For
my Ethical Hackers. Reads like an April Fools joke, but remember
that few users know how their browsers work. Also, we should look
for some place that lists the world's “Opt Outs,” because no one
seems to be doing it. Business opportunity?
by
Julia Angwin ProPublica,
July 21, 2014, 9 a.m. This story was co-published with Mashable.
A
new, extremely persistent type of online tracking is shadowing
visitors to thousands of top websites, from WhiteHouse.gov to
YouPorn.com.
First
documented in a forthcoming
paper by researchers at Princeton
University and KU Leuven
University in Belgium, this type of tracking, called canvas
fingerprinting, works by
instructing the visitor’s Web browser to draw a hidden image.
Because each computer draws the image slightly differently, the
images can be used to assign each user’s device a number that
uniquely identifies it.
Like
other tracking tools, canvas fingerprints are used to build profiles
of users based on the websites they visit profiles that shape which
ads, news articles, or other types of content are displayed to them.
But
fingerprints are unusually hard to block: They can’t be prevented
by using standard Web browser privacy settings or using anti-tracking
tools such as AdBlock Plus.
The
researchers found canvas fingerprinting computer code, primarily
written by a company called AddThis,
on 5 percent of the top 100,000 websites. Most of the code was on
websites that use AddThis’ social media sharing tools. Other
fingerprinters include the German digital marketer Ligatus
and the Canadian dating site Plentyoffish.
(A list of all the websites on which researchers found the code is
here).
Rich
Harris, chief executive of AddThis, said that the company began
testing canvas fingerprinting earlier this year as a possible way to
replace “cookies,” the traditional way that users are tracked,
via text files installed on their computers.
“We’re
looking for a cookie alternative,” Harris said in an interview.
Harris
said the company considered the privacy implications of canvas
fingerprinting before launching the test, but decided “this is well
within the rules and regulations and laws and policies that we have.”
He
added that the company has only used the data collected from canvas
fingerprints for internal research and development. The
company won’t use the data for ad targeting or personalization if
users install the AddThis
opt-out cookie on their computers, he said.
Arvind
Narayanan, the computer science professor who led the Princeton
research team, countered that forcing users to take AddThis at its
word about how their data will be used, is “not the best privacy
assurance.”
Device
fingerprints rely on the fact that every computer is slightly
different: Each contains different fonts, different software,
different clock settings and other distinctive features. Computers
automatically broadcast some of their attributes when they connect to
another computer over the Internet.
Tracking
companies have long
sought to use those differences to uniquely
identify devices for online advertising purposes, particularly as
Web users are increasingly
using ad-blocking software and deleting cookies.
In
May 2012, researchers at the University of California, San Diego,
noticed that a Web programming feature called “canvas” could
allow for a new
type of fingerprint by pulling in different attributes than a
typical device fingerprint.
In
June, the Tor Project added
a feature to its privacy-protecting
Web browser to notify users when a website attempts to use the
canvas feature and sends a blank canvas image. But other Web
browsers did not add notifications for canvas fingerprinting.
A
year later, Russian programmer Valentin Vasilyev noticed the study
and added a
canvas feature to freely
available fingerprint code that he had posted on the Internet.
The code was immediately popular.
But
Vasilyev said that the company he was working for at the time decided
against using the fingerprint technology. “We collected several
million fingerprints but we decided against using them because
accuracy was 90 percent,” he said, “and many of our customers
were on mobile and the fingerprinting doesn’t work well on mobile.”
Vasilyev
added that he wasn’t worried about the privacy concerns of
fingerprinting. “The fingerprint itself is a number which in no
way is related to a personality,” he said.
AddThis
improved upon Vasilyev’s code by adding new tests and using the
canvas to draw a pangram “Cwm fjordbank glyphs vext quiz” a
sentence that uses every letter of the alphabet at least once. This
allows the company to capture slight variations in how each letter is
displayed.
AddThis
said it rolled out the feature to a small portion of the 13 million
websites on which its technology appears, but is considering ending
its test soon. “It’s not uniquely identifying enough,” Harris
said.
AddThis
did not notify the websites on which the code was placed because “we
conduct R&D projects in live environments to get the best results
from testing,” according to a spokeswoman.
She
added that the company does not use any of the data it collects
whether from canvas fingerprints or traditional cookie-based tracking
from government websites including WhiteHouse.gov for ad targeting or
personalization.
The
company offered no such assurances about data it routinely collects
from visitors to other sites, such as YouPorn.com. YouPorn.com did
not respond to inquiries from ProPublica about whether it was aware
of AddThis’ test of canvas fingerprinting on its website.
(Related)
Is this the solution to all our security concerns? (Students who
answered “Yes” will be shot!)
Stop
Sneaky Online Tracking with EFF’s Privacy Badger
by
Sabrina I.
Pacifici on Jul 21, 2014
“The
Electronic Frontier Foundation (EFF) has released a beta
version of Privacy Badger, a browser extension for Firefox
and Chrome that detects and
blocks online advertising and other embedded content that tracks you
without your permission. Privacy Badger was launched in
an alpha version less than three months ago, and already more than
150,000 users have installed the extension. Today’s beta release
includes a feature that automatically limits the tracking function of
social media widgets, like the Facebook “Like” button, replacing
them with a stand-in version that allows you to “like” something
but prevents the social media tool from tracking your reading habits.
“Widgets that say ‘Like this page on Facebook’ or ‘Tweet
this’ often allow those companies to see what webpages you are
visiting, even if you never click the widget’s button,” said EFF
Technology Projects Director Peter Eckersley. “The Privacy Badger
alpha would detect that, and block those widgets outright. But now
Privacy Badger’s beta version has gotten smarter: it can block the
tracking while still giving you the option to see and click on those
buttons if you so choose.” EFF created Privacy Badger to fight
intrusive and objectionable practices in the online advertising
industry. Merely visiting a website with certain kinds of embedded
images, scripts, or advertising can open the door to a third-party
tracker, which can then collect a record of the page you are visiting
and merge that with a database of what you did beforehand and
afterward. If Privacy Badger spots a tracker following you without
your permission, it will either block all content from that tracker
or screen out the tracking cookies.”
Since
when has, “I prefer to be ignorant” been a hallmark of senior
management?
Survey
Highlights Communications Levels Between Security Pros and Executives
According
to a survey of nearly 5,000 IT security professionals around the
globe, 31 percent of
cyber-security teams never speak with their executive team about
cyber-security. Of those that did, 23 percent did so
annually. Only one percent spoke to executives weekly, while 11
percent did so quarterly.
…
Fifty-two percent said their companies do not provide cyber-security
education to their employees, and only four percent plan to do so in
the next 12 months. Only 38 percent believe their company is
investing enough in personnel and technologies to be effective in
executing its cyber-security objectives.
…
A complete copy of the
report, including survey methodology, consolidated results and
individual response rates by country can be
read here.
This
could be amusing... My Computer Security students know that you
should never allow “backdoors” into your secure ecosystem. You
never know who might be hitching a ride,
Security
Researcher Finds iPhone Backdoor
A
security researcher by the name of Jonathan Zdziarski claims to have
found
backdoors built into every iOS device. The accusation is that
Apple put these access points in on purpose along with undocumented
services designed to allow encrypted data to be retrieved at will.
Zdziarski
also claims these services are always running in the background
potentially leaking data, and that switching off your iPhone or iPad
is the only way of securing that data. He suggests, rather
ironically, that Apple has made progress in securing iOS
against typical attacks while ensuring the company itself can easily
access the 600 million iOS devices currently in the wild.
Apple
has responded
to the claims, actually admitting
the existence of the backdoor. However, it denies it has
anything to do with “any government agency” maintaining
it is solely used by “IT departments, developers and Apple for
troubleshooting technical issues.” We’re not sure if that
makes it OK, but you can make your own minds up.
EU
rules, French rules, German rules, Italian rules – Google has to
Google the rules it operates under.
Google
gets 18-month deadline to overhaul data handling in Italy
The
relationship between Google and Italy hasn't always been an easy one.
…
Now it's the turn of Italy's data protection authority, the Garante
della protezione dei dati personali, to tackle the company.
Yesterday, the data watchdog brought
in new regulations that will force the Mountain View-based
company to change its data handling practices.
Google
will have to alter the way it informs users how their data is being
collected, ask for prior consent before using it to build up a
profile for targeted advertising and other purposes, and modify its
data retention practices. Google will have 18 months to bring itself
into line with the provisions.
Will
this change research for my students? Probably not.
http://www.forbes.com/sites/amitchowdhry/2014/07/21/facebook-improves-news-feed-with-a-save-feature/
Facebook
Improves News Feed With A 'Save' Feature
Today
Facebook announced
a new feature that lets you “save” items that are posted on the
News Feed. You will be able to save links, news stories, video
clips, music and places from the News Feed to be viewed later. Your
saved items will be kept private, unless you decide to share them.
Facebook will sometimes show you reminders for the saved items if you
do not look at them for a while.
To
save something that you see on Facebook, click on the “Save”
button in the bottom-right of a post or click the down-arrow icon at
the top right of the item and select “Save”:
For
my students who can read!
Free
books: 100 legal sites to download literature
So
my students can addict their children.
Ten
Resources for Helping Students Learn to Code and Program
In
many of my
presentations I tell the story of the first time that I wanted to
stay after school. That was in the sixth grade when we could sign-up
to use one of my elementary school's two computers to program things
in Logo
Writer. Today we have many more ways to introduce students to
programming and coding. Here are some good resources that you can
use to introduce students to programming and coding.
I
see no practical use, buy it purely for the “cool factor.” But
thinking outside the box, could this project animated tattoos?
Ritot
Projects Notifications onto your Hand
Ritot,
a new wristband concept device projects your notifications, such as
emails and incoming calls straight onto your hand.
Ritot
is expected to retail for around $120 and will ship starting in early
2015.
No comments:
Post a Comment