Prepare for the inevitable theft of your personal information
In the spirit of “if you can’t beat ‘em, join ‘em,” Microsoft is following the lead of Google, Facebook, and nearly every other web service by going all-in on personal information collection. Woody Leonhard, a Windows expert from way, way back, writes in a January 7, 2016, article in InfoWorld that “Windows 10 has raised Microsoft's tracking to completely new levels -- and Windows 7 and 8.1 are apparently being retrofitted, gradually and largely surreptitiously, to Win10 standards.”
As Woody puts it, the pro-Microsoft contingent claim the data collection isn’t spying, it’s “analytics.” They assure us that the data can’t be tied to any individuals. The critics of Microsoft’s data collection practices voice concern about the threat of the data being stolen in its original state, which would disclose potentially damaging information about us. To my mind, Woody nails it by pointing out the real issue both sides fail to mention: trust.
Woody cites Forbes’ Gordon Kelly, who writes in a January 6, 2016, article that what’s missing is full disclosure:
“Windows 10 is Microsoft's product so it has the right to do whatever it likes with it, but only after a full disclosure to customers of its practices so they can make an informed choice about whether or not they wish to be a part of this data gathering process.”
Why should Microsoft disclose any more (or less) than the champions of personal-data “analytics,” Google and Facebook? Ain’t gonna happen, folks. We have to assume the services we use – online and offline – are collecting, analyzing, reusing, and reselling our personal information wherever and whenever possible. To do otherwise would be a breach of the companies’ fiduciary duty to maximize profits for their shareholders.
Privacy protections may not be worth the effort
In an article from August 3, 2015, Slate’s David Auerbach explains how to reset Windows 10’s default privacy settings to provide more protection from Microsoft’s data gathering. I’m not so sure the changes are worth the time it takes to make them. You can’t be sure some future Windows update won’t reset them to the “share everything” default. More importantly, doing so might give you a false sense of security. We simply don’t know what information Microsoft and other companies are collecting about us, nor what they’re doing with it.
Nor do we know whether they’re protecting the information, which now resides on the companies’ servers. Consider the tremendous increase in the number and severity of data breaches at companies and public agencies of all types and sizes. If you’ve ever been online – and often even if you’ve never used a web service – the chances are much better than even that your personal information has fallen into the hands of cybercriminals.
After-the-fact fraud protection
Unless you’re living off the grid in a self-sustaining community, you are part of the personal-information marketplace. There’s so much data about us floating around the digital universe that we couldn’t account for all of it if we tried, let alone remove or otherwise limit its dissemination. We’re left with after-the-fact protections, such as credit alerts, identity-theft insurance, and other fraud safeguards.
The Federal Trade Commission’s Consumer Information site explains how to request a free fraud alert from one of the three credit-reporting agencies. A request made to one of the agencies will trigger alerts on the other two, according to the FTC. The alert remains active for 90 days, after which it can be renewed for another 90 days. Here are links to the fraud-alert pages for the three credit-reporting agencies:
In a post from 2014, BankTracker’s Simon Zhen describes four ways to monitor your financial accounts: use your bank’s account-alert system; sign up for the Mint personal finance service; use the BillGuard monitoring service; and register with a free credit-monitoring service such as Credit Karma, Credit Sesame, and Quizzle.
For many years I’ve used the American Express Credit Secure service, which costs $15 a month and provides a complete report from all three credit agencies each year, as well as postal mail or email alerts each time someone accesses your credit information or attempts to create a new account, among other features. I also have an umbrella liability insurance policy that covers all costs resulting from the theft of my identity.
Even with these after-the-fact protections you still need to take such precautions as looking for the green lock and “https” at the far left of your browser’s address bar whenever you provide a site with financial or personal information, never clicking links in emails you receive from sources you don’t trust implicitly, and making sure your antivirus and other security software is active and up-to-date.
Here are links to some of my previous security tips:
There’s only so much we can do to protect against the theft and other misuse of our sensitive personal information. Still, it behooves us to take precautions whenever we can, and to be prepared for the day when we become the cybercriminals’ latest victim.