Privacynow.tv – nice!

On http://privacynow.tv you can watch some nicely made videos concerning IT security and privacy. Generally, these videos are made for people not very related to any IT stuff … but check it out yourselves.

Organizer of Deepsec is Telling Real News :D

Hmm … don’t get me wrong but Felix and I talked about this approx. one year ago:

“Zur Urlaubszeit lassen sich viele davon mitreißen, von bevorstehenden Reisen zu twittern oder Updates in Blogs oder auf Facebook zu schreiben. Wer seinen Urlaubsort zum Beispiel via ‘Facebook Orte’ preisgibt, erhöht damit parallel auch das Risiko eines Einbruchs im eigenen Heim” …

I first officially mentioned the danger of publishing holiday details on Facebook, twitter etc. at the GI conference in Lübeck last year. See the slides here:

If you need an explanation – tell me. Apparently, the people now realize the tremendous impact social networks can have on your privacy – unfortunately 3 years too late :-/.

Social Network Privacy – WPES 10

I just read the abstract of the first paper listed here and I thought:”Guys … that’s what we’ve been preaching for about four years.” Sophisticated identity theft based on social network data. Welcome to the 21st century …

How To Permanently Delete Your Account on Popular Websites

This is indeed an interesting article. It shows the difficulties with deleting your own account on several huge popular web 2.0 websites. Astonishing was the fact that deleting your PayPal account is totally straightforward:

Closing a PayPal account is pretty simple. Just log in to your account, and then click on your “Profile” link. From there, click on the “Close Account” link in the “Account Information” column. You’ll be prompted to continue from there and then you’ll need to click the “Close Account” button.

Facebook and the privacy dilemma

Awesome movie … unfortunately only in german!

Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)

One of the most widely used terms to describe personal information is PII. Examples of PII range from an individual‘s name or email address to an individual‘s financial and medical records or criminal history. Unauthorized access, use, or disclosure of PII can seriously harm both individuals, by contributing to identity theft, blackmail, or embarrassment, and the organization, by reducing public trust in the organization or creating legal liability.

From “Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)” published by NIST

Attacking Chatroulette

Interesting research concerning privacy in video chat systems. Find more information here.

Datenschutz und Datensicherheit

Together with a workmate, I’m co-publisher of the latest edition of the “DuD aka Datenschutz und Datensicherheit”.

This release contains various articles about privacy and data security especially in the field of social networks! We asked several well known researchers to contribute to this special release on social networks. Check out the abstracts here and our editorial here.

Locational Privacy – owned!

You remember the stories around foursquare, pleaserobme.com etc? You consider this topic as interesting? Then you should have a look at this story on wired.com! The EFF also has a brief article about the general issue of locational privacy!

Secure P2P Filesharing

First of all: Filesharing in general is not evil! Generally, this has nothing to do with the bawling of the music industry. Hence, projects like RetroShare are worth to be mentioned and supported:

RetroShare combines Chatting and Instant Messaging with your friends and filesharing. You have only connections to your trusted friends, not to every peer, so it is secure and safe. All is serverless, opensource and encrypted. You can search for files, which all your friends share. With turtle hopping even the friends of your friends can provide files while staying connected only to your trusted direct neighboring friends. Channels allow sending messages and recommending files to select groups of friends.

Sounds promising! Especially the fact that it is open source and everybody can extend or improve the security features sounds really nice. Perhaps I’ll find some time in the future to try this piece of software by myself.

Have you been facebooked?

“We got a Facebook down … I repeat … we got a Facebook down!”

Facebook!

Privacy aware GPG based Social Network

Cool, not new but very promising idea: Diaspora – the privacy aware, personally controlled, do-it-all distributed open source social network. Get more information here.

What is it?  Enter your Diaspora “seed,” a personal web server that stores all of your information and shares it with your friends. Diaspora knows how to securely share (using GPG) your pictures, videos, and more. When you have a Diaspora seed of your own, you own your social graph, you have access to your information however you want, whenever you want, and you have full control of your online identity. Once we have built a solid foundation, we will make Diaspora easy to extend to facilitate any type of communication, and the possibilities will be endless.

There is no definite need for crawling Facebook

This service graph.facebook.com provides an API with which you can get each entry on facebook:

The new Graph API attempts to drastically simplify the way developers read and write data to Facebook. It presents a simple, consistent view of the Facebook social graph, uniformly representing objects in the graph (e.g., people, photos, events, and fan pages) and the connections between them (e.g., friend relationships, shared content, and photo tags).

Every object in the social graph has a unique ID. You can fetch the data associated with an object by fetching https://graph.facebook.com/ID. For example, the official page for the Facebook Platform has id 19292868552, so you can fetch the object at https://graph.facebook.com/19292868552:

Indeed, facebook does not give a damn f*** about privacy.

Have you met Kate?

Kate’s friends are pretty nice guys: They organized a birthday party for her and announced that on Facebook. (Un)fortunately, only about 25,000 people wanted to attend this party.

Read more here … and yes, the party will be at the 1st of May.

On Social Network Research

Interesting research on Facebook and other social networks is currently done by Pete Warden. Obviously he has crawled lots of facebook profiles and now thinks to publish them.

Anyway, if you ask me, a lot of interesting research can be made with this data.

Update: Podcast of Stiftung Warentest Social Network Privacy Research

Update for this blogpost:

Here you can listen to a german podcast published on blog.suxess24.com in which the project leader of the privacy test talks about the results.

Social Network Privacy Ranking published

Stiftung Warentest, a german foundation for testing goods, services and stuff people buy or order, recently released a test case about privacy in social networks.

Get further information about the results on this webpage. Interesting!

PLA roxx the Twitter addicted

You’ve probably already heard of pleaserobme.com – this abusing of twitter and foursquare.com – now this useful website goes to another level: PLA (Phone Losers of America) recently released a session in which they call the people twittering their direct locations. It’s quite funny to see the people reacting.

Just imagine:
You go to a bar with a couple of friends and you really have the pressure to put this information on twitter and foursquare. So perhaps PLA comes around by calling the bar and ask for you.

“This is you from the future … don’t buy this stuff! “
“I don’t recognize my voice …”

“This is Roy from the Mastercard Office … it seems like your card is not valid anymore … “
“What … “

“This is Rob with the blabla-office … you’re not welcome anymore … please leave!”

Funny! Really awesome! I can also recommend the other prank call session of PLA.

Nice Work! How Google Docs Leaks Your Identity

In the blog of “33bits of entropy” I found a very interesting article about identity leakage on GoogleDocs. The attack is fairly simple making it even worse to all google users. I just quote the main details:

The attack works by embedding an invisible iframe (dimensions 0×0) into the malicious web page. The iframe loads a public spreadsheet that the attacker has already created. In a separate backend process, the attacker constantly checks the list of people viewing the spreadsheet and records this information. After the iframe is embedded, the Javascript on the page page waits a second or two and queries the attacker’s server to get the username of the user who most recently appeared on the list.

Very nice finding! This is another example showing that Google doesn’t give a sh** about your personal credentials.