Tag Archives: user privacy

Good Read: Can you trust Tor’s exit nodes?

Abstract

Tor is the encrypted, anonymous way to browse the web that keeps you safe from prying eyes, right?

Well, no, not always.

Blogger and security researcher Chloe spent a month tempting unscrupulous Tor exit node operators with a vulnerable honeypot website to see if anyone was looking for passwords to steal.

In all, the trap sprung for twelve exit nodes, raising a finger of suspicion for them and reminding us that you can’t get complacent about security even if you’re using Tor.

Tor is a bit of heavy duty open source security software that’s famously used to access anonymous, hidden services (the so-called Dark Web) but, more commonly, used as a way to access the regular internet anonymously and in a way that’s resistant to surveillance.

Tor (short for The Onion Router) works by sending your encrypted network traffic on an eccentric journey between Tor ‘nodes’. At each step along the way each Tor node helps keep you safe by never knowing what’s in your message and never knowing more about your data’s journey than the node it came from and the next one it’s going to.

Read more in

https://nakedsecurity.sophos.com/2015/06/25/can-you-trust-tors-exit-nodes/

Apple Safari now blocks all third-party cookies by default

“The long wait is over,” Apple WebKit engineer John Wilander announced on Tuesday: the latest update to the Safari browser is blocking third-party cookies by default for all users.

Safari 13.1 was released on Tuesday, bringing full cookie blocking and other updates to Apple’s Intelligent Tracking Prevention (ITP) privacy feature. What it means: online advertisers and analytics firms will no longer be able to use our browser cookies to follow us around like bloodhounds as we wander from site to site, tracking and mapping our interests and behavior for whatever profit-motivated, privacy-wrecking purposes they might have.

Is this is a big deal? Not really, Wilander said in a post on the WebKit team’s blog, given that previous work has meant that most cookies are already blocked:

It might seem like a bigger change than it is.

But we’ve added so many restrictions to ITP since its initial release in 2017 that we are now at a place where most third-party cookies are already blocked in Safari.

Safari thus joins other browsers that either plan to or are already blocking third-party tracking cookies by default, including the Tor browser. Mozilla rolled out the privacy enhancement in September 2019, announcing that Firefox would block both tracking cookies and cryptomining by default.

Read more in

https://nakedsecurity.sophos.com/2020/03/26/apple-safari-now-blocks-all-third-party-cookies-by-default/

Browser privacy study: Brave browser is best for privacy & fast browsing

Abstract

We study six browsers: Google Chrome, Mozilla Firefox, Apple Safari, Brave Browser, Microsoft Edge and Yandex Browser. Chrome is by far the most popular browser, followed by Safari and Firefox. Between them these browsers are used for the great majority of web access. Brave is a recent privacyorientated browser, Edge is the new Microsoft browser and Yandex is popular amongst Russian speakers (second only to Chrome).

In summary, based on our measurements we find that the browsers split into three distinct groups from this privacy perspective.

  • In the first (most private) group lies Brave
  • In the second Chrome, Firefox and Safari
  • And in the third (least private) group lie Edge and Yandex.

Used “out of the box” with its default settings Brave is by far the most private of the browsers studied. We did not find any use of identifiers allowing tracking of IP address over time, and no sharing of the details of web pages visited with backend servers

References

Web Browser Privacy: What Do Browsers Say When They Phone Home? https://www.scss.tcd.ie/Doug.Leith/pubs/browser_privacy.pdf

Brave beats other browsers in privacy study

Impressive security & privacy features of Firefox

When we all know that surveillance business has got free hand for long time but things are changing now. Not only Govts (i.e European union, USA, Germany) as an individual we are more cautious about our privacy. Privacy regulations like GDPR has made big impact. Big giants have no option but to regulate themselves or pay huge fine. We all know that Google & facebook have paid huge fine recently. We should also acknowledge facebook scandals contribution in whole privacy movement.

In a very recent move, Firefox has announced few important & impressive security features and some of them listed here:

Enhanced tracking protection

Firefox will be made available to new users with enhanced tracking protection enabled by default. Those already using Firefox will see the feature rolled out automatically in the coming months. Mozilla says the new feature will stop the “thousands of companies known for tracking” from accessing users’ personal data.

Password protection & inform user about data breaches

Another feature available on all browsers is a central dashboard called Firefox Monitor, originally announced in 2018 as a partnership with Troy Hunt’s Have I Been Pwned website. This is especially impressive because it allows users to search whether their details have been exposed in any known breaches, so they can change their passwords when needed.

For those who cares about security & privacy and don’t want websites to track everything. We could give a try on firefox. Below snapshot shows privacy options you have in Firefox.

Data Privacy: It’s time for the data brokers to be accountable.

You might be wondering why everyone in cyber experts call & I quote “Your Personal data is new oil”. Comparison Oil with Personal data is a metaphor because everyone is after your personal data. It’s the fact that user personal data is being sold from one party to another.

The whole shadow business is called data brokerages including big giants: Facebook, Google & Amazon. They have free hand: From collecting user data to selling third-parties. If data breach happens, They are not accountable at all. For the data brokers, Data breaches in their database does not matter because they know their data is not a secret. They have already sold many times.

Data brokers intrude on the privacy of millions of people by harvesting and monetizing their personal information without their knowledge or consent. Worse, many data brokers fail to securely store this sensitive information, predictably leading to data breaches (likeEquifax) that put millions of people at risk of identity theft, stalking, and other harms for years to come.


List of major data brokerages

But, Time is changing & now world is waking up on data privacy & un-ethical practices. Also, Making data brokerages accountable. One of the recent example apart from GDPR law is Vermont’s New Data Privacy Law

What Vermont’s Law Does

Vermont’s new data privacy law seeks to protect consumers from data brokers through four important mechanisms.

Transparency. Data brokers must annually register with the state. When doing so, they must disclose whether consumers may opt-out of data collection, retention, or sale, and if so, how they may do so. A data broker must also disclose whether it has a process to credential its purchasers, and its number of security breaches.

Duty to secure data. Data brokers must adopt comprehensive data security programs with administrative, technical, and physical safeguards.

No fraudulent collection. Data brokers may not collect personal information by fraudulent means, or for the purpose of harassment or discrimination.

Free credit freezes. Credit freezes are an important way for consumers to protect themselves from the fallout of a data breach. Many businesses will not extend credit absent a report from a credit reporting agency, and a credit freeze bars these agencies from issuing a report until a consumer lifts the freeze when they actually want credit. Vermont already empowered consumers to use credit freezes to protect themselves from credit fraud. The new Vermont law bars credit agencies from charging consumers fees for this protection.

Reference

https://www.eff.org/deeplinks/2018/09/vermonts-new-data-privacy-law