There have been multiple stories in the media about what Yahoo is doing with some of its email users.  If you use Yahoo email, you may have already experienced this.

In what it claims is a limited test, Yahoo is preventing some of its Yahoo email users from getting to their emails if they’ve got ad blocking software turned on.  Yahoo may think this is an important business model.  Yahoo Mail users might think otherwise.

Individuals should have the ability to use or not use ad blocking software.  Many online entities alert users that they won’t be able to gain access to the content if ad blockers are on.  That kind of “heads up”alert allows individuals to decide if they want to either turn off their ad blocking software to gain access or to go to another site — but at least it’s the users’ option.

The Yahoo experiment doesn’t give users this option.  For that, and other reasons, Yahoo has earned “boos” from a consumer viewpoint.

Identity theft issues are complex and difficult to resolve.  Tax related identity theft is even more complicated with terrible ramifications for its victims.  The IRS has announced a new procedure that will provide some help to taxpayers whose Social Security Numbers and names are stolen and used on fraudulent tax returns.

Victims will be able to obtain a copy of the fraudulent tax return; it will be redacted but will still give victims more information than they currently can obtain.

I’ve written about this new procedure in a blog that was published on November 18th in the Huffington Post.  It’s under the “Crime” subheading in the “News” section.

The link for my blog is:

While I hope no one ever needs this information, it is helpful to have.

People still like sending postcards which is the innovative service provided by the online service Touchnote.  Registered users send digital photos to Touchnote which then converts them into hard copy postcards that get sent to individuals designated by the registered user.

Touchnote learned on November 4th that it had been hacked.  As reported by Graham Cluley, Touchnote sent an alert to its registered users warning them of the hack and strongly recommending that they change their Touchnote passwords (; “Touchnote hacked –tells users to reset their passwords”; November 6).

Per the Touchnote email alert (reprinted in Mr. Cluley’s report),  hackers accessed users’ names, email and postal addresses, and their order histories.  Touchnote doesn’t store credit and debit card numbers, or their expiration dates or security codes.  Additionally, Touchnote encrypts users’ passwords and doesn’t reveal them in plain text. Nonetheless, Touchnote still strongly recommended that users pick new passwords.

Touchnote also recommended that users keep close tabs on their credit and debit card statements.  That and changing passwords is always sound advice when this kind of hacking occurs.

There had been rampant rumors that Snapchat’s recently updated Privacy Policy gave the company ownership of everything its users were posting.  This would have included photos, videos and text messages.  Nitish Kulkarni wrote a very helpful article that dispelled these rumors (“Snapchat Responds to Chatter about Privacy Policy Change”;; November 1st).

The article included Snapchat’s public statement that “Snaps” and “Chats” users send to their friends are still private — just as they were prior to the revised Privacy Policy.

It always pays to read a company’s revised Privacy Policy.  Sometimes there are key changes that users need to know; sometimes those changes are misinterpreted and create a swirl of rumors that aren’t true.  This is an instance where those rumors are happily not true.  So Snapchat users still keep control over the content they post.

I want to share with you an informative and timely article a friend sent to me.  The article is by Zack Whittaker for Zero Day; Mr. Whittaker wrote recently about the vulnerability of Android devices due to a newly discovered security flaw found on Long Term Evolution (LTE) mobile networks.  LTE is also referred to as 4G.

In his article, Mr. Whittaker discussed a recent alert from researchers with Carnegie Mellon; that alert was based on the LTE vulnerabilities discovered by Korean researchers (‘All Android devices’ vulnerable to new LTE security flaw”;; October 16th). The flaws could permit hackers to eavesdrop on conversations, create false billings and generally invade users privacy.

The security issues are described in detail in Mr. Whittaker’s article as well as in the alert issued by the Carnegie Mellon lab ( T-Mobile customers may have already been affected but a spokesperson for that company has said the issue has been resolved.

Apple products are not affected by the LTE flaw.

Mr. Whittaker’s article and the Carnegie Mellon alert provide a timely “heads up” to consumers using Android devices.  Hopefully there won’t be any adverse impact.  However, consumers should be aware of any issues with their bills and any alerts issued by AT&T and Verizon.

Congressman Gerry Connolly announced in a recent congressional hearing that he was among the millions of current and former federal employees whose personal data was stolen when the OPM systems were hacked.  Moreover, as Jack Moore reports, Congressman Connolly stated he’s learned that within the last several days thieves tried opening new credit cards in his name using his stolen personal information (; “Congressman: OPM Hack Data Being Used to Attempt Identity Theft”; October 6).

How did the Congressman learn about this attempted identity theft?  He said that he was contacted by one bank after thieves tried getting the credit card.  Mr. Moore wrote that OPM, the FBI and the intelligence community each said there hasn’t been any evidence of the OPM stolen data being fraudulently misused.

However, Congressman Connolly disagrees based on his own experience.  After hearing from the one bank, he then contacted one of the identity protection companies OPM has hired to help track misuse of the stolen data.  That company told the Congressman about the two attempts at the other banks — with the three banks being all around the country.

The Congressman’s experience is chilling news for the millions of federal employees impacted by the OPM hacks.

The FBI has posted an excellent Public Service Announcement (PSA) about the risks of cyber crime in the ever expanding world of the Internet of Things (IoT).  Their PSA is titled “Internet of Things Poses Opportunities for Cyber Crime”; it’s Alert Number 1-091015-PSA and can be found on their Internet Crime Complaint Center website (

Very briefly, their PSA provides:

  • a very good explanation of the the kinds of devices that are encompassed in the IoT;
  • a discussion of the types of IoT risks that exist;
  • examples of the kinds of IoT risks and incidents that consumers  might experience; and
  • nine separate recommendations about ways in which consumers can protect and defend themselves against such cyber crimes.

The PSA is a handy guidance sheet to have.  I recommend consumers reading it and following the practical recommendations being provided.

Here’s yet one more example of the “if it seems too good to be true, it is” type of scam.  Graham Cluley recently wrote about this scam that’s been appearing on a bogus Facebook page (; “No, British Airways isn’t giving away free flights for a year.  It’s a Facebook scam.”; September 8th).  Hopefully it will be removed soon by Facebook security staff.

This is an especially appealing scam right after Labor Day.  People are going back to work and might already be thinking about when they can next take a vacation.  This scam plays right into those feelings.  Mr. Cluley posted a screenshot of the fake Facebook page — it looks very realistic.

How to get the year of free flights? Mr. Cluley notes that the bogus website page says people can do so by sharing a photo of themselves.  As Mr. Cluley wisely advises  — don’t do it!  He cautions that doing so could result in unwanted spam messages or   “…dodgy links that could lead to a malware infection or your account being phished.”

So avoid this scam or any variations of it on Facebook or elsewhere.

I’m very pleased that the HuffingtonPost published a blog of mine today.  I wrote about the efforts being undertaken by librarians and the American Library Association to address key issues at the intersection of privacy and technology.

The blog can be found at the following site:

Feedback and comments are most welcome!

Those of you who use Spotify will want to make sure you read and understand its Privacy Policy.  As Paul Ducklin reports, Spotify has had to explain what it really was going to be doing with users’ information (; “Spotify explains its new “give us your data” policy”; August 24).

As Mr. Ducklin writes, there was understandable concern about Spotify’s original Privacy Policy.  As written, Spotify’s policy seemed to say it would  start collecting information from and about users that it hadn’t done previously.  The policy also implied Spotify would do so without having to ask users’ permission before doing so.

Spotify’s executive issued a fast “no that’s not what we will be doing” message as soon as the confusion and concerns were raised.  In their message, included in Mr. Ducklin’s article, Spotify clarifies their Privacy Policy.  Yes, they reserve the right to gather up information they hadn’t done before (e.g., photos, mobile device location) but would not do so without having asked for, and gotten, users’ express permission before accessing any of this data.

That’s a welcome clarification.  As Mr. Ducklin notes in his article, just another reminder that individuals need to be on the alert for updates and changes to a company’s Privacy Policy.


Get every new post delivered to your Inbox.

Join 75 other followers