©Vassilia Lalaki, 2021.

All Rights Reserved

Online Data
Security
Vassilia Lalaki, Computers 8
Personally Identifiable
Information (aka PII)
Personally Identifiable Information
Personally Identifiable Information (PII for short) is data that can directly (or
even indirectly) identify your unique personality. Your direct PII is your very
unique name, your Social Security Number which only you have in this world,
and your fingerprint (fun fact: you are and will always be the only one in
history to have the fingerprints you have, in fact, there are 4 quadrillion
patterns, too many for this world to reach…). Indirect PII can include data that
at a first glance may not look that personal but with some research can
eventually reveal your direct PII. Need an example? Ok, here we go: Consider
the phone number 000-1010, we don’t know whose it is until we look it up on
a phone book where it says that it belongs to (let’s say) Linda May. Linda May
is a name, and therefore, is considered PII.
Is a Computer’s IP Address PII?
Ok, I bet that now you are asking how PII is linked to
computers, and the answer always lies behind the
computer’s “fingerprint”, the IP address. The IP
address is unique to your computer, which a person
can hack to find out whose computer the IP address
belongs to, therefore, if he knows the name of the
computer’s real owner, they know the PII of the
person.
 PII Theft. Thieves of Your Data.

A Data Breach is when hackers get ahold of an organization’s data.

Especially, the workers’ data. With that data, hackers can have your name
and your Social Security Number which can be used to have your credit card
numbers and make purchases off of your hard-earned money.
PII Regulations and
Recommendations

If you’re a citizen in the EU, you may already know what the GDPR is. The GDPR
deals with PII in developers of websites and apps that use your PII, among
other privacy-related things. They try to help the world be a place where the
idea of Data Breaches remains an idea, never to be seen by possible victims.
However, you never know what will be ensured, and hacking is always
possible, what can you do then? Your direct PII is almost always nothing you
should just give out, and on Social Media, it is more than just unnecessary to
post about your personal data. No, there is no reason to share your Social
Security Number with some random instagrammer.
User Data Tracking
 Web Cookies
No, this is not about chocolate chip deliciousness, it is about your data
being track by the websites you visit. No, I won’t bore anyone with too
much information about the process but the basics are that cookies
store what you, the end user, will do with the website. A cookie
basically stores data for later use. Example: Linda May visits an online
store with clothing. She browses dresses that are pink. The browser
will store that information and some other day, Linda May will be
greeted with a page full of pink dresses. Those were first-party cookies.
 Ok, First-Party cookies mostly have to
do with the website you visit alone,
although there are some other kinds
of cookies too. Third-Party cookies
please stand up to the stage, please.
Remember Linda May who visited a
clothing store online? Ok, the cookies
Third-Party Cookies that stored that she likes pink dresses
may also have had other cookies
around who were from Advertising
Companies who will now fill up all the
pages that Linda May visits with
advertisements for you guessed it pink
dresses.
 Do you know Google (or Bing even)? Don’t
answer, obviously yes. Your searches always
are made there. You have a question? It must
be up on Google somewhere, and you
obviously probably have searched it already.
Google has a massive assortment of
searched made by people all-over the world.
Search History Your searches probably are also not private,
they could be as random as, how to make a
sandwich? However, to a search engine,
there is identification behind your humble
search. While you only know what you
searched, Google knows when, what time,
what computer you have, your browser, and
your OS at the same time.
Search History, Continued.
If you keep looking up stuff on that same computer with that same engine, your searches start to pile up
on the engine’s servers. The more data there is on the engine’s database, it becomes even easier to piece
together PII through the searches. And let’s also mention that the Search Engines are caught up in
evolution of tech, and they also use cookies. As I previously mentioned, cookies can be used for the
website to be more personalized. Linda May, a fan of dresses, if she Googles cat. Instead of seeing many
cats she may see a clothing store called Cat because Google listened to her preference of dresses over
cats. And also, she’ll see a lot of advertisements trying to sell her dresses, because Google also wants
some quick cash. Google may think that the data it collects from Linda May, will be useful for both their
pockets and for Linda May’s comfort. However, is it really? America Online released three months worth
of a person’s searched data to researchers under an anonymized ID and journalists eventually pieced
together that data to actually reveal who the person was. If this is concerning, what can you do? A)Look
at your preferred engine’s Privacy Policy, that is why it is there, it is there to let you know where your
data goes, and if that is not enough, there has to be a setting to fix it. And if that is not enough, consider
to B)switch to a better and more secure browser which satisfies your privacy needs.
 Ok, as you now know what search history is (if you don’t,
Browsing History go to the previous slide) imagine that there is a way
bigger list of things your internet corner has, the
websites you have visited with a certain browser. The
browser you are using may fool you by making you to
think that your browsing history is secure but it is all
lies. Websites, ISPs, Browsers, and even your
Government knows your browsing history. Is it scary? I
bet so. The websites you visit can track your visits
inside itself as well as among other websites from your
browsing history who used the same cookies. If you are
alarmed, be aware that your browser probably has a
setting to disable cookies and trackers.
Continuing with Browsing History
Your browser does store your browser history, but there is no reason to worry. It mostly does it so
you can easily reach back to your previous visits without having to fill in the whole link. If you are
uncomfortable with your browsing history being stored, you can delete it all and even opt for
deletion of the browsing history as you boot up your browser. There is also Incognito/InPrivate
mode that does not store the history at all. ISPs and Governments can also track the websites you
visit through your router. HTTPS websites may hide your requests but they will still reveal the
domain name. The government does look over the websites you visit in case it sees illegal activity.
However, some people may feel concerned that their privacy is taken away by the government, and
that’s where options come in. A VPN service may add an extra layer of privacy on your browsing
history by removing your name and adding the VPN’s name. The only deal with VPNs is that they are
expensive and they slow down your connection, so it may not be your everyday option. Tor is a
browser that is free and hides your IP address and shows its own, therefore, hiding your privacy.
There are also non-profit organizations who fight for user’s privacy being hidden from the
government through activism.
Geolocation
Geo-Location. Basically, devices locating your exact coordinates on a
map. It can be really helpful for finding local places. I won’t get into
details as to how it is done but it can locate your exact location.
Usually, apps and websites ask you for permission to access your
location. Phones may have the extra step of asking you on how
much access to you location an app can have (either during its use
or during the phone’s use). Websites usually have IP packets sent to
them, where your data of location is packaged together with your IP
address. Websites can use that data for either demographics or even
personalization. Let’s say that Linda May lives in California and she
visits a website of a clothing store, the store may show her stores in
her local area in California.
 Be aware that you can also enter your
geolocation data in a maps website to find
places close to you, that data is also stored.
Your photos also provide geolocation data
through metadata which is location info
behind the code of the photo.

What are the benefits of Geolocation then?

Geolocation can help you locate your lost

Geolocation Continued device, a nice café close to you, or even help

you by finding the closest ambulance or
police station in case you need it.

However, there is always a dark side behind

all things internet. A stalker may find you if
they have your geolocation data. A law
enforcement agency may wrongly accuse
you of a crime because of an inaccurate
geolocation. Or websites can censor info
based on your location.
Cyber Attacks
 “Your account is at risk, update your info now!” will say one
Phishing Attacks random email that you’ll get sometime in your life. It will be from
some website you are already signed into. That email must have
(Think of fishing, and you’ll get it)
been sent by some person who is trying to get into your
information. (Your account will be at risk if you actually update your
info) This person wants your data and they want you to give them
what they want. You obviously should not. How do you know
though that they are trying to phish you? Let’s say Linda May’s
account on PayMay is at risk, according to
[email protected] and links to the website
http://paymay.accounts.net/gimmeyouraccount. How does Linda
May know that she is being phished? A)The email address does
not seem legit, what kind of email domain is called totallylegiteail?
B)The website links to an unsafe website that the domain is
accounts, not PayMay which is a sub-domain. And also, there is no
reason for a company to ask you to update your account details.
That is obviously a phish email. If you ever see a phishing email,
just ignore it and throw it in the email trash. Sometimes it could
even be targeted to you directly but you should always ignore it.
Rogue Access Points (Sounds insane but I’ll clarify)
Let’s say you walk into a café to do your work and you see two different coffee-shop wi-fi
access points and you ask yourself “Which one should I join?”. Short-Answer: None,
because one is definitely a Rogue Access Point and you don’t know which. Long-Answer:
Your home wi-fi probably runs on a wired connection, through an ethernet cable
(probably not a modem one, the year is not 1998) but there is a chance you do not have
space for it and that’s where Access Points come in. If you have a router, that’s the one I
am talking about. A router is a wired-connected device to the internet that shares
wirelessly that connection with your home’s devices. A Rogue Access Point is an Access
Point that an attacker has invaded without the Access Point Owner’s permission. That
intruder can get your data in a passive and an active way.
 A Passive Rogue Access Point is an
attacker’s way of reading your data but
Passive Rogue Access doing nothing else. They can see your
passwords but cannot use them. Even
Points if the attacker cannot manipulate your
data, they can still collect it and even
expose it online.
 Active Rogue Access Points
If in the Passive Rogue Access Points, the attacker could only see your data, here
they can also manipulate it for their own personal preference. If Linda May wants
to deposit money into her own account and enters her password, the attacker
could change the destination and instead of going into Linda May’s account, the
money will go into the attacker’s account, which basically is stealing Linda May’s
money.
Recommendations on Rogue Access Points
You should always consider your privacy before joining
public hotspots, like airport wi-fi. Also, VPNs and HTTPS
websites do help scrambling data so the attacker
cannot easily see your data help you with dealing
against Rogue Access Points.
Computer Malware

Malware is Computer Code that can alter your files, spread across your
computer, and even send itself to other computers. To get malware, you usually
get it through email assignments. And usually malware is good at damaging your
computer. So, what are the types of malware, you say? That’s our topic in the
next few slides.
 A Trojan Horse is an executable program that
Trojan Horse when you open it damages your computer and
Malware can even crash it unless an antivirus/antimalware
software gets rid of it on time.
Virus Malware Viruses inject
themselves into as
many files as they
can through copying
themselves into
files. This way they
can erase data from
the computer that
are vital.
 A worm is a file that copies itself into many computers

Worm Malware
through many ways, like sending emails to everyone in
someone’s contact list. It usually combines itself with other
malware.
Effects Of Malware
Malware can install spyware and keyloggers that can see
your data when you do stuff. Adware can annoy you with
ads. Ransomware locks up your files until you pay up for
them
Ways to Avoid Malware

Patches: Your computer will update whenever it needs to fix a really bad virus

Anti-virus Software: Will scan your computer to protect you from known to its
system viruses.

Firewall: Is a wall that sees what comes in and out of your computer in case
there are hidden malware in there.
Data Encryption
Techniques
 The internet is full of mean people who want
to get in your everyday life and steal your
data, like, let’s say your passwords. Basically,
Encryption? What’s that? encryption hides that information from
intruders by scrambling up the message
being over the internet.
 I am not going to dive deep into the Cæsar
Symmetric Encryption Cipher or the Vigenére Cipher but their deal
is the same. Encrypting data through a
common key that is shared upon two
messengers. A key that supposedly nobody
else knows. Symmetric Encryption is not
really reliable because there is always a
common pattern that can exploit the
system, no matter how unique your key is,
there will be some way to decrypt it no
matter what.
 As I said, Symmetric Encryption is easy to exploit
but there is another way to encrypt that isn’t as
easy to decrypt it. Public/Private Key encryption
has multiple keys to encrypt data. The public key
is the common key you share with the other
messenger but that key can only encrypt data.
Public/Private Key Encryption To decrypt the data, you and the other
messenger have separate unique private keys
that you do not share and you just use them for
decryption. Both Public and Private keys have
super long lines of code, that are hard to find
out, so a hacker will have a hard time decrypting
data...
Sec
ure
Inte
rne
t Pr
otoc
ols
Transport Layer Transport Layer Security (aka TLS, used to be known as
SSL) is a way of encrypting data that is really secure by
Security (aka TLS) using both encryption techniques (symmetric and public
key). I won’t dive into the nitty-gritty details of this hard to
understand subject but I’ll tell you the least that TLS makes
sure that the website has a legit public key from a legit
public key certificate that comes from a legit certificate
authority. However, an attacker can still fake a public key
certificate. Those Certificates are supposed to make you
feel safe about the website you are visiting but it is not
always necessary that it is that legit.
HTTP Secure (Aka HTTPS)

Typical HTTP websites have a tendency to host many attackers over the web
because there is no security protocols put in place to make the website safe,
HTTPS solves this problem by adding TLS security. HTTPS still has to go
through the TLS checkup, which can mean that it does not have a legit
certificate so you cannot pass but the website usually is protected and you are
safe to enter your precious data in.
User Authentication
Methods
 Ok, quick question: Have you ever considered using the

Strong Passwords
password “Password”? If you haven’t, that’s good because so
many people choose that password and get hacked because
of their poor choices. Your password is your unique way of
protecting your stuff and “Password” won’t protect you well
enough. Hackers can find your password by guessing,
brute-forcing (guessing+help from a computer), stuffing
(using an already-found password on other services),
keylogging (malware that sees every key you press), or by
phishing you into giving your data away. How can you make
your password more secure? Make it irregular
(unguessable), complex, and use it on only one site, make
sure you can remember it though. Create an initialism or
use random words to make your password even more
unique. Use a password manager in order to keep track of
your passwords. Make sure that you enter passwords on
secure connections only and do not have someone near you
when you enter it.
Multi-Factor Authentication
Except using a strong password, you could also use multi-factor
authentication. MFA makes sure that no-one can get ahold of your
password by using an extra path towards accessing your account. Like
sending a short verification email with a code that you have to enter
onto the account before it expires. It could also be evidence from your
own body like fingerprints or to show your card on a machine. Stuff
that hackers cannot physically get ahold of.
Conclusion
Concluding on Online Data Security.
Your awareness on this topic is enough for you to know where to be more
careful. I bet that until now, Rogue Access Points and who tracks your
Geolocation were not a concern or even something you knew about but know
you may care more about it. I am not here to scare or terrify you on how you
must be more careful and how people are tracking you; I am here to help you
understand what you can work into improving your digital life, because we all
are digital citizens and we all can improve our safety. After all, there is always
a way to protect ourselves!
Thank you for Listening
and for Raising your
Awareness!