This article reports on Apple’s admission that they are building their own location database to replace Skyhook (which is a WiFi location database).

Many of us are now walking around with devices that monitor our environments and report back to the mother ship about them (even if done anonymously).

Ron Bowes wrote some software which scanned through Facebook to capture any unprotected personal information from the website.

The collected data has been compiled in to a huge file which is available over BitTorrent among other free channels.

While the program did not access any protected information, it has exposed any and all users who have not taken the proper steps to restrict access to their Facebook accounts, either through error or lack of knowledge, awareness or prudence.

The fact that it has been captured and distributed also makes it impossible to ever effectively change or remove any of the collected information. It is out there in the wild and out of anyones hands or ability to corral or correct.

This link will download the big (2.79GB) compressed database for you right now using a BitTorrent client (it may break at some point).

Here we go again with an ISP monitoring users without consent and collecting information about their activities.

In this case the ISP claims to be doing so as part of a project to improve some future security and parental control services. They say that they are not capturing any data about which users visit what sites, but obviously the capability is there. The ISP did not announce this to their customers and only admitted it after it had been discovered and exposed.

Whether the ISP later decided to start capturing that information, the government makes them start capturing it, or a hacker get in to trick the system in to capturing, there is a real likelihood that users of the TalkTalk broadband service in the UK will have their activities captured.

Once again, this shows that you can’t trust your Internet providers. Their business is not privacy and their interests do not run parallel to your privacy interests. Only tools which encrypt your Internet activity, like Anonymizer Universal, can protect you against this kind of surveillance by your ISP.

These records include all the header information from emails: To:, From:, Time, and often Subject:.

It may also include a list of the full URLs that you visit.

While it does not include the contents of the messages, this level of detail is often more than enough to discover social networks, relationships, intentions, plans, political affiliations, and more.

The real problem is that there are no checks and balances on national security letters. They are issued by FBI offices on their own authority without review by a judge. Historically, self restraint in the face of this kind of power has never worked well. While judges approve the vast majority of subpoenas and search warrants in a timely manor, they can reject egregious cases and the mere fact of their review causes law enforcement to be more restrained in their use.

From the Privacy Digest article:

The use of the national security letters to obtain personal data on Americans has prompted concern. The Justice Department issued 192,500 national security letters from 2003 to 2006, according to a 2008 inspector general report, which did not indicate how many were demands for Internet records. A 2007 IG report found numerous possible violations of FBI regulations, including the issuance of NSLs without having an approved investigation to justify the request. In two cases, the report found, agents used NSLs to request content information “not permitted by the [surveillance] statute.”

We have posted a video demonstrating this to YouTube as well as putting it in the Anonymizer Labs section of our website.

One new addition is our Knowledge Center where we are trying to share information about privacy and security issues. Within the Knowledge Center we have a section we call “The Lab” (click the tab in the Knowledge Center).

Anonymizer’s R&D team is always discovering new and interesting things so we decided we should set up some place where we can share them. To kick off the new section we have posted two videos. The first is a frightening video about Facebook security, and the second is a video of me which introduces the issue of on-line privacy. We plan to post more articles, white papers, and videos going forward.

Finally a viable solution to the privacy problem!!!

Rick Boucher (D-VA) has released draft legislation to significantly increase required privacy notifications for Internet users.

Many websites are fighting the proposed bill, claiming it would hurt their business. I am unsympathetic to complaint that their business would suffer if people actually knew what they were doing with your information. Given that this would apply to all websites, if a policy is no worse than average it should not drive people to other sites.

I would very much like to see the market start to enable competition on the basis of privacy policies.

We shall see how this actually turns out once it has been through the sausage making process. My experience is that most bills about technology end up doing more damage through unintended consequences than they actually help.

Declaration29: “A group of members of European Parliament is collecting signatures for a Written Declaration that reads: ‘The European Parliament [...] Asks the Council and the Commission to implement Directive 2006/24/EC and extend it to search engines in order to tackle online child pornography and sex offending rapidly and effectively’.

The Data Retention Directive 2006/24/EC requires that details on every telephone call, text message, e-mail and Internet connection be recorded for months, for the entire population, in the absence of any suspicion. As to what is wrong with data retention please refer to DRletter. The Written Declaration even wants to extend data retention to search engines, meaning that your search terms could be tracked for months back.

The proposed declaration has been signed by 371 MEPs (list of names here) - and thus reached the 368 members needed to pass it. Many MEPs signed because of the title of the document (’setting up a European early warning system (EWS) for paedophiles and sex offenders’), not knowing that they are endorsing blanket data retention as well. More than 30 MEPs decided to withdraw their signature, one even on the day of adoption.”