Saturday, November 28, 2015

The paranoid's survival guide, part 3: Opting out, and how to protect your personal data offline

The paranoid's survival guide, part 3: Opting out, and how to protect your personal data offline

You have more control over your privacy than you think. While it's true that you can't control absolutely everything that's out there about you, with a little work you can exert more control than you might expect over what's gathered, its accuracy and how it may be used, say privacy experts.

Computerworld asked nine privacy professionals to share their best tips for minimizing your online and offline data footprint.

Part 1 of this series covered how to maintain your online privacy and surf the Web without leaving a data trail. Part 2offered advice on how to approach social media, messaging and some general rules you should follow when using mobile apps. (For more tips, also see our "60-minute security makeover: Prevent your own epic hack.")

In this last installment we cover best practices to lower your offline data footprint, and where to go to opt out of everything from direct mail offers to online behavioral advertising.

Offline safety tips

Use cash or disposable credit cards

If you prefer keeping what you purchase to yourself, consider using cash for most transactions, including at restaurants, bars and retail stores. "When you use a credit card, your bank knows what you bought, and the merchant has a way to track you over time," says Justin Brookman, director of consumer privacy at the Center for Democracy and Technology.

"Using cash really does wonders to minimize how much your footprint is being automatically tracked," says Rob Shavell, co-founder and CEO at privacy software vendor Abine -- and you don't have to worry about having your card data stolen from a retailer's point of sale system.

Another option, especially for online purchases, is to use disposable credit card numbers, says Brookman. For example, Abine's MaskMe service provides a one-time use credit card number that hides your real number from the vendor -- which means it can't be added to a customer profile or stolen from their database.

On the other hand, Brookman advises, don't bother with those rechargeable cards from retailers. "If you use the same rechargeable card over time, you have some of the same problems as credit cards -- you can be tracked by unique number by the retailer over time," a privacy issue, and the number "could be compromised and used by identity thieves," which represents a securityproblem. "I'd use cash over a rechargeable gift card," he says.

Check your credit report annually

Monitor your credit report for any suspicious activity by ordering free credit reports at, and challenge incorrect data. You're entitled to a free report from Equifax, Experian and TransUnion every 12 months.

Consider a permanent security freeze

A permanent security freeze puts your credit report under your control: No one can access it to open up new credit accounts in your name without your permission. Businesses cannot access your credit report unless you unlock it, and identity thieves can't set up new credit accounts in your name unless they can present the credentials required to unlock it. EquifaxExperian and TransUnion are required by law to allow consumers to place a permanent security freeze on their credit reports.

There may be charge to set up the service, depending on your state of residence, as well as a charge to temporarily unlock your credit report for an authorized lender. Pros: The option is much less expensive than credit monitoring services. Cons: The credit reporting agencies make the process for unlocking/locking your credit report cumbersome and, except in states where prohibited by law, they charge you a fee -- generally in the range of $10 -- every time you make a lock or unlock request.

Know your options for opting out

Direct mail and email offers

Visit the Direct Marketing Association's DMAchoice website to opt out of mail and email direct marketing from the DMA's approximately 3,600 member organizations. You must individually choose to opt out four distinct categories of direct mail: Catalogs, magazine offers, credit offers and other mail offers. There's no global opt-out option.

You're asked to fill out a form with your personal information, including your social security number and date of birth. Unfortunately, the opt-out choice is only good for five years when you sign up online. To opt out permanently, you must mail in your request.

Telephone solicitors

Use the Federal Trade Commission's Do Not Call Registry to opt out of receiving telemarketer calls and report violators. There are loopholes for politicians and nonprofits, and some offshore operators continue to flout the law. But your volume of unwanted solicitation calls should go down.

Page 2 of 2

Page 2 of 2

Online behavioral advertising

The Digital Advertising Alliance's Ad Choices site and Network Advertising Initiative's Consumer Opt Out page both describe how interest-based advertising works and let you choose to opt out of behavioral online advertising and the online tracking associated with it. Go through the opt-out process on either site and your request will be honored by 118 ad agencies, ad networks and other DAA members.

When you visit these pages you'll see which DAA members are currently tracking you. From there you can selectively opt out, or click a button to opt out of interest-based advertising from all DAA members. When you opt out you will still see advertisements on the websites you visit, but you will no longer receive advertisements based on what the ad networks know about your Web activity -- and your activity online will no longer be tracked.

"The DAA Principles prohibit the collection of browsing behavior once a consumer has opted out, unless the entity requires that information for one of the DAA's limited exceptions, such as fraud prevention or ad reporting," says Mike Zaneis, senior vice president and general counsel with the Interactive Advertising Bureau, a trade group that represents publishers and ad sellers.

Offline privacy

There are some limitations to the process, however. During the opt-out process, the site places a cookie in your browser to maintain your preferences, and it prompts you to download a browser extension that will maintain your preferences even if you clear out the cookies in your browser. "We have made the easiest consumer experience possible given the current state of technology," Zaneis says. But because your preferences are tied to your browser, you'll need to go through the opt-out process for every browser on every computer you use.

And don't forget to set a calendar reminder when you're done: Your choice must be renewed every five years.

Alternately, you can achieve similar results by configuring your browser to block third-party cookies. Using an anti-tracking browser add-on has a similar effect. The difference is that you'll still receive non-targeted ads if you block third-party cookies, but you'll get nothing at all if you block tracking, since communication with the third-party ad networks is disrupted. (While you may not like them, those ads do pay for the free apps and content that Web publishers offer you.)

Online public records databases

Aggregators such as Intellius pull information from telephone directories, sex offender registries, court records, real estate transactions and other public data, combine it into a profile, and make the information about you available online -- both free, for people searches, and fee-based, for background checks. The data comes from many different sources, and it's not always combined correctly, which can lead to the dissemination of erroneous information about you -- particularly if you have a common name.

Some services, such as, let you claim your identity and update it online if you register with them. But you can also opt out of having your information listed. Security vendor Abine provides a list of opt-out pages for the most popular data-aggregation services, including Intellius.

Use a service to monitor what's out there about you

-- and remove it

It's time consuming to go to every data broker and opt out of having them list or share your name, address, telephone number and other personal information. Alternately, consider using a third-party service such as SafeShepherdReputation Defender or DeleteMe to monitor public databases and do the work for you. These fee- or subscription-based services ask to have your information removed, but then continue to watch to make sure your information doesn't pop up again as the data brokers continuously pull in new information.

It's not just about opting out, however, but also pushing down negative information in search-engine rankings by careful editing of your Facebook and LinkedIn profiles. "You have a right to determine what is out there about you," says Jules Polonetsky, executive director of the Future of Privacy Forum. "Shaping who you are and being seen on your terms, that's brand management for today's world."

No comments:

Post a Comment