What should you consider sensitive?

Topic

New Reply

ON SECURITY By Susan Bradley What information is sensitive? What information should you never give to anyone? The answer is, it depends. Sometimes it
[See the full post at: What should you consider sensitive?]

Susan Bradley Patch Lady

5 users thanked author for this post.

lmacri, jburk07, Alex5723, Lars220, oldfry

Reply | Quote

Replies

I think it’s a matter of what a person feels comfortable sharing. My advice is never give your personal info like SSN, address, phone, medical history, or any close to home/subject data that loops around over the internet, regardless of location on the map where you plant your roots. Anything that reveals your day to day personal life and whereabouts. Photos contain GPS info and dates, which can take anyone to your location if they’re looking to do that. I’m not always in sync with my own advice, but it’s a matter of preference and concern. Knowledge is key in staying safe. With any action taken when tapping at the keyboard, just know the consequences when opting to share your life’s blueprint.

MacOS, iOS, iPadOS, and SOS at times.

2 users thanked author for this post.

Charlie, Lars220

Reply | Quote

Myst wrote:

Photos contain GPS info and dates,

One can (in Windows, anyway) delete identifying data.
In Explorer: Rt-click on the photo, which displays Properties
. . .  Properties > Details > Remove Properties and Personal Information
– – one then has a choice:
– Create a copy with all possible properties removed [default]
– Remove the following properties from this file: [select items to delete]

4 users thanked author for this post.

Charlie, Lars220, Myst, b

Reply | Quote

As far as location info on photos, I’ve got location switched to “Off” as has been the case for me all along. I like having dates associated with the photos app but not location. My preference. And yes it is nice to have access for the data to be taken off for the sake of privacy.

MacOS, iOS, iPadOS, and SOS at times.

Reply | Quote

One can also remove metadata from Office files. This metadata, among other things, identify the owner of the software the file was created with (e.g. you). Something I learned long ago, the hard way.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

1 user thanked author for this post.

Lars220

Reply | Quote

Depending on where and when: Full names: mine, those  of people I know; same for domicile addresses, emails; nationalities, ID document numbers, photos and portraits … anything that, under the “right” wrong circumstances could pin a target on the back of those so identified for nasty people to hone their metaphorical and even actual shooting skills on them.

The exact same things we are taught in those annual IT security courses never to send in unencrypted emails.

But it’s OK to send family portraits to Grandma with the shy little ones clinging to the legs of their Mum. And cute cat gifs.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

The guidance I was given when google came into existence..

“If you wouldn’t dare print it out and nail it to your front door” or gate (so it’s visible from the street), “it’s sensitive and shouldn’t be on line for anyone you don’t know to find”.

That way it doesn’t matter which principality the on line data is stored (as it isn’t mainly) in which is a particular issue in some businesses with regulations on that, and Windows 10 coming with onedrive for the user to configure by default. (think remote working, documents syncing to cloud copies..)

That is to say, not only “what is sensitive” but “where is it going to be stored” in the physical world.

 

3 users thanked author for this post.

Mr. Austin, Charlie, geekdom

Reply | Quote

Thanks for this article, Susan.

One thing I would recommend to anyone here who owns property in the UK is to register with  HM Land Registry’s Property Alert service. It’s very simple to do online and it means that whenever someone makes enquiries about your property you automatically receive an email notification. This is an important step in preventing criminals from obtaining enough information about your property and ownership to set up a fraudulent sale to an unsuspecting purchaser if, for example, you are leaving the property empty while working abroad.

Mind you, they do send an email update every 6 months and even if it says that you asked to be notified about any enquiries and none have been made, the mere reading of the opening phrase “You asked to be notified…” is enough to raise my blood pressure before I read on!

Reply | Quote

OscarCP wrote:

One can also remove metadata from Office files.

“Everything you do generates data somewhere. That data, when collected and analyzed, becomes information. That information can tell someone more about you than you probably want them to know.”

Written by: Guy McDowell, – Posted on: June 17th, 2019 in: MS Office Tips – online-tech-tips dot com

How to Completely Delete Personal Metadata from Microsoft Office Documents – Plus the reasons why you want to do this

https://www.online-tech-tips.com/ms-office-tips/how-to-completely-delete-personal-metadata-from-microsoft-office-documents/

5 users thanked author for this post.

KP, SueW, oldfry, Myst, OscarCP

Reply | Quote

The idea that Office docs have significant metadata I’d want removed hadn’t yet occurred to me. Thank you.

Reply | Quote

I like the tip about converting the docx file to a zip file to see what is inside.

 

Reply | Quote

Your article is pretty good, Susan. It’s the kind of page to which I’d refer noobs who want to educate themselves.

I’ve been using EXIF Pilot to remove image metadata for so long… that at this writing I can’t remember when I started using it. Probably during the old days of my iPhone 3GS. A subsidiary fact is that I keep my phones a long time. I’ve had only three models.

Reply | Quote

Watch out for the following persuasion “excuse” from financial people like young bankers without any thought to cybersecurity (but “trying to get the job done”). “I do this for my dad’s (/ mom’s) account”. They are trying to get me to provide them with my mother’s maiden name as a security answer.

Reply | Quote

Susan says a caller might ask for a fraction of information to “confirm that it’s you.”

When someone does that to me, my response is “You called me; you know who I am. Prove to me who you are. Tell me some secret you know about me.”

Some professions such as legal and medical are forbidden from sending much more than a “hello” or a confirmation via email. That’s why you have to chat and share documents through their portal. I look forward to when all email clients offer a universal, encrypted communication by default.

 

1 user thanked author for this post.

Mr. Austin

Reply | Quote

In principle, a good idea, to demand that the caller authenticate themselves, but I don’t think I would encourage doing it in this way.  They might have something that has leaked, and where they really do know.  And some of them are pretty adept at trying to convince you that they have that information, even if they don’t.  This is the kind of methodology that some of the extortionists use, especially the ones that threaten to expose illicit activity.

One thing in this area that may help is in notifying the caller that the conversation is being recorded (even if it’s only a bluff).

Most of us are used to the notification of “this call may be recorded” notifications (which we generally ignore, or forget within a few seconds of the notifications (much as we don’t give much thought to click-through EULA agreements), but for any non-personal call, it can be useful to put the person at the other side on notice about recording, even if you’re not actually recording.

1 user thanked author for this post.

Mr. Austin

Reply | Quote

Bill Barnners: ” I look forward to when all email clients offer a universal, encrypted communication by default.”

A problem I’ve found sending encrypted emails is that not everybody can read encrypted emails. Some email clients might enable the reading of encrypted messages from a particular sender, but I believe this is not a universal feature. Until sending and receiving emails encrypted in a uniform, universal way is the norm, encryption use will be limited by this issue.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

Demanding that caller authenticate themselves is a good good idea, but I don’t think I would encourage doing it that way.  It’s entirely possible that a scammer may have data that has been leaked, and just because they have that particular info about you doesn’t mean that they’re legitimate.  I know that the extortion operations are effective with this kind of thing, and even if they don’t necessarily have sensitive information, some can be pretty convincing that they do have it,  even if they don’t.

Something else could be useful, of informing the caller that you’re recording the call (even if you’re bluffing).  Very few scammers are likely to want their words captured in a way that can be used against them, and I think that most will end a call immediately.

 

Reply | Quote

“Still Anonymous” seems to be referring to junk telephone calls.

To deal with them, I simply hung up. Then disconnect the (land-line) phone until I need to make a call, or while expecting to receive one. I do the same with my cellphone by keeping it turned off when not immediately needed. When turning the phone on again, or plugging it back to the wall socket, I first review my voicemail for unanswered messages. Anything identified by a long string of numbers as the message-sender “phone number”, I delete right away. I have been doing this for years and still have not had something bad happening because I deleted a call I really had to return.

So no personally identifiable sensitive information ever leaves my lips when on the phone with some complete stranger — or even with some of the people I know, but not all that well.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

The two programs I use to erase the metadata from jpgs are JPG Cleaner 2.6 (Originally written for Windows 98, but still works on new Windows versions.), and JPEG and PNG Stripper. I learned you should run both programs in this order. As to why you should remove the metadata from images, a more lucid and mainstream reason came to the fore in April 2020, when somebody posted images of a Chicago bar (taken from outside of it) which was definitely violating COVID-19 occupancy restrictions. The poster who had left in all the metadata was the person who received death threats. 🙁

Important links you can use, without the monetization pitch = https://pqrs-ltd.xyz/bookmark4.html

1 user thanked author for this post.

OscarCP

Reply | Quote

So it seems Susan has remove the option to post annon. Please bring back Woody. He understood why people need to post annon. I am one of those people.

 

I never share any personal info with anyone.  Even over phone, I want to meet in person at the business. There are too many call loggers and telemery in Windows 10 and smart phones etc

Reply | Quote

You’ve clearly still posted anonymously.

Susan Bradley Patch Lady

Reply | Quote

I was worried that would not posted since I had to use support@askwoody.com as email since required. Hopefully will be able to use that email for posting.

Reply | Quote

As you can see, you can still post.

Susan Bradley Patch Lady

Reply | Quote

This isn’t about the content, but readability.  I’m puzzled, starting with this email issue.

Even with my email app window fullscreen width, the text still runs past the window width, truncated.  So I tried “read in browser,” and I see the full first article, lines folding to fit, and a yellow sidebar.  But below the 1st article, just short summaries (leads), for the remaining topics.  (I know there’s more because the full article lengths show in the email that truncates lines at the  window width.  And I have no clue what  the little Talk Bubbl X’s should do.)

If it matters,  I’m still using the venerable full-featured Eudora 7.1.0.9 app for which I’ve seen no reasonable equal;  I’m leery of the inscrutable Outlook PST hodgepodge lump files.

Reply | Quote

Please email customersupport@askwoody.com and I can look into what’s going on with your view.

Susan Bradley Patch Lady

Reply | Quote