Devastating technical rebuttal to the Snoopers Charter


The Snoopers Charter is the UK Tory government's proposal to force ISPs to retain records of all their customers' online activities, and the government has used the excuse of the Paris attacks to call for its immediate passage despite the fact that the £175m/year the government has budgeted to defray ISPs' costs is not even close to enough to pay for the massive surveillance effort, meaning that Britons' ISP bills are set to soar if it passes. Read the rest

Not just Lenovo: Dell ships computers with self-signed root certificates


Last February, Lenovo shocked its security-conscious customers by pre-installing its own, self-signed root certificates on the machines it sold. These certificates, provided by a spyware advertising company called Superfish, made it possible for attackers create "secure" connections to undetectable fake versions of banking sites, corporate intranets, webmail providers, etc. Read the rest

How browser extensions steal logins & browsing habits; conduct corporate espionage


Seemingly harmless browser extensions that generate emojis, enlarge thumbnails, help you debug Javascript errors and other common utilities routinely run secret background processes that collect and retransmit your login credentials, private URLs that grant access to sensitive files, corporate secrets, full PDFs and other personally identifying, potentially compromising data. Read the rest

Ads could use ultrasound to secretly link your gadgets


Researchers are warning that ads could play coded sounds outside the range of human hearing to secretly communicate with other gadgets within earshot.

The technique, which several companies are reportedly working on, would allow marketers to associate devices with one another and paint a privacy-cracking picture of the owner's interests and behaviors.

Dan Goodin reports that cross-device tracking is already in use:

Cross-device tracking raises important privacy concerns, the Center for Democracy and Technology wrote in recently filed comments to the Federal Trade Commission. The FTC has scheduled a workshop on Monday to discuss the technology. Often, people use as many as five connected devices throughout a given day—a phone, computer, tablet, wearable health device, and an RFID-enabled access fob. Until now, there hasn't been an easy way to track activity on one and tie it to another.

"As a person goes about her business, her activity on each device generates different data streams about her preferences and behavior that are siloed in these devices and services that mediate them," CDT officials wrote. "Cross-device tracking allows marketers to combine these streams by linking them to the same individual, enhancing the granularity of what they know about that person."

The trick hasn't been seen in the wild, but all the pieces are in place: we all know our smartphones and laptops might end up under someone else's control, but did you know television sets now default to collecting and sending data on what you watch? [via The New Aesthetic] Read the rest

Edward Snowden's operational security advice for normal humans


There's no one else on Earth who's more familiar with the surveillance capabilities of governments, spy agencies and criminals who is also willing to discuss those capabilities. Edward Snowden's wide-ranging conversation with the Freedom of the Press Foundation's Micah Lee on operational security for normal people is a must-read for anyone who wants to be safe from identity thieves, stalkers, corrupt governments, police forces, and spy agencies. Read the rest

Did the FBI pay Carnegie Mellon $1 million to identify and attack Tor users?


Documents published by Vice News: Motherboard and further reporting by Wired News suggest that a team of researchers from Carnegie Mellon University who canceled their scheduled 2015 BlackHat talk identified Tor hidden servers and visitors, and turned that data over to the FBI.

No matter who the researchers and which institution, it sounds like a serious ethical breach.

First, from VICE, a report which didn't name CMU but revealed that a U.S. University helped the FBI bust Silk Road 2, and suspects in child pornography cases:

An academic institution has been providing information to the FBI that led to the identification of criminal suspects on the dark web, according to court documents reviewed by Motherboard. Those suspects include a staff member of the now-defunct Silk Road 2.0 drug marketplace, and a man charged with possession of child pornography.

It raises questions about the role that academics are playing in the continued crackdown on dark web crime, as well as the fairness of the trials of each suspect, as crucial discovery evidence has allegedly been withheld from both defendants.

Here's a screenshot of the relevant portion of one of the court Documents that Motherboard/Vice News published:

Later today, a followup from Wired about discussion that points the finger directly at CMU:

The Tor Project on Wednesday afternoon sent WIRED a statement from its director Roger Dingledine directly accusing Carnegie Mellon of providing its Tor-breaking research in secret to the FBI in exchange for a payment of “at least $1 million.” And while Carnegie Mellon’s attack had been rumored to have been used in takedowns of dark web drug markets that used Tor’s “hidden service” features to obscure their servers and administrators, Dingledine writes that the researchers’ dragnet was larger, affecting innocent users, too.

Read the rest

All smart TVs are watching you back, but Vizio's spyware never blinks


Vizio made news last April when it pushed out a firmware update that turned on all its' sets spyware features out of the box. Since then, it's only gotten worse. Read the rest

Federal judge orders NSA to stop collecting and searching plaintiffs' phone records


United States District Judge Richard Leon has affirmed his 2013 ruling and has ordered the NSA to stop collecting phone records belonging to J.J. Little and his firm J.J. Little & Associates, P.C., and to segregate all the records collected to date so that they aren't searched. Read the rest

Here's the kind of data the UK government will have about you, in realtime


UK Home Secretary Theresa May has announced legislation that will force ISPs to preserve the records of all of your online interactions and give them up to practically anyone in government, with little to no judicial oversight. Read the rest

Spy at will! FCC won't force companies to honor Do Not Track


The FCC has rejected Consumer Watchdog's petition to force Internet companies like "Google, Facebook, YouTube, Pandora, Netflix, and LinkedIn") to honor the "Do Not Track" flag that browsers can send to web-servers, informing them that users do not want their Internet activity to be tracked and shared with third parties. Read the rest

Reminder: other people can see your likes and favorites on social networking


The case at hand is Instagram, where gentlemen often realize too late that their friends and family know when they like pictures of scantily-clad barely-legals.

I'd never reached the level of boredom, or stalkerdom, that led me to the Following tab on the Activity page — the place where you can see what posts the people you follow are liking.

Never, until a friend complained that not only was the guy she was dating constantly liking the swimsuit photos of random 17-year-old girls, but, as she breathlessly informed me, so were many of our mutual male friends and acquaintances! "Anytime you wake up early, just look," she advised, shaking her head. "You won't believe it."

Suddenly, the Following tab became much more interesting.

Welcome to the nasty karma of social networking: Facebook encourages us to be an active consumer of other people's privacy failures, and when we do so, it turns us into the next dish.

P.S. That feeling when a new friend or follower rifles through old pics of you, liking their way backwards through the years, roughly until the age of consent.

P.P.S. When PR people and journalists and peers friend you but never actually say anything. "Just browsing" in the shopfront of life! Read the rest

Firefox's new privacy mode also blocks tracking ads


Mozilla has shipped a new version of Firefox whose private mode also blocks tracking beacons for ad networks, which will make private Web usage much harder to track. Read the rest

Ranking Internet companies' data-handling: a test they all fail


Rebecca MacKinnon, the journalist/activist who wrote the seminal Consent of the Network, has launched a new project called Ranking Digital Rights, part of the New America Foundation's Open Tech Institute. RDR issues report-cards that evaluate how Internet giants and other companies handle your data: what do they promise, do they encrypt, and who do they share it with? Virtually every company gets a failing grade in virtually every category. Read the rest

HOWTO use Tor Messenger, the new, super-secure/private chat app


It's still in beta, but Tor Messenger from the Tor Project has security and privacy baked in by design, and it's the easiest method yet devised to use OTR (Off the Record), the gold standard in secure communications. Read the rest

UK police & spies will have warrantless access to your browsing history


A new plan from Tory Home Secretary/Sith Lord Theresa May will require ISPs to retain one year's worth of Britons' online activity, and hand it over to the police and security services on demand, without a warrant. Read the rest

To do in San Francisco: Aaron Swartz Day mini-con on privacy-enabling tech


Lisa Rein writes, "While the San Francisco Aaron Swartz International Hackathon is going on downstairs at the Internet Archive, we're having a little privacy-enabling mini-conference upstairs." Read the rest

Mobile carriers make $24B/year selling your secrets


The largest carriers in the world partner with companies like SAP to package up data on your movements, social graph and wake/sleep patterns and sell it to marketing firms. Read the rest

More posts