CategoriesPrivacySecurity

Coronavirus Concerns: More People Working from Home Means More Employer Tracking

So I’m going to stir up some :poop: , y’all — but bare with me.

Generally speaking, I’m of two minds on this subject. On one hand, I’m OK with this.

e.g., prior to CommieVirus2020, we would go to work, log on to an employer-provided asset, and commence working. On Employer-provided assets, such as laptops, desktops, servers, etc, I’m 100% fine with <pick an employer> installing NARCwarez. Why? Simple: They own the device.

However, that’s not what’s been happening.

Instead, as more and more people are working from home, employers are attempting to basically “track,” your every waking moment, from the time you roll out of bed, to the time you crawl back into it. Yea, I know that’s an extreme, but let’s get real — we’re talking about a really bad fucking episode of Black Mirror.

So you’ve got two choices: You can tell your employer to pound sand; that you won’t tolerate this type of invasion of privacy.

Their response will probably be your atypical “…..install this (or else you can’t work here any longer).”

So what do you do? Continue reading

CategoriesInternetPrivacySecurity

Tinder: Three Things You Probably Didn’t Know

It all seems very straightforward. Swipe right if you’re attracted to the person on your screen, swipe left if you’re not. Tinder makes the process of finding someone to date seem easy. Individual profiles take only seconds to scan. In under one hour, you could be matched up with someone available to date you tonight. Yet, there’s more to the app than meets the eye. The inner workings of Tinder’s algorithms might leave you a little surprised.

 

 



Tinder has a “desirability” ranking system.

That’s right, Tinder “scores” your desirability based on several factors. You are shown specific matches first, based on these factors. You aren’t able to retrieve these scores for yourself – but a writer, Austin Carr, from Fast Company, was granted access to his score by Tinder executives. This is what he came away with:

“Every swipe is in a way casting a vote: I find this person more desirable than this person, whatever motivated you to swipe right. It might be because of attractiveness, or it might be because they had a really good profile.” Tinder’s engineers tell me they can use this information to study what profiles are considered most alluring in aggregate.” -Carr, Fast Company

Furthermore, Tinder’s VP of product compares the ranking system to that of a World of Warcraft game. He says if someone with a really high score swipes right on you, that’s going to in turn increase your score too. Just like if a high-level player helps a lower-level player level up in Warcraft.

Your Tinder Data may not be Secure.

Yep, it says so right in their TOS: “We do not promise, and you should not expect, that your personal information, chats, or other communications will always remain secure”. With the onslaught of hacked sites and apps in recent years, it’s no wonder they’re taking this precaution.

Since the launch of Tinder, it has been an attractive medium for data scrapers. Scrapers are automated bots or tools that extract data from websites or apps. With over 50 million users on Tinder, these tools provide valuable data to marketers, research firms and potentially to governments. In fact, there have been multiple instances where scrapers were discovered to have harvested a large amount of data from Tinder.

One developer managed to scrape information from over 40,000 profiles and posted it publicly. The purpose for this massive harvesting of profile data was to train AI to recognize gender based on a person’s facial features. The project was called “People of Tinder” and it has since been removed.

Tinder has a Huge Trove of Data on Every User

Last year, Judith Duportail, a writer at The Guardian, asked Tinder for all of the data they had stored on her. Every European citizen is allowed to request their data from companies using the EU data protection law. It turned out Tinder had 800 pages of data stored on her that included information like education, Facebook likes, conversation history, number of Facebook friends, the age-rank and race of men she was interested in, which matches she’d recycled pickup lines with, who she’d ghosted on, and tons more.

The reason Tinder is able to amass so much information on each user, is because most users sign up through Facebook. When someone uses Facebook to login to any app, that app gets access to likes, location information, friend information, public profile information, and often much more (though some of this access may soon be restricted due to the recent Cambridge Analytica scandal). They also study your behaviors while using the app, and then use that behavioral data to help target matches and advertisements. Many users also link their Instagram accounts to the app, which gives Tinder even more data to harvest.

Now that you know Tinder is just as exploitative as other apps and services that have been in trouble for data-mining lately, will you still continue to use it to find dates?

CategoriesNewsPrivacySmart PhonesTechnology

What is Alphonso? Game Apps Use Smartphone Mics to Track Users

Gaming apps are widely used on many smart phones as a way to pass the time. Seemingly innocuous, mini games like bowling and pool can be addictive and fun for a variety of users. If you’re not paying close attention, however – you may be giving these apps more permissions than you bargained for.

A company called Alphonso is a service that provides software to app developers known as Automated Content Recognition or “ACR”. This ACR software, once installed, collects data about TV-viewing habits for advertisers by using the smartphone’s microphone. Yes, Alphonso actually listens to the sounds coming from your tv in order to target more relevant ads to you later.

Gaming app developers are using Alphonso in their apps in order to share data with advertisers. They are able to “listen in” in this way because the user gave permission to the app to use the microphone.

From Alphonso’s Privacy Policy for app Developers:

With your permission provided at the time of downloading the app, the ACR software receives short duration audio samples from the microphone on your device. Access to the microphone is allowed only with your consent, and the audio samples do not leave your device but are instead hashed into digital “audio signatures.” The audio signatures are compared to commercial content that is playing on your television, including content from set-top-boxes, media players, gaming consoles, broadcast, or another video source (e.g., TV shows, streaming programs, advertisements, etc.). If a match is found, Alphonso may use that information to deliver more relevant ads to your mobile device. The ACR software matches only against known, commercial audio content and does not recognize or understand human conversations or other sounds.

A big concern is that kids are being “tricked” into downloading these privacy-invading apps because they don’t always understand what they are agreeing to. There are some apps using Alphonso that are directed specifically toward kids. (Engadget)

According to Engadget, Alphonso says that its software doesn’t record human speech and they are in full compliance with the law. Others say that just because it is legal, doesn’t make it any less creepy and maybe is even unethical.

Over 250 games are currently using the Alphonso software.

For those interested, Alphonso does provide a “Mobile Opt-Out Guide” (found here) that will help explain how you can use your mobile device controls to revoke your consent for them to access your microphone.

Photo credit: Esther Vargas – “Smartphones”

CategoriesInternetPrivacySecurity

New Security Measures from Gmail (VIDEO)

Have you noticed some of the changes lately in your Gmail inbox? You may have received an email from a friend or colleague and saw that it had an unlocked red padlock next to it like this:

gmail not encrypted did not encrypt this message

When you hover over the padlock, it says something like: “Some recipients use services that don’t support encryption” or “[(x) service provider] did not encrypt this message”. Gmail put this visual element in place to let users know that the sender’s email service does not support TLS encryption (video explaining TLS encryption following this article). Gmail users took notice of this change and in less than 2 months of implementation, “the amount of inbound mail sent over an encrypted connection increased by 25%” –Nicolas Lidzborski Gmail Security Blog

Another change you may have noticed is that the person you receive an email from has a question mark next to their name rather than the standard Google Plus avatar. A message is displayed that says: “Gmail couldn’t verify that this message was sent by [sender]…” This is a new way for Gmail to help you flag spam or determine if emails are spoofed.

gmail couldn't verify spammer

You will often see this warning when the message has been forwarded or has been sent by a third party site, as reflected by the email headers – or if the email service provider did not sign or verify the messages.

These new features are part of Google’s protections that are designed to help keep their users safe. Since 2012, Google has also warned its users if state-sponsored attackers may be targeting them. Even though this is a rare warning to receive, it is important for people like journalists and activists to know if they’re being targeted.

state sponsored attackers gmail

Now Google has made a new announcement. If they have reason to believe government-backed attackers may be trying to steal your password, they will give you a full page warning upon sign in like this:

new warning google government state sponsored attackers

Google maintains: “The security of our users and their data is paramount.” Do you believe these changes will in fact make Gmail’s users safer?


(Google now lets Gmail users know if senders are not using TLS encryption. Learn about TLS by watching the above video)

CategoriesInternetNewsPrivacySecurity

Skype Will Better Protect Users by Hiding IP Addresses

Skype has announced that in their new update, they will finally hide your IP address so that you are protected from “trolls”. This news is especially good for gamers who often find themselves DDoS’d by gaming rivals. There have been many YouTube tutorials helping Skype users find IP addresses through Skype calls. This sometimes leads to retaliation tactics against other gamers.

Here is an example of one such tutorial:

Instead of allowing users to opt-out of sharing IP addresses with contacts, Skype’s new update will automatically hide the IP address.

“Microsoft says the measure will “prevent individuals from obtaining a Skype ID and resolving to an IP address,” which won’t only protect gamers, but other Skype users who may be targeted by online trolls.” –Matt Brian, Engadget

Many believe that Skype is responding to the wishes pro-gamers have had for a long time. Some users were already using work-arounds to disguise their IP to protect themselves.

If you still need to get the latest version of Skype, you can find it here.

CategoriesInternetNewsPrivacyTechnology

LinkNYC – Free WiFi Hubs to be Installed in New York

Yesterday, New York City unveiled it’s first WiFi kiosk outside of a Starbucks, a hub that will allow passerby’s to access free WiFi service that will be funded by advertising.

CityBridge plans to replace all payphones with these hubs which will also include USB charging ports. This phasing-out of payphones is supposed to take around 12 years to complete and they are expected to install a minimum of 7500 kiosks.

Privacy advocates are already expressing concerns about these free wireless hubs.

The WiFi spots will have a range of about 150 feet and will have speeds relatively close to that of Google Fiber. The new kiosk is currently in it’s testing phase and should be ready for public use in a few weeks. Still need to make a regular phone call? The kiosks will offer free voice calls in place of the payphones.

“Moreover, the booths also feature some other interesting services. For example, you can use the wi-fi booth in order to place a free voice-call. The developers even managed to throw in a headphone jack, in order to be able to ensure the user’s privacy.” –Brandi McCants – Gadget Gestures

CitiBridge’s full privacy policy for using their services can be found here.

CategoriesHackingInternetPrivacy

Fans of Hello Kitty Experience Data Breach

3.3 million people could be affected by a recent data breach of Hello Kitty fans’ information from the website SanrioTown.com. The data included usernames passwords hints, email addresses and other sensitive information like names, birth dates and more.

The breached data was publicly available, there was no actual hacking done to obtain this information. A security researcher, Chris Vickery, notified Sanrio about the hole in their database and it has since been patched. Sanrio has made a statement that there is no evidence that any data was actually stolen. Vickery has gone to the press about this because he believes companies too easily have the ‘Oh, it won’t happen to me’ mentality”. This may bring to mind the case of the grey-hat hacker, Andrew Auernheimer (weev), who found similar flaw that displayed personal information on AT&T iPad users on public URLs. Auernheimer was later brought up on charges for conspiracy to access a computer without authorization.

Another concern about this breach is whether or not children’s information was exposed.

“Sanrio said it doesn’t create accounts for children under 13. However, the leaked information, which came from users all over the world, appears to include accounts for those under age 18.” –CNET

Sanrio hosts popular children’s games such as Hello Kitty Online.

CategoriesHow To GuideLinuxPrivacy

How to Install Tor Browser for Linux

Do you use a Tor browser to make yourself anonymous on the internet? Want to make it better? Try using the Tor browser for a Linux machine running Ubuntu.

What is a Tor browser? It is a browser that works in conjunction with the Tor network. The Tor Network utilizes a technology called onion routing which is designed to encrypt internet traffic in layers. Every layer addresses to a node. Each layer knows only the next node or onion router the packet needs to be sent to or relayed to. This layering of internet traffic allows anonymous communication. All of this leads to accessing something called the Dark Web or Darknet which are sites that you normally can’t get to through Google or any normal browser.

The Darknet isn’t just a place where people go to do illegal activity. It also provides a refuge for whistleblowers. Journalists can utilize Tor browsers to ensure privacy and secure communication with their sources. While the Darknet does have its fair share of illegal activity, it also has areas where information can be freely accessed without censorship.

Understanding the Darknet

Normal websites use something called DNS or Domain Name Server. It simple terms it associates a website url to an IP address. When you type in https://www.google.com/ your computer sends out a request. This request goes to DNS servers that return the actual IP address that the website is. If you ever want to see this in action, go to the command line in your OS. Do a ping command to Google. This will allow you to see the actual IP address you are communicating to Google with. Tor browsing is different in that it doesn’t use DNS. This means that unless you know the specific address of the website, you can’t get there.

This also means that Google doesn’t index those sites either. For Google to present that page as a page result anytime you do a search, Google has to index the site. This means that Google scans the site for content. Each page is indexed by Google. That way, Google can present a possible result of your query. In these two major ways, these sites stay off the grid.

Why the Tor Network Needs Their Own Browser

Most browsers are designed to allow it to collect information about you as a user. It stores passwords so you don’t forget them. It stores browsing history so you know which sites you’ve been to. It also allows you store cookies on the computer. These cookies store information about you and other details. For the largest part, these cookies allow you to get advertisements based on your general interest. Have you ever been to Facebook and seen something advertised that you were thinking about buying? Now, clear out your cookies and go to the page. The advertisement that you see will be different. This is an example of how cookies are used. Unfortunately, these cookies can also be used to track you.

The downside to the Tor Network is that it only keeps secure communications within the network. Once the packet leaves the network, it is no longer secure. The Tor browser helps with this. The browser is designed as to not store any information on you. However, certain precautions still should be taken.

Why Use Linux Over Windows

There are a few reasons why you should use Linux over Windows. The first one is that Linus is open source. This means that anyone can look at the code, share and collaborate to make it better. At first thought, this sounds like a bad idea. However, the more people that can work on it the better it will be.

Another downside is that Linux doesn’t just automatically give you administrator privileges. Windows does this. The first person that sets up the computer with their profile normally has administrator privileges by default. This can be bad in that this allows the user to be able to do whatever they want. It makes it more difficult to get the user to do something when they don’t have the rights and privileges to do so.

The next downside to using Windows with the Tor browser is numbers. Hackers develop code that will affect as many as clients as they possible can in the shortest amount of time that they can do it in. This means that they will write code for whatever OS they think will impact the most people. Windows still has the market when it comes to OS. Hackers use this to their ability.

Installing a Tor Browser for a Linux Computer Running Ubuntu

The first step is going to the website. Go to https://www.torprogject.org. On the left side of the page, click on “Installing Tor on Debian/Ubuntu “. Scroll down to Option Two. There, it will tell you not to use the packages in Ubuntu’s universe. Next, the site gives you the link to Wikipedia page will show you the different Ubuntu versions. Next, there are a series of dropdown menus. Depending on what you pick on, you will get a list of instructions on how to set up Tor. For example, if you chose “Ubuntu Lucid Lynx” as your OS with the Tor version as “stable” come not from the source, it will look as below:

You need to add the following entry in /etc/apt/sources.list or a new file in /etc/apt/sources.list.d/:

deb http://deb.torproject.org/torproject.org lucid main

deb-src http://deb.torproject.org/torproject.org lucid main

Then add the gpg key used to sign the packages by running the following commands at your command prompt:

gpg –keyserver keys.gnupg.net –recv 886DDD89

gpg –export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add –

You can install it with the following commands:

$ apt-get update

$ apt-get install tor deb.torproject.org-keyring

Once that is done, you can move on to set two. Set two is how to configure your applications to use Tor. It’s important to note here that applications don’t natively use Tor automatically. This means that internet traffic that doesn’t use a browser will not be protected. You have to configure your applications to route their traffic through the Tor browser. Firewalls will need to be updated. After that, you should have a working Tor browser.

CategoriesHow To GuideInternetPrivacy

How to Install Tor Browser on Windows

One of the great things about the internet used to be the anonymity of it. You have the freedom to share information without compromising your privacy. However, with technology becoming ever better, it is becoming increasingly difficult to stay hidden on the web. If you are looking for privacy over the web, look no further than using Tor.

What Tor is

What is Tor and how does it work? To fully understand Tor, it needs be broken down into separate parts. That first part is called onion routing. Onion routing is a system designed to block any kind of efforts to track communications. It allows two ends to communicate to each other without letting either party know who exactly they are communicating with. It also ensures encryption.

The second part is the Tor network. The tor network is a large connection of servers that are operated by volunteers. These servers run onion routers that funnel internet traffic through virtual pathways. In simple terms, they scramble the traffic in a way that makes it almost impossible to track who is talking to whom.

The last part is a Tor browser. Most browsers are set up to store information on the user. If you allow your browser to store your password for any site, then it is tracking information on you. The normal browser stores cookie files and browsing history. Both of these are information stored on you so that it can either deliver a better service to you or deliver advertisements based on your general interests. Neither of these support efforts towards privacy.

Installing a Tor Browser on Windows

The first step to installing the Tor browser is to go to the website at www.torproject.org/download. Download the version for your operating system. Follow the installation directions in the same way for normal applications. Once the installation is complete, run the browser. From here, you’ll be able browse the internet anonymously with limitations.

There are limitations and considerations to using a Tor browser. First, the tor network only provides privacy and encryption while inside the network. This means that any communication passed once outside the network is vulnerable. Next, the tor browser does not protect all of your computer’s activity. If your computer is not going through Tor then it is not providing anonymity. Also, it does not protect against document downloaded through Tor while online. If you download a document while using Tor, do not open the document. If you must, start a virtual machine and open it within the machine while it isn’t connected to the internet. The last thing is not allowing plugins to run on the Tor browser. Plugin extend the functionality of a browser. However, they are extension that run on your computer that have the ability of opening holes in your security.

The Deep Web

While anonymity can provide a place to freely share ideas, it can also be a source of illegal activity. With that being said, the Tor browser allows you to surf websites that operate illegal and sometime immoral activities. Websites like “The Hidden Wiki” do not censor some material that others may find offensive. To sum it up, Tor browsing offers anonymity but at its price.

CategoriesInternetPrivacySecurity

How Do SSL Certificates Work?

How do you exchange private data over the internet? Part of the answer lies with SSL certificates. Secure Socket Layer (SSL) certificates work by creating a private line of communication in which allows private data to be delivered.

The main problem with communication and security over the internet is eavesdropping. Others may be able to access the data exchange between your computer and the website’s servers. This is also called a main-in-the-middle attack. SSL certificates are a way of ensuring that no one is able to intercept and decrypt this information.

To better understand how SSL certificates work, let’s imagine a boy is being picked up at the train station for the first time by someone who he’s never met. How can he know for sure to trust the person picking him up? The answer is simple. His parents write a letter signed by them stating they trust that individual. By trusting his parent’s authority, the boy can now trust the person picking him up.

This is quite similar to how SSL certificates work. Web sites can create certificates and have them signed by something called a CA or Certificate Authority. An example includes DigiCert. By having them signed, browsers can then identify website and servers by their certificate. They then know if they can trust them. This is the basic concept of how SSL Certificates help to identify and trust the websites we are communicating with.

What about actually communicating? What if two people want to talk in that same train station without worrying if someone else is listening? The answer lies with keys. To illustrate the concept of keys and how they help with encryption, imagine each of the two people have a box and a set of keys. The keys are labeled private and public. They exchange their public keys. Now, each person has a private key, the other’s public key, and a box.

The basic process works like this: One person writes a message and places it into the box. They then lock the box with the other’s public key. They then pass the box along. Once the box is at its destination, only the person holding the private key can open the box locked by its very own public key. If the other person wants to send a message back, they can send back a letter in the box locked with the other’s public key. The entire communication, also called a session, can go back and forth securely using this method.

This is much like how SSL certificates are used to create private and public keys. Web servers send the user a copy of its public key along with the certificate. The browser can then decide to trust the website based on this information. If it does, it can then send messages back and forth simply by encrypting and decrypting keys.

Identifying websites that have and use SSL are easy. Simply look for the lock at the top of the browser. Never exchange private data unless there is a lock up at the top of the browser. If there isn’t, there is not an acceptable level of encryption being used on that site. Anyone who sells anything online needs to have an SSL .All banks and e- commerce sites need to have an SSL to help ensure security.