Is Your Website GDPR Ready?


                                    What is the GDPR? from Evidon on Vimeo 

What is GDPR? GDPR is the General Data Protection Regulation. It is a European privacy law approved by the European Commission in 2016 which is designed to unify and regulate EU residents’ control of their personal data. It is set to replace Directive 95/46/EC and will be enforced by May 25, 2018.

What does it mean for you if you are website owner? Well, if you collect personal data via webforms especially from people who live in the European Union, you'll need to make your website compliant to this regulation by May 25, 2018. It is also important that you update your site's Privacy Policy to cover all personal information that are being collected through your site.

What if you don't operate in the EU? Well, you may think you are outside the EU, but do you get visitors from the EU?  Aren't all websites "global" by default?

MORE INFORMATION

https://www.eugdpr.org/ https://en.wikipedia.org/wiki/General_Data_Protection_Regulation

https://www.codeinwp.com/blog/complete-wordpress-gdpr-guide/

Revealing Photos

camera phoneYou're probably tired of stories about privacy, Facebook and social media. But in the midst of all that the past few months, I continue to see lots of my online friends taking quizzes, liking posts and especially uploading photos.

Oh, what's the harm in posting a photo?

Your camera or phone adds a lot of data to a photo file. Especially with your camera's phone (on Flickr and many photo sharing sites, the most popular "camera" is a phone) you are sharing your location, the date and time, the kind of device you used and its device ID and your mobile provider. It will also ping off any nearby Wi-Fi spots or cell towers, so your location is there even if you don't add that to the image post.

Add in facial recognition, which Facebook and Google use on your photos, and features will try to determine who is in that photo. If you tagged anyone or captioned the photo or added a new specific location, you are feeding the database. Thanks, users!

Think about how this data along with knowing who your friends are and their data and where you go with or without them and it builds a very robust picture of you and your world.

Can't this be controlled by us? To a degree, yes, but not totally. Your phone and some cameras will automatically record that data for every shot. You can turn off location services/geotagging in some instances, but I'm not even convinced that the data still isn't there anyway. And if you are automatically backing up your photos to iCloud or Google or somewhere in the cloud, I'm not positive that even your deleted photos are forever gone along with their metadata.

Am I overly paranoid? Can anyone be overly paranoid about privacy these days?

 

Analyzing Cambridge Analytica, Facebook and You

The Cambridge Analytica scandal involving Facebook hit this month because of its involvement in the election of Donald Trump in 2016. The company used an app developed legitimately by a Cambridge University researcher, Dr. Aleksandr Kogan, as a personality survey called "This is Your Digital Life."

I recall learning about that app about 3 years ago in a presentation at an EdTech conference. By using it as a quiz on Facebook, about 270,000 users gave permission (because most people are unaware of the access they allow) to their data which was collected but then used to additionally collect some public data from their friends.

I suspect a majority of social media users are unaware of how their data is used, and what permissions they have granted (perhaps by default in some instances).

Have you ever used your Facebook login as a way to sign in to another website or app? It asks you if you want to login using your Facebook ID and that seems to save a step or two and is great if you forgot your actual login to that other site. 

When those Facebook users took the "This is your digital life" quiz using their Facebook login, they allowed that app's developer to tap into all of the information in their Facebook profile (that includes your name, where you live, email address and friends list).  [Note: Currently, apps are no longer permitted to collect data from your Facebook friends.]

I don't give Dr. Kogan, Cambridge Analytica or Facebook a pass on this activity even if users did opt in. Kogan shared it with Cambridge Analytica which Facebook says that was against its policy. Facebook says it asked Cambridge Analytica to delete all of the data back in 2015. Facebook also claims that it only recently found out that wasn't done.

A lot of people seem to have given up on privacy, accepting it as something we just can't control any more. But there is a lot you can and should do.

settings

For example, a very simple change to make in your Facebook privacy settings is to "Limit The Audience for Old Posts on Your Timeline." That means that posts on your timeline that you've shared with Friends of friends, and Public posts, will now be shared only with Friends. Anyone tagged in these posts, and their friends, may also still see these posts, but the public (which includes apps) will not be able to access them legitimately.

Facebook's API, called Platform, allows third-party apps and websites to integrate with your Facebook account and exchange data with them via developer tools. It can be convenient for users, such as decreasing the number of login/password combinations you need to remember, but it has potential for abuse.

When you use the "Log in With Facebook" feature on a site, you grant a third-party app or service access to your Facebook account. It will ask for permission to receive specific Facebook data from you - email address, birthdate, gender, public posts, likes and also things beyond your basic profile info. I have seen cases where when I deny access to some information, it tells me the app can't be loaded. That is a warning. But some legitimate apps, like the scheduling apps Hootsuite and Buffer, do need a lot of permissions in order to allow them to post as you on social networks like Facebook, Twitter, LinkedIn and Instagram. In these cases, by using the app I need to trust that developer and the service it is connecting to via an API.

Being educated about how technology works and knowing how you can protect your own data and privacy is more important than ever. And, of course, you can always not use a service that doesn't seem to help you do that.

Are You Ready for HTTPS?

police tape

A post from Doc Searls reminds me that “Google Condemns the Archival Web.” What web is that? It is the one when the URL is HTTP rather than HTTPS – the “S” for “secure.”  Google’s Chrome browser will mark all those older pages as “insecure” this summer, possibly striking fear in the clicking fingers of many users.

Google says:   “For the past several years, we’ve moved toward a more secure web by strongly advocating that sites adopt HTTPS encryption…Beginning in July 2018 with the release of Chrome 68, Chrome will mark all HTTP sites as ‘not secure’ on every current Chrome browser.”

So many “legacy” websites created in the days of yore, though they will still exist, will have a kind of Google crime tape around them. Will people dare to enter, or be scared off? I would assume all those insecure sites will see a drop off in visitors.

SSo why doesn’t everyone just fix what Google says to fix and make their site “secure?”  Well, there is some cost in money and/or time. For plain old folks who aren’t web wizards, they may not even know what needs to be done. There are old sites that no longer have an owner or webmaster but still exist on the World Wide Web that becomes more of a museum each year. For many sites -like blogs – there is no “cost benefit” to upgrading.

As of this writing this site is http://www.serendipity35.net without the magic "S." Will Brother Tim come to the rescue like a caped web crusader and make everything secure and Chrome-ready?

What happens if you use another browser like Firefox or Safari? I assume all will be well. For now. And you will be able to sneak under that police tape to those other sites – but you have been warned.

Google trumpets that developers have been transitioning their sites to HTTPS and that “progress last year was incredible” – Over 68% of Chrome traffic on both Android and Windows is now protected and over 78% of Chrome traffic on both Chrome OS and Mac is now protected. I am a bit surprised that though they trumpet this stat: “81 of the top 100 sites on the web use HTTPS by default”  I would have thought that 100% of the top 100 sites would have complied.

This in the same week that it is announced that Wikispaces is shutting down. Soon young kids will ask what you mean when you say “Internet.”

Make a mental note for July so that you’re not shocked when you see some warning signs on the information superhighway.

When Bots Attack

robot
Software bots may not be what you imagine when you hear of a robot attack

Bots, automated software tools, got a lot of attention for their involvement in trying to manipulate news and the 2016 U.S. Presidential election. They can also be used as a weapon against business rivals. They can be used just because don't like someone or their website or business, or even for the delight of being able to do damage.

A local business in my home state of New Jersey, Melovino Meadery, was a recent victim. The small business makes handcrafted mead, that fairly rare alcoholic beverage made from fermented honey and water. Many small businesses rely on online reviews to attract customers, and bots can be used to post unfavorable reviews in an attempt to bring down a business' reputation online.

The meadery was hit by Russian bots and it makes you wonder why they would have interest in a small NJ business. It may not be Russians who have an interest, but someone closer to home who is using the Russian bots.

This Serendipity35 website was hit years ago by a denial of service attack. By hitting us with comment spam in attempts to add links to sites selling drugs and other items, they were able to bring us down for a time. Those attacks also caused my Google Ads account to be suspended indefinitely with no recourse, even though we were able to show by our server logs that these excessive posts and hits (hundreds in several minutes, thousands overall) were not done by us trying to pad our numbers for gain.

We had to shut down this blog for a few days, the commenting feature totally, increase our anti-spam settings and then manually delete those erroneous comments. It hurt us.

Not all bots are evil. A bot (a common nickname for software robot or agent) is an automated tool that carries out repetitive and mundane tasks. The Wikipedia site uses bots to help maintain the 44+ million pages of the English Wikipedia. But bots can also be used to make erroneous edits very rapidly and can disrupt Wikipedia. There are currently 2,153 bot tasks approved for use on the English Wikipedia that make edits, leave messages on user talk pages, etc.

The meadery story has two further elements. The negative reviews were on Facebook and the owner posted about what had happened. Fans of the business began to post positive, five-star reviews in an effort to balance out the fake negative ones. Unfortunately, on Facebook if a rating doesn't include a written review, it can't be reported or removed.

Sergio Moutela, owner of Melovino Meadery, sarcastically thanked whoever was responsible for the fake reviews because it brought the company's fans and the business closer together. Fans defended and mounted a grassroots counter attack.  Unfortunately, that thank-you post also got him a death threat. Someone claiming to be a Navy Seal with more than 300 "confirmed kills" (a frequently copied threat that's been online for years) threatened him. Moutela took it seriously. He tracked the poster to a place outside of NJ, contacted the local police there and they met with the person and informed the poster that further interactions with Moutela would bring an arrest.

That same day, the meadery was visited by the town's health department inspector who said a telephone complaint had come in about the business. Coincidence? The inspector only noted a few minor items that were corrected on the spot.

All this stemmed from the bot attack and the repercussions of it.

Bots are tools, and like almost every tool, it can be used for good and for bad.