Jump to content

Search the Community

Showing results for tags 'privacy'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Found 440 results

  1. In an embarrassing security incident, the WeTransfer file sharing service announced that for two days it was sending it's users shared files to the wrong people. As this service is used to transfer what are considered private, and potentially sensitive files, this could be a big privacy issue for affected users. Starting today, users began to receive emails from WeTransfer [1, 2, 3] stating that on June 16th and 17th, files sent using the WeTransfer service were also delivered to people that they were not meant to go to. The email goes on to say that the team doesn't know what happened and that they are working to contain the situation. Email sent to WeTransfer users The full text of this email reads: Dear WeTransfer user, We are writing to let you know about a security incident in which a number of WeTransfer service emails were sent to the wrong people. This happened on June 16th and 17th. Our team has been working tirelessly to correct and contain this situation and find out how it happened. We have learned that a transfer you sent or received was also delivered to some people it was not meant to go to. Our records show those files have been accessed, but almost certainly by the intended recipient. Nevertheless, as a precaution we blocked the link to prevent further downloads. As your email address was also included in the transfer email, please keep an eye out for any suspicious or unusual emails you receive. We understand how important your data is and never take your trust in our service for granted. If you have any questions or concerns, just reply to this email to contact our support team. The WeTransfer Team WeTransfer posted a security notice on their web site that some accounts were logged out and had their passwords reset to protect their accounts and that they blocked access to the Transfer links that were involved in the incident. They did not, though, provide any further details on how this happened in the first place. "This incident took place on June 16th and 17th, and upon discovery, we immediately took precautionary security measures to protect our users," stated WeTransfer's security notice. "This means that users might have been logged out of their account or asked to reset their password in order to safeguard their account. Additionally, we have blocked Transfer links to ensure the security of our users’ Transfers." If this was simply a programming mistake on WeTransfer's end, it is peculiar that they had to reset user's passwords or felt the need to protect them. This could indicate a more serious issue, such as a breach of their network. BleepingComputer has contacted WeTransfer about this incident but had not heard back at the time of this publication. Thx to John for the tip! Source
  2. Apple pitches itself as the most privacy-minded of the big tech companies, and indeed it goes to great lengths to collect less data than its rivals. Nonetheless, the iPhone maker will still know plenty about you if you use many of its services: In particular, Apple knows your billing information and all the digital and physical goods you have bought from it, including music, movie and app purchases. A different approach: But even for heavy users, Apple uses a number of techniques to either minimize how much data it has or encrypt it so that Apple doesn't have access to iMessages and similar personal communications. Between the lines: Apple is able to do this, in part, because it makes its money from selling hardware, and increasingly from selling services, rather than through advertising. (It does have some advertising business, and it also gets billions of dollars per year from Google in exchange for being Apple's default search provider.) But Apple maintains that its commitment to privacy is based not just on its business model but on core values. How it works: In order to collect less data, Apple tries to do as much work on its devices as possible, even if that sometimes means algorithms aren't as well tuned, processing is slower, or the same work gets done on multiple devices. Photos are a case in point. Even if you store your images in Apple's iCloud, Apple does the work of facial identification, grouping, labeling and tagging images on the Mac or iOS device, rather than on the service's own computers. Some of the most sensitive data that your device collects, including your fingerprint or Face ID, stay on the device. Maps While Apple does need to do some processing in the cloud, it takes a number of steps to protect privacy beyond its competitors. First, the identification and management of significant locations like your home and work is done on the device. And the location information that does get sent up to the cloud is tied to a unique identifier code rather than a specific individual's identity — and that identifier changes over time. Location information Beyond Apple's Maps program, other applications, including some from Apple, can make use of location data with user permission. Apple is adding new options with iOS 13, due this coming fall, including: The ability for users to share their location with an app just once, rather than giving ongoing access. For apps that are making routine background use of location, Apple is also letting users review a map of the locations these apps are seeing, so they can decide if that is information they really want to be sharing. Email If you get your mail provided by Apple (via icloud.com, mac.com, etc.), the company will store your email and will scan it for spam, viruses and child pornography, as is common in the industry. Email will also be made available to law enforcement when Apple is presented with a lawful warrant. iCloud This is the area where Apple stores potentially the most personal information, although it doesn't make use of it for advertising or other business purposes. iCloud backups can include messages, photos and Apple email, though Apple stresses it won't look at the information and will only hand it over to others if forced by a court to do so. Messages Apple messages, the ones with the blue bubble, are encrypted end-to-end, so that only the sender and recipient can see them — not Apple, nor a carrier or any other intermediary. However, if you back up your messages to iCloud, a copy is kept on Apple's servers so if you lose your device and need to replace it, Apple you can restore them. Users can make an encrypted back up using iTunes on a Mac or PC, or keep no backup at all. Safari If you use Apple's Safari browser, Apple stores your bookmarks tied to your Apple ID; they're encrypted, but Apple holds a key. Beginning in iOS 13 and Catalina, the next MacOS, Safari browsing history will be fully encrypted and Apple will have no access. There's also data that goes to Apple's search partners. Google is the default, but you can also choose Yahoo, Bing or DuckDuckGo. You can also choose whether to send each keystroke as you type in the search bar, enabling autocomplete, or just to send the data when you hit "enter." Siri Many Apple devices have a chip that is listening for the "Hey Siri" wake word, but it's only at that point that Apple starts recording audio. Some commands, like what's next on your schedule, can be processed locally, while others do get sent to Apple's servers. Apple doesn't tie this data directly to a person's Apple ID, but uses a unique identifier. A user can reset that identifier, but then Siri will lose the personalization it has gained. Per Apple, "User voice recordings are saved for a six-month period so that the recognition system can utilize them to better understand the user’s voice. After six months, another copy is saved, without its identifier, for use by Apple in improving 
and developing Siri for up to two years." Apple Pay Apple doesn't store your payment information or purchase record as part of Apple Pay (It does have history and payment information for your Apple purchases). Apple Pay merchants get a token, not your actual credit card information. TV and Music Apple knows the music, shows and apps you purchase. In addition, in order to deliver on the feature of the TV App that allows users to pick up where they left off across multiple shows, multiple apps, and multiple devices, and to make personalized recommendations, Apple does capture and store viewing history. But it says it notifies users, stores as little data as possible for as little time as possible, and allows users to opt out (although this prevents some features from fully working). What you can do Users have a number of choices to further minimize what Apple knows, though there are often downsides. You can choose to download an encrypted iCloud backup only to your Mac or PC rather than keep it on Apple's server, but if you lose that device or forget the password for the backup file, Apple won't be able to help recover lost data. You can also download the information Apple has on you at privacy.apple.com. You can delete data stored on your device, such as email, messages, photos, and Safari data like history and bookmarks. You can delete your data stored on iCloud. You can reset your Siri identifier by turning Siri and Dictation off and back on, which effectively restarts your relationship with Siri and Dictation. Source
  3. Facebook is doing whatever it takes to curb any repercussions from the Cambridge Analytics scandal. Still, the list of lawsuits the company hasn’t ended yet. Right now Facebook is defending itself against a class-action lawsuit related to the scandal. According to a report by Law360, the company’s CEO Orin Synder has made a comment that people who use social media sites “have no expectation of privacy.” “There is no invasion of privacy at all, because there is no privacy,” he said on Wednesday in an attempt to wrap up the case. Synder argued that Facebook is more of a “town square” where people come and share personal information. He added that you need to closely guard something closely to have “a reasonable expectation of privacy.” However, he did try to assure that Facebook has a focus on privacy for the future. District Judge Vince Chhabria was quick to turn down Synder’s argument and said it was contrary to Facebook’s stance on privacy. This comes at a time when it’s not just Facebook, all major tech companies are being questioned over privacy. Facebook’s CEO Mark Zuckerberg is often found on stage, talking about how the social network is improving privacy over the platform and that it cares about the safety of its users. In fact, the CEO has even called Facebook an “innovator in privacy.” Source
  4. DUBLIN (Reuters) - The European Court of Justice (ECJ) will hear a landmark privacy case regarding the transfer of EU citizens’ data to the United States in July, after Facebook’s bid to stop its referral was blocked by Ireland’s Supreme Court on Friday. The case, which was initially brought against Facebook by Austrian privacy activist Max Schrems, is the latest to question whether methods used by technology firms to transfer data outside the 28-nation European Union give EU consumers sufficient protection from U.S. surveillance. A ruling by Europe’s top court against the current legal arrangements would have major implications for thousands of companies, which make millions of such transfers every day, including human resources databases, credit card transactions and storage of internet browsing histories. The Irish High Court, which heard Schrems’ case against Facebook last year, said there were well-founded concerns about an absence of an effective remedy in U.S. law compatible with EU legal requirements, which prohibit personal data being transferred to a country with inadequate privacy protections. The High Court ordered the case be referred to the ECJ to assess whether the methods used for data transfers - including standard contractual clauses and the so called Privacy Shield agreement - were legal. Facebook took the case to the Supreme Court when the High Court refused its request to appeal the referral, but in a unanimous decision on Friday, the Supreme Court said it would not overturn any aspect the ruling. The High Court’s original five-page referral asks the ECJ if the Privacy Shield - under which companies certify they comply with EU privacy law when transferring data to the United States - does in fact mean that the United States “ensures an adequate level of protection”. Facebook came under scrutiny last year after it emerged the personal information of up to 87 million users, mostly in the United States, may have been improperly shared with political consultancy Cambridge Analytica. More generally, data privacy has been a growing public concern since revelations in 2013 by former U.S. intelligence contractor Edward Snowden of mass U.S. surveillance caused political outrage in Europe. The Privacy Shield was hammered out between the EU and the United States after the ECJ struck down its predecessor, Safe Harbour, on the grounds that it did not afford Europeans’ data enough protection from U.S. surveillance. That case was also brought by Schrems via the Irish courts. “Facebook likely again invested millions to stop this case from progressing. It is good to see that the Supreme Court has not followed,” Schrems said in a statement. Source
  5. There’s yet another effort underway in Washington to establish an enforceable Do Not Track system that would provide a one-click mechanism for people to opt out of persistent web tracking by advertisers and social media platforms. Sen. Hawley The latest push comes in the form of the Do Not Track Act, a bill unveiled this week by Sen. Josh Hawley (R-Mo.) that emulates the structure of the Do Not Call registry. It would establish a method for consumers to send a signal to online companies that would block them from collecting any information past what is necessary to deliver their services. The bill also would stop companies from building profiles of the people who activate the DNT mechanism or discriminating against them if they use the option. Hawley’s bill makes the Federal Trade Commission the enforcement authority for the system and any person who violates the measure would be liable for penalties of $50 per user affected by a violation for every day that the violation is ongoing. “Big tech companies collect incredible amounts of deeply personal, private data from people without giving them the option to meaningfully consent. They have gotten incredibly rich by employing creepy surveillance tactics on their users, but too often the extent of this data extraction is only known after a tech company irresponsibly handles the data and leaks it all over the internet,” Hawley said. “The American people didn't sign up for this, so I'm introducing this legislation to finally give them control over their personal information online.” In practice, Hawley’s proposed Do Not Track system would involve an app or extension that people could download and would then “sends the DNT signal to every website, online service, or online application to which the device connects each time the device connects to such website, service, or application; and permits the user of the connected device to designate websites, services, or applications to which such signal should not be sent, but does not exempt any website, service, or application from receiving such signal if it is not so designated.” "I think we should make it compulsory and give it the force of law and give consumers real choice and force the companies to comply. This puts the ball is the consumer’s court." The Do Not Track Act is an attempt to rectify what has become an epidemic of online tracking and profile-building. Advertisers, website operators, and social media platforms all are heavily invested in monitoring users’ movements around the web, tracking where and when they interact with other sites and content. That tracking allows sites to build profiles of visitors and their interests and further target ads and other content. Those tracking methods and techniques are completely opaque for most people, and the existing mechanisms for opting out or preventing tracking range from mostly useless to pretty effective, but can also affect people’s browsing experience in a major way. The Do Not Track option that’s built into most browsers today falls on the mostly useless end of the spectrum. Enabling the option sends a signal to sites that the visitor does not want to be tracked, but there is no enforcement for it and site owners have no obligation to respect it. Ad blockers and other similar browser extensions can be quite effective, but they don’t prevent all tracking and can also break certain elements on some sites and makes others nearly unusable. Hawley’s bill seeks to remedy this situation by establishing the FTC as the enforcement authority and providing monetary penalties for violations. In a hearing of the Senate Judiciary Committee on Monday, Hawley said the bill was necessary to give consumers control over what data they share and whether they’re tracked. “Google and Facebook are doing something different in this market. They’re not using traditional advertising models. They track us every single day. [The bill] just says that a consumer can make a one time choice to not be tracked. I think we should make it compulsory and give it the force of law and give consumers real choice and force the companies to comply. This puts the ball is the consumer’s court,” Hawley said. Hawley’s bill is similar to draft legislation written earlier this month by staffers at DuckDuckGo, the privacy focused search engine provider, although the penalties are structured differently. Source
  6. Dear friends, Nowadays our privacy is very important. I am interested to know which VPN service do you use and which is the best according to your opinion. Not to all vpn services are enough secure. Recently, has been discovered that HotSpot Shield in some cases could show your real ip. Have a look here : 1.Android 2. Windows Thanks for your time spent with this poll ! :)
  7. Panic as panic alarms meant to keep granny and little Timmy safe prove a privacy fiasco Simple hack turns them into super secret spying tool A GPS tracker used by elderly people and young kids has a security hole that could allow others to track and secretly record their wearers. The white-label product is manufactured in China and then rebadged and rebranded by a range of companies in the UK, US, Australia and elsewhere including Pebbell 2, OwnFone and SureSafeGo. Over 10,000 people in the UK use the devices. It has an in-built SIM card that it used to pinpoint the location of the user, as well as provide hands-free communications through a speaker and mic. As such it is most commonly used by elderly people in case of a fall and on children whose parents want to be able to know where they are and contact them if necessary. But researchers at Fidus Information Security discovered, and revealed on Friday, that the system has a dangerous flaw: you can send a text message to the SIM and force it to reset. From there, a remote attacker can cause the device to reveal its location, in real time, as well as secretly turn on the microphone. The flaw also enables a third party to turn on and off all the key features of the products such as emergency contacts, fall detection, motion detection and a user-assigned PIN. In other words, a critical safety device can be completely disabled by anybody in the world through a text message. The flaw was introduced in an update to the product: originally the portable fob communicated with a base station that was plugged into a phone line: an approach that provided no clear attack route. But in order to expand its range and usefulness, the SIM card was added so it was not reliant on a base station and would work over the mobile network. The problem arises from the fact that the Chinese manufacturer built in a PIN to the device so it would be locked to the telephone number programmed into the device. Which is fine, except the PIN was disabled by default and the PIN is currently not needed to reboot or reset the device. And so it is possible to send a reset command to the device – if you know its SIM telephone number – and restore it to factory settings. At that point, the device is wide open and doesn't need the PIN to make changes to the other functions. Which all amounts to remote access. Random access memory But how would you find out the device's number? Well, the researchers got hold of one such device and its number and then ran a script where they sent messages to thousands of similar numbers to see if they hit anything. They did. "Out of the 2,500 messages we sent, we got responses from 175 devices (7 per cent)," they wrote. "So this is 175 devices being used at the time of writing as an aid for vulnerable people; all identified at a minimal cost. The potential for harm is massive, and in less than a couple of hours, we could interact with 175 of these devices!" The good news is that it is easy to fix: in new devices. You would simply add a unique code to each device and require it be used to reset the device. And you could limit the device to only receive calls or texts from a list of approved contacts. But in the devices already on the market, the fix is not so easy: even by using the default PIN to lock it down, the ability to reset the device is still possible because it doesn't require the PIN to be entered. The researchers say they have contacted the companies that use the device "to help them understand the risks posed by our findings" and say that they are "looking into and are actively recalling devices." But it also notes that some have not responded. In short, poor design and the lack of a decent security audit prior to putting the updated product on the market has turned what is supposed to provide peace of mind into a potential stalking and listening nightmare. Source
  8. Psiphon Pro By Psiphon Inc. This is the pro version of Psiphon which is a secure VPN application for Android. The application allows you to navigate freely on the internet. You will be connected to all hindered sites that are blocked due to censorship or other factors. You will also be safe when you do this. You will be able to connect to any site that has been exposed to Psyphon Pro and has blocked access. Psiphon’s work structure is quite simple. As with other VPN applications, a tunnel opens and you appear to be connecting through other countries. Whether you want to use the application only on the browser, you can use it in all applications. One of the features that Psiphon has provided is the ability to display your internet traffic. If you want to use the internet for free, Psiphon is for you. Site: https://workupload.com Sharecode: /file/xv2cRNKM
  9. What do tech giants know about you? A new tool shows you just how much We rely on social media and smartphone apps, from dating and connecting to online shopping and browsing the web. We constantly give out private data online -- but what exactly do we share with these platforms? From locations and home addresses to private messages and phone numbers - we give away precious private information to online services everyday and we do not even realise it. Yet we have agreed that companies can extract our personal data for their own use. How many times have you read a privacy policy from an online software platform right to the end? Nope, me neither. Fortunately online security platform vpnMentorhas delved through the privacy policies of some of the most popular applications, creating an interactive tool that shows how these companies track our every move. With over 7.2 billion accounts held across the services studied, including platforms like Google, Facebook, Amazon, and Tinder, how many of us are aware of the finer details of the privacy policies that we automatically accept? Facebook and Instagram seem to be the biggest offenders, seemingly tracking as much as they can about their users. Is it time that we thought twice about what we are accepting within the terms and conditions? Some of the surprising details tracked include: Location: Of the 21 services within the study, 18 tracked your current location at all times when using the app. Some of these, such as Tinder, continue to track this even when the app is not in use. Facebook and Instagram not only track your location but also the location of businesses and people nearby, as well as saving your home address and your most commonly visited locations. Your Messages: Do you think nobody will ever know about your DMs? Think again. Facebook, LinkedIn and Instagram use the information you share on their messaging services to learn more about you, while Twitter and Spotify both openly state they have access to any messages you send on their platforms. Device Information: Many services and apps track more of your device information than appears to be needed. Facebook and Instagram, track your battery level, signal strength, nearby Wi-Fi spots and phone masts, app and file names on your device amongst others. Google and Amazon keep voice recordings from searches and Alexa, and Apple Music tracks phone calls made and emails sent and received on the devices the service is used on. If you do not hold an account with these services this will not stop your online moves being tracked. Google keeps track of your activity on third party sites that use Google features like adverts. Facebook partners (8.4 million sites across the web) send both Facebook and Instagram data collected through Facebook Business Tools such as the Like button – regardless of whether or not you have a Facebook account or are logged in. Source
  10. mona

    Best VPN 2018

    Best VPN 2018 February 24, 2018 by Sven Taylor With all the alarming developments in mass surveillance, ISP spying, online censorship, and content restrictions, you are probably looking for the best VPN to stay safe online. But be careful! To find the best VPN, you’ll need to watch out for VPN scams, VPNs that lie about logs (PureVPN), VPNs that leak IP addresses (VPN Unlimited), and even malicious VPNs with hidden tracking libraries (Betternet). So tread carefully my friends. The rankings of the best VPN services below are based on extensive test results to check for IP address leaks, DNS leaks, connection issues, app performance, reliability, speed, and whether the features work correctly. Additionally, I also considered company policies, jurisdiction, logging practices, and the trustworthiness of the provider. Best VPNs 2018 Now we will take a deep dive into the top five best VPN services for 2018, discussing the pros, cons, features, and testing results for every provider. ExpressVPN ExpressVPN is a trusted and highly-recommended service that remains one of the best all-around VPNs on the market. It is based in the British Virgin Islands and offers a great lineup of applications for all devices. Extensive testing for the ExpressVPN review found the apps to be very secure, with exceptional performance throughout the server network. ExpressVPN is also a service that continues to get better. In the past six months they have made significant improvements to their apps to protect users against rare leak scenarios. These efforts culminated in the public release of their leak testing tools, which can be used to test any VPN for flaws/failures (open source and available on GitHub). ExpressVPN’s logging policies (only anonymized stats) were recently put to the test when authorities in Turkey seized one of their servers to obtain user data. But no customer data was affected as authorities were not able to obtain any logs (further explained here). This event showed that ExpressVPN remains true to its core mission of protecting customer privacy and data. ExpressVPN is also one of the best VPN providers you will find for streaming. Whether you are using a VPN with Kodi or streaming Netflix with a VPN, ExpressVPN offers applications to support all devices as well as a high-bandwidth network with great performance. Their support is also superb, with 24/7 live chat assistance and a 30 day money-back guarantee. Exclusive discount – ExpressVPN is currently offering an exclusive 49% discount on select plans, which reduces the monthly rate down to $6.67 (the non-discount price is $8.32 per month). ExpressVPN Windows client. + Pros User-friendly and reliable apps Exceptional speeds throughout the server network 30 day money-back guarantee Split tunneling feature (for Mac OS, Windows, and routers) Great for Netflix and other streaming services Strong encryption and leak protection settings 24/7 live chat support – Cons Apps collect anonymized connection stats, but users can opt out (IP addresses not logged) Perfect Privacy After testing out many different VPN services, Perfect Privacy holds the top spot as the best VPN for advanced online anonymity. You may have never heard of Perfect Privacy because they largely ignore marketing and instead focus on providing a high quality, privacy-focused service with very advanced features. Nonetheless, this is a well-respected VPN provider that has earned high praise from the tech community for exposing massive vulnerabilities with other VPNs. Their network is composed entirely of dedicated servers that provide you with fast speeds, great reliability, and plenty of bandwidth at all times (you can see real-time server bandwidth here). They have also passed real-world tests when two of their servers were seized by Dutch authorities last year. However, no customer data was affected due to no logs and all servers operating in RAM disk mode with nothing being saved on the server. For features they offer multi-hop VPN chains, advanced firewall configuration options (DNS and IP leak protection), port forwarding, NeuroRouting, Socks5 and Squid proxies, obfuscation features to defeat VPN blocking (Stealth VPN), and a customizable TrackStop feature to block tracking, malware, advertising and social media domains. They also give you an unlimited number of device connections and offer full IPv6 support (giving you both an IPv4 and IPv6 address). While Perfect Privacy offers very advanced features that you won’t find anywhere else, it also comes with a Swiss price tag at €8.95 per month. Additionally, these advanced features may be overkill for some users, especially if you are new to VPNs. Nonetheless, for those seeking the highest levels of online anonymity, security, and overall performance, Perfect Privacy is a solid choice. The Perfect Privacy Windows client, using a four-hop VPN cascade. + Pros Unlimited number of device connections Multi-hop VPN chains, up to 4 servers (self-configurable) NeuroRouting (dynamic, server-side multi-hop that can be used with all devices) Absolutely no logs without any restrictions Dedicated servers operating only in RAM disk mode Full IPv6 support (provides both IPv4 and IPv6 addresses) Customizable firewall/port-forwarding options TrackStop advertisement, tracking, and malware blocker – Cons Higher price Full VPN Manager client not available for Mac OS (but BETA client available, along with other installation options) VPN.ac VPN.ac is Romania-based VPN service with excellent overall quality for a very reasonable price. It was created by a team of network security professionals with a focus on security, strong encryption, and high-quality applications. Their VPN network is composed entirely of dedicated servers with secure, self-hosted DNS. VPN.ac’s server network provides you with great speeds and reliability (see the review for details). Performance is maximized with reliable applications and excellent bandwidth on their network at all times. (You can see their real-time bandwidth stats by selecting VPN Nodes Status at the top of the website.) For a lower-priced VPN service, VPN.ac offers an impressive lineup of features: maximum encryption strength, obfuscation features, double-hop VPN server configurations, and a secure proxy browser extension. All support inquiries are handled internally by the network security professionals who built the infrastructure. The one drawback I found is that VPN.ac maintains connection logs – but all data is erased daily. , which they clearly explain on their website. When you consider everything in relation to the price, this is one of the best values you’ll find for a premium VPN service. The VPN.ac Windows client, using a double-hop configuration. + Pros High-security VPN server network (dedicated servers, with self-hosted encrypted DNS) Excellent speeds with lots of available bandwidth Multi-hop (double VPN) server configurations Obfuscation features – Cons Advanced encryption (7 available protocols) Low price for a very advanced VPN (good value) Connection logs (no activity, erased daily) NordVPN NordVPN is a popular no logs VPN service based in Panama. Just like with ExpressVPN, NordVPN is a service that has made significant improvements over the past year. It performed well in testing for the latest update to the NordVPN review. The NordVPN apps have undergone some great updates to further protect users against the possibility of data leaks, while also adding a newly-improved kill switch to block all non-VPN traffic. As another improvement, NordVPN has rolled out a CyberSec feature that blocks advertisements, tracking, and malicious domains. And finally, NordVPN continues to work with Netflix and other streaming services. NordVPN is a great choice for privacy-focused users. Aside from the Panama jurisdiction and no-logs policies, NordVPN also provides advanced online anonymity features. These include double-hop server configurations, Tor-over-VPN servers, and also a lineup of obfuscated servers to conceal VPN traffic. NordVPN’s customer service is also top-notch. They provide 24/7 live chat support directly through their website, and all plans come with a 30 day money-back guarantee. NordVPN discount – NordVPN is currently offering a massive 77% discount on select plans, which drops the monthly rate down to only $2.75. (This is significantly cheaper than their standard rate with the annual plan at $5.75 per month.) The NordVPN Windows client. + Pros User-friendly apps 30 day money-back guarantee Multi-hop (double VPN) server configurations 24/7 live chat support No logs Competitive price Ad blocking feature – Cons Variable speeds with some servers VPNArea VPNArea is not the biggest name in the VPN industry, but this Bulgaria-based provider did well in testing for the review. They take customer privacy very seriously, with a strict no logs policy, good privacy features, and Switzerland hosting for business operations. Being based in Bulgaria, they do not fall under data-retention or copyright violation laws, which further protects their users. Aside from being a privacy-focused service, VPNArea also offers numerous servers that are optimized for streaming and torrenting. It continues to work well with Netflix, BBC iPlayer, Amazon Prime, Hulu and others. Torrenting and P2P downloads are allowed without any restrictions. They continue to improve their service with new features, including obfuscation (Stunnel) and ad-blocking through their self-hosted DNS servers. VPNArea is also one of the few VPNs that offer dedicated IP addresses. VPNArea Windows client. + Pros Competitive price No logs Great for streaming and torrenting Ad-blocking DNS servers 6 simultaneous connections (which can be shared with others) Dedicated IP addresses available – Cons Apps are somewhat busy DNS leak protection must be manually configured # # # Considerations for finding the best VPN As we already discussed, choosing the best VPN all boils down to determining which factors you consider the most important. In other words, it’s a very subjective process. Here are seven important factors to consider: Test results – How well does the VPN perform in testing? This includes both performance testing (speed and reliability) and leak testing (IP leaks and DNS leaks). Privacy jurisdiction – Where the VPN is legally based affects customer privacy. Many people avoid VPNs based in the US and other surveillance countries for this reason. For more of a discussion on this topic, see the guide on Five Eyes / 14 Eyes and VPNs. Server network – Three considerations when examining VPN servers are quality, locations, and bandwidth. Some VPNs prioritize server quality, while others prioritize locations. Also, see if you can find a real-time server status page to get an idea of available bandwidth, which will indicate performance. Privacy features – One good privacy feature for more online anonymity is a multi-hop VPN configuration. This will encrypt your traffic across two or more servers, offering more protection against surveillance and targeted monitoring. Operating system – Be sure to check out if the VPN you are considering supports the operating system you will be using. Obfuscation – Obfuscation is a key feature if you are using a VPN in China or anywhere that VPNs may be blocked. Obfuscation is also key for school and work networks that may restrict VPN use. Company policies – It’s always good to read through the company policies to see if it’s a good fit. Privacy policies, refund policies, and torrenting policies are all good to consider before signing up. There are many other factors you may want to consider when selecting the best VPN – but this is a good starting point. Best VPN speed and performance Many people are wondering how to achieve the best VPN speed. Others are wondering which VPNs are fastest. If you are using a good VPN service, you really shouldn’t notice a huge reduction in speed. Of course, the extra work that goes into encrypting/decrypting your traffic across VPN servers will affect speed, but usually it’s not noticeable. To optimize your VPN speed and achieve better performance, here are some factors to consider: Internet service provider interference – Some ISPs interfere with or throttle VPN connections. This seems to be a growing problem. Solution: use a VPN with obfuscation features, which will conceal the VPN traffic as HTTPS. (Perfect Privacy with Stealth VPN, VPN.ac with the XOR protocol, and VyprVPN with the Chameleon protocol are all good options.) High latency – You can generally expect slower speeds when you connect to servers further from your location. Using multi-hop VPN configurations will also increase latency and slow things down. Solution: Use servers closer to your location. If you utilize a multi-hop VPN chain, select nearby servers to minimize latency. Server congestion – Many of the larger VPN services oversell their servers, resulting in congestion, minimal bandwidth, dropped connections, and slow speeds. All of the recommendations on this page performed well in testing and offer adequate bandwidth for good speed. For example, see the Perfect Privacy server page and the VPN.ac server page (VPN Nodes Status at the top). Antivirus or firewall software – Antivirus and third-party firewall software often interfere with and slows down VPNs. Some software will implement their firewall on top of the default (operating system) firewall, which slows everything down. Solution: Disable the third-party firewall, or add an exception/rule for the VPN software. WiFi interference – WiFi interference or problems are unrelated to the VPN, but it can make a difference in overall speed. Solution: It may not be convenient, but using a wired connection will improve speed and security. Processing power – Many devices don’t do well with the extra processing power that is needed for VPN encryption/decryption. This is especially the case with older computers, routers, and mobile devices. Solution: Switch devices or upgrade to a faster processor (higher CPU). Network setup – Some networks do not work well with certain VPN protocols. Solution: The best solution is to experiment with different VPN protocols and/or ports (OpenVPN UDP / TCP / ECC / XOR, IPSec, etc.). Some VPN providers also allow you to modify MTU size, which may improve speed. To achieve the best VPN speed possible, it’s a good idea to experiment with the different variables. Assuming the servers are not overloaded with users, the two main ways to optimize performance are choosing a nearby server with low latency and selecting the right protocol. As mentioned above, the best protocol may vary depending on your unique situation. Best VPN services for streaming Many people who enjoy streaming are turning to VPNs to unlock content that is blocked or restricted and also gain a higher level of privacy. As mentioned above, the best all-around VPN for streaming is ExpressVPN because it always works with Netflix and other streaming services, it offers a huge lineup of apps, and the customer support is great. Another solid choice for streaming is VPNArea. Using a VPN with Netflix will allow you to access all the content you want wherever you are located in the world. Below I am accessing US Netflix from my location in Europe, using an ExpressVPN server in Washington, D.C. VPNs to avoid in 2018 There are a lot of different VPNs on the market – so it’s a good idea to consider your choices carefully. The problem, however, is that the internet is full of disinformation concerning VPNs. Large sites are often paid lots of money to promote inferior services. But this is no secret. With that being said, here are some important details that many of the larger websites are hiding from their readers: PureVPN – PureVPN is recommended by some big websites, but there are many red flags. When testing everything for the PureVPN review, I found IPv4 leaks, IPv6 leaks, DNS leaks, broken features (kill switch) and a host of other speed and connection problems. Also concerning, I learned that PureVPN was caught logging user data and handing this information over to US authorities – all despite having a “zero log policy” and promising to protect user privacy. Betternet – Betternet is a Canada-based provider that is known for offering a free VPN service. Unfortunately, when I tested everything for the Betternet review I found the service to leak IP addresses (both IPv4 and IPv6) as well as and DNS requests. An academic research paper also listed Betternet as #4 on the Top 10 most malware-infected Android VPN apps, while also embedding tracking libraries in their apps. Scary stuff, considering that VPNs are supposed to provide privacy and security (but that’s why you don’t use a free VPN). Betternet’s Android VPN app tested positive for malware by 13 different antivirus tools (AV-rank 13) !!! Hotspot Shield – Hotspot Shield is another troublesome VPN service with a well-documented history or problems. Hotspot Shield VPN was directly identified in a research paper for “actively injecting JavaScript codes using iframes for advertising and tracking purposes” with their Android VPN app. The same study also found a large presence of tracking libraries in the VPN app’s source code. Hotspot Shield was also in the news for a critical flaw in their VPN app which reveals the user’s identity and location. Hidemyass – HideMyAss is a UK-based VPN provider with a troubling history. Despite promising to protect user privacy, HideMyAss was found to be turning over customer data to law enforcement agencies around the world. VPN Unlimited – Extensive testing of the VPN Unlimited apps identified numerous leaks. This screenshot illustrates IPv6 leaks, WebRTC leaks, and DNS leaks with the VPN Unlimited Windows client. Leaks with VPN Unlimited Of course, there are many examples of problematic VPNs. But you can test your VPN to also check for issues that may affect your privacy and security. If you’re serious about privacy and online freedom… Start using a VPN whenever you go online. In just the last few years we’ve seen a number of unprecedented developments in corporate and government mass surveillance: Internet service providers in the United States can now legally record online browsing history and sell this data to third parties and advertisers. Mass surveillance also continues unabated… Residents of the United Kingdom are having their online browsing history, calls, and text messages recorded for up to two years (Investigatory Powers Act). This private information is freely available to various government agencies and their global surveillance partners. Australia has also recently implemented mandatory data retention laws, which require the collection of text messages, calls, and internet connection data. Free speech and free thought are increasingly under attack all around the world. While this has traditionally been a problem in China and other Middle Eastern countries, it is increasingly common throughout the Western world. Here are a few examples fo what we see unfolding: YouTube videos that are blocked or censored. Social media accounts, tweets, posts, and/or entire platforms that are blocked. Websites of all different varieties (torrenting, Wikipedia, news, etc.) blocked. What you are seeing is the continual erosion of privacy and online freedom. And it’s happening throughout the world. The point here is not to sound alarmist, but instead to illustrate these trends and how they affect you. The good news is that there are very effective solutions for these problems. You can protect yourself right now with a good VPN and other privacy tools. Stay safe! Recap – Best VPNs for Privacy, Security, and Speed SOURCE
  11. Worried about privacy issues in Windows 10? Here's what you can do. Thinkstock There has been some concern that Windows 10 gathers too much private information from users. Whether you think Microsoft's operating system crosses the privacy line or just want to make sure you protect as much of your personal life as possible, we're here to help. Here's how to protect your privacy in just a few minutes. Note: This story has been updated for the Windows 10 October 2018 Update, a.k.a. version 1809. If you have an earlier release of Windows 10, some things may be different. Turn off ad tracking At the top of many people's privacy concerns is what data is being gathered about them as they browse the web. That information creates a profile of a person's interests that is used by a variety of companies to target ads. Windows 10 does this with the use of an advertising ID. The ID doesn't just gather information about you when you browse the web, but also when you use Windows 10 apps. You can turn that advertising ID off if you want. Launch the Windows 10 Settings app (by clicking on the Start button at the lower left corner of your screen and then clicking the Settings icon, which looks like a gear) and go to Privacy > General. There you'll see a list of choices under the title "Change privacy options"; the first controls the advertising ID. Move the slider from On to Off. You'll still get ads delivered to you, but they'll be generic ones rather than targeted ones, and your interests won't be tracked. IDG You can turn off Windows 10's advertising ID if you want. You'll still get ads, but they'll be generic ones. (Click any image in this story to enlarge it.) To make absolutely sure you're not tracked online when you use Windows 10, and to turn off any other ways Microsoft will use information about you to target ads, head to the Ad Settings section of Microsoft’s Privacy Dashboard. Sign into your Microsoft account at the top of the page. Then go to the “See ads that interest you” section at the top of the page and move the slider from On to Off. After that, scroll down to the “See personalized ads in your browser” section and move the slider from On to Off. Note that you need to go to every browser you use and make sure the slider for “See personalized ads in your browser” is set to Off. Turn off location tracking Wherever you go, Windows 10 knows you're there. Some people don't mind this, because it helps the operating system give you relevant information, such as your local weather, what restaurants are nearby and so on. But if you don't want Windows 10 to track your location, you can tell it to stop. Launch the Settings app and go to Privacy > Location. Underneath “Allow access to location on this device,” click Change and, on the screen that appears, move the slider from On to Off. Doing that turns off all location tracking for every user on the PC. IDG If you click the Change button, you can turn off location tracking for every user on the Windows 10 device. This doesn't have to be all or nothing affair — you can turn off location tracking on an app-by-app basis. If you want your location to be used only for some apps and not others, make sure location tracking is turned on, then scroll down to the "Choose apps that can use your precise location" section. You'll see a list of every app that can use your location. Move the slider to On for the apps you want to allow to use your location — for example, Weather or News — and to Off for the apps you don't. When you turn off location tracking, Windows 10 will still keep a record of your past location history. To clear your location history, scroll to "Location History" and click Clear. Even if you use location tracking, you might want to clear your history regularly; there's no automated way to have it cleared. Turn off Timeline The Windows 10 April 2018 Update introduced a new feature called Timeline that lets you review and then resume activities and open files you’ve started on your Windows 10 PC, as well as any other Windows PCs and devices you have. So, for example, you’ll be able to switch between a desktop and laptop and from each machine resume activities you’ve started on either PC. In order to do that, Windows needs to gather information about all your activities on each of your machines. If that worries you, it’s easy to turn Timeline off. To do it, go to Settings > Privacy > Activity History and uncheck the boxes next to “Store my activity history on this device” and “Send my activity history to Microsoft.” IDG Here’s how to turn off Timeline so that Microsoft doesn’t gather information about your activities on your PC. At that point, Windows 10 no longer gathers information about your activities. However, it still keeps information about your old activities and shows them in your Timeline on all your PCs. To get rid of that old information, in the “Clear activity history” section of the screen, click “Manage my Microsoft account activity data.” You’ll be sent to Microsoft’s Privacy Dashboard, where you can clear your data. See the section later in this article on how to use the privacy dashboard to do that. Note that you’ll have to take these steps on all of your PCs to turn off the tracking of your activities. Curb Cortana Cortana is a very useful digital assistant, but there's a tradeoff in using it: To do its job well, it needs to know things about you such as your home location, place of work and the times and route you take to commute there. If you’re worried it will invade your privacy by doing that, there are a number of things you can do to limit the information Cortana gathers about you. Start by opening Cortana settings: place your cursor in the Windows search box and click the Cortana settings icon (it looks like a gear) that appears in the left pane. On the screen that appears, select Permissions & History. Click “Manage the information Cortana can access from this device,” and on the screen that appears, turn off Location so that Cortana won’t track and store your location. Then turn off “Contacts, email, calendar & communication history.” That will stop the assistant from gathering information about your meetings, travel plans, contacts and more. But it will also turn off Cortana’s ability to do things such as remind you about meetings and upcoming flights. Towards the bottom of the screen, turn off “Browsing history” so that Cortana won’t keep your browsing history. To stop Cortana from gathering other types of information, head to the Cortana’s Notebook section of Microsoft's Privacy Dashboard. You’ll see a variety of personal content, ranging from finance to flights, news, sports, and much more. Click the content you want Cortana to stop tracking, then follow the instructions for deleting it. If you want to delete all the data Cortana has gathered about you, click “Clear Cortana data” on the right side of the screen. IDG Here’s how to delete all the information Cortana has gathered about you. There’s some bad news for those who want to ditch Cortana completely: Back when the Windows 10 Anniversary Update was released in August 2016, the easy On/Off setting for turning it off was taken away. However, that doesn't mean you can't turn Cortana off — it just takes more work. If you use any version of Windows 10 other than the Home version, you can use the Group Policy Editor to turn it off. Launch the Group Policy Editor by typing gpedit.msc into the search box. Then navigate to Computer Configuration > Administrative Templates > Windows Components > Search > Allow Cortana. Set it to “disabled.” If you have the Home version, you'll have to muck around in the Registry. Before doing that, though, create a Restore Point, so that you can recover if anything goes wrong. Once you've done that: 1. Type regedit into the search box and press Enter to run the Registry Editor. 2. Go to the key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Windows Search. (If the Windows Search key doesn't appear in the Registry Editor, go to HKEY _LOCAL_MACHINE\Software\Policies\Microsoft\Windows. Right-click the key and select New > Key. It will be given a name such as New Key #1. Right-click it, select Rename, and then type Windows Search into the box.) 3. Create the DWORD value AllowCortana by right-clicking Windows Search and selecting New > DWORD (32-bit) Value. Type AllowCortana in the Name field. 4. Double-click the AllowCortana value. Type 0 in the Value data box. 5. Click OK. You'll have to sign out of your Windows account and sign back in again (or restart Windows) to make the setting take effect. Ditch a Microsoft account for a local account When you use your Microsoft account to log into Windows 10, you’re able to sync your settings with all Windows devices. So, for example, when you make changes to your settings on a desktop PC, those changes will also be made on your laptop the next time you log in. But maybe you don’t want Microsoft to store that information about you. And maybe you want to cut your ties as much as possible to anything Microsoft stores about you. If that’s the case, your best bet is to stop using your Microsoft account and instead use a local account. It’s simple to do. Go to Settings > Accounts and select “Sign in with a local account instead.” A wizard launches. Follow its instructions to create and use a local account. Keep in mind that when you do this, you won’t be able to use Microsoft’s OneDrive storage or download and install for-pay apps from the Windows Store. You can, however, download and install free apps from the Windows Store. Change your app permissions Windows apps have the potential to invade your privacy — they can have access to your camera, microphone, location, pictures and videos. But you can decide, in a very granular way, what kind of access each app can have. To do this, go to Settings > Apps. Below “Apps & features” you’ll see a list of your installed apps. Click the app whose permissions you want to control, then click Advanced options and set the app's permissions by toggling them either on or off. IDG Setting permissions for the Fitbit app. Note, though, that very few apps have an “Advanced options” link. And of those that do, not all let you customize your app permissions. However, there’s another way to change app permissions. To do it, go to Settings > Privacy and look under the “App permissions” section on the left-hand side of the page. You’ll see a list of all of Windows’ hardware, capabilities and features that apps can access if they’re given permission — location, camera, microphone, notifications, account info, contacts and so on. Click any of the listed items — for example, Microphone. At the top of the page that appears, you can turn off access to the microphone for all apps. Below that you’ll see a listing of all the apps with access to the microphone, where you can control access on an app-by-app basis. Any app with access has a slider that is On. To stop any app from having access, move the slider to Off. Control and delete diagnostic data As you use Windows 10, data is gathered about your hardware and what you do when you use Windows. Microsoft says that it collects this data as a way to continually improve Windows and to offer you customized advice on how to best use Windows. That makes plenty of people uncomfortable. If you’re one of them, you can to a certain extent control what kind of diagnostic data is gathered about you. To do it, head to Settings > Privacy > Diagnostics & Feedback. In the Diagnostic data section, you can choose between two levels of diagnostic data to be gathered. Note that there’s no way to stop Microsoft from gathering diagnostic data entirely. Here are your two choices: Basic: This sends information to Microsoft “about your device, its settings and capabilities, and whether it is performing properly.” If you’re worried about your privacy, this is the setting to choose. Full: This sends the whole nine yards to Microsoft: “all Basic diagnostic data, along with info about the websites you browse and how you use apps and features, plus additional info about device health, device usage, and enhanced error reporting.” If you’re worried about your privacy, don’t make this choice. IDG Go here to control what diagnostic data Windows 10 gathers. Next, scroll down to the “Tailored experiences” section and move the slider to Off. This won’t affect the data Microsoft gathers, but it will turn off targeted ads and tips that are based on that information. So while it won’t enhance your privacy, you’ll at least cut down on the annoyance factor. Now scroll a bit further down and in the “Delete diagnostic data” section, click Delete. That will delete all the diagnostic data Microsoft has gathered about you. However, after you delete it, Microsoft will start gathering the data again. Finally on this screen, consider scrolling up to the “Improve inking & typing recognition” section and moving the slider to Off. That will stop Windows 10 from sending to Microsoft the words you input using the keyboard and inking. One final note about diagnostic data. You may have heard about a tool Microsoft has been hyping, called the Diagnostic Data Viewer, which you can download from the Microsoft Store. Microsoft claims it lets you see exactly what kind of diagnostic data Microsoft gathers about you. Don’t believe it. It’s something only a programmer could love — or understand. You won’t be able to use it to clearly see the diagnostic data Microsoft collects. Instead, you’ll scroll or search through incomprehensible headings such as “TelClientSynthetic.PdcNetworkActivation_4” and “Microsoft.Windows.App.Browser.IEFrameProcessAttached” with no explanation of what it means. Click any heading, and you’ll find even more incomprehensible data. Use Microsoft’s Privacy Dashboard Microsoft has built an excellent, little-known web tool called the Privacy Dashboard that lets you track and delete a lot of information Microsoft gathers about you. To get to it, go to https://account.microsoft.com/privacy/. As covered earlier in this story, here you can turn off ad targeting and limit the data gathered in Cortana’s Notebook. You can also view and delete your browsing history, search history, location activity, voice activity, media activity, LinkedIn activity, and a lot more. (Note that for you browsing and search history, it only tracks your activity when you use Microsoft Edge or Internet Explorer. It doesn’t track data when you use other browsers, like Chrome or Firefox. And it only tracks your location history when you’re using Microsoft devices, not those that use iOS or Android.) IDG Microsoft’s little-known Privacy Dashboard is a great place to delete much of the information Microsoft gathers about you. Using it is a breeze. Simply head to the information you want to view and clear, then click the “View and Clear…” button. You’ll see all your activity in that category, and be able to delete individual instances (such as a single web search, for example), or all of it at once. Get granular in the Settings app All this shouldn't take that long and will do a great deal to protect your privacy. However, if you want to dig even deeper into privacy protections, there's something else you can do. Launch the Settings app and click Privacy. On the left-hand side of the screen, you'll see the various areas where you can get even more granular about privacy — for example, in the Windows permissions section you can change your global privacy options for things such as speech recognition and inking. And here’s where you’ll get access to all app permissions, as outlined earlier in this article. These steps can take you a long way towards making sure that Windows 10 doesn't cross the line into gathering data you'd prefer remain private. This article was originally published in January 2016 and most recently updated in April 2019. Source: How to protect your privacy in Windows 10 (Computerworld - Preston Gralla)
  12. Wilson Drake

    Happy Safer Internet Day 2019

    This year lets all raise our hands to make Internet a safer place on Safer Internet Day
  13. Privacy: Several States Consider New Laws After California Takes Bold Action, Other States Ponder Privacy Protection Measures Several U.S. states, including Oregon, North Carolina, Virginia and Washington, are considering new legislation to shore up consumer data privacy laws in the wake of California passing strict privacy requirements last year. See Also: Key Drivers to Enable Digital Transformation in Financial Services The European Union's General Data Protection Regulation, which has been enforced since last May, is inspiring renewed efforts worldwide, including at the federal and state levels in the United States, to boost privacy protections. Democrats in Congress have once again introduced national breach notification and privacy legislation, but many previous efforts to pass similar measures have failed (see: Democratic Senators Introduce Security Legislation). Meanwhile, federal regulators are considering changes in HIPAA aimed at reducing "regulatory burdens," including ways to improve secure data sharing for patient care coordination, by, for example, easing certain privacy requirements (see: HHS Seeks Feedback on Potential HIPAA Changes). State Proposals Rather than wait for Congress or federal regulators to take action, more states are considering a variety of measures designed to strengthen consumer data protections. For example, Oregon is considering a bill that would prohibit the sale of de-identified protected health information without first obtaining a signed authorization from an individual. The measure also would provide patients the right to be paid for authorizing the de-identification of their PHI for sale to third parties, such as for research and other uses. In North Carolina, pending legislation would strengthen ID theft/fraud protections. Under the proposal, ransomware attacks would be considered a security breach, and a breached entity would need to notify the state attorney general's office within 30 days. In Virginia, a bill proposes new requirements for businesses related to disposal of certain consumer records. It also features new requirements for manufacturers pertaining to the design and maintenance of devices that connect to the internet. A business would be required to "take all reasonable steps to dispose of, or arrange for the disposal of, consumer records." But that provision would not apply to HIPAA covered entities and business associates, because HIPAA has its own disposal requirements. And Washington is considering a bill that would require companies that collect personal data to be transparent about the type of data being collected, whether consumer data is sold to data brokers, and upon request from a consumer, delete the consumer's personal data without undue delay. These provisions are very similar to requirements in the EU's GDPR. GDPR as Inspiration "The European Union recently updated its privacy law through the passage and implementation of the General Data Protection Regulation, affording its residents the strongest privacy protections in the world," the Washington bill notes. "Washington residents deserve to enjoy the same level of robust privacy safeguards." "We may find that there is a sufficient number of these new proposals that there will be an additional push to implement a federal law that applies a common standard." —Kirk Nahra, Wiley Rein California's new law enacted last year also requires businesses to disclose the purpose for collecting or selling the information, as well as the identity of the third-party organizations receiving the data. Consumers can also request data be deleted and initiate civil action if they believe that an organization has failed to protect their personal data (see California's New Privacy Law: It's Almost GDPR in the U.S.). "The California Consumer Privacy Act was passed last year and compliance is required next year, but 2019 is when California's attorney general compliance guidance is expected, and legislative fixes may be needed," says privacy attorney Adam Greene of the law firm David Wright Tremaine. "Each of the 50 states now has its own breach notification laws, with nearly one-half adopting data security and/or data disposal requirements to protect consumers' personally identifiable information from unauthorized disclosure," says privacy attorney David Holtzman, vice president of compliance at security consultancy CynergisTek. "While most states are not taking a sectorial approach to the type of PII that must be protected, New York, Ohio and South Carolina have adopted cybersecurity requirements that target industries that include health plans and insurers," he adds. "A theme seen in state legislation to update breach notification laws in recent years is to set shorter notification periods. Some argue that this would give consumers more time to take action to protect themselves against the threat of financial fraud or identity theft by notifying major credit reporting agencies." Under Pressure Privacy attorney Kirk Nahra of the law firm Wiley Rein notes: "The states continue to examine the possibilities for increasing privacy and data security protections, both in currently regulated areas and in situations where federal law is not directly applicable through a specific law or regulation." Could all the various state activity put more pressure on Congress to adopt national privacy legislation? "We may find that there is a sufficient number of these new proposals that there will be an additional push to implement a federal law that applies a common standard - although that is still a long way away," Nahra says. "And one of the critical elements of the debate will be how to handle these state laws." Nahra expects other states, "including some traditional red states," will introduce privacy legislation. A Downside? New state privacy laws can potentially have adverse effects, Nahra contends. For example, the Oregon proposal tightening up permitted uses of de-identified PHI "might seem appealing at first blush but actually would primarily have negative impacts," he claims. The Oregon proposal, he argues, "would reduce any of the useful research, public health and other benefits that are provided by de-identified information today, and would at the same time create privacy and security risks for individuals by forcing companies to retain a link between the de-identified data and an identifiable individual. "So, we see potential risks from some of these proposals, particularly where they move through a more chaotic and sometimes less thoughtful state legislative debate." Greene says the Oregon legislation would be difficult to implement. "For example, de-identified data may be created for multiple purposes, some of which might require authorization under the law," he notes. "Identifying what is the true purpose may be challenging. Also, it is not clear whether aggregate data, which is no longer at a person-by-person level, qualifies as de-identified data that may be subject to the law." Source
  14. Psiphon Pro By Psiphon Inc. This is the pro version of Psiphon which is a secure VPN application for Android. The application allows you to navigate freely on the internet. You will be connected to all hindered sites that are blocked due to censorship or other factors. You will also be safe when you do this. You will be able to connect to any site that has been exposed to Psyphon Pro and has blocked access. Psiphon’s work structure is quite simple. As with other VPN applications, a tunnel opens and you appear to be connecting through other countries. Whether you want to use the application only on the browser, you can use it in all applications. One of the features that Psiphon has provided is the ability to display your internet traffic. If you want to use the internet for free, Psiphon is for you. Site: https://workupload.com Sharecode: /file/twX2cTvJ Site: https://file.bz Sharecode: /UcD2R2rfb2/Psiphon_Pro_214_apk
  15. The VPN industry has exploded over the past few years. Fuelled by a greater awareness of online security, a desire to watch geo-restricted content, and yes, piracy, more people are hiding their online identities than ever. But did you know that many VPN providers are owned by the same few companies? A report from The Best VPN, shared exclusively with TNW, looks at five companies in particular — Avast, AnchorFree, StackPath, Gaditek and Kape Technologies. It found that over the past few years, these companies have acquired a total of 19 smaller players in the VPN space, including HideMyAss and CyberGhost VPN. AnchorFree The company with the most brands under its belt is AnchorFree. That’s not surprising since it’s the only firm on our list founded primarily to serve the VPN market. While the other three companies on the list own well-known and established VPN products, they also have a lot of other interests, particularly when it comes to information security services and products. The Best VPN was able to draw links between AnchorFree and seven smaller VPN brands. These include Hotspot Shield, Betternet, TouchVPN, VPN in Touch, Hexatech, VPN 360, and JustVPN. The report notes that AnchorFree isn’t consistently transparent when it comes to telling consumers what brands it owns. While some products carry the AnchorFree logo clearly (like Hotspot Shield), others require you to dig deep into the site’s terms-and-condition to find out who owns what StackPath The next company on the list is StackPath. The Best VPN describes it as a “huge cyber-security company,” and that’s accurate. The firm has raised over $180 million, with revenues of more than $157 million in 2017. Driving this success is a Batman’s utility-belt’s worth of sub-brands and products. These include several VPN brands (like IPVanish, StrongVPN, Encrypt.me), as well as CDN, cloud computing, and information security products. StackPath also provides the infrastructure required to launch a VPN service to other brands, thanks to its WLVPN service. This powers Pornhub’s VPN offering (predictably called VPNHub), as well as Namecheap VPN. Avast Avast is a Czech cybersecurity firm best known for its free antivirus software. Over the years, the company has quietly carved itself out a respectable position within the competitive VPN market. It owns three brands: HideMyAss, Avast Secureline VPN, AVG Secure VPN, and Zen VPN. It’s interesting to note that Avast got its hands on two of these products — namely HideMyAss and AVG Secure VPN — through its $1.3 billion acquisition of AVG Software in 2016. Kape and Gaditek With only two VPN brands apiece, Kape and Gaditek are the smallest companies on this list, but they couldn’t be any more different. Kape is primarily an investment vehicle focusing on the tech sector, and is listed on the London Stock Exchange. Gaditek, on the other hand, is a sprightly Pakistani startup based in the bustling city of Karachi. The jewel in Kape’s crown is Romania’s CyberGhost VPN, which it acquired for €9.2 million (roughly $9.7 million) in March, 2017. The following year, it bought another top-tier VPN provider, ZenMate. ZenMate claims more than 40 million users. Gaditek, on the other hand, focuses on the budget end of the market. It owns PureVPN and Ivacy, both of which offer ultra-affordable plans. Does this matter? There’s nothing wrong, or even especially inappropriate, about a larger player acquiring smaller rivals. Just look at Google, a company that has acquired more than 200 companies over its 20 year life. Acquisitions are the heart and soul of the technology business. But that doesn’t explain why the VPN market is so fragmented, with hardly any brands absorbed into their larger owners. Liviu Arsene, Senior E-threat analyst at Bitdefender, suggests that this merely reinforces the sense of privacy that’s vital for the success of a VPN product. Arsene also argued that allowing VPN providers to retain their independence after an acquisition could allow them to remain agile and innovative. “Large VPN providers that operate a single large-scale infrastructure have a harder time integrating new privacy-driven technologies because of compatibility, integration, and deployment issues,” he said. “The VPN industry is all about having as many servers around the world as possible, in order to ensure both availability and coverage for their customers. Acquiring smaller VPN companies and allowing them to operate independently makes sense because these infrastructures need to be agile, flexible, dynamic, and constantly integrating new privacy-drive technologies in order to allow for more privacy for their clients,” Arsene added. This argument was echoed by a representative from Hide.me, who also suggested that having separate providers allows larger VPN conglomerates to target all segments of the market. “It is more profitable to obtain users through the acquisition of smaller VPN providers than to obtain those users by using standard marketing channels. Once they have that access, they are using a smaller brand for test runs of different business models without direct harm to the mainstream brand. Usually, acquired smaller VPN providers have another price structure than the main brand, and they can cover a more significant chunk of the market,” they explained. Original post : https://thenextweb.com/tech/2019/01/23/youd-be-surprised-how-many-vpns-are-owned-by-the-same-company/ By: MATTHEW HUGHES
  16. New survey finds Americans want online services to collect less of their data According to a new survey from the Center for Data Innovation, only one in four Americans want online services such as Google and Facebook to collect less of their data if it means they would have to start paying a monthly subscription fee. Other surveys have gauged Americans' ideas regarding online privacy but few have asked about such tradeoffs which is why the organisation decided to test their reactions to a series of likely consequences of reducing online data collection. The survey found that when potential tradeoffs were not part of the question, approximately 80 per cent of Americans agreed they would like Google, Facebook and other online services to collect less of their data. However, support waned once respondents considered these tradeoffs. Initial agreement dropped by six per cent when respondents were asked whether they would like online services to collect less data even if it meant seeing ads that are less useful. Support dropped by 27 per cent when they considered whether the would like less data collection even it means seeing more ads than before. Collecting user data The largest drop in support by 53 per cent arose when respondents were asked whether they would like online services to collect less data if it meant they had to pay a monthly subscription fee with only 27 per cent agreeing with reducing data collection in this circumstance. The Center for Data Innovation's survey also gauged American's willingness to have online services collect more data in exchange for various benefits. The survey found when potential benefits were not part of the question, approximately 74 per cent of Americans are opposed to having online services collect more of their data. This figure decreased by 11 per cent when respondents considered whether they would like online services to collect more data if it meant seeing ads that were more useful. The largest decrease in opposition (18%) occurred when they were asked whether they would like online services to collect more of their data if it meant getting more free apps and services with 16 per cent supporting such a tradeoff, 63 per cent opposed and the remaining respondents did not take a position on the issue. Source
  17. The vast majority of televisions available today are "smart" TVs, with internet connections, advertising placement, and streaming services built in. Despite the added functionality, TV prices are lower than ever — especially from companies like TCL and Vizio, which specialize in low-cost, high-tech smart TVs. There's a simple reason that smart TVs are priced so low: Some TV makers collect user data and sell it to third parties. Did you get a 4K, HDR-capable TV this past holiday, perhaps on sale? Millions of Americans did. Massive TVs with razor-thin frames, brilliant image quality, and built-in streaming services are more affordable than ever thanks to companies like Vizio and TCL. If you want a 65-inch 4K smart TV with HDR capability, one can be purchased for below $500 — a price that may seem surprisingly low for such a massive piece of technology, nonetheless one that's likely to live in your home for years before you upgrade. But that low price comes with a caveat most people probably don't realize: Some manufacturers collect data about users and sell that data to third parties. The data can include the types of shows you watch, which ads you watch, and your approximate location. The Roku TV interface on TCL's smart TVs comes with a prominent ad placement on the home screen. A recent interview on The Verge's podcast with Vizio's chief technology officer, Bill Baxter, did a great job illuminating how this works. "This is a cutthroat industry," Baxter said. "It's a 6% margin industry. The greater strategy is I really don't need to make money off of the TV. I need to cover my cost." More specifically, companies like Vizio don't need to make money from every TV they sell. Smart TVs can be sold at or near cost to consumers because Vizio is able to monetize those TVs through data collection, advertising, and selling direct-to-consumer entertainment (movies, etc.). Or, as Baxter put it: "It's not just about data collection. It's about post-purchase monetization of the TV." And there are a few ways to monetize those TVs after the initial purchase. On TCL's Roku TVs, users can opt out of the full scope of ad tracking. How much you're able to block yourself from data tracking varies by TV manufacturer. "You sell some movies, you sell some TV shows, you sell some ads, you know," he said. "It's not really that different than the Verge website." It's those additional forms of revenue that help make the large, beautiful smart TVs from companies like Vizio and TCL so affordable. Without that revenue stream, Baxter said, consumers would be paying more up front. "We'd collect a little bit more margin at retail to offset it," he said. The exchange is fascinating and worth listening to in full — check it out right here. Source
  18. The news was first reported by the German newspaper Bild am Sonntag, German regulators are going to request Facebook changes in its platforms aimed at protecting privacy and personal data of its users. The German watchdog want to ask the social network giant to change the way it collects and shares users’ personal data to be compliant with privacy laws. The Federal Cartel Office is monitoring Facebook’s conduct since at least 2015, focusing on the way the company gathers data and share it with third-party apps, including WhatsApp, Instagram. “Germany’s antitrust watchdog plans to order Facebook to stop gathering some user data, a newspaper reported on Sunday.” reported the Reuters. “The Federal Cartel Office, which has been investigating Facebook since 2015, has already found that the social media giant abused its market dominance to gather data on people without their knowledge or consent.” Cambridge Analytica privacy scandal and misinformation campaigns carried out by Russia-linked APT groups raised discussion about the importance of monitoring the activity of the social network. At the time, it is not clear how Facebook will have to comply with the German request. Experts believe the German watchdog will set a deadline for compliance rather than urging to immediately apply the changes. “A Facebook spokeswoman said the company disputes the watchdog’s findings and will continue to defend this position.” concludes the Reuters. Source
  19. Prevent Facebook from tracking you around the web. The Facebook Container extension for Firefox helps you take control and isolate your web activity from Facebook. What does it do? Facebook Container works by isolating your Facebook identity into a separate container that makes it harder for Facebook to track your visits to other websites with third-party cookies. How does it work? Installing this extension closes your Facebook tabs, deletes your Facebook cookies, and logs you out of Facebook. The next time you navigate to Facebook it will load in a new blue colored browser tab (the “Container”). You can log in and use Facebook normally when in the Facebook Container. If you click on a non-Facebook link or navigate to a non-Facebook website in the URL bar, these pages will load outside of the container. Clicking Facebook Share buttons on other browser tabs will load them within the Facebook Container. You should know that using these buttons passes information to Facebook about the website that you shared from. Which website features will not function? Because you will be logged into Facebook only in the Container, embedded Facebook comments and Like buttons in tabs outside the Facebook Container will not work. This prevents Facebook from associating information about your activity on websites outside of Facebook to your Facebook identity. In addition, websites that allow you to create an account or log in using your Facebook credentials will generally not work properly. Because this extension is designed to separate Facebook use from use of other websites, this behavior is expected. What does Facebook Container NOT protect against? It is important to know that this extension doesn’t prevent Facebook from mishandling the data that it already has, or permitted others to obtain, about you. Facebook still will have access to everything that you do while you are on facebook.com, including your Facebook comments, photo uploads, likes, any data you share with Facebook connected apps, etc. Rather than stop using a service you find valuable, we think you should have tools to limit what data others can obtain. This extension focuses on limiting Facebook tracking, but other ad networks may try to correlate your Facebook activities with your regular browsing. In addition to this extension, you can change your Facebook settings, use Private Browsing, enable Tracking Protection, block third-party cookies, and/or use Firefox Multi-Account Containers extension to further limit tracking. What data does Mozilla receive from this extension? Mozilla does not collect data from your use of the Facebook Container extension. We do receive the number of times the extension is installed or removed. Learn more Other Containers Facebook Container leverages the Containers feature that is already built in to Firefox. When you enable Facebook Container, you may also see Containers named Personal, Work, Shopping, and Banking while you browse. If you wish to use multiple Containers, you’ll have the best user experience if you install the Firefox Multi-Account Containers extension. Learn more about Containers on our support site. Known Issues When Facebook is open and you navigate to another website using the same tab (by entering an address, doing a search, or clicking a bookmark), the new website will be loaded outside of the Container and you will not be able to navigate back to Facebook using the back button in the browser. NOTE: If you are a Multi-Account Containers user who has already assigned Facebook to a Container, this extension will not work. In an effort to preserve your existing Container set up and logins, this add-on will not include the additional protection to keep other sites out of your Facebook Container. If you would like this additional protection, first unassign facebook.com in the Multi-Account Container extension, and then install this extension. What version of Firefox do I need for this? This extension works with Firefox 57 and higher on Desktop. Note that it does not work on other browsers and it does not work on Firefox for mobile. If you believe you are using Firefox 57+, but the install page is telling you that you are not on a supported browser, you can try installing by selecting or copying and pasting this link. (This may be occurring because you have set a preference or installed an extension that causes your browser to obscure its user agent for privacy or other reasons.) How does this compare to the Firefox Multi-Account Containers extension? Facebook Container specifically isolates Facebook and works automatically. Firefox Multi-Account Containers is a more general extension that allows you to create containers and determine which sites open in each container. You can use Multi-Account Containers to create a container for Facebook and assign facebook.com to it. Multi-Account Containers will then make sure to only open facebook.com in the Facebook Container. However, unlike Facebook Container, Multi-Account Containers doesn’t prevent you from opening non-Facebook sites in your Facebook Container. So users of Multi-Account Containers need to take a bit extra care to make sure they leave the Facebook Container when navigating to other sites. In addition, Facebook Container assigns some Facebook-owned sites like Instagram and Messenger to the Facebook Container. With Multi-Account Containers, you will have to assign these in addition to facebook.com. Facebook Container also deletes Facebook cookies from your other containers on install and when you restart the browser, to clean up any potential Facebook trackers. Multi-Account Containers does not do that for you. Report Issues If you come across any issues with this extension, please let us know by filing an issue here. Thank you! ----- Release Notes: This release also asks for permission to clear recent browsing history, so we can improve its protection and its integration with Multi-Account Containers. 83ae8bf fix #183: Can't search Google/other sites with string "fbclid". Add-on's Permissions: This add-on can: Access your data for all websites Clear recent browsing history, cookies, and related data Monitor extension usage and manage themes Access browser tabs ----- Homepage/Download https://addons.mozilla.org/en-US/firefox/addon/facebook-container/
  20. malakai1911

    Comprehensive Security Guide

    Comprehensive Security Guide NOTE: As of 1/1/2019 this guide is out of date. Until parts are rewritten, consider the below for historical reference only. i. Foreword The primary purpose of this guide is to offer a concise list of best-of-breed software and advice on selected areas of computer security. The secondary purpose of this guide is to offer limited advice on other areas of security. The target audience is an intermediately skilled user of home computers. Computer software listed are the freeware versions when possible or have free versions available. If there are no free versions available for a particular product, it is noted with the "$" symbol. The guide is as well formatted as I could make it, within the confines of a message board post. ii. Table of Contents i. Foreword ii. Table of Contents 1. Physical Security a. Home b. Computer c. Personal 2. Network Security a. Hardware Firewall b. Software Firewall 3. Hardening Windows a. Pre-install Hardening b. Post-install Hardening c. Alternative Software d. Keep Windows Up-To-Date 4. Anti-Malware a. Anti-Virus b. HIPS / Proactive Defense c. Malware Removal 5. Information and Data Security a. Privacy / Anonymity b. Encryption c. Backup, Erasure and Recovery d. Access Control (Passwords, Security Tokens) 6. Conclusion 1. Physical Security I just wanted to touch on a few things in the realm of physical security, and you should investigate physical and personal security in places other than here. a. Home How would you break in to your own home? Take a close look at your perimeter security and work inwards. Make sure fences or gates aren't easy to climb over or bypass. The areas outside your home should be well lit, and motion sensor lights and walkway lights make nice additions to poorly lit areas. If possible, your home should have a security system featuring hardwired door and window sensors, motion detectors, and audible sirens (indoor and outdoor). Consider integrated smoke and carbon monoxide detectors for safety. Don't overlook monitoring services, so the police or fire department can be automatically called during an emergency. Invest in good locks for your home, I recommend Medeco and Schlage Primus locks highly. Both Medeco and Schlage Primus locks are pick-resistant, bump-proof, and have key control (restricted copying systems). Exterior doors should be made of steel or solid-core wood and each should have locking hardware (locking doorknob or handle), an auxiliary lock (mortise deadbolt) with a reinforced strike plate, and a chain. Consider a fireproof (and waterproof) safe for the storage of important documents and valuables. A small safe can be carried away during a robbery, and simply opened at another location later, so be sure and get a safe you can secure to a physical structure (in-wall, in-floor, or secured to something reasonably considered immovable). You may be able to hide or obscure the location of your safe in order to obtain some additional security, but don't make it cumbersome for yourself to access. b. Computer Computers are easy to just pick up and take away, so the only goal you should have is to deter crimes of opportunity. For desktop computers, you may bring your desktop somewhere and an attacker may not be interested in the entire computer, but perhaps just an expensive component (video card) or your data (hard drive), and for that I suggest a well-built case with a locking side and locking front panel. There are a variety of case security screws available (I like the ones from Enermax (UC-SST8) as they use a special tool), or you can use screws with less common bits (such as tamper resistant Torx screws) to secure side panels and computer components. There are also cable lock systems available for desktop computers to secure them to another object. For laptop computers, you are going to be primarily concerned about a grab-and-go type robbery. There are a variety of security cables available from Kensington, which lock into the Kensington lock slot found on nearly all laptops, which you can use to secure it to another object (a desk or table, for example). Remember though, even if it's locked to something with a cable, it doesn't make it theft-proof, so keep an eye on your belongings. c. Personal Always be aware of your surroundings. Use your judgment, if you feel an area or situation is unsafe, avoid it altogether or get away as quickly and safely as possible. Regarding hand to hand combat, consider a self-defense course. Don't screw around with traditional martial arts (Karate, Aikido, Kung-Fu), and stay away from a McDojo. You should consider self-defense techniques like Krav Maga if you are serious about self defense in a real life context. I generally don't advocate carrying a weapon on your person (besides the legal mess that may be involved with use of a weapon, even for self-defense, an attacker could wrestle away a weapon and use it against you). If you choose to carry any type of weapon on your person for self-defense, I advise you to take a training course (if applicable) and to check with and follow the laws within the jurisdiction you decide to possess or carry such weapons. Dealing with the Police Be sure to read Know Your Rights: What to Do If You're Stopped by the Police a guide by the ACLU, and apply it. Its advice is for within the jurisdiction of the US but may apply generally elsewhere, consult with a lawyer for legal advice. You should a;so watch the popular video "Don't talk to the police!" by Prof. James Duane of the Regent University Law School for helpful instructions on what to do and say when questioned by the police: (Mirror: regent.edu) Travelling Abroad Be sure and visit the State Department or Travel Office for your home country before embarking on a trip abroad. Read any travel warnings or advisories, and they are a wealth of information for travelers (offering guides, checklists, and travel advice): (US, UK, CA). 2. Network Security As this is a guide geared towards a home or home office network, the central theme of network security is going to be focused around having a hardware firewall behind your broadband modem, along with a software firewall installed on each client. Since broadband is a 24/7 connection to the internet, you are constantly at risk of attack, making both a hardware and software firewall absolutely essential. a. Hardware Firewall A hardware firewall (router) is very important. Consider the hardware firewall as your first line of defense. Unfortunately, routers (usually) aren't designed to block outbound attempts from trojans and viruses, which is why it is important to use a hardware firewall in conjunction with a software firewall. Be sure that the firewall you choose features SPI (Stateful Packet Inspection). Highly Recommended I recommend Wireless AC (802.11ac) equipment, as it is robust and widely available. Wireless AC is backwards compatible with the earlier Wireless N (802.11n) G (802.11g) and B (802.11b) standards. 802.11ac supports higher speeds and longer distances than the previous standards, making it highly attractive. I generally recommend wireless networking equipment from Ubiquiti or Asus. Use WPA2/WPA with AES if possible, and a passphrase with a minimum of 12 characters. If you are really paranoid, use a strong random password and remember to change it every so often. Alternatives A spare PC running SmoothWall or IPCop, with a pair of NIC's and a switch can be used to turn a PC into a fully functional firewall. b. Software Firewall A software firewall nicely compliments a hardware firewall such as those listed above. In addition to protecting you from inbound intrusion attempts, it also gives you a level of outbound security by acting as a gateway for applications looking to access the internet. Programs you want can access the internet, while ones you don't are blocked. Do not use multiple software firewalls simultaneously. You can actually make yourself less secure by running two or more software firewall products at once, as they can conflict with one another. Check out Matousec Firewall Challenge for a comparison of leak tests among top firewall vendors. Leaktests are an important way of testing outbound filtering effectiveness. Highly Recommended Comodo Internet Security Comodo is an easy to use, free firewall that provides top-notch security. I highly recommend this as a first choice firewall. While it includes Antivirus protection, I advise to install it as firewall-only and use an alternate Antivirus. Alternatives Agnitum Outpost Firewall Free A free personal firewall that is very secure. Be sure to check out the Outpost Firewall Forums, to search, and ask questions if you have any problems. Online Armor Personal Firewall Free Online Armor Personal Firewall makes another great choice for those who refuse to run Comodo or Outpost. Online Armor 3. Hardening Windows Windows can be made much more secure by updating its components, and changing security and privacy related settings. a. Pre-install Hardening Pre-install hardening has its primary focus on integrating the latest available service packs and security patches. Its secondary focus is applying whatever security setting tweaks you can integrate. By integrating patches and tweaks, you will be safer from the first boot. Step 1 - Take an original Windows disc (Windows 7 or later) and copy it to a folder on your hard drive so you can work with the install files. Step 2 - Slipstream the latest available service pack. Slipstreaming is a term for integrating the latest service pack into your copy of windows. Step 3 - Integrate the latest available post-service pack updates. This can be done with a utility such as nLite or vLite, and post-service pack updates may be available in an unofficial collection (such as the RyanVM Update Pack for XP). Step 4 - Use nLite (Windows 2000/XP) or vLite (Windows Vista/7) to customize your install. Remove unwanted components and services, and use the tweaks section of nLite/vLite to apply some security and cosmetic tweaks. Step 5 - Burn your newly customized CD, and install Windows. Do not connect the computer to a network until you install a software firewall and anti-virus. b. Post-Install Hardening If you have followed the pre-install hardening section, then your aim will be to tweak settings to further lock down windows. If you hadn't installed from a custom CD, you will need to first update to the latest service pack, then install incremental security patches to become current. After updating, you'll then disable unneeded Windows services, perform some security tweaks, and use software such as xpy to tweak privacy options. Disable Services Start by disabling unneeded or unnecessary services. By disabling services you will minimize potential security risks, and use fewer resources (which may make your system slightly faster). Some good guides on disabling unnecessary services are available at Smallvoid: Windows 2000 / Windows XP / Windows Vista. Some commonly disabled services: Alerter, Indexing, Messenger, Remote Registry, TCP/IP NetBIOS Helper, and Telnet. Security Tweaks I highly recommend using a strong Local Security Policy template as an easy way to tweak windows security options, followed by the registry. Use my template (security.inf) to easily tweak your install for enhanced security (Windows 2000/XP/Vista/7): 1. Save the following attachment: (Download Link Soon!) 2. Extract the files. 3. Apply the Security Policy automatically by running the included "install.bat" file. 4. (Optional) Apply your policy manually using the following command: [ secedit /configure /db secedit.sdb /cfg "C:\<Path To Security.inf>\<template>.inf" ] then refresh your policy using the following the command:[ secedit /refreshpolicy machine_policy ] (Windows 2000), [ gpupdate ] (Windows XP/Vista/7) This template will disable automatic ("administrative") windows shares, prevent anonymous log on access to system resources, disable (weak) LM Password Hashes and enable NTLMv2, disable DCOM, harden the Windows TCP/IP Stack, and much more. Unfortunately my template can't do everything, you will still need to disable NetBIOS over TCP (NetBT), enable Data Execution Prevention (AlwaysOn), and perform other manual tweaks that you may use. Privacy Tweaks xpy (Windows 2000/XP) and vispa (Windows Vista/7) These utilities are great for modifying privacy settings. They supersede XP AntiSpy because they include all of XP Anti-Spy's features and more. You should use them in conjunction with the security tweaks I've listed above. c. Alternative Software Another simple way of mitigating possible attack vectors is to use software that is engineered with better or open security processes. These products are generally more secure and offer more features then their Microsoft counterparts. Highly Recommended Google Chrome (Web Browser) Mozilla Thunderbird (Email Client) OpenOffice.org (Office Suite) Alternatives Mozilla Firefox (Web Browser) Google Docs (Online) (Office Suite) Firefox Additions Mozilla has a Privacy & Security add-on section. There are a variety of add-ons that may appeal to you (such as NoScript). And although these aren't strictly privacy related, I highly recommend the AdBlock Plus add-on, with the EasyList and EasyPrivacy filtersets. d. Keep Windows Up-To-Date Speaking of keeping up-to-date, do yourself a favor and upgrade to at least Windows XP (for older PC's) and Windows 7 (or later) for newer PC's. Be sure to keep up-to-date on your service packs, they're a comprehensive collection of security patches and updates, and some may add minor features. Microsoft Windows Service Packs Windows 2000 Service Pack 4 with Unofficial Security Rollup Package Windows XP Service Pack 3 with Unofficial Security Rollup Package Windows XP x64 Service Pack 2 with Unofficial Security Rollup Package Windows Vista Service Pack 2 Windows 7 Service Pack 1 Microsoft Office Service Packs Office 2000 Service Pack 3 with the Office 2007 Compatibility Pack (SP3). Office XP (2002) Service Pack 3 with the Office 2007 Compatibility Pack (SP3). Office 2003 Service Pack 3 with the Office 2007 Compatibility Pack (SP3) and Office File Validation add-in. Office 2007 Service Pack 3 with the Office File Validation add-in. Office 2010 Service Pack 1 After the service pack, you still need to keep up-to-date on incremental security patches. Windows supports Automatic Updates to automatically update itself. However, if you don't like Automatic Updates: You can use WindowsUpdate to update windows periodically (Must use IE5 or greater, must have BITS service enabled), or you can use MS Technet Security to search for and download patches individually, or you can use Autopatcher, an unofficial updating utility. In addition to security patches, remember to keep virus definitions up-to-date (modern virus scanners support automatic updates so this should not be a problem), and stay current with latest program versions and updates, including your replacement internet browser and mail clients. 4. Anti-Malware There are many dangers lurking on the internet. Trojans, viruses, spyware. If you are a veteran user of the internet, you've probably developed a sixth-sense when it comes to avoiding malware, but I advocate backing up common sense with reliable anti-malware software. a. Anti-Virus Picking a virus scanner is important, I highly recommend Nod32, but there are good alternatives these days. Check out AV Comparatives for a comparison of scanning effectiveness and speed among top AV vendors. Highly Recommended Nod32 Antivirus $ I recommend Nod32 as a non-free Antivirus. Features excellent detection rates and fast scanning speed. Nod32 has a great heuristic engine that is good at spotting unknown threats. Very resource-friendly and historically known for using less memory than other AV's. There is a 30 day free trial available. Alternatives Avira AntiVir Personal I recommend Avira as a free Antivirus. Avira is a free AV with excellent detection rates and fast scanning speed. (Kaspersky no longer recommended, due to espionage concerns.) Online-Scanners Single File Scanning Jotti Online Malware Scan or VirusTotal These scanners can run a single file through a large number of different Antivirus/Antimalware suites in order to improve detection rates. Highly recommended. Whole PC Scanning ESET Online Scanner Nod32 Online Antivirus is pretty good, ActiveX though, so IE only. There is a beta version available that works with Firefox and Opera. b. HIPS / Proactive Defense Host-based intrusion prevention systems (HIPS) work by disallowing malware from modifying critical parts of the Operating System without permission. Classic (behavioral) HIPS software will prompt the user for interaction before allowing certain system modifications, allowing you stop malware in its tracks, whereas Virtualization-based HIPS works primarily by sandboxing executables. Although HIPS is very effective, the additional setup and prompts are not worth the headache for novice users (which may take to just clicking 'allow' to everything and defeating the purpose altogether). I only recommend HIPS for intermediate or advanced users that require a high level of security. Highly Recommended I highly recommend firewall-integrated HIPS solutions. Comodo Defense+ is a classic HIPS built into Comodo Internet Security, and provides a very good level of protection. Outpost and Online Armor provide their own HIPS solutions, and the component control features of the firewalls are powerful enough to keep unwanted applications from bypassing or terminating the firewall. If you want to use a different HIPS, you can disable the firewall HIPS module and use an alternative below. Alternatives Stand-alone HIPS solutions are good for users who either don't like the firewall built-in HIPS (and disable the firewall HIPS), or use a firewall without HIPS features. HIPS based on Behavior (Classic) ThreatFire ThreatFire provides a strong, free behavioral HIPS that works well in conjunction with Antivirus and Firewall suites to provide additional protection. HIPS based on Virtualization DefenseWall HIPS $ DefenseWall is a strong and easy-to-use HIPS solution that uses sandboxing for applications that access the internet. GeSWall Freeware GeSWall makes a nice free addition to the HIPS category, like DefenseWall it also uses sandboxing for applications that access the internet. Dealing with Suspicious Executables You can run suspicious executables in a full featured Virtual Machine (such as VMware) or using a standalone sandbox utility (such as Sandboxie) if you are in doubt of what it may do (though, you may argue that you shouldn't be running executables you don't trust anyway). A more advanced approach to examining a suspicious executable is to run it through Anubis, a tool for analyzing the behavior of Windows executables. It displays a useful report with things the executable does (files read, registry modifications performed, etc.), which will give you insight as to how it works. c. Malware Removal I recommend running all malware removal utilities on-demand (not resident). With a firewall, virus scanner, HIPS, and some common sense, you won't usually get to the point of needing to remove malware... but sometimes things happen, perhaps unavoidably, and you'll need to remove some pretty nasty stuff from a computer. Highly Recommended Anti-Spyware Spybot Search & Destroy Spybot S&D has been around a long time, and is very effective in removing spyware and adware. I personally install and use both Spybot & Ad-Aware, but I believe that Spybot S&D has the current edge in overall detection and usability. Anti-Trojan Malwarebytes' Anti-Malware Malwarebytes has a good trojan detector here, and scans fast. Anti-Rootkit Rootkit Unhooker RKU is a very advanced rootkit detection utility. Alternatives Anti-Spyware Ad-Aware Free Edition Ad-Aware is a fine alternative to Spybot S&D, its scanning engine is slower but it is both effective and popular. Anti-Trojan a-squared (a2) Free a-squared is a highly reputable (and free) trojan scanner. Anti-Rootkit IceSword (Mirror) IceSword is one of the most capable and advanced rootkit detectors available. 5. Information and Data Security Data can be reasonably protected using encryption and a strong password, but you will never have complete and absolute anonymity on the internet as long as you have an IP address. a. Privacy / Anonymity Anonymity is elusive. Some of the following software can help you achieve a more anonymous internet experience, but you also must be vigilant in protecting your own personal information. If you use social networking sites, use privacy settings to restrict public access to your profile, and only 'friend' people you know in real life. Don't use (or make any references to) any of your aliases or anonymous handles on any websites that have any of your personal information (Facebook, Amazon, etc..). You should opt-out from information sharing individually for all banks and financial institutions you do business with using their privacy policy choices. You should opt-out of preapproved credit offers (US), unsolicited commercial mail and email (US, UK, CA), and put your phone numbers on the "Do Not Call" list (US, UK, CA). Highly Recommended Simply install and use Tor with Vidalia to surf the internet anonymously. It's free, only downside is it's not terribly fast, but has fairly good anonymity, so it's a tradeoff. Keep in mind its for anonymity not for security, so make sure sites you put passwords in are SSL encrypted (and have valid SSL certificates), and remember that all end point traffic can be sniffed. You can use the Torbutton extension for Firefox to easily toggle on/off anonymous browsing. POP3/IMAP and P2P software won't work through Tor, so keep that in mind. Portable Anonymous Browsing The Tor Project now has a "Zero-Install Bundle" which includes Portable Firefox and Tor with Vidalia to surf anonymously from a USB memory stick pretty much anywhere with the internet. It also includes Pidgin with OTR for encrypted IM communications. Note: These won't protect you from Trojans/Keyloggers/Viruses on insecure public terminals. Never type important passwords or login to important accounts on a public computer unless it is absolutely necessary! Alternatives I2P functions similar to Tor, allowing you to surf the general internet with anonymity. IPREDator $ is a VPN that can be used to anonymize P2P/BitTorrent downloads. Freenet is notable, but not for surfing the general internet, it's its own network with its own content. b. Encryption For most people, encryption may be unnecessary. But if you have a laptop, or any sort of sensitive data (whether it be trade secrets, corporate documents, legal or medical documents) then you can't beat the kind of protection that encryption will offer. There are a variety of options available today, including a lot of software not listed here. A word to the wise, please, please don't fall for snake oil, use well established applications that use time tested (and unbroken) ciphers. Regardless of what software you use, the following "what to pick" charts will apply universally. If you have to pick an encryption cipher: Best: AES (Rijndael) (128-bit block size) Better: Twofish (128-bit block size), Serpent (128-bit block size) Good: RC6 (128-bit block size) Depreciated: Blowfish (64-bit block size), CAST5 (CAST-128) (64-bit block size), Triple-DES (64-bit block size) When encrypting large volumes of data, it is important to pick a cipher that has a block size of at least 128-bytes. This affords you protection for up to 2^64x16 bytes (264 exabytes) . 64-bit block ciphers only afford protection of up to 2^32x8 bytes (32 gigabytes) so using it as a full disk or whole disk encryption cipher is not recommended. The depreciated list is only because some of you might be stuck using software that only supports older encryption methods, so I've ordered it from what I feel is best to worst (though all three that are on there are pretty time tested and if properly implemented, quite secure). If you have to pick a hash to use: Best: Whirlpool (512-bit) Better: SHA-512 (512-bit), SHA-256 (256-bit) Good: Tiger2/Tiger (192-bit), RIPEMD-160 (160-bit) Depreciated: RIPEMD-128, SHA-1, MD-5. With all the recent advances in cryptanalysis (specifically with work on hash collisions) These days I wouldn't trust any hash that is less than 160-bits on principle. To be on the safe side, use a 192-bit, 256-bit, or 512-bit hash where available. There will be cases where your only options are insecure hashes, in which case I've ordered the "depreciated" list from best to worst (they are all varying levels of insecure). Many older hashes (MD4, MD2, RIPEMD(original), and others) are totally broken, and are not to be used. A quick software rundown, these applications are popular and trusted: Highly Recommended Freeware Whole Disk Encryption TrueCrypt Based upon E4M, TrueCrypt is a full featured disk encryption suite, and can even be run off a USB memory stick. TrueCrypt supports the whole disk encryption of Windows, with pre-boot authentication. Very nice. If you can't use whole-disk encryption (WDE), you can use the TCTEMP add-on to encrypt your swapfile, temp files and print spooler, and you can use the TCGINA add-on to encrypt your windows home directory. (Note: TCTEMP/TCGINA is less secure than WDE, and only preferable if WDE is not an option. WDE is highly recommended.) Freeware PKI Encryption GnuPG (GPG) GnuPG provides public-key encryption, including key generation and maintenance, signing and checking documents and email messages, and encryption and decryption of documents and email messages. Freeware Email Encryption Enigmail Enigmail is truly a work of art, it integrates with GnuPG and provides seamless support for encryption and decryption of email messages, and can automatically check PGP signed documents for validity. (Enigmail requires both Mozilla Thunderbird and GnuPG) Alternatives Encryption Suite (with Whole Disk and Email Encryption) PGP Full Disk Encryption $ PGP provides public-key encryption, including key generation and maintenance, signing and checking documents and email messages, encryption and decryption of documents and email messages, volume disk encryption, whole disk encryption, outlook integration, and instant messenger encryption support. c. Backup, Erasure and Recovery // This section is under construction. Backups Your data might be safe from prying eyes, but what if you are affected by hardware failure, theft, flood or fire? Regular backups of your important data can help you recover from a disaster. You should consider encryption of your backups for enhanced security. Local Backup Cobian Backup Cobian Backup is a fully-featured freeware backup utility. SyncBack Freeware, Macrium Reflect Free SyncBack Freeware and Macrium Reflect Free are feature-limited freeware backup utilities. Off-site Backup SkyDrive (25GB, filesize limited to 100MB), box.net (5GB) SkyDrive and box.net offer free online storage, useful for easy offsite backups. Be sure to utilize encrypted containers for any sensitive documents. Data Destruction It would be better to have your data residing in an encrypted partition, but sometimes that may not be possible. When sanitizing a hard drive, I recommend using a quality Block Erase tool like DBAN followed by a run-through with ATA Secure Erase if you really want a drive squeaky clean. Block erasing is good for data you can normally reach, but ATA secure erase can hit areas of the drive block erasers can't. As for multiple overwrite passes, there is no proof that data overwritten even one time can be recovered by professional data recovery corporations. For moderate security, a single pseudorandom block-erase pass (random-write) followed by an ATA Secure Erase pass (zero-write) is sufficient to thwart any attempts at data recovery. For a high level of security, a "DoD Short (3 pass)" block-erase pass followed by an ATA Enhanced Secure Erase will ensure no recovery is possible. Single-File/Free Space Erase If you are interested in just erasing single files or wiping free space, you can use the Eraser utility. Block Erase For hard drive block-erasure, use DBAN. ATA Secure Erase For ATA Secure Erasing, use the CMRR Secure Erase Utility. CMRR Secure Erase Protocols (.pdf) http://cmrr.ucsd.edu...seProtocols.pdf NIST Guidelines for Media Sanitation (.pdf) - http://csrc.nist.gov...800-88_rev1.pdf File Recovery Software This is kind of the opposite of data destruction. Keep in mind no software utility can recover properly overwritten data, so if it's overwritten there is no recovery. Highly Recommended Recuva Recuva is an easy to use GUI-based recovery utility. Alternatives TestDisk and PhotoRec These tools are powerful command-line recovery utilities. TestDisk can recover partitions, and PhotoRec is for general file recovery. Ontrack EasyRecovery Professional $ EasyRecovery is one of the best paid utilites for file recovery. d. Access Control (Passwords, Security Tokens) // This section is under construction. Secure Passwords //Section under construction. Your security is only as strong as its weakest password. There are a few basic rules to follow when creating a strong password. Length - Passwords should be at least 12 characters long. When possible, use a password of 12 or more characters, or a "passphrase". If you are limited to using less than 12 characters, you should try and make your password as long as allowable. Complexity - Passwords should have an element of complexity, a combination of upper and lowercase characters, numbers, and symbols will make your passwords much harder to guess, and harder to bruteforce. Uniqueness - Passwords should avoid containing common dictionary words, names, birthdays, or any identification related to you (social security, drivers license, or phone numbers for example). Secret - If you have a password of the utmost importance, do not write it down. Do not type them in plain view of another person or share them with anyone. Avoid use of the same password in multiple places. Security Tokens Security Tokens are cryptographic devices that allow for two-factor authentication. Google Titan Yubikey 5 Series 6. Conclusion And here we are at the end! I would like to thank all of you for taking the time to read my guide, it's a few (slow) years in the making and I've kept it up to date. This guide is always changing, so check back from time to time. Revision 1.10.020 Copyright © 2004-2012 Malakai1911, All Rights Reserved The information contained within this guide is intended solely for the general information of the reader and is provided "as is" with absolutely no warranty expressed or implied. Any use of this material is at your own risk, its authors are not liable for any direct, special, indirect, consequential, or incidental damages or any damages of any kind. This guide is subject to change without notice. Windows_Security_Template__1.10.015_.zip
  21. The secrecy surrounding the work was unheard of at Google. It was not unusual for planned new products to be closely guarded ahead of launch. But this time was different. The objective, code-named Dragonfly, was to build a search engine for China that would censor broad categories of information about human rights, democracy, and peaceful protest. In February 2017, during one of the first group meetings about Dragonfly at Google’s Mountain View headquarters in California, some of those present were left stunned by what they heard. Senior executives disclosed that the search system’s infrastructure would be reliant upon a Chinese partner company with data centers likely in Beijing or Shanghai. Locating core parts of the search system on the Chinese mainland meant that people’s search records would be easily accessible to China’s authoritarian government, which has broad surveillance powers that it routinely deploys to target activists, journalists, and political opponents. Yonatan Zunger, then a 14-year veteran of Google and one of the leading engineers at the company, was among a small group who had been asked to work on Dragonfly. He was present at some of the early meetings and said he pointed out to executives managing the project that Chinese people could be at risk of interrogation or detention if they were found to have used Google to seek out information banned by the government. Scott Beaumont, Google’s head of operations in China and one of the key architects of Dragonfly, did not view Zunger’s concerns as significant enough to merit a change of course, according to four people who worked on the project. Beaumont and other executives then shut out members of the company’s security and privacy team from key meetings about the search engine, the four people said, and tried to sideline a privacy review of the plan that sought to address potential human rights abuses. Zunger — who left his position at Google last year — is one of the four people who spoke to The Intercept for this story. He is the first person with direct involvement in Dragonfly to go on the record about the project. The other three who spoke to The Intercept are still employed by Google and agreed to share information on the condition of anonymity because they were not authorized to talk to the media. Their accounts provide extraordinary insight into how Google bosses worked to suppress employee criticism of the censored search engine and reveal deep fractures inside the company over the China plan dating back almost two years. Google’s leadership considered Dragonfly so sensitive that they would often communicate only verbally about it and would not take written notes during high-level meetings to reduce the paper trail, two sources said. Only a few hundred of Google’s 88,000 workforce were briefed about the censorship plan. Some engineers and other staff who were informed about the project were told that they risked losing their jobs if they dared to discuss it with colleagues who were themselves not working on Dragonfly. “They [leadership] were determined to prevent leaks about Dragonfly from spreading through the company,” said a current Google employee with knowledge of the project. “Their biggest fear was that internal opposition would slow our operations.” In 2016, a handful of Google executives — including CEO Sundar Pichai and former search chief John Giannandrea — began discussing a blueprint for the censored search engine. But it was not until early 2017 that engineers were brought on board to begin developing a prototype of the platform. The search engine was designed to comply with the strict censorship regime imposed by China’s ruling Communist Party, blacklisting thousands of words and phrases, including terms such as “human rights,” “student protest,” and “Nobel Prize.” It was developed as an app for Android and iOS devices, and would link people’s search records to their personal cellphone number and track their location. (Giannandrea could not be reached for comment.) The company managed to keep the plan secret for more than 18 months — until The Intercept disclosed it in August. Subsequently, a coalition of 14 leading human rights groups, including Amnesty International and Human Rights Watch, condemned the censored search engine, which they said could result in Google “directly contributing to, or [becoming] complicit in, human rights violations.” Employees who opposed the censorship staged protests inside the company. Meanwhile, a bipartisan group of U.S. senators called Dragonfly “deeply troubling,” and Vice President Mike Pence demanded that Google “immediately end” its development. Google employees who had worked on Dragonfly watched the furor unfold and were not surprised by the backlash. Many of the concerns raised by the human rights groups, they noted, had already been voiced inside the company prior to the public exposure of the plans, though they had been brushed aside by management. Every new product or service that Google develops must be reviewed by legal, privacy, and security teams, who try to identify any potential issues or problems ahead of the launch. But with Dragonfly, the normal procedure was not followed: Company executives appeared intent on watering down the privacy review, according to the four people who worked on the project. In January 2017, Zunger, the 14-year veteran engineer at the company, had been tasked with producing the privacy review. However, it quickly became apparent to him that his job was not going to be easy. His work was opposed from the outset by Beaumont, Google’s top executive for China and Korea. Beaumont, a British citizen, began his career in 1994 as an analyst for an investment bank in England and later founded his own company called Refresh Mobile, which developed apps for smartphones. He joined Google in 2009, working from London as director of the company’s partnerships in Europe, Asia and the Middle East. In 2013, Beaumont relocated to China to head Google’s operations there. He described himself in his LinkedIn biography as a “technology optimist” who cares about “the value and responsible use of technology in a range of fields.” According to Zunger, Beaumont “wanted the privacy review [of Dragonfly] to be pro forma and thought it should defer entirely to his views of what the product ought to be. He did not feel that the security, privacy, and legal teams should be able to question his product decisions, and maintained an openly adversarial relationship with them — quite outside the Google norm.” Three sources independently corroborated Zunger’s account. Beaumont did not respond to multiple requests for comment, and Google declined to answer questions for this story. During one meeting, Zunger recalled, Beaumont was briefed on aspects of Dragonfly that Google’s privacy and security teams planned to assess. He was told that the teams wanted to check whether the Chinese search system would be secure against state and non-state hackers, whether users in China would have control over their own data, and whether there may have been any aspects of the system that might cause users to unintentionally disclose information about themselves. “I don’t know if I want you asking those questions,” Beaumont retorted, according to Zunger, who said the comment was “quite surprising to those in the room.” Beaumont micromanaged the project and ensured that discussions about Dragonfly and access to documents about it were tightly controlled. “Different teams on the Dragonfly project were actively segmented off from one another and discouraged from communicating, except via Scott’s own team, even about technical issues,” said Zunger. This was “highly unusual,” according to Zunger. Normally, even for extremely confidential work inside the company, he said, there would be “open and regular communication within a project, all the way up to senior leadership.” With Dragonfly, the opposite was true. The restrictions around the project limited the ability for discussion and seemed intended “to prevent internal objections,” Zunger said. Some members of the Dragonfly team were told that if they broke the strict confidentiality rules, then their contracts at Google would be terminated, according to three sources. Despite facing resistance, the privacy and security teams — which together included a total of between six and eight people — proceeded with their work. Zunger and his colleagues produced a privacy report that highlighted problematic scenarios that could arise once the censored search engine launched in China. The report, which contained more than a dozen pages, concluded that Google would be expected to function in China as part of the ruling Communist Party’s authoritarian system of policing and surveillance. It added that, unlike in Europe or North America, in China it would be difficult, if not impossible, for Google to legally push back against government requests, refuse to build systems specifically for surveillance, or even notify people of how their data may be used. Zunger had planned to share the privacy report and discuss its findings during a meeting with the company’s senior leadership, including CEO Sundar Pichai. But the meeting was repeatedly postponed. When the meeting did finally take place, in late June 2017, Zunger and members of Google’s security team were not notified, so they missed it and did not attend. Zunger felt that this was a deliberate attempt to exclude them. By this point, Zunger had already decided to leave Google, due to a job offer he had received from Humu, a startup company co-founded by Laszlo Bock, Google’s former head of human resources, and Wayne Crosby, Google’s former director of engineering. Had Zunger not received the offer to join Humu when he did, he said, he would likely have ended up resigning in protest from Google over Dragonfly. “The project, as it was then specified, was not something I could sign off on in good conscience,” he told The Intercept. Zunger does not know what happened to the privacy report after he left Google. He said Google still has time to address the problems he and his colleagues identified, and he hopes that the company will “end up with a Project Dragonfly that does something genuinely positive and valuable for the ordinary people of China.” Google launched a censored search engine in China in 2006 but stopped operating the service in the country in 2010, saying it could no longer tolerate Chinese government efforts to limit free speech, block websites, and hack activists’ Gmail accounts. At that time, Google co-founder Sergey Brin had advocated inside the company to pull out of China because he was uncomfortable with the level of government censorship and surveillance. The “key issue,” Brin said, was to show that Google was “opposing censorship and speaking out for the freedom of political dissent.” The Dragonfly revelations prompted questions about whether Brin had dramatically reversed his views on censorship in China. But in a meeting with Google employees in August, Brin claimed that he knew nothing about Dragonfly until The Intercept exposed it. According to three sources, employees working on Dragonfly were told by Beaumont, the company’s China chief, that Brin had met with senior Chinese government officials and had told them of his desire to re-enter the Chinese market, obeying local laws as necessary. However, the Dragonfly teams were instructed that they were not permitted to discuss the issue directly with Brin or other members of Google’s senior leadership team, including Pichai, co-founder Larry Page, and legal chief Kent Walker. Two sources working on Dragonfly believed that Beaumont may have misrepresented Brin’s position in an attempt to reassure the employees working on Dragonfly that the effort was fully supported at the highest levels of the company, when that may not have been the truth. “How much did Sergey know? I am guessing very little,” said one source, “because I think Scott [Beaumont] went to great lengths to ensure that was the case.” Inside Google, a deep ideological divide has developed over Dragonfly. On one side are those who view themselves as aligned with Google’s founding values, advocating internet freedom, openness, and democracy. On the other side are those who believe that the company should prioritize growth of the business and expansion into new markets, even if doing so means making compromises on issues like internet censorship and surveillance. Pichai, who became Google’s CEO in 2015, has made it clear where he stands. He has strongly backed Dragonfly and spoken of his desire for the company to return to China and serve the country’s people. In October, Pichai publicly defended the plan for the censored search engine for the first time, though he tried to play down the significance of the project, portraying it as an “experiment” and adding that it remained unclear whether the company “would or could” eventually launch it in China. Staff working on Dragonfly were confused by Pichai’s comments. They had been told to prepare the search engine for launch between January and April 2019, or sooner. The main barrier to launch, the employees were told, was the ongoing U.S. trade war with China, which had slowed down negotiations with government officials in Beijing, whose approval Google required to roll out the platform in the country. “What Pichai said [about Dragonfly being an experiment] was ultimately horse shit,” said one Google source with knowledge of the project. “This was run with 100 percent intention of launch from day one. He was just trying to walk back a delicate political situation.” The launch plan was outlined during a July meeting for employees who were working on Dragonfly. The company’s search chief, Ben Gomes, instructed engineers to get the search engine ready to be “brought off the shelf and quickly deployed.” Beaumont told employees in the same meeting that he was pleased with how things were developing for the company in the country, according to a previously undisclosed transcript of his comments obtained by The Intercept. “There has been a really positive change in tone towards Google during [Pichai’s] recent visits” to China, Beaumont said. “Part of our task over the past few years has been to re-establish that Google can be a trusted operator in China. And we’ve really seen a pleasing turnaround, relatively recently in the last couple of years. We are fairly confident that, outside of the trade discussions, there is a positive consensus across government entities to allow Google to re-engage in China.” A few weeks later, details about Dragonfly were emblazoned across international newspapers and the internet, and the company was scrambling to contain the outpouring of internal and external protest. Beaumont was furious that information about the project had leaked, said two sources familiar with his thinking, and he told colleagues that he feared the disclosures may have scuppered the prospect of Google launching the platform in the short term. “[Beaumont’s] endgame was very simple — his ideal circumstance was that most people would find out about this project the day it launched,” said one Google source. “He wanted to make sure there would be no opportunity for any internal or external resistance to Dragonfly, but he failed.” Source
  22. Facebook’s founder is facing pressure to accept an invite from eight international parliaments, with lawmakers wanting to question him about negative impacts his social network is having on democratic processes globally. Last week Facebook declined an invitation from five of these parliaments. The elected representatives of Facebook users want Mark Zuckerberg to answer questions in the wake of a string of data misuse and security scandals attached to his platform. The international parliaments have joined forces — forming a grand committee — to amp up the pressure on Facebook. The U.K.-led grand committee said it would meet later this month, representing the interests of some 170 million Facebook users across Argentina, Australia, Canada, Ireland and the U.K. But Facebook snubbed that invite. Today the request has been reissued with an additional three parliaments on board — Brazil, Latvia and Singapore. In their latest invite letter they also make it clear that Facebook’s founder does not have to attend the hearing in person — which was the excuse the company used to decline the last request for Zuckerberg. (Which was just the latest in a long string of ‘nos’ Facebook’s founder has given the committee.) “We note that while your letter states that you are ‘not able to be in London’ on 27th, it does not rule out giving evidence per se. Would you be amenable to giving evidence via video link instead?” the grand committee writes now. We’ve asked Facebook whether Zuckerberg will be able to make time in his schedule to provide evidence remotely — and will update this report with any response. (A company spokesman suggested to us that it’s unlikely to do so.) Of course Zuckerberg is very busy these days — given the fresh scandals slamming Facebook’s exec team. His political plate is truly heaped. Last week a New York Times report painted an ugly and chaotic picture of Facebook’s leaders’ response to the political disinformation crisis — which included engaging an external public relations firm which used smear tactics against opponents. (Facebook has since severed ties with the firm.) The grand committee references this controversy in its latest invitation letter, writing: “We believe that there are important issues to be discussed, and that you are the appropriate person to answer them. Yesterday’s New York Times article raises further questions about how recent data breaches were allegedly dealt with within Facebook.” The U.K.’s DCMS committee, which has been spearheading efforts to hold Zuckerberg to account, has spent the best part of this year asking wide-ranging questions about the impact of online disinformation on democratic processes. But it has become increasingly damning in its criticism of Facebook — accusing the company of evasion, equivocation and worse as the months have gone on. In a preliminary report this summer it also called on the government to act urgently, recommending a levy on social media and stronger laws to prevent social media tools being used to undermine democratic processes. The U.K. government chose not to leap into action. But even there Facebook’s platform is implicated because Brexit — which was itself sold to voters via the medium of unregulated social media ads (with the Electoral Commission finding earlier this year that the official Vote Leave campaign used Facebook’s funnel to bypass electoral law) — is rather monopolizing ministerial attention these days… One of the questions committee members are keen to get an answer to from Facebook is who at the company knew in the earliest incidence about the Cambridge Analytica data misuse scandal. In short they want to know where the buck stops. Who should be held accountable — for both the massive data breach and Facebook’s internal handling of it. And it is very close to getting an answer to that after the U.K.’s data protection watchdog, the ICO, gave evidence earlier this month — saying it had obtained the distribution list for emails Facebook sent internally about the breach, saying it would pass the list on to the committee. A spokeswoman for the DCMS committee told us it has yet to receive this information from the ICO. An ICO spokesperson told us it will not be publishing the list — adding: “At this stage I’m not sure when it will be sent to the committee.” Source: techcrunch
  23. Betternet Free VPN is a free multi-platform app that allows users to connect anonymously to the internet. A VPN or virtual private network sends your internet connection through a separate server meaning that any website you visit will not be able to track your location. This can be used for a number of reasons from accessing region-locked content to simply wanting to avoid being tracked. While many VPN services have an annual charge Betternet Free VPN does not. Homepage: https://www.betternet.co/ Download: https://control.kochava.com/v1/cpi/click?traffic_source=organic&campaign_id=kobetternet-windows-0xvqb82z5431ed7d40d2f&network_id=6184&site_id=1&device_id=device_id ============================== Cracker/Team: Jasi2169 / TEAM URET Medicine: Crack File Size: 0.99 MB Site: https://www.upload.ee Sharecode[?]: /files/8473047/Betternet.VPN.For.Windows.v4.1.0_Crack-URET.rar.html ==============================
  24. Google Chrome is the most popular browser in the world. Chrome routinely leads the pack in features for security and usability, most recently helping to drive the adoption of HTTPS. But when it comes to privacy, specifically protecting users from tracking, most of its rivals leave it in the dust. Users are more aware of, and concerned about, the harms of pervasive tracking than ever before. So why is Chrome so far behind? It’s because Google still makes most of its money from tracker-driven, behaviorally-targeted ads. The marginal benefit of each additional bit of information about your activities online is relatively small to an advertiser, especially given how much you directly give Google through your searches and use of tools like Google Home. But Google still builds Chrome as if it needs to vacuum up everything it can about your online activities, whether you want it to or not. In the documents that define how the Web works, a browser is called a user agent. It’s supposed to be the thing that acts on your behalf in cyberspace. If the massive data collection appetite of Google’s advertising- and tracking-based business model are incentivizing Chrome to act in Google’s best interest instead of yours, that’s a big problem—one that consumers and regulators should not ignore. Chrome is More Popular Than Ever. So is Privacy. Since Chrome’s introduction in 2008, its market share has risen inexorably. It now accounts for 60% of the browsers on the web. At the same time, the public has become increasingly concerned about privacy online. In 2013, Edward Snowden’s disclosures highlighted the links between massive, surreptitious corporate surveillance and the NSA’s spy programs. In 2016, the EU ratified the General Data Protection Regulation (GDPR), a sweeping (and complicated) set of guidelines that reflected a new, serious approach to data privacy. And in the U.S., this year’s Cambridge Analytica scandal sparked unprecedented backlash against Facebook and other big tech companies, driving states like California to pass real data privacy laws for the first time (although those laws are under threat federally by, you guessed it, Google and Facebook). Around the world, people are waking up to the realities of surveillance capitalism and the surveillance business model: the business of “commodifying reality,” transforming it into behavioral data, and using that data and inferences from it to target us on an ever-more granular level. The more users learn about this business model, the more they want out. That’s why the use of ad and tracker blockers, like EFF’s Privacy Badger, has grown dramatically in recent years. Their popularity is a testament to users’ frustration with the modern web: ads and trackers slow down the browsing experience, burn through data plans, and give people an uneasy feeling of being watched. Companies often justify their digital snooping by arguing that people prefer ads that are “relevant” to them, but studies show that most users don’t want their personal information to be used to target ads. All of this demonstrates a clear, growing demand for consumer privacy, especially as it relates to trackers on the web. As a result, many browser developers are taking action. In the past, tracker blockers have only been available as third-party “extensions” to popular browsers, requiring diligent users to seek them out. But recently, developers of major browsers have started building tracking protections into their own products. Apple’s Safari has been developing Intelligent Tracking Protection, or ITP, a system that uses machine learning to identify and stop third-party trackers; this year, the improved ITP 2.0 became the default for tens of millions of Apple users. Firefox recently rolled out its own tracking protection feature, which is on by default in private browsing windows. Opera ships with the option to turn on both ad and tracker blocking. Even the much-maligned Internet Explorer has a built-in “tracking protection” mode. Yet Google Chrome, the largest browser in the world, has no built-in tracker blocker, nor has the company indicated any plans to build one. Sure, it now blocks some intrusive ads, but that feature has nothing to do with privacy. The closest thing it offers to “private” browsing out-of-the-box is “incognito mode,” which only hides what you do from others who use your machine. That might hide embarrassing searches from your family, but does nothing to protect you from being tracked by Google. Conflicts of Interest Google is the biggest browser company in the world. It’s also the biggest search engine, mobile operating system, video host, and email service. But most importantly, it’s the biggest server of digital ads. Google controls 42% of the digital advertising market, significantly more than Facebook, its largest rival, and vastly more than anyone else. Its tracking codes appear on three quarters of the top million sites on the web. 86% of Alphabet’s revenue (Google’s parent company) comes from advertising. That means all of Alphabet has a vested interest in helping track people and serve them ads, even when that puts the company at odds with its users. Source: The EFF
  25. Cyrobo Clean Space Pro 7.26 Multilingual This program was designed to rid your computer of electronic garbage and protect your online privacy. Your computer's garbage includes a lot of objects (for example, cache and temporary files of various programs and Windows OS itself), internet cookie files, internet browsing history, logs, index.dat files, registry entries, etc. Those objects are scattered throughout your computer, usually in hidden system folders, wasting gigabytes of precious disk space. Faster Computer Cleaning your unwanted cache will enable your Windows OS and other programs to run more efficiently. Improving computer performance is one of the primary goals of our program. Privacy Nobody will be able to track your online activity. Protection of your privacy is of utmost importance to us. Security Deleted data are unrecoverable, so you physically stay secure. Even special magnets would not be able to restore deleted data. Awards Our program has received multiple awards from notable rating agencies and bloggers. We have been in business since 2002 and are very experienced. Home Page: www.cyrobo.com Download installer: https://www.cyrobo.com/core-public/xfiles/clnspc/setup_clnspc.exe Radixx11 Fix: Site: https://www.upload.ee Sharecode[?]: /files/7566713/CRPA.zip.htm l
×
×
  • Create New...