- SSL in outbound links from search engines
EFF has a great post that discusses how search engines could help our privacy even further by linking to encrypted versions of pages in their results where possible rather than the plain text. Not surprisingly, the privacy conscious search engine, Duck Duck Go, is already doing this. I switch the search engine in my browser some time back to DDG and each new announcement of the concrete steps they are taking to protect my privacy makes me feel that much better about my choice. - New book on Canadian digital copyright is out, including a free electronic edition
Cory shares the news from Michael Geist about this book from Irwin Law. At over six hundred pages, this is a considerable commitment to the subject. The focus is primarily on the most recent copyright debates in Canada, centered on the hotly contested bill C-32. The free PDF version is available under a Creative Commons license making the wealth of material available to, as the cover blurb suggests, be used freely to improve directly the quality of the discourse. - The BBC covers the crowd funded plan to build a working analytical engine, BBC via Hacker News
- FSF launches a hardware focused initiative
According to the H, the “Respects your Freedom” program is an endorsement based on a device using free software, being built with free software, and allowing user installation of modified software. This reminds me of Neuros’ Unlocked mark from a couple of years back as it is also trying to draw attention to manufacturers that support end user freedom, an increasingly important issue when anti-jail-breaking stories seem to be showing up with increasing frequency. - Government admits to Facebook spyring, Slashdot
- Suit claims Facebook leaked real names of users to advertisers, The Register
Tag: Facebook
feeds | grep links > Hotels Held to ISP Regulations, Another Interactive HTTP Tool, and More
- Dutch hotels must register as ISPs , Slashdot
- Tracking social influence through Facebook apps, Ars Technica
- An alternate interactive HTTP tool
Nat’s Four Short Links at O’Reilly Radar today included a second tool useful for learning and troubleshooting the HTTP protocol. Webshell is written in JavaScript, unlike httpy which is a Ruby application. From the README, Webshell is meant to run in node.js, which actually looks like a pretty simple proposition. - Techniques to kill the indestructible browser cookie, Via Hacker News
Quick Security Alerts for the Week Ending 10/10/2010
- Security problems inherent in the smart grid, Scientific American
- Analyzing CAPTCHAs, Schneier on Security
- MySQL update addresses DoS vulnerability, The H
- Security updates for PostgreSQL, The H
- Reader, acrobat patches plug 23 security holes, Krebs on Security
- Facebook, Twitter used in stock fraud schemes, ReadWriteWeb
- FCC may confront ISPs over botnets, malware, Krebs on Security
- Schneier on Stuxnet, Schneier on Security
- EU agency report on Stuxnet, The Register
- Foxit patches PDF software flaws, Zero Day
- Spammers use soft hyphen to hide malicious URLs, Slashdot
- Oracle update delivers 81 database security fixes, Zero Day
Facebook Profile Download Is Not Data Portability
I was one of the ones who quickly and without much thought applied the label of portable to one of the new features Facebook announced yesterday, specifically the ability for users to download their own profile data. Alisa Leonards, communications chairperson of the DataPortability project clarifies what portability should really entail and how Facebook misses the mark.
Data portability is the idea that users are, and should be, in control of their data, how its used, and have access to it at any time. Beyond this, data portability inherently implies data interoperability— the ability for your identity and social graph data to be used across any site or service, as controlled by the end user, and therefore requires the use of open web standards. Facebook’s “Download Your Info” is NOT data portability. It is data accessibility.
That is more than just a definitional point. First, she is speaking to a much more functional notion of portability. You should be able to move about to different messaging, identity and other social service providers seamlessly, without an interruption in your connection of friends and acquaintances. That is what she means by interoperability.
Second, as she goes on to make clear, Facebook’s TOS are unchanged. You are at most making a copy of the data they will retain on their servers. You cannot execute a hard delete after you’ve downloaded your data.
There are other, more nuanced concerns about how this all works in practice, too. EFF has an excellent post amplifying Leonard’s points. While they give Facebook some credit, EFF also holds their feet to the fire on similar gaps in true portability and the privacy implications that arise from those omissions.
Why downloading your data is not data portability, DataPortability Blog
TCLP 2010-08-22 News
This is news cast 223, an episode of The Command Line Podcast.
In the intro, an obligatory reminder there will be no new shows on the 29th, the 1st and the 5th because of Dragon*Con. Also, if you are in the north west of the UK, check out U^3 an UnWorkShop being held the 28th of August.
This week’s security alerts are a Firefox bug bypasses URL protection for embedded frames and an old Linux Kernel flaw allows exploits to acquire root privileges.
In this week’s news the end of privacy, a new probabilistic processor design, a thirty year old crypto system is resistant to quantum cryptanalysis, and privacy concerns (among others) over Facebook’s new Places feature. The EFF already has a guide to protecting your privacy against it.
Following up this week EFF appealing the Jewel v. NSA warrantless wiretapping case and negotiators concede ACTA isn’t about counterfeiting after all.
[display_podcast]
View the detailed show notes online. You can also grab the flac encoded audio from the Internet Archive.
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.
Quick Security Alerts for the Week Ending 8/22/2010
- Virgin media to warn malware-infected customers
- Network solutions sites hacked by widget
- Network solutions pulls widget that tainted so many web sites
- Dislike button scam hits Facebook
- Short passwords hopelessly inadequate
- ColdFusion bug more serious than Adobe claims
- Android app may be secretly uploading GPS data
- Clickjacking could affect mobile devices too
- Data loss bug in CouchDB fixed
- Adobe to patch Black Hat bugs this week
- Facebook clickjacking scam
- Critical Xorg vulnerability quietly patched
- Facebook login page still leaks sensitive info
- Reintroducing a malware hash registry
- Researcher finds common flaws in 40 Windows apps
- Adobe issues fixes for critical Acrobat, Reader flaws
- Google closes critical vulnerabilities in Chrome 5
- Google makes good on its bug bounties
Security Alerts for the Week Ending 8/15/2010
- Foxit fix for iPhone PDF flaw
- Apple to patch iPhone PDF flaw this week
- Apple releases fix for iOS PDF exploit
- Cars hacked through wireless tire sensors
- Critical updates to Windows, Flash Player
- Dissecting a click fraud botnet
- Adobe warns of critical Flash player flaws
- New undetectable trojan empties bank accounts
Via Hacker News. - Opera fixes high severity vulnerability
- Chrome beta addresses autofill vulnerability
- Server based botnet drives massive SSH brute force attack
- Facebook bug could expose users’ names, photos
- Nagging security flaws in Windows auth protocol
- Critical QuickTime flaw hits Windows
- Security bug may enable snooping on Android, Palm Pre
- Blackhole your malware
Security Alerts for Week Ending 8/8/2010
- Android rootkit released at Defcon
- Highlights from Black Hat and Defcon
- Mozilla finds flaw in Black Hat video stream
- Researchers find GBs of stolen data in a botnet
- Useful security extension may make it into Linux kernel
- Patch for critical Windows flaw available
- Antivirus vendors mostly ignore Windows security features
- Attackers can use XSS and Google to find a user’s physical location
- New iPhone vulnerability in its PDF viewer
- Vulnerability disclosure initiative puts pressure on vendors
- 10K node botnet taken down in the UK
- Apple prepares iOS fix
- EFF project to assess genuine security of SSL certificates around the web
Via Hacker News. - Facebook adds photo based security check
- Adobe readies emergency fix for critical PDF Reader security hole
- Private browsing mode doesn’t always work as well as advertised
- Scammy Firefox beta 4 download used to spread a trojan
- Hoax Facebook virus stirs more trouble than a real one
- Criticisms of security in IPv6
- New Windows 7 zero day flaw
- Memcached opens accidental security hole
- Companies use browser history to bypass privacy
HT walkerh.
Following Up for the Week Ending 8/1/2010
- Australia censors most of web censorship plan
- Facebook may finally be allowing full deletion of user accounts
- Peter Sunde banned from operating The Pirate Bay
- Patent office ends Microsoft’s attempt to overturn i4i patent
- 2nd suit launched over student laptop webcam spying
- A peek inside the secret network neutrality meetings
- UK privacy watchdog clears Google WiFi slurp
- USPTO seeking interim new guidance on Bilski
- Google web search blocked for some in China
Security Alerts for the Week Ending 8/1/2010
- Reputation service for malware vendors
- Timing attacks explained
Via Hacker News. - Firefox patch addresses critical plugin problems
- Google fixes critical vulnerabilities in Chrome 5
- Few victims of rogue antivirus software fight back
- Microsoft ships anti-exploit tool for admins
- Version 2.0 of NoScript add on for Firefox released
- Leaked user data from Facebook came from public info
- Hacker breaks into ATM, dispenses cash remotely
- Android wallpaper app snags user data, donwloaded by millions
Via Hacker News. - Android developer defends against accusations of stealing user info
Via Hacker News. - More on WPA2 crack
- Scareware as a fake Firefox add on
- Microsoft to release an emergency fix for exploitable shortcut flaw