Category Archives: Privacy

Facebook Privacy Settings

Posted by on 13 February, 2009 No comments

AllFacebook has listed 10 privacy settings they recommend if you worry about how your personal details are shared with the public. The settings are listed below, together with my comments:

  1. Use Your Friend List – This is just grouping friend according to your own social circles, and you can apply privacy policies to each group. Makes sense since not all friends are created equal.
  2. Remove Yourself From Facebook Search Results – This prevents people finding you on Facebook, good for school teachers etc.
  3. Remove Yourself From Google – This prevents Google indexing your details. I believe this is a good thing, sometimes Google knows too much about about people.
  4. Avoid the Infamous Photo/Video Tag Mistake – This setting lets you control who can see photos of you.
  5. Protect Your Albums – This is similar to item 4, it also limits who can see your photos.
  6. Prevent Stories From Showing Up in Your Friends’ News Feeds – It basically stops gossip.
  7. Protect Against Published Application Stories – Some Facebook applications are silly and embarrassing, this tip explains them.
  8. Make Your Contact Information Private – You can control who gets to see your phone number, email address, etc
  9. Avoid Embarrassing Wall Posts – You can prevent friends posting embarrassing things on your Facebook wall.
  10. Keep Your Friendships Private – You can prevent others seeing your friend list.

The article explains these 10 things in great detail, with screen shots. It’s easy enough for anyone to follow. Read it here.

Mobile Spy on iPhone

Posted by on 19 December, 2008 No comments

surveillance camera This one of those legal spyware programs I mentioned recently. Mobile Spy is used to secretly record SMS and calling data on a phone. It already existed for Symbian and Windows Mobile phones – now it’s available for iPhones.

They claim it runs in a stealth mode to make it difficult to detect. It silently records all SMS text messages and information about all calls. It then uploads this information to a private account on the web.

Apparently future versions of this program will also capture GPS information and details of any emails sent or received.

Why is this legal?

I can’t really comment on the legal side, and it would be different in each country. The company that makes it, Retina-X Studios, is selling this product to worried parents or employers to monitor their children/staff.

How is it installed?

Someone has to have physical access to the iPhone to install it. They need to purchase the program (US$99), and it seems the phone needs to be "jailbroken" – a hack that voids the phone’s warranty.

How can you prevent it?

Firstly, don’t lend your iPhone to people or leave it lying around.

I’m not aware of any anti-virus programs for the iPhone that detects this yet but I have my bets on F-Secure, they’re fully aware of what’s happening here. I’ll post an update when something new comes up.

Keyloggers

Posted by on 21 November, 2008 1 comment

A keylogger is a small program that sits on your PC quietly capturing each key you press on your keyboard. It either logs each keystroke to a file, or sends it off somewhere on the internet.

It’s used to spy on people. By capturing keystrokes your login and password can be revealed, as well as other confidential information. And usually they’re what’s known as “stealthy” programs – most of the time you wouldn’t know it’s there.

Where do they come from?

There are quite a few keyloggers available. Most are written by hackers (the bad kind). A few are written by commercial software companies (more on that below). 

Are they legal?

Usually no. They’re used as spyware to capture your passwords which is illegal in most places.

How can you detect them?

Use a good anti-spyware program. Most antivirus packages come with this feature these days, others are available separately. There are free ones too. Search Google for current a list.

But there’s another kind of keylogger that you can’t detect this way. You can buy a little plastic device that plugs in between your keyboard and your PC. Since it’s directly connected to the cable hanging off your keyboard it can detect every key stroke and record it. Someone has to have physical access to your PC to install it (and to later remove it). You need to look at the back of your PC where the kayboard plugs in to detect it. Search here for a list of these devices.

News

Recently a US court has looked at a commercial keylogging company called CyberSpy and decided it’s illegal. They’ve ordered CyberSpy to stop selling their software (called RemoteSpy). Unfortunately there are too many alternatives for people keen on spying and stealing passwords. More on this here.

Skype in China

Posted by on 9 October, 2008 No comments

People in China using Skype, or people elsewhere using Skype to talk to people in China, should be aware that some conversations are being monitored by the Chinese government. This article explains how this was recently exposed.

The system listens for sensitive terms (mostly political subjects) and logs conversations that meet this requirement. This works differently to how the Germans are doing it.

Gmail Can Encrypt Connections Automatically

Posted by on 28 July, 2008 No comments

Gmail has a new feature to always encrypt connections. It’s always been possible but not everyone uses it.

What’s encryption? Say you’re at work (or at school, or at a library or an internet cafe) and using a computer to read Gmail – it’s technically possible for someone to monitor everything going out to the internet. Encryption protects your privacy in this situation, making it difficult for someone to monitor your internet usage.

How do you use it? Inside Gmail go to the Settings menu. You get the following options:

  1. Always use https (select this option to use encryption)
  2. Don’t always use https

https

Pros:

  • It provides a good level of privacy, especially if you’re using someone else’s network. This is great for public networks (e.g. libraries), offices, and internet cafes.
  • It’s easy to use. Just turn it on, never think about it again.

Cons:

  • It slows Gmail down a bit (every single part of your Gmail emails needs to be encrypted then decrypted, this takes a small amount of time).

I strongly encourage you to use this feature. Every little bit of additional security helps, especially when it’s so easy to use.

Note that using this form of encryption only protects your privacy between the computer you’re using and Gmail. Emails were never meant to be secure or private.

Facebook Exposes Birth Dates

Posted by on 28 July, 2008 No comments

dates A flaw in a beta version of Facebook made it possible to see member birth dates, even those set to hide this information. Birth dates are often used to confirm someone’s identity. By having a full name and birth date it’s possible to phone up companies and ask for more private information (this is called Identity Theft).

Facebook has already fixed the flaw. However it’s a good reminder that any private information you enter into a social network such as Facebook could some day be read by someone not meant to read it.

If something is important enough to be private then don’t enter it into someone else’s system without thinking through the potential consequences.

You can view a video of how this flaw works here.

Tracking Mobile Phones

Posted by on 3 June, 2008 No comments

It’s no secret that mobile phones can be tracked by phone companies. The technology has existed for years and there are usually privacy laws in place so the facility isn’t abused.

A new system has been designed to track mobile phones in a defined area such as a shopping centre. It works by tracking the unique IMEI number that every GSM phone transmits.

phoneThey can’t track your name or phone number using this, but they can work out your shopping habits such as which shops you walk into. If they were extra smart they would link your name, when you pay for something with a credit card, to your phone’s ID. But they haven’t done this yet.

It’s already been installed in two US shopping centres (one of them is Gunwharf Quays in Portsmouth).

Apart from marketing and security data this provides to its operators it’s a privacy issue to regular people. Read the full article here.

Privacy of Olympic tickets

Posted by on 2 June, 2008 No comments

6.8 million Olympic tickets have been printed and will be carried by people attending Olympic events in China this year. What’s different this year is that each ticket will contain a tiny microchip.

This chip will contain visitor’s photo, passport details, address, email address, and phone number. (Photo and passport data will only be on tickets for the opening and closing ceremonies).

US passportThat’s a lot of information recorded on the actual ticket itself. Usually tickets just have a serial number, or sometimes even a person’s name.

Chinese Olympic organisers have their reasons, they want to protect the events against known protestors.

Another perspective is that this is a privacy risk for people purchasing and carrying the tickets. A visitor carrying one of these tickets has no control over:

  • who gets to read the information stored here
  • whether the information is accurate
  • any other information stored on the chip (you can’t know what’s on it)

There isn’t anything you can really do other than choose whether or not to attend. If you wish to attend and purchase a ticket just be aware that this private information will be written on the ticket and will be readable by anyone with the correct equipment.

CSS Exploit

Posted by on 30 May, 2008 No comments

CSS is a web design technology that almost every web site today is using. It controls things like colour, fonts, and most of the design on every web page.

design A flaw has been discovered that can allow web site creators to know if you’ve been to a particular site. An example has been presented that lets web site owners know if you visit Digg, Del.icio.us, Reddit, and Facebook without having to ask.

This is more of a privacy concern rather than a security risk. The following tips will avoid it but it’s a little impractical to do:

  • Turn off JavaScript (a lot of web sites today require JavaScript)
  • Clear your browser history after you finish reading any pages you don’t want others to know about

It’s a documented bug in the CSS standard that might not get fixed for a while.