Tag Archives: Privacy

Facebook Admits 6 Million Users Affected by Bug



FacebookFacebook made an announcement on the Facebook Security page that a bug has affected approximately 6 million Facebook users. This bug allowed user’s email and/or phone number to be accessed by people who “either had some contact information about that person or some connection to them”. From the Facebook post:

We’ve concluded that approximately 6 million Facebook users had email addresses or telephone numbers shared. There were other email addresses or telephone numbers included in the downloads, but they were not connected to any Facebook users or even names of individuals. For almost all of the email addresses or telephone numbers impacted, each individual email address or telephone number was only included in a download once or twice. This means, in almost all cases, an email address or telephone number was only exposed to one person. Additionally, no other types of personal information or financial information were included and only people on Facebook – not developers or advertisers – have access to the DYI tool.

The “DYI” tool is the “Download Your Information” tool. The short answer about what happened is that people were using it to download an archive of their own Facebook account. When they did this, “they may have been provided with additional email address or telephone numbers for their contacts or people with whom they have some connection”.

Facebook says it confirmed the bug, then immediately disabled the DYI tool. They turned it back on after fixing the bug. According to Reuters, the data leaks from this bug began in 2012 and were a “year long data breach”.


EFF’s Annual Report: Which Company is Protect Your Information from the Government



EFF In the United States we are supposed to have certain rights under the 4th amendment of the U.S. Constitution:

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

However in today’s world most of us don’t write letters and our “papers and effects” are online. They are on the social media sites we are members of and the websites we visit. So if the FBI comes knocking at the door of the ISP you use, your favorite search company or social media sites you visit and request they hand over your information to them. Will the company simply hand over the information or do they request a warrant.  Another words which company has your back and which company does not.   That is what the (EFF) Electronic Freedom Foundation investigated. This is the third year they have publish this report.   They took a look at 18 tech companies and looked into their terms of service, privacy policies, advocacy, and courtroom track records, to see how they stack up. They looked at the following 6 criteria

  • Requires a warrant for content
  • Tell users about government data request
  • Publishes transparency reports
  • Publishes law enforcement guidelines
  • Fights for users privacy rights in court
  • Fights for users privacy rights in Congress

 

Out of the 18 companies they investigated only two companies received all six stars, Twitter and Sonic.net. Two companies MySpace and Verizon received zero stars. A full chart is available at the EFF website along with a PDF explaining what they looked for and how they evaluated it. According to the EFF they have notice some progress over the three years they have been doing the report, more companies are now letting individual know when a government entity is requesting information about them. It is nice to see that some companies are doing their part to protect our information from the government. Hopefully next year more companies will have more stars


My system crash revealed the one piece left in the Google ads puzzle



For the most part I don’t find that Google ads are such a bad thing. They are relatively unobtrusive and they are generally based on such information as location and web history. Let’s leave alone the privacy implications of those two facts and look more at where I recently noticed that it falls short – although, I confess that this will lead to even more of a privacy nightmare for those who are a part of the tinfoil hat brigade.

It all begins with a sad story. You see, although I have purchased Windows 8, I have procrastinated about installing it and have stubbornly continued to run the Release Preview. Well, last night Microsoft reached out and touched my trusty laptop with an update that rendered the system unbootable. Despite several different approaches to fixing this I came up with no solution other than a re-install.

Don’t cry for me – everything is backed up with redundancy. This is more hassle than anything else.

A reinstall was the approach I took this morning, although it did provide me with the chance to finally move to the RTM. After finishing the setup I moved on to installing my usual apps like Chrome, Firefox, Office, 7-zip and a couple of others. The final step was my document backup which is stored on CrashPlan servers.

After visiting the CrashPlan site and initiating the restore I began browsing the web. What I found was that every site I visited that utilized Google Adsense was now displaying an ad for CrashPlan. Yes, they know my location and my browsing history, but what they don’t know, yet at least, is what services with which I already have an account.

That is the missing piece in this whole puzzle. Google earns nothing by displaying an ad that is rendered irrelevant because, already having the product or service, you have no reason to click.

So, how long before the search and advertising giant finds a way pull in this information as well? It’s certainly in their interest to display ads that make you want to click. It will happen at some point and it will certainly set off alarms with privacy advocates everywhere, but is it really such a bad thing to see something that is more relevant to you? That is the real question that needs to be debated here.

Image: Computer Security by BigStock


Privacy Extinction Event!



Imagine that you visited a porn site, and when you did your user profile was immediately posted to the site, and every umm article you viewed. While this is extreme, we now have a website doing exactly that. Will the World Wide Web become a place of absolutely no privacy and your every action bared to the world to see.

To date you have been able to visit sites, and the only way people would know you had visited that site or web page, is if you liked the page or something similar!

Privacy on the net is officially extinct. The idiots over at Quora.com have decided that every time a registered Quora.com user visits a page on their site, that they are going to display directly on that very page that you have viewed the page, and exactly how you got there! It shocks me to the core that Quora.com would violate users privacy to this extent!

The simple action of lurking / visiting a web page on Quora is going to get broadcast to everyone in your social circle and the world.

From this day forward, I will never ever visit Quora.com again. Their actions have went to far. I am not surprised that they have stooped to this level of desperation, in their attempt to build greater social interaction on their website. Drastic actions like these makes me wonder what else they have been doing with personal identifiable information.

Industrial Spy Photo courtesy of BigStockPhoto.com


Ever Get That Feeling You’re Being Followed (On The Internet)? Check This Out.



You don’t have to click around too much to find advice on how to protect your anonymity on the Internet. Finding good advice that isn’t simply fear-laden jibber-jabber or link bait designed to get you to pay for an identity protection service is a bit more difficult.

Slashgeek.net posted a brief, but realistic and practical, piece on maintaining anonymity while navigating the Internet. The true sign that this post is a collection of actionable advice and not a panicked plea to save your identity?

Two things – 1. They admit that some people might not mind being tracked across the Internet by websites, ad networks and search engines – it does help those folks deliver more relevant ads to you and, like it or not, advertising makes the web go ‘round. 2. The post tells you the easiest and best ways to protect your anonymity – one of which takes about 5 minutes to accomplish (caveat – you’d have to use Firefox exclusively).

Check out the post from Slashgeek.net. It might be old news for some, but there are a lot of great tips in the comment section, as well. Share any additions you might have to these suggestions.


Siri Storage Habits Have Privacy Advocates Buzzing



Image Courtesy Apple

The Internets are quietly humming with the recent realization that Apple is, uh, absorbing your “personal” data if you use Siri – the voice-activated personal assistant (of sorts) that lives in the iPhone 4S (launched in October 2011).

What does that mean, precisely? Well, according to information disseminated by the ACLU, Apple’s privacy policy in relation to the Siri software allows the tech mammoth to harvest, send and stockpile “Voice Input Data” (what you say to Siri) and “User Data” (personal information on your phone, like contacts and associated nicknames; e-mail account labels; and names and playlists of songs on your phone).

This information is sent and stored at a data center in Maiden, North Carolina. From there, it remains murky what happens with your personal data. What does Apple actually do (or intend to do) with this data? No one seems to know, other than “generally to improve the overall accuracy and performance of Siri and other Apple products and services.” (again, according to the ACLU citing the Siri privacy policy, which is damn near impossible to actually find online). How long is it stored? Who actually looks at it and who is it shared with? Shoulder shrugs all around.

So murky is the status of stored Siri data, that IBM recently barred employees from using Siri on its networks – for fear of sensitive data and spoken information might be obtained by Apple. IBM CIO Jeanette Horan told MIT’s Technology Review that employees could still bring iPhones to work, but using the Siri technology would no longer be allowed. To be fair, IBM has also banned other apps, like Dropbox, for fear of information leaking out through file-sharing gaps in security.

This new wave of Siri-related negative news for Apple comes on the heels of a class action lawsuit filed against Apple claiming that they falsely advertised Siri’s capabilities and news that the Samsung Galaxy S3 has become the most pre-ordered device in gadget history with 9 million pre-orders (compared to 4 million for the iPhone 4S last year).

If you’d rather not have Siri enabled on your phone, it’s pretty easy to shut it off. Tap “Settings,”  then “General,” then Siri. Switch the Siri option to “Off.”


GNC-2012-03-26 #753 Privacy Soapbox Time!



Feeling a 100% better and it is time to have a serious discussion about privacy and actions in the internet and public space. Looking for your feedback in a big way on these issues. Lots of great tech stories to share with you tonight as well.

Support my Show Sponsor: Best Godaddy Promo Codes
$11.99 – For a New Domain Name cjcfs3geek
$6.99 a month Economy Hosting (Free domain, professional email, and SSL certificate for the 1st year.) Promo Code: cjcgeek1h
$12.99 a month Managed WordPress Hosting (Free domain, professional email, and SSL certificate for the 1st year.) Promo Code: cjcgeek1w
Support the show by becoming a Geek News Central Insider

Download the Audio Show File

Links to all the articles talked about in this Podcast are on the GNC Show Notes Page [Click Here]