Tag Archives: Privacy

Facebook Alternative for Kids – Try Togetherville

togetherville-logo Most of you know that kids under 13 are not supposed to use Facebook. However, you also probably know that there are lots of kids cheating on that limit. Some of them are doing so with their parents’ knowledge. I don’t think it’s a good idea. I could argue that it’s not safe for adults on Facebook, because of all of the privacy problems that they’ve had in the past.

Now there is a new service called Togetherville. They promise to make it safe for kids to share online. Here’s a short video about the service.

Click here if you can’t see the video.

So why is it safer? I’m not sure that it’s completely safe, but the first layer of defense is that the kids can’t sign up themselves. In order to create an account, an adult must sign in using a Facebook account, then set up the accounts for the kids they are responsible for. There’s nothing to prevent kids already in Facebook from creating adult accounts at Togetherville, but this first requirement will help prevent it.

Togetherville also tightly controls the video and game content on their service so that the kiddies won’t see frightening and weird stuff. If they make sharing and gaming attractive enough to the kids, this new service may be a big help for parents.

This new service may not be perfect, but it’s a lot better than letting your 11 year old use Facebook.


Facebook Unveils Simplified Permissions for Apps

has been trying to pacify users over privacy issues that have cropped out on the most popular social networking site in the world.

Late last month, Facebook had unveiled simplified privacy controls for users, and today they have rolled out new simplified permissions for third-party applications that need to access your data on Facebook.

facebook_simplified_app_permission

As you can see from the above image, third-party apps will now clearly mention what type of information they will access and ask you to grant permission to them. According to Facebook, the application will only be able to access the public parts of your profile by default. To access the private sections of your profile, the application has to explicitly ask for your permission.

This makes it really transparent and easy to understand as to what information is being shared with third-party apps. If you do not want information to be shared with apps or with search engines, you can change your privacy settings here. More info on this at the official Facebook blog.

Is it the Information Highway to Hell?

agent-ico As many of you know, the Internet is sometimes called the Information Superhighway. What most of you have not heard, is that the destination of this superhighway may not be what you had hoped. Where is it leading us?

What do you consider as threats to our privacy today?

• Cookie tracking
• Shopping data
• Search data
• Personal info from registrations
• Business info from credit agencies
• Medical data
• Government data
• Comments, Forums, Social sites
• GPS location tracking
• Cameras in Streets and Stoplights
• Cameras in Stores
• Cameras in Public Areas
• Nanny Cameras
• Home Security Cameras
• Satellite tracking cameras
• and more …

redlight-camera satellite

Doesn’t it make sense that someday, these will all be linked into the net and someone or something will be tracking your every movement? Who’s going to be watching? Governments are the obvious answer. For an example of this idea, watch “Enemy of the State“.

Another group to consider is the hacker community. They’ve discovered the profit in stealing your personal data.

If the governments and the hackers aren’t enough for you, let’s add more for you to worry about.

Your personal information is already a valuable commodity to businesses wanting to sell you products. What’s going to happen as those companies get access to ever more increasing amounts of data about you, where you are and what you are doing? Stephen Saunders at InformationWeek thinks the Internet will become:

… a sophisticated targeting system for companies to sell “stuff” to consumers, for governments to keep track of citizens, and for law enforcement to track illicit activity. In commercial terms, it will be an Internet where the user becomes the used.

I think Stephen may not be paranoid enough. After all, many are predicting the introduction of true machine intelligence by 2025. What could super-intelligent computers could do with all that information about us? I’m not afraid that Skynet will nuke us, but how long can we retain any illusion of freedom when our machines know everything about us and they’re smarter than we are? Watch the movie Eagle Eyefor a hint.

Bill Joy, co-founder of Sun Microsystems, expressed the same concerns ten years ago, in his post “Why the Future Doesn’t Need Us“. I remember his question:

Can we doubt that knowledge has become a weapon we wield against ourselves?

Now you might understand why I’m a little paranoid about the future. I think we’ll have a choice to become “one with the machine”, like the Borg, or become useless slaves to our technology. The governments, corporations and hackers will be the least of our worries. Welcome to the machine.


Why Do Most Android Apps Have Intrusive Data Access Requirements?

It has been just around a month since I bought an HTC Legend as my first Android phone and I must say that I was pretty satisfied with it. Though a few days ago, it went into occasional lags and often,  there was a freeze times of around two seconds in bringing up the menu. I had installed so many apps (63 of them) that I preferred doing a factory reset over a app quality check.

After that was done and when I started installing back apps, I was taken aback by how much of data demands Android apps have. Being a newbie, I did not give much notice to this fact earlier. What was even more surprising,was that these apps were available for download right from the Market!

Let us take a small example. I search the Android market for an app on “Guitar Chords” and this is a list I come up with.

android-market-search

Now, we can see the app named g-tar [free guitar, hooray]. This is a guitar chord app and it requires access to my phone calls to read the phone state. I probed further into what kind of an access that was? As a result,  I saw that it just makes sure I am not on a call when it plays a tune.

guitar-android-app

Not much to worry about. Is it? My point here is that the behavior of these apps can put our personal data at risk. The open nature of the Android Market can be abused to turn Android Phones into remotely controlled bots.

Here is a quick check list to keep us safe from such situations.

  • Check for comments on the app before installing it. If comments say something is wrong with the app, something definitely is. Also, if the first few comments are all positive, look up more comments to double check. Try and identify good commentators.
  • Check the system requirements and usage guide. How well the usage guide is written goes a long way into telling how responsible the developer is for his creation.
  • Check if the name of that app turns up on “Best Android App” and “Top Android App” lists. If yes, skip the next few steps and use it. If not, do not panic. Go through the next steps.
  • Check for any known issues in the description. Check for conflicts with the system or with other apps. (This can be another annoyance.)
  • Check the data access it requires. It there is anything out of the way, use your Google Fu to do a background check.

That is the best we can do to keep our Android phones clean until Google comes up with some method of keeping the Android market clean.

Facebook’s New Simplified Privacy Settings in a Nutshell

Over the past few weeks Facebook has been under fire from all corners for its sloppy privacy policies. Of course, this isn’t something new to Facebook. In the past Facebook has been slammed by privacy advocates for various missteps like the Beacon. The latest outburst was prompted by the introduction of Facebook Open Graph.

During a press event held at its headquarters, Facebook CEO Mark Zuckerberg unveiled the new simplified privacy controls for Facebook. One of the troubles with Facebook has been that its granular privacy controls are too complicated for most users. Facebook is hoping that the new privacy controls will alleviate this issue.

Facebook-Privacy-Simplified-Controls

The announced privacy settings overhaul is quite significant. To begin with, you will now have access to a single control to change settings for all content and its visibility on the site. According to Zuckerberg, there will be less publicly available information and more privacy control for connections. You can once again keep your friend list as well as subscriptions private.

Facebook-Privacy-Basic-Directory

Moreover, Facebook will now differentiate between “basic directory information” and other information included in your profile. The basic directory information will be public by default, so that other people can find you.

Facebook-Privacy-Platform-Instant-Personalization

Facebook is also making it easy to opt out of instant personalization. It will offer a single checkbox to prevent external sites from harvesting your private information. You can even opt out of the entire Facebook platform (applications and extensions).

While these new privacy controls will perhaps help in quelling the growing sentiment of discontent towards Facebook, the main cause for controversy still remains unaddressed. Instant Personalization is still enabled by default. In fact, almost all Facebook privacy controversies have been triggered due to its insistence on making new features opt-out rather than opt-in by default.

Unfortunately, this won’t be changing anytime soon. Zuckerberg indicated that he believes that Facebook’s privacy model is complete and ruled out any further substantial changes in the near future. The simplified privacy controls will be rolled out at facebook.com/privacy over the new few days.

Screenshots via TechCrunch and video via Robert Scoble

Google Releases Analytics Blocking Add-on For Browsers

Google has been taking privacy issues quite seriously these days. One of the biggest issues users face while visiting websites is that their visit are tracked back and stored, and Google itself leads the pack in web analytics tracking with their own Google Analytics software.

However, starting today, paranoid users who do not want their information to be collected by Google Analytics will be able to do so by installing a browser add-on, available for Firefox, and Internet Explorer.

Once a user install this add-on the information from their visit on any site that uses Google Analytics to track users will not be tracked. Whether this is a good move or not is beyond me, as webmasters often use analytics data to track how many users are visiting a site or a post and plan things accordingly.

If every user out there starts installing the add-on Google Analytics in itself would become redundant, however, as a webmaster I can say that usually no one looks at personally identifiable information available through the web statistics program and many are only interested in tracking hits and so on.

What do you think about this move from Google? Does it make sense to you?

More info at the official Google Policy blog.

OpenBook Lets You Search Public Facebook Updates

With Facebook still trying to deny the privacy risk these new settings expose users to, OpenBook is a strong evidence of how screwed up Facebook’s privacy policies are. It is a simple search engine that lets you search Facebook updates that have been made public. These updates are from people who are either not smart enough to understand these new privacy settings or brave enough to share their status updates with the world.

OpenBook is to Facebook what PleaseRobme was to FourSquare. The only difference is that FourSquare hardly has a million users while Facebook has close to 500 Million. A simple search on “going out” tells you how many Facebook users will leave their houses unattended tonight and where they will be. The website even lists some latest searches to show you what people have been looking for. If you are worried about your privacy, and you should be, you can search OpenBook to make sure none of your status updates are showing up publicly. If they are, you can change your privacy settings.

OpenBook is yet another example that proves how messed up Facebook’s privacy settings are. As some people may argue, users have the choice to opt-out of these settings but is that so easy for a 50 year old non-English speaker to tweak around these now-complicated settings? Specially when they are changing almost every week!

[Via Ghacks]

Encrypt Your Files Quickly with AxCrypt

axxcrypt-ico [Windows Only] ÀxCrypt is a free and open source (FOSS) application that lets you quickly encrypt multiple files with a password. There are many free encryption utilities out there and some of them may be as good or better. However, AxCrypt is sure to be handy even if you don’t use encryption very often, since it comes with a portable version named AxCrypt2Go. You can always use the portable version on any PC without the need to install it.

For those who need to encrypt files often, AxCrypt integrates it’s actions into the Windows right click menus. It also allows you to create self-decrypting executable files (encrypt copy to EXE). The self-decrypting files allow anyone to open them up, as long as they have the correct password. It’s safe to send AxCrypt files using email, since AES-128 encryption is used, and it’s not likely that anyone will be able to crack your files open.

Here are some snapshots and descriptions of AxCrypt:

1. When you start installing AxCrypt, you will first have to agree to the GPL license.

axcrypt-snaphot1

2. You can disable any features you don’t want, using the custom setup screen.

axcrypt-snaphot2

3. One drawback at this point is that I didn’t see any way to tell the app where I wanted it to install at on my hard drive.

axcrypt-snaphot3

4. Once it’s installed, the first thing it shows is a prompt asking for an email address. Don’t worry, you don’t have to if you don’t want to. So far, AxCrypt has over 1,805,250 registered users.

axcrypt-snaphot4

5. Now it nags you if you didn’t supply an email address. Did they learn this trick from Microsoft? I wonder how many software engineers think that this really adds any value to the application.

axcrypt-snaphot5

6. Nothing seems to happen after that, but now whenever you right click on a file or folder, you’ll see that you have more options under the "AxCrypt" menu item. Everything needed to use AxCrypt is in there. As you can see, it has some very nice features and functions.

axcrypt-snaphot6

7. If you select "Encrypt", you’ll be prompted for a password.

axcrypt-snaphot7

8. If you select either of the two check-boxes, AxCrypt will remember your password when it’s encrypting or decrypting files.

axcrypt-snaphot8

9. Here you can see me getting ready to encrypt two music files.

axcrypt-snaphot9

10. Once they are encrypted, the files will have an "AXX" file extension.

axcrypt-snaphota

11. If you right click on them again and choose "Rename" in the AxCrypt menu, it will rename them so that nobody can figure out what was in those files. When you decrypt those files using AxCrypt, it remembers what the file names were and puts them back the way they were before.

axcrypt-snaphotb

12. To get the portable version of AxCrypt, I opened up the Program folder and copied the AxCrypt2Go.exe file onto my flash drive. In order to test it, I un-installed AxCrypt from my PC and tried to use AxCrypt2Go to decrypt some files. It worked fine, and now I don’t need to keep AxCrypt installed on my computer. I will simply keep AxCrypt2Go stored away until I need it. It’s only 486k in size.

axcrypt-snaphotc

AxCrypt will work on most PCs running Windows 2000/XP/Vista or later. AxCrypt has built in translations for English, Danish, Swedish, German, Dutch, Hungarian, Spanish, French, Italian and Norwegian.

Download AxCrypt

Techie Buzz Verdict:

I discovered that AxCrypt is very easy to use when it’s installed on your PC. However, the portable version definitely needs work. You can only navigate from the left folder view. If you click on any file or folder in the main (right hand) view, it opens the file or folder in it’s associated program. To encrypt or decrypt, you have to right click on the files. Once you’ve figured that out, I think you’ll find that it’s worth keeping.

Techie Buzz Rating: 3/5 (Good)

Facebook Fails What.app Stanford Test, Twitter and iPhone Pass

In a recent study conducted by What.app, Facebook fails in maintaining standard privacy of its users.

WhatApp is a site that rates the privacy, security and openness of web and mobile applications as well as the various platforms they run on.

What.app uses various analysis tools to rate apps and websites and Twitter and iPhone apps fared well with good scores whereas Facebook was slapped on the face with a score of 2. The total score was five. The results obtained are extrapolated from data obtained from individual apps running on platforms. Facebook was rated based on its apps.

The co-founder of What.App Ryan Calo, who is also a Stanford University Law fellow  says,

I think people are upset because when you download an app, you don’t have any control over what the app developer sees on your profile,says Calo. There’s the perception among users that they don’t need to give away so much information to have the apps do the same thing as they are currently doing.

There were three areas of analysis, namely privacy, security and openness. Facebook scored two in all three. This should not come as a surprise as it simply justifies Mark Zuckerberg’s earlier statement of “privacy is no longer a social norm”.

(Via:Forbes)

Tech Giants Want There to be a “Digital Due Process” to Access Personal Data

A board of companies including non-profit companies, private companies and others have joined hands to protect the privacy of people over the Internet. The board has tech giants like Google, Microsoft and others as its members. Their presence adds weight to the efforts and plans of the board.

The group has recently announced a reformed Electronic Communications Privacy Act (ECPA) which ensures privacy of individual over the Internet. The act was formulated way back in 1986 and much has changed since. This bill also aims at protecting people from unauthorized law enforcement access to their personal data over the Internet.

The principles of the new plan as laid out by the board stands as,

  1. A governmental entity may require an entity covered by ECPA (a provider of wire or electronic communication service or a provider of remote computing service) to disclose communications that are not readily accessible to the public only with a search warrant issued based on a showing of probable cause, regardless of the age of the communications, the means or status of their storage or the provider’s access to or use of the communications in its normal business operations.
  2. A governmental entity may access, or may require a covered entity to provide, prospectively or retrospectively, location information regarding a mobile communications device only with a warrant issued based on a showing of probable cause.
  3. A governmental entity may access, or may require a covered entity to provide, prospectively or in real time, dialed number information, email to and from information or other data currently covered by the authority for pen registers and trap and trace devices only after judicial review and a court finding that the governmental entity has made a showing at least as strong as the showing under 2703(d).
  4. Where the Stored Communications Act authorizes a subpoena to acquire information, a governmental entity may use such subpoenas only for information related to a specified account(s) or individual(s). All non-particularized requests must be subject to judicial approval.

This will protect all user data until it is publicly accessible. The Congresss approval will implement them through the ECPA for a better web.

(Via: searchengineland)

Firefox Private Browsing Mode Is Broken

Firefox’s Private Browsing Mode enables users to browse the web privately. It empowers users to surf websites without storing browsing data (URLs, cookies, page content etc.). But, now Mozilla has discovered that Private Browsing Mode (PBM) in Firefox is partially broken, and browsing data get stored even if a user has enabled PBM.

According to a blog post on official Mozilla Add-ons blog, this flaw generates because of Firefox Add-ons:

Add-ons have the ability to obtain and store browsing data, and some of these add-ons may not be taking PBM into account. This is a breach of the user’s privacy expectations when using PBM, so we will be updating our policies shortly, requiring add-ons to respect PBM.

Private Browsing Mode In Firefox

Mozilla has announced to update user privacy policies soon. To overcome this problem, Mozilla has planned two different levelsof privacy support:

  • If an add-on stores browsing data in any way, it must support PBM. This support cannot be disabled in any way.
  • If an add-on stores some other type of personal data, support for PBM is optional.

In the referred blog post, Mozilla has suggested add-on developers to ensure PBM support for their add-ons. This is another issue discovered with Firefox add-ons recently. Few weeks ago, two experimental add-ons were found to be infected with trojans. Although, later Mozilla informed that these reports were false.

Moreover, Google Chrome disables all extensions in PBM (incognito mode).

Block JavaScript in Google Chrome. NoScript’s features in Chrome!

If you have just migrated to Chrome from Firefox, you may have noticed that there is no Chrome version of NoScript the popular Firefox add-on to block JavaScript on web pages. NoScript blocks JavaScript, Java, Flash, Silverlight and several other executable contents by default and gives users a choice to allow these content from trusted sources only. Hence, it makes browsing faster and safer. I can’t imagine web browsing without NoScript, and this is one of the many reasons to stick with Firefox.

If you miss NoScript in Chrome, I have good news for you: Google Chrome will have similar content filter options soon. The latest Dev channel v5.0.317.0 for Windows has an option to selectively control cookies, images, JavaScript, plug-ins and pop-ups. Users can either block this content or opt to allow only certain trusted sources.

How to block JavaScript and other contents in Chrome?

disable javascript in google chrome

If you are using Dev channel of Chrome on Windows, you can access these features by updating it to latest release. Move to Options->Under the Hood->Content settings. This setting window provides better management of images, JavaScript, plug-ins, and pop-ups.

The recommended option is to block all JavaScript and add trusted hosts as Exceptions. Although, blocking JavaScript may result into unusual rendering of web pages. You can set options for cookies, images, popups and plug-ins similarly.

content setting icon in address barYou can also control your content settings from the address bar. If there is any blocked item on the current web page, a small icon will appear in the address bar, and users can manage settings by clicking on it. This feature is similar to NoScript, where you can control settings from the status bar icon.

I hope to see this feature in stable version of Chrome soon. :)

Yauba: A ‘Privacy Safe’ Search Engine

Search engines like Google and Yahoo! are great when it comes to accuracy and relevancy but they aren’t the best thing if you are concerned about your privacy. They store information about your search history and use that to improve their algorithms.

If you want to search the internet anonymously and don’t want the search engine to remember what you searched for or what was your IP address, Yauba is an excellent alternative. Yauba is a “privacy safe” search engine meaning it doesn’t store any information about your searches, your IP address, your browsing habits or any other personally identifiable information.

Other than that, Yauba works like a regular search engine allowing you to search websites, news, blogs, images, videos, files and even torrents. You can select any of these categories to narrow down your search or select all the places to perform a global search. With Yauba, search results include a thumbnail of the website and provide a link to the home page of the website in addition to the page containing your keywords. Another feature that makes Yauba unique is the consolidation of results in different categories such as news, social networks, real-time search e.t.c.

Yauba also works as a proxy server by letting you browse websites anonymously. Every search result includes a little link titled Visit Website Anonymously that lets you browse the website without compromising your privacy. Yauba also offers a lite version of the search engine that is even faster.

Techie-Buzz Verdict:

Yauba is a great search engine that is both intelligent and privacy-safe. You can use it as an anonymous search engine or a proxy server to visit websites anonymously. Yauba’s intelligent algorithm combined with a great interface makes it one of the best search engines around.

Rating: 4/5

Interview of Compromise: Facebook Employee Reveals All Internal Secrets

This entire issue comes off as one of those escalating affairs to me. First, it was the long drawn open letter by Mark Zuckerberg promising us that the privacy controls would be simpler lauded by most. However, in a few days’ time people realized that the apple had fallen quite far from the tree. Not only was your profile picture available to everyone around you, but the most private people found that searching for their profiles were open to friends of friends and could not be changed to only friends (this has been changed recently).

In response, Zuckerberg said in an interview that people have really gotten comfortable not only sharing more information and different kinds, but more openly and with more people. A lot of long-time users were quite agitated about this issue and while some control was given back to the users, most were still prescribing to the be friendly to every Tom, Dick and Harry on Facebook! Make it viral! Spread the color of your bra to everyone!norm. (The last part, not really!)

Facebook logo

So when a Facebook employee tells us that there is a master password that can be used to log in to any account and that in the past it has been misused, it comes off as disastrous.

The Rumpus interviewed the aforementioned unnamed Facebook employee who pointed out quite a few things that are stored on Facebook’s servers from the number of likesto the number and content of messages (the privateones) are all stored in the servers and are completely accessible to the engineers who drive the website:

Employee: We track everything. Every photo you view, every person you’re tagged with, every wall-post you make, and so forth.

More alarming is the fact that there was a master password (which, thankfully could only be accessed from the Facebook office’s computers, using their ISP). Here is the snippet of the conversation (emphasis added for effect):

Rumpus: You’ve previously mentioned a master password, which you no longer use.

Employee: I’m not sure when exactly it was deprecated, but we did have a master password at one point where you could type in any user’s user ID, and then the password. I’m not going to give you the exact password, but with upper and lower case, symbols, numbers, all of the above, it spelled out Chuck Norris,’ more or less. It was pretty fantastic.

Rumpus: This was accessible by any Facebook employee?

Employee: Technically, yes. But it was pretty much limited to the original engineers, who were basically the only people who knew about it. It wasn’t as if random people in Human Resources were using this password to log into profiles. It was made and designed for engineering reasons. But it was there, and any employee could find it if they knew where to look.

In fact, the cases of employees logging in to other peoples’ account became so frequent that the position of Chief Privacy Officer was invented, so to speak, to deal with the problem.

Rumpus: Are your managers really on your ass about it every time you log in as someone else?

Employee: No, but if it comes up, you’d better be able to justify it. Or you will be fired.

Rumpus: I would imagine they take this—

Employee: Pretty seriously. I don’t really f*** around, at all.

Rumpus: They invented a Chief Officer position for it, Chris Kelly, right?

Employee: Chief Privacy Officer Chris Kelly, correct. Running for Attorney General of California.

facebook_logo2

The rest of the interview is inherently fascinating as the employee talks about the massive amount of photos stored in the servers, easily calling Facebook the largest photo distributor in the worldand goes on about the engineers in employ as well as the bizarre and weird cases they had to field. Interesting indeed, but worrying too. If Facebook has an officer in chair to curb the amount of privacy abuse in their own offices, how much can we trust them when they change their ToS and privacy controls with misleading blog posts to account for?

This morning when I wanted to change my privacy settings with regard to search, I found this waiting for me:

PrivacyFacebook

My information is safe indeed. I think it is time I switched to a seriously privacy centric platform. Problem is, with its market penetration, slew of features and the inertia of existing users, I know I’ll be alone in the new socializing engine, if at all I do switch.