Group items tagged

Ask a room full of security practitioners for a list of security settings that'll make Internet Explorer (IE) safe to use and you'll either hear laughter or advice to get a new browser like Mozilla Firefox, Opera, Safari or Google Chrome. Even as Microsoft has worked diligently to improve security in its troubled browser, especially in IE7 and the newly-released IE8, security pros simply don't trust it. Most have turned to alternative browsers, especially Firefox. [See: Microsoft Releases IE8, Stresses Security] But the intoxication security pros find in Firefox and the other alternatives comes with a big hangover. When one wakes up from an evening of online adventuring on one of the alternative browsers, the painful reality is that they will never be able to get away from IE completely. The obvious reason is that IE is so tightly integrated into the Windows operating system, though some industry voices have called on Microsoft to divorce it from the OS. [See: Security Expert: Microsoft Should Sever IE from Windows] "We aren't going to be able to get away from IE in the corporate world anytime soon," said Christopher Mendlik, a threat analyst at Wachovia. Besides the tight integration with Windows, there's the simple reality that some business applications will only work when used in IE. At CSOonline and other media outlets, for example, the programs used to post content online tend to be allergic to non-IE browsers. Those who have no choice but to use IE have turned to a number of coping mechanisms.

A Harvard University fellow has developed a browser extension that stops advertising networks from tracking a person's surfing habits, such as search queries and content they view on the Web. The extension, called Targeted Advertising Cookie Opt-Out (TACO), enables its users to opt out of 27 advertising networks that are employing behavioral advertising systems, wrote Christopher Soghoian, who developed it, on his Web site. Soghoian, a fellow at the Berkman Center for Internet and Society at Harvard and a doctoral candidate at Indiana University, modified a browser extension Google released under an Apache 2 open-source license. Google's opt-out plugin for Internet Explorer and Firefox blocks cookies delivered by its Doubleclick advertising network. A cookie is a small data file stored in a browser that can track a variety of information, such as Web sites visited and search queries, and transmit that information back to the entity that placed the cookie in the browser. Google's opt-out plugin comes as the company announced plans last week to target advertisements based on the sites people visit. Targeted advertising is seen as a way for advertisers to more precisely find potential customers as well as for Web site publishers to charge higher advertising rates. But the behavioral advertising technologies have raised concern over how consumers get enrolled in the programs, what data is being tracked and how the data is protected.

Concerned that Google knows too much about you? The company provides many ways to protect your privacy online -- you just need to find them. Here are six good ones. 1. Know your privacy rights: Use the Google Privacy Center. This site includes all of Google's privacy policies, as well as privacy best practices for each of its products and services. Although the "legalese" of privacy policies can be difficult to understand, Google's Privacy Channel offers a library of short YouTube videos with practical tips on protecting your data when using Google products and services. Try the "Google Search Privacy" and "Google Privacy Tips" series. 2. Protect your content on the services you use. Some content that Google stores for you, such as photos uploaded in Picasa Web Albums, are public by default. You can protect your privacy when you upload photos by choosing the appropriate checkbox. Choices include "unlisted" (accessible only if you have the Web link, and not indexed by Web search engines) or private (viewable only by named users who must sign in). Another example: You can take a Google Chat "off the record" if you don't want the instant messaging transcript stored. In contrast, Google Latitude, which tracks your whereabouts by way of GPS-enabled cell phones, does not share your location data by default. You must authorize others to see it. Latitude stores your last known location, but not your history. 3. Turn off the suggestion feature in the Chrome browser. By default, Chrome retains a history of Web sites you've visited -- and the full text of those pages -- so it can try to guess which Web address you want as you type in the "Omnibox." You can turn the feature off by going to "Under the Hood" under Options and unchecking the "Use a suggestion service" box. You can also select other privacy options, including surfing in Chrome's "incognito" mode. 4. Turn off Web History. You may have turned on the Web History option, also called Personalized Search, when yo

Google has moved forward the debate about privacy and Internet advertising, in its typical way, with deceptively simple engineering and a willingness to impose its way on others. On Wednesday, Google became the last of the big advertising companies to start keeping track of where Internet users surf online so ads can be shown to people based on what they might be interested in buying. In its approach to ad targeting, the company is responding to calls by the Federal Trade Commission and others to be more clear with users' information and control over the information it collects. It has created a window into part of its database, so users can see that Google has deduced that they are interested in "Anime & Manga" comics, or "Alternative-Punk-Metal" music or travel to Afghanistan. (Yes, those are on its list of 600 interest categories.) It also built technology to allow your browser to remember that you don't want Google (or its DoubleClick unit) to remember anything about you. It is more robust than the opt-out system used by many companies that rely on cookies in browsers. These are technical feats that other ad companies said would be too hard.

Educating consumers about what behavioral targeting is and is not up to, deep within the cookies of their browser, seems to be a bit like alternative energy development. Pretty much everyone says the industry should be doing more about it, and yet it is hard to see where and with whom it starts. Most online materials related to BT are pitched to one end of the value chain, marketers. It's not clear to me that most of the companies in this space are even comfortable talking directly to consumers, let alone taking the time to develop an accessible language to describe their process. Specific Media controls the BehavioralTargeting.com domain and uses it to educate marketers about its methods. Even the Wikipedia entry for this field is really an explanation for advertisers. This is understandable, since most people who are familiar with the term likely come from the industry. But it seems to me the industry misses an opportunity to practice more often, and in more places, what it knows ultimately needs to be done. You guys need to find better, clearer, simpler ways to explain what it is you are doing in our browsers -- and why you are doing it. And what are the real benefits and risks a consumer incurs by tacitly agreeing to your presence? Isn't every possible point of contact with a suspicious consumer a teachable moment? In an earlier post, I recounted how I struck some retargeting gold when FetchBack tagged and remarketed me during my travels online. An opt-out option is clearly available at the front page of the FetchBack site. Unfortunately, from there you either opt-out (kick over to the Network Advertising Initiative site) or click into a long scrolling privacy policy that doesn't actually get around to explaining retargeting until a few screens down.

Three out of four Americans believe that individuals are responsible for protecting their own privacy online. That's the bottom line of a new survey conducted by TRUSTe, a company that certifies the compliance of websites with privacy standards and statements. Nonetheless, The New York Times reports that the Federal Trade Commission is trying to put more responsibility on website operators: Last month, the F.T.C. revised its suggestions for behavioral advertising rules for the industry, proposing, among other measures, that sites disclose when they are participating in behavioral advertising and obtain consumers' permission to do so. One F.T.C. commissioner, Jon Leibowitz, warned that if the industry did not respond, intervention would be next. "Put simply, this could be the last clear chance to show that self-regulation can -- and will -- effectively protect consumers' privacy," [FTC commissioner Jon] Leibowitz said, or else "it will certainly invite legislation by Congress and a more regulatory approach by our commission." Behavioral advertising, which records individual users' Web usage by inserting cookies into their browsers and keeping a log of where they go and what they do, is the most high-profile privacy issue today. Google-owned DoubleClick is tracks Web users across many sites, combining them into one profile at DoubleClick's end to be used for ad targeting. Some survey respondents use cookie-deleting browsers and anonymizing software to thwart tracking systems. Privacy advocates, TRUSTe, and the FTC all strongly encourage companies to post meticulous privacy statements for online visitors, and to follow them to the letter. Still, only 15 percent of TRUSTe's survey respondents said they actually read privacy statements.

OPT-OUT becomes untenable when users have to visit 40 - 50 or more sites to do it.

The online advertising industry and U.S. policy makers need to give online users more control over the collection of personal data and surfing habits beyond the traditional opt-out approach, some privacy advocates said Wednesday. Dozens of online ad networks allow users to opt out of being tracked as a way to deliver behavioral advertising, and in most cases, the opt-out is stored in a cookie that goes away every time the users clear their browser cookies, privacy advocates said during a discussion of online advertising at the Computers, Freedom and Privacy Conference in Washington, D.C. Some advertisers require that people opt out of targeted advertising every month, and some advertisers make the opt-out link difficult to find, said Christopher Soghoian, a fellow at the Berkman Center for Internet & Society at Harvard University. Some opt-out mechanisms aren't even functional, he said. Soghoian, while creating a single opt-out mechanism for the Firefox browser, found more than 40 advertising networks, he said. "How can we expect consumers to visit 40 or 50 different online advertisers, opt out, then revisit these sites every six months or every year, and then, when they delete their cookies, go back again?" he asked.

"There's a known weakness in browsers which we wrote about in the book. Every time we talked with someone about it, they'd ask us why we didn't start a company that took advantage of the loophole, and the answer was, well, it's creepy. The loophole basically lets you see where else your visitors have been on the Internet. Well, it's now out in the open, in two forms: Beencounter, and Haveyourfriendsbeenthere. To be perfectly clear, the site won't show you everything your visitors surf-just whether or not they've been to a set of sites you define. Here's how it works:"

"Beginning next week, the FTC will hold a series of public roundtables covering the growing number of challenges to consumer privacy on the Internet. Dubbed "Exploring Privacy," the daylong discussions will focus on "the collection and use of information by retailers, data brokers, third-party applications, and other diverse businesses." Hold that yawn. Behavioral tracking and ad targeting have everything to do with the pesky "Warning!" pop-up blinking behind your browser window right now. The one that could shatter your online privacy. In advance of the roundtables, Fast Company spoke with online privacy advocates Jules Polonetsky, co-chair and director of the Future of Privacy Forum, and Ari Schwartz, vice president and chief operating officer of the Center for Democracy and Technology. Below, Polonetsky and Schwartz highlight five of most nefarious techniques used to trick and track you." 1. "Malvertising Gangs" 2. Flash Cookies 3. "Cookie appends" 4. Personal Health Data 5. ISP Tracking

"Mozilla's flagship Firefox browser is vulnerable to at least 11 "critical" vulnerabilities that expose users to drive-by download attacks that require no user interaction beyond normal browsing. The open-source group shipped Firefox 3.5.4 with patches for the vulnerabilities, which range from code execution risk to the theft of information in the browser's form history."

Do you know what your data did last night? Almost none of more than 27 million people who took the RealAge quiz realized that their personal health data was sold to drug companies, who in turned used that information for targeted e-mail marketing campaigns. There's a basic consumer protection principle at work here, and it's the concept of "unfair and deceptive" trade practices. Basically, a company shouldn't be able to say one thing and do another: sell used goods as new, lie on ingredients lists, advertise prices that aren't generally available, claim features that don't exist, and so on. RealAge's privacy policy doesn't mention anything about selling data to drug companies, but buried in its 2,400 words, it does say that "we will share your personal data with third parties to fulfill the services that you have asked us to provide to you." They maintain that when you join the website, you consent to receiving pharmaceutical company spam. But since that isn't spelled out, it's not really informed consent. That's deceptive. Cloud computing is another technology where users entrust their data to service providers. Salesforce.com, Gmail, and Google Docs are examples; your data isn't on your computer -- it's out in the "cloud" somewhere -- and you access it from your web browser. Cloud computing has significant benefits for customers and huge profit potential for providers. It's one of the fastest growing IT market segments -- 69% of Americans now use some sort of cloud computing services -- but the business is rife with shady, if not outright deceptive, advertising.

Infection of the adware called "VideoPlay," which has been spreading through malicious posts and comments on Digg and YouTube, increased 400 percent from January to February, according to Panda Security. Attackers have been posting comments on news stories and videos posted to the social networking sites Digg.com and YouTube.com, claiming users will be able to see videos of celebrities - some of which claim to be pornographic - by clicking a link that is provided, Sean-Paul Correll, threat researcher and security evangelist for Panda Security, told SCMagazineUS.com in an email Tuesday. But, when a user follows the link, they will be re-directed to a page where they will be prompted to download a codec to view the video. The download is the VideoPlay adware - a worm that aims to steal email login credentials and other information stored in a user's browser and then further propagate itself through removable drives.

The new year has come and gone on the Gregorian calendar. But the new year for legal technology is still in progress at LegalTech New York, where vendors are unveiling their new products and services and attendees are helping them celebrate. LegalTech attendees should revel in the number of vendor initiatives aimed at reducing e-discovery costs from acquisition to review and production. And, like last year, EDD vendors continue to design and manufacture their products for international litigation. But LegalTech is not all about e-discovery. There were still plenty of vendors with products outside the Electronic Data Reference Model. EDD PARTIES Readers should be aware that Index Engines can access and extract data from tape and tape libraries -- and can do so really fast. But now they can also extract data from network storage systems, file shares, forensic images and hard drives and still provide users a single point of access to it -- via a Web browser. Index Engines first indexes data on disparate resources. Once the index is compiled, data can be deduped, searched, reviewed and extracted on demand. Also note that Index Engines can now filter unwanted file types such as EXE, DLL, etc., during the indexing process to reduce the time it takes to review the data. Read LegalTech New York 2009 Coverage on Legal Blog Watch In preparation for the new year, Kazeon Systems introduced new pay-as-you-go pricing models that augment their current standard software licensing option and focus on case matters. Kazeon hopes the new pricing models allow customers to implement an e-discovery solution that does not require a major financial investment or lengthy rollout. Vendors are starting to "go left" of the EDRM to provide organizations a better view of the end of litigation via early case assessment tools. In fact, KPMG promoted the concept with a T-shirt emblazoned with "go left." Toward that end, Daticon EED announced the availability of its Early Case Assessment servic

Some consumers say they like the way Internet retailers will suggest new purchases to them based on what they've bought previously. Others feel creeped out when a banner ad seems to know a bit too much about their Web surfing habits. It's called behavioral advertising, and it's central to the business success of all manner of Internet commerce, from bookstores to newspapers. The practice needs regulation, says Rep. Rick Boucher , the Virginia Democrat who chairs the House Energy and Commerce Subcommittee on Communications, Technology and the Internet. Boucher says legislation to protect consumer privacy online will spur people to surf more. But Internet advertising companies are not happy about regulation, especially because Boucher's plan would require, in some cases, that consumers agree in advance before their surfing habits could be tracked. Such an approach "would really be a sea change in the U.S. regulatory framework," says Mike Zaneis, vice president for public policy at the Interactive Advertising Bureau. Virtually all consumer protection laws, he says, permit people to opt out of solicitation, for instance, with a "do not call" registry. For the Internet, Congress has done almost nothing. "To suddenly move toward a draconian opt-in standard," he says, "would really be damaging not just to businesses but consumers." Zaneis, whose group includes such news heavyweights as the New York Times Co. and Conde Nast Publications, says now is not the time to upend Internet companies' business models, right when the economy is in the tank and print advertising is drying up. He argues further that new Web browsers make the issue moot by giving consumers the ability to easily block the electronic "cookies" that track their online movements. The issue promises to be a lobbying extravaganza. Last year, when the Federal Trade Commission (FTC) was developing self-regulatory guidelines for Web companies engaging in behavioral advertising, it

Beware of web sites offering free money Iain Thomson in San Francisco vnunet.com, 04 Mar 2009 The Federal Trade Commission (FTC) is warning of a rash of online scams offering payouts under the economic stimulus plan passed by Congress. Businesses and individuals are being targeted by the scammers using web sites and emails, the organisation warned. Recipients are typically offered 'grants' from the government, and must either surrender bank details to get the funds or make a small payment. Advertisement"Web sites may advertise that they can help you get money from the stimulus fund. Many use deceptive names or images of president Obama and vice president Biden to suggest that they are legitimate. They are not," said Eileen Harrington, acting director of the FTC's Bureau of Consumer Protection. "Don't fall for it. If you do, you'll get scammed." Several variants have also been discovered that use malware to steal important data. These include pages that purport to offer links to sites that show how to get the federal funds. The pages are loaded with malware that can penetrate an improperly patched browser. "Consumers who may already have fallen for these scams should carefully check their credit card bills for unauthorised charges, and report the scam to the FTC," said Harrington.

Google will unveil new privacy measures today that will give consumers more control over behavioral targeting. Now, when Google serves banner ads on outside publishers' sites, the ads will include links that provide more information explaining why they were served. Clicking through will lead to details about the company's behavioral advertising program, which categorizes consumers as interested in particular types of goods or services based on the sites they visited. The program is only in beta for now, but once Google signs up publishers, consumers will be able to view the categories they have been placed in--such as "interested in travel"--and also tell Google to remove them from whatever buckets they wish. Consumers also will be able to opt out of the program permanently via a browser plug-in. Or, if people want to receive ads for certain types of products, they can edit their profiles to reflect that--in effect, opting in to particular types of ads. Google's new measures come at a time when online behavioral targeting is facing increased scrutiny. Last month, two Federal Trade Commissioners warned that the online advertising industry could face new laws if it didn't take steps to self-regulate on privacy issues. Recently, Google rival Yahoo announced enhancements to its privacy policies. Among other changes, Yahoo said it would allow consumers to opt out of behavioral targeting on its own site. Google's move drew praise from the Interactive Advertising Bureau's Mike Zaneis, vice president for public policy. "It's really a consumer empowerment tool, which is great," he said. "It's one more example of how industry is competing on the privacy issue, to the benefit of consumers--and also to the benefit of businesses."

Is it time for Web publishers and their users to have the privacy talk? At most Web sites, privacy policies are ridiculously long and convoluted scrolls of legalese that only a hearty privacy watchdog would read. For most users it remains a mystery just how publishers collect, use and share the data trails consumers leave behind while traversing a site. But publishers now are partnering more deeply with third party ad networks who plant their own cookies in their users' browsers and hit them again with ads out on their own networks with other publishers. How should a site broach the topic of privacy and ownership of data with its own customers? The industry-funded Future of Privacy Forum is hoping to get at this issue in a new research initiative that explores different ways sites can communicate with users about their online advertising experience and how a use's data trail is recorded and used. The study will try to find ways that publishers can raise user awareness about the use of online behavioral data and be more transparent about how it is harvested and shared.

Google never fails to surprise. It's the scope and scale of their ambitions that impresses me ranging as they do from relatively simple applications that are just way cool such as Sky Map, through their Chrome Web browser (which is now looking pretty stable), to the subject of this newsletter: Google Health. Google Health, which was launched as a beta (of course) in spring 2008, is a free repository for your personal health information. Using the service you can create online health profiles for yourself, family members or others you care for (these profiles can include health conditions, medications, allergies and lab results), you can import medical records from hospitals and pharmacies, share your health records with "your care network" (which may include family members, friends and doctors), and browse an online health services directory to find services that are integrated with Google Health. After you sign up you can import your medical records from Allscripts, Anvita Health, The Beth Israel Deaconess Medical Center, Blue Cross Blue Shield of Massachusetts, The Cleveland Clinic, CVS Caremark, Healthgrades, Longs Drugs, Medco Health Solutions, Quest Diagnostics, RxAmerica and Walgreens. What you'll wind up with if you update all of the sections is a pretty complete health profile, which means that privacy has to be a concern. Interestingly, because becoming a subscriber is voluntary it appears that the service is exempt from the provisions of the Health Insurance Portability and Accountability Act of 1996.

For all the concern and uproar over online privacy, marketers and data companies have always known much more about consumers' offline lives, like income, credit score, home ownership, even what car they drive and whether they have a hunting license. Recently, some of these companies have started connecting this mountain of information to consumers' browsers.

Internet scams, phishing, identity theft and other attacks that exploit your personal data are always a threat when you shop online, set up an email account, use a credit card, manage an online bank account or carry your Social Security card. There is hope, however, for fighting these threats, and you can start by taking back control of all of your personal data. The 50 tips and tools in this list will help you understand how these scams originate, how to protect yourself online and offline, and how to track down your personal data on the Internet. Web Privacy Protect yourself and your data online by choosing a secure Web browser, understanding the dos and don'ts of wireless security, and correctly managing passwords.