Hugh Pickens DOT Com writes "For years, privacy advocates have raised concerns about the use of commercial tracking tools to identify and target consumers with advertisements. The online ad industry has said its practices are innocuous and benefit consumers by serving them ads that are more likely to be of interest to them. Now the Washington Post reports that the NSA secretly piggybacks on the tools that enable Internet advertisers to track consumers, using 'cookies' and location data to pinpoint targets for government hacking and to bolster surveillance. The agency uses a part of a Google-specific tracking mechanism known as the 'PREF' cookie to single out an individual's communications among the sea of Internet data in order to send out software that can hack that person's computer. 'On a macro level, "we need to track everyone everywhere for advertising" translates into "the government being able to track everyone everywhere,"' says Chris Hoofnagle. 'It's hard to avoid.' Documents reviewed by the Post indicate cookie information is among the data NSA can obtain with a Foreign Intelligence Surveillance Act order. Google declined to comment for the article, but chief executive Larry Page joined the leaders of other technology companies earlier this week in calling for an end to bulk collection of user data and for new limits on court-approved surveillance requests."
SlashBI: Your dashboard for the latest in business-intelligence news and analysis.
Nerval's Lobster writes "Amazon is apparently not alone in its desire to use miniature drones to deliver packages. On the morning of Monday, Dec. 9, employees at the Bonn, Germany headquarters of package-delivery giant DHL challenged Amazon's plan for dominance of the skies by having medicine delivered from a local pharmacy via a mustard-yellow package-carrying helicopter the Germans dubbed 'Paketkopter.' The quad-rotored mini-drone flew a box of medicines from a launching point near the pharmacy, above traffic and across the Rhine River to DHL's headquarters just over a kilometer away. It made the flight in about two minutes, was unloaded quickly and returned to the launch team near the pharmacy. Amazon has owned total mindshare of the still-imaginary drone-based package delivery market since CEO Jeff Bezos gushed about his plans for Amazon PrimeAir during a TV interview last week. The plan generated immediate controversy due to the negative image of drones following heavy use for surveillance and targeted anti-personnel strikes by the U.S. military in Afghanistan and Iraq. Within the United States, the FAA, FTC and a host of consumer-protection groups objected to the possibility that thousands of autonomous drones would be hovering over U.S. cities, potentially invading the privacy and endangering the lives of those who might run afoul of either cameras or rotors."
New submitter fierman writes "In a work to be presented at the Network and Distributed System Security Symposium (ISOC NDSS'14), INRIA researchers show the privacy risks of Real-Time Bidding (PDF) and High-Frequency Trading for selling advertisement spaces. Combining Real-Time Bidding and Cookie Matching, advertisers can significantly improve their tracking and profiling capabilities. Both technologies are already prevalent on the Web. The research discusses the value of users' private data (browsing history) retrieved directly from the advertisers, leveraging an exposed information leak in RTB systems. Advertisers will pay about $0.0005 to display a targeted ad to a single user, while at the same time acquiring information about them. The research also shows evidence of price variation with users' profiles, physical location, time of day and content of visited sites."
jfruh writes "Remember how social networks were going to transform the advertising industry because they'd tailor ads not to context or to your web browsing history, but to the innate preferences you express through interactions and relationships with friends? Well, that didn't work with Facebook, and it turns out it's not working with Twitter either. The microblogging site has announced that it's getting into the ad retargeting game: you'll soon start seeing promoted tweets that are chosen based on websites you've visited in the past. The innovation, if you can call it that, is that the retargeting will work across devices, so you can be looking at a website on your phone and see promoted tweets on your laptop's browser, or vice versa."
sfcrazy writes "People are now more concerned regarding their privacy after discovering about efforts made by governments to spy on their communications. The most practical solution to keep messages, emails and calls secure is to use a cryptographic encryption mechanism. However, just like the name of the method, the installation process is complex for most users. To solve this, CyanogenMod will come equipped with built in encryption system for text messages." Whisper System has integrated their TextSecure protocol into the SMS/MMS provider, so even third party sms apps benefit. Better yet, it's Free Software, licensed under the GPLv3+. Support will debut in Cyanogenmod 11, but you can grab a 10.2 nightly build to try it out now.
An anonymous reader writes in with news that some NSA agents were trying to dig up info by joining the horde. "To the National Security Agency analyst writing a briefing to his superiors, the situation was clear: their current surveillance efforts were lacking something. The agency's impressive arsenal of cable taps and sophisticated hacking attacks was not enough. What it really needed was a horde of undercover Orcs. That vision of spycraft sparked a concerted drive by the NSA and its UK sister agency GCHQ to infiltrate the massive communities playing online games, according to secret documents disclosed by whistleblower Edward Snowden.....The agencies, the documents show, have built mass-collection capabilities against the Xbox Live console network, which has more than 48 million players. Real-life agents have been deployed into virtual realms, from those Orc hordes in World of Warcraft to the human avatars of Second Life. There were attempts, too, to recruit potential informants from the games' tech-friendly users."
mrspoonsi writes "BBC reports: Leading global technology firms have called for 'wide-scale changes' to US government surveillance. Eight firms, Google, Apple, Facebook, Twitter, AOL, Microsoft, LinkedIn, and Yahoo, have formed an alliance called Reform Government Surveillance group. The group has written a letter to the US President and Congress arguing that current surveillance practice 'undermines the freedom' of people. It comes after recent leaks detailed the extent of surveillance programs. 'We understand that governments have a duty to protect their citizens. But this summer's revelations highlighted the urgent need to reform government surveillance practices worldwide,' the group said in an open letter published on its website."
Hugh Pickens DOT Com writes "Ellen Nakashima reports at the Washington Post that morale has taken a hit at the National Security Agency in the wake of controversy over the agency's surveillance activities and officials are dismayed that President Obama has not visited the agency to show his support. 'It is not clear whether or when Obama might travel the 23 miles up the Baltimore-Washington Parkway to visit Fort Meade, the NSA's headquarters in Maryland,' writes Nakashima, 'but agency employees are privately voicing frustration at what they perceive as White House ambivalence amid the pounding the agency has taken from critics.' Though Obama has asserted that the NSA's collection of virtually all Americans' phone records is lawful and has saved lives, the administration has not endorsed legislation that would codify it. And his recent statements suggest Obama thinks some of the NSA's activities should be constrained. 'The agency, from top to bottom, leadership to rank and file, feels that it is had no support from the White House even though it's been carrying out publicly approved intelligence missions,' says Joel Brenner, NSA inspector general from 2002 to 2006. 'They feel they've been hung out to dry, and they're right.' Former officials note how President George W. Bush paid a visit to the NSA in January 2006, in the wake of revelations by the New York Times that the agency engaged in a counterterrorism program of warrantless surveillance on U.S. soil beginning after the Sept. 11, 2001, terrorist attacks. 'Bush came out and spoke to the workforce, and the effect on morale was tremendous,' Brenner said. 'There's been nothing like that from this White House.' Morale is 'bad overall' says another former NSA official. 'It's become very public and very personal. Literally, neighbors are asking people, 'Why are you spying on Grandma?'"
New submitter krakman writes "The Washington Post has an interesting story about how the FBI can investigate and collect details from computers over the net, without knowing anything about the computer location. Here's an example of the FBI's network investigative techniques: 'The man who called himself "Mo" had dark hair, a foreign accent and — if the pictures he e-mailed to federal investigators could be believed — an Iranian military uniform. When he made a series of threats to detonate bombs at universities and airports across a wide swath of the United States last year, police had to scramble every time. Mo remained elusive for months, communicating via e-mail, video chat and an Internet-based phone service without revealing his true identity or location, court documents show. ... The FBI’s elite hacker team designed a piece of malicious software that was to be delivered secretly when Mo signed on to his Yahoo e-mail account, from any computer anywhere in the world, according to the documents. The goal of the software was to gather a range of information — Web sites he had visited and indicators of the location of the computer — that would allow investigators to find Mo and tie him to the bomb threats. ... Even though investigators suspected that Mo was in Iran, the uncertainty around his identity and location complicated the case. Had he turned out to be a U.S. citizen or a foreigner living within the country, a search conducted without a warrant could have jeopardized his prosecution. ...But, [a court document] said, Mo’s computer did send a request for information to the FBI computer, revealing two new IP addresses in the process. Both suggested that, as of last December, Mo was still in Tehran.'"
chicksdaddy writes "The Federal Trade Commission announced on Thursday that it settled with the maker of 'Brightest Flashlight Free,' a popular Android mobile application, over charges that the company used deceptive advertising to collect location and device information from Android owners. The FTC says the company failed to disclose wanton harvesting and sharing of customers' locations and mobile device identities with third parties. Brightest Flashlight Free, which allows Android owners to use their phone as a flashlight, is a top download from Google Play, the main Android marketplace. Statistics from the site indicate that it has been downloaded more than one million times with an overall rating of 4.8 out of 5 stars. The application, which is available for free, displays mobile advertisements on the devices it is installed on. However, the device also harvested a wide range of data from Android phones which was shared with advertisers, including what the FTC describes as 'precise geolocation along with persistent device identifiers.' As part of the settlement with the FTC, Goldenshores is ordered to change its advertisements and in-app disclosures to make explicit any collection of geolocation information, how it is or may be used, the reason for collecting location information and which third parties that data is shared with."
An anonymous reader writes "Microsoft announced yesterday their plans to encrypt customer data to prevent government snooping. Free Software Foundation executive director John Sullivan questions the logic of trusting non-free software, regardless of promises or even intent. He says, 'Microsoft has made renewed security promises before. In the end, these promises are meaningless. Proprietary software like Windows is fundamentally insecure not because of Microsoft's privacy policies but because its code is hidden from the very users whose interests it is supposed to secure. A lock on your own house to which you do not have the master key is not a security system, it is a jail. ... If the NSA revelations have taught us anything, it is that journalists, governments, schools, advocacy organizations, companies, and individuals, must be using operating systems whose code can be reviewed and modified without Microsoft or any other third party's blessing. When we don't have that, back doors and privacy violations are inevitable.'"
Hugh Pickens DOT Com writes "Josh Gerstein writes on Politico that President Barack Obama told Chris Matthews in an interview recorded for MSNBC's 'Hardball' that he'll be reining in some of the snooping conducted by the NSA, but he did not detail what new limits he plans to impose on the embattled spy organization. 'I'll be proposing some self-restraint on the NSA. And...to initiate some reforms that can give people more confidence,' said the President who insisted that the NSA's work shows respect for the rights of Americans, while conceding that its activities are often more intrusive when it comes to foreigners communicating overseas. 'The NSA actually does a very good job about not engaging in domestic surveillance, not reading people's emails, not listening to the contents of their phone calls. Outside of our borders, the NSA's more aggressive. It's not constrained by laws.' During the program, Matthews raised the surveillance issue by noting a Washington Post report on NSA gathering of location data on billion of cell phones overseas. 'Young people, rightly, are sensitive to the needs to preserve their privacy and to retain internet freedom. And by the way, so am I,' responded the President. 'That's part of not just our First Amendment rights and expectations in this country, but it's particularly something that young people care about, because they spend so much time texting and-- you know, Instagramming.' With some at the NSA feeling hung out to dry by the president, Obama also went out of his way to praise the agency's personnel for their discretion. 'I want to everybody to be clear: the people at the NSA, generally, are looking out for the safety of the American people. They are not interested in reading your emails. They're not interested in reading your text messages. And that's not something that's done. And we've got a big system of checks and balances, including the courts and Congress, who have the capacity to prevent that from happening.'"
Berin Szoka is president and founder of the tech policy think tank TechFreedom. The group promotes a wide variety of digital rights and privacy issues. Most recently, they have started a petition demanding reforms to the Electronic Communications Privacy Act (ECPA) so that law enforcement will have to get a warrant before accessing emails stored in the cloud. With so much attention paid to the NSA snooping, Berin believes that the over 25-year-old ECPA has been overshadowed and is in dire need of changes. Mr. Szoka has agreed to answer your questions about privacy and government policy online. As usual, ask as many as you'd like, but please, one question per post.
Nerval's Lobster writes "Microsoft will encrypt consumer data and make its software code more transparent, in a bid to boost consumer confidence in its security. Microsoft claims that it will now encrypt data flowing through Outlook.com, Office 365, SkyDrive, and Windows Azure. That will include data moving between customers' devices and Microsoft servers, as well as data moving between Microsoft data-centers. The increased-transparency part of Microsoft's new initiative is perhaps the most interesting, considering the company's longstanding advocacy of proprietary software. But Microsoft actually isn't planning on throwing its code open for anyone to examine, as much as that might quell fears about government-designed backdoors and other nefarious programming. Instead, according to its general counsel Brad Smith, "transparency" means "building on our long-standing program that provides government customers with an appropriate ability to review our source code, reassure themselves of its integrity, and confirm there are no back doors." In addition, Microsoft plans on opening a network of "transparency centers" where customers can go to "assure themselves of the integrity of Microsoft's products." That's not exactly the equivalent of volunteers going through TrueCrypt to ensure a lack of NSA backdoors, and it seems questionable whether such moves (vague as they are at this point) on Microsoft's part will assure anyone that it hasn't been compromised by government sources. But with Google and other tech firms making a lot of noise about encrypting their respective services, Microsoft has little choice but to join them in introducing new privacy initiatives."
tramp writes "The National Security Agency is gathering nearly 5 billion records a day on the whereabouts of cellphones around the world, according to top-secret documents and interviews with U.S. intelligence officials, enabling the agency to track the movements of individuals — and map their relationships — in ways that would have been previously unimaginable. Of course it is 'only metadata' and absolutely not invading privacy if you ask our 'beloved' NSA." Pretty soon, the argument about whether you have in any given facet of your life a "reasonable expectation of privacy" may take on a whole new meaning. Also at Slash BI.
chicksdaddy writes "Cyber attacks on 'connected vehicles' are still in the proof of concept stage. But those proofs of concept are close enough to the real thing to prompt an inquiry from U.S. Senator Ed Markey, who sent a letter to 20 major auto manufacturers (PDF) asking for information about consumer privacy protections and safeguards against cyber attacks in their vehicles. Markey's letter, dated December 2, cites recent reports of 'commands...sent through a car's computer system that could cause it to suddenly accelerate, turn or kill the breaks,' and references research conducted by Charlie Miller and Chris Valasek (PDF) on the Toyota Prius and Ford Escape. 'Today's cars and light trucks contain more than 50 separate electronic control units (ECUs), connected through a controller area network (CAN) ... Vehicle functionality, safety and privacy all depend on the functions of these small computers, as well as their ability to communicate with one another,' Markey wrote. Among the questions Markey wants answers to: What percentage of cars sold in model years 2013 and 2014 do not have any wireless entry points? What are automakers' methods for testing for vulnerabilities in technologies it deploys — including third pressure technologies? Markey asks specifically about tire pressure monitors, bluetooth and other wireless technologies and GPS (like Onstar). What third party penetration testing is conducted on vehicles (and any results)? What intrusion detection features exist for critical components like controller area network (CAN) buses on connected vehicles?"
binarstu writes "Suzanne Nossel, writing for CNN, reports that 'a survey of American writers done in October revealed that nearly one in four has self-censored for fear of government surveillance. They fessed up to curbing their research, not accepting certain assignments, even not discussing certain topics on the phone or via e-mail for fear of being targeted. The subjects they are avoiding are no surprise — mostly matters to do with the Middle East, the military and terrorism.' Yet ordinary Americans, for the most part, seem not to care: 'Surveillance so intrusive it is putting certain subjects out of bounds would seem like cause for alarm in a country that prides itself as the world's most free. Americans have long protested the persecution and constraints on journalists and writers living under repressive regimes abroad, yet many seem ready to accept these new encroachments on their freedom at home.'"
cagraham writes "Startup Swarm Mobile intends to help physical retailers counter online shopping habits by collecting data on their customer's actions. Swarm's platform integrates with store's Wifi networks in order to monitor what exactly customers are doing while shopping. In exchange for collecting analytics, shoppers get access to free internet. Swarm then send reports to the store owners, detailing how many customers checked prices online, or compared rival products on their phones. Their platform also allows stores to directly send discount codes or coupons to shopper's phones."
Pseudonymous Bitcoin creator Satoshi Nakamoto (whether that name represents one person or several) is believed to hold many millions of dollars in Bitcoin. Various attempts have been made to pin down Nakamoto's identity; the IB Times reports today that a (sadly anonymous) analysis points to George Washington University economics professor Nick Szabo, based on textual analysis and some other clues, such as Szabo's expertise in digital currency and his role as founder of GoldCoin. Szabo's blog Unenumerated is fascinating reading, whether or not this analysis is right.
An anonymous reader writes "Australian spy agencies offered to share personal information about law-abiding Australian citizens with overseas governments. This includes legal, religious and medical information, which was shared about this Canadian women. Departments in the Australian Public service has also been caught spying on citizens. Even low-ranking public servants can look up information such as phone calls and email metadata without needing a warrant. The target is not notified."