Friday, November 11, 2011


We can help you remove your data from the web – just give us all the data you want removed...
Another tool to help you remove your personal information from the web
November 11, 2011 by Dissent
Another startup to watch: MelonCard.
Michelle Doellman writes:
Privacy is a hot topic when it comes to the Internet and technology. Issues like cyber bullying and identity theft show that it’s still like the wild West. With the mission of protecting your privacy, California-based MelonCard is hoping to make you feel safer.
Founders Robert Leshner and Geoff Hayes came up with the idea for MelonCard purely by fate. While the pair was working on their first project – Drawn.to – they stumbled across researching how to remove personal information from the web.
“After looking around, we found it’s a really cumbersome and time consuming process,” explained Leshner. “You have to send faxes all over saying please stop selling my information. The process is broken so we took 24 hours and dedicated ourselves to building this really rough prototype of MelonCard.”
Once a MelonCard account is set up, members click on the Dashboard and select which sites remove information from. The type of information removed varies from basics like phone numbers to interests and views on politics. A tally on the dashboard shows how many sites have been expunged and a grade level of privacy.
Read more on Tech.li
Note: I have not looked into this yet so do not take this as an endorsement or recommendation. Their privacy policy is certainly short and sweet:
  • We collect personal information with the express purpose of trying to protect your privacy.
  • Your personal information will ONLY be shared with third-parties specifically to opt you out of their services.
  • You will specifically execute each opt-out request which utilizes your personal information.
  • We will never sell or rent our mailing list or user information, in any way shape or form. Never.
  • We’re eager to hear your questions or concerns at privacy@meloncard.com; we will personally respond.
Some info on how long data are retained or stored and whether users can delete their accounts totally and permanently would be helpful, but this seems somewhat promising. You can check out their site and their blog.


Looking only at the Twitter equivalent of a pen register, I don't see much to suppress the search, nor do I see much useful evidence. What if the actual messages were: “Hey Bob, want to read a secret document?” “No! And stop asking!” OR: “Anyone know who is leaking this data?” “Nope”
Judge Rules Feds Can Have WikiLeaks Associates’ Twitter Data (updated)
November 10, 2011 by Dissent
Kevin Poulsen reports the expected, but bad nevertheless, news:
The Justice Department is entitled to records of the Twitter accounts used by three current and former WikiLeaks associates, a federal judge ruled Thursday, dealing a victory to prosecutors in a routine records demand that turned into a fierce court battle over online privacy and free speech.
In a 60-page opinion (.pdf), U.S. District Court Judge Liam O’Grady in Alexandria, Virginia upheld a magistrate’s decision earlier this year allowing prosecutors to obtain information on the accounts, including records showing when they sent direct messages to one another, and from what internet IP addresses. The ruling does not expose the content of the messages, nor information on other Twitter users who follow the accounts.
Read more on Threat Level.


We are reading article claiming that the FBI trains its agents to consider all Muslims as terrorists. This data would show how they attempt to prove that... Right?
New York Times Writer Loses Bid for FBI Data
November 10, 2011 by Dissent
Now what did Candidate Obama pledge about transparency?
Adam Klasfeld reports:
The FBI can shield its terrorism-investigation data from the prying eyes of New York Times investigative journalist Charlie Savage, a federal judge ruled.
Savage repeatedly sought FBI data through the Freedom of Information Act for a series of articles exposing how federal authorities vigorously probed thousands of people without reasonable suspicion.
Read more on Courthouse News.


Note that this is virtually an “Auditor Full Employment Act” rather that the more common Lawyer version... Are the lawyers getting bored or do they expect the auditors to drop a pre-made case in their laps every few years?
Facebook, FTC Near Privacy Settlement
November 10, 2011 by Dissent
Julia Angwin, Shayndi Raice, and Spencer E. Ante report:
Facebook Inc. is finalizing a proposed settlement with the Federal Trade Commission over charges that it engaged in deceptive behavior when changing its privacy settings, according to people familiar with the situation.
The proposed settlement – which is awaiting final approval from the agency commissioners – would require Facebook to obtain “express affirmative consent” if Facebook makes “material retroactive changes,” some of the people said.
The agreement would require Facebook to submit to independent privacy audits for 20 years, the people said. Google Inc. agreed to similar audits in March, when it settled FTC charges of falsely representing how it would use personal information.
Read more on Wall Street Journal. Alicia Eler of ReadWriteWeb also covers the story but suggests that the settlement is actually finalized.
If Facebook leaked this, is it because they want to get the word out before the FTC releases its own statement that could sound more critical? Are they just trying to get out in front of this?

(Related) Facebook would do the entire e-community a service by summarizing all they have learned (at great pain and expense) about Privacy. At minimum it would make an interesting student paper (take that as a hint, law students).
German agency may fine Facebook over program
November 10, 2011 by Dissent
Ah, if it’s Thursday, Facebook must be in trouble with German data protection again.
Bloomberg reports:
Facebook Inc. may be fined by a German data-protection agency over a feature that uses facial-recognition software to suggest people to tag in photos on its social-networking site.
Facebook introduced the feature in Europe “without informing users or getting the required consent” it is obliged to under European Union and German laws, the Hamburg data- protection authority said in a statement on its website Thursday.

(Related) Does this cover the same issues as the lawsuits? i.e. would it suggest a safer path for Facebook for example?
New Self-Regulatory Principles for Multi-Site Data
November 11, 2011 by Dissent
This week, the Digital Advertising Alliance (the “DAA”) unveiled new “Self-Regulatory Principles for Multi-Site Data” (the “Principles”), aimed at expanding the scope of industry self-regulation with respect to online data collection. The Principles are designed to supplement the Self-Regulatory Principles for Online Behavioral Advertising which were issued in July 2009. The DAA is composed of several constituent industry groups such as the American Association of Advertising Agencies, Council of Better Business Bureaus, the Direct Marketing Association and the Interactive Advertising Bureau.
[...]
Notably, the Principles prohibit third parties or service providers from collecting, using or transferring any Multi-Site Data in order to determine an individual’s eligibility for employment, credit, health care treatment or insurance. The Principles also require entities to (1) treat personal information in accordance with the Children’s Online Privacy Protection Act, and (2) obtain opt-in consent to collect and use Multi-Site Data that contains health or financial information (with an exception for operational or systems management purposes).
Read more on Hunton & Williams Privacy and Information Security Law Blog then scoot over to CIS to read Jonathan Mayer’s, “A Brief Overview of the Supplementary DAA Principles.”


This is likely to be difficult. “Yeah, we paid you in stock, but now it's worth a lot more than we thought it was then so we want to un-pay you...”
"Zynga seem to think they were overly generous handing out stock to early employees. Fearing a 'Google Chef' situation they are leaning on some employees to hand back their unvested stock or face termination. From the article: 'Zynga's demand for the return of shares could expose the company to employment litigation—and, were the practice to catch on and spread, would erode a central pillar of Silicon Valley culture, in which start-ups with limited cash and a risk of failure dangle the possibility of stock riches in order to lure talent.'"


This would be good. Rather than relying on a single, easily guessable word, base access on how you walk into the room, the geometry of your hand, you fingerprint, retina and iris scans and the face that you suffer from morning flatulence...
"Researchers from the Defense Advanced Research Projects Agency will next week detail a new program it hopes will develop technology to dramatically change computer system security authorization. The program, called Active Authentication, looks to develop technology that goes way beyond today's use of hard to remember password protection and determine identity through 'use of software applications that can determine identity through the activities the user normally performs,' DARPA said."


Compare this with President Clinton's an see who the better dodger is...
November 10, 2011
President Richard Nixon's Watergate grand jury testimony released
"The National Archives and Records Administration (NARA) has publicly released the transcripts of President Richard Nixon's Watergate grand jury testimony. In collaboration with the U.S. Government Printing Office (GPO), the collection has been released on Fdsys. This collection has been made public as a result of the July 29, 2011 order by Chief Judge of the United States District Court for the District of Columbia Royce C. Lamberth that the June 1975 transcript of Nixon's testimony and the "Associated Materials" to that testimony be released to the public following the review of these documents for any information that must be redacted as required by law. It is rare for any grand jury testimony to be made public." These documents are available on three websites as follows:


I keep telling the Psych majors that there is a need for guidance here...
November 10, 2011
Pew: Teens, kindness and cruelty on social network sites
Teens, kindness and cruelty on social network sites by Amanda Lenhart, Mary Madden, Aaron Smith, Kristen Purcell, Kathryn Zickuhr, Lee Rainie. Nov 9, 2011
  • "Social media use has become so pervasive in the lives of American teens that having a presence on a social network site is almost synonymous with being online. Fully 95% of all teens ages 12-17 are now online and 80% of those online teens are users of social media sites.
  • We focused our attention in this research on social network sites because we wanted to understand the types of experiences teens are having there and how they are addressing negative behavior when they see it or experience it. As they navigate challenging social interactions online, who is influencing their sense of what it means to be a good or bad “digital citizen”? How often do they intervene to stand up for others? How often do they join in the mean behavior? Many log on daily to their social network pages and these have become spaces where much of the social activity of teen life is echoed and amplified—in both good and bad ways."


Convergence: It's a Cloud Phone! Why stop with two numbers? You could put the entire corporate PBX on your phone!
VMware fits work phone into personal phone
If you’re sick of having to carry around two smartphones, one for work and one for your personal life, there are options coming that will save you grief and the need to carry multiple devices everywhere.
One such product is the VMware Horizon Mobile solution. Basically, this platform enables a user to run a “phone-in-a-phone,” meaning both work and personal mobile environments separately on the same device. Users would be able to have two phone numbers and data accounts on the same smartphone.


For my Computer Security students
November 10, 2011
National Initiative on Cybersecurity Education Workforce Framework
"The NICE Cybersecurity Workforce Framework offers a working taxonomy and common lexicon that can be overlaid onto any organization's existing occupational structure. Although much work has gone into this framework, we need to ensure that it can be adopted and used across the nation. We are actively seeking to refine this framework with input from every sector of our nation's cybersecurity stakeholders."

(Completely unRelated) We would never teach our students this kind of thing... Okay, maybe sometimes...
Secret Snoop Conference for Gov't Spying: Go Stealth, Hit a Hundred Thousand Targets


For my Ethical Hackers, because you may need to detect it (and transfer my cut to me) Suggestion for a research paper: How to do it better!
"In Russia, most cell phone SIM cards are prepaid. One of the major Russian operators offers a legal service that allows anyone to transfer the prepaid amount of money from a SIM card to a bank account, a credit card, another cell phone number (via a text message) or to express money transfer service Unistream. This particular service is heavily misused by cyber crooks who use it to launder money collected through ransomware campaigns, mobile malware and SMS scam campaigns. Kaspersky Lab's Denis Maslennikov takes us though the steps of each of these types of scams and shares insights into the shady economy that has sprung up due to cyber criminals' need to get their hand on the collected money without leaving a direct trail."


This should explain why I find the loss of a laptop with all those unencrypted files so distressing.
The 5 Best Ways To Easily & Quickly Encrypt Files Before Emailing Them [Windows]

No comments: