Privacy

Uber Revises Privacy Policy, Wants More Data From Users 129

Posted by Soulskill
from the can-you-just-drive-me-places dept.
itwbennett tips news that Uber has amended its privacy policy, making it much simpler to read and understand. But the policy also includes changes to what data Uber collects about its riders. Beginning July 15th, the Uber phone app will keep track of a rider's location while it's running in the background. Uber says riders will be able to opt out of this tracking. The policy changes also allow for advertising using the rider's contact list: "for example the ability to send special offers to riders' friends or family." The revision of Uber's privacy policy followed complaints at the end of last year that the company was overstepping its bounds.
The Courts

Adblock Plus Victorious Again In Court 310

Posted by samzenpus
from the win-again dept.
New submitter Xochil writes: AdBlock Plus has successfully defended itself in court for the second time in five weeks. The Munich Regional Court ruled against media companies ProSiebenSat1 and IP Deutschland. The companies sued Eyeo, the company behind Adblock Plus, asking the court to ban the distribution of the free ad-blocking software, saying it hurts their ad-based business model. An Eyeo release says in part: "We are elated at the decision reached today by the Munich court, which is another win for every internet user. It confirms each individual’s right to block annoying ads, protect their privacy and, by extension, determine his or her own internet experience. This time it also confirms the legitimacy of our Acceptable Ads initiative as a compromise in the often contentious and rarely progressive world of online advertising."
Democrats

Obama Asks Congress To Renew 'Patriot Act' Snooping 387

Posted by Soulskill
from the it-makes-you-safer-because-reasons dept.
mi writes: President Obama has asked the Senate to renew key Patriot Act provisions before their expiration on May 31. This includes surveillance powers that let the government collect Americans' phone records. Obama said, "It's necessary to keep the American people safe and secure." The call came despite recent revelations that the FBI is unable to name a single terror case in which the snooping provisions were of much help. "Obama noted that the controversial bulk phone collections program, which was exposed by National Security Agency contractor Edward Snowden, is reformed in the House bill, which does away with it over six months and instead gives phone companies the responsibility of maintaining phone records that the government can search." Obama criticized the Senate for not acting on that legislation, saying they have necessitated a renewal of the Patriot Act provisions.
Security

IRS: Personal Info of 100,000 Taxpayers Accessed Illegally 85

Posted by Soulskill
from the disincentive-to-pay-your-taxes dept.
An anonymous reader writes: The Associated Press reports that an online service provided by the IRS was used to gather the personal information of more than 100,000 taxpayers. Criminals were able to scrape the "Get Transcript" system to acquire tax return information. They already had a significant amount of information about these taxpayers, though — the system required a security check that included knowledge of a person's social security number, date of birth, and filing status. The system has been shut down while the IRS investigates and implements better security, and they're notifying the taxpayers whose information was accessed.
Privacy

Sniffing and Tracking Wearable Tech and Smartphones 56

Posted by samzenpus
from the all-the-better-to-follow-you-with dept.
An anonymous reader writes: Senior researcher Scott Lester at Context Information Security has shown how someone can easily monitor and record Bluetooth Low Energy signals transmitted by many mobile phones, fitness monitors, and iBeacons. The findings have raised concerns about the privacy and confidentiality wearable devices may provide. “Many people wearing fitness devices don’t realize that they are broadcasting constantly and that these broadcasts can often be attributed to a unique device,” said Scott says. “Using cheap hardware or a smartphone, it could be possible to identify and locate a particular device – that may belong to a celebrity, politician or senior business executive – within 100 meters in the open air. This information could be used for social engineering as part of a planned cyber attack or for physical crime by knowing peoples’ movements.” The researchers have even developed an Android app that scans, detects and logs wearable devices.
Privacy

Hackers Can Track Subway Riders' Movements By Smartphone Accelerometer 69

Posted by samzenpus
from the all-the-better-to-follow-you-with dept.
Patrick O'Neill writes: Tens of millions of daily subway riders around the world can be tracked through their smartphones by a new attack, according to research from China's Nanjing University. The new attack even works underground and doesn't utilize GPS or cell networks. Instead, the attacker steals data from a phone's accelerometer. Because each subway in the world has a unique movement fingerprint, the phone's motion sensor can give away a person's daily movements with up to 92% accuracy.
Privacy

Privacy Behaviors Changed Little After Snowden 113

Posted by Soulskill
from the just-another-speed-bump-in-the-new-cycle dept.
An anonymous reader writes: An article in Communications of the ACM takes a look at how Edward Snowden's revelations about government surveillance have changed privacy behaviors across the world. The results are fairly disappointing. While the news that intelligence agencies were trawling data from everyday citizens sparked an interest in privacy, it was small, and faded quickly. Even through media coverage has continued for a long time after the initial reports, public interest dropped back to earlier levels long ago. The initial interest spike was notably less than for other major news events. Privacy-enhancing behaviors experienced a small surge, but that too failed to impart any long-term momentum. The author notes that the spike in interest "following the removal of privacy-enhancing functions in Facebook, Android, and Gmail" was stronger than the reaction to the government's privacy-eroding actions.
Firefox

Firefox's Optional Tracking Protection Reduces Load Time For News Sites By 44% 206

Posted by Soulskill
from the definition-of-a-win-win dept.
An anonymous reader writes: Former Mozilla software engineer Monica Chew and Computer Science researcher Georgios Kontaxis recently released a paper (PDF) that examines Firefox's optional Tracking Protection feature. The duo found that with Tracking Protection enabled, the Alexa top 200 news sites saw a 67.5 percent reduction in the number of HTTP cookies set. Furthermore, performance benefits included a 44 percent median reduction in page load time and 39 percent reduction in data usage.
Google

Cute Or Creepy? Google's Plan For a Sci-Fi Teddy Bear 102

Posted by timothy
from the teddy-ruxpin-pinned-it-on-the-one-armed-man dept.
HughPickens.com writes: Time Magazine reports that Google has designed and patented an "anthropomorphic device" that could take the form of a "doll or toy" and interact both with people as well as tech gadgets echoing the "super toy" teddy bear featured in Stephen Spielberg's 2001 movie AI. This could be one of Google's creepiest patents yet — especially if movies like "Chuckie" still give you nightmares. The patent filing diagrams a stuffed teddy bear and a bunny rabbit outfitted with microphones, speakers, cameras and motors as well as a wireless connection to the internet. If it senses you're looking at it, the fuzzy toy will rotate its head and look back at you. Once it receives and recognizes a voice command prompt, you can then tell it to control media devices in your home (e.g. turn on your music or TV). According to the patent filing: "To express interest, an anthropomorphic device may open its eyes, lift its head, and/or focus its gaze on the user or object of its interest. To express curiosity, an anthropomorphic device may tilt its head, furrow its brow, and/or scratch its head with an arm. To express boredom, an anthropomorphic device may defocus its gaze, direct its gaze in a downward fashion, tap its foot, and/or close its eyes. To express surprise, an anthropomorphic device may make a sudden movement, sit or stand up straight, and/or dilate its pupils."

The patent adds that making the device look "cute" should encourage even the youngest members of a family to interact with it. But Mikhail Avady, from SmartUp, said he thought it belonged in "a horror film", and the campaign group Big Brother Watch has also expressed dismay. "When those devices are aimed specifically at children, then for many this will step over the creepy line," says Avady. "Children should be able to play in private and shouldn't have to fear this sort of passive invasion of their privacy."
Communications

NSA-Reform Bill Fails In US Senate 135

Posted by timothy
from the couldn't-have-happened-to-a-nicer-bill dept.
New submitter Steven King writes with a link to The Daily Dot's report that the U.S. Senate has rejected the controversial USA Freedom Act, thus "all but guaranteeing that key provisions of the USA Patriot Act will expire"; had it passed, the bill would have allowed continued use of some mass data-collection practices, but with the addition of stronger oversight. From the article: The Senate failed to reach agreement on passage of the USA Freedom Act, a bill to reauthorize and reform Section 215 of the USA Patriot Act, which the government has used to conduct bulk surveillance of Americans' phone records. The House of Representatives passed the bill last week by an overwhelming bipartisan majority, but Senate Democrats, who unified behind the bill, did not get enough Republican votes to assure passage. The linked piece also mentions that the EFF shifted its position on this bill, after a panel of Federal judges ruled that the Feds at the NSA had overstepped their bounds in collecting a seemingly unlimited trove of metadata relating to American citizen's phone calls.
Government

The Body Cam Hacker Who Schooled the Police 159

Posted by Soulskill
from the watching-the-watchers dept.
New submitter Cuillere writes: In the fall of 2014, a hacker demanded the Seattle Police Department release all of their body and dash cam video footage, prompting chaos within the institution. Although it was a legal request per Washington state's disclosure laws, Seattle's PD wasn't prepared to handle the repercussions of divulging such sensitive material — and so much of it. The request involved 360 TB of data spread across 1.6 million recordings over 6 years. All recordings had to be manually reviewed and redacted to cut out "children, medical or mental health incidents, confidential informants, or victims or bystanders who did not want to be recorded," so fulfilling the request was simply not within the department's capabilities. Thus, they took a different strategy: they hired the hacker and put him to work on developing an automated redaction system. "Their vision is of an officer simply docking her body cam at the end of a shift. The footage would then be automatically uploaded to storage, either locally or in the cloud, over-redacted for privacy and posted online for everyone to see within a day."
Firefox

Ads Based On Browsing History Are Coming To All Firefox Users 530

Posted by Soulskill
from the just-what-you-wanted dept.
An anonymous reader writes: Mozilla has announced plans to launch a feature called "Suggested Tiles," which will provide sponsored recommendations to visit certain websites when other websites show up in the user's new tab page. The tiles will begin to show up for beta channel users next week, and the company is asking for feedback. For testing purposes, users will only see Suggested Tiles "promoting Firefox for Android, Firefox Marketplace, and other Mozilla causes." It's not yet known what websites will show up on the tiles when the feature launches later this summer. The company says, "With Suggested Tiles, we want to show the world that it is possible to do relevant advertising and content recommendations while still respecting users’ privacy and giving them control over their data."
Android

Factory Reset On Millions of Android Devices Doesn't Wipe Storage 92

Posted by samzenpus
from the stucking-around dept.
Bismillah writes: Ross Anderson and Laurent Simon of Cambridge University studied a range of Android devices and found that even though a "factory reset" is supposed to fully wipe storage, it often doesn't. Interestingly enough, full-device encryption could be compromised by the incomplete wiping too. ITnews reports: "The researchers estimated that 500 million Android devices may not fully wipe device disk partitions. As many as 630 million phones may not wipe internal SD cards. Five 'critical failures' were outlined in the researchers' Security Analysis of Android Factory Resets paper.
Google

NSA Planned To Hijack Google App Store To Hack Smartphones 94

Posted by samzenpus
from the all-the-better-to-see-you-with dept.
Advocatus Diaboli writes: A newly released top secret document reveals that the NSA planned to hijack Google and Samsung app stores to plant spying software on smartphones. The report on the surveillance project, dubbed "IRRITANT HORN," shows the U.S. and its "Five Eyes" alliance: Canada, the United Kingdom, New Zealand and Australia, were looking at ways to hack smartphones and spy on users. According to The Intercept: "The top-secret document, obtained from NSA whistleblower Edward Snowden, was published Wednesday by CBC News in collaboration with The Intercept. The document outlines a series of tactics that the NSA and its counterparts in the Five Eyes were working on during workshops held in Australia and Canada between November 2011 and February 2012."
United States

What Was the Effect of Rand Paul's 10-Hour "Filibuster"? 383

Posted by samzenpus
from the lets-keep-talking dept.
An anonymous reader writes: Sen. Rand Paul held up a vote on the Fast Track Authority for an eleven hour dissertation on the flaws of: the Patriot Act, the replacement the USA Freedom Act, bulk data collection including credit card purchases, the DEA and IRS's use of NSA intel. for "parallel construction", warrant-less GPS bugs on vehicles, as well as the important distinction of a general warrant versus a specific one. "There is a general veil of suspicion that is placed on every American now. Every American is somehow said to be under suspicion because we are collecting the records of every American," Paul said. The questions is what did the "filibuster" really accomplish? The speeches caused a delay in Senate business but it's unclear what larger effect, if any, that will have.
Communications

Academics Build a New Tor Client Designed To Beat the NSA 63

Posted by timothy
from the non-spy-vs-spy dept.
An anonymous reader writes: In response to a slew of new research about network-level attacks against Tor, academics from the U.S. and Israel built a new Tor client called Astoria designed to beat adversaries like the NSA, GCHQ, or Chinese intelligence who can monitor a user's Tor traffic from entry to exit. Astoria differs most significantly from Tor's default client in how it selects the circuits that connect a user to the network and then to the outside Internet. The tool is an algorithm designed to more accurately predict attacks and then securely select relays that mitigate timing attack opportunities for top-tier adversaries.
Privacy

CareFirst Admits More Than a Million Customer Accounts Were Exposed In Security Breach 82

Posted by timothy
from the camel-cased-in-triplicate dept.
An anonymous reader writes with news, as reported by The Stack, that regional health insurer CareFirst BlueCross BlueShield, has confirmed a breach which took place last summer, and may have leaked personal details of as many as 1.1 million of the company's customers: "The Washington D.C.-based firm announced yesterday that the hack had taken place in June last year. CareFirst said that the breach had been a 'sophisticated cyberattack' and that those behind the crime had accessed and potentially stolen sensitive customer data including names, dates of birth, email addresses and ID numbers. All affected members will receive letters of apology, offering two years of free credit monitoring and identity threat protection as compensation, CareFirst said in a statement posted on its website." Free credit monitoring is pretty weak sauce for anyone who actually ends up faced with identity fraud.
Privacy

Simple Flaw Exposed Data On Millions of Charter Internet Customers 29

Posted by samzenpus
from the protect-ya-neck dept.
Daniel_Stuckey writes: A security flaw discovered in the website of Charter Communications, a cable and Internet provider active in 28 states, may have exposed the personal account details of millions of its customers. Security researcher Eric Taylor discovered the internet service provider's vulnerability as part of his research, and demonstrated how a simple header modification performed with a browser plug-in could reveal details of Charter subscriber accounts. After Fast Company notified Charter of the issue, the company said it had installed a fix within hours.
Encryption

Australian Law Could Criminalize the Teaching of Encryption 206

Posted by Soulskill
from the technophobes-writing-laws dept.
New submitter petherfile writes: According to Daniel Mathews, new laws passed in Australia (but not yet in effect) could criminalize the teaching of encryption. He explains how a ridiculously broad law could effectively make any encryption stronger than 512 bits criminal if your client is not Australian. He says, "In short, the DSGL casts an extremely wide net, potentially catching open source privacy software, information security research and education, and the entire computer security industry in its snare. Most ridiculous, though, are some badly flawed technicalities. As I have argued before, the specifications are so imprecise that they potentially include a little algorithm you learned at primary school called division. If so, then division has become a potential weapon, and your calculator (or smartphone, computer, or any electronic device) is a potential delivery system for it."
Facebook

European Internet Users Urged To Protect Themselves Against Facebook Tracking 147

Posted by samzenpus
from the I-unfriend-you dept.
An anonymous reader writes: Belgium's Privacy Protection Commission says that Facebook tramples on European privacy laws by tracking people online without their consent and dodges questions from national regulators. They have issued a set of recommendations for both Facebook, website owners and end users. Net-Security reports: "The recommendations are based on the results of an extensive analysis of Facebook's revised policies and terms (rolled out on January 30, 2015) conducted by the inter-university research center EMSOC/SPION, which concluded that the company is acting in violation of European law. According to them Facebook places too much burden on its users to protect their privacy, and then doesn't offer simple tools and settings to do so, and sets up some problematic default settings. They also don't provide adequate information for users to make informed choices."