Incognito — September 2022: Is your job putting you at risk for harassment?

Welcome to the September 2022 issue of Incognito, a monthly newsletter from DeleteMe that keeps you posted on all things privacy and security.

Here’s what we’re talking about this month:

• Public-facing jobs. Is your job putting you at risk for harassment?
• Recommended reads, including why “Facebook Users Might Be Eligible for $90M Settlement.”
• Q&A: Is my phone listening to me?

Know someone who could benefit from proactive privacy protection? Refer them to DeleteMe—they get a 20% discount and you get a $50 Amazon gift card if they sign up. 

If you think your friends or family might enjoy learning more about data privacy, feel free to forward them this newsletter.

From working hours and PTO to job satisfaction, every job has its pros and cons. For people in public-facing roles, one major con is privacy—or the lack of it. 

Why Public-Facing Employees Are at Increased Risk of Harassment

Due to the nature of their jobs, public-facing workers, like journalists, medical professionals, and law enforcement officers, have less privacy than individuals whose jobs keep them out of the public spotlight. 

Not only is a lot of what public-facing workers do public knowledge (i.e.., the articles they write, the vaccines they give out, the laws they pass, etc.). They also can’t easily dissociate themselves from the industries/organizations they work in. 

A software engineer at a controversial company may be able to keep out of the public eye by keeping quiet about where they work. On the other hand, a C-level executive at the same company has nowhere to hide. If someone wants to take out their frustration on a company, they’ll often go after the person who is seen as the “face” of the organization or is directly linked to it. 

• Earlier this year, Elon Musk criticized Vijaya Gadde, Twitter’s head of legal, policy, and trust, in a few tweets. One was a meme that featured a picture of Gadde and suggested the social media company has “left-wing bias.” 
• Shortly afterward, Gadde’s account was flooded with harassing messages. 

How Bad Is This Problem?

It’s bad, and it’s getting worse. As political and cultural tensions rise, more individuals in public-facing roles are finding themselves in the firing line.

Police officers

Law enforcement officers routinely receive death threats. A growing number are also being doxxed or have protests staged outside their homes. 

Journalists

Harassment and threats are so prevalent in the media industry that many journalists view attacks on them as validation that they’re “on the right track.” Harassment is even worse for female journalists, 73% of whom say they receive online abuse, with 20% reporting that abuse turns into offline attacks. 

Public officials

More than 8 in 10 local officials said they experienced harassment, threats, and violence, according to research by the National League of Cities. Close to 9 in 10 reported the number of attacks they experienced recently increased. 

Healthcare workers 

Online and offline violence against medical practitioners has gotten so bad that the state of Colorado has passed a law making doxxing (publicly sharing an individual’s personal information online) of healthcare workers illegal.  

Influencers

No matter their niche or the platform they’re on, influencers often report getting death threats and being doxxed and swatted (the act of sending police forces to someone’s home). One influencer said, “I started getting these emails saying, ‘if you don’t do a [sexual] video for me, I’m going to post photos of your house and where you live’ Then they sent me my address.”

The Role of Publicly Available PII 

Malicious individuals do stalk public-facing workers or employ other methods (like collecting clues from a video in the case of an influencer) to build up a profile on them. But a large amount of the information bad actors need can be found in public records or data broker sources. 

For example, some healthcare workers have their licensing information publicly available, whereas several states provide downloadable lists of medical staff data, like their addresses, phone numbers, license numbers, etc. 

As for data brokers: the profiles they sell have gotten more detailed. According to DeleteMe’s own data, the amount of PII available online has risen by 150% in the last two years. This means two things: 1) there’s more personally identifiable information (PII) per person, and 2) the information available about individuals is now more detailed and may include things like family networks and historical location tracking.

Identity Theft and Cybercrime Also a Risk

It’s not just harassment, stalking, and death threats that public-facing workers need to be wary of. The information that’s available about them on the clear web means that threat actors can more easily impersonate or hack them. 

• Influencers have long had their social media accounts hacked. Now, attackers are also holding them to ransom. There are a number of ways for hackers to gain control of accounts, including personalized phishing emails and password attacks using PII found on the web.
• Healthcare professionals have had their identities stolen by job seekers. In at least one case, a doctor’s name and credentials were used by criminals to set up a fake medical practice and fraudulently claim tens of thousands of Medicare reimbursements.
• Last year, executive impersonation increased by 131%, with more than 1 in 2 security professionals saying that executives at their company were spoofed or impersonated. 

How Public-Facing Workers Can Increase Their Privacy

There are a few things public-facing employees can do to improve their privacy:

1. Keep an eye out for new reports on personalized threats in your industry. 
2. Make your social media profiles private (LinkedIn, Facebook, Twitter, Instagram, TikTok), and don’t accept people you don’t know as friends. Also, avoid oversharing. 
3. Opt-out of data broker sites.
4. Remove your name from other sources online. You may want to set up Google alerts for your name (including misspelled versions) and other personal information. 
5. Monitor your credit, either on your own or with credit monitoring services, to ensure that any fraudulent activity on your accounts is spotted and dealt with promptly. 

Recommended Reads

Our recent favorites to keep you up to date in today’s digital privacy landscape. 

Meta Is Expanding End-to-End Encryption

Meta is expanding automatic end-to-end encryption to direct messages on Messenger. The tech giant is also testing encrypted chat storage, which would allow users to access their chat history if they lose their phone. These new features were announced days after Meta’s messenger app was used to provide evidence in an abortion prosecution.

Apple Security Flaw Gives Hackers Access to User Devices

Serious security vulnerabilities in iOS and macOS devices could allow hackers to gain “full admin access” to users’ devices if they visited “maliciously-crafted web content,” warned Apple. The tech behemoth says attackers may have “actively exploited” the vulnerability that allowed them to impersonate a device’s owner. Apple has since released an update for the flaw, so be sure to update any Apple devices you use.

Facebook Users Might Be Eligible for $90M Settlement 

Facebook users who had a profile on the social media platform between April 22, 2010, and September 26, 2011, might be eligible to get a cut of a $90 million payout. Meta agreed to the payout to settle an old lawsuit. The lawsuit alleges Facebook tracked users across the internet after they signed out off the platform—something it promised not to do. The deadline for filling out a claim is September 22, 2022. 

Your Phone Might Be Able to ID You Based on How You Hold It

Researchers at Toulouse Institute of Computer Science Research in France have trained an artificial intelligence algorithm to use hand vibration patterns to identify who is holding a smartphone. The algorithm could make a successful guess in just 1.5 seconds, 92.5% of the time. However, movement, like vehicle motion, drowns out the signal and affects the algorithm’s accuracy. 

You Asked, We Answered

Here are some of the questions our readers asked us last month.

Q: I sometimes get ads about the things I talk about out loud, i.e., holidays I plan to take or things I want to buy. Is my phone listening to me?

A: There have been plenty of stories of Apple contractors overhearing confidential details via Siri or Amazon workers listening in on your interactions with Alexa. But according to studies, phones that supposedly listen to us and then target us with ads are a myth. 

The truth is, companies don’t need to snoop on our private conversations to show us better ads.

Every time we go on the internet, we leave a trail of digital breadcrumbs. From the videos we watch to the photos we like and the stuff we post on social media, companies and apps can collect this data, connect it to other data points, and make pretty good guesses about what we like or are interested in. 

In some cases, the profiles built on us may even include information linking us to other people. So, if your partner searches for something specific online, you may see an ad for it on your phone.

Still, if you’d rather be on the safe side, you can always stop your phone from listening to you by turning this feature off in settings (here’s how to do that on Android and iPhone).

Q: I’ve been hearing a lot about in-app browsers and how they’re not private lately. How can I ensure I don’t accidentally use one?

A: Anytime you type in a URL into an app, you are using an in-app browser (as opposed to a web browser). 

In-app browsers are convenient (you don’t have to leave the app you’re on to visit a specific link) and fast (external browsers take longer to load). But, as you’ve pointed out, they’re also not very private. Research shows that Facebook and Instagram use in-app browsers to track user activity, whereas TikTok’s in-app browser can monitor your clicks and keystrokes. 

The best way to ensure you don’t accidentally use a malicious in-app browser is to use a tool called InAppBrowser to see if any of the apps you currently have track you—and then stop using those that do (however, note that the tool is not foolproof). 

If that’s not a realistic option, you can check out apps’ settings to see if you can change their default browser to Safari or Chrome. 

Back to You

We’d love to hear your thoughts about all things data privacy.

Get in touch with us. We love getting emails from our readers (or tweet us @DeleteMe).

Share Incognito with friends. If you know someone who might enjoy learning more about data privacy, feel free to forward them this newsletter. If you’d like to subscribe to the newsletter, use this link.

Let us know. Are there any specific data privacy topics you’d like us to explore in the upcoming issues of Incognito? 

That’s it for this issue of Incognito! Stay safe and we’ll see you in your inbox next month.