Fact Sheet 18a:
Online Privacy FAQ
Send to Printer
Privacy Rights Clearinghouse
This FAQ is an addendum to our Fact Sheet 18 on Internet privacy.
www.privacyrights.org/fs/fs18-cyb.htm It provides answers to questions that we are often asked by individuals who contact us concerning online privacy and safety.
- I have found my name and personal information on the Internet at sites like ZabaSearch and Intelius. I am worried about identity theft. How can I get my information removed from all of these sites?
- What can I do if one of my online accounts been hijacked?
- What information does geotagging reveal?
- I get a lot of e-mails from banks and credit card companies asking me to verify my information. I do not even have accounts with some of these companies. What is going on?
- Someone is pretending to be me on Facebook or another social networking Internet site and is saying hurtful things. What can I do? How can I make this stop?
- What can I do to protect my computer from spyware, viruses and hackers?
- Are wireless networks safe?
- I have heard about programs that allow you to anonymously surf the Internet. How do they work?
- What are the risks of peer-to-peer (P2P) file-sharing?
- Someone is saying offensive things about me on the Internet. When I type my name into an Internet search engine, my name comes up connected to porn sites. How can I get this information removed?
- I am interested in a job that I saw posted on the Internet. They gave me the job requirements and duties that I would be doing if hired, but one of the requirements said that I had to open a bank account to receive my salaries and to issue out payroll to clients or to transfer funds. I want to work at home for this company but need to make sure they are legitimate.
- I keep getting e-mail messages from foreign countries telling me about the death of a person and asking me to pretend that I am next of kin so that I would receive a large sum of money. Where should I report these e-mails?
- Is there a law prohibiting the posting of vital statistics (such as date of birth, place of birth, place of death) of living or deceased people on genealogy Web sites?
- How can I ensure my files are stored securely?
- What is “Google Hacking” and what can be done about it?
- How can I be sure that a file or email is completely deleted from my computer?
- Does the law requires that a Web site remove your information, profile, old resume, or pictures if you make a written request?
- Will unsubscribing from spam e-mails will reduce the amount of spam you receive?
- What is encryption?
- What are privacy policies and Web seals?
- Are cybercafes, airports, libraries and other publicly-available Internet terminals safe?
- Is WiFi and other wireless access more dangerous than other types of connections?
- Is there a way to enhance the privacy of my e-mail?
- How can I make sure I have a good password?
- Is it safe to post my resume online?
- What is an anonymous remailer?
1. I have found my name and personal information on the Internet at sites like ZabaSearch and Intelius. I am worried about identity theft. How can I get my information removed from all of these sites?
There is no one simple way to have your information entirely removed from all of the information broker sites. Most of the personal information found on these sites is compiled from publicly available sources, such as the White Pages and from the public records of government agencies.
Once your personal information has been recorded in public records, there is no effective way to permanently or completely remove it (for example, birth certificate, marriage license, home ownership documents, court records, and in some states voter registration, etc.).
Our Fact Sheet about public records explains how and why all these companies can (and do) access your information: www.privacyrights.org/fs/fs11-pub.htm. Read more about information brokers at
Even if you request removal from the information brokers' sites, they regularly refresh their data and it will reappear when they purchase the next batch of public records.
We encourage you to contact your elected officials and also the Federal Trade Commission (FTC) to complain about these practices of having your personal information available online, and the fact that you have little or no control. You can go to the FTC Web site at www.ftc.gov, and click on the "complaint" box at the top of the page.
As part of the request for removal, the information broker Web site may ask you for personal information to “verify” your identity. Do not give them information that they do not already have, especially your Social Security number.
It's always a good idea to include an actual printout of the entries you are asking to be deleted from. Be sure to follow-up by checking the site after a few weeks to be sure the information has been removed.
Your online webmail or social networking account can be hijacked (taken over by an unauthorized individual) in a variety of ways. If one of your accounts becomes hijacked, you may be locked out of access to your own account. That’s because the unauthorized user is likely to change your password. They may then use your account to send spam, impersonate you, or otherwise commit unlawful activities.
If the unauthorized user has not changed your password, the solution is simple-just change your password to one that the impersonator will not know. However, if someone has taken over your account entirely and changed your password, it can be difficult to recover. Generally, there is no phone number that you can call to correct the problem.
Normally, you will need to prove that the account is yours before a provider will restore your access. This process will vary depending upon the particular site that has been hijacked. These are the account recovery pages for several popular sites:
Geotagging is the process of adding geographical identification data to various media such as photos and videos. You may be exposing this information without even knowing it. Geotags may automatically be embedded in photos and videos taken with GPS-equipped digital cameras or phones. Geotags may add GPS coordinates to your media. They can provide the latitude and longitude where the photo or video is taken, thus identifying the precise location. Because the geotag is not visible to the casual viewer, many people may not realize that the photo or video provides locational data. Individuals could be compromising their privacy (as well as the privacy of others) when geotagged photos and videos are posted online. For example, when a friend takes your photograph at your home, he may not be aware that he is revealing the location of your house.
You can prevent geotags from appearing online by doing one of three things: (1) disabling geotagging on your photo sharing site, (2) disabling the geotagging function in your camera or Smartphone, or (3) editing the exchangeable image file format (exif) file of your photos or other media. These are described briefly below.
(1) Online photo publishing websites like Flickr let you turn off geotag information for your pictures, but many users may not be aware of this. Other sites take steps to remove geotags when media are posted online. You will need to check the default settings of your particular photo sharing site to determine whether geotags are turned on or off by default.
(2) It's possible to turn it off the geotagging function on your GPS-equipped device, but not always easy to do so. You can disable the geotag function in your Smartphone by following the instructions at http://gcn.com/Articles/2012/12/10/How-to-disable-smart-phone-geotagging-feature.aspx?p=1
(3) Exchangeable image file format (exif) is a specification for the file format used by digital cameras. The file appends information about your location (using GPS coordinates) to your picture. You can also use free software to edit the location data in the exif file before you upload your pictures. For free exif editing software options see http://www.komando.com/columns/index.aspx?id=2229&page=3 and scroll to “Edit EXIF data in photos”.
E-mail messages that pose as legitimate companies and request personal information are known as “phishing” e-mails. Often, these e-mails ask recipients to update their credit card information or their account will be promptly terminated. Or the message offers a service to protect their credit cards from possible fraud. The fraudsters are hoping to get your Social Security number or bank account number. With either of these numbers the thief may be able to steal money from your existing accounts or open new accounts in your name.
You need to be very cautious when dealing with these messages. Here are some tips to protect your sensitive personal information and prevent identity theft.
- Legitimate companies will not send you unsolicited e-mails asking for passwords, PINs, account numbers, or Social Security numbers.
- Don't trust e-mail headers, which can be forged easily. It may say “Citibank” and it may look like Citibank’s logo, for example, but it is not Citibank.
- Don’t fill out forms in such e-mail messages. You can't be sure where the data will be sent, and the information can make several stops along the way to the recipient.
- If you click on a Web site link in an e-mail message from a company, be aware that scam artists are making forgeries of company sites that look like the real thing. Do not disclose your personal information at these fake Web sites.
Mail Frontier has developed a Phishing IQ Test to see how good you are at recognizing phishing e-mails from legitimate e-mail requests for personal information at www.sonicwall.com/phishing/. The Anti-Phishing Working Group also has a lot of good information at: http://www.antiphishing.org/.
The answer will depend on the specific site. Most sites will remove inappropriate material, but often the harasser will re-post the information. Look for the section on the site that explains what you can do about harassment. Such sites usually have an “abuse” department that you can e-mail.
For example, Facebook will remove content that violates Facebook's Statement of Rights and Responsibilities. Types of content that are prohibited from Facebook include nudity or other sexually explicit content, hate speech, excessive violence, or illegal drug use. The best way to flag abusive content on Facebook is to use the "Report" links that appear near the content itself. You can also report abuse through http://www.facebook.com/help/contact.php?show_form=report_tos_violation. When a report is submitted, Facebook investigates and makes a determination as to whether or not the content should remain on the site.
If a harasser is threatening or sexually explicit you should report the activity to the police.
There are many tips and suggestions. Unfortunately there is no one easy solution. We have tried to cover most of the major areas of concern in our Fact Sheet 36, Securing Your Computer to Maintain Your Privacy.
Wireless networks are significantly safer if they are secured. Wireless networks have spawned a new pastime among hobbyists and corporate spies called war-driving. The data voyeur drives around a neighborhood or office district using a laptop and free software to locate unsecured wireless networks in the vicinity, usually within 100 yards of the source. The laptop captures the data that is transmitted to and from the network's computers and printers. The data could include anything from one's household finances to business secrets.
Wireless network units are equipped with many security options, but the typical automated installation process disables these features to simplify the installation. Not only can data be stolen, altered, or destroyed, but programs and even extra computers can be added to the unsecured network without your knowledge. This risk is highest in densely populated neighborhoods and office building complexes.
Home networks should be secured with a minimum of WPA encryption. WEP encryption has become an easy target for hackers.
There are many guides available that explain securing your network. To ensure that your system is secure, review your user's manuals and web resources for information on security. Three useful guides can be found on the web at www.practicallynetworked.com/support/wireless_secure.htm, http://spotlight.getnetwise.org/wireless/wifitips/ and http://csrc.nist.gov/publications/nistpubs/800-48-rev1/SP800-48r1.pdf.
Read more in our Fact Sheet 36 at https://www.privacyrights.org/fs/fs36-securing-computer-privacy.htm#wifi.
There are several services that mask your identity by acting as an agent to transfer data between your computer and Internet Web sites. The Electronic Privacy Information Center (EPIC) offers a guide to companies that offer these services, available at www.epic.org/privacy/tools.html .
Tor, sponsored by the Electronic Frontier Foundation, helps anonymize your Web traffic by bouncing it between volunteer servers. It masks the origins and makes it easier to evade filters, such as those installed by schools or government officials. Because of the extra stops the data makes, the search process can be slower.
There are other browsing services that offer anonymity, including Anonymizer. It offers both a free version and one with more features that it sells. Reports indicate that the free browser is slow. However, it seems the demand for such services are strong and innovations are likely to continue. Anonymizer is available at www.anonymizer.com.
If you are concerned with hiding your browsing history, you can use a free program such as The Cloak (www.the-cloak.com). According to its Web site The Cloak sits between your computer and any Web sites you visit. It prevents the Web sites you visit from finding out who you are. And it can use the standard SSL protocol to encrypt all communication from your browser, so that no one (except for The Cloak) knows where you are surfing. However this program does not work with Web sites that require you to login, such as a bank or Web-based mail site.
Peer-to-peer (P2P) file-sharing allows users to share files online through an informal network of computers running the same software. Whether it is music, games, or software, file-sharing can give people access to a wealth of information. Every day, millions of computer users share files online. To share files through a P2P network, you download special software that connects your computer to other computers running the same software. Millions of users could be connected to each other through this software at one time. The software often is free.
File-sharing can have a number of risks. For example, when you are connected to file-sharing programs, you may unknowingly allow others to copy private files – even giving access to entire folders and subfolders – you never intended to share. You may download material that is protected by copyright laws and find yourself mired in legal issues. You may download a virus, malware, spyware, or facilitate a data security breach. Or you may unwittingly download pornography labeled as something else. For these reasons, we recommend extreme caution when using P2P file sharing. For more information on P2P, see http://www.onguardonline.gov/articles/0016-p2p-file-sharing-risks.
First, do a "WhoIs" search on the domain names containing the objectionable material. You can do a search at: www.whois.com. The search should give you the contact information for the domain's Internet Service Provider (ISP) (unless there is fraudulent contact information, for which you will need to contact "WhoIs" directly).
For example, to find out how to contact the PRC (if we did not provide the information on our Web site) you would:
- Go to www.whois.com .
- Type in the PRC’s domain name “privacyrights.org” into the search box.
- Click on the WhoIs Lookup button at the bottom of the Web page.
The resulting information shows our address and phone number.
Many ISPs have standardized guidelines in place to deal with fraudulently registered or maintained sites, and all it takes is telling them the domain name. At any rate, you will have to work with the people providing the bandwidth and space for the site, rather than the creators of the site. Unfortunately, unless you are able to get law enforcement involved, the likelihood of you identifying the creators of the objectionable sites is slim.
11. I am interested in a job that I saw posted on the Internet. They gave me the job requirements and duties that I would be doing if hired, but one of the requirements said that I had to open a bank account to receive my salaries and to issue out payroll to clients or to transfer funds. I want to work at home for this company but need to make sure they are legitimate.
Unfortunately, if something seems too good to be true, it probably is. In this case, we would discourage you from pursuing this job since it could very well involve money laundering, which is illegal and could get you into serious trouble with various government authorities. There are a number of "red flags" in this advertisement.
Here are links to some of our Fact Sheets and other resources to learn more about these types of scams that try to lure honest people:
- Fact Sheet 25(a) - avoiding online job scams: www.privacyrights.org/fs/fs25a-JobSeekerPriv2.htm
- Fact Sheet 25 - online job seekers guide: www.privacyrights.org/fs/fs25-JobSeekerPriv.htm
12. I keep getting e-mail messages from foreign countries telling me about the death of a prominent person and asking me to pretend that I am next of kin so that I would receive a large sum of money. Where should I report these e-mails?
Unfortunately, these messages have become extremely common. Sometimes consumers who fall for them do end up losing their entire life savings.
If you receive an offer via e-mail from someone claiming to need your help getting money out of Nigeria — or any other country, for that matter — forward it to the Federal Trade Commission at email@example.com Also report it to the Internet Fraud Complaint Center of the FBI through their Web site: www.ic3.gov/ .
If you have lost money to one of these schemes, call your local Secret Service field office. Local field offices are listed in your telephone directory in the blue pages. For a useful guide on this fraud scheme and many more, visit www.lookstoogoodtobetrue.com/fraudtypes/419.aspx .
No. Most of this information comes from birth and death certificates, which are public documents. We have more information about public records in our Fact Sheet 11 www.privacyrights.org/fs/fs11-pub.htm .
Unless the record is sealed or made confidential when it is created (not always an option), it will be useable in its entirety for genealogy research and for sale on the Internet.
The availability of this information is another example of why it is never a good idea to use your mother’s maiden name for a password.
USB flash drives -- also called thumb drives, jump drives, or memory sticks -- have become a popular and convenient means of storing and transferring data. Because of the large amount of data that can be stored on such a small device, you need to take precautions to ensure that the data cannot be used if the USB drive is lost or stolen. Many USB drives come with software allowing you to encrypt your files.
At a minimum, take advantage of password protection on all of your software. The process varies depending on what operating system you are using. For better protection, use encryption for sensitive files. Read more about encryption at https://www.privacyrights.org/fs/fs36-securing-computer-privacy.htm#safely.
“Google hacking” is the term used when a hacker tries to find exploitable targets and sensitive data in Web sites by using search engines. The practice relies on employing a carefully crafted combination of search terms to unveil potentially confidential files in a Web site. In other words, a hacker can create a search in Google that will identify Web sites with vulnerable servers. There are commercial Web site vulnerability scanners that can be utilized to find such weaknesses in your Web site.
Neither deleting files nor reformatting your hard drive will eradicate data permanently. Deleting a file or e-mail merely opens up space on your computer to store more information. Until that space is written over, your file can still be recovered. To ensure that your data is removed, you must remove or scramble the data itself, with a wiping or erasing utility. These utilities will overwrite every sector of the hard drive with binary ones and zeros. There are software programs available that will write over the empty space until the file is actually deleted. PC users can download the free Darik's Boot and Nuke or Heidi Eraser programs. If you use a Mac, you simply need to choose “secure empty trash” from the Finder menu.
Remember that just because you have deleted files from your computer that does not mean third parties who have handled your files have deleted them from their storage.
If you want to safely dispose of your computer, be sure to read Safely Disposing of Your Computer.
Not necessarily. Often a link to unsubscribe in a spam e-mail is a means for the sender to know that the e-mail reached an actual recipient. You should just delete the spam. You can find tips on how to reduce unsolicited e-mail messages at www.spamcop.net. The PRC's Fact Sheet 20 provides a list of additional Web sites that provide spam-fighting tips, www.privacyrights.org/fs/fs20-spam.htm.
Encryption is a method of scrambling an e-mail message or file so that it is gibberish to anyone who does not know how to unscramble it. The privacy advantage of encryption is that anything encrypted is virtually inaccessible to anyone other than the designated recipient. Thus, private information may be encrypted and then transmitted, stored, or distributed without fear that it will be read by others. Strong encryption programs such as PGP (Pretty Good Privacy) are available online. PC World offers a free download at www.pcworld.com/downloads/file/fid,3178;order,1;page,1;c,All%20Downloads/description.html.
Read more about encryption at https://www.privacyrights.org/fs/fs36-securing-computer-privacy.htm#safely.
The Federal Trade Commission urges commercial Web site operators to spell out their information-collection practices in privacy policies posted on their Web sites. Most commercial Web sites now post policies about their information-collection practices.
Look for a privacy "seal of approval," such as TRUSTe (www.truste.org), on the first page of the Web site. TRUSTe participants agree to post their privacy policies and submit to audits of their privacy practices in order to display the logo.
21. Are cybercafes, airports, libraries and other publicly-available Internet terminals safe?
For some things. We advise that you do not use public terminals to access your bank account, check your credit card statement, pay bills, shop, or access any other personally or financially sensitive information. Publicly available Internet terminals are not likely to be closely supervised to ensure online privacy and security. In addition, they are used by many individuals every day.
Ask the company that operates the public terminal how often they check their computers for spyware. Find out if they have installed a program that deletes cookies, erases surfing history, removes temporary files, and clears Internet caches. If the program does not automatically activate when users logoff, find out how you can run the program before you end your session. (Cache is a file on the computer’s hard drive used by the browser to store Web pages you have visited, documents you have retrieved, and graphics from sites you’ve recently visited. When you use the BACK feature, or any other means to revisit a document or Web site, the browser first checks to see if it is in cache and will retrieve it from there because it is much faster than retrieving it from the server.)
Coffee shops, libraries, bookstores and many universities offer free WiFi (wireless fidelity) or wireless connections to the Internet. Although using these free signals is appealing, please remember that unless you’ve created it yourself, you cannot be sure of the security on a wireless connection.
Hackers in public places can steal passwords and other sensitive information transferred over public Wi-Fi hotspots. One prominent computer expert advises against doing any sensitive tasks, like banking or stock trading, while using public WiFi. http://mailbox.allthingsd.com/20101229/wi-fi-hotspot-safety-and-mac-viruses/
We suggest you be extremely cautious when accessing the Internet wirelessly. Getnetwise.org offers some great tips on using wireless Internet safely, at http://spotlight.getnetwise.org/wireless/wifitips/public.php.
Read more in our Fact Sheet 36 at https://www.privacyrights.org/fs/fs36-securing-computer-privacy.htm#wifi.
Yes. Hushmail, MailVault and S-Mail are some of the companies that offer free e-mail accounts. The catch is that both the recipient and sender have to use one of the services in order to decrypt the messages.
If you use an e-mail program, such as Outlook or Mozilla Thunderbird, you can add on a program that encrypts your e-mail. However, public use of encryption software is far from widespread, potentially making it difficult to use.
Create passwords with nonsensical combinations of upper and lower case letters, numbers and symbols, for example tY8%uX. Do not use the same or variations of the same password for different applications.
One way to create a password that is easier to remember is to use the first or last letters in a favorite line of poetry. Intermingle these letters with numbers and punctuation marks. "Mary had a little lamb" becomes m*ha2ll or y!dae5b.
Or create a story that gives you the clues you need to remember the password. One privacy advocate we know uses the first letter of the names of all the pets she’s had in chronological order, and intersperses numbers and symbols in between the letters with some letters in caps and some in lower case.
Microsoft recommends that virtually “uncrackable” passwords have at least 14 characters and use upper and lower case letters plus numbers and symbols.
Change your password often. Don't let others watch you log in. Don't print your password on a post-it note and attach it to your video monitor. If you must write down or record your password, take steps to secure or disguise the information.
There are services and software packages that will help you keep track of your passwords. Most are free and are worth considering. Two of these are:
- Password Manager Plus
For more tips on creating a strong password, read our Alert: 10 Rules for Creating a Hacker-Resistant Password: http://www.privacyrights.org/ar/alertstrongpasswords.htm
March 2010 Symantec study showed that many people fail to change their
passwords, or otherwise fail to use proper password precautions. Ten
percent of people used a pet's name as a password. Seven percent wrote
their passwords on a Post-it note or list near their computer. http://www.symantec.com/connect/blogs/living-passwords
Yes, with precautions. You should omit personal information, such as your SSN, physical address, and phone number from your online resume. You should consider creating a separate e-mail account for your job search. The World Privacy Forum offers tips on how to post a resume safely, available at www.worldprivacyforum.org/resumedatabaseprivacytips.html.
If for any reason you need to safeguard your identity, for example if you are a victim of stalking, don't create an online resume. In these situations, ask the system operator of your ISP to remove you from its online directory.
Anonymous remailers are intermediaries that receive e-mail, strip off all identifying information, then forward the mail to the appropriate address. E-mails can still be vulnerable if the server through which they are sent is corrupted by a virus or other malware.
Be aware that most anonymous remailers are only designed to protect the privacy of your e-mail address. So if you send someone your address or Social Security number in the body of the e-mail, that information would not be anonymous. Also some files you might attach, such as a Word document, may have had identifying information embedded in the file during the save process.
Anonymous remailers can offer some protection, but do not offer complete e-mail anonymity. You should not rely solely on such services for your protection.
A search on the term “anonymous remailer” will produce several useful links, including Andre Bacard’s FAQ at www.andrebacard.com/remail.html.
Browse Privacy Topics
Background Checks & Workplace
Banking & Finance
Credit & Credit Reports
Harassment & Stalking
Identity Theft & Data Breaches
Online Privacy & Technology
Privacy When You Shop
Public Records & Info Brokers
Social Security Numbers
Who We Are
We are a nationally recognized consumer education and advocacy nonprofit dedicated to protecting the privacy of American consumers.