Want Increased Control Over online Communications? Consider Wickr

July 9, 2012

If you’re tired of having your personal information, conversations, photos, texts, and video messages exploited by companies, used to embarrass you by frenemies, or pawed over by data collection services, Wickr’s an app worth considering.

The company’s founders have the credentials and the right motivation to build a tool that puts control of your communications squarely – and simply – in your own hands.  Kara Lynn Coppa, is a former defense contractor; Christopher Howell, is a former forensics investigator for the State of New Jersey; Robert Statica, is a director at the Center for Information Protection at the New Jersey Institute of Technology; and Nico Sell, is a security expert and longtime organizer for Defcon, an annual hacker convention.

Responding to questions during an interview, Ms. Sell said, “Right now, everyone is being tracked and traced in ways they don’t understand by numerous governments and corporations,” “Our private communications, by default, should be untraceable. Right now, society functions the other way around.”

Continuing, Ms. Sell said, “If my daughter wants to post a picture of our dog, Max, on Instagram, she shouldn’t have to know to turn the geo-location off,” “People have always asked me ‘How do I communicate securely and anonymously?’ There was never an easy answer, until now.”

Mr. Statica added to this point saying “There is no reason your pictures, videos and communications should be available on some server, where it can easily be accessed by who-knows-who, or what service, without any control over what people do with it.”

Amen to these views.

So what does Wickr offer?

Encrypted messaging – all messages – text, photos, video and audio – sent through the service are secured “by military-grade encryption… They can only be read by you and the recipients on the devices you authorize,” Wickr only stores the encoded result – and only for as long as needed for system continuity.

Self-destruct option – allows you to determine how long the people you communicate with can view the content – text, video, photos – before it is erased. (Recipients can however still capture a screenshot of the content, but the team behind Wickr is looking for ways to notify the sender if a screenshot is taken).

Total phone wipe – one of the risks of recycling cellphones is that you can’t easily erase the phone’s hard drive which enables criminals (and forensic investigators) to recreate your content. Wickr addresses this issue with an anti-forensics mechanism that erases deleted content by overwriting the metadata and rendering indecipherable.

Anonymity on Wickr – the service takes your privacy so seriously they don’t even know your username, you aren’t forced to share your email address or any other personal information that could identify you to the service or to others. Instead, your information is “irreversibly encoded with multiple rounds of salted cryptographic hashing prior to being sent to our servers. Even we cannot determine the actual values based on the hashed values we store.”

Free to use – you might think a service like this could put a hefty price on your privacy, instead the company has chosen to use the “freemium” business model that charges only for premium service features like sending files to large groups or sending large files.

NOTE: I am not associated in any way with this app, nor do I know any of the individuals behind it. While it’s rare I endorse a product, the philosophy behind the service is fabulous, and the tools are something every consumer needs to protect themselves and their privacy.

The next step is for every consumer to demand this same level of respect and security of EVERY online service with whom they interact. 

Want to learn more? Read Wickr’s FAQ




9 Tips for Staying Secure Online – Infographic

May 1, 2012

This infographic by ReversePhoneLookup.org has some great data points – including the sobering stat that 16% of consumers who create passwords still use a person’s first name – but I especially like their 9 tips for staying secure online.

Check it out:

Online Security


New Online Safety Lesson: What does data privacy mean to you?

January 30, 2012

The 9th installment in the lesson series I’m writing on behalf of iKeepSafe, is timed to coincide with Data Privacy Day. This week, more than 40 countries will celebrate Data Privacy Day. It is a day designed to promote awareness about the many ways personal information is collected, stored, used, and shared, and education about privacy practices that will enable individuals to protect their personal information.

To view and use this lesson, the companion presentation, professional development materials, and parent tips click here: What does data privacy mean to you?


Google’s WiFi Data Collection Larger than Previously Known

November 1, 2010

Google violated Canadian law when it collected personal information from unsecured WiFi networks while photographing buildings and homes as part of its Street View mapping service.  “Our investigation shows that Google did capture personal information — and, in some cases, highly sensitive personal information such as complete e-mails. This incident was a serious violation of Canadians’ privacy rights” said Canadian Privacy Commissioner Jennifer Stoddart in comments last week.

This story began to unfold last May when Google admitted they had “collected only fragments of payload data” from unencrypted wireless networks. That news prompted a flurry of inquiries from privacy officials across the globe and under inspection by external regulators have inspected the data as part of their investigations, at which point whole e-mails, URLs, and passwords were discovered.

According to Alan Eustace, senior vice president of engineering and research at Google, while most of the data collection was “fragmentary, in some instances entire e-mails and URLs were captured, as well as passwords,” adding the company is “mortified” by what happened and wants “to delete this data as soon as possible.”

Commissioner Stoddart asked Google to do four things before she would consider the matter closed: instigate a governance model to ensure that privacy is protected when new products are launched; enhance privacy compliance training among all employees; designate an individual responsible for privacy issues; and delete the Canadian data.

In response to concern, Eustace announced that Google has put several changes in place since discovering the problem.

  1. They have appointed Alma Whitten to serve as Google’s director of privacy across privacy and engineering. “Her focus will be to ensure that we build effective privacy controls into our products and internal practices. Alma is an internationally recognized expert in the computer science field of privacy and security. She has been our engineering lead on privacy for the last two years, and we will significantly increase the number of engineers and product managers working with her in this new role.”
  2. Second, Google will enhance its core privacy training for engineers and other groups, like product management and their legal department “with a particular focus on the responsible collection, use and handling of data,” Starting in December, all employees will also be required to undertake a new information security awareness program, which will include clear guidance on both security and privacy.
  3. Finally, Google said it will improve their existing review system. Going forward, “every engineering project leader will be required to maintain a privacy design document for each initiative they are working on” that will detail how user information is handled and this document will be reviewed regularly by managers and an independent audit team.

“We believe these changes will significantly improve our internal practices, and we look forward to seeing the innovative new security and privacy features that Alma and her team develop,” Eustace concluded.

The furor is directed at an add-on project being run by Google Street View cars. In addition to taking photos for the Street View project – which itself has come under heavy international criticism for violating consumer’s privacy – the cars were collecting information on wireless networks including their MAC addresses, to use in building a database of them in the future.

According to Google, an engineer’s experimental code was inadvertently included in the software used to gather the data. “He [the engineer] thought it might be useful to Google in the future and that this type of collection would be appropriate,” That resulted in the gathering of “payload data,” from personal unsecured wireless networks that included complete e-mails, e-mail addresses, user names and passwords, names and residential telephone numbers and addresses, health details, and other personal information.

Excerpts from the Commissioners Report: (Underlines added)

The engineer involved included lines to the code that allowed for the collection of payload data. He thought it might be useful to Google in the future and that this type of collection would be appropriate.

This code was later used by Google when it decided to launch a particular location-based service. The service relies on a variety of signals (such as GPS, the location of cell towers and the location of WiFi access points) to provide the user with a location. Google installed antennas and appropriate software (including Kismet, an open-source application) on its Google Street View cars in order to collect publicly broadcast WiFi radio signals within the range of the cars while they travelled through an area. These signals are then processed to identify the WiFi networks (using their MAC address) and to map their approximate location (using the GPS co-ordinates of the car when the signal was received). This information on the identity of WiFi networks and their approximate location then populates the Google location-based services database.

Google’s future plans for its location-based services

Google still intends to offer location-based services, but does not intend to resume collection of WiFi data through its Street View cars. Collection is discontinued and Google has no plans to resume it.

Google does not intend to contract out to a third party the collection of WiFi data.

Google intends to rely on its users’ handsets to collect the information on the location of WiFi networks that it needs for its location-based services database.  The improvements in smart-phone technology in the past few years have allowed Google to obtain the data it needs for this purpose from the handsets themselves.

Although it has no tracking tool to keep records of a customer’s locations (and does not intend to create one), Google acknowledges that it does need to examine the potential privacy concerns of this method of collection.

Stoddard gave Google until Feb. 1, 2011 to comply with those requirements, but resolving Canada’s concerns may just be the tip of the iceberg. Investigations are still underway by privacy commissioners worldwide, and Spain’s Data Protection Agency has just announced plans to fine Google between $84,000 and $840,000 per offense due to the Wi-Fi data Google collected with its Street View cars. In the U.S. there are at least 3 lawsuits seeking class action status for the stealth collection of personal information form home networks.

Why this matters to you

If you have – or had – a wireless network that was not password protected, information from your computer(s) may have been collected.  Google has committed to destroying all the information, but it’s a serious breach of your privacy that information was collected without your knowledge or permission in the first place.

You may also feel that the collection and public display of images of your home is a breach of your privacy. If you want these removed see my blog How to Remove Images of Your Home from Google’s Street View. NOTE: you will have to check back periodically to be sure that any images you requested be deleted remain deleted, as I have found these can reappear.

You should also be concerned about Google’s future plans to collect information about WiFi networks from your Smartphone(s). How this is done is going to be critical to your safety and privacy. In the report Google acknowledges that it does need to examine the potential privacy concerns of this method of collection.  It remains to be seen what the outcome of that examination will entail, and whether they inform users in advance and allow you to opt out if this is not something you want collected from your phone.