How to use technology to transform your HR processes

Protect yourself from the latest WhatsApp hack

How to stay safe online during Covid 19

‘Twas the day after Christmas when all through the house, Not a creature was stirring, not even a mouse... But the hackers were watching, and listening, and stealing, because of all the brand new internet connected gadgets, toys, and appliances that had been bought for Christmas presents. In this edition of the CyberSafe alert we’ll talk about something that not many people stop and think about amid the excitement of the Christmas holidays, and that’s how much you’re exposing yourself to cyberattacks through the presents you buy for yourself and your loved ones. There are too many ways you can suffer a cyber attack to cover in a CyberSafe alert, so I’ll focus on some of the main ones. If you want to find even more ways to protect yourself online this Christmas you can always read the Cybersafe book . Don’t get your data pocket picked while shopping During this silly shopping season, millions of us are shopping online to fill our loved ones gift sacks. But did you know that at the same time, you are filling the online retailers' sacks full of interesting tidbits of data about you and your spending habits? Let me tell you a little bit about how they may be collecting data on you. As well as the usual data collected from you when you make a purchase on their sites, some retailers are also using tools that can track your browsing histories to see what pages you are visiting. If you visited their competitor, they know about it. This is not necessarily illegal, but how is it possible? Well. millions of people around the world opt-in to (at least so they think) anonymously share their web browsing history. This can be done with seemingly innocent things like browser extensions you’ve installed that note in their terms of service (read the small print) that they may share user data with third-parties. At this point, you may be asking yourself: So, what’s the big deal? Isn’t this how all cookie tracking works? Well, yes and no. Some tools that retailers use can show third-parties all the URL's a user has visited, and some of those URLs can lead to non-password-protected pages a regular user browsing the internet wouldn’t be able to find. These could be things like order confirmation pages, private PDF attachments, and other pages intended for that specific user’s eyes that sometimes aren’t protected by a login screen, but instead, are “blocked” by a set of “tokens” or a series of characters that would be difficult to guess. The use of these tools has already lead to the unintentional sharing of sensitive data, including: Home and business surveillance videos hosted on Nest or other security platforms Information on recently purchased vehicles, including the vehicle identification number, and the name and address of the buyer Sensitive documents posted on Microsoft OneDrive and other cloud-based business platforms, like tax returns, business documents, billing invoices, and presentation slides Patient names, doctors they visited, and other details surrounding their appointment cloud-based patient care platforms Travel itineraries on Priceline, Booking.com, and other airline services Even in cases where the page was password-protected, sometimes the URL and page title gave away enough information to give context into private data. The kinds of protected data exposed included: URLs referencing car dealership subdomains that aren’t reachable by the outside Internet. Sometimes, the URLs or page titles included vehicle identification numbers of specific cars that were experiencing issues—or they discussed vehicle products or features that had not yet been made public Internal URLs for pharmaceutical companies like Amgen, Merck, Pfizer, and Roche; health providers AthenaHealth and Epic Systems; security companies like FireEye, Symantec, Palo Alto Networks, and Trend Micro URLs for JIRA, a project management service provided by Atlassian, that showed Blue Origin (Jeff Bezos’ aerospace manufacturer and sub-orbital spaceflight services company), discussing a competitor and the failure of speed sensors, calibration equipment, and manifolds Advice for SMEs Many companies (one hopes) make an effort to keep their website hacker-free, but the examples above demonstrate a big loophole that may have been previously unknown. So as a small business, here are some things you can do to protect yourself and your customers: Make sure that you are password-protecting any pages that contain any information that you don’t want accessible by the public. This includes order confirmations, attachments, or anything else not intended for general visitors to find If you have password protected pages, ensure that URL path and page titles are just as secure. Even if a link expires after a certain amount of time, it can still leave private data vulnerable Take a look at your website pixels, employee browser extensions, or anything else that could result in unwanted data sharing It’s Child's Play Now that you’ve navigated the jungle of e-commerce and bought your little angel a brand new toy, you should also be aware of the cyber risks that can come with it. If you’ve gone the analogue route, you’re in the clear - woohoo. If you haven’t, and your child's toy can connect to the internet (you’d be surprised at how many can!) then you should take a few precautions to protect you and your child. Now some security experts say the only way to prevent a hack is to not keep the toy. We say bah humbug, it’s Christmas and you don’t want to be scrooge so if you decide to let your kids unwrap play with it, here are some ways to reduce the risks: Research, research, research Before opening a toy (and if you’re buying it yourself, then before you buy the toy), search for it online and read reviews to see if there are any complaints or past security problems. If there have been previous issues, you may want to rethink keeping it. Reputable companies will explain how information is collected from the toy or device, how that data is stored, and who has access to it. Usually that type of information is found on the company’s website under its privacy policy. If you can’t find it, call the company. If there isn’t a policy, that’s a red flag. My advice would be not to use it. You should also be aware that companies can change their privacy policies, so read them again if you’re notified of a change. Use secure Wi-Fi Make sure the Wi-Fi the toy will be connected to is secure and has a hard-to-guess password. if the toy itself allows you to create a password, do it. Don’t settle for the default password as not only can they be easy to guess, but there are plenty of sites like this one - https://proprivacy.com/guides/default-router-login-details - in the public domain that will have details of the default password. Power it off When the toy is not being used, shut it off or unplug it so it stops collecting data. If the toy has a camera, face it toward a wall or cover it with a piece of tape when it’s not being used. Toys with microphones can be thrown in a chest or drawer where it’s harder to hear conversations. Register, but don’t give away info With some toys, you may be asked to register so you can receive software or firmware updates over the web. You absolutely should do this, as a software update may fix security flaws that have been discovered. But, when you do register, keep the information you supply to the bare minimum required. If the registration requires personal information you’d rather not give, such as your child’s birthday, make one up. You’re not under oath! Be vigilant If the toy allows kids to chat with other people playing with the same toy or game, explain to your child that they shouldn’t give out personal information. Reputable companies that make toys with microphones will offer ways for parents to review and delete stored information. Make sure you take advantage of that. Report breaches If a toy was compromised by a hacker, the FBI recommends reporting it online through its internet crime complaint center at IC3.gov . You can also use this site to check on any breaches with your particular toy. Something for the Grown ups It’s not just the kids that need to be wary though. After all, Christmas is for adults as well, and after a few egg nogs too many, you may be feeling a bit frisky. The kids have been put to bed (or maybe you don’t have kids to worry about), and it’s time for the adults to unwrap their presents. Well, the adult industry is never one to be left behind, and they're now playing catchup in the cyber/Internet of Things space as well. Once upon a time, you could rely on your favourite sex toy to be a discreet, standalone pleasure to be enjoyed solely in the privacy of your own home. With the coming stampede of internet connected intimate adult accessories, that privacy is being challenged. Because adult toy manufacturers are coming in relatively late to the online arena, most sex tech devices and associated software are awful from a privacy, and often security, perspective. They collect too much sensitive data, such as who you’re having sex with, and aren’t doing enough to protect it. Lots of them don’t even use basic security to encrypt communications. One adult toymaker recently had to pay a settlement of £3 million, to its customers, after it was revealed the company’s connected vibrator collected sensitive user data, including when they were used, vibration settings, and more, linking it all to user email addresses. On the security side, researchers have revealed connected sex toys are easy to hack, making that data collection all the more problematic. But it’s not only hacked or leaked information that is an issue. A larger one is that if the infrastructure is hacked, then attackers could manipulate partner match ups, and someone else might be controlling devices that you and your partner use! And if your connected adult toy also comes with a camera, well I don’t need to go into detail about that scenario... Are you the watcher or are you being watched? Once you’ve overdosed on festive food and drink, opened your presents and had your Christmas fun, you’re probably going to want to put your feet up in front of the TV. So here’s the thing. Is it your new Smart TV purchase that you’ve made? Have you connected it to the internet? If so, you may want to take a few precautions before you get too comfortable. Like anything that connects to the internet, smart TVs are susceptible to the usual online security vulnerabilities, including hackers. Similar to the adult toys mentioned earlier, because smart TVs are a relatively new concept, manufacturers have not caught up with the levels of digital security as devices such as computers for example. This security flaw could potentially give hackers a gateway into your home. For example, a hacker may not be able to access your (if you’ve been following the advice in Cybersafe) securely locked down computer, but they may be able to find a backdoor through to your router through your unsecured smart TV. Infact there have been documented examples of hackers gaining access to Google Chromecast sticks and streaming random content to unsuspecting viewers. Other jolly japes a hacker might indulge in on your smart TV include cranking the volume up and down, knocking your TV off the Wi-Fi network, quickly changing channels, or forcing your TV to play questionable YouTube content. While hackers are potentially an issue, hacking smart TVs still takes a bit of know-how and is illegal so that dissuades most casual hackers. What is arguably a bigger issue is the perfectly legal (so far) tracking of your data collected by smart TV manufacturers. Smart TVs use a technology known as automated content recognition (ACR) to constantly track what you are watching and then relaying it back to the manufacturer and/or its business partners. ACR helps the TV recommend other shows you might enjoy watching but can also be used to target your families with advertising. The data can also be combined with other aspects of your personal information to help build profiles on your behavior that are sold to other marketers. If you read the Cybersafe alert on doxxing, you’ll recognise this as one of the ways doxxers can get hold of your data. So what are some ways that you can improve the digital security around your smart TV? Well, options include placing black tape over an unused smart TV camera, and following the usual advice in Cybersafe, which is to keep your smart TV up-to-date with the latest patches and fixes, and to read the privacy policy to better understand what your smart TV is capable of. While it may be inconvenient for most users, and possibly negate the main reason for buying a smart TV, the most secure smart TV is one that isn’t connected to the internet at all. I hope this Cybersafe alert hasn’t ruined your Christmas and has instead (as intended) made it a (digitally) safe and secure one instead for you and your loved ones.

There have been a lot of headlines recently about Doxxing (no, not boxing, although there have been a few headlines about that as well). So to enlighten you about what it means and how you may be at risk, In this edition of the CyberSafe alert you’ll find out what doxxing is, and how to avoid falling victim to it. Click HERE to Tweet this So what exactly is doxxing? Doxxing (also written as “doxing”) has been around in the hacker community since the 1990s, but recently it has emerged generally to become a threat to anyone who uses the internet. In the early years of doxxing, hackers would dox a rival out of spite. In these cases, the doxxing focused on identifying the hacker and their misdeeds then turning those details over to the authorities to get them arrested. The term “doxxing” itself comes from a hacker word for “documents.” “Documents” became “docs” and then “dox.” When you “dox” someone, you are documenting their personal information. The important pieces of information you can find out are a person’s social security number, their address, telephone number, email address, social media profile names, place of work, details of relatives, partners and children, and so on. Doxing isn’t usually illegal, though it does violate many sites’ terms of service and may result in a ban. Depending on your jurisdiction, it may also be illegal under laws designed to fight stalking, harassment, threats, etc. How does it work? Doxxing involves researching the details of people’s lives, usually with the purpose of embarrassing the victim, to draw criticism towards them, or to cause them physical harm. Some doxxing attacks lead to a mass campaign of public shaming, or harassment, as seen in Hong Kong during recent protests when police officers accused of brutality were doxxed. Mob attacks launched by doxxers also include prank phone calls, overwhelming amounts of abusive email, network-swamping quantities of text messages and even physical attacks on the individual. The effects can cause people to lose their jobs, their families, their homes, and in some extreme cases, even their lives. Targets of major doxxing attacks have been forced into hiding and have had to delete all of their online accounts and change their identities. In other words, doxxing takes cyberbullying to the next level. Where do doxxers get the information from? Social media profiles that are open to the public are goldmines of data. While a lot of information can be gleaned from social media and other forums that you post to, there are also some public sources of information that doxxers can also get your information from. Listed below are three of the most common ones. 1.Data brokers Many places on the web hold your personal information. Businesses (commonly known as data brokers) profit from storing, collating and in some instances sharing and selling your information. They buy customer lists from other businesses that you would have given your data to. So, for example, if you buy a car, the dealership may put you on a list that they sell to a data broker, unless you have asked them not to. If you fill in a survey about your favorite soap or enter an online competition you may be inadvertently giving the company the right to store and/or sell the information that you put on the form, unless you opt-out. Selling your information is often a way to help pay for the prize that they offer you. Once this information is in the hands of data brokers, although they may not deliberately leak it (it does impact their bottom line after all if it’s available for free!), hackers may target them and steal data in bulk. 2. WHOIS If you run your own website, or you have a website for your business, the registration information that you filled in to get that domain name is made public to all the world through the WHOIS database. 3. IP address Every connection you make on the internet has to carry your internet address on it. This is called an IP address. Doxxers can use an IP logger to trace your online activities and expose your identity by combining it with searches on membership of certain sites. How to protect yourself against doxxing The practice of doxxing is on the increase so you need to be cautious about the information that you make available online. Regular readers of the Cybersafe Alert know that we don’t just provide the alert, but actionable steps to help you protect yourself. This issue is no different, so keep reading to find out what you can do to prevent, or at least make it harder to be doxxed. As with many things on the internet, getting complete protection can be prohibitively expensive and complicated. However, there are ways you can make it much more difficult for you to be doxxed. If you are concerned about doxxing, here are some of the steps you can take to avoid it. Social media The more you write on forums and message boards, the higher your chances become of accidentally revealing personal information about you. If you’ve read the Cybersafe book , you’ll know that there are so many different ways we give away far too much information on social media. Not checking privacy settings, accepting friend requests from anyone just to boost our followers, the list goes on. Suffice to say, some simple advice is to only allow people that you know very well to be your friends on Facebook. Also consider changing your privacy settings so that only friends can see your posts. Avoid posting details about where you work, or where your children go to school. My personal opinion is that you shouldn’t put any identifying information about your kids on social media at all. After all, they haven’t consented to it, and that information will be a permanent record on the internet when they grow up. Although it’s great posting your fun family moments on social media, it is safer to enforce a policy of not posting photos of your children, and ask anyone else who takes pictures of them at events not to post them online. If you absolutely must post, make the photos as anonymous as possible. I.e. no face shots, names, or identifying locations. Protect your internet communications This one’s an easy one to write. If you must use public Wi-Fi, use a VPN! Nuff said, and readers of Cybersafe will be very familiar with the whys and wherefores of this advice. Protect the data on your computer Stop hackers from stealing your personal information by installing anti-malware. There are lots of good packages on the market, and these are just as important as the firewall on your computer. Remove your personal data from your software you install A lot of times we innocently add personal data into the software we use. Sometimes just for convenience. For example in the properties of Microsoft Office products you can include your name on the documents. This means that every document that goes out from you will have your name (and any other information you’ve added) embedded in it. You should also check out the settings your gadgets. Is your personal information stored on your camera, your webcam, your set top box or your gaming consoles? Do you allow your camera to store location and other metadata that could be exposed? Protect your email identity If you need to sign up to websites and are not sure of their privacy policies, or you don’t want to use your usual email address to sign up to them, then you should use a temporary or burner email address. In addition, consider using a secure email service to encrypt your emails. You can find some recommendations and more details in Cybersafe, or on this list of secure online services if you are unsure what to use. Vary usernames and passwords If you have a penchant for visiting ahem..questionable (but legal) sites, you may want to consider using a different user name and also to vary your passwords. That way if one user ID is compromised, it won’t necessarily compromise your entire online presence. Get your information removed online In the EU, you have the right to be forgotten. This legislation particularly relates to search engine results. If you get search engines to delist information on you, doxxers will have a lot more difficulty tracking your data. To do this, You can fill out a form on Google, Bing, or Yahoo to get them to remove search results that relate to you. In the USA, You can get a quick rundown on where hackers can find you at We Leak Info . Similar to the EU, you can also ask Google to remove information about you. In addition, here’s a selection of sites that you can ask to remove your data. BeenVerified: https://www.beenverified.com/faq/opt-out/ CheckPeople: http://www.checkpeople.com/optout FamilyTreeNow: http://www.familytreenow.com/contact Instant Checkmate: https://www.instantcheckmate.com/optout/ Intelius: https://www.intelius.com/optout.php Nuwber: https://nuwber.com/removal/link OneRep: https://onerep.com/optout PeekYou: http://www.peekyou.com/about/contact/optout/index.php PeopleFinders: http://www.peoplefinders.com/manage/ PeopleSmart: https://www.peoplesmart.com/optout-signup Pipl: https://pipl.com/directory/remove/ PrivateEye: http://secure.privateeye.com/help/default.aspx#26 PublicRecords360: http://www.publicrecords360.com/optout.html Radaris: http://radaris.com/page/how-to-remove Spokeo: http://www.spokeo.com/opt_out/new TruthFinder.com: https://www.truthfinder.com/opt-out/ USA People Search: http://www.usa-people-search.com/manage/default.aspx If you don’t have the time or inclination to go through this entire list, you can take a look at Privacy Duck and DeleteMe , who can help identify information about you in the USA and get it removed. If you want to find out how much information Google has on you, try typing https://myactivity.google.com/myactivity in your browser when logged in to a Google account. Google knows your location as well – you can find your personal Google map with all the places you have visited at the https://www.google.com/maps/timeline URL. WHOIS As mentioned earlier, If you run your own website, or you have a website for your business, the registration information that you filled in to get that domain name is made public to all the world through the WHOIS database. However, You don’t have to give your personal information to get a website. Some domain brokers offer you the option of obscuring this information. However, you can get this privacy for free by entering a webmail email address, putting a fake telephone number in the form and giving a made up company name. Although technically false this information rarely gets verified. Do a regular app and browser cleanse Mobile apps and browser extensions are known to collect personal data, often without your knowledge or consent - who reads the privacy small print after all? Because of this, it’s worth regularly cleansing apps and browser extensions you use and removing the ones you don’t. If you have the Cybersafe book , double check the chapter on secure browsing, Avoid Online Quizzes We all like to show how clever we are right? And anyway, what’s wrong with a little harmless quiz fun? Well, did you know that some quizzes ask a lot of seemingly random questions, which are actually the answers to common security questions? Plus, it gives attackers more data to work with. Supplying an email address or name to go along with results makes it even easier to associate information from other data sources. Don’t Login With Facebook or Google Finally (and I hope I’m hoping this isn’t news to anyone with Cybersafe), when you come across websites and apps that allow users to register using the “Login with Google”, “Login with Facebook”, or “Login with Twitter” buttons please consider using email (see the section on email in this blog post) instead. Understandably, these services provide a level of convenience by enabling you to complete the registration process with the email you used for your Google, Facebook, or Twitter accounts. However, the downside of using them is that you’ll automatically give the information attached to your Google/Facebook/Twitter accounts to the website. If you still yearn for this convenience, take a look at the Cybersafe alert Edition five, also listed at the end of this blog post for a potential alternative. Remember, although it’s an odious practice, doxxing is not illegal per se. Hopefully, laws will catch up with that situation soon. Click HERE to Tweet this...

It seems barely a day goes by without another massive data breach being announced. Only recently, Zynga, the online games company (think Farmville) also had a data breach. In this edition of the CyberSafe alert, you'll find out how to check if you’ve been a victim of a data breach and what to do about it. In general, companies that have been the subject of a data breach are required to inform their customers of the breach. But what happens if the company themselves are unaware that they’ve been hacked, or if the contact details they have for you are out of date so you don’t get the message? Or worse, what if the company is trying to keep the data breach quiet for commercial reasons and don’t tell you at all? As regular readers of the Cybersafe alert know, we give you simple actionable information to tackle cybersecurity issues. This Cybersafe Alert is no different. Today we provide you with two options for checking if you are part of a data breach. The first service you can use is Firefox Monitor. Firefox Monitor is extremely simple to use, regardless of whether you use the Firefox browser or not. Of course if you have read the CyberSafe book , it’s likely you are already using the Firefox browser or something like it. To use Firefox monitor to check whether your data has been breached, all you have to do is the following: Go to the Firefox monitor URL at https://monitor.firefox.com/ Type in the email address that you want to check If your email address has been part of a data breach, it will show up. The Firefox monitor records go back to 2007 As well as doing a spot check, you can also set up an alert for future breaches so you don’t have to wait to be notified by the organisation that has been hacked The other service for checking whether your password may have been breached is Google’s password manager. Google will now include the password checking feature in its password manager app, which means that you have to use Google’s password manager to save your passwords in order to take advantage of it. This shouldn’t be a problem for those of you who use Google products already. So what does Google's password checker do? Well, as well as letting you know about password breaches, the password manager will also prevent you from using bad passwords. If you want to find out how to improve the quality of your passwords, you can also read the Cybersafe Alert Edition 2 - The unhackable password. Password Checkup tells you if your password has been compromised (for example, in a breach), and gives you personalized, actionable recommendations when needed. For example, it will advise you to change the password. The tool will also tell you if your password is being used on multiple sites. Did you find this Cybersafe alert useful? Yes? Well, don’t keep this useful information to yourself. Use the sharing buttons to share this valuable information with your family and friends so they can protect themselves online.

Welcome to the CyberSafe alert 2019 edition 7, where we provide timely, actionable advice to individuals and SME’s on how to protect themselves online. This alert covers RFID credit cards and passports, and the lengths we go to, to prevent them from being hacked. If you’ve got a credit card in 2019, the chances are that it’s RFID enabled. How would you know? Well, if it’s one of those cards that you can simply wave at or place on a card reader instead of swiping it in a slot, then it’s RFID enabled. As these cards have become increasingly popular you probably started seeing reports in the more hysterical sections of the popular press showing how is it is to intercept your RFID enabled card and steal all your money. People conjured up all sorts of images and scare stories of ne’r do well hackers on street corners with wi-fi interceptors or waiters at restaurants skimming your card details. As a result of all the scare stories, or course an industry suddenly grew up around protecting consumers from having their cards skimmed. This protection came in the form of RFID blocking, wallets, backpacks, clothes, passport holders, etc., driving tens of millions of sales from worried consumers. So what’s the advice here? Regular readers of the Cybersafe alert know that our aim is to provide simple, actionable advice on cyber threats. Our advice on RFID blocking accessories is this. Save your money, and buy something that you really want instead. Why should you not be worried? Well, consider the facts: Most RFID cards these days are next-generation cards. These cards protect the information they send by encrypting it In the time since RFID cards were released, there have been no publicly acknowledged real-world examples of RFID crime. In that, however, there have been billions stolen in other financial crimes The payback for Cybercriminals just isn’t worth it. When you consider that a hacker cracking a database such the recent Capital One hack can yield tens of thousands of records, why would someone hang around on a street corner for a day trying to skim credit cards with a reader? After all that's been said, if you’re still not convinced and you want to protect your wallet anyway, well you can still save yourself some money. Simply put some sheets of aluminium foil in your wallet, and hey presto, you’re protected! So were the reports of RFID skimming all false then? Well not exactly. Plenty of demonstrations by researchers showed how it could be done, but the key point is, it has never happened in a REAL WORLD crime scenario, so relax. Did you find the Cybersafe alert useful? Yes? Well, don’t keep this useful information to yourself. Use the sharing buttons to share this valuable information with your family and friends so they can protect themselves online.

Welcome to CyberSafe alert 2019 edition 6, where we provide timely actionable insights to individuals and SME’s on how to protect themselves online. This alert covers the story that’s recently been doing the rounds about Skype calls being legally listened to. If you’ve read the CyberSafe book , then this information will not be news to you, and if you followed the advice in the book, then this is one less cyber security issue that you need to worry yourself with. So what’s the big issue? According to a story from Motherboard , Microsoft has people that regularly listen in to calls made on Skype in order to improve their machine learning services, especially around translations. Before you get outraged and start calling your lawyer about this flagrant violation of your privacy, it’s important to note that unless you opted out from this in their terms and conditions, you have agreed that this can be done. Skype is not alone in this. Most if not all of the big, commercial VOIP providers will have clauses in their terms and conditions that allow them to monitor your calls. Although this alert is focused on the VOIP issue with Skype, I think it’s important to note that if you use a service like Cortana, or Alexa, or Siri, these devices (assuming they are switched on) are listening to your every word, whether it’s a valid command or not. Regular readers of the Cybersafe Alert will know that we’re not just here to scare you into thinking the sky is falling in by telling you what’s going on, but also to give you actionable advice on what to do. So here’s what to do if you’re concerned about the recent revelations about Skype: Check the T&C’s of the VOIP service that you use. If you are concerned about them listening in, then opt-out. If you can’t opt-out, then switch a different service This kind of monitoring is not unique to Skype. Most if not all of the big commercial services will have a similar capability to listen in to your calls. Cybersafe book readers will know about alternatives such as Silent Phone by Silent Circle. If absolute privacy is important to you, then switch to one of these services This is somewhat counterintuitive in terms of what these tools are supposed to offer, but if you use an IoT device such as Cortana, Alexa, or Siri, keep it switched off until you need to use it. These devices by their very nature need to listen to every word you say, in order to react when you give them a recognised command

Hello again, it’s time for the fifth CyberSafe alert edition of 2019. I’m sure you haven’t failed to notice that these days when you sign up or sign into most apps or websites you will have encountered the timesaving social login feature. These time-savers allow you to register for websites and apps using your already existing profiles on social media behemoths like Facebook, Twitter, and LinkedIn by simply clicking on a button, instead of typing in your details all over again. Great idea right. Well yes if all that matters to you is saving half a minute logging into the site or app. Not such a great idea if you value your data privacy. I have to say, I personally don’t use social logins, and If you’ve read the CyberSafe book you’ll know that we don’t recommend you do so either. The reason? Although social login provides extra convenience, the cost of that convenience is giving away some of your personal data. Not worried about giving away your email address or username? Well, these social login buttons usually also send additional data like gender, age, relationship status, etc to the sites and apps you register with or log in to. If you’re a Cybersafe reader, you’re pretty careful about your cyber security, so that’s why Apple’s recent announcement of “Sign-in with Apple” could be a potential game-changer for those that value both convenience AND privacy. So how is it going to work? “Sign in with Apple” will be in the form of a button similar to the other social login buttons. The difference is, it won’t transmit your personal information. Instead of sending your email address, it will generate a random email address linked to your real address. So do you need to do anything to get this going? Well no actually. The great thing about this for users (Apple users actually, sorry Android users - at least for now) is that Apple will require apps that include social sign-in buttons to include the new sign in with Apple one as well. For Android users, although the sign in with Apple button isn’t available, alternative methods of registering with or signing into an app or website other than social logins usually are. If you’re concerned about your privacy, I would recommend setting up a profile manually. It can usually be done relatively quickly, and you can decide what information gets transmitted.