Ads could use ultrasound to secretly link your gadgets

tumblr_nxwid0LkpQ1qjjis9o1_500

Researchers are warning that ads could play coded sounds outside the range of human hearing to secretly communicate with other gadgets within earshot.

The technique, which several companies are reportedly working on, would allow marketers to associate devices with one another and paint a privacy-cracking picture of the owner's interests and behaviors.

Dan Goodin reports that cross-device tracking is already in use:

Cross-device tracking raises important privacy concerns, the Center for Democracy and Technology wrote in recently filed comments to the Federal Trade Commission. The FTC has scheduled a workshop on Monday to discuss the technology. Often, people use as many as five connected devices throughout a given day—a phone, computer, tablet, wearable health device, and an RFID-enabled access fob. Until now, there hasn't been an easy way to track activity on one and tie it to another.

"As a person goes about her business, her activity on each device generates different data streams about her preferences and behavior that are siloed in these devices and services that mediate them," CDT officials wrote. "Cross-device tracking allows marketers to combine these streams by linking them to the same individual, enhancing the granularity of what they know about that person."

The trick hasn't been seen in the wild, but all the pieces are in place: we all know our smartphones and laptops might end up under someone else's control, but did you know television sets now default to collecting and sending data on what you watch? [via The New Aesthetic] Read the rest

Edward Snowden's operational security advice for normal humans

lee-snowden-promo

There's no one else on Earth who's more familiar with the surveillance capabilities of governments, spy agencies and criminals who is also willing to discuss those capabilities. Edward Snowden's wide-ranging conversation with the Freedom of the Press Foundation's Micah Lee on operational security for normal people is a must-read for anyone who wants to be safe from identity thieves, stalkers, corrupt governments, police forces, and spy agencies. Read the rest

Did the FBI pay Carnegie Mellon $1 million to identify and attack Tor users?

torcmufbi

Documents published by Vice News: Motherboard and further reporting by Wired News suggest that a team of researchers from Carnegie Mellon University who canceled their scheduled 2015 BlackHat talk identified Tor hidden servers and visitors, and turned that data over to the FBI.

No matter who the researchers and which institution, it sounds like a serious ethical breach.

First, from VICE, a report which didn't name CMU but revealed that a U.S. University helped the FBI bust Silk Road 2, and suspects in child pornography cases:

An academic institution has been providing information to the FBI that led to the identification of criminal suspects on the dark web, according to court documents reviewed by Motherboard. Those suspects include a staff member of the now-defunct Silk Road 2.0 drug marketplace, and a man charged with possession of child pornography.

It raises questions about the role that academics are playing in the continued crackdown on dark web crime, as well as the fairness of the trials of each suspect, as crucial discovery evidence has allegedly been withheld from both defendants.

Here's a screenshot of the relevant portion of one of the court Documents that Motherboard/Vice News published:

Later today, a followup from Wired about discussion that points the finger directly at CMU:

The Tor Project on Wednesday afternoon sent WIRED a statement from its director Roger Dingledine directly accusing Carnegie Mellon of providing its Tor-breaking research in secret to the FBI in exchange for a payment of “at least $1 million.” And while Carnegie Mellon’s attack had been rumored to have been used in takedowns of dark web drug markets that used Tor’s “hidden service” features to obscure their servers and administrators, Dingledine writes that the researchers’ dragnet was larger, affecting innocent users, too.

Read the rest

All smart TVs are watching you back, but Vizio's spyware never blinks

viaplus-onscreen-settings

Vizio made news last April when it pushed out a firmware update that turned on all its' sets spyware features out of the box. Since then, it's only gotten worse. Read the rest

Federal judge orders NSA to stop collecting and searching plaintiffs' phone records

leon

United States District Judge Richard Leon has affirmed his 2013 ruling and has ordered the NSA to stop collecting phone records belonging to J.J. Little and his firm J.J. Little & Associates, P.C., and to segregate all the records collected to date so that they aren't searched. Read the rest

Here's the kind of data the UK government will have about you, in realtime

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x826

UK Home Secretary Theresa May has announced legislation that will force ISPs to preserve the records of all of your online interactions and give them up to practically anyone in government, with little to no judicial oversight. Read the rest

Spy at will! FCC won't force companies to honor Do Not Track

consumerwatchdog

The FCC has rejected Consumer Watchdog's petition to force Internet companies like "Google, Facebook, YouTube, Pandora, Netflix, and LinkedIn") to honor the "Do Not Track" flag that browsers can send to web-servers, informing them that users do not want their Internet activity to be tracked and shared with third parties. Read the rest

Reminder: other people can see your likes and favorites on social networking

instagram

The case at hand is Instagram, where gentlemen often realize too late that their friends and family know when they like pictures of scantily-clad barely-legals.

I'd never reached the level of boredom, or stalkerdom, that led me to the Following tab on the Activity page — the place where you can see what posts the people you follow are liking.

Never, until a friend complained that not only was the guy she was dating constantly liking the swimsuit photos of random 17-year-old girls, but, as she breathlessly informed me, so were many of our mutual male friends and acquaintances! "Anytime you wake up early, just look," she advised, shaking her head. "You won't believe it."

Suddenly, the Following tab became much more interesting.

Welcome to the nasty karma of social networking: Facebook encourages us to be an active consumer of other people's privacy failures, and when we do so, it turns us into the next dish.

P.S. That feeling when a new friend or follower rifles through old pics of you, liking their way backwards through the years, roughly until the age of consent.

P.P.S. When PR people and journalists and peers friend you but never actually say anything. "Just browsing" in the shopfront of life! Read the rest

Firefox's new privacy mode also blocks tracking ads

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x820

Mozilla has shipped a new version of Firefox whose private mode also blocks tracking beacons for ad networks, which will make private Web usage much harder to track. Read the rest

Ranking Internet companies' data-handling: a test they all fail

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x819

Rebecca MacKinnon, the journalist/activist who wrote the seminal Consent of the Network, has launched a new project called Ranking Digital Rights, part of the New America Foundation's Open Tech Institute. RDR issues report-cards that evaluate how Internet giants and other companies handle your data: what do they promise, do they encrypt, and who do they share it with? Virtually every company gets a failing grade in virtually every category. Read the rest

HOWTO use Tor Messenger, the new, super-secure/private chat app

tor-msg-logo

It's still in beta, but Tor Messenger from the Tor Project has security and privacy baked in by design, and it's the easiest method yet devised to use OTR (Off the Record), the gold standard in secure communications. Read the rest

UK police & spies will have warrantless access to your browsing history

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x818

A new plan from Tory Home Secretary/Sith Lord Theresa May will require ISPs to retain one year's worth of Britons' online activity, and hand it over to the police and security services on demand, without a warrant. Read the rest

To do in San Francisco: Aaron Swartz Day mini-con on privacy-enabling tech

ASDAY.Poster.Final_

Lisa Rein writes, "While the San Francisco Aaron Swartz International Hackathon is going on downstairs at the Internet Archive, we're having a little privacy-enabling mini-conference upstairs." Read the rest

Mobile carriers make $24B/year selling your secrets

giphy

The largest carriers in the world partner with companies like SAP to package up data on your movements, social graph and wake/sleep patterns and sell it to marketing firms. Read the rest

US Senate passes CISA, a very bad spying bill dressed up as a cybersecurity bill

rt

CISA won't make you and I any more secure, and it threatens what's left of our online privacy. The very helpful sounding “Cybersecurity Information Sharing Act” will definitely help the government, though: it'll make it a lot easier for technology companies to share your personal data with the government, and everyone knows that this data never ends up in the wrong hands, so you're fine.

The gaping privacy flaws in CISA didn't stop the Senate from passing it by a wide margin today: 74 to 21. CISA now goes to a conference committee between House and Senate.

Here's the EFF's take, by Mark Jaycox:

CISA passed the Senate today in a 74-21 vote. The bill is fundamentally flawed due to its broad immunity clauses, vague definitions, and aggressive spying authorities. The bill now moves to a conference committee despite its inability to address problems that caused recent highly publicized computer data breaches, like unencrypted files, poor computer architecture, un-updated servers, and employees (or contractors) clicking malware links.

The conference committee between the House of Representatives and the Senate will determine the bill's final language. But no amount of changes in conference could fix the fact that CISA doesn't address the real cybersecurity problems that caused computer data breaches like Target and the U.S. Office of Personnel Management (OPM).

Read the rest

Secret surveillance laws make it impossible to have an informed debate about privacy

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x819

James Losey's new, open access, peer-reviewed article in the Journal of International Communication analyzes how secret laws underpinning surveillance undermine democratic principles and how transparency from both companies and governments is a critical first step for supporting an informed debate.. Read the rest

Canada's new Liberal majority: better than the Tories, still terrible for the Internet

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x824

Justin Trudeau is certainly an improvement on outgoing Prime Minister Stephen Harper. He's unlikely to go on burning Canada's archives and warring on its scientists, and he'll probably stop ignoring the murder of hundreds of aboriginal women and girls, and he's not a racist asshole who plays to other racist assholes to keep power. Read the rest

More posts