Archive for Privacy

Why Facebook Should Worry About Ello

Posted in Commentary with tags , , on September 29, 2014 by itnerd

There’s a new social network out there. It’s called Ello (as in the way that some from the UK say “hello”) and it’s currently an invite only platform. Now, you’re likely saying that there’s a new Facebook clone popping up every week. Why should you care about this one? Here’s why. This is what the creators of Ello have to say when you scroll down their landing page:

Your social network is owned by advertisers.

Every post you share, every friend you make and every link you follow is tracked, recorded and converted into data. Advertisers buy your data so they can show you more ads. You are the product that’s bought and sold.

We believe there is a better way. We believe in audacity. We believe in beauty, simplicity and transparency. We believe that the people who make things and the people who use them should be in partnership.

We believe a social network can be a tool for empowerment. Not a tool to deceive, coerce and manipulate — but a place to connect, create and celebrate life.

You are not a product.

That’s a clear shot at Facebook who’s known for not exactly being the best at balancing the needs of users privacy with its need to make a buck. That’s the main reason why I steer clear of Facebook and will never get an account on that platform. But will the fact that Ello advertises itself as being the exact opposite of Facebook resonate? It does for me and I suspect it will for many others out there as well. That’s a problem for Facebook as it makes most of its cash from collecting data on its users and selling it. Unless it can somehow wean itself off that addiction to making money in that manner, it will be under threat by a service like Ello. Thus Facebook will have to adapt or perhaps face the possibility that it may lose users.

My advice? Let’s see how this plays out. It will be very interesting to watch what happens as I really think that Facebook truly has something to worry about.

Apple Posts New Privacy Page

Posted in Commentary with tags , on September 19, 2014 by itnerd

Clearly stung by talk of backdoors in its products and celebs having their nudie pictures appear on the Internet, Apple has gone onto offence by putting up a new privacy page that details its commitment to privacy. Here’s a bit of what it has to say:

Our business model is very straightforward: We sell great products. We don’t build a profile based on your email content or web browsing habits to sell to advertisers. We don’t “monetize” the information you store on your iPhone or in iCloud. And we don’t read your email or your messages to get information to market to you. Our software and services are designed to make our devices better. Plain and simple.

Hmmmm…. Is the part about not reading your e-mail and not wishing to “monetize” the info you store on your iDevice a swipe at Google who is known for doing that? There’s also this:

On devices running iOS 8, your personal data such as photos, messages (including attachments), email, contacts, call history, iTunes content, notes, and reminders is placed under the protection of your passcode. Unlike our competitors, Apple cannot bypass your passcode and therefore cannot access this data. So it’s not technically feasible for us to respond to government warrants for the extraction of this data from devices in their possession running iOS 8.

I don’t want to be a killjoy, but there was some cold water thrown on that in the last few days as you apparently need physical access to the device to get this info if you run iOS 8. There’s one more quote that I’d like to share:

Finally, I want to be absolutely clear that we have never worked with any government agency from any country to create a backdoor in any of our products or services. We have also never allowed access to our servers. And we never will.

Apple does have transparency reports that show what info it does give governments and law enforcement. So assuming that those documents are accurate, we can keep tabs on them.

I encourage you to take a look at this document as it’s a very interesting read with more than a bit of spin to it.

How Long Does CSEC Keep The Private Data Of Canadians?

Posted in Commentary with tags , on August 5, 2014 by itnerd

That’s a question being asked today as The Globe And Mail is reporting that CSEC or the Communications Security Establishment which is the Canadian version of the NSA won’t say how long it keeps the private data of Canadians:

The federal government’s secretive electronic intelligence agency is not disclosing how long it can hold onto Canadians’ communications – even though its leaders have said that “firm” time limits are in place to protect privacy.

The strictures surrounding Communications Security Establishment Canada’s data-retention periods – including those affecting recognized “private communications” and also “metadata” – are blacked out from an operational document obtained by The Globe and Mail.

The redactions of this document are so extensive that little is revealed, beyond the latest indication that CSEC is drawing from unspecified sources within Canada.

“The retention schedules outlined in these procedures deal with SIGINT [signals intelligence] data acquired from Canadian [word redacted] sources,” it says.

Basically, CSEC is saying “trust us.” The problem is that without out complete (or as complete as you’re going to get in the spy game) disclosure of what they do with this data, it’s hard to trust them. Even the NSA has limits for this sort of thing:

No specific time periods were mentioned. And the Canadian agency’s closest ally is less secretive on such matters. “Inadvertently acquired communications of or concerning a United States person may be retained no longer than five years,” reads a declassified National Security Agency document.

So, one has to wonder why CSEC hasn’t got something similar. It’s too bad that someone can’t ask them and expect a fulsome response.

Private Data Often Caught Up In Canadian Intelligence Sweeps: Globe & Mail

Posted in Commentary with tags , , on July 31, 2014 by itnerd

The Globe And Mail is reporting today that when the Communications Security Establishment Canada goes looking for hackers and other cyber criminals, the private info of Canadians who have nothing to do with said evil doers often gets caught up in the sweep:

A 22-page “Operational Procedures for Cyber Defence” document obtained by The Globe speaks to just how Communications Security Establishment Canada (CSEC) can log, store and study volumes of electronic communications that touch government computer networks – including the “private communications” of Canadians not themselves thought to be hackers.

Full details about the tradeoffs involved in CSEC’s operations are known only to one outsider – Minster of National Defence Rob Nicholson, the official who approves such surveillance, and who is provided with statistics about its risks.

That’s not good. I’m all for making sure that Canada is safe from cyber threats. But when it affects the personal info of Canadians, I think that’s when you have to start looking closer at this to see if that can be avoided:

“We need to start asking a lot of questions about how the cybersecurity part of the CSEC mandate is being carried out,” said Tamir Israel, a lawyer at an Internet-policy think tank in Ottawa.

Thus, I think this needs to be discussed in the open in a robust manner as I believe that the privacy of Canadians cannot be sacrificed just to get the bad guys.

Agree? Disagree? Please leave a comment and share your thoughts.

Here’s A List Of Sites That Do Canvas Fingerprinting…. All 5,619 Of Them

Posted in Commentary with tags on July 24, 2014 by itnerd

So, if you’re scared of Canvas Fingerprinting, and you’re not blocking it using AdBlock Plus, there’s another way to deal with this privacy menace. Simply avoid sites that use it. How do you do that? Here’s a list of 5,619 website have used the technology during May 1-5, 2014 created by a group of researchers that looked into this technology. Besides porn sites, 48 government sites have Canvas Fingerprinting code as there are .gov domains listed here. That’s very unsettling.

Also, if you’re the curious type check out the project website for background information about canvas fingerprinting and other advanced tracking mechanisms such as ever cookies and use of “cookie syncing” in conjunction with ever cookies. It will make you not want to surf the Internet.

AdBlock Plus Claims It Can Stop Canvas Fingerprinting

Posted in Commentary with tags on July 23, 2014 by itnerd

This morning, I posted a story about Canvas Fingerprinting. A method of online tracking that is impossible to detect and impossible to stop. Well, AdBlock Plus who makes a tool to allow you to surf the web without getting ads the like says they can stop Canvas Fingerprinting and cookies for an added bonus. They have a blog post that goes into detail about what Canvas Fingerprinting is and how it works. Then they tell you how they can help:

When you add the EasyPrivacy filter list in Adblock Plus this won’t make Adblock Plus block tracking cookies directly. Instead, Adblock Plus will block the script that would try to set these cookies. And guess what: blocking that script doesn’t just prevent cookie-based tracking, it also lets you deal with canvas fingerprinting or evercookie or any other tracking approach. In particular, the rules to prevent AddThis tracking were added to EasyPrivacy almost five years ago.

Now I haven’t tried this so I can’t vouch for whether this works or not. Thus I would like to see a third party test this out empirically to see if it does work. If it does, perhaps we’ll feel safer when surfing the web…. Until the next person finds a way to monitor your activities without you knowing about it and being unable to stop them.

New Technology Tracks Your Web Usage Without Your Knowledge

Posted in Commentary with tags on July 23, 2014 by itnerd

The Globe And Mail is reporting on a new technology that is rapidly spreading through major websites that not only tracks you without your knowledge, but there’s no way for you to evade it:

Canvas fingerprinting, which can command your browser to draw a unique identifier and then log your online behaviour, is nearly impossible to detect, does not fall under “do not track” voluntary systems and evades most conventional ad-blocking software. It is already tracking users on 5 per cent of the biggest sites on the Internet, including The White House, Starbucks, Re/Max Canada, Canadian retailers Metro and Home Hardware, Postmedia website Canada.com, as well as a number of pornography sites.

That’s not encouraging. If you read the complete article, you’ll see how chilling this is. At least with conventional technologies, you can can evade them by clearing cookies or setting the “do not track” option on your web browser of choice correctly. Now, all that is off the table. What’s also interesting is that when websites were contacted about why they were using Canvas fingerprinting, most of them yanked it out or committed to doing so quickly. That sounds like they got caught with their hand in the metaphorical cookie jar.

What this proves is something that I’ve been saying for a while now. You should have no reasonable expectation of privacy anymore. It doesn’t exist. You can also bet that even if Canvas fingerprinting disappears (which it won’t), there will be some other technology that will be even more invasive and even more stealthy to replace it.

Follow

Get every new post delivered to your Inbox.

Join 236 other followers