privacy
Latest
Proposed bill would force ISP, WiFi logs for security, criminal investigations
This proposed bill has been floating around the ether for a long time -- and it's just made a big time comeback. Essentially, the Republican-backed bill would be a "sweeping" federal measure which would require all ISPs and many WiFi access point providers to keep records of their users for two years, in order to aid police investigations. There are two separate bills -- one in the Senate and one in the House -- both named the "Internet Stopping Adults Facilitating the Exploitation of Today's Youth Act," or Internet Safety Act. Catchy, right? The bill would cover, as already stated, not just the major ISPs, but WiFi providers, including both public and password protected access points. The bill is undoubtedly going to be quite controversial, but is also expected to appeal to legislators across both parties. We'll see what, if anything, becomes of it, but in the meantime, what are your thoughts on this one?
Man in the box
People usually play MMOGs as a way to escape real life. Well, according to The Guardian, real life may just be trying to push its way into MMOGs. Several EU government bodies recently came together and released a report titled, Virtual Worlds, Real Money: Security and Privacy in Massively Multi-Player Online Games and Social and Corporate Virtual Worlds. Sound heavy? It is.It seems the impetus for creating this agency position paper was that "2007 was the year of online gaming fraud." The executive summary states that malware targeting MMOGs increased by 145% and over 30,000 new programs emerged with the aim to gain access to accounts and steal virtual goods to sell for real money. The report describes 14 key risks in detail, including avatar identity theft/identity fraud, harassment, problems with online dispute resolution, and security risks for minors just to name a few. The agency also makes 12 recommendations to governments and MMOG developers to address these risks.It seems inevitable that one day we'll have Big Brother looking over our shoulders as we peck away at our keyboards pwning n00bs. It also raises a couple big questions. How far will they go? Will it improve things or make them worse? Time will tell.
Talkcast tonight, 10 p.m. ET: The 'let's hope the Super Bowl is over by then' episode
Last week, my friends Steve Sande and Megan Lavey joined me for an erudite discussion over drinks about the White House's tech woes, the iWork trojan making its rounds, and our favorite Mac memories. Feel absolutely free to download the show from Talkshoe or subscribe in iTunes. This week, hopefully, the Super Bowl will be done and dusted before 10 Eastern, so we can recap the news of the week and take your calls! We plan on covering more tips for keeping your data safe, and talking about the pros and cons of renewing your MobileMe subscription. Come prepared with your questions, comments and ideas, and we'll put them on the air! To participate on TalkShoe, you can use the browser-only client, or you can also use the classic TalkShoe Pro Java client; however, for maximum fun, you should call in. For the web UI, just click the "TalkShoe Web" button on our profile page at 10 pm Sunday. To call in on regular phone or VOIP lines (take advantange of your free cellphone weekend minutes if you like): dial (724) 444-7444 and enter our talkcast ID, 45077 -- during the call, you can request to talk by keying in *-8. Talk with you then!
Mac 101: 7 tips for Data Privacy Day 2009
Today is Data Privacy Day, a global initiative to highlight information security rights and practices, especially among teens, professionals, corporations, and the government. As part of the celebration, TUAW (along with our sister blog Download Squad) has seven good ideas for you about how to keep your data safe and away from prying eyes with Mac OS X Leopard. Also, be sure to browse TUAW articles filed under Security for other tips and alerts about keeping your data safe. 1: Turn on your firewall Leopard, as we all know, comes with a built in firewall to prevent other computers from connecting to internet-facing ports on your computer. But: Did you know it's turned off by default? To turn on your firewall, open System Preferences, and click the Security icon. Then, click the Firewall tab. Make sure either "Allow only essential services" is selected, or you can choose to "set access for specific services and applications" yourself. You can also use "Stealth Mode": when enabled, computers that send data to blocked ports won't even get acknowledgement that the data was received. To enable Stealth Mode, click the Advanced button on the Firewall tab of the Security preference pane, and click the check box next to "Enable Stealth Mode." 2: Set a screen saver password A feature popular with Windows users, Mac OS X can also lock your screen when your computer sleeps or when the screen saver comes on. Simply open System Preferences, select Security, and choose the General tab. Click the check box next to "require password to wake this computer from sleep or screen saver," and you're all set. If you have automatic login enabled and click the "require password" check box, Mac OS X will recommend that you disable automatic login. This means you'll have to enter your password to turn your computer on, too; nefarious nogoodniks won't be able to restart your Mac while the screen saver is on to circumvent the need for a password. Good thinking.
Second Life grid protocol leaks avatar locations?
According to Dusan Writer, the Instant Messaging portion of the Second Life grid network protocols contains location information about every avatar who sends an IM to you. It's been known for some time that the fields designed to encapsulate that information were present (though only the estate information was available to the recipient via the Second Life viewer) but it has not been clear that the information about the location of the sender was actually filled in. Apparently, it is -- and it isn't really that hard to get at, for anyone who can implement the protocol, use an existing library or modify and rebuild the viewer source code. This might be considered something of a faux pas, as a similar information leak a couple of years ago required considerable retooling of protocols to avoid anyone who wanted to know your business from ... well, knowing your business.
IMMI tracks ad exposure / effectiveness via cellphone, trips privacy alarms everywhere
Hunker down and find that tin foil cap, pronto! Privacy advocates, we've a new target for you to bang on: Integrated Media Measurement. The 4,900-person media research company is looking to take advertising measurement to a whole new level (or new low, as it were) by embedding tracking modules within cellphones. In short, the module picks up audio from ads and records information about the exposure; in the future, if you were to purchase whatever product you heard about (like seeing a movie that was plugged), it would register a hit and deem you a sucker. As of now, the only testers with these freaky phones are individuals who signed up for this stuff, but you better believe major marketing firms (and TV / movie studios in particular) are perking their ears up and begging to know more.[Image courtesy of Corbis, thanks ugotamesij]
LG intros integrated, adjustable privacy screen for laptops
You're not being paranoid if you're surfing in public and feeling a little self-conscious; that creepy guy to your right is totally peeking over his Times, looking for a vicarious gadget fix. Right now you're probably thinking a privacy filter would help, but they tend to make things look awfully murky even if you're sitting front and center. LG says it has the solution with its new Viewing-angle Image Control display, a 14.1-inch screen able to have its visible extent cropped from 175- down to just 60-degrees via a push of a button, supposedly without impacting overall brightness. It's not the first nor the second such display we've seen with this ability, but it is already in mass production and should start showing up in laptops everywhere soon -- or not showing up, as it were.[Via Electronista]
Dell's One-Touch Privacy filter keeps your Latitude E6400 screen undercover
We're a bit miffed as to why Dell's keeping its new One-Touch Privacy system exclusive to the Latitude E6400, but whatever the story is there, it'll definitely keep straying eyes from seeing too much confidential information. Interestingly, this here filter isn't hardware based; rather, it's a software-driven application that "creates a pixel-based pattern on the screen, reducing the side viewing angles of people seated next to the user." Dell assures us that it has "minimal impact on display brightness" and that it can be activated with a single touch key, but we're still wondering how it landed on the seemingly sky-high $139 price. Talk about paying for the privilege.[Via T3]
Picking apart the MetaPlace Bill of Rights
MetaPlace is not an MMOG. It's a platform for creating virtual spaces that can be used for anything the creators can imagine. As such, the traditional MMO EULA is completely inadequate. Raph Koster -- the head honcho on the MetaPlace project -- made that clear in a panel at AGDC08. So, the folks working on MetaPlace had to come up with a whole new set of rules -- rules that allow users ownership of their virtual property, for example. There's a veritable landmine of problems awaiting this endeavor, of course. That's not to say it's impossible. It's just going to be extremely challenging.Koster published a first draft of the Terms of Service for MetaPlace on his blog the other day. It's based based on the Declaration of the Rights of Avatars that he conceived back in 2000. Readers of the MetaPlace ToS are likely to come away with two impressions. The first: that it's really cool and admirable and that in a general sense, Koster and friends are on the right track. Two is that the MetaPlace team seems to be underestimating just how epic a quest it's committed itself to.
Wired: 'iPhone takes screenshots of everything you do'
On your iPhone or your iPod touch, when you press the Home button, there's a nice little animation that takes you back to the home screen. To create that animation, your iPhone takes a screenshot of whatever it is you're doing, and uses it for the transition. Sounds innocent, right? Not so much, says data forensics expert Jonathan Zdziarski (thank you, clipboard). The screenshot is presumably erased from the iPhone after the application closes, but is any digital file really gone after you delete it? Survey says no. Forensics experts have mined for these screenshots, successfully recovering evidence against criminals accused of rape, murder, and drug deals. They can also recover data from the iPhone's keyboard and web caches, too. In his presentation, Zdziarski also demonstrated how to bypass an iPhone's passcode in order to own the device and access personal data. Time-consuming? Sure (it took JZ about an hour and involved a custom firmware build). Impossible? No. As with all things digital (and networked), your privacy is largely illusory. Time to go Don Draper on this one and just use Field Notes books, my stack of business cards, and the rotary dial. [Via Wired.] Thanks, Kenny!
iPhone dev: Apple gave out my password
Marko Karppinen, an ADC Premier member, iPhone developer, and user like the rest of us, had his personal information released by Apple to an unknown third party, simply because of this one-line email: am forget my password of mac,did you give me password on new email marko.[redacted]@yahoo.com Apple -- apparently with no additional research -- reset Karppinen's password, and changed the email address on the account to the perp's. As a result of the login change, the perp had access to Karppinen's credit card details, developer software seed key, and the contents of his iDisk. Karppinen, understandably, was livid, and sent ADC an email about what happened. A team lead from ADC's European support organization contacted Karppinen, apologizing for the mix-up. The rep promised to find out (from Apple's own logs) what information was compromised. Apple has so far not commented on the incident, outside of what Karppinen says the ADC rep told him. It's unclear what Apple will do in the future to prevent this from happening again. [Via Daring Fireball and The Consumerist.]
World of WarCrafts: Voidwalker doorknob hanger
Every Thursday, Shelbi Roach of The Bronze Kettle guides you in creating WoW-inspired crafts using real world mats with World of WarCrafts.Is your special WoW time constantly getting interrupted? Need to keep people from raiding your domain while you're busy raiding Black Temple? This fanciful doorknob hanger is easy to make and fun for all ages. It's also not too late to add it to your Duskwood Chest for Father's day.Here is what you will need: Voidwalker Doorknob Hanger Template Foam Doorknob Hanger Foam Sheets (blue, light blue, green, purple) Foam Letters (of the sticker variety) Foam Glue Fashion Beads (mixed colors) Xacto Knife/Scissors Click on the images below to view a gallery of step-by-step instructions. %Gallery-24971%
TruMedia says its facial-recognition billboards will never record video, it won't share with cops
Those billboards with facial-recognition-based tracking systems we mentioned last week caused quite a bit of consternation amongst those of us who value our privacy (read: everyone), but it at least one of the firms involved is engaging the debate and promising that it won't share any data it record. In a letter to the New York Times and a much longer, more boring version of the same letter sent to us, TruMedia Technologies says that none of its tech will ever record or store any video, only analyze frames and increment various demographic counters. TruMedia also says that no individually-identifiable information is ever stored, and that it'll never share any video or images with any private or governmental body. There's also mention of a standards body working to address methodologies and metrics for the tech. All excellent promises, sure, but we're never going to be entirely comfortable with this stuff, even if we live in an age of ubiquitous CCTV monitoring. Full letter after the break.
Study secretly tracked 100,000 cellphone users' locations
Ask yourself this: Are you a statistic or a specific example? That's the question being raised in the aftermath of a study in which researchers secretly tracked the locations of 100,000 people to determine their movement patterns. Such studies are considered invasions of privacy -- and illegal -- in the United States, but this one was done in an undisclosed industrialized nation. The subjects were chosen at random out of a pool of 6 million from a mystery wireless provider and tracked based on cell tower triangulation and other "tracking devices." Study co-author Cesar Hidalgo at Northeastern University promises that researchers didn't know the individuals' phone numbers or identities, and offers that the results are a major advance for science. The study found that people are homebodies -- most stay within 20 miles of their home and are rather habitual. Scientists say the findings -- to be published in Nature on Thursday -- can help improve public transit systems and even fight contagious diseases.[Thanks, Doug][Via MSNBC]
JIRA leaked user email addresses
According to an email sent to some users of the Second Life public JIRA by Linden Lab, a number of users have unintentionally had their email address published on their JIRA profile page. Apparently JIRA profiles included the account's registered email address from 20 May to 24 May. Users whose JIRA profiles were logged as being accessed during that period have been emailed to alert them that their email addresses may have been exposed. Even though email addresses may be considered comparatively innocuous, many virtual world and MMOG users value their privacy very strongly, even if they are not anonymous. This isn't the first time that confidential user-data held by Linden Lab has been unintentionally exposed, and it would be unwise to suggest that it will be the last time. [Thanks, Sean Heying]
RIM changes course, promises to keep Indian Blackberry network secure
Although several Indian news outlets reported last week that RIM was preparing to let the Indian government monitor the domestic Blackberry network, it appears that the outcry has prompted the company to change course and announce that it's committed to "serving security-conscious businesses in the Indian market." That's a big reversal from the rumored plan, which would have allowed Indian security agencies access to the network in exchange for taking the blame for any leak of user data. Of course, not everything's quite settled yet: the Indian government is still demanding that RIM furnish "satisfactory answers" to its security questions, and RIM told the AFP that there are some other ways for "government to take care of security concerns" without elaborating further. Based on RIM's enterprise-heavy statements and refusal to comment on the consumer service, we'd guess that enterprise customers will probably get to keep their networks locked down, but that consumers shouldn't expect their messages to be secure. Not the best compromise, but we'll see how this all plays out.
Azeroth Security Advisor: Preserving your online privacy
Every week, computer security expert Jon Eldridge is your Azeroth Security Advisor. He will delve into the darkest reaches of computer security rumor and bring the facts back home even if they're wriggling at the end of a pike. His goal is to provide useful information to gamers who don't think about security much and flame fodder for those self appointed experts who need to rationalize the cost of their expensive certifications. Like any good security force he's a mercenary at heart and is happy to take subject requests from the user community that he serves. So feel free to leave a comment below or just sit back and enjoy the show. So you've made it to the top. You're in a 1337 raid guild that can sleepwalk through heroic instances. The PvP teams that are lucky enough to have you grace them with your presence are first in your battle group. Your favorite hobbies include disenchanting purples and watching the n00bs pass out when they inspect your gear. You've been around since beta and everywhere you go people know your name. Yep is sure is great to be you(r toon). /emote pat self on back. Then it happens. You login to find that somebody in your guild is the object of much ROFLMAO and that somebody is you. Your stomach drops out and your heart goes into overdrive as you read that chat. Now everybody in your guild knows your real name, home address, social security number, political affiliation, and drivers license number. But wait it gets better! Your arch rival just posted links to your online dating profiles, anarchist news group posts you made back in high school, and your criminal history. You've been RL PWN3D in the worst possible way.
UK planning to monitor and record every phone call, web page, and email sent by citizens
We're not sure if these plans will ever make it to reality, but the Telegraph is reporting that Britain's Home Office is working on database designed to store the details of every phone call, email, and web page accessed by British citizens in the previous year. The idea is to have various telecom providers hand over their records, which will all go into the database and then be accessible by police upon receipt of a court order. Of course, there's no reason why police couldn't simply ask the ISPs for the appropriate data when they get that court order, since records are already required to be kept for a year, but sometimes it's important for a government to build a massive scary database of personal information with endless potential for abuse by embittered low-level bureaucrats, you know? The plan is still in draft stages, so hopefully it dies on the table -- and if not, well, the NSA welcomes you with open arms, British expats.[Via National Terror Alert]
Free Vista Ultimate headed to Windows Feedback exhibitionists
Great news for those of you enrolled in Microsoft's Windows Feedback Program. In exchange for giving Microsoft access to your computing habits for the last 3 months, your free copy of Windows Vista Ultimate, Office Ultimate '07, Money Plus Premium, Encarta Premium or Streets and Trips (depending upon your enrollment selection) should be delivered in the next 4 to 6 weeks. Oh sure, the price for the most popular choice -- Vista Ultimate -- has dropped $80 since you flittered away your privacy. It's not like the MyFaceSpaceBook types have anything left to hide anyway. And free is free no matter the cost, right? [Thanks, Gal C, Anthony, and everyone who sent this in]
Telecom immunity for domestic spying dies on House floor
The House of Representatives just took a long weekend break without voting on the Spy bill sent down from the Senate. As such, our beloved carriers' hopes for immunity from those pesky US privacy laws have disintegrated. At least for the time being -- the fight between the baddies and goodies (however you define that) isn't over by a long shot.
