Tag

yro

Browsing

Mozilla has just launched a new extension for their web browser to basically de-creepify Facebook usage by containing its activity within a sandbox of sorts, ensuring anything you do on the site cannot be shared with third-party companies:

The pages you visit on the web can say a lot about you. They can infer where you live, the hobbies you have, and your political persuasion. There’s enormous value in tying this data to your social profile, and Facebook has a network of trackers on various websites. This code tracks you invisibly and it is often impossible to determine when this data is being shared.

Facebook Container isolates your Facebook identity from the rest of your web activity. When you install it, you will continue to be able to use Facebook normally. Facebook can continue to deliver their service to you and send you advertising. The difference is that it will be much harder for Facebook to use your activity collected off Facebook to send you ads and other targeted messages.

This Add-On offers a solution that doesn’t tell users to simply stop using a service that they get value from. Instead, it gives users tools that help them protect themselves from the unexpected side effects of their usage. The type of data in the recent Cambridge Analytica incident would not have been prevented by Facebook Container. But troves of data are being collected on your behavior on the internet, and so giving users a choice to limit what they share in a way that is under their control is important.

In light of the recent Facebook scandal it is time to rethink the type of data we share with unscrupulous companies like Facebook. While there is value in the services Facebook provides, it all comes at a cost to your privacy. You are not a Facebook customer, but one of its products. All the web surfing you do, and the associated data Facebook can collect around that activity, is valuable and monetizable. This is how the company provides a free service to you, Mr. and Mrs. Product.

Mozilla creating this add-on is just a band-aid, but a valuable one nonetheless. If you use Mozilla, I strongly suggest you install this add-on. If you use Chrome, I strongly suggest you switch to Mozilla. The latest iterations are lightning fast, just like Chrome, but far less privacy invasive than the Google developed browser. It is well worth making the switch.

Personally, I use Safari on macOS and have done everything I can to limit my exposure and decrease any unnecessary risk. Safari makes it easy but there are improvements that could be made. Hopefully a similar extension will be developed for Safari at some point.

In the interim, switch to Firefox and start using this add-on. It is an outstanding ingredient for your freedom and independence from these companies that could care less about privacy because they merely want to turn a strong profit more than anything else.

Lifehacker has, in light of recent revelations, an awesome HOWTO explaining the ways to delete your phone contact data from both Facebook proper and the Facebook Messenger application:

Facebook’s terrible, horrible, no good, very bad week continues. Though the social network’s “contact import” feature has been around for a very, very long time, you’ve probably forgotten about it. And if you want keep Facebook from filling in the gaps by collecting data about your friends from you—or worse, records of your call data—it’s easy to shut your devices up.

To get a look at the contacts you’ve already uploaded to Facebook, you’ll want to visit Facebook’s Manage Invites and Imported Contacts page. You might be slightly shocked to see open invites from many, many years ago still active—just a little head-nod to the viral aspects of the social network back when it was still getting off the ground (and more of a collegiate gathering ground than anything else). Feel free to delete these; who needs an invite to Facebook nowadays anyway?

This will remove unwanted data from Facebook and will likely lead to less creepy “do you know Johnny” type friend suggestions. The entire article discusses a few different places on Facebook to visit to ensure specific personal data is deleted. If you have not yet done it, I strong suggest visiting this article and following the simple outlined steps.

Ars Technica reports on something not all that surprising considering the Facebook news stories lately. This time it appears for years Facebook has been surreptitiously scraping call, and text message data from Android phones:

If you granted permission to read contacts during Facebook’s installation on Android a few versions ago—specifically before Android 4.1 (Jelly Bean)—that permission also granted Facebook access to call and message logs by default. The permission structure was changed in the Android API in version 16. But Android applications could bypass this change if they were written to earlier versions of the API, so Facebook API could continue to gain access to call and SMS data by specifying an earlier Android SDK version. Google deprecated version 4.0 of the Android API in October 2017—the point at which the latest call metadata in Facebook users’ data was found. Apple iOS has never allowed silent access to call data.

Facebook provides a way for users to purge collected contact data from their accounts, but it’s not clear if this deletes just contacts or if it also purges call and SMS metadata. After purging my contact data, my contacts and calls were still in the archive I downloaded the next day—likely because the archive was not regenerated for my new request.

As always, if you’re really concerned about privacy, you should not share address book and call-log data with any mobile application. And you may want to examine the rest of what can be found in the downloadable Facebook archive, as it includes all the advertisers that Facebook has shared your contact information with, among other things.

Utterly shameful yet entirely unsurprising for one of the most unscrupulous companies on the internet.

Everyone should know the following truism by now: if you are receiving a web-based service for free, you are not the customer but the product. Your data is being monetized, and likely collected in ways you are unaware of, therefore you should be very careful with what data you provide to the platform.

WIRED discusses the EU General Data Protection Regulation – GDPR – and how the new privacy law will likely change the way web sites collect data on its users:

Instead, companies must be clear and concise about their collection and use of personal data like full name, home address, location data, IP address, or the identifier that tracks web and app use on smartphones. Companies have to spell out why the data is being collected and whether it will be used to create profiles of people’s actions and habits. Moreover, consumers will gain the right to access data companies store about them, the right to correct inaccurate information, and the right to limit the use of decisions made by algorithms, among others.

The law protects individuals in the 28 member countries of the European Union, even if the data is processed elsewhere. That means GDPR will apply to publishers like WIRED; banks; universities; much of the Fortune 500; the alphabet soup of ad-tech companies that track you across the web, devices, and apps; and Silicon Valley tech giants.

As an example of the law’s reach, the European Commission, the EU’s legislative arm, says on its website that a social network will have to comply with a user request to delete photos the user posted as a minor — and inform search engines and other websites that used the photos that the images should be removed. The commission also says a car-sharing service may request a user’s name, address, credit card number, and potentially whether the person has a disability, but can’t require a user to share their race. (Under GDPR, stricter conditions apply to collecting “sensitive data,” such as race, religion, political affiliation, and sexual orientation.)

If you do anything on the web, which in 2018 is tantamount to asking someone if they have electricity, then this is a must read. Europe really is at the forefront of privacy law, and we can only hope other nations will follow suit. But since the web knows no borders, GDPR will apply to every company and organization operating on the web. So as a netizen, become familiar with this regulation and know what is, and is not, allowed.

There is a lot of talk about GDPR all over the technology industry, but specifically the web. In light of todays Cambridge Analytica story detailing how the company easily collected data from Facebook, protecting consumer privacy from continued breaches of trust is paramount. A lot of money is being expended on GDPR compliance and I really wonder just how it will change the landscape, if it will change the landscape.

Just as Cambridge Analytica was able to exploit loopholes in Facebook’s system, I wonder what company will be the first to find and leverage loopholes in GDPR, and what will happen to them for doing so.

In the name of ostensibly tightening cyber security regulations, Thailand ends up walking down the slippery slope of privacy protection:

Amendments to Thailand’s 2007 Computer Crime Act to be considered by parliament next month have come under fire from critics who say the bill could give state officials sweeping powers to spy on internet users and restrict online speech.

Critics say parliament is likely to approve the amendments because lawmakers voted unanimously to pass the bill in its first reading.

The amendments come as the military government has ramped up online censorship since the May 2014 coup, particularly perceived insults to the royal family, as it tries to ensure a smooth transition following the death of revered King Bhumibol Adulyadej on Oct. 13 and ahead of a 2017 general election.

Since the coup, the government has shut down or blocked thousands of websites it has deemed offensive or inappropriate.

The amendments to the cyber law, seen by Reuters on Tuesday, have pro-democracy activists worried that they could lead to arbitrary invasion of privacy without a court warrant.

If you are a King and do not have thick enough skin to handle online criticism, and need to rely on censoring perceived insults to your royal family, then you are no true King. The more you censor, the more insults you invite.

An obviously clueless Japanese Judge orders Google to delete links to a man’s previous under-age sexual solicitation arrests from the search engine in an attempt to hide his embarrassing past from the world:

In 2012, the man was arrested for paying a girl under the age of 18 for sexual favors. He was charged with violating child prostitution laws and fined 500,000 yen. However, his name and news reports regarding the arrest still come up in Google searches.

Claiming that this was an infringement upon his personal rights, the man petitioned to have the information deleted from the search engine. His lawyer told the court his client had been rehabilitated and that it was difficult to get on with his life as long as his arrest record remains online.

In handing down the ruling, the presiding judge said such relatively minor crimes do not hold any particular significance to the public and therefore continuing to display such information three years after the incident does not have much merit for society at large.

Someone needs to learn how Google and the internets work. Deleting links from Google’s search engine will not make the stories go away nor will it make them more difficult to find. In fact, this ruling will likely shed more light on his asshattery.

As an aside, I find it quite interesting how the presiding judge considers underage sexual solicitation to have been a “relatively minor crime” considering how damaging it likely will be to her for the rest of her life. Unbelievably out of touch.

Welcome to the Streisand Effect.

The Globe and Mail reports on the thought police in China, and the new cyber police corps defending their protecting Chinese citizens from illegal information or what is otherwise known as state sponsored censorship:

But the new details have nonetheless brought fresh attention to the extraordinary measures China takes to quell digital dissent. Under Mr. Xi’s leadership, Beijing continues to diminish the ability of Chinese people to use the Internet to expose wrongdoing, communicate news not approved by authorities or even chat with friends without fear their conversations could land them in trouble. Recent months have suggested more is coming.

Authorities are working to set in place a broad new national security law that seeks to root out “harmful moral standards” and would create new “systems for cyber and information security.” Critics have called it a “neo-totalitarian” piece of legislation, but it falls in line with calls from Mr. Xi for the use of the Internet – along with Chinese arts and culture – to spread “positive energy.”

To further enforce that, China is also building a “social credit system” that would rely in part on individual Internet browsing and posting histories to assign each person a score that reflects their adherence to socialist values like patriotism and hard work. Comments critical of the Communist Party risk producing a poor score that would threaten a person’s ability to secure work or bank loans. It’s been called an “Orwellian” system for the digital age.

China’s Internet police, as part of their charm offensive this week, defended their work as keeping the Internet free of problems for everyday Chinese.

“Freedom of speech is enshrined in the law,” Zhong Zhong, deputy inspector at the Bureau for Network Security, said in an comments published by the Global Times, a Communist mouthpiece newspaper. Online enforcement is useful to “stop the spread of illegal information,” he said, so China can “protect the legal right of every netizen to use Internet.”

If you believe China has freedom of speech, as American’s understand freedom of speech, you might want to think again.

Chris Soghoian of the ACLU asks the US Department of Commerce to make it easy for security researchers to report security flaws without fear of being locked up for exposing important vulnerabilities:

Today, the ACLU submitted a formal comment to the Internet Policy Task Force recommending several ways that companies and government agencies can encourage security researchers to disclose security flaws that make their websites and other computer systems vulnerable.

Far too many of the cybersecurity legislative proposals discussed in Washington (and opposed by the ACLU) would hurt civil liberties by expanding the government’s surveillance powers. Improving the process through which computer security vulnerabilities are disclosed to companies and government agencies, on the other hand, will increase cybersecurity while protecting privacy – a win-win.

All computer systems have programming flaws and design mistakes that can be exploited, and no system will ever be one hundred percent secure. An unfortunate reality is that these flaws can be discovered and exploited by criminals and foreign governments’ intelligence services and militaries, who will not responsibly disclose the flaws, but rather, will exploit them for their own gain. But sometimes security researchers who have discovered security flaws and have pointed them out to those responsible have been met with legal threats or in some cases, lawsuits. These legal risks chill research and can discourage researchers from notifying the companies or organizations responsible for the vulnerable code.

Sometimes I wonder – and this is some real tinfoil hat thinking here – if the government wishes to keep security vulnerabilities secret so the NSA can continue to exploit them against our adversaries for as long as possible. The flaw here is that if this is what the US government wishes, they sure are taking a huge leap of faith that those very same adversaries have not, themselves, found the same vulnerabilities and 1) patched them -and- 2) are exploiting the flaws against the US and other nations.

It may sound far-fetched but I do not believe it to be too off-base.

The EFF on an Obama administration nightmare, this time another leaked treaty you have likely never heard of that makes global secret rules for the internet:

But the latest leak has revealed more. The agreement would also prohibit countries from enacting free and open source software mandates. Although “software used for critical infrastructure” is already carved out from this prohibition (and so is software that is not “mass market software”, whatever that means), there are other circumstances in which a country might legitimately require suppliers to disclose their source code.

For example, one step that might be considered to improve the dire state of security of consumer routers might be to require that they be supplied with source code, so that their security could be more broadly reviewed, and third parties could contribute patches for critical vulnerabilities. Although that may sound radical, this is already required for many routers because they are based on software covered by the GNU General Public License. TISA would prohibit any such national initiative.

As in the TPP, and expanding on the earlier leaked draft, TISA also includes a prohibition on laws that require service providers to host data locally, which some countries have used to protect sensitive personal information, such as health data, from being snooped upon on foreign soil. There are arguments for and against such laws, and it is inappropriate that a secretive international agreement such as TISA should preempt these important debates.

The agreement would also require countries to introduce anti-spam laws. Although spam is bad, that doesn’t necessarily make anti-spam laws good. In practice such laws have generally been ineffective at best, and ripe for abuse at worst. As such, we believe that it would be a legitimate choice for a country to decide not to tackle this blight through legislation—a choice that TISA would remove from them.

When is the government going to learn that such treaties and agreements are not going to do a damn thing to stop the very actions the member countries are attempting to control?