Is Gravatar exposing your email address?

Do you use Gravatar to display a custom image next to your comments on various blogs? Or do you have a blog at wordpress.com? If so, Gravatar has your email address, and it might be easy for a hacker to figure out what that address is.

Wordfence explains the problem, and why it matters.

For example: A user may be comfortable having their full name and profile photo appear on a website about skiing. But they may not want their name or identity exposed to the public on a website specializing in a medical condition. Someone researching this individual could extract their Gravatar hash from the skiing website along with their full name. They could then Google the hash and determine that the individual suffers from a medical condition they wanted to keep private. [continue]

2016: the year Facebook became the bad guy

Are people starting to realize what a problem Facebook is? Olivia Solon gets it – this is from her article in today’s Guardian: 2016: the year Facebook became the bad guy.

As the year unfurled, Facebook had to deal with a string of controversies and blunders, not limited to: being accused of imperialism in India, censorship of historical photos, and livestreaming footage of human rights violations. Not to mention misreported advertising metrics and the increasingly desperate cloning of rival Snapchat’s core features. Things came to a head in November, when the social network was accused of influencing the US presidential election through politically polarized filter bubbles and a failure to tackle the spread of misinformation. The icing on the already unpalatable cake was Pope Francis last week declaring that fake news is a sin.

This was Facebook’s annus horribilis. [continue]

For text message privacy, get Signal

From Brian X Chen’s Tech Fix article in the New York Times: Worried About the Privacy of Your Messages? Download Signal.

By the time you finish reading this column, you would be foolish not to download the messaging app Signal onto your smartphone and computer.

The free encrypted messaging service has won the acclaim of security researchers and privacy advocates, including Edward J. Snowden. All have said that Signal goes above and beyond other chat tools in keeping electronic communications private.

And now more than ever, we may need it. That’s because [continue]

I’ve been using Signal for ages now, and recommend it to everybody.

Google Chrome is listening, without your permission

I wish Google would take the lead in respecting privacy, rather than invading privacy. But no, we have news like this. From Privacy Online: Google Chrome Listening In To Your Room Shows The Importance Of Privacy Defense In Depth.

Yesterday, news broke that Google has been stealth downloading audio listeners onto every computer that runs Chrome, and transmits audio data back to Google. Effectively, this means that Google had taken itself the right to listen to every conversation in every room that runs Chrome somewhere, without any kind of consent from the people eavesdropped on. In official statements, Google shrugged off the practice with what amounts to “we can do that”. [continue]

Sigh.

Anonymous is supporting a new privacy-focused social network that takes aim at Facebook’s shady practices

From Business Insider: Anonymous is supporting a new privacy-focused social network that takes aim at Facebook’s shady practices.

As if there weren’t enough social networks out there, here’s another new social network. But this one hopes to attract the likes of online freedom activists, and it even wrangled the attention of Anonymous.

Minds.com is a social network like most others: It lets users share links as well as their thoughts with their followers via the usual status updates.

But Minds, which officially launched both its desktop and mobile apps today, hopes to entice users given its promise of security. The program is completely open source and encrypts all private messages sent between users.

“Our stance is the users deserve the control of social media in every sense,” Minds’ founder Bill Ottman told Business Insider.

This distinguishes itself from Facebook, which has long had questionable privacy practices.

Minds also promises to use a de-mystified algorithm to boost content. [continue]

Interesting. The registration page says Anonymous accounts are fine with us. So, hmmm, I’ll read through the terms of service and see if it might be worth trying. Do any of you use it?

Conservative app puts voter identification in campaign workers’ hands

The CBC brings news on how the Conservative Party of Canada tracks people: Conservative app puts voter identification in campaign workers’ hands.

An unusually talkative Conservative staffer may have inadvertently helped CBC News glean exclusive details of a new mobile technology that will help Prime Minister Stephen Harper’s team collect and sort voter information faster than ever before.

Conservative workers are already using a new smartphone and tablet-friendly app called CIMS to Go, or “C2G”, as party members call it.

CIMS stands for Constituent Information Management System, the Conservatives’ powerful voter information database. Along with voter lists and door-knocking data, anyone who has ever donated to the party, agreed to a lawn sign or even filled out an MP comment card is captured in the system.

The new app lets party canvassers log voter information directly into CIMS as they move door-to-door, [continue]

How do you feel about polital campaign doorknockers entering details about you in a national database used by their party?

Facebook begins mass rollout of free bluetooth business “beacons”

From DailyTech: Facebook Begins Mass Rollout of Free Bluetooth Business “Beacons”.

Facebook announced this week a foray into the embedded wireless advertising market, offering up free Bluetooth beacons for business owners.

For those in New York City this may all sound somewhat familiar as Facebook has been testing the roughly hockey puck sized devices at a handful of partner sites around the city under the “Place Tips” program.

The idea inject items pertaining to the beacon-outfitted business into the News Feed on a user’s smartphone Facebook app to jump to the business’s page, encouraging likes, offering information, and to check out tips from your friends about the business you’re visiting. The beacons will offer:

  • Prompts to like the business’s Page
  • Check in reminders
  • Recommendations from your friends
  • Posts from the business’s Page (…)

In an attempt to assuage users concerns over this new so-called “proximity-based advertising” feature, [continue]

Just when I think Facebook can’t possibly get any worse, they do.

Tutanota for private and encrypted email

Should any snoopy individual or entity be able to read your email, or would you rather have private email? I’m opting for the private approach, myself.

If you’d like to have private and encrypted email, you might want to check out Tutanota. It’s hosted in Germany, where privacy legislation is pretty decent. It’s encrypted, open source, and pretty cool. Get an account for free and try it out!

I’ve been using Tutanota for a while now. It’s not perfect, but it is pretty fine, and is improving all the time. I like it. I’m particularly pleased that it is dead easy to use, even for those those of your friends who aren’t so good at the whole internet thing.

Apple’s Tim Cook on privacy

Apple has risen substantially in my estimation lately. Look at these articles from the Guardian:

And now this, from the Verge: Tim Cook: Silicon Valley’s most successful companies are selling you out.

Hurrah, Tim.

(I still use Linux, though.)

Encryption key to free speech, says UN report

From the BBC: Encryption key to free speech, says UN report.

Encryption software that makes it hard to spy on what people do and say online is “essential” for free speech, says a United Nations report.

Without anonymising tools, many people will find it far harder to express opinions without censure, it says.

Any attempt to weaken encryption software will only curb this ability, it warns.

The report comes as many governments seek to put “backdoors” in encryption software to aid law enforcement.

“Encryption and anonymity, separately or together, create a zone of privacy to protect opinion and belief,” says the report written by David Kaye, a special rapporteur in the UN’s office of the high commissioner for human rights. [continue]

This is awesome.

NSA planned to hijack Google app store to hack smartphones

Will the NSA ever stop trying to invade our privacy? Probably not. This is from The Inercept: NSA Planned to Hijack Google App Store to Hack Smartphones.

The National Security Agency and its closest allies planned to hijack data links to Google and Samsung app stores to infect smartphones with spyware, a top-secret document reveals.

The surveillance project was launched by a joint electronic eavesdropping unit called the Network Tradecraft Advancement Team, which includes spies from each of the countries in the “Five Eyes” alliance — the United States, Canada, the United Kingdom, New Zealand and Australia.

The top-secret document, obtained from NSA whistleblower Edward Snowden, was published Wednesday by CBC News in collaboration with The Intercept. The document outlines a series of tactics that the NSA and its counterparts in the Five Eyes were working on during workshops held in Australia and Canada between November 2011 and February 2012. [continue]

This is why I’d like an open-source alternative to the app store. An open-source app source that is vetted by security professionals, and whose code can be in spected by anyone… well, that is probably our best protection against crap like this.

Signal, an encrypted messaging app for iPhone

From The Intercept: You Should Really Consider Installing Signal, an Encrypted Messaging App for iPhone.

App maker Open Whisper Systems took an important step in this direction today with the release of a major new version of its Signal encrypted calling app for iPhones and iPads. The new version, Signal 2.0, folds in support for encrypted text messages using a protocol called TextSecure, meaning users can communicate using voice and text while remaining confident nothing can be intercepted in transit over the internet.

That may not sound like a particularly big deal, given that other encrypted communication apps are available for iOS, but Signal 2.0 offers something tremendously useful: peace of mind.

Unlike other text messaging products, Signal’s code is open source, meaning it can be inspected by experts, and the app also supports forward secrecy, so if an attacker steals your encryption key, they cannot go back and decrypt messages they may have collected in the past. [continue]

By the way: if you happen to be an Android user, check out the Wickr program.