Forgot your password?
typodupeerror
Google

Privacy Lawsuit Against Google Rests On Battery Drain Claims 114

Posted by Soulskill
from the discovery-will-be-powered-by-bing dept.
Jason Koebler writes: According to plaintiffs in a class-action lawsuit against Google, personal information about you and your browsing, email, and app-using habits that is regularly sent between apps on you Android phone is harming your battery life. As odd as it sounds, this minor yet demonstrable harm is what will allow their lawsuit to go forward. A federal judge ruled that the claim "requires a heavily and inherently fact-bound inquiry." That means there's a good chance we're about to get a look into the ins and outs of Google's advertising backbone: what information is shared with whom, and when.
Electronic Frontier Foundation

EFF Releases Wireless Router Firmware For Open Access Points 55

Posted by Soulskill
from the secure-is-as-secure-does dept.
klapaucjusz writes: The EFF has released an experimental router firmware designed make it easy to deploy open (password-less) access points in a secure manner. The EFF's firmware is based on the CeroWRT fork of OpenWRT, but appears to remove some of its more advanced routing features. The EFF is asking for help to further develop the firmware. They want the open access point to co-exist on the same router as your typical private and secured access point. They want the owner to be able to share bandwidth, but with a cap, so guests don't degrade service for the owner. They're also looking to develop a network queueing, a minimalist web UI, and an auto-update mechanism. The EFF has also released the beta version of a plug-in called Privacy Badger for Firefox and Chrome that will prevent online advertisers from tracking you.
Privacy

Black Hat Presentation On Tor Cancelled, Developers Working on Bug Fix 46

Posted by Soulskill
from the you-can't-say-that-on-television dept.
alphadogg writes A presentation on a low-budget method to unmask users of a popular online privacy tool Tor will no longer go ahead at the Black Hat security conference early next month. The talk was nixed by the legal counsel with Carnegie Mellon's Software Engineering Institute after a finding that materials from researcher Alexander Volynkin were not approved for public release, according to a notice on the conference's website. Tor project leader Roger Dingledine said, "I think I have a handle on what they did, and how to fix it. ... Based on our current plans, we'll be putting out a fix that relays can apply that should close the particular bug they found. The bug is a nice bug, but it isn't the end of the world." Tor's developers were "informally" shown materials about the bug, but never saw any details about what would be presented in the talk.
Operating Systems

Exodus Intelligence Details Zero-Day Vulnerabilities In Tails OS 129

Posted by timothy
from the compared-to-what? dept.
New submitter I Ate A Candle (3762149) writes Tails OS, the Tor-reliant privacy-focused operating system made famous by Edward Snowden, contains a number of zero-day vulnerabilities that could be used to take control of the OS and execute code remotely. At least that's according to zero-day exploit seller Exodus Intelligence, which counts DARPA amongst its customer base. The company plans to tell the Tails team about the issues "in due time", said Aaron Portnoy, co-founder and vice president of Exodus, but it isn't giving any information on a disclosure timeline. This means users of Tails are in danger of being de-anonymised. Even version 1.1, which hit public release today (22 July 2014), is affected. Snowden famously used Tails to manage the NSA files. The OS can be held on a USB stick and leaves no trace once removed from the drive. It uses the Tor network to avoid identification of the user, but such protections may be undone by the zero-day exploits Exodus holds.
Privacy

A New Form of Online Tracking: Canvas Fingerprinting 177

Posted by Unknown Lamer
from the subverting-features-for-evil-and-profit dept.
New submitter bnortman (922608) was the first to write in with word of "a new research paper discussing a new form of user fingerprinting and tracking for the web using the HTML 5 <canvas> ." globaljustin adds more from an article at Pro Publica: Canvas fingerprinting works by instructing the visitor's Web browser to draw a hidden image. Because each computer draws the image slightly differently, the images can be used to assign each user's device a number that uniquely identifies it. ... The researchers found canvas fingerprinting computer code ... on 5 percent of the top 100,000 websites. Most of the code was on websites that use the AddThis social media sharing tools. Other fingerprinters include the German digital marketer Ligatus and the Canadian dating site Plentyoffish. ... Rich Harris, chief executive of AddThis, said that the company began testing canvas fingerprinting earlier this year as a possible way to replace cookies ...
Facebook

The Loophole Obscuring Facebook and Google's Transparency Reports 18

Posted by samzenpus
from the fuzzy-math dept.
Jason Koebler writes The number of law enforcement requests coming from Canada for information from companies like Facebook and Google are often inaccurate thanks to a little-known loophole that lumps them in with U.S. numbers. For example, law enforcement and government agencies in Canada made 366 requests for Facebook user data in 2013, according to the social network's transparency reports. But that's not the total number. An additional 16 requests are missing, counted instead with U.S. requests thanks to a law that lets Canadian agencies make requests with the U.S. Department of Justice.
Government

Activist Group Sues US Border Agency Over New, Vast Intelligence System 81

Posted by samzenpus
from the lets-see-what-you-have-there dept.
An anonymous reader writes with news about one of the latest unanswered FOIA requests made to the Department of Homeland Security and the associated lawsuit the department's silence has brought. The Electronic Privacy Information Center (EPIC) has sued the United States Customs and Border Protection (CBP) in an attempt to compel the government agency to hand over documents relating to a relatively new comprehensive intelligence database of people and cargo crossing the US border. EPIC's lawsuit, which was filed last Friday, seeks a trove of documents concerning the 'Analytical Framework for Intelligence' (AFI) as part of a Freedom of Information Act (FOIA) request. EPIC's April 2014 FOIA request went unanswered after the 20 days that the law requires, and the group waited an additional 49 days before filing suit. The AFI, which was formally announced in June 2012 by the Department of Homeland Security (DHS), consists of "a single platform for research, analysis, and visualization of large amounts of data from disparate sources and maintaining the final analysis or products in a single, searchable location for later use as well as appropriate dissemination."
Privacy

Researcher Finds Hidden Data-Dumping Services In iOS 94

Posted by samzenpus
from the don't-take-my-data-bro dept.
Trailrunner7 writes There are a number of undocumented and hidden features and services in Apple iOS that can be used to bypass the backup encryption on iOS devices and remove large amounts of users' personal data. Several of these features began as benign services but have evolved in recent years to become powerful tools for acquiring user data.

Jonathan Zdziarski, a forensic scientist and researcher who has worked extensively with law enforcement and intelligence agencies, has spent quite a bit of time looking at the capabilities and services available in iOS for data acquisition and found that some of the services have no real reason to be on these devices and that several have the ability to bypass the iOS backup encryption. One of the services in iOS, called mobile file_relay, can be accessed remotely or through a USB connection can be used to bypass the backup encryption. If the device has not been rebooted since the last time the user entered the PIN, all of the data encrypted via data protection can be accessed, whether by an attacker or law enforcement, Zdziarski said.
Update: 07/21 22:15 GMT by U L : Slides.
Privacy

Snowden Seeks To Develop Anti-Surveillance Technologies 129

Posted by samzenpus
from the snowden-brand dept.
An anonymous reader writes Speaking via a Google Hangout at the Hackers on Planet Earth Conference, Edward Snowden says he plans to work on technology to preserve personal data privacy and called on programmers and the tech industry to join his efforts. "You in this room, right now have both the means and the capability to improve the future by encoding our rights into programs and protocols by which we rely every day," he said. "That is what a lot of my future work is going to be involved in."
United States

Ars Editor Learns Feds Have His Old IP Addresses, Full Credit Card Numbers 203

Posted by samzenpus
from the no-stone-left-unturned dept.
mpicpp writes with the ultimate results of Ars's senior business editor Cyrus Farivar's FOIA request. In May 2014, I reported on my efforts to learn what the feds know about me whenever I enter and exit the country. In particular, I wanted my Passenger Name Records (PNR), data created by airlines, hotels, and cruise ships whenever travel is booked. But instead of providing what I had requested, the United States Customs and Border Protection (CBP) turned over only basic information about my travel going back to 1994. So I appealed—and without explanation, the government recently turned over the actual PNRs I had requested the first time.

The 76 new pages of data, covering 2005 through 2013, show that CBP retains massive amounts of data on us when we travel internationally. My own PNRs include not just every mailing address, e-mail, and phone number I've ever used; some of them also contain: The IP address that I used to buy the ticket, my credit card number (in full), the language I used, and notes on my phone calls to airlines, even for something as minor as a seat change.
Privacy

Australian Website Waits Three Years To Inform Customers of Data Breach 35

Posted by Unknown Lamer
from the better-never-than-late dept.
AlbanX (2847805) writes Australian daily deals website Catch of the Day waited three years to tell its customers their email addresses, delivery addresses, hashed passwords, and some credit card details had been stolen. Its systems were breached in April 2011 and the company told police, banks and credit cards issuers, but didn't tell the Privacy Commissioner or customers until July 18th.
United Kingdom

UK Government Faces Lawsuit Over Emergency Surveillance Bill 44

Posted by Unknown Lamer
from the spilled-some-state-oppression dept.
judgecorp (778838) writes The British Government has had to produce an emergency surveillance Bill after the European Court of Justice ruled that European rules on retaining metadata were illegal. That Bill has now been passed by the House of Commons with almost no debate, and will become law if approved by the House of Lords. But the so-called DRIP (Data retention and Investigatory Powers) Bill could face a legal challenge: the Open Rights Group (ORG) is fundraising to bring a suit which would argue that blanket data retention is unlawful, so these emergency measures would be no more legal than the ones they replaced.
EU

Bing Implements Right To Be Forgotten 64

Posted by Unknown Lamer
from the hide-your-shame dept.
mpicpp (3454017) writes with news that Bing has joined Google in removing search results upon request by EU citizens. From the article: The company has asked European residents, who want Microsoft to block search results that show on Bing in response to searches of their names, to fill out a four-part online form. Besides the name and country of residence of the person and the details of the pages to be blocked, the form also asks if the person is a public figure or has or expects a role that involves trust, leadership or safety. ... The information provided will help the company "consider the balance" between the applicant's individual privacy interest and the public interest in protecting free expression and the free availability of information, in line with European law, Microsoft said. You can always visit a non-EU version of Bing to receive uncensored results.
Privacy

UN Report Finds NSA Mass Surveillance Likely Violated Human Rights 261

Posted by Unknown Lamer
from the silly-human-rights-are-for-robots dept.
An anonymous reader writes A top United Nations human rights official released a report Wednesday that blasts the United States' mass surveillance programs for potentially violating human rights on a worldwide scale. U.N. High Commissioner for Human Rights Navi Pillay also praised whistleblower Edward Snowden and condemned U.S. efforts to prosecute him. "Those who disclose human rights violations should be protected," she said. "We need them." In particular, the surveillance programs violate Article 12 of the Universal Declaration of Human Rights.
Canada

Canadian ISP On Disclosing Subscriber Info: Come Back With a Warrant 55

Posted by samzenpus
from the take-off dept.
An anonymous reader writes "Canadian ISP Rogers has updated its privacy policy to reflect last month's Supreme Court of Canada Spencer decision. That decision ruled that there was a reasonable expectation of privacy in subscriber information. Canada's largest cable ISP will now require a warrant for law enforcement access to basic subscriber information, a policy that effectively kills the Canadian government's efforts to expand the disclosures through voluntary means."
Security

Breaches Exposed 22.8 Million Personal Records of New Yorkers 41

Posted by Unknown Lamer
from the what-is-security dept.
An anonymous reader writes Attorney General Eric T. Schneiderman issued a new report examining the growing number, complexity, and costs of data breaches in the New York State. The report reveals that the number of reported data security breaches in New York more than tripled between 2006 and 2013. In that same period, 22.8 million personal records of New Yorkers have been exposed in nearly 5,000 data breaches, which have cost the public and private sectors in New York upward of $1.37 billion in 2013. The demand on secondary markets for stolen information remains robust. Freshly acquired stolen credit card numbers can fetch up to $45 per record, while other types of personal information, such as Social Security numbers and online account information, can command even higher prices.
The Internet

French Blogger Fined For Negative Restaurant Review 423

Posted by Soulskill
from the enjoy-your-streisand-effect dept.
An anonymous reader sends an article about another case in which a business who received a negative review online decided to retaliate with legal complaints. In August of last year, a French food blogger posted a review of an Italian restaurant called Il Giardino. The restaurant owners responded with legal threats based on the claim that they lost business from search results which included the review. The blogger deleted the post, but that wasn't enough. She was brought to court, and a fine of €1,500 ($2,040) was imposed. She also had to pay court costs, which added another €1,000 ($1,360). The blogger said, "Recently several writers in France were sentenced in similar proceedings for defamation, invasion of privacy, and so on. ... I don't see the point of criticism if it's only positive. It's clear that online, people are suspicious of places that only get positive reviews."
Social Networks

Pseudonyms Now Allowed On Google+ 237

Posted by Soulskill
from the finally-batman-can-set-up-a-profile dept.
An anonymous reader writes When Google+ launched, it received criticism across the internet for requiring that users register with their real names. Now, Google has finally relented and removed all restrictions on what usernames people are allowed to use. The company said, "We know you've been calling for this change for a while. We know that our names policy has been unclear, and this has led to some unnecessarily difficult experiences for some of our users. For this we apologize, and we hope that today's change is a step toward making Google+ the welcoming and inclusive place that we want it to be."
United States

Obama Administration Says the World's Servers Are Ours 749

Posted by samzenpus
from the all-your-data-are-belong-to-us dept.
An anonymous reader points out this story about the U.S. Justice Department's claim that companies served with valid warrants for data must produce that data even if the data is not stored in the U.S. Global governments, the tech sector, and scholars are closely following a legal flap in which the US Justice Department claims that Microsoft must hand over e-mail stored in Dublin, Ireland. In essence, President Barack Obama's administration claims that any company with operations in the United States must comply with valid warrants for data, even if the content is stored overseas. It's a position Microsoft and companies like Apple say is wrong, arguing that the enforcement of US law stops at the border. A magistrate judge has already sided with the government's position, ruling in April that "the basic principle that an entity lawfully obligated to produce information must do so regardless of the location of that information." Microsoft appealed to a federal judge, and the case is set to be heard on July 31.
United Kingdom

Hacking Online Polls and Other Ways British Spies Seek To Control the Internet 117

Posted by samzenpus
from the learning-to-troll dept.
Advocatus Diaboli writes The secretive British spy agency GCHQ has developed covert tools to seed the internet with false information, including the ability to manipulate the results of online polls, artificially inflate pageview counts on web sites, "amplif[y]" sanctioned messages on YouTube, and censor video content judged to be "extremist." The capabilities, detailed in documents provided by NSA whistleblower Edward Snowden, even include an old standby for pre-adolescent prank callers everywhere: A way to connect two unsuspecting phone users together in a call. The tools were created by GCHQ's Joint Threat Research Intelligence Group (JTRIG), and constitute some of the most startling methods of propaganda and internet deception contained within the Snowden archive. Previously disclosed documents have detailed JTRIG's use of "fake victim blog posts," "false flag operations," "honey traps" and psychological manipulation to target online activists, monitor visitors to WikiLeaks, and spy on YouTube and Facebook users.

You are an insult to my intelligence! I demand that you log off immediately.

Working...