Category Archives: Privacy

German Privacy

Posted by on 11 October, 2012 No comments

It’s been revealed that the German ministry for home affairs (and thus the German police) are monitoring Skype, Google Mail, MSN Hotmail, Yahoo Mail and Facebook chat if deemed necessary.

Skype used to be secure, encrypting data before being sent across a P2P network. Now we see that some authorities have a way to eavesdrop.

So just keep in mind that if you value privacy you shouldn’t be using the networks shown above. It’s also a good time to remind you that SMSs are often recorded for the same reasons.

More details here.

Facebook Apps

Posted by on 3 September, 2012 No comments

As Facebook continues to grow and become a larger part of everyone’s lives, security and privacy concerns have become more important than ever. So a company called Secure.Me has stepped in with a tool to warn you about privacy issues, called App Advisor.

Facebook allows 3rd party “apps” to use your data for various things. Like collecting your friends’ birthdays to remind you of them, or sharing your game updates with everyone. But it’s not always clear what personal information is collected or shared. Secure.Me’s new App Advisor tool tells you, in plain English.

It comes out on Wednesday and installs as a browser plugin. It supports Firefox, Chrome, and Safari. (If you’re still using IE I highly recommend installing Chrome).

How does Secure.Met App Advisor work?

It starts working when you load Facebook on your PC (so it won’t work on your iPhone). It then notices what Facebook Apps you’ve added to your account. This part is great, because most people don’t know what Facebook Apps they’ve added, or won’t remember what they added 2 years ago.

Then it looks up each app in their database, and tells you what they know about the app.

I think it’s brilliant. It gives you independent advice about Facebook apps, when you need it, and without having to really do anything.

When it launches on Wednesday I’ll update this post with more information.

LinkedIn iPhone App

Posted by on 6 June, 2012 No comments

LinkedIn has an iPhone and iPad app. One of its features is ”an opt-in feature which allows users to view calendar entries within the app“.

Some security researchers have been analysing this app and have discovered that when using the calendar feature it sends data to LinkedIn’s servers. It sends all of your calendar events, without explicitly asking for your permission.

This is considered a privacy risk. If you use the LinkedIn app on iOS, turn off the feature.

You should expect LinkedIn to make a statement about this issue, and eventually resolve it. I’ll post any updates here as they happen.

Update 7 Jun 2012:

LinkedIn have responded to these privacy concerns – you can read their comments here. Basically they confirm the privacy issues and justify it. They’ve also made changes to their iOS app to address the issue, the updated version is 5.0.3.

And at the same time someone in Russia claims to have hacked LinkedIn’s servers and has a list of over 6 million hashed password. A hashed password means they can’t read your password yet but given enough time it can be found. This incident is unconfirmed by LinkedIn, but it would be a good time to change your account password.

Phone Tracking

Posted by on 20 February, 2012 No comments

Mobile phones (or cell phones or hand phones, depending where you are in the world) can be used to track the location of people. This has always been possible, because of how the cellular network works. But now it’s easier for hackers.

The GSM system (used by most phone companies) has a test mode built in. A recent demonstration by a university showed that anyone can access this test mode and request the location of any phone, if they have the right skills and equipment. The equipment doesn’t cost very much, and the skills can be shared on the internet.

Mobile phones use base towers to handle the communication. The phone network needs to keep track of which towers are closest to you. And by using triangulation, an approximate position can be calculated.

Here is the research paper by University of Minnesota explaining how they tracked phones: Location Leaks on the GSM Air Interface.

What can you do?

Nothing. Law enforcement organisations have always had access to your phone’s location. Hackers now have it as well. If you need to keep your location private then don’t carry a mobile phone. You could also keep it turned off until you need it, but as soon as you turn it on the cell network will know your location.

Android Phone Virus Listens In On Calls

Posted by on 25 February, 2011 No comments

This had to happen sooner or later. A virus has been discovered that can affect Android phones. It uses the conference call feature of the phone to send your conversations to a remote server (spying on your conversations).

The virus is reported to now be on over 150,000 phones. This is quite serious. There are also two strains of the virus now, indicating that people are working on making things worse for everyone.

This virus is called HongTouTou. It was discovered in an app called Dynamic Footprint Wallpaper, hosted on an app store in China. More information here.

How can a phone get a virus?

Android phones are smartphones, meaning the phone is actually a computer. And like any other computer you can download and install programs onto it, commonly called Apps.

Now the philosophy behind Android phones is that it’s less regulated than other phones, such as Apple’s iPhone, and you’re free to install any app you want. Even ones that contain viruses.

With Android phones you have a choice where to download your apps from. And unfortunately this included untrusted sources where people can add viruses to apps. It’s all very similar to Windows PCs and the popular viruses from a few years ago.

What about iPhones and other phones?

This particular virus only affects Android, not any other phones.

How to avoid HongTouTou?

For now the best thing to do is to only use app stores you trust. Don’t rush into downloading an app just because it’s popular or cool, read up on it first.

 

BlackBerry Hoax Message

Posted by on 15 January, 2010 No comments

fire The following message gets sent to BlackBerries. The idea is that people believe what’s written there and forward it to all their contacts. Then each one of those people repeats the same process.

It’s a hoax. No damage can be done by the message, whether you forward it or not. And of course it will annoy people if you do forward it. It’s also very unprofessional to forward things like this to work contacts.

The message reads:

Do not accept this contact : 21536 (mireya diaz) she’s a hacker!!!! She will format ur blackberry and all ur contacts also.

Att: if one of ur contacts accept her u will get hacked also!!! Send this to all ur contacts

And don’t take the mentality that you should forward it “just in case”, or that it’s “better to be safe than sorry”. This is the wrong attitude. Make a stand and accept that it’s a hoax, and let others know.

There’s also something called a “barcode photo” that people talk about on BlackBerry forums. I don’t use a BlackBerry so I don’t know what this is, but apparently you shouldn’t share this barcode with people you don’t trust. It lets strangers add your BlackBerry to their contacts and send you hoaxes etc. You should stay in control of your privacy and choose who to share details with.

Flash Cookies

Posted by on 8 September, 2009 No comments

Some people know what a cookie is, what it’s good for and how it can be abused. If you don’t here’s a very short summary:

  • Cookies are codes that web sites save to your computer
  • They’re used to help web sites remember who you are. E.g. when you log onto eBay and come back the next day, it remembers who you are.
  • Marketing companies use them to keep track of how many of their ads you saw and where you might have seen them

So they’re not really a bad thing but marketing companies use them to track things about you. Then there are programs that try to delete them off your PC. Usually these programs are branded with words like “anti-spyware”, this isn’t completely accurate but that’s where you’ll see them. This is all fine so far.

And you can always delete cookies yourself. In Internet Explorer there’s an option in the Tools menu. All other browsers have similar options, usually in a tools or settings menu.

But there’s another kind of cookie that often gets overlooked – they’re called Flash cookies.

Unlike regular cookies, Flash cookies are not stored in your web browser’s settings. Deleting all privacy data leaves Flash cookies alone. Even deleting all cookie files off your drive skips Flash cookies.

Flash has a feature that lets web sites store a bit of information on your computer, just like a regular “cookie”. By itself this is harmless, but some developers have taken advantage of its features and use them to track you just like regular cookies. This by itself could be seen as a minor annoyance, it’s not dangerous.

But it’s also possible for a web site to restore a cookie that you deleted. Now this is a misuse of privacy. You see, when you tell your computer to delete all privacy data, and it later reappears, things are happening against your will – this is morally bad. The way they do it is developers create some code that uses Flash to store a copy of a cookie and if the cookie is gone it rewrites it.

What can you do about it?

On Windows you can install “Better Privacy” or “Ccleaner”.

On Mac OS X you can install “Flush.app” or delete the Flash cookie files the hard way.

There’s also a great deal more information in this article.

It’s now up to Adobe (the company that makes Flash) and web browsers to treat this as a privacy bug and to improve their browsers.

Smartphones can be used to spy on you

Posted by on 23 July, 2009 No comments

Phones have become quite sophisticated devices recently, hence the term “smartphone”. They can connect to the internet, download programs, and keep track of your life. All useful features.

Phones can also be used to spy on you, as some people in United Arab Emirates discovered. In this case a network carrier (Etisalat) sent their customers an update that installs on their BlackBerry phones. They told their customers that the update was “required for service enhancements.”

What they didn’t tell their customers is that the update contains spyware made by a company called SS8 Networks. This spyware sent information to their company using the phone (which incidentally drained their batteries from uploading so much data).

It’s still unclear what this spyware actually does, or why it was installed on their customers’ phones. You can read more information on this incident here.

In theory phone spyware could activate the phone’s microphone and/or camera and send information to another site. Or it could intercept SMS’s and phone calls. And so many phones these days also GPS receivers in them so spyware could also theoretically keep track of your location. This is all scary stuff.

There isn’t much we can do about this threat at the moment, if your life or work involves privacy then consider using an old phone with limited features instead of today’s smartphones.

Privacy In Web Browsing

Posted by on 6 July, 2009 No comments

When you visit a web site then later visit another web site, your web browser keeps a history of these sites. You can see this history by going to your browser’s menu and clicking on History.

In the past this history was private because it exists only on your PC. But recently it’s been proven that it’s possible for web sites to get a peek into your browser history. This could be a privacy concern for some people. Here’s how it works.

Some people have come up with some clever code they can place on their site. It basically asks your browser if you’ve visited a particular site before. For a demonstration click here and click on the Get Started link in the centre. Don’t worry, nothing bad will happen, it’s just a demonstration.

So how does this affect you?

You just need to be aware that privacy on the internet is fairly limited these days. If you have something to hide (for whatever reason) or you’d just like a bit more privacy, there are steps you can take to prevent this. It’s a bit technical for beginners but with a bit of effort it’s achievable.

  • Some browsers now have a “privacy” mode. For example, Google Chrome calls it “incognito”. Privacy mode doesn’t keep track of which sites you’ve been to.
  • You can use Firefox and install something called the “NoScript addon”. This will block the code I mentioned above.