Online Safety and Protecting Your Art in 2017

ONLINE

 

I have written a few posts recently around the computer related aspects of creating art, be it digital or traditional, and how to protect your work and making sure that your online reputation remains intact. What I haven’t previously written about is how you protect your online identity, because if someone steals that, well it is more than a five minute job to resolve it.

The latest news on the Yahoo data breach indicates that more than one billion accounts had been compromised, and that is double the number of people affected in September’s breach which is now widely believed to be separate.

If account hacking was an Olympic sport, then the gold and silver medals have to be awarded to Yahoo. They have been notifying customers who might be affected but it’s a little like shutting the stable door not only after the horse bolted, but after the horse had arrived at its new home and settled in for three years, because the newly discovered breach happened in 2013.

Three years doesn’t seem like a long time, but in technology terms and in criminological terms, it is actually a lifetime. Essentially whoever was responsible has had three years to do something with the data.

The biggest problem of course is that many of the people who have been affected will have also used the same password for pretty much everything from online banking to social media accounts, unless they were one of the few who follow the golden rule of not using the same password for everything they access online.

I counted up my account logins last week, I had 104 logins which I have signed up for over the course of the last decade or so. When I went through the list I found that actually I only now use around twenty different sites and services, so I took on a lengthy mission to close my accounts where I no longer needed them.

I had everything from old Twitter accounts, to online shops which went out of business years ago, and I even had a My Space and AOL trial internet account which of course haven’t been used for years. So wherever I could still gain access, I disabled the accounts I no longer needed. It took me the rest of the week spending a couple of hours each night perusing old websites. The moral of this story is if you no longer need it, close it. It was like going around a very large house and opening and closing the doors and changing the locks.

So you need to do a spring clean of your old accounts and if you no longer need them, close them down. It is more difficult when a site has closed, there’s not a lot you can do except to make sure that you are using different passwords for each new site and service you sign up to.

It is also worth changing your security answers periodically too. Many of the latest scams involve people who already have your security questions so they will often give you a call and ask you to confirm details by giving away your security answers. If you can’t see the caller’s eyes and you can’t validate their identity, give them nothing until you can. Banks and other major organisations will never ask you for passwords over the phone, so if someone does ask you, it is an almost certain probability that they are phishing.

Use a password manager such as 1Password, One Safe, or Last Pass. Not only will they provide a safe area where you can find your passwords in one place, many of these services offer a random password generator too so that the job of thinking up a new one is easier.

Best of all with these services is that you will only ever have to remember one master password and maybe a secondary password if you forget the main one. Here is a useful tip though, make sure you frequently change the master password even on these services.

Criminals will use stolen credentials to suck you in to their scam a little further and I discussed in a previous blog post that they would get as much information from you as they could, and then they would carefully craft a letter or email that looks just like it was sent from say a bank. Logo’s, addresses, and in many cases a phone number that looks similar to your banks will be used. 

Getting a phone number that is similar to someone else’s is actually really easy these days, there are even apps which will provide you with alternative numbers.

What is surprising is that the level of detail that scammers are now using is steps above the tactics they were using even a year or so ago. Now when they send emails and letters they are becoming increasingly difficult to spot as being a fake.

Where a scammer would once write to you by email and the wording would be so badly written that you could spot it a mile away, now they have obviously switched on to this fact and must have been going to classes to improve their grammar and their English. Some of the fakes I have seen reported recently have been very difficult to tell apart from the real thing. If you are ever unsure, visit the bank or organisation or use the phone numbers from any paperwork that you have been previously given by the bank or organisation to call them back.

One of the biggest issues facing users is that it is so easy for anyone to create a website these days and that includes those people who want to steal your identity. Identity theft is something that we have to expect to live with, unless the rules change to the point where anyone who wants to collect anything other than your email address signs up to some kind of internet charter where they need to meet specific standards and have those standards independently verified before they can collect anything other than the basics.

Of course, this would make it slightly more difficult as artists to set up our websites, but like many others, I handle no online transactions other than blog post updates via email, as all of my transactions are carried out securely through various vendors who deal with this kind of stuff all the time. The only time I deal directly with monetary transactions is when I fulfil commissions and take direct orders, and then I still use either a BACS transfer or PayPal. 

But it would put a blocker in the way of those who keep on creating fake sites, if they had to jump through a few hoops then they are more likely to go and find somewhere else to publish their scams, and that is sad because whatever is done, scammers will continue to scam.

You can also make sure that you visit https versions of websites, using this link to the https version of this site will automatically redirect you to this site Beechhousemedia  and I am hopeful that Google will turn on settings so that it works the other way around too soon. Other sites might have an https version which uses special certificates to guarantee that where you are going is a secure site.

I mentioned fake news sites and coupon scams in a recent post too, and many of these are fronts for some other scam. The internet has always been like the Wild West, now it is like the Wild West on crack. As soon as one scammer is taken down, even more spring back up.

The biggest problem is that people are really falling for it all in their quest to either find gossip or coupons. Until everyone takes action and stops visiting these kinds of sites, things will continue to get worse.

Social media platforms have started to take action around fake news sites but they really do have a mammoth task ahead. There is no easy way for algorithms to detect fake news, so some news stories might end up not being seen at all because an algorithm said no.

There is also a fine line between mass censorship and freedom of speech that could be crossed every time a new story appears, and I can’t see any tangible way of preventing fake news sites spreading unless people stop signing up to them or reading them. They exist for one thing only, and that's to make money from advertising revenue. 

OTHER WAYS TO PROTECT YOURSELF ONLINE

Managing your passwords is one thing you can do, but it is not the only thing you should be doing in the quest to stay safe. So here are a few other tips that you might want to use too.

 

LINKS

When you receive links in emails or on social media only ever open them if you trust the source.  Links are as everyone should know by now, the easiest way an attacker can start drawing you in to a scam or get you to inadvertently download a virus or Trojan.

Criminal profiling has been used by law enforcement agencies for years to try to spot criminal actions and people who might be involved in crime. Now the criminals are also profiling their victims and they are using social media to do it.

Criminals can easily find out what you are interested in, they can find out when you go on vacation, they can find out your mother’s maiden name because you gave that away when you posted something online years ago about your mother. They have the time to profile, and they do this because it makes the final piece of their jigsaw much easier to put together.

EMAIL

I have a number of different email accounts for everything I do. Sometimes I will get a temporary one created for a specific reason of signing up to something I am not too sure about, and then I will have my primary ones.

The golden rule here is to never ever use the same password on any of your email accounts, and never use the same password as your primary email account on any other account whether it is email or not.

Once a criminal has your email credentials they can trawl through past emails and start building up a picture of your identity. What’s more, they can use this email to change any of your forgotten passwords on any other site or service you are signed up to.

ANTI VIRUS

Always use a good anti-virus package such as F-Secure, Bitdefender, Kaspersky, Eset, and make sure you keep them up to date. I was shocked that a friend had always said they had anti-virus installed recently but had never enabled automatic updates. The last time his anti-virus was updated was in 2008.

In 2010, a German security institute (AV Test) detected that throughout the year 49-million new strains of virus and malware had been found.

DO NOT BE AFRAID TO BLOCK INVITES

If you do not know the person who has made the latest friend request, do not be afraid of appearing aloof by not allowing the request if you do not know them or at least have not seen them online before.

This is difficult when you rely on social media as a marketing platform for anything including your art, but there are some things you can do to find out a little more about the person before you hit the confirm friends button.

Firstly check out their profile. If they only joined a few minutes ago, and unless you are Justin Bieber, chances are that they didn’t sign up to social media to befriend you. If you are the only person appearing on their friends list they are more likely to be a stalker or a spammer. I have experience of finding some of these, and some are more convincing than others. 

Check out their friends list and see if you have mutual friends. If you do then check with your mutual friend if they have ever had problems with the person.

Check out what groups they belong to. This is especially critical when you run Facebook groups, each person who requests permission to join either the Artists Exchange or The Artist Hangout, my two Facebook groups will be vetted in this and other ways. 

If they are members of groups which are so far distant of your group or your interest, then it is likely that they have either developed a sudden interest in your group for some reason, but more likely that they are just randomly joining groups to join so they can post spam.

Sometimes this goes wrong but a good example was over the weekend when I spotted a member request to join one of my groups. The user had joined Facebook less than one hour ago, had already accumulated more than 30-friends, and joined a dozen groups, apparently the also worked for Facebook. A quick call to a contact at Facebook confirmed that this person held only a Facebook account, subsequently that was closed down because the user had breached Facebook guidelines when they stated they worked for Facebook. 

None of the groups were related to art, in fact the groups were all to do with pyramid schemes, sunglasses which were of course fake, and some that looked like they were some kind of cult.

When I looked at the friends profiles too, I noticed that the exact same posts had been made by those friends. They all had the same photograph which advertised cheap Oakley sunglasses, and they all asked you to contact the same email address with your credit card details and address.

Not a hope that this person would be allowed to join the group because this person and this persons friends were highly likely to be the exact same person.

Sometimes people do hide things well enough to be accepted but me and my admins can quickly spot fakes and even if we do miss the occasional one, the rest of the members do inform one of us. Whenever a fake or spammer appears, the member is immediately reported to Facebook, they are blocked and their posts are deleted. Sometimes it is a never ending job.

POSTING ONLINE

Whenever you post online take a moment to think about what you are posting. Think if what you were posting was written on paper, is it something that you would put through the shredder? If it is, then just do not post it.

Once personal information is out there, you do not have much control over the way it is used. If you are happy to stand on the corner of a busy street and shout something out that you would be comfortable in everyone hearing, that means it should be fine to post, but if you stood on the same corner and think twice and decide not to shout it out, then do not post it.

I recently wrote about sharing fake news stories and how it can ruin your online reputation, so if you are so desperate to share something why not just wish everyone a good day. At least people then know you are still around if that’s your worry.

PUBLIC WIFI

I admit that I occasionally utilise public Wi-Fi hotspots but I will do so only if I turn on my VPN software and I am reasonably confident it is not a spam network. VPN or Virtual Private Network is an easy feature to set up on your phone, tablet, or PC or Mac, because there are now so many one click solutions such as F-Secure’s Freedome VPN service.

There is a small subscription charge to use the service each year but having been using it along with another service for more than two-years now, I have to say that the ability to either switch it on or off with a single click is outstanding.

Public networks are exactly that, they are public. So logging in with unsecured connections is a bit like writing your password on a poster. Anyone with some low level of hacking literacy will be able to run a packet sniffer (a program which intercepts data) and steal your unencrypted passwords and user credentials, or even worse, your banking details.

Never use public Wi-Fi to do online banking is the best advice I can give. In some cases public hotspots can be spoofed. So you think you are connecting to Starbucks Wi-Fi, but you are actually connecting to the Starbucks Wi-Fi that someone else has set up. 

KEEP YOUR PHONE LOCKED

I know it can be a real pain to put your finger on a sensor or have to type in a four digit code because it takes so long right?

Imagine your phone as an extension of your home. Inside the phone are the details of your identity, bank accounts, dates of birth, family photos, compromising photos, and every little bit of your online life.

So if all of these details were on the dining room table at home, would you really leave the doors open for anyone to come in and take a look or steal them?

Simple, keep your phone locked when not in use. Also if you are walking in front of me and you are more concerned about looking at your phone than where you are going, just put it in your pocket until I have walked past because you really annoy me.

TWO FACTOR AUTHENTICATION

2FA or two factor authentication is another pain because when you enable it on your tablet you have to then look at your phone to t the four or five digit number that you need to enter on the tablet to access an account.

Now imagine that someone stole your tablet, would you not want to know they were changing your account details on it and be able to stop it completely?

If 2FA is available it literally takes moments to set up, so there is really no excuse for not doing it.

PROTECTING YOUR ONLINE ART

 

While we are on the subject of protecting your identity, let us also take you through another aspect that as an artist you will also want to protect, your artwork.

Let us also start be being completely open and honest here, if you want to protect your artwork completely online, don’t put it online in the first place. Totally un-practical when you rely on social media to sell your work.

When you run a blog or portfolio you can disable right clicking which prevents a user from accessing copy/save/paste from the context menu, but actually there are so many ways around the no right click rule such as the “Prt Sc” button on a computer keyboard that it makes no discernible difference at all.

If they want to take your image they can. Screen shots can be taken on tablets and phones, and sometimes will also increase the resolution of an image for you as well.

The addition of copyright messages is essential on your website but just because words appear doesn’t stop those who are determined to steal your images from stealing them. I would say that the only protection this will give you is if you end up in a court of law and the Judge recognises that you made the copyright clear.

Other people will use a watermark and you absolutely should watermark your images. The only time it isn’t worth watermarking your image is if they are appearing on a print on demand site, unless you are very specific in the art description that the watermark will not appear in the final image. It will put some people off.

If you place a large watermark across the middle of the image you might stand a better chance of preventing casual downloaders from stealing your work, but not the most determined.

Removing a watermark is actually easy to do. There are so many apps available on Apple and Android stores these days that will remove blemishes, a watermark is just a bigger blemish.

I proved this over the weekend when an artist friend asked me if they thought their new watermark would prevent people downloading the work and printing it off. In less than five minutes I had not only removed the watermark, but had printed it off and emailed it back to him, and framed it. If you send me a watermarked photo, I will send it back to you to give you a little reassurance that it works!

THE USUAL SUSPECTS

So you think you are protected but actually you just found out that all of the time you have been making things difficult, the reality is that you made small and tiny obstacles. In fact the Prt Sc trick is around a second quicker than a right click option.

Worry not though, there are things you can do. Firstly try to always post from your website or gallery because you will have to do less protecting. Many sites are now starting to prevent screen shots, Amazon Prime TV already does this on their iPad app, try it.

Secondly make sure that what you are posting is posted online in a small resolution and at only 72dpi (dots per inch). Artwork usually needs at least double this or up to 300dpi to turn out well when printed, and make sure the image sizes are no greater than around 600x600. Fine Art America and Pixels and other sites do as good a job as they can.

It is just about large enough to be able to get a friends opinion of the art you intend to buy, but not large enough for them to open up a cottage industry creating fakes or using it as a desktop wall paper.

If the user tries to increase the dpi, the image will just print out at the size of stamp eventually.

If you decide to upload larger images then there is a risk that you will need to consider, but often that risk has to be taken because you will be desperate to show your work in the best possible light.

There is another way though, and that is to use invisible watermarks. A process called Steganography is used to incorporate invisible images or data within an image and this is the method I employ with everything I post on social media.

I still put the occasional watermark on the top, but I will add a Stenographic watermark too. In order to see the watermark you will need specific software, and it changes the image in such a way that only the sender and the recipient with the correct software can see.

iWatermark  is one of the few tools I have previously used to create watermarks on my iPad art, and it incorporates something called StegoMark which combines Steganography, often called Stego for short and Mark from the word Watermark. You can view Plum Amazing here. 

StegoMarks use a special algorithm designed at Plum Amazing who make the software. This specialised encoding makes that data almost impossible to decipher without iWatermark being installed. I now have other software that performs a similar function, although I never disclose the exact systems I use. Plum Amazing’s iWatermark really is quality software though.

Another thing you can do and something that iWatermark does is to ensure that you also include metadata in the photograph or image. With certain file formats you can add metadata that includes things like your name, date the photo was produced and the location where the photograph was taken and you can add in copyright information.

The long and short of it is that the only real way to stop people stealing your images is not to have them on display anywhere. Cinemas fight against people recording the films on their mobile phones, the music industry battles piracy, and art has been photographed since the invention of the camera. Even if you put everything in place, a camera will still be able to take snapshot.

So at least there are little things that you can do to protect your works but don’t let the minority of people who engage in these actions put you off. If people love your art they will buy it.

Hopefully you will at least now be reassured that there isn’t too much a user can do with the image if you are taking the above actions, and that you are a little better prepared to combat identity theft. Unfortunately that is just the way things are today, but if each of us took a few of the above actions we can maybe make a small difference, at least to ourselves.

ABOUT M.A

Mark Taylor is a UK based artist who specialises in abstracts, surrealism, and landscapes. His work is sold all over the world and he also sells through Pixels and Fine Art America. 

Mark has a passion for art and technology and regularly flies his collection of drones. He also specialises in creating artwork to be used in TV, Film, and Theatre props, and he supports local and independent artists around the world through this blog and in his two Facebook Groups, The Artists Exchange and The Artist Hangout.