Online privacy basics

Cookies and IP addresses

If you zoom out of the privacy debate, you’ll see two separate conversations taking place. One concerns advertising and data mining from ad companies and major online platforms such as Facebook and Google. The other concerns government surveillance of citizens’ online activities.

Advertising and cookies

When it comes to data mining and advertising, your privacy is potentially being compromised via ‘cookies’ in your web browser. A cookie is simply a piece of data that websites can store on your computer. Cookies deployed for various reasons, but they’re particularly useful to advertisers, because they can tell them what websites you’ve visited and what advertisements you have clicked.  This lets advertisers build a profile of you in the hope you’ll be more susceptible to marketing messages. Cookies have therefore become essential to the online ad industry. Not only do they allow advertisers to target ads to your individual tastes, they also track whether or not an advertisement is effective. It’s important to note that none of this data is necessarily stored with advertisers, it’s stored on your computer. However, this hasn’t stopped privacy campaigners raising concerns about how web users are being profiled and tracked.

Surveillance and IP addresses

Your IP address is numerical identifier assigned to the device you’re using to connect to the internet. Essentially, this identifier is used to determine where you’re located and who your ISP is, and is therefore a pretty good indicator of who you are. When it comes to surveillance, data can be gleaned based on activity linked to your IP address. Typically such surveillance will occur with the cooperation of your ISP, which brings us to the next key element to the online privacy debate.

What is data retention?

When we talk about data retention in the realm of online privacy, we’re usually discussing the issue of ISP data retention policies. Different countries and different ISPs have different laws and policies in terms of the data they store on individual customers’ web activity. This data usually contains web logs, which reveal what websites you’ve visited, email logs, which revealed who you’ve emailed (but not necessarily the contents of the emails), and billing info, so the data can be linked to your identity.

European Union member states currently must abide by the EU Data Retention Directive. This directive mandates all ISPs retain customer data for between 1 and 2 years after they leave the ISP’s service. In the US, there is currently no data retention law. However, ISPs are free to set their own policies. A Justice Department document from 2011 revealed that Verizon retained IP session information for one year. Time Warner on the other hand retained data for 6 months, while AT&T’s logging practices are not made public.

Given the EU’s mandatory data retention policy, other countries such as Australia and the US, are exploring the possibility of introducing similar policies.

How can the government spy on me?

There are numerous ways law enforcement would be able to obtain your private data. But the main channel would be to obtain a warrant to get data from your ISP, or to request the ISP start logging data on you if it isn’t already. But of course, as we saw with the NSA surveillance debacle in the US and with the RIPA in the UK, law enforcement doesn’t always play by the rules and obtain a warrant, which means they can get your data without judicial oversight and without any evidence you’ve engaged in wrong doing.  Drafted surveillance bills such as CISPA and the CCDP sought to make it easier for law enforcement to obtain private data.

The surveillance debate

As you probably already know, government around the world are trying to introduce new legislation to enhance their ability to conduct online surveillance. Governments are not incorrect when they say current surveillance legislation is out of date and needs to be updated for the internet age. But law enforcement agencies are clearly using this opportunity to increase their powers of surveillance to unprecedented levels. The debate also spills into the copyright and online piracy realm, as legislation such as SOPA and the TPP would appear to require privacy compromises in order to make it easier for copyright holders to prosecute copyright infringers.

Hopefully, the above helps clear-up some common misconceptions around online privacy for those of you new to the debate. If you have any questions, comments or suggestions on how we can improve this mini-guide please let us know in the comments below.

The post The online privacy debate: Understanding the basics appeared first on iVPN.net Blog.

Now, if you’re familiar with how Google and Apple make money, you may think you’ve got this question well and truly answered. Google makes 96% of its revenue from online advertising. The pay per click (PPC) industry is buoyed by a huge amount of data on the web-browsing, ad-clicking, and keyword searching habits of Google users. Apple on the other hand makes the vast majority of its revenue from the huge margins on the  devices it sells and on the 30% cut it takes on any transactions via its platform.

So, who has the most to gain from violating your privacy? If you answered Google then well done! But evidently the story isn’t quite as clear cut as the above argument makes out (even though it’s an argument I’ve used a number of times on this blog!). Our friends at the Electronic Frontier Foundation recently published a great report, which ranks some of the biggest tech companies on a number of privacy-related criteria. The results, when it comes to Apple and Google, are pretty interesting.

The EFF’s criteria are as follows:

• Does the company require a warrant for content?
• Does it tells users about government data requests?
• Does it publishes transparency reports?
• Does it publish law enforcement guidelines?
• Will the company fight for user’ privacy rights in court?
• Will the company fight user privacy rights in congress?

Google managed to answer positively on five of the six questions. Apple only managed a positive answer on one question, according to the EFF. Here’s a breakdown on which of the EFF’s criteria each company managed to satisfy:

Apple:

• Will the company fight user privacy rights in congress?

Google:

• Does the company require a warrant for content?
• Does it publishes transparency reports?
• Does it publish law enforcement guidelines?
• Will the company fight for user’ privacy rights in court?
• Will the company fight user privacy rights in congress?

Apple’s positive score on fighting for privacy rights in congress comes from its membership of the Digital Due Process coalition. Google’s only foul, according to the EFF, is where it backtracked on its T&Cs this year, bringing ambiguity into whether or not it will notify users if governments are trying to access their data. Other than that, Google met all of the EFF’s criteria.

Who’s the best judge?

So judging by the EFF’s report, Google is the more privacy conscious than Apple and all you Android users can breath a sigh of relief. Well possibly. But if we look at the EFF’s questions they mostly pertain to government-led intrusions into privacy, rather than say, issues relating to data sharing between private companies, data mining and the protection of that data. The problem with Google, is that it has a terrible track record here compared to Apple.

Remember, last year Google was hit with the biggest fine in the FTC’s history for lying about the tracking the browsing habits of Safari users. Google was also found guilty by the FTC of deceiving users and violating its own privacy policy when it launched Buzz in 2010 and lets not forget the biggest scandal of all, when Google was forced to admit its Street View cars were stealing personal information from people’s home WiFi connections (and then lied about it).

Apple has also endured a few scandals, most notably when the Wall St Journal revealed iOS apps were sharing the UDID of devices without user consent (Apple, to its credit, ended up ditching the UDID system altogether to fix the problem). But it seems Google is the company that most frequently gets into privacy-related scraps. So who is the most trustworthy? Do we go on track record, or the EFF’s findings? Let us know what you think in the comments below.   

The post Apple Vs Google: Who better protects your privacy? appeared first on iVPN.net Blog.

In case you haven’t been keeping up, CISPA is a bill designed to facilitate the sharing of information between private companies and US government agencies. Although ostensibly designed to combat “cyber-threats” the bill is so broadly written it could be interpreted to be used against copyright infringers, or anyone else a company believes is trying to do it harm. The bill’s vagueness has seen a number of high profile backers withdraw support, including Facebook, but the list of companies that continue to support CISPA remains pretty long.

VPNs off the hook?

So will CISPA make it more difficult for VPNs to keep customer information private? In short, no,  CISPA should not affect VPN companies that have a commitment to privacy. CISPA, in its current state, does not force companies to hand over information without a warrant. It also has nothing to say on data retention, so ISPs are still not compelled to record logs on the websites you’ve visited and people you’ve emailed.

Of course, not all VPNs are privacy-orientated. Some clearly state this, while others don’t make their intentions clear at all. The only effect CISPA will have is that VPNs without a privacy commitment will find it much easier to share any information with the government. As TechDirt points out, there are VPNs who show little regard for privacy (and little understanding of the law). These companies could be more inclined to report activity such as file-sharing to the authorities if CISPA diminishes the ability to punish companies sharing info without consent.

Safer territory

Even without CISPA, many argue you should never use a VPN based in the US anyway. There is some good reasoning behind this. the NSA’s warrantless wiretapping, and other incidents, showed how easily US surveillance laws could be subverted. But on paper, the US still doesn’t have any data retention directives and requires judicial oversight for law enforcement to get data from a company that doesn’t want to provide it (compare this to the UK’s RIPA legislation for example). However, a US data retention law may be around the corner.

As we’ve mention before, choosing a VPN based on a given countries current legislation is a difficult process . For instance, places like Russia and Panama may appear tempting (given the amount of online criminality coming from these countries), but these countries also have problems with corruption and law enforcement agencies are not as accountable as in more developed areas if the world. Germany has an excellent track record on protecting citizens, but it’s draconian when it comes to pursuing copyright infringers. And remember, surveillance legislation is currently undergoing massive changes in governments across the world.

So when choosing a VPN the best thing to do is read its terms and conditions closely. Does it log your data? What are the surveillance policies in its host country? Is it willing to relocate if legislation changes in its jurisdiction? If in doubt contact the VPN and ask the questions. If you don’t get answers, don’t sign up.

The post Is CISPA a threat to VPN users? appeared first on iVPN.net Blog.

Since Facebook Home was announced, technology commentators have been queuing up to criticise its privacy implications. GigaOm’s editor Om Malik said the new app “erodes any idea of privacy” and “is going to be able to track your every move .“ On Tuesday Facebook issued a Q&A trying in vain to dispel any fears, but the damage had already been done.

Bigger picture

What we’re seeing is a fight between the two giants of online advertising to capture as much user data as possible. Facebook knows the major battleground for this fight will be on mobile devices and Facebook also knows ‘user engagement’ is the key metric. The focus therefore has to shift from apps and towards deeper integration into the very operating system itself. So Facebook needs an operating system in order to stay ahead of Google. Building one would be a costly and risky endeavor – especially given Facebook’s already turbulent IPO. Therefore, as Asymco points out, the next best thing is to hijack someone else’s OS. Obviously Apple would never allow this and neither would Microsoft, but Android is open source and so Google can do little about it.

Android has been wildly successful for Google, in terms of a defensive strategy to stop Apple dominating the mobile market. But as many commentators have pointed out, it’s profitability is in serious question. Android’s main benefit to the search giant is its ability to push Google’s other services (which manufacturers are increasingly complaining about). By making sure Android owners use its apps, Google then can capture more data.

This is why Facebook Home is an attack on Google, as it super-imposes the Facebook experience on-top of Android, in order to make sure users stay inside Facebook as long as possible (therefore potentially spending less time with Google’s services). It won’t be surprising if we soon see Android “fork”, with different manufacturers creating different versions of Android in order to better protect their platforms. There was even rumours of Google merging Android into its Chrome OS, although these were rebutted by Google.  

It’s all about data

If you spend any time at all in the online ad industry – especially the mobile ad industry – you’ll know the two biggest concerns is tracking the effectiveness of online ads, to determine return on investment, and gathering data for better targeting. Issues around tracking and targeting have been the main barriers to ad spend in the mobile market and mostly stem from privacy concerns (largely accommodated to by Apple, which generates hardly any revenue from ads). Facebook and Google are first and foremost advertising companies, and the fastest and most effective way for them to satisfy shareholders and grow their business is to generate more ad revenue.

This is basically what privacy advocates and technology writers have been pointing out for a long time. Now that Facebook is a publicly listed company, it’s competitiveness against its main rival Google is only going to increase, as they both fight to capture user engagement and data. Both companies will only increase efforts at making the erosion of privacy an inevitable consequence of the proliferation of connected devices.

The post Facebook vs Google: The loser is your privacy appeared first on iVPN.net Blog.

The attempted crackdown on online freedoms over the last few years has been relentless. From CISPA in the US, to the CCDP in the UK, governments around the world are ramping up efforts to increase internet surveillance, not to mention private corporations trying to impose draconian legislation such as SOPA and ACTA. Thankfully there are a number of charities, individuals and advocacy groups fighting to make sure anti-online privacy legislation is exposed to the wider public and given the scrutiny its backers would like to avoid.

The below organisations are by no means the only ones fighting for online freedoms, but we believe they are among the most important, and do an amazing job at educating the public and raising awareness of policies that could have a dramatic effect on the internet. These organisations are a great resources if you want to learn more about around online privacy issues and they deserve your support. So without further ado, here’s our top five defenders of online privacy.

Electronic Frontier Foundation

Ok we have a slightly vested interested here, as IVPN is a member of the Electronic Frontier Foundation, but there’s no doubt the EFF is one of the most voracious and active defenders of online freedoms. US based, but with an international outlook, the EFF has been campaigning on digital rights issues since 1990. The non-profit organisation was founded by Mitch Kapor (founder of Lotus), John Gilmore (major GNU contributor) and John Perry Barlow (political activist and former lyricist for the Grateful Dead). The EFF was one of the main activist groups behind the successful anti-SOPA and anti-ACTA campaigns and regularly provides assistance to defend technologies from legal threats in court.

ACLU

The American Civil Liberties Union is not an internet-specific organisation, but its commitment to “defend and preserve the individual rights and liberties” of US citizens means its goals have frequently intersected with those of internet activists. The ACLU has been going since 1920 and has been relentless in its lobbying and community education. Because of its knowledge of US law the organisation lends much needed legal expertise and understanding to the changing issues where privacy and online surveillance meet. Although the ACLU is US-focused, it’s work is relevant to everyone who uses and values the internet.

European Digital Rights

You can be forgiven if you’ve never heard of European Digital Rights, as the organisation doesn’t have a very high profile. Instead it acts as an umbrella organisation for a number of different privacy groups that are Europe-focused, such Chaos Computer Club, Bits of Freedom and Open Rights Group. The organisation has offices in 21 countries across the EU and help groups campaign on a range of digital rights issues such as copyright, online surveillance and cyber crime.

Electronic Privacy Information Center

The Electronic Privacy Information Center is a US based public interest research group that advocates for strong privacy safeguards and campaigns on civil liberties issues. EPIC has been active on a range of fronts including drone surveillance, FBI Watchlists, and body scanners. The organisation campaigns heavily on a range of internet-related issues, especially privacy concerns around Facebook, cloud computing and Google Street View.

Privacy International

Privacy International is a UK-based charity that promotes the right to privacy. The organisation claims to be the oldest international privacy organisation in the world, formed in 1990, and has a very global outlook, with partners in across Africa, South America and South East Asia. PI’s focus on privacy protection extends to everything from CCTV cameras to DNA profiling, but much of its recent work has looked at government surveillance online. The organisation also releases reports covering privacy issues in specific countries, which are useful if you’re looking for an overview of privacy laws in a certain jurisdiction.

Is there another privacy organisation that you think deserves recognition? Let us know in the comments below.

The post Top five defenders of online privacy appeared first on iVPN.net Blog.

So let’s take a brief look at five of the biggest threats to global internet freedoms, taking into account existing laws that are continuing to have ramifications and potential legislation that would be disastrous if implemented. You may think different of course. If there’s something you think we’ve left out let us know in the comment section below.

EU Data Retention Directive

Europe’s Data Retention Directive was passed in 2006 and is probably one of the most important pieces of legislation related to internet privacy (in the western world at least) currently in effect. The directive mandates that all EU ISPs record and store customer data – such as web logs, email logs, addresses, billing info – for 1 to 2 years after the individual has left the ISPs service. True, some EU countries, like the UK, already implemented similar legislation before the Data Directive passed, but others, such as Germany, are still fighting it. After the US, the EU is the biggest and most important political entity in the west, so the standards it sets in the relatively new arena of online surveillance is a big deal indeed. All eyes are on US legislators to see if they try to use the EU example to bring mandated data retention to US ISPs. At the moment US ISPs are perfectly entitled to hold data for as long as they like, but there’s no mandate from government. How long that will last is anybody’s guess.

CCDP

With the internet becoming more and more integrated into people daily lives it’s no wonder that law enforcement agencies across the world are collectively rushingto update surveillance legislation. It’s true that some laws do need updating, but it’s also true that law enforcement – from Australia to the UK – is seeing this as an ideal opportunity to gain new powers to make their lives easier. Unfortunately a lot of these new powers would have terrible consequences for our privacy. The UK is one of the first western countries that has really got the ball rolling with the Communications Capabilities Development Programme. This act enhances surveillance power beyond the already contentious Regulation of Investigatory Powers Act 2000 and gives police complete access to email and web logs with little judicial oversight. There’s certainly a feeling that other western democracies are waiting to see how the CCDP fares in the UK before implementing similar laws. While UK public opinion appears to be against the bill, there’s little opposition in mainstream UK politics.

TPP

The Trans Pacific Partnership is multi-national trade agreement between nine nations – specifically, the USA, Australia, Peru, Malaysia, New Zealand, Chile, Singapore and Brunei. Canada and Mexico have also been invited to join the negotiations and are likely to do so. The TPP has been billed by activists as an attempt to get the failed SOPA legislation passed through the back door. It contains a section dedicated to intellectual property, which the EFF says is “far more restrictive than currently required by international treaties, included the controversial ACTA” and “puts at risk some the most fundamental rights” that enable access to information. The biggest problem with the TPP is that it’s a truly multinational piece of legislation that could be pressured onto other countries, outside of the group, and used to create a global standard of IP enforcement.

Great Firewall of China

Of course, while we tend to focus on threats to internet freedoms in the west we often ignore the huge censorship and oppression going on elsewhere. The extent of China’s internet surveillance is hard to assess exactly, as the government uses the threat of closure to ensure ISPs, and content platforms, employ internal staff who censor and monitor communications. Along with this, it’s errected the so called ‘Great Firewall of China’, which scans data flowing across its section of the net for banned words or web addresses. It’s probably the largest scale internet censorship programme currently operational in the world. China provides a template for other totalitarian regimes to look up to and, while it is often vilified in the west for its approach to the internet, its successes and failures are surely watched by western law enforcement agencies who want to tighten their grip – especially when much of the surveillance technology used is being created by US and European corporations.

Iran’s ‘Halal Internet’

Iran has repeatedly mentioned plans to create a ‘Halal’ internet, cut off from the outside world, and in conformity with Islamic rules and morals. This nationwide intranet goes beyond China’s firewall approach. It hasn’t yet emerged, but there is evidence that it’s being worked on. As New Scientist reports, Iran appears to be allocating two IP addresses to every internet-ready machine, one which connects to the internet and an internal one only accessible from within the country. The idea is to “throttle” connections to the outside networks , rendering them too slow for use, and push people onto the internal network, where ‘Halal’ versions of email services, search engines, and even Facebook are speculated to exist. While such a creation would be pretty terrible for Iranians, it’s also worrying for the wider Islamic world. If Iran manages to make a ‘Halal Internet’ work – and it’s branded as somekind of ‘muslim internet’ – then many other Islamic countries may want to follow suit.

The post The biggest threats to global online privacy appeared first on iVPN.net Blog.

The UK is currently facing one of the biggest threats to its online freedoms. The looming Communications Capabilities Development Programme gives law enforcement unprecedented powers when it comes to accessing citizens’ online data. So we thought it might be fun to take a look back at which UK politicians have posed the biggest threat to online privacy and internet freedoms.

The UK is currently facing one of the biggest threats to its online freedoms. The looming Communications Capabilities Development Programme gives law enforcement unprecedented powers when it comes to accessing citizens’ online data. So we thought it might be fun to take a look back at which UK politicians have posed the biggest threat to online privacy and internet freedoms. If you’re from the US, check out our post on America’s political enemies of online privacy here. If you think we’ve missed someone out on this list please tell us in the comments below.

Peter Mandelson, Labour, former First Secretary of  State

While the UK’s controversial Digital Economy Act sprung from research by Lord Carter, it was Secretary of State Peter Mandelson who was (allegedly) directly responsible for the more stringent copyright enforcement laws that got internet rights activists up in arms, especially the provision that required ISPs to cut off internet access for illegal file sharers. Mandelson was accused of caving into brazen lobbying attempts from the entertainment industry. According to The Independent, the Labour peer wasn’t that interested in the Digital Economy Act until he attended a dinner with DreamWorks co-founder David Geffen on the Greek island of Corfu. Mandelson returned from his trip and immediately issued an edict demanding tougher copyright provisions in the DEA. Of course, Mandelson denied the events were linked, but he’s got form with this sort of thing.

David Blunkett, Labour, former Home Secretary

David Blunkett wasn’t Home Secretary when the Regulatory Investigative Powers Act was introduced into the House of Commons in 2000, but he was responsible for the expanding the list of organisations that could access internet data collected by ISPs.  Blunkett’s initial attempt to expand the list of authorities met strong opposition and he was forced to heavily water it down. Nevertheless, as of 2009, there were 50,000 requests per year to access citizens’ email and phone data (the government no longer makes the figures public). You can see the a list of some of the organisations that can access data right here. Blunkett was also responsible for forcing ISPs to retain data on customers (email logs, web logs, names and addresses) for up 12 months after they leave the service. This was before the EU mandated data retention policy (and probably significantly helped the EU’s policy on its way).

Lord Bassam, Labour peer

Lord Bassam is not exactly a household name, but he did play a big role in cheerleading RIPA through the House of Lords. Bassam strongly defended RIPA against questioning from Lord Philips, one of the bill’s few detractors. Many believe that RIPA was not fully understood by either the House of Commons or House of Lords when it was introduced, in that respect Bassam has a lot to answer for.

Theresa May, Conservative, current Home Secretary

Despite The Conservatives saying they would do more to defend civil liberties during Labour’s tenure, it didn’t take long for them to launch probably the worst online surveillance bill ever proposed. As Home Secretary, Theresa May has spearheaded the implementation of the Communications Capabilities Development Programme. While May’s record may not be quite as bad as Blunkett’s, she has been utterly brazen in spewing populist rhetoric designed to cut down opposition to the CCDP. May says that if you oppose her bill than “you are siding with peadophiles and terrorists.” Such hysterics should not be part of any rational policy debate, especially when it concerns such an important bill.

Claire Perry, Conservative, advisor on childhood

MP Claire Perry is currently the Conservative ‘advisor on childhood’ and has campaigned strongly for the last two years against online pornography. Perry may not have the track record of other MP’s on this list, but she’s one to watch. Her activism came to a head late last year when the government considered taking a leaf out of China’s book and almost implemented a nationwide internet firewall, which would block anything deemed to be “pornographic”. The only way to escape the porn filter would’ve been to opt out with your ISP. Thankfully, due to heavy campaigning explaining the ineffectiveness of such a filter and the implications it would have in terms of online censorship, the government dropped Perry’s plans.

The post UK’s Top five Worst Anti-Online Privacy Politicians appeared first on iVPN.net Blog.

As 2012 draws to a close we take a look back at what we think will be the top five threats to online privacy over the coming year. Think we’ve missed something out? Let us know in the comments below. 

1. Backdoor copyright legislation

 2012 was a pretty momentous year when it came to defeating copyright legislation that would’ve had a disastrous effect on online privacy and online freedoms. Both SOPA and ACTA sparked some of the biggest popular protests over internet issues ever seen.

The result was a win for activists, but it also meant that – like common criminals – the copyright lobby and legislators were forced to ‘go underground’ and try to get their legislation implemented through less conspicuous means. A good example of this is the Trans Pacific Partnership, which has shoehorned-in a great deal of SOPA-inspired legislation. Once one or two major economies implement such copyright laws, it will give lobbyists more leverage to get them implemented in other territories.

2. Data breaches

Given the spread of online data mining and increased value in online information, data breaches suffered by private and public entities are only going to become more common and more serious, until companies and governments alike take the issue seriously. Unfortunately that doesn’t seem likely in 2013, given the record number of embarrassingly big data breaches in 2012, which compromised a range of personal data, from health records and social security numbers, to credit information.

3. Online security legislation

While online copyright lawyers will attempt to sneak their way through the back door, governments are using scare tactics to push through legislation designed to make it easier to spy and collect data on citizens. As we saw recently with the UK’s Communications Capabilities Development Programme, governments will go as far as branding anyone concerned about online surveillance “paedophiles or terrorists”. What happens in places like the UK over the coming months will surely have repercussions elsewhere. Many other countries are coming under pressure from their law enforcement agencies to update communications legislation that was designed for a different age. Such legislation definitely does need updating, but unless citizens remain vigilant, law enforcement will take this opportunity to increase their powers of surveillance on an unprecedented scale.

4. State cyber warfare

As online systems grow in strategic and economic importance for both private and government entities, online espionage will increase, with repercussions for individual online privacy. When it comes to espionage perpetrated by governments, we’ve already seen operation ‘The Olympic Games’ spawn viruses such as Stuxnet, Flame and Duqu and there’s bound to be more where that came from. Away from the occidental, there’s also the perceived threat from major Chinese telcos ZTE and Huawei, which are busy winning communications infrastructure contracts in western countries. Whether such fears are justified, and what they mean for individual online privacy, remains to be seen.

5. Mobile platforms and advertising

The penetration of smartphones and the mobile internet subscriptions is only set to increase. Obviously, in a physical sense, the more connected devices you have the bigger the potential risk that your personal data will fall into the wrong hands. But perhaps a bigger issue to watch is the growing importance of mobile advertising. So far the mobile ad industry has been hamstrung by a number of problems regarding tracking, but these problems are fast becoming overcome. Another sign of a possible boom in mobile advertising is the positive results from Facebook’s rollout of mobile ads earlier in the year. Once advertisers decide to heavily invest in mobile, you can expect more pressure on services and platforms to leverage mobile’s unique features – such as geo-location – in order to boost advertiser ROI. What effect this has on your privacy and personal data is up to regulators such as the FTC, who just a few days ago showed how vulnerable they are to determined lobbying.

The post Top online privacy trends in 2013 appeared first on iVPN.net Blog.

US federal regulators have tightened legislation designed to safeguard children’s online privacy. The new laws are designed to give parents more control over what types of data is collected online, and reflect the growing importance and spread of smartphone technology. However, Facebook, one of the biggest online advertisers around, appears to have lobbied its way out of responsibility.

The new regulations cover a number of innovations such as voice recognition technology, GPS and targeted online advertising. The 1998 Children’s Online Privacy Protection Act remains in place, requiring companies to obtain parental permission before sharing or collecting any personal data from under 13 year olds.

The new rules basically expand the types of data to include location, photos and video and expand the list of service types that the act covers. They also dictate a new and “streamlined” approval process for getting parental consent and close a loophole that allowed child-focused apps and sites to permit third parties to collect personal information without consent. Third party ad companies must also comply with the new rules.

“The Commission takes seriously its mandate to protect children’s online privacy in this ever-changing technological landscape,” said FTC Chairman Jon Leibowitz. “I am confident that the amendments to the COPPA Rule strike the right balance between protecting innovation that will provide rich and engaging content for children, and ensuring that parents are informed and involved in their children’s online activities.”

Third party consent

However the FTC’s own opinion on its new child protection rules doesn’t quite match up to the reality of the new laws. Due to heavy lobbying from the likes of Facebook, Disney and other companies with a vested interest in preventing data protection controls, the FTCs regulations have been watered down.

The FTC originally wanted to pin the responsibility of seeking this consent with the services themselves, rather than third parties, such as ad networks and tracking companies. However, after successful lobbying by Facebook and Verizon among others, such services will only be liable if it can be proved they have “actual knowledge” of third party sites collecting information on children. Furthermore, app stores, such as Google Play and the iOS App Store will not be liable for the child protection practices of any apps sold.

Facebook’s escape

While the above amendments are somewhat understandable, Facebook in particular appears to have been given a convenient loophole by the FTC to continue marketing at children without any parental consent. As The Atlantic points out, the new rules plainly state that no parental permission is needed “for the sole purpose of supporting the website or online service’s internal operations, such as contextual advertising, frequency capping, legal compliance, site analysis and network communications.”

For Facebook “contextual advertising” is basically ads that are tailored to users based on what shows-up in your News Feed. So if you post a status update about Rhianna or Lady Gaga, you may get an ad for the relevant pop star’s Facebook page. This is essentially giving the Facebook the ability to create ad profiles on children through the backdoor. Of course, Facebook knows exactly what it’s doing here, as back in September it specifically requested the FTC omit so called “internal advertising” from its new rules.

“The Commission should make that understanding explicit in the COPPA Rule by expressly including first-party advertising under the “internal operations” rubric,” said Facebook. This clarification further supports the balance created between the Significant demand for free, advertising-supported services, and the expected tailoring of those services.”

So all it takes is a bit of lobbying power to escape FTC regulations. Facebook is one of the biggest and fastest growing advertising networks out there and is becoming increasingly embedded in the very mobile technology the FTC wants better regulated – so it seems hamfisted to create a bunch of new laws that largely ignores it. If parents want to opt their kids out of Facebook ads, they’ll probably need to opt out of Facebook altogether.

The post US boosts child online privacy law, but Facebook gets off the hook appeared first on iVPN.net Blog.

Data breaches suffered by private companies and public institutions increased by more than 40% year-on-year in 2012, with over 160 million people having their personal information compromised, according to a new study. The auditing company KPMG says there was a total of 835 separate incidences of data breaches this year and deliberate ‘hacking’ of companies accounted for 67% of the data loss. KPMG claims these figures depict a “shift” from the accidental loss of data to “deliberate theft”.

“Several of the world’s largest companies have been targeted over recent months by hackers who have grown in sophistication,” said a company rep. “It is now not just a lone hacker sitting in their bedroom but, in many cases, serious organisations backed by nation states who are leading this new phenomenon.”

KPMG says the biggest sector affected by data loss is media companies – both private and public – followed by bodies such as “clubs, unions and community centres” and then the retail sector. The biggest driver behind the data loss is the theft of “personally identifiable information” (46%), such as names and credit cards, followed by password theft (16%).

Obviously, KPMG has a vested interest in promoting such information as it performs risk audits, but it still begs the question – just how safe is our data? Every year we entrust more and more personal information into the hands of private and public entities and governments are increasingly gunning for large centralised databases.

However, there’s little debate in the media over the vulnerability of company and government security systems. Even after the spectacular data breaches carried out by the Lulsec group in 2011, the mainstream media debate remained focused on the criminality of the perpetrators, rather than the weak security of their targets. Are companies and institutions up to the task of providing us with adequate protection over the next few years? We’ll have to wait and see. In the meantime check out below for our top five worst security breaches of the year.

2012′s worst data breaches

Utah Department of Technology Services

In March 780,000 individuals had medical information stolen from the Utah Department of Technology Services. Names, medical diagnostic codes, addresses, social security numbers and other information was compromised. Officials believe the theft occurred somewhere in Eastern Europe.

Wisconsin Department of Revenue

In spring the Wisconsin Department of Revenue made public more than 100,000 social security numbers and tax IDs of US citizens. The embarrassing error occurred when an employee embedded the details in a real estate report, which was published on the department’s website. The information was public for 3 months before anyone realised.

Global Payments

Credit card processing company Global Payments admitted 1.5 million card numbers and other personal information was stolen in a security breach back in February. The Atlanta based company processes more than $120 billion in credit card transactions per year. Visa removed Global Payments from its list of processors following the breach.

South Carolina Department of Revenue

Over 3 million unencrypted bank account numbers, social security numbers, credit card details and tax returns were stolen from the South Carolina Department of Revenue in September. The department declined to say where the attack originated from.

LinkedIN and eHarmony

In an attack believed to carried out by the same individual, social network LinkedIn and dating site eHarmony had millions of account passwords stolen and published online this summer. LinkedIn’s hack was the more serious, with 6.4 million passwords accessed, while eHarmony confirmed that 1.5 million user passwords were pinched. 

The post 160 million people affected by data breaches in 2012 appeared first on iVPN.net Blog.