Home Page Site Information Privacy and Cookies Policies emailSite Search Page Menu   Top of Page   

Technology News


Latest

2008   2009   2010   2011   2012   2013   2014   2015   2016   2017   2018   2019   2020   Latest  

 

Playing the EU's Silly Cookie Game...

Google's Chrome browser will ban 3rd party tracking cookies albeit over the course of two years


Link Here16th January 2020
Full story: EU ePrivacy Law...The Cookie Law: EU regulate consent for tracking cookies
Google is to restrict web pages from loading 3rd party profiling cookies when accessed via its Chrome browser. Many large websites, eg major newspapers make a call to hundreds of 3rd part profilers to allow them to build up a profile of people's browsing history, which then facilitates personalised advertising.

Now Google has said that it will block these third-party cookies within the next two years.

Tracking cookies are very much in the sights of the EU who are trying to put an end to the exploitative practise. However the EU is not willing to actually ban such practises, but instead has invented a silly game about websites obtaining consent for tracking cookies.

The issue is of course that a lot of 'free' access websites are funded by advertising and rely on the revenue from the targeted advertising. I have read estimates that if websites were to drop personalised ads, and fall back on contextual advertising (eg advertising cars on motoring pages), then they would lose about a third of their income. Surely a fall that magnitude would lead to many bankrupt or unviable websites.

Now the final position of the EU's cookie consent game is that a website would have to present two easy options before allowing access to a website:

  • Do you want to allow tracking cookies to build up a database of your browsing history
  • Do you NOT want to allow tracking cookies to build up a database of your browsing history

The simple outcome will be that virtually no one will opt for tracking, so the website will lose a third of its income. So it is rather unsurprising that websites would rather avoid offering such an easy option that would deprive them of so much of their income.

In reality the notion of consent it not practical. It would be more honest to think of the use of tracking cookies as a price for 'free' access to a website.

Perhaps when the dust has settled, a more honest and practical endgame would bea  choice more like:

  • Do you want to allow tracking cookies to build up a database of your browsing history in return for 'free' access
  • Do you want to pay a fee to enable access to the website without tracking cookies
  • Sorry you may not access this website

The EU has been complaining about companies trying to avoid the revenue destroying official consent options. A study just published observes that nearly all cookie consent pop-ups are flouting EU privacy laws.

Researchers at the Massachusetts Institute of Technology, University College London (UCL) and Aarhus University have conducted a joint study into the use of cookies. They analysed five companies which offer consent management platforms (CMP) for cookies used by the UK's top 10,000 websites.

Despite EU privacy laws stating that consent for cookies must be informed, specific and freely given, the research suggests that only 12% of the sites met the minimal requirements of GDPR (General Data Protection Regulation) law. Instead they were found to blanket data consent options in complicated site design, such as:

  • pre-ticked boxes burying decline buttons on later pages multiple clicks tracking users before consent and after pressing reject
  • Just over half the sites studied did not have rejecting all tracking as an option.
  • Of the sites which did, only 13% made it accessible through the same or fewer clicks as the option to accept all.
The researchers estimate it would take, on average, more than half an hour to read through what the third-party companies are doing with your data, and even longer to read all their privacy policies. It's a joke and there's no actual way you could do this realistically, said Dr Veale.

 

 

Offsite Article Searching for better privacy...


Link Here15th January 2020
Full story: Gooogle Privacy...Google sued for snooping on Iphone users
Google to strangle user agent strings in its chrome browse to hamper advertisers from profiling users via fingerprinting See article from zdnet.com

 

 

BT is developing an encrypted DNS server for its customers...

You'll be safer from snoopers, scammers and censors on public WiFi, but you'll still be easy prey to government snoopers and censors


Link Here 10th December 2019
Full story: UK Concerns over Encrypted DNS...UK internet censors vs DNS over HTTPS
The UK ISP BT has become the first of the major broadband providers to trial their own DNS over HTTPS resolver, which encrypts Domain Name System (DNS) requests.

This is response to Firefox offering its own choice of encrypted DNS resolver that would effectively evade BT's current unencrypted DNS resolver which allows the UK government to monitor and log people's internet use, block websites that are considered 'harmful'; snitch people up to the police for politically incorrrect comments; and snitch people up to copyright trolls over dodgy file sharing.

However BT's new service will allow people to continue using website blocking for parental control whilst being a lot safer from 3rd party snoopers on their networks.

BT have made the following statement about its experimental new service:

BT are currently investigating roadmap options to uplift our broadband DNS platform to support improvements in DNS security -- DNSSEC, DNS over TLS (DoT) and DNS over HTTPS (DoH). To aid this activity and in particular gain operation deployment insights, we have enabled an experimental DoH trial capability.

We are initially experimenting with an open resolver, but our plan is to move a closed resolver only available to BT customers.

The BT DoH trial recursive resolver can be reached at https://doh.bt.com/dns-query/

 

 

China is a little way ahead of Britain...

It now a requirement to provide a face scan when buying a new sim


Link Here3rd December 2019

 The Chinese government has taken yet another step in strengthening its ability to track and scrutinize its citizens' activities by mandating new SIM card buyers to register their faces with the government.

The new rules, which China will mandate cellphone companies with the responsibility of having customers scan their faces before buying a new SIM card or registering a new cellphone number at offline stores. The country's authorities already require users to link their national IDs to their cellphone numbers, but these latest regulations would incorporate the use of biometric authentication and artificial intelligence into its overarching surveillance regime.

No doubt the authorities have got some really nasty ideas lined up for the control of citizens using facial recognition technology. And no doubt they will selling these to teh est very shortly.

 

 

Tape over the camera...

That FBI warns smart TV users that they may being snooped upon


Link Here3rd December 2019
The FBI in Portland writesL

Smart TVs are called that because they connect to the Internet. They allow you to use popular streaming services and apps. Many also have microphones for those of us who are too lazy to actually to pick up the remote. Just shout at your set that you want to change the channel or turn up the volume and you are good to go.

A number of the newer TV's also have built-in cameras. In some cases, the cameras are used for facial recognition so the TV knows who is watching and can suggest programming appropriately. There are also devices coming to market that allow you to video chat with grandma in 42" glory.

Beyond the risk that your TV manufacturer and app developers may be listening and watching you, that television can also be a gateway for hackers to come into your home. A bad cyber actor may not be able to access your locked-down computer directly, but it is possible that your unsecured TV can give him or her an easy way in the backdoor through your router.

Hackers can also take control of your unsecured TV. At the low end of the risk spectrum, they can change channels, play with the volume, and show your kids inappropriate videos. In a worst-case scenario, they can turn on your bedroom TV's camera and microphone and silently cyberstalk you.

TVs and technology are a big part of our lives, and they aren't going away. So how can you protect your family?

  • Know exactly what features your TV has and how to control those features. Do a basic Internet search with your model number and the words "microphone," "camera," and "privacy."

  • Don't depend on the default security settings. Change passwords if you can -- and know how to turn off the microphones, cameras, and collection of personal information if possible. If you can't turn them off, consider whether you are willing to take the risk of buying that model or using that service.

  • If you can't turn off a camera but want to, a simple piece of black tape over the camera eye is a back-to-basics option.

  • Check the manufacturer's ability to update your device with security patches. Can they do this? Have they done it in the past?

  • Check the privacy policy for the TV manufacturer and the streaming services you use. Confirm what data they collect, how they store that data, and what they do with it.

 

 

More privacy, less state snooping...

Microsoft announces that it is in the process of implementing options to use encrypted DNS servers


Link Here19th November 2019
Full story: DNS Over Https...A new internet protocol will make government website blocking more difficult

Windows will improve user privacy with DNS over HTTPS

Here in Windows Core Networking, we're interested in keeping your traffic as private as possible, as well as fast and reliable. While there are many ways we can and do approach user privacy on the wire, today we'd like to talk about encrypted DNS. Why? Basically, because supporting encrypted DNS queries in Windows will close one of the last remaining plain-text domain name transmissions in common web traffic.

Providing encrypted DNS support without breaking existing Windows device admin configuration won't be easy. However, at Microsoft we believe that "we have to treat privacy as a human right. We have to have end-to-end cybersecurity built into technology."

We also believe Windows adoption of encrypted DNS will help make the overall Internet ecosystem healthier. There is an assumption by many that DNS encryption requires DNS centralization. This is only true if encrypted DNS adoption isn't universal. To keep the DNS decentralized, it will be important for client operating systems (such as Windows) and Internet service providers alike to widely adopt encrypted DNS .

With the decision made to build support for encrypted DNS, the next step is to figure out what kind of DNS encryption Windows will support and how it will be configured. Here are our team's guiding principles on making those decisions:

  • Windows DNS needs to be as private and functional as possible by default without the need for user or admin configuration because Windows DNS traffic represents a snapshot of the user's browsing history. To Windows users, this means their experience will be made as private as possible by Windows out of the box. For Microsoft, this means we will look for opportunities to encrypt Windows DNS traffic without changing the configured DNS resolvers set by users and system administrators.

  • Privacy-minded Windows users and administrators need to be guided to DNS settings even if they don't know what DNS is yet. Many users are interested in controlling their privacy and go looking for privacy-centric settings such as app permissions to camera and location but may not be aware of or know about DNS settings or understand why they matter and may not look for them in the device settings.

  • Windows users and administrators need to be able to improve their DNS configuration with as few simple actions as possible. We must ensure we don't require specialized knowledge or effort on the part of Windows users to benefit from encrypted DNS. Enterprise policies and UI actions alike should be something you only have to do once rather than need to maintain.

  • Windows users and administrators need to explicitly allow fallback from encrypted DNS once configured. Once Windows has been configured to use encrypted DNS, if it gets no other instructions from Windows users or administrators, it should assume falling back to unencrypted DNS is forbidden.

Based on these principles, we are making plans to adopt DNS over HTTPS (or DoH) in the Windows DNS client. As a platform, Windows Core Networking seeks to enable users to use whatever protocols they need, so we're open to having other options such as DNS over TLS (DoT) in the future. For now, we're prioritizing DoH support as the most likely to provide immediate value to everyone. For example, DoH allows us to reuse our existing HTTPS infrastructure.

...

Why announce our intentions in advance of DoH being available to Windows Insiders? With encrypted DNS gaining more attention, we felt it was important to make our intentions clear as early as possible. We don't want our customers wondering if their trusted platform will adopt modern privacy standards or not.

Technology News


Latest

2008   2009   2010   2011   2012   2013   2014   2015   2016   2017   2018   2019   2020   Latest