Anonymizer just released the results of a new survey of people’s use of privacy protecting technologies. The short answer is that the old standards, anti-virus and firewalls, are widely used. Unfortunately they don’t actually do much to protect your privacy. They are more about security.

For full details, read the article.

Thanks to a PrivacyBlog reader for pointing me to this article: Blackhat SEO – Esrun » Youtube privacy failure

It looks like it is easy to find thumbnail images from YouTube videos that have been marked private.

If you have any such videos, go back and check that you are comfortable with the information in the thumbnails being public, or delete the video completely.

There has been a lot of attention recently to the arrest of an alleged LulzSec hacker after his anonymity was compromised by the anonymity service he was using, HideMyAss.com. Some articles on the event are here, here and the provider’s explanation here.

The reason this company was able to compromise the privacy of their user was that they had logs of user activity. They know what IP address is assigned to each user and can use that to attribute any activity back to the real identity of the person behind the account.

The real problem with logs is that they exist or they don’t. You can’t keep logs only for “bad users” but not for responsible “good users” because even if it was possible to identify them as such in advance, you would not find anything like agreement about who should fall in which category.

Many operators of privacy services, including myself, feel very strongly that such tools should be usable in countries like China to circumvent the censorship and surveillance there. Such actions are certainly illegal for the user, and probably for the provider. While being a UK company and only responding to UK court orders, they were “forced” to expose the identity of a person in the US who was then arrested by the FBI.

I don’t know enough about this case to debate whether or not this person is guilty or deserved to be arrested. My concern is that this case has demonstrated that anyone who can cause a UK court order to be severed against this company can expose their users. It also makes them a target for hacking, social engineering, infiltration and other attacks which could gain access to these logs without a UK court order.

As a general rule, if information exists and people want it, there is a very good chance it will escape, if only by accident.

Perhaps we should not be too surprised that this company failed to protect its users, when it has no visible privacy policy on the website, and there are no identifiable people standing behind the product and brand with their personal reputations.

I founded this company, Anonymizer.com, and I personally stand behind our services. We have clear privacy policies, we keep no logs of the surfing activities of our users, we have no way of identifying what user may have visited what website. We have an unblemished record of providing robust privacy since 1995.

As I have said in many previous posts, it all comes down to trust. If you don’t know who is providing the service, and don’t have the ability to research their history and gauge their integrity, you should not use that service.

It looks like Microsoft got caught using “evercookie” or “supercookie” technologies to recreate tracking cookies even after users have tried to delete them from their browsers.

Sneaky tracking code (finally) purged from Microsoft sites • The Register

Amazon Customer’s Privacy Exposed

In theory, your Amazon wish list should allow people to buy you gifts, but should not reveal anything but the list of items you want.

Evidently, if you buy something for someone off their list, you can then see the delivery address in the order reports in your account.

Solution is to remove the delivery address from your list. Your friends and family would have to enter the delivery address manually, but one hopes that they already know it. A good description of the process is in the above linked article.