Archive for Privacy

Here’s A List Of Sites That Do Canvas Fingerprinting…. All 5,619 Of Them

Posted in Commentary with tags on July 24, 2014 by itnerd

So, if you’re scared of Canvas Fingerprinting, and you’re not blocking it using AdBlock Plus, there’s another way to deal with this privacy menace. Simply avoid sites that use it. How do you do that? Here’s a list of 5,619 website have used the technology during May 1-5, 2014 created by a group of researchers that looked into this technology. Besides porn sites, 48 government sites have Canvas Fingerprinting code as there are .gov domains listed here. That’s very unsettling.

Also, if you’re the curious type check out the project website for background information about canvas fingerprinting and other advanced tracking mechanisms such as ever cookies and use of “cookie syncing” in conjunction with ever cookies. It will make you not want to surf the Internet.

AdBlock Plus Claims It Can Stop Canvas Fingerprinting

Posted in Commentary with tags on July 23, 2014 by itnerd

This morning, I posted a story about Canvas Fingerprinting. A method of online tracking that is impossible to detect and impossible to stop. Well, AdBlock Plus who makes a tool to allow you to surf the web without getting ads the like says they can stop Canvas Fingerprinting and cookies for an added bonus. They have a blog post that goes into detail about what Canvas Fingerprinting is and how it works. Then they tell you how they can help:

When you add the EasyPrivacy filter list in Adblock Plus this won’t make Adblock Plus block tracking cookies directly. Instead, Adblock Plus will block the script that would try to set these cookies. And guess what: blocking that script doesn’t just prevent cookie-based tracking, it also lets you deal with canvas fingerprinting or evercookie or any other tracking approach. In particular, the rules to prevent AddThis tracking were added to EasyPrivacy almost five years ago.

Now I haven’t tried this so I can’t vouch for whether this works or not. Thus I would like to see a third party test this out empirically to see if it does work. If it does, perhaps we’ll feel safer when surfing the web…. Until the next person finds a way to monitor your activities without you knowing about it and being unable to stop them.

New Technology Tracks Your Web Usage Without Your Knowledge

Posted in Commentary with tags on July 23, 2014 by itnerd

The Globe And Mail is reporting on a new technology that is rapidly spreading through major websites that not only tracks you without your knowledge, but there’s no way for you to evade it:

Canvas fingerprinting, which can command your browser to draw a unique identifier and then log your online behaviour, is nearly impossible to detect, does not fall under “do not track” voluntary systems and evades most conventional ad-blocking software. It is already tracking users on 5 per cent of the biggest sites on the Internet, including The White House, Starbucks, Re/Max Canada, Canadian retailers Metro and Home Hardware, Postmedia website Canada.com, as well as a number of pornography sites.

That’s not encouraging. If you read the complete article, you’ll see how chilling this is. At least with conventional technologies, you can can evade them by clearing cookies or setting the “do not track” option on your web browser of choice correctly. Now, all that is off the table. What’s also interesting is that when websites were contacted about why they were using Canvas fingerprinting, most of them yanked it out or committed to doing so quickly. That sounds like they got caught with their hand in the metaphorical cookie jar.

What this proves is something that I’ve been saying for a while now. You should have no reasonable expectation of privacy anymore. It doesn’t exist. You can also bet that even if Canvas fingerprinting disappears (which it won’t), there will be some other technology that will be even more invasive and even more stealthy to replace it.

“Millions” Of Data Requests From Canadian Police: Toronto Star

Posted in Commentary with tags , on July 22, 2014 by itnerd

The Toronto Star via some newly released documents is reporting that law enforcement in Canada have requested data on Canadians from telecommunication companies “millions” of times dating back to 2006:

Internal documents from Public Safety Canada reveal authorities requested telecom companies to turn over “basic subscriber information” at least1.13 million times a year between 2006 and 2008.

That figure matches revelations from the federal privacy watchdog earlier this year that authorities sought subscriber information 1.2 million times in 2011.

“It suggests that there have been huge numbers of requests for years now taking place largely below the radar screen . . . without very much public awareness,” said Michael Geist, a University of Ottawa law professor and Star columnist, who obtained the documents.

So, what info are they getting? Here’s a partial list:

“Basic subscriber information” can include details like name, address, Internet protocol (IP) address, telephone number, email address and local service provider identity. The federal government and law enforcement agencies have argued this amounts to “phonebook information” — police seem to generally request names and addresses — but privacy advocates warn it can lead authorities to more personal and detailed information.

To top it off, some of these requests are made without a warrant:

In the documents, the RCMP said they do not track the number of “informal” warrantless requests — verbal or written — for “customer name and address” information.

“Police do not know across Canada, in all jurisdictions, how many (customer name and address) requests (telecoms) are answering voluntarily each year,” the documents state.

That should be cause for concern. But one that may be solved by the recent Supreme Court Of Canada decision that requires a warrant for accessing this type of info. But it still remains an open question as to how the Canadian Government is going to deal with this decision as that may once again change the landscape when it comes to this issue. Regardless, I believe that this illustrates the need for increased transparency on this issue. Canadians, except for a handful of cases, should know how and when information about them is being accessed by their government or by someone related to government such as law enforcement. By not having that transparency creates the impression that government and law enforcement are simply doing whatever they want with no rules, boundaries, of limitations. And that is not good for all concerned.

Rogers Updates Policies Related To Lawful Access Of Customer Info

Posted in Commentary with tags , , on July 16, 2014 by itnerd

About a month ago, I wrote about Rogers and Teksavvy releasing transparency reports that show how often law enforcement requests customer data and what data is handed over. Rogers today reached out to me with an update:

After hearing feedback from our customers and reviewing the Supreme Court ruling from last month, we’ve decided that from now on we will require a court order/warrant to provide basic customer information to law enforcement agencies, except in life threatening emergencies. We believe this move is better for our customers and that law enforcement agencies will still be able to protect the public

We’ve updated our blog post on Rogers Redboard to let customers know about the change.

Transparency Report blog post:

http://redboard.rogers.com/2014/transparency_report/

The Supreme Court ruling that’s being referred to is this one and it states that Canadian ISPs cannot hand over customer info to police without a warrant. What I like about this is there is no ambiguity as to where Rogers stands on this subject. I would like to see other ISPs in Canada do the same thing. Strangely, I have not seen anything like this from any other ISP other than the transparency report put out by Teksavvy. I can’t say why that is the case, but I hope that changes.

US Government Claims That Data On Servers Anywhere Belongs To Them

Posted in Commentary with tags , , on July 15, 2014 by itnerd

If there was something that could be defined as over-reaching, perhaps this is it. Here’s a story from ARS Technica that I just tripped over that has the U.S. Justice Department’s claiming that companies served with valid warrants for data must produce that data even if the data is not stored in the U.S.:

Global governments, the tech sector, and scholars are closely following a legal flap in which the US Justice Department claims that Microsoft must hand over e-mail stored in Dublin, Ireland. In essence, President Barack Obama’s administration claims that any company with operations in the United States must comply with valid warrants for data, even if the content is stored overseas. It’s a position Microsoft and companies like Apple say is wrong, arguing that the enforcement of US law stops at the border. A magistrate judge has already sided with the government’s position, ruling in April that “the basic principle that an entity lawfully obligated to produce information must do so regardless of the location of that information.” Microsoft appealed to a federal judge, and the case is set to be heard on July 31.

Well, isn’t that delightful. I was always under the impress that you cannot serve warrants to search property in other countries. But I’m a computer nerd, not a lawyer. But I’m thinking that if this does hold up somehow, and Microsoft releases the data stored in another country, then how long will it take for every other country in the world to buy equipment or services from a non-American or solely domestic company simply to avoid something like this happening to them? For example Germans buy from German companies or the French buying from French companies. But I’m getting ahead of myself. This is a case that needs to be watched closely as it’s going to have a huge impact.

Apple Responds To Chinese Over Location Tracking

Posted in Commentary with tags , , on July 15, 2014 by itnerd

Last week you’ll recall that I wrote about Chinese State Media claiming that Apple’s location tracking was a “national security concern.” I also said that because of Apple’s desire to be a player in the Chinese market, they’d have to respond. Well, they have on their Chinese website in both Chinese and English. Here’s a portion of what the statement said:

Our customers want and expect their mobile devices to be able to quickly and reliably determine their current locations for specific activities such as shopping, travel, finding the nearest restaurant or calculating the amount of time it takes them to get to work. We do this at the device level. Apple does not track users’ locations – Apple has never done so and has no plans to ever do so.

And:

Frequent Locations are only stored on a customer’s iOS device, they are not backed up on iTunes or iCloud, and are encrypted. Apple does not obtain or know a user’s Frequent Locations and this feature can always be turned “Off” via our privacy settings. 

Apple does not have access to Frequent Locations or the location cache on any user’s iPhone at any time. We encrypt the cache by the user’s passcode and it is protected from access by any app.

They conclude by saying this:

As we have stated before, Apple has never worked with any government agency from any country to create a backdoor in any of our products or services. We have also never allowed access to our servers. And we never will. It’s something we feel very strongly about.

Now, that’s a very definitive statement. One wonders why they didn’t come out with something similar last year when iOS 7 first appeared and people (including yours truly) first found this feature. Perhaps if they did, we wouldn’t be talking about it now.

China Claims That Apple’s Location Tracking A “National Security Concern”

Posted in Commentary with tags , , on July 11, 2014 by itnerd

Chinese state run media, which means it’s essentially the Chinese Government, has made a very interesting claim. They claim that because iOS 7 tracks your movements that this makes it a “national security concern.” Here’s what the Wall Street Journal had to say:

In its national noon broadcast, state-run China Central Television criticized the “frequent locations” function in Apple’s iOS 7 mobile operating system, which tracks and records the time and location of the owner’s movements. The report quoted researchers who said that those with access to that data could gain knowledge of the broader situation in China or “even state secrets.”

Apple didn’t respond to requests for comment.

Now I have talked about the frequent locations option previously. At the time I said that other phone makes do something similar and that I don’t think there’s anything sinister going on here. But I also mentioned that Apple should clear the air on this feature. Perhaps if they did, we wouldn’t be talking about this right now. Given that Apple really wants to make inroads into the Chinese marketplace, I think they’ll have to address this now.

This is one of those stories to keep an eye on.

BC Court Orders Google To Remove Sites From Its Global Index

Posted in Commentary with tags , , , on June 17, 2014 by itnerd

Here’s something that you should keep your eye on. Michael Geist who is an Ottawa based expert on Internet and E-commerce law has commented on a case where a BC court has apparently ordered Google to remove entries from not only Google.ca, but Google sites worldwide:

The case involves a company that claims that another company used its trade secrets to create a competing product along with “bait and switch” tactics to trick users into purchasing their product. The defendant company had been the target of several court orders demanding that it stop selling the copied product on their website. Google voluntarily removed search results for the site from Google.ca search results, but was unwilling to block the sites from its worldwide search results.

The case turned largely on jurisdictional questions: could a B.C. court assert jurisdiction over Google? Was a Canadian court the right court to hear the case when Google is based in California?  Is it appropriate to issue an order requiring the complete removal of results for all users worldwide?

The court answered affirmatively to all questions.

Not only that, the court cited the “right to be forgotten” [Warning: PDF] case where Google was forced to remove entries from their search engine for any EU citizen who wanted to have entries related to them removed.

This will likely open up a legal can of worms. First, this decision extends outside of Canada. So one question that comes to mind is that can a court really have jurisdiction beyond its borders? While this court seems to think it does, I am not sure that an appeals court will see things the same way. Also, lets pretend that this is a judgement that survives any and all challenges to it. I think it will create a black market for disclosing information. Which means that not only has this court potentially increased the value of the information that gets blocked. But it also potentially had the effect of encouraging it to spread rather than restricting it. Finally, this decision only applies to Google. What about, Bing, DuckDuckGo and any other search engine? What happens to them?

What are your thoughts on this? Please leave a comment and share your thoughts on this case.

 

 

Supreme Court Of Canada Says Cops Need To Get Warrants To Get Info From ISPs

Posted in Commentary with tags , , , on June 13, 2014 by itnerd

This morning in a major victory for those who want some semblance of privacy, the Supreme Court Of Canada ruled Canadian ISPs cannot hand over customer info to police without a warrant. Here’s what the CBC had to say:

Friday’s decision concerned the case of Matthew David Spencer, of Saskatchewan, who was charged and convicted of possession of child pornography after a police officer saw illegal files being downloaded to his IP address — a series of numbers representing a person’s internet identity.

The police officer went to Spencer’s internet service provider (ISP), Shaw, and asked for the real identity of the customer attached to the IP address. The police officer did not have a search warrant, but was given the address of Spencer’s sister, allowing police to track him down. 

Spencer appealed the decision, arguing that the search was unconstitutional and his rights were violated.

The Court of Appeal ruled there is no reasonable expectation of privacy for basic internet subscriber information, prompting Spencer to appeal to the Supreme Court of Canada.

However, there is a catch. Mr. Spencer didn’t get off the hook:

Although the Supreme Court set limits on when internet providers can disclose customer information, it dismissed Spencer’s appeal.

It said police should have obtained a warrant before asking Shaw for the customer information. But it also said police acted reasonably and in good faith, so the administration of justice would be impaired if the evidence gathered by searching Spencer’s home were thrown out of court.

This is something that I like. The court protected privacy and the bad guy didn’t get away. It’s a win-win.

One thing that this decision does do is it throws the future of Bill C-13 which is the Canadian Government’s anti cyber-bullying bill. It contains a provision that allows cops to access to the same sorts of information that was mentioned in this case. My guess is that this bill will have to be modified to avoid the possibility that the Supreme Court may strike the bill down. But I am a computer nerd, not a lawyer. Perhaps a real lawyer would like to comment on that?

 

Follow

Get every new post delivered to your Inbox.

Join 189 other followers