LocalCause

Information Technology Services

Category: Privacy (page 1 of 4)

Beware: Most Mobile VPNs Aren’t as Safe as They Seem

Thinking About a Mobile VPN? Be Careful Which One You Pick

Between an industry-wide push to encrypt all web traffic and the newfound popularity of secure chat apps, it’s been a boom time for online privacy. Virtual private networks, which shield your web traffic from prying eyes, have rightly garnered more attention as well.

BETWEEN AN INDUSTRY-WIDE push to encrypt all web traffic and the newfound popularity of secure chat apps, it’s been a boom time for online privacy. Virtual private networks, which shield your web traffic from prying eyes, have rightly garnered more attention as well. But before you use a VPN to hide your online shopping from the IT department at your company—or help protect yourself from state surveillance—know that not all mobile VPNs are created equal. In fact, some are actively harmful.

“These days, many people know what a VPN is and what they can do with one,” says Kevin Du, a computer security researcher at Syracuse University and IEEE senior member. “Not many people know what a bad or flawed VPN can do to their devices, because they don’t know how VPN works.”
 
VPNs have been around for years, as have their attending trust issues. But while previously VPN enthusiasts were mostly a core base of desktop users, the mobile boom and app store accessibility has created an explosion in mobile VPN offerings. And while some are genuinely looking to offer security and privacy services, plenty do more harm than good.

In a recent in-depth analysis of 283 mobile VPNs on the Google Play Store from Australia’s Commonwealth Scientific and Industrial Research Organization, researchers found significant privacy and security limitations in a majority of the services. Eighteen percent of the mobile VPNs tested created private network “tunnels” for traffic to move through, but didn’t encrypt them at all, exposing user traffic to eavesdropping or man-in-the-middle attacks. Put another way, almost a fifth of the apps in the sample didn’t offer the level of security that’s basically the entire point of VPNs.

Read the rest at wired.com

Warning: Google Enables Personally Identifiable Web Tracking

Google Using Personally-Identifiable Information to Track Your Every Move?The practical result of the change is that the DoubleClick ads that follow people around on the web may now be customized to them based on the keywords they used in their Gmail. It also means that Google could now, if it wished to, build a complete portrait of a user by name, based on everything they write in email, every website they visit and the searches they conduct.

The move is a sea change for Google and a further blow to the online ad industry’s longstanding contention that web tracking is mostly anonymous. In recent years, Facebook, offline data brokers and others have increasingly sought to combine their troves of web tracking data with people’s real names. But until this summer, Google held the line.

To opt-out of Google’s identified tracking, visit the Activity controls on Google’s My Account page, and uncheck the box next to “Include Chrome browsing history and activity from websites and apps that use Google services.” You can also delete past activity from your account.

“The fact that DoubleClick data wasn’t being regularly connected to personally identifiable information was a really significant last stand,” said Paul Ohm, faculty director of the Center on Privacy and Technology at Georgetown Law.

“It was a border wall between being watched everywhere and maintaining a tiny semblance of privacy,” he said. “That wall has just fallen.”

https://www.propublica.org/article/google-has-quietly-dropped-ban-on-personally-identifiable-web-tracking

Every move you make, every step you take, Google is watching you

Amid complaints that Google Play is always switching on GPS, it appears Google has made it impossible to prevent the app store from tracking your whereabouts unless you completely kill off location tracking for all applications.

If you’re not keen on this, the options are not great: you can either delete Google Maps and/or Google Play, or you have to repeatedly turn your phone’s location services on and off as required throughout the day, which is extremely irritating.

“Kind of defeats the purpose of fine-grained privacy controls,” Al-Bassam noted, adding: “Google is encouraging developers to use the Play location API instead of the native Android API, making an open OS dependent on proprietary software.”

Google was not available for comment.

Delete Google Maps? Go ahead, says Google, we’ll still track you

Google, it seems, is very, very interested in knowing where you are at all times. Users have reported battery life issues with the latest Android build, with many pointing the finger at Google Play – Google’s app store – and its persistent, almost obsessive need to check where you are.

Microsoft keeps making news on the privacy front, and not in a good way.

The company keeps defending data-gathering features that some people don’t want instead of just making them optional.

Microsoft has been called to task for the practice by privacy advocate the Electronic Frontier Foundation. A blog post by EFF staffer Amul Kalia criticizes the company not just for collecting information for Cortana, but also for collecting telemetry data. Kalia writes: “A significant issue is the telemetry data the company receives. While Microsoft insists that it aggregates and anonymizes this data, it hasn’t explained just how it does so. Microsoft also won’t say how long this data is retained, instead providing only general timeframes. Worse yet, unless you’re an enterprise user, no matter what, you have to share at least some of this telemetry data with Microsoft and there’s no way to opt-out of it.”

Microsoft’s tin ear for privacy

Microsoft keeps making news on the privacy front, and not in a good way. Much has been made of the way Cortana in Windows 10 may invade your privacy by collecting data such as the words you speak and the keys you strike.

Why you should delete the online accounts you don’t use anymore — right now

Despite falling out of vogue years ago, MySpace — that old precursor to Facebook — still has details on more user accounts than the United States has people. And now a hefty chunk of those account credentials has been leaked to the entire Internet, in a humbling reminder that the Matchbox Twenty-inspired username you probably made in high school is still worth a heck of a lot to companies and criminals.

As many as 360 million MySpace accounts turned up for sale Friday in a 33-gigabyte dump online, according to reports that were confirmed Monday by MySpace’s parent, Time Inc.

A directory of direct links to delete your account from web services.

Ready to get started?

In that light, it seems there’s a strong case for deleting your old, unused accounts — or at least creating a throwaway email address to associate with the services you don’t use so that they’re insulated from the email addresses you use for more important things. Not only does it potentially cut down on the number of credentials you have to remember (although hopefully you’re solving that by using a password manager, right?), but it helps limit your exposure to hackers. By changing the credentials on your old accounts and disassociating them from online services that you use in the present-day, you can help make sure none of your other Internet identities are put at risk.

Read the rest at the WASHINGTON POST

What happened when a parent fought for his kid’s privacy at an all-Chromebook school

ChromebookKatherine W was seven when her third-grade teacher issued Chromebooks to her class. Her dad, Jeff, is a serious techie, but the school’s tech choices didn’t sit well with him. He was able to get Katherine an exception that let her use a more private, non-cloud computer for the year, but the next year, Katherine’s school said she would have to switch to a laptop that would exfiltrate everything she did to Google’s data-centers.

The rules around data-collection and kids are complicated and full of loopholes. Though they seem, on the surface, to forbid Google from creating an advertising profile of kids using school-issued laptops, the reality is that kids are profiled as soon as they click outside of the Google education suite — so when a kid watches a Youtube video, her choice is added to an advertising profile that’s attached to her school ID.

Jeff worked with the Electronic Frontier Foundation to negotiate Katherine’s right to keep using non-cloud computers in school, with better privacy protections for her.

EFF has published a guide for students to improving Chromebook privacy settings, too — so if your school makes you (or your kids) use Chromebooks, you can make good choices about keeping your data private.

Windows 10 is spying on almost everything you do – here’s how to opt out

Windows-10_Product-Family[1]

Windows 10 is amazing. Windows 10 is fantastic. Windows 10 is glorious. Windows 10 is faster, smoother and more user-friendly than any Windows operating system that has come before it. Windows 10 is everything Windows 8 should have been, addressing nearly all of the major problems users had with Microsoft’s previous-generation platform in one fell swoop.

But there’s something you should know: As you read this article from your newly upgraded PC, Windows 10 is also spying on nearly everything you do.

Google eavesdropping tool installed on computers without permission?

07d478ba-e253-46b8-9170-2a0e5d325b1a-2060x1236

Privacy campaigners and open source developers are up in arms over the secret installing of Google software which is capable of listening in on conversations held in front of a computer.

The default behavior of hotword, a new, black-box module in Chrome (and its free/open cousin, Chromium) causes it to silently switch on your computer’s microphone and send whatever it hears to Google.

More..

Hold Verizon Accountable for Violating Its Users’ Privacy

 

EFF

Verizon advertising partner Turn has been caught using Verizon Wireless’s UIDH tracking header to resurrect deleted tracking cookies and share them with dozens of major websites and ad networks, forming a vast web of non-consensual online tracking. Explosive research from Stanford security expert Jonathan Mayer shows that, as we warned in November, Verizon’s UIDH header is being used as an undeletable perma-cookie that makes it impossible for customers to meaningfully control their online privacy.

 VerizonMayer’s research, described in ProPublica, shows that advertising network and Verizon partner Turn is using the UIDH header value to re-identify and re-cookie users who have taken careful steps to clear their cookies for privacy purposes. This contradicts standard browser privacy controls, users’ expectations, and Verizon’s own claims that the UIDH header won’t be used to track users because it changes periodically.

Facebook facing class action lawsuit over scanning users’ private messages

Facebook caught spying(Reuters) – Facebook Inc must face a class action lawsuit accusing it of violating its users’ privacy by scanning the content of messages they send to other users for advertising purposes, a U.S. judge has ruled.

U.S. District Judge Phyllis Hamilton in Oakland, California, on Tuesday dismissed some state-law claims against the social media company but largely denied Facebook’s bid to dismiss the lawsuit.

Facebook had argued that the alleged scanning of its users’ messages was covered by an exception under the federal Electronic Communications Privacy Act for interceptions by service providers occurring in the ordinary course of business.

But Hamilton said Facebook had “not offered a sufficient explanation of how the challenged practice falls within the ordinary course of its business.”

Neither Facebook nor a lawyer for the plaintiffs responded to a request for comment Wednesday.

Older posts

© 2017 LocalCause

Theme by Anders NorenUp ↑

Loading...