Loss of Privacy

While surfing the web, many websites leave cookies on your computer to track various things.  They range from something simple, such as user names and passwords to the more complicated, such as LSOs that keep track of a vast amount of data concerning your surfing habits.  When you clear your cookies, you mistakenly believe that the cookies, and the tracking data, are gone.  You couldn’t be more wrong.

LSOs are insidious and there isn’t a reason to keep them on your computer.  They aide companies, not the individual.  The problem for most users is that, not only do they not know LSOs exist, they don’t even know where to find them.  These LSO cookies are flash cookies that come from Adobe flash.  If you have the flash plugin, and nearly everyone does, then you likely have a pile of LSOs on your computer somewhere.  A new UC Berkeley report details what these new type of cookies are and how they are used.

Several services even use the surreptitious data storage to reinstate traditional cookies that a user deleted, which is called ‘re-spawning’ in homage to video games where zombies come back to life even after being “killed,” the report found. So even if a user gets rid of a website’s tracking cookie, that cookie’s unique ID will be assigned back to a new cookie again using the Flash data as the “backup.”

Even the Whitehouse.gov showed up in the report, with researchers reporting they found a Flash cookie with the name “userId.” The site does say in its privacy policy that it uses tracking technology but it does not mention Flash or tell users how to get rid of the Flash cookie.

All modern browsers now include fine-grained controls to let users decide what cookies to accept and which to get rid of, but Flash cookies are handled differently. These are fixed through a web page on Adobe’s site, where the controls are not easily understood (There is a panel for Global Privacy Settings and another for Website Privacy Settings — the difference is unclear). In fact, the controls are so odd, the page has to tell you that it is the control, not just a tutorial on how to use the control.

Where to find these flash cookies:
* Windows: LSO files are stored typically with a “.SOL” extension, within each user’s Application Data directory, under Macromedia\FlashPlayer\#SharedObjects.
* Mac OS X: For Web sites, ~/Library/Preferences/Macromedia/FlashPlayer. For AIR Applications, ~/Library/Preferences/[package name (ID)of your app] and ~/Library/Preferences/Macromedia/FlashPlayer/macromedia.com/Support/flashplayer/sys
* GNU-Linux: ~/.macromedia

If you want to take control of these cookies, you can do one of the following:
If you run Windows, you can use ccleaner.
In Firefox, you can add the Better Privacy extension.
In Mac OS X, check out MacHacks for detailed descriptions.

The new extension in the Ubuntu version of Firefox alpha 3 does a lot of things, including collecting usage data and generating revenue.  The extension installs itself, with no warning to the end user about privacy violations.  If you don’t want to use it, you must opt out manually by going to Tools > Addons.

Naturally, Ubuntu users are not happy with the changes.  A similar thing iicrosoft’s .NET framework where it became an add-on and a pain to remove.

These types of things should not happen to a browser unless the uses desires it.  Ubuntu says that this “feature” is only there for the dev stage, but that doesn’t really matter.  It is a privacy and security risk to place things on a person’s computer without their knowledge or consent.  Let the developers and testers know that this is happening and why.  Don’t leave them in the dark to try and figure out what the purpose of such extensions are.

The Daily Mail and ComputerWeekly are reporting that computer expert, Adam Laurie, was able to clone the UK national ID card in 12 minutes.  The British government claims that it is uncloneable.

Using a Nokia mobile phone and a laptop computer, Laurie was able to copy the data on a card that is being issued to foreign nationals in minutes.

He then created a cloned card, and with help from another technology expert, changed all the data on the new card. This included the physical details of the bearer, name, fingerprints and other information.

He then rewrote data on the card, reversing the bearer’s status from “not entitled to benefits” to “entitled to benefits”.

He then added fresh content that would be visible to any police officer or security official who scanned the card, saying, “I am a terrorist – shoot on sight.”

The new ID card for foreign nationals and British passports also use this same technology.  And the ID cards are mandatory if you want a driver’s license or passport.  So, you can now be forced by the government to have your information placed in a central database, have a card that can easily be cloned and your identity stolen, and, best of all, you get to pay for the privilege.

Most people don’t like CCTV and the idea that their every move is recorded.  3VR has a new system that will continue to “think of the children” while blurring out regular folks.

The technology uses 3VR’s recently patented face-recognition algorithms to home in on known faces in crowds. An image-scrambling algorithm then blurs the faces and bodies of those who are not of interest and encrypts the blur pattern so that no one but the operator of the technology can unscramble it

“This allows you to search for people on watch lists, for instance, but without capturing massive databases of innocent people,” says Stephen Russell, 3VR’s chairman. The company aims to supply the equipment to banks and retail chains so they can analyse CCTV footage for known suspects who install card skimmers on ATMs, for example.

I suspect multi-colored outfits are going to be the new hoodies in crime.

One of the most dramatic revelations is that both the Shetland Islands Council and Corby Borough Council – among the smallest local authorities in the UK – have more CCTV cameras than the San Francisco Police Department.