Here are two staggering Facebook privacy statistics: Nearly 13 million US Facebook users have never set, or don’t know about, Facebook’s privacy tools, and only 37 percent have used Facebook's privacy tools to customize how much information is shared with third parties. That's according to a Consumer Reports survey released earlier this month. Given that there are now over 900 million Facebook users, more than the population of most countries, and given the broad sharing that is Facebook's default privacy setting, those stats strongly suggest a lot of people have some online privacy catching up to do.

A few months ago we highlighted Facebook security settings and how to enable various protections. In this post, we delve more into granular control of your data privacy. By ratcheting down your privacy settings, you can have more control over who can get to your data, helping to keep your social networking experience positive, and potentially preventing problems before they occur.

Protect Yourself

When you log into your account, you can view or modify your privacy settings on a pulldown menu under “Home” on the top right of the page. Here’s what mine looks like:

When you get to the Privacy landing page, you might notice your default settings are set to “Public”, here we update them.

Notice this is targeted at your default sharing options, you can also change them for specific items on the site by using the inline audience selector, but here it’s a good idea to select “Custom” and specify what fits your needs, here’s what’s shown by default:

That’s a little too public for many, so I make the default visibility to “Only Me”, keeping in mind that you can use the inline audience selector to widen the audience of particular data you want to share, but if you don’t, the default will be to keep it more private.

Notice you can also explicitly list people or lists you DON’T want to share things with, a sort of data sharing blacklist, which you may find useful if you opt to share with others but want to restrict certain aspects more granularly. If you select this option you are also presented with a note saying:

That means if you tag someone in a photo, for example, they will be able to view the photo, even though you don’t explicitly opt to share it.

Now let’s look at ways other people can access your profile information. We start by selecting the “Edit Settings” link back on the Privacy Settings page:

The default settings show “Everyone”, shown below:

These default settings are a little too permissive for my tastes, so I ratchet them down like this:

This setting keeps my profile a little more private. Back at the Privacy home page, let’s take a look at “Profile and Tagging” to control how information gets tagged and shared:

Here we can ratchet down who can post to your wall, who can see posts tagged in your profile, and so on. Below is the default:

I would prefer to restrict more content to friends only, so I change it to reflect that preference:

Also, you might want to control who can tag you in their content by enabling “Review posts friends tag you in before they appear on your profile” if you choose to restrict that.

Next we restrict past post visibility, which is a good idea if you’ve had a lot of posts in the past, and you’d prefer more granular control over how that information is shared:

When you edit this section, you are presented with a screen warning you about restricting past posts, warning that since it’s a global change, you may also choose to just restrict specific posts, rather than across your whole profile. Continue past this warning by selecting “Limit Old Posts.” You will be asked to confirm this choice, warning that this change may not be easy to undo.

Next we take a look at “Blocked People and Apps”, a sort of blacklist for specific functionality:

Click on “Manage Blocking” link, which opens the following dialog box:

This functionality can come in handy if you have been getting unwelcome interactions from someone on your friend list. Also, note that once you add a user to your Restricted List, they aren’t notified of the change, which is handy for dealing with potentially pestering friends wanting to know why you’ve changed your settings.

Summary

These are some of the basic protections that will help control the data sprawl of your private information. Of course, Facebook updates its security and privacy settings on fairly regular intervals, so we will provide updates from time-to-time. In combination with our earlier security post, this privacy primer should go a long way toward keeping your social networking safer and prevent problems with your personal data spreading further than you planned or expected. If you find this post helpful, or have any Facebook privacy tips you'd like to share, please let us know in the Comments below.

Read this article:
Millions have not reviewed Facebook privacy settings: Here’s how

To celebrate the release of avast! version 7, we offered a contest on our Facebook page, in which we asked participants to estimate how many active avast! users there would be as of April 30, 2012. Out of the 23,553 avast! users that entered the contest, 8 participants provided us with the PRECISE number of avast! users as of April 30, 2012.

During the contest, we received a few (silly) estimates that ranged from a high of 202,020,302,050,206… down to a negative 156,000,000,000,000. With guesses like that, we didn’t expect 8 people to be so lucky!

Here is a list of the participants who provided us with the exact number and the time and date of their entries:

Among them, Daniel from Maceió, Alagoas, in Brazil, was the first correct participant to respond, with his entry made on March 10, 2012 at 6:50 PM CET.

Daniel, we are looking forward to getting in touch with you, to discuss where you want to plan your holidays!

A few months ago I wrote a fairly short comment piece for Virus Bulletin on how some popular posts to Facebook that invite you to make use of your personal data might be useful to scammers and others as part of some sort of data aggregation attack. An example I included was a popular posting featuring a simple code whereby

the poster, usually female, posts that ‘I’m [n] weeks in and craving [some kind of candy]’.

Our fifth Digital Diaries study “Digital Coming of Age” throws up some really interesting new stats about how todays’ parents perceive their teens’ online activity.

We recently highlighted a security walkthrough on Pinterest.com, the pinboard style sharing website that’s taking the social media by storm. Since then, they’ve continued to grow, and continued to have accompanying growing pains common in organizations with rapid growth. Here we highlight ways they are adapting, changes they are making, and what it means to you.

First, we note that Pinterest, by one account, drives more referral traffic than Twitter, no small feat. We also read that traffic spiked 52 percent between January and February, from 11.7 million unique visitors to 17.8 million, according to a comScore report. On its meteoric rise, it has faced issues ranging from copyright problems to fake gift card scams, and now we are seeing cybercrooks focus squarely on the platform as a delivery method for their scams to potential new/unfamiliar audiences.

The gift card scams start by purporting to offer free goods or services, ranging from coffee gift cards to free iPads. We’ve seen this before with more traditional web-based scams, but here the scam is tailored to Pinterest, coaxing the user to click on the pinned entry and visit endless survey websites before getting the alleged gift card. The twist is that scammers add a step required to “get your free gift card” that includes you re-pinning the original scam, thereby spreading it in your name, seeming to be coming from you instead of the original scammer. From there, some users are encouraged as a final step before getting the gift card, to install software, which would guarantee a steady supply of pop-up ads and other potentially unwanted applications, or worse. While Pinterest has attempted to crack down on these scams, and users become familiar to them and get wise, still the scams are propagating.

Then, there is the issue of copyright. While not strictly a security issue, still users could become exposed to potential violation of copyright of a given work, to the chagrin of more than a few users. It seems that a user is expected to comply with the copyright of a photo they post, for example. But what happens when that same image gets re-pinned, possibly extending its exposure far beyond the scope of the original copyright, a burden which the old terms of service attempted to place on the original poster? That (and other related) policy has been updated with the recently release updated Terms of Service, which you can read here.

Now we see Pinterest has produced an API interface for other apps to interact with the service, so we’ll wait and see if this exposes new security risks or exploits. To address this, other services have enlisted a paid bounty program to reward researchers for finding and reporting issues rather than exploit them, which seems to be effective at Facebook and Google for some time now. Hopefully Pinterest will consider some such program, or crowd-sourced variations, which will beef up the number of security specialists watching for problems – hopefully before they happen.

In the meantime, many users have been caught off guard by the amount of their Facebook information (since you are required to use either Facebook or Twitter account to sign up for Pinterest) which seems to “magically” appear on Pinterest, when they login to the site, especially pins from users whose names are familiar – from the Facebook friend list. One way to ensure that a minimum of information is cross-shared (if you are predisposed to restrict it for security reasons, to protect data sprawl, or otherwise) is to restrict your sharing settings in you Pinterest settings page. By ratcheting these down, you can exercise more control over what portion of your friends’ information that may ooze over to Pinterest, for uses they see fit.

We’ll continue to keep an eye on the security stance of the service as it continues to expand. But the usual advice applies: watch for offers that look “too good to be true”, and use a more minimalist approach to sharing and cross-sharing across your friends/contacts from various social media. You’ll be glad you did, and so will your friends, whose information may be more well-protected against data sprawl, and its accompanying problems.

Go here to read the rest:
Pinterest security update

Monday, the FTC released a report publishing principles and recommendations for consumer privacy. The report, “Protecting Consumer Privacy in an Era of Rapid Change” (summary and full report[PDF]) provides what the FTC considers best business practices around privacy. These best practices are not regulations, but they are intended to serve as guidelines for legislators in drafting privacy regulations. And they can also serve as a framework for the federal government’s own privacy policies and personal data practices.

At the core of the report, and in broader privacy circles, we see discussions center around three foundational elements of privacy: knowledge, consent, and control.

1. Knowledge. The collection and use of information should be transparent. Consumers should know what is being collected, how it is being collected, how it is being used, and how it is being shared.
2. Consent. Consumers should be presented with a mechanism for agreeing to these practices. The recommendations did not mandate an “opt-in” versus “opt-out” approach: whether the default policy if the consumers don’t take any specific action would be not to collect (“opt-in”) or to collect (“opt-out”). But the report does advance the notion that it is insufficient for organizations to provide an all or nothing approach, where conditions on use of a service or product requires you to submit to full data collection.
3. Control. Consumers should have choices as to whether and to what degree, to participate in data collection, and how that data could be used; and companies should make those choices simple for consumers to understand and to execute.

Consumer attitudes about privacy and data collection is undergoing a fundamental change, driven by online data collection practices. Historically in the US, businesses have traditionally been given broad latitude in their actions as long as they are not fraudulent or deceptive. However, we’re witnessing a full 180-degree turn in consumer attitudes, which is what’s behind the FTC’s actions. Consumer concern over personal data collection and use by businesses is reaching critical mass, and it’s driven by concern over Internet powerhouses such as Google and Facebook, mobile carriers and ISPs, and  the shadow worlds of online advertising networks and data brokers. Restraints on businesses over their privacy practices are inevitable.

Unfortunately, not all the consumer privacy news these days is good. More about that in my next post.

Read the original:
Privacy Gains: The FTC Begins Move To Protect Consumers Online

The RSA Conference – the largest gathering of security vendors and the companies who buy their products – was held in San Francisco last month. Avast was in attendance, and I had the pleasure of moderating a panel on mobile security. Mobile security was also one of the top topics permeating the entire event. What I heard on the panel and throughout the conference, and what has been reinforced from my discussions with analysts and consultants to businesses, should have you all pretty worried.

The good news is that businesses want to embrace employees use of mobile phones and tablets. And it’s not just the biggest companies doing so: even small businesses are eager adopters of mobile technologies. After all, employees are more accessible and more productive when they can use their mobile devices for work. However, these are your devices; they are not the company’s and shouldn’t be treated as such. And that’s the challenge.

Businesses have legitimate concerns that these devices are inherently insecure, and that consumers don’t always secure their devices to the same level businesses do their PCs. They are also concerned about all the corporate data that these devices contain or can access, and that their loss or theft can compromise a company. And they are concerned that people will misuse their access to this data now that it’s on their person device.

The problem is that businesses want more security and control over your phone then they should have or even need: even more control than they have over the PCs they provide you.

• Because there are malicious apps, they want to keep a catalog of every app you install and be able to remove those applications without prior notice to you.
• Because mobile devices can hold private corporate data, they want the ability to wipe all data on your phone, also without prior notice to you.
• Because you could potentially misuse the phone by transferring corporate data between a business app (like email) and a personal app (like Facebook), they want to be able to monitor everything you do on that phone: your call logs, your text messages, all your social networking activity, all your browsing activity.

This blatant company disregard for employees’ privacy and property all in the name of security has gotten completely out of hand. One product that was given prominent attention at the conference basically rooted your device to put a monitoring and management layer underneath the operating system. Besides taking any semblance of control of your device away from you, this procedure would likely lead to voiding the warranty for many of your devices, especially Apple devices.

Using your mobile devices for work purposes should not require you giving up all your privacy rights or giving your company effective ownership of your device, without having to pay for it. If your company is letting you use your phone or tablet for work purposes, especially if it’s for more than email, then you should take a close look at your organization’s mobile policies – not just for what you should or should not be doing, but for what your company could be doing.

Read more here:
The Latest Threat To Your Mobile Phone: Your Employer

We at AVG pride ourselves on our Facebook community, which at over 800,000 members is one of the most active and helpful communities around. To recognize the people that are busy making the AVG community a great place to come and chat or get help for whatever you may need, we came up with our monthly Community Awards. The members which are the most helpful and supportive we reward with special AVG VIP status. So without further ado, here is one of our most recent AVG VIPs, Varun Parvatikar.

The AVG Community at Facebook is awesome! Me and thousands who use AVG share information about the digital world and online safety! We even help other people who’re new to AVG or having trouble using it! AVG rewards us with monthly Community Awards and promoting to VIP Status for the most helpful. I am Varun Parwatikar, Currently a VIP in the AVG Community!

I am college going boy and I use my PC everyday. I’ve used AVG for 4 years and I am huge fan of it! I just liked the AVG page and started helping others who have any issues using it. AVG has awarded me four community awards so far and now I have reached VIP! I just love spending my time on AVG community and helping people!

I download hundreds of new applications, music, videos and games so I use AVG for my safety online and offline! AVG has kept me safe for years now, eliminating all the threats and Malicious links!

The Digital world is no longer safe and hence I use AVG Internet Security and surf, chat, play and download with confidence that AVG is always with me!

I recently bumped into a colleague who mentioned his 20-something daughter regularly changes her online screen names to essentially prevent herself from building a long-standing reputation online. Her profile picture on Facebook, for instance, is deliberately obscure and not searchable using her full name.

We at AVG pride ourselves on our Facebook community, which at over 800,000 members is one of the most active and helpful communities around. To recognize the people that are busy making the AVG community a great place to come and chat or get help for whatever you may need, we came up with our monthly Community Awards. The members which are the most helpful and supportive we reward with special AVG VIP status. So without further ado, here is one of our most recent AVG VIPs, Sharath Kulkarni.