5 Online Privacy Tips from an ex-FBI Agent

Mary Galligan is an ex-FBI agent who led the cyber and special operations team at the FBI’s New York office, which is the agency’s largest surveillance operation. She now works as a security and privacy consultant, and is sharing advice on how to protect your privacy. Galligan’s top 5 pieces of advice are listed below:

1.      Change your passwords once a month. If a criminal gets access to your email or any of your online accounts, it becomes very easy for them to worm into other aspects of your life. Galligan recommends to assume your passwords will periodically get compromised, and to change them accordingly.

2.      Give the wrong contact information at checkout. Anytime a store clerk asks for your zip code or phone number, that data gets aggregated. Retailers not only have databases that show where you live, they can also find out your salary, credit history and birthday. Recent big company data breaches show that companies cannot always be trusted to safeguard your information. Galligan recommends giving clerks phone numbers and zip codes that aren’t yours.

3.      Need photo ID? Don’t show your driver’s license. This is a general rule for privacy. Your driver’s license shows your birthday and address. Galligan suggests using another form of photo ID with less personal information if you have one available.

4.      No banking apps. Although most credit cards have fraud protection, your checking and savings accounts don’t. Because of how easy it is for a computer to get infected with a malware that spies on you, Galligan does not shop and bank on the same computer, and that includes her phone.

5.      Keep one email account for junk mail only. When companies demand an email address, Galligan gives them a dummy account reserved for marketing. It gets bombarded with spam and advertisements, but shields her real email from the junk. If those companies sending emails were to get hacked, her real accounts remain safe.

Microsoft Unveils New Webmail Encryption

Microsoft has recently pulled back the curtain on its implementation of tougher encryption standards for Web-based email and some cloud services. In the works for more than six months, Microsoft has now activated Transport Layer Security encryption (TLS) for its webmail services at Outlook.com, Hotmail.com, Live.com and MSN.com. This encryption makes it much harder for email originating from and being sent to a Microsoft account to be spied on, as long as the connecting email service also uses TLS. Microsoft also activated Perfect Forward Secrecy encryption (PFS) for its cloud storage service OneDrive. The OneDrive website, OneDrive mobile apps, and OneDrive syncing tools will now all use the tougher PFS encryption standard, which protects user confidentiality even when a third-party is eavesdropping on the network. And finally, Microsoft has opened a “transparency center” at its headquarters in Redmond, WA, where governments can review Microsoft source code for “key products” to confirm that no hidden backdoors have been added to the software. All these changes have come just a few weeks after a well-publicized Google webmail report that displayed Microsoft in less than flattering colors. Google scored Microsoft, along with ComCast and Apple, as webmail providers with inadequate levels of encryption to protect their users’ email. For more information about the new webmail encryption, click on this link here.