The Cocoon Blog
The Internet as it should be: private, secure and virus free

I have three children and over the years I have bought countless computers, phones and tablets. Our children seem to be using devices at a younger and younger age, and there are studies to prove it.

One recent study by Commonsense Media found that 22 percent of 5- to 8-year-olds use computers once a day, and more than a third of children under the age of 8 have used a mobile device – either cell phones or tablets – to watch movies, play games and use apps. While the Internet creates countless opportunities for kids to engage and learn online, it is essential that parents learn about best practices and use the available technology to protect their kids.

Here are a few tips and new tools to make it easier to help protect your children in the real and virtual world, ensuring they can surf, play and learn safely.

1.  Be Web Wise

According to a Science Daily article, “Four out of five children can’t tell when they are talking to an adult posing as a child on the Internet, according to researchers working on software to track pedophiles online.”

Teach your children how to interact safely with people they meet online. Be sure your kids understand they should never provide personally identifiable information about themselves, their current whereabouts, where they live or even what school they attend.

Your children may deal with situations online such as bullying, unwanted contact, or hurtful comments. Work with them on strategies for when problems arise, such as talking to a trusted adult, not retaliating, blocking the person, or filing a complaint. Agree on steps to take if the strategy fails.

2. Set Clear Expectations

As parents, we all have those tough “conversations”: drugs, the birds and the bees, where are you going and the like. Parents must set expectations about how our kids will use the Internet. We set curfews, bedtimes, chores, etc., and now we need to set boundaries for online surfing,  even from a cell phone. Set boundaries about:

-The types of websites your kids are allowed to visit

-Who they are allowed to socialize with online

-How much time they are allowed to be online at all, including study time and mobile browsing

Online safety can be a shared, positive experience. Surf the Internet with them. Appreciate your children’s participation in their online communities and show interest in their friends. Try to react constructively when they encounter inappropriate material and make it a teachable moment.

3. Activate Parental Controls

Kids may accuse parents of “spying” on them, but respectfully monitoring their online activity provides a check-in to ensure those expectations you’ve set are being met. Parental controls are a great way to be proactive about your child’s online safety and activities.  When enabling parental controls, use age-appropriate settings to filter, monitor and block your child’s activities.

Our company, Virtual World Computing, has worked to develop CocoonKids for KlaasKids, a new free tool to provide parents with a free browser plug-in designed to protect children from corporate tracking and family computers from malware. Parents can lock it into “Kid Mode,” ensuring kids only browse a parent-sourced whitelist of recommended, appropriate and safe websites. Accessing sites beyond CocoonKids for KlaasKids requires parental permission.

4. Discuss “Reputation Management”

Colleges and prospective employers alike are reviewing the online presence of their applicants to ensure they are accepting qualified, appropriate candidates. Kids and teens may not fully comprehend the damage that can be done – or the permanent trace that can be left – from their online photos and comments.

Keep up to date on Facebook security settings, and ensure your kids keep tight settings.

“Friend” your kids on Facebook and other social media outlets so you can see who they are friends with, what photos they are posting, etc. And make sure they do not have a “parent-friendly” Facebook page just for you to friend. (Yes, they really do that.)

Educate your kids about the importance of appropriate social decorum online, and the long-term impact their digital presence can have on their dreams and career options.

5. Protect Your Child’s Identity

The past two years, the FTC has reported that 8 percent of identity theft cases involve kids. Further, a 2011 study by Carnegie Mellon University discovered that 10.2 percent (4,311) of the children in the report had someone else using their Social Security number – 51 times higher than the 0.2% rate for adults in the same population.

In response to such issues, the Utah Attorney General has started the Child Identity Program (CIP) that provides parents a secure means to place their children in the TransUnion “high risk fraud” database. While this is not available in other states, it is important for parents to monitor their child’s credit regularly by pulling reports from the three major reporting agencies. Individuals are allowed to pull a report once a year for monitoring purposes free of charge.

Consider this case from the Carnegie Mellon report: AllClear ID discovered that a 17-year-old girl has over $725,000 in debt. Her Social Security number was linked to eight different suspects. The suspects opened 42 open accounts including mortgages, auto loans, credit cards, and bills in collections including medical, credit cards, and utilities.

6. Protect Your Child, Period.   

Technology can help us diminish the risk of the most unspeakable tragedies from occurring. Marc Klaas of the KlaasKids Foundation has been working to protect kids since his daughter Polly was kidnapped and murdered twenty years ago. He recently unveiled new technology tools to help parents keep their kids safe and to help find missing children.

The first three hours is the most essential if a child is missing. Polly’s Guardian Angel is the nation’s first parent-initiated missing child smartphone alert application. It’s a smartphone app that empowers parents to instantly mobilize friends, neighbors, and other members of the community to help in the search for a missing child.

The LEO Wristwatch has a titanium infused steel wristwatch/cell phone with a GPS Child Locator that can only be removed by the parent. It includes a 911 panic button if the child is in troubleSearch for other tools you trust to keep you and your children safe online and in the real world.

Originally posted at:

You can visit us at The Cocoon Kids Blog  | CocoonKids on Facebook | CocoonKids on Twitter  | Cocoon on Facebook  | Cocoon on Twitter

The Zuckerberg family recently experienced the new Facebook site privacy policy in all its glory – when Randi Zuckerberg (Mark’s sister) shared a private family holiday photo via Poke to her friends on Facebook.

While utilizing Poke (Facebook newest app), Randi quickly discovered that posting the photo to friends only resulted in her sisters friend Callie finding the tagged photo in her newsfeed.

“Under Facebook’s current privacy policies, tagged photos are visible to friends of every user in the photo, not just the friends of the user who posted it.” –UPI

With the latest Facebook privacy policy changes, the Zuckerberg’s are not immune to these convoluted privacy settings.  The rest of the Facebook world has to deal with Facebook code changes on a regular basis. If Randi can become entangled in failure to comprehend the full impact of the new privacy settings – how does the average Facebook user deal with it?

Since Facebook’s privacy policy is designed to share information – do not post anything that you would want shared outside your circle of friends. Always anticipate that photos you believe are posted in private, may not remain private. When it comes to Facebook privacy, it’s a leaky barge…

 The New Facebook Privacy Settings

Informational video overview: Adjusting the new Facebook privacy settings

No matter how many privacy settings you tweak, no matter what you consider proper “digital etiquette,” there is no accounting for the taste and discretion of your friends. –Mike Isaac | All Things D

What  do you think of the new Facebook privacy settings? Leave us a comment at our blog or visit us on Twitter and Facebook. 

Every time you buy that case of beer with a loyalty card or check out the latest magical unicorn mask at Amazon; all your offline shopping and online browsing data creeps back to Facebook (a globally ubiquitous Mothership). They know exactly who you are, what type of toilet paper you buy, how many chicken breasts you ate last week – along with all those secret vices that you think you are hiding…

[BITS: NYT} Facebook on Tuesday made a pointed pitch to Madison Avenue: We know how to get your messages to real people, nearly one billion of them, because we know exactly who they are and whom they trust.

Facebook partners with the data-mining company: Datalogix, whose data includes almost every U.S. household and more than $1 trillion in consumer transactions.

Facebook can find those shoppers on its own platform if they have a Facebook account. It can then serve them advertisements based on their purchase history. Facebook calls the results promising: Shoppers who are shown advertisements on their Facebook page are spending more at the cash register.

Facebook says it is not sharing its user data with third parties. It also says it makes personal information anonymous by hashing the data, though security researchers have questioned the effectiveness of such tactics. –The New York Times

Turn off Facebook Tracking With Cocoon

This feature is available to all Cocoon users because we love their privacy!

Here’s how to turn it on:

1. Log into Cocoon
2. Click Settings on the Cocoon toolbar.
3. Go to the Privacy section and enable Block Facebook Tracking
4. Profit from great privacy!

The Cocoon Team!

It’s estimated that 38% of Facebook’s 20 million minors are under the website’s required age of 13 (NineMSN). The likelihood that a Facebook user protects their privacy by restricting those who can see their profile drops dramatically when the user is younger than 13. That leaves millions of children vulnerable to phishing, facial recognition abuse, and severe profiling. Open Wi-Fi networks at schools, airports, homes, and business are perhaps the most dangerous facet of browsing, because they make the user susceptible to Wi-Fi sniffing, data theft, and so on.

Our President and CEO of Virtual World Computing, Vernon Irvin, has posted a guide for keeping kids safe online for the National Cyber Security Alliance at the StaySafeOnline.org blog. Find out what you can do today to protect our kids online.

When a Facebook Concert ticket giveaway event appears on a friend’s wall, it might be a scam that leads to plenty of wall spam or malware could be downloaded to your computer without your knowledge or consent. This morning’s scam event claimed that the band One Direction (1D), a very popular U.K. band who debuted at #1 on the U.S. billboard 200 was giving away free tickets to loyal fans.

Scam Events

Many of the fake pages were titled Free 1D Tickets Giveaway! (Limited Offer). In order to get a free ticket code you have to jump through quite a few hoops. You have to join the event and then you have to invite your friends to the event. They even tell you how to select your friends faster!

Next, you supposedly need to be ‘verified’ by the scammers and then wait 12-24 hours to receive the ticket code. The waiting period allows them to set up other fake pages or to start new scam campaigns with another band or popular trending event. Don’t hang out out with your messenger waiting for a response from these scammers, because you won’t be receiving the ticket code in this lifetime.

They also have a rogue VIP scam that includes a bit.ly link, that when clicked, silently sneaks  you over to a Prizepalacepalace website (without your knowledge) and is either using it for rogue affiliate marketing purposes or you could end up with malware downloaded to your computer.

Clicking on the above link sends you through a series of redirects (all unencrypted) and there is no telling what the code on their end could be baking in the code-oven. The final redirect sends you back to Facebook to join their scam event. On the short URL that I listed above there is a tracker and two other websites (that were recently purchased) that lie well below security community radar, (for potential deployment of malware or unsavory code bits in the future).

Social Engineering Tactics

In Commtouch’s quarterly Internet Threats Trend Report, 74% of Facebook attacks were targeted at leading users to fraudulent marketing affiliate and survey scams (out of the Facebook scams that proliferated in 2011). The benefits for cybercriminals can become lucrative. They often receive affiliate payments for driving users to specific sites and they can also collect personal data for the purpose of identity theft. They can spread malware through rogue apps (or rogue code) that steals passwords or sends spam and they can also generate an enormous number of ‘likes’ with no clear malicious purpose.

One of the most important components of furthering their scam is through the use of your ‘friends’ network. Utilizing the trust factor – they lull you in to believing that you just might be able to receive FREE tickets to see One Direction if you share this with all your friends too (via the power of socially engineered persuasion).

Tristan was invited by her friend…

Before joining any event on Facebook check with an authentic source first!

We all know that if the band was really giving away free tickets to their loyal fans that it would be listed somewhere on their fan page. One Direction (1D) has plenty of interesting tabs, but you won’t find a FREE ticket giveaway tab on their page.

Where do I go from here?

Check with the Facebook Help Center and learn how to report scams and spam. Be sure that you report the rogue page and get your friends to report it too. Get these scammers shut down and become part of the solution to help make Facebook  a safer place for all.

—————————————————————-No FREE tickets here…

Who can forget the Facebook Beacon? (Beacon was primary to the Facebook ads platform in 2007.)

“Beacon will report back to Facebook on members’ activities on third-party sites that participate in Beacon even if the users are logged off from Facebook and have declined having their activities broadcast to their Facebook friends.”  – Juan Carlos Perez, IDG News

In September of 2011, Facebook’s privacy nightmares heated up at Nic Cubrilovic’s blog when he revealed that Facebook was utilizing invasive tracking of both logged in and logged out users.

“…logging out of Facebook only de-authorizes your browser from the web application; a number of cookies (including your account number) are still sent along to all requests to facebook.com. Even if you are logged out, Facebook still knows and can track every page you visit.” –Nic Cubrilovic

It wasn’t long before Nic’s research findings went viral and Facebook was forced to address the latest (in a long string) of privacy brouhahas.

Last Friday, Techcrunch blogged Facebook’s response to the latest $15B Facebook Privacy Class Action Suit that was filed in U.S. Federal Court in San Jose, California.

Facebook has already responded to the case with a flat statement of denial of guilt. “We believe this complaint is without merit and we will fight it vigorously,” a spokesperson told TechCrunch. –Ingred Lunden

Facebook tracking revelations continue to play a game of cat and mouse while never admitting to the fact that they were tracking us. WE KNOW they were tracking us. THEY KNOW they were tracking us.

Cocoon makes it simple. We offer all Cocoon users the option to stop Facebook tracking.

According to Trend Micro there is a new instant message worm that is propagating via social networking sites. Its primary target is Facebook. It will send malicious links through AIM, Google Talk, ICQ, MSN, Yahoo! Messenger or Facebook IM.  When a user clicks the malicious link (disguised as a shortened link) the victim will arrive at a malware-loaded website.

In non-technical terms: Once the victim clicks the link they will arrive at a website that supposedly has images. The fake images are really a malware-zip-archived file. When the archive is unzipped on the victim’s computer, Steckct-EVL immediately goes to work to disable security software (anti-virus/anti-malware) on the victim’s computer (Platforms Affected: Windows 2000, Windows XP, Windows Server 2003). It will then download a second strain (Steckct-EVL’s cloned brother Eboom-AC) and Eboom-AC will begin to monitor the victim’s activity on social networking sites.

The worm spreads in part by posting messages containing a link to a copy of itself on the websites it targets, which include Twitter and MySpace, as well as Facebook. The dodgy messages are also capable of spreading from infected machines onto Yahoo! and other mainstream IM networks. –John Leyden | The Register

“Tatanga is an online banking Trojan horse that was first discovered in May 2011. It is able to inject rogue Web pages into browsing sessions and affects nine different browsers, including Internet Explorer, Mozilla Firefox, Google Chrome, Opera and Safari.The malware is known to use social engineering techniques against victims in order to bypass security measures enforced by banks, like one-time passwords (OTPs) or transaction authorization numbers (TANs)”. –Lucian Constantin | PCWorld

Trusteer reported today that a P2P variant of the Zeus platform is carrying out attacks on popular online services and websites. The Facebook attack offers a fraudulent 20% cash back (web inject malware) on the purchase of Facebook points simply by linking a Mastercard or Visa debit card to a Facebook account (via filling out their fake web form).

If you need to purchase Facebook points use a reloadable prepaid MasterCard or Visa Card and keep the dollar amount on the card below $100.00.

The only place that you should  list your credit card details is on the payments tab of your Facebook account: 

After listing your credit card details with Facebook, it is not necessary to re-enter credit card information again (while logged in to Facebook). Re-registering any credit card information elsewhere on the site is a No-No.  Always be cautious when making financial decisions about offers that you view on Facebook and other popular social media sites.

The Cocoon Team!

Cocoon+ with NO ADS

There is only 6 days left to upgrade to Cocoon+ for $2.99.

Facebook Cocoon Sweepstakes

You can “like” GetCocoon on Facebook for online privacy & security updates and a chance to win:

• 2 Annual Cocoon+ Accounts
• 4 Amazon Gift Cards ($50, two $20 and $10)

Prizes will be given to 6 randomly selected fans. You can enter here: Cocoon Sweepstakes.

The Cocoon Team!