How safe are you from your ISP?

For you Apple users, now might be a good time to change the login credentials to your iPhone or iCloud accounts.  Whether it ultimately proves true or not, the evidence so far leans towards the conclusion that the hacking collective known as the Turkish Crime Family was able to collect a number of Apple accounts (they claim over 600 million), which they now threaten to wipe clean if the company doesn’t comply with their demands.

Curiously, despite independent confirmations of the data the group has made available as proof, Apple firmly maintains that its customers aren’t at risk.  This confidence seems to be primarily based on the fact that Apple’s systems themselves have not been breached, and that any legitimate cache of data must have been acquired through compromised third-party networks.  Well, that’s exactly what the TCF says happened, confirming the credentials were stolen from multiple databases like these over the past five years.  The tech giant, however, has yet to outright confirm the data is authentic, so we still can’t say for sure.

Regardless, it’s just good practice to change your usernames and passwords every once in a while.  This is true whatever the outcome of this particular situation.  But customers and businesses alike need to exercise caution, even as government agencies currently seem to operate clumsily towards different purposes.

On one hand, you have New Mexico becoming the 48th state to enact data breach notification laws, adding their own piece to the long-lasting patchwork of standards that act in lieu of a national one.  While such unification on this subject would be optimal, it’s nice to see at least we’ve almost got all 50 states on board in their own way.  Only South Dakota and Alabama remain.  Mostly, New Mexico’s legislation is consistent with the other states’, almost as if the states themselves desire the notification cohesion that has long eluded them.

On the other hand, you have Congress and the FCC trying to sabotage parts of consumer privacy rights.  Under the new management of Chairman Ajit Pai, the agency, as promised, is debating repealing last year’s new rules governing how Internet Service Providers handle their customers’ personal information.  These rules provided strict guidelines and definitions of what qualified as personal information, as well as requiring ISPs to obtain customer consent before using or sharing.  Naturally, telecoms don’t like that, arguing that Google and Facebook aren’t subject to such stringent measures, but conveniently ignoring the fact that sites like Google don’t see all of your Internet activity, and you can always choose a different site if you don’t wish them to share your data.

So, after making enough noise, your ISP privacy might be significantly reduced.  Bills from Congress, meanwhile, seek to eliminate the privacy rules in full.

Sadly, it looks like hackers aren’t your only concern when it comes to compromising your data security.  Given this situation, it’s more important than ever for people to be extra vigilant: to use different credentials, reset them from time to time, know who has access to your data, and, of course, monitor your accounts.


By: Jonathan Weicher, post on March 24, 2017
Originally published at: http://www.netlib.com
Copyright: NetLib