This is spooky

This is sort of a big deal, Nathan Goulding writes. Apple is, without your consent or any warning labels, logging all of your iPhone’s location data and then transferring it over to your computer when you backup or sync your iPhone. 

The information is easily accessible — unencrypted and in a standard database format. (The option to encrypt is there, though I haven’t tested whether this option obscures your location data.) 

Upshot? Any program you install or anyone you let on your computer could access this data, giving that program or that person full access to where you were and when you were there. 

What does it look like? We tried it out on one of our employees:

This person drove from Winnipeg to New York City. Had a weekend trip up to Montreal to visit friends. Spent most of the time in New York City.

Think I'll duct tape my phone on my Crazy Lab to see where she goes.

What if Moses had the Internet?

(Thanks, Lainey)

Don't talk to strangers

If a stranger came up to you on the sidewalk and asked for your Social Security number, you wouldn't give it to him. If a stranger on the sidewalk invited you to go through a door into a building with him, you wouldn't.

So when an email asks for some personal information, or invites you to click to go somewhere else, why would you?

The subject comes up, because a security breach that exposed the email addresses of potentially millions of customers of major U.S. banks, hotels and stores is more likely than traditional scams to ultimately trick people into revealing personal information.

Security experts are alarmed that the breach involved targeted information -- tying individuals to businesses they patronize -- and could make customers more likely to reveal passwords, Social Security numbers and other sensitive data.

Smart Money has some insight.

“Now the bad guys know who you do business with,” says Chester Wisniewski, senior security adviser at online security firm Sophos. “The likely outcome as far as fraud is concerned will be people impersonating the institutions they’ve compromised. If they contact you it will likely come in the form of a phishing attack [an email, or phone call if your number is listed, asking you for more information] or try to lure you online to a malicious link.”

And some advice. Read the whole article, but here is some of it.

When to do nothing: Don’t reply to emails that ask for personal information such as passwords, bank account or credit card details – even if the email mentions Epsilon and tried to scare you by saying your account is compromised. No legitimate company would ask you to do this. If you receive a suspicious phone call from your bank, hang up and call the bank yourself. Don’t let curiosity get the better of you either: don’t open email attachments or follow links by email, Twitter or Facebook, even if they have been “forwarded” to you by a friend.

When to take action: If you already use your email as a password for an online account, change it. If you use your name, or an easy variation of your name as a password like JohnDoe123, change it. But do this on the company’s own website. Never do this if asked to by email.

What to do in the future: Use secondary, less important email addresses when registering online accounts. Keep one for this and others for businesses, friends and family. If a secondary account starts receiving spam, it will be easier to shut it down without too much inconvenience.