Displaying items by tag: Privacy

The news has been buzzing with talk of Google’s new combined privacy policies and the impact they will have on the user’s personal information. This is due to the way that Google is moving to a combined user format and will allow for the sharing of user information between different platforms and services. Now, we agree that this is not a good thing and is something that Google needs to reverse their decision on, but there is something else at stake here. This is something that most publications have missed the boat on and one that I think even Google has not considered…

The online activist collective known as Anonymous has undergone a lot of changes in the years that is has been around. We have followed them and covered some of their highlights (and some of their blunder). They provide an interesting commentary on society and the internet. In a time when it has been commented that the media controls the information and governments are abusing their power, they almost act like a policing body. This is not to say that the activities of their members are always honest and forthright, in fact there are times when members of the collective do things that are appalling. However, we are seeing them bring some corporate and governmental practices into the open.

After both SOPA and PIPA were publicly shelved the US government did what it always does. It finds a way to do what it wants, but by hiding it in other bills or (as is becoming more common) using trade agreements to by-pass laws altogether. This is exactly what we are seeing with ACTA and TPP. These two trade agreements are probably some of the most dangerous bits of work that we have read about in a very long time.

Anonymous had a rather big weekend starting off with taking down the CIA’s public website cia.gov. This was done through an interesting trick that appeared to be a combination of a DDoS and some DNS tinkering. On the day of the outage the CIA’s website resolved to 192.81.129.107 which when looked up showed as an address belonging to an IP pool in the UK. Once the attack was completed the site resolved to 192.81.129.130 which is undeniably part of the same range, but now shows as a US IP range.  Looking at the evidence this could possibly be a new form of attack from the collective. Unfortunately we just do not have enough information on the subject to be sure and the CIA is not releasing any new information.

It looks like Google is having more problems today that just a security issue with Google Wallet. EPIC (the Electronic Privacy Information Center) has filed suit against the Federal Trade Commission in order to force them to stop Google’s planned policy changes that will go into effect on March 1st.

It looks like the CarrierIQ debacle was quite possibly be a case of Chicken Little meets the digital era with a sinister plot twist. A few weeks ago the news broke that a software researcher (Trevor Eckhart) had found that software that was preinstalled on certain phones appeared to be acting like a keylogger. The hypothesis was based on finding two apps that he could not uninstall or stop. Then he discovered what looked like a link between these two apps and one of the debugging logs (that does record everything that you do). Eckhart announced his findings and a whirlwind of articles ran around the internet a few times.

With SOPA still a hot topic we are hearing about more fallout as lines are being drawn even between one time partners. We have heard that several members of the Business Software Alliance have asked the organization to pull all support from the dangerous and potentially damaging bill. The BSA has complied (for the most part) but has still left enough of an opening that not everyone is satisfied with the way things stand.

With everything going on in the world and the noise about SOPA the last thing we need is another scandal. Unfortunately that is exactly what we have with CarrierIQ, a tracking and metrics software that is reported installed on a majority of smartphones in the US. The news came to light after a software researcher named Trevor Eckhart stumbled across this on his HTC phone. Eckhart has even gone so far as to show that this software is capable of capturing key strokes (stored as key press events many with unique Key IDs), location data, and a great deal of other information from you as you use your phone.

Google has found a way to index comments made on websites that use either a Facebook plug-in or another third party comment system. The announcement of this was made last night via a tweet that stated “Googlebot keeps getting smarter” It then went on to explain that it is now able to execute AJAX/JS to index dynamic content.  This means that while the Google bot is crawling all over your favorite website and looking at what you are reading it can also crawl through your comments even if there are through Facebook.

Many sites have started using Facebook connect to make it easy for people to share and comment on articles. It makes sense after all; most sites have a Facebook page (we do of course) and most readers have one as well, so why not let someone log-in using Facebook instead of having to remember another username and password. It is also good for website owners as people are often less likely to make “rude” comments if it is tied to their Facebook profile.

The problem (well not really a “problem”) comes from losing out on some of the hits you might get from searches like Google or Bing. When you use these third party services for comments they are not really on your webpage but are rendered there by the plug in you use. By incorporating the AJAX commands Google can now dive into these linked comments and index them for search. This has the potential to replace the hours of SEO (Search Engine Optimization) work that web developers use to have to do to make up for this. So for web site developers and owners it is a great thing. For Google it is a great thing, the question is…. Is it a good thing for the average user?

You will no doubt hear that this is an invasion of personal privacy and that Google is up to its old tricks. As much as I dislike Google and think that they have little or no respect for people’s privacy, this time I have to say this is pretty much harmless. If you think about it anyone that frequents a website you comment on can see the name of your Facebook profile and if they wanted they can find you on Facebook. It does not take any type of rocket science to do this; Google indexing these comments is not going to make it any easier.

If you are worries about this I would suggest that you set your profile security so that your wall can only be viewed by people you have friended and not worry about it; after all almost everything that is posted or published to the web is crawled over by web bots. If the Internet was a house and the bots were bugs, it would be in serious need of an exterminator.

Discuss this in our Forum

Wow, file this one under both stupid and scary. It would seem that EA is seriously pushing the boundaries of acceptable behavior. Someone read the full EULA for this new service and has found a clause that is incredibly frightening. We went ahead and downloaded the installer and read and printed the EULA
Under a section marked “2. Consent to Collection and Use of Data”  we found the following;

“You agree that EA may collect, use, store and transmit technical and related information that identifies your computer (including the Internet Protocol Address), operating system, Application usage (including but not limited to successful installation and/or removal), software, software usage and peripheral hardware, that may be gathered periodically to facilitate the provision of software updates, dynamically served content, product support and other services to you, including online services. EA may also use this information combined with personal information for marketing purposes and to improve our products and services.  We may also share that data with our third party service providers in a form that does not personally identify you.  IF YOU DO NOT WANT EA TO COLLECT, USE, STORE, TRANSMIT OR DISPLAY THE DATA DESCRIBED IN THIS SECTION, PLEASE DO NOT INSTALL OR USE THE APPLICATION.
This and all other data provided to EA and/or collected by EA in connection with your installation and use of this Application is collected, used, stored and transmitted in accordance with EA’s Privacy Policy located at www.ea.com.  To the extent that anything in this section conflicts with the terms of EA’s Privacy Policy, the terms of the Privacy Policy shall control. “

Now, many companies collect hardware and peripheral data along with the installed version of the OS for a customer, but to actually say that a user’s personal information can be used for marketing is a little bit much. We could not find anything that limited this use to EA alone. In fact in EA’s Privacy Policy  (section 5. On Third Party Ad Serving Technology) it says;

“We or third parties operating the advertisement serving technology may use demographic information such as age and gender as well as information logged from your hardware or device to ensure that appropriate advertising is presented within the site, online or mobile product or service and to calculate or control the number of unique and repeat views of a given ad, and/or deliver ads that relate to your interests and measure the effectiveness of ad campaigns. We or third parties may log data for this purpose including IP address (including for purposes of determining your approximate geographic location), unique device I.D., information about your software, applications and hardware, browser information (and/or information passed via your browser), hardware, machine or device make and model, advertisement(s) served, in game location, length of time an advertisement was visible, other Internet and website usage information, web pages and mobile internet sites which have been viewed by you (as well as date and time), domain type, size of the advertisement, advertisement response (if any), and angle of view. The foregoing data may be used and disclosed per this policy and the privacy policy of the company providing the ad serving technology and to other third parties in a form that does not personally identify you.”


EA then goes on to say “EA will never share your personal information with third parties without your consent. We may, however, share anonymous, non-personal, aggregated and/or public information with third parties. There may be circumstances where you may share information on your own. Please see section XI for more details about your rights to information you share publicly on EA and other third party sites and forums. You may also opt in to allow EA to share your personal information with companies and organizations that provide products or services that we believe may be of interest to you. To opt out of further communications from a marketing partner or sponsor with whom your information has been shared, please contact that partner or sponsor directly.”

The hitch here is that by clicking on the “I agree” check box you are giving your consent.  We wonder how many people will be ok with this once they take a look at all of the facts. We will also be looking at EULA’s from other software distribution companies to see if theirs are any better in the next few days and will let you know what we find. For now we would advise people to take caution with Origin, it is not only the online content distribution application, but the replacement for the EA Downloader for patches and updates… This makes me consider removing some of the EA games that I have.  

The Whole EULA can be seen on our forum in PDF format