The Privacy BlogPrivacy, Security, Cryptography, and Anonymity

TAG | targeting



Macs are not safe from Bears

Bear fancy pattern

Mac users have long had an unwarranted level of confidence about their immunity to malware and hackers. Palo Alto Networks’ recently discovered some Mac malware in the wild, which I hope will make us Mac users pay more attention to security. The malware, which targets mostly the aerospace industry, appears to be from an APT group they call “Fancy Bear”.


· · · ·

Rhino in the cross hairs at a watering hole

At the recent BSides security conference in San Francisco (just before the RSA conference) I had the opportunity to give a talk about targeted attacks and how they are changing the game of cyber defense. The talk was recorded so you can listen to the whole thing, or read a brief summery below.


· ·



Snipers at the Watering Hole


Rhino at watering hole

Security researchers discovered a very sophisticated watering hole attack against Forbes.

There is a major trend towards increasingly targeted cyber attacks, from advanced persistent threats (APT), to spear phishing. Now we are seeing targeting applied to watering hole attacks. I think of this as the sniper at the watering hole. (more…)

· · · · · · ·

The WSJ reports on a recent FTC report endorsing the concept of a universal “do not track” registry similar to the “do not call” list. Predictably the advertising companies are unhappy, and privacy advocated are cheering.

I think that some kind of outside regulation is necessary and inevitable. Self regulation has not worked, and is very unlikely to work in the future. The self interest of the targeted marketers is too diametrically opposed to the principles of transparency and personal control.

The WSJ quotes Rob Norman, chief executive of WPP PLC’s GroupM North America, which buys ads on behalf of corporate clients as whining “FTC endorses ‘do not track’; an emotional goodbye to free content so kindly funded by advertisers.” Lets be clear, there is no “kindly” about it. This is all about making money for the advertiser. The “free content” is simply a delivery vehicle for ads.

Right now the exchange of information and access to the viewer is implicit. This proposal makes it explicit. I see no reason why sites could not, or should not, be set up to require users to opt in to be able to access the content. I would then have the ability to choose to opt out, go elsewhere, or pay to be free of tracking.

The rapidly increasing use of “evercookies” and other very hard to remove tracking techniques shows just how resistant to user control these companies really are. Where the tools and standards exist for users to delete tracking information, the marketing companies are creating new tools to make your choices ineffective.

As if more proof were needed, the marketing companies suggest opting out through their about ads website. Of course, if you want to opt out, you must enable third party cookies on your browser, which simultaneously exposes you to much more effective and intrusive monitoring.

Anonymizer will continue to innovate with new technologies to stay ahead of this arms race with tools like our new “Nevercookie” plugin.

· · · · · · ·

The Wall Street Journal reports that a small group of on-line tracking companies are forming a project to enable those being tracked to see their profiles, and to opt out of tracking. The project, called the “Open Data Partnership” will launch in January. It membership consists of eight tracking firms including BlueKai Inc., Lotame Solutions Inc. and eXelate Inc.

Because this program does not include the majority of companies which track users it is unlikely to have a significant impact on your actual privacy, but it is a worthy experiment and I hope many people will take advantage of it to opt out of at least this tracking.

On-line ads covered by this program will be marked with a small “i” in a blue triangle. If you click on that you should be able to see and modify your stored information, profile, and tracking options.

· · · · ·

This article on The Consumerist reports that Capital One provides different car loan rates based on the browser you use when visiting their site. I suspect that there are some strong demographic trends among the users of various browsers. It would be interesting to see if they give different rates to the same browser in different states or zip codes.

Once again, evidence that “they” are using your personal information in way that may not be good for you.

· · · · · ·