Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Privacy

Revealed: What Info the FBI Can Collect With a National Security Letter 93

An anonymous reader writes with this lead from Help Net Security's story on a topic we've touched on here many times: the broad powers arrogated by the Federal government in the form of National Security Letters: On Monday, after winning an eleven-year legal battle, Nicholas Merrill can finally tell the public how the FBI has secretly construed its authority to issue National Security Letters (NSLs) to permit collection of vast amounts of private information on US citizens without a search warrant or any showing of probable cause. The PATRIOT Act vastly expanded the domestic reach of the NSL program, which allows the FBI to compel disclosure of information from online companies and forbid recipients from disclosing they have received an NSL. The FBI has refused to detail publicly the kinds of private data it believes it can obtain with an NSL. A key sentence from the same story: "Merrill is now able to reveal that the FBI believes it can force online companies to turn over the following information simply by sending an NSL demanding it: an individual’s complete web browsing history; the IP addresses of everyone a person has corresponded with; and records of all online purchases." Reader Advocatus Diaboli adds this, from The Intercept: One of the most striking revelations, Merrill said during a press teleconference, was that the FBI was requesting detailed cell site location information — cellphone tracking records — under the heading of "radius log" information. Traditionally, radius log refers to a user's attempts to connect to a server or a DSL line — a sort of anachronism given the progress of technology. "The notion that the government can collect cellphone location information — to turn your cellphone into a tracking device, just by signing a letter — is extremely troubling," Merrill said.
The Internet

US Rep. Joe Barton Has a Plan To Stop Terrorists: Shut Down Websites (arstechnica.com) 275

Earthquake Retrofit writes: In an FCC oversight hearing, U.S. Representative Joe Barton (R-TX) asked Chairman Tom Wheeler if it's possible to shut down websites used by ISIS and other terrorist groups. He said, "Isn't there something we can do under existing law to shut those Internet sites down, and I know they pop up like weeds, but once they do pop up, shut them down and then turn those Internet addresses over to the appropriate law enforcement agencies to try to track them down? I would think that even in an open society, when there is a clear threat, they've declared war against us, our way of life, they've threatened to attack this very city our capital is in, that we could do something about the Internet and social media side of the equation." Wheeler pointed out that the legal definition of "lawful intercept" did not support such actions, but added that Congress could expand the law to validate the concept. Meanwhile, the Senate Intelligence Committee is exploring the idea of using the recent terror attacks in France as ammunition to force tech companies away from end-to-end encryption. "Lawmakers said it was time to intensify discussions over what technology companies such as Apple and Google could do to help unscramble key information on devices such as iPhones and apps like WhatsApp, where suspected terrorists have communicated."
Advertising

Ad Networks Using Inaudible Sound To Link Phones, Tablets and Other Devices (arstechnica.com) 223

ourlovecanlastforeve writes with a link to Ars Technica's report of a new way for ads to narrow in on their target: high-pitched sounds that can make ad tracking cross devices and contexts. From the article: The ultrasonic pitches are embedded into TV commercials or are played when a user encounters an ad displayed in a computer browser. While the sound can't be heard by the human ear, nearby tablets and smartphones can detect it. When they do, browser cookies can now pair a single user to multiple devices and keep track of what TV commercials the person sees, how long the person watches the ads, and whether the person acts on the ads by doing a Web search or buying a product.
Advertising

Viewing Data Harvested From Smart TVs Used To Push Ads To Other Screens? (securityledger.com) 148

chicksdaddy writes: In the latest episode of EULA overreach, electronics maker Vizio Holdings has been called out by the non profit investigative reporting outfit ProPublica for an on-by-default feature on its smart TVs called "Smart Interactivity" that analyzes both broadcast and streamed content viewed using the device. ProPublica noted that the company's privacy policy failed to clearly describe the tracking behavior, which included the collection of information such as the date, time, channel and whether the program was viewed live or recorded.

According to ProPublica, the monitoring of viewing information through IP addresses, while it does not identify individuals, can be combined with other data available in commercial databases from brokers such as Experian, creating a detailed picture of an individual or household. Vizio has since updated its privacy policy with a supplement that explains how "Smart Interactivity" works.

The bigger issue may be what that updated privacy policy reveals. As The Security Ledger notes, the updated Vizio privacy policy makes clear that the company will combine "your IP address and other Non-Personal Information in order to inform third party selection and delivery of targeted and re-targeted advertisements." Those advertisements "may be delivered to smartphones, tablets, PCs or other internet-connected devices that share an IP address or other identifier with your Smart TV."

In other words, TV viewing patterns will be used to serve ads to any device user who happens to be connected to the same network as the Vizio Smart TV — an obvious problem for households with a mix of say... adults and children?! Vizio does provide instructions for disabling the Smart Interactivity features and says that "connected" features of the device aren't contingent on monitoring. That's better than some other vendors. In 2014, for example, LG used a firmware update for its smart televisions to link the "smart" features of the device to viewer tracking and monitoring. Viewers who applied the update, but refused to consent to monitoring were not able to use services like Netflix and YouTube.

Privacy

Nine Out of Ten of the Internet's Top Websites Are Leaking Your Data 133

merbs writes: The vast majority of websites you visit are sending your data to third-party sources, usually without your permission or knowledge. That's not exactly breaking news, but the sheer scale and ubiquity of that leakage might be. Tim Libert, a privacy researcher, has published new peer-reviewed research that sought to quantify all the "privacy compromising mechanisms" on the one million most popular websites worldwide. His conclusion? "Findings indicate that nearly 9 in 10 websites leak user data to parties of which the user is likely unaware."
United Kingdom

UK Plans To Allow Warrantless Searches of Internet History (telegraph.co.uk) 136

whoever57 writes: The UK government plans to require ISPs and telcoms companies to maintain browsing and email history of UK residents for a period of 12 months and make the data available to police on request without a warrant. "The new powers would allow the police to seize details of the website and searches being made by people they wanted to investigate." Exactly how they expect the ISPs to provide search histories now that most Google searches use SSL isn't explained (and probably not even considered by those proposing the legislation). Similarly with Gmail and other email providers using SMTP TLS and IMAPS, much email is opaque to ISPs. Will this drive more use of VPNs and TOR? This comes alongside news that UK police used powers granted to them by anti-terrorism laws to seize a journalist's laptop.
Advertising

Targeting Tools Help Personalize TV Advertising 60

schwit1 writes: Surgical marketing messages are taken for granted on the Internet. Yet, they are just now finding their way onto television, where the audience is big though harder to target. As brands shift more of their spending to the Web where ads are more precise, the TV industry is pushing back. Using data from cable set-top boxes that track TV viewing, credit cards and other sources, media companies including Comcast's NBCUniversal, Time Warner's Turner, and Viacom are trying to compete with Web giants like Google and Facebook and help marketers target their messages to the right audience. Where can I get adblock for my FiOS?
Privacy

Red Star Linux Adds Secret Watermarks To Files 100

An anonymous reader writes: ERNW security analyst Florian Grunow says that North Korea's Red Star Linux operating system is tracking users by tagging content with unique hidden tags. He particularizes that files including Word documents and JPEG images connected to but not necessarily executed in Red Star will have a tag introduced into its code that includes a number based on hardware serial numbers. Red Star's development team seems to have created some quite interesting custom additions to Linux kernel and userspace, based on which Grunow has written a technical analysis.
Communications

FBI Seeks To Legally Hack You If You're Connected To TOR Or a VPN 385

SonicSpike writes The investigative arm of the Department of Justice is attempting to short-circuit the legal checks of the Fourth Amendment by requesting a change in the Federal Rules of Criminal Procedure. These procedural rules dictate how law enforcement agencies must conduct criminal prosecutions, from investigation to trial. Any deviations from the rules can have serious consequences, including dismissal of a case. The specific rule the FBI is targeting outlines the terms for obtaining a search warrant. It's called Federal Rule 41(b), and the requested change would allow law enforcement to obtain a warrant to search electronic data without providing any specific details as long as the target computer location has been hidden through a technical tool like Tor or a virtual private network. It would also allow nonspecific search warrants where computers have been intentionally damaged (such as through botnets, but also through common malware and viruses) and are in five or more separate federal judicial districts. Furthermore, the provision would allow investigators to seize electronically stored information regardless of whether that information is stored inside or outside the court's jurisdiction.
Privacy

A New Form of Online Tracking: Canvas Fingerprinting 194

New submitter bnortman (922608) was the first to write in with word of "a new research paper discussing a new form of user fingerprinting and tracking for the web using the HTML 5 <canvas> ." globaljustin adds more from an article at Pro Publica: Canvas fingerprinting works by instructing the visitor's Web browser to draw a hidden image. Because each computer draws the image slightly differently, the images can be used to assign each user's device a number that uniquely identifies it. ... The researchers found canvas fingerprinting computer code ... on 5 percent of the top 100,000 websites. Most of the code was on websites that use the AddThis social media sharing tools. Other fingerprinters include the German digital marketer Ligatus and the Canadian dating site Plentyoffish. ... Rich Harris, chief executive of AddThis, said that the company began testing canvas fingerprinting earlier this year as a possible way to replace cookies ...
Communications

NSA Collecting Millions of Faces From Web Images 136

Advocatus Diaboli (1627651) writes "The National Security Agency is harvesting huge numbers of images of people from communications that it intercepts through its global surveillance operations for use in sophisticated facial recognition programs, according to top-secret documents. The spy agency's reliance on facial recognition technology has grown significantly over the last four years as the agency has turned to new software to exploit the flood of images included in emails, text messages, social media, videoconferences and other communications, the N.S.A. documents reveal. Agency officials believe that technological advances could revolutionize the way that the N.S.A. finds intelligence targets around the world, the documents show. The agency's ambitions for this highly sensitive ability and the scale of its effort have not previously been disclosed."
United States

Stanford Researchers Spot Medical Conditions, Guns, and More In Phone Metadata 193

An anonymous reader writes "Since the NSA's phone metadata program broke last summer, politicians have trivialized the privacy implications. It's 'just metadata,' Dianne Feinstein and others have repeatedly emphasized. That view is no longer tenable: Stanford researchers crowdsourced phone metadata from real users, and easily identified calls to 'Alcoholics Anonymous, gun stores, NARAL Pro-Choice, labor unions, divorce lawyers, sexually transmitted disease clinics, a Canadian import pharmacy, strip clubs, and much more.' Looking at patterns in call metadata, they correctly diagnosed a cardiac condition and outed an assault rifle owner. 'Reasonable minds can disagree about the policy and legal constraints,' the authors conclude. 'The science, however, is clear: phone metadata is highly sensitive.'"
Government

NSA Uses Google Cookies To Pinpoint Targets For Hacking 174

Hugh Pickens DOT Com writes "For years, privacy advocates have raised concerns about the use of commercial tracking tools to identify and target consumers with advertisements. The online ad industry has said its practices are innocuous and benefit consumers by serving them ads that are more likely to be of interest to them. Now the Washington Post reports that the NSA secretly piggybacks on the tools that enable Internet advertisers to track consumers, using 'cookies' and location data to pinpoint targets for government hacking and to bolster surveillance. The agency uses a part of a Google-specific tracking mechanism known as the 'PREF' cookie to single out an individual's communications among the sea of Internet data in order to send out software that can hack that person's computer. 'On a macro level, "we need to track everyone everywhere for advertising" translates into "the government being able to track everyone everywhere,"' says Chris Hoofnagle. 'It's hard to avoid.' Documents reviewed by the Post indicate cookie information is among the data NSA can obtain with a Foreign Intelligence Surveillance Act order. Google declined to comment for the article, but chief executive Larry Page joined the leaders of other technology companies earlier this week in calling for an end to bulk collection of user data and for new limits on court-approved surveillance requests."
Advertising

Twitter Will Track Your Browsing To Sell Ads 120

jfruh writes "Remember how social networks were going to transform the advertising industry because they'd tailor ads not to context or to your web browsing history, but to the innate preferences you express through interactions and relationships with friends? Well, that didn't work with Facebook, and it turns out it's not working with Twitter either. The microblogging site has announced that it's getting into the ad retargeting game: you'll soon start seeing promoted tweets that are chosen based on websites you've visited in the past. The innovation, if you can call it that, is that the retargeting will work across devices, so you can be looking at a website on your phone and see promoted tweets on your laptop's browser, or vice versa."
Cellphones

NSA Tracking Cellphone Locations Worldwide 256

tramp writes "The National Security Agency is gathering nearly 5 billion records a day on the whereabouts of cellphones around the world, according to top-secret documents and interviews with U.S. intelligence officials, enabling the agency to track the movements of individuals — and map their relationships — in ways that would have been previously unimaginable. Of course it is 'only metadata' and absolutely not invading privacy if you ask our 'beloved' NSA." Pretty soon, the argument about whether you have in any given facet of your life a "reasonable expectation of privacy" may take on a whole new meaning. Also at Slash BI.

Slashdot Top Deals

10.0 times 0.1 is hardly ever 1.0.

Working...