Tag Archives: Privacy

2 Simple Steps to Clean Up Your Facebook Profile and Hide Your Past Indiscretions

Facebook has come a long way since its humble beginnings almost eleven years ago. From being just a wall of posts, it has morphed into a powerful aggregator with a wide variety of content. The trouble is that somewhere beneath all the content that you’ve created over the years, there are all your past indiscretions waiting to be discovered. Did you go on a liking spree when Pages were introduced and Facebook invited you to become a fan of your favourite personalities and brands? Did you post silly nonsensical content when you were in your early teens? Chances are all of that history is still available online for anyone to discover. If you want to break free from your silly, old Facebook days, here are a couple of steps that should help.

Limit Old Posts

Hide Old Posts in Facebook
Hide Old Posts in Facebook

Head over to Facebook Settings and select the Privacy tab. Under the subheading “Who Can See My Stuff?” you’ll have the option to “Limit the Audience for Old Posts”. This option will change the visibility setting of all posts that are either “Public” or “Friends of Friends” to only “Friends”. Be warned though, this action is non-reversible. The only way to undo this will be to go through your previous posts and change their settings one by one.

Unlike Pages

Bulk Unlike Pages in Facebook
Bulk Unlike Pages in Facebook

Over the years your tastes have probably evolved. However, chances are that the pages that you became Fan of five years back are still a part of your profile. PageUnliker is a nifty website that fetches all Pages that you have liked, and gives you the option of unliking them. Save yourself the embarrassment and get rid of the things a younger you might have liked. You’ll also be tidying up your feed as posts from the pages that you unlike will no longer show up.

How to Encrypt and Password Protect Your Gmail Messages

In light of the currently en vogue privacy debate raging all around the world and given the flippant stance of many of our often used communication platforms with regards to securing its users’ privacy, it is becoming more and more evident that if the user wants privacy online, he’ll have to snatch it, for it won’t be easily given.

Talking of communication, email comes to mind. Privacy begins with encryption. And encrypting email isn’t exactly an easy task. It is at best annoying. At worst it can be so cumbersome that most people don’t bother. You can use desktop clients and PGP keys, like Lifehacker details. The annoying procedure of making and handling security keys is also mentioned by Arstechnica here in its editorial about why most people don’t bother encrypting email.

So what do you do if you don’t want peeping toms and evil governments looking into your email? The best idea would be to go stone age and use smoke signals, but of course, we’re discussing technology here and I digress. A rather simpler alternative would be to encrypt the email text and share the password via other means. This is what the ingenious Google Chrome extension SecureGmail aims to do.

SecureGmail Encrypt Email

Let’s discuss the pre-requisites here before we begin encrypting our Gmail messages! You and your message recipient both will need the following:

  1. Gmail accounts
  2. Google Chrome
  3. The Chrome Extension SecureGmail 

What does the extension do? The extension will create a new button beside the usual Compose red button. When you click on it, the new mail window box appears but this one is different from the vanilla compose box as whatever you type in here won’t be saved to Google’s servers. For the technically curious, SecureGmail uses an open source JS crypto library from Stanford available here.

SecureGmail

On completing the message, click the Send Encrypted button. You’ll be asked to set a password for the message as well as a password hint. Your recipient will only see the password hint. If he doesn’t have the extension installed, he’ll see a link to install it. Otherwise, the password can be input right away and the email decrypted.

Only the encrypted copy is saved on Gmail’s servers. If you check your Sent items folders, you’ll see something like this.

SecureGmail

The success of this method obviously assumes that you’ve sent your password to your recipient successfully via other means. Maybe it’s the first word on the 37th page of a certain book, maybe it’s an irrelevant word written as graffiti somewhere. Sci-fi movies will give you enough ideas to supply a hint.

What to do if you want to encrypt text with a password but don’t want to use a chrome extension? Googling for “encrypt text” will give you a slew of options.

Interested in encrypting more kinds of files? Learn about the different tools we’ve written about here and here.

India’s CLAT Exam Leaks Applicant’s Emails, Leads to Phishing Scam

CLAT-Law-Exam-IndiaPrivacy and internet aren’t exactly best friends. In fact, it might well be better to assume that as long as you are on the web, you will suffer from an unexpected privacy breach sooner or later – whether it is due to your own naiveté or due to third party security mishaps. However, that doesn’t make irresponsible, careless, and purposeful data leaks any less aggravating. Today’s offender is CLAT or Common Law Admission Test.

CLAT is a fiercely competitive centralized test for admission to prominent National Law Universities in India. Last month, CLAT closed its application procedure. Soon after, in an amazingly dumb headed move, it mailed all applicants a PDF titled “3. Online Applications (UG) Submitted till 30th March 2013”. Here’s a look at its content.

CLAT-Email-Leak

Yes, someone in CLAT thought that it was perfectly appropriate to dispatch the full list of more than eighteen thousand candidates along with their email ids in a PDF. Now I understand that CLAT probably has more lawyers than technically minded folks, but it’s shocking that no one in its technical team acted to stop this amazingly boneheaded move. For good measure, CLAT also uploaded this document to its website (where it is still available).

Now, an email address isn’t very high on the list of sensitive information. However, in the wrong hands it can be misused. And, misused it was. Over the past few weeks, candidates listed in the document have been receiving mails appearing to be from [email protected], claiming to be sent by Dr. Dipak Das, Registrar In-Charge of Hidayatullah National Law University, Raipur and the Convenor of CLAT-2013. The mails ask the Candidates to immediately deposit Rs. 2000, in order to avoid cancellation of their application due to non-payment of fees. Considering the state of the candidates mind, and the relevance of the message, it’s not surprising that many have fallen victim to the phishing scam. Thankfully, the scammer in this particular case was naïve enough to demand a money transfer to an SBI (State Bank of India) account, which should be easily traceable. CLAT might not have a lot of technical expertise or common sense. However, one thing it does have is access to plenty of lawyers. Unsurprisingly, CLAT-2013/Hidayatullah National Law University, Raipur, is taking necessary legal steps.

(hat tip: Sameer Gupta)

Cleanup Your Facebook and Other Network Profiles with MyPermissions Cleaner

While Facebook’s one-click login button makes it really easy for users to signup for new apps and services, it also makes it ludicrously easy for malicious entities to get their hands on your private info. All they need to do is to create a quiz to lure you into sharing your Facebook profile data.

In a previous article we reviewed Privacyfix, which automatically identifies and highlights security issues in your Facebook and Google settings. One of the threats that Privacyfix identifies is app permissions. However, it doesn’t provide a quick way to withdraw access you have previously granted to various apps. Chances are that over the years you have allowed hundreds of apps to access your Facebook profile. Manually delisting them is likely to take quite a while. Thankfully, there is another browser extension, which can take care of this problem.

My-Permissions-Cleaner-Facebook-Scan

MyPermissions Cleaner is a handy extension for Chrome, Opera, and Firefox, which scans your Facebook profile and lists all apps that have access to your Facebook information, and allows you to revoke access to all apps with a single click. Ideally, you will not want to revoke access to all apps. For example, if you are an avid Instagram and Tweekdeck user, it makes sense to let these apps be. Thankfully, MyPermissions allows you to add select apps and services to a whitelist (Trusted Apps) with just a couple of clicks. Once you have whitelisted the apps you need, you can get rid of the rest of them with a single click. However, if you have several hundred apps in your list, then it might be easier to simply revoke permissions for everything and add back the apps that you use as and when required. MyPermissions Cleaner does a good job at exposing exactly what sort of info each app has access to, and allows you to filter apps by their access levels. The only trouble is that the extension doesn’t always work perfectly, and sometimes gets stuck while deleting an app. However, a page refresh generally takes care of the issue.

My-Permissions-Cleaner-Facebook-App-List

It’s not just Facebook alone, MyPermissions Cleaner currently also supports Twitter, Google, LinkedIn, Yahoo, Dropbox, Foursquare, Instagram, Flickr, AOL, and Windows Live. For each of these services the app works in an identical manner, and offers to cleanup your app permissions. If you have never bothered to look into the apps that have access to you profiles on various networks, go ahead and do it now. Let this be your little end of the year cleaning.

[ Download MyPermissions Cleaner ]

Lock Down Your Facebook and Google Accounts with Privacyfix

Way back in 2010, just as the controversy surrounding Facebook’s Open Graph was exploding, we had reviewed a nifty bookmarklet called ReclaimPrivacy that could automatically scan your Facebook settings and highlight areas of concern. Recently I came across a Firefox and Chrome extension called PrivacyFix, which does the same thing, but better.

As soon as you install the extension, it will scan your currently-logged-in Facebook and Google accounts, as well as your browser cookies to identify privacy threats. Once it finishes scanning, you will see a neat report, which highlights potential areas of concern. Privacyfix explains each of the identified issues, and assists you in fixing them.

Privacy-Fix-Facebook-Privacy-Settings-Recommendation

Privacy Fix also maintains a database of popular websites that track and retain user data. For websites with an opt-out policy it offers to send a mail requesting to opt-you out. Additionally, it can delete existing tracking cookies, and block tracking cookies from being placed in the future.

Privacy-Fix-Facebook-Privacy-Settings-Configuration

Privacyfix is a simple, hassle-free solution that goes a long way towards avoiding accidental privacy breaches on social networks. Both Facebook and Google offer great privacy tools. Unfortunately, they are either difficult to find, or too confusing for most users. By automatically identifying and highlighting potential issues, Privacyfix makes things easier for the user. It’s a tool that even your parents could use with confidence. Go ahead and download it. There is no reason not to.

Privacy-Fix-Health-Bar

[ Download Privacyfix ]

Spongebob Diner Dash Pulled From The App Store Due To Privacy Claims

Spongebob Diner Dash, a popular kids game for iOS, was recently pulled from the App Store due to a privacy claim from the Center for Digital Democracy. The group filed a complaint with the Federal Trade Commission against Viacom, the company who owns airs Spongebob via Nickelodeon, and PlayFirst, the company who developed the app. The Center for Digital Democracy claimed that the application asked children for their email address and other information without first getting their parent’s approval. This violates the Children’s Online Privacy Protection Act, or COPPA. Nickelodeon pulled Spongebob Diner Dash from the App Store in order to investigate the complaints.

If you’re unaware, Spongebob Diner Dash is a skinned version of the extremely popular Diner Dash. Diner Dash was originally a Flash game which has since been ported to iOS and other platforms. The game’s objective is to take and deliver food orders at a restaurant, a theme which can easily amuse younger crowds when skinned with a popular cartoon character. Because of this, it will be hard for Viacom to use the “it’s marketed towards older audiences” excuse which is often used amongst game developers in this situation.

Source: The New York Times

Government Surveillance Grows by 25% over the Last Year

Google is reporting a serious rise in government surveillance over the last year. This rise can be attributed to the rapidly evolving political, economic and military scenario all over the world. The news has been posted on the Official Google blog, and the graph suggests an accelerate rise over the last year. In its sixth Transparency Report, Google has publicized the number of Government requests made over the last six months, and taking this into account, there has been a total increase of 25% over the last year.

user data

The data shared by Google as part of these requests, includes,

Most of these user-data requests come from The United States, India, Brazil, France, The United Kingdom and Germany. However, while Google complies with over 90% of all these requests from the United States, the compliance for other countries ranges between 40% and 65%.

Two trends are evident from this report. First, the US government has stricter controls over Google and can demand (and eventually get) more amount of data out of it, than other countries. Second, the same set of six countries has always dominated the top user-data requester positions. Not to mention, many of these countries have had either political or economic tensions in the recent past.

If the Government wants user data so badly, there has to be proper accountability. This is exactly the kind of big-brother surveillance that people resent, and guess what! It has never been easier for the Governments, with all these online services curating more data than ever available earlier.

The only solution to this problem is that any online service storing user-data must encrypt the data using a key that is exclusive to the user and is his private property. Proper information for using this private key should be include in the privacy policy, and all users whose data is being requested be intimated well in advance, so that the choice is theirs whether to give up the data, and not of the company holding the data.

Facebook Apps Harvest and Sell Private Information in the Open Market

It’s often said that if you are not paying for something then you are the product. The reckless abuse of privacy information by millions of free apps available in various repositories regularly drives home this point.

Bogomil Shopov stumbled upon a deal selling more than a million Facebook profiles, each of which accompanied with the name and email address of the user, for only five bucks. Although he didn’t specify the source, it is probably the GigBucks listing pictured below. According to the offer description, the list consists only of active Facebook users, mostly from the US, Canada, UK and Europe. The data was harvested through Facebook apps.

Facebook-App-Sells-Private-Information

An opt-in list with a million verified email addresses and names would have easily fetched hundreds of dollars in the decade gone by. However, now, it’s available for just five bucks. That in itself suggests that perhaps lists like these are not all that rare or difficult to find. Social media services like Twitter and Facebook have dramatically lowered the expectations of privacy among users. Most people will think twice before signing up for a dicey looking website, but will not hesitate to sign in through Facebook to play a quiz or take an IQ test. A little bit of carelessness and a little bit breach of trust is all it takes for your name to appear in a list like this.

McAfee Social Protection Protects Your Facebook Photos

Facebook Photos was designed to make sharing of photos with the people that matter as easy as possible. Privacy was very much an afterthought, and that is still readily apparent. Although Facebook does provide reasonable amount of control over your photos, it is still very easy to slipup and unintentionally broadcast your private moments on the web. Even worse, your friends can share your photos to distribute your pics way beyond their intended social circle.

McAfee Social Protection solves all of this and more. Social Protection will be released as a browser plugin for Internet Explorer, Firefox, and Chrome towards the end of this month. Support for Macs, iOS, and Android will arrive by the end of this year. Once you install the plugin, the photos you upload are encrypted and uploaded to a different server. The photos appear blurred by default, and only the intended recipients who have Social Protection installed will be able to view the original snap. This takes care of situations where your boss, who is not even in your friendliest, might accidently stumbling upon your drunken pics because your friend decided to share them with everyone in his network.

McAfee-Social-Protection
via Mashable

McAfee also goes a step further, and makes it impossible to download or screencap your Facebook photos. Other than taking a snap of the screen with a camera, McAfee is pretty much making redistribution of your photos impossible. It is also including facial recognition technology that will automatically alert you if anyone in your network uploads a photo of you without tagging you in it.

We are still a few weeks away from the official release of Social Protection; however, if it indeed works as advertised, it might turn out to be a hit among the more privacy concerned netizens. The fact that only friends who have the plugin installed will be able to view your photos will definitely act as a deterrent. However, that might be a cost people will be willing to pay for the additional privacy.

Facebook to Serve Mobile Ads Based on App Usage; Users Concerned About Privacy

Facebook is better known for privacy issues that its users are confused about, and here is yet another Facebook privacy chaos. The social media giant has crossed the limits of privacy and has now decided to track the apps that you use on Facebook via your mobile phone.

In the latest report by WSJ, Facebook is launching a new way of serving ads for mobile users by keeping a track of the apps that they use. The social network, which currently has over 900 million users, would use its Facebook Connect feature that enables millions of users to log into applications using their Facebook ID and password, to track consumers’ apps, and serve ads accordingly.

The advantage Facebook will have here is that the ads won’t necessarily be based on anything you or your friends have “liked” in the past, but will be based on the apps you have installed and the data collected from it.

Facebook for Mobile

This is done in order to display relevant ads and target the right customers. It is very much similar to what Google has done by unifying its privacy policies and displaying personalized advertisements by filtering out unwanted ads.

The problem, however, is the users’ privacy. According to the WSJ, the main problem is that “the product allows Facebook to know which apps users have downloaded on their phones and then target ads based on that information.”

Unlike its traditional way of serving ads by considering users’ own preferences, friends, and their “likes”, the new Facebook mobile ads serving method is completely different, if you ask. Earlier, with the permission of the user (by “liking” a product or company), Facebook would show a promotional content in the news feed, however, with the new ad serving methods, you will be displayed with certain targeted ads based on your activities and apps without your permission.

Users cannot opt-out of this mobile advertising no matter what as this is a forced change just like the Timeline feature. This is definitely a problem that users will face and is likely to strike privacy fears.

It is also known that Facebook is planning to release tools for developers to take advantage of the new mobile ad unit sometime at the end of this month.

Also Read: Facebook’s IPO and its challenges in Mobile Advertising

Facebook, after it went public in May 2012, is under immense pressure to generate revenue, especially through mobile devices, since nearly half of the users on Facebook use the network via their mobile devices. The company is yet to recovery complete from its IPO failure. Facebook has been working hard to get more users to use the site via mobile devices and is now figuring out a way for advertisers to reach them.

Google Maps Coordinate Lets Bosses Spy on Subordinates

I am unsure of what Google actually thinks it is doing with all of these tracking tools. I am also very unsure of the people who actually buy into the “it makes jobs easier, man!” argument that tags along with one of these revolutionary products of Google. However, no amount of privacy advocates’ rhetoric and powerful written oratory removes Google’s resolve to make more and more of these privacy-killing tools.

The latest from Google is Google Maps Coordinate. It is a little bit like Latitude, except, it is always on (more or less) and works inside buildings where, usually, Global Positioning System (GPS) cannot detect the device that it is receiving transmission from.

Google claims that for $15 per month per employee, Coordinate will allow for rapid tracking and deployment of groups of people wherever they are needed. Daniel Chu, Google’s Senior Product Manager said:-

“Imagine you are a call centre operator at an electric utility company. A call comes in reporting a downed powerline in one of the northern suburbs of your city, and an entire neighbourhood is without power. You need to quickly dispatch one of your line repairers to the site, which is almost an hour away. To save time and get the power back up quickly, you want to know which line repairers are already in the area and send them the relevant information about the job. That’s where Google Maps Coordinate comes in.”

So, yes, it helps makes things easier, but at what cost? Chu also said that the workers will be able to turn off tracking as and when they require – for example, while they are at lunch or something of that sort. But turning it off at any time kind of beats the point, does it not? Given a choice, I would keep that thing turned off at all times.

Currently Google Maps Coordinate is Android only, with an iOS version planned for the next year.

Collusion from Mozilla Shows How You Are Being Tracked on the Web

The explosion of personalized web has pretty much clobbered online privacy to its death bed. No matter where you go, no matter what you do, someone or the other is tracking your surfing habits. The worst part is that this practice has become so rampant that most of us have come to accept online tracking as standard affair. Mozilla has been trying to tackle the problem of behavioural tracking on the web for quite some time. Couple of years back, it introduced the “Do Not Track” header, which has already been adopted by Internet Explrer, Safari, and Opera. Now, Mozilla has released an experimental add-on to showcase how personal data is being tracked across the web.

Earlier this month, Gary Kovacs, CEO of Mozilla Corporation, unveiled Collusion. Collusion is a Firefox extension that visualizes the spider-web of interaction between websites and third-party trackers that often track you without your explicit permission. Collusion is essentially a reporting tool whose purpose is to make netizens realize just how grave the situation is. Here’s how my Collusion graph after a brief ten minute browsing session involving Techie-Buzz, TechCrunch, Mashable, and BBC.

Collusin-Spiderweb-Data

Collusin-Third-Party-Tracking-Websites

My Collusion graph is peppered with third-party tracking website that I never explicitly browsed to. Personalized web isn’t necessarily a bad thing. It can increase engagement, reduce user frustration, and improve productivity. However, the mad rush of advertisers to track users without their knowledge and permission is something that is deeply worrying. Kovacs very righty remarked that “with every click of the mouse and every touch of the screen, we are like Hansel and Gretel leaving breadcrumbs of our personal information everywhere we travel through the digital woods”.

[ Download Collusion for Firefox ]

Twitter Enables Do Not Track Support

When on one hand Facebook is finding ways to track its users and is gathering their personal information aggressively, Twitter is going the opposite direction with a Do Not Track feature that will let users opt out of cookies that gather personal information. The personal data collected from users is used to display relevant advertisements.

twitter-logo

Twitter was in news a few days ago, over a privacy related case, where a court wanted it to hand over the user’s private tweets and Twitter stood up for the First Amendment right of the charged victim. With these two privacy protection incidents, Twitter is setting a new code of conduct for companies that hold massive amounts of user data, and it is a good sign.

Twitter has had a hard time monetizing the vast microblogging empire it has set up, and it has only been two years that Twitter is getting some juice out of its machinery. With ethical acts like this, Twitter has proven time and again that it has its priorities set right, and that users and their privacy comes first.

With privacy becoming a concern, more and more people are getting aware of tracking and user-data-collection policies. All modern browsers have extensions to prevent gathering of personal information and most of them also support the Do Not Track header now. If you are wary of user tracking and want to protect your personal information, you can block tracking scripts using the NoScript Firefox add-on or the Disconnect Google Chrome extension.

(Via: Ars Technica)

Beware of the New Supercookies

An individual’s right to privacy on their computer should be made a law.

Supercookies or flash cookies are not really cookies. They are a method by which your computer is given a unique number that can be read every time you revisit the creator website. They are used by sites like msn.com and hulu.com (as reported by WSJ) to track user activities. Once this invasion of privacy was brought to the notice of these companies, they said that the tracking was unintentional and would be discontinued.

One major issue is that a regular cookie clearing software may be unable to detect and clear these supercookies. Though these supercookies are intrusive, they do not seem to do more than act like unique identifiers for a machine (like cookies). The issue about why companies are storing data, which I cannot delete, on my computer without my permission still requires to be addressed.

These companies may use supercookies for reasons such as determining various patterns of user behavior and so on, but this method of data mining is a balant disregard for an individual’s right of choice about what they can allow to be stored and/or run on their machine by external parties.

Closer to home, Adobe’s Flash Player is another player in this tracking game. Every time you use it, the Flash player writes on your HDD. One clue on the riskiness of this is when we are left performing multiple updates on our Flash players to counter a new bug that the folks at Adobe find in their software every time a new threat is exposed. The issue at this point goes beyond simple privacy and moves into the ‘interference’ domain. These bits of data may cause issues with my computer and may even cause it to be at risk. The problem continues as these super cookies are hard to remove, and when the only way to counter this is by using a new computer every time, it makes it more of an uphill battle.

You can read Fight Identity Theft‘s ‘New Breed of Super Cookie Defies Removal – Almost‘ for details on how to remove flash cookies. Also, you can check how easy it is to identify your browser’s fingerprint using http://panopticlick.eff.org/. It collects data about your computer using your browser and Javascript to let you know how easily your browser can be identified on the web.

Google’s Expensive Street View Misadventure is One Guy’s Mistake!

Between May 2007 and 2010, Google gobbled up enormous amounts of Wi-Fi data, when it actually set out to capture street-view images. This has been the hottest case of privacy breach in the last decade. For a company that believes in “don’t be evil”, Google made a terrible mistake in doing this. The mishap was discovered by European data-protection authorities. Initially, Google claimed that capturing Wi-Fi data would let it improve location-based services. When under some more pressure, Google jumped in with a clarification, saying it collected only fragments of data. Though finally, in 2010, Google acknowledged that it collected entire payloads from Wi-Fi networks with all kinds of personal data (emails, passwords, internet usage data and alike).
google-maps

The case has been under investigation, and recently, Google has released an FCC report, where it holds a rogue engineer liable for capturing payload off Wi-Fi networks. The engineer in question wrote a code to capture Wi-Fi data and put it into the Street View code. However, the engineer was not available for talks as he invoked his Fifth Amendment right and refused to comment.

The FCC report also talks of other people at Google who were aware of the intentions of this engineer. The engineer drafted a proposal of his work and presented it to the Street View team in October 2006. Now, managers of the Street View team claim that they never read the document presented to them by the engineer! To add to the confusion, a second engineer who did a peer code review for our rogue engineer’s Street View code found no mechanism to capture Wi Fi data.

Nonetheless, Google has come out of this investigation clean. The FCC declared that Google did not capture Wi Fi data illegally, but fined Google for $25,000 for stalling the investigation.

After thoroughly reviewing the existing record in this investigation and applicable law, the Bureau has decided not to take enforcement action against Google for violation of Section 705(a). There is no Commission precedent addressing the application of Section 705(a) in connection with Wi-Fi communications.

Read the full report on the FCC investigation.

(Via: LA Times)