Ah… the Internet equivalent to junk mail. Tons of worthless advertisements for products you don't need and don't want. Use my advice to not only help you to stop getting Spam, but to stop helping to spread Spam.

Turn off Images in E-mails

If you read the previous article about e-mail viruses, you know that you can't get a virus from the images in your e-mail, but the images DO help spammers.

They use images to defeat spam filters (which aren't able to "see" what's in an image the same way we do), but worse than that, when an image loads in your e-mail, the spammer or company who sent it has a record that you accessed the image and when. This is bad for several reasons:

• This tells them that your e-mail address is valid.
• They know that whatever trick they used to make you think it was a real e-mail is working.
• They can use the records of the image access to prove to whoever is paying them that people have seen the ad. Don't support the Spammers by letting them get paid!

For all these reasons, turn of images in your e-mail. You can always allow exceptions on a case-by-case basis for regular monthly newsletters or pictures from your family, but find the options in your e-mail to turn off images by default or for untrusted senders (fortunately, some e-mail services are already starting to do this for you).

Keep Your E-mail Address Off of Websites

During my graduate research into Spam (yes, I honestly did graduate research on Spam), I discovered that the most effective way to prevent Spam is to make sure your e-mail address isn't listed on webpages.

It turns out that Spammers use programs (called robots) to search the Internet for e-mail addresses. This is really easy to do if someone just leaves their e-mail on their website without any protection as in this case from the University of Idaho:

Every member of the faculty and every student is listed here with all their data (including e-mail). If you want your e-mail on a website, use some trick to defeat the robots. Here are some examples:

NEVER respond to a Spam e-mail or buy anything from them

If you click a link in a Spam message, you're telling them that Spam is working (and confirming your e-mail address as well). Once again, they can prove to the scum company that's paying them that their ad has been seen.

Worst case scenario, if you actually buy anything as a result of a Spam message, you are supporting the problem. Spam messages need to be fully ignored if they're ever going to die out! Even if you see a product you actually want, find somewhere else online to get it. Chances are that any company that advertises with Spam is bogus or at least terrible anyway.

Note, you may have heard the advice to never click the "Unsubscribe" link in any e-mail. While this is true for true spam, you can safely use the link in any legitimate newsletter or mailing from a company that you created an account with or bought something from. However, when in doubt, just block the e-mail address instead of clicking the link.

Don't violate the privacy of people in your contact list by sharing their e-mail addresses with everyone. What do I mean? Well, have you ever seen one of these:

The problem here is that everyone who receives this e-mail will also see everyone else's e-mail address and name. Why violate the privacy of your contacts this way? All that does is present a risk to you and them if anyone on the list is a spammer or scammer (or someone forwards this e-mail to one).

Put your own e-mail address in the "To:" field and take that giant list of people and put it in the blind carbon copy (BCC) field. Now when you send it, everyone will still get the e-mail, but the only address they will see is yours. And since they already know who you are, you're not giving away any private information to anyone.

You can still use CC if you wish, but only if you specifically intend for each person who receives the e-mail to know the other people who got the e-mail (for example, you send an e-mail to the tech support people and CC their supervisor so they know they will be called to task for their response).

Here's a great list I found online of all the major e-mail services and how to enable the BCC field if it isn't already.

Tags: BCC, CC, E-mail Etiquette

A virus can come from files, e-mails, web pages, or even devices you plug in (like thumbdrives or printers) and destroy your files or your computer once they get in. An anti-virus is software designed to detect and prevent that from happening.

For them to work properly, they must download software updates on an almost daily basis, so it is best to use free anti-virus products or keep the subscriptions current. Also note that you can't install multiple anti-virus products simultaneously as they will interfere with each other.

Our currently recommended anti-virus product is AVG:

---

Viruses can destroy your files and cause all kinds of havoc. Protecting yourself involves having an Anti-Virus, but that's not always enough. Make sure you are using secure e-mail practices to help prevent viruses from infecting your computer.

Use of HTML in E-mails

It's extremely unlikely that you would be hacked just from looking at an e-mail (as long as your e-mail is only loading text and maybe some images). If you're ultra-paranoid about it or if you don't care about the pretty colors and pictures, you can eliminate the risk entirely by turning off HTML and images in your mail program.

Many online e-mail services are already blocking images and such for any e-mail that comes from untrusted senders which helps, but for all others (and if you want to just go text-only for all e-mails), the simplest way to do it is to do an online search for "Turn off html in X" where X is your e-mail program or service. You should quickly find a guide explaining how to change your settings. If not, leave a comment about the program you're using and I'll try to help.

Never Open Attachments

Knowing how hard it is to try and infect an e-mail itself, the bad guys will try to sneak one into the attachment instead. Note that some of the most famous Internet viruses spread via this method (The "Melissa" virus, the "I love you" virus, etc).

Granted I'm not serious when I say never open attachments, but be very cautious. Attachments from strangers are sure to be trouble so just ignore them. However, attachments from people you know aren't guaranteed to be safe either.

When a virus hits someone, it can go through their address book and send itself to everyone they know (which may include you). That means that when you get the virus, it will have actually come from the computer of someone you know.

An advanced virus will either copy the contents of a previous e-mail or combine words from several to sound like a real e-mail (which will hopefully trick you into thinking your friend/family member actually sent it).

Though anti-virus programs on your computer and the ones that now automatically scan your web mail before you read it (Yahoo has McAfee scanning built in for example), the best advice for dealing with suspicious attachments is to always call or contact the sender to verify its authenticity before you open it.

Never carelessly follow links

(Particularly for the shortened links on social networking sites)

Now that attachments aren't working as well, the best way for the bad guys to get you is to lure you away from the safety of your inbox out into a more dangerous area online (the "dark side" of the web).

Because new exploits and tricks are coming out on a nearly daily basis for web browsers, you can get hacked just by visiting the wrong website. Therefore, the best defense is to never visit some parts of the web which also means you can't fall for lures.

Any e-mail from a bank or other service you use on a regular basis should be treated as suspect. It might say someone has "friended" you or that your bank account has been drained, but no matter what, never click any of the links. Instead, go to the service or website directly and check there to see if the alert was real or not.

If someone sends you a link (especially if they just send the link without bothering to write anything else making it easier to tell it was really them), trust your instincts (unless you have bad instincts in which case you shouldn't). Whenever you're not sure of a link or information in an e-mail, remember that people's accounts can be hacked and that it might not be real. Call them to verify it before doing anything.

Tags: Email, Phishing

You might have heard of the "need to know principle" used in movies and such (usually in a comedic way). Despite the mockery people assign to the phrase, it is not only quite valid, but a very good rule of thumb.

In the classic form, any decision to provide information to someone must pass the "need to know" test. If the person requesting information has no legitimate need for the information, you don't provide it.

People who, like me, who think Internet communication and collaboration is a great thing and that open and transparent government are vital to the health and continuation of our country usually think that need to know is the exact opposite of those ideals, when it fact, it is not.

The truth is that open government doesn't mean that people know EVERYTHING. They can't and shouldn't know everything that our police and courts know because if they did, enemies of our country could use them against us.

Similarly, people have been learning for a few years now the consequences of what happens when they post too much online or aren't careful with who they add to their friend's list on social networking sites. Getting embarrassed, fired, robbed, etc.

The Geek Privacy Principle

The main problem is that need-to-know doesn't go far enough. It's not just a matter if they "need" to know the information, it's also about whether you want to give it.

Remember that privacy is the right to decide who knows what about you and when. It's your information and as long as you haven't performed criminal acts, you maintain that right. Therefore, even if someone has a need or right to know in some sense, you should first decide if there's any specific benefit to providing the information. Benefits usually fall into one of these categories:

Now to bring it together:

How to apply the principle

In social situations

In social settings, there may be many situations where someone asks you something you don't want to provide. A business interview, a neighbor, an old schoolmate you see one day in the grocery store; all of these might tread a little to far into your personal life.

If you learn to adopt the Geek Privacy Principle, you won't tell them any more than they need to know and certainly nothing that you're uncomfortable providing. To respond to a question that goes too far, try this:

1. Ask, "Why do you want to know?", "What do you mean?", or "Why do you ask?". Doing so buys you a little time to think about whether you really want to answer or not, but it also gives them the chance to clarify. They may drop the subject right then realizing they went to far or they may not have meant what you thought at all.
2. Once you have clearly determined that you do not want to answer, a simple way of handling it is to say "I prefer not to say", "That's a bit personal", or in a business situation "I don't believe that question is relevant to my work performance". It takes some guts to do this, but it's well worth learning.

For obtaining goods and services

1. You receive a request for information. Ex. "What's your phone number?".
2. Determine their need for the information by asking them why they want it. In this case, let's assume that the haircut place will remember the details of your cut so they can repeat it easily the next time.
3. Decide if you benefit from the information request. For example, do you care if they remember what "numbers" they used for your haircut?
4. Question the validity of the request. Ex. Must they have your phone number for that? Won't any number do? If so, now would be a good time to apply your privacy alias (explained later in this guide)
5. In cases where it's not legal (when dealing with courts), not ethical, or not practical (to obtain healthcare with your insurance) to provide your alias information, your only option left is to decide to provide the information or walk away (but be willing to walk away when necessary).

In Summary

Always remember that the more information someone has about you the more creative and successful they can be if they ever decide to destroy you. The neighbor who hates your guts, the spurned ex girlfriend or boyfriend, the guy who you accidentally cut off on the highway.

And sometimes, you can't tell the difference between a regular person and a psycho killer which is why you should never, ever say "I've got nothing to hide…" (go to next section). Tags: Nothing to Hide, The Basics

The one thing most people completely underestimate is the value of their personal webmail accounts. You think your bank or web store is important? Well, have you ever noticed those oh-so-helpful "Forgot my password" functions? What do they do when you click that? They send you your password or they reset it at the least. Either way, if someone gets access to your e-mail account, they completely control everything you have on the Internet.

Besides the security risks, what about all your personal information? How many e-mails do you store online and how many years back do they go? Information about friends, family, business contacts; all things a bad guy who wants to do you harm could use.

Maybe you have a medical condition or a secret of some kind. Someone can use that for blackmail. What if they don't do anything that sinister and just impersonate you instead? If they send a virus from your account or scam your family into thinking you need money, chances are that your contacts will fall for it since it appears to have come from you.

That's why it's important to make sure that your e-mail account has one of your strongest passwords among your online accounts (if not THE strongest).

Tags: E-mail, Passwords

Have you every thought about the art-form that is picking an e-mail name? You have to choose one that no one else is using, it has to be creative or descriptive of you in some way, and not include too many numbers (angry_eggplant is creative, but angry_eggplant375253 is lame and hard to type too).

But there's more to it than that. If you're using an account for business, you'll probably want your business name or personal name. If you're using the account to sign up for religious, political, or hobby sites that you don't necessarily want people to associate with you for privacy reasons, using your real information is not a good idea.

Many e-mail services also let you choose a display name that is different from your e-mail address (which is how spammers can show up in your e-mail box as "Joe" when their actual address is eoi26@aoidjwd.net).

Whether it's your e-mail itself or just the display name, follow The Geek Privacy Principle: Never give up important data without a reason.

How to choose a good business e-mail name

First, decide how you want to use the e-mail account. Generally, only in cases where you are specifically using an account for a business of some sort would I say it's ok to use your real name. Even then, why list your full name when your first name and last initial (or the reverse) will do? Here are some examples:

• Jeremy D (jeremyd@nomail.com)
• J Duffy (jduffy@nomail.com)

Be careful that your e-mail name added with your display name don't give away everything such as in this case: Jeremy D (jduffy@nomail.com).

You can also get creative with your e-mail (which you usually have to do since there's probably a lot of people with your name that already have e-mail accounts). Maybe something like this would work:

• Jeremy (thegeekprofessor@nomail.com)
• Jeremy (onestopcomputing@nomail.com)

I know plenty of people who look perfectly professional with public e-mail accounts by using their business name as their alias and using the display name to make who they actually are more obvious.

And in the final case where you have your own domain name, it's pretty easy to create a good e-mail name, but don't over-do it:

Good

• jeremy@thegeekprofessor.com (not a real e-mail by the way)

Not Good

• jeremyduffy@thegeekprofessor.com (unless you don't care that EVERYONE knows your last name)
• Jeremy.G.Duffy@thegeekprofessor.com (is there ANY point to giving out your middle name or initial? I don't think so).
• CEO_Jeremy@thegeekprofessor.com (Way to paint a target on yourself. Prepare for Phishing and worse).

How to Choose a Good Personal Username

The first rule is to not use your real name or any other important information. At the MOST you can put your first name as your "display name" so people have an idea of who you actually are, but unless it's necessary, it's better not to.

The second thing is to think twice about what IS important information in the first place. Do you really care if everyone knows that you love dolphins? Probably not, but if you are trying to be anonymous, even that amount of information could be used to help uncover your true identity.

Also, if your e-mail name broadcasts the things you like, that can be used by someone to social-engineer you. Now, it might be paranoid to avoid something so innocent for a fairly low risk of being conned, BUT if someone were to contact you talking about how much they loved dolphins, remember that a con artist will start out by trying to build rapport and a good way to do that is to love what you love.

Tags: E-mail

It's great isn't it? When you sign up for Internet service and get online the first time, they helpfully provide you an e-mail account to use for free! Of course, almost all online e-mail accounts are free, but your isp makes it easy by giving you software that sets your homepage to their service with quick links into your e-mail. Heck, they practically PUSH you right into it.

The problem comes in when you inevitably find a better deal and want to switch services. It's a pain to change e-mail accounts particularly if you started using it for your business. But most ISPs won't let you keep your account once you cancel service. You either have to give it up or pay a monthly fee to access it. Now… you're trapped.

I have known people who have paid over $15 a month to their prior ISP just so they could keep the account active! So much for saving money with a different provider. In fact, there's a lot of people who, after doing the math, decide it's really not worth switching at all. On an unrelated note, I wonder how these companies decide how much to charge for e-mail service without Internet… hmm…

Avoid the Trap

All thinly veiled accusations aside, it's simple to just avoid the trap in the first place. Never, EVER, use the e-mail provided by your Internet service (unless you think it would make a good decoy account and it doesn't list your real name).

It's simple and it's free to get e-mail service from any number of well-known providers online: Hotmail, Gmail, Yahoo etc. I've used all three and they each have their advantages and disadvantages, but the key is that they all work regardless of any ISP you use.

Tags: Free e-mail, ISPs, Scams - Ripoffs - Dirty Tricks

It's a proven fact that there are more strangers than people you know. While there may be some percentage of complete strangers who will treat your private life with the same care and diligence as a close friend or family member would, odds are that most won't. Though most people aren't dangerous, some are and they don't come with forehead labels so you can tell the difference.

Why should I care? I've done nothing wrong

According to who? Some would say that because you have a house and a TV and maybe a nice phone, your privilege grants them the right to target you for burglary. When I was a government worker, that fact alone justified harm in some people's minds (stick it to "the man"!) while elsewhere in the world, simply being a US citizen means you're guilty and deserving of death. What if you simply look similar to a known terrorist? Did you leave a big enough tip at the restaurant?

The world is made up mostly of people who don't know or care about you, but might depending on what information they find about you. Whether you post it yourself or its exposed accidentally, all it takes is one errant tweet or photo taken out of context to get you fired, harassed, or sent death threats.

Outrage doesn't stop to consider or wait for an explanation. Evil doesn't feel remorse or mercy. Once someone decides they don't like you, the ways they can harm you is limited only by what information they have about you and their imagination.

Did you know that thieves are watching social posts to find out which houses are unguarded while the family is on vacation (and if your insurance finds out, they may not pay)? What if someone doesn't like how you treated them and can find out where you work? It's not especially difficult to contact someone's boss and make a case for why you shouldn't have a job anymore… and depending on what I know about you and share with the boss, it might not be that hard of a pitch.

It's worse than you think

Snooping and judging is the new norm. Do you imagine I won't dig up everything I can find on someone who wants to date my daughters? Do you still think you can get a job and not have your own social posts brought up in the interview?

Our courtrooms live and breath on the evidence that comes from your online activity. Lawyers, co-workers, or ex-lovers may all be motivated to paint you as someone you're not. Could they use your emails and comments to make you look biased, predisposed, violent, or whatever else they need to win? Sometimes police and politicians are under so much pressure to make someone pay that they're not very careful about who actually goes to jail. It's in your best interests not to hand them the knife they stab you with

And then there's the everyday data gathering businesses and online sites do every day to profile you and exploit your weaknesses for money. Even when it's as simple as giving private information to the dentist or rental car company, information they hold has a habit of leaking away to even more people you don't know. When you give information to organizations like these, you have no idea how many people or what kind of people will end up in possession of it leading to ID Theft or worse.

Summary

Privacy is simple risk management: there are far more people in the world that you don't know and trust compared to people you do. Giving information to people who's motivations and capabilities are unclear is not smart and not safe. Stop saying "I have nothing to hide" and start saying "why do you want to know?"

Tags: Nothing to Hide, Privacy

This topic is of particular importance because if you want to make sure that your personal life doesn't mix with professional, you'll want to make sure that your obligation-friends don't see your party pics.

The first thing you need to do to control your photos is make different albums for different topics. Note that your profile and wall albums are automatic, the rest you can make in the Profile > Photos area.

Once on this screen, you can create a new album by clicking the button labeled as such.

On the creation screen, enter a descriptive name and details if you wish. The location is just something so you and people will know where the photos were taken (Europe, the Diner, or whatever). The important control here is the Privacy option. Just like in privacy control screen, you can select Customize and choose specific groups of friends.

So now my Mom, my sister, and all my real friends can see these pics, but not my Boss, or those obligation-friends. Piece of cake!

Tags: Facebook