fbpx

Category Archives: Uncategorized

Protecting Data Privacy in a Public Social Media World

As the world increases its reliance on digital technology, Americans have significant concerns over how private companies collect and use their data. According to Pew Research, 81% of Americans feel the risks of private companies collecting their data outweigh the benefits.

An estimated 16 billion records have been exposed since 2019. Personal data is more vulnerable than ever.

At Echo Analytics Group, a Quiet Professionals company, our team provides vital education on these issues along with solutions that mitigate potential risks and vulnerabilities.

Web Scraping and Data Breaches

On January 6, 2021, following the rallies, demonstrations, and riots on Capitol Hill, @donk_enby, an activist on Twitter, scraped 50 terabytes of Publicly Available Information (PAI) off Parler, an alternative social media platform. The activist provided the information, including location metadata, to law enforcement agencies.  The action, while invasive of others’ privacy, was not illegal, as the information was publicly available. Parler, then a brand-new social media platform, did not have the proper security protocols in place to prevent the scraping of its site, and the data of all its users was put at risk.

Even Facebook, the world’s biggest social media platform, is not immune from breeches of privacy.  In April 2021, 533 million Facebook users had their private information leaked on a hacking forum. The information included dates of birth, Facebook IDs, phone numbers, and locations. The data was from 2019; the breech only became known to the public when posted to an amateur hacking forum and made public by several news sites. Data breaches on social media sites remain a common occurrence.

Data Brokers

Further, most Americans are likely unaware of just how much of their private information is available online. Data broker websites scour social media sites and public records to build profiles with peoples’ Personally Identifiable Information (PII). PII information on data broker websites generally includes a person’s first and last name, current address, phone numbers, emails, and possible relatives/associates. An individual or group with malicious intent could use the information on a data broker website to target them further.

Location Services 

Protecting privacy online requires continued awareness and education. A report from the NSA, “Limiting Location Data Exposure,” warns about the way many phone apps ask for your location when they do not need it. As the article says, “Apps, even when installed using the approved app store, may collect, aggregate, and transmit information that exposes a user’s location. Many apps request permission for location and other resources required for the function of the app. Users with location concerns should be cautious about sharing information on social media.”

According to Statista, in 2021, 233 million Americans access their social media accounts from their mobile device, which means that their locations and other private information may be tracked every time they use those platforms. Moreover, two-thirds of people are comfortable allowing apps to auto-their location.

Major tech companies are beginning to release features to prevent breaches of privacy from phone apps. In June 2021, Apple announced iOS 15, which will be available this fall. iOS 15 will include a dashboard that allows users to see which apps access their location, contacts, photos/videos, and microphone. The new feature would tell Apple users how often the apps are accessing that information.

At Echo Analytics Group, we empower our clients with critical information to mitigate digital risk. Our training and consultation illuminate their vulnerabilities and techniques to leave them less exposed in the online space.

Targeting Predators and Teachings Parents About Online Safety 

In 2020 alone, the National Center for Missing and Exploited Children saw a 97% increase in online enticement of children. Many online predators use apps that children frequent. However, many law enforcement departments in Utah and Florida say that the following apps can pose risks to children:

  • MeetMe
  • WhatsApp
  • Bumble
  • Live.Me
  • Grindr
  • TikTok
  • SnapChat
  • Holla
  • Calculator+
  • Skout
  • Badoo
  • Kik
  • Whisper
  • Hot or Not

All of this is terrifying information, but it is possible to fight back.

While PAI can be misused by malicious actors, it can also be used to find them and hold them accountable.

EAG works with our partners to help target internet predators/human traffickers. Additionally, to better equip parents with the right tools to alleviate risk online, EAG offers a Protecting Kids Online Safety Course.

For interested parents, EAG is giving out 50 free passes to the Protecting Kids Online Safety Course. This course teaches parents about the exposure their children face and how to protect them from online predators. To sign up, follow the hyperlink and enter coupon code “protectourkids.” (This course is an excellent value even if you miss the free deal.)

For any other inquiries regarding your digital safety or privacy, please see our website at https://www.echoanalyticsgroup.com.

Echo Analytics Group’s OSINT Intern Jocelyn Anderson Welcomed to the Team 

Congratulations to OSINT intern Jocelyn Anderson, who recently completed her internship with Echo Analytics Group—and is being hired as a full-time Junior OSINT Analyst!  

Ms. Anderson came to us via the Seton Hall School of Diplomacy and International Relations, where she specialized in International Security and Conflict Management, participating in the National Security Fellowship there.  

She was recommended for our internship program by Professor in Practice Mohamad Mirghahari, M.A., who has expertise in working with counterterrorism initiatives and other security fields, both within and outside the DoD, including support of Special Operations Forces at USSOCOM at MacDill AFB in Tampa Florida. 

Ms. Anderson has been working on multiple projects, but her favorite is assisting in creating daily threat assessment briefings. Of her time as an intern with Echo Analytics Group, she says that interns are set up to succeed, to learn everything they can, and to follow their passions within the OSINT field. She recommends EAG internships for students who want to learn a lot of new skills within a short time that are useful for both school and work.   

(In fact she says that she has done OSINT research for her other class assignments!)  

We all thank Ms. Anderson for her hard work, eagerness to learn, and self-starting attitude! Welcome to the team! 

 To learn more about working with Echo Analytics Group, check out our Careers page.

How do websites track you and your online activity

How do Websites Track You?

Several approaches are usually employed to obtaining data from users. Nevertheless, the new age of data gathering comes with its own challenges as data forgery and tampering are becoming rampant. In a bid to protect any data sent online, Digital Signatures with the ability to confirm the legitimacy of a document or software are used. In the content below, we explore digital management by defining online tracking and discussing how websites track you and your website activity.

What is Online Tracking?

Online tracking is, in essence, the gathering of useful data about users and their actions online. The most beneficial use or purpose of tracking user activity is to gain relevant insight into their behavior, needs, and preferences.  For websites, these data obtained come in handy for powerful optimization tools needed to aid user experience, commerce, customization, profiling, and targeted marketing as well as statistical resolutions.

Introduction to Digital Signature Management

Digital Signature is a form of signature which entails the use of a mathematical algorithm or pin in signing and validating a document or software authenticity. Digital Signature comes as an alternative to pen and paper in the online world. The Digital Signature Management ensures all data sent digitally from a selected source gets to the receiver in its original format.

How Do Websites Track You and Others’ Website Activity?

Generally, most users do not clearly know when or what method of tracking is employed and also the exact purpose the data would be used for. Well, there are several approaches how websites track you and your activities online. The dominant methods employed by most websites in tracking user activities include:

  • Browser Foot Printing
  • Cookies And Tracking Scripts
  • HTTP Referrer
  • IP Addresses
  • Super Cookies
  • User-Agents

Browser Foot Printing

Browser Foot Printing is dependent on the uniqueness of the user’s preferred browser. This method offers a highly accurate approach towards the identification and tracking of user activity every time they choose to be online.  From the browsers, websites can identify a user browser version, installed fonts, installed plug-ins, language, operating system, screen resolution, time zone, and other data even with no explicit permission provided.

If a user disables cookies completely, your browser becomes unique to the data shared. The data shared may be considered small, but there is only a tiny percentage in finding another user with similar browser information.

Cookies and Tracking Scripts

Cookies are possibly the most popular and common approach for websites in tracking user activities. Cookies are small text files saved on a user device for a specific time frame after visiting a website. The contents of cookies can comprise of log-in data or details useful in improving or optimizing user experience. Some sites make cookies necessary to enhance user access to its essential functions. But cookies, alongside these benefits, also identify users and track website activities as well.

Third-party or tracking cookies are sometimes considered problematic as they save user browsing history over more extended periods. These cookie types are often engaged by advertisers who track user activities over several websites to create a profile based on browsing behaviors. Although a large number of these tracking cookies are invisible, some visible tracking cookies include the embedded Twitter feeds. Some websites provide the possibility of disabling cookie tracking through their site, but this may limit some site features. Nevertheless, users can restrict the activities of cookies by disabling them from the browser’s privacy settings or browse in incognito mode.

IP Addresses (Internet Protocol Address)

The Internet Protocol address is a unique number used in identifying a computer connected to the internet. The IP address is amongst the basic identification options for users on the internet, as it can be used to determine approximated location, say a user’s area or city.

Notably, this address can change with time and is not the most dependable, but data provided alongside other website tracking approaches can combine to deliver a user location. A known approach to hiding IP address is through the use of a VPN (Virtual Private Network) software, which encrypts and protects your internet traffic.

HTTP Referrer

The digital marketing process involves engaging the right audience, and a known approach is finding out where a similar audience found their website and how well to engage them better. When a user visits a website, the HTTP referrer detects and recognizes the previous webpage address used in linking the new webpage.

The HTTP referrer serves as a referrer header, which passes the data to the website you are presently viewing. The data are usually relevant for promotional or statistical needs. Similar to other methods, users who wish to not have their data shared can turn it off as well.

Super Cookies

Super Cookies are tracking cookies intended to be saved permanently on the user’s PC. With similarities in function to regular cookies, super cookies are not easy to detect and take away. Super Cookies save cookie data in several locations, and once the website notices the user deleted a part of it, the deleted data is restored from new places.

Super Cookies are not easily identified when added from a browsing session, and there is no easy removal process as well. Super Cookies permit third parties tracking, and advisable protection is through VPN or visiting only websites using HTTPS (SSL or TLS certification).

User-Agents

A final way in which websites can track you and your online activity is through user agents. They are a line of text that provides your browser and operating system information to the web server. Each browser features its own exclusive user agent, and they send these details to every website a user visits.

The web server engages the received data to optimize its web pages to suit each browser and operating system. For instance, a website mobile version is usually made available for mobile browsers. The user agent is also used in gathering statistics for browser market-share.

In Conclusion

Data in the digital age are enormously valuable and can serve several purposes. For privacy and other individual reasons, understanding your digital footprint or signature and how website tracks user activity may be considered relevant. The multiple approaches used in tracking users are continuously evolving and gaining more innovative insights. While tracking may not be required for some website, data collection is becoming a norm, and user understanding of the processes is vital.

Want to Learn More?

Echo Analytics Group is a full-service intelligence firm providing services, products, training, and technology to both public and private sector businesses.  Echo Analytics Group has trained thousands of intelligence professionals in-person and online.  We also deliver world-class products and services to a host of businesses across the globe.  To learn more about Echo Analytics Group please contact us @ info@echoanalyticsgroup.com.  To sign up for a course, check out Echo Academy here: https://echoacademy.thinkific.com/collections

Child Abuse and Open Source Intelligence (OSINT) Landscape

Child Abuse and Open Source Intelligence (OSINT) Landscape

Europol’s Child Abuse Image Geo-Located In Ukraine using OSINT: A Forgotten Story Hidden Behind A Landscape

The following report contains a reference to a child modeling studio producing child sexual abuse material in 2001. All names related to the studio are fictitious. The original source did not contain any explicit material. All the images accessed and used during the investigation were already censored, but for the avoidance of doubt, it must be noted that the researchers did not obtain, look or download any explicit content.

The original source was shared with Europol before the publication of this report and cannot be revealed for the protection of the victims and as to not impede the investigations. Although the main objective of the article is to show the method by which an image listed by Europol was geo-located, Bellingcat has decided to publish some details found in the investigation to create awareness of the subject and to support Europol’s #StopChildAbuse campaign.

(more…)