Proof of concept code BEAST, which is short for Browser Exploit Against SSL/TLS, that can defeat SSL on an address protected by the HTTPS prefix… which is like every secure site on the Internet. [Read more...]
From LifeHacker comes a Guide to Google+ Privacy and Information Control. Google+ is the new social networking kid on the block, and one of the main reasons so many people are interested in the service over Facebook is Google+‘s proclaimed focus on protecting users’ privacy. Whether you’re a new Google+ user or you’re already a pro, understanding how to control your information on the site can make you feel much more at ease on the social network. Here’s the lowdown on Google+‘s privacy controls, including a few of the more buried settings you’ll want to know about.
This guide will take you through setting up Google+‘s circles with an emphasis on how they work from a privacy perspective, how to control what others can see about you on your profile, your options for selectively sharing posts with others, and some miscellaneous settings you’ll want to tweak—like only allowing friends to start Huddles with you. [Read more...]
You’ve probably never heard of Google’s Data Liberation Front, but they are an engineering team at Google whose ONLY goal is to make it easier for users to move their data in and out of Google products. We live in a web of services that want to control all of our information and NOT let it out *cough* Facebook not letting us export contacts *cough*.
So they have a funk and fun team name, but in the end this is just another Google service. It lets you easily take your data out of several Google products. So far it supports Buzz, Contacts and Circles, Picasa Web Albums, Profile and Stream. They promise support for more services and products later on; I certainly hope they get on Google Voice soon.
In a welcome but long overdue move, Facebook is going to start rolling out full HTTPS support for their site this week. Currently, you can access Facebook securely by typing in
httpsbefore the web address, but it doesn’t work everywhere on the site, meaning you’re still pretty vulnerable to Firesheep attacks and the like. Once the feature becomes available, you’ll see it in your Account Settings, and you’ll be able to sleep a bit more soundly knowing you’ll besafer on public Wi-Fi networks.
Hit the link to read more. [Facebook Blog]
Few devices know more personal details about people than the smartphones in their pockets: phone numbers, current location, often the owner’s real name—even a unique ID number that can never be changed or turned off and the Wall Street Journal dove in and found out just how many secrets they know and what they’re doing with it.
The Journal‘s report exposes much of what we already suspected, or outright knew but didn’t bother thinking about: iOS and Android apps are having a field day with your personal info. More than half of the 101 popular apps they tested sent your UDID to companies without your awareness or consent. Nearly as many sent your location, and a handful even sent along demographic info and other personal details to advertisers.
It’s a small sample size given the hundreds of thousands of apps out there, but it’s hard to imagine that the most prominent names just happen to be the most aberrant. And the list of worst offenders also reads like a roll-call of must haves: Pandora. Angry Birds. Netflix. Shazam. Yelp.
And yes, it makes perfect sense that apps that deliver location-based information would need to know your location. But the extra step of passing that on to marketers is something a user should at the very least have knowledge of, and should ideally be able to opt out of. Not everyone enjoys highly targeted ads so much that they’re willing to compromise their privacy to have them on their phone. The makers of TextPlus 4, Pandora and Grindr say the data they pass on to outside firms isn’t linked to an individual’s name. Personal details such as age and gender are volunteered by users, they say. The maker of Pumpkin Maker says he didn’t know Apple required apps to seek user approval before transmitting location.
iOS apps shared more data than Android apps, on the whole—somewhat surprising given the rigidity of the App Store approval process compared to Android’s looser environment. And there’s really nothing you can do to stop it.
There’s something Apple and Google could do, though: create privacy policies. Make it abundantly clear to users what information apps are going to take, who they’re going to send it to. And if you’re feeling really generous this holiday season, give us a chance to opt out.
For the full chart—and to get educated about who’s spreading your info—head over to the Journal‘s damning interactive graphic.