privacy | General Musing

Posts Tagged ‘privacy’

Privacy and Mobile ID

Privacy and Mobile ID

SecureIDNews | Researchers test privacy and mobile ID

App enables relying parties to see only relevant data Gina Jordan, contributing editor, Avisian Publications With the emergence of Google Wallet and the slow migration toward mobile payment transactio…

View or comment on Daniël Crompton’s post »

About these ads

Written by Daniël W. Crompton (webhat)

July 9, 2012 at 3:58 pm

Posted in Uncategorized

Tagged with id, identification, identity, mobile, privacy

FaceBook killing permanent Offline Access

leave a comment »

FaceBook killing permanent Offline Access in October

Finally the perpetual Offline Access for apps will be removed in October, it will be replaced with a short-lived or long-lived access_token depending on the environment. In October all existing offline_access access_tokens will have their expiration time truncated to 60 days.

This means that as long as users visit the app the new access_token is updated to enable the app to access the data in offline mode, if the user doesn’t use the app the access…

Removal of offline_access permission

View or comment on Daniël Crompton’s post »

Written by Daniël W. Crompton (webhat)

July 6, 2012 at 2:14 pm

Posted in Uncategorized

Tagged with facebook, privacy

Encrypted Disks #security #privacy

leave a comment »

Encrypted Disk

I just saw this question: I have an external 3Tb Hard drive formatted as Mac OS Extended (Journaled, Encrypted) with 10.7.1. Just wondering if 10.6 can also access this external hard drive ?

And saw this answer: I strongly recommend against encrypting anything unless you really really really have to. The only one it will ultimately keep away from your data is yourself.

It’s stupid answers like this that allow people to lose their identity when their phone, computer or harddisk is stolen. By encrypting your data you are wisely protecting your data from theft, and ensuring that when you do suffer the loss of a device you don’t compound that loss with your identity or other valuable data. It is in exceptional circumstances that you lose your data due to the encryption, this is not likely to happen.

The first thing I do on my computer is set up an encrypted disk, you should too.

source

Image source: Sebastian Fritzon

View or comment on Daniël Crompton’s post »

Written by Daniël W. Crompton (webhat)

June 28, 2012 at 2:53 pm

Posted in Uncategorized

Tagged with computer, disk, encryption, fulldisk, harddisk, privacy, security

Privacy Settings

leave a comment »

Privacy Settings

I like many of the apps that show you the importance of having you privacy settings set up right. Personally I would prefer to have most everything public, with a few exception. I just don’t post anything I wouldn’t tell a stranger.

http://weknowwhatyouredoing.com/

View or comment on Daniël Crompton’s post »

Written by Daniël W. Crompton (webhat)

June 28, 2012 at 7:32 am

Posted in Uncategorized

Tagged with privacy, security

FaceBook Turns on @facebook.com Address

leave a comment »

FaceBook Turns on @facebook.com

In the last days Facebook turned your @facebook.com mail address into the default one shown on your profile.

You can change it back on the About page of your profile. Wisely they didn’t put it in your Account Settings as it would easily be found there.

View or comment on Daniël Crompton’s post »

Written by Daniël W. Crompton (webhat)

June 26, 2012 at 11:12 pm

Posted in Uncategorized

Tagged with facebook, mail, privacy

6 Months of Security Links #2011

leave a comment »

I’m a regular curator of daily links, and like to give overviews of my collection of curated links and posts. This is partly as there are some good sources and articles in here and as I am working on a research project which I started based on a number of books I read.

I’m sure you’ll find something interesting in the items below – there are some gems in the list – and I dare to hazard the guess you might learn something you wanted to know.

Read the rest of this entry »

Written by Daniël W. Crompton (webhat)

July 15, 2011 at 4:10 pm

Posted in tagging

Tagged with 2010, 4chan, 802.11, aclu, advertising, airplane, airport, algorithm, analysis, audio, audit, authentication, authority, authorization, availability, backbone, bandwidth, bias, biases, biometrics, bluetooth, botnet, browser, bruceschneier, ca, camera, certificate, certificates, china, cia, communication, computer, copyright, cpu, crime, cryptography, cybersecurity, data, database, datagathering, datamining, db, dead, death, defcon, descriptor, detection, disk, diy, drive, drm, drone, economics, embedded, encryption, erase, eu, europe, experiment, facebook, fbi, file, filter, fingerprint, fingerprinting, flying, forensics, freedom, gcc, geolocation, google, government, gprs, gsm, hack, hacking, hardware, hdd, health, hibernate, identification, identity, india, insurance, intelligence, internet, isp, java, javascript, jboss, kerberos, latency, law, learning, lifehacks, linux, livecd, mac, malware, marketing, microsoft, mobile, monitoring, music, mythology, nagog, network, networking, ntlm, oauth, openid, osx, outsourcing, paper, passwd, password, peering, penetration, pentest, performance, pki, plane, police, politics, privacy, quora, ra, recovery, refresher, reload, repair, report, risk, robotics, router, routing, scam, schneier, science, security, seo, socialmedia, socialnetworking, software, solidstate, specialbrands, ssd, ssl, sso, surveillance, system:filetype:pdf, system:media:document, technology, terror, terrorism, testing, theft, threats, tls, toblog, tor, toread, tracking, traffic, travel, tsa, uav, uk, umts, usa, video, visualization, vodafone, vulnerability, wasp, watermarking, web, webapp, webpage, windows, wireless, youtube

A catalog of this year’s risky articles #2010

leave a comment »

Risk is something which can be difficult to evaluate for the average person, there is a lot of work which goes in to learning not to do the two things that people usually do when they are confronted with risk:

Ignore
Overreact

Facebook is the new Portal for Insurers and Banks #social #finance

It looks like every man and his dog needs to have a Facebook page, even banks…

@Google and @FaceBook battle over the back of @FriendFeed? #social #feedburner

It has been almost 1.5 weeks since Google’s FeedBurner removed the Frie…

Prosper allows loans to fund Kiva projects #microfinance

Some days ago I tweeted to Prosper, a personal loan marketplace, whether they…

Social Revolution – Do You Get It?

I don’t really think most people get “it” when it comes to …

Secret Google campaign against Hyves? #social #networking

Just noticed that Google Translate translates the name of the Dutch social ne…

Company Policy or People #hr

I find a 400 plus page manual of office policies and job descriptions for eac…

Social Media Syndication – Feedback Loop

In the last two days I’ve not been posting so much, and focussing on up…

Google Scribe – Ye Shall Know Them By Their Fruits #google

I started playing with Google Scribe and wanted to see if patterns emerged so…

@Google, please stop with the language! #google

I have my Google account set up with English as the preferred language, my br…

Did The LinkedIn Certificate Expire Again? #linkedin

For the last 2 years LinkedIn has been running a bad poor IT management depar…

Advert: Reserve your Agile/SCRUM Pack #scrum #agile

When I just started I too had trouble with getting all the items I required t…

GMail Quota and Statistics (follow-up) #google #gmail #dashboard

On August 11th 2007 I exceeded my GMail quota, I blogged about it here. At th…

More SMS banking by M&T #sms #bank #risk

Brian Szymanski send a reply to me concerning another bank implementing SMS b…

Solving the URL shortening problem #twitter #tweet

I don’t understand why url expansion after url shortening is such an is…

Is RevTrax violating FaceBook privacy policy? #facebook @RevTrax #privacy

I just read an article Web Coupons Know Lots About You, and They Tell in the …

China acquires more than China… #hacks

This morning/night China’s networks were sending rerouting messages to …

Implementation of Security #risk

The lack of trained and experienced computer security people working in small…

ING reveals names using account numbers #bank #risk

Last week I saw an episode of a popular Dutch Ombudsman program Kassa, they r…

Musing: Why can I fly solo?

After seeing a program about a lifecoach trying to find the time to get his p…

Image source Radio Nederland Wereldomroep

Written by Daniël W. Crompton (webhat)

December 28, 2010 at 7:00 pm

Posted in tagging

Tagged with advert, agile, authentication, authorization, availability, bank, banking, bing, blogging, business, calendar, certificate, certiﬁcation, china, confidentiality, control, dashboard, defense, department, difference, dod, dutch, english, evil, facebook, feedburner, finance, flying, folksonomy, friendfeed, game, gmail, google, hack, hootsuite, HR, human, humor, humour, hyves, illusion, ing, integrity, kanban, kiva, labs, language, lifehacks, linguistics, linkedin, loan, mail, maintainability, mashup, media, microblogging, microfinance, myspace, navy, networing, networking, nl, personal, ping.fm, pki, privacy, programming, quota, reliability, resources, risk, scam, scribe, scrum, search, security, shortening, sms, social, socialmedia, spam, statistics, technology, theory, therapy, threat, translate, travel, twitter, url, us, violation, web, work, xp, yahoo!

Is RevTrax violating FaceBook privacy policy? #facebook @RevTrax #privacy

leave a comment »

I just read an article Web Coupons Know Lots About You, and They Tell in the New York Times about RevTrax, it stated the following:

“When someone joins a fan club, the user’s Facebook ID becomes visible to the merchandiser,” Jonathan Treiber, RevTrax’s co-founder, said. “We take that and embed it in a bar code or promotion code.”

“When the consumer redeems the offer in store, we can track it back, in this case, not to the Google search term but to the actual Facebook user ID that was signing up,” he said. Although Facebook does not signal that Amy Smith responded to a given ad, Filene’s [Basement] could look up the user ID connected to the coupon and “do some more manual-type research — you could easily see your sex, your location and what you’re interested in,” Mr. Treiber said. (Mr. O’Neil said Filene’s did not do this at the moment.)

RevTrax says that is because it handles data for the retailers and does not directly interact with consumers. RevTrax can also include retailers’ own client identification numbers (Amy Smith might be client No. 2458230), then the retailer can connect that with the actual person if it wants to, for example, to send a follow-up offer or a thank-you note.

Isn’t this in direct violation of policy if the user joins as a fan?

II.8.
If you offer a service for a user that integrates user data into a physical product (such as a scrapbook or calendar), you must only create a physical product for that user’s personal and non-commercial use.^[1]

III.3.
You must not give data you receive from us to any third party, including ad networks.^[1]

6.a.
You may not give data you receive from us to any third party, including advertising networks.^[2]

… with respect to the Statement of Rights and Responsibilities clause 9.2.4, if the user de-authorizes, disconnects, or otherwise disassociates from your application, the permission to “store indefinitely” is rescinded for all user data you received from Facebook except for the User ID. In that event you can retain the User ID indefinitely (so that you can recognize the returning user, identify who created Independent Data in your application, or for other purposes limited to use related to your application), but all other user data you received from Facebook must be deleted as soon as possible (and in no case longer than 24 hours after you received it).^[3]

It looks like they store the data offline, in a commercial product a coupon. And they share the data with a third party.

Written by Daniël W. Crompton (webhat)

April 17, 2010 at 9:59 pm

Posted in folksonomy, privacy, risk, social, technology

Tagged with facebook, privacy, violation

Implementation of Security #risk

with one comment

The lack of trained and experienced computer security people working in small to medium sized businesses today means that many times this is left to the regular IT departments to solve, if there even is an IT department. In many cases this leads to vendors educating the IT department on what are best practices, this is often to the advantage of both the vendors and the company. Important to remember is that such inequality and lack of knowledge on the part of the IT department can lead to a situation that when a vendor leaves the knowledge leaves with him/her. In the end the vendor is there to sell their software.

Read the rest of this entry »

Written by Daniël W. Crompton (webhat)

March 5, 2010 at 10:57 am

Posted in privacy, risk, security

Tagged with authentication, authorization, availability, certiﬁcation, confidentiality, integrity, maintainability, privacy, reliability, risk, security

Wakoopa: Time Management Statistics

with 4 comments

I play with Wakoopa, it’s a little tool which tracks my usage for tools and websites. Sometimes it gets it very wrong, I don’t watch that much YouTube, but I do always have an IE window open with YouTube in it for if I need to find a film to illustrate a presentation.