close

privacy

Verizon Wireless to sell customers browsing habits to highest bidder

This is capitalism at its worst.  Profiteering from customer browsing habits is the latest revenue model being implemented by Verizon Wireless.  The Sydney Morning Herald from Australia has reported this shocker of crony capitalism story where Verizon Wireless will be collating the customers browsing data and selling it to the highest bidder.
Verizon Wireless to sell customers browsing habits to highest bidder
As per the report published by SMH, the United States telecom giant, Verizon Wireless has issued a alert stating that it will be accessing users browsing habits and then selling it to a marketer for profits.   As per the alert, Verizon Wirelss says it’s “enhancing” its Relevant Mobile Advertising program.  Under this RMA program, Verizon Wireless collects data on customers’ online browsing habits and sells them to marketers.  This data is very valuable to the marketers because it enables them to sell their products to targeted audience with greater precision. 

“In addition to the customer information that’s currently part of the program, we will soon use an anonymous, unique identifier we create when you register on our websites,” Verizon Wireless is telling customers.  “This identifier may allow an advertiser to use information they have about your visits to websites from your desktop computer to deliver marketing messages to mobile devices on our network,” it says.

In simple English, Verizon Wireless will monitor not just your wireless activities but also what you do on your wired or Wi-Fi-connected laptop or desktop computer – even if your computer doesn’t have a Verizon connection. The company will then share that additional data with marketers for windfall gains.

To propagate its RMA program,  Verizon is making its customers download a tracking software onto their computers.  This is being done without explicit consent of the customer.  Worse, if the customer doesnt like this ‘privacy invasion’ policy of Verizon Wireless he/she has to take all the trouble of visiting Verizon Wireless site, signing up and then opting out.  Quite a bit of trouble the customer has to undergo for what is probably their fundamental right.

SMH rightly says that this is one of the most outrageous examples recently of how the tech companies elaborately compromise customer privacy for windfall gains.  One the one hand they proclaim to be self righteous upholders of consumer privacy and then indulge in this form of shadow crony capitalism by quietly selling consumers private data out to the highest bidder.
read more

Lack of encryption puts Viber images, videos and location data at risk, Millions of user at risk of data theft.

Security Researchers at the University of New Haven, Cyber Forensics Research & Education Group have exposed a serious security flaw in popular mobile VoIP and instant messaging application Viber. which exposes the  images, videos and location data of the user to a potential attacker.

Earlier this week the same group of Researcher exposed a critical Vulnerability in world’s most popular messaging App WhatsApp which allowed an Attacker to trace user’s location data

The researchers have found that there is a a serious security flaw in the way Viber receives and transmits images, Doodles, Video files as well as the way it sends or receives location data. Researchers have also found out that Viber stores data in an unencrypted format on their servers which is easily susceptible to tampering or hacker attack.

Any Network provider, attacker with a Rogue AP, or any man-in-the middle attack can take leverage of the flaw and can easily steal user’s data.

Lack of encryption puts Viber images, videos and location data at risk, Millions of user at risk of data theft.

A video demonstration explaining how the Attack works can be seen below,

The mobile traffic was captured using the Windows 7 virtual wifi miniport adapter feature. The host computer was connected to the Internet via an Ethernet cable so that the wireless card was not in use. The Ethernet connection was set to share its Internet access with the virtual wifi miniport adapter. researchers were now able to capture the traffic over the network test using various tools such as NetworkMiner, Wireshark, and NetWitness.


The results of the Experiment confirmed that Images, Doodles, Location Images and Videos received are unencrypted. Data stored on the Viber Amazon Servers are unencrypted and can be easily accessed without any authentication mechanism.

Anyone, including the service providers will be able to collect this information – and anyone that sets up a rogue AP, or any man-in-the middle attacks such as ARP poisoning will be able to capture this unencrypted traffic and view the images and videos received as well as the locations being sent or received by a phone. the researchers said in a blog post

The Flaw was reported to the Viber security team, however no response was heard back by the researchers.  

read more

FBI’s facial recognition database to have 52 Millions Photos by next year.

The FBI is on its way to achieve the goal of a fully operational face recognition database by next year.

The Recent documents obtained by EFF in response to our Freedom of Information Act lawsuit for information on Next Generation Identification (NGI) shows that the FBI’s Next Generation Identification (NGI) database will contain 52 million photos by 2015. which is almost equal to one-third of of the US population.
By the middle of 2013 FBI already had 16 million images to its facial recognition database, report suggests that the database will be capable of processing 55,000 direct photo enrollments daily and of conducting tens of thousands of searches every day. 
what came to be more shocking was that in addition to 46 million criminal images NGI will also include 4.3 million civil images to its database. so the images will be from both Criminal and Non-Criminal  nature.

NGI already contains over 100 million individual records and has been designed to include multiple forms of biometric data, including palm prints, finger prints and iris scans in addition to face recognition data. with which other personal details is used to create personal files of Individuals. this is then shared by state, tribal, local and other Federal Authorities across the United states.
However the Question which rises now is why FBI needs Images of 4.3 Million peoples who are not involved in any Criminal case.

While this database can be used to help law enforcement agencies and improve the Consumers, business and other Organisations it also can cause a innocent to come into the list of suspect for a criminal case.
it’s unclear how such a big database will be managed and what oversights already exist in the planning.
since the recent NSA mass surveillance leaks people are more concerned about their privacy and now this may upset them more. 

read more

Parent spying : Two-thirds of parents spy “regularly” on children’s social media accounts

Today’s world revolves around the internet and in extension to that on the social media sites like Facebook, Twitter, Google+ etc. Today’s generation is a internet savvy generation and most children spend their free hours on internet and social media sites. And since the world wide web is a free independent medium with no censorship laws, its but natural that the parents of today children and teen are apprehensive of the childrens browsing habits and the friends they keep on the social media platforms.  This is especially true considering the fact that 35 percent of the content on all the web is adult.  So what do the parents do!!!  Well a report from Eset says that nearly two-thirds of parents check social media accounts without their children’s knowledge.
Parent spying : Two-thirds of parents spy “regularly” on children’s social media accounts
Now as we all know spying is bad but are the parents really doing a bad thing?  VoucherCloud a voucher company conducted a poll of around 2,105 parents based in United Kingdom and focused on the social media use of children aged 13-16, and was conducted by voucher company VoucherCloud.  It is pertinent to note that the minimum age for signing for a Facebook account is 13 years but children much younger that this use Facebook by logging in with alias ids or lying about their age.  A previous research study done by the London School of Economics found that 43% of children aged nine to 12 used the site, according to a BBC report.

Back to the VoucherCloud study, two-thirds of the respondents to the survey admitted to using various  methods to check on children “without their knowledge.” Consecutively, 81 percent of the parents polled, said that their children used some kind of social media while 19 percent said that they did not or the parents were not aware of them using it. 

The poll also revealed that 73% of the children that used social media were on Facebook, making it the most popular site, whilst 56% were on Twitter. A further 49% used Instagram.

On the process of snooping on their children’s social media accounts, most of the parents admitted that they made sure to get the passwords to sign into the accounts, and without the permission or knowledge of the their children. This poll was consistent in this regards, with more than half (55%) admitted to this, and a third (31%) admitted to doing so “on a regular basis”.

Two-thirds of parents or 67% also searched for their children’s profiles online to monitor them anonymously. Parents were asked, ‘Do you know the passwords to either your children’s personal email account or any of their social media accounts?’. 45% of the parents claimed to know their child/children’s email password, whilst 36% knew their social media login details for at least one of their profiles.

Most parents admitted that their prime concern was “safety”. A further third said that they did so simply to check what their children were up to – as ‘they didn’t tell them anything.’ One-fifth of those surveyed had found something ‘incriminating’ by snooping on social accounts, and of those, more than half (53%) had confronted their children about this. Those parents who confronted their child/children were asked ‘Did you confess that you’d checked up on their social media or email account(s)?’ to which 38% said ‘yes’, but the majority, 62%, made out that they’d found out ‘by other means’.

Commenting on the poll and its results, Matthew Wood of VoucherCloud made the following comment:”Today’s world can often come across as a sinister place to parents. Media coverage of social media related nightmares is widespread, so it’s no surprise that they’re wary of what their children are up to. Are they sexting? Are they talking to strangers online? It seems that many parents think the only way to find out is via stealth. It’s sad to see that some parents feel the only way they can assess what their children are up to is via a sly look at their social media. Is this indicative of the modern world? This might be the case, but teenagers have always been well known for their secretive ways, so perhaps parents shouldn’t take it to heart too much and should just accept it’s one of those phases.”
read more

Google pays more than $1M fine for street view Violation in Italy.

Google’s Street View a technology featured in Google Maps and Google Earth that provides panoramic views from positions along many streets in the world have brought up trouble for Google in Italy.

Google pays more than $1M fine for street view Violation in Italy

Google paid a 1 million euro (£825,890) fine after a regulator found that Google’s street view cars violated citizens rights of privacy, by taking photographs without the person’s permission.

Google’s Street View cars, which it used to record images on Italian streets in 2010, were not clearly recognisable. In addition to the fine, Google had to begin marking its vehicles with signs or stickers, as well as posting its planned locations three days before shooting photos. the law regulator said.

It is not the first time when Google is being fined for its street view, last year the Company was fined 210 million won ($196,000) in south korea for unauthorized data collection through street view.

It looks like Google’s Street View technology may have a long difficult way to travel through in upcoming future without getting tangled with the privacy advocacy groups and regulators across the world.

read more

NSA and GCHQ used Angry Birds and other smart phone Apps to retrieve users personal data.

Imagine that you are playing the very addictive Angry Birds on your iPhone or Android powered Samsung Galaxy S IV. While you will be under the impression that you are playing this seemingly innocuous game for passing your time, you may be revealing your name, age, sex, location and other personal information to the American National Security Agency (NSA) and British Government Communications Head Quarters (GCHQ).


As per the latest revelations, both NSA and GCHQ have been using the iOS and Android Apps to grab personal details of the user unknown to him or her.  Like the other wire tapping programs undertaken by NSA and it cohorts, this one too spans the globe. Under the guise of surveillance of terror suspects, the NSA and the GCHQ have been said to be trying to exploit the Apps and Games universe that exists in today’s mobile ecosystem.  Alarmingly and strangely, the tapping and snooping is said to have become more severe with each software and firmware update from the mobile OS providers.  Which means that the Android 4.4 Kitkat and iOS 7 are divulging more personal data than the old Android 2.1 or iOS 6.

The latest revelations also reveal that this seemingly harmless Apps and games were indeed good data careers for the spy agencies as they can reveal everything the particular user has been doing right from his/her IMEI number to where they have been the whole day. The reports further reveal that the N.S.A. and GCHQ have been working together to master the art of data collection and storage from these Apps and Games available on millions of smart phones sold every year.  The work was first started in the year 2007 as per the latest leaks published. 

The entire Apps and Games snooping project can be summed up from the 2011 British document where this entire phenomenon was called “the mobile surge”.  The NSA had named one of the projects as ‘Golden Nugget!” as per the latest leaks and the Golden Nugget is a top secret 2010 talk describing the potential use of iPhones and Android phones as rich resources for data trapping.

The latest leaks have just been published and as such the entire scal of this project is not known.  But one thing is clear, the documents clearly show that the N.S.A. and the British agency routinely obtained information from older Apps and as the newer Apps and Games like the Angry Birds were introduced, the agencies data collection capability increased exponentially.  The reports however do not make it clear whether the NSA and GCHQ actually used the data.   Which means that as per the reports, the NSA and GCHQ has the capability to hunt down the name, age, sex, location and other personal information of any user who uses the App or Game but it is not known whether they actually used it. A secret 2012 British intelligence document says that spies can scrub smartphone apps that contain details like a user’s “political alignment” and sexual orientation.

Readers may remember that the United States President Obama had announced curbs on NSA regarding the collection and viewing of the ‘metadata’ collected through surveillance of emails, calls, video chats, chats, forums etc. but he did not address anything about the data collected through such methods like App and Game backdoors.  Analysts around the world feel that this is a new way for the Americans and their allies to continue with its surveillance program without running foul with the Presidential directive or the Congress. 
read more

Judge in London raps Google allows activists to sue it and says ‘Anonymized does not mean Private’

A Judge in England today ruled against Google over its policy of using cookies in Apple’s Safari browser even when the the same is disabled in browser settings.  This ruling allows the Privacy Activists in England to sue Google over privacy infringement in United Kingdom itself instead of filing a suit in distant United States.

Judge in London raps Google allows activists to sue it and says 'Anonymized does not mean Private'

In a ruling by a Judge of High Court in London, the Judge set aside one of the two applications Google had made. The privacy activists can now now continue in the England with a tort claim, based on the allegation that Google unlawfully misused private information. But the Judge has disallowed any injunction against Google.  So as of now Google is free to use the tracking cookies in Safari Browser (tracking trick) but it is liable to be sued any where in UK.  

The privacy activists had filed this suit based on a similar class action suit filed in USA in month of October, 2013.  The US court had thrown out the case but Google was fined Google $22.5 million for using the tracking trick. Google had put forth its argument that the England’s Court had no jurisdiction claim on the matter as it was based in US.  It had requested the Court to quash permission to sue it in any court in UK.


But today the Judge, Mr.Justice Tugendhat of the High Court in London held that :

“I am satisfied that there is a serious issue to be tried in each of the Claimants’ claims for misuse of private information… The Claimants’ application to rely on ground (9) in relation to the DPA [Data Protection Act] claim is allowed… the Claimants have clearly established that this jurisdiction is the appropriate one in which to try each of the above claims.”


Judge Tugendhat also rubbished Googles claim that the relevant data was not private as it was anonymized.  The  Judge ruled that being Anonymized does not mean private.  


“I find this a surprising submission to be made on behalf of Google Inc. It would not collect and collate the information unless doing so enabled it to produce something of value.”


The privacy activists are partly happy with the ruling however Google said it will appeal against the ruling in higher courts.

“We still don’t think that this case meets the standards required in the UK for it to go to trial, and we’ll be appealing today’s ruling.”

read more