July 29th, 2010 by Lance Cottrell
In April, Apple Ditched Google And Skyhook In Favor Of Its Own Location Databases:
This article reports on Apple’s admission that they are building their own location database to replace Skyhook (which is a WiFi location database).
Many of us are now walking around with devices that monitor our environments and report back to the mother ship about them (even if done anonymously).
- Lance Cottrell
July 29th, 2010 by Lance Cottrell
BBC News - Details of 100m Facebook users collected and published
Ron Bowes wrote some software which scanned through Facebook to capture any unprotected personal information from the website.
The collected data has been compiled in to a huge file which is available over BitTorrent among other free channels.
While the program did not access any protected information, it has exposed any and all users who have not taken the proper steps to restrict access to their Facebook accounts, either through error or lack of knowledge, awareness or prudence.
The fact that it has been captured and distributed also makes it impossible to ever effectively change or remove any of the collected information. It is out there in the wild and out of anyones hands or ability to corral or correct.
This link will download the big (2.79GB) compressed database for you right now using a BitTorrent client (it may break at some point).
- Lance Cottrell
July 29th, 2010 by Lance Cottrell
UK ISP TalkTalk Monitoring its Customers Online Activity Without Consent − ISPreview UK:
Here we go again with an ISP monitoring users without consent and collecting information about their activities.
In this case the ISP claims to be doing so as part of a project to improve some future security and parental control services. They say that they are not capturing any data about which users visit what sites, but obviously the capability is there. The ISP did not announce this to their customers and only admitted it after it had been discovered and exposed.
Whether the ISP later decided to start capturing that information, the government makes them start capturing it, or a hacker get in to trick the system in to capturing, there is a real likelihood that users of the TalkTalk broadband service in the UK will have their activities captured.
Once again, this shows that you can’t trust your Internet providers. Their business is not privacy and their interests do not run parallel to your privacy interests. Only tools which encrypt your Internet activity, like Anonymizer Universal, can protect you against this kind of surveillance by your ISP.
- Lance Cottrell
July 29th, 2010 by Lance Cottrell
Privacy Digest reports on a new White House proposal to extend the powers of FBI “national security letters” to include gathering of “electronic communication transactional records”. While this may appear to be a small change, the potential impact is huge.
These records include all the header information from emails: To:, From:, Time, and often Subject:.
It may also include a list of the full URLs that you visit.
While it does not include the contents of the messages, this level of detail is often more than enough to discover social networks, relationships, intentions, plans, political affiliations, and more.
The real problem is that there are no checks and balances on national security letters. They are issued by FBI offices on their own authority without review by a judge. Historically, self restraint in the face of this kind of power has never worked well. While judges approve the vast majority of subpoenas and search warrants in a timely manor, they can reject egregious cases and the mere fact of their review causes law enforcement to be more restrained in their use.
From the Privacy Digest article:
The use of the national security letters to obtain personal data on Americans has prompted concern. The Justice Department issued 192,500 national security letters from 2003 to 2006, according to a 2008 inspector general report, which did not indicate how many were demands for Internet records. A 2007 IG report found numerous possible violations of FBI regulations, including the issuance of NSLs without having an approved investigation to justify the request. In two cases, the report found, agents used NSLs to request content information “not permitted by the [surveillance] statute.”
- Lance Cottrell
July 18th, 2010 by Lance Cottrell
In order to help develop better information about public perceptions of on-line privacy, I am posting information about an academic research survey to study just this. I encourage you to fill it out.
- Lance Cottrell
July 2nd, 2010 by Lance Cottrell
We discovered a major security hole in Facebook almost by accident. The exploit is so trivial I can’t justify calling it hacking. Any time you are on an open WiFi and accessing Facebook, anyone else on the same network can easily grab your credential and access Facebook as you with full access to your account.
We have posted a video demonstrating this to YouTube as well as putting it in the Anonymizer Labs section of our website.
- Lance Cottrell
July 2nd, 2010 by Lance Cottrell
We are working hard to improve our website and would welcome your suggestions and feedback on how to improve it.
One new addition is our Knowledge Center where we are trying to share information about privacy and security issues. Within the Knowledge Center we have a section we call “The Lab” (click the tab in the Knowledge Center).
Anonymizer’s R&D team is always discovering new and interesting things so we decided we should set up some place where we can share them. To kick off the new section we have posted two videos. The first is a frightening video about Facebook security, and the second is a video of me which introduces the issue of on-line privacy. We plan to post more articles, white papers, and videos going forward.
- Lance Cottrell
June 28th, 2010 by Lance Cottrell
Lawmakers To Introduce New Internet Privacy Bill : NPR
Rick Boucher (D-VA) has released draft legislation to significantly increase required privacy notifications for Internet users.
Many websites are fighting the proposed bill, claiming it would hurt their business. I am unsympathetic to complaint that their business would suffer if people actually knew what they were doing with your information. Given that this would apply to all websites, if a policy is no worse than average it should not drive people to other sites.
I would very much like to see the market start to enable competition on the basis of privacy policies.
We shall see how this actually turns out once it has been through the sausage making process. My experience is that most bills about technology end up doing more damage through unintended consequences than they actually help.
- Lance Cottrell
June 28th, 2010 by Lance Cottrell
The European Parliament appears to be trying to create a regulation to require search engine companies to retain total information about their user’s searches for a period of years. If you are in the EU area, I strongly encourage you to reach out to fight this.
Declaration29: “A group of members of European Parliament is collecting signatures for a Written Declaration that reads: ‘The European Parliament [...] Asks the Council and the Commission to implement Directive 2006/24/EC and extend it to search engines in order to tackle online child pornography and sex offending rapidly and effectively’.
The Data Retention Directive 2006/24/EC requires that details on every telephone call, text message, e-mail and Internet connection be recorded for months, for the entire population, in the absence of any suspicion. As to what is wrong with data retention please refer to DRletter. The Written Declaration even wants to extend data retention to search engines, meaning that your search terms could be tracked for months back.
The proposed declaration has been signed by 371 MEPs (list of names here) - and thus reached the 368 members needed to pass it. Many MEPs signed because of the title of the document (’setting up a European early warning system (EWS) for paedophiles and sex offenders’), not knowing that they are endorsing blanket data retention as well. More than 30 MEPs decided to withdraw their signature, one even on the day of adoption.”
- Lance Cottrell
