Attention Lenovo PC Owners: Something’s Fishy with Your Computer

/in /by

Does your Lenovo computer have Superfish VisualDiscovery adware (a.k.a. spyware) installed? It’s possible if you purchased a Lenovo PC any time in September of 2014 and thereafter.

13DThis Superfish software intercepts the Lenovo user’s traffic so that the user sees ads displayed that reflect their browsing habits. The problem with this targeted advertising scheme is that it comes with a vulnerability that makes it easy for hackers to attack.

Superfish enables targeted advertising by installing what’s called a trusted root CA certificate.

Browser-based traffic that’s encrypted gets intercepted, unscrambled and recrypted to one’s browser by a man-in-the-middle attack. Due to the trusted root CA, the user’s browser will not show any warnings that there’s something very fishy going on (i.e., an attack).

The private key of the Superfish software can be easily recovered. This enables a hacker to produce certificates for any website that’s trusted by a system that has the Superfish adware installed.

The hacker can then replicate websites, or spoof them, without the user ever knowing it because the browser won’t know it. The type of attack is called SSL spoofing.

Many Lenovo users, hence, have the perspective of, “How DARE Lenovo preinstall this software?!” Lenovo has received harsh backlash and has claimed they’ve discontinued these installations. But this doesn’t reverse the vulnerability of the PCs that already have the adware.

To find out if your Lenovo has this adware, see if it has an HTTP GET request to superfish.aistcdn.com. And then if it does, uninstall it, along with the root CA certificate—don’t just uninstall the adware only; that certificate is what gets the hackers in.

The Microsoft Windows certificate store, and the Firefox and Thunderbird certificate stores, can guide you in managing and deleting certificates.

Right now, the best thing to do is head to this site: https://lastpass.com/superfish/ and then this site: https://filippo.io/Badfish/ to confirm your device doent have the superfish. If both check out OK, you’re good.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention. Disclosures.

Stolen Social Security number? Don’t Worry!

/in /by

Just when you think it was safe to believe your Social Security number can’t get stolen…news breaks of the Anthem data breach. Over 80,000,000 patient records were compromised, including SSNs and home addresses. Like a meteor striking the earth, a disastrous ripple effect is underway, with patients getting hit up with phishing e-mails.

1PIf you ever suspect your SSN has been stolen, some suggest contacting the IRS and Social Security Administration and notify them of your situation. The thief can do bad things with your number, but if you contact these agencies, can you really protect yourself from that? I’m not sure these agencies can really do anything based on the volume of fraud happening today.

So what should you do to guard against ID theft while you’re still ahead?

Your credit report should have a fraud alert placed on it. This way, lenders and creditors will be stricter about identifying you as the authentic applicant. Thus, a thief will probably flunk these extra steps. Contact either Equifax, Experian or Transunion and they’ll place the 90-day fraud alert. You can also ask for an extension. Consider re-establishing the fraud alert every 90 days. The fraud alert will net you a copy of your credit report. Examine it carefully.

Watch your credit like a hawk. If nothing happens during those 90 days, this doesn’t mean you’re in the clear. A thief may act after 90 days, or, just as a baseline good practice, you should still always monitor your credit. Self-monitoring your credit involves either buying your credit report as often as you’d like or getting it free, quarterly at AnnualCreditReport.com.

Credit freeze. A more secure measure is to freeze your credit, but this means you too can’t do anything like apply for a refinance on your house until it’s “thawed”. But if you don’t foresee needing to do that or open new lines of credit in the near future, then you’ll get more peace of mind with a credit freeze.

If an unforeseen need to apply for a loan surfaces, you can unfreeze your credit. Just keep good notes regarding the user/pass and web address to quickly thaw your credit. A credit freeze/thaw requires a one-time fee of $5-$15.00. Cheap and effective.

Identity theft protection. This is a no brainer. For $100-$300 annually for an individual or family of 4, your identity is being monitored 24/7 by professionals who will also restore your identity in the event of loss. Check with the companies Terms of Service and their features/benefits to determine what the will and will not protect against.

Be smart. Though some hackers are amazingly ingenious and subtle with their schemes, other tricks are so obvious that it’s astounding that anyone who’s smart enough to use a computer could fall for them.

A college degreed professional can be so caught up in the latest trash or tragic news about a very high profile celebrity that they could be lured right into the palm of a ruthless scammer: The bait is a link to an exclusive interview with the celebrity’s mother. Hah! Click the link, and you’ll become the mouse in a trap.

  • Never click links inside e-mails, even if it seems that the sender is from someone you know.
  • Don’t even bother opening e-mails with sensationalistic subject lines like “Exclusive Video of Bruce Jenner in Mini Skirt.”
  • When using various online accounts, see if they offer two-factor authentication; then use it.
  • Use different passwords for all of your accounts, and make them long and unique, not “123Kitty.”
  • Use antivirus and anti-malware and keep them updated; also use a firewall.
  • Shred all personal documents before putting them in the rubbish.

Never give out your SSN except for job applications, loan applications, credit card applications and other “big stuff.”

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention. Disclosures.

The White Hat Hacker

/in /by

These days, it is hard to pick up a newspaper or go online and not see a story about a recent data breach. No other example highlights the severity of these types of hacks than the Sony breach late last year.

11DWhile a lot of information, including creative materials, financials and even full feature-length movies were released – some of the most hurtful pieces of information were the personal emails of Sony executives. This information was truly personal.

You have a right to privacy, but it’s not going to happen in cyberspace. Want total privacy? Stay offline. Of course, that’s not realistic today. So the next recourse, then, is to be careful with your information and that includes everything from downloading free things and clicking “I agree” without reading what you’re approving, to being aware of whom else is viewing your information.

This takes me to the story of a white hat hacker—a good guy—who posed as a part-time or temporary employee for eight businesses in the U.S.. Note that the businesses were aware and approved this study. His experiment was to hack into sensitive data by blatantly snooping around computers and desks; grabbing piles of documents labeled confidential; and taking photos with his smartphone of sensitive information on computer screens.

The results were that “visual hacking” can occur in less than 15 minutes; it usually goes unnoticed; and if an employee does intervene, it’s not before the hacker has already obtained some information. The 3M Visual Hacking Experiment conducted by the Ponemon Institute shed light on the reality of visual hacking:

  • Visual hacking is real: In nearly nine out of ten attempts (88 percent), a white hat hacker was able to visually hack sensitive company information, such as employee access and login credentials, that could potentially put a company at risk for a much larger data breach. On average, five pieces of information were visually hacked per trial.
  • Devices are vulnerable: The majority (53%) of information was visually hacked directly off of computer screens
  • Visual hacking generally goes unnoticed: In 70 percent of incidences, employees did not stop the white hat hacker, even when a phone was being used to take a picture of data displayed on screen.

From login credentials to company directories to confidential financial figures – data that can be visually hacked is vast and what a hacker can do with that information is even more limitless.

One way to prevent people from handing over the proverbial “keys to the kingdom” through an unwanted visual hack is to get equipped with the right tools, including privacy filters. 3M offers its ePrivacy Filter software, which when paired up with the traditional 3M Privacy Filter, allows you to protect your visual privacy from nearly every angle.

Robert Siciliano is a Privacy Consultant to 3M discussing Identity Theft and Privacy on YouTube. Disclosures.

Promote Child Home Safety

/in /by

A recent controversial SuperBowl commercial from a major insurance company depicted a young boy who died as the result of numerous preventable household accidents such as poising and falls. The commercial got lots of traction via social media. Although it was presented tactfully, many people didn’t approve. The truth hurts and sometimes isn’t pretty. However the message was clear; so many child deaths are preventable!

1H“I’m home!” If your child is not reliable at notifying you they’ve arrived home from school, set up a real-time alert system. Home security/automation systems can assist with this.

Don’t answer the door. Your kids should be under strict orders never to answer the door no matter what. Role play this with them; pretend you’re a stranger on the outside of the door, begging to use the phone for an emergency. Instruct your child that if someone’s crying help, to NOT open the door and instead dial 9-1-1.

Smoke detectors. Have smoke alarms in the house and educate your kids about them.

Carbon monoxide detectors. Newer smoke detectors are 2-in-1 carbon and smoke detectors. CO gas is odorless and invisible. Ingestion is painless. That’s why it kills so easily.

Hide cords and wires. Not only are these a tripping hazard for adults, but toddlers just love to pull at these. Toddlers have been known to put these in their mouths and stick objects into electrical outlets. Put “baby proof” covers on outlets and bundle and/or hide the cords.

Eliminate anything that can act as a noose. It’s difficult to imagine how a toddler can end up hanging dead from a curtain cord, but it’s happened.

Buckets. Babies and toddlers love playing in small spaces like card board boxes and even buckets, but buckets can easily robs them of life under certain circumstances. Never leave a toddler unsupervised near a bucket of water (you’re bathing the dog and you leave the area to answer the phone or check your cooking food).

Toddlers have been known to topple head-first into buckets of water and drown because they couldn’t lift their heads out. Note the proportions of a toddler’s head to the rest of his body and you’ll see why this kind of fatality happens.

Baths. Never leave babies or young children unattended in bathtubs, even for “just a few seconds.”

Hide the matches. Why is it that parents can be so good at hiding the candy but not the matches? All to often we read about home fires being started because a child was “playing with matches.” Disclosure: I lit an entire couch on fire in my house as a kid while playing with matches. My mother will vouch. Sorry mom!

Hide the guns. Keep your guns available to you for protection but impossible for your kids to get to. There are numerous gun safes and lock that should be deployed.

Poison control. Our first child was allowed to go into the bottom kitchen cabinets and pull out everything she wanted to and scatter it all over the floor. Once. Made for a fun video. Of course the cabinet containing the cleaning supplies was off limits. The second child didn’t have this option due to all the cabinet locks. Don’t forget the bathroom and linen closets and even the garage.

Home security. The smartest child in the world can still be victimized by a thug who broke through a window. Windows should have shatter-proof film. Your child should learn how to activate the house alarm so that it will go off if someone tries to break in. You can be connected to all this with smartphone applications.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Victim overcomes Identity Theft with Art

/in /by

Does your wallet contain enough information about you for someone to steal your identity and commit crimes under your name? That’s what happened to Jessamyn Lovell when Erin Hart stole her wallet in 2011.

http://www.dreamstime.com/stock-photos-identity-theft-red-words-binary-code-computer-monitor-image39907813Hart shoplifted, checked into hotels and rented cars in Lovell’s name. Of all the nerve.

Lovell tracked Hart down and documented this in “Dear Erin Hart,” a photo project. Lovell couldn’t find the heartless Hart on her own, so she hired a private investigator. Turns out Hart was sitting in jail on numerous charges. Hart served eight months and upon exiting the city lockup, was photographed by Lovell.

That was just the start of stalking Hart. Lovell, the PI and two of his assistants followed the thief around all day, taking pictures of her doing ordinary things like buying cigarettes and shopping at a thrift store. The trail disintegrated after she entered an alley.

Lovell had a chance to confront Hart, but opted not to, concerned that it could turn ugly. But the several thousand dollars that this 2013 venture cost Lovell was worth it.

The following year Lovell, with the PI’s help, found Hart again. And in September 2014, Lovell opened her show at SF Camerawork—the very location of the wallet theft. Lovell is writing a book and hopes to have it out in March this year.

Lovell has also gone as far as sending an e-mail to Hart (via her probation officer), asking for Hart to respond, but Hart has not.

“I just wanted her to know that she impacted a real person,” Lovell says in an article on wired.com.

Lovell actually feels some degree of connection with her identity theif because she grew up poor and figures that Hart is hard up for money (though Hart certainly didn’t need to waste what little money she had on cigarettes). Nevertheless, she has no desire to try to make friends with Hart.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention. Disclosures.

This is what Spy Software looks like

/in /by

If you’ve ever watched virtually any spy flick or James Bond movie you’re familiar with “bugs” – those little dime-sized metallic things that the bad guys would secretly stick under someone’s desk to record any conversation in the room—picked up by a receiver in their car. Or, the phone was “tapped” – the device was inside the receiver.

2WHow primitive! Because these days, all of your computer, mobile, tablet and online activities can be “bugged” – without someone ever coming into your home or office—remote spying—done with spyware. They know what you’re posting to Facebook, what videos you’re watching, what secrets you’re telling or hiding—anything and everything. They may even be watching YOU as you type or recording your keystrokes.

Spyware companies sell the technology and it’s legal to purchase. Spyware ranges from $40 to $200 a month. Based on their sales, it’s feasible that millions of Internet users are being spied on.

Selling spyware is perfectly legal, as mentioned, even though this can get into the wrong hands. But it’s akin to the legal sales and use of knives. In the wrong hands, even a butter knife could be a dangerous weapon.

Though some spyware devices must be installed physically on the target’s device (e.g., wife installing on her husband’s device, employer installing on employee device, parent on child’s device), some devices can be installed remotely.

This isn’t as techy as you think. The spyware companies want to make money, so they’ve made it easy to install and use their products. Parents wanting to know what’s going on with their teenagers are drawn to this technology. So are psycho-stalkers.

Spyware is a big hit with people wanting to find out if their spouse or significant other is cheating on them, and many even focus on this in their ads. Another demographic that’s drawn to spyware are employers who want to see what their employees are up to.

But let’s not forget that a thief could spy on someone to get their credit card number, passwords and other crucial information and then use it to drain their bank accounts, max out their credit card or open a new credit card under their name and go wild with it.

Spyware can also be used to eavesdrop on phone calls after the snooper (or stalker) puts the app in the phone. There are cases in which abusive men did just this to their partner’s phone after the partner fled from them, then tracked them down and committed violence against them. So should spyware be banned? Well, it goes back to the butter knife analogy.

Spyware gets away with legality because of its strong legitimacy in terms of parents keeping an eye on their kids, and employers monitoring employees whom they think are goofing off on the job. However, an employer can take it further and “follow” where the employee goes on lunch break or to see if they went to that big basketball game when they called in sick.

That’s pushing it, but it can go even further: The spyware customer could intercept phone calls, text messages and anything else the unsuspecting target does on their smartphone. However, even though spyware came out in the mid ‘90s, there have been only three prosecutions. If it’s ever outlawed, parents will go berserk.

How many times have you read about something horrible that a teenager did, that was somehow connected to their online activities, and you thought, “Where were the parents when all this was going on? Weren’t they monitoring their kid’s online activities? Didn’t the parents care what their child was doing online?” Etc., etc.?

If these parents had had one of these spyware programs, maybe they would have nipped their kids’ problems in the bud and prevented tragedy. But don’t let these cases fool you: Parents make up a large percentage of spyware customers.

Critics of spyware won’t back down, including legislators, and maybe that’s why some companies are requiring customers to identify themselves as parents or employers in order to use their applications. This sounds more like defensive TOS, since anyone can claim they’re a parent or workplace supervisor without having to prove it. What’s a company really going to do…send out a private investigator to see if the new user really DOES have a teenager?

Now that you know more about spyware, how can you prevent someone from bugging your phone or computer? Keep your devices locked. Never leave your phone where someone can get to it.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Why install a Home Security System?

/in /by

Question: No. 1 reason people get a home security system?

3HAnswer: Recently burglarized; The majority of the people I hear from who want to install a home security system were recently burglarized. It often takes adversity or even tragedy for us to wake up to the realities of a harsh world.

Of course, even for people who’ve never been victims of a robbery, prevention of a burglary or home invasion is a top reason people get home security systems.

Home burglary is a very common crime. But deterring burglars isn’t the only reason you may want to consider having a home security system installed. Today’s technology means that a home security system can do so much more than blast a piercing alarm if someone breaks into your house or flash lights if someone creeps up your driveway.

Remote monitoring; For example, a home security system that’s part of an application for your smartphone can enable you to observe the exterior and interior of your house remotely. You can see what the dog is doing, for example, while you’re away; does he bark nonstop?

You can observe your older kid babysitting the younger one; is he really the bully that the younger one claims he is?

Notifications; You can also be notified, while you’re away, that your kids have arrived home from school.

Remote controls; And with today’s options, you can control things in your house remotely, such as the thermostat and lighting.

Peace of mind; Having a home security system installed will give you peace of mind.

Additional layers of protection; The system should include accessories that are not part of the actual system or smartphone application, such as a film you can put on your windows that prevents penetration or breaking, and there are ways to reinforce your doorframe and jamb.

Insurance discount; Finally, most insurance companies will reward you for having a home security system, giving discounts up to 20 percent.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Very effective Social Engineering Scams

/in /by

It’s amazing how ingenious cybercriminals are, but the victims also need to take some responsibility for falling for these ruses, especially when the victim is a business that has failed to train its employees in cybersecurity measures.

10DRansomware

The stuff of science fiction is here: Who would have ever thought there’d ever be a such thing as criminals remotely stealing someone’s personal information (word processing files, any kind of image, etc.), scrambling it up via encryption, then demanding ransom in exchange for the remote “key” to “unlock” the encryption?

Payment is remotely by Bitcoin which can’t be traced. The payment is usually at least $500 and escalates the longer the victim waits.

The virus that poisons a computer to steal someone’s files is called ransomware, a type of malicious software (in this case, “Cryptolocker” and “CryptoDefense”). But how does this virus get into your computer in the first place?

It’s called social engineering: tricking users into allowing their computer to be infected, or duping them into revealing personal information.

Often, a phishing e-mail is used: It has an attention-getting subject line that entices the user to open it. The message contains a link. They click the link, and a virus is downloaded. Or, the link takes them to a site which then downloads the virus.

These e-mails, sometimes designed to look like they’re from the company the user works for, often go to workplace computers where employees get tricked. These kinds of attacks are lucrative to their instigators.

Funeral Fraud

If you wanted to notify a relative or friend that a mutually dear person has left this earth…would you send an e-mail or phone that person? Seems to me that heavy news like this would warrant a phone call and voice interaction.

So if you ever receive an e-mail from a funeral home indicating that a dear one to you has passed, and to click a link to the funeral home to learn details about the burial ceremony…consider this a scam.

Because if you click the funeral site link, you’ll either get redirected to the crook’s server because he’s already created an infected funeral looking site ahead of time. This is where a virus will be downloaded to your computer.

Vishing Credit Card Scam

You get a phone call. An automated voice identifies itself as your credit card company (they’ll say “credit card company” rather than the specific name). It then says something like, “We are investigating what appears to be a fraudulent charge on your card.”

They’ll ask if you made a particular purchase lately, then to hit 1 for yes and 2 for no. If you hit no, you’re told to enter your credit card number, three-digit security code and expiration date. You just fed a thief all he (or she) needs in order to go on an online or on-phone spending spree.

Ever order something via phone and all you had to give up was the credit card number, expiration date and security code? This trick is also aimed at employees. The calls come from an automated machine that generates thousands of these calls.

Healthcare Record Scam

You receive an e-mail that appears to be from your employer or healthcare provider that you get through work. This may come to you on your home computer or the one you use at work. The e-mail is an announcement of some enticing change in your healthcare plan.

The message may reference something personal about you such as marital status, income or number of dependents. When enough of these e-mails are pumped out with automated software, the personal situation of many recipients will square off with those identified in the e-mail, such as income and number of children. The user is then lured into clicking a link in the e-mail, and once that click is made…malware is released.

Facebook Company Group Scam

Scammers will scan Facebook and LinkedIn seeking out employees of a particular company and create a group. This groups purpose is for information gathering so scammers can penetrate a company’s facility or website. Once all the groups member join, the scammers will pose various innocuous questions and start palatable discussions that make everyone feel comfortable.

Over time scammers will direct these discussions to leak bits of data that allow criminals to enter a facility under a stolen identity or to contact specific employees who have advanced access to computer systems in an attempt to get usernames and passwords.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

This is what Passport Security looks like

/in /by

Sixty different materials go into the printing of a U.S. passport. That little booklet of a thing contains up to 30 pieces of security—and you can’t see most of them. And good luck trying to get details on these security features.

PPThe author of an article on gizmodo.com points out that he tried to get specifics from Homeland Security, but that the “forensic lab’s experts couldn’t discuss the security.” The author then sought answers from passport and forgery experts.

Holograms

When you see or hear the word “hologram,” what do you think of? Passports use holographic technology. The gizmodo.com article mentions that the biodata page of a passport probably has a see-through hologram.

It’s possible to almost forge a hologram. One way is to press metal onto it, then use the metal as a die cast to create more holograms. There’s also a device that stamps out holograms, but these days they’re difficult to get ahold of. Usually, holograms come with other security features that make forging difficult, such as special inks.

The drawback to more complex security with the passport is that some of the features can be missed in the inspection process because there are so many to remember. This creates a margin through which fake ones can pass inspection.

Ink

The gizmodo.com article talks about how the ink’s composition, and elements of the paper are part of the security. What can be done with ink to distinguish an authentic passport from a forged one? Some inks dissolve when they’re tinkered with. Some change color when cooled or heated. Some contain a design that’s visible only under UV light.

The paper, too, may contain unique fibers such as fluorescent ones. There are many other secrets that a forger could never know (though this article is obviously revealing some of them, but even then, this doesn’t mean the forger would necessarily be able to figure out how to duplicate these features).

Text one-seventh the width of a red blood cell

“Nanoprinting” is used for the passport: Text may be as small as one micron. Talk about a tiny font size. The best forgers can’t touch this. Another way to foil a forgery attempt is to deliberately create an anomaly in the text, such as a slightly raised letter.

The gizmodo.com article says that the most troublesome part of a passport to duplicate is the font. From a macroperspective, the typeface may seem easy to duplicate, but there are hidden, deliberate features visible only under a microscope. A forger won’t be able to replicate microscopic intentional ink bleeds.

Your passport will have an electronic chip in the upper left-hand corner that contains your data, including photo. The article explains that a security researcher, showed how he could clone such a chip.

Nevertheless, when all is said and done, passport forgery exists and forgers do get away with it. And as mentioned previously, there are so many security features to look for, that inspectors can’t all remember every single one, and the very one(s) they skip may also be the ones that would show a forgery. The technology needed to duplicate a passport is sold online.

At any rate, for the most part, your passport is an extremely secure instrument. Its security technology is ever-evolving. By and large, you can use your passport with peace of mind. Hold onto it tightly. Don’t let it out of your sight. When you don’t need it make sure it’s in a safe place that you won’t forget about.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

How the Internet of Things is further killing Privacy

/in /by

Privacy used to mean changing clothes behind a partition. Nowadays, say “privacy” and people are likely to think in terms of cyberspace. Stay connected, and you risk losing your privacy.

2PEven if you’re not connected, don’t even own a computer or smartphone, information about you can still be out there on the Internet, such as a listing for your address and phone number or a way for someone to get it with a small fee if you live in owner-occupied property.

An article on wired.com points out that the Internet of Things (IoT) is a privacy killer. But it’s also more than that. The evolution of technology forces us to redefine how we perceive our lives, says the article. Even an invention as primitive as the steam engine caused a rethinking among people. But whereas the steam engine was a slap, the IoT is a sledgehammer.

And the Internet of Things is only just beginning. Wired.com notes that the combination of the World Wide Web, big data, social identity, the cloud and more are all poised to erupt into something huge, and it won’t give us time to prepare.

The IoT will infiltrate the tiniest and most remote pockets of the planet, inescapable, impacting all who have a pulse, literally. It’s not like the steam engine in which, soon after its invention, many people were afraid to ride the train because they believed that God did not intend for humans to travel so fast, and thus, these folks easily avoided boarding the train.

We won’t be able to avoid the IoT. It won’t be a station we walk up to and then decide we don’t want to get on. We will be, as wired.com says, living inside the Internet. We’re too addicted to technology not to. Kids can’t imagine living without their smartphones. When their grandparents were kids, the only thing they felt needy for was an umbrella on a rainy day. You don’t miss what you can’t conceive of.

With the IoT slowly dissolving us, like a snake swallowing a giant rat and slowly dissolving it (certainly you’ve seen those unsightly images—you know what I’m talking about), our privacy will be dissolved along with us.

Strangers already can figure out what things we like to shop for without ever communicating to us. Your health habits, eating habits, dating habits…all the data that makes you YOU is continuously being shagged by Big Data. “Privacy” may one day become one of those words, like “oil lamp,” that’s no longer in use because by then, it will be such a far-removed concept.

Imagine living in a house made entirely of see-through structures, so that no matter where you are in it, people on the outside can see what you’re doing. There’s no brick, no aluminum, drywall or wood—just all some transparent material. That’s the Internet of Things.

Ways to shield your privacy:

Use a browser that has an “incognito” mode or privacy plug-in.

Use a VPN to mask your IP address and encrypt your data. Knowledge of where you’ve visited can be used against you by insurance companies and lawyers, to say the least; you just never know what can happen when something out there knows your every online move.

Turn of GPS location for photos. iPhone and other devices saves the location where you took the shots, which is no secret once you post the photos on FB, Twitter, Instagram, etc. Shutting down location based apps will help here too.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.