Senate Republicans Vote To Gut Internet Privacy

Senate Republicans Vote To Gut Internet Privacy

Hamza Shaban, writing for BuzzFeed:

The Senate voted Thursday to make it easier for internet service providers to share sensitive information about their customers, a first step in overturning landmark privacy rules that consumer advocates and Democratic lawmakers view as crucial protections in the digital age. The vote was passed along party lines, 50-48, with all but two Republicans voting in favor of the repeal and every Democrat voting against it. Two Republican Senators did not vote.

Disgusting. This is what buying policy looks like, folks. Kate Tummarello of the Electronic Frontier Foundation also did a write-up, and included a particularly scary piece of information:

Republicans in the Senate just voted 50-48 (with two absent votes) to approve a Congressional Review Action resolution from Sen. Jeff Flake which—if it makes it through the House—would not only roll back the FCC’s rules but also prevent the FCC from writing similar rules in the future.

(emphasis added)

This may not seem like a big deal, but it very much is, especially in an age where ISPs and the data brokers to whom they sell your information are frequently hacked.

More shameful behavior from Senate Republicans whose retirement can’t possibly come soon enough.

Dropbox employee’s password reuse led to theft of 60M+ user credentials

Dropbox employee’s password reuse led to theft of 60M+ user credentials

Kate Conger, reporting at TechCrunch:

Dropbox disclosed in 2012 that an employee’s password was acquired and used to access a document with email addresses, but did not disclose that passwords were also acquired in the theft. Because Dropbox stores its user passwords hashed and salted, that’s technically accurate — it seems that hackers were only able to obtain hashed files of Dropbox user passwords and were unable to crack them. But it does appear that more information was taken from Dropbox than was previously let on, and it’s strange that it’s taken this long for the breach to surface.

Don’t reuse passwords folks. Find a password manager and learn to love it. There’s 1Password, LastPass, Dashlane and many others. That means there’s no excuse for you to keep using your dog’s name combined with your college graduation year or whatever terrible password you’re using for everything.

Secret Cameras Record Baltimore’s Every Move From Above

Secret Cameras Record Baltimore’s Every Move From Above

Pritchett had no idea that as he spoke, a small Cessna airplane equipped with a sophisticated array of cameras was circling Baltimore at roughly the same altitude as the massing clouds. The plane’s wide-angle cameras captured an area of roughly 30 square miles and continuously transmitted real-time images to analysts on the ground. The footage from the plane was instantly archived and stored on massive hard drives, allowing analysts to review it weeks later if necessary.

It must be the NSA or the CIA or the FBI, right? They must have a warrant, right? They must be deleting the video after a certain period of time, right?

Wrong.

It’s the Baltimore Police Department. The article and accompanying video clarify the motivation of the company providing the technology and the service to BPD. Founder Ross McNutt says he hopes technology like his will have a deterrent effect on crime in cities where its deployment is disclosed. That’s a good goal but it’s not the BPD or the company’s founder I’m worried about.

Anything on a hard drive that isn’t air gapped is vulnerable to exfiltration by hackers. That includes a massive digital video recorder covering an entire city for an indeterminate amount of time.

Scary stuff.

Vizio TVs spy on you, here’s how to disable it

Vizio TVs spy on you, here’s how to disable it

Vizio’s technology works by analyzing snippets of the shows you’re watching, whether on traditional television or streaming Internet services such as Netflix. Vizio determines the date, time, channel of programs — as well as whether you watched them live or recorded. The viewing patterns are then connected your IP address – the Internet address that can be used to identify every device in a home, from your TV to a phone.

This is a damn good reason not to buy a Vizio TV. I won’t rant about opt-out/opt-in again. But I found Vizio generally had a good price-to-quality ratio: not top shelf hardware, but not top shelf prices, either. So this shadiness is a shame.

A shamey-ness?

Anyway, props to Samsung and LG, who, according to Julia Angwin at ProPublica, require user consent before enabling the sort of tracking Vizio turns on by default.

Disable Vizio “Smart Interactivity”

Vizio obviously knows how shady its default spying is because they have a page named after the feature which begins with information on how to turn it off:

VIA TV Interface

  1. Press the MENU button on your TV’s remote.
  2. Select Settings.
  3. Highlight Smart Interactivity.
  4. Press RIGHT arrow to change setting to Off.

VIA Plus TV Interface

  1. Press the MENU button on your TV’s remote or open HDTV Settings app.
  2. Select System.
  3. Select Reset & Admin.
  4. Highlight Smart Interactivity.
  5. Press RIGHT arrow to change setting to Off.

Facial Recognition Software Moves From Overseas Wars to Local Police

Facial Recognition Software Moves From Overseas Wars to Local Police

This is troubling:

Lt. Scott Wahl, a spokesman for the 1,900-member San Diego Police Department, said the department does not require police officers to file a report when they use the facial recognition technology but do not make an arrest. The department has no record of the stops involving Mr. Hanson and Mr. Harvey, and Lieutenant Wahl said that he did not know about the incidents but that they could have happened.

Should police departments be allowed to use facial recognition?

Yes.

Should they be able to use it with minimal consent, oversight and reporting requirements?

No.

Image from Wikimedia

The ethics of modern web ad-blocking

The ethics of modern web ad-blocking

Marco Arment, creator of Instapaper and, more recently, Overcast:

This won’t be a clean, easy transition. Blocking pop-ups was much more incisive: it was easy for legitimate publishers to avoid one narrowly-useful Javascript function to open new windows. But it’s completely reasonable for today’s web readers to be so fed up that they disable all ads, or even all Javascript. Web developers and standards bodies couldn’t be more out of touch with this issue, racing ahead to give browsers and Javascript even more capabilities without adequately addressing the fundamental problems that will drive many people to disable huge chunks of their browser’s functionality.

I vascillate between Ghostery and uBlock, but they do the same thing: disable the scripts that power advertisements and tracking on the web. Some sites respect their visitors and present unobtrusive, high-quality advertisements. I whitelist those because, even if I’m unlikely to look at the ads and far less likely to actually click on them, the respect the publisher showed me deserves reciprocation.

But Arment is right. There’s no nice way to say it: publishers with shitty ads won’t remain viable much longer in the face of increased user awareness and response. The ability to use ad blockers in iOS 9 will only accelerate the downfall of sites with shitty ads.

Federal Court’s data breach decision shows new tilt toward victims, class-action lawsuits

Federal Court’s data breach decision shows new tilt toward victims, class-action lawsuits

John Fontana writes at ZDNet:

In an interesting twist, the Court said the fact Neiman Marcus offered free credit monitoring services was evidence that there was harm to these victims. The ruling turned on its head the way courts historically view such services as compensation for harm while negating a victim’s right to file a lawsuit (re: standing).

This may get very interesting very fast: if companies are at risk of being held ot have tacitly admitted liability by offering credit protection services to potential breach victims, they will stop offering that stuff.

The possibility of class actions instead of free credit monitoring may appeal to those whose data has been stolen, but it’s not really a great trade at all. Credit monitoring is expensive and the industry is still suffering growing pains, but class actions usually net plaintiffs an insignificant amount of money in damages while making lawyers very, very rich.

China-Tied Hackers That Hit U.S. Said to Breach United Airlines

China-Tied Hackers That Hit U.S. Said to Breach United Airlines

This is starting to look like a concerted effort to gather a specific data set for some sort of coordinated use:

The previously unreported United breach raises the possibility that the hackers now have data on the movements of millions of Americans, adding airlines to a growing list of strategic U.S. industries and institutions that have been compromised. Among the cache of data stolen from United are manifests — which include information on flights’ passengers, origins and destinations — according to one person familiar with the carrier’s investigation.

Tor Project seeks Executive Director

Tor Project seeks Executive Director

The Tor Project, makers of anonymizing browsing tools, is looking for a new Executive Director:

The position provides the high-profile opportunity to assume the voice and face of Tor to the world, and particularly to the global community of Internet organizations dedicated to maintaining a stable, secure and private Internet. In this position, the successful candidate will be able to exercise their deep leadership experience to manage a virtual team of culturally diverse volunteer developers. The candidate will have the opportunity to draw support from their stature in the wider community of Internet privacy foundations and activist organizations to advance external development initiatives.

Tor is used by everyone from political dissidents to child pornographers to access a darknet, unreachable from the Internet most people know. Read more about the Tor Project at Wikipedia.

Tor Project logo uploaded by Wikimedia Commons user Flugaal