Surveillance State

In the last few months, both Google and eBay unit PayPal have quietly rolled out new online-payment solutions that specifically target Internet-based political-campaign contributions.

While the companies primarily pitch their new products as methods for "attracting more supporters" and "increasing online giving to your campaign," the Internet titans have also laid the groundwork for phishing-resistant campaign contributions.

In a research paper released last year, Markus Jakobsson, Oliver Friedrichs, and I wrote about the looming threat of phishing Web sites posing as legitimate political-campaign sites.

The phishing problem is a particular threat to campaign sites, for a … Read more

Facebook is no stranger to the complaints of privacy activists. First, it was the site's News Feed feature back in 2006. Most recently, the company's Beacon service drew widespread criticism. This blog post will outline yet another major privacy issue, in which Facebook recklessly exposes user data.

Facebook launched its widely popular application developer program back in May 2007. As of press time, there were more than 14,000 applications. Some, including most of the popular apps, are made by companies, while a few of the popular apps, and a significant number of the long tail of the less popular applications are made by individual developers.

But a new study suggests there may be a bigger problem with the applications. Many are given access to far more personal data than they need to in order to run, including data on users who never even signed up for the application. Not only does Facebook enable this, but it does little to warn users that it is even happening, and of the risk that a rogue application developer can pose.

Privacy problems for the user

In order to install an application, a Facebook user must first agree to "allow this application to...know who I am and access my information." Users not willing to permit the application access to all kinds of data from their profile cannot install it onto their Facebook page.

What kind of information does Facebook give the application developer access to? Practically everything. According to the Application Terms of Service,

… Read more

Slate, a popular news site, seems to be openly violating the Digital Millennium Copyright Act.

That law, much hated in cyberrights and computer security circles, is a thorn in the side to many researchers. The interesting question that we must ask is: Will Hollywood let Slate's probable violation slide, or will they lawyer up and go after the site owned by The Washington Post Co.?

A few days ago, Slate released a video mashup of footage of Hillary Clinton and a few scenes from the movie Election, starring Reese Witherspoon. The video is mildly amusing, and did at least … Read more

Can members of Al Qaeda use voice over Internet technology (VoIP) to avoid wiretaps?

Recent comments by Michael McConnell, Director of National Intelligence, seem to suggest that terrorists could create significant roadblocks for the National Security Agency by simply routing their traffic through the U.S.

The incongruously named Protect America Act of 2007 gutted the existing Foreign Intelligence Surveillance Act (FISA), and allowed the National Security Agency to significantly expand its surveillance powers. It's set to expire in February, and the Administration is looking for reasons to justify extending the law. With perfect timing, Michael McConnell, Director of … Read more

UPDATE: See below for TSA's response.

A scathing congressional report released Friday confirms that security flaws in a Transportation Security Administration site put thousands of Americans at risk of identity theft.

The report (PDF) also reveals that a no-bid contract to create the site was awarded to an outside company by a TSA employee who had previously worked for that company. Was this just business as usual at TSA?

In October 2006, the TSA launched a Web site to help travelers whose names were erroneously listed on airline watch lists. This site had a number of security vulnerabilities: it … Read more

A British TV presenter has learned the hard way that identity theft is serious, and in the process, become the joke of the moment for privacy bloggers. More importantly, this is the second time in just one year that such a thing has happened. This blog post explores the latest incident, looks back to the past, and then concludes with a more broad analysis.

Jeremy Clarkson, host of the BBC show Top Gear, recently wrote an article for the U.K.'s Sunday Times in which he ridiculed the uproar that had occurred after the British government admitted to losing … Read more

Correction: The authors of the Netflix de-anonymization study contacted me to point out that they originally published a draft of their results a mere two weeks after Netflix released its dataset. Netflix has known about their study for over a year.

Over the past year, there have been a number of high-profile incidents in which sensitive user data was accidentally revealed to the Internet at large. As a result, I believe that high-tech companies will never again share anonymized data on their users with academic researchers, at least not without requiring contracts and nondisclosure agreements. For the users and privacy … Read more

Over the past month, AT&T has quietly started to offer reasonably priced unbundled "naked" DSL Internet service to customers around the country. The company's website makes no mention of the service, nor do its Internet phone sales representatives offer or even discuss the service. Customers wishing to sign up will need to call a specific department at AT&T to request the secret plan. Two tiers are offered, a 3Mbit down/1.5 Mbit up plan for $28.99 per month, and a 1.5Mbit down/768k up for $23.99. Those who opt … Read more

Updated Again:Nokia has released a legitimate upgrade for the N800 tablets. N800 owners no longer need to follow these instructions to update their OS. Instead, go visit the official Nokia website for info.

Updated: This post was edited for clarity, and to provide an alternative method for generating a N810 serial number (see below).

Details of a major operating-system upgrade for Nokia's Linux-based N800 Internet Tablet device was leaked Wednesday afternoon. Fans of the N800 (and soon-to-be-released N810) have been waiting eagerly for the last few weeks for any word of a final release date.

While the N800 … Read more