Tag Archives: Privacy

Facebook employee reveals information on Facebook privacy issues

1
Posted by Tech Paranoia on January 12, 2010 – 1:00 pm
Filed under Privacy
Tagged as , ,

An anonymous Facebook employee has revealed that all user activity on the site is recorded and stored with as many as six copies of each photo retained.

In an interview on the therumpus.net, the employee answered a question about if everything is saved, whether or not it has been deleted or untagged. He said that was essentially correct, and it was only changing that for performance reasons.

The employee said: “How do you think we know who your best friends are? But that’s public knowledge; we’ve explicitly stated that we record that. If you look in your type-ahead search, and you press ‘A’, or just one letter, a list of your best friends shows up. It’s no longer organised alphabetically, but by the person you interact with most, your ‘best friends’, or at least those whom we have concluded you are best friends with.”

The employee admitted that the change was made ‘sometime in the last three months’, but it stores snapshots, which is basically a picture of all the data on all of the Facebook servers. The employee said that this is done every hour, of every day of every week of every month.

When asked if this is every viewable screen, the employee said: “It is way more than that: it’s every viewable screen, with all the data behind every screen. So when we store your photos, we have six versions of your photos. We don’t store the original: we make six different versions on the photo uploader and upload those six versions.”

These are stored in four data centres around the world – in Santa Clara, San Francisco, New York and London. The employee said that in each of those, there are approximately five to eight thousand servers.

Read more at: SC Magazine UK

Airport Scanners Can Store, Transmit Images

0
Posted by Tech Paranoia on January 12, 2010 – 11:00 am
Filed under Privacy
Tagged as ,

bodyscan_bContrary to public statements made by the Transportation Security Administration, full-body airport scanners do have the ability to store and transmit images, according to documents obtained by the Electronic Privacy Information Center.

The documents, which include technical specifications and vendor contracts, indicate that the TSA requires vendors to provide equipment that can store and send images of screened passengers when in testing mode, according to CNN.

The TSA has stated publicly on its website, in videos and in statements to the press that images cannot be stored on the machines and that images are deleted from the scanners once an airport operator has examined them. The administration has also insisted that the machines are incapable of sending images.

But a TSA official acknowledged to CNN that the machines do have these capabilities when set to “test mode.”

The official said these functions are disabled before the machines are delivered to airports and that there is no way for screeners in airports to put the machines into test mode to enable the functions. The official, however, would not elaborate on what specific protections, if any, are in place to prevent airport personnel from putting the machines in test mode.

The TSA also asserts that the machines are not networked, so they cannot be accessed by hackers.

Source: Wired

32 Million RockYou accounts compromised

0
Posted by Tech Paranoia on December 15, 2009 – 3:00 pm
Filed under Hacks
Tagged as , , ,

It’s no secret that most people use the same password over and over again for most of the services they sign up for. While it’s obviously convenient, this becomes a major problem if one of those services is compromised. And that looks to be the case with RockYou, the social network app maker.

Over the weekend, the security firm Imperva issued a warning to RockYou that there was a serious SQL Injection flaw in their database. Such a flaw could grant hackers access to the the service’s entire list of user names and passwords in the database, they warned. Imperva said that after it notified RockYou about the flaw, it was apparently fixed over the weekend. But that’s not before at least one hacker gained access to what they claim is all of the 32 million accounts. 32,603,388 to be exact. The best part? The database included a full list of unprotected plain text passwords. And email addresses. Wow.

The hacker has posted a sample of what they found. They have blanked out the passwords for now, but warns, “Don’t lie to your customers, or i will publish everything.”

Source: Tech Crunch

Zuckerberg pictures exposed by Facebook privacy roll-back

0
Posted by Tech Paranoia on December 11, 2009 – 11:30 am
Filed under Privacy
Tagged as ,

Illuminating pictures of Facebook chief exec Mark Zuckerberg have been exposed by Facebook’s privacy roll back.

Back in October, the world at large could see only one photo of the Facebook co-founder via the social networking site. Facebook’s controversial privacy shake up this week means that world+dog can now obtain access to a cache of 290 previously private shots featuring Zuckerberg. These pictures were uploaded either by Zuckerberg himself or by people who tagged him in images they posted onto the social networking site.

Gawker – which carries a selection of pictures of Zuckerberg in a story here – describes them as showing him as “shirtless, romantic, clutching a teddy bear, and looking plastered” though not all at the same time, we’d hasten to add.

“We just knew this new system would be a boon to gossips like ourselves,” Gawker enthusiastically reports.

Security watchers and the privacy conscious complained that default setting applied in Facebook’s privacy revamp earlier this week meant that everyone had access to pictures, opinions and personal details uploaded onto the social networking site. Users have to be proactive about limiting access to their accounts because the default setting pushes Facebook users towards sharing more information.

Source: The Register

Facebook comes under heavy criticism after it changes policy on privacy controls

0
Posted by Tech Paranoia on December 10, 2009 – 12:00 pm
Filed under Privacy
Tagged as , ,

Facebook has come under heavy criticism over privacy settings after users were warned about changes to the controls on its homepage.

The message tells users of the social networking site ‘we’re making some changes to give you more control of your information and help you stay connected. We’ve simplified the Privacy page and added the ability to set privacy on everything you share, from status updates to photos.

“At the same time, we’re helping everyone find and connect with each other by keeping some information – like your name and profile picture – publicly available.” A guide is then offered to help the user control their privacy settings.

However criticism has been made on the language used in the guide, while users have hit out at the removal of the right to display profiles to certain friends. One user said: “I could previously customise my friends list visibility – not only as to make it not visible to non friends- but I could choose which one of my friends could not view it. With [these] new privacy settings I cannot, it’s either everyone can see it or no one. This way you have restricted my range of choice…everyone’s range of choice actually!”

Many other users hit out at the rights of everyone being able to see a user’s friends list, with many users commenting that they wanted the settings restored. One user said: “Seriously. You don’t just go and remove privacy from 350 million users. Seriously, Facebook. Who the hell do you think you are? If hackers made everyone’s profile pictures public there would be an uproar.”

Source: SC Magazine UK

How Easy Is It For The Police To Get GPS Data From Your Phone?

0
Posted by Tech Paranoia on December 10, 2009 – 10:00 am
Filed under Privacy
Tagged as ,

Police can in some cases track cell phone location by merely telling a court that the information is relevant to an investigation, a legal expert tells TPM — a fact that may partly explain how law enforcement racked up 8 million requests for GPS data from a single wireless carrier in a year.

An increasingly popular and easy-to-access surveillance tool for police, GPS data is not currently protected by the Fourth Amendment, and the standards for gaining access to the information are murky and highly variable. That’s partly because one of the statutes that bears on the issue was passed in the mid-1980s, before many of the technologies involved were invented. And Congress hasn’t done much to update the law since.

The issue at stake is the demise of so-called “locational privacy.”

Depending on the circumstances, police would generally need to meet one of three tiers of standards to get a court order to access to GPS data from a phone company, Orin Kerr, a professor at George Washington University Law School, tells TPMmuckraker: a certification to the court that the location information is relevant to an investigation (a court must grant this request); showing the court with “specific and articulable facts” — say, that a suspect is involved in drug smuggling — that the data is relevant; or, finally, showing good old probable cause to obtain a search warrant.

Source: TPM

Badvertising: Stop the 5 Biggest Threats to Online Privacy

0
Posted by Tech Paranoia on December 4, 2009 – 12:00 pm
Filed under Privacy
Tagged as ,

Beginning next week, the FTC will hold a series of public roundtables covering the growing number of challenges to consumer privacy on the Internet. Dubbed “Exploring Privacy,” the daylong discussions will focus on “the collection and use of information by retailers, data brokers, third-party applications, and other diverse businesses.” Hold that yawn. Behavioral tracking and ad targeting have everything to do with the pesky “Warning!” pop-up blinking behind your browser window right now. The one that could shatter your online privacy.

Read the full article at Fast Company

Sprint Revealed Customer GPS Data 8 Million Times

1
Posted by Tech Paranoia on December 2, 2009 – 2:00 pm
Filed under Privacy, Voice
Tagged as ,

Sprint Nextel provided law enforcement agencies with its customers’ GPS location information over 8 million times between September 2008 and October 2009.

Slight Paranoia (via Slashdot)

Thanksgiving scams: Warming up for Christmas

0
Posted by Tech Paranoia on November 30, 2009 – 12:00 pm
Filed under Privacy, Security
Tagged as , ,

Sometimes it is difficult to tell the difference between legitimate online offers and malicious spam. In this day and age, you can be pretty sure that financial and government institutions won’t send you emails asking you to change your account details.

But, sometimes the only thing preventing you to fall prey to cyber crooks that use fake promotional discounts and other special offers online to lure you into giving up your personal information is – your memory. Do you remember having subscribed to those offers and promotions? If you can’t remember, delete the email – no matter how tempting the offer sounds.

Holidays are usually a time of great activity for scammers, especially holidays that involve gift-giving. Trend Labs received a lot of spam samples that took advantage of Thanksgiving. Some of them were fishing for an email address so they can spam you extensively.

More at: Net-Security

Ex-United Way IT Employee Sentenced to 18 Months

0
Posted by Tech Paranoia on November 30, 2009 – 11:00 am
Filed under Privacy
Tagged as ,

Former United Way employee based in Miami, Luis Robert Altamirano, was sentenced to 18 months in jail and fined $50,000 for accessing his former employers’ network and deleting “numerous files from UWMD’s servers” and disabling “UWMD’s telephone voice mail system and prevented UWMD employees from accessing their voice mail accounts.”

Source: ThreatPost