Share This

Showing posts with label privacy. Show all posts
Showing posts with label privacy. Show all posts

Monday, January 11, 2021

Invasion of the web trackers

Here’s how you can thwart websites from tracking your every movement.

 

THERE are several reasons that your Windows 10 PC is overrun by web trackers, bits of software code that follow you online to help marketers learn more about you.

The money trail

Nearly all commercial websites use them to create an elaborate profile of your tastes and habits, a profile that the websites can use themselves or sell to others.

Your online movements are tracked by cookies (bits of code left in your web browser), Google and Facebook tracker software (that follows you even when you aren’t on their websites), session recorders (that record everything you do on a website), key-loggers (that record what you type into text boxes on a website, even if you don’t submit anything), beacons (invisible objects in a web page that record how many times you viewed that page) and “fingerprinting” (a record of the technical details of your computer that can be used to identify you.)

While privacy advocates are aware of web trackers, most people aren’t. As a result, web tracking keeps expanding.

A recent study showed that 87% of the most popular websites now track your movements, whether you sign in to the website or not (see tinyurl.com/yyy5qyas).

You can view the web trackers on any website at tinyurl.com/y2em59e6.

Also, Windows 10 may indeed attract more web tracker software, because it collects more personal information about you than earlier versions of Windows did.

Microsoft shares some of that information with advertisers.

Throw it off track

Until recently, web browsers didn’t offer much protection against web tracking.

The latest versions of the four most popular browsers – Google Chrome, Microsoft Edge, Mozilla Firefox and Apple Safari – have improved (but not perfect) anti-tracking features.

A reviewer of the latest Safari browser reported that it blocked 90 web trackers in five minutes of online activity.

But be sure your browser’s anti-tracking features are turned on.

Also, adjust the privacy settings in Windows 10.

The Windows 10 settings you may want to change include the “advertising ID” (monitors your online travels for advertisers), “location tracking” (helps advertisers localise what they promote to you), “Timeline” (keeps track of what you’re doing so that you can switch from one PC to another without interruption) and Cortana, the Windows 10 digital assistant (monitors your location, email, contacts, and calendar, and keeps a record of every “chat” you’ve had with Cortana).

You can also add more anti-tracking add-ons to your web browser.

Top-rated add-ons include Duckduckgo Privacy Essentials, Privacy Badger and Ghostery. – Star Tribune/tribune News Service - By STEVEN ALEXANDER

Trying to stop the invasion of the web trackers | Star Tribune

 

How cookies can track you (Simply Explained)



https://youtu.be/wefD2N-GWUo

Have you ever wondered how websites and apps track you on the net? Why do other websites show you advertisements from Amazon about exactly the product you looked at before? How does online tracking work? We explain to you how Google, Facebook and Co track you on the Internet. What is your opinion about online tracking? Write it in the comments... 

 

What Google & Co know about you | Online Tracking

 


https://youtu.be/iB9l56j4mg8 

 

Tech Q&A: Trying to stop the invasion of the web trackers ...

 

How to stop your emails from being tracked - The Verg


Related post:

BLOCKCHAIN beyond Bitcoin

Sunday, July 14, 2013

Play safe on the mobile, secure your devices!


All a sinister person needs to do to spy on you is to simply penetrate your smartphone or tablet.

OF late, spying has been a household word after revelations of Prism, a clandestine mass electronic surveillance programme operated by the United States National Security Agency (NSA), by former NSA contractor Edward Snowden. 

But one does not need an entire state programme to spy on someone.

All that a sinister person needs to do is to penetrate their intended victim’s smartphone or tablet. Which is quite an easy thing to do, actually. One of the common methods used is spyware.

Such spyware can easily be found by searching on Google although they are usually not free.

There is a possibility that consumers might download spyware from an identified party or an unknown source accidentally. - Goh Chee Hoh

This is what happened when a husband in Singapore suspected his wife of having an affair. On the pretence that his phone was not working, he borrowed his wife’s phone to make a call but instead installed a spyware app.

The husband was then able to see the calls made (but not hear the actual conversation), messages sent and her location at that point, from a computer using a Web-based application that communicated with the app.

When the information confirmed that she was having an affair, he continued to monitor her phone for some time before posting the information online, including the messages she sent to her “lover”. He did not reveal any personal details about themselves but this is how the news became public.

However, many have questioned the authenticity of the story, with some brushing it off as a publicity stunt to sell the spyware app.

Nevertheless, it pays to be safe, as there are apps that can do such things and they are easily obtainable from the Web.


“Mobile phones are an integral part of consumers’ lives, with two thirds of adults worldwide reporting that they use a mobile device to access the Internet,” says David Hall, senior manager of regional product marketing for Norton at Symantec Corporation.

“As we use our mobile phones in new and innovative ways, we’re also putting sensitive information at risk.”

“Spyware is a type of malware (malicious software) that logs information and then forwards that information from your device,” explains Rob Forsyth, director for Asia Pacific at Sophos Ltd.

Usually, such spyware is capable of operating quietly in the background so it can easily go unnoticed by an unsuspecting device owner.

“For a regular user, it is very difficult to figure out that they’ve been infected,” says Goh Su Gim, security advisor for Asia Pacific at F-Secure (M) Sdn Bhd. “There’s no obvious signs.”

In fact, it may surprise you to know that such threats could actually come from a source that’s known to you.

“There is a possibility that consumers might download spyware from an identified party such as their spouse, friends, colleagues, business associates or from an unknown source accidentally,” says Goh Chee Hoh, managing director for South-East Asia at Trend Micro Inc.

As an example, he describes a mobile phone monitoring service which uses Nickispy, a family of viruses that attacks Android devi­ces). It is said to be capable of monitoring a mobile user’s activities and whereabouts. The Chinese website which offers this service charges subscribers fees costing US$300 to US$540 (RM900 to RM1,620).

“This spyware sends MMS to the victim’s mobile device. Once the MMS is downloaded, the cybercriminal is granted access to your line of communications,” Chee Hoh says.

This security issue is further compounded in cases where a consumer uses the same device for both work and personal purposes.

“From a personal user’s standpoint, one can experience loss of privacy whereas from a business perspective, an organisation may lose sensitive data which can lead to loss of revenue,” he explains.

Had such an act been committed in Malaysia, it would go against Section 231 of the Communications and Multimedia Act 1998. Using an app to obtain information from another person’s phone can land the offender a RM50,000 fine or a prison term not exceeding two years if convicted.

The Malaysian Communications and Multimedia commission (MCMC), our multimedia industry nurturer and regulator, also said that it does not act alone when pursuing offenders.

“We look at each case individually and help other agencies like the police, for example, when upholding the law,” said Sheikh Raffie Abd Rahman, MCMC head of strategic communications.



Simple safeguards to keep your devices secure

While the mobile security and privacy threats remain very real and imminent, the steps to prevent such problems are really quite straightforward and easy to do.

Following are some practical tips, courtesy of security specialists Symantec Corporation, Sophos Ltd, Trend Micro Inc and F-Secure (M) Sdn Bhd, that you should take note of:

1. Use your device’s built-in security features 

Configure your security settings so that functions such as location sharing are disabled and passwords are not saved but need to be manually keyed in each time.

You can also make your device more secure by activating its lock function and requiring an identification action such as a fingerprint scan, keystroke pattern, numeric PIN or alphanumeric password in order to access the device.

2. Use strong passwords and secure Internet connections

Unique and strong passwords will help prevent valuable information from being stolen from your device. Using a different password for each and every app would be best but you would need to ensure that you have a good way of remembering those passwords if you choose to go this route.

Avoiding open and unsecured Internet connections such as free public WiFi will also reduce risk of online threats on your mobile device.

3. Never jailbreak or root your device 

Use your device as recommended by the manufacturer instead of modifying the version of the iOS or Android operating system that has been installed. This is usually done to install pirated games and apps for free but this makes it easier for spyware to operate on your device.

4. Be cautious when choosing and installing apps

It’s a vast universe out there in the World Wide Web and, at times, it’s hard to tell the good guys from the bad ones. It therefore pays to be extra careful when downloading apps from the Internet. If something is too good to be true, it probably is. Do background checks on developers if you need to be sure, and scrutinise an app’s ratings and reviews as well.

It’s also a better idea to download apps directly from the Google Play Store for Android devices rather than from third party websites since downloads from some of these sources may contain malware.

Do have a close look at the Terms and Conditions as well as permissions requested by an app prior to installing it, as you don’t want to unknowingly allow developers to track and collect personal data which is unnecessary for running the app.

5. Scrutinise notifications and services running on your device 

Stay alert whenever you receive any notification on your device. Some may contain malicious links or cleverly trick you into submitting personal information to cybercriminals.

Also, pay special attention to services running in the background on your device that seem unfamiliar or strange. You will have to refer to online guides on how to check, as it differs among devices.

The principle of “when in doubt, throw it out” could help save you a great deal of trouble later on.

6. Log out immediately

This is especially crucial for social media apps where the chances of your data being misused are higher. Make it a habit to log out of such apps and re-enter login information each time you use them.

7. Stay up-to-date

Take time to pick out a preferred mobile security software and install it on your device. Make sure to constantly update it, and don’t forget to check for updates for all your apps and to install any available patches for your device’s operating system as well. Set up routine scans for your device, and review the logs each time a scan is concluded.

Sunday, June 23, 2013

No privacy on the Net !

Revelations about PRISM, a US government program that harvests data on the Internet, has sparked concerns about privacy and civil rights violations. But has there ever been real privacy and security on the WWW?

 Demonstrators hold posters during a demonstration against the US Internet surveillance program of the NSA, PRISM, at Checkpoint Charlie in Berlin, Germany, ahead of US President Barack Obama’s visit to the German capital.

IMAGINE a time before email, when all your correspondence was sent through the post. How would you feel if you knew that somebody at the post office was recording the details of all the people you were corresponding with, “just in case” you did something wrong?

I think quite a few of you would be upset about it.

Similarly, some Americans are furious over revelations made about a system called PRISM. In the last few weeks, an allegation has been made that the US government is harvesting data on the Internet by copying what travels through some of its Internet Service Providers.

The US Director of National Intelligence has said that PRISM “is not an undisclosed collection or data mining program”, but its detractors are not convinced that this doesn’t mean no such program exists.

I think there are mainly two kinds of responses to this revelation: “Oh my God!” and “What took them so long?”.

The Internet has never really been secure. Because your data usually has to travel via systems owned by other people, you are at their mercy as to what they do with it. The indications are that this is already being done elsewhere.

Countries such as China, India, Russia, Sweden and the United Kingdom allegedly already run similar tracking projects on telecommunications and the Internet, mostly modelled on the US National Security Agency’s (unconfirmed) call monitoring programme. For discussion, I’ll limit myself for the moment to just emails – something that most people would recognise as being private and personal.

I find many people are surprised when I tell them that sending email over the Internet is a little bit like sending your message on a postcard. Just because you need a password to access it, doesn’t mean it’s secure during transmission.

The analogy would be that your mailbox is locked so only you can open it, but those carrying the postcard can read it before it reaches its final destination. Of course, there are ways to mitigate this. One has to be careful about what one put in emails in the first place. Don’t send anything that would be disastrous if it were forwarded to someone else without your permission.

You could also encrypt your email, so only the receiver with the correct password or key could read it, but this is difficult for most end users to do. (For those interested in encrypting emails, I would recommend looking at a product called PGP.)

The analogy holds up for other Internet traffic. It’s easy to monitor, given enough money and time. And as easy as it is for the Good Guys to try to monitor the Bad Guys, it’s just as easy for the Bad Guys to monitor us hapless members of the public.

But who do we mean by the Bad Guys? Specifically, should the government and law-enforcement agencies be categorised as ‘Bad Guys’ for purposes of privacy? Generally, the line oft quoted is “if you have nothing to hide, then you have nothing to worry about”.

Yet, I think we all accept that there should be a fundamental right to privacy, for everybody from anybody. An interesting corollary to being able to express your thoughts freely is that you should also be able to decide when and how you make them public.

The fault in relying on organisations that say “trust us” isn’t in the spirit of their objectives, but in how the humans in them are flawed in character and action.

An example quoted regularly at the moment is how the FBI collected information about Martin Luther King because they considered him the “most dangerous and effective Negro leader in the country”.

One way of defining the boundaries are by codifying them in laws. For example, the Malaysian Personal Data Protection Act prohibits companies from sharing personal data with third parties without the original owner’s consent.

However, this law explicitly does not apply to the federal and state governments of Malaysia. Another clause indicates that consent is not necessary if it is for the purpose of “administration of justice”, or for the “exercise of any functions conferred on any person by or under any law”.

In relation to the revelations of PRISM, several questions come to mind: Can Internet traffic (or a subset of it) be considered “personal data”? Is it possible for government agencies to collect and store such data without your consent?

And if so, what safeguards are there to ensure that this personal data is accurate, is used correctly and is relevant for storage in the first place?

This should be a sharp point of debate, not just in terms of which of our secrets the government can be privy to, but also of which of the government’s information should be readily accessible by us.

True, there is so much data out there that analysing it is not a trivial task. However, companies such as Google are doing exactly that kind of work on large volumes of unstructured data so that you can search for cute kittens. The technology is already on its way.

Perhaps I am being over-cautious, but it seems a bit fantastical that people can know your deepest and darkest secrets by just monitoring a sequence of 1’s and 0’s. But, to quote science fiction author Phillip K. Dick, “It’s strange how paranoia can link up with reality now and then”.

Contradictheory
By DZOF AZMI

> Logic is the antithesis of emotion but mathematician-turned-scriptwriter Dzof Azmi’s theory is that people need both to make sense of life’s vagaries and contradictions. Speak to him at star2@thestar.com.my.

Related post:

US Spy Snowden Says U.S. Hacking China Since 2009

Sunday, April 15, 2012

FCC Proposes: Fine for Google Wi-Fi snooping 'obstruction'

By TheStreet Staf

WASHINGTON -- The Federal Communications Commission has proposed fining Google(GOOG_) $25,000 for obstructing an investigation into the company's collection of data from unencrypted Wi-Fi networks in 2010, according to a published media report.

Although the FCC has decided there was insufficient evidence to conclude that the data collection violated federal rules, the commission said Google deliberately impeded the investigation, The Wall Street Journal reported Saturday.
The probe looked at whether Google broke rules designed to prevent electronic eavesdropping when its Street View service collected and stored the data from the Wi-Fi networks, the newspaper reported.

The FCC proposed the fine late Friday night, the Journal said.

Google may appeal the proposed fine before the commission makes it final, the Journal said. The company has said that it inadvertently collected the data and stopped doing so when it realized what was going on, the newspaper added.

Shares of Google closed Friday down $26.41 at $624.60.


FCC proposes fine for Google Wi-Fi snooping case 'obstruction' By Zack Whittaker

Summary: The U.S. FCC has proposed a $25,000 fine after Google “impeded and delayed” an investigation into collecting wireless payload data from unencrypted Wi-Fi networks.


The U.S. Federal Communications Commission is proposing a $25,000 fine against Google for “deliberately impeded and delayed” an ongoing investigation into whether it breached federal laws over its street-mapping service, the Wall Street Journal reports.


The FCC initiated an investigation in 2010 after Google collected and stored payload data from unencrypted wireless networks as part of its Google Maps Street View service. Its intended use, Google says, was to build up a list of Wi-Fi network hotspots to aid geolocation services on mobile devices through ‘assisted-GPS’.



Google also drew fire from the UK’s data protection agency after it was told it committed a “significant breach” of the UK and European data laws when it collected wireless data from home networks. It was audited by the regulator and was told it “must do more” to improve its privacy policies. Google said it had taken “reasonable steps” to further protect the data of its users and customers.

But the FCC stopped short of accusing Google of directly violating data interception and wiretapping laws, citing lack of evidence. The federal communications authority did not fine the company under eavesdropping laws, as there is no set precedent for applying the law against ‘fair-game’ unencrypted networks.

The FCC took the action after it believed Google was reluctant to co-operate with the authorities after the scandal emerged. An FCC statement added that a Google engineer thought to have written the code that collected the data invoked his Fifth Amendment rights to prevent self-incrimination.

Google can appeal the fine. Despite the fine being a mere fraction of the company’s U.S. annual turnover, not doing so until its legal avenues are exhausted would almost be an admittance of guilt.

The search giant eventually offered an opt-out mechanism for its location database by adding text to the networks’ router name. But further controversy was drawn after another Silicon Valley company offered an opt-out only solution.
 
Related articles and posts: