Some "people finder" websites make a dramatic show of searching databases to tell you information about someone — but as they do that, they pepper you with questions so they can add your answers to their databases.
4. Mobile apps send personal data back to a remote server
A Chinese selfie-editing iPhone app called Meitu transforms your face into a surreal cartoon image that whitens, brightens, enlarges the eyes and adds visual effects.
Two weeks ago, the app exploded in popularity because the effects are so unusual and over the top. It turns your face into a dreamy cartoon character. But overnight, it emerged that the app sends all kinds of information back to China, including your location, details about your mobile carrier and IP address, and the IMEI numbers of Android users. The company responded to online outrage by saying it doesn't sell the data and uses it only to improve the app.
The controversy raised awareness about an uncomfortable fact, which is that many apps harvest your data without your knowledge or explicit permission.
So what's the solution? Security apps? Unfortunately...
5. Even security apps can threaten your security
One of the best ways to protect one's privacy online is to use a VPN, or virtual private network. VPNs theoretically let you use the public internet as if you were on a private network. They let you hide and encrypt your online activity, even from your own ISP. And they enable you to spoof your location, so you can say you're going online in another city or country.
However, a recent study found that an alarmingly high number of VPN services offered through Android apps violate your privacy, rather than protect it.
What to do about the new privacy and security threats
You've heard the standard best practices for protecting your privacy. Turn on two-factor authentication whenever and wherever you can. Use a password manager like LastPass. Download apps only when they've been recommended by a credible authoritative reviewer.
But given these new threats to privacy and security, I would recommend the following additional steps.
First, sign up for a site called "Have I Been Pwned?" It will alert you when your personal information shows up online as the result of a hack. Often hackers crack a site, download all the user data, then post it or sell it on the dark web.
Sign up for CIO Asia eNewsletters.