Once purchased the cards can be used like normal debit or credit cards, but to be used online, they must be registered on a Website. Purchasing goods with these cards doesn’t make much sense, since any physical item will require a real shipping address, but it’s an attractive option for paying for services. One could use an anonymous debit card to purchase VPN and prepaid cell phone services, both of which will contribute to preserving the privacy of your electronic communications.

When purchasing a prepaid card for anonymous use, it’s important to avoid cards which are reloadable. The reloadable cards usually involve actual credit and, as such, require a social security number to be activated. Non-reloadable cards only require a name and address. This information is never verified. It is only used in Address Verification System checks, which is the system that merchants use to verify that a person using a card to make an online purchase, is in fact the card owner. As long as the name and address you enter while registering the card is the same that you provide the merchant, the AVS check will pass.

Options

Visa, Mastercard, and American Express prepaid cards can be purchased at most grocery and drug stores. These stores will usually have a rack somewhere with a wide selection of store-specific gift cards, for places such as Amazon and iTunes, as well as calling cards, prepaid cell-phone cards and reloadable debit cards. The non-reloadable prepaid cards that you’re looking for will be somewhere on the same rack. They’ll be labeled as gift cards and tend to only be available in fixed amounts.

The nation-wide chain of Simon Malls all offer gift cards that can be purchased in any dollar amount from $20 to $500. You can choose between American Express and Visa cards. These gift cards are no different from the prepaid Visa and American Express cards available at your local grocery store, save for the Simon logo.

Simon claims that American Express cards do not need to be registered for online use. I’ve had trouble with American Express cards, both registered and un-registered and tend to avoid them now. I’ve never had problems with Visa or Mastercard cards at any merchant.

I purchase both types of cards. I’ve always paid with cash and I have never been asked for any identification.

Fees

The Simon gift cards require a $2.95 activation fee at the time of purchase, which is regardless of the value that you place on the card.

The un-branded cards also require an activation fee at the time of purchase. This varies based on the fixed-amount of the card that you’re purchasing. It tends to be somewhere between $3.95 and $6.95. The fees are the same for Visa, Mastercard and American Express.

Some of the cards will expire after a period of years and some of them will have monthly fees deducted for inactivity after the first year. These terms will vary depending on the card that you choose, but they tend to be irrelevant. You are not purchasing the card as a long-term value store. You are purchasing the card to use it and it will likely be depleted within a couple months, at which point you can go buy another one.

Limitations

Prepaid debit cards do have their limitations.

• They cannot be used to withdraw cash at ATMs.
• They cannot be used for subscription services with recurring billing.
• They can only be used with US merchants.

The first limitation doesn’t affect us, since we’re discussing using these cards online. The second limitation may impact your intended use, but despite the card’s claimed limitation, I have successfully used them to pay recurring charges. I imagine that this depends on how the merchant does their billing.

The cards can be used to fund a new PayPal account, which allows us to avoid the final limitation, if the foreign merchant accepts PayPal. You can also sign up for subscriptions with a PayPal account funded by an anonymous debit card to address the second limitation.

Tor

Before they can used online, the anonymous debit cards must be registered so that they are able to pass AVS checks. Registration of the card can be completed anonymously through Tor. Tor is an implementation of onion routing, which is a technique used to anonymize digital communications by bouncing the packets through multiple nodes in the network. Before leaving your computer each packet is encrypted multiple times, such that each node in the Tor network can remove only one layer — like peeling off the outer layer of an onion. This prevents any of the nodes on the network from knowing both the origin and destination of the packet. Every node on the network, with the exception of the final exit node, is also prevented from reading the contents of the packet. If the packet was encrypted before being handed to Tor (such as with common web communications using the TLS/SSL protocol), the exit node will also be unable to read its contents.

The easiest way to use Tor is by downloading the Tor Browser Bundle. This is a version of Mozilla Firefox that has been tweaked for privacy, and communicates solely though Tor. The Tor Browser is available for Linux, OS X and Windows. It is simply a binary that needs to be extracted and run. It doesn’t require installation or any configuration.

Registration

Each prepaid card comes with activation instructions that include the URL of the registration page. After visiting this registration page in the Tor Browser, you’ll be asked to enter a name, address and phone number. Remember that this address will only be used for AVS checks. No other verification will be done. Whatever name and address you use, make a note of it so that you can enter the correct billing information when using the card.

Use

After the card has been registered it’s ready to use. Any online use of the card should also be done through the Tor network to preserve your anonymity. If you decide to use the card with a PayPal account, register a new PayPal account through Tor.

Most online purchases will require an email address. Since you’re already in the Tor Browser, head over to Tor Mail and sign up for a new address to use with the card. If you want a quick disposable email address, try Mailinator.

“skydive amulet”

The green “Secure” text appeared so we knew there was no one listening. This technology isn’t just for spooks. This is a $20 a month service you can sign up for today.

Yesterday, an app for the iPhone (Android coming soon) was released that promised to protect your privacy when calling and sending texts. Silent Circle uses TLS and ZRTP protocols to encrypt packets of your phone call across the Internet making each call secure.

It costs $20 a month (with different plans available) and all of the data from your phone goes through a custom built encrypted network, the Silent Network, providing you with a secure line.  Check out their site for a full rundown on the capabilities of the Silent Network.

The Silent Phone app handles the call side while Silent Text app encrypts and secures your text messages. In the Silent Text app, you’re even able to set a duration for the visibility of that specific text. Once it hits the time you designate, the message “burns” and disappears.

Silent Circle is  careful to spell out what they do and don’t do. Of course, it’s worth noting that you have to use your best judgement when using the apps. If you are in a public place, people can still eavesdrop on your conversation.

While we are still trying out the app, the one thing that caught my eye is that the iOS app isn’t made for the larger screen of the iPhone 5. That’s probably just a problem for early adopters but it’s something I noticed right off the bat.

Does it Really Work?

While we consider ourselves a fairly techy crew at ITS, some of the specifics with this app and network are a bit foreign to us. We asked someone with more security knowledge to weigh in on Silent Circle:

“It’s a proprietary system, which means that nobody knows the real workings of it. The only choice is to trust that the company does what they claim they do, never makes any mistakes and always does the right thing. For a piece of software that is just a fun toy, that may ok, but for security software, it’s unacceptable.” As the Free Software Foundation said, “Proprietary security software is an oxymoron — if the user is not fundamentally in control of the software, the user has no security.” [0]

Furthermore: “In the cryptography world, we consider open source necessary for good security; we have for decades. Public security is always more secure than proprietary security. It’s true for cryptographic algorithms, security protocols and security source code. For us, open source isn’t just a business model; it’s smart engineering practice.”[1]

[0] https://www.fsf.org/blogs/community/dear-microsoft-fsf.org-is-not-a-gambling-site
[1] https://www.schneier.com/crypto-gram-9909.html#OpenSourceandSecurity

Until we get some further time behind this app to test it, we leave you with this appropriate web comic from XKCD:

This cryptography course is part of Stanford’s new and completely free online Coursera courses. I first heard about the Cryptography course when it was announced back in November of last year and after a few delays, it’s finally available for registration. Actually it was available back on March 6th, but for some reason an email letting me know this was delayed reaching me until today. They state on the registration page that registration closed yesterday, but I was just able to sign up and wanted to pass this info along to anyone who might want to still get enrolled.

Here’s Stanford’s description of the Introduction to Cryptography course:

Cryptography is an indispensable tool for protecting information in computer systems. This course explains the inner workings of cryptographic primitives and how to correctly use them. Students will learn how to reason about the security of cryptographic constructions and how to apply this knowledge to real-world applications. The course begins with a detailed discussion of how two parties who have a shared secret key can communicate securely when a powerful adversary eavesdrops and tampers with traffic. We will examine many deployed protocols and analyze mistakes in existing systems.

The second half of the course discusses public-key techniques that let two or more parties generate a shared secret key. We will cover the relevant number theory and discuss public-key encryption, digital signatures, and authentication protocols. Towards the end of the course we will cover more advanced topics such as zero-knowledge, distributed protocols such as secure auctions, and a number of privacy mechanisms. Throughout the course students will be exposed to many exciting open problems in the field.

The course will include written homeworks and programming labs. The course is self-contained, however it will be helpful to have a basic understanding of discrete probability theory.

If this sounds interesting to you, join me and register online today before it’s too late!

Is that information actually safe? Are you certain that your safe will survive a major fire? What if a tornado destroys or removes you house and it just can’t be found? A nuclear emergency, such as the one in Japan, might mandate an evacuation where you are not allowed to return.

There are many reason to carry important personal information when you evacuate. I like to carry a backup of my personal information on me at all times, as well as in my bug-out bag. The real problem is securing that information. I have seen it often recommended that all your personal information be placed in a file folder and kept in a large zip-lock bag. Obviously, if this file is found or stolen, you have a real potential identity theft problem. So what do you do?

The IronKey

I used to carry my personal information on a USB flash drive. Unfortunately, for years, I could only find software encryption, which is not always as secure as it is made out to be. Some software encryption can be easily broken, leaving your information vulnerable.

I was limited to this solution until I met a reader of my book, Build the Perfect Survival Kit, who worked for a large bank. For work, he used a product that was designed to meet the most demanding military, government, and enterprise security requirements. Needless to say, I was very interested. It was just what I was looking for!

The device is the IronKey, an extremely secure USB flash drive, ready to protect data everywhere it goes. There are various models of the IronKey, but the basic model, the S200, is more than adequate for the purpose of carrying confidential information. They are available in 2 GB, 8 GB, and 16 GB. The other models provide features more for business applications, which are unnecessary for my needs.

So what is so great about this USB flash drive? The IronKey is the only USB flash drives validated to meet the stringent Level 3 requirements of FIPS 140-2, a U.S. government computer security standard. The S200 protects data with strong AES 256-bit hardware encryption. It has “always-on” data encryption, whereby all user data is encrypted with AES CBC-mode hardware encryption. Unlike software-based encryption, this “always-on” protection cannot be disabled. Since the IronKey Cryptochip generates and stores strong, random encryption keys, encryption routines run faster and more securely than on any software-based encryption system.

Practical Applications

This all sounds good, although a little technical, but it was some of the other security features that sold me. This device is really physically hardened. Its rugged metal casing protects it against physical damage, and the internal components are sealed to protect against tampering. It far exceeds military waterproof requirements. No one can access files stored on an IronKey drive unless they authenticate with the correct password. All encryption and password verification are performed in the hardware, and cannot be disabled by malware or a careless user. Self-defending IronKey drives also provide hardware-level active protections against the spread of malicious code.

When an IronKey drive is plugged into a laptop or desktop computer, the user must authenticate with a password before encryption keys are enabled and data and applications are accessible. Unlike software-based encryption, the IronKey protects against cold-boot and malware attacks by not exporting AES encryption keys to the host PC. IronKey Basic protects against brute force password guessing attacks by using non-volatile access-failure counters stored on the Cryptochip itself. If a thief tries to break into an IronKey drive and enters 10 incorrect passwords, the Cryptochip securely erases all encrypted data with patent-pending Flash Trash technology. This ensures no data can be recovered from the device. If the IronKey detects a physical attack, it will initiate a self-destruct sequence (kind of reminds me of Mission Impossible). It is nice to know that if you lose this device, the information on it will not get into the wrong hands!

There is a lot more information I could provide in regard to the IronKey USB flash drive, but I think you get the idea that this is a great way to securely carry personal and confidential information. Both my wife and I carry one on our key ring, and have an extra for the bug-out bag.

Personal Information

What type of information should be kept on such a device? Although not a complete list, the following is information that might come in handy:

• A file containing actual scans of important identification and documents, such as: drivers license, passport, social security card, pistol permits, birth certificate, marriage and death certificates, the deed to property owned, vehicle titles, contracts, insurance policies, wills, and medical prescriptions.
• A file containing emergency phone numbers: personal contacts, doctors, dentist, healthcare provider, insurance companies, and central station security provider.
• A file with credit card information: card numbers, expiration dates, security codes; and information to contact the provider, should a card be lost or stolen.
• A photo or video inventory of valuables in your home, to include: computers, firearms, pantrys and other areas where emergency supplies are maintained (you might have to prove to an insurance company that such items existed). I also like to show the actual house from various sides, outside, as well as the contents of each room, inside. Don’t forget garages, out-buildings, tools, etc.

Obviously, there is other information that can be contained on such a secure device. By carrying a copy of your personal information on a secure device, you will always have a backup, even if you lose your home or wallet. As always, be prepared to survive, and always have a backup!

Editor-in-Chief’s Note: Please join us in welcoming John D. McCann as a contributor on ITS Tactical! I’ve been a longtime reader of John’s work and his first book,  Build the Perfect Survival Kit  helped me design the kit I EDC. John is also the owner of  Survival Resources, a company that specializes in survival kits, survival kit components, and outdoor skills courses. He’s just released a new book too that I’m currently reading, called  Stay Alive! Survival Skills You Need.

Most smart phones contain connection abilities for X, EV and 3G/4G Cellular Networks, WiFi, Bluetooth and GPS. A simple device like a cell phone can have the ability to connect using all these six different methods!

These public connections are great for sharing and receiving information on the go, but unfortunately this means our devices are open to even more threats than ever before.   For example, your cell phone may be connecting to different devices and networks in public without your knowledge. It’s very important to understand how to secure your devices against unwanted intrusion in order to keep your information safe while in public.

Wi-Fi

Wi-Fi is one of the most popular connections that devices use and public Wi-Fi is becoming more and more popular. Wherever we happen to be, we usually have access to a Wi-Fi network. Identity thieves and malicious users favor public Wi-Fi networks because the security on these networks is usually next to nothing. These users can access files and other information that your computer is sharing without your knowledge.

A good step you can take to secure your device on a public network is to ensure you have an up to date firewall installed that will monitor your connection. Users may want to consider upgrading to a different firewall program other than the default offered by the manufacturer.

Changing your sharing permissions is an important way to keep your information secure. Many computers share information by default in order to allow sharing of files on a home network. We recommend disabling all file and folder sharing when you’re in public to avoid any unwanted access to your device.

Bluetooth

Bluetooth devices have the ability to exchange data over short distances from fixed and mobile devices, creating personal area networks (PANs.) Bluetooth is great for quickly sharing a file between two devices or printing a document wirelessly, it can also be used to pair accessories to your devices such as earpieces or external speakers.

Having Bluetooth active can become a security risk if your device doesn’t have the correct settings. Many devices have Bluetooth enabled by default and some are even enabled to allow other devices to connect. Malicious users can access your device through the Bluetooth connection and copy files or gain access to another device attached to your Bluetooth device.

The good news is that most phones have the capability to turn Bluetooth on and off fairly easily. Bluetooth isn’t necessary for any functions other than pairing another device to yours, so you will not be limiting the functions of your device.

Location Services

Many smartphones and other devices utilize GPS and radio technology to allow programs and apps to run things like navigation and location check-ins. However, many of these services are running all the time and not just when you’re accessing that program or app.

Most smartphones give you the option to disable location services and many of them can be turned on and off with ease for times when you want to utilize features like navigation. Check out Data Leaks: Location Based Services and Why You Should be Concerned, for more about the security risks that location based services can carry with them.

Staying Secure

Keeping your devices secure while utilizing public connections is relatively simple as long as you keep track of the connections your device is using. Some companies offer physical devices that will disable the ability to connect if you need to absolutely make sure that your device stays disconnected.

The best method to ensure a device doesn’t connect to anything is obviously to power down that device. However, there are situations when the device may need to be utilized immediately and you may not have time to wait for it to power up. With the right knowledge of how your devices operate and how to maintain its connections, you can keep your information safe and private when using it in public.

In today’s world, we rely on electronic devices more than ever before. These devices allow us to connect and share information throughout the world at a speed that was never thought possible. We can now share our ideas instantly through laptops, smartphones, tablets and other devices.

In a world where information moves at the speed of light, the need for security has never been higher. Our devices and identities are subject to a variety of attacks both physical and electronic. There are many methods and practices for securing your information. Today, we’ll start with the basics.

Having a network in your home is a great way to share information between your devices without physically transferring it. The most common way people network their devices in the home is through the use of a wireless router. Wireless routers are great because they allow us to access the Internet anywhere in the house. However, if not secured properly, routers can be a great point of attack for someone looking for your information.

Most good quality home networking equipment provides certain settings that can help to secure the wireless network. In this article we won’t cover any specific hardware, but we will discuss common settings and best practices. Remember, network security is no different than security in other areas. We advocate a multi-layered approach that doesn’t rely on just one point of failure.

Equipment and Services Needed

• A connection to the Internet (usually broadband)
• A wireless router
• Ethernet Cable

Secure the Hardware

Once you have your Internet connection up and your wireless access point working, you will need to alter many default settings to begin to secure the network. Default login credentials are easily available online for much of the common hardware out there, which gives an attacker easy access to your new router. Your first priority is changing the administrative user name and password on the wireless access point.

You’ll also want to consider the physical security of your access point. By installing the access point in an insecure part of the house, such as a garage, you allow an attacker the ability to physically reset your access point and gain entry by using the default credentials. Once an attacker has physical access to any piece of computer equipment, the game is over.

Let’s pause for a moment and talk about passwords and user names. With the abundance of online services, it is becoming quite difficult to keep track of all our user names and passwords. Especially with something that you log in to as infrequently as your wireless access point. You can’t let your guard down with such a critical point of attack, so choose a password that is at least 8 characters in length and mix in numbers, upper case letters, and punctuation. For more information, see our previous article on password strategy.

Secure the Signal

by ITS Tactical Now that we have secured our access point, let’s secure the wireless signal. Most access points will give you several options for wireless encryption. You’ll want to choose the most secure settings your access point will allow. Often, the most secure encryption method is WPA2. Make sure that you choose a strong encryption key.

One method to secure your signal is to choose not to broadcast the name, or SSID, of your network. This will stop some casual hotspot snoopers and in a layered security model, it’s a great practice.

by ITS Tactical All network devices have a unique identifier called a MAC address. You can control access to your wireless network by telling the access point to only allow connections from certain MAC addresses. Follow the instructions in the user manual of your access point to enable this filtering. A MAC address is easily spoofed by an attacker, but once again, this is a good practice in a layered security model.

Computers will have MAC addresses on their wireless cards and all Wi-Fi devices have them, you just may have to do some searching to find yours. These photos show an example of one laptop’s MAC address location.

Other Security Measures

Most routers will have a remote login, which you will need to disable to ensure that only a local connection can log in. Consider enabling the family controls that turn off your network at certain times of the day. For example if you are at work during certain periods or you never use your network from 2 a.m. to 6 a.m., why does it need to be on? Make certain your devices don’t auto connect to open Wi-Fi networks. If the network is not yours, it is not secure. That doesn’t mean you shouldn’t use unsecured networks, you just need to be more cautious about what you are doing on those networks. Don’t just set it and forget it. Review your security settings once in a while. If there has been a change to your settings that you didn’t make this can signal that there has been a breach in your security.

Most Common Attack Vectors

The most common attack to home networks is not a malicious user sitting in an unmarked van on the street stealing your credit card info as you type it in to purchase something online. It’s viruses, worms, spyware, and malicious programs that steal your personal information Using the methods we’ve mentioned above, as well as having a good antivirus program (or using an alternative operating system less susceptible to common viruses) and good browsing methods can prevent these attacks. Good browsing methods include checking a website’s URL and encryption methods before entering any personal information. Internet browsers will verify a website’s credentials and many will display the information in the address bar of the browser. If you see anything out of place or are suspicious of any website you visit, do not enter any personal information.

Detecting an Attack

Intrusion detection is tricky and, by definition, can only be determined after an attack has taken place. If an individual has attacked your network, contact law enforcement and report it. Identity theft is a serious crime and carries severe penalties. (There were 10 million victims of identity theft in 2008 in the United States alone and, on average, victims lose between $851 and $1,378 out-of-pocket trying to resolve identity theft.) Monitor your systems and notice changes that you did not make. Always have updated antivirus programs, firewalls, and monitoring software installed. With these multi-layered methods we have mentioned, you can expect a reasonable level of security in your home network.

While there’s no evidence this data is being transmitted to Apple, we strongly feel this is a security risk, as this tracking information is located in a file called location.db in your backup files and records every cell tower you’ve accessed.

Allan and Warden notice that the first instance of location tracking started with the install of iOS4 in both the iPhone and iPad, which was released almost a year ago. This means there’s nearly a year’s worth of locations stored in this consolidated.db file. This is thousands of data points!

See it for Yourself

If you’re interested in finding out where you’ve been for the last year, Allan and Warden have written a desktop app that you can download here. You’ll be presented with a graphical image and heat map of where you’ve been in the world, it’s quite interesting and scary at the same time.

The image you see above is what Apple has tracked on me around the D/FW area in Texas. It’s fairly accurate at displaying your local locations as well as the places you’ve visited.

All that would need to happen for someone wanting to use this information for the wrong purposes, is to gain access to your computer and simply open this application to find out where you’ve been. Hopefully everyone reading this has also taken the proper precautions to protect their computer as well.

The good news, for those of you using different phones out there, is that Allan and Warden were not able to find anything similar on other platforms like Android. Update: Android phones are definitely at risk too.

What can I Do?

The first step is to encrypt your backups! By default, your iPhone backups are not encrypted. With your device plugged in to sync, click on the device and bring up the summary tab. Under options you’ll see a check box next to “Encrypt iPhone Backup.” Check it and set a password, which will force a backup that will now be encrypted.

We’d like to strongly encourage everyone out there to encrypt their backups, if not only for this security risk discussed in this article, those backups also contain all your contacts, text messages and pretty much everything you do on your phone. The ability to store this data unencrypted is just ridiculous on Apple’s part.

Please also distribute this information to everyone you know that has an iPhone or iPad and help mitigate this security risk for all those you know!

The know part refers to a user’s password, or PIN code. The have part refers to the one-time pad generator found on the SecurID token. The theory is simple, even if a hacker obtains your password, they lack possession of your token and cannot break into the system.

Here’s What Happened (In Layman Terms)

This is all with a dash of speculation too, since RSA hasn’t publicly outlined precisely what occurred. Hackers may have obtained the sensitive algorithm and the seed values used by RSA clients. Individually, neither provides a hacker with penetration capabilities, but collectively, possession of both items poses an increased risk.

In effect, if a user’s PIN code (the know part) was easily guessed, like 1234, then hackers could access systems that were previously near-impenetrable because of the mathematics involved.

While the RSA isn’t openly admitting that their system has been fully compromised, RSA has issued nine recommendations for all of its customers, including the enforcement of strong password and PIN policies. A number of government agencies have already changed their operations to reflect these recommendations. Some government security experts are openly discussing going even further than RSA’s recommendations, potentially including:

• Requiring users to phone in before initiating a login sequence
• Restricting the amount of time a user can be remotely logged in
• Notifying the user of the last know login timestamp, asking them to verify that the timestamp was correct
• Reducing the number of attempts before an account is locked out by the system

In addition to the RSA breach, odds are your personal email address is being bombarded with apologies from vendors announcing that your name and email address has been stolen. A marketing services provider named Epsilon was hacked, presumably as a result of a phishing attack. Slashdot has also picked up on the magnitude of the breach, reporting that US Bank, JPMorgan Chase, TiVo, Capital One, Best Buy, Walgreens and many, many more companies were impacted.

Thus far, I’ve personally received notification from 9 companies advising me that my contact information was stolen as a result of the Epsilon breach. Unfortunately for Epsilon,the breach occurred on April 1st and some thought it might have been a bad prank.

Advanced Persistent Threats

APT is a term widely known in the security industry, but generally not known by most outside–yet. Wikipedia provides a  friendly definition:

APTs usually refer to a group, such as a foreign-nation state government, with both the capability and the intent to persistently and effectively target a specific entity.

I mention APTs here because what seems like unrelated events, frankly, may not be unrelated at all–and no one will know for sure until months later. Armed with your contact information, including your email address, hackers can continue to evolve the phishing threat. Spam is getting harder to detect,especially when a PDF document or an email with a hyperlink appears to be from your trusted co-worker and for all intents and purposes passes scrutiny (e.g. looking at the email headers).

The best advice, sadly, boils down to this: Be diligent! Remember, hackers walk around (literally!) with shirts that read “There is no patch for human stupidity!”

What I want to touch on today and bring awareness to, are Imminent Threats to your family’s finances. Threats so underhanded they make my blood boil.

Let me explain…

In-App Purchases

I have two boys, ages 9 and 6. Both have an iTouch and they are well used, trust me. Since we’ve had several snow days here in Texas they’ve been getting more use than normal. My youngest son brought me his iTouch because there was a “FREE” game he wanted me to download for him.

Because the downloads are password protected, they have to ask for permission for anything that needs to be downloaded. This allows for two things. First, my wife and I can censor the content that our boys download. Meaning no big boob apps or explicit songs from iTunes. Second, it doesn’t give them free range to buy the “I am Rich” app for $1,000 from the app store.

So being the great Dad I am, I downloaded the free app for my son and he was on his way. A little while later I noticed he left the iTouch out on the kitchen table, being naturally curious, I picked it up and noticed there was a pop-up for an in-app purchase. “Buy a bucket of stars!” $99.99.  What!?

That’s right, the in-app purchases on your kids iTouch can rack up some big bills. I saw a report today in the news that a 6-year-old little girl spent $1400 in 10 minutes.

What you Can Do

Here’s how you fix it.  The process is extremely simple. Got to Settings => General => Restrictions => Enter Pin => Enable Restrictions => Turn In-App Purchase OFF!

You’ll also notice that you can tighten the reins of censorship from your child such as YouTube, installing Apps, locations services and explicit content from music or podcasts.

Hopefully this article will help our parents out there to avoid future headaches and sore throats from yelling.

There’s a little term called public record in the United States, where anyone has the First Amendment/common law right “to access court records to inspect and to copy.” At the federal level this is governed by the FOIA (Freedom of Information Act) which has been known to be rife with exemptions and that little word called redaction.

The point here is that the right to access these documents is central to liberty and there’s nothing governing what’s done with this public information once it’s retrieved.  This is where Spokeo comes in…

Spokeo

There’s been a lot of talk about Spokeo and I felt it was time to throw my two cents into the mix and tie it all into what we do here on ITS. In this digital age people are inherently worried about privacy and they have the right to be. With all the Social Security number leaks by major institutions and Identity Theft at an all time high, it’s natural for someone to take one look at a Website like Spokeo.com and be concerned.

Spokeo is nothing more than an aggregator of your personal information that’s already available through multiple sources, both online and offline. The service they provide is almost like a search engine, similar to Google or Bing. You simply type in either a name, email address, phone number, username or link it to your own friends in a email account and it returns personal information about them.

This can be where they live, other residents of their home, relationship status, home value, median income, photos, age, ethnicity, gender, generic lifestyle interests, Google Maps images and other information.

According to their privacy page you can remove your Spokeo listing from public searches for free  by emailing them your name and email address, but I suspect this may just be a way for them to gather email addresses. This also wouldn’t stop your information from being available to the paid searches they offer or removing it from the third-party where they got your information from in the first place. A majority of that information is coming from public records like I mentioned earlier.

Aggregation

Let’s look as some examples of the type of public information that’s out there right now; available to anyone who knows where to look for it at (and not at Spokeo)

• Vital Records (Birth, Marriage and Death Certificates)
• Voter Registration (including what party you voted for)
• Divorce Decrees
• Real Estate Appraisal Records
• Professional and Business Licenses
• Consumer Protection Information
• Census Records
• Sex Offender Registration
• Criminal Records
• Anything on the Web that you or anyone else have associated with your name, address, etc.

Take a look at the last one on this list, because it’s what separates the traditional public information from this new age of online public information. This ties into previous articles we’ve written about on ITS concerning your digital identity and the implications of what you put out there for others to see.  The places you enter this information into to share with all your “friends” shouldn’t be responsible for what you type about your personal life, YOU should be.

So taking a look at all this information that’s public record doesn’t seem as powerful when the individual items are separated, but when a company like Spokeo comes along and puts it in one place by simply searching for your name; the results appear fairly scary to the uninformed.

This isn’t a knock on anyone who is scared about this information being available, but you have to understand that this aggregation of public information is alot more powerful than it may seem.

Personal Information Bubble

Hopefully this is a reality check for those that blindly continue to add to what I call your Personal Information Bubble, without truly realizing the repercussions. Is all personal information you share on the Web bad? Of course not, but what needs to be in the back of your mind as you type each keystroke is that this information is going to be publicly available forever!

There’s always places like Facebook that have certain “safeguards” to keep your private conversations only available to those you call “friends,” but seriously. You’re the one that should be ultimately responsible for what you write on the Web and what you choose to share. Why should it be the fault of a FREE social media outlet to 100% restrict the availability of what you type? It shouldn’t, period.

One good thing about this digital age of information brokering and aggregation is that it’s making it harder for those wishing to remain nefariously anonymous like those who skate out on Child Support or try to get a job without disclosing criminal information on their job application. Companies that offer background checks are pulling from this same pool of public records to tell employers about potential employees.

The internet is both a blessing and a curse; it’s given us access to an unlimited stream of information at our fingertips, but also made it easy for us to use that against ourselves without truly understanding what we’re doing. Hopefully this article has shed some light on your Personal Information Bubble that continues to grow each and every day.