📲Media Literacy Unit 10 Review

The internet has created enormous convenience, but it's also opened the door to serious privacy and security threats. Knowing what those threats look like is the first step toward protecting yourself.

Online Privacy Threats and Risks

Cybercrime refers to criminal activities carried out through the internet. The most common forms include:

Identity theft happens when someone steals personal information (Social Security numbers, credit card details) to impersonate you. They can open accounts, make purchases, or file taxes in your name.
Financial fraud uses deceptive schemes to steal money. Think fake investment opportunities or pyramid schemes that promise unrealistic returns.
Phishing scams trick you into handing over sensitive information through fake emails or websites that look legitimate. A classic example: an email that appears to come from your bank asking you to "verify your account" by clicking a link.

Data breaches occur when unauthorized people gain access to confidential information stored by organizations. The 2017 Equifax breach, for instance, exposed the personal records of roughly 147 million people. Breaches can leak medical records, trade secrets, or financial data. Attackers exploit technical vulnerabilities like SQL injection or simply take advantage of weak passwords.

Online tracking is how companies and third parties monitor your behavior across the web:

Web cookies are small text files websites place on your device to remember things like login status or shopping cart contents. Some cookies also track your activity across multiple sites.
Browser fingerprinting builds a unique profile of your device based on details like screen resolution, installed fonts, and browser settings. Unlike cookies, you can't easily delete a fingerprint.
Targeted advertising uses all this tracked data to show you personalized ads. That's why you see ads for shoes you looked at on one site following you around the rest of the internet.

Malware is malicious software designed to damage devices or steal data. Three major types:

Viruses attach to files and spread when those files are shared (through email attachments, downloads, etc.).
Trojans disguise themselves as legitimate software but secretly perform harmful actions like logging your keystrokes or creating backdoor access for attackers.
Ransomware encrypts your files and demands payment for the decryption key. Major attacks like WannaCry (2017) affected hundreds of thousands of computers worldwide.

Unsecured Wi-Fi networks (like public hotspots at coffee shops or airports) are risky because attackers can perform man-in-the-middle attacks, intercepting data you send over the network. If the connection isn't encrypted, they can capture login credentials, financial information, and more.

Social engineering bypasses technical security entirely by manipulating people. Attackers exploit emotions like urgency ("Your account will be locked in 24 hours"), authority ("This is IT support"), or curiosity to trick you into revealing sensitive information or clicking malicious links. Common techniques include pretexting (creating a fabricated scenario) and baiting (leaving infected USB drives where someone will find them).

Protecting Personal Information Online

Online privacy threats and risks, Your privacy, security and freedom online are in danger - EDRi

Best Practices for Data Protection

Strong, unique passwords are your first line of defense:

Use a mix of uppercase letters, lowercase letters, numbers, and symbols (e.g., $Tr0ub4dor\&3$ ).
Never reuse the same password across multiple accounts. If one account gets breached, attackers will try that password everywhere else.
Consider using a password manager to generate and store complex passwords so you don't have to memorize them all.

Two-factor authentication (2FA) requires a second form of verification beyond your password, such as a code sent via text message or generated by an authenticator app. Even if someone steals your password, they still can't get in without that second factor.

Encryption converts data into an unreadable format so that only authorized parties can access it. When you see "https" in a URL and a padlock icon in your browser, that means the site uses SSL/TLS protocols to encrypt data traveling between your device and the website. Without this, anyone intercepting the connection could read what you're sending.

Virtual Private Networks (VPNs) create a secure, encrypted tunnel for your internet traffic. A VPN masks your IP address and protects your data from interception, which is especially useful on public Wi-Fi networks.

Privacy settings on social media and online accounts let you control who sees your information. Set profiles to "friends only" or "private" and regularly review what data apps and platforms can access. Default settings often share more than you'd expect.

Software updates aren't just about new features. They patch security vulnerabilities that attackers actively exploit. Install updates for your operating system, browsers, and apps promptly.

Privacy vs. Convenience Online

Almost every digital convenience involves a trade-off with privacy. Here are the key ones to understand:

Personalization vs. data collection: Services like Netflix and Amazon offer tailored recommendations, but they work by collecting detailed data about your preferences and behavior. That data can also be used for profiling and tracking beyond what you intended.

Single sign-on (SSO) vs. account security: Using "Sign in with Google" or "Log in with Facebook" is convenient because you only manage one set of credentials. The downside: if that single account gets compromised, an attacker potentially gains access to every service linked to it.

Location services vs. privacy: Apps like Google Maps and Yelp provide navigation and local recommendations by accessing your location. But this also means those companies know your physical whereabouts and movement patterns over time.

Cloud storage vs. data control: Services like Dropbox and Google Drive make it easy to access and share files across devices. But you're trusting a third-party company to keep that data secure and handle it responsibly.

The goal isn't to avoid all these services. It's to make informed choices about which trade-offs you're comfortable with.

Online privacy threats and risks, How to Purify Your Device After Clicking a Phishing Link

Legal and Regulatory Frameworks

Legislation for Online Privacy Safeguards

Several laws exist to protect people's personal data. You should know the purpose and scope of each:

General Data Protection Regulation (GDPR) is the European Union's comprehensive data privacy law, enacted in 2018. It gives individuals the right to access, correct, and erase their personal data. Companies must obtain explicit consent before collecting or processing data, and they need to clearly explain how that data will be used. GDPR applies to any organization that handles EU residents' data, even if the company is based outside Europe.

California Consumer Privacy Act (CCPA) grants California residents three key rights:

The right to know what personal information businesses collect about them
The right to request deletion of their data
The right to opt out of the sale of their personal information to third parties

CCPA has influenced privacy legislation in other U.S. states as well.

Children's Online Privacy Protection Act (COPPA) is a U.S. federal law that specifically protects children under 13. It requires websites and online services to obtain verifiable parental consent before collecting personal information from children. This is why many platforms require users to be at least 13 to create an account.

Health Insurance Portability and Accountability Act (HIPAA) protects sensitive patient health information in the U.S. It sets standards for how health data is stored, transmitted, and shared electronically, and it prohibits unauthorized disclosure of medical records. HIPAA applies to healthcare providers, insurers, and their business associates.

📲Media Literacy Unit 10 Review