Tag Archives: Privacy

Meta Assassins Turns the WWW Into a Subtle Battlefield

The internet has always been obsessed about itself. Its narcissistic tendencies have been the driving factor in the making of data visualization about its own technologies, semantic web technology and other endless lists full of the emerging science of the hive mind and the self’s position in this meta-world.

logo

Did you understand that previous paragraph? I sure didn’t but that’s how you start these intellectual and deep posts about the internet, data and other characters of the philosophical nature of the World Wide Web.

However, we are not talking about the philosophical nature of the World Wide Web. We are here to talk about the launch of an extremely new kind of experimental game that takes social browsing and networking to a completely new level.

Meta Assassins is a new appthat promises to rid you of your social life, more or less. It is a game in which gamers will be given specific targets (other gamers), who will surf the web. Your job is to track your quarry to the site they are on and kill them in a [virtual] shootout. But, beware you are also someone’s target. You accomplish all this with a Google Chrome or Mozilla Firefox plugin.

The game is currently on a hiatus from the 12th of February. The short playtesting stint was apparently a success, so the developers will be making a redoubled effort into a new avatar.

Although the game works mostly on the world wide web, the amount of data privacy issues this could cause if it were not a game is quite staggering. I would totally turn this into a Hollywood blockbuster (given the right amount of nudging here and there), call it Meta Assassins, and mint money.

If you are interested in this, do check their web page out.

Does Spying on Subscribers Help Fight Crime?

Most networks in the world are under some direct or indirect pressure to spy on their users. Sometimes, the pressure is built from the Government directly, whereas other times, security agencies are doing this for the Government. We have seen the famous Blackberry network issue which serves as the most recent example of this fact.
government-spying

Governments ask service providers over various networks to retain records of the data transferred over their service. This is a tedious job and requires additional infrastructure. However, this Thursday, the German Police released some reports, which claims that retaining user data does no good in fighting crime.

European Union’s Data Retention Directive is a law operating in the region that includes Germany. The law that has come under a lot of controversy and the Romanian government has declared the law unconstitutional. Germany had already experimented with the law and it failed miserably. The law did not contribute towards fighting crime and to add insult to injuries, the subsequent year of 2009 saw an increase of 0.7% of crimes from 2007. This increase cannot be attributed to the law. However, the failure of the law is evident from this fact.

The European Commission has claimed in a counter-argument that there are 148,000 requests for user data from the government yearly and this has to account for some crime-fighting efforts. The European Court of Justice will decide on the matter in 2012.

(Image via: pakalertpress.com)

Do You Want Big Brother Spying on You?

Back in 2006, the   U.S. Attorney General, Alberto Gonzales, under the Bush Administration, called for new rules that would require ISPs and cell phone companies to collect more data (spy) on all of their users. It’s called Mandatory Data Retention. At the time, there was enough opposition to this idea that it never got far.

Recently, the  House Judiciary Subcommittee on Crime, Terrorism and Homeland Security held a hearing to promote this controversial idea once more. Several members of congress have already proposed legislation on data retention, and support for it is coming from both Democrats and Republicans. The Obama administration’s Department of Justice is also expected to support forced data retention.

Currently, ISPs and phone services already keep transaction records for 90 days, in accordance with the 1996 Electronic Communication Transactional Records Act. After 90 days, the records are deleted, and some law enforcement agencies would like to see these records kept much longer.

Big-Brother-is-Watching-YouSince it’s obvious to many that this is another case of Big Brother is watching, how can these politicians justify their call for more intrusion into business’s and customer’s internet and phone traffic?

Most of this call to action is the result of law enforcement and defense agencies wanting longer retention periods, and politicians that want to look like they are tough on internet crime, such as child pornography. However, privacy advocates such as the Electronic Frontier Foundation (EFF) and the Center for Democracy & Technology (CDT), see it as having bad unintended consequences for user privacy, First Amendment anonymous speech, and ballooning costs for retaining the information.

In my opinion, new laws requiring data retention are going to cause more problems than they solve.

Law enforcement agencies can already ask internet and telecom providers to collect extensive information on suspects. Collecting more data will help law enforcement and Homeland Security catch criminals and terrorists, but these new laws will treat all of us like suspects.

The collected information will seriously clamp down on anonymous speech and whistle blowing. Do you trust the government to stop itself from trying to track down sources of leaked information or people who voice strong anti-government or opposition party speech?

Government and law enforcement won’t be the only ones able to access this data. How many websites are hacked every day? How many government agencies have data stolen from them? We’ve already seen what’s happened with WikiLeaks and government employees who get fooled into giving out information.

It will also make simple visits to legal sites more ominous. Would you want everyone to know you’d visited a site about STDs, mental health, bankruptcy, adult entertainment, or any other normally private topic.

Civil courts will be able to get access to this information. It could be used in divorce cases, to prove infidelity. It could be used in law suits to prove prior knowledge or associations.

The internet and telecom providers can handle the additional open-ended costs of mandatory data retention, since those costs will be transferred to the consumers. It will be the same as a new hidden tax. Smaller businesses, and start-ups may not be able to bear the added costs, thus reducing innovation, and killing competition with the big internet companies.

In summary, new data retention laws would be good for big government, law enforcement and big business. They would be bad for the average joe consumer, free speech and free association. If you don’t agree (or you hate freedom), you have the freedom to comment below.

US Court are Abusing Facebook Posts for Evidence

Facebook has introduced a new feature of HTTPS that increases the security of the user. However, we have already shown that even if HTTPS is turned on, a website can check if you are logged in to Gmail simply by using this image hack.
facebook-privacy
Though, in a new development, US courts are increasingly trying to use Facebook data as evidence. They are repeatedly granted access to private content of users, and breach their privacy. This was not the case earlier. There is nothing wrong with this but it is not ethical at the same time.

Reuters reports this with an incident as,

Defense lawyers in personal-injury cases, in particular, are finding social networks to be a rich source of potentially exculpatory evidence. In one recent case, a New York woman who claimed to be bedridden after falling off a defective chair showed up in family Facebook photos smiling happily in front of her house.

Now that Facebook has become the very face of social networking, it is time they work towards protecting the privacy of their users when it comes to these cases. There needs to be a well-defined line between breach of privacy and gathering of evidence.

Currently, there are mixed cases relating to these breaches. There are quite a few cases where the court was not allowed access to private pages of users. These cases will form the basis for future cases and need to be done right.

(Image via: The security pub)

Facebook’s "Instant Personalization" Automatically Shares Your Data With Other Websites Without Your Consent

Oh my dear , why do though take decisions for me? You make HTTPS opt-in, but want me to opt-out when it comes to sharing my data with third party websites, and you say that you adhere to privacy standards?

Disable Facebook Instant Personalization

If you have had issues with Facebook’s privacy settings, here is something which will irk you even more. Facebook has a new privacy setting in place called "Instant Personalization" which basically gives your data to other websites without your consent. When I say without your consent, it means that you have to opt-out of this feature to stop sharing your data with other websites.

I find this really ridiculous because on one hand Facebook makes security features opt-in and on the other hand they feel that it is fine to share your personal data with other websites without your explicit consent.

If you don’t want to share your data with third-party websites, go to Account -> Privacy Settings and click on "Edit your settings" under the "Apps and Websites" item at the bottom left of the screen. On this page, click the "Edit Settings" button next to the item "Instant personalization" and uncheck the checkbox next to "Enable instant personalization on partner websites."

The feature was launched last year in April, but is now being gradually pushed out to all users. This is the first time I saw this option in my privacy settings and I was surprised that it is enabled by default. You can learn more about how your data is shared and whether you really want this feature to be enabled by default at http://www.facebook.com/instantpersonalization/.

Microsoft Developer Blogger Shows Easy Sniffing Of WP7 Traffic

Do you fancy investigating any traffic being sent in and out of your Windows Phone 7 device? Aside from the more involved method of using a packet sniffer on your phone or capturing the data over a wireless connection and decrypting it, a member of the Microsoft Developer Network (MSDN) has gone ahead and given some extremely straight forward steps on how to set up a man-in-the-middle proxy to capture and store all HTTP and HTTPS traffic. How it works is very simple – Fiddler, a web debugging proxy, is run on a Windows PC and acts as an intermediary gateway to the outside world, once you configure your device to pass information through it, Fiddler will capture, display and allow you to modify the passing traffic.

What legitimate use case could this have? Well it’s useful for developers who are writing apps, however it’s especially useful for enterprising hackers, do-it-yourselfers and anybody else who is concerned about the information that apps are uploading. Microsoft does have very stringent rules for allowing applications into the Marketplace, but as we’ve seen before with the Apple AppStore and the Android Market, sometimes things either slip through the cracks or are obfuscated enough that the QA team is fooled which allows the malicious code to go live. With Fiddler, you can see full HTTP streams and if you do choose to install the SSL certificate – all HTTPS encrypted traffic can be re-signed using the cert and then decrypted at will.

While most developers will be using the emulator to do the majority of their development work, when it comes to real deployment and users who want to get started in monitoring their device traffic, they should visit the post on the MSDN Blog by Eric Lawrence and follow the provided instructions.

U.S. Orders Twitter to Hand Over WikiLeaks Private Messages

New information about a U.S. case against WikiLeaks has recently been revealed. The U.S. Department of Justice (DOJ) issued a secret subpoena to Twitter on December 14th. The subpoena orders Twitter Inc. to release private messages and other information about accounts owned by Julian Assange and others involved with WikiLeaks.

View the subpoena

The subpoena wasn’t public knowledge, because  Twitter was ordered not to reveal it, since it was “relevant to an ongoing criminal investigation“.   On January 5th,   the subpoena was unsealed due to legal pressure by Twitter.

Twitter declined to say much on the matter, except that its policy is to notify its users of government requests for information, when it can do so.

In a statement, Assange is quoted as saying If the Iranian government was to attempt to coercively obtain this information from journalists and activists of foreign nations, human rights groups around the world would speak out.

twitter2Twitter is based in San Francisco California, and it’s not likely that they would have responded to an information request from Iran. However, the U.S. DOJ has the legal authority to make Twitter cough up this data. It’s clear that Twitter will do so, despite their efforts to open it up to public review.

Google and Facebook have very likely received similar requests, but have not responded to reporters asking about this topic. It’s speculated that they’ve also gotten gag orders to remain quiet, but didn’t fight them as well as Twitter.

(Sources: TechCrunch, CBS News and others)

California says “All Your Phones are Belong to Us” – No Warrants Needed

scales-justiceMonday, The California Supreme Court decided to allow police to search arrestees’ cell phones without a warrant. The ruling of the 7 Justices was a 5 to 2 vote in favor of this. The majority said that defendants lose their privacy rights for any items on them when taken into custody. (Source SF Chronicle)

cali-state-flagThe dissenting opinion was voiced by Justice Kathryn Mickle Werdegar. She says this allows police “to rummage at leisure through the wealth of personal and business information that can be carried on a mobile phone or handheld computer merely because the device was taken from an arrestee’s person”.

Under current guidelines from the US Supreme Court, police are allowed to go through your wallet and other items. Should this right be extended to the data we carry on us? What happens when you are carrying not only a phone, but a laptop or tablet? Can they dig into these now without a warrant?

The American Civil Liberties Union hasn’t issued a statement concerning this decision yet. However, they have previously defended the rights of students in schools not to have their phone data seized by school officials. If they don’t defend the rights of an arrestee in this case, can they be taken seriously?

ohio-flagThe Ohio Supreme Court reached the opposite opinion in 2009, which forced police to get a warrant to search cell phones or other portable devices.

What do I think about this?

I now have one more reason to be proud that I live in Ohio, a state that defends my rights to carry personal data. I feel sad for the people of California. If taken to extremes, anyone there can now have all of their personal data seized, simply by being given a speeding ticket or jay-walking.

People of California read this post at eHow.com: How to Encrypt a cell phone.


FCC Regulators Impose Net Neutrality – What is it?

[United States]

fcc-sealOn Tuesday this week, a panel of 5 regulators in the FCC (Federal Communications Commission) voted to impose Net Neutrality rules on internet service providers. As you may know, the FCC is a U.S. agency that regulates communications of many types, such as telephone, cellular phone, radio, cable tv, wireless internet and others. The members of the commission are political appointees, and are not elected by a vote of any kind. The commission also enjoys a great deal of independence from Congressional authority.

The main idea around Net Neutrality is that internet service providers should provide open and unrestricted access to all of their customers. In the past, providers such as Comcast have slowed down access to certain types of information such as Bittorrent streams. Net Neutrality is also proposed to stop the service providers from charging extra money based on band-width use. Others are saying that Net Neutrality isn’t enough, and all internet access should be free to the public.

While the ideas behind Net Neutrality sound beneficial to the average consumer, many people have raised concerns that any government involvement is going to clamp down on the inherent freedom of the internet. As we’ve seen already, governments are the worst abusers of internet freedom. Countries such as Iran, North Korea and China are famous for imposing severe restrictions on data entering their countries. The U.S. government has already shown a heavy hand when they shut down over 80 websites for copyright infringement, and tried to shut down the WikiLeaks web site.

Internet freedom and privacy organizations are typically afraid to support any regulation of the internet, even inside the U.S. borders. For example, the Electronic Freedom Foundation (EFF) has serious questions:

What is the basis for the FCC’s authority, and is there a reasonable limiting principle to it? Is the basis on which the FCC is claiming it can regulate, one that has real limits for future decisions … ?

Personally, I have to oppose the idea of Net Neutrality. Allowing the FCC or any government body to regulate access to the internet is risky. Once they get in, it’s nearly impossible to keep them out. Technology changes, companies come and go, but government commissions and regulations seem to last forever.

The internet is not broken, and it doesn’t need fixed.

We’ve seen the internet service providers respond to criticism. They will typically do what their customers want them to do. We vote with our money. If we don’t like a provider, in most cases, we can switch to another. I fear the real possibilities of biased political involvement and corruption.

Unfortunately, we may not have any further choice on this issue. The FCC, which isn’t responsible to any American voter, may succeed in it’s bid to regulate the internet inside the United States.

Here is a video from Reason.TV that explains my feelings on this issue a little better than my words.

.

If you don’t agree with my position on Net Neutrality … feel free to comment below.


Disable Third Party Tracking Using Disconnect

Each and every website you visit tracks your moments across the internet. This is basically done through cookies, URL redirecting and more. Many of the sites then use this data to customize advertisements displayed to you.

Disconnect Disable Third Party Tracking

If you are not comfortable with sharing your data with third-party websites, you can now try out a new extension called Disconnect for and RockMeIt browsers.

Disconnect stops major third parties and search engines from tracking the webpages you go to and searches you do. It disable tracking on websites and depersonalizes searches on search engines like Google. It also has a nice little counter to show you the requests it has blocked and an option to easily disable unblocking for certain sites.

Disconnect was written by an ex-Googler who calls this service Web2.1 and claims that he is fixing all the wrongs on the web right now. If you are looking to disable third party tracking head over to http://www.disconnectere.com/ and download the for Chrome or RockMeIt.

(Source: TechCrunch)