Category Archives: Privacy

What’s good for the goose…

Posted on by

So Microsoft is being ordered to produce (C|Net, Ars Technica) email held aboard on computers outside of America at Microsoft’s Irish division in Dublin.

Let’s have a gander…

The logic being, a parent company / entity, doing business in the US, but storing client information overseas as part of a subsidiary’s business, because its physically closer to the subsidiary’s clients, still maintains control over that information and can be compelled to produce that information despite being physically outside the USA’s jurisdiction.

First that flies in the face of European privacy and data retention laws, and new laws, like in Russia, requiring that data of users be held on their home soil. If a government can compel a company to hand over any data the company has access to from any where in the world, then privacy and international borders mean nothing any more.

Second that argument will open American businesses with offices overseas to similar legal arguments in foreign countries. How would Americans feel about China issuing warrants for Microsoft user emails held in the US?

Or more interestingly, consider how the FBI (and CIA) have liaison offices around the globe, how would the US government feel about an FBI liaison office aboard being sued and issued a discovery order against computers they control on US soil?

Have you lost your password?

Posted on by

So today I wake, sit for breakfast, and turn on my Nexus 7 to get my morning dose of Slashdot, CNET News, and Twitter. I go through the typically routine and also check for application updates — oh goody new Firefox Beta and Google Keyboard. Tap update all.

Ding! Up pops a screen; Google Keyboard app. asking for new permissions: Network Communication and Read Your Contact Info. Really?! In a keyboard application? (Yes people app. is an abbreviation for application and not a trademark as Apple would like to think.) You got to be kidding me! In light of this week’s public exposure of the NSA’s surveillance of the American Public’s phone metadata, Google really wants you to let their keyboard application have network access! WHAT THE FUCK FOR!?

This just begs the question if Google is being secretly compelled by the NSA to install key-logger software to collect your passwords and your contact information. Or maybe Google is going to offer a new lost password search service.

NSA Related stories:

Max Privacy, Min Tracking, Zero Pain

Posted on by

I absolutely hate online advertising, junk mail, and spam. More and more I rail against the intursion of advertising into every nook and cranny of our virtual and real lives. First it was ads in news print, magazines, radio, TV, billboards, flyers, t-shirts, sky writing, etc. Then the assult on our eye balls via Internet and mobile devices through web sites, news feeds, video clips, text messages, social media feeds, computer applications; its just appauling. Add into the mix the personal information gathered and data mining that make advertisers and governments drool, there has to be a line drawn somewhere and a push back by the public to say enough is enough. Big Brother can go frak himself.

Now I’ve been using the Internet for a long time, since university in the late 1980’s and BBS’ before that. So I have a long and established digital foot print, from free software offerings, newsgroup postings, programming contests, several domain names, a blog, twitter, and who knows what else. So finding out something about me and my past is not that hard if you know how to thread together the diverse information.

Still despite all that, I still endeavour to protect my online privacy with a good measure of success. Here is an outline the steps I’ve taken:

  • Use a browser that has good “cookie” management and a variety of add-ons, like Firefox. Chrome is a fast browser, has good cookie controls, and supports many of the add-ons available for Firefox, I have privacy concerns since it is built by Google and integrates into some of the very services that track you on-line. I’m less familiar with Opera.

  • Disable third-party cookie support. Also consider being prompted about every cookie request, or at the very least auto-delete them all when you close the browser, effectively forcing session only cookies.

    I typically block all cookies by default, making exceptions only when a site a really want to use requires them in order to function, especially all advert and metrics cookies. Sometimes this level of cookie management is only for the power-user, in which case accepting cookies and deleting (or adding exceptions) when the browsers exits is easier.

  • Enable the “Do Not Track” option supported by many browsers.

  • In Firefox visit the about:config, find the option network.http.sendRefererHeader, and set the value to zero (0).

  • Install Adblock Plus available for Firefox, Chrome, Opera, and Android.

  • For Firefox, install Beef Taco for enabling tracking advertising cookie opt-out (TACO).

  • Install the DoNotTrackMe browser add-on. Similar to Beef Taco, but more widely available and covers other tracking methods.

  • Purchase a one-time consumer license and install MalwareBytes Anti-malware Pro with on-access protection enabled. I’ve found this software to be superior, faster, and more accurate than all the anti-virus products I’ve used in the past. It also blocks access to suspicious IP addresses by applications. Firefox and Chrome have a similar built facility, but MailwareBytes does it for all the other network applications.

  • For the power-users, learning how to edit and use /etc/hosts (Unix) or C:\Windows\System32\drivers\etc\hosts (Windows) to block advertising sites. Similar to what the add-ons do, but applicable to all network applications. I’ve used it to block advertising in AIM, ICQ, and Skype at a minimum. Essentially you find out the hostname of an advert service and add it to the hosts list with an IP address of 127.0.0.1, which redirects those advert requests to locahost (your computer), which then go unanswered.

Update:

  • Firefox now defaults to secure Google searches over SSL using https://www.google.com/. However your search terms can still “bleed through” to web sites you click on from the results. This can be fixed by copying (assuming Windows):

    C:\Program Files\Mozilla Firefox\searchplugins\google.xml

    to your personal profile:

    C:\Users\$USER_NAME\AppData\Roaming\Mozilla\Firefox\Profiles\$MAGIC_STRING.default\searchplugins\google_encrypted.xml

    Then edit the google_encrypted.xml file and replace www.google.com every where with encrypted.google.com. Also change:

    <ShortName>Google</ShortName>

    to:

    <ShortName>GoogleSec</ShortName>

    Restart Firefox and make GoogleSec your default search engine (click the drop-list beside the search logo and select “Manage Search Engines”.

  • Its unclear why Google Chrome does not use SSL searches by default, but a similar change can be made in Chrome. Simply go to Settings > Manage Search Engines, click on the Google URL template, change http://www.google.com to https://encrypted.google.com, and click DONE.