Posts tagged & Privacy

Browsing In Privacy Mode Isn’t As Secure As You Think

Your browser’s incognito mode might not be a secure as you think. A researcher has come up with a proof of concept for Super Cookies, a type of data retention that could turn one of your browser’s biggest security features into its biggest privacy hazard.

See also: The Real Lesson From Recent Cyberattacks: Let’s Break Up The NSA

Cookies are messages between a web server and web browser that get exchanged when a user requests an Internet site. Then, when the user returns to the same site, the website will recognize the user from the cookie it has stored. Essentially, cookies allow websites to fingerprint users and keep tabs on them—when they’re not in incognito mode. Presumably, the difference in incognito mode is that cookies are never exchanged.

Now Sam Greenhalgh, a technology and software consultant, has developed a proof of concept for HSTS Super Cookies, which can fingerprint users even in incognito mode. In order to show he has this capability, his site sets a tracking ID for each visitor. Visit the site as many times as you like in as many browsers and browser settings as you want; you’re still vulnerable to Super Cookies if the tracking ID remains the same.

HSTS stands for HTTP Strict Transport Security, a security protocol that ensures users only interact with a website via a secure HTTPS connection. For a more detailed explanation, check out Ars Technica’s thorough description.

Greenhalgh noted that he is aware of only one browser version that is invulnerable to HSTS Super Cookies: the latest version of Firefox, 34.0.5. Internet Explorer isn’t vulnerable for a different reason—it doesn’t support HSTS security in the first place.

Photo by Jeramey Jannene

View full post on ReadWrite

Google Faces $18.7M Fine in Netherlands for Privacy Violations

The search giant has been ordered to change the way it collects data to target advertising, or face a significantly large fine.

View full post on Home – SearchEngineWatch

Google Faces Potential $19M Privacy Fine In The Netherlands

Google continues to face potential fines for failing to change its privacy policy in Europe. Since the company introduced its “simplified privacy policy” in 2012 it has faced Europe-wide criticism and the threat of fines for violating local data protection laws. Multiple government data…

Please visit Search Engine Land for the full article.

View full post on Search Engine Land: News & Info About SEO, PPC, SEM, Search Engines & Search Marketing

Senator Al Franken Grills Uber Over Privacy Policies

Uber’s bad behavior has earned it a stern letter from Senator Al Franken, a Democrat from Minnesota, questioning the ride-sharing company’s tracking of users’ personal data.

Franken sent a letter Wednesday to Uber CEO Travis Kalanick with ten tough questions regarding reports of “troubling disregard for customers’ privacy, including the need to protect their sensitive geolocation data.”

Emil Michael, senior vice president of business for Uber, is no doubt regretting some remarks he made at a party in New York this weekend, during which he reportedly  threatened to “expose” PandoDaily editor-in-chief Sarah Lacy in retaliation for her criticism of the company. BuzzFeed editor-in-chief Ben Smith, to whom Michael made the remarks, broke the story, reporting that Uber suggested spending “a million dollars” to dredge up dirt on critical journalists.

See also: An Uber Error In Judgment: When Tech Execs Behave Badly

Since then, Uber has been doing damage control, even as new details arise indicating just how much access the company has to users’ location and trip data. BuzzFeed also reported that Uber employees have access to a tool called “God View,” which allows them to track the locations of drivers and customers in real time.

Uber spokesperson Nairi Hourdajian outlined a number of reasons why employees might use “God View” and claimed the company monitored their access.

“Data security specialists monitor and audit that access on an ongoing basis,” Hourdajian wrote. “Violations of this policy do result in disciplinary action, including the possibility of termination and legal action.”

Franken is not convinced. His letter demands answers on the use of “God View,” Uber’s internal data sharing, Uber’s external data sharing with third parties, and other privacy concerns. Most concerning is the observation that Uber may maintain customers’ information long after they delete the app. Franken wants to know why.

Franken signed off with a request that Kalanick respond to his queries by December 15. Read the entire letter below:

Photo by John Taylor

View full post on ReadWrite

Facebook Displays Unprecedented Transparency In Update To Privacy Polices by @mattsouthern

Facebook has been making strides to change the public’s perception towards how transparent and open they are about the data collected on its users, and what the company does with that data. Over the past year they have released new features that give users more control over how much of their information is public, and how much information third party services can gather about them. For a complete overview about these features and privacy settings, Facebook just released a new section on privacy basics which is full of interactive guides answering the most pressing questions about how to better control the […]

The post Facebook Displays Unprecedented Transparency In Update To Privacy Polices by @mattsouthern appeared first on Search Engine Journal.

View full post on Search Engine Journal

DuckDuckGo Added To Firefox As Part Of Enhanced Privacy Options

Firefox is celebrating its 10th anniversary. A new version of the browser includes two new privacy features. The first is the availability of DuckDuckGo as a new pre-installed search engine choice. The second is a “forget” feature that allows users to delete recent history. Forget…

Please visit Search Engine Land for the full article.

View full post on Search Engine Land: News & Info About SEO, PPC, SEM, Search Engines & Search Marketing

Dropbox Responds To Snowden Privacy Criticisms

NSA whistleblower Edward Snowden has been anything but subtle about his aversion toward Dropbox. Now the storage service’s CEO had a few words to say in reply.

Snowden has repeatedly told consumers that if they want to protect their privacy, they ought to avoid Dropbox which he has called a “targeted, wannabe PRISM partner” that is “very hostile to privacy.” Snowden recommended a competitor called SpiderOak.

See also: Dropbox For Business Gives Control Freaks What They Want

On Wednesday, Dropbox CEO Drew Houston used his platform at the Dublin Web Summit to indirectly respond to Snowden’s remarks, emphasizing a priority on user experience.

“If you offer zero knowledge encryption we understand the motivation for that, but there are downsides to it,” he said. “Third-party tools are offered to do that, but of course that [affects making] all my stuff searchable and indexed and rendered well in previews. People have different tradeoffs.”

In other words, Dropbox offers limited privacy in exchange for seamless integration between desktop and mobile versions, Dropbox and third party apps, and other features.

When asked at the summit whether or not Snowden’s remarks had affected Dropbox usage, Houston noted that 1.2 billion users continue to use the service.

“It’s never fun when people throw rocks,” he says. “But how many [negative] articles were there about Facebook and Zuck? There are a lot of happy things but we go from the company who can do no wrong to the one who can do no right…. You are never quite as good as people say you are but also never quite as bad.”

View full post on ReadWrite

“Surveillance Self-Defense” Is A How-To Guide For Every Level Of Online Privacy

Whether you’re a journalism student wanting to learn security tips not taught in college classrooms, or a pro at keeping communications secure, the Electronic Frontier Foundation wants to make your activities online even safer from prying eyes.

The EFF’s new project called Surveillance Self-Defense is a collection of tools and resources broken down into specific resource “playlists” for both computer types and the people using them. These include: Mac user, human rights defender, student journalist, online security veteran, and a security starter pack for newbies.

Each playlist includes a step-by-step guide for protecting and securing your private communications. Most start with a introduction to threat modeling, or understanding what information you want to protect and from whom. From there, the guides cover various other tools and services for particular situations, like “Things To Consider When Crossing The U.S. Border,” in the human rights defender playlist.

The EFF’s SSD project also features a collection of tutorials to help people encrypt their phones, use PGP for different operating systems, and how to pick the best virtual private network. 

See also: NSA Whistleblower Edward Snowden: Keep Their Hands Off Our Data

The organization’s guide doesn’t claim to protect people from every credible threat, but it does a good job of delineating what technologies and services are the most helpful and necessary to protect data from hackers or adversaries.

After the Edward Snowden revelations, ongoing data breaches and personal information leaks, people are increasingly conscious of how and what they share online. Privacy hardware tools that aim to make data protection safe and simple have sprung up on the scene, just as quickly as their usefulness is debunked.

With EFF’s suite of tools and resources, even the most novice user can begin to take steps to secure their data, and begin communicating with friends and colleagues in a safer, more indestructible way.

Lead photo by JD Hancock on Flickr

View full post on ReadWrite

China Blocks DuckDuckGo, The Privacy Search Engine

China has blocked DuckDuckGo, the privacy search engine, that recently made big news when Apple added them as a default search option to iOS and their upcoming desktop operating system. The Founder and CEO of DuckDuckGo, Gabriel Weinberg, confirmed that his search engine was blocked by Chinese…

Please visit Search Engine Land for the full article.

View full post on Search Engine Land: News & Info About SEO, PPC, SEM, Search Engines & Search Marketing

EFF Urges Congress To Protect Privacy In The Cloud

Despite its misleading name, the Electronic Communications Privacy Act of 1986 made it legal for the U.S. government to obtain citizens’ email without a warrant or probable cause.

Now the Electronic Frontier Foundation and 70 other civil liberties organizations, public interest groups, and companies are trying to get it revised. This week they sent two letters to the House and Senate urging lawmakers to reconsider the “archaic” act. The first promotes HR 1852, the bipartisan Email Privacy Act, and the other its Senate companion bill S. 607, the Electronic Communications Privacy Act Amendments Act of 2013.

See also: Online Privacy: The Opt-Out Revolution Is Almost Here

There are more than 260 cosponsors in the House for the Email Privacy Act, and the Senate’s counterpart is due for its final vote, the EFF wrote.

Thanks to the Electronic Communications Privacy Act of 1986, it is far easier for the government to obtain private digital information stored online than on a computer’s hard drive, something that the many digital rights organizations believe is outdated and needs to change. Significantly more of Americans’ personal data is stored in “the cloud,” than it was in 1986.

See also: How To Protect Yourself In The Cloud

“Updating ECPA would respond to the deeply held concerns of Americans about their privacy. S. 607 would make it clear that the warrant standard of the U.S. Constitution applies to private digital information just as it applies to physical property,” both letters read.

Lead image by StockMonkeys

View full post on ReadWrite

Go to Top
Copyright © 1992-2015, DC2NET All rights reserved