Category Archives: Lawyers

HOW TO LIVE A DOUBLE LIFE ONLINE WITHOUT GET CAUGHT

Simone Smith,

Contributor Digital Identity Researcher

How to Lead a Double Life Online and Not Get Caught

Simone Smith

Updated Sep 30, 2013 The Internet allows us to form new identities and express controversial ideas without fear of personal reprisal. It allows us to explore interests that would be misunderstood by friends and family and discuss experiences that may damage our career.

There are many reasons to want to create a pseudonymous identity online. You may have undergone a traumatic experience you don’t feel comfortable talking about in public. You may be the head of a stuffy art museum, but love writing Doctor Who fan-fiction. You may want to write a scandalous tell-all blog. Or you may be a rabid democrat living in an extremely-conservative small town. You may just find it liberating to be freed from the biases society holds against your offline life or background.

How to Browse Without Being Tracked
There are many ways your online identity is tracked. For example, websites use cookies to track your activity and record your IP address. To prevent a covert online identity from being associated with your offline identity, you will need to change both your online habits and the tools you use to browse the web.

The first step is to begin using Tor. Tor is a free browser that obscures your IP address by using onion proxy software that provides multi-layer encryption. While not tied to you, personally, your IP address is associated with your individual computer, hence a skilled individual may use your IP address to discover your offline identity. This is why it is important to not rely on services like Chrome’s incognito mode to attempt to live your double life online; while it will prevent websites from storing things on your computer, it will not hide your IP address.

To download the Tor Browser Bundle, which includes everything you need to browse the net anonymously, visit Tor’s website and follow their instructions (also read up on using Tor properly- there are some things you can do using Tor that might still reveal your identity if you are not careful). You should use Tor Browser for all of your secret online activities. It may run a bit slower (as your interactions with other sites are bounced through at least three relays), but it is better to be safe and slow than speedy and sorry.

Use Tor for regular activities as well. This mitigates risk associated with others noticing your browser choice. When questioned about Tor, simply say you use Tor Browser because of concerns about privacy, which have been exacerbated because of this year’s revelations about the NSA.

How to Lay the Foundation of Your Double Life
Most online accounts require an email address. It should go without saying that you should not be using your personal email address when doing anything related to your pseudonymous identity. Instead, you should create a separate email that has no connection to your normal identity and is only used in connection to your covert activities.

I recommend using a free service such as Hushmail, Gmail, or Riseup.net to create this account rather than Yahoo or Hotmail, as the latter options include the IP address of the computer used to send a particular message. While this matters less when you are using Tor, you may still find yourself in a situation in which you need to check that account without the browser’s protection, hence more secretive email providers are better.

Tips on Developing Sound and Secretive Habits
With Tor Browser and a designated email account, you are free to live out your double life- so long as you do so carefully.

Never ever use a work computer for secretive activities. I don’t care how encrypted your work communications are. Company-owned computers are not to be trusted. Keylogging software, which will make all of your careful precautions amount to nothing, is only one of many potential complications.

Avoid using mobile devices. They can be lost. They can be stolen. Strangers (or worse yet, friends, family, and colleagues) can more easily look over your shoulder or snatch your device out of your hands. If you must conduct some of your double life through a mobile device, make sure it is password protected, only use it in private spaces, and bolster it with additional privacy protections, which, for the sake of brevity, I recommend you find independently.

If your double life involves posting content (e.g. blog posts about your secret ventures as an undercover nun), schedule your posts (many blogging platforms offer this functionality) so that they are published at random intervals that cannot be associated with a specific time zone or lifestyle. Do not tag photos, posts, or tweets with your location.

Important Identifying Information to Hide
Obvious information that might be used to determine who you are (eg. your name or the names of people in your life, your personal email address, identifying photos. etc.) is but a small factor to consider. Most secret identities are discovered by those who use more subtle hints to piece together your personal puzzle.

Don’t give away hints by even letting your pseudonym resemble your real name. If your name is John Doe, your online handle should be entirely different, like Shane Kugel (and not J.D. or Shawn Moe). Be extremely careful about mentioning employers in a manner that would enable the casual viewer to narrow your real employer down to a couple of candidates (e.g. “I work for a pet grooming salon in San Francisco, California”). Also be mindful with regard to any habits, sayings, or possessions you might mention (e.g. a storm trooper figurine kept at your desk) that could be identified by those who know you in real life.

If you maintain a website, make your WHOIS information private. If you do not, everything from your name to your email, phone number, and address may show up in WHOIS queries (just search for your friends’ domains to get an idea of the information that might be revealed). Subscribe to The Morning Email. Wake up to the day’s most important news.

Should you be involved in commerce, opt for trades whenever possible. Gift cards might be a convenient form of currency, so long as you keep the value of transactions below $500. Generally speaking, money is difficult to keep anonymous online- even when Bitcoin is used.

The Importance Leaving No Trace
Whenever you finish a session of secretive internet activity, your computer should be devoid of damning information. While it helps that you are using Tor, it is also important that you delete any files from your computer related to your pseudonymous identity (e.g. drafts of blog posts, photos, etc.) before you get up and walk away.

You never know who might poke around your desktop when you aren’t looking, and you would be surprised by how many friends and family members know the passwords to their loved ones’ machines.

Good Luck!
This brief guide is an introduction, not a comprehensive playbook. Its recommended tactics will help you avoid major mistakes and may accommodate “harmless” double lives, but if you are involved in some serious whistle blowing activity, fighting against a totalitarian government, or are threatening to take down a beloved member of 4Chan, you’re playing an entirely different ballgame.

CAN AN OPEN RELATIONSHIP REALLY WORK?

Relationship Advice, Relationship Problems, Relationships, Sexuality

By Psych Alive

open relationship

Research tells us that about 4 to 5 percent of heterosexual couples have agreed to have an open relationship. In other words, they’ve given their consent to not be monogamous. That may seem like a relatively small and, given the stigma surrounding open relationships, unsurprising number. Yet, take this into consideration. The latest data from the National Opinion Research Center’s General Social Survey revealed that more than 20 percent of married men and nearly 15 percent of married women admit to infidelity, a number that’s risen almost 40 percent for women in the past 20 years. Remember, these are only admitted affairs. Some studies even posit that between 30 and 60 percent of married individuals in the United States will engage in adultery at some point in their marriage. So, while only 4 to 5 percent of men and women are choosing to be open about their extramarital relations, somewhere between 15 and 60 percent are opting for a less consensual form of infidelity.

What does this tell us about our society? One, a pretty significant percentage of the population is clearly drawn to non-monogamous relationships, yet a much smaller percent is willing to call it like it is. For the people who choose to engage in affairs, is it more honorable to come to an agreement with their partner or to sneak around and deceive? Can an open relationship actually work? How can two people, alone in their romantic union, find common ground on this society tricky and taboo subject?

For any relationship to work, there are certain fundamental qualities to be aware of. In an open relationship, in which a couple chooses not to hide or to allow infidelity, it is all the more important to encourage honest communication and healthy ways of handling emotions like jealousy, victimization or a desire to control. Whether you’re interested in a monogamous or open relationship, here are some of the elements you’ll want to avoid if you want to keep things close, consistent and exciting between you and your partner.

Dishonesty – According to psychologist and co-author of Sex and Love in Intimate Relationships, Lisa Firestone, “When it comes to their intimate relationships, couples can make any decision they want about monogamy, as long as this decision is mutually agreed upon by both partners… Many couples have made exceptions to sexual fidelity or are taking alternative approaches to their sexual freedom. Yet, no matter what the agreement is, there is one fundamental quality that, if compromised, can destroy a relationship: honesty.”

There is often considerable devastation when an affair is discovered, and it seems the lying aspect of the scenario has a lot to do with the pain that ensues. In her blog, “What’s Wrong with Infidelity?” Dr. Firestone went on to cite research that has shown unfaithful individuals are less likely to practice safe sex than people in open relationships. This act of deception thus poses both a physical and emotional threat to their partner. “Whatever their decision is regarding monogamy, if two people want their relationship to stay strong, they must strive to be open and truthful and to ensure their actions always match their words,” said Dr. Firestone. To paraphrase, an open relationship without honesty is a recipe for disaster. Any deception is likely to lead to the same feelings of hurt and distrust that arise in unexpected discoveries of infidelity.

We may not be able to control our attractions, but we can control how we behave. Even if these attractions escalate into a real interest, we can make a commitment to talk to our partner about our feelings before we act on them. In this sense, being open with our partner and encouraging them to be open with us will inspire an atmosphere of honesty that may help us to better deal with feelings of jealousy or paranoia.

Jealousy – Jealousy is a natural human emotion. Yet, the way we use it can be very destructive. “Lurking behind the paranoia toward our partners or the criticisms toward a perceived third-party threat, are often critical thoughts toward ourselves,” said Firestone. She describes how a person’s “critical inner voice” can flood his or her mind with harmful suspicions and accusations that fuel feelings of jealousy. She frequently finds that what people are telling themselves about what’s going on with their partner is often a lot worse than what is actually going on. For example, a person may think, “She is totally checking out that guy. She’s losing interest in me. She’s going to have an affair. You should just get out before she hurts you.”

Your inner critic will also use your partner’s perceived attractions against you. “Thoughts like, “What does he see in her?” can quickly turn into “She is so much prettier/thinner/more successful than me,” said Dr. Firestone. “Even when our worst fears materialize and we learn of a partner’s affair, we frequently react by directing anger at ourselves for being “foolish, unlovable, ruined or unwanted.”

These shaming attitudes toward ourselves and our partner can breed an environment of distrust. If a healthy relationship must be built on honesty and trust, then jealousy has to be kept in check. The first way to do this is to own our emotions and deal with our inner critic rather than allowing it to poison our relationship. We should work hard to be vulnerable and open to our partner, to offer them our trust and support of their independence and individuality. This doesn’t mean we have to agree to an open relationship. It just means working on having open communication and trying not to allow our inner critic to overtake us and drive our behavior.

Whether or not we attempt to impose restrictions on our partner, we live in a world full of risks. We can never claim ownership over another human being or their sexuality, nor can they own ours. There is always a chance he or she will develop feelings for someone else. The best thing we can do is feel secure and strong in ourselves and know that we can handle a lot more than we think can.

Fear – When people think of the fears that arise in a relationship, they usually think of their fear of losing their partner. However, there is an underlying fear of intimacy that has an insidious effect on people being able to pursue a relationship to the fullest of their ability. They find it difficult to let things get too close or to tolerate loving feelings directed toward them. What makes this even more complicated is the fact that this fear can sit below the surface, so it isn’t entirely conscious. Instead of thinking, “I’m too scared of being in love to be in this relationship,” we will have thoughts like, “He is just way too into me. I can’t make this kind of commitment right now. One of us will just wind up getting hurt.” As things get closer in a relationship, we may have the tendency to pull away from someone who is actually giving us what we always thought we wanted.

It is very common to have these reactions to intimacy, yet so many people feel they’re alone in this. We often fail to recognize these feelings as fears and instead assume that they are rational reasons to split up with our partner, take a break or find someone else. The trouble is the same issues are likely to arise in any relationship we find, because these fears reside within us. Until we deal with them in ourselves, they’re likely to creep up at some point in our relationship.

If you’re interested in an open relationship, you may want to ask yourself certain questions, like “Am I simply interested in sexual freedom or am I pulling away from closeness with my current partner?” “Is there something missing from my current relationship that I’m not dealing with?”

No matter what type of relationship you’re in, to be close to anyone, you’ll have to get to know and challenge your own resistance and fears. These fears often come from old feelings of hurt, rejection or loss. They may be keeping you from finding and maintaining the love you say you want. They may even be blocking your feelings of wanting love in the first place, filling your head with thoughts like, “Relationships are stupid and unnatural. People just wind up miserable, putting each other in chains.” Be wary of these cynical thoughts toward love, because they often mask much deeper fears.

Whatever a couple decides to do, whether insisting on monogamy or making certain exceptions, that is for them alone to decide. What matters is that once they’ve decided and agreed upon the terms of their relationship, they must stand by these decisions. In doing so, they offer their partner and themselves a certain degree of trust, freedom and respect as the separate individuals they are. When two people recognize each other’s individuality, they’re able to avoid falling into a “fantasy bond,” an illusion of connection that replaces real love and sabotages exciting relationships. They’re able to maintain their attractions to each other and to keep the spark alive, so to speak.

To avoid a fantasy bond and other traps that doom any relationship, all couples should strive to be honest with each other, to deal with their jealous feelings in healthy ways and to challenge their deeply rooted fears of intimacy. By making this their focus, they are far better able to sustain richer, more rewarding relationships. From this foundation, they are much better equipped to have open, honest and mature discussions about attractions and monogamy and are much less likely to engage in deception and secret infidelity.

THE VERY BEST ENCRYPTED MESSAGING APPS

If you’d rather not have the government, hackers, your internet service provider, or anyone else potentially intercepting and reading your private communications, you should make sure you’re using a secure messaging app. Specifically, one that uses encrypted messaging.

As you’ve probably noticed (unless you live under a rock, which is slowly sounding more and more like the way to go) internet privacy has become one of the hottest topics of the decade. In 2017, the United States Congress repealed regulations that would help protect your data from being sold by broadband and wireless companies. In 2016, the UK’s Parliament passed the Investigatory Power Act (also known as the Snooper’s Charter), which expands the surveillance power of the UK Intelligence Community and police. And in 2018, Australia forced famous messaging app WhatsApp to include spyware so they could see what you’re typing. Not to mention what’s going on in the news right now concerning privacy. If you aren’t already worried, now is a pretty good time to start wondering just how safe your online communications actually are, and what the most secure messaging app is.

What makes a messaging app secure?

An encrypted messaging app has something more important than cool widgets and a gigantic library of emojis: it has features that work quietly in the background to make sure the app is secure.

End-to-end encryption

The main thing to check for when choosing a messaging app is whether or not it uses end-to-end encryption. End-to-end encryption means your private chat messages are scrambled, and only the sender and the receiver of the messages have the “keys” to read them. This ensures that no one besides you and the person you’re talking to can decipher the messages.

Ironically, encryption used to be thought of as something only used by the paranoid or those with a compelling need for secrecy, such as political dissidents. It was only after whistleblower Edward Snowden leaked classified documents revealing the U.S. NSA’s global surveillance program that the world began to fully understand the importance of encryption and online privacy. Since then, many companies (including Facebook, Apple, and Google) have ramped up encryption on their software.

Default encryption settings

Just because an app offers end-to-end encryption, doesn’t mean that it’s the default setting. Some messaging apps require you to go into the app’s settings and actually turn on the encryption feature, while others only encrypt messages in certain scenarios (for instance, blue iMessages versus green text messages). Because the importance of encryption is still relatively new, many people may just assume the app is safe without knowing if or when their messages are encrypted — so look for one that has encryption on as the default for you and whomever you’re messaging.

Open source code

While fears of reverse-engineering or code backdoors may make it seem counterintuitive for an app maker to reveal an app’s source code, doing so is now widely regarded as an indicator of the app’s integrity. Open source code opens the app up to outside accountability and auditing by experts, which can be a useful way to bring attention to any weaknesses or vulnerabilities in the code.

Data collection

While many messaging apps today have started using end-to-end encryption, some still collect data information about you, called metadata. Metadata is kind of like your electronic fingerprint, and includes data such as who you talk to (via your contacts list), for how long, and at what time, as well as information about the device you use, your IP address, phone number, and more. Setting up a VPN app on your mobile device is an easy way to block the collection of this kind of personal information. Both AVG Secure VPN for Android and AVG Secure VPN for iOS are available to help you seamlessly protect your online privacy.

Try AVG Secure VPN for Android

What are the most secure messaging apps for Android & iPhone?

1. Signal

additional-image-signal-620x300

Originally known as TextSecure Private Messenger, Signal has been touted as the gold standard of messaging security by cryptographer Bruce Schneier, Edward Snowden, US congress, and even the European Commission. Available as a free messaging app on iPhone and Android phones, as well as desktops, Signal sends messages across its own data infrastructure.

Signal security features

  • End-to-end encryption
    Messages sent via the Signal app can only be viewed by the sender and receiver. Not even the company behind the app, Open Whisper Systems, can decrypt the messages. In addition to instant messages, you can also make voice calls, group messages, and encrypted video calls.
  • Open Source
    Signal has open source code that can be viewed by anyone. This kind of transparency allows for routine auditing and helps ensure that the app’s security is always up to date.
  • Disappearing messages
    For extra security, Signal allows you to make both sent and received messages “disappear” after a certain amount of time has elapsed.
  • Minimal data storageUnlike many other messaging apps, Signal only stores the metadata required for the app to work, such as your phone number, random keys, and profile information.
  • Password security The app also allows you to set a password to lock it. So even if your phone falls into the wrong hands, your messages will still be protected.

Signal security risks 

The best thing about Signal is that there are virtually no security risks. As long as the app’s developers continue to be diligent about fixing vulnerabilities, Signal will remain at the top of the messaging app food chain.

2. Wickr Me

additional-image-wickr-620x300

Available on both iPhone and Android, Wickr has distinguished itself from the pack by offering secure messaging options for both personal use (Wickr Me) and for businesses and enterprises (Wickr Pro). While Wickr Me is free, Wickr Pro is a paid service that comes with a 30-day free trial.

Wickr Me security features 

  • End-to-end encryption
    In addition to encrypted messaging, in 2018 Wickr announced that its “Me” service will also offer encrypted calling and voice messaging (which are already offered in the Pro version).
  • Screenshot detection
    Wickr recently announced that they will be offering a new feature that allows users to detect screenshots. This means that you will receive a notification if someone takes a screenshot of a message you send.
  • Screen overlay protection
    On Android devices, Wickr has released a new feature that allows users to disable “Screen Overlays”. This prevents users from being able to interact with the app when an overlay is detected, and helps protect the app from TapJacking.
  • Third party keyboards
    On iOS, Wickr lets you block Third Party Keyboards. This helps protect your information by preventing third party keyboards from recording usernames, passwords, and other information that is typed into the app.
  • Secure Shredder
    This feature adds an extra layer of security by making sure your already deleted files can’t be recovered with special tools or technology. While Wickr does this for you periodically, you also have the option to manually erase information from your phone.

Wickr Me security risks 

Like Signal, Wickr is generally considered almost foolproof from a security standpoint. Though it was previously criticized for keeping its code closed source, in 2017 Wickr finally released its cryptographic protocol on Github. If you feel like getting technical about the app’s security, you can check out Wickr’s Customer Security Promises.

3. Dust

Dust

Formerly known as Cyber Dust, Mark Cuban’s brainchild messaging app Dust is available on both iOS and Android. The main purpose of the app is to send private messages (or photos and videos) called “Dusts” to your contacts that “turn to dust” and disappear within 100 seconds of being read. “Blasts” are another type of message that can be sent to a group of people, but are read privately. Finally, you can start group chats, simply known as “Groups.”

Dust security features

  • End-to-end encryption
    Dust uses “heavy encryption,” although the code is not actually available for viewing. You can send encrypted text, photo, or video messages, but the app does not allow for voice or video calls.
  • No permanent storage
    Not only are your messages not permanently saved on your phone or the company’s servers (instead they’re sent to the app’s RAM memory until they are accessed by the receiver), you can also erase your messages off of other people’s devices.
  • Screenshot alerts
    If a screenshot is attempted on an Android phone, the name of the person who sent the message is removed, effectively eliminating context from the conversation. Apple prevents apps from blocking screenshots, so instead, iPhone users receive a notification if someone takes a screenshot of their sent message.
  • Auto “Dust”
    Messages are automatically erased either within 24 hours, or as soon as they’re read. You can choose.

Dust security risks

There are currently no significant security risks associated with Dust, aside from the potential risks and lack of transparency related to the app’s code not being open source.

4. WhatsApp

additional-image-whatsapp-620x300

With over 300 million daily users, WhatsApp is one of the most popular messaging apps being used today. The app’s popularity is definitely one of its strong points, along with the fact that it’s available for free on both iPhone and Android and doesn’t show any ads. You can easily send text messages, photos, as well as short video and voice messages. But are WhatsApp chats private?

WhatsApp security features

  • End-to-end encryption 
    In April 2016, WhatsApp implemented a super secure encryption protocol developed by Open Whisper Systems (the company behind secure messaging app Signal) across all mobile platforms. Thanks to this protocol, only the sender and receiver have the keys to decrypt messages sent via WhatsApp, meaning they can’t be accessed and read by anyone else. Voice and video calls are also encrypted.
  • Verify encryption 
    WhatsApp also has a “Verify Security Code” screen in the contact info screen that allows you to confirm that your calls and messages are end-to-end encrypted. The code is presented as both a QR code and a 60-digit number.
  • Two-step verification 
    An optional feature, two-step verification allows you to add more security to your account by setting a PIN number that is required to verify your phone number on any device.
  • Messages not stored
    The only time your message is kept on a WhatsApp server is the period after you send it and before it is delivered to the receiver. If it can’t be delivered for some reason, then the message is deleted from the server after 30 days.

WhatsApp Security risks

  • Unencrypted backups
    WhatsApp messages can’t be intercepted during transmission, but what about message backups on iCloud or Google Drive? The good news for iPhone users is that WhatsApp added encryption protection to iCloud backups in late 2016. But Android phone messages backed up on Google Drive are not encrypted, leaving them potentially vulnerable to hackers, governments that could legally force Google to turn over your messages, or even Google itself. So how can you protect your privacy on WhatsApp as an Android user? Fortunately, you can disable WhatsApp message backups on Google Drive.
  • Facebook privacy issues
    WhatsApp was bought by Facebook in 2014, transferring concerns about the social media conglomerate’s reputation for invasive data collection to the messaging app. While Facebook assures users that there is no possible way for them to view encrypted WhatsApp messages, WhatsApp did announce that they would be sharing user metadata with Facebook, for various purposes such as ad-targeting.

5. Telegram

additional-image-telegram-620x300

Claiming over 200 million users on both iPhone and Android, Telegram has been steadily growing in popularity since its debut in 2013 and is known for its unique group chat feature that can support up to 100,000 members. Earlier in 2018, however, a clash with the Russian government over the app makers’ refusal to hand over the encryption keys resulted in it being banned in Russia entirely. Telegram has also been viewed as controversial because of its status as the preferred messaging app of ISIS. This has further driven the conversation about what responsibility messaging apps have to work with law-enforcement versus keeping user data fully protected.

Telegram security features

  • End-to-end encryption 
    Telegram offers a feature called “Secret Chat” that allows you to protect your messages with end-to-end encryption. However, the feature is not default, so you’ll need to know how to turn it on.
  • Passcode Lock
    You can set a 4-digit code to prevent intruders from accessing your messages, which can be useful if your phone gets lost or stolen.
  • Two-step verification 
    Found in Settings, two-step verification requires you to use both an SMS code and a password (be sure you know what not to do when creating a password) to log in to the app. You can also set up a recovery email address in case you forget your password).
  • Open source code
    Anyone can check Telegram’s source code, protocol, and API to make sure it is up to par.
  • Telegram Cracking Contest
    Telegram challenges “hackers” to attempt to break through their encryption and decipher messages, offering a $300,000 reward for anyone who is able to do so. This helps ensure that any potential vulnerabilities will be found and fixed.
  • Self-destructing messages 
    Like many other messaging apps, Telegram also offers a Self-Destruct Timer (for Secret Chats only) that will delete private text messages and media within a preset time limit.
  • Remote logout 
    Because you can log into Telegram from numerous devices at the same time (web, PC, tablet, smartphone, etc.), the app offers the ability to log out of other sessions from the current device you’re using through the Settings menu. This way, if your device is lost or stolen, you can still make sure your messages are secure.
  • Account self-destruct 
    After your account has been inactive for a certain amount of time (six months being the default), your account will automatically self-destruct, completely wiping clean all of your messages and media.

Telegram security risks

  • End-to-end encryption isn’t default 
    You must manually enable Telegram’s “Secret Chat” feature, otherwise chats are only encrypted between your device and Telegram’s server.
  • Logging chat data
    If you don’t enable the Secret Chat feature, then your chat data is saved on Telegram’s servers. The company claims this is in case you lose your device and want to recover your messages, but from a security standpoint, this is a big no-no.
  • Possibly flawed encryption technology 
    Telegram created its own MTProto protocol, instead of using one that is already proven secure, such as the Signal protocol. Many experts have questioned the reasoning behind this, and have expressed skepticism about the lack of transparency surrounding the protocol.

6. Apple iMessage

additional-image-imessage-620x300

The instant messaging service developed by Apple Inc., iMessage is supported by the Messenger application on iOS version 5.0 and later. Allowing users to send text, documents, videos, photos, contact information, and group messages over the internet, iMessage is very popular among iPhone users (and can only be used between them). We’ve already gone over tips on how to keep your iPhone safe, but is iMessage actually secure?

iMessage security features 

  • End-to-end encryption 
    iMessage end-to-end encryption only protects messages between iPhone users (which appear in blue). If you send a message to an Android user for instance, the message is sent as a normal text message (in green) and is not encrypted. Unlike many of the other apps on this list, it seems like Apple won’t be coming out with iMessage for Android. Though iMessage doesn’t directly allow for video or voice calls, its sister app FaceTime does (with encrypted protection).
  • Self-destructing messages
    Many iMessage users are unaware that the app provides a feature that allows you to control how long each photo, video, or message will appear before it’s gone. You can also choose how many times the viewer can see the message. However, the feature is only available with iOS 10 and later.
  • iMessages deleted from servers
    Your encrypted messages only remain on Apple’s servers for 7 days before they are deleted.

iMessage security risks 

  • Encryption weaknesses
    In 2016, researchers at Johns Hopkins University revealed a flaw with Apple’s encryptionimplementation that could leave iMessages vulnerable to decryption. Later, in 2019, researchers from Project Zero presented 6 high-level exploits that allowed them to use iMessages to take over a user’s device. All these issues were quickly patched, but it does imply the risk of other, unknown vulnerabilities lurking in the code.
  • iCloud backups
    If you back up your iMessages to iCloud, these messages are encrypted on iCloud using a key controlled by the company, not you. This means that, if your iCloud is hacked or subpoenaed by a court, they could be revealed. And while Apple has been firm about not creating “back doors” into their system or weakening encryption, they and other tech companies do have a history of cooperating with authorities when it comes to turning over information stored in the Cloud.

7. Facebook Messenger

additional-image-messenger-620x300

Facebook’s messaging app is available for both iPhone and Android phones, and provides a convenient way to keep up with friends and family thanks to its sheer popularity.

Facebook Messenger security features

  • End-to-end encryption 
    In 2016, Facebook added its Secret Conversations feature to secure messages with the Signal end-to-end encryption protocol (also used by WhatsApp). However, Signal and WhatsApp have end-to-end encryption by default, while Secret Conversations must be activated.
  • Self-destructing messages
    You can set Facebook Messenger messages to self-destruct after a certain period of time (between five seconds and 24 hours).

Facebook Messenger security risks 

  • Encryption not by default
    As mentioned above, end-to-end encryption for messages must be activated by the user. This means that messages sent without this feature are only encrypted when sent to Facebook’s server, and then encrypted again when sent to the recipient (whereas end-to-end is directly between sender and recipient). This means a copy of the message remains on Facebook’s servers.

App to avoid: Google Hangouts

additional-image-hangouts-620x300

Despite being available for free on both iOS and Android, Google Hangouts is riddled with privacy and security concerns. Though it does encrypt hangout conversations, it doesn’t use end-to-end encryption — instead, messages are encrypted “in transit”. This means that they are only encrypted between your device and Google’s servers. Once they are on a server, Google has complete access to them. If ordered to do so, Google can tap into private communication sessions and relay that information to government agencies. And with Google’s Transparency Reportrevealing that the company does indeed receive and often fulfill requests for customer information, this is a very real concern.

Additionally, images sent via Hangouts are shared through public URLs, meaning that virtually anyone (who knows a thing or two about URLs) can view your private images. This is definitely not the app you should be using to send…sensitivepics.

How can I stay safe?

We believe everyone has a right to online privacy, and deserves to message their friends and family without worrying about who might be sneaking a peak. In an ideal world, everyone would be using super secure messaging apps like Signal or Wickr to communicate. But with the popularity of less secure or privacy-questionable apps such as Facebook Messenger and WhatsApp, sometimes the middle ground is more convenient. If you do choose to use a less secure messaging app, pair it with VPN protection. A virtual private network encrypts everything you do online, including messaging as well as other tasks that may expose your sensitive personal info like online shopping and banking. We offer AVG Secure VPN for iOS and AVG Secure VPN for Androidto keep your information safe.

RECOVERING FROM IDENTITY THEFT

What is identity theft?

By Alex Santiago

Identity theft is a serious crime. Identity theft happens when someone uses information about you without your permission. They could use your:

  • name and address
  • credit card or bank account numbers
  • Social Security number
  • phone or utility account numbers
  • medical insurance numbers

How will I know if my identity was stolen?

Here are ways you can tell that someone is using your information:

  • You see withdrawals from your bank account that you cannot explain.
  • You find credit card charges that you didn’t make.
  • The Internal Revenue Service (IRS) says someone used your Social Security number to get a tax refund or a job.
  • You do not get your bills or other mail.
  • You get bills for utilities or medical services you did not use.
  • Debt collectors call you about debts that are not yours.
  • You find strange accounts or charges on your credit report.

What is IdentityTheft.gov?

IdentityTheft.gov is a website that helps you recover from identity theft. You:

  • answer questions about what happened to you
  • put in your name, address, and other information
  • get your Identity Theft Report
  • get a recovery plan created just for you

You also can create an account. The account helps you through the recovery steps and tracks your progress.

What is an Identity Theft Report?

An Identity Theft Report helps you fix your bills and your credit report. Your Identity Theft Report tells your creditors that you should not have to pay for what the identity thief spent.

You get an Identity Theft Report when you report a problem to IdentityTheft.gov. This is your statement about what happened. It lists what accounts are not yours and what charges you did not make.

What is a credit report?

Your credit report is a summary of your credit history. It lists:

  • your name, address, and Social Security number
  • your credit cards
  • your loans
  • how much money you owe
  • if you pay your bills on time or late

Who creates my credit report?

A credit bureau creates your credit report. The credit bureau gathers information about you and your credit history.

There are three main credit bureaus:

  • Equifax
  • Experian
  • Transunion

What is a fraud alert?

A fraud alert tells businesses that they must contact you before they give someone credit in your name. You put a fraud alert on your credit report. A fraud alert makes it hard for someone else to open new accounts in your name.

There are a few kinds of fraud alerts. They are all free:

  • Initial fraud alert – lasts for one year. Use this if you thinksomeone stole your identity.
  • Extended fraud alert – lasts for seven years. Use this if you knowsomeone stole your identity.
  • Active duty alert – lasts up to one year. Use this if you are in the military and deployed.

What do I do when someone steals my identity?

It is very important to act fast.

First, call the companies where you know fraud happened.

  • Explain that someone stole your identity.
  • Ask them to close or freeze your accounts.
  • Then change your password or personal identification number (PIN).

Then visit IdentityTheft.gov or call 1-877-438-4338.

  • Report the crime and get a recovery plan that’s just for you.
  • You can create an account. The account helps you with the recovery steps and tracks your progress.

For Example

Why is it important to act so fast?

If you wait, the identity thief has more time to cheat you. That means there are more problems to fix. Acting fast means there should be fewer problems to fix.

Why should I use IdentityTheft.gov?

IdentityTheft.gov helps you fix problems related to identity theft, like these:

  • mistakes on your credit report
  • accounts that are not yours
  • mistakes on your bills
  • getting extended fraud alerts

IdentityTheft.gov also gives you a recovery plan just for you.

What comes first in my recovery plan?

The first step of your recovery plan is to call the credit bureaus. Ask the credit bureau for an initial fraud alert. It is free and lasts for 90 days. The fraud alert makes it harder for thieves to open accounts in your name.

The next step is to ask all three credit bureaus for a credit report. If someone stole your identity, your credit report is free. Look at your credit report for things you do not recognize.

How do I fix mistakes on my credit report?

Send a letter to the credit bureau to fix mistakes on your credit report. IdentityTheft.gov gives you letters that are filled out with your information. You can print the letter, sign it, and send it to the credit bureau.

How do I fix mistakes on my bills?

You might find mistakes when you read your bills. There might be charges you do not recognize. You can send a letter to the company that has the mistakes. Ask the company to fix those mistakes.

IdentityTheft.gov gives you letters filled out with your information. You can print the letter, sign it, and send it to the company. Use the address the company gives for disputes.

Then change your password and PIN with the company that has the mistakes on your bills.

How do I close an account that is not mine?

Your credit report might list accounts that you did not open. You can send a letter to the business that has the account. Ask them to close the account.

IdentityTheft.gov gives you letters that are filled out with your information. You can print the letter, sign it, and send it to the business. Send a copy of your Identity Theft Report with the letter.

A business might ask you to use a form to close an account. If they do, send that form.

What happens when my initial fraud alert expires?

You can put an extended fraud alert on your credit report. An extended fraud alert is good for seven years.

IdentityTheft.gov helps you place the alert. Contact each credit bureau to ask for an extended fraud alert. You might have to give them a copy of your Identity Theft Report.