Windows 10’s Privacy Policy: the New Normal?

from the no-i-do-not-want-to-send-a-crash-report dept.

An anonymous reader writes:

The launch of Windows 10 brought a lot of users kicking and screaming to the “connected desktop.” Its benefits come with tradeoffs: “the online service providers can track which devices are making which requests, which devices are near which Wi-Fi networks, and feasibly might be able to track how devices move around. The service providers will all claim that the data is anonymized, and that no persistent tracking is performed… but it almost certainly could be.” There are non-trivial privacy concerns, particularly for default settings. 
According to Peter Bright, for better or worse this is the new normal for mainstream operating systems. We’re going to have to either get used to it, or get used to fighting with settings to turn it all off. “The days of mainstream operating systems that don’t integrate cloud services, that don’t exploit machine learning and big data, that don’t let developers know which features are used and what problems occur, are behind us, and they’re not coming back. This may cost us some amount of privacy, but we’ll tend to get something in return: software that can do more things and that works better.”

Posted by Soulskill 2 days ago

 

Advertisements

Tomb, a Successor To TrueCrypt For Linux Geeks

Original Article 
from the tomb-is-a-nice-friendly-word dept.

jaromil writes:

Last day we released Tomb version 2.1 with improvements to stability, documentation and translations. Tomb is just a ZSh script wrapping around cryptsetup, gpg and other tools to facilitate the creation and management of LUKS encrypted volumes with features like key separation, steganography, off-line search, QRcode paper backups etc. In designing Tomb we struggle for minimalism and readability, convinced that the increasing complexity of personal technology is the root of many vulnerabilities the world is witnessing today — and this approach turns out to be very successful, judging from the wide adoption, appreciation and contributions our project has received especially after the demise of TrueCrypt.
As maintainer of the software I wonder what Slashdot readers think about what we are doing, how we are doing it and more in general about the need for simplicity in secure systems, a debate I perceive as transversal to many other GNU/Linux/BSD projects and their evolution. Given the increasing responsibility in maintaining such a software, considering the human-interface side of things is an easy to reach surface of attack, I can certainly use some advice and criticism.

Posted by timothy 2 days ago

MSpy Hacked

from the have-some-information dept.
pdclarry writes: mSpy sells a software-as-a-service package that claims to allow you to spy on iPhones. It is used by ~2 million people to spy on their children, partners, Exes, etc. The information gleaned is stored on mSpy’s servers. Brian Krebs reports that mSpy has been hacked and their entire database of several hundred GB of their customer’s data has been posted on the Dark Web. The trove includes Apple IDs and passwords, as well as the complete contents of phones that have mSpy installed. So much for keeping your children safe.

Ubuntu To Officially Switch To systemd Next Monday

from the dissenting-dachshund dept.
jones_supa writes: Ubuntu is going live with systemd, reports Martin Pitt in the ubuntu-devel-announce mailing list. Next Monday, Vivid (15.04) will be switched to boot with systemd instead of UpStart. The change concerns desktop, server, and all other current flavors. Technically, this will flip around the preferred dependency of init to systemd-sysv | upstart in package management, which will affect new installs, but not upgrades. Upgrades will be switched by adding systemd-sysv to ubuntu-standard‘s dependencies. If you want, you can manually do the change already, but it’s advisable to do an one-time boot first. Right now it is important that if you run into any trouble, file a proper bug report in Launchpad (ubuntu-bug systemd). If after some weeks it is found that there are too many or too big regressions, Ubuntu can still revert back to UpStart.

FBI Seeks To Legally Hack You If You’re Connected To TOR Or a VPN

Law would allow law enforcement to search electronic data if target computer location has been hidden through Tor or VPN

2015/01/img_2530.jpg
Original Article

by NICOLE KARDELL | FEE | JANUARY 20, 2015

The FBI wants to search through your electronic life. You may think it’s a given that the government is in the business of collecting everyone’s personal data — Big Brother run amok in defiance of the Constitution. But under the limits of the Fourth Amendment, nothing it finds can be used to prosecute its targets. Now the FBI is taking steps to carry out broad searches and data collection under the color of authority, making all of us more vulnerable to “fishing expeditions.”

The investigative arm of the Department of Justice is attempting to short-circuit the legal checks of the Fourth Amendment by requesting a change in the Federal Rules of Criminal Procedure. These procedural rules dictate how law enforcement agencies must conduct criminal prosecutions, from investigation to trial. Any deviations from the rules can have serious consequences, including dismissal of a case. The specific rule the FBI is targeting outlines the terms for obtaining a search warrant.

It’s called Federal Rule 41(b), and the requested change would allow law enforcement to obtain a warrant to search electronic data without providing any specific details as long as the target computer location has been hidden through a technical tool like Tor or a virtual private network. It would also allow nonspecific search warrants where computers have been intentionally damaged (such as through botnets, but also through common malware and viruses) and are in five or more separate federal judicial districts. Furthermore, the provision would allow investigators to seize electronically stored information regardless of whether that information is stored inside or outside the court’s jurisdiction.

The change may sound like a technical tweak, but it is a big leap from current procedure. As it stands, Rule 41(b) only allows (with few exceptions) a court to issue a warrant for people or property within that court’s district. The federal rules impose this location limitation — along with requirements that the agent specifically identify the person and place to be searched, find probable cause, and meet other limiting factors — to reduce the impact an investigation could have on people’s right to privacy. Now the FBI is asking for the authority to hack into and search devices without identifying any of the essential whos, whats, wheres, or whys — giving the FBI the authority to search your computer, tablet, or smartphone even if you are in no way suspected of a crime.

All you have to do is cross the FBI’s virtual path. For instance, the proposed amendment would mean that agents could use tactics like creating online “watering holes” to attract their targets. Anyone who clicked on law enforcement’s false-front website would download the government malware and expose their electronic device to an agent’s search (and also expose the device to follow-on hackers). One obvious target for this strategy is any forum that attracts government skeptics and dissenters — FEE.org, for example. Such tactics could inadvertently impact thousands of people who aren’t investigation targets.

This sort of sweeping authority is in obvious conflict with the Constitution. The Fourth Amendment makes it clear that the government cannot legally search your house or your personal effects, including your electronic devices, without (1) probable cause of a suspected crime (2) defined in a legal document (generally, a search warrant issued by a judge) (3) that specifically identifies what is to be searched and what is to be seized.

The FBI is not the first government agency to find itself challenged by the plain language of the Fourth Amendment. Past overreach has required judges and Congress to clarify what constitutes a legal search and seizure in particular contexts. In the 1960s, when electronic eavesdropping (via wiretaps and bugs) came about, Congress established the Omnibus Crime Control and Safe Streets Act of 1968 (the Wiretap Act). The law addressed concerns about these new surreptitious and invasive investigative tactics and provided several strictures on legal searches via wiretap or bug. Since covert investigative tools can be hard to detect, it was important to institute more rigorous standards to keep agents in line.

The same concerns that Congress addressed in the 1960s are present today, but they take on far greater significance. With our growing reliance on electronic devices to communicate with others, to transact business, to shop, travel, date, and store the details of our private lives, these devices are becoming our most important personal effects. The ability of government actors to enter our digital space and search our electronic data is a major privacy concern that must be checked by Fourth Amendment standards. As the Supreme Court recently pronounced in Riley v. California, the search of a modern electronic device such as a smartphone or computer is more intrusive to privacy than even “the most exhaustive search of a house.”

What seems most troubling, though, is that the FBI is attempting to override the Fourth Amendment, along with the body of law developed over the years to reign in surveillance powers, through a relatively obscure forum. Instead of seeking congressional authority or judicial clarification, it has sought a major power grab through a procedural rule tweak — a tweak that would do away with jurisdictional limitations and specificity requirements, among other important checks on law enforcement. The request seems objectively — and constitutionally — offensive.

A Cybersecurity Threat That Could Be Lurking On Your Phone

A Cybersecurity Threat That Could Be Lurking On Your Phone

Gary Miliefsky, SnoopWall CEO, and founding member of the US Department of Homeland Security announces a privacy breach posed by smartphone flashlight apps. Miliefsky has advised two White House Administrations on Cybersecurity.

He was scheduled to join us on set for Special Report, but we had to make room for breaking news. We know you were all excited to hear this story and so we brought Gary in just for The Daily Bret. Share your thoughts with us on Twitter @BretBaier or here on the blog– after hearing this story will you delete your flashlight app?

Here’s What You Need To Master The Tor Network!

Here’s What You Need To Master The Tor Network!

Monday, May 05, 2014: The anonymous Internet, or the Tor network has been attractive to many since it came to mainstream news. The network provides protection from snooping bodies that steal your personal information online.

What is Tor?

Originally known as The Onion Router, the Tor network was meant to protect the US Navy. Currently, it is a software that sends your signal around a network of open connections. These connections come from volunteers all over the world using the network.

1. Use Tor browsers

Just because it is the anonymous network, that doesn’t mean that Tor will protect your system completely. It protects only the applications and programs that are configured correctly. That is why you should use a Tor browser bundle, which is pre-programmed to suit the Tor network.

2. Say goodbye to browser plugins

You would notice that the Tor browser disables things like Quicktime, RealPlayer and Flash. This it does in order to protect your privacy, as these applications have been known to give out your IP address. Similarly, you should avoid installing any add-ons to the Tor browser because they may cause it to malfunction. This can in turn be a hindrance to the browser’s original purpose of protecting your privacy.

3. Avoid opening downloaded files when working on Tor

Opening PDF or other files using a different application can reveal your non-IP address. You should avoid doing so.

4. Tor and Torrent don’t go together

Even though it may seem so, downloading torrents while on Tor is not a good idea. You can use the network but don’t try to download torrents.

5. HTTPS

Yes, use this at all times while you are on the Tor network. It shouldn’t be any trouble, since the network automatically goes for the always HTTPS option.

6. Tor bridges

This is also important since Tor doesn’t protect you from being watched. Someone can still find out that you’re using Tor.

7. Get more people

The more people near you who use Tor, better will be the protection that you get from the network.