Posts Tagged ‘Personal privacy’
Ever wondered why superheroes don’t get recognised immediately when all they’ve done is put a little mask over their eyes? Well, you can now apply your sleuthing skills when perusing Ashley Madison.
The affair-having dating site has decided to add a new feature to keep your identity a secret (well, the colour of your eyebrows and if you’ve got bags under your eyes), as you can upload a picture and then put a little mask on it.
No, seriously. Have a look!
Something had to be done after the massive hack that the site suffered last year, which saw 32 million people getting their information leaked and dumped online.
That all said, since the hack was so widely publicised, it seemed to do a nice bit of free advertising for the company, as since the attack, subscriptions actually went up.
Anyway, the site said: “We respect your need for discretion so we’ve added some tools to keep your identity a secret.”
So, you can choose a black or brown mask, three different levels of blurriness, or if you’re old-school, a black bar across your face like a reader’s wives entry. We’re not sure how discrete some of these are – it feels a bit like saying “No! Darling! That couldn’t possibly be me, because they’re wearing a tie, and as you can see, I am not wearing a tie right now!”
Either way, fill your boots if that’s your thing.
Remember Facebook losing a court case about the way they transferred your personal data out of Europe and back to America?
Well, this case has massive ramifications for tech firms, because most of them make their money on the data they harvest, and EU data regulators are having a meet-up to discuss how these companies handle everyone’s data.
Watchdogs are looking at what happens next, now that the Safe Harbour agreement doesn’t apply in Europe any more. The previous agreement meant that business didn’t have to get authorisation for individual data transfers.
A replacement deal is still being mulled over, and it is thought that there’s going to be some kind of announcement about it tomorrow.
Any new pact means that American companies are going to have to convince EU regulators that there’s adequate privacy protections for Europeans and their personal data. A new agreement is all set to be called ‘Safer Harbour’, which must have taken all of 5 seconds to come up with.
Safer Harbour will try and work out a way of protecting citizens, without hindering American tech companies too much. There’s talk of an independent ombudsman being introduced, who could heavily penalise tech companies that aren’t careful enough with people’s personal information, and there’s also mutterings about this going to court all over again, should the tech companies not like any new proposals from Europe.
More when we get it.
Passwords eh? Some companies want to kill them off entirely, possibly because people are so awful at choosing them.
Now, we’re sure that BW readers all have excellent passwords and use different ones for different sites, but there’s some truly dreadful ones knocking about, even though everyone really should know better by now.
Security crew SplashData, looked through data dumps from hacks, to look at the most popular passwords in the world… and there’s a lot of lousy ones still being used. So, in 2014, ‘password’ and ’123456′ topped the list, and last year, commonly used passwords included ‘12345678,’ ‘12345,’ ‘123456789,’ ‘1234,’ ‘1234567,’ and ‘111111’.
There was also appearances from ‘qwerty,’ ‘welcome,’ and ‘letmein’, as well as a load of sports like ‘football’ and ‘baseball’. Naturally, there’s still a load of people using ‘abc123’, just asking to be hacked.
New in the top 25 list this year were ‘login,’ and ‘princess’, as well as ‘starwars’, too. There’s also people who use two columns of their keyboard to tap out ‘1qaz2wsx,’ which is oddly charming.
Of course, companies are trying to make people choose passwords that are more secure, but alas, there’s no accounting for people who just can’t be bothered. Maybe it would be a good idea to provide other ways of making your accounts secure, as there’s clearly a lot of people who are just asking for a hacking.
There’s been issues with your security and Windows 10 before, and we’re here again, after some updates. Microsoft decided to make some changes, and we’re particularly good at letting users know what they were up to.
If you changed your settings when you heard about Windows 10 storing your keystrokes and voice commands last time, looks like you’re going to have to do it all over again.
Mercifully, this is not a tricky thing to fix. Here’s what you have to do:
First off, hold down the Windows key and press R. There, you’ll get a pop-up, where you need to type in ‘services.msc’. Press ‘enter’. In the list that comes up, scroll until you see ‘Connected User Experiences and Telemetry’. Double click that.
Then, click ‘Stop’. From there, you need to select ‘Disabled’ from the drop-down menu, and then click ‘OK’. And that’s it. You’re done.
Or, if the Threshold 2 update hasn’t installed on your device yet, this will all be under the ‘Diagnostics Tracking Service’, where you do the same as above to stop that from harvesting all your data.
Have you been sending messages to your mates while at work, using the office computer? Have you been chatting someone up while on company time? Well, you might want to hold back on what you say, because thanks to a court, your boss now has the right to have a look at your private messages.
Europe’s court of human rights (ECHR) ruled that your employers can check your private messages, after a case that looked at the situation involving an engineer who got the sack for using Yahoo Messenger to chat with his family (as well as professional clients, of course).
The ECHR heard, but dismissed the engineer’s argument that his right to private correspondence was violated, siding with his bosses.
Basically, if your work are telling you that they might be checking your messages – even in small print – then as long as they’ve let you know, they’re legally allowed to do it. Of course, you’d have to be using the company’s equipment for this to work – they can’t go through your personal phone.
They can also film you with CCTV, but only if they’re obviously using it – secret cameras aren’t allowed.
The court said it was not “unreasonable that an employer would want to verify that employees were completing their professional tasks during working hours.”
This won’t be news to some people, but if it is, don’t go slagging your job and your employers off in private messages, and certainly don’t send nudes to anyone on the company computer, unless you don’t mind your team leader seeing it, and you don’t mind getting sacked. Best to operate on a Worst Case Scenario in this instance.
The snooper’s charter has pretty much annoyed every single person in Britain who cares about everyone’s personal privacy. Add to that, the information commissioner’s office. The ICO have lambasted the draft Investigatory Powers bill, saying that it is an attack on individuals’ privacy.
What’s got their dander up? Well, like other critics, they’re not at all happy about the government’s idea that apps and communications should be weakened so they can have a look at people’s messages if they think something is up.
The ICO told the parliamentary committee who have been asked to look at the bill that “little justification” has been given for this contentious part of the legislation, saying that encryption “is vital to help ensure the security of personal data generally.”
One of the big concerns is, obviously, the government being able to look at your messages without you knowing. Another is that weakening encryption could see hackers having a field day, thereby, seeing that the government make everyone less secure. Of course, criminals will find other ways of talking in secret, because they’re criminals – that’s what they do.
This type of end-to-end encryption that we currently have ensures that the people providing the communication service can’t read people’s messages, even if an authority asks them to. Facebook and Apple apps have this type of security, as does Telegram. If the government get their way, then the services will be weakened.
The ICO say that allowing the government to do this will have “detrimental consequences to the security of data and safeguards which are essential to the public’s continued confidence in the handling and use of their personal information”, and that “the weakening or circumvention of encryption [is a] matter of real concern”.
“The information commissioner has stressed the importance of encryption to guard against the compromise of personal information. Weakening encryption can have significant consequences for individuals. The constant stream of security breaches only serves to highlight how important encryption is towards safeguarding personal information. Weakened encryption safeguards could be exploited by hackers and nation states intent on harming the UK’s interests,” they continued.
Google have gone and banned AVG from automatically installing their Web TuneUp Chrome extension. Why? Well, it completely borked the online security of nine million people, thanks to weaknesses found in an audit.
Tavis Ormandy, a researcher at Google, had been giving the antivirus software the once over, found that it was filled with vulnerabilities, which is exactly the opposite of what you want out of something that’s supposed to make your devices safer.
The Web TuneUp is installed with AVG’s antivirus package, and basically tries to stop you Chrome users from going on sites that host malware. At the time of writing, over 9 million people were using it.
Ormandy said that the extension leaked “browsing history and other personal data to the internet,” and that means that nasty websites could exploit the frailties to get into other sites a user is logged into. This is great news for hackers, and terrible news for everyone else.
“Apologies for my harsh tone, but I’m really not thrilled about this trash being installed for Chrome users,” Ormandy told AVG in his report. ”The extension is so badly broken that I’m not sure whether I should be reporting it to you as a vulnerability, or asking the extension abuse team to investigate if it’s a PuP [potentially unwanted program aka malware].”
Last week, AVG updated the programme, however, Google are still not allowing AVG to install the extension automatically. Looks like they need to get Google’s trust back up. If you want it, you’ll have to download it manually from the Chrome store.
“We thank the Google Security Research Team for making us aware of the vulnerability with the Web TuneUp optional Chrome extension. The vulnerability has been fixed; the fixed version has been published and automatically updated to users,” an AVG spokesperson told El Reg.
If the aim of the Ashley Madison hack-and-leak was supposed to shame people, and stop them from using the affairs-site, it doesn’t seem to have worked.
Membership to the site has rocketed by more than 4 million in the last six months! It seems that this high profile hack was a fine piece of advertising for the website. It could truly become the sex-tape of the online dating universe.
This will irritate the group called The Impact Team, who carried out the leak, who went on the attack because they wanted Ashley Madison shut down. Of course, it remains open and, thanks to the publicity from the hack, it now has millions of new users.
However, it is far from good news for Avid Life Media (who own AM). While numbers are up, and a £37 million profit in the last financial year, they are looking at a huge amount of lawsuits, which tot up to somewhere in the region of half a billion dollars in damages.
People are suing the company, as they felt that their very personal and private data should’ve been better protected. The fall out from this is things like marriages going down the pan, and we all know courts love taking cases like that.
There’s rumours that this spike in memberships could be bogus too.
A former employee has claimed that they were asked to build around a thousand ‘fake female profiles’, and Gizmodo have previously reported that around 70,000 accounts were actually bots which were created to talk to men who had signed-up with Ashley Madison.
Either way, if you want some attention, sites could well be organising their own hacks for publicity.
Are you sick of having to put your phone number in online forms, as mandatory? You know that you’re destined for a load of cold-calls from a bunch of businesses you don’t want to speak to, yet, you have to put something in.
Well, if you’re no good at making numbers up, there is a solution which could prove valuable if you want your mobile to be mither free, with TrueCall38.
They say: “Do you get annoyed when you fill in a form and have to enter your phone number even when you know that the company doesn’t really need it? What are they going to do with it? Who will they give it to? Your privacy is valuable – protect your phone number with trueCall38!”
“Enter our phone number 0333 8888 8888 (that’s three threes, eight eights) as your phone number, and if, or rather when, they call, those cold call culprits will hear our short but sweet recorded message:- ‘trueCall38 is handling my calls. I prefer not to be contacted by phone, so please contact me via my email address.’
Not bad eh? Of course, some online forms can be a bit pernickerty, but they’ve got an answer for that as well – if the normal trueCall38 number is rejected, then enter 0333 8888 888 (that’s one less eight).
They service costs nothing, but if you have any questions, check out their website.
Even though Apple have been accused of helping governments to spy on people through special software, that’s not stopped them from having a pop at the Government’s proposed new surveillance legislation (or, Snooper’s Charter).
In response to the Investigatory Powers Bill, Apple have said that the “bill will put law-abiding citizens at risk – not the criminals, hackers and terrorists. The fact is to comply with the Government’s proposal, the personal data of millions of law-abiding citizens would be less secure.”
If you’re bored or confused at the mere mention of this, let us give you the vaguest of ideas of what it is – basically, the Government want to lump all surveillance powers up to date, which means tech companies won’t be able to encrypt your messages… so people can spy on them if needed.
Now, of course, some people say they’ve got nothing to hide and are happy for this to happen, as it will help to catch terrorists and baddies. However, critics say that it won’t catch nasty people, and will just let the powers that be listen in on absolutely everyone, which is sinister.
In addition to that, if you weaken encryption, baddies might be able to exploit it, and do you really trust politicians with the keys to the internet’s security? You shouldn’t – they’re almost entirely all idiots.
And so, to Apple, who said that they’re not impressed with the bill’s lack of clarity when it comes to the encryption of data. Of course, a number of messaging services use encryption to scramble you text, so no-one can look it who shouldn’t be, including WhatsApp and Apple’s very own iMessage service.
They said: “Strong encryption is vital to protecting people from malicious actors. Without strong defence, these attacks have the potential to impose chaos, and threaten our way of life, economic stability and infrastructure.”
“This bill threatens to hurt law-abiding citizens in its effort to combat the very few bad actors who have a variety of ways to carry out their attacks. Strong encryption does not eliminate Apple’s ability to give law enforcement metadata or other categories of data … the information Apple and other companies provide helps catch criminals and save lives.”
The Investigatory Powers Bill joint select committee has until 11th February to go over proposed legislation and the like. Most tech companies are very critical of plans to weaken encryption. Of course, the tech companies themselves aren’t always doing nice things with your personal data… so who do you trust?
You remember the Ashley Madison hack, don’t you? Well, month after the breach, there’s reports of blackmail still going on as a result of it. Most of it, thus far, has been online, but this new batch is coming in the form of physical letters.
Seeing as Ashley Madison was a site dedicated to people wanting a bit on the side, all these threats are very worrying for anyone who signed-up to the site. Of course, to some, there’s going to be little sympathy, but that’s beside the point.
The fact is, because the dumping of data was public, if you stop on blackmailer, that doesn’t mean someone else isn’t going to try it on.
And now, Graham Cluey who is a security researcher who reported on the hack, has written about the newest concern, when he received an email from someone who got a physical letter through the post.
The person who contacted him say that they were a user of Ashley Madison, and have got a letter trying to blackmail them for over $4,000 in the mail.
They said: “I just received a physical postal letter to my house asking for $4167 USD or exposed my AM account to people close to me. is your advice the same as in your vid about email blackmail? Thank you”
Cluey’s advice: “I understand that it must be very unsettling and worrying, but paying the blackmailers any money is only likely to make them focus on you more.” Of course, as the blackmailers have physically sent you something – as opposed to email – that does mean you may have in your hands some useful physical evidence for the police to investigate the perpetrators.”
So, in short, don’t pay out. Cluey has made a video offering advice on all this, which you can watch below.