Online Privacy Archives - Page 2 of 15 - The Privacy Post

4

Judge Allows Gmail Account to Be Read in Criminal Investigation- Effects for Privacy?

Posted by on Jul 22, 2014

gmail

Recently, a federal judge in NY allowed a Gmail account to be accessed by prosecutors.
Image source: Flickr user Cairo

One of the tricky things about legal precedent is that the precedent is so often set around the actions of criminals, or at the very least people accused of being so. This inherently- unfairly maybe, but generally unavoidably- militates against sympathy, and helps to excuse far-reaching actions that could one day affect everyone.

Continue reading…

Online Privacy Archives - Page 2 of 15 - The Privacy Post

1

Snowden Revisited: Where Does Our Privacy Stand Today?

Posted by on Jul 10, 2014

Edward Snowden

One year ago, Snowden’s information regarding the NSA was released and our concept of online privacy has not been the same since.
Image source: Flickr user AK Rockerfeller

This summer marks the one-year anniversary of the infamous Edward Snowden Leaks. On June 5th of last year, millions of Internet users around the world became aware that the National Security Agency (NSA) is monitoring their each and every move on the Internet, and collecting bulk user data for surveillance purposes. Since then, Snowden has been in Russia, with his exact location undisclosed. In a recent interview with NBC news, Edward Snowden was asked why is he seeking asylum in Russia. He replied, “The reality is, I never intended to end up in Russia. I had a flight booked to Cuba onwards to Latin America, and I was stopped because the United States government decided to revoke my passport and trap me in Moscow airport. So when people ask, ‘Why are you in Russia?’, I say, ‘Please ask the State Department.’”

Continue reading…

Online Privacy Archives - Page 2 of 15 - The Privacy Post

2

Riley and New Snowden Leaks Prove Need for Secure Cloud Data Storage

Posted by on Jul 8, 2014

As seems to be the new normal, the last few weeks have been ones of head-spinning news for privacy advocates and those who defend a more aggressive security regime alike. In the case of Riley vs California, the Supreme Court issued a stunning 9-0 ruling in favor of expanded privacy rights regarding smartphones, shocking even some of the most seasoned court observers. On the other side of the fence were new revelations from the Edward Snowden NSA leaks, showing the actual data of private citizens was compromised more frequently and with more personal implications than previously thought.

But maybe “other side of the fence” isn’t the cliché we’re looking for. Let’s choose another one. These two events- an unexpected ruling and a queasily-expected revelation- are really flip sides of the same coin. They both demonstrate the unprecedented and still-growing manner in which we store our lives as data, and how fragile that storage really is.

Supreme Court

The Supreme Court won a victory for privacy advocates, but the battles are really just beginning.
Image source: Jeff Kubina via wikimedia.org

Continue reading…

Online Privacy Archives - Page 2 of 15 - The Privacy Post

1

Troubling Trends: Many Websites Still Not Patched for Heartbleed Security Bug

Posted by on Jul 3, 2014

Nearly 300,000 websites are not patched against HeartBleed. Image from blog.heightslibrary.org.

Over the last few months, there has been a lot of discussion regarding the infamous Heartbleed security bug. This bug has affected almost half of all well-known websites and millions of Internet users. Heartbleed could be considered one of the biggest security threats in Web security history, because it exposes the contents of a server’s memory, where most sensitive user data is stored. This vulnerability allows anyone on the Internet to read the memory of systems protected by vulnerable versions of OpenSSL. By exploiting this vulnerability, any attacker can read sensitive personal information such as usernames, passwords, credit card numbers, and financial data. Also, it can compromise the private keys used for encrypting communication and identifying trusted sources on the Internet.

Continue reading…

Online Privacy Archives - Page 2 of 15 - The Privacy Post

10

The Social Media Privacy Trap: Facebook to Collect More User Data for Advertising

Posted by on Jun 17, 2014

facebook login on mobile device

Facebook introduces opt-out feature to give users more control over ads, but in return expands its user data collection for targeted advertisements.
Image source: Flickr user Maria Elena

There is no escape from online advertising in today’s Internet age. Advertisers earn a lot of revenue by placing their ads on popular websites like Facebook and YouTube. These outlets provide a platform to showcase products and services to an extensive audience. Social networking websites have the ability to track your interests and likings based on your activities on their sites, and send you advertisements according to these interests. For example, Facebook’s ads are targeted to users based on profiles and their activities, such as liking or sharing a page or product. Facebook pairs up ads and friends, and shows you what your friends like or share. This way it can determine your interest in specific products or services, and send you customized ads. Facebook displays ads depending on your activities on other websites or apps, as well.

While some people might find this feature helpful, many find it as a serious intrusion of privacy. Most individuals do not want their data to be shared with third parties without knowledge. Facebook’s privacy policy has always been under scrutiny of privacy advocates, as it allows the company to collect more information about users than is necessary.  In the past, Facebook also had to deal with various legal issues regarding infringement of user privacy due to online advertisements. Recently Facebook has take users’ privacy into deep consideration, and is going to offer an opt-out tool to allow for more control over advertisements. However, in return Facebook will be gathering more user data for targeted advertisements. Facebook has already been utilizing tracking software to gather information regarding what websites and apps users frequent. Additionally, Facebook’s online ad exchange FBX will also sends users ads geared towards their interests.

With the information Facebook gathers, advertisers will be better able to understand the interests of users and send them more targeted ads addressing these interests. Previously, Facebook users were tracked based on the websites they liked or shared. Now they will be tracked on the websites that have a social network footprint embedded within them, usually apparent in the form of a “Like” button located somewhere within the website. It does not matter whether you like something on the page or not; your presence will be tracked regardless. Similarly, on smartphones any apps that use a Facebook log-in or Facebook “like” features will send your information back to Facebook for advertising purposes. “Conversation pixels”, which are few bits of codes that will be embedded in the websites of companies advertising on Facebook, will be used to track users. The moment you click on an ad or visit a website containing conversation pixels, your information will be tracked by Facebook. This will give advertisers an idea of how well their ad is doing on Facebook. For example, if you are in the market for a new TV, and you start researching on websites and mobile ads, then your Facebook page will begin displaying ads for deals on TVs and the best TV brands, along with any other products related to this interest

With their latest privacy update, Facebook has made some changes in the privacy settings that will provide users more control over the ads they want to see on their Facebook page. By viewing the drop-down menu under “Why am I seeing this ad?” they will be shown a brief description explaining its presence. Based on preferences, they can opt out of the ad or can notify Facebook that they do not want to see specific ads again. Similarly, smartphone users can opt out of the ads by following a few steps in their settings.

The opt-out feature definitely gives users more flexibility and control over targeted advertising on their Facebook page. By taking proper precautionary measures and using good judgment, we can avoid being bombarded by targeted advertising.

Protect your personal data from targeted advertisements: Targeted ads are difficult to avoid; however, by following proper security practices, we can protect our personal information from being shared with third-party vendors. As users, we have a complete right to know what and how much amount of our data is shared with advertisers for advertising purposes. SpiderOak is one of the few cloud storage companies that respects user privacy by following “zero knowledge” privacy practices. SpiderOak encrypts the files in your computer before uploading them to the server. As a result, only you have access to your unencrypted data. Even SpiderOak cannot read your data because the keys used for encryption only belong to you. Sign up for SpiderOak today

Online Privacy Archives - Page 2 of 15 - The Privacy Post

8

Wearable Technologies: New Security Risks that Arise With Innovative Trends

Posted by on Jun 12, 2014

Google glass wearer

Wearable technologies come with a new set of privacy risks.
Image source: Antonio Zugaldia via wikimedia.org

Over the years, technology has evolved at an exponential rate, from desktops to laptops to tablets, and now wearable devices. Wearable technology is currently one of the fastest growing trends. With these devices, connection to the Internet is taken to an all new level. Companies are putting millions of dollars to build the next innovative and technically advanced product for their customers. According to research and market intelligence company, IDC, “the wearable devices market will reach a total of 19.2 million units in 2014, driven primarily by gadgets such as Fitbit devices or Jawbone’s UP bracelet.” Many big names in the tech industry, like Google, Apple, and Samsung, are gearing up towards this expected rise. Recently, Samsung released its smart watch, and Google Glass has been a popular item for several months. And if the media rumors are true, pretty soon Apple will also be entering the market of wearable technologies with its new product, iWatch.

Continue reading…

Online Privacy Archives - Page 2 of 15 - The Privacy Post

8

Lessons to Be Gained from the Recent eBay Data Breach

Posted by on Jun 3, 2014

ebay headquarters

The eBay data breach led to a huge amount of sensitive user data to be compromised.
Image from Leon7 via wikimedia.org

The occurrence of security breaches at large companies appears to be on the rise. Last year, we saw massive data breaches at Target and Adobe affecting millions of customers. The personal data of many people were at stake as a result of the incidents. Data breaches are the stuff of nightmares for any enterprise. They not only suffer huge financial loss, but also lose the trust of their customers. Recently, eBay became the latest victim of a major data breach, with a database containing encrypted passwords and other personal data becoming compromised. The hacker followed the usual practice of using employee credentials to gain access to the eBay network and steal the personal details of millions of eBay customers. Last week, the company notified users via email to change their passwords in order to prevent further damage due to the breach.

Continue reading…

Online Privacy Archives - Page 2 of 15 - The Privacy Post

3

Examining Lavaboom’s Email Service Security Against NSA Surveillance

Posted by on May 29, 2014

lock and key

Secure key management is extremely important for email security and protection against NSA surveillance.
Image source: Flickr user Janet Ramsden

In light of NSA surveillance, finding a truly secure email service presents a challenge. The PRISM revelations have made us aware of government surveillance programs targeting the email communications of millions of Americans for mass data collection, and as a result, many of us are more concerned about the privacy and security of our data in the electronic medium. The majority of email services store our correspondence with third party services, and, as a result, are vulnerable to surveillance and interception. Apart from that, there is also the possibility of the emails being hacked or scanned by advertisers. With the NSA targeting popular email services like Yahoo and Gmail, how can we ensure secure communications over the Internet?

Encryption is one form of protection against surveillance, however there are few concerns with this method, as well. Encryption only works if it is implemented properly, and the encryption keys are securely managed and stored. The NSA has been successful in circumventing the majority of the encryption technologies on the web. But when it comes to cracking strong encryption standards, like AES, the NSA is facing some level of difficulty. Keeping all these surveillance concerns in the forefront, a German-based company, Lavaboom, has come up with a secure email service that ensures protection against government snooping activities.

Lavaboom is named after Lavabit, an encrypted email service that was used by former NSA contractor Edward Snowden for communication. Lavabit shut down their operations last year when they were requested by the government to hand over the private SSL keys that would have allowed the government to decrypt all encrypted emails. When the NSA finds it difficult to get through a tightly secured application, it sends request notices to the service providers for access to user data. In Lavabit’s case, the NSA was after the encryption keys, as they could not find a way to bypass the strong security controls implemented in the email service.

The biggest lesson gained from Lavabit’s case is that, apart from establishing strong encryption standards, email service providers need to come up with a way to effectively handle their secret keys to prevent unauthorized access. Lavaboom’s secure email service purports to take care of this issue. Their end-to-end email encryption method allows only the users to take charge of the key needed to decrypt the emails they receive from others. It is based on PGP encryption standards, which is considered one of the most robust and hard-to-crack encryption methods by far. PGP is a unique combination of traditional encryption and public key cryptography. In public key cryptography, a user’s public key is available to the public for use, but the private is only available to the user. When sending any message to the user, the sender needs to encrypt the message with the user’s public key. The encrypted message can only be read by the user when using the private key to decrypt the message.

Lavaboom encrypts your emails on your computer, therefore Lavaboom’s servers never hold any unencrypted emails. Even their employees cannot decrypt your emails, as the key to those encrypted messages resides only on your computer. The emails are encrypted and decrypted locally using JavaScript code inside users’ browsers, instead of Lavaboom’s servers. Lavaboom is an example of a service that is including extra layers of security while attempting to avoid any negative effects to the user experience.

Some people are under the impression that the use of security tools on the Internet will put them under extra scrutiny by the NSA. This is simply not true. By not using security tools, you are opening the doors for other kinds of cyber attacks, like phishing and identity theft. Imagine the amount of personal and sensitive data stored in your inbox- bank statements, credit card information, medical information, and much more. An intruder can take advantage of this sensitive information and carry out fraudulent activities. Therefore, it is in your best interest to use the appropriate services to encrypt your email messages.

Secure cloud storage service that protects your data from surveillance

 SpiderOak believes in zero-knowledge privacy and establishing defenses against any individual or organization attempting to compromise your  privacy. It is our belief that privacy is a right, and it is our mission to protect yours.

It provides users with fully private cloud storage and syncing, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak protects sensitive user data with 256-bit AES encryption so that files and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. This way, even if programs like NSA’s PRISM continue to stand unchallenged, people can rest easy knowing that their data is truly protected. SpiderOak’s cross-platform private cloud services are available for users on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and mobile access. SpiderOak offers reliable products like SpiderOak Hive and SpiderOak Blue to secure consumer and enterprise data. Sign up for this product today.

 

 

 

Online Privacy Archives - Page 2 of 15 - The Privacy Post

0

Protecting Data Against SQL Injection Attacks

Posted by on May 27, 2014

SQL Injection

There are several security vulnerabilities that can lead to SQL injection attacks.

Data attacks have unfortunately become commonplace these days, with new reports of penetrated security systems being reported on a seemingly regular basis. SQL injection is the most commonly used form of attack by intruders to compromise enterprise data, as it is highly effective and successful in gaining access. The SQL injection vulnerability has been around for ages, and could be easily fixed during the development life cycle. SQL injection attacks have been on the rise for the past few years. “According to Neira Jones, former head of payment security for Barclaycard, some 97 percent of data breaches worldwide are still due to SQL injection somewhere along the line.” Many well-known companies, like LinkedIn, Yahoo, and the Federal Bureau of Investigation have become victims of this form of attack.

Continue reading…

Online Privacy Archives - Page 2 of 15 - The Privacy Post

7

NSA Surveillance Spurred Tech Firms to Tighten Security- Examining the EFF Survey Report

Posted by on May 22, 2014

The EFF survey report reveals those websites with excellent security and protection against NSA surveillance. Image from allfacebook.com

The PRISM revelations served as a wake-up call for tech firms in terms of privacy, security, and NSA surveillance. The documents leaked by Edward Snowden indicates that the NSA has left no stone unturned in getting access to a huge amount of sensitive user data. They have been successful in circumventing the majority of encryption technologies over the web by partnerships with security companies, court orders, and backdoor methods. The NSA works closely with security vendors to understand the vulnerabilities in commercial products and exploits them to carry out surveillance activities. There are times when the spy agency asks companies to deliberately make changes to their products in undetectable ways, like leaking encryption keys, making random number generator less random, adding a common exponent to a public-key exchange protocol, and so on.

Continue reading…