Twitter made an embarrassing mistake this week by suspending security researcher Mikko Hyppönen’s account for allegedly sending direct messages containing phishing URLs. Hyppönen realized Twitter had unexpectedly banned his account without any warning yesterday. He received a message from them last night with a customer-service-disaster of an explanation:
“I've unsuspended your acct. You were suspended for using the malware URL rnyspeceDOTcom in DMs. Be careful! We scan evrythng for malware.”
It’s all downhill from there. Hyppönen posted the tweet they are referring to months ago trying to deter users from visiting a particular phishing site. He took precautions to make sure it was not linkable and even included the warning “don’t go there” in the tweet. Not only is the post benign but its intent is actually altruistic.
The folks over at the University of Utah are working on using wireless networking equipment to see through walls. Yep, they are trying to turn your wifi network into an investigative x-ray machine.
Well, it is slightly more complicated than that. They set up a 34-node wireless network and used principals similar to sonar to aggregate the movement of objects behind physical objects. You can practically hear the excitement from all the spy-happy teenagers. Joey Wilson and Neal Patwari’s intentions were much more altruistic.
Obviously, privacy is a concern. But let’s face it, you’ve got nothing to hide so long as you aren’t a terrorist, hostage wrangler, or scantily clad getting out of the shower.
More details about why they did it after the jump.
The folks over at The Register got a response from Facebook about all the flak they’ve been catching about their Mailbox API. Facebook says that their new API is less intrusive than Gmail’s scanning efforts.
Gmail is known to sift through an email and provide targeted ads depending on what it finds. Facebook claims they will white list approved applications and the user will still need to explicitly grant the application access to their information. Also according to Facebook, the fact that they don’t stand to make money (via ads) means their effort is less litigious than Gmail’s.
They offered that the potential applications of the API might outweigh the risks for some users. One likely use will be to expose your Facebook inbox through POP, making it accessible on devices in a similar way as email applications.
It is still debatable whether it is advantageous to give developers access to potentially sensitive data within Facebook. Which do you think is worse: Facebook’s mailbox API or Gmail’s email scanning?
Facebook has plans to make available an inbox and notification API and security experts everywhere aren’t pleased. The API will expose users’ mailbox messages and notifications to applications developed around the framework.
Graham Cluley, a Sophos senior technology consultant said "the idea of Facebook applications being given free rein to mine users' inboxes and sent folders sends a shiver down my spine” in an interview with The Register. The API is clearly a point of contention for many security analysts who feel that Facebook may be revealing too much to developers.
Ultimately, it is going to come down to how Facebook handles the permissions of these applications. If they skirt the privacy concerns and bury the details in fine print about users’ rights, there will certainly be trouble. However, the liability falls onto the user to make sure their privacy isn’t invaded by their approved applications.
How do you feel about Facebook apps being able to dig into your messages?
As it turns out, taking Facebook quizzes and posting for the world (or at least your network of friends) to see exactly "What Sex and the City Character Are You?" or "What is Your Vampire Power" isn't just incredibly lame, it's also pretty risky, suggests the Northern California chapter of the American Civil Liberties Union (ACLU), who warns of privacy concerns.
"Millions of people on Facebook who use third-party applications on the site, including the popular quizzes, do not realize the extent to which developers of quizzes and other applications have access to personal information. Facebook's default privacy settings allow nearly unfettered access to a user's profile information, including religion, sexual orientation, political affiliation, photos, events, notes, wall posts, and groups," the ACLU warns.
The ACLU thinks Facebook should be doing more to protect its users and suggests that the social networking site upgrade its privacy controls so that quizzes can only see what people want them to see. One way to do this, the ACLU says, is to make the process for apps to access a user's friends' data opt-in rather than opt-out.
Facebook doesn't deny the ACLU's concerns, and in an email to Cnet, said it generally agrees with the ACLU's recommendations. The Facebook spokesperson also said the site has recently disabled hundreds of apps that were inconsistent with Facebook Platform policies.
Is Facebook doing enough? Hit the jump to weigh in with your opinion.
If you're concerned about privacy, it might not be enough to hide your profile or limit who can view your personal information, a new report suggests. That's because social networking sites are sharing your personal info with tracking sites, according to the report.
"When you sign up with a social networking site, you are assigned a unique identifier," says Craig Wills, professor of computer science at Worcester Polytechnic Institute (WPI). "We found that when social networking sites pass information to tracking sites about your activities, they often include this unique identifier. So now a tracking site not only has a profile of your web browsing activities, it can link that profile to the personal information you post on the social networking site."
The study specifically points out Facebook, MySpace, and Twitter -- three of the most popular social networking sites on the planet -- as being guilty of leaking information. Using your unique identifier, a tracking site could then learn all kinds of things about you, including your name, address, email addy, gender, date of birth, what school you attend, where you work, and tons more.
But is it much ado about nothing? Only the tracking sites know for sure, and Wills admits that researchers have no idea what these sites do with the info, if anything at all.
Google's Street View has come under fire from privacy advocates in the past, and this time it's the Swiss Privacy Commissioner who's feeling hot under the collar after Google launched its Street View service in Switzerland last week. In the wake of the launch, Google's been ordered to "immediately withdraw its online service Google Street View concerning Switzerland," according to a statement by Hanspeter Thür, the Swiss Federal Data Protection and Information Commissioner (FDPIC).
"We were surprised by the DPA's announcement," a Google spokesperson told Arstechnica. "We have been engaged in constructive dialogue with the organization ahead of this week's launch to demonstrate how we protect people's privacy on Street View. And we're ready to do so again or to answer any additional questions."
Google says that any anonymization and image removal requests will be responded to "within hours," and the search giant has so far cooperated with government requests for changes in how Street View operates in various countries. Thür's office has an information page on its site with instructions on how to blur your face should it show up in a snapshot and says that Google would be allowed to offer Strett View for Swiss streets only if meets "negotiated conditions," but what those conditions are remains unclear.
I'm speaking, of course, of the privacy features that come native to the Windows operating system. Sure, you can tuck your special documents away in a private user folder, but that doesn't mean that your files have been secreted away forever. An industrious user with physical access to your machine can wreak havoc on your personal files, regardless of how much Windows tells you that they're safe from external abuse.
Change that. Beyond the cut of this week's freeware update are five applications that will enhance your ability to secret away that-which-you-don't-want-anyone-else-seeing. Does that involve encryption? Yes. But that's not the end-all be-all technique for hiding things on your computer. Depending on the amount of privacy you need, there are faster and easier solutions than merely locking down your entire drive using a 128-bit cipher.
Grab your Sherlock Holmes pipe. It's time to get cryptic.
Think your browsing history is secure from prying eyes so long as you never leave your PC unattended? Think again. A new site, Web2.0collage.com, digs through your browser's history and then constructs a collage of the web2.0 websites that you've visited.
"Web2.0collage.com mixes art and technology to raise privacy concerns," the site states on its homepage. "Many of us consider our browser history to be private, but that is no longer the case. Any website you visit can determine your browser history by exploiting the very features designed to enhance your Internet experience, a fact many people are not aware of."
You probably pay your cell phone, cable TV, Internet, and several other bills online, and even so, you probably also receive a stack of mail in your mailbox every day. Enter the Swiss postal service which, starting in June, will offer subscribers a digital delivery option.
The service, called Swiss Post Box, will send subscribers scanned images of their unopened envelopes to their email address. Subscribers can then decide which ones they want opened and have the contents scanned so that it can be read online. In addition, the Swiss Post Box will offer to archive contents, send unopened letters to another address, or shred and recycle unwanted mail, The New York Times reports.
"There are very few things you get that you actually have to have in your hand," said Michael Laprade, a two year subscriber to Earth Class Mail, a Seattle-based company licensing its technology to the Swiss postal service.
The new service will start at about $18.35 per month. In the U.S., Earth Class Mail subscribers pay anywhere from $10 to $60 per month depending on how much mail is scanned.