Firefox

Firefox's Optional Tracking Protection Reduces Load Time For News Sites By 44% 13

Posted by Soulskill
from the definition-of-a-win-win dept.
An anonymous reader writes: Former Mozilla software engineer Monica Chew and Computer Science researcher Georgios Kontaxis recently released a paper (PDF) that examines Firefox's optional Tracking Protection feature. The duo found that with Tracking Protection enabled, the Alexa top 200 news sites saw a 67.5 percent reduction in the number of HTTP cookies set. Furthermore, performance benefits included a 44 percent median reduction in page load time and 39 percent reduction in data usage.
Privacy

San Bernardino Sheriff Has Used Stingray Over 300 Times With No Warrant 37

Posted by samzenpus
from the was-that-wrong? dept.
An anonymous reader writes: After a records request by Ars, the sheriff in San Bernardino County (SBSD) sent an example of a template for a "pen register and trap and trace order" application. The county attorneys claim what they sent was a warrant application template, even though it is not. The application cites no legal authority on which to base the request. "This is astonishing because it suggests the absence of legal authorization (because if there were clear legal authorization you can bet the government would be citing it)," Fred Cate, a law professor at Indiana University, told Ars. "Alternatively, it might suggest that the government just doesn't care about legal authorization. Either interpretation is profoundly troubling," he added. Further documents reveal that the agency has used a Stingray 303 times between January 1, 2014 and May 7, 2015.
Google

Cute Or Creepy? Google's Plan For a Sci-Fi Teddy Bear 94

Posted by timothy
from the teddy-ruxpin-pinned-it-on-the-one-armed-man dept.
HughPickens.com writes: Time Magazine reports that Google has designed and patented an "anthropomorphic device" that could take the form of a "doll or toy" and interact both with people as well as tech gadgets echoing the "super toy" teddy bear featured in Stephen Spielberg's 2001 movie AI. This could be one of Google's creepiest patents yet — especially if movies like "Chuckie" still give you nightmares. The patent filing diagrams a stuffed teddy bear and a bunny rabbit outfitted with microphones, speakers, cameras and motors as well as a wireless connection to the internet. If it senses you're looking at it, the fuzzy toy will rotate its head and look back at you. Once it receives and recognizes a voice command prompt, you can then tell it to control media devices in your home (e.g. turn on your music or TV). According to the patent filing: "To express interest, an anthropomorphic device may open its eyes, lift its head, and/or focus its gaze on the user or object of its interest. To express curiosity, an anthropomorphic device may tilt its head, furrow its brow, and/or scratch its head with an arm. To express boredom, an anthropomorphic device may defocus its gaze, direct its gaze in a downward fashion, tap its foot, and/or close its eyes. To express surprise, an anthropomorphic device may make a sudden movement, sit or stand up straight, and/or dilate its pupils."

The patent adds that making the device look "cute" should encourage even the youngest members of a family to interact with it. But Mikhail Avady, from SmartUp, said he thought it belonged in "a horror film", and the campaign group Big Brother Watch has also expressed dismay. "When those devices are aimed specifically at children, then for many this will step over the creepy line," says Avady. "Children should be able to play in private and shouldn't have to fear this sort of passive invasion of their privacy."
Communications

NSA-Reform Bill Fails In US Senate 135

Posted by timothy
from the couldn't-have-happened-to-a-nicer-bill dept.
New submitter Steven King writes with a link to The Daily Dot's report that the U.S. Senate has rejected the controversial USA Freedom Act, thus "all but guaranteeing that key provisions of the USA Patriot Act will expire"; had it passed, the bill would have allowed continued use of some mass data-collection practices, but with the addition of stronger oversight. From the article: The Senate failed to reach agreement on passage of the USA Freedom Act, a bill to reauthorize and reform Section 215 of the USA Patriot Act, which the government has used to conduct bulk surveillance of Americans' phone records. The House of Representatives passed the bill last week by an overwhelming bipartisan majority, but Senate Democrats, who unified behind the bill, did not get enough Republican votes to assure passage. The linked piece also mentions that the EFF shifted its position on this bill, after a panel of Federal judges ruled that the Feds at the NSA had overstepped their bounds in collecting a seemingly unlimited trove of metadata relating to American citizen's phone calls.
Government

The Body Cam Hacker Who Schooled the Police 150

Posted by Soulskill
from the watching-the-watchers dept.
New submitter Cuillere writes: In the fall of 2014, a hacker demanded the Seattle Police Department release all of their body and dash cam video footage, prompting chaos within the institution. Although it was a legal request per Washington state's disclosure laws, Seattle's PD wasn't prepared to handle the repercussions of divulging such sensitive material — and so much of it. The request involved 360 TB of data spread across 1.6 million recordings over 6 years. All recordings had to be manually reviewed and redacted to cut out "children, medical or mental health incidents, confidential informants, or victims or bystanders who did not want to be recorded," so fulfilling the request was simply not within the department's capabilities. Thus, they took a different strategy: they hired the hacker and put him to work on developing an automated redaction system. "Their vision is of an officer simply docking her body cam at the end of a shift. The footage would then be automatically uploaded to storage, either locally or in the cloud, over-redacted for privacy and posted online for everyone to see within a day."
Firefox

Ads Based On Browsing History Are Coming To All Firefox Users 526

Posted by Soulskill
from the just-what-you-wanted dept.
An anonymous reader writes: Mozilla has announced plans to launch a feature called "Suggested Tiles," which will provide sponsored recommendations to visit certain websites when other websites show up in the user's new tab page. The tiles will begin to show up for beta channel users next week, and the company is asking for feedback. For testing purposes, users will only see Suggested Tiles "promoting Firefox for Android, Firefox Marketplace, and other Mozilla causes." It's not yet known what websites will show up on the tiles when the feature launches later this summer. The company says, "With Suggested Tiles, we want to show the world that it is possible to do relevant advertising and content recommendations while still respecting users’ privacy and giving them control over their data."
Android

Factory Reset On Millions of Android Devices Doesn't Wipe Storage 91

Posted by samzenpus
from the stucking-around dept.
Bismillah writes: Ross Anderson and Laurent Simon of Cambridge University studied a range of Android devices and found that even though a "factory reset" is supposed to fully wipe storage, it often doesn't. Interestingly enough, full-device encryption could be compromised by the incomplete wiping too. ITnews reports: "The researchers estimated that 500 million Android devices may not fully wipe device disk partitions. As many as 630 million phones may not wipe internal SD cards. Five 'critical failures' were outlined in the researchers' Security Analysis of Android Factory Resets paper.
Google

NSA Planned To Hijack Google App Store To Hack Smartphones 93

Posted by samzenpus
from the all-the-better-to-see-you-with dept.
Advocatus Diaboli writes: A newly released top secret document reveals that the NSA planned to hijack Google and Samsung app stores to plant spying software on smartphones. The report on the surveillance project, dubbed "IRRITANT HORN," shows the U.S. and its "Five Eyes" alliance: Canada, the United Kingdom, New Zealand and Australia, were looking at ways to hack smartphones and spy on users. According to The Intercept: "The top-secret document, obtained from NSA whistleblower Edward Snowden, was published Wednesday by CBC News in collaboration with The Intercept. The document outlines a series of tactics that the NSA and its counterparts in the Five Eyes were working on during workshops held in Australia and Canada between November 2011 and February 2012."
United States

What Was the Effect of Rand Paul's 10-Hour "Filibuster"? 360

Posted by samzenpus
from the lets-keep-talking dept.
An anonymous reader writes: Sen. Rand Paul held up a vote on the Fast Track Authority for an eleven hour dissertation on the flaws of: the Patriot Act, the replacement the USA Freedom Act, bulk data collection including credit card purchases, the DEA and IRS's use of NSA intel. for "parallel construction", warrant-less GPS bugs on vehicles, as well as the important distinction of a general warrant versus a specific one. "There is a general veil of suspicion that is placed on every American now. Every American is somehow said to be under suspicion because we are collecting the records of every American," Paul said. The questions is what did the "filibuster" really accomplish? The speeches caused a delay in Senate business but it's unclear what larger effect, if any, that will have.
Communications

Academics Build a New Tor Client Designed To Beat the NSA 60

Posted by timothy
from the non-spy-vs-spy dept.
An anonymous reader writes: In response to a slew of new research about network-level attacks against Tor, academics from the U.S. and Israel built a new Tor client called Astoria designed to beat adversaries like the NSA, GCHQ, or Chinese intelligence who can monitor a user's Tor traffic from entry to exit. Astoria differs most significantly from Tor's default client in how it selects the circuits that connect a user to the network and then to the outside Internet. The tool is an algorithm designed to more accurately predict attacks and then securely select relays that mitigate timing attack opportunities for top-tier adversaries.
Privacy

CareFirst Admits More Than a Million Customer Accounts Were Exposed In Security Breach 82

Posted by timothy
from the camel-cased-in-triplicate dept.
An anonymous reader writes with news, as reported by The Stack, that regional health insurer CareFirst BlueCross BlueShield, has confirmed a breach which took place last summer, and may have leaked personal details of as many as 1.1 million of the company's customers: "The Washington D.C.-based firm announced yesterday that the hack had taken place in June last year. CareFirst said that the breach had been a 'sophisticated cyberattack' and that those behind the crime had accessed and potentially stolen sensitive customer data including names, dates of birth, email addresses and ID numbers. All affected members will receive letters of apology, offering two years of free credit monitoring and identity threat protection as compensation, CareFirst said in a statement posted on its website." Free credit monitoring is pretty weak sauce for anyone who actually ends up faced with identity fraud.
Privacy

Simple Flaw Exposed Data On Millions of Charter Internet Customers 29

Posted by samzenpus
from the protect-ya-neck dept.
Daniel_Stuckey writes: A security flaw discovered in the website of Charter Communications, a cable and Internet provider active in 28 states, may have exposed the personal account details of millions of its customers. Security researcher Eric Taylor discovered the internet service provider's vulnerability as part of his research, and demonstrated how a simple header modification performed with a browser plug-in could reveal details of Charter subscriber accounts. After Fast Company notified Charter of the issue, the company said it had installed a fix within hours.
Encryption

Australian Law Could Criminalize the Teaching of Encryption 205

Posted by Soulskill
from the technophobes-writing-laws dept.
New submitter petherfile writes: According to Daniel Mathews, new laws passed in Australia (but not yet in effect) could criminalize the teaching of encryption. He explains how a ridiculously broad law could effectively make any encryption stronger than 512 bits criminal if your client is not Australian. He says, "In short, the DSGL casts an extremely wide net, potentially catching open source privacy software, information security research and education, and the entire computer security industry in its snare. Most ridiculous, though, are some badly flawed technicalities. As I have argued before, the specifications are so imprecise that they potentially include a little algorithm you learned at primary school called division. If so, then division has become a potential weapon, and your calculator (or smartphone, computer, or any electronic device) is a potential delivery system for it."
Facebook

European Internet Users Urged To Protect Themselves Against Facebook Tracking 145

Posted by samzenpus
from the I-unfriend-you dept.
An anonymous reader writes: Belgium's Privacy Protection Commission says that Facebook tramples on European privacy laws by tracking people online without their consent and dodges questions from national regulators. They have issued a set of recommendations for both Facebook, website owners and end users. Net-Security reports: "The recommendations are based on the results of an extensive analysis of Facebook's revised policies and terms (rolled out on January 30, 2015) conducted by the inter-university research center EMSOC/SPION, which concluded that the company is acting in violation of European law. According to them Facebook places too much burden on its users to protect their privacy, and then doesn't offer simple tools and settings to do so, and sets up some problematic default settings. They also don't provide adequate information for users to make informed choices."
Businesses

FTC Recommends Conditions For Sale of RadioShack Customer Data 54

Posted by samzenpus
from the rules-of-the-game dept.
itwbennett writes: The FTC has weighed in on the contentious issue of the proposed sale of consumer data by RadioShack, recommending that a settlement with failed online toy retailer Toysmart.com be adopted as a model for dealings going forward. Director of the FTC's bureau of consumer protection Jessica L. Rich wrote in a letter to a court-appointed consumer privacy ombudsman that the agency's concerns about the transfer of customer information inconsistent with RadioShack's privacy promises "would be greatly diminished if certain conditions were met." These include: that the data was not sold standalone, and if the buyer is in the same lines of business, they agree to be bound by the same privacy policies.
Bitcoin

Decoding the Enigma of Satoshi Nakamoto 61

Posted by samzenpus
from the pay-no-attention-to-the-man-behind-the-ip-address dept.
HughPickens.com writes: For the past year Nathaniel Popper has been working on a book about the history of Bitcoin and writes in the NYT that it is hard to avoid being drawn in by the almost mystical riddle of Satoshi Nakamoto's identity. Popper has his own candidate for founder of Bitcoin, a reclusive American man of Hungarian descent named Nick Szabo. Szabo worked in a loosely organized group of digital privacy activists who over decades laid the foundation for Bitcoin and created many parts that later went into the virtual currency. Bitcoin was not a bolt out of the blue, as is sometimes assumed, but was instead built on the ideas of multiple people over several decades. Several experiments in digital cash circulated on the Cypherpunk lists in the 1990s. Adam Back, a British researcher, created an algorithm called hashcash that later became a central component of Bitcoin. Another, called b money, was designed by an intensely private computer engineer named Wei Dai.

It may be impossible to prove Satoshi's identity until the person or people behind Bitcoin's curtain decide to come forward and prove ownership of Satoshi's old electronic accounts and at this point, the creator's identity is no longer important to Bitcoin's future. Since Satoshi stopped contributing to the project in 2011, most of the open-source code has been rewritten by a group of programmers whose identities are known. According to Popper whoever it is, the real Satoshi Nakamoto has many good reasons for wanting to stay anonymous. Perhaps the most obvious is potential danger. Satoshi Nakamoto most likely collected nearly a million Bitcoins during the system's first year. Given that each Bitcoin is now worth about $240, the stash could be worth more than $200 million. That could make Satoshi a target. "With his modest clothes and unassuming manner, Mr. Szabo could be the kind of person who could have a fortune and not spend any of it," concludes Popper, "or even throw away the keys to the bank."
Facebook

Baton Bob Receives $20,000 Settlement For Coerced Facebook Post 201

Posted by samzenpus
from the pay-the-man dept.
McGruber writes: After arresting him during a June 2013 street performance, Atlanta Police Officers forced costumed street performer "Baton Bob" to make a pro-police statement on his Facebook page before they would allow him to be released on bond. Social media coverage of the incident triggered a six-month internal police investigation into the arrest. Atlanta Police Officer H.J. Davis was given a one-day suspension, then resigned from the Atlanta Police department a few weeks later. Atlanta Police Lt. Jeffrey Cantin received a five-day suspension for "violating responsibilities of a supervisor".

Baton Bob also filed a federal lawsuit against the city, arguing that officers made a wrongful arrest that violated, well, nearly every constitutional right you can name. Those included Jamerson's "right to free speech, his right to be free from unreasonable searches and seizures, his right to remain silent while in custody, his right to be free from compelled speech, his right to counsel, and his right to privacy." The City of Atlanta's legal department reviewed the case and determined that a $20,000 settlement would "be in the best interest of the city" rather than fighting the claims in court.
The Internet

Kim Dotcom Calls Hillary Clinton an "Adversary" of Internet Freedom 276

Posted by samzenpus
from the pay-attention-to-me dept.
An anonymous reader writes: CNET reports that Kim Dotcom views Hillary Clinton as "an enemy of online freedom." Hilary's candidacy came up when Kim was asked about a tweet he made in which he called himself "Hillary's worse nightmare in 2016." He says now that Wikileaks founder Julian Assange would probably be a bigger headache for Clinton. "I'm aware of some of the things that are going to be roadblocks for her," he added. Dotcom said he hoped to expand the influence of the Internet Party and provide some transparency. Brietbart adds that a conflict between Assange and Clinton may have personal motivations, but it also seems inevitable. Hillary is obsessive about maintaining control of information. She created a personal server in her home to handle her emails as Secretary of State and then deleted all the contents after self-selecting the emails she believed were work-related. Assange is famous for parceling out secret information."
Government

GCHQ Officials Given Immunity From Hacking Charges 118

Posted by Soulskill
from the government-in-CYA-mode dept.
An anonymous reader writes with news that members of British intelligence agency GCHQ have been granted immunity from prosecution for any laws they might have violated while hacking into citizens' computers or cellphones. The immunity was granted by changes to the Computer Misuse Act that weren't noticed until now, and not discussed or debated when implemented. While different legislation has long been thought to grant permission for illegal activities abroad, civil rights groups were unaware that domestic hacking activities were covered now as well. The legislative changes were passed on March 3rd, 2015, long after domestic spying became a hot-button issue, and almost a year after Privacy International and several ISPs filed complaints challenging it.
Security

Mobile Spy Software Maker MSpy Hacked, Customer Data Leaked 79

Posted by samzenpus
from the have-some-information dept.
pdclarry writes: mSpy sells a software-as-a-service package that claims to allow you to spy on iPhones. It is used by ~2 million people to spy on their children, partners, Exes, etc. The information gleaned is stored on mSpy's servers. Brian Krebs reports that mSpy has been hacked and their entire database of several hundred GB of their customer's data has been posted on the Dark Web. The trove includes Apple IDs and passwords, as well as the complete contents of phones that have mSpy installed. So much for keeping your children safe.