privacy

BT is to perform another trial of Phorm's ad-serving technology, after delays of more than half a year.

Phorm's technology, which BT will use under the brand of "Webwise," has attracted protests from peers, politicians, technologists and think tanks, who have expressed concerns over legal and privacy issues. The technology is also the subject of a probe by the European Commission.

Phorm's ad-serving technology works by assigning a user a unique identifier, through which the user's browsing habits are observed so as to target advertisements at them.

BT will commence the third trial of … Read more

I sat down on Thursday with someone who watches the underground criminals who are trying to break into people's bank accounts and steal their money. And the picture isn't pretty.

Online fraudsters are coming up with more types of dangerous attacks and more sophisticated methods, says Uri Rivner, head of new technologies for RSA Consumer Solutions, which is owned by EMC.

I've already written about how the cybercriminals are borrowing organizational structures from the mafia and even legitimate businesses, and have further explored the threats from identity fraud. Rivner filled in some details with his assessment of how the fraudsters are operating. He talked about the "Fraud Supply Chain" in which harvesters steal the data and then sell it to people who are expert at turning the data into cash by emptying out the bank accounts.

The two sides of this e-commerce underground communicate via informal marketplaces on IRC Chat channels. They also share information on sites like "Carder's Market," where you can read industry blogs and even reviews of Trojans and other malware.

Fraudsters aren't just targeting bank customers. They are also luring victims off social networks, where they harvest sensitive private information, and online gaming sites, where they steal accomplished avatars and accounts and sell them for money, Rivner says.

Another recent trend is the blending of phishing and malware on spoof Web sites that look legitimate but prompt visitors to run an executable in order to see a video, for instance. Instead, the executable is a Trojan that can grab the sensitive data on the computer. The recent "Obama sex video" spam is an example of this. … Read more

A new hole in Facebook allows members to see the fan pages of people on the networking site who they aren't friends with, an outside researcher revealed on Friday.

In verifying the hole, CNET News--signing onto the site as someone who is not a designated "friend" of Facebook founder Mark Zuckerberg--was still able to see that he is a fan of Barack Obama, the Dalai Lama, Green Day, Nirvana, Central Park, the Monterey Bay Aquarium, and Apple Students.

All a would-be spy has to do is go to anyone's profile page, click on the "Info&… Read more

Facebook has filled a hole that allowed strangers to view members' photos through the mobile version of the site, a spokesman said Tuesday after being alerted to the problem by CNET News Monday night.

"Today, we learned that certain photos could be viewed by unauthorized users who employed a complicated hack," a spokesman wrote in an e-mail. "Once we were notified of the issue, it was resolved within hours. These photos are no longer available to unauthorized users. We encourage security researchers examining Facebook to practice responsible disclosure."

Basically, someone who knew the serial number of … Read more

Last week Google announced that they were protecting user privacy (their words not mine) by modifying IP addresses in their activity logs after 9 months. Fellow CNET blogger Chris Soghoian felt this was a sham because it ignored cookies, but it brings up an interesting point, just what does your IP address say about you? Or, in other words, does your IP address point to you?

In some ways, an IP address does identify you or else there would be no need for Google to "anonymize IP addresses" in order to "address regulatory concerns" (again, their … Read more

After booting applications from Facebook this summer for violating user privacy, the social-networking company is gearing up to vet apps for trustworthiness as part of a voluntary validation program.

The validation badge will give Facebook members a gauge to use in deciding whether to add a particular app or not. Experts praise Facebook's effort, but say apps posing security risks will still be around despite that, partly because of the popularity of the network.

Facebook gives a tremendous level of access to its APIs, which has enabled developers to create more than 24,000 apps for the platform since … Read more

User privacy concerns on Chinese social-networking sites have led the biggest players to block indexing by Baidu, China's leading search engine, according to Beijing-based Marbridge Consulting.

The blogging site of Sohu.com, China's leading portal, as well as social networking sites including 51.com, Xiaonei, and Hainei have blocked Baidu's spiders from indexing the sites, Marbridge reported. Other search engines may also be blocked.

The reasoning behind this move may reveal a pragmatic commitment to security by obscurity for people who post under their real names and may want to avoid attention from employers, acquaintances, and government … Read more

Of the two big browsing features of 2008, one seems to run counter to where developers are driving their browsers. The melding of the location bar to the search bar was expected in Firefox and Opera, thanks to beta versions. Chrome has it, too, calling it the Omnibar. What seems to have caught developers off-guard has been the clamor for a universal switch to stop the cache and browsing history from recording anything at all.

Microsoft's InPrivate debuted in Internet Explorer 8 beta 2, and Google Chrome's version is the well-received Incognito feature. So far, in Firefox, the … Read more

A stealth start-up on Monday plans to take the wraps off a new advertising data exchange designed to connect publishers and advertisers so they can target ads to Web surfers. The privacy pitch: consumers can tweak the advertising data held about them.

The start-up, Bellevue, Wash.-based BlueKai, is taking a novel approach in an otherwise crowded new market for Internet advertising technologies. Many start-ups, ad networks, and Net media giants are honing technologies to leverage vast troves of data about people online so that they can tailor ads to their behaviors, preferences, or demographics--so-called behavioral ad targeting. One targeting … Read more