Android

GasBuddy Has a New Privacy Policy (Spoiler: Not As Customer Friendly) 82 82

An anonymous reader writes: GasBuddy has been a popular iOS and Android app for the last 5 years used to find the cheapest place to get gas. According to the Google Play store, there are over 10 million installs (in additions to the installs from Apple and Amazon's appstores). Now that they have a large enough number of users, GasBuddy has updated their privacy policy to allow them to collect more information. Some highlights of the privacy policy changes include: only 10 days for new terms to take effect (previously users were given 30 days to review the changes); collection of "signal strength related to Wifi or Bluetooth functionality, temperature, battery level, and similar technical data"; and [a warning that the company] will not honor a web browser's "do not track" setting.
Communications

Questioning the Dispute Over Key Escrow 62 62

Nicola Hahn writes: The topic of key escrow encryption has once again taken center stage as former Secretary of Homeland Security Michael Chertoff has spoken out against key escrow both at this year's Aspen Security Forum and in an op-ed published recently by the Washington Post. However, the debate over cryptographic back doors has a glaring blind spot. As the trove of leaks from Hacking Team highlights, most back doors are implemented using zero-day exploits. Keep in mind that the Snowden documents reveal cooperation across the tech industry, on behalf of the NSA, to make products that were "exploitable." Hence, there are people who suggest the whole discussion over key escrow includes an element of theater. Is it, among other things, a public relations gambit, in the wake of the PRISM scandal, intended to cast Silicon Valley companies as defenders of privacy?
Privacy

Tor Project Pilots Exit Nodes In Libraries 29 29

An anonymous reader writes: The Tor Project has announced a new initiative to open exit relays in public libraries. "This is an idea whose time has come; libraries are our most democratic public spaces, protecting our intellectual freedom, privacy, and unfettered access to information, and Tor Project creates software that allows all people to have these rights on the internet." They point out that this is both an excellent way to educate people on the value of private internet browsing while also being a practical way to expand the Tor network. A test for this initiative is underway at the Kilton Library in Lebanon, New Hampshire, which already has a computing environment full of GNU/Linux machines.
United States

Germany Won't Prosecute NSA, But Bloggers 100 100

tmk writes: Despite plenty of evidence that the U.S. spied on German top government officials, German Federal Prosecutor General Harald Range has declined to investigate any wrongdoings of the secret services of allied nations like the NSA or the British GCHQ. But after plans of the German secret service "Bundesamt für Verfassungsschutz" to gain some cyper spy capabilities like the NSA were revealed by the blog netzpolitik.org, Hange started an official investigation against the bloggers and their sources. They are now being probed for possible treason charges.
GNU is Not Unix

Video Purism Offers Free (as in Freedom) Laptops (Video) 74 74

Purism uses its own OS, PureOS, which is a Debian derivative by way of Ubuntu and other members of the Debian-derivative family, but with no taint of proprietary code. Now imagine all the binaries stripped out of the Linux kernel, making it closer to the FSF ideal of a 100% free operating system than the Linux kernel in use almost everywhere else.

They're still using a proprietary BIOS, but have people working on a Free one. The main thing, though, is that Purism is working to give you all the privacy and freedom they can -- with more coming as they keep working to replace proprietary bits of the OS, BIOS, and hardware drivers with Free Software. Best of all, even if you don't need a new laptop right now, you can download PureOS and run it on any compatible hardware you already own.
Windows

A Naysayer's Take On Windows 10: Potential Privacy Mess, and Worse 480 480

Lauren Weinstein writes: I had originally been considering accepting Microsoft's offer of a free upgrade from Windows 7 to Windows 10. After all, reports have suggested that it's a much more usable system than Windows 8/8.1 — but of course in keeping with the 'every other MS release of Windows is a dog' history, that's a pretty low bar. However, it appears that MS has significantly botched their deployment of Windows 10. I suppose we shouldn't be surprised, even though hope springs eternal. Since there are so many issues involved, and MS is very aggressively pushing this upgrade, I'm going to run through key points here quickly, and reference other sites' pages that can give you more information right now. But here's my executive summary: You may want to think twice, or three times, or many more times, about whether or not you wish to accept the Windows 10 free upgrade on your existing Windows 7 or 8/8.1 system. Now that we're into the first week of widespread availability for the new version, if you're a Windows user and upgrader, has your experience been good, horrible, or someplace between?
Piracy

Interviews: Kim Dotcom Answers Your Questions 87 87

Kim Dotcom was the founder of Megaupload, its successor Mega, and New Zealand's Internet Party. A while ago you had a chance to ask him about those things as well as the U.S. government charging him with criminal copyright violation and racketeering. Below you'll find his answers to your questions.
Privacy

Kentucky Man Arrested After Shooting Down Drone 1167 1167

McGruber writes: Hillview, Kentucky resident William H. Merideth describes his weekend: "Sunday afternoon, the kids – my girls – were out on the back deck, and the neighbors were out in their yard. And they come in and said, 'Dad, there's a drone out here, flying over everybody's yard.'" Merideth's neighbors saw it too. "It was just hovering above our house and it stayed for a few moments and then she finally waved and it took off," said neighbor Kim VanMeter. Merideth grabbed his shotgun and waited to see if the drone crossed over his property. When it did, he took aim and shot it out of the sky.

The owners showed up shortly, and the police right after. He was arrested and charged with first degree criminal mischief and first degree wanton endangerment before being released the next day. Merideth says he will pursue legal action against the drone's owner: "He didn't just fly over. If he had been moving and just kept moving, that would have been one thing -- but when he come directly over our heads, and just hovered there, I felt like I had the right. You know, when you're in your own property, within a six-foot privacy fence, you have the expectation of privacy. We don't know if he was looking at the girls. We don't know if he was looking for something to steal. To me, it was the same as trespassing."
Bug

Honeywell Home Controllers Open To Any Hacker Who Can Find Them Online 85 85

Trailrunner7 writes: Security issues continue to crop up within the so-called "smart home." A pair of vulnerabilities have been reported for the Tuxedo Touch controller made by Honeywell, a device that's designed to allow users to control home systems such as security, climate control, lighting, and others. The controller, of course, is accessible from the Internet. Researcher Maxim Rupp discovered that the vulnerabilities could allow an attacker to take arbitrary actions, including unlocking doors or modifying the climate controls in the house.
Security

Video Veteran IT Journalist Worries That Online Privacy May Not Exist (Video) 43 43

Tom Henderson is a long-time observer of the IT scene, complete with scowl and grey goatee. And cynicism. Tom is a world-class cynic, no doubt about it. Why? Cover enterprise IT security and other computing topics long enough for big-time industry publications like ITWorld and its IDG brethren, and you too may start to think that no matter what you do, your systems will always have (virtual) welcome mats in front of them, inviting crackers to come in and have a high old time with your data.

Note: Alert readers have probably noticed that we talked with Tom about cloud security back in March. Another good interview, worth seeing (or reading).
Chrome

Chrome Extension Thwarts User Profiling Based On Typing Behavior 61 61

An anonymous reader writes: Per Thorsheim, the founder of PasswordsCon, created and trained a biometric profile of his keystroke dynamics using the Tor browser at a demo site. He then switched over to Google Chrome and not using the Tor network, and the demo site correctly identified him when logging in and completing a demo financial transaction. Infosec consultant Paul Moore came up with a working solution to thwart this type of behavioral profiling. The result is a Chrome extension called Keyboard Privacy, which prevents profiling of users by the way they type by randomizing the rate at which characters reach the DOM. A Firefox version of the plugin is in the works.
Security

Your Stolen Identity Goes For $20 On the Internet Black Market 57 57

HughPickens.com writes: Keith Collins writes at Quartz that the going rate for a stolen identity is about twenty bucks on the internet black market. Collins analyzed hundreds of listings for a full set of someone's personal information—identification number, address, birthdate, etc., known as "fullz" that were put up for sale over the past year, using data collected by Grams, a search engine for the dark web. The listings ranged in price from less than $1 to about $450, converted from bitcoin. The median price for someone's identity was $21.35. The most expensive fullz came from a vendor called "OsamaBinFraudin," and listed a premium identity with a high credit score for $454.05. Listings on the lower end were typically less glamorous and included only the basics, like the victim's name, address, social security number, perhaps a mother's maiden name. Marketplaces on the dark web, not unlike eBay, have feedback systems for vendors ("cheap and good A+"), refund policies (usually stating that refunds are not allowed), and even well-labeled sections. "There is no shortage of hackers willing to do about anything, computer related, for money," writes Elizabeth Clarke. "and they are continually finding ways to monetize personal and business data."
Google

Google Is Dropping Its Google+ Requirement Across All Products Including YouTube 170 170

An anonymous reader writes: After years of plugging Google+ into all of its services, today Google announced that your Google+ profile will no longer be your identity in all its products. The company says it will take a few months for all the changes to happen, but the first product to be uncoupled will be YouTube. Bradley Horowitz, Google's vice president of streams, photos, and sharing, says the changes are a response to user feedback: "We've also heard that it doesn't make sense for your Google+ profile to be your identity in all the other Google products you use."
ch

Swiss Researchers Describe a Faster, More Secure Tor 61 61

An anonymous reader writes: Researchers from the Swiss Federal Institute of Technology and University College London published a paper this week describing a faster and more secure version of Tor called HORNET. On one hand, the new onion routing network can purportedly achieve speeds of up to 93 gigabits per second and "be scaled to support large numbers of users with minimal overhead". On the other hand, researchers cannot claim to be immune to "confirmation attacks" known to be implemented on Tor, but they point out that, given how HORNET works, perpetrators of such attacks would have to control significantly more ISPs across multiple geopolitical boundaries and probably sacrifice the secrecy of their operations in order to successfully deploy such attacks on HORNET.
KDE

KDE Community Announces Fully Open Source Plasma Mobile 44 44

sfcrazy writes: Today, during the Akademy event, the KDE Community announced Plasma Mobile project. It's a Free (as in Freedom and beer), user-friendly, privacy-enabling and customizable platform for mobile devices. Plasma Mobile claims to be developed in an open process, and considering the community behind it, I don't doubt it. A great line: "Plasma Mobile is designed as an ‘inclusive’ platform and will support all kinds of apps. In addition to native apps written in Qt, it also supports GTK apps, Android apps, Ubuntu apps, and many others." And if you have a Nexus 5, you can download and play with a prototype now.
Privacy

After Progressive Insurance's Snapshot Hacked, Manufacturer Has Been, Too 3 3

An anonymous reader writes: Progressive Insurance sells a tracking device called Snapshot that is advertised as a "little device [that] turns your safe driving into savings." However Snapshot itself has been hacked, and Xirgo Technologies, which makes Snapshot, is currently hacked due to out-of-date software on their website — and has been that way since at least May 5th of 2015. Given that Chrysler just did a recall of 1.4 million cars, people should really think twice before blindly trusting the safety of their cars to any random company, especially if that company can't even keep their WordPress up-to-date or remove hacked code from their site.
Communications

An Interview With Hacking Team's CEO 80 80

Alastair Stevenson writes: I talked to the leader of the world's most hated surveillance company about its path to recovery and morals, following a massive attack on its systems. CEO David Vincenzetti, as you might expect, thinks that his company "deserves the protection of law and order," and disclaims (also as you'd expect) responsibility for what its clients do with the privacy-unraveling software it provides: Law enforcement must have a way to do what it has always done, that is to track criminals and prevent or prosecute crime. With the development of global terrorism and especially the ‘lone wolf’ terrorist, this requirement is even more important. Hacking Team has helped fight crime by providing a surveillance tool to law enforcement. The company believes this is a small step toward a more secure world for all who wish to used the Internet and digital tools lawfully.
Privacy

Researchers: Mobile Users Will Trade Data For Fun and Profit 21 21

itwbennett writes: Even as mobile users become more security and privacy conscious, researchers and other mobile data collectors still to collect user data in order to build products and services. The question: How to get users to give up that data? Researchers at the New Jersey Institute of Technology tested two incentives: gamification and micropayments. The test involved building a campus Wi-Fi coverage map using user data collected from student participants who either played a first-person shooter game or who were paid to complete certain tasks (e.g., taking photos). The game turned out to be a quick and efficient way to build the Wi-Fi coverage map. But data from the micropayments group was found to be "sometimes unreliable, and individuals were trying to trick the system into thinking they had accomplished tasks."
Privacy

US Court: 'Pocket-Dialed' Calls Are Not Private 179 179

itwbennett writes: In a case of a pocket-dialed call, a conscientious secretary, and sensitive personnel issues, a federal appeals court in Ohio has ruled pocket-dialers shouldn't have any expectation of privacy. 'Under the plain-view doctrine, if a homeowner neglects to cover a window with drapes, he would lose his reasonable expectation of privacy with respect to a viewer looking into the window from outside of his property,' the court said. The same applies to pocket-dialed calls, according to the court. If a person doesn't take reasonable steps to keep their call private, their communications are not protected by the Wiretap Act.
Facebook

New York Judge Rules Against Facebook In Search Warrant Case 157 157

itwbennett writes: Last year, Facebook appealed a court decision requiring it to hand over data, including photos and private messages, relating to 381 user accounts. (Google, Microsoft, and Twitter, among other companies backed Facebook in the dispute). On Tuesday, Judge Dianne Renwick of the New York State Supreme Court ruled against Facebook, saying that Facebook has no legal standing to challenge the constitutionality of search warrants served on its users.