privacy

Twitter posted changes to its terms of service Thursday, assuring users that they own their tweets while leaving "the door open for advertising" opportunities.

"The revisions more appropriately reflect the nature of Twitter and convey key issues such as ownership," Twitter co-founder Biz Stone wrote in a company blog. "For example, your tweets belong to you, not to Twitter."

In announcing the new terms of service, Stone also addressed the topics of abusive behavior and spam. These are four highlights Stone called out:

Google has released a more detailed privacy policy for its Google Books product, a move demanded in recent weeks by several critics of its settlement with publishers and authors.

The company announced the new policy in a blog post late Thursday afternoon, saying it developed the policy following conversations with the U.S. Federal Trade Commission. Google had previously said it was unable to release a detailed policy because the Google Books product was incomplete due to the fact that the settlement allowing its Book Search project to display certain types of books has yet to be formally approved.

However, … Read more

ID Vault is an incredibly useful program that helps users keep their personal information secure while managing their usernames and passwords. While we'd like to see the program deal with browsers a little more smoothly, overall we were quite impressed with it.

The program's interface is sleek and intuitive. The program includes its own browser, and to start, users simply navigate to a Web site that they would typically sign in to, such as their bank, and enter their username and password. ID Vault will then show a prompt asking if the user successfully logged in; if so, … Read more

A recent simplification of Facebook's user privacy controls wasn't enough for some policymakers.

On Thursday, in conjunction with the Canadian Privacy Commissioner, Facebook announced a new set of modifications to its user privacy controls as well as its developer API, and the targets of these changes are the thousands of third-party applications built on Facebook's developer platform. That means there may be major implications for developers--some of whom rely almost exclusively on Facebook activity as a revenue source.

The Canadian Privacy Commissioner's office released a set of recommendations for Facebook last month, specifically highlighting concerns that … Read more

The Northern California chapter of the American Civil Liberties Union has put out a campaign designed to raise awareness of the privacy implications of Facebook's developer platform. It's focusing specifically on the popular "quiz" applications, like "Which Cocktail Best Suits Your Personality?" and "Which Wes Anderson Movie Character Are You?" These are largely one-time-use apps that many a Facebook user clicks on and tries out with little concern.

According to the ACLU chapter, "millions of people on Facebook who use third-party applications on the site, including the popular quizzes, do not … Read more

Google must be used to having its neutrality questioned by now. However, when the alleged home of neutrality comes after you, perhaps you wonder if all this questioning of your motives is ever going to stop.

Not so long ago, it was the Greeks who decided they weren't too happy with Street View's prying artificial eyes. Now, according to the Associated Press, it's the Swiss who are getting nervous about their much vaunted (and much-profited from) privacy.

Hanspeter Thuer, the federal data protection commissioner of Switzerland, accused Google of not doing enough to blur faces and license … Read more

A group of Facebook users filed a civil lawsuit Monday that alleges the social-networking site is violating California consumer privacy laws.

The lawsuit, which was filed in California's Orange County Superior Court on behalf of five users, seeks a jury trial, as well as damages and attorneys' fees. The five plaintiffs are described as two children younger than 13, a user of the original Facebook, a professional photographer, and an actress and model.

The 40-page complaint accuses the Palo Alto, Calif.-based company of violating California privacy and online privacy laws by disseminating private information to third parties for … Read more

Editors' note: This is a guest column. See Ari Juels' bio below.

Internet denizens and urban dwellers alike need to recognize that an era of anonymity is ending.

The population of the world stands at about 7 billion. So it takes only 10 digits to label each human being on the planet uniquely.

This simple arithmetic observation offers powerful insight into the limits of privacy. It dictates something we might call the 10-Digit Rule: just 10 digits or so of distinctive personal information are enough to identify you uniquely. They're enough to strip away your anonymity on the Internet or call out your name as you walk down the street. The 10-Digit Rule means that as our electronic gadgets grow chattier, and databases swell, we must accept that in most walks of life, we'll soon be wearing our names on our foreheads.

A study of 1990 U.S. Census data revealed that 87 percent of the people in the United States were uniquely identifiable with just three pieces of information (PDF): five-digit ZIP code, gender, and date of birth. Internet surfers today spew considerably more information than that. Web sites can pinpoint our geographical locations, computer models, and browser types, and they can silently track us using cookies. Banking sites even confirm our identities by verifying that our log-ins take place at consistent times of day.

Database dossiers, too, carry surprising amounts of identifying information, even when specifically anonymized for privacy. Researchers at the University of Texas at Austin last year studied a set of movie-rating profiles from about 500,000 unnamed Netflix subscribers (PDF).

Knowing just a little about a subscriber--say, six to eight movie preferences, the type of thing you might post on a social-networking site--the researchers found that they could pick out your anonymous Netflix profile, if you had one in the set. The Netflix study shows that those 10 deanonymizing digits can hide in surprising places.

Our physical belongings also betray our anonymity by silently calling out identity-betraying digits. Small wireless microchips--often called radio frequency identification, or RFID, tags--reside in car keys, credit cards, passports, building entrance badges, and transit passes. They emit unique serial numbers.

Once linked to our names--when we make credit card purchases, for instance--these microchips enable us to be tracked without our realizing it. One popular book inflames imaginations with the lurid title, "Spychips: How Major Corporations and Government Plan to Track your Every Move with RFID."

But wireless microchips also highlight the futility of anonymity protections. To begin with, concerns about RFID tracking miss the forest for the trees. After all, mobile phones are ubiquitous and can be tracked at much longer ranges than standalone chips. Many people have GPS receivers in their phones and are signing up for location-based services, voluntarily (if selectively) disclosing their movements. There's little point in hiding the serial numbers of chips when your mobile phone squeals on you.

Many scientists (including me) have developed antitracking techniques for mobile phones and microchips. Instead of fixed serial numbers, wireless devices can call out changing pseudonyms, such as the rotating license plate numbers on spies' cars in the movies. The problem is that the plates may change, but the car always looks the same. In this regard, chips are like cars. … Read more

A Twitter account can be used as the command center for harnessing a "botnet" of virus-infected computers, security firms Arbor Networks and Symantec reported. In a blog post Friday, Symantec analyst Peter Coogan wrote that researchers found an account, @upd4t3, which was tweeting out links to download a piece malware called Downloader.Sninfs. The account has since been suspended by Twitter.

Downloader.Sninfs, also known as Infostealer.Bancos, is a Trojan that uses the guise of a Brazilian banking site to collects passwords and related personal information from infected computers.

Security on Twitter is front and center right … Read more