Ownership – content, domains, accounts, do you really hold the rights to everything you do online?

Here we take a quick look at a couple of areas, and include a quick update on something we were talking about a fortnight ago – linking accounts.

Who owns your content?

It’s not unreasonable to assume that you have total ownership and full rights over all your original content that you post on the internet, but you might want to double check the Ts&Cs. Some sites such as LinkedIn explicitly reassure you that your content is yours and you have full rights to it, but there’s a sting in the tail:

…you own the content and information that you submit or post to the Services and you are only granting LinkedIn the following non-exclusive license: A worldwide, transferable and sublicensable right to use, copy, modify, distribute, publish, and process, information and content that you provide through our Services, without any further consent, notice and/or compensation to you or others.

– our bold, because that’s quite an important little clause. Some sites go further and expect to be able to use others’ original creative content royalty-free. This from WattPad, a creative writing platform:

C. For clarity, you retain all of your ownership rights in your User Submissions. However, by submitting User Submissions to Wattpad.com, you hereby grant Wattpad.com a worldwide, non-exclusive, royalty-free, transferable license to use, reproduce, distribute, display, and perform the User Submissions in connection with the Wattpad.com Website.

This is all there in black and white, but how many people actually read it, inform themselves and consider the ramifications, especially the teen/young adult audience that particular site is aimed at?

If you’re posting original content make sure you understand what can be done with that content, and that you’re happy with the agreement (which, of couse, you’ll read in detail before signing up).

Registering a domain name

Easy peasy. Find one of the few remaining available domain names, hand over your £9.99, fill in a few fields and you’re away – or get someone else to do it and trust them to get it right. It isn’t that simple though and making common mistakes can jeopardise your whole business set-up.

To focus on just a couple, do you know who’s named as the owner of the domain your business relies on? Do you know who’s named as the administrative contact? These should be respectively the owner of the business and the person who is authorised and competent to act for you on domain matters – an in-house IT person or a trusted technical provider. Do you know if the contact email on your domain registration arrives at a live and monitored inbox with an established path to contact you,eg to deliver notice that your domain name is nearing expiry? This all sounds extremely simple and it is, but a good half of the owners of small businesses that we speak to not only don’t know the answers to these questions, but wouldn’t know how to go about finding the answers.

Consider this from Nominet:

We have always required domain name holders to provide accurate and up-to-date information in the form of a correct registrant name and postal address. Failure to do this means a registrant risks losing their domain name.


And that’s before a company registering a .uk is wrongly described as a charity and other mistakes that can legally permit your domain to be removed from you.

Help is at hand – in this as with so much else, OpenSure can see the process through for you accurately and quickly. We can run a check on an existing domain (this is standard for domains transferred to our servers) and advise on any domain queries you might have, such as false invoicing scams.

Using a third-party app to log-in

Two weeks ago we looked at why linking accounts on different platforms wasn’t such a good idea, and now this from Computerworld:

A new tool allows hackers to enerate URLs that can hijack accounts on sites that use Facebook Login, potentially enabling powerful phishing attacks.

All sorts of sites allow you to use other sites’ logins to log in to them, eg Goodreads. This is yet another example of stretching security rather thin, completey unnecessarily. Just come up with a unique login for your Goodreads account and snip another thread between your online identities.

Security tips to act on today

Security and giving away information

Security isn’t just down to other people choosing not to hack your device or a service you use – you have some control and some responsibilities too. As part of our ongoing weekly series on security, we review three measures you can take today to increase your security and privacy and that of the people you communicate with.

Keep distribution lists private

How often do you get an email from someone that includes swathes of other email addresses in the Cc field? Lucky you if the answer is ‘not often’. Dare I ask how often you *send* an email like that?

Apart from the bad manners of revealing lots of email addresses that I’m willing to bet have been displayed without their owners’ consent, it looks amateurish and spoils the layout of your email – depending on the system they use, the recipient may have to scroll through the lines and lines of addresses before reaching the body of the email, or they may realise it’s hardly personal and give up without bothering to read it.

So how do you prevent this and avoid jeopardising other people’s security? It’s very simple: when sending a mass email ensure that the recipient addresses go in the Bcc (blind ‘carbon’ copy) field. Put your own address in the To field. That’s all it takes.

Be careful what information you record

It’s too easy to keep up a running commentary of our thoughts and actions across the breathtaking range of social media opportunities we have at our fingertips. Add to that devices that we actively configure to record our sleep, exercise, health – even our driving experience with dashboard cams.

The innocent face of this is to increase our own security and protect ourselves (proof that that white van simply pulled out in front of you) and help us to optimise our lifestyle for the benefit of our health. Consider though the implications of being on the wrong side of the law or a dispute. Clearly we aren’t going to encourage anybody to with-hold evidence or do anything shady, but put it like this: information you don’t record can’t be twisted to be used against you.

Just imagine the fun an insurance company (yours, or someone else’s) could have with your health and fitness data? What if it could be proved that you were sleep-deprived or lacking food the morning you had a car accident (consider this case ongoing in Canada)? What if you’d taken to social media to vent your frustration with a child the day that child has to be taken to A&E with a broken arm? You’ll be 100% innocent of any wrong-doing, but now you may have to prove that because of the information you’ve broadcast and/or recorded.

You’ve all heard of children having parties while their parents are away, the time and venue making it onto social media and 300 uninvited guests arriving, with predictable results. Hilarious. What a numpty. But take a step back and draw the connection between that and the situation you could be creating for yourself.

Kill off obsolete accounts

Over the years we all accumulate vast numbers of accounts – forums, social networking, journal log-ins, multiple email accounts etc etc. It’s worth revisiting these from time to time and deleting any that you’re sure you no longer need. This minimises your exposure to hacking attacks as well as reducing the amount of information about you that’s available on the internet.

In most cases, certainly for personal non-work related accounts, it’s advisable to avoid using your real name for display purposes (clearly professional sites such as LinkedIn are an exception) and remember – never EVER re-use a password.


Smartphone security

Smartphone security – be informed

Smartphone security and the specific risks attached to increased smartphone use have attracted a lot of attention recently. Not only is the technology ever more sophisticated, inter-connected and beyond many people’s ken, but we rely on these phones in business and give them free access to much of what we do.

By sending information back and forth and connecting to myriad accounts and services we concentrate lots of valuable data about ourselves in one easy to intercept location. Here we outline three steps you can take today to minimise your exposure.

Reviewing connected apps & accounts

Do you run social media on your phone, using Twitter, LinkedIn, Instagram, Pinterest, Facebook etc for your business? Five minutes’ use of these platforms will show you that many people automate cross-platform posting so that every Facebook status update is tweeted and every Instagram post pops up on Tumblr  – often with no accompanying information and without any suggestion of why we should want to schlep over to FB or Instagram to see it in its full glory.

There are lots of reasons for not cross-posting (from a content point of view, these platforms have different functions and audiences therefore your FB content isn’t suitable for Twitter and vice versa, and it bores audiences who follow you on several platforms to see the same content on each), but the most significant is that linking your accounts like this dramatically increases your exposure to hacking. If someone gets into one account it’s a short hop to compromise the others.

  • Review your linked accounts and consciously uncouple wherever you can.

Remove apps that sell information

Downloading a free app is always a gamble (and some paid ones are risky too – do your homework before downloading). Consider how the developer is going to monetise that app: it might be advertising, it might be anonymised user data gathering or it might be simply selling on your data, with or without – most likely without – your consent.

Consider this Flashlight case. First of all, what on earth is a torch app doing asking for  access to such a range of data in the first place? It gets worse. To quote the Wired article linked to above:

The FTC has clamped down on another flashlight apps [sic] for doing downloading data for advertisers without informing consumers

Trying to find out precisely what information is being gathered (as opposed to simply the scope the app requests) is very difficult, and that’s in the developers’ interest. As the article goes on to say, there’s really no such thing as a free app.

As well as that article listen to this brief podcast article from The Naked Scientists.

  • Pay attention to the permissions a new app asks for and don’t download it if it’s not essential and you have concerns

Apply software updates

Do you keep on top of your phone’s requests to update apps and software, or do you automate updating? Patches and updates come out in response to changes in external elements that apps use to run (ie not something within the developer’s control), in response to security concerns and calamities, and in order to offer you a better service or user experience.

You should have the option to authorise these updates manually (and change other settings such as downloading updates only over wifi so you don’t hammer your data allowance). Setting update to manual is a good idea if you want to keep close control over updates and have the option to review what they’re asking for. You might be surprised at what’s still lurking on your phone (you can uninstall anything you feel you don’t need any more – do you really need that eBay app these days, the one with your eBay password stored in it?) and what updates are asking to access.

  • Set updates to manual and review them with every update request