Consumers can thank Julia Angwin and Mike Tigas for getting a company to stop using a hidden cookie.  On January 14th, they wrote an article about Turn using a hidden undeleted number that could be used to track consumers (; “Zombie Cookie: The Tracking Cookie That You Can’t Kill”).  Ms. Angwin and Mr. Tigas posted an update on January 16th letting readers know that following their January 14th article, Turn said it will suspend using its zombie cookie.

What is this zombie cookie?  It’s a hidden number that can’t be deleted.  Verizon uses it to monitor its customers habits on their smartphone and tablets.  Turn was using the Verizon number to respawn the tracking cookies that users had deleted — or rather, that users thought they had deleted.

I wrote previously about this zombie cookie.  Users had complained about getting unwanted ads when they thought they had deleted tracking cookies.  AT&T stopped using the number back in November but Verizon is still using it.

But thanks to Ms. Angwin and Mr. Tigas, at least one more company isn’t using the zombie cookie to the detriment of consumers.


I’ve written several blogs over the years about scams involving fraudulent tax returns.  One of the most common happens when a thieve steals someone’s Social Security Number (SSN), files a fraudulent tax return using the stolen SSN and gets a refund electronically.  The taxpayer whose SSN was stolen learns of her victimization when she files her return in her name and hears back from the IRS that someone has already filed a return with the same SSN.

The Federal Trade Commission (FTC) is hosting a week of activities from January 26th through the 30th devoted to educating consumers about the threat posed by tax identity theft.  They are partnering with several other organizations including AARP and the Treasury Inspector General for Tax Administration (TIGTA).

There will be three webinars offered with the first on January 27th from 2 to 3:30 p.m..  The AARP and TIGTA will be participating in this webinar titled “Tax Identity Theft and IRS Imposter Scams.”

Information about the week of events and the webinars can be found at:  That site provides details for accessing the January 27th webinar as well as providing links to background and informational materials.  FTC tax identity theft  materials can also be found at:

The FTC’s week of events is very timely as it comes at the start of the tax season.  It’s worth consumers time to take a few minutes to look at the site and see which webinar, and what materials, interest them.

What is ransomware and why is it a growing concern for consumers?  Consumers need to read the recent column by Alina Simone to learn more about this scary trend.  Her column described what happened when the latest ransomware virus invaded her Mother’s computer (www.nytimes; “How My Mom Got Hacked”; January 2nd online; January 4th page 1 in Sunday Review).   A virus can corrupt a computer when the user clicks on what seems to be a legitimate attachment or there’s an existing malware on the computer’s hard drive.

I will only summarize Ms. Simone’s lengthy column since people should read it.  Suffice it to say, that she and her Mother  experienced a scary and complicated situation.

As Ms. Simone explained, the ransomware virus locked all of the files on her Mother’s computer.   Her Mother learned this when a message came up on the screen telling her that she had to pay $500.00 in order to have the files unlocked.  The ransom would keep going up and up the longer her Mother failed to pay.  Her Mother’s computer files were held captive by the CryptoWall 2.0 virus.

In her article, Ms. Simone provides details about the steps her Mother tried to do, with her assistance, in order to get the files unlocked.  What made the situation even more difficult?  The CryptoWall thieves wanted to be paid only in Bitcoins.

Her Mother ultimately paid the fine although that was a decision made only after trying other avenues.  Her files were unlocked but only after Ms. Simone went through the complicated process of finding, buying and then sending the ransom in Bitcoins.

Finally, it was discouraging  to read Ms. Simone and her Mother learned — that being, that there doesn’t appear to be a technologically possible way for a consumer to decrypt his or her computer files once the CryptoWall 2.0 virus has encrypted the files.

Just another powerful reminder not to open attachments from unknown sources and to take the time to implement updated security measures.


As 2014 comes to an end, it’s a good time for consumers to be thinking about how to be even safer online in 2015.  Zack Whittaker, for Zero Day, has published his list of the best privacy tools for trying to do so (; “10 best privacy tools for staying secure online”; December 29, 2014).

His list covers an array of services with one common characteristic — they’re all open-source software.  Some of the services are free while others charge fees.  His list includes services about which I’ve previously written, e.g., DuckDuckGo (search engine) and LastPass (password manager).  Others are for encrypted voice messages (Silent Circle which charges a fee).

It’s worth taking time to read his post and it’s easy to navigate.  Just click on each screen shot and then read the short, well written narrative description of each tool.

Best wishes for a happy, healthy and privacy-enhanced 2015!


My “scam filter” is picking up more and more scam emails which is sadly typical for this time of year.  As I’ve written about before, the scammers know consumers are rushed during the holidays and they count on consumers not having the time to check out the validity of the rush of incoming emails.

So this is just a reminder to try and be extra alert during this holiday season.  The Better Business Bureau (BBB) has an article that nicely summarizes the steps consumers can take to protect themselves.  They range from “watch your packages” to “check out a new company or merchant” with whom a consumer might be dealing for the first time.  As for the latter, the BBB article lists the link to their reviews so that consumers can see if a company or merchant is legitimate.

The BBB article is titled “Santa Knows Who’s Naughty and Nice, and So Does BBB”.  It can be found at: and is a handy guide — it’s succinct enough to be read quickly yet provides just the kind of “reminders” so that consumers can try and avoid being scammed throughout the year but especially during the holidays.

As Uber grows in popularity, it is also coming under scrutiny both nationally and internationally.  Senator Al Franken is now looking into Uber’s use of its customers data. He isn’t too pleased with the response he’s gotten so far as Tim Hornyak reports (; “US Senator Al Franken unhappy with Uber answers on user data”).

Mr. Hornyak writes that the Senator sent Uber a list of questions about the ways in which customer data is collected, retained and protected, including geolocation data.  He asked Uber to explain how it’s handling customer data under the “legitimate business purposes” included in the Uber Privacy Policy.

Uber’s General Counsel, Katherine Tassi, responded, in part, that Uber keeps most of the information collected from customers in their accounts and retains that information until an account’s settled after a customer cancels.

It will be interesting to see whether Senator Franken will be able to elicit more specifics from Uber.  Until he does, Uber customers should read or re-read the Uber Privacy Policy to make sure they understand, and are comfortable with, the ways in which their data is being retained and used.

The Pew Research Center has an ongoing Internet Project that looks at an array of technology, privacy and Internet issues from the public perspective.  Pew Research Center recently issued a report as well as a quick WebIQ quiz — both of these caught my eye.

Their report is titled “What Internet Users Know About Technology and the Web.”  In issuing that report (based on a nation-wide survey), the Pew Research Center also posted a short, 12 question “Web IQ Quiz ” that allows Internet users to assess their own knowledge about technology and the Web.

On their website, the Pew Research Center suggests readers first take the “Web IQ Quiz” before reading the full report.  So, with some trepidation, I did just that.  The 12 questions are straightforward and do assess a user’s knowledge about past and current Web and technology issues.  It was very interesting taking the quiz and then seeing where my results placed me among others who had also done so.  How did I do?  I’m happy to say I correctly answered on 10 out of the 12 questions.

I encourage people to find the time to take the WebIQ Quiz and then read, or skim, the full report.  Links to the WebIQ Quiz and the full report can be found at:

Scams happen year round but become particularly prevalent during the holiday season.  Scammers know that consumers are rushed and likely don’t have the time to be as careful as they would like to be.  These thieves also know that consumers are doing more and more shopping online.

All those reasons make a recent alert from the FBI even more timely.  At its website, the FBI’s Internet Crime Complaint Center (ic3) has just posted an alert about which consumers need to be aware.  The alert reports that from June 2009 to June 2014, the FBI’s ic3 got over 6800 complaints from consumers who thought they were buying “big ticket” items from reputable sellers.  The items included cars, recreational vehicles, boats and other outdoor equipment.  Some of these items were listed at serious discounts.

What was the scam?  As the alert outlines, the ads were listed using fake information about payment methods; sometimes consumers were instructed to use a fake Ebay account. Consumers were given the name, address and account number for the scammers bank to which consumers could wire their payments.

What really happened?  No goods, lost money and no recourse.  The FBI’s alert reports that consumers lost over $20 million to these scams in the five year period.

The FBI’s alert is worth reading.  It provides more details about this particular scam as well as the FBI’s tips for avoiding these types of scams.  The alert can be found at:; the alert number is I-111414-PSA; dated November 14th and  titled: “Criminals Post Fraudulent Online Advertisements for Automobiles, Recreational Vehicles, Boats, and Other Outdoor Equipment Leading to Financial Losses in Excess of $20 Million”.


Consumers are seeing more and more ads popping up on their computers and mobile devices.  Sometimes they’ve requested this kind of information but other times they don’t know how or why they’re getting these unsolicited ads.

One way these ads happen is because of unique identifiers in web traffic sent by phones and other mobile devices.  This information can be misused by ad networks to track consumers online activities.  The really bad news is that consumers can’t turn off these types of unique identifiers.  What does this mean? It means ad networks can be tracking consumers regardless of whether consumers have tried to protect their privacy via their privacy browsing settings or being on “Do Not Track” lists.

The good news is that AT&T had been experimenting with these types of unique identifiers but has discontinued doing so. Robert McMillan recently reported that news (, “AT&T Stops Using Invasive ‘Perma-Cookies,’ But It May Turn Them Back On”; November 14).

The bad news is that Mr. McMillan reports that Verizon is still using these unique identifiers.  It would be welcome news if Verizon decided to stop using unique identifiers but consumers should be optimistic about that happening.

Consumers have become accustomed to seeing different icons and seals on company websites.  One of the most reassuring for years has been the TRUSTe seal.  Why?  Because companies displaying that seal did so after having their privacy practices verified according to the TRUSTe requirements about transparency and other requirements.  The latter include the company’s assertions about the options consumers will have about how their personal information will be collected and used.

Now consumers are learning that TRUSTe’s assertions about its own practices have been lacking for years.  TRUSTe has just entered into a settlement with the Federal Trade Commission (FTC).  The FTC had filed a complaint against TRUSTe because of two of its practices that were alleged to be false, misleading and, therefore, deceptive to consumers.

What were these practices? As Lesley Fair wrote in an FTC blog, TRUSTe claimed that companies wanting to display its “Certified Privacy Seal” underwent recertification reviews to reconfirm their privacy practices.  Plus, TRUSTe claimed that it was an independent non-profit, thus making its certifications even more objective (; “The FTCs TRUSTe case: when seals help seal the deal”; November 17th).

Neither was true.  As Ms. Fair writes, the FTC found that TRUSTe hadn’t done recertifications of over 1,000 incidences between 2006 and 2013.  Moreover, TRUSTe became a for profit company in 2008 yet continued carrying the misrepresentation that it was a non-profit entity on recertified websites.

This is sobering news for consumers who often don’t have the time and/or means to undertake their own verifications of a website’s privacy practices.  So can consumers continue trusting the TRUSTe seal and/or other similar seals?  Maybe, but with much more caution and with less absolute trust.



Get every new post delivered to your Inbox.

Join 73 other followers