The Cocoon Blog
The Internet as it should be: private, secure and virus free

The Wall Street Journal recently reported that U.S. food companies are reaching children by embedding their products in mobile game apps. I downloaded a few games this morning and was not impressed.

It is too easy for a child to click a mobile ad; the “x”(to close the ad)  is minimal, while the ad itself is splashed across the screen. If you were a young child, would you click on the small x or the over-sized graphic?

My App Review: The SuperPretzel Factory by Sunstorm Interactive may be entertaining for a young child – the child presses different mixer buttons as she/he attempts to fill as many pans with dough as possible before the timer runs out. Most likely they will get frustrated when they make it to level four, only to find a broken cart that will not move to catch the falling pretzels. If you look at this particular game app from an adult perspective – the game consists of approximately 95 percent locked areas and advertising.

The food-industry games generally have rudimentary graphics and objectives simple enough for small children to understand. They have raised debate over who should be responsible for their impact on children—parents or the government. –The Wall Street Journal

Childhood Obesity

Nearly one in five U.S. kids between the ages of 2-19 are overweight. Parents play a crucial role in the prevention of childhood obesity. Teaching children how to select healthy food options begins in the home. Digital technology games can detract from healthy lifestyle choices by luring the child to concentrate on junk food.

“We know that when children are engaged, they learn, so when mobile apps are fun, entertaining and developmentally appropriate, they can be powerful educational tools.” Lesli Rotenberg, Senior Vice President, Children’s Media, PBS.

A Note to Parents 

Be aware of how your child is interacting with games on mobile devices. Children rely upon you to provide appropriate stepping stones as they meander through a digital world filled with advertising.

The majority of Internet security risk factors for the back-to-school-gang can be controlled with the right online tools, the right attitude (a willingness to learn and apply the necessary strategies) and the desire to become proactive versus reactive.

1. Weak Passwords
2. Privacy 
3. Malware
4. Mobile App Risks
5. Unsecured Wi-Fi

The web is often the perfect playground for cybercriminals’ to snare victims. Social media houses the glitter with connections, apps, games and traps. Major search engines feed the curious, but can also circumvent legitimate searches and replace them with offensive content.

1. Weak Passwords

Using the same weak password across multiple sites gives a hacker an entrance to highjack all your online accounts; has the potential to steal bank login information and potentially wipe your bank account out.

A weak password such as 123456, password,  abc123, or using your first name or pet’s name as your password is the Achilles heel of online security.

Passwords are your first line of defense against cybercriminals. Create complex passwords for each site (do not share the same password at multiple sites), change them frequently and create accounts at sites that use good encryption.

The weakest link on social media sites is the use of weak (123456)  or common passwords (password). If you use passwords that can be traced directly back to you (Example: getcocoon) or use the name of your family pet (Example: cocoonpuppy) – these type of passwords can easily be figured out with a bit of social engineering and access to your Facebook page. Never use passwords that are associated with something that can be traced directly back to you.

How long would an online attacker using a password cracker at 1,000 guesses per second take to figure your password out? Let’s take a look at how effective your password is at GRC:

If your password is 5 characters long and uses:

*Just numbers, the time to “crack” = 1.85 minutes (Example: 12345).

*The full alphabet but doesn’t mix upper and lowercase, the time to “crack” = 3.43 hours (Example: alpha).

*The full alphabet and numbers 0 through 9 but doesn’t mix upper and lowercase, the time to “crack” = 17.28 hours (Example: alp12).

*The full alphabet and numbers with mixed case, time to “crack” = 1.54 weeks (Example: Alp12).

Use a combination of uppercase, lowercase, numbers and symbols

*If we combine the alphabet, numbers, mixed case and use 6 characters instead of 5, the time to “crack”  jumps to 1.84 years (Example: Alph12).

*If we go to 8 characters and throw in symbols like # % & *, the time to “crack” jumps to 2.13 thousand centuries (Example: Alph12*!).

 2. Privacy : Online Tracking

There are a number of companies that track your movements on the web and sell the information to the highest bidder in real time bidding…

“Already, the web sites you visit reshape themselves before you like a carnivorous school of fish, and this is only the beginning. Right now, a huge chunk of what you’ve ever looked at on the Internet is sitting in databases all across the world. The line separating all that it might say about you, good or bad, is as thin as the letters of your name. If and when that wall breaks down, the numbers may overwhelm the name.” –The Atlantic

Acxiom has a reputation of collecting data better than anyone else. They collect everything including websites, loyalty programs, retail point-of-sale data, self-reported sources, public records,  employment drug testing data, background checks, criminal histories, birth records, education data, vehicle identification numbers, driver’s licenses, marriage  licenses, and you can bet that they know what you feed your dog too.

Internet users should be informed that there are tools available, such as Cocoon, which give Internet users control of their private information and places a roadblock against online tracking.

3. Malware

Malware, otherwise known as malicious software is created by cybercriminals for the sole purpose of bringing some type of harm to your computer or mobile device. Whether it is used for spying on you, stealing your passwords or personal data, holding your computer or device for ransom, conducting financial theft, or targeting you for membership in a botnet - the final outcome is never intended to be in your favor.

Malware is a blanket term that can include viruses, Trojans, spyware, root kits, adware, worms, key loggers, web hijackers and other malicious scripts. It can be hostile, intrusive, insidious, annoying; or lay dormant for a time.

Malware is no longer a threat that is exclusive to desktop operating systems. The RSA 2012 CYBERCRIME TRENDS REPORT white paper stated that 2011 marked the year of new advanced threats on a global basis. In 2012, cybercriminals are finding new and innovative ways to monetize non-financial data, while hacktivism is on the rise. They predict that “InfoStealers” for the mobile platform will emerge with Trojans that are designed to “keylog touch-screen input and monitor data traffic through the mobile device.”

4. Mobile App Risks

From unregulated practices in mobile advertising to cell tower dumps, our mobile privacy is under constant attack. We’ve come a long way since Martin Cooper’s Dyna-Tac 2.5 lb brick (1973); but in 2012 mobile users are still shaking at the short end of the mobile privacy stick.

Cyber-crooks develop rogue apps to steal private data such as passwords, credit card information and piece together personal information in order to commit identity theft.

A recent study on Mobile Privacy Policies from the Future of Privacy Forum, stated that out of the free apps surveyed, 66 percent had privacy policies, while only 33 percent of the paid apps had privacy policies.

Many mobile apps need advertising in order to continue offering “free” apps. Some ads are invasive and take too much data from a user’s phone or they may install software in the background without user knowledge. Many mobile apps also routinely send data to marketing companies and use the collected data to compile dossiers on mobile phone users.

*Only download apps from well-known and trusted sources.

*Avoid downloading apps that have only been downloaded a few times, have few or no ratings, and no privacy policy.

*If a free app that you like has an upgrade and a no-advertising version is available – purchase it!

Mobile malvertising is another vector for attack. The ads look genuine, but when the user clicks on a malvertised ad they end up at a malicious site that downloads malware to their device.

Aggressive ad networks are much more prevalent than malicious applications. It is the most prevalent mobile privacy issue that exists,” Kevin Mahaffey, Lookout’s technology chief and co-founder, told Reuters in an interview.

5. Unsecured Wi-Fi

Airports, restaurants, coffee shops, businesses, dentists, libraries and even public parks offer public access to Wi-Fi for free. Surfing unsecured hotspots can open your data pipeline to some very unsavory characters.  Whether you use it for convenience or because there is no other Internet connection available — the bad guys still have all kinds of tools to gather and steal information from you.

Conclusion

Browsing the Internet with Cocoon will route all of your traffic through our encrypted servers, so prying eyes cannot see it. This is especially valuable on a public WiFi network where man in the middle attacks commonly occur.

The use of Cocoon while surfing Facebook, banking, or shopping on a public network will keep lurking predators from hijacking your private session.

Cocoon’s encrypted tunnel will ensure that viruses and malware never reach your computer. This highly decreases your chances of becoming part of a botnet, having your personal data stolen, or worse. Don’t give cyber criminals the advantage, stay safe and be vigilant.

Every move you make on the Internet is being monetized by the advertising ecosystem.

“Already, the web sites you visit reshape themselves before you like a carnivorous school of fish, and this is only the beginning. Right now, a huge chunk of what you’ve ever looked at on the Internet is sitting in databases all across the world. The line separating all that it might say about you, good or bad, is as thin as the letters of your name. If and when that wall breaks down, the numbers may overwhelm the name.” –The Atlantic

Alexis Madrigal of  The Atlantic, recently begged the question “Who’s following your every move on the web, and what do they want from you?”  Madrigal recorded a 36-hour period of standard web surfing with Mozilla’s tool Collusion (a tool that collects data about the companies that are collecting data about you), and recorded 105 companies that were collecting information on his web travels.

“AS USERS, WE move through our Internet experiences unaware of the churning subterranean machines powering our Web pages with their cookies and pixel trackers, their tracking code and databases. We shop for wedding caterers and suddenly see ring ads appear on random Web pages we’re visiting. We sometimes think the ads following us around the Internet are “creepy.” We sometimes feel watched. Does it matter? We don’t really know what to think. --The Week 

Advertising $$$’s

The purpose for all of this online snooping is singular: Google, Microsoft, Yahoo, Apple, Facebook and others are intent on delivering more relevant online ads to each and every one of us — and bagging that advertising money. —BYRON ACOHIDO | USA Today

Internet users should be informed that there are tools available, such as Cocoon, that give Internet consumers control of their private information and places a roadblock against online tracking.

Following tremendous growth in consumer privacy advocacy, the Obama administration has been actively seeking support for its privacy bill of rights. In late February, the administration proclaimed its plan to enforce a “Do Not Track” mechanism in major web browsers for implementation in the coming months. The push represents Washington’s first initiative since the Stop Online Piracy Act, or SOPA, was shot down in January.

While the mechanism is meant to provide consumers with tools to avoid being tracked, critics are calling the effort half-baked as it only addresses a certain class of data collectors. So-called “first party” websites, which include the likes of Google, Amazon, and various large publishers and search engines, will still be able to collect data on users and tailor ads to them accordingly. First-party websites are deemed so simply by the fact that consumers visit their site directly.

Third-party sites are comprised of ad networks that collect consumer data and tailor ads towards built-upon user profiles. DoubleClick, for instance, is considered one of the largest third-party sites, and incidentally is owned by Google. While much of the ad industry’s growing revenues are threatened by the potentially vast adoption of the “Do Not Track” mechanism, consumers can expect to see much of the Internet’s tracking remain. Google, for example, sees the majority of its revenue from first-party tracking on its own website via Google AdWords. With this kind of tracking remaining unaffected, we can surely expect more of the same when it comes to the big guns like Google.

According to research by the Pew Research Center, support for government intervention has shrunken since 2011. What’s the administration to do? Let us know what you think the government’s role should be in protecting consumer privacy!

According to a recent report from Dasient, there were over three million impressions served per day on malicious web advertisements, with more than one million web sites estimated to be infected in the final quarter of 2010. The report also predicted that after three months of browsing, the average Internet user would have a 95% chance of hitting an infected page. Not surprising was that this same report found that most social media networks were prone to being used as distribution platforms for malware.

Our most recent Cocoon product update includes server-side blocking of advertisements. At Mashable this is the advertisement that I viewed with Cocoon prior to blocking advertising

With such constant bombardment of online advertising, my mind still has not learned how to filter out the graphics. Using Cocoon preferences all I had to do was place a check mark here

and advertisements turn into aesthetically pleasing white space…

Another New Feature: Block Facebook Tracking

You can now use Block Facebook Tracking to prevent websites from identifying you through Facebook and reporting this information back to the mother ship.

When you visit a website like CNN, you can see what your friends are recommending and sharing on CNN. Your friends can also see what you are recommending and sharing.

If you are not in the mood for reciprocity you can turn this feature off in Cocoon preferences.

You can now enjoy the news knowing you are safe from prying eyes and your friends will not be able to view your activity on CNN.

Thank you for continuing to use Cocoon and we appreciate your feedback. If there is more that you would like to see changed or added, we would love to hear from you.

You can use our handy contact form or visit us on Twitter or Facebook!

.