and browser plugins, but there are many other options available. Most password managers will also generate good secure passwords for you.
How many people have heard of two-factor authentication?
The way it works is once it is enabled on say your email, when you enter your password, you will also need to provide a code. The code could be texted to you, or generated by an app like authy or the google code generator. Two factor authentication makes it very difficult to gain access to your private information unless someone also has your phone.
Password protect!
Face recognition?
Fingerprint?
Anti-Virus?
Track the device if it’s lost
Even better if you can remotely disable
You can use a website like https://hacked-emails.com/ to see if your email has been attached to accounts known to have the passwords leaked. If the answer is YES – don’t panic. Change your password on the hacked site, and change your password on your email.
False friend requests, phone scams, craigslist, dating, etc. Be suspicious – don’t click links that seem off or too good to be true. Also – don’t be ashamed if you are tricked – remember it happened to former CIA director John Brennan.
A very common attack on Facebook and similar social media networks is to get a friend request from someone who is already your friend. The second request is from someone who is NOT your friend, but has taken their photo and is going through their friends list and adding each one. The next thing they usually do is private message the friends, saying they need help, please send money.
When you get a request like this, a) do not friend the second profile b) check to make sure your friend knows and report the fraudulent page and, most effectively, c) go to your privacy settings and make it so only you can see your friends list. This means that even if a malperson gets access to your page through spoofing or other means, they won’t know who your friends are, effectively ending their scam.
You have probably seen warnings from IT not to believe emails telling you that you need to change your password. Spoofers are getting really good at sending emails that seem real. One trick is to look closely at the email address of the sender, and ensure it doesn’t have anything odd or misspelled.
Websites can also be spoofed. The URL of this website is NOT www.facebook.com – and if you were to put your username and password in here, the
The FBI estimates that between October 2013 and August 2015, email spoofing cost American businesses over $1.2 Billion
Okay. This is the part of the presentation where I get to scare you. I have more bad news for you… everything you do online is tracked. A lot of what you do in real life is tracked too.
Credit Cards
Phone GPS
What is done with this info? Mostly it’s used to sell you stuff. If you google something, you’ll see ads for it or competition.
Target story
Good rule of thumb is that if you aren’t paying for a service, you’re the product.
Many social networks and Internet-based tools (such as search engines) don’t require you to pay any money to use them. However, the Internet companies that run these services are often allowed to collect and sell information generated by your public Internet activities while using them (though, before you panic, this does not include sensitive identity and financial information). These include links that you click on, keywords that you search for, information that you post in public spaces (such as public profile information or status updates)… even your Internet address, which can be used to figure out where you are in the world, is fair game. This is why you will sometimes see advertisements on websites for products or services that have something to do with other places that you have been or other things that you have done on the Internet.
Deleting various elements of your Internet browsing history can hamper this process somewhat, as can using privacy-friendly custom Internet browsers and search engines
”In 2013, research company Gartner predicted more than 26 billion connected devices will be in use by 2020.” (Massis)
Currently, we’re estimated to be using about 8.4 billion. http://www.gartner.com/newsroom/id/3598917
Sometimes these features are useful. Using data, you can learn about books or music or other products that you might never have found otherwise. So it’s a balance – you can choose to sacrifice privacy for convenience, that’s a personal decision for you to make. When making these decisions for your patrons, if possible, give them options. For example, if your ILS allows them to save their patron record, if possible, make that an opt-in option, so they (in theory) can read about the risks associated with that.
If you’re concerned about privacy, there’s some tools you can use.
1. Be extra mindful of privacy when using social networks. They can’t use or sell what you don’t post.
Many popular Internet browsers have a “private browsing” mode, but it doesn’t protect your privacy on the Internet as much as many people assume that it does. “Private browsing” simply deletes all Internet tracking records (such as your browsing history, cache, and cookies) from your computer when you close your browser, but only for that browser, and only for that session. In that sense, “private browsing” really only protects your privacy from other people who use your computer and Internet browser.
What “private browsing” doesn’t protect your privacy from are entities that track and collect information about your Internet activities while you’re still browsing. These can include governments, website owners, data collection companies, and even some overly-nosy individuals. If you really want to make your online activities private, consider using a custom private Internet browser that uses technical tricks to block or interfere with data tracking and collection. A few choices include Epic Privacy Browser, T.O.R. (The Onion Router), and Comodo Dragon.
We just mentioned that many search engines trade being free-to-use for the ability to track, collect, and sell publicly-generated Internet data. Well, there are some search engines that don’t do this. They remain free-to-use while finding ways to make money that don’t involve spying on what you search for and selling that information to others (such as non-targeted advertising and donations from supporters).
Also, because these search engines don’t keep track of what you search for, you won’t get different search results if you search for the same keywords multiple times. This is something that can happen with more common search engines, as they use your past search terms to predict what kind of results you might want to see in future searches.
Some popular “private search engines” include DuckDuckGo, StartPage, and Disconnect Search.
You can also use an app that encrypts your text messages, like Signal, especially recommended for Android users.
If you’re really concerned, you can pay for or set up a VPN, a Virtual Private Network, to help disguise your internet activity.
Libraries have been dealing with privacy issues for a long time, well before the Patriot Act.
What are some things libraries can do to help protect patron privacy?
Work with Powers that Be (IT, etc) to make sure all software is kept up to date.
Get a good Antivirus software suite for your institution, and make sure it is set up to scan every USB plugged into it.
Make TOR available on public workstations (but not the default browser)
Clear all patron data after every session
Offer sessions to learn about privacy and security issues