- Back-up! Back-up! Back-up! Have a recovery system in place so a ransomware infection can’t destroy your personal data forever. It’s best to create two back-up copies: one to be stored in the cloud (remember to use a service that makes an automatic backup of your files) and one to store physically (portable hard drive, thumb drive, extra laptop, etc.). Disconnect these from your computer when you are done. Your backup copies will also come in handy should you accidentally delete a critical file or experience a hard drive failure.
- Use robust antivirus software to protect your system from ransomware. Do not switch off the ‘heuristic functions’ as these help the solution to catch samples of ransomware that have not yet been formally detected.
- Keep all the software on your computer up to date. When your operating system (OS) or applications release a new version, install it. And if the software offers the option of automatic updating, take it.
- Trust no one. Literally. Any account can be compromised and malicious links can be sent from the accounts of friends on social media, colleagues or an online gaming partner. Never open attachments in emails from someone you don’t know. Cybercriminals often distribute fake email messages that look very much like email notifications from an online store, a bank, the police, a court or a tax collection agency, luring recipients into clicking on a malicious link and releasing the malware into their system.
- Enable the ‘Show file extensions’ option in the Windows settings on your computer. This will make it much easier to spot potentially malicious files. Stay away from file extensions like ‘.exe’, ‘.vbs’ and ‘.scr’. Scammers can use several extensions to disguise a malicious file as a video, photo, or document (like hot-chics.avi.exe or doc.scr).
- If you discover a rogue or unknown process on your machine, disconnect it immediately from the internet or other network connections (such as home Wi-Fi) — this will prevent the infection from spreading.
How To Recover After Your Email Password Is Compromised
Your friends are reporting spam and pleas for money originating from your email account and some of your logins aren’t working; you’ve been compromised. Read on to see what to do right now and how to protect yourself in the future.
A compromised password is serious business. A security breach at a minor service you use can jeopardize your more serious accounts if you use weak passwords (or even the same one) across all of them and a security breach at a core service like your email account means it is time to batten the hatches and get your passwords under control.
This guide is full of useful tips for anyone who has to deal with the fall out of leaked password but we’ll be focusing specifically on dealing with the mother of all compromises: a compromised email account. Once someone has control of your email account they can easily gain control of the dozens of other services you use as, for better or worse, email functions as a major key-to-the-castle and qualifying identifier.
Secure Your Email Account
The absolute first thing you need to do at even the slightest hint that something is amiss is to lock down your account. The second your friend calls you and says “I just got an email from you claiming you’re in London and need me to wire you money” you need to get on your computer and get to work.
Resetting/recovering your password.
You may need to reset or recover your password. The process varies from email service to email service but we’ve gathered up the reset links for three popular email services here to help speed the process along if you’ve found this article via a panicked Google search. You can find the forms for Gmail, Hotmail, and Yahoo! Mail here. All three of the aforementioned services have an option for you to specify not just that you forgot your password but that you believe your account has been compromised.
Change your password to something completely different than your previous password. Make it a combination of alphanumeric characters and if need be temporarily write it down. The important thing is that you secure your email immediately with a strong password. While you are still logged into your email account complete the following steps.
Enable two-factor authentication.
Although your email service may not offer this feature, if it does turn it on. You likely won’t keep it on forever (two-factor verification is kind of a hassle) but while you’re in lock-down mode and attempting to get everything under control it’s nice to know that someone would need to, for example, have access to your mobile phone and your password in order to gain access to your email account. You can read about two-factor authentication for Gmail here.
Go through your email settings with a fine tooth comb.
In addition to changing your password and setting up two-factor authentication you need to go through the settings on your email account to make sure nothing is out of the ordinary. Here are several things you need to look at: check your recovery email and ensure that it is set to an email address you control, check your password hints and replace them with fresh questions only you know the answer to, check your email forwarding settings to ensure that however compromised your email hasn’t set it up so that all your future email will be forwarded to a 3rd party.
Regarding password hints: password recovery systems based on hints are notoriously easy to defeat as it isn’t particularly difficult to get basic information about a person like where they were born, what their cat’s name is, etc. (thank you frivolous Facebook quizzes). One easy way to radically increase the strength of hint questions is to make them about someone other than yourself. Answer the questions as though you are your father, a character in a comic book or novel you love, or any other third party that you have a significant degree of knowledge about.
Don’t neglect these three steps and make sure to look at all the settings on your email account to make sure there are no surprises tucked away!
Change Every Password Associated with Your Email Address
Email addresses function as the proverbial keys to the castle. If someone has access to your email account they also have access to nearly everything else you’ve ever used your email account for—your iTunes login, your Amazon.com account, your credit cards and banking institutions, social media accounts, discussion forums and so on. Now is the time to start changing passwords. We realize this isn’t fun and we realize it’s time consuming if you have lots and lots of accounts. The upside is that once you do it, you’ll have effectively inoculated yourself against this misery in the future.
Get a password manager.
Not everyone uses a password manager and lots of people have their reasons for not doing so including “I’ve got a good memory”, “I don’t trust password managers”, “I’ve got some straight up KGB algorithm in my brain to generate new and awesome passwords”, etc. We’ve heard it all before. If you want to play the “I’ll memorize all my passwords” game, that’s fine. You simply won’t have as strong and varied passwords as someone who uses a password manager. Not using a password manager is like refusing to use a calculator and solving all math problems long hand; there’s no good reason to forgo using a calculator and there’s no good reason to stick to juggling passwords in your head when there are better alternatives.
Whether you use LastPass, KeePass, or another respectable password manager that integrates with your web browser (and thus decreases your resistance to using it), you’ll have a system that allows you to use extremely strong and unique passwords for each distinct login.
Search your email for registration reminders.
It won’t be hard to remember your frequently used logins like Facebook and your bank but there are likely dozens of outlaying services that you may not even remember that you use your email to log into.
Use keyword searches like “welcome to”, “reset”, “recovery”, “verify”, “password”, “username”, “login”, “account” and combinations there of like “reset password” or “verify account”. Again, we know this is a hassle but once you’ve done this with a password manager at your side you have a master list of all your account and you’ll never have to this keyword hunt again.
Use strong passwords.
If you’re using a good password manager this won’t even be an issue. LastPass, for example, has a built in password generator. A click of a button is all that it takes to generate a password like “Myy0vNncg6dlYrbhVjo1”; add in another click and you can easily associate that extremely strong password with the account.
If you’re not using a password manager there are still some hard and fast rules you should live by when it comes to manually generating strong passwords:
- Passwords should always be longer than the minimum the service allows for. If the service in question allows for 6-20 character passwords go for the longest password you can remember.
- Do not use dictionary words as part of your password. Your password should never be so simple that a cursory scan with a dictionary file would reveal it. Never include your name, part of the login or email, or other easily identifiable items like your company name or street name. Also avoid using common keyboard combinations like “qwerty” or “asdf” as part of your password.
- Use passphrases instead of passwords. If you’re not using a password manager to remember really random passwords (yes, we realize we’re really harping on the idea of using a password manager) then you can remember stronger passwords by turning them into passphrases. For your Amazon account, for example, you could create the easily remember passphrase “I love to read books” and then crunch that into a password like “!luv2ReadBkz”. It’s easy to remember and it’s fairly strong.
Practice Good Password Hygiene Going Forward
It’s really easy to slip back into bad habits once the shock of security breach has passed. Call it the dentist-effect: you floss and brush like mad before the dentist, you promise yourself you’ll floss and brush after the visit, and three weeks later you find yourself falling asleep on the couch watching Archer with a mouthful of gummy bears.
Staying on top of password management is important and when done correctly protects you from the agony of having to do all this password fixing again (or, worse, losing significant sums of money or becoming embroiled in a legal battle because of what was done with your compromised account). Here’s what you need to do going forward with your old and new accounts:
Always use a unique password for each service.
Think of this policy like having fire suppression systems in every room of a building. If Lab 223 catches fire it doesn’t take the whole structure with it. If someone hacks a game site you visit they won’t also have access to your email (or any other logins associated with your email address).
Change your passwords.
Don’t be resistant to changing your passwords. If you use your email a lot at public Wi-Fi spots, internet cafes, etc. then you need to change it frequently as you are using it in locations where it can be easily sniffed, key logged, or otherwise compromised. If you use a master password manager this process is less painless as you really only need to remember a strong password for the password manager and a strong password for your email (everything else can be managed by the password manager).
Do not store your passwords insecurely.
However you store your passwords, do not store them insecurely. If you write them down on a notebook lock it in your firesafe. If you keep them in a password manager, use a very secure password for that manager. If you keep them on your computer in a text document then you must encrypt that text document and not simply leave it in your My Documents folder. Your password list, however it is stored, is the passport to your digital life.
Do not transmit passwords insecurely.
This is a combination of the previous rule and the next rule. Do not email yourself a plain text file of your passwords. It’s the equivalent of writing your passwords on a postcard and mailing them. Anyone who touches the postcard in transit can easily read the passwords. Never email or instant message your passwords for any reason.
Do not share your password.
As well as not sharing your password between services don’t share your passwords with other people. Your friends don’t need to know your password, your boss doesn’t need to know your password, no legitimate company employee from Google or Bank of America is ever going to call you up or email you and ask for your password. Your default stance on password sharing should always be “No.”
At this point, if you’ve followed along, you have a set of unique, strong, and well managed passwords. You have one final task. Pull up your contact list and send an email to all the people who you previously spammed with “Help, I’m stuck in London and have no money…” messages and email them a link to this article. There’s a good chance that, like you were, they’re one bad break away from a password nightmare.
Credit for this post goes to the “How To Geek” website at http://www.howtogeek.com/ and:
Jason Fitzpatrick who is a warranty-voiding DIYer who spends his days cracking opening cases and wrestling with code so you don’t have to. If it can be modded, optimized, repurposed, or torn apart for fun he’s interested.
What is Malvertising and How Do You Protect Yourself?
Attackers are trying to compromise your web browser and its plug-ins. “Malvertising,” using third-party ad networks to embed attacks in legitimate websites, is becoming increasingly popular.
The real problem with malvertising isn’t ads — it’s vulnerable software on your system that could be compromised by just clicking a link to a malicious website. Even if all ads vanished from the web overnight, the core problem would remain.
You can certainly use Adblock to reduce your risk, but it doesn’t eliminate the risk. For instance, celebrity chef Jamie Oliver’s website was hacked not once, but 3 times with a malware exploit kit that targeted millions of visitors.
Websites are hacked every day, and assuming that your adblocker is going to protect you is a false sense of security. If you are vulnerable, and a ton of people are, even a single click can infect your system.
Web Browsers and Plug-ins Are Under Attack
There are two main ways attackers attempt to compromise your system. One is by attempting to trick you into downloading and running something malicious. The second is by attacking your web browser and related software like the Adobe Flash plug-in, Oracle Java plug-in, and Adobe PDF reader. These attacks use security holes in this software to force your computer to download and run malicious software.
If your system is vulnerable — either because an attacker knows a new “zero-day” vulnerabilityfor your software or because you haven’t installed security patches — just visiting a web page with malicious code on it would allow the attacker to compromise and infect your system. This often takes the form of a malicious Flash object of Java applet. Click a link to a shady website and you could be infected, even though it shouldn’t be possible for any website — even the most disreputable ones on the worst corners of the web — to compromise your system.
What is Malvertising?
Rather than attempting to trick you into visiting a malicious website, malvertising uses advertising networks to spread these malicious Flash objects and other bits of malicious code to other websites.
Attackers upload malicious Flash objects and other bits of malicious code to ad networks, paying the network to distribute them like they’re real advertisements.
You could visit a newspaper’s website and an advertising script on the website would download an ad from the ad network. The malicious advertisement would then attempt to compromise your web browser. That’s exactly how one recent attack that used Yahoo!’s ad network to serve malicious Flash ads worked.
That’s the core bit of malvertising — it takes advantage of flaws in software you’re using to infect you on “legitimate” websites, eliminating the need to trick you into visiting a malicious website. But, without malvertising, you could be infected in the same way after just clicking a link away from that newspaper’s website. Security flaws are the core problem here.
How to Protect Yourself From Malvertising
Even if your browser never loaded another ad again, you’d still want to use the below tricks to harden your web browser and protect yourself against the most common attacks online.
Enable Click-to-Play Plug-ins: Be sure to enable click-to-play plug-ins in your web browser. When you visit a web page containing a Flash or Java object, it won’t automatically run until you click it. Almost all malvertising uses these plug-ins, so this option should protect you from almost everything.
Use MalwareBytes Anti-Exploit: We keep banging on about MalwareBytes Anti-Exploit for a reason. It’s essentially a more user-friendly and complete alternative to Microsoft’s EMET security software, which is targeted more at enterprises. You could also use Microsoft’s EMET at home, but we recommend MalwareBytes Anti-Exploit as an anti-exploit program.
This software doesn’t function as an antivirus. Instead, it monitors your web browser and watches for techniques browser exploits use. If it notices such a technique, it will automatically stop it. MalwareBytes Anti-Exploit is free, can run alongside an antivirus, and will protect you from the vast majority of browser and plug-in exploits — even zero-days. It’s important protection every Windows user should have installed.
Disable or Uninstall Plug-ins You Don’t Frequently Use, Including Java: If you don’t need a browser plug-in, uninstall it. This will “reduce your attack surface,” giving attackers less potentially vulnerable software to target. You shouldn’t need many plug-ins these days. You probably don’t need the Java browser plug-in, which has been an unending source of vulnerabilities and is used by few websites. Microsoft’s Silverlight is no longer used by Netflix, so you may be able to uninstall that too.
You could also disable all your browser plug-ins and use a separate web browser with plug-ins enabled just for web pages that need it, although that will require a bit more work.
If Adobe Flash is successfully erased from the web — along with Java — malvertising will become much more difficult to pull off.
Keep Your Plug-ins Updated: Whatever plug-ins you leave installed, you need to ensure they’re kept up-to-date with the latest security patches. Google Chrome automatically updates Adobe Flash, and so does Microsoft Edge. Internet Explorer on Windows 8, 8.1, and 10 automatically updates Flash, too. If you’re using Internet Explorer on Windows 7, Mozilla Firefox, Opera, or Safari, ensure Adobe Flash is set to automatically update. You’ll find Adobe Flash options in your control panel or in the System Preferences window on a Mac.
Keep Your Web Browser Updated: Keep your web browser updated, too. Web browsers should automatically update themselves these days — just don’t go out of you way to disable automatic updates and you should be okay. If you’re using Internet Explorer, ensure Windows Update is activated and regularly installing updates.
While most malvertising attacks take place against plug-ins, a few have attacked holes in web browsers themselves.
Consider Avoiding Firefox Until Electrolysis is Done: Here’s a controversial piece of advice. While Firefox is still beloved by some, Firefox is behind other web browsers in an important way. Other browsers like Google Chrome, Internet Explorer, and Microsoft Edge all take advantage ofsandboxing technology to prevent browser exploits from escaping the browser and doing damage to your system.
Firefox has no such sandbox, although other browsers have had one for several years. A recent malvertising exploit targeted Firefox itself using a zero-day. Sandboxing techniques built into Firefox could have helped prevented this. However, if you do use Firefox, using MalwareBytes Anti-Exploit would have protected you.
Sandboxing is set to arrive in Firefox after years of delays as part of the Electrolysis project, which will also make Firefox multi-process. The “multi-process” feature is scheduled to be part of the stable version of Firefox “by the end of 2015,” and is already part of the unstable versions. Until then, Mozilla Firefox is arguably the least secure modern web browser. Even Internet Explorer has employed some sandboxing since Internet Explorer 7 on Windows Vista.
Currently, almost all malvertising attacks take place against Windows computers. However, users of other operating systems shouldn’t get too cocky. The recent malvertising attack against Firefox targeted Firefox on Windows, Linux, and Mac.
As we’ve seen with crapware moving over to Apple’s operating system, Macs aren’t immune. An attack on a specific web browser or a plug-in like Flash or Java usually works the same way across Windows, Mac, and Linux.
As posted on How To Geek
It seems that hardly a week goes by without another shocking data breach that affects millions of ordinary internet users making the headlines. But what is a data breach, how can one affect you, how do you know if your data has been breached, and what can you do if it has?
A data breach is any unintentional release of secure or private data. This can include classified information belonging to the military, sensitive information relating to corporate assets. The term is most widely used, however, to describe the unintentional release of data that jeopardizes the privacy and security of ordinary members of the public.
Most commonly, this is in the form of customer databases leaked in some way by private companies, although the danger governments leaking even more sensitive healthcare information and the like is very real.
The information exposed by data breaches often include things like customers’ names, email addresses, usernames, passwords, postal addresses, order history, and even bank payment details.
Data breaches can be accidental, can result from the actions of internal staff members (for example whistleblowers or disgruntled employees), or from the actions of external hackers.
Most such hackers are simple criminals, although motives may also include political activism or simple bravado by the kids keen to build a reputation within the hacker community. Regardless of motive, once the information is within the public domain it is almost certain to be exploited by criminals.
In hacker speak, to pwn something is to own it. The ‘;–have I been pwned? the tool below will help you find out if private details belonging to you are available on the internet by searching a wide range of leaked databases to see if any of them contain your email address.
Are data breaches on the rise?
It’s not just your imagination, data breaches are indeed on the rise. And not only are they becoming increasingly common, but the scale (number of people affected) and scope (sensitivity of the information leaked) of the beeches has been getting steadily worse.
It is estimated that in 2019 some four and a half thousand records are lost or stolen every minute, adding up to over 6 million records every day! Between 2017 and 2019 there was an 88 percent increase in the number of people affected by health data breaches.
The total number of data breaches in the United States rose 44.4 percent between 2016 and 2017, although this dropped to 13 percent in 2018. These figures belie the scale of the problem, though, as the total number of records exposed between 2016 and 2018 is rose 1117 percent to a staggering 446.5 million!
Which companies have had data breaches?
It could almost be asked which companies haven’t had data breaches! What follows, however, is a list of the world’s biggest data breaches over the last few years.
|When||How big||Severity||Type of data||Encrypted?|
|Yahoo||2013-14||3 billion (!!!) users||Moderate||Emails, passwords, phone numbers. But||Most (but not all) details were hashed using strong bcrypt algorithm).|
|Marriott International||2014||500 million customers||Severe||Contact info, passport numbers, credit card details, travel plans.||No.|
|Adult Friend Finder||2016||412.2 million users||Very high||Names, email addresses, passwords.||Hashed using weak SHA1 algorithm. Within 1 month 99% had been cracked.|
|eBay||2014||145 million users||High||Names, addresses, dates of birth, passwords.||Passwords were hashed using a proprietary measure. it is not known how strong these are.|
|Equifax||2017||143 million US consumers.||Severe||Social Security Numbers, birth dates, addresses, driver license numbers. 209,000 unlucky consumers also had their credit card data exposed.||No.|
|Heartland Payment Systems||2008||134 million credit cards||Severe||Credit card details||No.|
|Target Stores||2013||Up to 110 million people||Severe||Names, addresses, emails, telephone numbers, credit card details||No.|
|Uber||2016||57 million users + 600,000 drivers||Moderate||Names, email addresses, and mobile phone numbers||No.|
|JP Morgan Chase||2014||76 million households and 7 million small businesses||Moderate||Names, addresses, phone numbers, and emails.||No.|
Will I be notified if my data is breached?
Between 2013 and 2014 Yahoo was the victim of the largest data breach ever recorded, but it did not make this information public until September 2016. Marriot, in 2013 victim of the second largest data breach ever recorded, waited until November 2018 before alerting its customers to the danger.
This despite the fact that since 2002 all 50 states in the United States have passed data breach notification laws (although the last of these were only passed in 2016). In Europe, the 2016 General Data Protection Regulation (GDPR) mandates that companies report personal data breaches that “pose a risk to the rights and freedoms of natural living persons” to their supervisory authority. For example, the Information Commissioner’s Office (ICO) in the UK.
What history shows us is that faced with huge financial loss and damage to reputation, companies simply cannot be trusted to notify the public in a timely manner if their data was breached. Regardless of any laws requiring them to do so.
Have I been pwned
The tool will tell you which databases your email address appears in, together with a brief history of the breach and a summary of the kind of information which was leaked and is now in the public domain. Try it!
Yikes! I’ve been pwned! What now?
Don’t Panic! Unless the beach is new, then it is unlikely you are in any immediate danger. If the beach is new and involves payment details then check your bank statements immediately.
Even if you find no suspicious activity, it is worth contacting your bank to alert it of the situation. In all likelihood, it will take precautionary measures such as reissuing your card. But even if doesn’t, you are then in a much stronger position to demand redress should money start to mysteriously disappear from your account.
Regardless of the severity or time that has elapsed since the breach, you should immediately change your password (if the account is still active) and ensure that you have not reused that password across different websites. Indeed, re-use of passwords is arguably the single greatest danger posed by most data breaches.
In 2011, for example, Sony suffered a series of data breaches that resulted in far more than the 77 million customer accounts exposed from a single PlayStation breach that year becoming public. In 2012, Yahoo Voice was hacked for 453,491 email addresses and passwords.
The analysis revealed that 59 percent of people whose password was exposed by the Sony hack was still using the exact same password on Yahoo a whole year later. A further 2 percent had only changed the case.
How to minimize the impact
How companies, social media platforms, and government organizations store and protect the data we give them to perform the service they provide is in large part out of our hands. Despite overwhelming evidence that such organizations simply cannot be trusted to keep our sensitive data safe, we have no option but to trust them with it, anyway. C’est la vie.
We can, however, ensure that passwords obtained from a data breach cannot be used to access our other accounts.
Use a password manager
For every website and online service you use, you should create a strong password which is unique to that site or service. Note that 123456, the name of your pet, or of your favorite football team a are not a strong password. A genuinely strong password consists of a long string of random alphanumeric characters with mixed caps and (preferably) symbols.
Of course, us poor humans often struggle to remember even one such secure password, let alone one for each website and online service we use! It is therefore luckily that computers can do the heavy lifting for us!
Password manager apps generate secure and unique passwords and then conveniently autofill them into website logins when required. They also sync across devices so they are always available when you need them.
One-factor authentication is something you know i.e. your login details, which can be compromised by a data breach. Two-factor authentication (2FA) uses an additional something you have to verify your identity.
At present this second something is usually your smartphone. A verification code is typically sent to your phone via SMS messaging, or you verify a login via an authenticator app (often using biometric authentication such as a fingerprint).
Enabling 2FA on your accounts makes accessing them without your permission all but impossible unless, in addition to your account details, a hacker also has physical access to your phone.
Bad news first, folks. LastPass, our favorite password manager (and yours) has been hacked. It’s time to change your master password. The good news is, the passwords you have saved for other sites should be safe.
LastPass has announced on their company blog that they detected an intrusion to their servers. While encrypted user data (read: your stored passwords for other sites) was not stolen, the intruders did take LastPass account email addresses, password reminders, server per user salts, and authentication hashes. The latter is what’s used to tell LastPass that you have permission to access your account.
According to LastPass, the authentication hashes should be sufficiently encrypted to prevent anyone from using them to access your account. However, the company is still prompting all users to update their master password that they use to log in to their LastPass account. If you use LastPass, you should do this immediately. If you share that master password with any other services, you should change it there, too. Finally, if you haven’t enabled two-factor authentication you should do that immediately here.
We’ve talked about what happens if LastPass gets hacked before. As it stands, it doesn’t seem that this hack resulted in any significant data losses for users. However, it’s still important to take steps necessary to protect your account as soon as you can.
Note: It sounds like LastPass’ servers are getting hammered right now, so if your password change doesn’t go through, check back frequently through the day until it does.
LastPass Security Notice | LastPass Hacked
Do advertisements annoy you ?
Are you concerned about your privacy when you surf the Internet ?
If you answered yes to either of these questions then this list is for you !
Please feel free to click and follow these links to start a whole new Internet experience the way it was meant to be. Using these browser add-ons will protect your privacy and rid you of unwanted advertisements leaving only the content you wish to view.
Happy Surfing !
Resources to help prevent advertisements & block websites:
How To Block advertisements in Firefox, Internet Explorer, Chrome, and Opera
BlockSite for Firefox
NoScript – NoScript FAQs
NotScripts for Chrome
Karma Blocker for Firefox <- intended for advanced users
Flashblock for Firefox
Block Unwanted Ads with Custom MVPS Hosts File
How to Block a Specific Website Without Software
Resources to help protect privacy:
The Best Browser Extensions that Protect Your Privacy
How to Start Your Browser in Private Mode
DoNotTrackMe <- for Firefox, Chrome, Safari, Internet Explorer on both Mac and Windows
Ghostery <- for Firefox, Chrome, Safari, Internet Explorer and Opera on both Mac and Windows
Free Hide IP
Ghostery is a browser tool which allows you to block beacons, trackers, advertising, analytics and widgets.
– Ghostery download
– Ghostery – How It Works
– Ghostery General Options
– Ghostery FAQs
– How to configure Ghostery to stop Trackers
– Ghostery Community Forum