The Privacy Blog Podcast – Ep.10: Storage Capacity of the NSA Data Center, Royal Baby Phishing Attacks, and how your SIM Card is Putting you at Risk

Welcome to Episode 10 of The Privacy Blog Podcast, brought to you by Anonymizer. In July’s episode, I’ll be talking about the storage capacity of the NSA’s data center in Utah and whether the US really is the most surveilled country in the world. Next, I’ll explain why the new royal baby is trying to hack you and how your own phone’s SIM card could be putting your privacy at risk.

Lastly, I’ll discuss the current legal status of law enforcement geolocation, Yahoo!’s decision to reuse account names, and  some exciting Anonymizer Universal news.

As always, feel free to leave any questions in the comments section. Thanks for listening!

The Privacy Blog Podcast - Ep.6: Breaking Privacy News – Facebook “Likes” Predict Personality, Google's Wi-Fi Sniffing, and the Six Strikes Anti-Piracy Policy

In the March episode of The Privacy Blog Podcast, I’ll run down some of the major privacy news events of the last month. Learn how Facebook “Likes” can paint an extremely detailed and eerie picture of your real-life character traits. I’ll provide my take on Google’s Street View Wi-Fi sniffing controversy along with how “Do Not Track” flags are affecting the everyday Internet user. We’ll then touch on the implementation of the “Six Strikes” copyright alert system that was recently adopted by all five major ISP providers. Stay tuned until the end of the episode to hear about Anonymizer’s exciting new beta program for Android and iOS devices. Thanks for listening!

Anonymizer Nevercookie tool is now available

I am very excited that we have finally released our new free "Anonymizer Nevercookie" product. You can download it here from our facebook account. It enhances the private browsing mode in Firefox to protect against a whole range of new kinds of tracking cookies that currently are nearly impossible to delete.

RIM averts BlackBerry ban in UAE | Security - CNET News

RIM averts BlackBerry ban in UAE | Security - CNET News The announcement provides very little information about what RIM did to avert the ban, whether they made significant changed (compromises) to their system, or whether the UAE blinked and backed down from the threatened ban.

Facebook Session Hijack Video

We discovered a major security hole in Facebook almost by accident. The exploit is so trivial I can't justify calling it hacking. Any time you are on an open WiFi and accessing Facebook, anyone else on the same network can easily grab your credential and access Facebook as you with full access to your account.

We have posted a video demonstrating this to YouTube as well as putting it in the Anonymizer Labs section of our website.

New Anonymizer Knowledge Center

We are working hard to improve our website and would welcome your suggestions and feedback on how to improve it.

One new addition is our Knowledge Center where we are trying to share information about privacy and security issues. Within the Knowledge Center we have a section we call "The Lab" (click the tab in the Knowledge Center).

Anonymizer's R&D team is always discovering new and interesting things so we decided we should set up some place where we can share them. To kick off the new section we have posted two videos. The first is a frightening video about Facebook security, and the second is a video of me which introduces the issue of on-line privacy. We plan to post more articles, white papers, and videos going forward.

Declaration29 - EU plan to retain data on all Internet searches

The European Parliament appears to be trying to create a regulation to require search engine companies to retain total information about their user's searches for a period of years. If you are in the EU area, I strongly encourage you to reach out to fight this.

Declaration29: "A group of members of European Parliament is collecting signatures for a Written Declaration that reads: 'The European Parliament [...] Asks the Council and the Commission to implement Directive 2006/24/EC and extend it to search engines in order to tackle online child pornography and sex offending rapidly and effectively'.

The Data Retention Directive 2006/24/EC requires that details on every telephone call, text message, e-mail and Internet connection be recorded for months, for the entire population, in the absence of any suspicion. As to what is wrong with data retention please refer to DRletter. The Written Declaration even wants to extend data retention to search engines, meaning that your search terms could be tracked for months back.

The proposed declaration has been signed by 371 MEPs (list of names here) - and thus reached the 368 members needed to pass it. Many MEPs signed because of the title of the document ('setting up a European early warning system (EWS) for paedophiles and sex offenders'), not knowing that they are endorsing blanket data retention as well. More than 30 MEPs decided to withdraw their signature, one even on the day of adoption."


Privacy and Corporations at CFP Conference

I am very excited to be organizing a couple of panels at this year's "Computers Freedom and Privacy" (CFP) Conference in San Jose June 15-18.

Historically the conference has focused on personal privacy / freedom issues, technologies, and policies. That was certainly my focus as well when I started Anonymizer. Over time I have become aware of some other aspects to the privacy issue that I have not seen discussed. In addition to corporations impacting privacy of their customers, users, employees, etc. they also have issues and needs for privacy themselves.

Companies activities are monitored, analyzed, blocked, misinformed, and censored. While these have analogs in the personal privacy world, the details, impacts and scale, and solutions to the problems are often very different.

I am organizing a panel to discuss these issues at the conference and would love to hear from others who may have experienced these kinds of issues and would be willing and able to share them at this conference.

Cypherpunk retrospective at 20th anniversary CFP conference

This year the "Computers Freedom and Privacy" (CFP) conference is taking place in San Jose from June 15-18. This year is the 20th anniversary of the conference which helped shape my thinking about Internet Privacy and introduced me to many of the key players in this space.

Around the same time in 1992 an email mailing list started called "Cypherpunks". Members were devoted discussions of Internet freedom and to creating and distributing privacy and security tools. Best known of these are the various flavors of Anonymous Remailers following the original

This seems like a good time to stop and take stock of what has been achieved, lost, and abandoned in the evolution of privacy and anonymity on the Internet. I have organized a panel at CFP of some of the key Cypherpunks from the early days to talk about those early days, and share their vision and insight about where we are and where we should / are likely to end up.

I hope I will see many of you there.

Anonymous iPad anyone?

Having just finished initial testing with the actual iPad device, I am pleased to announce that Anonymizer Universal (AU) provides the same level of support on the iPad that we have been providing for the iPhone and iPod Touch! Considering how these devices are going to be used, the combination of privacy along with the security when using insecure WiFi is really critical.

"Anonymizer Universal" product suite launched!

I am really excited to announce our new product “Anonymizer Universal” (AU), available starting today. AU represents a totally new architecture for our services. Not only is it more powerful, faster, and much more capable, but it now also supports Mac and iPhone platforms! With one subscription you can use it across any of the supported devices.

Our new solution is VPN based, and bypasses any specific software support issues. AU works with any browser. Any program that connects to the Internet will automatically take advantage of AU. All connections between your computer and Anonymizer are cryptographically protected.

AU continues to leverage our massively scaleable backend infrastructure that provides the anonymity and daily rotating IP addresses.

AU will replace both our “Anonymous Surfing” and “Total Net Shield products”. “Nyms” is becoming all web based and will soon be upgraded with new interface options and better integration.

Expect to see more new capabilities and expanded solutions going forward as the renewed and expanded resources we are devoting to these products bear fruit.

Update on new products

Our major new product release is now in Beta. We were hoping to release it in late 2009, but the testing has revealed some issues we want to fix first. I am not willing to compromise on the quality or security of our products. The unsatisfactory result of trying to stretch our old framework to work with new operating systems and browsers drove us to this total re-architecture of the solutions. A nice side effect is that the new products will work cross platform (we should launch with Mac, Windows and iPhone), and support many more programs and protocols than the old solutions. It supports all the latest browsers on all supported platforms.

We don't have a firm ship date yet, but we are getting close.

Changes at Anonymizer

It has been a while since the last major change to the product suite at Anonymizer. We have been thinking long and hard about how best to continue to improve the services we offer. Anyone who has been an Anonymizer customer or has ever read my blog knows of my staunch commitment to listening to our users and providing the highest quality offerings available.

Some of our products provide important capabilities, but are not unique or distinctive to Anonymizer. Lately our development team has been spread thin updating and improving a wide range of software services. I want to make sure we are focusing on our core Anonymizer tools and making them the best they can be. As part of this continuing effort, I wanted to let you know that we’ve decided to discontinue offering our Dial-Up, Digital Shredder Lite and Anti-Spyware features, effective September 15, 2008. Doing so will ensure that we can remain focused on our Anonymous Surfing, Total Net Shield, and Nyms services.

You can find the official word on this at our Anonymizer Support Center Subscribers can also call our dedicated customer support team at 888-270-0141 between the hours of 7:30 a.m. and 5 p.m. PST Monday-Friday.

Please leave your suggestions for how we can improve our core products either here, or better yet as feedback to our customer support center. The Internet makes for a rapidly changing landscape. Only with your suggestions can we continue to shape Anonymizer to meet your needs.

Big Announcement

I have some exciting news to announce today. Anonymizer is in the process of being merged with Abraxas <>. I initially started talking with Abraxas about a possible partnership but synergies between the companies were so clear the conversation quickly went from discussions of teaming to discussions of acquisition. Abraxas is a very well respected risk mitigation company with many unique technologies and capabilities. This combination will enable Anonymizer to significantly enhance and broaden its offerings. I am excited by the prospect of rolling out these new capabilities to our users over the next months and years.  This is the start of a new and exciting phase for Anonymizer.Anonymizer will continue to operate independently under the existing management team (including me) as an independent subsidiary of Abraxas. In addition, I am thrilled to be taking a very visible leadership position in Abraxas as their Chief Scientist. This change will have no negative impact on the level of privacy we provide to our users. My personal reputation is and has been closely linked to the ethical behavior and trustworthiness of Anonymizer. Nothing will happen to compromise that integrity.


Slashdot | Web-based Anonymizer Discontinued

Slashdot | Web-based Anonymizer Discontinued A number of people have commented on this non-story regarding Anonymizer discontinuing services for Private Surfing. Some comments are making false or misleading statements, so I will address the issue here in hope to set the record straight.

Anonymizer chose to discontinue Private Surfing because its basic methodology was reaching the end of its useful life. The product was very effective when Web sites were simple, flat HTML. Today, most popular Web sites require active content to function. Active content presents a major problem in URL re-writing proxies; hostile code can cause the browser to make a direct connection to the server, thus exposing the user's identity.

Anonymizer's Private Surfing product used very sophisticated techniques to parse and re-write the active content to enable it to work safely. Despite our best efforts though, we felt that Private Surfing would not be able to maintain what is considered to be an acceptable level of service by Anonymizer's standards. We feel that it is not possible to provide functional active content and full security without the use of client software. To be clear, Anonymizer has only discontinued its web-based private surfing service—Anonymizer still provides client-based privacy services.

Anonymizer started the process to "end of life" Private Surfing many months ago. Subscribers were notified in advance and automatically transitioned to our latest privacy protection solution,Anonymous Surfing, at no additional charge for one year.

Anonymizer is in no way backing away from its commitment to deliver the most secure online privacy services for consumers, businesses and government organizations.


My purpose in creating this blog is to address trends and issues in online privacy and security. Having been in the trenches in these areas since around 1992, I bring a very applied, practical, and pragmatic viewpoint to the discussion. My personal perspective is based in the strong principles of privacy and free speech. These absolutes have been tempered over the years, and especially flagrantly in the World Wide Web, which led me to pursue a career in providing privacy and identity protection services.

With this blog, I hope to help, educate, and spur lively debate around these and related issues. Your feedback is greatly appreciated as I look for the best structure for this blog.