January 24, 2008 (Computerworld) A group of privacy advocacy organizations has filed a complaint with the U।S. Federal Trade Commission (FTC) alleging that Ask.com's recently launched AskEraser service does not live up to its promise of deleting users' search histories.
In an 11-page brief filed with the FTC last week (download PDF), the group claimed that the search engine company is indulging in deceptive and unfair trade practices with AskEraser and should be forced to withdraw the service। The Electronic Privacy Information Center (EPIC), the Center for Digital Democracy, Consumer Action and the Fairfax County Privacy Council are among those that filed the complaint.
Officials from IAC Search & Media's Ask.com did not immediately respond to a request for comment on the compliant. Ask।com's AskEraser service was unveiled on Dec. 11 and described at the time as a way for users to ask that their search activity data not to be retained on the company's servers.
Ask।com claimed that AskEraser, when enabled by the user, would completely delete search queries and associated cookie information from Ask.com servers -- including IP addresses, user IDs, session IDs and the text of queries made. The feature is available to users of the company's U.S. and U.K. search engines and is designed to give users more control over search data, the company said. In most cases, the deletion would take place within a few hours of the time a search is completed.
The reality, however, is quite different, said Marc Rotenberg, executive director of the Washington-based EPIC. He pointed to three problems. "When it was announced, there as a lot of hoopla over it," Rotenberg said. "So we decided to take a closer look and were kind of surprised. Some of the things that AskEraser does we don't think are very privacy-friendly."
The first issue is that users who want to enable the service must accept and install an AskEraser opt-out cookie on their system। That approach is both counterintuitive and misleading, Rotenberg said. Users who are concerned about privacy typically tend to delete cookies. For such users, the privacy settings on Ask.com are meaningless because each time the cookie is deleted, the settings are lost -- and Ask.com will no longer honor the user's privacy choice. Similarly, Ask.com offered no explanation for its policy of allowing the opt-out cookies to expire after two years.
Another troubling fact is that Ask।com's AskEraser service can be turned off without notice to the user, Rotenberg said। According to Ask.com's policies on its Web site, the company can disable the AskEraser service at any time -- to comply with a court order, for instance. In such cases, the company will retain search data, even if the AskEraser service appears enabled to the user, Rotenberg said. Without user notice, such a practice would be tantamount to spying on a user's search activity.
Another issue identified by the privacy advocacy groups has since been addressed by Ask।com, Rotenberg said। That had to do with Ask.com's previous practice of putting a date and time-stamp on the opt-out cookies when a user enabled the service. The information stored in the opt-out cookie's content field had the effect of turning the cookie into a unique identifier, Rotenberg said.
Since the issue was first raised by the privacy groups, Ask.com has stopped using time-stamps on its opt-out cookies, he said, arguing that that alone would appear to be a tacit admission from the company that the previous approach was problematic. Ask.com's relationships with various third-party advertisers and with Google Inc. also limit the efficacy of the privacy protections ostensibly offered via AskEraser, Rotenberg said. Though Ask.com itself has said it will not store any search data, there are no such restrictions on third parties tracking and storing the search histories of those who use Ask.com. Under a five-year agreement with Google signed last November, user search information from Ask.com is passed on to Google, raising serious privacy questions, Rotenberg said.
Thursday, January 24, 2008
They Can Get You Where You Live
Most people have a pre-conceived notion that if there computer has a firewall or the latest anti-virus protection they are completely safe from hackers. This is simply not true.
It doesnt matter if you have a firewall or not. Sure, it blocks some unwanted intrusion to your computer but it cant block them all because of the very nature of the system. Just like a tiny bug that comes from outside and enters your home all it needs is the smallest opening and its there! Web traffic has to pass through firewalls to access your computer and even the best firewalls cannot process all the hugh amounts of inbound information.
Before a hacker can hack they have to talk to a computer in its own native tongue. Much of the time its HTML (hypertext markup language), but it can be Java, XML, Perl or a number of others. Most successful hackers have much more than a basic knowledge of computer languages as well as how security systems function. A hacker can be anybody with enough knowledge of computer languages and a great deal of computer savvy to look at a URL string and read between the lines. All a hacker needs to do is request information from web sites, servers or PCs using there unique knowledge of computer languages by using simple-well placed codes that may seen trivial yet extract a great deal of what you thought was secure information about you or your business. A hacker can, with persistence get administrative control of a web page and do just about anything to it like changing colors, graphic, text or Meta tags.
The only tools a hacker needs is an internet browser and a target URL. Broadly speaking a URL structure is: Protocol://sever/path/to/resourse?parameters This roughly translates to: http://targetsite.com/directory/files
When you open your browser to a web page whats viewed is what the browser interprets and displays. There is an ocean of information behind the pictures and text. On a typical web page, not readily available to the human eye but can be found none the less is information such as the HTML source code, source code keywords, hidden parameters, hyperlinks and a whole lot more. The more a hacker knows the better they can plan an attack. These people are very good at tricking a web server to release a source code for an application or script without it being executed. With enough prodding and poking at a web server they can view the original source code of the HTML content generated by the script. The method of attack will depend on what the hacker learns from the information accumulated from the server side, browser or client side.
Protocols
HTTPS is a protocol used for encrypted traffic within an HTTP stream. HTTPS is mainly used by sites that offer security where credit card and bank account numbers are used. Another level of security is the Secure Sockets Layer set of protocols (SSL) that has become a standard way to communicate between a web browser and a web site when a high level of security is needed. Not only that, but it can help secure e-mail, file downloads, and chat line conversations by using File Transfer Protocols (FTP) that works with SSL. Without this type of security in place it is relatively easy for someone to read the information you are transmitting. The thing to know here is that SSL only secures information in transit (between computer and website). It does not and will not guarantee security at your end and the site you are viewing! You will have to trust security measures at the site you are viewing and rely on your own computers virus and firewall protection. SSL uses a symmetric key cryptography for encryption, meaning the client and server uses the same key to encrypt and decrypt communication. If a hacker can decode the encryption key they can decipher the message coming in and going out.
Cookies
Many sites you visit will set a cookie on your system when you view that site. The purpose of cookies is to give you easier and faster access to the sites resources and to identify you later if you choose to purchase a product from them. This cookie will keep your personal information such as name, address and credit card number on their file in case you visit them again at a later date. The site itself has its own cookie system with the same personal information so when some user logs in they know who they are, what was ordered previously and what credit card was used so they can give you the use same and credit card? option. Because a lot of websites have security vulnerabilities hackers can view there cookies and retrieve credit card numbers and other personal info. Most web browsers let a user delete cookies on there system, either all of them or manually but they are still on the website visited. A common problem is if you punch in http://buyitnowsite.com and it sets up a cookie on your system, the creator of that cookie may have specified the domain type as site.com rather than buyitnow.com. Your browser then will offer up that cookie to any page in the same domain like virusdownloadsite.com (for example) or any site that you visit which may not have good intentions for you. This can lead to other sites having access to your personal information not intended for them. This could have been prevented if the technician who created that cookie made it specific enough to include the whole site name (buyitnow) in the coding. Really cookies are not intended to store information like user names and passwords, but unfortunately it is a common practice with websites and a hacker can view this information when infiltrating them. The best way to combat against cookie threats is through cookie management software that gives you full control over the use of cookies, which should include:
* Disable the sending and saving of cookies
* Notification before a cookie is sent
* Control of sending and receiving cookies based on the domain
* Look at and delete the contents of cookies
Most internet browser should give you a whole lot more options for cookies in the advanced tab or you can buy cookie software to have complete and easy access over all cookies.
I have mentioned here only a few areas of concern on protecting computer systems and internet browsing but there are others left untouched due to space ( one could write a book on the subject) but I hope you can see we are at more risk than you think. Because many of us have so easy access to the internet like an always on connection computers and servers will always be a target for hackers. Also the speed of connecting increases the risk of attack and the harder it will be to filter that access and make it harder for hackers. Even though we may never be completely safe from hackers there are things we can do to make there job harder. Never store personal information (passwords, credit card numbers) on your PC; instead use a floppy dick or CD for your private information and eject it from your PC when done. A general rule on firewalls is to block all incoming traffic that you didnt initiate. Dont run applications you are not familiar with and take what you download! Most important is to backup everything on your computer and make a bootable disk that you know is clean from infection.
It doesnt matter if you have a firewall or not. Sure, it blocks some unwanted intrusion to your computer but it cant block them all because of the very nature of the system. Just like a tiny bug that comes from outside and enters your home all it needs is the smallest opening and its there! Web traffic has to pass through firewalls to access your computer and even the best firewalls cannot process all the hugh amounts of inbound information.
Before a hacker can hack they have to talk to a computer in its own native tongue. Much of the time its HTML (hypertext markup language), but it can be Java, XML, Perl or a number of others. Most successful hackers have much more than a basic knowledge of computer languages as well as how security systems function. A hacker can be anybody with enough knowledge of computer languages and a great deal of computer savvy to look at a URL string and read between the lines. All a hacker needs to do is request information from web sites, servers or PCs using there unique knowledge of computer languages by using simple-well placed codes that may seen trivial yet extract a great deal of what you thought was secure information about you or your business. A hacker can, with persistence get administrative control of a web page and do just about anything to it like changing colors, graphic, text or Meta tags.
The only tools a hacker needs is an internet browser and a target URL. Broadly speaking a URL structure is: Protocol://sever/path/to/resourse?parameters This roughly translates to: http://targetsite.com/directory/files
When you open your browser to a web page whats viewed is what the browser interprets and displays. There is an ocean of information behind the pictures and text. On a typical web page, not readily available to the human eye but can be found none the less is information such as the HTML source code, source code keywords, hidden parameters, hyperlinks and a whole lot more. The more a hacker knows the better they can plan an attack. These people are very good at tricking a web server to release a source code for an application or script without it being executed. With enough prodding and poking at a web server they can view the original source code of the HTML content generated by the script. The method of attack will depend on what the hacker learns from the information accumulated from the server side, browser or client side.
Protocols
HTTPS is a protocol used for encrypted traffic within an HTTP stream. HTTPS is mainly used by sites that offer security where credit card and bank account numbers are used. Another level of security is the Secure Sockets Layer set of protocols (SSL) that has become a standard way to communicate between a web browser and a web site when a high level of security is needed. Not only that, but it can help secure e-mail, file downloads, and chat line conversations by using File Transfer Protocols (FTP) that works with SSL. Without this type of security in place it is relatively easy for someone to read the information you are transmitting. The thing to know here is that SSL only secures information in transit (between computer and website). It does not and will not guarantee security at your end and the site you are viewing! You will have to trust security measures at the site you are viewing and rely on your own computers virus and firewall protection. SSL uses a symmetric key cryptography for encryption, meaning the client and server uses the same key to encrypt and decrypt communication. If a hacker can decode the encryption key they can decipher the message coming in and going out.
Cookies
Many sites you visit will set a cookie on your system when you view that site. The purpose of cookies is to give you easier and faster access to the sites resources and to identify you later if you choose to purchase a product from them. This cookie will keep your personal information such as name, address and credit card number on their file in case you visit them again at a later date. The site itself has its own cookie system with the same personal information so when some user logs in they know who they are, what was ordered previously and what credit card was used so they can give you the use same and credit card? option. Because a lot of websites have security vulnerabilities hackers can view there cookies and retrieve credit card numbers and other personal info. Most web browsers let a user delete cookies on there system, either all of them or manually but they are still on the website visited. A common problem is if you punch in http://buyitnowsite.com and it sets up a cookie on your system, the creator of that cookie may have specified the domain type as site.com rather than buyitnow.com. Your browser then will offer up that cookie to any page in the same domain like virusdownloadsite.com (for example) or any site that you visit which may not have good intentions for you. This can lead to other sites having access to your personal information not intended for them. This could have been prevented if the technician who created that cookie made it specific enough to include the whole site name (buyitnow) in the coding. Really cookies are not intended to store information like user names and passwords, but unfortunately it is a common practice with websites and a hacker can view this information when infiltrating them. The best way to combat against cookie threats is through cookie management software that gives you full control over the use of cookies, which should include:
* Disable the sending and saving of cookies
* Notification before a cookie is sent
* Control of sending and receiving cookies based on the domain
* Look at and delete the contents of cookies
Most internet browser should give you a whole lot more options for cookies in the advanced tab or you can buy cookie software to have complete and easy access over all cookies.
I have mentioned here only a few areas of concern on protecting computer systems and internet browsing but there are others left untouched due to space ( one could write a book on the subject) but I hope you can see we are at more risk than you think. Because many of us have so easy access to the internet like an always on connection computers and servers will always be a target for hackers. Also the speed of connecting increases the risk of attack and the harder it will be to filter that access and make it harder for hackers. Even though we may never be completely safe from hackers there are things we can do to make there job harder. Never store personal information (passwords, credit card numbers) on your PC; instead use a floppy dick or CD for your private information and eject it from your PC when done. A general rule on firewalls is to block all incoming traffic that you didnt initiate. Dont run applications you are not familiar with and take what you download! Most important is to backup everything on your computer and make a bootable disk that you know is clean from infection.
No comments:
Keywords:
advertising,
behavioral targeting,
cookies,
delete cookies,
google,
iab,
privacy
Keywords:
advertising,
behavioral targeting,
cookies,
delete cookies,
google,
iab,
privacy
Wednesday, January 23, 2008
Are Cookies Evil?
Are cookies are bad and do they invade your privacy? We're not talking about the kind of cookie you eat, we're talking about computer cookies! It's not really true that cookies are evil.
So, what is a cookie, what's it made of and what does it do? A cookie is a tiny text file that a web site can put on your computer as you browse the pages on that web site. One thing people don't understand is that a web site can only read and write its own cookies, it cannot access another web site's cookies. Cookies are used for storing various items of information, such as a name, or a selection choice you made. This information will be read back from the when you load other pages on the site, or, on return visits to the site.
What reason does a web site need to use cookies? Web browsers are stateless, stateless means that as you through various pages on a web site, each of those pages is a separate and distinct action. For example, the web server does not know it's the same person that was on the home page that made the request for the order page. This is very different from desktop applications like Microsoft Excel that you run on your computer. The web server sees all page requests as individual requests for pages, not as a continuous visit from you. As you move through a web site and select things and make choices, what keeps you from having to reenter or reselect that information as you load each page? Usually the answer is a cookie. A cookie can be used by the web server to keep track of you as a user so that as you navigate from page A to page B, the web server knows it's you and the developer of the web site can reference those items stored in your cookie to maintain a stateful experience for your session or visit to the web site.
Occasionally, you may want or need to delete your cookies.
You can delete your cookies a few ways. Most web browsers (Microsoft Internet Explorer, Netscape, FireFox, Opera, etc.) have different ways to do this, so consult the help for your browser on how to delete the cache files and cookies. There are also several software packages to clean your PC and these packages also delete cookies.
Using cookies improves your user experience when browsing the Internet. Is there a security risk or danger to cookies? A web site can use cookies for saving information that you enter into forms on web pages and that's where security concerns arise. Usually this never causes any problem, however, before letting someone use your computer, or taking your computer somewhere to be repaired or serviced, always delete your browser's cache AND cookies!
Each browser is different, so consult your help files for the browser you use (Microsoft Internet Explorer, Netscape, FireFox, Opera, etc.) for how to delete the cache files and cookies.
So, what is a cookie, what's it made of and what does it do? A cookie is a tiny text file that a web site can put on your computer as you browse the pages on that web site. One thing people don't understand is that a web site can only read and write its own cookies, it cannot access another web site's cookies. Cookies are used for storing various items of information, such as a name, or a selection choice you made. This information will be read back from the when you load other pages on the site, or, on return visits to the site.
What reason does a web site need to use cookies? Web browsers are stateless, stateless means that as you through various pages on a web site, each of those pages is a separate and distinct action. For example, the web server does not know it's the same person that was on the home page that made the request for the order page. This is very different from desktop applications like Microsoft Excel that you run on your computer. The web server sees all page requests as individual requests for pages, not as a continuous visit from you. As you move through a web site and select things and make choices, what keeps you from having to reenter or reselect that information as you load each page? Usually the answer is a cookie. A cookie can be used by the web server to keep track of you as a user so that as you navigate from page A to page B, the web server knows it's you and the developer of the web site can reference those items stored in your cookie to maintain a stateful experience for your session or visit to the web site.
Occasionally, you may want or need to delete your cookies.
You can delete your cookies a few ways. Most web browsers (Microsoft Internet Explorer, Netscape, FireFox, Opera, etc.) have different ways to do this, so consult the help for your browser on how to delete the cache files and cookies. There are also several software packages to clean your PC and these packages also delete cookies.
Using cookies improves your user experience when browsing the Internet. Is there a security risk or danger to cookies? A web site can use cookies for saving information that you enter into forms on web pages and that's where security concerns arise. Usually this never causes any problem, however, before letting someone use your computer, or taking your computer somewhere to be repaired or serviced, always delete your browser's cache AND cookies!
Each browser is different, so consult your help files for the browser you use (Microsoft Internet Explorer, Netscape, FireFox, Opera, etc.) for how to delete the cache files and cookies.
Subscribe to:
Posts (Atom)