security Archives - SmartFrame

Transparency in the advertising industry: Initiatives supporting the ecosystem

Liam Machin — Mon, 05 Jun 2023 11:16:28 +0000

As the advertising industry continues to evolve, the ever-growing importance of transparency requires more industry collaboration to find the best solutions. Here are some initiatives striving to do better.

Transparency is a term that’s often thrown around in many different industries. And in the advertising sector, the introduction of GDPR and the subsequent demise of the third-party cookie mean it’s more prevalent than ever.

As consumer data remains a hot topic at many industry events, it’s worth considering what initiatives are in place – both on the media buying and selling sides – to help create a more transparent advertising ecosystem.

Why is transparency so important within the advertising industry?

In short, data, ethics, and the fact that there is a lot of money involved, both for businesses and for the average person buying a product.

Consumers associate brands that are open about how they use data with more positive outcomes because there is a shared understanding that their information is being handled responsibly.

Edelman’s Trust Barometer states that the default setting for almost 60% of consumers is to distrust something until there is clear evidence to believe otherwise.

Through the use of distinct opt-in messages and transparent privacy policies throughout any process, businesses are able to develop more rapport with their prospective customer(s), provide better-suited and personalized advertising, and protect themselves against any potential privacy issues down the line.

Such discussions and projects centered around transparency have only recently become more prevalent in business-to-business transactions. Businesses, agencies, and publishers around the globe are starting to recognize the value of alignment when it comes to company ethos, from sustainability to media buying.

With the number of digital publishers continuing to grow across the world, programmatic advertising in particular is having to struggle with delivering quality ads, at speed, without risking the safety of any given brand.

What’s being done to improve transparency within the advertising industry?

There are a number of initiatives that have been conceived to help improve transparency. Here are a few of the most prominent ones.

Buyers.json and DemandChain Object

In 2021, the IAB Tech Lab introduced two new buy-side transparency standards to help curb the issues of malvertising and scam ads.

Having seen success with sellers.json and SupplyChain Object, Buyers.json and DemandChain Object are expected to evolve into a strategy that improves transparency in the advertising industry for publishers by authenticating those who provide ads.

What is buyers.json and DemandChain Object?

Buyers.json allows advertising systems to publicly declare the buyers they represent, while DemandChain Object provides transparency around each entity involved in a specific transaction.

With this information, publishers and supply-side platforms (SSPs) can highlight any risks (such as malvertising, scam ads, or other malicious content), protect themselves accordingly, and create a record of their actions for future reference.

Furthermore, DemandChain Object has the potential to revolutionize the advertising supply chain since this enables advertisers to track the journey of their ad from creation to delivery, which in turn allows them to confirm that it reaches the appropriate audience in the intended manner.

The implementation of these types of frameworks has already created more transparent communication channels on each side of the coin – and it’s a promising sign to see so many leading businesses support such initiatives.

Measurement metrics

Industry-recognized metrics, such as viewability, completion rates, and engagement, now serve as a common language for evaluating ad performance.

Advertisers and publishers can both review campaigns against a consistent metric, allowing for honest feedback and evaluations of campaign performance.

How do measurement metrics help transparency across the advertising industry?

Metrics for measuring performance are critical for promoting advertising transparency as they provide a standardized performance benchmark for evaluating campaigns and making better decisions in the future.

The recent hype surrounding the attention economy has increased industry collaboration, as this particular form of measurement has yet to be christened with a specific form of value or number, making it difficult to track success.

Nonetheless, the work done by the likes of New Digital Age and other associations has instigated discussions around how best to measure this newfound advertising gold dust, increasing transparency between all segments of the ad tech ecosystem.

Check out SmartFrame’s guide to the attention economy

Content Authenticity Initiative

The Content Authenticity Initiative (CAI) is a relatively new community that has come about to combat the spread of misinformation by implementing a new standard for verifying digital content.

Led by Adobe, the community comprises a range of tech companies and media organizations including:

SmartFrame Technologies
Canon
Nikon
PA Media
The Associated Press
The BBC
Microsoft
NVIDIA

How does the Content Authenticity Initiative promote transparency?

Through the use of cryptographically verifiable metadata, the CAI provides a secure, tamper-evident record of an image’s provenance and modification history. This allows online audiences to gain a better idea of the trustworthiness of online media, which, in turn, helps them to make more informed decisions about the content they consume, and to avoid misinformation and disinformation.

Restoring trust with consumers

Transparency should be a fundamental pillar of the advertising industry. Initiatives such as sellers.json, SupplyChain Object, buyers.json, and DemandChain Object can play a crucial role in enhancing transparency, combating ad fraud, and improving the overall trust of ads between businesses before they reach consumers.

The rise of ad blockers in recent years highlights the erosion of trust between consumers and advertisers. In order to restore this trust, the industry must focus on delivering ads that are high in quality and genuinely useful to consumers – and this starts from within.

Removing outdated techniques like cookie dropping is forcing our industry to reshape the way we reach target audiences and prioritize user trust in a safe manner for the greater good.

The post Transparency in the advertising industry: Initiatives supporting the ecosystem appeared first on SmartFrame.

Smart glasses: Everything you need to know

Peter Townshend — Thu, 03 Nov 2022 12:02:50 +0000

Smart glasses might not have made much of a dent in the wearables market, but the odds are that they aren’t going anywhere anytime soon. Here’s what you need to know about them, including the arguments for and against their use

Smart glasses have been around for some time now, but as the technology becomes more refined and some of the world’s biggest players in tech get in on the action, it begs the question: is there a solid future for these space-age specs?

Before we answer this, let’s try to understand exactly what these are and look at the products that got us to where we are today.

What are smart glasses?

As the name suggests, smart glasses are glasses that combine some kind of technology. They may, for example, have built-in cameras, displays, audio, Bluetooth connectivity, or augmented reality (AR) capabilities, and they usually operate by connecting wirelessly to an app on another smart device, such as a phone or tablet.

Just as smartphones blend technology with a telephone, and smart watches combine technology with a wristwatch, smart glasses bring together technology with a pair of spectacles. They have been around in one form or another for decades; eyewear brand Oakley, for example, claims to have been working on the technology since 1997 and has filed over 600 patents.

However, because the technology existed only behind closed doors, it has never been something that the general consumer could enjoy – until now.

In recent years, this technology has become relatively affordable, sparking the beginning of a new era of modern smart glasses that look like they’re set to quickly become commonplace.

Examples of smart glasses

There are many types of smart glasses that offer different features, so perhaps the most helpful way to understand the format as a whole is to examine the most popular models. To keep things relevant to imaging, however, we will only examine those that have built-in camera technology.

Google Glass

Google Glass was the product that started the current wave of modern smart glasses. Launched in 2013 to great excitement, Google Glass glasses featured a mini display, a camera, and a touchpad, which allowed you to connect with your smartphone to browse websites, take photos, post to social media platforms, and even get directions. Voice commands also meant that much of this could be carried out hands-free.

Google Glass was, however, less of a launch and more of an experiment. The tech was only available to selected developers via the Google Glass Explorer Program and, if you were lucky enough to be selected, the product cost a lofty $1,500. The Glass Explorer Edition was essentially a prototype and the launch was a way to test it in the real world, gathering feedback and improving the technology.

Both the Google Glass Explorer Program and the product were discontinued in 2020. These smart glasses do, however, live on for commercial clients as Google Glass Enterprise Edition, with the aim of helping businesses operate more efficiently.

There are no known plans to bring Google Glass back to general consumers, but we would be surprised if Google didn’t break into this market as the technology gains popularity.

Ray-Ban Stories

With a very public pivot towards the metaverse, and a proven history in VR headsets, it was only a matter of time before the freshly rebranded Meta made its presence known in the smart glasses market.

In 2021, it joined forces with iconic eyewear brand Ray-Ban to produce the Ray-Ban Stories smart glasses, which feature dual 5MP cameras, touch control, and built-in speakers.

One of the biggest issues with smart glasses – particularly Google Glass – has been that, while technologically capable, they simply haven’t looked very good. Understandably, this is problematic in the context of wearable tech. Ray-Ban Stories, on the other hand, sit at the opposite end of the spectrum.

While they undoubtedly look great, they are a little light on features – somewhat surprising considering Meta’s pedigree in the VR headset space.

Snap Spectacles

If Google Glass was more about substance and Ray-Ban Stories more about style, Spectacles from social media company Snap Inc. attempts to find a balance between the two.

The currently available third generation of Snap’s Spectacles offers similar capabilities to Ray-Ban Stories, with dual cameras, audio, and touch controls. However, there is also a fourth generation of Spectacles, which feature dual displays that promise to open up a whole new world of AR possibilities.

They are not currently available to buy, however. Snap is only making them available to AR creators through an online application process, the idea being to properly test their capabilities and develop the effects that can be used with them.

But the fact Snap is not exactly keeping these new glasses a secret is likely a sign that Spectacles 4 will be available to consumers at some point in the not-too-distant future.

Vuzix BLADE

When it comes to consumer-ready AR smart glasses, a leading provider in the field is Vuzix and its BLADE 2 glasses. Vuzix has been around for some time creating smart glasses for commercial enterprises to streamline workflows for front-line workers, but BLADE 2 is a more compact version designed for general consumers.

The BLADE 2 glasses are equipped with an 8MP camera, which can take pictures and stream video, while a transparent screen that sits in the center of the wearer’s field of vision makes AR a real possibility. The glasses are controlled using a touchpad, but also respond to voice commands that work with Amazon’s Alexa technology for the most responsive operation.

Xiaomi Mijia Glasses

The Mijia Smart Glasses, which were recently announced by Chinese tech company Xiaomi, illustrate just how quickly smart-glasses technology is advancing.

In addition to an in-view display, AR functions, and real-time translations, the Mijia Glasses also feature a 50MP built-in camera with a 15x hybrid zoom.

It sounds impressive, although the snag is that these glasses are not yet available to consumers – and it is unclear whether they will ever become available outside China.

Apple Glasses

Very little is known about Apple’s smart glasses offering, but the company’s rumored forays into the category indicate just how mainstream smart glasses may become.

Furthermore, considering the company’s reputation for quality, style, and usability, Apple Glasses arguably have the best shot of striking a balance where others have struggled.

Just as the Apple Watch helped to transform the smartwatch from something out of James Bond into a fashionable part of everyday life, we would expect Apple’s influence to help smart glasses become the norm sooner than you might expect.

The case for smart glasses

The list of potential benefits smart glasses could bring is endless.

AR and point-of-view cameras alone have countless positive applications, both in personal and professional life – so when combined with voice controls and built-in audio, it’s impossible to list them all.

Here are some of the main areas in which they can make a positive contribution.

Entertainment

The breadth of possibilities smart glasses create for entertainment through their AR capabilities is difficult to overstate.

The most obvious of these is gaming. AR games are nothing new, but the accessibility of smart glasses could bring them further into the mainstream, from something as simple as office-desk-whack-a-mole on your lunch break to highly complex platform games in real-life settings.

However, the potential for fun doesn’t stop there. Imagine the possibilities for digital art exhibitions, visually enhanced theater shows, immersive AR movies, or experiential marketing such as interactive restaurant menus or billboard posters.

Safety and security

Smart glasses could also help to increase personal security. At the most basic level, the ability to film an experience in the first person so quickly and easily has the potential to discourage threatening behavior through the Hawthorne Effect.

Furthermore, with the help of AR and facial recognition software, it could be possible to check the credentials of a professional such as a tradesman, cold caller, or police officer before allowing them into your home.

AR could even help to keep you secure in everyday life by providing contextual warnings and safety information. This could range from an alert telling you to ‘mind the step’ right through to more serious warnings about entering restricted or unsafe areas where there is a danger of death.

Communication

There is no doubt that smart glasses could aid communication. Built-in microphones and speakers make it possible to send and receive calls completely hands-free. The same could be true for checking emails and messages, which could be displayed directly in your field of view.

The frame-mounted cameras on smart glasses could also play a big part here. Not only would they make it easier than ever to share photos and videos on social media, but they also open up the possibility to send a live point-of-view (POV) feed of whatever you’re doing. This makes remote supervision, assessment, and collaboration much easier and more effective.

Documentation

Whether it is to record a cycling trip to share with friends, have a skill or activity assessed, or document a situation for legal protection, the ability to instantly record images and videos from the point of view of the photographer without having to hold on to a camera has many advantages.

Convenience

While mobile phones are small enough to fit in your pocket and smartwatches can fit on your wrist, both require a certain level of engagement and physical interaction that can be impossible in certain situations.

Having everything you need in a lightweight and comfortable package that is always in place and is accessible without any physical effort offers a game-changing level of convenience.

The case against smart glasses

While there are many obvious benefits of smart glasses, they are a controversial technology that has attracted plenty of criticism. Bars and other venues even banned Google Glass devices from their premises before they were released.

Below we have outlined some of the most popular arguments against the rollout of the technology.

Privacy

Unsurprisingly, the biggest concern around smart glasses concerns privacy.

With cameras and microphones built into their frames, smart glasses can quickly and easily be used to record people in situations without their knowledge or consent.

Many believe the use of these recording devices could facilitate the illegal collection of biometric and behavioral data, and, in the worst case, could lead to the creation of a surveillance state.

Referring again to the Hawthorne Effect, the knowledge alone that these recording functions could be used may seriously affect freedom of expression, stifling social interaction, discouraging debate, and leading to a reduction in open and effective communication.

Health and safety

The fact that smart glasses are so convenient and easy to use without hands could also be seen as a negative.

The distraction of in-vision displays could lead to a rise in accidents – and when combined with a potential reduction in peripheral vision caused by the often chunky frames required to house the tech, there is real potential for increased injuries and even deaths.

There are also questions on the long-term health risks from prolonged exposure to non-ionizing radiation. While guidelines from the International Commission on Non-Ionizing Radiation Protection (ICNIRP) ensure that smart devices only emit safe levels of radiation, some believe that there is simply not yet enough evidence to be completely sure – especially considering the devices’ close proximity to the brain.

Security

In the same way that smart glasses could help to increase security, they may also do the opposite.

It is highly possible that this technology could bring an end to anonymity which, while in some cases is a great asset, in others is a frightening prospect.

For example, this technology could help government agencies to safeguard the streets against potential threats – but it could also make it easier for oppressive regimes to track down those seeking political asylum.

With this in mind, it’s certainly a technology that needs to be closely monitored, particularly from the point of view of cyber security. If smart glasses are easily hacked, there could be huge implications for security on both a personal and national level.

Copyright infringement

There are also concerns over copyright infringement. With such high-resolution cameras mounted so discreetly on a person’s face, it would be much easier for fraudsters to record ticketed shows and events undetected.

Obvious targets would be movies, stage shows, comedy acts, and musical performances. The same could also be true for still images – for example, artwork or limited-edition photographic prints displayed in exclusive exhibitions.

Conclusion

The possibilities that smart glasses present are undoubtedly exciting, but the technology is something of a double-edged sword that has the potential to cause damage to both individuals and society as a whole.

The biggest problem with technology like this is that the rate at which it develops is far quicker than the rate at which authorities and governments can pass laws to ensure it is properly regulated. By the time they do, it is often too late.

With this in mind, smart glasses technology needs to be handled with great care to ensure it is used responsibly and, ultimately, for good. If we manage to do this, these devices stand a chance of revolutionizing how we live our lives.

The post Smart glasses: Everything you need to know appeared first on SmartFrame.

AI image generators: Everything you need to know

Peter Townshend — Tue, 18 Oct 2022 11:31:44 +0000

AI image generators have exploded in popularity. But how exactly do they work? And why are some people raising concerns about their usage?

Generating images with the use of artificial intelligence (AI) is something that has been widely discussed in recent years. Stories range from positive reviews of how impressively capable this new technology is to fears that it marks the beginning of the end for the photography and creative industries.

But how do they work? And what can they be used for? In this article, we take a closer look at the technology to answer these questions and explore how it has already managed to gain a bad reputation in the photography industry. But first – what exactly is an AI image generator?

What is an AI image generator?

An AI image generator, otherwise known as a text-to-image generator, is a piece of software that uses AI to create digital images from scratch using text prompts input by a human user.

AI image generators have many uses, from functional jobs such as redesigning the interior of your apartment, creative projects like producing fine art, or bespoke images for advertising to potentially more sinister uses such as creating deepfakes.

How do AI image generators work?

At the most basic level, a user inputs a number of keywords into a piece of software and a digital image based on those keywords is created.

This may sound simple, but an awful lot of technology would have been used to create and train the software.

Just like a human, a computer cannot create an image of something it has never seen. Therefore, every AI image generator has been trained on millions, if not billions, of digital images to understand what things look like. It then uses this knowledge to make an educated choice about what to draw when prompted by text keywords.

Without such training, AI image generators would not be fit for purpose. For example, if you had never seen what a cat looks like – or heard a description of one – trying to draw an accurate representation from the name alone would prove difficult. AI image generators can encounter the same problem.

For further reading, we recently wrote an article that f ocused on Google’s SR-3 AI-powered image upscaling technology, which uses very similar techniques.

Can anyone use AI image generators?

Yes and no. In most cases, you do not need to be a software engineer to use AI image generators. Indeed, there are already reports of AI image generator prompts for sale on marketplaces, which makes it even easier for users to create high-quality results.

The more sought-after technology, however, is often subject to waiting lists and paywalls. Anyone can register for access, though, so once the model has been properly tested, you should expect to see AI image generators readily available to the general public.

Examples of AI image generators

Three of the main AI image generator models are DALL-E, Stable Diffusion, and Midjourney. They each have different ways of working and, indeed, different results. Take a closer look below:

DALL-E

Author: OpenAI

Website: https://openai.com/blog/dall-e/

Stable Diffusion

Author: StabilityAI

Website: https://stability.ai/blog/stable-diffusion-public-release

Midjourney

Author: Midjourney

Website: https://midjourney.gitbook.io/docs/

What’s the problem with AI image generators?

Arguably the main problem with AI image generators concerns the general lack of regulation around the technology.

Perhaps the most widely discussed issue is the harm that can be caused by deepfakes, although the problems with the technology are broader than this, and could bring serious issues for the photography industry on many levels.

Deepfakes

Some generators prevent a user from creating images that include celebrities or other famous faces. But as the technology develops and becomes democratized, it is impossible to deny the threat of disinformation that can arise from this.

This article by a photographer who used AI to imagine how dead celebrities would look if they were still alive today shows the remarkable possibilities. Furthermore, the video below shows the somewhat unnerving capabilities of the technology in video.

Learn more: Deepfake videos have us concerned, but are we overlooking a more sinister threat found within them?

Copyright infringement

There are two main issues around copyright and AI image generators. The first is whether the images that are used to train the software have been licensed. The second is the issue of who owns the copyright to the final image.

Image training

As AI image generators are trained using existing digital images, there is also a question over how these images have been sourced – and whether they have been properly licensed.

For example, take a look at this article from The Verge, which includes evidence of an AI image generator reproducing the Getty Images watermark. This suggests the software is being trained using images that have not been paid for.

Furthermore, the question of whether valid model releases have been obtained raises another issue around personal data misuse.

All this evidence has prompted Getty Images and PurplePort to ban AI-generated images from their platforms – and Shutterstock is following suit.

Intellectual property

Another potential problem is the question of who owns the rights to the final image that is produced.

The US Copyright Office recently dismissed a claim by an AI image creator who tried to attribute the rights to an AI-generated image to the algorithm that created it.

US law says that works can only be protected by copyright if they were created by a human. Therefore, if a computer, a monkey, or some other non-human author was responsible for it coming into existence, it is not possible for anyone to claim ownership over that work.

This is, however, a contentious issue that we would expect to continue evolving as the technology grows.

Taking work away from creators

While the above issues focus on specific pieces of AI-generated imagery, there is a wider concern over the photography and creative industries as a whole.

As this technology matures and becomes more capable, people may no longer see the benefit of paying for creative talent.

This issue of democratizing creativity is one that could have a significant impact on not just the photography industry, but also art, CGI, architecture, and much more.

Why is the AOP concerned about changes to the UK’s copyright framework?

It is perhaps unsurprising that many potential issues surrounding AI image generators have caught the attention of the Association of Photographers (AOP), a UK-based organization that promotes and protects the rights of photographers, which has recently released a statement regarding the proposed exception to the UK’s copyright bill – the Text and Data Mining Exception.

In its own words, the AOP states that: “Currently, the Text and Data Mining exception (to copyright protection) permits non-commercial purpose machine analysis of online content, provided that there is lawful access (such as a subscription). It is also limited to prevent the resale or reuse for other purposes and must be accompanied by an acknowledgment of the source.

“This new proposed Text and Data Mining exception for commercial purposes – by the UK government – undermines this by freely allowing the machine mining of all imagery published online for any use by anyone, including AI developers. It would cover both copyright works and those protected by the UK Database Rights.”

It goes on to talk about “serious economic consequences”, saying that the proposal “completely short-circuits the licensing process allowing AI developers and others free commercial access to content for which, under normal circumstances, they would have to license and pay for.”

Identifying AI bots and crawlers as being able to scrape images from creators’ websites and social media pages in an instant, the AOP concludes that this “change in UK legislation would fundamentally turn the tables on creators giving way to economically harmful competition by allowing a content ‘free for all’ and invoking an unfair machine-endeavour vs. human endeavour scenario.”

What does it all mean for the digital imaging industry?

With so much still to be decided, it is hard to predict just how AI image generators will affect the imaging industry.

With bottom lines being squeezed tighter than ever, many commercial organizations will welcome the arrival of a cheaper alternative to traditional methods. But will the appeal of truly human creation ever die? The character that comes with an artist’s unique personality and life experience is something that is impossible to emulate.

With photography, it’s easy to imagine concerns over commercial usage in genres such as fashion or fine art. But in most cases, photography is used commercially as a way to document real-life occurrences or locations, such as a wedding day, a news event, or a travel destination – and it would be extremely difficult to effectively replace this kind of photography with an AI image generator.

There is, of course, also a certain magic in capturing the beauty of a moment you have witnessed. And when you consider this, it’s difficult to imagine a world of humans without photography.

The post AI image generators: Everything you need to know appeared first on SmartFrame.

The 5 biggest GDPR fines and why they were issued

Peter Townshend — Fri, 23 Sep 2022 12:17:21 +0000

Here’s our rundown of the five biggest fines issued under the European Union’s General Data Protection Regulation (GDPR)

GDPR was implemented in 2018 with the aim of protecting personal data and privacy in the European Union (EU) and European Economic Area (EEA).

Since its introduction, there have been a number of big fines for big tech. But with Instagram racking up the second largest fine under the regulation just weeks ago, are there still lessons to be learned?

In this article we list the five biggest GDPR fines since the regulations were introduced, take a closer look at why they were issued, and explore why some believe the regulation isn’t capable of delivering on its promises.

1: Amazon – €746m

Currently, the biggest GDPR fine by far is the €746m whopper that was imposed on Amazon by Luxembourg’s National Commission for Data Protection (CNPD) on 16 July 2021.

The fine was likely triggered thanks to a complaint filed in May 2018 by 10,000 people, through the French privacy rights group La Quadrature du Net. This complaint alleged that Amazon had utilized users’ private data to target advertisements without consent. A full statement from La Quadrature du Net can be found here.

In its company filings dated 29 July 2021, Amazon made clear its disagreement with the fine, saying: “We believe the CNPD’s decision to be without merit and intend to defend ourselves vigorously in this matter.” Amazon filed its appeal in October 2021 and the case is ongoing at the time of writing.

With previous fines for British Airways and for Marriott being reduced significantly, it is possible that Amazon could still shake off this somewhat unwelcome title – so watch this space.

2: Instagram – €405m

The second biggest GDPR fine on the list is the €405m fine Instagram was hit with on 28 July 2022 by the Irish Data Protection Commission (DPC) – Ireland’s supervisory authority for the GDPR.

A statement from the DPC outlined the reasons behind the fine, saying it marks the end of an inquiry into “the processing of personal data relating to child users of the Instagram social networking service.”

The DPC names US data scientist David Stier as the source of information that sparked the inquiry back in September 2020, noting the two main complaints as “the public disclosure of email addresses and/or phone numbers of children using the Instagram business account feature and a public-by-default setting for personal Instagram accounts of children.”

Following the referral of the case to the European Data Protection Board (EDPB) due to objections from a number of Concerned Supervisory Authorities (CSAs), a binding decision was published on 15 September 2022, imposing the €405m fine. The fine was accompanied by an order for Instagram’s owner, Meta Platforms Ireland Limited, “to bring its processing into compliance by taking a range of specified remedial actions.”

Instagram has since updated its settings and released new safety features. However, Reuters has reported that a spokesperson for the platform said: “Instagram disagrees with how the fine was calculated and is carefully reviewing the decision.”

3: WhatsApp – €225m

The third biggest GDPR fine was issued to Meta-owned messaging app WhatsApp in 2021 by the Irish DPC.

It was the result of an investigation that began on 10 December 2018 into what the DPC described in a statement as “the provision of information and the transparency of that information to both users and non-users of WhatsApp’s service.”

Once again, the Irish DPC faced opposition from CSAs, meaning the case was referred to the EDPB, which published a binding decision on 2 September 2021.

The BBC reported a WhatsApp spokesperson saying: “We have worked to ensure the information we provide is transparent and comprehensive and will continue to do so. We disagree with the decision today regarding the transparency we provided to people in 2018 and the penalties are entirely disproportionate.”

WhatsApp launched an appeal against the ruling on 3 January 2022. At the time of writing the case is ongoing.

4 and 5: Google – €90m + €60m

Google was on the receiving end of the fourth and fifth biggest GDPR fines when the Commission Nationale de l’Informatique et des Libertés (CNIL – French Data Protection Authority) found it to be more difficult for French users to reject cookies on google.fr and youtube.com than it was to accept them.

Fines of €90m for Google LLC and €60m for Google Ireland Ltd – in line with the GDPR’s One Stop Shop mechanism – were imposed by the CNIL on 31 December 2021, followed by a 6 January 2022 announcement on the authority’s website to clarify the decision, saying:

“The restricted committee, the CNIL body in charge of issuing sanctions, judged that making the refusal mechanism more complex actually discourages users from refusing cookies and encourages them to opt for the ease of the ‘I accept’ button.

“The restricted committee considered that this process affects the freedom of consent of Internet users and constitutes an infringement of Article 82 of the French Data Protection Act, since it is not as easy to refuse cookies as to accept them.”

It goes on to justify the fine amounts “by the number of people affected and the considerable profits that the companies make from advertising revenues indirectly generated from the data collected by cookies.”

Notably, the CNIL includes that it had already warned Google about these breaches prior to the penalties and that this was taken into consideration when calculating the fines.

Google’s response was one of acceptance, with Reuters quoting a Google spokesperson as saying: “People trust us to respect their right to privacy and keep them safe. We understand our responsibility to protect that trust and are committing to further changes and active work with the CNIL in light of this decision.”

Is GDPR working?

Since the launch of GDPR, many have doubted its effectiveness in controlling the use of data by big businesses, especially the tech behemoths of Silicon Valley.

With this combined top five totaling an eye-watering €1.526bn, regulators seem to be flexing their muscles. But is it enough to make a difference?

Let’s take a look at the numbers.

While €746m is certainly a lot of money, it was approximately only 0.2%* of Amazon’s 2020 annual revenue, which reportedly totaled $386bn. This is far from the maximum 4% of turnover outlined on the GDPR website.

Google had it even easier, with €150m making up approximately 0.09%* of its reported $182.53bn 2020 revenue.

And with revenue of $117.9bn reported for the 2021 fiscal year, Instagram’s owner Meta had generated enough money to match its €405m fine in approximately a day and a half.*

When you consider that many of the tech giants generate a large proportion of their revenues from digital advertising (which in most cases has historically used third-party cookies to target audiences), many could argue that these fines are a small price to pay.

Furthermore, when you combine this with the fact that the long timeframes required to enforce such fines have led to significant backlogs, it’s easy to see why many question how effective GDPR really is.

Having said that, while these fines may seem small in the context of the recipients’ overall revenue, they are by no means insignificant and have certainly grabbed headlines, helping to raise global awareness of the issues surrounding online privacy and personal data.

It is also important to remember that the 4% of turnover figure mentioned above is the maximum penalty. The actual fines that are imposed must reflect the severity of the offense. After all, if every violation was met with the maximum punishment, there would be no reason for a potential offender to hold back.

Finally and perhaps most crucially of all is that, in most cases, the GDPR fines that have been imposed have brought about positive change to the way the recipients handle personal data.

With this in mind, it’s hard to deny that a digital world with GDPR is ultimately a better place than it was without it.

*Calculated using exchange rates correct on the date of the fine being issued.

The post The 5 biggest GDPR fines and why they were issued appeared first on SmartFrame.

Negative body image: Should retouched images be labeled as such?

Peter Townshend — Wed, 21 Sep 2022 14:43:45 +0000

A recent paper reported clear links between negative body image and retouched digital images in advertising and on social media. So is labeling retouched images the answer?

On August 2, 2022, the UK’s Health & Social Care Committee published a report that focused on the impact of body image on mental and physical health.

The report had some alarming findings – and, unsurprisingly, found that retouched digital images were recognized as a driver of negative body image. Here, we look at the broader findings of the report, the recommendations it makes, the role played by digital images in particular, and the ways in which the issue could be mitigated.

What is negative body image?

Negative body image refers to a person’s dissatisfaction with the way their body looks. This could be down to its size, for example, its shape, or its general appearance.

Looking in the mirror and feeling like you could lose a few pounds may be dismissed as a harmless passing thought by many. But in such a hyper-connected world that is dominated by unregulated digital media, negative body image has the potential to develop into a more serious issue.

For example, it has been linked to damaging physical and mental disorders, such as body dysmorphic disorder, anorexia nervosa, bulimia nervosa, and depression.

What were the findings of the report?

The Health & Social Care Committee’s paper reported a number of concerning statistics around body image and mental health.

A 2019 study by the Mental Health Foundation, for example, found that 20% of adults felt shame, 34% felt down or low, and 19% felt disgusted by their body image at some point in the preceding year. The same study found that 13% of adults felt suicidal thoughts as a result of negative body image.

Furthermore, it was found that 21% of adults cited images used in advertising as a cause of negative body image, while 40% of teenagers said their body image issues were caused by images on social media.

In this article, our main focus is on sections 61-63 of the report, which concentrate on the potential link between negative body image and retouched digital images used in advertising and social media. The report states:

“We believe that more needs to be done in regard to the regulation of digitally altered images for advertising and social media use. We heard evidence about the potential harm from online content that promotes an idealized, often doctored and unrealistic, body image and the link to developing low self-esteem and related mental health conditions.”

The report goes on to recommend that specific action is taken, calling for new research into the impact of social media on body image dissatisfaction. It emphasizes the need to better equip new generations with skills such as critical thinking and image appraisal that can help them recognize when an image has been retouched.

It also calls for the clear labeling of retouched commercial images. “We believe the Government should introduce legislation that ensures commercial images are labeled with a logo where any part of the body,” it says, “including its proportions and skin tone, are digitally altered.”

This is a practice already adopted in Norway with the passing of a new law in 2021 that requires content creators to “ensure that the advertisement in which the shape, size or skin of a body has been changed by retouching or other manipulation must be marked.”

What role do digital images play in fueling negative body image?

With so much different content hitting us from so many different angles today, there are countless ways retouched digital images can find their way into our lives and contribute to negative body image.

However, the Health & Social Care Committee’s report quotes a number of individuals who cite social media as playing a significant role. This view is backed up by a study from Science Direct, which found that social networking is positively related to body image concerns.

With a reported 4.7 billion social media users worldwide spending an average of 2hrs 29min a day on these networks, is the connection really a surprise?

Social media influencers in particular have faced criticism for their role in this in recent years, leading to body-positive campaigns like the Dove Real Beauty Pledge and hashtags like #bodypositive and #nofilter, which have helped to put a greater focus on self-esteem and authenticity.

However, while this greater responsibility around commercial content has helped to raise awareness, research shows that the biggest driver of negative body image is actually content from friends and acquaintances.

This is concerning because, while commercial content can be regulated by consumer-protection bodies such as the UK’s Advertising Standards Authority (ASA) and the USA’s Federal Trade Commission (FTC), personal content from friends and connections is much harder to control.

What defines a retouched image?

The idea of labeling an image to indicate it has been retouched – as the Health and Social Care Committee’s paper suggests – is certainly the right sentiment. The only problem is that defining a ‘retouched’ image is harder than it sounds.

It wasn’t long ago that many of us would regard image retouching as a practice reserved for professionals in expensive photo-editing suites, airbrushing images of supermodels on national magazine covers and high-level advertising campaigns.

Today, however, retouching images is easy and often free through software programs and countless apps that can do anything from adding eye shadow to completely reshaping facial features. These apps are simple to use and, in many cases, the technology is so advanced that it can be difficult for the untrained eye to spot.

Apps such as these are the more extreme examples of image retouching being used to deliberately alter a subject’s physical appearance, but there are many other less obvious and arguably less damaging ways to change the appearance of an image. So where do you draw the line?

For example, professional portrait photographers often spend a significant amount of time and effort using image-editing software to ensure their photographs look their best. While they may not change the physical appearance of the subject, it is likely they will make tweaks to contrast or color to enhance the overall result. So should these images be flagged as being retouched?

Even digital images straight out of the camera with no filters or subsequent editing cannot be described as truly authentic due to the processing that happens in-camera between the sensor capturing the scene and the image file being created.

Then there is the question of the hardware that is used. A lens with a moderately long focal length and a wide aperture that can achieve a shallow depth-of-field is usually the most flattering equipment setup for portraiture. Granted, this is not retouching, but could be considered a form of image manipulation. Should this also be taken into consideration?

With so many ways to alter an image, and degrees to which it can be manipulated, what is the answer?

Potential solutions

Labeling images as one or the other is a step in the right direction. But with so much grey area surrounding what constitutes a ‘retouched’ image, the more useful option would be to provide complete transparency over what edits have been made.

This can already be achieved with technology such as the Content Authenticity Initiative (CAI), which is currently in development. By adopting CAI technology, it is possible to automatically attach tamper-evident image provenance data to a digital image in-camera at the time of its capture, such as date, location, author, and technical information.

Furthermore, CAI can track and record every edit that is made to a digital image throughout its lifetime, from simple contrast adjustments or filters right up to compositing and more advanced image editing. It is even possible to view thumbnails of the image before and after edits were made.

Rather than having to determine whether or not each and every image has been retouched, this approach provides the user with all the information they need to make their own decision on the trustworthiness of what they see.

Learn more: Content Authenticity Initiative: What you need to know

Image-streaming technology, which has been used to display the images in the body of this article, can also be useful here.

This method of publishing images online provides built-in captions for context; permanent attribution and theft deterrents for security; and interactive features like Hyper Zoom and full-screen viewing for higher engagement. A demo that incorporates both systems has also been developed.

Conclusion

While some images used for advertising or posted on social media can be problematic, deciding on and labeling retouched images is a complicated and potentially time-consuming process that could be difficult to implement effectively.

By adopting the technologies mentioned above, social media platforms could ensure transparency when it comes to image editing and manipulation, and address some of the issues they have had to grapple with in recent years around negative body image.

They could lead the way in creating safe havens for digital imaging in which users can make their own decisions on the authenticity of the content they are viewing, and this could in turn pave the way for a whole new digital image ecosystem for the wider web in which content can once again be trusted.

The post Negative body image: Should retouched images be labeled as such? appeared first on SmartFrame.

Do you own the copyright to a photo of yourself? Probably not – and here’s why

Joel Miller — Mon, 18 Jul 2022 00:26:47 +0000

Following a number of cases in which celebrities have been sued for posting photos of themselves on social media without permission, we explore the rules around this aspect of copyright law

Our recent article on the rules around posting photographs of other people on social media explained the various restrictions that different platforms imposed. But when it comes to posting photos of yourself, what’s actually allowed?

Believe it or not, being the subject of a photograph doesn’t necessarily mean you own the rights to it. Indeed, there has been a flurry of cases in recent years in which high-profile celebrities from the worlds of sport, music, and reality TV have found themselves in trouble after posting photos of themselves to social media without permission from the copyright holder.

Here, we take a closer look at the rules, list some specific examples of subjects being accused of copyright infringement on social media, and discuss ways in which all parties can protect themselves.

Do you own the copyright to photos of yourself?

Not necessarily. While privacy laws were put in place to protect the subjects of photographs, copyright laws are designed to protect the creators. As explained in the USA’s Copyright Act of 1976 and the UK’s Copyright, Designs and Patents Act 1988, the copyright to any photograph, regardless of who or what it features, falls by default to the person who took it.

The main exception to this is when there has been some kind of contractual agreement beforehand, such as when an individual takes photographs during their employment. This could be a photographer who is shooting on behalf of a commercial organization, for example, or a staff photojournalist working for a newspaper.

While there are some exemptions, listed for the US here and the UK here, it is safest to assume that unless a subject of a photo has been assigned the copyright – or indeed, the photo is a selfie – they need to seek permission from the copyright holder before they can publish it.

Learn more: Copyright and images: What you need to know

If asked, it is unlikely that your best friend will mind you using a photo they took of you as your personal profile picture. On the contrary, they will probably be quite flattered. The same could be true even for a professional who took your photo at a relative’s wedding. Many photographers will simply request that they be credited.

Problems arise in the eyes of the photographer – and the law – if subjects use the images for commercial gain without prior permission. If there is evidence to suggest a photographer has lost earnings from such action, they will likely seek reimbursement.

Photographer vs subject copyright infringement case examples

Here are a few recent examples of image owners filing lawsuits against subjects for publishing photographs of themselves without permission.

Robert Barbera sues Dua Lipa

New York-based photographer Robert Barbera is currently suing British singer Dua Lipa for allegedly publishing photos he took of her in 2018 without his permission.

The photographs were posted to the singer’s Instagram page in 2019. Barbera argues that because the page is used to promote Lipa’s music and brand, his work benefited her financially.

Barbera is therefore seeking actual damages, disgorgement of all profits linked to the infringement, and court costs.

Both parties have form. Lipa faced a similar case brought by Integral Images in July 2021, while Barbera has previously filed lawsuits against Ariana Grande and Justin Bieber.

The case is ongoing.

Backgrid sues Lisa Rinna

Photo agency Backgrid brought a copyright infringement case against reality TV star Lisa Rinna in June 2021, claiming she published photographs they own of her without its permission.

The photographs, which were taken by paparazzi photographers represented by Backgrid, were posted to Rinna’s Instagram account. At the time, Rinna had 2.7 million followers.

Backgrid launched a legal campaign demanding $1.2m in statutory damages, claiming loss of income. Rinna responded by asking the judge to dismiss the case, saying Backgrid “effectively weaponized the Copyright Act to augment its income.”

The two parties have reportedly now settled with the court, avoiding the need for a public trial.

Steven Mitchell sues LeBron James

Sports photographer Steven Mitchell sued LA Lakers basketball player LeBron James for using a picture he took of James dunking the ball against the Miami Heat in 2019.

The suit was filed in March 2020 against both James and his companies, Uninterrupted Digital Ventures and LRMR Ventures LLC, which Mitchell says manage the player’s Facebook page.

According to court documents, Mitchell was seeking profits made from the Facebook post, or $150,000 for every time James used the image.

Interestingly, James responded by filing a countersuit against Mitchell for $1m, arguing that Mitchell was unlawfully using photographs of James on his website to promote his business.

In the end, both parties reached a settlement outside of court that resulted in the closing of both lawsuits in February 2021.

Why does this keep happening?

The above cases are just a small selection of recent examples. Celebrities such as Kendrick Nunn, Khloe Kardashian, Gigi Hadid, and Emily Ratajkowski have all found themselves in similar situations. But why does this keep happening?

Arguably the biggest reason for the increase in cases like this is the free-sharing nature of social media, which provides access to enormous audiences that are often completely out of the publisher’s control. When combined with increasingly blurred lines between editorial and commercial content, you have a recipe for litigation.

At the heart of the problem sit the insecure image formats that are used online. Formats like JPEG, PNG, GIF, and others can easily be copied and redistributed with minimal effort.

This lack of protection leaves the images open to theft, but it is important to remember that not all theft is deliberate.

The fact that these images can be so easily copied and misappropriated means that users unfamiliar with copyright law are often stealing them without even realizing they are doing anything wrong.

Preventing copyright infringement

Several measures can be taken to protect both parties, such as watermarking, downsampling, and adding copyright information to image captions or metadata.

However, none of these offer a comprehensive solution that finds the right blend of strong protection and compelling presentation.

For example, effective watermarking and downsampling sacrifice image quality by either obscuring the image or reducing its resolution, while standard captions are not permanently attached to the image, and metadata can be easily deleted – if it is ever actually seen in the first place.

The most comprehensive solution out there is the use of image-streaming technology. In a nutshell, it is a new way to display images online that provides a more secure and engaging alternative to the current file formats.

With image streaming, the content owner uploads a high-resolution image file to a secure central server and streams it to websites using an embed code – much like embedding a YouTube video.

This makes it possible for an image to appear on unlimited web pages without a single copy being made.

Each image is displayed in high resolution with interactive features such as multi-level zoom and full-screen viewing while maintaining fast page-loading times. This creates the perfect balance between quality, security, and user experience.

If fully integrated, image streaming could revolutionize social media networks, providing a safer and even more engaging place to connect. Below is a rundown of how the technology can benefit all parties involved.

Benefits to content owners

For content owners, there are a number of benefits when using our technology starting with full distribution control over their images, allowing them to monitor and manage where their content appears across the web.

Through a comprehensive list of URLs, owners can easily track unauthorized use and promptly block domains whenever needed.

As well as that, our theft protection features make it significantly harder for images to be stolen, with measures against right-clicks and screenshot attempts.

Permanent attribution is ensured through embedded captions and credits, guaranteeing that images are always correctly attributed, regardless of where they’re shared.

Lastly, image analytics are provided to give the creators valuable insights into viewership metrics such as detailed data on image views and their origins.

Benefits to content sharers

For content sharers, our platform offers customizable deterrent messages triggered by right-click or screenshot attempts.

These messages inform users about copyright protection and direct them to the terms and conditions of sharing, educating them on legal sharing practices and preventing unintentional theft.

Like content owners, sharers benefit from permanent attribution, as embedded captions and credits accompany images wherever they’re shared, ensuring proper crediting and contextual integrity.

Benefits to social media platforms

By streaming every displayed image from a single source file, social media platforms can better police and trace images back to their origin, making it a more manageable task and enabling swift action if necessary.

Our controlled distribution options, including optional sharing buttons, help platforms maintain exclusivity over shared content, ensuring images remain within the intended platform ecosystem.

Calls for changes to the law

Following her experience, Emily Ratajkowski wrote an article for The Cut that raised questions about the rights people have to photographs of themselves. Her view is shared by other celebrities such as Snoop Dogg and Gigi Hadid who have both called for changes to the law.

Copyright law has, however, been designed to protect the creator, so image owners may argue that any exceptions could lead to abuse, especially if the image is in the public interest.

Final thoughts

Whatever the law says, image formats that are currently used online can easily leave all parties unprotected against image misuse, whether deliberate or not.

With this in mind, we believe the main focus should be on protecting those at risk by educating everyone involved on what is permissible and what isn’t, while also preventing images from being stolen in the first place.

The post Do you own the copyright to a photo of yourself? Probably not – and here’s why appeared first on SmartFrame.

Browser fingerprinting: Everything you need to know

Peter Townshend — Fri, 27 May 2022 09:43:44 +0000

Browser fingerprinting was invented to help keep our online data safe, but in many cases, it does the exact opposite. Here, we take a deep dive into this covert online tracking technique.

Online user privacy has been a much-discussed topic in recent years, with a slew of news stories revealing the misuse of sensitive data by some of the biggest names in the tech business.

The result has been an almost universal rejection of the third-party cookie, which to date has been the most prevalent online tracking tool. However, the third-party cookie is not the only way to track a user’s online behavior.

In this article, we explore browser fingerprinting, which is an accurate form of online tracking that is highly evasive, difficult to trace, and, as yet, unregulated.

What is browser fingerprinting?

Browser fingerprinting is a term used to describe the act of discreetly gathering software and device settings data through an internet user’s browser when they’re online. This combination of settings is then used to build a unique identity – or ‘fingerprint’ – for that individual. It’s also sometimes referred to as ‘device fingerprinting’ or simply ‘fingerprinting’.

How does browser fingerprinting work?

Every time you visit a website, your browser has to provide the hosting server with a certain amount of essential information to ensure the website works properly for your individual machine.

These pieces of information could include device model and spec, language and keyboard layout, location, time zone, installed hardware, software versions, and much more.

Individually, these settings and configurations might seem innocuous – and they are. But when put together, they can create a unique combination or ‘fingerprint’.

Considering the number of connected devices worldwide (projected to hit 38.6 billion in 2025), browser fingerprinting can be surprisingly accurate. This study, for example, found that 83.6% of tested browsers were unique.

What is browser fingerprinting used for?

Fingerprinting is reportedly used by over a quarter of the top 10,000 websites online.

Many of these sites use device fingerprints to maximize the user experience for their audience or to keep accounts secure. However, many others use it to track user activity and then pass that information on to data brokers who will sell it to various ends.

Security

Browser fingerprinting was originally developed to track and block devices associated with suspicious activity. These could be botnets using multiple devices and locations to access online accounts, phishing scammers creating numerous social media profiles, or bad actors using repetitive trial-and-error tactics.

Fingerprinting is such an efficient identifier that it can bypass private browser windows, virtual private networks (VPNs), and other evasion measures to track this activity, making it harder for fraudulent internet users to conceal their actions.

While it is not foolproof, browser fingerprinting can form an integral part of a robust security strategy when combined with other anti-fraud measures.

Marketing

Such an effective way to identify and track user activity has inevitably drawn the attention of the digital advertising industry.

Global digital ad revenue totaled $378.16bn in 2020 and much of this relied on targeted advertising. In an industry of this size, data is considered to be extremely valuable because it enables marketers to accurately personalize their campaigns.

For example, if a global tour company can see from your online activity that you have booked a holiday to Paris, it will know to serve you advertising that specifically promotes its Paris tours. Furthermore, if it can see that you also have an interest in art because of the websites you have visited, it could be even more specific by promoting its ‘Paris Gallery Tour’.

By working with websites, ad tech companies can recognize a user’s fingerprint when they arrive on a web page and, in a split second, serve an ad that matches their behavior profile.

Privacy concerns

While personalized digital advertising may not be a huge issue for many – research suggests it is even welcomed by some – there are other, more concerning possible uses.

It is very hard to cite specific cases due to the lack of transparency surrounding the practice, but they could include fingerprinting data being used to pre-qualify a user for certain services or to inform dynamic pricing.

An example of the latter is the aforementioned tour company charging you more than others after using your device fingerprint to see that you are located in an affluent area and recently shopped for designer clothing.

While there may never be a specific name associated with a user’s digital fingerprint, there are undoubtedly potential privacy issues to be considered.

Browser fingerprinting vs cookies

While essentially used for the same purpose – identification and tracking – there are some big differences between cookies and fingerprinting.

Storage

Cookies are stored on a user’s device, which means they can be easily blocked or deleted. Device fingerprints are stored remotely, which makes them very difficult to control.

Regulation

The General Data Privacy Regulations (GDPR) in the EU and the California Consumer Privacy Act (CCPA) in the US have both imposed rules that regulate the use of cookies for the protection of user privacy, with hefty fines for those who break them.

Fingerprinting, on the other hand, is unregulated, which gives more freedom to those who collect this data.

Transparency

The above regulations have brought transparency to the use of cookies, whereby websites must notify a user that they will be capturing data, explain what it will be used for, and offer them the opportunity to opt out.

Fingerprinting takes place covertly using data that is necessary for websites to work properly. This makes it very difficult for a user to even detect the activity, let alone opt out.

Reliability

Cookies are unique pieces of tracking code that are placed directly onto a user’s device, which makes them very reliable.

Conversely, fingerprinting relies on probability rather than certainty. While it can be very accurate, it inevitably leaves some room for error.

Browser fingerprinting methods

Aside from recording top-level configurations such as software versions, extensions, cookie settings, and languages, to name a few, there are additional more intricate fingerprinting techniques that can be used. Some examples of these are below – and the more of these that are used together, the more accurate the fingerprint will be.

Canvas fingerprinting

Most websites are constructed using HTML coding, which features an element called canvas. Using this element, websites are able to force browsers to draw a picture and text behind the scenes during a user’s visit.

When devices are configured differently, they render this image and text in a slightly different way, which reveals a whole host of information about a device’s graphics hardware, such as its graphics processing unit (GPU), graphics driver, or graphics card.

Using this information, the device is assigned a unique hash that serves as an identifier (or ‘canvas fingerprint’).

WebGL fingerprinting

Web Graphics Library (WebGL) is a JavaScript Application Programming Interface (API) that works alongside HTML Canvas to render 2D and 3D images.

The WebGL fingerprinting process is the same as canvas fingerprinting in that it forces a user’s device to draw an image in the background without their knowledge, records its graphics hardware information, then assigns it an identification hash.

Audio fingerprinting

In a similar way that canvas fingerprinting uses HTML Canvas to measure how a device renders an image, audio fingerprinting uses the Web Audio API to measure how a device produces sound.

Connected device fingerprinting

Connected device fingerprinting is a technique that gathers information about the media devices connected to a user’s machine. This could include external devices such as headphones or speakers, together with internal devices like sound cards or video cards.

What data makes up a device fingerprint?

There is a wide range of different data that’s gathered using various methods, and this all comes together to create a device fingerprint. Here is a list of some of the most common types.

IP address	User-agent string
Installed fonts	Installed hardware
Cookie settings	Screen resolution
OS version	HTTP header attributes
Language settings	Browser extensions
Keyboard layout	Audio fingerprinting data
Browser privacy	HTML canvas fingerprinting data

Is browser fingerprinting illegal?

No, browser fingerprinting is not illegal. While it has raised concerns and opposition from privacy advocates, there is nothing to stop a website from fingerprinting users as they visit.

The GDPR and CCPA regulations imposed strict rules to protect online privacy, although the main focus is cookies and therefore they do not apply to data obtained through fingerprinting.

The reason fingerprinting can dodge these regulations is that it only uses what is considered to be public information. No personal data is gathered during the fingerprinting process, therefore no current laws are being broken.

There are, however, plans to regulate browser fingerprinting in the EU, which – as GDPR did with cookies – could spark momentum towards a global standard.

The proposed ePrivacy Regulation is set to apply the same rules to fingerprinting that currently govern the use of cookies. However, at the time of writing it is still in the trilogue process and is therefore subject to change.

How to prevent browser fingerprinting

Fingerprinting is difficult to prevent – and there are two main reasons for this.

The data gathered is essential for websites to work properly, so preventing them from taking it would significantly diminish a user’s browsing experience.
Fingerprinting data is stored off-device, which makes it very difficult to find, control, and remove.

Ad blockers, private browsing windows and VPNs

The use of ad blockers, private browsing windows, and VPNs can help by hiding certain data such as a user’s real IP address and location. However, their use does nothing to hide the more detailed information covered earlier in this article.

In fact, using any of these tools could actually add a whole new facet to a device’s configuration that would not have been there before.

Privacy-focused browsers

Aside from making a device less unique by using default settings wherever possible, the most effective defense against fingerprinting is to use a privacy-focused browser such as Firefox, Brave, or Tor.

Firefox, for example, combats fingerprinting by blocking third-party requests from websites known to partake in the activity. While this is a positive step, it is limited to the websites its provider (Mozilla) is aware of and is therefore not a watertight solution.

Brave’s protection against fingerprinting also makes use of a blocking technique, but this is complemented by randomization. This means it attempts to make a user’s device appear different to a fingerprinting tool each time it visits a website. While this combination certainly bolsters protection, it is unable to stop the most determined of fingerprinting tools.

Tor’s technique, on the other hand, is to make every user’s browser fingerprint the same, which provides a level of anonymity among the crowd.

While this protection is considered to be strong, there are some downsides. The most significant of these is relatively slow loading speeds, which occur as a result of the software working hard to disguise a user’s identity.

Also, because of Tor’s popularity with users who do not want to be tracked, it is regarded with suspicion by many authorities. Therefore, somewhat ironically, it could actually end up attracting attention from parties that are arguably more concerning than the marketing executives most users are trying to avoid.

Reluctant acceptance

There’s no doubt that combining these measures with efforts to make a device less unique by using default settings wherever possible can make fingerprinting more difficult.

However, the bottom line is that complete prevention is impossible. Therefore, at least for the time being, fingerprinting is something that goes part-and-parcel with internet usage.

Until relevant regulations are introduced, it’s worth considering whether the risk of fingerprinting is a price you are prepared to pay for the content you are consuming.

Will fingerprinting replace third-party cookies?

With the EU’s ePrivacy Regulation still in progress, it is impossible to predict exactly what the future holds for browser fingerprinting. However, considering the general public’s increasing awareness of personal data collection and misuse, coupled with a lack of transparency around how fingerprinting is being used, it is probably safe to expect some attempt at regulation in the future.

For example, one academic study found that 85.5% of users were concerned about browser fingerprinting and 78.5% felt that being protected from it was important to them.

With overwhelming majorities like this, some form of change is likely. But to what extent these regulations will go – and indeed how effective they will be – remains to be seen.

Regardless of the efficacy of these potential regulations, with such low user opinion, it would be remiss of brands and marketers around the world to rely on fingerprinting as a replacement for the third-party cookie. Instead, investment in alternative forms of targeting such as contextual advertising – which is regarded by many as having a big role in the future of the industry – would be a better alternative.

The post Browser fingerprinting: Everything you need to know appeared first on SmartFrame.

Counterfeit goods online: How big is the problem and how can you combat it?

Robert Sewell — Thu, 12 May 2022 09:55:54 +0000

The internet has brought great opportunities for retail, but it’s not all positive. We look at the growth of the counterfeit goods market and how retailers can protect themselves.

The growth of online shopping has been steady for a number of years, and with the global pandemic introducing many consumers to the convenience of e-commerce in everyday life, those numbers are now higher than ever.

The European Union Intellectual Property Office (EUIPO) reported that 70% of Europeans bought something online in 2020. US e-commerce sales, meanwhile, are projected to exceed $1tn in 2022 and to make up nearly 22% of total retail sales by 2026.

Such figures show the extensive reach, growth, and value of the e-commerce market, but where there is great value, there is inevitably the risk of bad actors – in this case, from the burgeoning online counterfeit goods market.

How big is the counterfeit goods market?

According to recent figures, the value of the global counterfeit goods market was $449bn in 2019 – larger than the entire economy of Ireland.

Furthermore, in March of the same year, the Organisation for Economic Co-operation and Development (OECD) reported that trade in counterfeit and pirated goods makes up 3.3% of global trade and stated that this figure was continuing to rise.

These are startling figures – and when you consider the potential impacts the fake goods market can have on economies, businesses, and everyday people, they become even more concerning.

What proportion of the counterfeit goods market is traded online?

While it is difficult to provide a definitive figure, a joint EUIPO-OECD study found that between 2017 and 2019, over 50% of counterfeit goods seized on entry to the EU were related to online transactions.

This could be seen as an indication of the potential overall scale of the problem. The knowledge that it is this significant online certainly makes sense when you consider that largely unregulated digital environments allow criminals to better maintain their anonymity and remain as elusive as possible to the authorities.

What is the impact of counterfeit goods on businesses?

The effects of IP theft and counterfeiting on businesses are huge. In 2020, global losses resulting from the sale of bogus goods amounted to €26.3bn in the clothing sector alone.

But while the sale of fake products at cheaper prices can have a big impact on bottom lines, the wider issue is the effect it can have on a brand’s reputation.

Counterfeit goods can lower customer satisfaction and erode brand value. For example, if a consumer receives a product they believe is genuine, they will expect a certain level of quality. Therefore, if that product is a substandard fake that arrives faulty or fails shortly after purchase, they will understandably be disappointed.

Research shows that 77% of consumers regularly read reviews when researching local businesses and that only 3% would consider buying from a business with an average rating of two stars and under.

In a marketplace where reviews are this powerful, dissatisfied customers can be particularly damaging to a brand’s reputation.

Additionally, businesses could find themselves wasting time and resources dealing with undeserved complaints and even making unnecessary refunds.

Learn more: Brand protection: The problems and solutions around keeping your brand safe online

What is the impact of counterfeit goods on consumers?

From a consumer’s point of view, counterfeit goods can present a tempting opportunity to buy expensive items at a fraction of their typical retail price, but this is often a false economy.

Rock-bottom prices usually go hand in hand with rock-bottom quality. This means it is likely that counterfeit items will need to be replaced long before their genuine equivalents would, which ultimately means higher costs in the long term.

The negative impact of fake goods isn’t just financial. In many cases, it can also pose a serious health risk.

One example is the global trade in counterfeit pharmaceuticals, which the EUIPO and OECD estimate is worth up to $4.4bn (and, according to the World Health Organization, has harmful effects in every region in the world).

Ineffective or weakened pharmaceuticals can leave ailments untreated or contribute to drug-resistant infections, while unknown ingredients could provoke unexpected side effects, allergic reactions, and, in some cases, even death.

Another example is electronic goods. A report from UK charity Electrical Safety First states that faulty electrical products are the cause of more than 7,000 house fires a year in the UK. The report goes on to state the results from tests of a number of counterfeit products, including phone chargers and hair straighteners, many of which were found to have posed a serious safety risk.

Finally, an often overlooked negative impact of fake products is that of privacy. There are reports of fake software updates and cases of Android phones being imported from the gray market with malware pre-installed, both of which are designed to expose a user’s personal data to fraudsters.

What is the impact of counterfeit goods on society?

There are many implications that counterfeit goods have on a country’s economy, and the most obvious of these is the loss of tax revenue. Because revenues bypass official channels, governments lose funds from value-added tax, corporate income tax, and personal income tax that could otherwise be invested for the good of communities.

One OECD paper reported that in 2016, forgone tax revenue from the UK retail and wholesale sector amounted to £3.1bn. The same paper stated that at least 86,300 jobs were lost due to counterfeiting and piracy.

Other knock-on effects include an increase in the prices of legitimate products, as brands try to recoup the billions of dollars of global losses, and the aforementioned dangers to public health.

There is also a major humanitarian issue to consider. The United Nations Office on Drugs and Crime (UNODC) identifies clear links between counterfeit goods and transnational organized crime networks, stating that the sale of fake products could be connected to the trafficking of drugs, firearms, or people.

The role of images in the online counterfeit goods market

Before the days of e-commerce, it was possible to hold, inspect, and even test the product you were buying before handing over your money. However, in today’s digital environment, all you have to go on is the presentation of the website, the description of the item, and most importantly of all, the images used.

As it currently stands, anyone can go to a brand’s website and make copies of every official image they can find using a right-click, drag-and-drop action, or a screenshot. Using these images, they are able to create highly believable online product listings.

Possibly the most common place where fraudsters list their bootleg products online is e-commerce marketplaces. It is relatively quick and easy to set up a seller profile on one of these websites and, in doing so, criminals can gain fast access to a truly global market.

Alternatively, counterfeiters will often build an entire website that’s little more than a clone of an official site. By copying logos, matching brand colors and typefaces, and most importantly of all, using stolen official product photography, these websites can be astonishingly convincing.

How to combat the sale of counterfeit goods online

The big players in e-commerce have measures in place to stop the sale of counterfeit goods on their platforms. For example, eBay’s VeRO program and Amazon’s investment in AI to help weed out the fakes.

However, many believe it is too little too late, with Birkenstock having already left Amazon.com, and Nike having withdrawn as a first-party vendor from Amazon worldwide, each due to concerns over counterfeiting.

Preventing image theft

While any efforts to tackle the problem of counterfeit goods online are of course well-received, prevention is often better than cure.

A highly effective step towards achieving this is for brands to protect their images from theft at source. After all, the fake websites and listings mentioned above would be far less convincing without the use of official product photography.

By streaming images instead of displaying them in formats like JPEG and PNG, brands can ensure there is only ever one high-quality copy of each product photograph online.

For example, each of the images you can see in the body of this article is being streamed. This means they are protected from theft and can be displayed on an unlimited number of URLs without a single copy being made. It works in a similar way to embedding a YouTube video.

It is even possible to monitor where an image appears and control its distribution by preventing unwanted domains from embedding it. Furthermore, by attaching captions and credits at source, which will follow the image wherever it is embedded, it is possible to ensure the image always appears in context.

By preventing bad actors from stealing and repurposing valuable product photography, there’s no doubt that a counterfeiter’s job becomes much more difficult.

Conclusion

The online counterfeit goods market is undoubtedly a big issue for brands, consumers, and governments around the world. There will never be a quick fix for a problem of this scale, and indeed no single solution. However, by making changes to the way in which products are promoted, and protecting a brand’s assets at the same time, it could be possible to restrict these criminals’ ability to appear legitimate.

The post Counterfeit goods online: How big is the problem and how can you combat it? appeared first on SmartFrame.

How is AI regulated around the world?

Peter Townshend — Thu, 28 Apr 2022 13:55:03 +0000

Artificial intelligence (AI) tools develop quickly and this has left many unanswered questions about the rules around their usage. In this article, we examine how these tools are currently being regulated

AI has always attracted plenty of controversy. Tools that in some way make use of AI are currently being used by the biggest tech companies for a multitude of purposes, and as a result of this relatively unchecked usage, countless very real concerns exist across the board.

One example is AI in imaging, which has seen significant news coverage in recent months. There have been concerns around copyright, such as the potential threat that AI super-resolution technology could pose to the security of image assets, as well as the question of how AI-generated images should be attributed.

Privacy in AI imaging has also become a hot topic, with the State of Texas suing Facebook in February 2022 for the misuse of facial recognition AI technology. Furthermore, Getty Images implemented an industry-first model release in March 2022 that protects the privacy of a subject’s biometric data from AI technologies.

With such scattered activity surrounding the regulation of this fast-developing and often complicated area, it can be hard to keep up with exactly where you stand when it comes to the regulation of AI, whether you’re an owner, developer, or user of the technology.

Below we provide an outline of EU, UK, US, and Chinese AI regulations, along with links to this and other AI regulations around the world.

AI regulation in the EU

The EU was the first of the big global players to draft a regulatory framework for governing the development and use of AI. It has been developed as part of the EU’s approach to artificial intelligence, which focuses on ensuring excellence and trust in AI.

The EU AI Act was first published in April 2021 and describes its aim as ensuring AI applications reflect EU values and protect human rights. As such, the law splits AI applications into four areas of risk: minimal risk, low risk, high risk, and unacceptable risk.

Technology deemed to pose an unacceptable risk includes any systems considered by the EU to be “a clear threat to the safety, livelihoods and rights of people” and would be subject to an immediate ban.

High-risk applications would have strict rules imposed, while limited-risk applications would need to adhere to specific transparency obligations.

Systems that are deemed to pose minimal or no risk are allowed to be used freely. Examples provided by the EU of this type of system include AI-enabled video games and spam filters.

Critically, the EU AI Act has been designed to evolve with the ever-changing nature of AI technology. As such, the rules would be adaptable according to how the technology develops. This means providers would need to perform ongoing assessments to ensure they are continuing to work within the law.

AI regulation in the UK

While the UK Government has not yet released a legal framework, it has laid out a 10-year National AI Strategy for developing the technology within its borders.

In its own words, the UK Government seeks to position its territory as “the best place to live and work with AI; with clear rules, applied ethical principles and a pro-innovation regulatory environment.”

The first major step in the UK’s attempts to become a global voice of authority on AI regulation came by way of a roadmap to an effective AI assurance ecosystem. This detailed document sets out the Government’s plan to, in its own words, create a “thriving and effective AI assurance ecosystem within the next five years.”

This was followed by the announcement of a new AI Standards Hub in January 2022. This government initiative will be piloted by The Alan Turing Institute, the British Standards Institution (BSI), and the National Physical Laboratory (NPL), and its stated aim is to provide an online resource for educational materials and practical tools designed to help organizations “develop and benefit from global standards.”

While all of this is still in its early stages, these efforts show that the UK is certainly serious about establishing itself as a global authority on AI. Whether or not it achieves that goal – and exactly what it will look like – remains to be seen.

AI regulation in the USA

While there is currently no regulation in place at the federal level in the US, there has been a lot of activity across various government departments that aims to address concerns around AI.

For example, the Federal Trade Commission wrote a blog post advising companies on how they should operate fairly in the age of AI, which hints at future rules. Also, the US Equal Employment Opportunity Commission launched an Initiative on Artificial Intelligence and Algorithmic Fairness to ensure AI used in the employment process adheres to human rights laws.

However, the most recent and decisive step saw Congress instructing the National Institute of Standards and Technology (NIST), part of the US Department of Commerce, to work with public and private sectors to develop the AI Risk Management Framework (AI RMF).

This framework takes recommendations from the National Security Commission on Artificial Intelligence and NIST’s own paper US Leadership in AI: A Plan for Federal Engagement in Developing Technical Standards and Related Tools to create guidelines that will, according to NIST’s website, help “improve the ability to incorporate trustworthiness considerations into the design, development, use, and evaluation of AI products, services and systems.”

All things considered, while the US’s overall position seems somewhat fragmented, there are sure signs it is taking steps towards overarching national regulation. Indeed, with the diplomatic challenges the EU faces in finding agreement from all member states, it could end up overtaking the EU AI Act in its implementation.

AI regulation in China

While progress in the EU, the UK, and the US seems to be picking up pace, progress in China has moved significantly faster, with laws regulating AI coming into force on March 1, 2022.

The Internet Information Service Algorithmic Recommendation Management Provisions (translated text available here), created by the Cyberspace Administration of China (CAC), introduced new rules on the use of algorithms to make recommendations.

These are overarching regulations that target all forms of algorithms designed to provide information to users. However, the following specific algorithmic recommendation technologies are mentioned: generative or synthetic, personalized recommendation, ranking and selection, search filter, and dispatching and decision-making.

The rules aim to safeguard national security and social interests, with a particular focus on combating the dissemination of disinformation and preserving the safety of minors and the elderly.

The above translation describes its purpose as aiming to “carry forward the Socialist core value view, safeguard national security and the social and public interest, protect the lawful rights and interests of citizens, legal persons, and other organizations, and stimulate the healthy development of Internet information services.”

While China’s AI regulations may not be mirrored by the west, there’s little doubt that governments around the world will be paying keen attention in the coming years.

AI regulation around the world

This article has focused on the activities of a few of the world’s biggest regulatory superpowers, although efforts to regulate AI are going on within many territories around the world.

This dashboard from the Organisation for Economic Co-operation and Development (OECD) provides a useful resource for finding out the current state of play in territories around the globe, listing over 700 policy initiatives and strategies from over 60 countries and territories, plus the EU.

The future of AI regulation

While there is plenty of activity concerning AI regulation around the world, at this early stage it is impossible to say exactly how things will look moving into the future, especially when dealing with such fast-moving technology.

Indeed, the ever-evolving nature of AI and the resulting fluidity of the proposed regulation makes it very difficult to predict the future.

Granted, there is a clear synergy across all proposals in their aim to protect common values, prevent disinformation, and shield the most vulnerable in society from harm. But it’s important to remember that we are a long way from global regulation, and when dealing across borders, cultures, and governments, there is always an element of subjectivity.

With this in mind, whether you are using AI or developing it, in such a hyper-connected digital arena it’s essential to familiarize yourself with the rules of the territories in which the technology was created.

The information contained in this article is intended to be used and must be used for informational purposes only and does not in any way constitute professional legal advice. If you are unsure of the law, always take independent legal advice from a professional.

The post How is AI regulated around the world? appeared first on SmartFrame.

How to create a strong password: Everything you need to know

Matt Golowczynski — Fri, 22 Apr 2022 10:15:45 +0000

Are your passwords strong enough? How should you use numbers when creating them? And what about multi-factor authentication? Here’s what you need to know about creating and maintaining strong passwords.

How do you create a strong password, one that can withstand being cracked by even the most sophisticated attacks?

Most of us know not to use commonly used passwords and personal details when setting these, and instead to use numbers, special characters, and so on.

But even if we follow this advice, our passwords may leave us vulnerable to attacks.

So why is this? And what should we be doing instead? First, let’s look at the two main reasons our passwords don’t quite cut it.

The two main reasons your password isn’t strong enough

We’re often led to believe a password is stronger than it actually is for two reasons.

The first reason is that the average user will be happy to be guided by the site on which a password is created as to what they should do.

This is a problem as it’s easy to confuse the minimum conditions for creating a password on a particular site with best practices around password creation in general.

A password you create may well satisfy the criteria for a particular website, and may include a number and a special character for additional security, but if it’s one you tend to use elsewhere, it’s not necessarily a good idea to continue using it on additional sites. The site in question, of course, won’t know just how frequently you’ve used it previously, and so it cannot advise you here.

It’s perfectly normal to want to make life easy for yourself and to balance security with convenience. If you only need to define a password that’s eight characters in length, with one special character and one number among these, why make it longer and more complicated than that?

The second key reason explains why we should.

Most online users want their accounts to be secure, but they lack sufficient awareness of how threats to passwords have evolved over time, and whether the advice we have always believed to be best is still sound.

Again, this is perfectly understandable. Password security is hardly the most exciting subject and it takes effort to stay on top of how things change in this space.

As online threats evolve over time, we should take notice of new recommendations so that these can be defeated. But in reality, most of us slip into a habit of doing things one way and just stick with it.

For example, many of us will now habitually use special characters and numbers in our passwords as we have been prompted to do so for some time. The theory behind this is that a more unique combination will be harder to crack.

But as the use of special characters has become commonplace, password-cracking methods have adapted to this. To understand how, it’s useful to look at the two main ways in which passwords are cracked, namely through dictionary attacks and brute force attacks.

Dictionary attacks vs brute force attacks

Dictionary attacks are commonly thought of as the process of using every word in a dictionary to guess a password until the correct one is found.

The title is somewhat misleading, however, as the requirement for special characters and numbers in today’s password means this approach wouldn’t be particularly effective today.

For that reason, these attacks may not actually use every word in a dictionary as such, but will typically make use of common words together with lists of commonly used passwords, such as those that have been scraped from previous data breaches.

Brute force attacks differ in that they attempt to use every combination within a set of parameters. This could, for example, be every combination of numbers, characters, capital letters, and symbols within a set password length. This means that they can guess passwords dictionary attacks may easily miss.

How to create a strong password

So what’s the best way to create a strong password? In short, a reasonably long password that’s randomly generated, or made using random words to create a nonsensical phrase, and saved with a password manager for convenience will serve most users best. Let’s examine this in more depth.

Use a longer password

Longer passwords are harder to crack than shorter ones, as there is more information to work out and a broader range of number-letter-special character combinations. So you should aim to make your password as long as is practical.

A brute force attack may attempt every combination up to a certain point, but it cannot guess forever. This is why a twenty-character password is more secure than a ten-character one. This is harder to remember, of course, but if you are using a password manager (discussed below) to remember your password, there is little excuse for not making this particularly lengthy.

Don’t use a single password on every site

Password lists that are sold on the dark web are known to be used for dictionary attacks. This is where commonly used passwords are added to dictionary attack lists in order to maximize the chance of successfully guessing a password.

If you’re unlucky enough to have your details included in such a list, using the same password across multiple sites opens you up to the risk of having other accounts associated with your email address being compromised.

If you use a password manager, even one built into your browser, you may be notified when you have repeatedly used the same password, and you may be prompted to change this.

Avoid personal details

NordPass’s Top 200 Most Common Passwords list for 2021 shows that a number of popular passwords are simply first names such as Thomas and Jennifer.

While dictionary attacks will easily discover these, they are also obvious passwords that can be guessed by people known to the account holder, so they should be best avoided.

The same applies, albeit to a lesser extent, to cities, sports teams, and musical groups.

Don’t use obvious substitutions

A handful of numbers and symbols make obvious substitutions for letters, such as 4 for A and 5 for S. The idea behind this approach is that it makes passwords more secure while keeping them memorable.

But as a general rule, what’s obvious is best avoided as some dictionary attacks now incorporate searching for these kinds of obvious substitutions.

If you do plan on using a memorable word or phrase and you need to make use of numbers, it’s best to place them randomly as additional, rather than substitutional, elements.

Avoid the obvious – and the not so obvious too

Everyone knows that using qwerty, password, and repetitive or sequential number combinations such as 111111 or 123456, is best avoided when creating passwords.

In fact, you may actually find some common options to be automatically banned when creating a password. This is typically the result of a website operator feeding a list of common passwords into the system to prevent them from being submitted.

But what they may not know is that some of the most common passwords make use of less obvious combinations that follow some kind of order, such as 1q2w3e, asdasd, 123321, and qwe123. And given that some dictionary attacks are known to make use of lists from previous data breaches, commonly used passwords like these are obvious candidates for attack.

So as a general rule, you should be wary of passwords that are convenient to type out. If you’re thinking of doing it, it’s highly likely other people have done so too.

Use password generators

There are various online tools that can be used to generate passwords, and many of these allow you to specify password length, the use of special characters, and even whether to exclude similarly appearing characters to create a more unusual result.

Of course, there is nothing stopping you from simply hitting keys on your keyboard at random as an alternative to this, although this approach may end up with a password that’s a little less diverse overall.

Use password managers

Traditionally, the role of a password manager has been to encrypt and store passwords that have already been created so that they can be quickly recalled when needed. This has made them useful for longer and more complex passwords, particularly those that have been randomly generated.

Today’s password managers, however, provide many additional conveniences. They will typically generate strong passwords and let you know if you are using these across multiple sites, for example, and even notify you if these may have been among details discovered in recent data breaches.

These used to only exist as standalone programs (or browser extensions), which would typically come in both free and paid-for versions. The majority of people who use password managers today, however, will typically opt for the equivalent features that are built into browsers such as Safari and Chrome.

Aside from the convenience of remembering longer passwords, a further advantage of these is that they make passwords easy to recall across different devices. Premium, paid-for options will also typically allow passwords to be shared with trusted friends and family, together with extra storage space, and easy syncing of other credentials such as credit card details and Wi-Fi passcodes.

Use nonsensical passphrases

One obvious drawback to the use of numbers and special characters is that it can make a password less memorable, particularly if those numbers and characters have been added randomly.

An alternative way to create a strong and memorable password is to use a phrase that makes little or no sense to someone else, but that can be easily remembered by its creator.

For example, the phrase ‘PackageSidewalkCrushingDonkeyBright’ makes little sense, but it’s not difficult to remember and such a unique combination would test even more advanced cracking approaches. Using the lyrics from a song can also work here.

Another significant advantage of using a phrase of this nature is that it will naturally create a relatively long password, which is also a boon for security.

How to keep a password protected

Setting a strong password is one thing. Making sure it continues to provide the protection you expect long after you created it is another. So what should you consider?

Stay up to date on data breaches

Data breaches occur when a hacker obtains a list of personal details from a website and these will typically include passwords. Depending on the jurisdiction, and whether this information was encrypted, the company in question may notify you by email that this occurred and the extent of information that leaked out.

You should stay up to date on these breaches by keeping an eye on security-focused news, perhaps by following social media accounts that tend to report on these for ease.

Checking whether your details were included in any historic data breaches using a site such as Have I Been Pwned is also recommended.

Routinely scan your devices for threats

Password-stealing malware isn’t just confined to laptops and desktop devices. It can also hide in apps downloaded for mobile devices. Common signs that a phone is infected with malware include high data usage, fast battery drainage, and general sluggishness in operation.

While it’s possible to download apps that can scan mobile devices for threats and neutralize them, some phones have anti-malware features installed as standard. If you are unsure whether yours does, check the manufacturer’s product page for your specific device.

If you use an Android phone or tablet, you can also run a quick check by using Google’s Play Protect feature. You can find this option by clicking on your profile icon in the Google Play store.

Should you use multi-factor authentication?

Multi-factor authentication (MFA), which is most commonly two-factor authentication (2FA), provides an additional layer of security to a straightforward username/password login.

While this process is still initiated by a conventional username/password login, by requesting that a user inputs a code that’s sent to their email address or phone – or alternatively from an authenticator app such as Google Authenticator or Microsoft Authenticator – they can quickly prove they are in possession of the phone or email account that has been specified as belonging to them, which increases the likelihood of them being who they claim to be.

Multi-factor authentication is now standard across many social media sites and online services, and many of us use it without much thought. But a number of incidents in recent years have highlighted how it’s not always the failsafe measure one would expect.

These include using sim swapping to intercept text messages sent to users with one-time passwords, as well as various phishing attempts, and even exploitation of account recovery processes.

Phones can, of course, also be stolen or infected by malware, and email addresses can be hacked. Nevertheless, as you will generally be the only person to have access to both your devices and your email account, the benefits outweigh the risks, so you should consider setting this up if it has not been set up already.

Multi-factor authentication systems that work on the submission of some kind of biometric authentication, such as a fingerprint, rather than a code that may be sent via email or text message, are generally better from the perspective of security. Bear in mind that some apps that use some form of MFA may offer biometric authentication without having it enabled as the default option, so it’s worth exploring available options.

Get into the habit of changing key passwords regularly

A password can only provide sufficient protection as long as it’s unknown to others, but it’s easy to miss a data breach in which this may have been revealed.

For this reason, you should consider changing passwords on a regular basis and saving them using a password manager for convenience.

Set up suspicious activity alerts

Some social media platforms and other online properties allow you to request an alert whenever your account has been accessed from an unknown location or device.

You may have already received such an alert when accessing an online account from a new device or when on holiday, or perhaps when using a VPN.

These alerts aren’t necessarily on at default so you should investigate whether the site or service in question offers this. And, of course, if you do receive one of these, you should respond to it promptly to protect your account from any authorized access.

Use a VPN when using public Wi-Fi

Public Wi-Fi networks are convenient, and sometimes even essential, but they’re also notoriously risky as anyone with the necessary know-how can intercept your communications and steal sensitive information such as passwords.

If you must use public Wi-Fi, you should do so in conjunction with a Virtual Private Network (VPN). These mask your IP and hide it from all third parties – even your ISP – and provide a tunnel between yourself and the internet that encrypts all your data and online activities.

Not all VPNs are the same, however, and some are viewed more favorably than others when it comes to privacy and protecting your information.

Ideally, any VPN service you use should have a strict no-logging policy that is periodically audited by an independent third party.

Many free VPNs exist, although paid-for versions typically offer more by way of security and convenience. They may, for example, include a broader range of worldwide servers to connect to, and might also have a kill switch that immediately takes you offline if the VPN momentarily loses its connection.

The post How to create a strong password: Everything you need to know appeared first on SmartFrame.