Information Security & Occasional Forays Into Adjacent Realms
A new (published February 24th, 2020) study - targeting web browser chattiness and privacy (whatever may be left, i.e.). Comprised of highly detailed data, and authored by Professor Douglas J. Leith PhD, School of Computer Science & Statistics, Trinity College Dublin, Ireland (Eire) is our Highly Recommended Monday Must Read.
Following the release of an excoriating report written by Joseph Cox at Vice - in which, the good Mr. Cox details the astounding bad-form by anti-virus-flogger-of-ill-repute - Avast, Nicolas Vega a news piece targeting the shutttering of the offending subsidiary by same.
'...Vlcek and Avast’s board of directors elected to “terminate the Jumpshot data collection and wind down Jumpshot’s operations, with immediate effect.” The shuttering of Jumpshot will result in the loss of “hundreds” of jobs for Jumpshot employees, Vlcek said, adding that “it is absolutely the right thing to do.” 'San Francisco-headquartered Jumpshot has five global offices and is led by a team of six, headed by Deren Baker.' - via Nicolas Vega, writing at The New York Post
Read Kashmir Hill's superlative report and weep for your & your offsprings' mislaid safety and privacy. And, me bucko, once you've quit thee bellyachin' and you've sopped up your tears for the nonce, contact your Representatives and Senators via your usual means. Give them the bad news they are in the database housing the countenances specified as well.
Outstanding reports - via Norwegian Forbrukerrådet detailing the systematic criminal behavior exhibited by Advertising Entites and their Ilk, with the resultant aglommeration of data which permits them significant and increasing leverage against the owners of that personal data (and the ability to generate significant revenue with the sale of that data). Time for this to end, don't you agree? H/T
Quite likely, the single most important Privacy related paper you should examine. Today's Must Grok.
All the more reason to avoid coughing up your DNA to (and non-) profit companies. via H/T
'"When you give your DNA data to companies like Ancestry.com or 23andMe, you give up not only your own genetic privacy, but that of your entire family," Li said. (Neither company's tests were involved in the serial-killer case.)' - via Paul Wagenseil, writing for Tom's Guide
Flawed security provisioning coupled with incompetent security management leads to Amazon’s Ring camera hacks, and the subsequent fear and loathing represented by those intrusions. Or, an Invasion of Privacy, by any other name.
Based on outrage as to the marketing tactics of Amazon.com, Inc. (NASDAQ: AMZN) RING unit (and the serious flaws discovered weekly with this hardware home security solution), I predict significant lawfare targeting the company, for both it's privacy related SNAFUs (and the product line's deep security flaws) as well as it's aggressive and gratutities-laden marketing tactics (think the pharmaceutical industry in relation to doctors) targeting law-enforcement. Not too mention the obvious incompetence of the company's security oversight of RING as a line of business. Read All About It.
The subterfuge of the listed domains is also evident in many of your favorite destinations. Test it for yourself at https://trackingthetrackers.com/
Brought to my attention by the inimitable Trey Blalock firewallling all-the-things at Firewall Consultants, comes a new cookie-debacle (also known as CNAME Cloaking) being perpetrated by many so-called 'legitimate' web properties floating out and about in the information refuse-pit known colloquially as the Interweb. Note: The list of sites in the image are all culprits and culpable. Use TrackingTheTrackers to discover how much milage that Red Pill was provisioned for you, in your exquisite ambulatory journey down the rabbit hole of DNS record manipulation.
"How come AdBlock, Adblock Plus, uBlock Origin, Ghostery, Brave and Firefox are letting a third-party tracker from Eulerian, a leading tracking company, execute their script freely on fortuneo.fr, one of the biggest online bank in France?" - via Romain Cointepas, writing at NextDNS blog
via Bhaskar Chakravorti, PhD - the Dean of Global Business, The Fletcher School at Tufts University, comes this thought provoking piece targeting Facebook Inc.'s (NASDAQ: FB) new 'Privacy Cop'. Certainly, today's Must Read.
'In my opinion, in order to be effective, there are three main privacy-related concerns the FTC’s newly designated cop would need to look out for: the potential for genuine violations of users’ privacy; the targeted spread of harmful content, especially resulting in election manipulation and ethnic violence; and instances of collecting and harvesting far more data than is warranted to provide services to users.' - via Bhaskar Chakravorti, PhD Dean of Global Business, The Fletcher School at Tufts University
The key word here, folks, is 'Suspends'. Apple Inc. (Nasdaq: AAPL) will re-enable the activity. But it's only for your own good... Right?
Exploit of the Month or How Using Smartphones In Speakerphone-Mode Descimates Your Privacy: Spearphone (PDF) (by way of the obviously superlative engineering of S. Abhishek Anand, Chen Wang, Jian Liu, Nitesh Saxena and Yingying Chen), the speech privacy exploitation activity via the device-under-scrutiny's accelerometer detected vibrations emanating via the device's installed speakers. The claim is the use of the device's so-called speakerphone 'erodes' the privacy of the user. Today's Must Read! Hat Tip. Simply astonishing work.
"In particular, we show that by exploiting the affected accelerometer readings and carefully selecting feature sets along with off-the-shelf machine learning techniques, Spearphone can successfully perform gender classification (accuracy over 90%) and speaker identification (accuracy over 80%). In addition, we perform speech recognition and speech reconstruction to extract more information about the eavesdropped speech to an extent." via the Authors (S. Abhishek Anand, Chen Wang, Jian Liu, Nitesh Saxena and Yingying Chen))
Bad Behaviors should not be tolerated... Behold, and examine, if you will, the data exfiltrated (in this case, the inventory of extensions installed in your broweser, and data contained therein) by Linkedin (Nasdaq: LNKD) when the user authenticates at the company's primary public-facing site. Utilizing tools authored by the inimitable Corey Prophitt it's a revelation of the worst kind. Simply Astounding (and certainly bad behavior by a Microsoft Corporation (Nasdaq MSFT) owned company). Hat Tip.
"How would you feel if you opened a program and the program started to check your file system to see what other programs you had installed? You would probably feel the software was overstepping. This is essentially what LInkedIn does when you visit their website. LinkedIn will scan your local browser files in an attempt to identify a number of different browser extensions you may have installed. The data collected by LinkedIn is then exfiltrated from the browser." - via Corey Prophitt, writing at Prophitt.me
Today's Must Read comes to us via Steve Melendez, reporting for Fast Company, with an outstanding piece on Robotic Surveillance accompanied by an equally tremendous report and posting via the ACLU on the same topic. Read both posts, and the report from the ACLU and try not to weep for our society's future (or not).
News, originally brought to my attention by the eponymous John Gruber, with further details from Mikael Thalen, writing at The Daily Dot, of Facebookery at it's finest:
"A lawyer for Facebook argued in court Wednesday that the social media site’s users “have no expectation of privacy.” According to Law360, Facebook attorney Orin Snyder made the comment while defending the company against a class-action lawsuit over the Cambridge Analytica scandal. “There is no invasion of privacy at all, because there is no privacy,” Snyder said." - via Mikael Thalen, writing at The Daily Dot
News of recently revealed and egregious tracking behaviors at Google Inc. (Nasdaq: GOOG); specifically Google is using your Gmails account to track your purchases. Our suggestions is to immediately remove any financial transaction related messaging from your Gmail accounts without delay - unless of course, you trust Google...
"While Google told us that you can delete this information at any time, they did not mention how much of a pain it is to do so. Instead of having a single setting that allows you to control how this data is saved, you need to go into each and every purchase and click on the Remove Purchase button. This will bring you to the original email that the data was pulled from and once this email is trashed, the purchase will be removed from the Purchases page. " - via Lawrence Abrams, reporting at Bleeping COmputer
