Jump to content

Search the Community

Showing results for tags 'tracking'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Found 22 results

  1. I IN NO WAY TAKE ANY CREDIT FOR THIS IT WAS TAKEN FROM MDL FORUM AND SOME POSTS MY MEMBERS ON THIS FORUM! Manual: Tools: Microsoft Telemetry Tools Bundle v1.31 Windows 10 Lite v9 Private WinTen v0.1h Blackbird v6 v1.0.79.3 [Works with Win 7/8/8/1/10] O&O ShutUp10 v1.6.1403 WPD - Windows Privacy Dashboard v1.3.1323 WindowsSpyBlocker v4.25.0 Spybot Anti-Beacon v3.1 [Works with Win 7/8/8/1/10] W10Privacy v3.3.1.0 Destroy Windows Spying v1.0.1.0 [Works with Win 7/8/8/1/10] [NOT RECOMMENDED AS NOT UPDATED ANYMORE] Disable Windows 10 Tracking v3.2.1
  2. What's in the latest Firefox update? Firefox 69 thwarts web tracking by default for everyone Firefox 69 switches on the browser's anti-tracking technology by default for all users. Magdalena Petrova/IDG Mozilla on Tuesday released Firefox 69 with the browser's anti-tracking technology switched on by default for all users. The organization's security engineers also patched 20 vulnerabilities, one tagged "Critical" and 11 marked "High," the organization's two top threat ratings. The single critical flaw only affected Windows, Mozilla said in its patching commentary. Firefox 69 can be downloaded from Mozilla's site for Windows, macOS and Linux. Because it updates in the background, most users need only relaunch the browser to get the latest version. To manually update, pull up the menu under the three horizontal bars at the upper right, then click the help icon (the question mark within a circle). Choose "About Firefox." The resulting page shows that the browser is either up to date or explains the refresh process. Mozilla updates Firefox every six to eight weeks; it last upgraded the browser on July 9. You get ETP and you get ETP and ... Mozilla first turned on Enhanced Tracking Protection (ETP) in June, but at the time limited the setting to new-to-Firefox users. However, existing customers could flip the ETP switch themselves using the Preferences screen. With Firefox 69, Mozilla has enabled ETP for all users. By default, "Content Blocking" - the feature's name in Firefox's Preferences - is set to "Strict," the strongest protection available. Users can reset that to "Standard" or "Custom," or even turn off everything by clearing all choices in the latter. Mozilla said that prior to Firefox 69's debut, more than 20% of all Firefox users had ETP engaged, signaling that a significant number of existing users had manually enabled ETP in the past three months. "With today's release, we expect to provide protection for 100% of our users by default," wrote Marissa Wood, vice president of product at Mozilla, in a Sept. 3 post to a company blog. ETP has taken a crooked road to release. Tracing its linage to 2015's "Tracking Protection," Mozilla got serious about the concept two years ago, when it broke the technology out of the private-browsing bubble. In October 2018, it named the feature ETP and set Firefox 65, slated to release in January 2019, as the on-by-default target. Problems persisted, however - in several instances Mozilla said the technology was breaking too many sites - and delays were inserted for more testing. Finally, Mozilla used a "soft opening" for ETP in June, limiting the automatic on-by-default to new users as a final quality control check. Wood spelled out additional information about ETP in her Tuesday post. Mozilla All Firefox users now have the browser's anti-tracking feature switched on, set to the strongest protection. Changes can be made in the Preferences pane. Block this, block that Also in Firefox 69, Mozilla's developers enhanced the choices for autoplay, the habit by sites to immediately start playing video on the computer screen and blasting audio from its speakers. Firefox has automatically blocked autoplay of audio since March and version 66. Video with accompanying audio was also stopped from playing. But if a video provider muted the audio, Firefox let the former play. With Firefox 69, users can select "Block Audio and Video" to stop such video from automatically playing. That setting is at Preferences > Privacy & Security > Permissions > Autoplay > Settings > Default for all websites. This version of Firefox also took the next step in Mozilla's kill-Flash process. The browser lost the "Always Activate" option for Flash, meaning that every request to run the player software must be user approved. From this point forward, the only settings are "Ask to Activate," the default, and "Never Activate." This move was previously announced by Mozilla (check out the "Plugin Roadmap for Firefox" here) and should be the last step before all Flash support is yanked from non-enterprise copies. (The Extended Support Release, or ESR, will continue to support Flash until the end of 2020.) The next version of the browser, Firefox 70, should release Oct. 22. Source: What's in the latest Firefox update? Firefox 69 thwarts web tracking by default for everyone (Computerworld - Gregg Keizer)
  3. Apple patched a bug in May, but academics say the rest of the flaws require a redesign of some Apple services. Apple Wireless Direct Link (AWDL), a protocol installed on over 1.2 billion Apple devices, contains vulnerabilities that enable attackers to track users, crash devices, or intercept files transferred between devices via man-in-the-middle (MitM) attacks. hese are the findings of a research project that started last year at the Technical University of Darmstadt, in Germany, and has recently concluded, and whose findings researchers will be presenting later this month at a security conference in the US. The project sought to analyze the Apple Wireless Direct Link (AWDL), a protocol that Apple rolled out in 2014 and which also plays a key role in enabling device-to-device communications in the Apple ecosystem. While most Apple end users might not be aware of the protocol's existence, AWDL is at the core of Apple services like AirPlay and AirDrop, and Apple has been including AWDL by default on all devices the company has been selling, such as Macs, iPhones, iPads, Apple watches, Apple TVs, and HomePods. German and US researchers reverse-engineered AWDL But in the past five years, Apple has never published any in-depth technical details about how AWDL works. This, in turn, has resulted in very few security researchers looking at AWDL for bugs or implementation errors. However, due to the protocol's growing ubiquity in the daily lives of all Apple users, in 2018, a team of TU Darmstadt academics -- later joined by academics from Boston's Northeastern University -- decided to take a look at AWDL, and how the protocol works. "Considering the well-known rocky history of wireless protocols' security, with various flaws being repeatedly discovered in Bluetooth, WEP, WPA2, GSM, UMTS, and LTE, the lack of information regarding AWDL security is a significant concern given the increasing number of services that rely on it," the research team said. To study it, researchers reverse-engineered the AWDL protocol and then re-wrote it as a C implementation named OWL (Open Wireless Link), which they later used to test the real AWDL protocol for various attacks. AWDL vulnerabilities "Our analysis reveals several security and privacy vulnerabilities ranging from design flaws to implementation bugs enabling different kinds of attacks," the research team said. As a result of their work, researchers discovered: A MitM attack which intercepts and modifies files transmitted via AirDrop, effectively allowing for the planting of malicious files. A long-term device tracking attack which works in spite of MAC randomization, and may reveal personal information such as the name of the device owner (over 75% of experiment cases). A DoS attack aiming at the election mechanism of AWDL to deliberately desynchronize the targets' channel sequences effectively preventing communication with other AWDL devices. Two additional DoS attacks on Apple's AWDL implementations in the Wi-Fi driver. The attacks allow crashing Apple devices in proximity by injecting specially crafted frames. The attacks can be targeted to a single victim or affectall neighboring devices at the same time. While AWDL contained various security features to prevent attackers from establishing MitM rogue connections to legitimate devices without authorization, the research team was able to bypass these systems. They did this with the help of a TCP reset attack that blocked the AWDL connection and allowed researchers to interpose their $20 hardware rig between the two devices and establish legitimate connections with both the sender and the receiver. AWDL is ideal for pervasive user tracking But while MitM attacks are hard to pull off and DoS attacks that crash devices are rarely useful, the AWDL vulnerabilities that allow user tracking are the ones that are truly concerning. For this attack, the research team said they were able to obtain information from an AWDL connection such as the device hostname, real MAC address (even if the device has MAC address randomization enabled), the AP the device is connected to, the device class (iOS, watchOS, macOS, tvOS, etc.), and AWDL protocol version. This information, researchers argued, is more than enough to create profiles and track users. Combined with data from online advertisers and analytics providers, it could be used to link devices to their real owners. The research team worried that AWDL-based tracking technology could be deployed in retail stores or public spaces and track users' movement through an area. Some flaws require a protocol/service redesigns As for patches against these attacks, the research team said they notified Apple of all the vulnerabilities they found, between August and December 2018. "While Apple was able to issue a fix for a DoS attack vulnerability after our responsible disclosure, the other security and privacy vulnerabilities require the redesign of some of their services," researchers said. The fix for the AWDL DoS bug (CVE-2019-8612) rolled out in mid-May, with the release of iOS 12.3, tvOS 12.3, watchOS 5.2.1, and macOS 10.14.5. The rest of the AWDL vulnerabilities will likely remain exploitable for the foreseeable future. Some bugs might affect Android devices Furthermore, the same bugs may also affect Android and other types of devices, researchers warned. "The impact of these findings goes beyond Apple's ecosystem as the Wi-Fi Alliance adopted AWDL as the basis for Neighbor Awareness Network-ing (NAN) which, therefore, might be susceptible to similar attacks," the research team said. "NAN, commonly known as Wi-Fi Aware, is a new standard supported by Android which draws on AWDL's design and, thus, might be vulnerable to the similar attacks as presented in [our] work." However, this has not been confirmed, and additional research is needed on the impact of these AWDL bugs on real-world Android NAN (Wi-Fi Aware) implementations. More details about the vulnerabilities described in this article are available in a pre-print white paper named "A Billion Open Interfaces for Eve and Mallory: MitM, DoS, and Tracking Attacks on iOS and macOS Through Apple Wireless Direct Link" that the research team will be presenting at the USENIX security conference in mid-August, in a few weeks time. Source
  4. Facebook is unwittingly auto-generating content for terror-linked groups that its artificial intelligence systems do not recognize as extremist, according to a complaint made public on Thursday. The National Whistleblowers Center in Washington carried out a five-month study of the pages of 3,000 members who liked or connected to organizations proscribed as terrorist by the US government. Researchers found that the Islamic State group and al-Qaeda were "openly" active on the social network. More worryingly, the Facebook's own software was automatically creating "celebration" and "memories" videos for extremist pages that had amassed sufficient views or "likes." The Whistleblower's Center said it filed a complaint with the US Securities and Exchange Commission on behalf of a source that preferred to remain anonymous. "Facebook's efforts to stamp out terror content have been weak and ineffectual," read an executive summary of the 48-page document shared by the center. "Of even greater concern, Facebook itself has been creating and promoting terror content with its auto-generate technology." Survey results shared in the complaint indicated that Facebook was not delivering on its claims about eliminating extremist posts or accounts. The company told AFP it had been removing terror-linked content "at a far higher success rate than even two years go" since making heavy investments in technology. "We don't claim to find everything and we remain vigilant in our efforts against terrorist groups around the world," the company said. Facebook and other social media platforms have been under fire for not doing enough to curb messages of hate and violence, while at the same time criticized for failing to offer equal time for all viewpoints, no matter how unpleasant. Facebook in March announced bans at the social network and Instagram on praise or support for white nationalism and white separatism. Source
  5. Does Google meet its users’ expectations around consumer privacy? This news industry research says no A significant majority of consumers do not expect Google to track their activities across their lives, their locations, on other sites, and on other platforms. Numerous privacy scandals over the past couple of years have fueled the need for increased examination of tech companies’ data tracking practices. While the ethics around data collection and consumer privacy have been questioned for years, it wasn’t until Facebook’s Cambridge Analytics scandal that people began to realize how frequently their personal data is shared, transferred, and monetized without their permission. Cambridge Analytica was by no means an isolated case. Last summer, an AP investigation found that Google’s location tracking remains on even if you turn it off in Google Maps, Search, and other apps. Research from Vanderbilt professor Douglas Schmidt found that Google engages in “passive” data collection, often without the user’s knowledge. His research also showed that Google utilizes data collected from other sources to de-anonymize existing user data. That’s why we at Digital Content Next, the trade association of online publishers I lead, wrote this Washington Post op-ed, “It isn’t just about Facebook, it’s about Google, too” when Facebook first faced Capitol Hill. It’s also why the descriptor surveillance advertising is increasingly being used to describe Google and Facebook’s advertising businesses, which use personal data to tailor and micro-target ads. Consumers are on alert. DCN surveyed a nationally representative sample1 to find out what people expect from Google — and, as with a similar study we conducted last year about Facebook, the results were unsettling. Our findings show that many of Google’s data practices deviate from consumer expectations. We find it even more significant that consumer’s expectations are at an all-time low even after 2018, a year in which awareness around consumer privacy reached peak heights. The results of the study are consistent with our Facebook study: People don’t want surveillance advertising. A majority of consumers indicated they don’t expect to be tracked across Google’s services, let alone be tracked across the web in order to make ads more targeted. Nearly two out of three consumers don’t expect Google to track them across non-Google apps, offline activities from data brokers, or via their location history. There was only one question where a small majority of respondents felt that Google was acting according to their expectations. That was about Google merging data from search queries with other data it collects on its own services. They also don’t expect Google to connect the data back to the user’s personal account, but only by a small majority. Google began doing both of these in 2016 after previously promising it wouldn’t. Google’s personal data collection practices affect the more than 2 billion people who use devices running their Android operating software and hundreds of millions more iPhone users who rely on Google for browsing, maps, or search. Most of them expect Google to collect some data about them in exchange for use of services. However, as our research shows, a significant majority of consumers do not expect Google to track their activities across their lives, their locations, on other sites, and on other platforms. And as the AP discovered, Google continues to do some of this even after consumers explicitly turn off tracking. With new laws in Europe and California and with federal discussions about how to bring similar protections to the rest of America, it’s critical to understand what consumers actually demand, align expectations to those demands, and rebuild trust in our industry. Consumers expect nothing less. Source
  6. 2019 may finally be the year for ‘The Search Engine That Doesn’t Track You’ In late November, hotel conglomerate Marriott International disclosed that the personal information of some 500 million customers — including home addresses, phone numbers, and credit card numbers — had been exposed as part of a data breach affecting its Starwood Hotels and Resorts network. One day earlier, the venerable breakfast chain Dunkin’ (née Donuts) announced that its rewards program had been compromised. Only two weeks before that, it was revealed that a major two-factor authentication provider had exposed millions of temporary account passwords and reset links for Google, Amazon, HQ Trivia, Yahoo, and Microsoft users. These were just the icing on the cake for a year of compromised data: Adidas, Orbitz, Macy’s, Under Armour, Sears, Forever 21, Whole Foods, Ticketfly, Delta, Panera Bread, and Best Buy, just to name a few, were all affected by security breaches. Meanwhile, there’s a growing sense that the tech giants have finally turned on us. Amazon dominates so many facets of the online shopping experience that we might have to rewrite antitrust law to rein them in. Google has been playing fast and loose with its “Don’t Be Evil” mantra by almost launching a censored search engine for the Chinese government while simultaneously developing killer A.I. for Pentagon drones. And we now know that Facebook collected people’s personal data without their consent, let companies such as Spotify and Netflix look at our private messages, fueled fake news and Donald Trump, and was used to facilitate a genocide in Myanmar. The backlash against these companies dominated our national discourse in 2018. The European Union is cracking down on anticompetitive practices at Amazon and Google. Both Facebook and Twitter have had their turns in the congressional hot seat, facing questions from slightly confused but definitely irate lawmakers about how the two companies choose what information to show us and what they do with our data when we’re not looking. Worries over privacy have led everyone from the New York Times to Brian Acton, the disgruntled co-founder of Facebook-owned WhatsApp, to call for a Facebook exodus. And judging by Facebook’s stagnating rate of user growth, people seem to be listening. For Gabriel Weinberg, the founder and CEO of privacy-focused search engine DuckDuckGo, our growing tech skepticism recalls the early 1900s, when Upton Sinclair’s novel The Jungle revealed the previously unexamined horrors of the meatpacking industry. “Industries have historically gone through periods of almost ignorant bliss, and then people start to expose how the sausage is being made,” he says. Gabriel Weinberg, DuckDuckGo CEO and Founder This, in a nutshell, is DuckDuckGo’s proposition: “The big tech companies are taking advantage of you by selling your data. We won’t.” In effect, it’s an anti-sales sales pitch. DuckDuckGo is perhaps the most prominent in a number of small but rapidly growing firms attempting to make it big — or at least sustainable — by putting their customers’ privacy and security first. And unlike the previous generation of privacy products, such as Tor or SecureDrop, these services are easy to use and intuitive, and their user bases aren’t exclusively composed of political activists, security researchers, and paranoiacs. The same day Weinberg and I spoke, DuckDuckGo’s search engine returned results for 33,626,258 queries — a new daily record for the company. Weinberg estimates that since 2014, DuckDuckGo’s traffic has been increasing at a rate of “about 50 percent a year,” a claim backed up by the company’s publicly available traffic data. “You can run a profitable company — which we are — without [using] a surveillance business model,” Weinberg says. If he’s right, DuckDuckGo stands to capitalize handsomely off our collective backlash against the giants of the web economy and establish a prominent brand in the coming era of data privacy. If he’s wrong, his company looks more like a last dying gasp before surveillance capitalism finally takes over the world. DuckDuckGo is based just east of nowhere. Not in the Bay Area, or New York, or Weinberg’s hometown of Atlanta, or in Boston, where he and his wife met while attending MIT. Instead, DuckDuckGo headquarters is set along a side street just off the main drag of Paoli, Pennsylvania, in a building that looks like a cross between a Pennsylvania Dutch house and a modest Catholic church, on the second floor above a laser eye surgery center. Stained-glass windows look out onto the street, and a small statue of an angel hangs precariously off the roof. On the second floor, a door leading out to a balcony is framed by a pair of friendly looking cartoon ducks, one of which wears an eye patch. Just before DuckDuckGo’s entrance sits a welcome mat that reads “COME BACK WITH A WARRANT.” “People don’t generally show up at our doorstep, but I hope that at some point it’ll be useful,” Weinberg tells me, sitting on a couch a few feet from an Aqua Teen Hunger Force mural that takes up a quarter of a wall. At 39, he is energetic, affable, and generally much more at ease with himself than the stereotypical tech CEO. The office around us looks like it was furnished by the set designer of Ready Player One: a Hitchhiker’s Guide to the Galaxy print in the entryway, Japanese-style panels depicting the Teenage Mutant Ninja Turtles in the bathroom, and a vintage-looking RoboCop pinball machine in the break room. There’s even a Lego model of the DeLorean from Back to the Future on his desk. The furniture, Weinberg tells me, is mostly from Ikea. The lamp in the communal area is a hand-me-down from his mom. Weinberg learned basic programming on an Atari while he was still in elementary school. Before hitting puberty, he’d built an early internet bulletin board. “It didn’t really have a purpose” in the beginning, Weinberg says. The one feature that made his bulletin board unique, he says, was that he hosted anonymous AMA-style question panels with his father, an infectious disease doctor with substantial experience treating AIDS patients. This was during the early 1990s, when the stigma surrounding HIV and AIDS remained so great that doctors were known to deny treatment to those suffering from it. Weinberg says that the free—and private—medical advice made the board a valuable resource for the small number of people who found it. It was an early instance of Weinberg’s interest in facilitating access to information, as well as a cogent example of the power of online privacy: “The ability to access informational resources anonymously actually opens up that access significantly,” he told me over email. After graduating from MIT in 2001, Weinberg launched a slew of businesses, none of which are particularly memorable. First there was an educational software program called Learnection. (“Terrible name… the idea was good, but 15 years too early,” he says.) Then he co-founded an early social networking company called Opobox, taking on no employees and writing all the code himself. “Facebook just kind of obliterated it,” Weinberg says, though he was able to sell the network to the parent company of Classmates.com for roughly $10 million in cash in 2006. It was around that time when Weinberg began working on what would become DuckDuckGo. Google had yet to achieve total hegemony over the internet search field, and Weinberg felt that he could create a browser plugin that might help eliminate the scourge of spammy search results in other search engines. To build an algorithm that weeded out bad search results, he first had to do it by hand. “I took a large sample of different pages and hand-marked them as ‘spam’ or ‘not spam.’” The process of scraping the web, Weinberg says, inadvertently earned him a visit from the FBI. “Once they realized I was just crawling the web, they just went away,” he says. He also experimented with creating a proto-Quora service that allowed anyone to pose a question and have it answered by someone else, as well as a free alternative to Meetup.com. Eventually, he combined facets of all three efforts into a full-on search engine. When Weinberg first launched DuckDuckGo in 2008 — the name is a wink to the children’s game of skipping over the wrong options to get to the right one — he differentiated his search engine by offering instant answers to basic questions (essentially an early open-source version of Google’s Answer Box), spam filtering, and highly customizable search results based on user preferences. “Those [were] things that early adopters kind of appreciated,” he says. At the time, Weinberg says, consumer privacy was not a central concern. In 2009, when he made the decision to stop collecting personal search data, it was more a matter of practicality than a principled decision about civil liberties. Instead of storing troves of data on every user and targeting those users individually, DuckDuckGo would simply sell ads against search keywords. Most of DuckDuckGo’s revenue, he explains, is still generated this way. The system doesn’t capitalize on targeted ads, but, Weinberg says, “I think there’s a choice between squeezing out every ounce of profit and making ethical decisions that aren’t at the expense of society.” Until 2011, Weinberg was DuckDuckGo’s sole full-time employee. That year, he pushed to expand the company. He bought a billboard in Google’s backyard of San Francisco that proudly proclaimed, “Google tracks you. We don’t.” (That defiant gesture and others like it were later parodied on HBO’s Silicon Valley.) The stunt paid off in spades, doubling DuckDuckGo’s daily search traffic. Weinberg began courting VC investors, eventually selling a minority stake in the company to Union Square Ventures, the firm that has also backed SoundCloud, Coinbase, Kickstarter, and Stripe. That fall, he hired his first full-time employee, and DuckDuckGo moved out of Weinberg’s house and into the strangest-looking office in all of Paoli, Pennsylvania. Then, in 2013, digital privacy became front-page news. That year, NSA contractor Edward Snowden leaked a series of documents to the Guardian and the Washington Post revealing the existence of the NSA’s PRISM program, which granted the agency unfettered access to the personal data of millions of Americans through a secret back door into the servers of Google, Yahoo, Facebook, Apple, and other major internet firms. Though Google denied any knowledge of the program, the reputational damage had been done. DuckDuckGo rode a wave of press coverage, enjoying placement in stories that offered data privacy solutions to millions of newly freaked-out people worried that the government was spying on them. “All of a sudden we were part of this international story,” Weinberg says. The next year, DuckDuckGo turned a profit. Shortly thereafter, Weinberg finally started paying himself a salary. Today, DuckDuckGo employs 55 people, most of whom work remotely from around the world. (On the day I visited, there were maybe five employees in the Paoli office, plus one dog.) This year, the company went through its second funding round of VC funding, accepting a $10 million investment from Canadian firm OMERS. Weinberg insists that both OMERS and Union Square Ventures are “deeply interested in privacy and restoring power to the non-monopoly providers.” Later, via email, Weinberg declined to share DuckDuckGo’s exact revenue, beyond the fact that its 2018 gross revenue exceeded $25 million, a figure the company has chosen to disclose in order to stress that it is subject to the California Consumer Privacy Act. Weinberg feels that the company’s main challenge these days is improving brand recognition. “I don’t think there’s many trustworthy entities on the internet, just straight-up,” he says. “Ads follow people around. Most people have gotten multiple data breaches. Most people know somebody who’s had some kind of identity theft issue. The percentage of people who’ve had those events happen to them has just grown and grown.” The recent investment from OMERS has helped cover the cost of DuckDuckGo’s new app, launched in January 2018. The app, a lightweight mobile web browser for iOS and Android that’s also available as a Chrome plugin, is built around the DuckDuckGo search engine. It gives each site you visit a letter grade based on its privacy practices and has an option to let you know which web trackers — usually ones from Google, Facebook, or Comscore — it blocked from monitoring your browsing activity. After you’ve finished surfing, you can press a little flame icon and an oddly satisfying animated fire engulfs your screen, indicating that you’ve deleted your tabs and cleared your search history. The rest of the recent investment, Weinberg says, has been spent on “trying to explain to people in the world that [DuckDuckGo] exists.” He continues, “That’s our main issue — the vast majority of people don’t realize there’s a simple solution to reduce their [online] footprint.” To that end, DuckDuckGo maintains an in-house consumer advocacy blog called Spread Privacy, offering helpful tips on how to protect yourself online as well as commentary and analysis on the state of online surveillance. Its most recent initiative was a study on how filter bubbles — the term for how a site like Google uses our data to show us what it thinks we want — can shape the political news we consume. Brand recognition is a challenge for a lot of startups offering privacy-focused digital services. After all, the competition includes some of the biggest and most prominent companies in the world: Google, Apple, Facebook. And in some ways, this is an entire new sector of the market. “Privacy has traditionally not been a product; it’s been more like a set of best practices,” says David Temkin, chief product officer for the Brave web browser. “Imagine turning that set of best practices into a product. That’s kind of where we’re going.” Like DuckDuckGo — whose search engine Brave incorporates into its private browsing mode — Brave doesn’t collect user data and blocks ads and web trackers by default. In 2018, Brave’s user base exploded from 1 million to 5.5 million, and the company reached a deal with HTC to be the default browser on the manufacturer’s upcoming Exodus smartphone. Temkin, who first moved out to the Bay Area in the early ’90s to work at Apple, says that the past two decades of consolidation under Google/Facebook/Netflix/Apple/Amazon have radically upended the notion of the internet as a safe haven for the individual. “It’s swung back to a very centralized model,” he says. “The digital advertising landscape has turned into a surveillance ecosystem. The way to optimize the value of advertising is through better targeting and better data collection. And, well, water goes downhill.” In companies such as Brave and DuckDuckGo, Temkin sees a return to the more conscientious attitude behind early personal computing. “I think to an ordinary user, [privacy] is starting to sound like something they do need to care about,” he says. But to succeed, these companies will have to make privacy as accessible and simple as possible. “Privacy’s not gonna win if it’s a specialist tool that requires an expert to wield,” Temkin says. “What we’re doing is trying to package [those practices] in a way that’s empathetic and respectful to the user but doesn’t impose the requirement for knowledge or the regular ongoing annoyance that might go with maintaining privacy on your own.” In November, I decided to switch my personal search querying to DuckDuckGo in order to see whether it was a feasible solution to my online surveillance woes. Physically making the switch is relatively seamless. The search engine is already an optional default in browsers such as Safari, Microsoft Edge, and Firefox, as well as more niche browsers such as Brave and Tor, the latter of which made DuckDuckGo its default search in 2016. Actually using the service, though, can be slightly disorienting. I use Google on a daily basis for one simple reason: It’s easy. When I need to find something online, it knows what to look for. To boot, it gives me free email, which is connected to the free word processor that my editor and I are using to work on this article together in real time. It knows me. It’s only when I consider the implications of handing over a digital record of my life to a massive company that the sense of free-floating dread about digital surveillance kicks in. Otherwise, it’s great. And that’s the exact hurdle DuckDuckGo is trying to convince people to clear. Using DuckDuckGo can feel like relearning to walk after you’ve spent a decade flying. On Google, a search for, say, “vape shop” yields a map of vape shops in my area. On DuckDuckGo, that same search returns a list of online vaporizer retailers. The difference, of course, is the data: Google knows that I’m in Durham, North Carolina. As far as DuckDuckGo is concerned, I may as well be on the moon. That’s not to say using DuckDuckGo is all bad. For one, it can feel mildly revelatory knowing that you’re seeing the same search results that anyone else would. It restores a sense of objectivity to the internet at a time when being online can feel like stepping into The Truman Show — a world created to serve and revolve around you. And I was able to look up stuff I wanted to know about — how to open a vacuum-sealed mattress I’d bought off the internet, the origin of the martingale dog collar, the latest insane thing Donald Trump did — all without the possibility of my search history coming back to haunt me in the form of ads for bedding, dog leashes, or anti-Trump knickknacks. Without personalized results, DuckDuckGo just needs to know what most people are looking for when they type in search terms and serve against that. And most of the time, we fit the profile of most people. When I asked Weinberg if he wanted to displace Google as the top search engine in all the land, he demurred. “I mean, I wouldn’t be opposed to it,” he says, “but it’s really not our intention, and I don’t expect that to happen.” Instead, he’d like to see DuckDuckGo as a “second option” to Google for people who are interested in maintaining their online anonymity. “Even if you don’t have anything to hide, it doesn’t mean you want people to profit off your information or be manipulated or biased against as a result [of that information],” he says. Even though DuckDuckGo may serve a different market and never even challenge Google head-on, the search giant remains its largest hurdle in the long term. For more than a decade, Google has been synonymous with search. And that association is hard, if not impossible, to break. In the meantime, the two companies are on frosty terms. In 2010, Google obtained the domain duck.com as part of a larger business deal in a company formerly known as Duck Co. For years, the domain would redirect to Google’s search page, despite seeming like something you’d type into your browser while trying to get to DuckDuckGo. After DuckDuckGo petitioned for ownership for nearly a decade, Google finally handed over the domain in December. The acquisition was a minor branding coup for DuckDuckGo — and a potential hedge against accusations of antitrust for Google. That doesn’t mean relations between the two companies have improved. As the Goliath in the room, Google could attempt to undercut DuckDuckGo’s entire business proposition. Over the past few years, even mainstream players have attempted to assuage our privacy anxieties by offering VPNs (Verizon), hosting “privacy pop-ups” (Facebook), and using their billions to fight against state surveillance in court (Microsoft). With some tweaks, Google could essentially copy DuckDuckGo wholesale and create its own privacy-focused search engine with many of the same protections DuckDuckGo has built its business on. As to whether people would actually believe that Google, a company that muscled its way into becoming an integral part of the online infrastructure by selling people’s data, could suddenly transform into a guardian of that data remains to be seen. When it comes to the internet, trust is something easily lost and difficult to regain. In a sense, every time a giant of the internet surveillance economy is revealed to have sold out its customers in some innovatively horrifying way, the ensuing chaos almost serves as free advertising for DuckDuckGo. “The world keeps going in a bad direction, and it makes people think, ‘Hey, I would like to escape some of the bad stuff on the internet and go to a safer place,’” Weinberg says. “And that’s where we see ourselves.” Source
  7. Google Chrome is the most popular browser in the world. Chrome routinely leads the pack in features for security and usability, most recently helping to drive the adoption of HTTPS. But when it comes to privacy, specifically protecting users from tracking, most of its rivals leave it in the dust. Users are more aware of, and concerned about, the harms of pervasive tracking than ever before. So why is Chrome so far behind? It’s because Google still makes most of its money from tracker-driven, behaviorally-targeted ads. The marginal benefit of each additional bit of information about your activities online is relatively small to an advertiser, especially given how much you directly give Google through your searches and use of tools like Google Home. But Google still builds Chrome as if it needs to vacuum up everything it can about your online activities, whether you want it to or not. In the documents that define how the Web works, a browser is called a user agent. It’s supposed to be the thing that acts on your behalf in cyberspace. If the massive data collection appetite of Google’s advertising- and tracking-based business model are incentivizing Chrome to act in Google’s best interest instead of yours, that’s a big problem—one that consumers and regulators should not ignore. Chrome is More Popular Than Ever. So is Privacy. Since Chrome’s introduction in 2008, its market share has risen inexorably. It now accounts for 60% of the browsers on the web. At the same time, the public has become increasingly concerned about privacy online. In 2013, Edward Snowden’s disclosures highlighted the links between massive, surreptitious corporate surveillance and the NSA’s spy programs. In 2016, the EU ratified the General Data Protection Regulation (GDPR), a sweeping (and complicated) set of guidelines that reflected a new, serious approach to data privacy. And in the U.S., this year’s Cambridge Analytica scandal sparked unprecedented backlash against Facebook and other big tech companies, driving states like California to pass real data privacy laws for the first time (although those laws are under threat federally by, you guessed it, Google and Facebook). Around the world, people are waking up to the realities of surveillance capitalism and the surveillance business model: the business of “commodifying reality,” transforming it into behavioral data, and using that data and inferences from it to target us on an ever-more granular level. The more users learn about this business model, the more they want out. That’s why the use of ad and tracker blockers, like EFF’s Privacy Badger, has grown dramatically in recent years. Their popularity is a testament to users’ frustration with the modern web: ads and trackers slow down the browsing experience, burn through data plans, and give people an uneasy feeling of being watched. Companies often justify their digital snooping by arguing that people prefer ads that are “relevant” to them, but studies show that most users don’t want their personal information to be used to target ads. All of this demonstrates a clear, growing demand for consumer privacy, especially as it relates to trackers on the web. As a result, many browser developers are taking action. In the past, tracker blockers have only been available as third-party “extensions” to popular browsers, requiring diligent users to seek them out. But recently, developers of major browsers have started building tracking protections into their own products. Apple’s Safari has been developing Intelligent Tracking Protection, or ITP, a system that uses machine learning to identify and stop third-party trackers; this year, the improved ITP 2.0 became the default for tens of millions of Apple users. Firefox recently rolled out its own tracking protection feature, which is on by default in private browsing windows. Opera ships with the option to turn on both ad and tracker blocking. Even the much-maligned Internet Explorer has a built-in “tracking protection” mode. Yet Google Chrome, the largest browser in the world, has no built-in tracker blocker, nor has the company indicated any plans to build one. Sure, it now blocks some intrusive ads, but that feature has nothing to do with privacy. The closest thing it offers to “private” browsing out-of-the-box is “incognito mode,” which only hides what you do from others who use your machine. That might hide embarrassing searches from your family, but does nothing to protect you from being tracked by Google. Conflicts of Interest Google is the biggest browser company in the world. It’s also the biggest search engine, mobile operating system, video host, and email service. But most importantly, it’s the biggest server of digital ads. Google controls 42% of the digital advertising market, significantly more than Facebook, its largest rival, and vastly more than anyone else. Its tracking codes appear on three quarters of the top million sites on the web. 86% of Alphabet’s revenue (Google’s parent company) comes from advertising. That means all of Alphabet has a vested interest in helping track people and serve them ads, even when that puts the company at odds with its users. Source: The EFF
  8. Microsoft’s Obscure ‘Self Service for Mobile’ Office Activation Microsoft requires a product activation after installing. Users of Microsoft Office currently are facing trouble during telephone activation. After dealing with this issue, I came across another obscure behavior, Microsoft’s ‘Self Service for Mobile’ solution to activate Microsoft Office via mobile devices. Microsoft describes how to activate Microsoft Office 2013, 2016 and Office 365 within this document. There are several possibilities to activate an installed product, via Internet or via Telephone for instance. Activation by phone is required, if the maximum Internet activation threshold is reached. But Office activation by phone fails Within my blog post Office Telephone activation is no longer supported error I’ve addressed the basis issue. If a user re-installs Office, the phone activation fails. The activation dialog box shows the message “Telephone activation is no longer supported for your product“. Microsoft has confirmed this issue for Office 2016 users having a non subscriber installation. But also users of Microsoft Office 2010 or Microsoft Office 2013 are affected. A blog reader posted a tip: Use Mobile devices activation… I’ve posted an article Office 2010: Telefonaktivierung eingestellt? – Merkwürdigkeit II about the Office 2010 telephone activation issue within my German blog, back in January 2017. Then a reader pointed me within a comment to a Self Service for Mobile website. The link http: // bit.ly/2cQPMCb, shortened by bit.ly, points to a website https: // microsoft.gointeract.io/mobileweb/… that provides an ability to activate Microsoft Office (see screenshot below). After selecting a 6 or 7 Digits entry, an activation window with numerical buttons to enter the installation id will be shown (see screenshots shown below). The user has to enter the installation id and receives the activation id – plain and simple. Some users commented within my German blog, that this feature works like a charm. Obscurity, conspiracy, oh my God, what have they done? I didn’t inspect the posted link until writing last Fridays blog post Office Telephone activation is no longer supported error. My idea was, to mention the “Self Service for Mobile” page within the new article. I managed to alter the link to direct it to the English Self Service for Mobile language service site. Suddenly I noticed, that both, the German and also the English “Self Service for Mobile” sites uses https, but are flagged as “unsecure” in Google Chrome (see the screenshot below, showing the German edition of this web page. The popup shown for the web site „Self Service for Mobile“ says, that there is mixed content (images) on the page, so it’s not secure. That catches my attention, and I started to investigate the details. Below are the details for the German version of the web site shown in Google Chrome (but the English web site has the same issues). First of all, I noticed, that the „Self Service for Mobile“ site doesn’t belongs to a microsoft.com domain – in my view a must for a Microsoft activation page. Inspecting the details, I found out, the site contains mixed content (an image contained within the site was delivered via http). The content of the site was also delivered by Cloudflare (I’ve never noticed that case for MS websites before). The image flagged in the mixed content issue was the Microsoft logo, shown within the sites header, transferred via http. The certificate was issued by Go Daddy (an US company) and ends on March 2017. I’ve never noticed, that Go Daddy belongs to Microsoft. I came across Go Daddy during analyzing a phishing campaign months ago. A compromised server, used as a relay by a phishing campaign, has been hosted (according to Whois records) by Go Daddy. But my take down notice send to Go Daddy has never been answered. That causes all alarm bells ringing in my head, because it’s a typical behavior used in phishing sites. Also my further findings didn’t calm the alarm bells in my head. The subdomain microsoft used above doesn’t belongs to a Microsoft domain, it points to a domain gointeract.io. Tying to obtain details about the owner of gointeract.io via WhoIs ended with the following record. Domain : gointeract.io Status : Live Expiry : 2021-03-14 NS 1 : ns-887.awsdns-46.net NS 2 : ns-1211.awsdns-23.org NS 3 : ns-127.awsdns-15.com NS 4 : ns-1980.awsdns-55.co.uk Owner OrgName : Jacada Check for 'gointeract.sh' --- http://www.nic.sh/go/whois/gointeract.sh Check for 'gointeract.ac' --- http://www.nic.ac/go/whois/gointeract.ac Pretty short, isn’t it? No Admin c, no contact person, and Microsoft isn’t mentioned at all, but the domain has been registered till 2021. The Owner OrgName Jacada was unknown to me. Searching the web didn’t gave me more insights at first. Overall, the whole site looks obscure to me. The tiny text, shown within the browser’s lower left corner, was a hyperlink. The German edition of the „Self Service for Mobile“ site opens a French Microsoft site – the English site opens an English Microsoft site. My first conclusion was: Hell, I was tricked by a phishing comment – somebody set up this site to grab installation ids of Office users. So I deactivated the link within the comment and I posted a warning within my German blog post, not to use this „Self Service for Mobile“ site. I also tried to contact the user, who has posted the comment, via e-mail. … but “Microsoft” provides these links … User JaDz responded immediately in an additional comment, and wrote, that the link shortened via bit.ly has been send from Microsoft via SMS – after he tried the telephone activation and selected the option to activate via a mobile device. I didn’t noticed that before – so my conclusion was: Hell, this obscure „Self Service for Mobile“ site is indeed related to Microsoft. Then I started again a web search, but this time with the keywords Jacada and Microsoft. Google showed several hits, pointing to the site jacada.com (see screenshot below). It seems that Jacada is a kind of service provider for several customers. I wasn’t able to find Microsoft within the customer reference. But I know, that Microsoft used external services for some activities. Now I suppose, that somebody from Jacada set up the „Self Service for Mobile“ activation site. The Ajax code used is obviously able to communicate with Microsoft’s activation servers and obtain an activation id. And Microsoft’s activation mechanism provides an option to send the bit.ly link via SMS. Closing words: Security by obscurity? At this point I was left really puzzled. We are not talking about a startup located within a garage. We are having dealing with Microsoft, a multi billion company, that claims to run highly secured and trustable cloud infrastructures world wide. But what’s left, after we wipe of the marketing stuff? The Office activation via telephone is broken (Microsoft confirmed that, after it was reported by customers!). As a customer in need to activate a legal owned, but re-installed, Microsoft Office is facing a nasty situation. Telephone activation is refused, the customers will be (wrongly) notified, that this option is no longer supported. Internet activation is refused due “to many online activations” – well done. But we are not finish yet. They set up a „Self Service for Mobile“ activation site in a way, that is frequently used by phishers. They are sending links via SMS to this site requesting to enter sensitive data like install ids. A site that is using mixed content via https, and is displaying an activation id. In my eyes a security night mare. But maybe I’ve overlooked or misinterpreted something. If you have more insights or an idea, or if my assumptions a wrong, feel free, to drop a comment. I will try to reach out and ask Microsoft for a comment about this issue. Article in German Source Alternate Source reading - AskWoody: Born: Office activation site controlled by a non-Microsoft company
  9. Judge dismisses lawsuit accusing Facebook of tracking users’ activity, saying responsibility was on plaintiffs to keep browsing history private A judge has dismissed a lawsuit accusing Facebook of tracking users’ web browsing activity even after they logged out of the social networking site. The plaintiffs alleged that Facebook used the “like” buttons found on other websites to track which sites they visited, meaning that the Menlo Park, California-headquartered company could build up detailed records of their browsing history. The plaintiffs argued that this violated federal and state privacy and wiretapping laws. US district judge Edward Davila in San Jose, California, dismissed the case because he said that the plaintiffs failed to show that they had a reasonable expectation of privacy or suffered any realistic economic harm or loss. Davila said that plaintiffs could have taken steps to keep their browsing histories private, for example by using the Digital Advertising Alliance’s opt-out tool or using “incognito mode”, and failed to show that Facebook illegally “intercepted” or eavesdropped on their communications. “Facebook’s intrusion could have easily been blocked, but plaintiffs chose not to do so,” said Davila, who dismissed an earlier version of the five-year-old case in October 2015. Clicking on the Facebook “like” button on a third party website – for example, theguardian.com – allows people to share pieces of content to Facebook without having to copy and paste the link into a status update on the social network. When a user visits a page with an embedded “like” button, the web browser sends information to both Facebook and the server where the page is located. “The fact that a user’s web browser automatically sends the same information to both parties does not establish that one party intercepted the user’s communication with the other,” said Davila. The plaintiffs cannot bring privacy and wiretapping claims again, Davila said, but can pursue a breach of contract claim again. Australian internet security blogger Nik Cubrilovic first discovered that Facebook was apparently tracking users’ web browsing after they logged off in 2011. Responding to Cubrilovic, Facebook engineer Gregg Stefancik confirmed that Facebook has cookies that persist after log-out as a safety measure (to prevent others from trying to access the account) but that the company does not use the cookies to track users or sell personal information to third parties. However, in 2014 Facebook started using web browsing data for delivering targeted “interest-based” advertising – which explains why you see ads for products you have already been looking at online appear in your Facebook feed. To address privacy concerns, Facebook introduced a way for users to opt out of this type of advertising targeting from within user settings. “We are pleased with the court’s ruling,” said a Facebook spokeswoman. Source
  10. I've noticed "client_test/0.16.15.0" appearing as a "client" on some of my seeds. It does not download anything, but hangs out for hours, so I did a lookup on the IP addresses, which vary a bit. All come back the same. Registrant Name: Legal Department Registrant Organization: Amazon.com, Inc. Registrant Street: PO BOX 81226 Registrant City: Seattle Registrant State/Province: WA I'm the sole seeder of some of these old media files. I'm surprised they even care. Does this mean Amazon loves me, or what ? Should I expect chocolates or a SWAT team ? :(
  11. Firefox: Always Open Site In Container Tab Mozilla added a much requested feature to Firefox's Container Tabs experiment recently that enables you to always open sites in a specific container. Container Tabs is an upcoming feature of the Firefox web browser that is available as a Test Pilot experiment, and in Firefox Nightly. Mozilla launched the Container Tabs experiment a couple of months ago as a Test Pilot experiment. We talked about the feature in 2016 before already when it was revealed for the first time. Called Containers back then, it allowed participants to load websites in containers. A container is a closed environment which uses custom storage for some data to separate it from the main Firefox data storage and other containers. This is useful for quite a few things, for instance to limit tracking, sign in to the same Web service at the same time in the same browser window, or to separate work from entertainment websites. Firefox: Always open site in Container Tab In the closing words under the original article here on Ghacks, I mentioned that I'd like to see Mozilla add features to Container Tabs that I think would improve the feature significantly. Among the features was a request to restrict sites to certain containers. This made sense in my opinion, as it would allow you to load bank websites in the security container, work related sites and services in the work container, and so on. Mozilla has added the functionality to the latest version of the Container Tabs experiment. Note that this feature has not landed yet in the Firefox Nightly implementation of Containers. A small informational panel is opened when you click on the Container Tabs icon in the Firefox toolbar after installation or update of the add-on in the browser. It highlights that the "always open sites in the containers you want" option is now available. To use it, you right-click inside a container tab to assign it to the loaded container. You may also right-click on the Container Tabs icon in the Firefox toolbar to check the option as well. A prompt is loaded next time you load the site in Firefox. In fact, this prompt is loaded each time you open the site, unless you check the "remember my decision for this site" option. If you check the box, the prompt is not displayed anymore. You can disable the loading of a site in a container tab by right-clicking either on the site or on the icon while the site is loaded in the active tab. Verdict Mozilla continues its work on the upcoming Container Tabs feature. While it is still possible that the feature won't land in Firefox, it seems very likely that it will land eventually. My hope is that Mozilla will address my other feature requests, especially the option to clear data only in a single container tab, as well in future updates. (via Sören Hentzschel) Now You: What is your take on the improvement and Container Tabs in general? Source
  12. Chrome: Sites May Record Audio/Video Without Indication Websites may abuse WebRTC in Google Chrome to record audio or video using the technology without any indication of that to the user. A security vulnerability was reported to Google on April 10, 2017 which allows an attacker to record audio or video using Chrome without indication. Most modern web browsers support WebRTC (Web Real-Time Communications). One of the benefits of WebRTC is that it supports real-time communication without the use of plugins. This includes options to create audio and video chat services, p2p data sharing, screen sharing, and more using the technology. There is also a downside to WebRTC, as it may leak local IP addresses in browsers that support WebRTC. You can protect the IP address from being revealed in Firefox, Chrome and Vivaldi, for instance. The reported vulnerability affects Chrome but it may affect other web browsers as well. For it to work, you'd have to visit a site and allow it to use WebRTC. The site that wants to record audio or video would spawn a JavaScript window then without header, a pop under or pop up window for instance. It can then record audio or video, without giving indications in Chrome that this is happening. Chrome displays recording indicators usually in the tab that uses the functionality, but since the JavaScript window is headerless, nothing is shown to the user. A proof of concept was created which you find linked on the Chromium Bugs website. All you need to do is click on two buttons, and allow the site to use WebRTC in the web browser. The proof of concept demo records audio for 20 seconds, and gives you an option afterwards to download the recording to the local system. A Chromium team member confirmed the existence of the issue, but did not want to call it vulnerability. The explanation does not make a whole lot of sense to me. Because Android does not show an indicator in first place, and Chrome on the desktop only if enough interface space is available, it is not a security vulnerability? At the very least, it is a privacy issue and something that users need to be aware of. While users do have to trust sites enough to give them permissions to use WebRTC, it and the fact that the site needs to launch a popup window are the only things needed to exploit this. Google may improve the situation in the future, but users are on their own right now when it comes to that. The best form of protection is to disable WebRTC which can be done easily if you don't require it, the second best to allow only trusted sites to use WebRTC. If you allow a site to use WebRTC, you may want to look out for any other windows that it may spawn afterwards on top of that. Now You: Do you use services or apps that use WebRTC? Source
  13. Both paid and unpaid apps can track your data. The apps pictured may not - but it’s hard to know which do and which don’t. Anyone who spends much time online knows the saying: “If you’re not paying, you’re the product”. That’s not exactly correct. On the internet, you’re nearly always the product. And while most internet users know that some of their personal data is being collected and monetised, few are aware of the sheer scale of the issue, particularly when it comes to apps. In fact, our research suggests a majority of the top 100 paid and free Google Play apps in Australia, Brazil, Germany and the US contain at least one tracker. This means data could be collected for advertising networks as well as for payment providers. This is just the beginning. As voice-activated intelligent assistants like Siri or Google Now evolve and replace the need for apps on our smartphones, the question of what is being done with our data will only grow more complicated. Nothing is free The difference between what apps actually do with user data and what users expect them to do was apparent in the recent Unroll.Me scandal. Unroll.me is a free online service that cleans email inboxes by unsubscribing the user from unnecessary emails. But many were dismayed when the company was recently discovered to be monetising their mail content. For example, UnRoll.me was reportedly looking for receipts of the ridesharing company Lyft in user emails and selling that information to Uber. Unroll.me’s CEO apologised, saying the company needed to do a better job of disclosing its use of data. But who is in the wrong? Consumers for thinking they were getting a service for free? Or the service provider, who should inform customers of what they’re collecting? The question is even more intriguing when it comes to mobile apps. In fact, compared to online services that usually access a few facets of a user’s personal profile, mobile apps can conveniently tap into a range of personal data such as location, message content, browser history and app installation logs. They do this using third-party libraries embedded in their code, and these libraries can be very intrusive. How libraries work Libraries are third-party trackers used by app developers so they can integrate their products with external services. These may include advertising networks, social media platforms and payment gateways such as Paypal, as well as tools for tracking bugs and crashes. In our study, carried out in 2015, we analysed tracking libraries in the top-100 free and top-100 paid apps in in Australia, Brazil, Germany and the US, revealing some concerning results. Approximately 90% of the top free apps and 60% of the top paid apps in Google Play Store had at least one embedded tracker. For both free and paid apps in the study, Google Ads and Flurry were the two most popular trackers and were integrated with more than 25% of the apps. Other frequently observed libraries include Chartboost, Millennial Media, Google Analytics and Tapjoy. The top trackers were also likely to be present in more than one app, meaning these libraries receive a rich dataset about the user. A summary of the study of top-100 free and paid apps in Google Play Store. NICTA, Author provided Of course, these numbers could have changed in the two years since our research was published, although recent studies suggest the trend has largely continued. It’s also possible these libraries are present without collecting data, but it’s nonetheless disturbing to see the presence of so many trackers in paid apps that have an alternative business model. What lies ahead? So what can you do if you don’t want to be tracked? Use your judgement when giving apps permission to access your data by first asking questions such as, “does this game really need to know my phone number?” Consider using mobile anti-virus and privacy advisory apps such as Lookout Security & Antivirus, Mobile Security and Antivirus, and PrivMetrics (this app is a beta release by Data61). Ultimately, however, these solutions barely touch the surface of a much larger issue. In the near future, apps may be replaced by built-in services that come with a smartphone’s operating system. The intelligent personal assistant by Google, Google Now, for example, could eliminate the need for individual transport, messenger, news and weather apps, as well as some financial apps. These services, otherwise known as aggregator platform services, could build extensive profiles that cover several aspects of our online and offline behaviour. When used, they have access to an incredibly broad range of our activities, not to mention our location. Still, app users have so far been willing to exchange their data for convenience. There’s little reason to believe that trend will not continue. Article source
  14. New Vault 7 leaks show CIA can install persistent malware on OS X and iOS devices A new trove of documents belonging to Wikileak’s Vault 7 leaks, dubbed “Dark Matter” reveal that Apple devices including Macs and iPhones have been compromised by the CIA. They are affected by firmware malware meaning that even a re-installation of the operating system will not fix the device. The CIA’s Embedded Development Branch (EDB) have created several tools for exploiting Apple devices, these include: Sonic Screwdriver – allows an attacker to boot its malware from peripheral devices such as a USB stick. DarkSeaSkies – is an “implant” that persists in the EFI firmware of MacBook Air computers. It consists of “DarkMatter”, “SeaPea” and “NightSkies” which affect EFI, kernel-space, and user-space respectively. Triton – macOS malware. Dark Mallet – Triton infector. DerStake – EFI-persistent version of Triton. The documents show that DerStake was at version 1.4 as of 2013, but other documents show that as of 2016, the CIA was working on DerStake 2.0. According to Wikileaks, NightSkies can infect Apple iPhones, the organisation said what’s noteworthy is that NightSkies has been able to infect iPhones since 2008. The CIA documents say NightSkies is a “beacon/loader/implant tool”. It is “expressly designed” to be physically installed onto factory fresh iPhones meaning the CIA has been intercepting the iPhone supply chain of its targets since at least 2008. "Dark Matter" is just the latest release of documents from the wider Vault 7 leaks, more CIA documents are expected in the future. Main Source: Wikileaks Source
  15. Facebook Bans Devs From Creating Surveillance Tools With User Data Without a hint of irony, Facebook has told developers that they may not use data from Instagram and Facebook in surveillance tools. The social network says that the practice has long been a contravention of its policies, but it is now tidying up and clarifying the wording of its developer policies. American Civil Liberties Union, Color of Change and the Center for Media Justice put pressure on Facebook after it transpired that data from users' feeds was being gathered and sold on to law enforcement agencies. The re-written developer policy now explicitly states that developers are not allowed to "use data obtained from us to provide tools that are used for surveillance." It remains to be seen just how much of a difference this will make to the gathering and use of data, and there is nothing to say that Facebook's own developers will not continue to engage in the same practices. Deputy chief privacy officer at Facebook, Rob Sherman, says: Transparency reports published by Facebook show that the company has complied with government requests for data. The secrecy such requests and dealings are shrouded in means that there is no way of knowing whether Facebook is engaged in precisely the sort of activity it is banning others from performing. Source
  16. Security flaws smash worthless privacy protection Analysis To protect mobile devices from being tracked as they move through Wi-Fi-rich environments, there's a technique known as MAC address randomization. This replaces the number that uniquely identifies a device's wireless hardware with randomly generated values. In theory, this prevents scumbags from tracking devices from network to network, and by extension the individuals using them, because the devices in question call out to these nearby networks using different hardware identifiers. It's a real issue because stores can buy Wi-Fi equipment that logs smartphones' MAC addresses, so that shoppers are recognized by their handheld when they next walk in, or walk into affiliate shop with the same creepy system present. This could be used to alert assistants, or to follow people from department to department, store to store, and then sell that data to marketers and ad companies. Public wireless hotspots can do the same. Transport for London in the UK, for instance, used these techniques to study Tube passengers. Regularly changing a device's MAC address is supposed to defeat this tracking. But it turns out to be completely worthless, due to a combination of implementation flaws and vulnerabilities. That and the fact that MAC address randomization is not enabled on the majority of Android phones. In a paper published on Wednesday, US Naval Academy researchers report that they were able to "track 100 per cent of devices using randomization, regardless of manufacturer, by exploiting a previously unknown flaw in the way existing wireless chipsets handle low-level control frames." Beyond this one vulnerability, an active RTS (Request to Send) attack, the researchers also identify several alternative deanonymization techniques that work against certain types of devices. Cellular radio hardware has its own set of security and privacy issues; these are not considered in the Naval Academy study, which focuses on Android and iOS devices. Each 802.11 network interface in a mobile phone has a 48-bit MAC address layer-2 hardware identifier, one that's supposed to be persistent and globally unique. Hardware makers can register with the Institute of Electrical and Electronics Engineers (IEEE) to buy a block of MAC addresses for their networking products: the manufacturer is assigned a three-byte Organizationally Unique Identifier, or OUI, with is combined with an additional three-byte identifier that can be set to any value. Put those six bytes together, and you've got a 48-bit MAC address that should be globally unique for each device. The IEEE's registration system makes it easy to identify the maker of a particular piece of network hardware. The IEEE also provides the ability to purchase a private OUI that's not associated with a company name, but according to the researchers "this additional privacy feature is not currently used by any major manufacturers that we are aware of." Alternatively, the IEEE offers a Company Identifier, or CID, which is another three-byte prefix that can be combined with three additional bytes to form 48-bit MAC addresses. CID addresses can be used in situations where global uniqueness is not required. These CID numbers tend to be used for MAC address randomization and are usually transmitted when a device unassociated with a specific access point broadcasts 802.11 probe requests, the paper explains. The researchers focused on devices unassociated with a network access point – as might happen when walking down the street through various Wi-Fi networks – rather than those associated and authenticated with a specific access point, where the privacy concerns differ and unique global MAC addresses come into play. Unmasking Previous security research has shown that flaws in the Wi-Fi Protected Setup (WPS) protocol can be used to reverse engineer a device's globally unique MAC address through a technique called Universally Unique IDentifier-Enrollee (UUID-E) reversal. The US Naval Academy study builds upon that work by focusing on randomized MAC address implementations. The researchers found that "the overwhelming majority of Android devices are not implementing the available randomization capabilities built into the Android OS," which makes such Android devices trivial to track. It's not clear why this is the case, but the researchers speculate that 802.11 chipset and firmware incompatibilities might be part of it. Samsung v Apple Surprisingly, Samsung devices, which accounted for 23 per cent of the researcher's Android data set, show no evidence of implementing MAC address randomization. Apple, meanwhile, introduced MAC address randomization in iOS 8, only to break it in iOS 10. While the researchers were evaluating devices last year, Apple launched iOS 10 and changed its network probe broadcasts to include a distinct Information Element (IE), data added to Wi-Fi management frames to extend the Wi-Fi protocol. "Inexplicably the addition of an Apple vendor-specific IE was added to all transmitted probe requests," the paper explains. "This made identification of iOS 10 Apple devices trivial regardless of the use of MAC address randomization." This shortcoming aside, Apple handles randomization correctly, in the sense that it properly randomizes the full 48-bits available for MAC addresses (with the exception of the Universal/Local bit, set to distinguish between global MAC addresses and the local ones used for randomization, and the Unicast/Multicast Bit). The researchers find this interesting because the IEEE charges a fee for using the first three bytes of that space for CID prefixes, "meaning that Apple is freely making use of address space that other companies have paid for." In a phone interview with The Register, Travis Mayberry, assistant professor at the US Naval Academy and one of the paper's co-authors, expressed surprise that something like 70 per cent of Android phones tested did not implement MAC address randomization. "It's strange that Android was so vulnerable," he said. "It's just really bad at doing what it was supposed to do." 'Closest to being pretty good' Apple, meanwhile, fared better in terms of effort, though not results. "Apple is the closest to being pretty good," Mayberry said, but noted that Apple devices, despite the advantage of hardware consistency, are still vulnerable to an RTS (Request to Send) attack. Sending RTS frames to an Apple phone forces the device to reveal its global unique MAC address, rather than the randomized one normally presented to the hotspot. "No matter how hard you try, you can't defend against that because it's a property of the wireless chip itself," said Mayberry. There was single Android phone that fared well. "The one Android phone that was resistant to our passive attacks was the CAT S60 which is some kind of 'tough' phone used on construction sites and the like," Mayberry explained in an email. "It did not have a recognizable fingerprint and did not ever transmit its global MAC except when associating. It was still vulnerable to our active RTS attack though, since like I said, that is a problem with the actual chips and effects every phone." Mayberry was at a loss to explain why Apple shot itself in the foot by adding a trackable identifier to a system that previously worked well. "I initially thought it might be to support some of the 'continuity' features where multiple apple devices can discover and exchange stuff like open browser tabs and clipboard contents but that came out in earlier versions of iOS," he said. "It also might be linked to the HomeKit features that they added in iOS to control IoT devices. Basically it would have to be to purposefully identify and discover other Apple devices that are not associated, otherwise we wouldn't see it in probe requests. All of this is pure speculation though and we really don't have a strong reason for it." Mayberry said he hoped the research would help the industry understand the consequences of everyone doing things differently. There's no generally accepted way to handle MAC address randomization. "There are so many phones not using it," he said. "There should be a standard." By Thomas Claburn https://www.theregister.co.uk/2017/03/10/mac_address_randomization/
  17. Four in Five Britons Fearful Trump Will Abuse their Data More than three-quarters of Britons believe incoming US President Donald Trump will use his surveillance powers for personal gain, and a similar number want reassurances from the government that data collected by GCHQ will be safeguarded against such misuse. These are the headline findings from a new Privacy International poll of over 1600 Brits on the day Trump is inaugurated as the 45th President of the most powerful nation on earth. With that role comes sweeping surveillance powers – the extent of which was only revealed after NSA whistleblower Edward Snowden went public in 2013. There are many now concerned that Trump, an eccentric reality TV star and gregarious property mogul, could abuse such powers for personal gain. That’s what 78% of UK adults polled by Privacy International believe, and 54% said they had no trust that Trump would use surveillance for legitimate purposes. Perhaps more important for those living in the United Kingdom is the extent of the information sharing partnership between the US and the UK. Some 73% of respondents said they wanted the government to explain what safeguards exist to ensure any data swept up by their domestic secret services doesn’t end up being abused by the new US administration. That fear has become even more marked since the passage of the Investigatory Powers Act or 'Snoopers’ Charter', which granted the British authorities unprecedented mass surveillance and hacking powers, as well as forcing ISPs to retain all web records for up to 12 months. Privacy International claimed that although it has privately been presented with documents detailing the info sharing partnership between the two nations, Downing Street has so far refused to make the information public. The rights group and nine others are currently appealing to the European Court of Human Rights to overturn a decision by the Investigatory Powers Tribunal (IPT) not to release information about the rules governing the US-UK agreement. “UK and the US spies have enjoyed a cosy secret relationship for a long time, sharing sensitive intelligence data with each other, without parliament knowing anything about it, and without any public consent. Slowly, we’re learning more about the staggering scale of this cooperation and a dangerous lack of sufficient oversight,” argued Privacy International research officer, Edin Omanovic. “Today, a new President will take charge of US intelligence agencies – a President whose appetite for surveillance powers and how they’re used put him at odds with British values, security, and its people… Given that our intelligence agencies are giving him unfettered access to massive troves of personal data, including potentially about British people, it is essential that the details behind all this are taken out of the shadows.” Source
  18. Mozilla: The Internet Is Unhealthy And Urgently Needs Your Help Mozilla argues that the internet's decentralized design is under threat by a few key players, including Google, Facebook, Apple, Tencent, Alibaba and Amazon, monopolizing messaging, commerce, and search. Can the internet as we know it survive the many efforts to dominate and control it, asks Firefox maker Mozilla. Much of the internet is in a perilous state, and we, its citizens, all need to help save it, says Mark Surman, executive director of Firefox maker the Mozilla Foundation. We may be in awe of the web's rise over the past 30 years, but Surman highlights numerous signs that the internet is dangerously unhealthy, from last year's Mirai botnet attacks, to market concentration, government surveillance and censorship, data breaches, and policies that smother innovation. "I wonder whether this precious public resource can remain safe, secure and dependable. Can it survive?" Surman asks. "These questions are even more critical now that we move into an age where the internet starts to wrap around us, quite literally," he adds, pointing to the Internet of Things, autonomous systems, and artificial intelligence. In this world, we don't use a computer, "we live inside it", he adds. "How [the internet] works -- and whether it's healthy -- has a direct impact on our happiness, our privacy, our pocketbooks, our economies and democracies." Surman's call to action coincides with nonprofit Mozilla's first 'prototype' of the Internet Health Report, which looks at healthy and unhealthy trends that are shaping the internet. Its five key areas include open innovation, digital inclusion, decentralization, privacy and security, and web literacy. Mozilla will launch the first report after October, once it has incorporated feedback on the prototype. That there are over 1.1 billion websites today, running on mostly open-source software, is a positive sign for open innovation. However, Mozilla says the internet is "constantly dodging bullets" from bad policy, such as outdated copyright laws, secretly negotiated trade agreements, and restrictive digital-rights management. Similarly, while mobile has helped put more than three billion people online today, there were 56 internet shutdowns last year, up from 15 shutdowns in 2015, it notes. Mozilla fears the internet's decentralized design, while flourishing and protected by laws, is under threat by a few key players, including Facebook, Google, Apple, Tencent, Alibaba and Amazon, monopolizing messaging, commerce and search. "While these companies provide hugely valuable services to billions of people, they are also consolidating control over human communication and wealth at a level never before seen in history," it says. Mozilla approves of the wider adoption of encryption today on the web and in communications but highlights the emergence of new surveillance laws, such as the UK's so-called Snooper's Charter. It also cites as a concern the Mirai malware behind last year's DDoS attacks, which abused unsecured webcams and other IoT devices, and is calling for safety standards, rules and accountability measures. The report also draws attention to the policy focus on web literacy in the context of learning how to code or use a computer, which ignores other literacy skills, such as the ability to spot fake news, and separate ads from search results. Source Alternate Source - 1: Mozilla’s First Internet Health Report Tackles Security, Privacy Alternate Source - 2: Mozilla Wants Infosec Activism To Be The Next Green Movement
  19. Chinese Citizens Can Be Tracked In Real Time A group of researchers have revealed that the Chinese government is collecting data on its citizens to an extent where their movements can even be tracked in real-time using their mobile devices. This discovery was made by The Citizen Lab at the University of Toronto's Munk School of Global Affairs who specialize in studying the ways in which information technology affects both personal and human rights worldwide. It has been known for some time that the Chinese government employs a number of invasive tactics to be fully aware of the lives of its citizens. Though Citizen Lab was able to discover that the government has begun to monitor its populace using apps and services designed and run by the private sector. The discovery was made when the researchers began exploring Tencent's popular chat app WeChat that is installed on the devices of almost every Chinese citizen with 800 million active users each month. Citizen Lab found that not only does the app help the government censor chats between users but that it is also being used as a state surveillance tool. WeChat's restrictions even remain active for Chinese students studying abroad. Ronald Deibert, a researcher at Citizen Lab, offered further insight on the team's discovery, saying: "What the government has managed to do, I think quite successfully, is download the controls to the private sector, to make it incumbent upon them to police their own networks". To make matters worse, the data collected by WeChat and other Chinese apps and services is currently being sold online. The Guangzhou Southern Metropolis Daily led an investigation that found that large amounts of personal data on nearly anyone could be purchased online for a little over a hundred US dollars. The newspaper also found another service that offered the ability to track users in real-time via their mobile devices. Users traveling to China anytime soon should be extra cautious as to their activities online and should think twice before installing WeChat during their stay. Published under license from ITProPortal.com, a Future plc Publication. All rights reserved. Source
  20. Anti-Tracking Extension Privacy Badger 2.0 Is Out The Electronic Frontier Foundation released their anti-tracking extension Privacy Badger 2.0 for Firefox, Chrome and Opera yesterday. The extension is designed to prevent online tracking which is fundamentally different from how ad blockers operate. Instead of blocking scripts outright, Privacy Badger 2.0 will only block trackers. This means that ads may still be displayed, but that the extension puts an end to techniques that sites use to "follow" users around the web. The add-on places an icon in the browser's main toolbar that you interact with. It highlights the number of trackers that it blocked on a site, and displays options to allow individual trackers, or block domains that the extension did not detect as trackers. Privacy Badger 2.0 You are probably wondering how Privacy Badger 2.0 differs from the initial Privacy Badger released in 2014, and Privacy Badger 1.0 released in 2015. To find out, we have to dig deep as the EFF's own press release does not shed details on that. We have to look at the add-on stores to find out about the changes. Support for Firefox's multi-process architecture E10s is probably the biggest improvement over previous versions. Mozilla is still rolling out the feature to devices running the stable version of the Firefox web browser. Compatibility means that you can run Privacy Badger 2.0 alongside multi-process Firefox without major issues. Privacy Badger 2.0 may also be installed on Firefox Mobile for Android. This goes hand in hand with Privacy Badger sharing a code base now. Existing users of the extension may also notice performance improvements, the EFF refers to them as "huge", but mileage may vary. At least on my system, it is still not super fast. But there is more. Privacy Badget 2.0 may block WebRTC from leaking local IP addresses. Please note that this feature appears to be only available in the Chrome / Opera version of Privacy Badget 2.0, and not in the Firefox version. You find the option under "general settings" in the Privacy Badger options. You find the new "manage data" option in the settings as well. This enables you to import or export user data that includes whitelisted domains and filter settings. Privacy Badger 2.0 blocks so-called HTML5 pings as well in the new version, and will break fewer sites according to the EFF. Last but not least, it will also forget data when private browsing mode or incognito mode are used by the user. Firefox users reported that the extension breaks Google Docs for them, and there specifically Google Sheets. Closing Words Privacy Badger 2.0 is a major release, but it has its issues right now on Firefox. Google Sheets crashing, and WebRTC missing are just two of the reported issues right now that plague the Firefox version of the privacy add-on. If you do use it on Firefox, you better wait until those issues are sorted out before you upgrade to the new version. Source Changelog: New features with 2.0 & 2.0.1: Version 2.0.1 - Firefox Extension: Sanitize origin and action in popup Version 2.0 of Privacy Badger includes many improvements for users and developers, including: Support for “incognito” or “private” browsing Import/export capabilities, so you can export a backup of what Privacy Badger has learned about your tracker-blocking needs and import that into another browser Fixes to “break” fewer websites, ensuring that you can both block trackers and enjoy rich content Improved user interface translation for non-English-speaking users Blocks to prevent WebRTC from leaking your IP address Blocks to prevent HTMLl5 "ping" tracking Notable speed improvements (Firefox only) Multiprocess Compatibility (E10S) (Firefox only) A single code base for both the Firefox and Chrome versions Downloads: Details & FAQ: https://www.eff.org/privacybadger Firefox: https://addons.mozilla.org/en-US/firefox/addon/privacy-badger17/ Firefox[Optional Direct]: https://www.eff.org/files/privacy-badger-latest.xpi Opera: https://addons.opera.com/en/extensions/details/privacy-badger/?display=ru or https://addons.opera.com/extensions/download/privacy-badger/ Chrome: https://chrome.google.com/webstore/detail/privacy-badger/pkehgijcmpdhfbdbbnkijodmdjhbjlgp Chromium browsers[Optional Direct]: https://www.eff.org/files/privacy_badger-chrome.crx
  21. Uber Knows Where You Go, Even After Ride Is Over Enlarge / Uber's iOS popup asking for new surveillance permissions. “We do this to improve pickups, drop-offs, customer service, and to enhance safety.” As promised, Uber is now tracking you even when your ride is over. The ride-hailing service said the surveillance—even when riders close the app—will improve its service. The company now tracks customers from when they request a ride until five minutes after the ride has ended. According to Uber, the move will help drivers locate riders without having to call them, and it will also allow Uber to analyze whether people are being dropped off and picked up properly—like on the correct side of the street. "We do this to improve pickups, drop-offs, customer service, and to enhance safety," Uber said. In a statement, the company said: Uber announced that it would make the change last year to allow surveillance in the app's background, prompting a Federal Trade Commission complaint. (PDF) The Electronic Privacy Information Center said at the time that "this collection of user's information far exceeds what customers expect from the transportation service. Users would not expect the company to collect location information when customers are not actively using the app." The complaint went nowhere. However, users must consent to the new surveillance. A popup—like the one shown at the top of this story—asks users to approve the tracking. Uber says on its site that riders "can disable location services through your device settings" and manually enter a pickup address. Uber and the New York Attorney General's office in January entered into an agreement to help protect users' location data. The deal requires Uber to encrypt location data and to protect it with multi-factor authentication. Source
  22. How To Stop Everyone Tracking You On The Web It’s no secret that there’s big money to be made in violating your privacy. Companies will pay big bucks to learn more about you, and service providers on the web are eager to get their hands on as much information about you as possible. So what do you do? How do you keep your information out of everyone else’s hands? Here’s a guide to surfing the web while keeping your privacy intact. The adage goes, “If you’re not paying for a service, you’re the product, not the customer”, and it’s never been more true. Every day more news breaks about a new company that uploads your address book to their servers, skirts in-browser privacy protection, and tracks your every move on the web to learn as much about your browsing habits and activities as possible. In this post, we’ll explain why you should care, and help you lock down your surfing so you can browse in peace. Why You Should Care Your personal information is valuable. More valuable than you might think. When we originally published our guide to stop Facebook from tracking you around the web, some people cried “So what if they track me? I’m not that important/I have nothing to hide/they just want to target ads to me and I’d rather have targeted ads over useless ones!” To help explain why this is short-sighted and a bit naive, let me share a personal story. Before I joined the Lifehacker team, I worked at a company that traded in information. Our clients were huge companies and one of the services we offered was to collect information about people, their demographics, income and habits, and then roll it up so they could get a complete picture about who you are and how to convince you to buy their products. In some cases, we designed websites and campaigns to convince you to provide even more information in exchange for a coupon, discount or the simple promise of either of those. It works very, very well. The real money is in taking your data and shacking up with third parties to help them come up with new ways to convince you to spend money, sign up for services and give up more information. Relevant ads are nice, but the real value in your data exists where you won’t see it until you’re too tempted by the offer to know where it came from, whether it’s a coupon in your mailbox or a new daily deal site with incredible bargains tailored to your desires. It all sounds good until you realise the only thing you have to trade for such “exciting” bargains is everything personal about you: your age, income, family’s ages and income, medical history, dietary habits, favourite websites, your birthday… the list goes on. It would be fine if you decided to give up this information for a tangible benefit, but you may never see a benefit aside from an ad, and no one’s including you in the decision. Here’s how to take back that control. How to Stop Trackers from Following Where You’re Browsing with Chrome If you’re a Chrome user, there are tons of great add-ons and tools designed to help you uncover which sites transmit data to third parties without your knowledge, which third parties are talking about you, and which third parties are tracking your activity across sites. This list isn’t targeted to a specific social network or company — instead, these extensions can help you with multiple offenders. ◾Adblock Plus — We’ve discussed AdBlock plus several times, but there’s never been a better time to install it than now. For extra protection, one-click installs the Antisocial subscription for AdBlock. With it, you can banish social networks like Facebook, Twitter, and Google+ from transmitting data about you after you leave those sites, even if the page you visit has a social plugin on it. ◾Ghostery — Ghostery does an excellent job at blocking the invisible tracking cookies and plug-ins on many websites, showing it all to you, and then giving you the choice whether you want to block them one-by-one, or all together so you’ll never worry about them again. The best part about Ghostery is that it’s not just limited to social networks, but will also catch and show you ad-networks and web publishers as well. ◾ScriptNo for Chrome — ScriptNo is much like Ghostery in that any scripts running on any site you visit will sound its alarms. The difference is that while Ghostery is a bit more exclusive about the types of information it alerts you to, ScriptNo will sound the alarm at just about everything, which will break a ton of websites. You’ll visit the site, half of it won’t load or work, and you’ll have to selectively enable scripts until it’s usable. Still, its intuitive interface will help you choose which scripts on a page you’d like to allow and which you’d like to block without sacrificing the actual content on the page you’d like to read. ◾Do Not Track Plus — The “Do Not Track” feature that most browsers have is useful, but if you want to beef them up, the previously mentioned Do Not Track Plus extension puts a stop to third-party data exchanges, like when you visit a site like ours that has Facebook and Google+ buttons on it. By default, your browser will tell the network that you’re on a site with those buttons — with the extension installed, no information is sent until you choose to click one. Think of it as opt-in social sharing, instead of all-in. Ghostery, AdBlock Plus and Do Not Track are the ones you’ll need the most. ScriptNo is a bit more advanced and may take some getting used to. In addition to installing extensions, make sure you practise basic browser maintenance that keeps your browser running smoothly and protects your privacy at the same time. Head into Chrome’s Advanced Content Settings, and make sure you have third-party cookies blocked and all cookies set to clear after browsing sessions. Log out of social networks and web services when you’re finished using them instead of just leaving them perpetually logged in, and use Chrome’s “Incognito Mode” whenever you’re concerned about privacy. How to Stop Trackers from Following Where You’re Browsing with Firefox Many of the essential privacy extensions for Firefox are from the same developers who made their Chrome counterparts, and they work in similar fashion. ◾Adblock Plus — AdBlock Plus is just as essential in Firefox as it is in Chrome, as is the Antisocial subscription, which you can installed at the Antisocial site. The extension and the subscription together are a powerful combination to remove annoying ads from sites you love, retain the ones that don’t bother you, and keep ads and plug-ins from sending data about you without your explicit consent. ◾Ghostery — Ghostery is also available for Firefox, and gives you the same information about the scripts, cookies and trackers under every site you visit. Click the icon in your status bar to see what information a given site is collecting and sending about you, and you can pick and choose what to allow or what to block. ◾Do Not Track Plus — Do Not Track Plus is also available for Firefox, and works the same way as the Chrome version. ◾NoScript — NoScript is a great extension and provides you an incredible amount of information about what’s happening behind the scenes on any site that you visit — the trouble with it is that that information can be overwhelming, and if you don’t allow certain things, the site simply won’t work until you do. I have a bit of a love/hate relationship with NoScript for that reason, but if you’re serious about not letting anything run on a site without your permission, this is the tool for you. ◾Priv3 — Although it’s only available for Firefox, this experimental extension from researchers at Rutgers University and the International Computer Science Institute (ICSI) will protect you from third-party cookies set by Facebook, Twitter, Google+ and LinkedIn. We’ve mentioned it before, and I still have it installed myself. Like Do Not Track Plus, it doesn’t remove elements from a page — it simply makes them inactive until you interact with them. We’d say Ghostery, AdBlock Plus and Priv3 are the essentials here. Do Not Track Plus and Priv3 cover some of the same territory, so you can go either way there, and as with Chrome, NoScript is for advanced users looking for more granular control. Firefox’s “Do Not Track” feature is worth enabling as well, even if many sites circumvent it with well-placed cookies and social plug-ins that are all but required if a site wants a social media presence or solid placement in search results these days. Additionally, make yourself familiar with Firefox’s privacy and content settings. As with any browser, we suggest you log out of services when you’re finished, and set Firefox to clear your private data, cookies and browsing history when you close the browser. If you’re more worried about some sites than others, you can always just clear those cookies when you log out. How to Stop Trackers from Following Where You’re Browsing with Internet Explorer, Safari and Opera Firefox and Chrome may get the spotlight in the browser wars, but those of you using Safari, IE or Opera aren’t totally safe just by virtue of your browser choice. Just this week, Google was caught with its hands in the cookie jar (no pun intended) circumventing cookie protection controls in Internet Explorer 9. Nik Cubrilovic has an excellent writeup of the situation, and he points out that they’re not alone by any means. In response, Microsoft has published a tracking protection add-in for IE9 to stop them. Regardless of your browser, the same types of basic maintenance we mentioned are in order. Do Not Track Plus is available for Safari and IE users, there’s a special build of AdBlock for Safari, for Opera, and even Internet Explorer. NoScript or ScriptNo fans can use NotScripts for Opera to get the same effect. These are a few examples, but look around — its likely that while some of the extensions mentioned above may not be available for your preferred browser, someone’s taken the initiative to write a similar add-on that gets the job done. Mobile Browsing Mobile browsing is a new frontier. There are dozens of mobile browsers, and even though most people use the one included on their device, there are few tools to protect your privacy by comparison to the desktop. Check to see if your preferred browser has a “privacy mode” that you can use while browsing, or when you’re logged in to social networks and other web services. Try to keep your social network use inside the apps developed for it, and — as always — make sure to clear your private data regularly. Some mobile browsers have private modes and the ability to automatically clear your private data built in, like Firefox for Android, Atomic Web Browser, and Dolphin Browser for both iOS and Android. Considering Dolphin is our pick for the best Android browser and Atomic is our favourite for iOS, they’re worth downloading. Extreme Measures If none of these extensions make you feel any better, or you want to take protecting your privacy and personal data to the next level, it’s time to break out the big guns. One tip that came up during our last discussion about Facebook was to use a completely separate web browser just for logged-in social networks and web services, and another browser for potentially sensitive browsing, like your internet shopping, banking and other personal activities. If you have some time to put into it, check out our guide to browsing without leaving a trace, which was written for Firefox, but can easily be adapted to any browser you use. If you’re really tired of companies tracking you and trading in your personal information, you always have the option to just provide false information. The same way you might give a fake phone number or address to a supermarket card sign-up sheet, you can scrub or change personal details about yourself from your social network profiles, Google accounts, Windows Live account and others. Change your birthday or your first name. Set your phone number a digit off, or omit your apartment number when asked for your street address. We’ve talked about how to disappear before, and carefully examine the privacy and account settings for the web services you use. Keep in mind that some of this goes against the terms of service for those companies and services — they have a vested interest in knowing the real you, after all, so tread carefully and tread lightly if you want to go the “make yourself anonymous” route. Worst case, start closing accounts with offending services, and migrate to other, more privacy-friendly options. These are just a few tips that won’t significantly change your browsing experience, but can go a long way toward protecting your privacy. This issue isn’t going anywhere, and as your personal information becomes more valuable and there are more ways to keep it away from prying eyes, you’ll see more news of companies finding ways to eke out every bit of data from you and the sites you use. Some of these methods are more intrusive than others, and some of them may turn you off entirely, but the important thing is that they all give you control over how you experience the web. When you embrace your privacy, you become engaged with the services you use. With a little effort and the right tools, you can make the web more opt-in than it is opt-out. http://www.lifehacker.com.au/2012/02/how-to-stop-everyone-tracking-you-on-the-web/
×
×
  • Create New...