Communications

WhatsApp vs. WhatsApp Plus Fight Gets Ugly For Users 176

Posted by timothy
from the for-your-convenience-we-have-disabled-convenience dept.
BarbaraHudson writes WhatsApp is locking out users for 24 hours who use WhatsApp Plus to access the service. The company claims they brought in the temporary ban to make users aware that they are not using the correct version and their privacy could be comprised using the unofficial WhatsApp Plus. "Starting today, we are taking aggressive action against unauthorized apps and alerting the people who use them." Is this a more aggressive rerun of "This site best viewed with Internet Explorer"?
Privacy

China Cuts Off Some VPNs 188

Posted by timothy
from the we-see-what-you-did-there dept.
jaa101 writes The Register (UK) and the Global Times (China) report that foreign VPN services are unavailable in China. A quote sourced to "one of the founders of an overseas website which monitors the Internet in China" claimed 'The Great Firewall is blocking the VPN on the protocol level. It means that the firewall does not need to identify each VPN provider and block its IP addresses. Rather, it can spot VPN traffic during transit and block it.' An upgrade of the Great Firewall of China is blamed and China appears to be backing the need for the move to maintain cyberspace sovereignty.
Encryption

Data Encryption On the Rise In the Cloud and Mobile 83

Posted by Soulskill
from the setting-a-standard dept.
dkatana writes: Overall, demand for encryption is growing. Cloud encryption services provider CipherCloud recently received a $50 million investment by Deutsche Telekom, which the company said positions it for "explosive growth" this year. The services are designed to allow corporations to benefit from the cost savings and elasticity of cloud-based data storage, while ensuring that sensitive information is protected.

Now, both Apple and Google are providing full encryption as a default option on their mobile operating systems with an encryption scheme they are not able to break themselves, since they don't hold the necessary keys.

Some corporations have gone as far as turning to "zero-knowledge" services, usually located in countries such as Switzerland. These services pledge that they have no means to unlock the information once the customer has entered the unique encryption keys. This zero-knowledge approach is welcomed by users, who are reassured that their information is impossible to retrieve — at least theoretically — without their knowledge and the keys.
China

Apple Agrees To Chinese Security Audits of Its Products 114

Posted by samzenpus
from the looking-behind-the-curtain dept.
itwbennett writes According to a story in the Beijing News, Apple CEO Tim Cook has agreed to let China's State Internet Information Office to run security audits on products the company sells in China in an effort to counter concerns that other governments are using its devices for surveillance. "Apple CEO Tim Cook agreed to the security inspections during a December meeting in the U.S. with information office director Lu Wei, according to a story in the Beijing News. China has become one of Apple’s biggest markets, but the country needs assurances that Apple devices like the iPhone and iPad protect the security and privacy of their users as well as maintain Chinese national security, Lu told Cook, according to an anonymous source cited by the Beijing News."
Crime

Dish Network Violated Do-Not-Call 57 Million Times 230

Posted by samzenpus
from the please-stop-calling dept.
lightbox32 writes Dish Network has been found guilty of violating the Do Not Call list on 57 million separate occasions. They were also found liable for abandoning or causing telemarketers to abandon nearly 50 million outbound telephone calls, in violation of the abandoned-call provision of the Federal Trade Commission's Telemarketing Sales Rule. Penalties for infringing on the Do Not Call list can be up to a whopping $16,000 for each outbound call.
The Internet

Calls For European ISPs To Filter Content Could Be Illegal 60

Posted by samzenpus
from the government-knows-best dept.
jfruh writes Last week, justice ministers from EU countries called for ISPs to censor or block certain content in the "public interest." But a legal analysis shows that such moves could actually violate EU privacy laws, since it would inevitably involve snooping on the content of Internet traffic to see what should be blocked.
Advertising

Healthcare.gov Sends Personal Data To Over a Dozen Tracking Websites 203

Posted by Soulskill
from the a-bit-too-standard dept.
An anonymous reader tips an Associated Press report saying that Healthcare.gov is sending users' personal data to private companies. The information involved is typical ad-related analytic data: "...it can include age, income, ZIP code, whether a person smokes, and if a person is pregnant. It can include a computer's Internet address, which can identify a person's name or address when combined with other information collected by sophisticated online marketing or advertising firms." The Electronic Frontier Foundation confirmed the report, saying that data is being sent from Healthcare.gov to at least 14 third-party domains.

The EFF says, "Sending such personal information raises significant privacy concerns. A company like Doubleclick, for example, could match up the personal data provided by healthcare.gov with an already extensive trove of information about what you read online and what your buying preferences are to create an extremely detailed profile of exactly who you are and what your interests are. It could do all this based on a tracking cookie that it sets which would be the same across any site you visit. Based on this data, Doubleclick could start showing you smoking ads or infer your risk of cancer based on where you live, how old you are and your status as a smoker. Doubleclick might start to show you ads related to pregnancy, which could have embarrassing and potentially dangerous consequences such as when Target notified a woman's family that she was pregnant before she even told them. "
Privacy

Police Nation-Wide Use Wall-Penetrating Radars To Peer Into Homes 289

Posted by timothy
from the shoot-anything-that-looks-like-a-blob dept.
mi writes At least 50 U.S. law enforcement agencies have secretly equipped their officers with radar devices that allow them to effectively peer through the walls of houses to see whether anyone is inside. The device the Marshals Service and others are using, known as the Range-R, looks like a sophisticated stud-finder. Its display shows whether it has detected movement on the other side of a wall and, if so, how far away it is — but it does not show a picture of what's happening inside. The Range-R's maker, L-3 Communications, estimates it has sold about 200 devices to 50 law enforcement agencies at a cost of about $6,000 each. Other radar devices have far more advanced capabilities, including three-dimensional displays of where people are located inside a building, according to marketing materials from their manufacturers. One is capable of being mounted on a drone. And the Justice Department has funded research to develop systems that can map the interiors of buildings and locate the people within them.
Communications

FBI Seeks To Legally Hack You If You're Connected To TOR Or a VPN 371

Posted by timothy
from the well-you-look-guilty-from-here dept.
SonicSpike writes The investigative arm of the Department of Justice is attempting to short-circuit the legal checks of the Fourth Amendment by requesting a change in the Federal Rules of Criminal Procedure. These procedural rules dictate how law enforcement agencies must conduct criminal prosecutions, from investigation to trial. Any deviations from the rules can have serious consequences, including dismissal of a case. The specific rule the FBI is targeting outlines the terms for obtaining a search warrant. It's called Federal Rule 41(b), and the requested change would allow law enforcement to obtain a warrant to search electronic data without providing any specific details as long as the target computer location has been hidden through a technical tool like Tor or a virtual private network. It would also allow nonspecific search warrants where computers have been intentionally damaged (such as through botnets, but also through common malware and viruses) and are in five or more separate federal judicial districts. Furthermore, the provision would allow investigators to seize electronically stored information regardless of whether that information is stored inside or outside the court's jurisdiction.
Cellphones

Moscow To Track Cell-phone Users In 2015 For Traffic Analysis 63

Posted by timothy
from the why-do-you-hate-freedom? dept.
An anonymous reader links to this story at The Stack (based on this translated report) that "The Moscow authorities will begin using the signal from Muscovites' cell-phones in 2015 to research patterns of traffic and points of congestion, with a view to changes in travel infrastructure including roads, the Moscow metro and bus services. The tracking, which appears to opt all users in unilaterally, promises not to identify individual cell-phone numbers, and will use GSM in most cases, but also GPS in more densely-constructed areas of the old city. The system is already in limited use on the roads, but will be extended to pedestrians and subway users in 2015. The city of 11.5 million people has three main cell providers, all of whom cooperate fully with authorities' request for information. A representative of one, Beeline, said: "We prepare reports that detail where our subscribers work, live, move, and other aspects."
Programming

Interviews: Alexander Stepanov and Daniel E. Rose Answer Your Questions 42

Posted by samzenpus
from the read-all-about-it dept.
samzenpus (5) writes "Alexander Stepanov is an award winning programmer who designed the C++ Standard Template Library. Daniel E. Rose is a programmer, research scientist, and is the Chief Scientist for Search at A9.com. In addition to working together, the duo have recently written a new book titled, From Mathematics to Generic Programming. Earlier this month you had a chance to ask the pair about their book, their work, or programming in general. Below you'll find the answers to those questions."
Privacy

Being Pestered By Drones? Buy a Drone-Hunting Drone 151

Posted by timothy
from the you'll-also-want-a-drone-hunting-drone-hunting-drone dept.
schwit1 writes, "Are paparazzi flying drones over your garden to snap you sunbathing? You may need the Rapere, the drone-hunting drone which uses 'tangle-lines' to quickly down its prey." From The Telegraph's article: It has been designed to be faster and more agile than other drones to ensure that they can't escape - partly by limiting flight time and therefore reducing weight. “Having worked in the UAS industry for years, we've collectively never come across any bogus use of drones. However it's inevitable that will happen, and for people such as celebrities, where there is profit to be made in illegally invading their privacy, there should be an option to thwart it,” the group say on their website. This seems more efficient than going after those pesky paparazzi drones with fighting kites (video), but it should also inspire some skepticism: CNET notes that the team behind it is anonymous, and that "Rapere works in a lab setting, however there aren't any photos or videos of the killer drone in action. The website instead has only a slideshow of the concept."
Communications

Feds Operated Yet Another Secret Metadata Database Until 2013 102

Posted by timothy
from the problem-with-authority dept.
A story at Ars Technica describes yet another Federal database of logged call details maintained by the Federal government which has now come to light, this one maintained by the Department of Justice rather than the NSA, and explains how it came to be discovered: [A] three-page partially-redacted affidavit from a top Drug Enforcement Agency (DEA) official, which was filed Thursday, explained that the database was authorized under a particular federal drug trafficking statute. The law allows the government to use "administrative subpoenas" to obtain business records and other "tangible things." The affidavit does not specify which countries records were included, but specifically does mention Iran. ... This database program appears to be wholly separate from the National Security Agency’s metadata program revealed by Edward Snowden, but it targets similar materials and is collected by a different agency. The Wall Street Journal, citing anonymous sources, reported Friday that this newly-revealed program began in the 1990s and was shut down in August 2013. From elsewhere in the article: "It’s now clear that multiple government agencies have tracked the calls that Americans make to their parents and relatives, friends, and business associates overseas, all without any suspicion of wrongdoing," [said ACLU lawyer Patrick Toomey]. "The DEA program shows yet again how strained and untenable legal theories have been used to secretly justify the surveillance of millions of innocent Americans using laws that were never written for that purpose."
Communications

Obama: Gov't Shouldn't Be Hampered By Encrypted Communications 554

Posted by timothy
from the some-animals-more-equal-than-others-by-jingo dept.
According to an article at The Wall Street Journal, President Obama has sided with British Prime Minister David Cameron in saying that police and government agencies should not be blocked by encryption from viewing the content of cellphone or online communications, making the pro-spying arguments everyone has come to expect: “If we find evidence of a terrorist plot and despite having a phone number, despite having a social media address or email address, we can’t penetrate that, that’s a problem,” Obama said. He said he believes Silicon Valley companies also want to solve the problem. “They’re patriots.” ... The president on Friday argued there must be a technical way to keep information private, but ensure that police and spies can listen in when a court approves. The Clinton administration fought and lost a similar battle during the 1990s when it pushed for a “clipper chip” that would allow only the government to decrypt scrambled messages.
Advertising

Micromax Remotely Installing Unwanted Apps and Showing Ads 50

Posted by timothy
from the what-will-you-tolerate dept.
jones_supa (887896) writes "Reports are coming in that users of certain devices by Indian phone manufacturer Micromax noticed apps being silently installed without their consent or permission. Uninstalling these apps won't help, as they will be automatically reinstalled. Alternatively, instead of downloading apps, the phone might litter the UI with stack of notifications which are advertisements for online stores and other apps. It turns out that the "System Update" application is responsible for all of this. When starting to tear down the application (which is actually called FWUpgrade.apk on the filesystem), the first thing you notice is that it's a third-party application. A Chinese company named Adups developed it as a replacement for the stock Google OTA service. The article shows the potential abilities of this app and how Micromax customers can work around the disruptive behavior."
Encryption

Spanish Judge Cites Use of Secure Email As a Potential Terrorist Indicator 174

Posted by timothy
from the envelopes-show-guilty-knowledge dept.
An anonymous reader writes Is it possible that using secure email services can be construed as an indicator of being a terrorist? Although it's a ridiculous notion that using secure email implies criminal activities, a judge cited that reason to partially justify arrests in Spain. In December, as part of "an anti-terrorist initiative" Operation Pandora, over 400 cops raided 14 houses and social centers in Spain. They seized computers, books, and leaflets and arrested 11 people. Four were released under surveillance, but seven were "accused of undefined terrorism" and held in a Madrid prison. This led to "tens of thousands" participating in protests. As terrorism is alleged "without specifying concrete criminal acts," the attorney for those seven "anarchists" denounced the lack of transparency.
Verizon

Ad Company Using Verizon Tracking Header To Recreate Deleted Cookies 70

Posted by timothy
from the oh-that-bothers-you? dept.
itwbennett writes The story began a few months ago when it was reported that both Verizon and AT&T were injecting unique identifiers in the Web requests of their mobile customers. AT&T has since stopped using the system, but Verizon continues. Now, Stanford computer scientist Jonathan Mayer has found that one advertising company called Turn, which tracks users across the Web when they visit major sites including Facebook, Twitter, Yahoo, BlueKai, AppNexus, Walmart and WebMD, uses the Verizon UIDH to respawn its own tracking cookies.
Communications

Your High School Wants You To Install Snapchat 156

Posted by timothy
from the just-ask-ram-sweeney dept.
Bennett Haselton writes: They would never admit it, but your high school admins would probably breathe a sigh of relief if all of their sexting-mad students would go ahead and install Snapchat so that evidence of (sometimes) illegal sexting would disappear into the ether. They can't recommend that you do this, because it would sound like an implicit endorsement, just like they can't recommend designated drivers for teen drinking parties -- but it's a good bet they would be grateful. Read on for the rest.
United States

Washington DC's Public Library Will Teach People How To Avoid the NSA 81

Posted by samzenpus
from the keep-your-head-down dept.
Jason Koebler writes Later this month, the Washington DC Public Library will teach residents how to use Tor as part of a 10 day series designed to shed light on government surveillance, transparency, and personal privacy. The series is called "Orwellian America," and it's quite subversive, considering that it's being held by a publicly funded entity mere minutes from a Congress and administration that allowed the NSA's surveillance programs to spin wildly out of control.
Security

Obama Proposes 30-Day Deadline For Disclosing Security Breaches 125

Posted by Soulskill
from the assuming-you-discover-it-within-30-days dept.
Following the string of massive data breaches at major corporations, President Obama has called for legislation that would standardize how these incidents are disclosed to the public. "The Personal Data Notification and Protection Act would demand a single, national standard requiring companies to inform their customers within 30 days of discovering their data has been hacked. In a speech Monday at the Federal Trade Commission, Mr. Obama said that the current patchwork of state laws does not protect Americans and is a burden for companies that do business across the country. The president also proposed the Student Data Privacy Act, which would prohibit technology firms from profiting from information collected in schools as teachers adopt tablets, online services and Internet-connected software. And he will announce voluntary agreements by companies to safeguard home energy data and to provide easy access to credit scores as an “early warning system” for identity theft.