Tech Secrets: 21 Things 'They' Don’t Want You to Know

Eavesdropping Webcams, spying ISPs, toxic PCs, and more: dangers the industry is hiding, and what you can do about them

Yes, the truth is out there. But they don't want you to know about it.

Einstein 2: U.S. government's 'enlightening' new cybersecurity weapon

Who's "they"? It could be Google or product manufacturers, your boss or your wireless carrier, Hollywood or Uncle Sam.

What don't they want you to know? That your cell phone, your Webcam, and your employer may be spying on you. That you're probably paying too much for printer ink, and that your wicked-cool subsidized handset will cost you way more over time than an unsubsidized one. That your PC may be coated with toxic flame retardants. And that's just for starters.

Don't despair. For every dirty little secret revealed herein, we describe a fix or a way to work around it (if any exists). You don't have to be a victim, if you know what to do.

Just remember: You've been warned.

Your ISP Is a Copyright Cop

The RIAA and the MPAA may have a new ally. The next people who bust you for illegally swapping music and movies could be the folks you pay for Internet access.

The recording and film industries are seeking to manipulate upcoming net neutrality legislation to allow ISPs to scan the bits passing through their networks and to block any that may violate copyrights--similar to Comcast's notorious attempts to throttle BitTorrent connections in 2007. The Federal Communications Commission's recommended rule changes already contain an exception for "reasonable network management," which could include sniffing for copyrighted content, says Jennifer Granick, civil liberties director for the Electronic Frontier Foundation.

Meanwhile, according to leaked reports, the international Anti-Counterfeiting Trade Agreement (ACTA) now being negotiated in private sessions contains provisions requiring ISPs to police their own networks for copyright scofflaws. Critics of the proposed treaty fear that copyright holders will insert a "three-strikes" policy, under which users could have their Internet access revoked if they're caught exchanging copyrighted content more than twice.

"It's dangerous giving so much power to copyright claims," says Wendy Seltzer, project leader for the Chilling Effects Clearinghouse and a Fellow at Harvard's Berkman Center for Internet & Society. "Imagine someone telling you, 'If you violate our copyrights, we can terminate your Net connection, not just your blog.'"

With such a powerful new partner playing the role of both investigator and enforcer, might copyright holders be emboldened to pursue more consumers suspected of violating copyrights? And what protections will consumers have against false claims of infringement?

The Fix: Contact your congressional representatives and tell them that you oppose net neutrality loopholes for content filtering. Support organizations such as Chilling Effects, the EFF, and Public Knowledge, which fight laws that turn ISPs into Hollywood's hired guns.

Cell Phones Don't Crash Airplanes

The Federal Communications Commission and the Federal Aviation Administration have each recommended that airlines not allow passengers to use cell phones during commercial flights. The FAA fears that the RF signal emitted by devices using the 800MHz spectrum band might interfere with the navigation systems of the plane, specifically GPS instrumentation. Yet there is no documented case of an air accident or serious malfunction caused by a cell phone's interfering with a plane's navigation system.

The FCC's concern is that wireless networks on the ground might be disrupted by the cell phones flying overhead. As a plane flies over a wireless cell tower on the ground, the FCC believes, the cell site will detect all the cell phones operating inside the plane and go to work registering those devices to operate on the network. But by the time the tower registers and connects all those mobile phones passing overhead, the plane will have passed into the range of the next cell tower on its route. This uses up system resources and could hurt network performance for connected phones on the ground.

But some experts believe that this worry is outdated. "Color me highly skeptical that this is a real problem with modern systems," says Ken Biba, CTO of Novarum, a wireless consulting and engineering group. "Modern digital phones actually use lower power, and, further, the cell towers have very directional antennas designed for covering the surface of the earth [not the air above]."

The Fix: There isn't much you can do. Actually, the FCC and the FAA are doing us a big favor here. They're delivering us from having to fly with people jabbering away on their cell phones from takeoff to landing.

'Private' or 'Incognito' Browsing...Isn't

These days, most major Web browsers offer "private" or "incognito" browsing (known colloquially as "porn mode"). But all the feature really does is tell your browser not to record the sites you've looked at, the search terms you've used, or the cookies deposited during that session.

If the sites you visit record your IP address (and many do), that information is available to any interested party that has the legal right to request it--a group that can include divorce attorneys and law enforcement. Recording visitors' IP addresses is a trivial task--you can add to any blog a free widget that accomplishes the same thing--so you should assume that the sites you visit do so.

Of course, your Internet service provider assigned you the IP address in the first place, so it can track you anywhere you go online, if it so chooses. In fact, the FBI wants ISPs to store your surfing histories for at least two years. So far, major ISPs have resisted this push, in part because the storage and record-keeping requirements would be enormous. What information ISPs retain, how long they keep it, and how public they are about it vary from provider to provider--most won't talk about it. (One exception is Cox Communications, which says that it retains IP address logs for six months.) So while your spouse may not know what you've been up to online, the feds might.

The Fix: If you really want to browse off the record, use a proxy service, like Anonymizer or Tor, that obscures your IP address as you surf.

You're Spending Too Much on Printer Ink

If there was ever a business built around scare tactics, it's the business of selling inkjet printers. Try using a refurbished or refilled cartridge, and the printer maker may warn you that you're voiding your service warranty, putting your printer at risk of damage, or possibly ruining your printouts.

Nonsense, says Bill McKenney, CEO of InkTec Zone, which sells equipment for refilling inkjet cartridges to retailers such as Wal-Mart International.

"You won't void the warranty and you won't hurt your printer," says McKenney. "A bad refill job may leak ink inside your machine. Otherwise you'll be fine. And the savings are so significant, there's almost no reason not to do it."

In fact, PCWorld's own lab testing shows that while prints made with third-party, refurbished, or refilled ink cartridges aren't always as good as those made with the printer manufacturer's ink, the cartridges are safe to use in your printer.

The exceptions are so-called prebate cartridges, sold at a slight discount, that contain a chip preventing their being refilled (which should be clearly labeled as one-use-only products).

The Fix: Buying a refurbished cartridge can save you 10 to 20 percent off the price of a new one. Getting refills bumps that savings to 50 percent or more.

The drawbacks are that you may not get quite as much ink with a refill (the amount is usually at least 95 percent, McKenney says), archival prints may not maintain their color quality for as long, and you can refill each cartridge only three to eight times before you'll have to recycle it and get a new one.

End User License Agreements May Not Be Enforceable

It doesn't take much effort to sign an end user license agreement: Rip open a software package, or tick a box on a Website, and you're legally bound. But your obligations depend a lot on where you live, says Jonathan Ezor, director of the Institute for Business, Law & Technology at the Touro Law Center on Long Island.

"EULAs are contracts, and contract law is state law," says Ezor. "It's governed by the state where you live or where the company is based." For example, courts in the Third Circuit Court of Appeals (Delaware, New Jersey, and Pennsylvania) and the Fifth Circuit Court of Appeals (Louisiana, Mississippi, Texas) have found certain types of EULAs invalid.

Other factors include whether the agreement contains unenforceable restrictions, whether it gives consumers sufficient choice, and what method it provides for users to indicate agreement, Ezor adds.

The odds of your going to court over a EULA, however, are slight. The real issue is how companies enforce them, Ezor says.

"What companies really don't want you to know is how easy it is for them to turn things off or erase them," he adds. "Think of what happened last year with the Orwell books that Amazon just erased from people's Kindles."

The Fix: Read the EULA. Does the software "phone home" to verify that you're using the product as its creator intended--and, if you're not, does it have the ability to disable the program remotely? If it doesn't, you're probably free to do as your conscience allows.

The Cyberwar Is Heating Up (and Uncle Sam Is Losing)

We may be at war on the ground in Afghanistan, but bigger battles are being waged beneath the noses of most Americans. For the past several years, U.S. government computer networks have been under siege from foreign adversaries. What the people in charge don't want you to know is that it could have been prevented.

Attacks on Department of Defense computer systems jumped 60 percent in 2009, according to a congressional committee. Last July, a botnet originating in North Korea launched a sustained DDOS attack on several U.S. government agencies, including the Federal Trade Commission and the Department of the Treasury. In December, China was fingered for attacks that compromised Google last December but also targeted top government research firms, contractors, and think tanks.

Testifying before Congress in February, former national intelligence director Mike McConnell said the United States may be on the brink of an all-out cyberwar--one we are unprepared to fight.

"From the beginning the government's approach to networks was to facilitate access," says Richard Stiennon, chief research analyst for IT-Harvest and author of Surviving Cyber War. "Now that seems naïve. E-mail is its primary means of communications, and that's completely exposed. Attackers from all over are having their way with government computer systems."

The Fix: "Joe and Jane Citizen need to tell the federal government to comply with computer security standards published by the National Institute of Standards and Technology (NIST)," says Stiennon. "That will get us about 90 percent closer to where we need to be, so we can start focusing on the real bad guys."

Google Could Rat You Out

How much does Google know about you? That depends on how much you rely on its cornucopia of free services. But that stored information may easily include the Websites you visit, the search terms you use, the maps you view, your contacts and calendar, your e-mail messages, your chat history, Google Voice phone records, YouTube videos and Picasa photos, the documents you store online, your blogs and advertising accounts, your status updates on Google Buzz, your location on Google Latitude, and--if you use an Android handset--all the data associated with your cell phone, too.

If the government comes knocking with a subpoena--or even just a strongly worded letter, per the Patriot Act--Google is obligated to hand everything over. Sure, the feds can get this data from anyone, but Google's wealth of information (as well as its lengthy data-retention policies) makes their job much easier.

Even if you have nothing to hide from the authorities, all that stands between you and Christmas in July for an identity thief is your Gmail log-on and password; that's the key that unlocks every other Google service. Last October, Google reported that thousands of Gmail accounts had been compromised by a phishing scheme that also targeted AOL, MSN Hotmail, and Yahoo. Even sophisticated users have had their Gmail accounts hijacked. Little wonder, then, that Chinese hackers targeted Gmail accounts when they compromised the service last December.

The Fix: Use Google Dashboard to see what information you're sharing (prepare to be blown away), and adjust your settings accordingly. Make your Gmail password harder to guess, and change it every couple of months. If you think your Gmail account has been hacked or stolen, you may be able to use Google's account-recovery page to get it back. And given Google's recent stumbles over user privacy with Buzz, you might consider spreading the risk over different providers.

Pacemakers and Other Implants Can Be Hacked

Researchers at the University of Washington have demonstrated that medical implants that rely on wireless technologies for monitoring the devices and adjusting their settings are not secure.

In lab tests, scientists from UW, the University of Massachusetts Amherst, and Harvard Medical School were able to take control of a cardiac defibrillator and use it to induce ventricular fibrillation, a potentially lethal condition. They could also read sensitive medical information stored on the device and change it at will.

This story, "Tech Secrets: 21 Things 'They' Don’t Want You to Know" was originally published by PCWorld .

1 2 3 Page
Join the discussion
Be the first to comment on this article. Our Commenting Policies