Digital Citizenship

Digital technology is changing the way in which society is operating and the ways we live our lives. Everyday, there is new ways to work and to play, new methods of interacting with one another. As our digital footprint grows exponentially, we are forming our own online identities.

Digital security is the protection of this online identity. Criminals are finding new ways to operate and steal information from digital users for their own personal gain. Digital security is an all-encompassing term which includes the tools you can use to secure your identity, assets and technology in the online and mobile world.

These tools you can use to protect your identity include anti-virus software, web services, biometrics and secure personal devices you carry with you everyday. Devices such as a smart card-based USB token, the SIM card in your cell phone, the secure chip in your contactless payment card or an ePassport are digital security devices because they give you the freedom to communicate, travel, shop and work using your digital identity in a way that is convenient, enjoyable and secure.

consumerreposrt.org
By Allen St. John
January 17, 2018

While there’s plenty of uncertainty in the air in the early days of 2018, here’s one thing that’s a sure bet: Keeping your personal data private and secure will be even more of a challenge.

In 2017 we learned that hundreds of millions of consumers had been affected by big data breaches at Yahoo, Equifax, and Uber. Hackers and malware harmed individuals, too, through ransomware and other attacks.

At the same time, marketers continued to get better at intruding on your digital privacy in 2017, finding ways to collect and monetize the personal data that you generate every day as you navigate the web, use your phone, and even watch TV. And the monetary incentives to target your personal data—whether legally or illegally—won’t be any different in the months to come.

However, there are quick and easy changes you can make yourself, right now, to protect your digital privacy. And as more consumers take these steps, the more it tells companies that privacy matters.

Here are five simple strategies to boost your digital privacy and security in 2018.

Update Your Devices
One of the easiest and most effective ways to protect the security of your computers and mobile devices is to keep the software up to date, says Maria Rerecich, director of electronics testing at Consumer Reports.

Updates help manufacturers patch security vulnerabilities quickly. Just this month, for example, Apple, Microsoft, and others said they’d released fixes for the Meltdown and Spectre security flaws that affected millions of laptops and other devices.

After installing an update, it’s a good idea to double-check your digital privacy settings to make sure nothing has changed in the process. To do that, look in the Settings or System Preferences menu on most digital devices.

While phone and computer manufacturers are usually vigilant about informing you of updates and even offering you the chance to automatically update your devices—a smart option—that’s not always the case with devices such as routers, security cameras, and baby monitors. So take a moment every few months to check for software and firmware updates for those items. (For instructions on how to launch updates, search online or check the user’s manual for the device.)

Use Two-Factor Authentication
What if you could find a way to make your password all but useless to a hacker? That’s what two-factor authentication does. Instead of relying solely on a password, user accounts secured by two-factor authentication require an additional level of proof of ID before granting access.

This may involve the use of a physical device (like your phone, a card, or a fob) or some biometric marker (like a fingerprint, a voice print, or facial recognition).

How Two-Factor Authentication Typically Works
When you log in to an account on a new laptop or smartphone, you’ll be asked for your password, but once you enter it, you won’t have access to your account. Instead, the website will ask for a one-time code sent by text to your phone. The second “factor” is your phone; without it and the password, you’ll be denied access.

Nearly every major online service offers some form of two-factor-authentication as an option. (Netflix is a notable exception.) To find out how to enable it, just search for “two-factor authentication” online (or “2FA,” for short) with the company name, such as Amazon, Apple, Gmail, or the name of your bank.

Freeze Your Credit
There’s not much you can do to stop the next data breach, but you can minimize the financial risk with a credit freeze, says Justin Brookman, privacy director for Consumers Union, the policy and mobilization division of Consumer Reports.

That prevents most lenders from looking at your credit history, which keeps them from issuing a credit card or approving a loan to an unauthorized party.

The one problem is that a freeze also locks out vendors you are doing business with. That might include obvious ones—like a mortgage lender or a carmaker’s finance company—and not-so-obvious ones—such as a cell-phone company or even a potential employer.

You need to initiate a freeze with each of the four major credit services: Experian, Equifax, TransUnion, and the lesser-known Innovis. And when you do file an application that requires a credit check, you’ll have to contact them individually to lift the freeze.

There’s a small charge, $2 to $12, to place a credit freeze, but Equifax is offering the service free until Jan. 31. (Identity-theft victims can sometimes get it free elsewhere, too.) And consumer advocates, including Consumers Union, are fighting for legislation that would make it easier—and cheaper—to freeze your credit with all of these companies.

Install a Password Manager
A password manager is essentially a virtual vault that creates and then stores complicated, hard-to-hack passwords for all your online accounts, letting you access them with one simple-to-remember password.

Dashlane, 1Password, KeePass, and LastPass are among the most popular password managers, and they’re either free or inexpensive ($2 to $5 a month).

Using a password manager certainly beats using “Password2018” for everything and hoping for the best. But what if you’ve got a slew of accounts, each with its own less-than-secure password? While password managers are superb at helping you generate an effective new password and remember it, they can’t automatically replace all your existing passwords.

To lock down all your accounts, you have to log in to each one individually, opt to change your password, and then let your password manager do the rest.

If that sounds like a colossal headache, try triage. Focus on your most important accounts—your e-mail, bank, and healthcare accounts—and change the rest whenever you log in to them. Before winter’s over, all your accounts should be secured with new, stronger passwords locked away in your password manager.

Make Privacy a Priority
There’s a lot to be said for choosing strong privacy protections whenever you sign up with a fresh online service or set up a new device.

Some of these settings can protect you from hackers. But they can also slow the erosion of your digital privacy that happens when tech companies collect and share information.

After all, retailers and social media companies rely on consumers to volunteer information. But just because they ask doesn’t mean you have to answer.

As one example, look in your smartphone settings at what permissions each mobile app is asking for. Does it want access to the phone’s microphone? Location data? Your contacts? If you’re not sure why an app needs that information to function, turn off the permission. If that keeps the app from working the way you want, you can always switch it back on later.

Using strong digital privacy settings will help preserve your privacy while encouraging good behavior, says Jessica Rich, vice president of consumer policy and mobilization at Consumers Union. To do this, “opt out of data collection and choose companies that compete on privacy,” she says.

Rich also suggests letting others know that the issue is important to you.

For instance, tell customer-service reps, and mention the issue in online surveys. Companies take customer feedback seriously, and if they get enough complaints about tracking, data breaches, and other privacy problems, they just might change the way they do business.

Your Life on the Internet

Liz Soltan from digitalresposibility.org put together a nice and clear bullet list of what to and not to share on the internet in order to keep certain things private and safe.

The classic piece of advice on online posting is not to share anything you wouldn’t want your grandmother to see. (As more and more members of Generation What’s My Password Again? join Facebook, this concern may be all too real.) More than that, though, you should consider what you want a potential employer or college admissions officer to glean about you from your online presence. Make your online presence work for you, not against you. Employers and admissions officers report that the internet can be a good place for applicants to present their talents, professionalism, and sociability.

• Assume that nothing you share online is private. After all, it’s only private until the person you’ve shared it with (or a hacker) makes it public.
• Don’t post on forums using your real name or real email address.
• Actively keep tabs on your privacy settings.
• Don’t post when you’re upset. Keep in mind that everything you put out there on the internet, even into seemingly private realms like emails and Facebook messages, is impossible to take back. Limit your venting in emotional moments to less permanent means of communication.
• Check yourself. Everyone else is googling you, so you should get in on the action. Don’t forget to monitor photos and information about you that friends post. Then, clean up accordingly.

In general, spoofing is the act of masking or impersonating another’s identity online or through other digital media. Spoofing activities can range from obnoxious nuisance to deeply nefarious.  Creating a fake Facebook profile using the information of some guy you went to high school with to peddle discount Ray Bans is spoofing. Hacking into the data bank where Capital One keeps its customers’ personal information from a masked IP address is also spoofing.

Spoofing is most often financially motivated.  Spoofers attempt to gain access to a person’s personal information including online accounts that may have stored credit card information, bank account information, or even create fraudulent spoofed websites to collect social security numbers and other sensitive personal information.

Spoofers will often target accounts and systems that are not protected by sophisticated security measures.  It is yet another reason to take digital citizenship seriously.

Email Spoofing
Email is one of the most frequently experienced types of spoofing.  Also known as phishing, spoofers that use fraudulent email addresses may request information directly, or may send you to a mock URL that is nearly identical to a popular URL, like the Chase Credit Card login page or amazon.com login.

Spoofers have become very sophisticated, playing off of people’s emotions and fears.  One form of spoofing targets older adults or parents, posing as a person’s young relative and asking for money to get out of trouble or to help with an urgent medical or legal challenge.  “Grandma, I am in trouble. Please send me $500 using this link as soon as you get this. And don’t tell my parents, I’ll get in trouble.” Another typical spoof is impersonating the IRS. “You owe back taxes in the amount of $2,000.  Remit within the next ten hours or be subject to home foreclosure, earnings withholdings and imprisonment.” These urgent and threatening messages spike people’s adrenaline and motivate quick response before, perhaps, rationally thinking through the situation.

Having good security settings for all of your email accounts can help you avoid being spoofed.  Also, be on alert for any email that seems suspicious. For example, the IRS will never ask you for personal information using your email address.  If you have reason to suspect an email is fraudulent, contact the sender in some other way than replying to the questionable email. Being cautious can save you a significant amount of trouble.

Caller ID
Spoofers are increasingly using caller ID as a way to connect with people who may not otherwise answer their phone calls.  The most common form of spoofing is an out-of-state or out-of-country caller spoofing the area code of the target, as people are more likely to answer calls from a local number.

Caller ID spoofers are often running phone scams, many similar to the examples used above in the email spoofing section.  You may also have been the winner of an amazing trip! Or be coming into a lot of money! All you have to do is give them your bank account and routing number so they can deposit funds directly!

Do not give them your information.  Another word of common advice – if it seems too good to be true, it is.  If the party is asking you to give your personal information like social security number, credit card number, or banking information over the phone, they do not have your best interest in mind.

URL
URL spoofing, as noted earlier in this section, is the creation of a fraudulent website to gain personal information or install nefarious viruses on the target’s computer.  Creating sites that look nearly identical to trusted sites is an easy way to mislead a person into entering user names and passwords. These URLs are most often disseminated through email spoofing.  Again, taking precaution when following links sent in emails is the best way to protect yourself from such deception.

IP Address
IP spoofing is used to change the identity of the computer a spoofer is using.  The fundamental premise of spoofing is using a trusted identity to gain access to the target; IP spoofing is no different.  Using an IP that is familiar to an internal network, IP spoofers will side-step authentication processes, often gaining access to other computers in the network with the trusted identity.     

The most common use of IP spoofing is a Denial of Service attack.  Denial of Service attacks overwhelm a server with traffic requests to the point the server cannot possibly respond to all of them.  The IP spoofing is advantageous to the attacker because they can feign that all of the traffic requests are coming from a unique IP, making it harder for the target server to filter.

Other uses of IP spoofing include the masking of a computer’s identity to remain anonymous when performing any number of illegal activities online.  This is the most sophisticated use of spoofing for broad attacks against networks, companies, even governments.

Catfish and Bullies and Trolls, oh my
Digital citizenship can be used for so many productive, meaning-making, and generative activities.  Being more closely connected to people around the globe is an opportunity that is unique to our generation.  Never before in our history have we had such access to knowledge, networking, and perspectives. We all have a choice in how we conduct ourselves online.  In this section, I am hoping to convince you use your powers for good – and not be a snotty troll.

There are a lot of terms for people who use the anonymity of digital citizenship to cause disruption and to be hurtful to others.   Catfish is a term used for someone who enters into a digital relationship with someone using a false identity. Cyber bullies are those who use the internet to torment and harass people, sending disparaging messages to vulnerable people with the sole purpose to harm.  And then there are the trolls. People who banter, criticize, threaten, and sexually harass from behind a keyboard.

It is important that we all remember that at the other side of every digital citizen is a human being with our same vulnerabilities.  Being an ethical person extends now to being an ethical digital citizen. Over the course of this class, we have explored things like the deep and dark web, privacy, copyright, AI, and other opportunities and issues of the technology age that we are facing for the first time as a species.  It is up to each of us to use our individual actions and influence to create a digital community that is safe and can be trusted by all.