Internet News

Another view of Google's new privacy policy

Google Won't Pause New Privacy Policy - Should They Have To?, Miranda Miller, Clickz Academy (Feb 3)

This definitely an opinion piece about the reaction in Europe and the United States to Google's new privacy policy. Miller makes some good points - one of which is that governments have not set clear rules about how long data can be kept and whether purging is mandatory and on what timeline.

Of note: "Google points out that users can use many services, such as Search, Maps, and YouTube, without signing in. Privacy controls include turning off search history, switching Gmail chat to “off the record,” using Incognito mode in Chrome, etc."

What Google Knows

Who Does Google Think You Are?, Karen Weise, Bloomberg Busienss Week (Feb 2)

Find out who Google thinks you are as a marketing target in terms of interests and age. As the article says, the url is awkward - just search Google for ad preferences manager - follow the link and sign into your Google account. Are you what Google thinks you are?

The issue is Google's intention to bring together in one place all the products a Google account holder uses in order to integrate the data - and know its users better.

Of interest: "The concern has prompted regulators in Ireland and France to announce they’re going to examine Google’s new policy. A bipartisan group of eight U.S. representatives sent Google Chief Executive Officer Larry Page a letter with questions about the change. Google responded on Jan. 30, emphasizing the controls users do have and how new approaches will make it easier and quicker for people to find the information they want on the Web. They also noted that Ann Cavoukian, Ontario’s Information and Privacy Commissioner, praised the clarity of the unified privacy policy."

Stop online tracking

Five smart ways to keep your browsing private, Rob Lightner, CNet (Jan 23)

Many web users are thinking that too many sites know too much. Anti virus programs and various cleaners help to remove the tracking cookies - but let's stop it before it starts.

This article mentions

+ CCLeaner - one of those tools to clean up afterwards.
+ Your browser - they all have an incognito mode.
+ Really anonymous using a service or proxies.

Depersonalizing Google

Face-off - 4 Ways to De-personalize Google, Pete, Daily SEO Blog (Jan)

It's simple. If you don't want Google to personalize your search results, turn them off. Pete tried several methods and concluded that turning off social results in Google really did turn them off, but Pete was never able to break free from localized results based on IP.

Someone answered that question - "The localization problem can be fixed if you click the "Change location" link and change your location."

Pete steered away from Chrome - because trusting it may be like putting the wolf in charge of the chicken coop. Others said that Chrome could be used to search anonymously.

Another recommended searching google inside proxify.com "a web-based anonymous proxy service which allows anyone to surf the Web privately and securely. "

Google's new privacy policy

Google announces privacy changes across products; users can’t opt out, Cecilia Kang, Washington Post (Jan 24)

This will push alarm bells -- Google "plans to follow the activities of users across nearly all of its ubiquitous sites, including YouTube, Gmail and its leading search engine." With all that data, it could have a very full profile on a person - and really be able to target ads.

Also see Danny Sullivan's Google’s New Terms Of Service & Privacy Policy: Anything You Do May Be Used To Target You? in Marketing Land.

There is something good about this change - "The good news is there’s a lot to love about the idea that Google is consolidating more than 70 different privacy policies into a single overall document. "

Google using SSL

Google to begin defaulting logged-in users to secure search, The Next Web (Oct 18)

Signed in Google users will have "secure search and privacy" by being directed to https:// where the SSL protocol is used - basically, Google will encyrpt the search query and results, preventing third parties from seeing and using it. As well Google won't pass on information about your search to the result site you visit.

From the blog post,
"As search becomes an increasingly customized experience, we recognize the growing importance of protecting the personalized search results we deliver. As a result, we’re enhancing our default search experience for signed-in users. "

Hacked in the Cloud

Feel Secure Using Gmail Or Other Cloud Services? Read This., Chris Sherman, Search Engine Land (Oct 13)

There are risks to living your web and email life in the cloud.

Chris Sherman recommends James Fallow article in the Atlantic - Hacked . His wife's Gmail account was hacked - in which the hacker sent out a message asking friends to send money to help her out of a travel bind. This same kind of thing - and message - happened to a friend of mine through her Yahoo account.

"What he learned is eye-opening, but also reassuring. In my mind, his article Hacked is a must-read for anyone who uses Gmail, or any other cloud-based service. It’s a balanced look at the tradeoffs we all must make between enjoying the convenience of working in the cloud vs. the security risks we take—despite the serious and comprehensive measures companies like Google take to keep our data secure"

Facebook Privacy Settings

Facebook Privacy: 11 Settings to Revisit Now, Kristin Burnham, PCWorld (Oct 8)

Articles about protecting personal privacy on Facebook abound. It's almost an industry in its own right. Here's a guide in 12 slides on what to do to prevent being tagged in a photo, hide information, protect photos. Possibly the most valuable will be changing the privacy settings for applications, and limiting access to the new timeline of your life.

Browse Smart

How to check if a Web site is safe, Seth Rosenblatt, CNet How To (Aug 31)

First piece of advice is to double click urls -- "..always double-check the URL of your banking site, social networking site, and e-mail site before you log in. Most browsers, including Firefox, Chrome, and Internet Explorer, now include a color-change on the left side of the location bar to indicate that the site has been verified as legitimate. It's always a good idea to type in the URL by hand, and to never follow links from an e-mail. Also, checking for HTTPS instead of the less-secure HTTP is a good idea, although HTTPS isn't foolproof. "

Next is to use a site checker - such as Google's safe browsing diagnostic page - http://www.google.com/safebrowsing/diagnostic?site=google.com - just substitute the site you want to check in site=

Safety in Browsing

IE Wins Malware-Blocking Tests, John Dunn, PCWorld (Jul 18)

There are two kinds of threats in browsing:

+ "attacks where the user can be tricked - 'socially-engineered' in security parlance - into downloading malware."
+ "'drive-by' attacks that seek to exploit specific vulnerabilities in software and which require no user intervention. "

Microsoft's in-house reputation system used in IE 8 and 9 has been found to be superior to systems used in Firefox 4, Chrome 10, Safari 5 for blocking malware sites where you might accidentally download trouble.

For protection against the drive-by type of attack be sure to keep your browser uptodate with the latest versions of plug-ins such as Flash Adobe Reader and especially Java.

"No legitimate expectation of privacy"

The relationship between Facebook and the law , Jeff John Roberts, Reuters via Globe and Mail (Jul 12)

Some worrying points about privacy at Facebook

+ In the US, federal judges have authorized at least two dozen warrants to search individuals’ Facebook accounts since 2008.

+ "By law, neither Facebook nor the government is obliged to inform a user when an account is subject to a search by law enforcement, though prosecutors are required to disclose material evidence to a defendant." However, Twitter and other social media sites (not named) have a policy to inform users. Facebook does not.

Article refers to a 1976 case in which it was decided that "a bank did not have to inform its customer when it turned over his financial records to the Bureau of Alcohol, Tobacco and Firearms.". The records were bank property and the customer had "no legitimate expectation of privacy."

That could easily become the position for Facebook and other social media.

Leaving traces on the web

Can You be Cyber-Stalked? The 30-Minute Google Challenge, By Patrick Miller and Ginny Mies, PCWorld ( Jun 26, 2011 )

This article shows how easy it can be to get information about people who participate on the Internet through postings and social networks. Google is a start, but there is also Pipl.com and Zabasearch as meta-search people finders.

Unless you really want people to know about you, keep all accounts private and use different usernames and handles.

De-personalizing search results

Getting "Pure" Search Results, Mary Ellen Bates (May 2011)

The major search engines - Google and Bing especially - do their utmost to personalize search results to what they know about you - whether you are signed into your account or not. Mary Ellen Bates suggests some ways you can anonymize your activity by your browser selections (not 100%, unfortunately) and two search engines that promise to do not track - DuckDuckGo and Ixquick.

Asssange calls Facebook a US Spying Machine

Assange: Facebook is an 'appalling spy machine', by Don Reisinger, The Digital Home (May 3)

Probably many are commenting on WikiLeaks founder Julian Assange's accusations that "Facebook, Google, and Yahoo are actually tools for the U.S. intelligence community".

Assange made these charges in an interview with the Russian RT -- WikiLeaks revelations only tip of iceberg – Assange

Facebook in particular is the most appalling spying machine that has ever been invented. Here we have the world’s most comprehensive database about people, their relationships, their names, their addresses, their locations and the communications with each other, their relatives, all sitting within the United States, all accessible to US intelligence. Facebook, Google, Yahoo – all these major US organizations have built-in interfaces for US intelligence. It’s not a matter of serving a subpoena. They have an interface that they have developed for US intelligence to use.

Don Reisinger points out that WikiLeaks has a Facebook page, wonders why Assange didn't name Twitter, and reported that Facebook in its response claims to only provide what it legally required.

However, there is no question that the social networking tools will make it easeire for police and security forces to examine a person's connections.

Online Privacy Protection

House and Senate Propose Online Privacy 'Bill of Rights' Legislation , George H Pike, Newsbreaks (Apr 21)

Good - maybe the US can lead by legislating online privacy protection.

"The face of online privacy could change dramatically if legislation recently introduced in Congress becomes law. Two proposals, House Bill 1528 in the House of Representatives and Senate Bill 799, would provide for a privacy “bill of rights” covering the online gathering and use of personally identifiable information. The bi-partisan bills have quickly generated praise, but also concern from consumer advocates and industry groups."

Spam Worse

United States Is Still the Top Spammer, Report Says, John P Mello, PCWorld (Jan 11)

Be very careful with your email - and never click on a link you don't know.

"Sophos Senior Technology Consultant Graham Cluley said. "What's becoming even more prevalent is the mailing of links to poisoned web pages--victims are tricked into clicking a link in an email, and then led to a site that attacks their computer with exploits or attempts to implant fake anti-virus software.""

United States leads as a producer and a relayer

1 United States - 20% of spam, and it hosted 18.83 percent of the spam relays around the globe
2 India -- 6.88 percent
3 Brazil -- 5.04 percent.
4 Russia -- 4.64
5 United Kingdon - 4.54 %

DuckDuckGo reveals privacy practices of Google

DuckDuckGo Challenges Google On Privacy With DontTrack.us, Matt McGee, Search Engine Land (Jan 2)

If you care about privacy, you'll look at Don't Track Us, where DuckDuckGo shows how much information Google collects and uses and gives to others from a search query. DuckDuckGo does none of this.

Concerned about Privacy for good reason

Top Trends of 2010: Privacy, Richard MacManus, ReadWriteWeb (Dec 9)

Would be nice if respecting privacy was a trend, but it's quite the opposite - as Richard Macmanus documents. He examines Facebook (which thrives on making data public), Wikileaks (which makes private correspondence of diplomats public), Google and its privacy woes (the company that claims to do no evil), Location Apps (give away your location, why don't you?), eReaders (you think what you read is private?), and browsers (track your every move).

Conclusion: "As you can see, it's been a very busy year on the privacy front. As certain companies gain more power (Facebook, Google), the Web community at large becomes more concerned about what they do with all of our personal data. As for WikiLeaks, it's too early to tell what the ultimate outcome will be. But at the very least, WikiLeaks has shaken up the notion of privacy in government communications."

They Want Too Much Information

How Facebook Connect Freaks Me Out, Danny Sullivan, Daggle (Nov 29)

If the "login with your Facebook account" freaks Danny Sullivan, what should it do to the rest of us? I've also balked at the amount of information the associated site wants, and concluded that it wasn't worth the trouble to use the site at all. Read on.

Google, Facebook and your contact lists

Why you're a pawn in Facebook vs. Google, by Tom Krazit, Relevant Results (Nov 10)

Facebook or Google - which do you trust more with your personal data? Maybe neither. Tom Krazit gives a compact account of the current tug-of-war between Google and Facebook over stewardship of contact informatin. Facebook wants to keep that data - preventing you from removing. Google wants it to be completely open (but didn't take that position with its own social networking place, Orkut.)

Bottom line is: "Facebook wants to dictate how your data can be used because it wants advertisers to overpay for access to that data. Google wants that data to be more open because there's no one better in the world at finding, indexing, and presenting open data than Google, and if a significant source of information is unavailable to Google, it becomes less important."

But don't read that as meaning Google is any less keen than Facebook to hold onto the personal data.

How to remove personal information from Google

Removing Your Personal Information From Google, Vanessa Fox, Search Engine Land (Nov 8)

Some people don't mind what is known about them and others are fearful - and probably rightfully so. Vanessa Fox describes several situations where private information may be online and how you can (and cannot) do about getting it removed.

Protecting Yourself on the Internet

The perils of social networking, Lynn Grenier, itWorldCanada (Oct 18)

How much do you really want others to know about you? Tweeting every moment in your life is a rich field for cybercriminals - as well as the physical kind who find where you live and burglar the house.

Also in this article - problems with url shorteners - McAfee has created a new one.

The problem is, TinyURL and its ilk don’t check links uploaded for shortening. Those links can go to known bad sites. Marcus says that Bit.ly is abused in this way more than most.

McAfee has addressed this issue by developing its own shortener that checks the original link on its Global Threat Intelligence (GTI) network and flags it if it is unsafe. The shortener, still in beta, is available at http://mcaf.ee. The company is also working on plugins for Twitter clients that will check and preview short URLs.

Just Don't Go There

The 17 Most Dangerous Places on the Web, by Nick Mediati, PCWorld (Sep 27)

Danger lurks everywhere on the Net judging from these warning about email, flash, websites, search results, video codecs, Facebook apps - and so much more. Read the article and note exposures you might have. Main protection, apart from being wary and questioning, is to keep all software (including anti-virus) up to date with security patches. Be sure to read the last page on Top 5 Ways to Stay Safe Online.

There is no privacy online

Privacy should go hand in hand with transparency , Don Tapscott, Globe and Mail (Aug

Chew on this for a while - "At Zeitgeist, Google CEO Eric Schmidt noted that between the dawn of civilization and 2003, five quintillion bytes of data were collected. Today, the same amount is collected every two days. "

And a lot of that data is about us. Don Tapscott warns we've gone too far.

"Information privacy is the foundation of a free society, and not just because of the harm that can occur from blackmail, identity fraud, impersonation, cyber-stalkers and nosy employers. When data can be assembled into profiles, matched with other info and used to make automated judgments and decisions about individuals, such as whether or not to hire them, whether to admit entry, whether to calculate benefits or terms of an offer, whether to corroborate a claim, whether to discriminate against or manipulate, it should make us shudder to think about what it would be like to live in a world where all is known and nothing is forgotten. "

The End of Online Privacy, Susan Karshinsky and Omar El Akkad, Globe and Mail (Aug 13)

The San Francisco-based Electronic Frontier Foundation has proof that we divulge far too much - and most of the time we don't know it.

"The most alarming result of the study of more than 470,000 Web surfers is that 83.6 per cent of them had an instantly identifiable, totally unique fingerprint: Their particular combination of settings and information was unlike that of any other user, increasing the chance they could be personally identified, even though they had done nothing but make a few clicks of the mouse. "

"Put it all together with the constant availability impelled by texting, tweeting, cellphones and status updates – and you have a culture on a path to near-total transparency, a see-through society that may be past the point when it could ever cover back up. "

Avoiding giving information about yourself to Google

Google Alarm Alerts You When Your Info Goes to Google, Preston Gralla, PCWorld (Aug 19)

Don't want to give any information about yourself to Google as you surf the web? Try Google Alarm addon with the Firefox browser.

"If you're determined to stay away from sites that send information about you to the search giant, Google Alarm will tell you which sites to avoid. Of course, given how many sites send information back to Google, that may not be practical. At a minimum, though, it's a constant reminder of just much of your information leaves your control--and goes under Google's."

No Full Privacy Mode

Browser 'Privacy Modes' Not So Private After All, John P Mello, PC World (Aug 6)

Don't count on privacy mode truly hiding what you do or say on the Web. In addition to the browsers having flaws, the add-ons you use might be recording what you do.

"All the major web browsers have a privacy mode that's supposed to cover a user's tracks after he or she finishes an Internet session, but a trio of researchers have found those modes fail to purge all traces of a Net surfer's activities. "

Taking Precautions

The Smart Paranoid's Guide to Using Google by Logan Kugler, Computerworld via PC World (May 26)

What we do on the Web is tracked somewhere. Google collects through search history - especially if you are logged into your account, and cookies. This article has instructions on how to prevent this.

Perhaps the greater worry is not Google itself, but a hacker that gets into personal accounts.

General recommendation is - if it's confidential or very sensitive, don't use the Web. Another - encrypt your Gmail.

And specifically, create a difficult password on the account. See the article for more advice on securing your login and your browser.

Check what can be learned about you online

Reputation Management and Social Media, Pew Internet (May 26)

"Reputation management has now become a defining feature of online life for many internet users, especially the young. While some internet users are careful to project themselves online in a way that suits specific audiences, other internet users embrace an open approach to sharing information about themselves and do not take steps to restrict what they share. "

Those aged 18-29 are savvy about what to delete - many remove their names from photos.

Some employers have policies on how employees are to present themselves online.

It's something to care about.

Personalized Results Almost Unavoidable

Does Turning Off Personalized Results In Google Really Work?, Search Engine Roundtable (May 26)

Does adding &pws=0 to the end of the search URLat Google turn off personalized results? Hard to say. Course, you can also log out of your Google account, clear browser history. But Google has many other clues it can use - your bookmarks, your location, IP address. It's been found that we leave a lot of fingerprints through our browser. See Turning off Personalization... Can Anyone Prove it Works? at Webmasterworld.

Privacy Issue Rears Head at Facebook Again

Privacy issues? Google engineers leaving Facebook in droves, Mike Butcher, TechCrunch (Apr 23)

This looks like something to pay attention to. Google engineers, the very same who must have used Buzz inside Google, are leaving Facebook over privacy issues.

"The main issue is that there are concerns that Facebook, by default, now opts you in to allowing third party sites like Yelp to ‘personalise’ your experience, and there are questions about how much information is given away."

Kristin Burnham at PCWorld tells us which settings to change - Facebook: 5 Privacy Settings You Must Tweak NowKristin Burnham

Shadows in the Cloud - cybe-respionage

Hackers used Twitter, email to crack computers, Brendan Kennedy, CP via The Star (Apr 6)

University of Toronto researchers have uncovered another complex cyber-espionage network based in China and targeted mainly at India. The hackers used Twitter, email, and blogs to do it.

"The investigative team from U of T and Ottawa-based SecDev Group released a report Tuesday that reveals how sophisticated hackers used Twitter, email and blogs to steal confidential national security data from India and spy on the Dalai Lama’s email."

The Mariposa Botnet

Canadian firm helps disable massive botnet by Omar El Akkad, Globe and Mail (Mar 3)

The Mariposa botnet was huge - infected over 15 million computers over 190 countries - and 65% of Fortune 1000 companies plus government computers.

Defence Intelligence in Ottawa identified Mariposa last May and eventually disabled it. Spanish police arrested three people.

"Defence Intelligence eventually enlisted the help of multiple partners, including the Georgia Institute of Technology and the Spanish company Panda Security. The FBI and the Spanish Guardia Civil also joined the investigation. "

Cyber Forensic Investigations

Smarter sleuthing can save our online privacy , by Ron Deibert, Globe and Mail (Nov 2009)

Ron Diebert is at the Citizen Lab, an interdisciplinary research facility at the Munk Centre for International Studies, University of Toronto. The project is to investigate botnets - a Russian one in this case.

"In fact, botnets like this one are at the heart of just about every imaginable menacing and serious act of Internet crime, from espionage to child pornography. They are so vexing for law enforcement and intelligence, we are often told, because of the so-called “attribution” problem – the challenge of identifying the perpetrators. "

How to police this? Some say - no anonymity allowed. But maybe not - maybe there are enough online traces to track down an operator.

"Shortly after our observations, Nart uncovered a lead to the possible botnet operator: a Russian student registered at Moscow State University. There was no magical sniffing tool or lawful access provisions clearing his way. He simply pieced together bits of seemingly disparate information – a name here, a string of code there, a domain registration, a recurring handle, an e-mail address, all pieced together by searching Google results. "

But more - people gladly give of their lives through social networking - people monitor themselves - or allow themselves to be monitored.

"Social networking has brought us the Age of Auto-Surveillance. These are my friends, here is my house, this is the bus I take, here is my dog, this is my e-mail address, here is my phone number, this is my place of work, this is what I like to eat for lunch."

SiteAdvisor Secure Search

McAfee SiteAdvisor for Firefox, PCWorld (Feb 15)

McAfee's free SiteAdvisor has been a tool for warning of risky sites in search results. Yahoo builds it into its search results now, and Google has its own system. Now McAfee has added a Secure Search box to the browser (Firefox or IE) so that you can customize the warnings when you are using Yahoo. It will work with Google but without being able to customize.

"McAfee's SiteAdvisor has always alerted you when Web search results list potentially risky sites. The latest version, with a new feature called Secure Search, is designed to make searching the Web even safer. But to do that, it places some restrictions on your surfing-and those restrictions may be too severe for some users."

Beware Scareware

Google Search Results Manipulated? Clooney Clue Tips Off Researchers, By Donna Howell, Investors.com (Feb 19)

"Alwil Software, maker of Avast anti-virus products, says it has uncovered a network that serves hundreds of fake links through hijacked Web sites to cheat Google search algorithms."

This is scary business - and a reminder to have anti-virus updates done everyday.

One part is a network of at least 70 hijacked sites that attackers have filled with more than 500 links each. The links are only detectable by search engine bots, and they lead to hijacked Web sites that attackers want to boost in search rankings.

When consumers search on Google for popular keywords that the attackers have labeled their hijacked pages with, users’ results can include around 100 of these hijacked sites. When clicked on, they redirect to pages that can download malicious software to users’ computers. A popular type is called scareware — pop-up messages tell users the computer is infected and that to solve the problem they must buy what turn out to be fake anti-virus programs.

Using Craigslist

Top Craigslist scams and how not to be bamboozled By: Rachel Sadon, IT Business (Feb 10)

Describes some scam classics - how they work and how not to fall for it.

Links to Ten tips to get the most out of CraigsList, Brennon Slattery (Marc 2009)

First tip - use Google to get more information.

" One of the best ways to get the most out of Craigslist is to start outside of the site itself. Using Google Advanced Search can narrow down your browsing options in an effective, clean manner. Say you're looking for a couch in Boston, but you don't want to drive 25 miles to pick it up. Using Google Advanced Search, you can put your desired neighborhood in the 'this exact wording or phrase' field and keep "couch" in the generalized search.

You can also add other words you'd like to see in the posting, such as "good condition." Specify your city's Craigslist site (boston.craigslist.org, in this example) in the 'Search within a site or domain' field, and tell Google to do its work. You'll see your results, organized how you want them, in Google's easy-to-read format. "

Using Google Anonymously

How To Hide From Google by Andy Greenberg, Forbes (Jan 19)

Googlesharing will let you use Google services without divulging personal information. Moxie Marlinspike developed this a plug-in for Firefox.

"By hosting a proxy server with a collection of Google "identities," the privacy software, which can be accessed at Googlesharing.net, will allow users to temporarily route their traffic through another computer that masks their identity by mixing their online actions with those of other users."

Downside of personalized search results

Are Search Engines Going too Far by Creating Customized Search results Based on Your Internet History, by Brandon Leibowitz, Pandia (Jan

All search engines track search history today and to some degree try to personalize results, especially advertising results. Data collected will include IP number, search queries, and clicks on results. Brandon Leibowitz questions if this is all to the good.

"The search engines say it is to make your search experience better and more user friendly, but is that really the case? By collecting this data the search engines could sell it off to other companies, letting them know that you are interested or have been interested in their products or services recently."

Malware Alert

Malware in 2010 : Hiding in Google Search Results, Search Engine Roundtable (Jan 4)

For a time Google and other search engines were successful in blocking malware, but there are reports of some malware going undetected.

"So just be wary of what you click on via email, Google, Facebook and so on. The best prevention is being smart."

Google's New Dashboard for Account Holders

Google Dashboard: Control Panel for Your Data, Rob Hof, Business Week (Nov 6)

Many people use several Google applications through their personal account - gmail, photos, search etc. Google will now show what information it has collected about you while you were signed in.

Business Week summarizes the points.

"Dashboard provides a summary of the data in Google products you use while signed in (if you’re not signed in, that data isn’t associated with you)"

Google Blog - Transparency, choice and control - now complete with a Dashboard has a video.

"Today, the Dashboard covers more than 20 products and services, including Gmail, Calendar, Docs, Web History, Orkut, YouTube, Picasa, Talk, Reader, Alerts, Latitude and many more."

Dashboard is at http://www.google.com/dashboard.

Sign in to see the breadth of coverage. Even if you don't use Gmail, it can pick up "contacts" from activity.

PayPal as an Identity Provider

PayPal’s plans for a single consumer identity, by Jennifer Kavur, Computer World Canada (Oct 9)

PayPal Inc. the wonderfully convenient way of paying for goods and services online, plans to expand into the identity provider business. An Identity Provider will look after identities online - "... an entity that creates credentials, establishes who you are, manages the lifecycle of those credentials and acts as a conduit for attributes and controls policy associated with how your identity could be used,”

The benefit: "Consumers would essentially have a single online identity for accessing sites and conducting business online. This would remove the need for filling out forms and entering passwords as you travel around the Net. "

Anonymity More Difficult

The virtual end of online anonymity by Susan Krashinsky. Globe and Mail (Aug 27)

There have been several rulings in courts to require the names of people on the Net. It isn't as easy to hide behind an pseudonym or be anonymous.

"Legal precedents are piling up, and online anonymity is becoming a thing of the past. Among bloggers, the consensus seems to be that's good news."

Google Doesn't Understand No

Swiss Official Demands Shutdown of Google Street View, New York Times (Aug 24)

Google should have learned to be more sensitive to privacy issues. There was opposition in Canada, the UK, Japan and now Switzerland is objecting to the display of faces and license numbers. At what point will Google understand and stop pushing?

"A Swiss government official is demanding that Google immediately shut down its Street View Maps service in the country, but the company said Monday that it would discuss the matter with the privacy rights regulator."

Details on Privacy Measures at Facebook

Facebook agreement with Canada will impact everyone by Jennifer Kavur, itWorldCanada (Aug 28)

Thank Privacy Commissioner Jennifer Stoddart for changes that Facebook will be making to provide users better options for information privacy.

"Upcoming changes to Facebook’s privacy policies and practices will impact more than just the Facebook community. What the agreement means for other social networks, business marketing practices and people who don’t have a Facebook account."

IE8 fights malware

Microsoft's Browser Best at Beating Malware
Gregg Keizer, Computerworld via PC World (Aug 16)

NSS Labs did the testing, Microsoft the sponsoring.

"Microsoft's Internet Explorer 8 (IE8) again trounced rival browsers in a test of their malware-blocking abilities, catching 81% of attack code-infected sites, according to a testing company."

Facebook and Canada's privacy laws

Ottawa takes on social media giant for violating Canada's law , Karim Bardeesy, Globe and Mail July 17

Canada's Privacy Commissioner Jennifer Stoddart has given Facebook a month to respond to concerns about handling of personal information and especially the sharing with add-on applications.

Google's Growing REach

Does Google Know Too Much About You?, by Ian Paul, PCWOrld (Jul 10)

Every Google announcement about new software provokes more articles about how much data is collecting about use.

"Earlier this week, Google announced it's jumping off its own servers and onto your desktop with its own operating system, Chrome OS. The move has prompted sharp reaction from privacy advocates, including the Electronic Frontier Foundation, the Center for Digital Democracy, the Center for Democracy and Technology, and the American Consumer Institute Center for Citizen Research."

There are risks to having Google know so much - search, email, location, calendar, documents etc - all in this article. We can't say we weren't warned.

Google Chrome OS and Personal Data

What will Google's Chrome OS watch you do? by Josh Lowensohn, Webware (July 8)

There are dozens of articles about Google's new OS system to be available on NetBooks - a direct challenge to Microsoft and Windows. This article is about the user tracking that Google is likely to do through this OS based on current practices in its major products: Chrome browser, GMail, Google Desktop, and Maps

Dangerous Search Terms

Most dangerous online searches

"Some of the most popular online searches are also the most dangerous for your computer. CNN's Josh Levs reports."

Video with interviews and report on cybercrime, malware, and dangerous words - essentially anything free and hot news items. Always watch where you click - assess the url, consider the snippet, and use software that will warn you of risky sites. McAfee has Site Advisor, and Google and Yahoo have built-in checkers. Some anti-virus programs have warning systems too.

Avoid search terms download and lyrics

McAfee Lists Most Dangerous Search Terms, by Alex Goldman, Internet News (May 29)

McAfee has studied keywords to identify those that are most likely to hit malware in search results at the main search engines (Google, Yahoo, Live, Ask and AOL).

"The riskiest terms were those that involved downloading content. Around the world, "lyrics" was one of the most dangerous search terms, appearing in the top 10 in the U.S., Canada, The Netherlands, and New Zealand.

In the U.S., the most dangerous search terms were "free music downloads" (20.7 percent average risk), "game cheats" (16.7 percent), "word unscambler" (16.1 percent), followed by "lyrics" (14.8 percent). "

For protection, McAfee recommends its SiteAdvisor.

"SiteAdvisor tracks the following risks: downloads, browser exploits, e-mail registration forms and ease of unsubscribing, phishing (define), excessive popups, and links to other risky sites. Sites that fail one or more of these tests get a red rating, and sites that "merit caution before using" get a yellow rating. Green ratings go to sites with no risk or only "very minor" risks. "

Google Knows A Lot About You

What Google knows about you, By Robert L. Mitchell, ComputerWorld (May 11)

Google could know a lot about you especially if you use several of its services.

"Technically, of course, Google doesn't know anything about you. But it stores tremendous amounts of data about you and your activities on its servers, from the content you create to the searches you perform, the Web sites you visit and the ads you click."

Note: "In fact, though, the data Google stores about you falls into two buckets: user-generated content, which you control and which is associated with your account; and server log data, which is associated with one or more browser cookie IDs stored on your computer. Server log data is not visible to you and is not considered to be personally identifiable information."

Anyone concerned about privacy (and you should be) should read the entire article and then check out 6 ways to protect your privacy on Google.

But there may be some things you'd like to keep anyway - Opinion: Why I'm not giving up my Google apps. For me that is Google Search History / SearchWiki (though I choose when to turn it on), and Google Bookmarks.

Beware Malware

Malware Had a Great Year in 2008, by Ellen Messmer, Network World via PC World (Apr 18)

Symantec's Internet Security Threat Report for 2008 shows the United States as "the top country of attack origin in 2008, accounting for 25% of worldwide activity."

"It was tops globally for the origination of Web-based attacks in 2008, taking 38% of the total. The United States also was the country most frequently targeted by denial-of-service attacks, accounting for 51% worldwide. As the top country for credit cards advertised on underground economy servers, the United States accounted for 67% of the total activity."

Of interest:

+ "number of vulnerabilities in software and hardware is increasing. Symantec identified 5,491 specific vulnerabilities in 2008, up 19% from the year before."

+ "Of 383 cases of data breaches at organizations identified by PrivacyRights.org last year, more than 83 million identities were exposed, and "29% of all data breaches that exposed identities came from financial services,""

Stalking though Twitter

Twitterstalking by Zosia Bielski, Globe and Mail (Apr 2)

Observations about a new book on the use of social networking tools such as Twitter for spying on others:

Hal Niedzviecki, "the Toronto-based social commentator is examining how social networking tools such as Twitter are changing values in his eighth book, The Peep Diaries: How We're Learning to Love Watching Ourselves and our Neighbors, which will be published in May".

This form of spying is widespread: "A recent survey of 1,724 Britons by Yasni.co.uk, a search engine for tracking down people, found that 54 per cent of respondents had used networks such as Twitter to peer in on an ex's life. For some of the respondents, harvesting intelligence became addictive, with one-quarter saying they regularly “check up on” exes."

In case you didn't know: "Twitter allows non-users to track others' profiles by simply Googling them. The service does let users block certain followers or lock their profiles so people have to request to follow them, but few are doing this as it “is completely contrary to the point of Twitter,” Mr. Niedzviecki said."

If you don't want to be followed, don't leave "digital crumbs".

GhostNet Uncovered

Meet the Canadians who busted GhostNet by Omar El Akkad, Globe and Mail (Mar 29)

Gripping and chilling story of the discovery of a "GhostNet" of more than 1,200 computers worldwide that were infected with malware to track activity. Targets included Indonesia's Ministry of Foreign Affairs and the Indian Embassy in Kuwait, and the office of the Dalai Lama. There seems to be a strong connection to China as the source, and Tibetan groups as the target.

The discovery was by researchers in the University of Tornto's Munk Centre for International Studies. The report includes this little gem on how the researcher finally got a lead on the source.

"Finally, he turned to the ultimate hacker's tool: He entered some of the code from those infected computers into Google. Just like that, he found one of the cyberspy network's control servers, then another, and another. From that Eureka moment came a flood of information, almost all of it suggesting the ring originated in China."

Online version has some audio clips of the interviews with researchers.

[One would have hoped that Readers' Comments would add value but they don't - over 400 comments of mostly drivel - that made the article the "most discussed" of the day. If comments are to have any value, the Globe and Mail needs to exercise editorial control.]

Also, GhostNet Highlights Evolving Threat EnvironmentSumner Lemon, IDG News Service (Mar 30)

Joe Pasqua, vice president of research at Symantec Research Labs, comments on the GhostNet report -

""The profile of the attackers has completely changed over the last few years and has gone from vandals, kids looking to have some fun and make a reputation for themselves, into a very economically motivated body of attackers," Pasqua said. "They are getting more sophisticated in what they're doing and, furthermore, they are acquiring larger resources.""

Bottom line: "Technical measures alone can't stop determined attackers. In the case of GhostNet, social engineering was a key component of the attack, used to trick users into downloading malware without their knowledge. This is an area where companies and individuals need to take steps to protect themselves."

Protect Yourself from Conficker

Experts try to beat vicious computer worm, Omar El Akkad, Globe and Mail (Mar 27)

"A nasty piece of software most commonly known by the name Conficker began infecting computers around the world late last year. Once infected, the computers can be incorporated into a sort of mesh that results in a very powerful single entity called a botnet. Botnets can be used to do everything from transmitting viruses to sending out massive amounts of spam. On April 1, the infected computers are expected to try to contact an as-yet-undiscovered control centre by logging on to thousands of Internet domain names, one of which will be the control hub."

PCWorld has advice on how to protect yoursel - Protecting Against the Rampant Conficker Worm by Erik Larkin (Jan 16, 2009)

"The most critical and obvious protection is to make sure the Microsoft patch is applied. Network administrators can also use a blocklist provided by F-Secure to try and stop the worm's attempts to connect to Web sites."

Malware Artists At It Again

Scammers abuse Google Trends to poison search results, Gregg Keitzer, Good Gear Guide (Feb 27)

Spammers and malware distributors are being SEO artists in using Google Trends, Google's tool for showing looking at popularity of search terms over time, and especially in the last hour.

"Scammers and malware makers are closely monitoring Google Trends to guide them in selecting search phrases and legitimate news content, which they then integrate into their own fly-by-night sites, said Schmugar. The idea is to "game" Google into ranking their malware-hosting sites near the top on scores of high-profile, current events-related search results. "

Fighting Spam and Malware

Worst Spam Countries by Bruce Einhorn, Business Week (Feb 11)

Worst countries for spam are the US (20%) and China (10%)

"That's not that surprising, since the U.S. is the world's largest economy and China has the world's largest online population. "You would expect those countries to dominate," says Paul Ducklin, head of Asia-Pacific technology for Sophos."

Canada is the source for 1.8%.

It's one thing to receive spam that is junk; it's quite another to receive malware or malicious software.

Waledac is a trojan that spreads through email and infects the computer to act as a spam-sending bot. It has been spreading through email cards and greetings.

See:

Waledac Shifts Gears. - Symantec describes changes in Waledac and its the latest Valentine version

F-Secure Malware Information Pages: Email-Worm:W32/Waledac.A - F-Secure gives a short technical description

CA Security Advisor Research Blog - CA Security Advisor shows what it looks like and why you want to avoid love.exe.

Latest Web Threat: Is Waledac the New Storm? - Trend Micro describes how it works and finds strong similiarities to Storm. It also tells us clearly why we should be very careful.

"Being part of a botnet technically takes full control of PCs away from their owners and gives control to bot authors, who are then able to manipulate these infected systems for their own malicious purposes. These activities range from spamming to infect and recruit more computers, to conducting denial of services (DOS, DDOS, EDOS), to perform further cybercrime like information stealing and phishing. "

Search ID and the IP Address

Can the search engines tell who you are?, Pandia (Jan 31)

Answers the question - how much can a search engine really know about one?

"There are three levels of identification:

# Identification through log-in where you have an account with personal information (unless you lie to them, of course, which is a real option)
# Identification through cookies (with no personal information)
# Identification through IP address (with no personal information unless you are your own Internet service provider) "

IP address doesn't reveal anything easily other than geographic location. But there may be state surveillance, such as the US Homeland Security, that would give one pause - even innocent searches might be misinterpreted.

Malicious Websites

AVG notes rise in number of malicious websites by Jeremy Kirk, PC World - New Zealand (Jan 28)

"Websites rigged with malicious code are becoming more numerous by the day, but the time those sites are online is declining, according to new research from security vendor AVG Technologies."

Spam Rising

2008: The year in spam , Official Google Enterprise Blog (Jan 26)

Google Message Security data centers track spam. Although a major spamming network was closed down and spam levels dropped for a time, they are on an upward trajectory again - and becoming more dangerous.

"Looking ahead to the rest of 2009, we expect viruses sent via email and in blended attacks (email and web) to continue to be a serious threat. During the second half of 2008, virus volume increased six-fold from the first half of the year. These spam messages would often try to fool users by mimicking legitimate emails such as package tracking notifications or invoices that included virus attachments. Another popular technique in 2008 was emailing spoofed news alerts with URLs that would link to a website hosting the virus."

Internet getting more dangerous

This malware's especially for you by Dave Webb, Computerworld Canada (Jan 23)

New report from McAfee warns of more phishing tricks and scamming, as well as "increasingly personalized exploits, sophisticated back-end routing and USB autorun threats . "

Another reason to switch to Firefox -- "And, according to the report, malicious Web sites can target users browsers like Microsoft Corp.’s Internet Explorer, associated with novice users, but return missing or innocuous pages with a more secure browser like The Mozilla Foundation’s Firefox"

Canadian Banker's Association has a page of advice on email fraud and phishing.

Advice: no financial institution is going to email you to confirm your personal information - delete those messages immediately - never answer requests for personal data.

And speaking of phishing tricks - here's another one in which a phisher imitates the Canada Revenue Agency Canadians duped by tax refund scam, Computer World Canada (Jan 19)

"The e-mail suggests recipients are entitled to a tax refund from the Canada Revenue Agency. In order to receive the refund, users must click on an embedded link that directs them to a Web site posing as the CRA. Visitors are prompted to fill out an online form that requests tax-related information, including Social Insurance Number, date of birth, full name and the tax amount of their returns."

Spam, And More Spam

Study: Spam Is Getting More Malicious, by Joan Goodchild, PCWorld (Jan 23)

Spam is increasing and getting more malicious. So much for the prediction that this will be brought under control.

"Spam, especially junk e-mails with malicious links or attachments, continues to be a huge IT headache. Spammers are also getting more creative in their attempts to find victims, utilizing popular sites such as Facebook and Twitter, according to a report from UK-based security firm Sophos this week."

It's coming from the US, Russia, and China.

"Between October and December 2008, the United States was responsible for most of the world's spam, according to Sophos. China was in the second spot and Russia was third. Sophos officials pointed to Canada, Japan and France as countries that have made progress in spam prevention. All three, considered "serial offenders" five years ago, are no longer present in the list of spam reprobates."

Yahoo Data on Users Dropped to 90 Days

Yahoo will delete user data after 90 days, Telegraph UK (Dec 17)

Yahoo! has dropped the length of time it keeps personal data of web users from 13 months to 90 days.

"Under the new policy, Yahoo! will anonymise user log data within 90 days with limited exceptions for fraud, security and legal obligations," said Yahoo! in a statement.

Yahoo! said the new policy will apply to search log data, page views, page clicks, ad views and ad clicks, and "strengthens Yahoo!'s relationship of trust with its 500 million users worldwide". "

Also - Yahoo One-Ups Google With 90 Day Data Retention Policy by Barry Schwartz, Search Engine Land *Dec 17)

Schwartz asks if Yahoo is doing this as a publicity stunt in somewhat the same spirit as Ask.com's addition of a privacy link - not a stunt exactly, but something easy to do that appears good but doesn't amount to much.

New Malware Warnings at Live Search

Live Search Adds Malware Warnings To Search Results by Matt McGee, Search Engine Land (Dec 3)

Bravo Live - it will show malware warnings in search results. Google and Yahoo do this too.

"The Live Search implementation is different from how the other two search engines show malware warnings. When a potentially harmful page shows up in the Live Search results, users see no warning until they actually try to click on the link. When they do click, a small “pop-up” box appears to the far right of the listing."

Demand for Data Protection

Privacy Laws Trip Up Google’s Expansion in Parts of Europe , by KEVIN J. O’BRIEN, New York Times (Nov 17)

Google is very big in Europe, but Europe is adamant about data protection. Some countries bad the use of Street View.

"But almost five years into its expansion into Europe — where it has a headquarters in Dublin, large offices in Zurich and London, and smaller centers in countries like Denmark, Russia and Poland — Google is getting caught in a web of privacy laws that threaten its growth and the positive image it has cultivated as a company dedicated to doing good."

And -- "Google says it needs the data for nine months to hone its search engine to reflect the constant changes in contextual meaning caused by news and events. Before October, Google retained the records in the European Union for 18 months. Yahoo keeps records for 13 months and MSN, Microsoft’s search service, for 18 months. European officials are trying to persuade Google and the others to comply, but have not ruled out asking the commission to intervene."

Google and Privacy Concerns

Google's growth makes privacy advocates wary, Rachel Metz, AP via Globe and Mail (Nov 3)

Privacy is the issue, and the trigger, this time, is concern over the Chrome browser recording what you type in order to automatically suggest searches.

"Mr. Rakowski said queries sent to Google through the autosuggest feature do include data like a user's IP address and the time at which the queries were made. But Google logs just 2 per cent of the information brought in through “Google Suggest,” in order to improve the feature, Mr. Rakowski said, and makes this data anonymous within 24 hours. This is accomplished by stripping off the last four digits of the IP address associated with the query."

Consumer Watchdog is at Google's heels.

Google's New Privacy Rules

Google promises to tighten privacy rules, Constant Brand, AP via Globe and Mail (Sep 9)

Google finally yielded to EU pressure about its use of the IP number and lowered the time it stores search information from 18 months to 9 months.

""With the new policy today we will anonymize the IP addresses on our server logs after nine months, so that is a significant improvement in privacy terms and it puts us ahead of the rest of the industry," Mr. Fleischer told Brussels-based reporters via a telephone link."

Also - the search suggestions made by Google Suggest - "Google only logs two per cent of data collected on such searches but said they will all be erased after a 24-hour period starting later this month."

Thanks the EU for its data retention and privacy rules.

Scientific American on Privacy

The Future of Privacy - September issue of Scientific American - available online for the month.

Sample articles:

+ Industry Roundtable: Experts Discuss Improving Online Security

+ Do Social Networks Bring the End of Privacy? By Daniel J. Solove

+ How Loss of Privacy May Mean Loss of Security By Esther Dyson

Identity Theft

Identity Theft - Protecting yourself from identity theft

BusinessWeek speaks "with the head of Affinion Security Center about new technology used to fight identity theft and some basic ways you can protect yourself."

Video - worth viewing - of course Affinion is selling a service.

Privacy Concerns Big Time

Privacy on the Web: Is It a Losing Battle? Published: June 25, 2008 in Knowledge@Wharton

Heightened concerns about individual privacy, targeted behavioural ads, increased capability by companies to monitor and mine data and appetite to do so - where will this lead?

"In fact, said Maier, "Our thinking about privacy was built on who you are. But we now also need to look at privacy with regard to what you do. The debate and framework for privacy have changed forever."

Does that mean a national privacy law? Social and political realities lead most analysts to believe such a law is a long way in the future -- and that the U.S. is unlikely to follow the lead of European countries in the online privacy arena. In Europe, privacy is viewed as a fundamental right, an obligation of a state to its citizens. In the U.S., privacy is an individual right of a consumer that can be traded for a benefit -- such as free use of the Internet."

Biggest worry -- "Asked to choose the single most worrisome issue, Schneier pointed to the consolidation and cross-correlation of data by companies like Choicepoint and also by government agencies. "We have data that is illegal for the government to collect, so they buy it from industry, and vice versa. All the strands of information come together and can then be used in unexpected ways.""

US Senate Hearings on Privacy

Online Privacy Hearings See Conflicting Testimony And Recommendations by Greg Sterling, Search Engine Land (July 10)

Google, Microsoft, Facebook and others argued for federal privacy legislation in sessions being held in Washington DC; the US Federal Trade Commission favoured industry self-regulation. Discussions center on "online advertising, behavioral targeting and what the government should do about it, if anything".

Microsoft, Google support privacy law, CNN Money (Jul 10)

" At a Senate Commerce Committee hearing on online advertising, representatives of the two technology rivals said meaningful privacy rules should be based on three core principles: Consumers should be clearly notified what information is being collected about them; people should control how that information is used; and such data should be secured to ensure it does not fall into the wrong hands."

Privacy Uproar

Viacom vs Google: YouTube privacy fears Reuters via Silicon.com (July 4)

Viacom won a ruling from a US judge to have Google turn over data on user viewing of YouTube videos. This is part of its $1 billion lawsuit against Google for infringement of copyright.

"Judge Louis Stanton of the US District Court for the Southern District of New York ordered Google on Tuesday to turn over as evidence a database with usernames of YouTube viewers, what videos they watched when, and users' computer addresses."

Maybe Google will be able and allowed to anonymize the logs.

Also - Judge orders YouTube to reveal info by Mathew Ingram, Globe and Mail (July 3)

This hinges on definition of personal data. Video viewing records would have IP number. Although there is some protection of information about what videos an individual rents, it wasn't seen to apply to online viewing. Mathew Ingram points out that Google has maintained in other cases that IP address is not personal data - and we see now that it is.

U.S. decision won't apply to Canadian viewers.

Facebook and Privacy

Facebook accused of violating user trust, breaking Canadian privacy laws itBusiness.ca By: Brian Jackson (6/2/2008 6:00:00 AM )

"Facebook may say it's purely a social networking site, but it is in fact a commercial enterprise that's about sharing and using members' personal information with advertisers and third-party application developers." That's the substance of a complaint against Facebook filed with Canada's Privacy Commisioner.

INCLUDES VIDEO.

Malware on Web 2.0 sites

Web 2.0 Sites a Thriving Marketplace for Malware Erik Larkin, PC World (June 1)

"Malicious software makers are using social networks, video sites, and blogs to peddle their wares to other online criminals."

"Malware is big business, and groups like the Albanian hackers are trying to cash in, using the latest Web 2.0 tools: social networking profiles, blogs, and other publicly available media and Web pages. The digital desperados are moving more and more into wide-scale advertising and brand building on public sites and networks to grow their underground trade."

Cloud Computing and privacy concerns

Privacy commissioner probes cloud computing By: Shane Schick, Computer World Canada (May 29)

"Ann Cavoukian’s office looks at services to host software and data over the Internet and raises questions about the protection of users’ information. Consider her key identity management suggestions"

"The privacy commissioner of Canada’s largest province has raised concerns about the use of third-parties to host data on the Internet, otherwise known as cloud computing, urging companies to adopt responsible identity management before it’s too late."

"In a white paper published Wednesday, Ontario Information and Privacy Commissioner Ann Cavoukian discussed the changing landscape for individual information as software moves to Web-based services from companies such as Google, IBM or Amazon. The 30-page document provides an overview of cloud computing as well as the technological building blocks Cavoukian says are necessary to protect data from those who shouldn’t see it. These building blocks include identity management software based on open standards; federated identity so that registering their information for one service will mean they are recognized elsewhere; audit tools to track what happens to user data; and, policies that stipulate how information will be used in a cloud. "

Google's safe browsing

Google's Safe Browsing Diagnostic Tool by Barry Schwartz, Search Engine Land (May 23)

"A week ago Google announced the release of a safe browsing diagnostic tool. To use the tool, just append a URL to the end of http://www.google.com/safebrowsing/diagnostic?site=."

And who's going to go to the trouble of doing that? Yahoo teamed up with McAfee to check for malware at sites, and McAfee provides Site Advisor for free. Google should be able to do better than this.

Blurred Faces

Google Starts to Blur Faces in Street View Photos by Brian Bergstein, AP (May 14)

Google should have been more sensitive to protecting privacy in their street views from the outset.

"After privacy complaints, Google Inc. is beginning to automatically blur faces of people captured in the street photos taken for its Internet map program. Rolling it out will take several months, however."

Yahoo Scans for Malware

Risky websites to be flagged in Yahoo! Search Silicon Republic (May 7)

Yahoo search results will be clean of malware thanks to a partnership with McAfee to use the SiteAdvisor. SearchScan will also identify sites that been the source of spam.

" Websites that may harm a user’s computer just by visiting them will be omitted from Yahoo! search engine rankings, following a partnership between the search company and security firm McAfee.

The two companies signed a multi-year global deal that will see Yahoo! Search incorporate McAfee’s award-winning SiteAdvisor technology. As well as omitting potentially dangerous sites, other risky sites containing potential threats such as spyware, adware and malware will be flagged in the search listings."

Yahoo Search users in UK, Canada, UK, France, Italy, Germany, Australia, New Zealand and Spain will benefit from the beta version.

Also Yahoo To Flag Malware Sites In Search Results at Techcrunch - has screen shot.

EU on Data Protection

Google defends user data policy after EU report by ERIC AUCHARD, Reuters via Globe and Mail (Apr 8)

Google Inc claims that it needs to keep personal data of IP number and search activity for 18 months in order to "improve" search. The EU says balderdash

"A group of data protection commissioners from across the European Union found that computer Web addresses and cookie monitoring are personal information that search services should do more to protect."

Google's position:

"In a statement issued on Monday, Peter Fleischer, Google's global privacy counsel, said his company disagreed with key findings in the report and argued that privacy policies must be balanced against efforts to make Web services easier to use.

“We believe that data retention requirements have to take into account the need to provide quality products and services for users, like accurate search results, as well as system security and integrity concerns,” Fleischer wrote."

And what specifically would those system security and integrity concerns be and how exactly does Google use the data to improve search? Likely advertising.

Street View - Invasion of Privacy

Pittsburgh couple sues Google over Street View Declan McCullagh , Webware (Apr 4)

Google took a street view of a house on a private lane. Is this legal? Owners are suing.

"In general, of course, photographs taken of homes from the public street (or the air) are perfectly legal and protected by the First Amendment's freedom of the press."

Web Attacks and Malware

Major Web Sites Hit With Growing Web Attack by Robert McMillan, IDG News Service via PCWorld (Mar 28)

Big websites such as Walmart and USAToday are having search results at their sites infected by malicious code - and then these search results are passed to Google or other engines as a kind of canned query for those keywords. The search result tries to redirect the victim to a malicious web site and install malware.

""Malicious parties are actively poisoning these sites search query caching feature to position the keywords among the top ten search results, thereby infecting anyone coming across them," said Danchev, in an instant-message interview."

Over a million Web pages have been infected.

Protect Canadians from the US Patriot Act

Patriot Act haunts Google service by SIMON AVERY, Globe and Mail (Mar 24)

Universities and other Canadian institutions and businesses need to think carefully about using US-based computer / software services - such as Google's Search Appliance and new web-based collaborative tools.

"The U.S. Patriot Act, passed in the weeks after the September, 2001, terrorist attacks in the United States, gives authorities the means to secretly view personal data held by U.S. organizations. It is at odds with Canada's privacy laws, which require organizations to protect private information and inform individuals when their data has been shared."

Also -- "Montreal security strategist Jeffrey Posluns says Google's software suite may suit some small businesses because cost savings are significant. But he warns that the deciding factor should be the sensitivity of the organization's information."

About Privacy

The True Price of Privacy: What users are willing to exchange for (Free) content by Heidi Gautschi, EContent (March 2008)

How much will we give up for free content and convenience? This article is available to print subscribers, but here are a few notes about Google (to whom we give a lot away).

First check Google's Privacy Channel -- http://youtube.com/user/googleprivacy [ 5 minutes] to learn about cookies and use of the IP address.

A "Google spokesperson" told Gautschi, "Google collects and retains our server logs for three reasons: to improve our search algorithms to the benefits of our users, to defend our systems from malicious access, and to maintain the integrity of our systems, to comply with data retention legal obligations."

Gautschi compared this to a library using boring records to make suggestions on what to read next and to make sure there was no abuse.

As for the truly personal services - search history, gmail, bookmarks - Google does warn that it may be collecting "personally identifiable information" - and at the very least there will be targetted and tailored advertisements.

These are important questions - how much care should we take, when should we say no, and even so how much control do we have?

Quoted -- "Data collection and targeting are occurring now across applications and across platforms".

Poisoned Links

Poison in Google Search Results Virtual Chase (Mar 6)

Genie Tyburski has picked up more stories about poisoned links in Google search results. Matt Cutts at Google is quoted, ""2008 will be the year that hacking and search engine optimization (SEO) collide in a major way. By the end of the year, a nontrivial fraction of blackhat SEO will involve illegally hacking sites for links or landing pages.""

Also see Hackers find clever new way to hose Google users, Channel Register (Mar 6)

More detail on the hack and what Google does to warn you - but searchers are still in danger of hitting a site with a redirect.

"Hackers have found a new way to get Google to point to malicious websites with the help of unwitting websites such as TorrentReactor, ZDNet Asia and several other CNET-owned properties."

EU Privacy Rules

EU: search engines under EU rules by Aoife White, AP via Business Week (Feb 21)

The EU is requiring that Internet search engines that are based outside Europe - Google, Yahoo, MSN, Ask - comply with EU privacy rules, specifically how a person's Internet address or search history is stored.

"EU rules that someone must consent to their data being collected and give individuals the right to object or verify their information apply to search engines, the regulators' group said in a short statement as they prepare a full report due by April.""

This may extend to the use of the IP address which may be viewed as personal information. Removing it "would have implications for how search engines record the data they need to understand search patterns and correctly bill online advertisers for the number of times their ad is viewed."

Market alone won't solve privacy problems

The Privacy Paradox by Andy Greenberg, Forbes (Feb 15)

Users talk about privacy but don't change their behaviour at search engines or web sites. They register at sites for the convenience but then worry about privacy. They also ignore announcements by engines such as Ask.com and Ixquick that provide some protection (though not full).

The answer: "So, do users value the convenience of having a search bar beside their e-mail more than protecting their sensitive information? "There's a growing market pressure to do right by privacy," insists Harris. "But do I think the market alone will fix this? No. At the end of the day, we still need legal protection." Part of the solution, she says, may be a national privacy law. "

Malware Alerts

Google warns of drive-by downloads Tom Espiner, ZDNet (Feb 19)

"Drive-by downloads, in which malicious websites exploit browser vulnerabilities to execute malicious code, have increased since April 2007, warned Google researchers last week"

Definition: "Drive-by downloads are caused by URLs that attempt to exploit their visitors and cause malware to be installed and run automatically."

Google reports problems it finds to StopBadware.org , a clearinghouse for web malware research run by Harvard Law School, Oxford University, and technology companies including Google, Lenovo and Sun.

"Google uses the StopBadware.org list of compromised sites to place "interstitial pages" (pages that sits between the search results pages and the suspect page) between the user and the suspect site they wish to visit. Once the user has been warned that the site is probably compromised, they have the option to then click through to the site if they wish."

What should users do?

1 Keep everything up to date - patches to operating system, browser (might use alternative to IE), anti-virus software. See Be alert to booby-trapped web pages for advice.

2 Install the free Site Advisor from McAfee. This article in OnLine Tech Tips describes how it works -- McAfee SiteAdvisor - Free protection from malware and spyware.

Malware in search results

Google Study: 1.3% Google Searches Return At Least One Malicious Result Barry Schwartz, Search Engine Land (Feb 13)

Just as we suspected - there is an increasing amout of malware turning up in search results and often the domain is cn.

This study from Information Week - Web Browsing, Search, And Online Ads Grow More Risky, Google Says - quotes Niels Provos, a security engineer at Google -- "In the past few months, more than 1% of all search results contained at least one result that we believe to point to malicious content and the trend seems to be increasing .."

There are more drive-by-downloads that exploit browser vulnerabilities in the results, and, as Google admittted, ads are a source of malware. The problem with ads is partly because of ad syndication where the final distributor doesn't know the source. "2% of malicious Web sites were delivering malware via advertising, based on an analysis of about 2,000 known advertising networks"

Search Engine Land has a chart showing the hosting country for malware distribution and landing site. China is at the top with over 64% of sites, and the US sits second with 15%. Canada, too, is a hosting country at. 6%.

What to do? Eyeball results carefully. Watch for repeated keywords, garbled text, and odd urls. I suggest being extra wary with small results sets. If there are only 10 results, chances are that none are good and some may be malware.

Google Privacy Videos

New Google Privacy Videos Offer Advice On Product Settings by Danny Sullivan, Search Engine Land (Dec 19)

Google has created videos on the privacy aspects of its products. Links are in this article. Google has a Privacy Channel in You Tube. Start with Google Search Privacy: Plain and Simple for a mini lesson on the information a search engine needs from you. Recommended.

Google Toolbar Vulnerability

Google Toolbar Flaw Opens Door for Phishers by Robert McMillan, IDG News Service via PCWOrld (Dec 18)

"A bug in the Google Toolbar could allow criminals to steal data or install malicious software on a system, a security researcher warns." The danger was in the adding a new Google toolbar problem and affected toolbar versions for IE and Firefox. Until Google fixes it - don't add buttons.
More information about the toolbar is available at http://www.google.com/support/

Identity Theft

Online shopping still suffering growing pains Ellen Roseman, The Star (Dec 16)

There are some perils to shopping online. A mixed up order can be difficult to fix even if dealing with prominent stores such as Toys R Us described in this article.

Using credit cards online might lead to identity theft if the data is stolen from the company. Ellen Roseman has some pointers from Capital One based on a survey it did on Canadian consume knowledge about identify theft. See the Capital One Identity Theft Guide .

Ask Eraser

Ask.com Puts You in Control of Your Search Privacy With the Launch of 'AskEraser' Press Release Ask.com (Dec 11)

At Ask.com , searchers will be able to stop the collection of information about their searches (mostly).

"When enabled by the user, AskEraser completely deletes all future search queries and associated cookie information from Ask.com servers, including IP address, User ID, Session ID, and the complete text of their queries."

The link for AskEraser is in the upper right corner. When activated it shows as On. Ask remembers your preference.

Ask has been more pro-active than other major search engines in supporting privacy.

From the press release: "Earlier this year, Ask.com also announced that it is implementing a new data retention policy to disassociate search history from IP address and User ID after 18 months. In addition, Ask.com has taken steps to further industry collaboration and dialogue on privacy issues. In July, Ask.com and Microsoft joined together in urging the online industry to develop global privacy principles for data collection, use and protection related to searching and online advertising. Since then, Ask.com has worked with other technology leaders, consumer advocacy organizations and academics to make progress toward the development of these principles, as well as disseminating best practices to provide more privacy control for consumers."

However, it's not 100% as we see in this article -- Ask.com places a bet on online privacy by Miguel Helft, International Herald Tribune (Dec 11)

"But underscoring how difficult it is to completely erase one's digital footprints in the Internet age, the information typed by users of AskEraser into Ask.com will not disappear completely. Ask.com relies on Google to deliver many of the ads that appear next to its search results. Under an agreement between the two companies, Ask.com will continue to pass query information on to Google."

Other search engines have done something, though is it enough? "Google and Microsoft make search logs largely anonymous or discard them after 18 months. Yahoo does the same after 13 months."

Barry Schwartz at Search Engine Land has more -- Ask.com Launches AskEraser Giving Searches Ability To Search Anonymously

+ turning on AskEraser does not remove earlier search history - that information is kept for 18 months.

+ relevancy algorithms are partly based on samples taken from search history. If everyone turned on AskEraser, Ask would have to "modify" what they do.

Full how-to at Ask.com blog - Ask Launches AskEraser

Will this be the competitive edge for Ask? If we see another scandal associated with the use of search history data, it might. People who have been taking measures not to leave traces will be attracted to Ask.com.

Postscript Dec 12 - Erase Your Search Tracks Rob Hof, Business Week (Dec 11)

These readers are not impressed with AskEraser, although "... in an era when it seems like our every move is tracked online, giving people a choice to opt out from an activity that inherently contains very personal and often sensitive information is at least a step in the right direction."

Internet Storm Center

Malware Continues to Infect Search Results The Virtual Chase (Dec 4)

Refers to warnings on malware from the SANS Internet Storm Center -
Google has removed the .cn pages on certain queries and Microsoft is in the process.

TVC Alert also mentions and to a "a 12-page PDF document that lists hundreds of keywords and phrases that retrieved infected pages."

Most of those phrases have the word microsoft in them. Also be careful with password, download, fetch, dog , recovery, router, modem, monitor. Thomas Dixon was also on the list - the only pair of words that I recognized as a name of a person. It did not have - adoption child guide - and should have.

Cybercrime Crisis

Cybercrime: How online crooks put us all at risk By Ryan Blitstein, San Jose Mercury News via Seattle Times (Dec 3)

Must read to learn how extensive cybercrime has become - this means malicious software, phishing, and hacking computers. Be on your guard.

"During the past few years, a professional class bent on stealthy online fraud has transformed Internet crime, rendering obsolete the hobbyist hackers who sought fun and fame. These Al Capones of the information age are like ghosts in our Web browsers, silently taking over our computers, stealing digital bits, and turning our data into cash."

Article describes the operation of the "Rock Phish", based in St Petersburg, Russia, and considered the Microsoft of the cyberspace crime community.

Search Spam

Search Spam Is Getting More Dangerous Every Day by Barry Schwartz, Search Engine Land (Nov 29)

Barry Schwartz reports that search spam has been getting worse for some time - hacked sites and links to malware were seen 2 or 3 months ago but Google and other search engines are only reacting to it now.

"Search spam, using techniques that manipulate the search results, is becoming more dangerous each and every day. Some search spammers go as far as hacking sites to inject link spam into unsuspecting web pages. And some go even further by polluting the search results with nasty malware."

Malware lurking

Researchers: Google results lead to massive malware attack Gregg Keizer, Computerworld (Nov 28)

I saw some of this just the other day using a fairly innocent search - guide "child adoption in canada" - but it seemed to affect Yahoo and Live as well as Google

"Users searching Google with any of hundreds of legitimate phrases -- from the technical "how to cisco router vpn dial in" to the heart-tugging "how to teach a dog to play fetch" -- will see links near the top of the results listings that lead directly to malicious sites hosting a mountain of malware. "This is huge," said Alex Eckelberry, Sunbelt Software's CEO. "So far we've found 27 different domains, each with up to 1,499 [malicious] pages. That's 40,000 possible pages."

Also see -- Google's Malware Warnings Not Working?, Barry Schwartz, Search Engine Land (Nov 28)

"Subverted search sites lead to massive malware attack in progress from ComputerWorld reports that Google, along with Yahoo, Live Search, and other search engines are being targeted more than ever with sites that contain malware."

Protection from Phishing

Phishing Away Your Identity by Reid Goldsborough, LinkUp Digital (Oct 15)

Advice on how not to be taken in by a phisher trying to get access to your financial accounts or trick you out of money.

Of interest: "Be careful about social networking sites such as MySpace and Facebook, as well as the increasing number of business and professional social networking sites that are popping up. Scammers troll these waters looking for innocents to bait, tricking them into revealing financial information, Social Security numbers, mothers’ maiden names, and so on."

Google Street Views in Canada

Google to address privacy concerns for Canadian edition of imaging service program Street View, AP via International Herald Tribune (Sept 28)

Google is trying to address privacy concerns about its close-up Street View for places in Canada that had been raised by Canadian privacy commissioner Jennifer Stoddart. Google may be able to block faces and license plate numbers.

"Google hopes that its approach to addressing privacy concerns by masking faces and vehicle license plates will enable it to launch a Canadian version of its Street View imaging service, global privacy advisor Peter Fleischer said Friday."

Danger Lurks on Web Pages

Dangerous Side of Web Searching, Genie Tyburski, Virtual Chase (Sep 25)

Scary observation - "Using Google, I illustrated the prevalence of infected Web pages by searching for known javascript exploits by their filename. "

Tyburski lists organizations that monitor Internet-related security issues.

Google and Privacy Concerns

Is Google Too Big? by Scott Spanbauer, PC World (Sept 10)

Many people are asking this - "With its empire expanding, the search giant can have an unprecedented breadth of knowledge about you. Can we trust it with so much data?"

Doubleclick is one of the pieces. Did you know this? "Should Google receive approval for its acquisition of DoubleClick, it could become the single largest custodian of Internet user search and browsing histories, with few legal restrictions on using that data or sharing it with third parties."

And there is the matter of warrant search - "Google must comply with search warrants and subpoenas in civil or criminal cases that target your data, just as you would if you stored your data on your own servers."

Bottom line - "Relying on Google's free services can boost your productivity, but they may also put your privacy on the line, your business at risk, and your data out of reach. " Article has a chart of risks associated with Google services.

Your IP Number

Here is a useful site - What is my IP Address? . In addition to telling you what the IP address is, it has tools for tracing the route, and looking up numbers and names. There is a good FAQ as well.

Keep Personal Google Private

Why You Should Encrypt *All* of Your Google Activities [POC], dmiessler.com (Aug 9)

Tips on how to encrypt everything you do with personal Google services. Many commenters to this post recommend using the Firefox extensions for Google that force use of the more secure https protocol.

Search Engines and Privacy Policy

Study: Search Engine Privacy Policies Improving Grant Gross, IDG News Service (Aug 8)

"Search-engine providers have begun to compete with each other on privacy protections, but the U.S. still needs to adopt a national privacy law, says a report from the Center for Democracy and Technology (CDT)."

Yahoo Adds Its Promise

Yahoo Changes Privacy Policy, Joins Google, Microsoft - Yahoo says it will make user search data anonymous after 13 months - Linda Rosencrance, Computerworld (July 25)

"Cullinan said Yahoo will make all search log data anonymous after 13 months except if users request otherwise or if Yahoo is required to retain the information for legal reasons."

Do we have another bid to assuage searchers' fears?

Search Engines and You

What search engines store about you, by Mary Brandel, COmputerworld (July 16)

"Many users are in the dark as to how much of their personal information is retained by search engines, how long the data is kept, and what security measures they can take."

Search engines do collect a lot of information, and if you have registered for a service they probably link that information to you.

"The fact is, search engines such as Google, Yahoo, and Microsoft Live Search all record and retain in their vast data banks any term that you query in addition to the date and time your query was processed, the IP address of your computer, and a cookie-based unique ID that -- unless you delete it -- enables the search engine to continue to know if requests are coming from that particular computer, even if the connection changes."

Hakia Cookies

62% of Searchers Don’t Trust Their Engines: They Want Control & Seem to Be Getting It!, Melek Pulatkonak, Hakia (Jul 20)

Melek Pulatkonak as COO of Hakia might have some bias in posting this to the Hakia blog -- as he says, "Hakia does not place cookies on the user’s computer without explicit permission." But searchers want full transparency - how are the cookies used that people agree to?

Privacy with Windows Live

Online Search Privacy Urged Robert McMillan, IDG News Service via PC World (July 22)

"Microsoft is joining Ask.com to offer Web surfers a way to use its search engines anonymously, and both are urging the search and online advertising industry to develop a common set of privacy practices."

By the end of 2007, searchers at Live.com will be able to do so anonymously, and after 18 months Microsoft will destroy all data on search queries that identifies the searcher such as IP numbers and zip codes.

Privacy at Ask.com

Ask, and Ask.com will stop keeping search data, ANick Jesdanun, AP via Globe and Mail (July 20)

"Ask.com became the first major search engine to promise users it won't store data on their queries, giving the privacy conscious the option of conducting research on the Internet in relative anonymity."

Free Security Programs

15 Great, Free Security Programs by Preston Gralla, PCWorld (Jul 18)

What would we do without PCWorld for assessing and recommending?

"We've found 15 great pieces of software--firewalls, spyware busters, antivirus software, rootkit killers, and general Internet security tools--designed to protect you against any dangers that come your way. They're free, they're powerful, and they're easy to use."

Google Reduces Cookie Time

Google to cut lifetime of 'cookies', Bloomberg News via LA Times (July 17)

Google will reduce the lifetime of cookies it installs on users computers to two years rather than the current limit of 2038.

Dangerous Searches

Dangerous side of search engines, PCWorld (Jun 15)

"The study conducted by McAfee's SiteAdvisor division revealed search categories such as "digital music", "tech toys", and "to do online" produced between 35 to 50 per cent "risky" sites on average when using search engines owned by Google, Yahoo, MSN, and AOL."

Privacy concerns with Google

Is It OK that Google Owns Us? By Lisa Vaas, eWeek (June 17, 2007 )

" Analysis: Given Google's overwhelming popularity, chances are that most consumers are going to put their privacy on the line. "

What do search engines know about you?

What search engines know about us By Darren Waters, Technology editor, BBC News website, BBC News (May 31)

"As Google comes under scrutiny over its privacy policies in Europe, our technology editor looks at the information that search engines and web services firms record about us."

Firefox Extensions not Secure

Don't trust Google Toolbar, researcher says -- Trivial oversight allows Wi-Fi attacks -- By Robert McMillan, IDG News Service, Computerworld (May 31)

"Many widely used Firefox extensions, including toolbars from Google, Yahoo and AOL do not use secure connections to update themselves, according to Christopher Soghoian, a security researcher who blogged about the issue."

EU Challenges Google on Search Data

Google's Data Retention Challenged "The European Union investigates whether saving search data violates privacy laws." Computerworld UK (May 26)

"The E.U.'s Article 29 working party, made up of data protection officials from 27 European countries, asked Google to justify why it needed to retain the data for up to two years, and whether the company had "fulfilled all the necessary requirements" on data protection."

Google's Server Logs

Why does Google remember information about searches? Posted by Peter Fleischer, Global Privacy Counsel, Google Blog (May 11)

Google will anonymize their server logs of search history after 18 to 24 months (no reason given for the range). This post explains why they keep the information at all.

"Three factors were critical. One was maintaining our ability to continue to improve the quality of our search services. Another was to protect our systems and our users from fraud and abuse. The third was complying—and anticipating compliance—with possible data retention requirements."

Malware Abounds

Google warns of 'drive-by download' risk by Tim Ferguson, ZDNet.uk (May 15)

Google checked 4.5 million websites and found that one in 10 web pages could launch a "drive-by download" — such as a Trojan — onto a user's computer. Seventy percent of the time the malware has been placed on legitmate websites. And the problem is getting worse.

Also see Google searches web's dark side, BBC News

Visitors to a website are lured into clicking on an "interesting site", often a video. Most exploit vulnerabilities in the Internet Explorer browser. Code may be embedded in an ad or a widget being used at the website.

Google, when it can, will place a warning in search results - "this site may harm your computer"

BBC also has Tips to help you stay safe online. Anti-virus software, firewall, and spyware - keep it all up to date and use it.

Poisoned Sponsored Links

Booby-Traps Hide in Google Sponsored Links, Erik Larkin, PC World (Apr 24)

Describes new tricks for planting a virus on your computer through a sponsored link that passes through a hidden redirect. Protection is to have all the patches applied to your Windows OS, but Larkin also recommends two other programs - "In the meantime, you can useXPL's Linkscanner and McAfee's SiteAdvisor, both available in free versions, to give you some advanced warning about dangerous search results. I use them both side-by-side in Firefox."

Web - threat to security

Web threats to surpass e-mail pests, by Joris Evers, CNet news (Apr 24)

" "By 2008, most of the threats you are facing will be Web placed. Today most of it is still e-mail," Raimund Genes, Trend Micro's chief researcher, said in a presentation at the Gartner Symposium and ITxpo here on Monday.

The reason for the flip is simple. Security tools for e-mail have become commonplace, but the same isn't true for Web traffic. Security firms have found it tough to secure what comes into a network and computers over port 80, the network port used to browse the Web using the hypertext transfer protocol, or HTTP. "

Google Web History - Discovery

Is Your Google Web History Revealing?, Genie Tyburski, TVC ALert (Apr 24)

The new Google Web History will save your searches (if you are logged into your account), and if you choose, the pages you look at. Tyburski points out that, "Legal professionals may want to consider the implications of Google Web history for discovery purposes."

Protect against botnets

Don’t Let Your PC Turn Into a Zombie by by Reid Goldsborough, LinkUP Digital (April 2007)

+ botnets -- "“... refers to a network of zombie computers that have been taken over. “Botnet,” or network of robots, can also refer to a network of computers doing automated tasks for beneficial purposes."

+ phishing -- "mimics a legitimate credit card site, bank site, Internet auction site, Internet payment site, or other business site with the intention of tricking you into providing your personal information. Using personal information such as your credit card number or Social Security number, the scammer makes purchases in your name, empties your bank account, or otherwise steals your identity."

The lesson - get protection and use it. Article has the usual advice: keep operating system patched, keep anti-virus uptodate, use a firewall.

Identity Theft

Who's guarding your data in the cybervault? Jon Swartz and Byron Acohido, USA TODAY (Apr 2)

ChoicePoint, whose carelessness exposed personal data on thousands of people, is now a model citizen for privacy protection.

But- "Despite ChoicePoint's makeover, there's rising concern among privacy experts and legislators about the frenetic business of assembling and distributing personal data. Everyone, it seems, wants Social Security numbers, birth dates, maiden names, criminal records, civil judgments and real estate records. Lenders, landlords and employers want as much data as they can get their hands on to size up applicants; law enforcement officials want it to track down criminals and terrorists. And cybercriminals are boosting demand for personal information as they concoct new Internet-enabled scams."

Phishing UP

ICANN urged to cut phishing trawl with banking domain, By John Leyden, Channel Register (Mar 29)

Some are calling on ICANN to create a new domain for financial institutions to use exclusively - .safe or .sure -

"If ICANN introduced a .safe domain (or .sure or .bank), which could only be used by registered financial institutions, it would allow security providers to create better software to protect the public, according to F-Secure."

This would afford some protection since phishers would be less able (one presumes completely unable) to create a phishing site in that controlled domain.

Phishing, the act of tricking a person to divulge personal financial information, is huge business and rapidly increasing.

"According to figures from UK banking organisation APACS released earlier this month, online banking fraud losses in the UK alone came to £33.5m in 2006, up from £23.2m in 2005. This 44 per cent year-on-year increase was largely driven by an increase in phishing incidents, which went up from 1,713 in 2005 to 14,156 last year."

SiteAdvisor Protects

Free Security Tool Attracts 38 Million Downloads, by Darren Pauli, PCWorld via Yahoo News (Mar 26)

SiteAdvisor from McAfee is being adopted by millions for protection against a variety of dangers on the web. It works with the Firefox and Internet Explorer browsers.

"It applies 320 million daily potential risk ratings to Web sites for search results, browsing and e-transactions, and is based on scanning results for spyware, adware, exploits, excessive pop-ups and spam. "

It's free - download from http://www.siteadvisor.com/

Web Malware

Web Travels Become Increasingly Dangerous, TVC Alert (Mar 16)

Warning about websites with malware and reminder on importance of being vigilant about keeping anti-virus and everything else uptodate - and to use it.

Privacy Issues and Google

Google to anonymize search data, Pandia (Mar 15)

That Google keeps the data at all is because it wants to personalize results, cut the spammers out, and comply with some government regulations. But Google is also trying to address privacy concerns with its announcement to anonymize data at 18 months to 24 months and design in some privacy protections.

"According to Reuters Google also says it will be taking additional steps to design privacy protections into Google products. The Google Talk instant message system will for instance get an “off the record” feature that will disable the automatic archiving of conversations."

At the Globe and Mail, readers are putting in their 2 cents worth of comments regarding Google's announcement to "tighten privacy measures" - they say don't use Google at all, use Clusty.

Google Privacy Policy

Google to make search logs anonymous by Stephen Lawson, ComputerWorld (Mar 14)

"Until now, the dominant search company has indefinitely retained a log of every search, with identifiers that can associate it with a particular computer. The new policy, to be implemented within the next year, is intended to better protect users' privacy, two executives wrote in a Google Blog entry posted Wednesday."

Also see Taking steps to further improve our privacy practices, Google Blog

Your Online ID

Questions About Online Identity by Reid Goldsborough, LinkUP Digital (Mar 2007)

Should you have an alias when you go online or is it ok to use your real name? Depends. And these days you might also want to doctor up a photo to go with your alias.

Phishing Fraud Soars

Phishing Sites Explode on the Web Robert McMillan, PC World (Feb 26)

Over 37,000 phishing sites were added to the Web during 2006 (Nov05 to Nov06), and number of Americans who were duped doubled. The new blacklist-based anti-phishing protection in Firefox and IE7 are being circumvented by the phishing fraudsters.

At the moment the phishers are winning - "Research firm Gartner estimates that 3.5 million Americans gave up sensitive information to phishers in 2006, an 84 percent jump from the previous year--for a total loss of $2.8 billion. One single phishing gang, called Rock Phish, is estimated to have taken in more than $100 million."

For best defense follow this advice:

"Never click a link in an e-mail or on a third-party site to go to any of your financial accounts. If, instead, you always use your own bookmark or type in the address, even when you're 100 percent certain that the e-mail is legitimate, you should be safe.

Automated tools, such as the free Password Safe and PwdHash utilities can still provide help. But to combat ever-adapting phishers, your best protection remains...you. "

Protect Yourself

Thwart the Three Biggest Internet Threats of 2007 - Protect yourself against the three gravest Web dangers: IE, phishing attacks, and malware - by Scott Spanbauer, PCWorld (Jan 24)

+ Tells you what to change in IE to turn off ActiveX.
+ Explains phishing and how to adjust the new anti-phishing settings in IE and Firefox.
+ Block malware. Windows XP and Vista are good for blocking incoming but not outgoing connections made by malware. Get bi-directional protection (and be warned about the malware) from ZOne Alarm or Agnitum.
+ Toolkit page with links to the 3 main browsers, firewall protection, anti-virus and spyware.

Extra advice - don't add personal information to a profile on a social network - Keep Your Online Profiles Private by Scott Spanbauer (Aug 25, 2006)

Surfing Anonymously

Caught in the Network by Paul Cesarini, The Chronicle Review (Feb 9)

At this campus, the network-security technicians weren't happy that this professor was using TOR and telling his students about it.

Tor, developed by the U.S. Navy, stands for The Onion Router - "A browser plug-in, it thwarts online traffic analysis and related forms of Internet surveillance by sending your data packets through different routers around the world. As each packet moves from one router to the next, it is encoded with encrypted routing information, and the previous layer of such information is peeled away — hence the "onion" in the name."

In short, it enables anonymous surfing. Article mentions why you might want this - looking up sensitive information, victims of abuse, repressive regimes. But fraudsters would use it too, and that is the reason it was not welcome on this campus.

TVC Alert has an entry on this too - Can you search the Internet anonymously (Feb 9) - and points to a reminder that you shouldn't trust to looking at a cached version of a page at a search engine to hide your surfing - that page may link in many ways to the original page where your IP identity will be noted.

Tor:anonymity online is at http://tor.eff.org/

There is also Torrify , reviewed in PC World. Install this program on a USB Flash drive and use it to create "an encrypted tunnel from your computer indirectly to a Tor exit computer, allowing you to surf the internet anonymously."

See Outsmarting the Online Privacy Snoops - Internet privacy controversies drive interest in tools for anonymous Web surfing.
Tom Spring, PC World (Feb 28, 2006) - describes the Tor project, TorPark (now at Torrify), and Anonymizer software.

Beware Phishing Emails

Consumers Open One in Six Phishing Messages by Enid Burns, Clickz (Feb 5)

A study by Iconix finds that, "As many as 59 million phishing e-mail messages are sent each day, and up to 10 million of those may be opened by consumers."

Phishing e-mails try to lure you to a site and get you divulge private information for fraudulent purposes. Most people know to be wary of messages about bank accounts, but there are other types.

"Divided into eight categories, spoofed or phished messages had open rates ranging from 1 in 4 to 1 in 10. Fake social-network-related messages maintained 24.9 percent open rates. Other categories, including as e-cards (17.1 percent); payment (16.2 percent); financial (15.5 percent); auction (14.7 percent); information (12.9 percent); retail (12.1 percent); and dating (9.5 percent), had lower open rates."

McAfee SiteAdvisor Warnings

McAfee Updates Groundbreaking Study of Search Engine Safety Overall risk declines by 12%; Sponsored ads continue to pose high risk, however; "Drive-by" malware sites frighteningly common, Marketwatch (Dec 11)

"McAfee, Inc. today released a follow up report to its study from May that shows search engine users continue to be at significant risk of clicking through to Web sites that can compromise their online safety. The investigation, conducted by McAfee(R) SiteAdvisor(TM), studied the five major U.S. search engines (Google, Yahoo!, MSN, AOL, Ask) and found that the overall chance of clicking through to a risky site declined by 12.0%. Still, McAfee estimates that consumers click through to risky sites more than 268 million times each month."

Of special interest:

+ free is a dangerous word. "... queries containing the word "free" are particularly likely to lead users to sites with unsavory practices."
+ tech toys can bring trouble. " Of the Google Zeitgeist search terms analyzed, the most dangerous category is "tech toys," examples of which include "ipod nano," "mp3 music downloads," and "winmx." 23.3% of results for this category are rated red or yellow by McAfee SiteAdvisor."
+ childhood favourites have dangers - " (6.7% risky results) which includes keywords such as "Winnie the Pooh" and "Tweety." "

Full McAfee search engine study is at http://www.siteadvisor.com/studies/search_safety_dec2006.html

Google Health URLS

Gmail and Health URLs: Why Google cares less about your privacy, and why you should care by Donna Bogatin, Digital Markets, ZDNet (Dec 10)

Basically, when it comes to trusting Google with email and search history -- "Nothing is risk-free: Risks of fraud, data manipulation and identity theft can be reduced, however, by choosing email systems which provide for more user control and which are not integrated within data mining business models."

More alarm bells when off for Donna Bogatin when she heard about Google's idea of a personal databank of health information about individuals that medical care updates and patient uses.

This was floated by Adam Bosworth in a speech at Connecting Americans to Their Health Care:Empowered Consumers, Personal Health Records and Emerging Technologies National conference sponsored by The Markle Foundation
Washington, D.C. December 7, 2006

"So what can be done? We should start at the beginning. Let’s put the patients in charge of their health and medical information. Let’s build a system which puts the people who are sick in control. For every single medical and health-related event, let’s make sure that patients can effortlessly retrieve and share their information in its totality and then use it to ensure that they get the best quality of care possible. It is their health. The people who treat, diagnose, test or dispense medications to patients should be required to deliver, instantly, over the net, at the speed of light, that information to those patients to use as they see fit. If these patients choose to share it with caregivers or health coaches or nursing services, that should be their right."

The idea may have some merit, but there will surely be major issues over privacy protection.

Anti-Virus Software

CNET 2007 antivirus performance test scores, by Robert Vamosi, CNet (Oct 26) - Editors pick was Kaspersky Anti-Virus 6 over Norton, McAfee, and Eset NOD32. Oddly, no mention of AVG Anti-Virus. However, article does point to test results and comparative information at AV Comparitives and CheckVir.

PCWorld's Tomorrow's Technology

PCWorld has published a 12 part special report on Tomorrow's Technology that looks at PCs, cell phones, web, nanotech, robots, and more.

The Future of Privacy "New online services could make you an even more inviting target for privacy attacks. Here's how." Ryan Singel, PCWorld (Oct 2)

"What are the dangers of storing more and more e-mail, documents, photos, and financial account information online? We talked to experts and then designed several scenarios that depict what could happen in the next few years if technological innovation and public policy trends in three hot tech categories--online storage, location tracking, and biometrics--remain on their current course."

The Future of the Web (Print version) "The next-generation Net won't just be more portable and personal. It'll also harness the power of people, making it even easier to zero in on precisely what you're looking for." by Alan Stafford

"New technologies will soon give us speedy, uninterrupted access to the Web wherever we wander. We'll see innovative Web applications that allow us to access information anywhere and work seamlessly with colleagues around the globe. People will gain more power online--rather than simply reading the news, they'll be able to go out and uncover some stories of their own. And new sites and services will offer information targeted precisely to your needs, rendering one-size-fits-all sites obsolete."

Among the changes:

+ web services that replicate desktop software
+ search engines that match on intent of the search rather than the keywords
+ more personalized results to be accomplished in part through social-network searching
+ more influence to the public on everything through political blogs, comments, local news, votes.

Anti-phishing at Yahoo

Yahoo Tests Antiphishing Service "New site will let users know if a Yahoo sign-in page is legitimate." Juan Carlos Perez, IDG News Service via PC World (Aug 18)

"Phishing is a monumental online security problem. Scammers set up legitimate-looking Web sites from well-known companies such as banks, online stores, and Web portals, and then try to lure people to them via e-mail and other methods. The idea is to trick people into entering, on these fake sites, sensitive information such as passwords and credit card numbers; this captured information could then be used for malicious purposes like ID theft and fraud."

Keeping Search Private

How To Keep Your Search History Private, Electronic Frontier Foundation (Aug 15)

One tip is to anonymize the search cookie. Firefox users can do this with a Customize Google extension.

Of course, another piece of advice is not use personal search accounts. That would make it impossible to make use of many search aids and conveniences. But at the very least we can take heed to not put personally-identifying information in our searches.

Related article: Has the time finally come to stop using Google? Jack Schofield, Guardian Unlimited (Aug 17) - the reasons why we should be worried and more careful.

Google's Warning System

New Google Feature Flags Dangerous Sites for Users "Alert page warns of possible risks from malicious sites."
Juan Carlos Perez, IDG News Service via PC World (Aug)

"When users attempt to click over to a Web site considered to be potentially dangerous, Google shows users an alert page that informs them of the possible risk and gives them the option to click back to the results page or continue on to the questionable Web site."

Be Careful What You Search For

U.S. asks Internet firms to save data, by on Swartz and Kevin Johnson, USA TODAY (June 1)

"Top law enforcement officials have asked leading Internet companies to keep histories of the activities of Web users for up to two years to assist in criminal investigations of child pornography and terrorism, the Justice Department said Wednesday."

Protection from Rogue Sites

The Dangerous Side of Search Engines -- "Popular search engines may lead you to rogue sites. Here's what you need to know to avoid dangerous downloads, bogus sites, and spam." by Tom Spring, PC World (May 26)

Can this be true? "Who knew an innocent search for "screensavers" could be so dangerous? It may actually be the riskiest word to type into Google's search engine. Odds are, more than half of the links that Google returns take you to Web sites loaded with either spyware or adware. You might also face getting bombarded with spam if you register at one of those sites with your e-mail address."

Read on. Tom Spring recommends a new kind of security software to protect us against "shady" sites. SiteAdvisor from McAfee is one - currently available for free. There is also ScanDo and StopBadWare.org .

SiteAdvisor

Search at your own risk, The Minneapolis-St. Paul Pioneer Press (May 12) - McAfee, the company that makes anti-virus software, conducted a study into risks posed by web sites, and more specifically, search results.

"The study by McAfee's recently acquired SiteAdvisor product team showed that all five leading search engines - Google, Yahoo, MSN, AOL and Ask.com - returned risky sites for popular keywords in about 5 percent of their results within the first five pages - or about one dangerous site per page, the study said.

Those results included a 3 percent rate for so-called 'organic' or regular search results and almost 9 percent of 'sponsored' results that are really advertisements for Web sites that pay to be placed on the search engines' results page, usually off to the side of the regular search results."

Although McAfee would have some financial interest in doing the study, it's a good reminder to have your computer equipped with uptodate and effective spyware and anti-virus software.

SiteAdvisor, a McAfee program, will warn if a search result might be dangerous. This software is free at the moment and works on Windows and Macs.

The Government is Watching

Judge set to compel Google to give data by John Shinal, CBS Marketwatch (Mar 14) -- US Department of Justice has scaled back its request for access to Google's search data, but the request, if granted, would "set a legal precedent granting the government access to huge storehouses of information kept on Web surfers by private companies."

Managing the Browser

Take Charge of What Web Sites Know About You -- Control cookies, clear your download history, and take other steps to keep snoops off your online trail. -- Scott Spanbauer, PC World (Feb 17)

SiteAdvisor for Protection

Exposing Web Addresses' Hidden Mischief By Brian Krebs, Washington Post (Mar 5) -- Brian Krebs tested SiteAdvisor, a plugin for Internet Explorer to be used when reviewing search results that will warn of sites that may be troublesome for spyware, scams, viruses, spam - somewhat like an automated Better-Business-Bureau assessment. He found that "overall, SiteAdvisor does a good job", but that its database had some holes.

Go to SiteAdvisor to get the trial version. You can also enter any web address from the home page to get a site report. And you can join as a volunteer to add your review comments about the safety of a site.

EFF Warns About Using Google Desktop

EFF: Don't Use Google Desktop, By Ryan Naraine, eWeek (Feb 10) -- EFF's argument for not using the new feature through Google Desktop of sharing files across computers.

The Google Cookie

How Much Does Google Know About You? "If you think your search keywords are private, think again." by Andrew Brandt, PC World (Feb 21) -- Google sets a cookie on the computers of its users that doesn't expire until 2038. It doesn't know your name but it does have the IP address. This is the information the U.S. government wanted from Google.

Article links to another PC World article on cleaning your machine -- Take Charge of What Web Sites Know About You (Feb 17)

Increased Surveillance

Be anywhere with Google Earth, by Richard Louv, San Diego Union-Tribune (Jan 24) It's fun to fly over planet earth with Google but it raises some disturbing questions about surveillance and privacy.

Google and Personal Data

Forgot what you searched for? Google didn’t - Online giant stores users’ queries, click patterns and more - by Leslie Walker, Washington POst via MSNBC (Jan 21) - US Justice Department request for information from four search engines on usage of the Internet for pornographic purposes raises questions about how much information the search engines collect. Google is the only one to refuse. Leslie Walker reflects on the amount of personal information Google probably has on her. She's used "Gmail, Orkut social networking, Froogle shopping lists, personal search and a custom home page". Maybe we should be more careful about allowing a search engine to log our personal queries.

Our Online Histories

Google is watching you AS WE SEARCH AWAY, WEB FIRMS GATHER DATA ON OUR HABITS By John Battelle, Mercury News (Nov 13)

Warns about the amount of personal information we are giving up to the search engines as they log what we do with or without our permission.

"But consider the concentration of information about us that resides with the search companies, or that's accessible using their tools. It goes beyond the database of intentions we create when we click around the Web. Because we are increasingly moving our digital lives from the constraints of the PC to the relatively boundless Web, we also are creating virtual profiles of ourselves. Hundreds of millions of us store our e-mail, photographs, social networks, contact databases and personal journals on the Web, and we are adding to that pile at an extraordinary rate."

Protecting your Identity

Another Phine Kettle of Phish: Identity Theft Prevention by Carol Ebbinghouse, Searcher (November)

Carol Ebbinghouse is the law librarian at the Second District Court of Appeal, Los Angeles, Calif. She knows her stuff. This article is long, likely comprehensive, somewhat frightening, certainly daunting about the prevalence of identity theft and measures individuals should take to reduce the risk. All references to resources to use are in the United States, but Canadians can avail themselves of the general advice and get an idea of what to look for in Canada.

"While you cannot prevent the theft of your identity from banks, credit bureaus, alumni offices, swiped laptops without encryption, unscrupulous employees, etc, you can take precautions to limit the odds of identity theft. Just as using seat belts, yielding to rights of way, and reading road signs may not prevent all accidents, these precautions do eliminate many risks. Using these suggestions will reduce the opportunities for would-be ID thieves to make you his or her next victim."

Adware targets Google

Adware infiltrates Google "Software replaces popular search engine's results with its own, letting advertisers 'cheat' and leaving users in the dark" by Richard J Dalton Jr, NewsDay.com (Sept 18) -- Beware these two hijacking programs - "2search and premiumsearch.net, place ads in the primary search listings of the Google screen, instead of on the advertising section areas labeled "sponsored links."

Fighting Spyware

Theft You Don't Even See By Leslie Walker, Washington POst (Sept 1) [subscription] Spy software is becoming more prevalent and it makes money. Webroot, an anti-spyware software maker, reports that there are 300,000 web sites pushing unwanted software onto your machine as you surf by. Leslie Walker tells of some first-hand experiences and says that she no longer keeps sensitive files on computers connected to the Internet.

Stolen Identities on the Web

Search Engines Find Stolen Identities By Thomas Claburn, Security Pipeline (Aug 19)

"During the first six months of 2005, more than 50 million identities were lost or stolen in a series of high-profile data breaches across the United States. Thanks to search engines, many can be easily found.

For example, fed a few abbreviations associated with personal and financial information, a Google search returns links to a wide variety of Web sites. Most are harmless. A few, however, lead to page upon page of sensitive personal information including Social Security numbers, credit-cards numbers, dates of birth, driver's license numbers, bank-account numbers, logon names, and passwords. "

The Law, Privacy, and Google

Google Has Your Data: Should You Be Afraid? - Part Two Jack M. Germain, NewsFactor Technology News (Aug 18)

"From Google's viewpoint, once users grant consent by using Google's services, the collected data is beyond the user's reach forever. Google states that it might store and process personal information collected on its site wherever it wants. "

Internet more hazardous

Net threat rising Consumer Reports (Sept 2005)

"Use the Internet at home and you have a 1-in-3 chance of suffering computer damage, financial loss, or both because of a computer virus or spyware that sneaks onto your computer. That’s one of the unsettling conclusions from our 2005 Consumer Reports State of the Net survey of online consumers."

Don't be scared off, but according to ConsumerReports.org the Internet is much more hazardous for surfers than it was even 5 years ago. Report offers "good online practices" and a list of recommended software for antivirus, antispyware, and antispam.

TOR for anonymity

Free Tool Makes You Anonymous on the Web "Tor, from the Electronic Frontier Foundation, uses "onion routers" to remove the IP address from outbound data packet headers." By Andrew Brandt, PC World (Aug)

"... a free tool named Tor from Electronic Frontier Foundation can close this privacy loophole. Tor--a World Class Award winner last month, and available at tor.eff.org--strips the identifying IP address from the headers of each data packet that leaves your computer, by bouncing the packet through a special network of computers called "onion routers.""

Hacker Delight

Google now a hacker's tool - "Google's massive database contains information that wasn't intended to lie unexposed on the Web, and hackers are using it as a resource for intrusion" By Robert McMillan, IDG News Service (Aug 2)

"Combining well-structured Google queries with text processing tools can yield things like SQL (Structured Query Language) passwords and even SQL error information. This could then be used to structure what is known as a SQL injection attack, which can be used to run unauthorized commands on a SQL database. "This is where it becomes Google hacking," he said. "You can do a SQL injection, or you can do a Google query and find the same thing.""

Cookies crumbling

The Web cookie is crumbling - and marketers are feel the fallout, Tessa Wegert, Globe and Mail (Jul 21)

More people are deleting cookies because of worries about spyware. But this hurts marketers who use cookies to anonymously identify where people are shopping and surfing.

"The effect that this will have on on-line marketers is fairly substantial," says Eric Peterson, a senior analyst with JupiterResearch and author of the report. "People doing affiliate marketing [revenue sharing between site publishers and advertisers], those with long lead times between marketing response and actual purchases, and any site that depends on cookies to identify users over multiple sessions is affected by this problem."

Ad networks are working to develop new software. United Virtualities (UV) in New York had developed Persistent Identification Element (PIE). -- "restores original cookies and places Macromedia Flash MX files on users' computers that can't be as easily deleted."

What the engines collect

Google balances privacy, reach by Elinor Mills, CNet (July 14)

"Privacy advocates say information collected at Yahoo, Microsoft's MSN, Amazon.com's A-9 and other search and e-commerce companies poses similar risks."

They do collect a considerable amount of information -- "As is typical for search engines, Google retains log files that record search terms used, Web sites visited and the Internet Protocol address and browser type of the computer for every single search conducted through its Web site. In addition, search engines are collecting personally identifiable information in order to offer certain services. "

Fear of Spyware and Adware

People are being more cautious and changing their practices for handling email and web surfing because of fear of spyware and other malignancies. Pew Internet and American Life surveyed by telephone 2,001 adult Americans May 4 to June 7.

+ 43% of internet users have had spyware or adware on their home computer
+ 68% of home internet users have experienced at least one computer problem in the past year that are consistent with problems caused by spyware or viruses
+ 48% of adult Internet users in the United States have stopped visiting specific Web sites that they fear might be harbouring unwanted programs.
+ 25% stopped using file-sharing software
+ 81% have become more cautious about e-mail attachments
+ 91% have made at least one behavioural change.

Spyware: The threat of unwanted software programs is changing the way people use the internet - PEW / Internet (July 6)

Summary in this press release.

Figures and anecdotes in Spyware changing online habits AP via News24 (July 7)

Reminder about Spyware

Outsmart spyware by Ken Feinstein, Insider Secrets, CNet -- Three tips for Windows XP users: Use System Restore, Get Security Pack 2, and use Spybot and Zone Alarm.

Freeware Utilities / Tools

Ian Richards at Tech Support Alert makes his list and evaluations of 46 Best-Ever Freeware Utilities available to everyone. There are recommendations here for virus checkers, adware/spyware/scumware removers, firewall, anonymous surfing, word processor, email client, spam filter, desktop search (Yahoo or Copernic) and dozens more.

Ian also writes the monthly Support Alert. Excellent.

Phishing for email addresses

Phishers get personal by Joris Evers, CNet news (May 26) - Scammers and phishers have figured out how to confirm email addresses at web sites that use the address for login. Phishing is practice of sending fraudulent emails to encourage the receiver to divulge a bank account or other sensitive information.

"In the technique described in the report, spammers and phishers automatically run thousands of e-mail addresses through Web site registration and password-reminder tools. Because many online businesses return a specific message when an e-mail address is registered with the site, attackers can find out whether that address represents a valid customer."

Some services - eBay is one - no longer use email addresses. There are ways to design the login to a site that protects users. Article has other points about how profilling works and how to foil the phishers.

Spyware Hot

Spying on the spyware makers - By Declan McCullagh, CNET News.com (May 4, 2005)

Interview with Ben Edelman, spyware expert. Edelman is a law student at Harvard University who has done battle with Gator on behalf of the Washington Post.

There are some very startling statements. Edelman says, "There's just a huge amount of money changing hands here. The biggest, richest American companies are buying advertising through spyware. The biggest, richest venture capital firms are investing in those who make this kind of unwanted software. That's names like American Express, Sprint PCS, Disney, Expedia, Guy Kawasaki's firm."

Expedia belongs to IAC, and IAC also owns Ask Jeeves which is also in hot water and which Edelman comments on in this interview. "The core problem is Ask Jeeves' installation practices. Sometimes their software gets installed without any notice or consent at all through security hole exploits."

There's more.

To protect your computer from spyware, see the articles about antispyware software in PC Magazine. Antispyware (Feb 2, 2005) Editor's Choice was Spy Sweeper 3.5 - has a 30 day trial, very easy to use.

URL Mistypes Dangerous

Scheme preys on people who mistype 'Google.com' by Matt Hines, ZDNet (Apr 27) -- don't type Googkle.com - you could end up with malicious programs on your computer.

"In an advisory, F-Secure strongly advises people not to go to Googkle.com. People who do so will see two pop-ups linked to Web sites that install the Trojan programs. One of the programs is a phishing-style Trojan that attempts to garner individuals' online banking information, while another drops phony antivirus alerts on the victim's desktop that attempt to lure people to other infected Web sites. "

Privacy in Search

What Search Sites Know About You by Joanna Glasner, Wired (Apr 5) -- Search engine track what people search. Most of the time you're anonymous to them, but privacy advocates are concerned about personal registration and tracking cookies. Article mentions Google (often critisized), Yahoo (personal registration), and MSN. Not a peep about A9 which probably collects more than any other search engine.

Amazon worries Privacy Advocates

Amazon knows you well -- too well for some, AP via Mercury News (Mar 25)

Privacy advocates are worried about the amount of information Amazon collects about its customers through their browsing and purchases at Amazon, and now through searches they do at A9. Amazon also has a website called 43 Things for matching people up with similar goals.

Of interest: "Udi Manber, A9's chief executive, says the idea behind A9 is to improve search, both on Amazon and in general. A9 is adding some Amazon functions, such as reviews and recommendations, to a system that searches the Yellow Pages.

But Manber said A9 has no current plans to link customers' Web searches with their Amazon shopping habits, even though data from both sites are stored using the same customer log-in.

Amazon's backing of 43 Things potentially gives it an opening into social networking. At the site, people list personal goals and find out who else shares their ambitions."

Fight Spyware

Antispyware By Konstantinos Karagiannis, PC World (Feb 2) Editor's Choice is Webroot's Spy Sweeper 3.5

EDS Canada Privacy and Identity Management Survey

Canadians susceptible to scams By JACK KAPICA, Globe and Mail Update (Feb 1) - Really? Are these the same Canadians who wouldn't shop online for fear that their credit card number would be stolen? Yes - and they are still very wary about credit card numbers but have been scammed over the phone and through email. Article has some statistics on the differences between Canadians and Americans in their views about privacy and practices to prevent identity theft. On the whole, Canadians are more cautious and expect more of organizations to protect their privacy.

EDS Canada Privacy and Identity Management Survey-was conducted by Ipsos Reid. "According to the survey of consumer habits, 61 per cent are willing to provide their postal code, 54 per cent will provide their address, 12 per cent will supply their account numbers and 10 per cent will supply passwords." They are getting caught by telephone scams and phishing through email (being sent to a bogus web site).

But -- " few Canadians are willing to disclose information about their social insurance numbers and credit and debit cards"

Google Hacking

A new book about using search statements to hack Google and dig out sensitive information has been published by Syngress Publishing, Inc -- Google Hacking for Penetration Testers (ISBN: 1-931836-36-1). The aim is to show security specialists how to protect their servers, but searchers could use the book to pick up some techniques. There are a few examples on the promotion page including one for finding ebooks -- filetype:lit lit (books|ebooks)

"Google Hacking for Penetration Testers” Shows How Bad Guys Use Portscans, CGI Scans, and Web Server Fingerprinting to Stroll in the Enterprise’s Back Door

Source: Mentioned in TVC Alert.

New book is very timely. A ZDNet article reported that Google hacking trend expected to boom in 2005 (Jan 14)

Fight Spyware

Spyware Vs. Anti-Spyware Newsweek (Jan 31). Says 80% of PCs in America are infected with spyware that tracks what you do and sends the information to advertisers, or worse, takes over your surfing. Lavasoft offers a free spyware fighter in Ad-Aware but will be selling a boxed version Ad-Aware SE Plus ($39.95 US).

Phishing

Phishers lie in wait for Google searchers by Munir Kotadia. CNet (Dec 1) "Phishers are setting up fraudulent e-commerce Web sites and simply waiting for victims using Google and other search engines to find them, a security company has warned." Main messages - don't click to download images. They may carry a worm.

Backup Data

Going Online to Save Data Safely by Reid Goldsborough, LinkUP Digital (Dec 2004) Backup data to an offsite storage site - could be your ISP or a for-fee service. Xdrive is still in business, and also IBackup.com

Beware Phishing

Don’t Let ‘Phishers’ Steal From You by Reid Goldsborough. LinkUp Digital (Nov 2004)

"Don’t click on links in any e-mail messages you receive that ask, or demand, that you update credit card, bank, Social Security, or other financial information or verify your password at eBay, PayPal, or other e-commerce Web sites. If you do, in all likelihood you’ll wind up spending many tedious hours trying to recover your stolen identity."

Points on what to watch for, what not to do, and what you should do.

You're not as safe as you think

Security for Internet Users Deemed Weak TED BRIDIS, Associated Press via Silicon Valley (Oct 25) Internet users aren't as safe as they think from spyware, malware and viruses.

Google's Desktop and Security Issues

Google's new PC search tool poses risks by ANICK JESDANUN, AP via Globe and Mail (Oct 19) Google's new desktop search tool raises privacy concerns if installed on a public access computer. Of course, the issue is a general one - policies to prevent unauthorized installation of software installs and to clean out histories of use.

Fraud based Web sites

Growing Menace of Fake Sites Dupe Users By Gregg Keizer, TechWeb News (Oct 11) -- " Fraud-based Web sites that purport to sell products and services but really only harvest credit card accounts and other personal information are on the upswing, an Internet content management vendor said Monday."

Trolling for sensitive information

Google Me Not by David Whelan. Forbes (AUg 16) Several stories about "sensitive, defamatory, confidential or embarrassing information" finding its way into search results.

MyDoom Attacks

Gang warfare is taking down the Net Robert Vamosi ZDNet (Aug 6) Denial-of-service attacks are getting worse - targeting Google, Microsoft, Akamai - the hackers want to take down the Internet. Vamosi doesn't think they'll succeed but everyone will have to be vigilant to protect their computers.

Anti-Spyware

Genie Tyburski in TVC Alert has some comments about Anti-Spyware Tools in response to an article in Wired on An Arsenal to Combat Spyware (June 25) Main message is to get protection. Spybot Search and Destroy is considered by many to be the best.

Also see Tyburki's checklist of things to do to protect your WIndows PC from viruses and worms: Worms Spreading via Web Sites (June 28)

Fight Spyware

Invading our virtual space Commentary: Honest marketing is worth fighting for by Bambi Francesco. CBS Marketwatch (April 20) Claria, formerly named Gator, has filed an initial public offering to raise money to carry on with its online ad programs - seen by most as abusive and intrusive. Francisco is "personally aggrieved that Wall Street is considering a capital financing to fuel this type of advertising".

PCWorld says -- Spyware's Victims Spread - Service firms, tech vendors say their time is stolen by a pest that's growing faster than viruses. (April 19) - 12% of tech support calls to Dell concern nonviral threats - spyware and adware and other malware that slow down a machine and can violate privacy.

Scott Spanbauer offers some Internet Tips - Fight Back Against Surveillance Software "Detect and disable keyloggers; reject e-mail return receipts; and use hardware and software firewalls." He recommends -- "Everyone who connects to the Internet should install and use both Ad-aware and Spybot as a matter of course". Includes a list of recommended programs.

Be alert to spyware

PC Magazine has a series of articles about spyware in the March 2004 issue. Start with Spy Stoppers by Cade Metz. Use the print version for the whole story. Opens with a warning that there are over 78,000 spyware programs, any one of which can make life with your computer a misery. Reviews several spyware programs and says that not one of them will be a cure-all but use one anyway. Sean Carrol gives tips on how to avoid spyware and Neil Rubenking lists 11 signs of spyware.

Block Adware and Spyware

Cloak and dagger inside the computer By GRANT BUCKLER, Globe and Mail Update (Jan 22) - Some Internet Service Providers are offering programs to detect and remove adware and spyware from clients' machines.

"While spam and viruses raised public concerns during the past year, 2004 will be "the year of the invisible threat," said Alex Leslie, vice-president of technology at AOL Canada in Toronto. "Spyware is a very large problem."

Sarai Zizniewski, senior product manager for core software at Earthlink, estimates 90 per cent of computer users have some type of spyware running on their machines."

Alltheweb and web beacons

Alltheweb is changing its privacy policy on February 7, 2004. The main change has to do with the use of Yahoo's web beacons to "research certain usage and activities on its and our website". They promise that no "personally identifiable information" is used. "The information collected through these web beacons is used to find out more about our users, for more accurate reporting, and to improve the effectiveness of our marketing. " The part about marketing is key - they want to direct advertisements. There is a method for opting out.

Spyware more prevalent

'Spyware' steps out of the shadows By John Borland CNET (November 19, 2003) Spyware is becoming much more sophisticated, dangerous, and hidden. It often comes attached to freeware programs - often browser add-ons - to serve ads, watch activity, and may be able to pick up confidential information (passwords, accounts etc). Article notes that "Most importantly, consumers should study software programs' terms of service before installing them, and use software such as Lavasoft's Ad-Aware if they think their computer might have spyware installed, it said."

Whois Data on Domain Registrations

Whois database 'contributes to fraud and ID theft' (November 07 2003) by Munir Kotadia. Silicon.com

"Whois, an online database that contains personal information about internet domain name holders, is a major contributor to identity theft and defies advice from the Federal Trade Commission (FTC), according to a group of civil liberties organisations. "

Whois data shows ownership information about a domain. This is useful to anyone vetting a site for bias and authority. But it also gives stalkers and spammers access to personal information. Many organizations are asking for anonymous registration - including including the American Library Association, the UK's Foundation for Information Policy Research, the Consumer Federation of America, the Australian Privacy Foundation and the Fédération Informatique et Libertés in France.

Expect changes.

Spyware

Othello goes on-line by Jack Kapica. Globe Technology (Sept 30)

Truly disconcerting - Lover Spy, "a suite of 16 spyware programs ... can secretly copy all e-mail, passwords, keystrokes, instant messages and on-line chat to the spy's mailbox. It will log all websites visited, offer complete access to the victim's computer files, remotely turn on the victim's web camera for visual spying, and can be programmed to alert the spy whenever certain key words are typed."

But Kapica points out that there are several software companies that can do this as well - legitimately - to control use of software programs. Microsoft and Symantec are two. Microsoft can even shut Office 2000 and above if it finds it on two machines.

Network Security

Special report on Network Security from BusinessWeek Online (Sept 16, 2003)

- Needed: A Security Blanket for the Net
- If These Networks Get Hacked, Beware
- Why Offices Are Now Open Secrets
- Which Antivirus Stock Is Safer?