Posts Tagged ‘Personal privacy’
These small extensions can be helpful additions to Chrome and Firefox when it comes to browsing, but some of them were problematic when you get under the hood of them. Google teamed-up with the University of California to analyse and nix a number of these apps.
They found that 5% of everyone visiting a Google page have at least one malicious extension, and most of those have a number of add-ons which are malicious.
One of the problems, according to researcher Alexandros Kapravelos, is that the dodgy extensions use the same techniques to collect your data as the legit ones.
“Even when we have a complete understanding of what the extension is doing, sometimes it is not clear if that behaviour is malicious or not,” he said. “You would expect that an extension that injects or replaces advertisements is malicious, but then you have AdBlock that creates an ad-free browsing experience and is technically very similar.”
In a Facebook post, UK culture secretary Sajid Javid said that, if the Conservatives are elected, they will “legislate to put online hardcore pornography behind effective age verification controls”.
Of course, they’ve got kids in mind when they talk about online porn*.
So how would it work? Well, they might use a third-party to verify all the ages or maybe even create a new form of digital ID. Both will invariably be unpopular and the whole thing is likely to be useless too, as these systems would need the dirty sites themselves to sign-up to such a thing. UK ISPs will be asked to block access to websites that don’t comply with the governments weird fascination with smutty films.
It seems the Tories really want to creep up to you and start all that “wink-wink, nudge-nudge” business, by asking you if you want to watch porn in the privacy of your own home.
(*We mean shielding their little eyes from it, we’ve not idea what you inferred from that sentence)
Pardon? Well, a group called Safari Users Against Google’s Secret Tracking (which has the frankly rubbish aconym of SUAGST) want to sue the internet behemoth in the English courts over what they claim are Google bypassing security settings to track them online.
Three appeal judges have dismissed Google’s appeal against a High Court ruling and ruled that claims for damages can be brought over the allegations of Google’s misuse of private information.
The Safari Users say that Google’s “clandestine” tracking and collation of internet usage (between the summer of 2011 and early 2012) led to distress and embarrassment among UK users. You might not remember that, because as a BW reader, you’re in a constant state of embarrassment and distress, so all the years roll into one.
Anyway, the group say that Google collected private info through cookies, without their information.
Dan Tench, a partner at law firm Olswang, who are representing the group, said this case decides “whether British consumers actually have any right to hold Google to account in this country”. Tench added: ”This is the appropriate forum for this case – here in England where the consumers used the internet and where they have a right to privacy.”
Lord Dyson, Master of the Rolls, and Lady Justice Sharp said in their joint judgement, with which Lord Justice McFarlane agreed: “On the face of it, these claims raise serious issues which merit a trial. They concern what is alleged to have been the secret and blanket tracking and collation of information, often of an extremely private nature… about and associated with with the claimants’ internet use, and the subsequent use of that information for about nine months.”
“The case relates to the anxiety and distress this intrusion upon autonomy has caused.”
A lot of people don’t like the power Google have online, and this won’t help the internet giant any further.
If you have an Android phone and a Google account, then you might have been tracked without you knowing. Now, this’ll be old news to some, but it seems like there’s a good number of people out there who still have no idea.
Not to worry though – you can stop being tracked really easily
First off, watch this short video which tells you about how you’re being tracked and how you can see where you’ve been – provided you had your phone in your pocket – via a section on Google Maps.
As you can see, you can go back in time and see where you’ve been on a Google Map, which may well give you the willies, but it is easy enough to fix.
First off, you should switch your location services off on your mobile. You’ll find that in your settings. Some apps ask you to turn your location on, but you don’t have to. Twitter doesn’t need to know where you are and if you’re using something like Tinder which requires your location to show you who wants to hump nearby, then only switch your location on when it is needed.
As the video shows, it is really easy to delete your location history, and you can find out more on that, here.
A plan by David Cameron to block and ban encryption has been found to be a rubbish idea, according to a study by the UK parliament.
This report, carried out by the Parliamentary Office of Science and Technology, had a look at how the darknet (or Tor if you prefer) and online anonymity is being used. There’s little public support for it and the Darknet and Online Anonymity report (.pdf link here) noted that it is used by criminals, but it is also used by journalists and whistleblowers and journalists, so if you’re going to look at the ills, you have to weigh-up the pros too.
“There is widespread agreement that banning online anonymity systems altogether is not seen as an acceptable policy option in the UK. Even if it were, there would be technical challenges,” it said.
One thing the report pointed out, was that one place doing this was China, and their governments attempts to squash communications is not something that would be good for the UK.
The report continued, for those who understand the jargon: ”Some argue for a Tor without hidden services because of the criminal content on some THS. However, THS also benefit non-criminal Tor users because they may add a further layer of security.”
“If a user accesses a THS the communication never leaves the Tor network and the communication is encrypted from origin to destination. Therefore, sites requiring strong security, like whistleblowing platforms, are offered as THS. Also, computer experts argue that any legislative attempt to preclude THS from being available in the UK over Tor would be technologically unfeasible.”
Whether or not David Cameron listens to this report is quite another matter.
You heard about Lenovo installing something that was annoying at best and intrusive at worst, with a thing called Superfish. One of our readers impishly pointed out it should’ve been called ‘SuperPhish’, arf!
Well, the company got in touch and wanted to clear some things up, so you can stop chewing your nails in worry.
They say that Superfish was “previously included on some consumer notebook products shipped in a short window between September and December to help customers potentially discover interesting products while shopping. However, user feedback was not positive, and we responded quickly and decisively.”
And so, this is where we’re at, according to Lenovo:
“1) Superfish has completely disabled server side interactions (since January) on all Lenovo products so that the product is no longer active. This disables Superfish for all products in market.
2) Lenovo stopped preloading the software in January.
3) We will not preload this software in the future.”
So there. The company assure customers that there’s no need to fret about the security of your computer.
They continue: “We have thoroughly investigated this technology and do not find any evidence to substantiate security concerns. But we know that users reacted to this issue with concern, and so we have taken direct action to stop shipping any products with this software. We will continue to review what we do and how we do it in order to ensure we put our user needs, experience and priorities first.”
“To be clear, Superfish technology is purely based on contextual/image and not behavioural. It does not profile nor monitor user behaviour. It does not record user information. It does not know who the user is. Users are not tracked nor re-targeted. Every session is independent. Users are given a choice whether or not to use the product. The relationship with Superfish is not financially significant; our goal was to enhance the experience for users. We recognize that the software did not meet that goal and have acted quickly and decisively.”
American and British intelligence agencies have been up to no good. They’ve been hacking, illegally, into SIM cards to steal codes so they can try to listen in on people’s calls, according to reports.
This, like all scary spy and surveillance news, has trickled out from the infamous former American intelligence contractor, Edward Snowden.
Spies hacked the SIMs of a company called Gemalto who, as you can imagine, are pretty furious about all this as they operate in 85 different countries and they’d rather not be thought of as complicit in all of this.
The Intercept are calling this “the great Sim heist” and that surveillance agencies were given “the potential to secretly monitor a large portion of the world’s cellular communications, including both voice and data”. Some of the mobile networks that are clients of Gemalto include T-Mobile, AT&T, Verizon and “some 450 wireless network providers around the world”.
The source also claims that this hack was organised by Britain’s GCHQ and America’s NSA and that, the hack resulted in the ability to unscramble calls, texts and emails from the decode data that is flung through the air between phones and cell towers. It has also been claimed that Gemalto employees were cyber-stalked and their emails were tapped into so agencies could steal encryption keys.
A Gemalto spokeswoman said: “We take this publication very seriously and will devote all resources necessary to fully investigate and understand the scope of such highly sophisticated techniques to try to obtain Sim card data.”
If you have a Facebook account, chances are, you’ve got a load of important photos on there. Your graduation day might be on there. That night out you had with pals you haven’t seen for a decade. That time your mate shot themselves through the foot when you went clay pigeon shooting. Cherish memories.
Well, you might want to back those photos up because a security researcher has just discovered that he can delete all your Facebook memories with four lines of code.
Someone called Laxman Muthiyah was mucking around with Facebook’s Graph API. On their blog, after musing about whether or not they could delete other people’s photos, they wrote: “I decided to try it with Facebook for mobile access token because we can see delete option for all photo albums in Facebook mobile application isn’t it? Yeah and also it uses the same Graph API. so took a album id & Facebook for android access token of mine and tried it.”
Of course, a good chunk of that is impenetrable techspeak to most people, but basically, what this means that, Facebook access tokens is the line of characters that allows an app to gain access to your profile. Laxman used such a token for the Android app and a random photo album ID and, lo and behold, it transpired you could get in and start mucking around with people’s stuff.
For those who like to get under the hood of things, click here to see Laxman’s workings-out. Or, if you prefer, you can watch a video of it instead of reading all that pesky text.
Now, Laxman has reported this to Facebook and they promptly fixed the bug. However, that’s not to say that they’re aren’t other flaws in the security of social networks.
So, with that, it is advised that you back your photos up if you don’t want them vanishing off the internet. There’s a number of cloud services like Google Drive and the iCloud to store your photos, but as we know, they’re not guaranteeing your stuff is locked-down either, what with the recent Fappening occurrence.
The best bet, if you have a load of photos, is to store them on your hard-drive or buy an external drive to keep them in. A bit of a faff, sure, but if you’re determined to keep hold of those photos from when you ran through a field covered in brightly coloured powder for charity, then you’ll need to do something about it.
Well, after the Big Brother TV Sets debacle with Samsung, we now hear of one of their smart TVs inserting commercials into a video that were stored locally on a Plex media server. The Reddit user in question complained that a Pepsi ad played while they were watching shows and movies on his Samsung television.
Of course, this could well be a look into the future as advertisers try and get their wares into as many platforms as possible. However, in this case, it looks like it was an error Samsung’s part, with a bit of faulty programming.
It seems a few people have had this problem and it isn’t happening on sets made by anyone else. A recent software update seems to be the cause of this particular irritant.
The way to stop this happening, if you’re the owner of a Samsung TV set, is to click “disagree with the Yahoo Privacy Notice” in the options in your Samsung’s Smart Hub options.
However, this does appear to be something Samsung are interested in, as in 2014, the company said that they were looking at “interactive experiences” which will be offered to people on an ‘opt-in’ basis.
Both issues are have a similarity though – it appears that Samsung are treating your data with a reasonable amount of recklessness and, if they don’t get these problems sorted, they might find that customers are going to lose all confidence in them.
Everyone was shrieking in horror yesterday when it turned out that Samsung’s new TVs were voice-activated and it would listen to your voice and store it in some evil word-server at Samsung HQ.
Today, Samsung are trying to calm everyone down and downplay the idea that they’re Big Brother, putting eavesdropping televisions in your house and listening to you while you do dirty phone calls or shout obscenities while playing video games online.
As a reminder, the policy said: “Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to the third party.”
Naturally, Samsung aren’t the only people doing this. Most voice activated stuff is problematic when it comes to personal privacy. In fact, back in 2013, LG had a similar problem with their smart TVs, regarding the data they gathered while people were watching telly.
In a statement, Samsung said with the utmost gravity, that they take privacy issues “very seriously” and have put in place a number of safeguards to stop unauthorised use of your data.
The statement pointed out that the voice recognition feature on their smart TVs was an option and could simply be switched off and that: “Should consumers enable the voice recognition capability, the voice data consists of TV commands, or search sentences, only.”
Feel better now? While you might be able to forgive them for these snooping television sets, no-one should ever forget the time they did that awful, awful rap song.