SafeBlog

These days, travelers have more options than ever when booking vacations. Websites ranging from Craigslist to Couch Surfing provide users the ability to swap houses or even crash on a stranger’s futon. Among these emerging services is Airbnb, an online network that connects renters with people looking for a place to stay short-term.

Earlier this month, a shocking story made headlines about an innocent San Francisco resident who opened her home to a renter via Airbnb, only to find it completely ransacked upon her return. The user, whose name is only published as “E.J.,” recounted the story in a June 29 blog post. Not only were her valuables stolen and her possessions destroyed, but her passport and social security card appeared to have been photocopied, exposing her to possible identity theft.

After E.J.’s story went viral last week, another man revealed to TechCrunch that his own Oakland home was vandalized and covered in meth paraphernalia upon his return.

These incidents help bring to light the importance that we all must place on preserving our security when transacting online. The choice you make when deciding whether to trust someone should be based on both the information the web service provides and what you are able to gather yourself.

Airbnb does not verify the identity of its users, though E.J. argued in a recent blog update that the company leads customers into a false sense of security by “disallowing the exchange of personal contact information until… a reservation is already confirmed and paid for.”

E.J. contends that Craigslist is, in effect, safer. However, we all know that using Craigslist can be dangerous. We have all seen in the news how serious crimes, including theft and murder, have stemmed from Craigslist encounters. The unfortunate reality is that we should always be careful before opening our lives and homes to strangers we meet online.

One of the biggest problems with the online marketplace today is the ability for users to hide behind their anonymity. Randi Zuckerberg, the former marketing director for Facebook, spoke on this topic in a recent panel discussion on social media hosted by Marie Claire magazine.

“I think anonymity on the Internet has to go away,” said Zuckerberg. And we couldn’t agree more. While private data should never be made public to just anyone, it is important that people be held responsible for their actions on the Internet, especially when they break the law or harm others. Internet users should not be able to hide behind any identity other than their own, and everyone’s online identity must be verified to help protect all web denizens.

At Safelist, we recognize that it is important for you to feel safe and know that you are transacting with a legitimate person, therefore, we verify the identity of every Safelist user. Additionally, we also allow our users the option to pass a criminal background check to afford them even greater respect and legitimacy within our community. Our goal is to provide a safer alternative to the anonymous marketplaces found online.

In order to protect our physical and financial safety it is imperative that we always remain vigilant when using online services. Never rely on short cuts!

Please join in the conversation with your comments.

Three San Diego residents were robbed this past Monday night in separate encounters planned by the suspects through Craigslist. In all three instances, the victims were robbed at gunpoint while trying to sell an iPod or iPad.  News outlets are reporting that the police believe the incidents to be related.

These latest episodes come just 3 months after San Diego resident Garret Berki, a recent high school graduate, was shot and killed during a botched Craigslist transaction.

The frequency of incidents in which innocent people using Craigslist end up becoming victims of unscrupulous criminals, is very disturbing. The only reason criminals like using Craigslist is because the website allows them to remain totally anonymous, thus making it easy for them to lure their victims.

Fortunately, there is a solution.

Since criminals prefer operating under the cloak of anonymity, Safelist offers a very simple and elegant solution that makes their platform very unfriendly for crooks and felons: We verify the identity of every user. With our Verified Anonymity concept, users have the ability to stay anonymous, while still being verified. Safelist also promotes an open door policy with law enforcement to further discourage criminals from playing their trade on our site.

Additionally, unlike our competitors’ Russian Roulette system, Safelist users enter into a transaction with their eyes wide open. With our reputation management system, users are afforded the ability to see each others’ transaction scores (SafePoints) before they transact.

At SafeBlog, we are committed to providing you, our readers, with tips and suggestions to help keep you and your family safe and secure from online crime. We encourage you to share your comments, experiences and ideas with our community.

*News Update*

Last night, a suspect, Keith Randall Smith, was arrested and taken in for questioning. The black handgun described in all three incidents was recovered at Smith’s Mission Valley home as well as two of the stolen iPads.

However, the female that accompanied the robber in all three cases is still missing. She is described to be between ages of 20-25, blonde, thin and about 5’4”. If anyone has any information on this case, they are asked to call the San Diego Police Department at 619-531-2000.

“Internet security is broken, and we need to roll up our cyber-sleeves and fix it.” — Becky Ferreira, in her recent Popular Science article exploring the problem with online identification today.

Last week, we discussed the growing problem of single password authentication and how passwords lack adequate protection for our online accounts. In an ideal world, we all would have a strong, unique password for each of our online accounts. However, the reality is that many of us keep the same, easy to remember password across multiple platforms. This leaves our personal information at risk for security breaches, identity theft, and other crimes.

As we highlighted in Part 1 of this post, groups such as Anonymous and LulzSec have recently hacked into organizations like Sony and even the U.S. government and released sensitive data to the public. Security breaches like these put a glaring spotlight on the problem we all have with keeping our web activities private and secure.

High profile incidents such as these are just pieces in the web of cyber-crime that plagues the lives of U.S. citizens. According to the U.S. Department of Justice, an estimated 11.7 million Americans were victims of identity theft of some kind including online identity theft over a recent two-year period.

The government has taken notice of the problem. On April 15, the U.S. Chamber of Commerce hosted the launch of a Whitehouse initiative entitled National Strategy for Trusted Identities in Cyberspace (NSTIC).The goal of the initiative is to create a joint public and private effort toward finding effective solutions to problems plaguing the online authentication process. NSTIC is designed to enable the development of “trusted credentials,” a term which refers to any method considered to be more secure than a single password.

The proposal comes soon after nominal efforts in the private sector to solve the problem. Google led the way in February by introducing their optional two-step authentication process for Google accounts. A two-step process combines two things in online authentication: something you should know (password) and something you should have (a device).

Once a user opts into this Google service, the password is only the first step. Users then also have to enter a verification code that is sent via phone, text message, or mobile application. A potential hacker would not only need to know your password but would also have to have access to your device that receives the verification code.

Google’s solution is a step in the right direction, but it is also somewhat cumbersome. In reality, most users won’t adopt a new process unless they are forced to.

But what are other private companies doing? Unfortunately, not much. Last week the tech blog Gizmodo requested that “Facebook and Microsoft and Apple start taking on this challenge in earnest.” Sites with tens of millions of users have a responsibility to their members to protect them.

For users who want to take their security into their own hands, security tokens are a noteworthy example of a “trusted credential.” A security tokens is a device that displays a unique passcode that changes about once per minute. In order to gain access to their accounts, users need to enter their traditional password and also the passcode displayed on the device in real time.

Unfortunately, even security token providers can be hacked. EMC, the makers of the security token SecurID, admitted in an open letter to customers this past March that they were victim to “an extremely sophisticated cyber-attack.”

Yet another solution that attempts to make our passwords more secure is the advent of applications like 1Password. This program not only creates strong and unique passwords for your myriad of accounts, but it also stores them for you, requiring you to remember just one. Every time you need to access an account, 1Password automatically enters an encrypted password directly into your web browser.

While we wait for emerging innovations to solve the growing problem of online authentication, let us ensure that your current passwords are strong and well-protected from criminals. Here are a few tips that should help:

1. Use numbers, upper and lower case letters, punctuation marks, and symbols.
2. Change your password frequently. Experts recommend doing so every 3 months.
3. Avoid writing passwords down. Whether at home or in the office, having written passwords offers them to an unauthorized person on a silver platter.
4. Use a unique set of letters – nothing personal like your name, pet, date of birth, or the city where you live.
5. Do not use the same password for any of your highly sensitive accounts – including email, banking, finance, etc.

We will keep you up to speed with the newest technologies that may help protect your online accounts from unauthorized access.

But we also want to hear from you.

Please share your comments and suggestions so that we may, with your help, build a safer online community for everyone.

Since the advent of the Internet, our daily lives are moving online at a rapid pace. We have become very comfortable, and even somewhat carefree, in conducting our most sensitive and private activities – banking, bill paying, email, chat, etc. – on the web.

And how do we protect ourselves from strangers’ prying eyes? A password, of course. Pinning our hopes on a 6-12 character combination, assuming that it will help keep others out of our business.

Unfortunately, that is no longer the case. A slew of hackings and security breaches in 2011 helped highlight the fact that the password has become outdated and can no longer be relied upon to protect us online. Our fast changing, web-driven world now requires a better solution.

Part of the problem is the sheer number of passwords that an average online denizen is expected to remember. It seems like almost every site we visit requires us to sign up with a log-in name and a password. As a result, our natural inclination is to use the same password everywhere to help simplify our lives.

Results from a survey published last year in the New York Times highlighted online privacy issues that were troubling to say the least. The article reported that two out of the five most commonly used passwords were “12345” and “password.” And “password1” appeared in the top list as well, seemingly because many sites attempt to protect users by requiring a number in passwords.

If we are not forced to create a strong, varied passwords, it is human nature that we just will not. The technology blog Gizmodo recently published a worrying report that serves as evidence of this tendency. Gizmodo matched a list of their users against a recently released list of hacked Sony users’ passwords. They found that two-thirds of those who used both services had the exact same password. That doesn’t sound too alarming, but chances are that these folks use the same password to access their Facebook, Gmail, or banking accounts as well.

That list of Sony users’ passwords was released by the hacker group LulzSec, which recently went on a widely publicized, 50-day rampage of cyber terrorism. They called it “50 days of Lulz”, which draws from the Internet abbreviation for laughing out loud (LOL). In addition to Sony, this unidentified group of computer criminals released major lists of secure data from the CIA and the U.S. Senate as well.

While it is claimed that LulzSec’s motivation is not to profit from their criminal acts but rather to have fun by spreading mayhem, some in the security industry have given the group credit for helping expose holes in large corporations’ online security systems. No matter how you slice it, their brazen activity of hacking into these companies’ computer systems is illegal. However, it is unfortunately an example of a new and growing trend called “hacktivism.” Along with other groups like Anonymous, hacktivists commit illegal acts online not just for fun but also for political reasons.

In a public message issued to defend its Sony break-in, the folks at LulzSec stressed that they are not “master hackers” and are simply exposing the vulnerabilities plaguing the Japanese company’s computer security systems. “Why do you put such faith in a company that allows itself to become open to these simple attacks?” they asked.

The answer to their rhetorical question is that we shouldn’t. But the unfortunate reality is that we do because we incorrectly assume that these large corporations behind the brands that we admire and trust will ensure the protection of our sensitive personal data. Groups like LulzSec help remind us that that the time has come for us to no longer take our online security for granted, and that we must take steps to ensure that our Internet activities and personal data are safe and secure.

In part 2 of this post, we will examine recent industry developments aimed at solving the problem of online identity theft and share steps that you can take to protect yourself from cyber criminals.

Have you checked your Facebook privacy settings lately?

The social networking site unleashed a firestorm of protests from privacy experts when it recently announced the rollout of their facial recognition technology that will semi-automate the task of photo-tagging for its users worldwide.

Facebook unveiled this new technology last December, but initially made it available to only a select test group. But starting June 6th the company has started enabling this feature for all of its 600 million users worldwide. Basically, their facial recognition technology will “suggest” tags for the over 200 million photos that its users upload every single day. So, if your friend Alex uploads photos of you to his “Wild Weekend in Vegas” album and Facebook suggests that he tag your name to them, all Alex has to do is click “Yes” and you’ll be tagged in all those embarrassing pictures for all to see.

This photo suggesting feature is a privacy setting that can be disabled, but Facebook automatically enabled it for all of its users without much notification other than a blog post. The company’s stance is that the feature is harmless and that “photos are better with friends.” The company also stresses how it is a major convenience to be free from having to manually tag all of your photos.

On the other hand, this also means that Facebook is sitting on a huge database of 600 million users, each one of whom it can now quickly identify with just one picture. So far, Facebook only suggests tagging those you are friends with on the site and they claim they have no plans to use it for anything else.

But who’s to say that that won’t change? Facebook has a long history of trampling over their users’ privacy rights. Almost any new feature they introduce is automatically enabled instead of allowing the user to opt-in. What’s more is that users are not permitted to approve a tag before it goes active, and only have the ability to un-tag after the fact.

Given Facebook’s record of doing what they think is best, rather than giving their users a choice, we can’t know what they will use this technology for in the future. Facebook now has the ability to potentially allow a stranger to snap a photo of you on the street and, after they upload it to Facebook, grant access to your name and identity.

Creepy, isn’t it?

At SafeBlog, our mission is to inform, educate and protect our readers from technologies that we believe have the potential for abuse. We think that Facebook’s facial recognition technology definitely has that potential. We therefore would like to show how you can disable this feature by following these simple steps and help prevent its potential for abuse from affecting you:

To disable the Photo Tagging Feature:

1. Go to Account
2. Select Privacy Settings
3. Select Customize Settings
4. Under the section Things Others Share, go to Suggest Photos of Me to Friends
5. Click on Edit Settings
6. Select Disable

Keep in mind that disabling this option will not prevent Facebook from using the technology entirely. It’s only restricting others from using it to tag you.

We hope that Facebook will listen to the critics of its facial recognition technology and acknowledge that the feature’s potential for abuse far outweighs its perceived convenience and benefits. At a minimum, Facebook must not force this feature on its users and instead, show a modicum of respect to its 600 million users by allowing them to opt-in if they choose to use this auto photo-tagging feature.

It’s that time of year again! The San Diego County Fair arrived at the Del Mar Fairgrounds on June 10 complete with the concert series, animal shows, contests, food stands, and more. Read below for how to win a free package of admission tickets, rides, and other goodies.

With two weeks left at the Fair, shows still to come include concerts like the Neon Trees, the Beach Boys, and REO Speedwagon. Also, you can’t miss the spectacular July 4 fireworks display that closes out the fair season. Visit the Fair’s website to see a complete list of events and information.

Staying safe starts with the Fair staff taking initial precautions. All Fairgoers must pass through metal detectors and/or bag checks at the entrance. Alcohol and glass containers are not allowed, nor are any weapons.

Here are a few additional safety tips to keep in mind while enjoying the Fair:

1. Get a program when you arrive and study the map to make sure you know where First Aid, Guest Services, and Security locations are throughout the fairgrounds
2. Set up a meeting place so that if your party gets separated, you all have one place where you can reconvene.
3. Make sure that everyone has either a phone or a walkie-talkie so you can communicate if you get separated.
4. Be able to describe what clothes and shoes your children are wearing so you can relay that to fair security if they get lost.
5. Avoid carrying a purse on your shoulder. Instead, try using a fanny pack or a strap that goes across your chest.
6. Keep your money and valuables in your front pocket rather than in a purse or bag.
7. Check out the Calamity Jo Safety Show every day at 11:30am. It’s a great show for kids.

We’re giving away free tickets! The prize package includes:

• 4 Fair admission tickets
• 50 ride tickets
• 4 drink vouchers with food purchase at participating vendors
• Parking voucher

To enter, post a comment with what you are most looking forward to doing at the Fair this year. Submit your comment by 5pm PDT Friday, June 24 and we’ll draw the winner at 9am PDT on Monday, June 27. We will announce the winner in the comment section and also send you an email with pick-up information at our headquarters in San Diego. Please, one entry per person.

Good luck and have fun this year at the Fairgrounds!

Around 10:30pm on May 11, 2011 Garrett Berki, an 18-year-old resident of San Diego who graduated from La Jolla High School was shot and killed during a planned Craigslist transaction.

Garrett Berki replied to a Craigslist ad for a $600 MacBook Pro in the San Diego area. When Berki and his girlfriend appeared for the transaction, three 17-year-old boys robbed them of their cell phones and money. The attackers then chased Berki and his girlfriend in a vehicle where Berki was shot in the chest while attempting to drive away. Berki died about an hour later at the hospital.

The accused killers are Rashon Abernathy, Seandell Jones and Shaquille Jordan. Although they are minors, they are being tried as adults and may face 50 years to life in prison if convicted.

Stories like these are occurring more and more frequently. At Safelist.com, we feel, as citizens and parents, it’s our job to create a safer community. Online local classifieds are here to stay, so Safelist.com is taking extra steps to make the online shopping experience safer.

All members who join Safelist.com have their identity verified before they can post or respond to ads. Therefore the risk of someone using a fake email or name is essentially eliminated. To get even greater reliability as a member, upgrading to a Gold membership requires a criminal background check. Although this does not guarantee buyers are free from potential harm, it is an extra step that other classifieds sites like Craigslist do not offer.

No matter how extensive background checks are, classified users still need to use precautions and their own best judgment when completing transactions.

A few tips to stay safe during classified transactions include:

• Meet in a public place such as Starbucks or grocery stores to complete the transaction.
• If you are uncomfortable for any reason, walk away. Just because you set up a place and time to meet doesn’t commit you to purchasing if you don’t feel safe.
• Research. If you are buying something big such as a computer or a car, do your research to ensure the item you’re buying works and is priced fairly.
• Remember: If it sounds too good to be true, it probably is. Be wary of scams if a price is set too low.
• Take advantage of Safelist’s advanced features like voice or video chat to talk directly to the buyer/seller before meeting.

Tragedies like the death of Garrett Berki can be prevented by taking security measures into your own hands. At Safelist.com we’re building a safer community to prevent these types of tragedies from occurring.

Donna Jou was a 19-year-old, Honor student at San Diego State University when she disappeared in June 2007 after placing an ad in an online classifieds website looking to earn a few extra dollars tutoring high school kids in math.

When I first learned about the very tragic story of Donna Jou and felt the incredibly palpable anguish of her Dad, Mr. Reza Jou, in a birthday greeting that he posted on the website dedicated to her at www.DonnaJou.com, I became even more determined to build a gated classifieds website that only allows users whose identity has been verified. Unlike shopping and auction sites (e.g., Amazon and eBay) where users conduct business mostly by mail, users of online classifieds sites, on the other hand, generally transact business in person. By allowing users to post ads anonymously, these websites create a perfect breeding ground for criminals, who, thriving on anonymity, can hide behind their web browsers and prey on an unsuspecting and trusting public with all kinds of nefarious activities, ranging from fraud to even more dangerous crimes, including rape, robbery, and murder.

In 2009, police arrested John Steven Burgess, a 3 time convicted sexual predator, who confessed to luring Donna to her death after reading her classified ad online. As a father of 2 young girls, I made it my mission in life to build a safer classifieds website so that my two daughters will never have to fear for their lives when using an online marketplace.

Please join me in building a web community where members may participate in all types of activities—trade, commerce or social—free from fear and suspicion. If the Safelist marketplace can help save just one life, or help prevent just one woman from being raped or prevent just one child from falling into the dangerous world of child prostitution, then we will have made a significant contribution to society. However, with your help, I am convinced that Safelist.com will play a significantly bigger role in cleaning up the web of criminals and make it safer for everyone. We must not allow Donna’s untimely and tragic death be in vain but instead act as a catalyst for us all in creating a better and safer Internet!

Karim Pirani
Founder
Safelist.com