Privacy Lawsuit Targets Net Giants Over ‘Zombie’ Cookies | Threat Level A wide swath of the net’s top websites, including MTV, ESPN, MySpace, Hulu, ABC, NBC and Scribd, were sued in federal court Friday on the grounds they violated federal computer intrusion law by secretly using storage in Adobe’s Flash player to re-create cookies deleted by users. At issue is technology from Quantcast, also targeted in the lawsuit. Quantcast created Flash cookies that track users across the web, and used them to re-create traditional browser cookies that users deleted from their computers. These “zombie” cookies came to light last year, after researchers at UC Berkeley documented deleted browser cookies returning to life. Quantcast quickly fixed the issue, calling it an unintended consequence of trying to measure web traffic accurately. Flash cookies are used by many of the net’s top websites for a variety of purposes, from setting default volume levels on video players to assigning a unique ID to users that tracks them no matter what browser they use. Photo:JGarber/Flickr
Local shared object Local shared objects (LSOs), commonly called Flash cookies (due to their similarities with HTTP cookies), are pieces of data that websites which use Adobe Flash may store on a user's computer. Local shared objects have been used by all versions of Flash Player (developed by Macromedia, which was later acquired by Adobe Systems) since version 6. Flash cookies, which can be stored or retrieved whenever a user accesses a page containing a Flash application, are a form of local storage. Similar to that of cookies, they can be used to store user preferences, save data from flash games, or to track users' Internet activity. LSOs have been criticised as a breach of browser security, but there are browser settings and addons to limit the duration of their storage. Storage Local shared objects contain data stored by individual websites. Adobe Flash Player does not allow 3rd-party local shared objects to be shared across domains. Application to games Privacy concerns
Privacy lawsuit targets 'Net giants over "zombie" cookies A wide swath of the 'Net's top websites, including MTV, ESPN, MySpace, Hulu, ABC, NBC and Scribd, were sued in federal court Friday on the grounds they violated federal computer intrusion law by secretly using storage in Adobe's Flash player to recreate cookies deleted by users. At issue is technology from Quantcast, also targeted in the lawsuit. Quantcast created Flash cookies that track users across the Web, and used them to recreate traditional browser cookies that users deleted from their computers. These “zombie” cookies came to light last year, after researchers at UC Berkeley documented deleted browser cookies returning to life. Flash cookies are used by many of the 'Net's top websites for a variety of purposes, from setting default volume levels on video players to assigning a unique ID to users that tracks them no matter what browser they use. Websites can store up to 100KB of information in the plug-in, 25 times what a browser cookie can hold.
Browser Fingerprinting - Panopticlick Is it possible to quit Google? 9 July 2012Last updated at 20:42 ET By Kate Dailey BBC News Magazine VIDEO: How to kiss Google goodbye Google's reach spreads far across the web. But is it possible to go online without being noticed by the search giant? Three computer professionals try to part ways with Google. Tom Henderson spends what he describes as "way too much" time online. The managing director for Extreme Labs, a technology company in Bloomington, Indiana, Henderson says he's often up late in the evening doing work for clients - and having fun exploring the far reaches of the internet. But when Google announced earlier this year that it would be streamlining the privacy agreements for all of its products - including YouTube, Blogger and Gmail - Henderson decided to find a way to stay online without patronising Google. The policy was criticised by EU officials for being too invasive. "At that point I had to make a decision," says Henderson. So Henderson decided to quit Google for good. 'Mission impossible'
TalkTalk Acoustic Snooping on Typed Information Li Zhuang, Feng Zhou, and Doug Tygar have an interesting new paper showing that if you have an audio recording of somebody typing on an ordinary computer keyboard for fifteen minutes or so, you can figure out everything they typed. The idea is that different keys tend to make slightly different sounds, and although you don’t know in advance which keys make which sounds, you can use machine learning to figure that out, assuming that the person is mostly typing English text. (Presumably it would work for other languages too.) Asonov and Agrawal had a similar result previously, but they had to assume (unrealistically) that you started out with a recording of the person typing a known training text on the target keyboard. The algorithm works in three basic stages. The third stage is the hardest one. (This means that the first keystroke is in category 35, the second is in category 12, and so on. The only advantage you have is that English text has persistent regularities.
UK ISP TalkTalk Monitoring its Customers Online Activity Without Consent − ISPreview UK Broadband ISP TalkTalk UK could be about to incur the wrath of privacy campaigners after some of its customers spotted that their online website browsing activity was being monitored and recorded without consent. The situation has caused a significant amount of concern with many end-users worried about the impact upon their personal privacy. TalkTalk has since confirmed that the monitoring, which was first discovered on the ISPs discussion forum during the middle of July (here), is part of a future Malware/Security/Parental Guidance tool to be provided by Chinese vendor Huawei. This is due to launch before the end of 2010. The system, which is not yet fully in place, aims to help block dangerous websites (e.g. those designed to spread malware) by comparing the URL that a person visits against a list of good and bad/dangerous sites. TalkTalk's Official Statement In due course we will be trialing and launching these services. A TalkTalk spokesperson told The Register :
PRISM (surveillance program) Below are a number of slides released by Edward Snowden showing the operation and processes behind the PRISM program. It should be noted that the "FAA" referred to is Section 702 of the FISA Amendments Act ("FAA"), and not the Federal Aviation Administration, which is more widely known by the same FAA initialism. Slide showing that much of the world's communications flow through the U.S. Details of information collected via PRISM Slide listing companies and the date that PRISM collection began Slide showing PRISM's tasking process Slide showing the PRISM collection dataflow Slide showing PRISM case numbers Slide showing the REPRISMFISA Web app Slide showing some PRISM targets. Slide fragment mentioning "upstream collection", FAA702, EO 12333, and references yahoo.com explicitly in the text. FAA702 Operations, and map FAA702 Operations, and map. Senator John McCain (R-AZ) Senator Dianne Feinstein (D-CA), chair of the Senate Intelligence Committee Senator Rand Paul (R-KY)
Facebook: The challenges ahead for the social network 25 July 2012Last updated at 23:08 GMT Plenty to think about: Facebook boss Mark Zuckerberg has several key problems to solve, the experts say When Facebook first floated on the stock exchange earlier this year, it started out at an astronomical high, valued at over $100bn (£65bn). Since then, rockier times. From an initial share price of $38, Facebook's stock dipped to below $29 in May. This week, there comes another huge test for the site as it releases the financial results for its first quarter of public trading. The BBC has asked four key experts for their views on where Facebook's challenges lie in the coming months. What do you think Facebook should do next? Jennifer Lynch is a staff attorney at the Electronics Frontier Foundation, a privacy campaign group. Facebook's acquisition of facial recognition software face.com is concerning from a privacy perspective for two reasons. First, it is unclear what Facebook intends to do with the facial recognition data face.com collected.
Deep packet inspection There are multiple ways to acquire packets for deep packet inspection. Using port mirroring (sometimes called Span Port) is a very common way, as well as an optical splitter. Deep Packet Inspection (and filtering) enables advanced network management, user service, and security functions as well as internet data mining, eavesdropping, and internet censorship. Although DPI technology has been used for Internet management for many years, some advocates of net neutrality fear that the technology may be used anticompetitively or to reduce the openness of the Internet. DPI is used in a wide range of applications, at the so-called "enterprise" level (corporations and larger institutions), in telecommunications service providers, and in governments. Background DPI-enabled devices have the ability to look at Layer 2 and beyond Layer 3 of the OSI model. DPI at the enterprise level Vulnerabilities exist at network layers, however, that are not visible to a stateful firewall.
ECHELON ECHELON[needs IPA], originally a code-name, is now used in global media and in popular culture to describe a signals intelligence (SIGINT) collection and analysis network operated on behalf of the five signatory nations to the UKUSA Security Agreement — Australia, Canada, New Zealand, the United Kingdom, and the United States. Referred to by a number of other abbreviations, including AUSCANNZUKUS and Five Eyes, it has also been described as the only software system which controls the download and dissemination of the intercept of commercial satellite trunk communications. It was created in the early 1960s to monitor the military and diplomatic communications of the Soviet Union and its Eastern Bloc allies during the Cold War, and was formally established in the year of 1971. §Name Britain's The Guardian newspaper summarized the capabilities of the ECHELON system as follows: §History §Origins (1960s–1970s) §Expansion (1980s) §Organization