Uber knows where you go, even after ride is over

Enlarge / Uber's iOS popup asking for new surveillance permissions.

As promised, Uber is now tracking you even when your ride is over. The ride-hailing service said the surveillance—even when riders close the app—will improve its service.

The company now tracks customers from when they request a ride until five minutes after the ride has ended. According to Uber, the move will help drivers locate riders without having to call them, and it will also allow Uber to analyze whether people are being dropped off and picked up properly—like on the correct side of the street.

"We do this to improve pickups, drop-offs, customer service, and to enhance safety," Uber said. In a statement, the company said:

We're always thinking about ways we can improve the rider experience from sharpening our ETA estimates to identifying the best pick up location on any given street. Location is at the heart of the Uber experience, and we're asking riders to provide us with more information to achieve these goals.

Uber announced that it would make the change last year to allow surveillance in the app's background, prompting a Federal Trade Commission complaint. (PDF) The Electronic Privacy Information Center said at the time that "this collection of user's information far exceeds what customers expect from the transportation service. Users would not expect the company to collect location information when customers are not actively using the app." The complaint went nowhere.

However, users must consent to the new surveillance. A popup—like the one shown at the top of this story—asks users to approve the tracking. Uber says on its site that riders "can disable location services through your device settings" and manually enter a pickup address.

Uber and the New York Attorney General's office in January entered into an agreement to help protect users' location data. The deal requires Uber to encrypt location data and to protect it with multi-factor authentication.

Cloudflare reCAPTCHA Exposes Tor User's Anonymity

Online privacy is an Internet buzzword nowadays. If you are also concerned about the privacy of your web surfing, the most efficient way is to use TOR – a free software that lets users communicate anonymously by hiding their actual location from snoopers.

The Tor network—used by activists, journalists, law enforcement, and yes, criminals—is famous for cloaking web surfers’ identities and locations. But, apparently, there's a risk to all that protective anonymity.
 
Cloudflare's insistence on solving reCAPTCHA puzzles when visitors are coming from Tor exit nodes to one of the 2 million web sites that Cloudflare 'protects' can be very instrumental for traffic analysis and de-anonymizing of Tor users.

This is how:

The only non-public prerequisite for the de-anonymizing entity is the ability to monitor traffic between ISPs and Tor entry nodes, and traffic entering Cloudflare servers (no decryption required in either case). There are, of course, no 2 million Cloudflare servers, probably there is no more than few hundred.

Each click on one of the images in the puzzle generates a total of about 50 packets between Tor user's computer and the Cloudflare's server (about half are requests and half are real-time responses from the server.) All this happens in less than a second, so eventual jitter introduced in onion mixing is immaterial. The packet group has predictable sizes and patterns, so all the adversary has to do is note the easily detectable signature of the "image click" event, and correlate it with the same on the Cloudflare side. Again, no decryption required.

There likely are many simultaneous users (thousands), but they do not solve puzzles at the same time, and they do not click on the puzzle image at the same time. Simple math shows that disambiguating is trivial. If there is some ambiguity left, Cloudflare can conveniently serve few more images to specific users (or even random users, as long as within the same few seconds different users get different amount of 'correct' images.)

This obvious opportunity is not the proof, but NSA would have to be utterly incompetent not to be exploiting it. No one is that incompetent.





Source:CRYPTOME

Find out how Facebook knows everything about you

Do you know Facebook knows everything about you and your preferences? Find out how

If you are a Facebook user, then you should know that by using Facebook, you have given consent to the company to track your activity for advertisers, who in turn hope to show you products that you will want to buy. This means that you cannot opt out of ads on Facebook unless you stop using Facebook completely.

However, you can do a lot to control the ads you see and stop Facebook from tracking what you do on the rest of the internet in service of its advertisers.

Besides all the usual arguments about privacy, there is another good reason to figure out what Facebook knows about you. It shows you ads based on what it thinks you like. The better it does this, the more likely you are going to see ads on things that truly interest you.

Facebook has three ways to figure you out

According to Business Insider, Facebook finds out information about you from what you tell them directly (name, age, marital status, parental status, where you live, work, went to school, etc.), what you do while you are on Facebook (stuff you have “liked”, groups you joined, photos you shared), and all the other things you do outside of Facebook on the internet. This includes the websites you visit, which track this information via cookies. Facebook reads these cookies and uses that information to display ads on its site and other websites.

Visit your Ad Preferences to see what Facebook thinks you like

It’s easy to see the things you’ve directly shared with Facebook (and your friends) on your Timeline profile page. However, to view a full total of what Facebook thinks you like, you need to find a tool called Ad Preferences.

So, Facebook has published a slideshow that helps you it, since it may sound unfamiliar. You can find it by using the controls Facebook has inserted into the ads themselves.

Go to your Facebook news feed. Move your mouse over any ad you see in the right-hand column and look for the little “x” to appear in the corner of the ad and click on it. Otherwise, you can look for an ad in your news stream, look for a little arrow and click on it.

By locating “Why am I seeing this?” you can reach the Ad Preferences page where you can tell Facebook which types of ads you prefer.

In fact, Facebook states that changing this “won’t change how many ads you see…because we’ll know more about what you like, [the ads that appear]should be more relevant.”

Click on Manage Your Ad Preferences

Based on the things you have liked, you can manage your ad preferences from a list of generic categories. Under each entry are the specific categories and things you have liked. These influence the ads you see.

Even after you change your preferences Facebook warns that, “you might still see ads that seem related to things you removed. For example, you might see an ad if it’s broadly targeted to everyone in your town or city.”

You can make Facebook stop tracking you on the internet

You can also make Facebook stop tracking you on the internet by selecting the lock icon in the top blue bar, then click on “Ads” in the left column and switch it off.

While this will not stop Facebook from showing you just as many ads, it won’t be using your web activity for them.

You can also decline other companies from tracking your web activity for ads through the Digital Advertising Alliance in the USA, Digital Advertising Alliance of Canada in Canada or the European Digital Advertising Alliance in Europe.

You can also opt out of letting other companies track your web activity for ads through the Digital Advertising Alliance in the USA, Digital Advertising Alliance of Canada in Canada or the European Digital Advertising Alliance in Europe.

Court orders Google to pay Dr Janice Duffy $100,000 plus interest for not removing her from Google Search

Court orders Google to pay Dr Janice Duffy $100,000 plus interest for not removing her from Google Search

An Australian woman has been awarded $100,000 in damages, plus interest after she successfully won the defamation case filed against Google.

Janice Duffy, 59, a former SA health department researcher took the internet search giant to court after claiming articles published on the “Ripoff Report” website from 2007 defamed her. The site is a “shaming platform” that allows anyone to post reports about people whom they suspect are behaving in a criminal or dishonest manner, regardless of its factual accuracy.

Despite bringing the articles to their attention, Google denied her request to remove the webpages from its search engine inspite of telling them that her prospective employers could chance upon the material.

Finally, in 2011, she launched a civil lawsuit against Google in the South Australian Supreme Court, as for two years, it refused her written requests to take action on her behalf.

The court heard Google progressively removed the display of extracts from and links to the “Ripoff Report” from its Australian website.

Dr Duffy also claimed the auto-complete search terms suggested by Google were harmful, due to them directing users to the “Ripoff Report” site.

Also See:Facebook bug welcomes new year by telling users they have been friends for 46 years

Google fought the case, arguing defences of innocent dissemination, qualified privilege, justification and contextual truth.

In his judgment in October, Justice Malcolm Blue struck out several of the defences.

He found the search results either published, republished or directed users towards comments harmful to her reputation.

On Wednesday, Justice Blue awarded Dr Duffy damages of $100,000 and a $15,000 lump sum to cover interest.

Dr Duffy’s lawyer, Paul Heywood-Smith, has also asked the Supreme Court to make an order for costs to cover the legal fees his client has paid during the lengthy battle.

The court has reserved its decision on costs.

Counsel for Google has asked payment of those amounts to be stayed until January, pending argument on court costs and a possible appeal.

‘I stood up to them and for that I’m pleased’

Dr Duffy has tweeted that if Google was to launch any appeal, she would respond with a “cross appeal”.

Outside court, she described Wednesday’s ruling as “vindication”.

“It’s been a long battle and it’s not over,” she said.

“After the trial I couldn’t get off the couch for three weeks … but it’s something that has to be done.

“I think that they thought that they could make me go away. I’m stubborn.

“I stood up to them and for that I’m pleased. I beat the bastards.”

Earlier this year, Dr Duffy represented herself during the trial, after initially being represented by lawyers.

Since the trial she has again hired legal representation.

The ruling comes after Google was ordered by the European Court of Justice to introduce the “right to be forgotten”, which means old, inaccurate or irrelevant data must be omitted from search results if a person involved requests it.

Microsoft with its ‘Super Spy’ Windows 10 is collecting more data than thought before

The Redmond software giant Microsoft’s Windows 10 is fast becoming world’s preferred operating system over Windows 7 or 8.1. Despite its continued insistence that Windows 10 isn’t spying on anyone, Microsoft seems to have taken an interest in how much time you are using its Windows 10 operating system. However, Microsoft has done little to assure the majority of privacy conscious users that its latest operating system isn’t taking more data than it needs.

In order to emphasize its claim, Microsoft updated its privacy policy to clear how and when the OS makes use of user data. However, with its latest Threshold 2 Update, Microsoft is observing how long people are using the operating system and sending the data to Redmond.

The enthusiasm was shared by Microsoft in a blog post filled with data extracted from users.

On Monday morning, Yusuf Mehdi, Corporate VP of the Windows and Devices Group, disclosed that Windows 10 was active on over 200 million devices. The main factor that is contributing its quick growth is that is currently offered for free to existing Windows users on Windows 7 or Windows 8.1. So, it is really not astonishing if this is happening.

Microsoft felt the need to share some milestones to demonstrate the popularity of Windows 10:

1. People spent more than 11 billion hours on Windows 10 in December 2015.
2. 44.5 billion minutes were spent in Microsoft Edge across Windows 10 devices in December 2015 (0.71 billion hours).
3. Users asked Cortana more than 2.5 billion questions since launch.
4. More than 82 billion photos were viewed in the Windows 10 Photo application.
5. Windows 10 gamers spent over 4 billion hours playing PC games.
6. Gamers have streamed more than 6.6 million hours of Xbox One games to Windows 10 PCs.
7. About 30% more Bing search queries from Windows devices compared to previous versions of Windows.

Definitely, these are interesting statistics and could be troublesome for many privacy lovers.

“The statistics indicate that Microsoft may be collecting more data than initially thought,” writes Martin Brinkmann of ghacks. “While it is unclear what data is exactly collected, it is clear that the company is collecting information about the use of individual applications and programs on Windows at the very least.”

Data collection to a degree is unavoidable, as it occurs on every connected device. However, what is more bothersome about Windows 10 is that there is no clarity on what data is exactly being collected and there’s no easy way to turn it off.

According to Microsoft, the data collection in Windows 10 is for a greater good. It is being used to make the product work better and that is certainly true to an extent as the company is collecting information about the use of individual applications and programs on Windows to find out about the popularity of an application or operating system feature.

Still, since Microsoft does not reveal detailed information about what gets collected and to what end, it is something that users need to be aware about at the very least. We can only hope that while Microsoft celebrates its 2015 milestones, it looks to become more transparent in 2016.

The Sony PlayStation Network is down worldwide

Sony’s PlayStation network on PlayStation Vita, PlayStation 3 and PlayStation 4 are down and the irritating fact for gamers is that the company has not given any time frame when the service will be back online.

The PlayStation Network is down worldwide. I’m just back home trying to play with my son when I had the ugly surprise. It is the first massive outage of the year, I searched for information on the Internet and I have found that all the users are suffering the same problem.

Like many other users, I’m receiving an error message saying that the PSN is currently “undergoing maintenance”.

The PlayStation Network online service allows users to access online features of many games and to the official store.

Sony confirmed that the network was “experiencing issues” and its status page showed that the problems were affecting all of its major services, the company hasn’t provided further details on the problem.



Play Station Network also suffered technical issues over the Christmas period, some users reported difficulties in authenticating the online services.

Last year hackers belonging to the hacking group of the Lizard Squad took down at Christmas the online networks of both Microsoft Xbox Live and PlayStation network (PSN) highlighting security issues affecting the services of Sony and Microsoft.

This year another group known as Phantom Squad announced its intention to ruin Christmas for gamers. Phantom Squad also said that both platforms are vulnerable to attacks, and they add that they were able to take down Xbox live during the weekend.

At the time I was writing, the Sony’s “Network Service Status” confirmed the problems suffered by users accessing the Sony platform.



The Sony Play Station network is down, including the PlayStation 3 and 4 and web services.

A screenshot from status.playstation.com shows the service is down:

It is unclear what caused the outage worldwide nor any hacking group has accepted responsibility for targeting the PlayStation network with their usual DDoS attacks. However, one Twitter user shared an Interesting DDoS map showing cyber attacks on the US from Chinese side (That doesn’t mean there was an attack on PlayStation network by Chinese hackers).

Now Android Malware Uses Firewell Rules To Evade Detection From Antivirus Security Applicaion

Android Malware Uses Firewell Rules To Evade Detection From Antivirus

Researchers at Symantec have discovered a new piece of Android malware that drops and runs a firewall binary called DroidWall on compromised devices to prevent security applications from connecting to their services.

Dubbed Android.Spywaller by Symantec, the malware initially behaves like other mobile threats by hiding its icon in an attempt to cover its track and by releasing an encrypted payload containing the malware service logic and loading it into memory. As soon as the threat has been installed on a compromised device, it displays a “Google Service” icon on the device, although the Internet giant doesn’t offer such a product.

At the same time, the spyware is collecting data belonging to specific third-party communication applications, including 

• WhatsApp
• Wechat
• Skype
• BlackBerry Messenger
• Skype
• Oovoo
• Coco
• QQ
• SinaWeibo
• Talkbox
• TencentWeibo
• Voxer
• and Zello.

According to Symantec, the list of data gathered by this malware ranks it among the most comprehensive spyware to date.

The malware then attempts to root the device and start collecting sensitive information while running in the background. All of the information the malware collects from the device ,exfiltrate sensitive data from compromised devices and then sent to a backend server, Symantec explained in a recent blog post.

The Malware Collect the information including 

• Call logs(PII)
• SMS
• GPS readings
• Browser History
• Browser Saved PasswordE
• Emails
• Radio
• Images
• and contacts.

While this behavior has been seen before in mobile threats, Symantec’s researchers note that the new malware stands out because of another method discovered in its reverse payload which checks to see if the Qihoo 360 mobile security app is installed on the device and then block it.

The Qihoo 360 application is popular in China and has a unique identifier (UID) on each device, and the malware collects the identifier if the program is installed. Next, Android Spywaller drops and runs the DroidWall firewall binary, which is a customized version of iptables for Android. This allows it to create firewall rules that will block the targeted security application by referencing its UID.

Developed by Rodrigo Rosauro as an open source app to help users protect their devices, DroidWall was sold to AVAST in 2011, but its source code is still available from Google Code and Github. Although it was initially designed in the form of a security tool, DroidWall can be used by cybercriminals to compromise user security.

For the time being, the malware is targeted at users in China, where a higher proportion of devices are rooted and more exposed to malware since official Google services are not available in the country.

The infection numbers are currenty relatively low, but the threat is worth noting because its authors are using legitimate tools for malicious purposes. To stay protected, users should install a security solution that can block mobile threats, should keep their software updated at all times, and should make sure they install apps only from trusted sources.

Just say no to Facebook's Free Internet Service "Internet.org", says inventor of "World Wide Web"

‘Just Say No’ To Internet.org, says Tim Berners-Lee, founder of World Wide Web

Attacking Facebook’s initiative known as Free Basics (formerly Internet.org), the English scientist, Tim Berners-Lee also widely known as the inventor of the World Wide Web said that consumers should say no to such initiatives. The initiative by Facebook aims at offering a limited set of websites and apps free of charge to users in developing countries. Berners-Lee added that if something is being offered in the name of the Internet that is not full Internet, then it’s not really free and public.

In an interview with The Guardian, Berners-Lee said people in prominent markets should “just say no” to the project. Speaking about the importance of privacy and the dangers of government snooping, he added that the initiative was not internet and that there were other ways of reducing the price of access.

“When it comes to compromising on net neutrality, I tend to say ‘just say no’,” he said.

According to the reports by The Guardian, Berners-Lee and the Web We Want festival came together to produce a Magna Carta for the 21st century on the 800th anniversary of the signing of Magna Carta. The Web We Want campaign is promoting five key principles for the future of the Web: freedom of expression online and offline, protection of user data and privacy, affordable access to the net, net neutrality, and a decentralised and open infrastructure.

“In the particular case of somebody who’s offering … something which is branded internet, it’s not internet, then you just say no. No it isn’t free, no it isn’t in the public domain, there are other ways of reducing the price of internet connectivity and giving something … (only) giving people data connectivity to part of the network deliberately, I think is a step backwards.”

You Paid For Your Smartphone But Whoever Controls The Software "Owns The Phone"

British spies can hack into your smartphones remotely with just a simple text message and can make audio recordings , take pictures or record video without owners knowing, former US intelligence contractor Edward Snowden said on Monday.

No matter who's the owner the power to control over your smartphones is in their hand."They want to own your phone instead of you," Snowden said in an interview with the BBC's Panorama programme, referring to Britain's Government Communications Headquarters (GCHQ) agency.

Snowden also said that GCHQ used many different interception tools such as "Smurf Suite", after the blue cartoon characters, The Smurfs.
"Nosey Smurf" enabled spies to switch on a smartphone's microphone even if the phone was off, he claimed.

Some other programmes used by GCHQ were named as "Tracker Smurf" and "Dreamy Smurf", which allows them to switch on and off your smartphones remotely, Snowden said.
He said the text message sent by GCHQ to gain access to the phone would not be noticed by its owner. It all works in background of your smartphones as a backdoor service. 

"It's called an 'exploit'," he said.
"When it arrives at your phone it's hidden from you. It's invisible it doesn't display. You paid for your phone but whoever controls the software owns the phone," he added.

The government had declined to comment in line with usual policy on intelligence matters, the BBC said.
After leaking docments to the media about government spy programme, Edward Snowden, has been charged by the US with espionage and theft of government property, has been living in exile in Russia since June 2013.

The British Government & its security agency are planning on implying a new law that would give more powers to intelligence agencies to track online activity to investigate crime.