Archive for the ‘Security’ Category

The Fate Of The Free Internet Goes Up For Vote In December

The fate of the free Internet will be decided at a private meeting in Dubai on December 3. UN member nations will argue for or against a plan that would give control of the Internet to the ITU, instead of the current NGO multiple stakeholder approach. Some within the US government have alreadyvoiced their opposition, and now the EU is joining them.

Wired UK reports that the European Parliament has issued a resolution against a potential takeover of the Web by the ITU. The resolution contains many of the same arguments that people like Vint Cerf have said about the proposed UN regulation.

Should the UN and its member nations be given absolute authority over the core framework of the Internet? Let us know in the comments.

There’s a lot of good stuff in the EP resolution, and other nations, including the US, would be wise to wied these arguments during negotiations next month:

1. Calls on the Council and the Commission to ensure that any changes to the International Telecommunication Regulations are compatible with the EU acquis and further the Union’s objective of, and interest in, advancing the internet as a truly public place, where human rights and fundamental freedoms, particularly freedom of expression and assembly, are respected and the observance of free market principles, net neutrality and entrepreneurship are ensured;

2. Regrets the lack of transparency and inclusiveness surrounding the negotiations for WCIT‑12, given that the outcomes of this meeting could substantially affect the public interest;

3. Believes that the ITU, or any other single, centralised international institution, is not the appropriate body to assert regulatory authority over either internet governance or internet traffic flows;

4. Stresses that some of the ITR reform proposals would negatively impact the internet, its architecture, operations, content and security, business relations and governance, as well as the free flow of information online;

5. Believes that, as a consequence of some of the proposals presented, the ITU itself could become the ruling power over aspects of the internet, which could end the present bottom-up, multi-stakeholder model; expresses concern that, if adopted, these proposals may seriously affect the development of, and access to, online services for end users, as well as the digital economy as a whole; believes that internet governance and related regulatory issues should continue to be defined at a comprehensive and multi-stakeholder level;

6. Is concerned that the ITU reform proposals include the establishment of new profit mechanisms that could seriously threaten the open and competitive nature of the internet, driving up prices, hampering innovation and limiting access; recalls that the internet should remain free and open;

7. Supports any proposals to maintain the current scope of the ITRs and the current mandate of the ITU; opposes any proposals that would extend the scope to areas such as the internet, including domain name space, IP address allocation, the routing of internet-based traffic and content-related issues;

8. Calls on the Member States to prevent any changes to the International Telecommunication Regulations which would be harmful to the openness of the internet, net neutrality, the end-to-end principle, universal service obligations, and the participatory governance entrusted to multiple actors such as governments, supranational institutions, non-governmental organisations, large and small businesses, the technological community and internet users and consumers at large;

9. Calls on the Council to coordinate the negotiation of the revision of the ITRs on behalf of the European Union, on the basis of inclusively gathered input from multiple stakeholders, through a strategy that primarily aims at ensuring and preserving the openness of the internet, and at protecting the rights and freedoms of internet users online;

10. Recalls the importance of safeguarding a robust best-effort internet, fostering innovation and freedom of expression, ensuring competition and avoiding a new digital divide;

11. Stresses that the ITRs should state that the ITU recommendations are non-binding documents which promote best practices

There’s a lot here, but the central fears of an ITU takeover are two-fold. For one, the proposed Internet tax system would greatly affect how companies do business around the world. A leaked document said that some nations are pushing for a global Internet tax. In effect, nations would have the power to tax companies like Google in return for being allowed to operate in those nations. One can already see the potential abuse this system would bring.

The other is far more serious, and one of the reasons why nations like Iran and China are pushing so hard for this. It would allow individual nations to control how the Internet operates in their country even more thus leading to even more censorship. Iran is already developing its own private Internet, but a change to the ITU would make that internationally endorsed.

Do you think nations should have the right to charge an Internet tax to companies like Google? Let us know in the comments.

As you can see, there’s a lot at stake here and many are concerned about the potential impact the ITU meeting will have on the Web. Companies like Google are already beginning protest movements and asking for people to submit their stories on why a free and open Internet is important to them.

Following Google’s lead, Mozilla has also started its own campaign to help organize protests against an ITU takeover of the Internet. The non-profit put forth a compelling reason to reject any potential takeover of the Web:

Whether the Internet is regulated by governmental treaties via the ITU and to what extent, is a vitally critical question. In fact it is so critical it can’t be done behind closed doors. The Internet as we know it today is just too fundamental to our lives to leave it to governments to decide its fate.

Mozilla’s mission is to promote openness, innovation and opportunity on the Web. We do this first and foremost by building great products. But, as any Mozillian knows — the story is much more than the latest release or coolest hack. The Internet depends critically on a human network of communities and relationships, and Mozilla builds movements that strengthen the Web.

ACTA and SOPA were expected to pass with little to no resistance, but the Internet proved those assumptions wrong. The ITU would be wise to heed the voice of the Internet, and not go forward without taking its users into account. If not, it’s only a matter of time before it’s deemed irrelevant alongside everything else that refuses to acknowledge the Internet as a living, breathing entity that can’t be contained.



Archify Is A Tool You Might Actually Want Tracking Everything You Do Online

Sometimes people actually wish everything they did was tracked online. That may be a hard concept for some to swallow, but surely you’ve encountered an experience where you ran across some piece of online content, but then want to see it again, days later, only to realize that you can’t find it. You can’t remember where you saw it, and you can’t find it with a search. This has actually happened to me more times than I care to admit.

This is an issue that Archify is trying to solve. It’s a browser plug-in aimed at being your archive for the web. It’s pretty simple really.

“Have you ever wondered how you can have all your online content in one single place?” Archify asks in its pitch. “All your Facebook and Twitter updates, your email conversations, the websites you’ve recently seen…every day, you use different devices and different browsers to access your online content. The footprints of your online journey are scattered and lost over time. Wouldn’t it be great to have your own personal archive of things which matter most to you?”



Launched in limited beta earlier this year, Archify is now available to all.

With the tool, you can search your archive from your Gmail account, from the browser plug-in, from, or even from Google itself, as the plug-in will add archive results to the Google search page.

It even comes with an analytics suite, so you can learn more about your Internet browsing behavior, and see stats like what sites you visit most often, where you spend most of your time, and what time of day/week you’re most active.


Facebook, Dropbox Apps Store Personal Info…

Facebook, Dropbox Apps Store Personal Info In Unsecured Plain Text Files


A somewhat troubling security flaw has been found in the mobile apps for Facebook and Dropbox. It seems that both apps (and others, presumably) store access tokens in an unsecured plain text .plist file that can be easily accessed with certain free file management tools. Also, the flaw is found in both the iOS and Android versions of Facebook, though Dropbox’s Android version stores the file more securely.

The problem was first discovered by Gareth Wright, who was exploring the practice of modifying .plist files as a means of cheating on certain iOS games. When digging through OMGPOP’s popular Draw Something app, Wright found an access token for Facebook stored in plain text within the app.

This led him to begin poking around the Facebook app itself, where he discovered that the app stored an oAuth key in plain text as well, completely unencrypted. This key allowed complete access to Wright’s Facebook account when he transferred it to a friend’s phone. When Wright contacted Facebook about the problem they replied that they were aware of it and working on a fix.

Following up on Wright’s work, The Next Web managed to get a fuller statement out of Facebook. They claim that the exploit only works if a user’s phone is jailbroken. This, however, is false, as the tool Wright was using, iExplorer, works perfectly well on non-jailbroken devices. Moreover, Wright says that it also works on passcode protected devices.

The Next Web was also able to duplicate Wright’s work with the Dropbox iOS app. Using iExplorer, they copied a plain text .plist file from one device to another, and used it to gain access to the first user’s Dropbox account on the second phone. When asked for comment, Dropbox told them that it was aware of the issue and was currently preparing an iOS update that would fix the problem.

Now, before you get too freaked out about this flaw, it’s worth noting one important fact: tools like iExplorer have to be physically connected to your device in order to gain access. That means that for someone to access these plain text files on your phone, they have to actually have possession of it. Which means that only someone to whom you give your phone, or who finds it when you lose it, or who steals it could possibly be able to use this exploit to get at your personal data. That means that while this is a pretty serious oversight, it’s not much of a direct threat to the average user, as long as they retain physical control of their device.

Google Code Jam 2012 Now Accepting Challengers

    Last year’s winner helped cure Goro’s anger


Code Jams are kind of like the Olympics for developers and programmers. It’s a grueling days long competition to see who can solve the most challenging algorithms that the organizer of the event can throw at them. If that sounds like your kind of thing, Google wants to you to compete in their event.

Google announced yesterday on their blog that Code Jam 2012 registration is now open. Google’s Code Jam has been going on since 2003 with this year’s contest looking to be the biggest.

Makoto Soejima took home the first place prize last year. He had to get through various challenges and hardships such as building a house for kittens and helping Goro of Mortal Kombat fame through anger management. You may be wondering what any of these have to do with coding? Just check out the problem from the aforementioned Goro scenario and watch as your brain shuts down over what it just processed.

Participants for the Code Jam will come from all over the world to prove their merit against the sure to be daunting challenges. Thankfully, participants can use whatever programming language they’re most familiar with to tackle the algorithms.

The qualification rounds will take place on April 13, so you just have a little under a month to get ready. Those who pass this round will compete in three more online rounds over the next few months. The top 25 contestants will be flown to New York City on July 25 to compete in the final round that will net the winner $10,000.

While I’m in no way confident in my ability to solve these problems, let alone basic algorithms, you can register to compete in the Code Jam now. If you’re a little rusty, the Google blog post provides competitors with the four final problems from last year.

About Zach Walton
Zach Walton is a Writer for WebProNews. He specializes in gaming and technology. Google+

Consumer Privacy ‘Bill of Rights’

via The Huffington Post

Consumer Privacy ‘Bill of Rights’ Seeks To Give Web Users More Control Over Their Data

The Obama administration on Thursday will unveil a consumer privacy “bill of rights” that aims to give web users more control over how their personal information is collected and used online.

The “bill of rights” will include seven principles to protect consumers’ digital privacy, such as the right to opt out of having their personal data collected and the right to having easily understandable policies on company’s privacy practices, Obama administration officials said on a conference call with reporters Wednesday.

The principles will include creating a setting on web browsers that allows Internet users to opt out of having their browsing habits monitored. The advertising industry also committed to not releasing consumers’ browsing data to companies that use it for purposes beyond advertising, such as employers making hiring decisions or insurers determining coverage, officials said.

“It’s great to see that companies are stepping up to our challenge to protect privacy so consumers have greater choice and control over how they are tracked online,” Federal Trade Commission Chairman Jon Leibowitz said in a statement. “More needs to be done, but the work they have done so far is very encouraging.”

In coming weeks, the Commerce Department will bring together companies, privacy advocates and other stakeholders to develop privacy policies based on principles outlined in the bill of rights, officials said. Though companies are not required to follow the principles, about 90 percent of companies involved in targeted online advertising have agreed to comply, Stu Ingis, general counsel for the Digital Advertising Alliance, a group of digital advertising trade organizations, told reporters on the conference call. Those companies could be subject to FTC enforcement for not adhering to the principles, officials said.

Officials said the bill of rights will serve as a blueprint for legislation in Congress to protect consumers’ online privacy. Last year, at least two bills were introduced in support of a “Do Not Track” mechanism that would give web users control over online tracking, but did not pass.

Thursday’s announcement comes as a growing number of privacy failings by tech companies have fueled concerns that consumers do not have control over how their personal information is being collected and shared.
In the last few weeks, Google was caught bypassing privacy settings on Apple’s Safari browser to track the browsing habits of Internet users. Google disabled the code after being contacted by the Wall Street Journal, which first reported the story last week.

In addition, the mobile social network Path was found downloading users’ address books without their permission.

“Silicon Valley has a privacy problem,” said Jonathan Mayer, a graduate student at Stanford University who discovered Google was using a special computer code to monitor Safari web users. “It’s very clear that companies have repeatedly fallen short in taking measures to protect users’ information.”

“For the moment, the M.O. in Silicon Valley is ‘do as much as you can until somebody slaps your hand,'” Mayer said.

The FTC, which regulates the use of consumers’ data online, has become more aggressive in protecting that data. Last March, Google settled charges from the FTC that it used deceptive tactics and violated its own privacy promises to consumers when it launched its social network, Google Buzz, in 2010. Last November, Facebook agreed to settle FTC charges that it deceived consumers by telling them they could keep their information private on the social network, and then repeatedly allowed it to be shared and made public.

Google set off more privacy concerns last month when it announced in a blog post that it will revise its own privacy policies to track users across all of its products. This prompted consumer groups to file complaints with the FTC, arguing that Google was violating the commission’s order as part of last year’s settlement.

“The FTC takes compliance with our consent orders very seriously and always looks carefully at any evidence that they are being violated,” an agency spokeswoman said in response to the complaints.

Web companies are required to issue statements to consumers about their privacy policies. But most privacy statements are so dense that consumers don’t read them and there are no clear guidelines about what those privacy statements should say, said Ashkan Soltani, a noted privacy researcher. Many do not fully explain how companies use consumers’ data, he said. It has often taken the work of independent researchers like Soltani, Mayer and others to shed light on how these companies are collecting, storing and distributing user information.

Soltani said that web companies are generating revenue by collecting user data and selling access to that information for third-party advertising. The public is mostly unaware of these practices, however, and web companies are getting into trouble because they are not asking users for permission, he said.

“They haven’t used good manners,” Soltani said. “They’ve decided to take it without asking.”




Web Hosting Specials