General Musing

blaze your trail

Archive for the ‘privacy’ Category

@Google, please stop with the language! #google

leave a comment »

I have my Google account set up with English as the preferred language, my browser sends the HTTP header message:

Accept-Language: en-us,en;q=0.5

So why do you keep shoving a language I do NOT choose in my face after I’ve asked you numerous times, and in numerous ways, not to. I thought computers listened to people, do you just program your computers to be stupid?

I know I’ve asked this many times, and every single time I’ve been ignored. Perhaps they will listen to me some day…

Written by Daniël W. Crompton (webhat)

August 24, 2010 at 8:41 pm

Posted in nl, privacy, risk

Tagged with , ,

Is RevTrax violating FaceBook privacy policy? #facebook @RevTrax #privacy

leave a comment »

I just read an article Web Coupons Know Lots About You, and They Tell in the New York Times about RevTrax, it stated the following:

“When someone joins a fan club, the user’s Facebook ID becomes visible to the merchandiser,” Jonathan Treiber, RevTrax’s co-founder, said. “We take that and embed it in a bar code or promotion code.”

“When the consumer redeems the offer in store, we can track it back, in this case, not to the Google search term but to the actual Facebook user ID that was signing up,” he said. Although Facebook does not signal that Amy Smith responded to a given ad, Filene’s [Basement] could look up the user ID connected to the coupon and “do some more manual-type research — you could easily see your sex, your location and what you’re interested in,” Mr. Treiber said. (Mr. O’Neil said Filene’s did not do this at the moment.)

RevTrax says that is because it handles data for the retailers and does not directly interact with consumers. RevTrax can also include retailers’ own client identification numbers (Amy Smith might be client No. 2458230), then the retailer can connect that with the actual person if it wants to, for example, to send a follow-up offer or a thank-you note.

Isn’t this in direct violation of policy if the user joins as a fan?

If you offer a service for a user that integrates user data into a physical product (such as a scrapbook or calendar), you must only create a physical product for that user’s personal and non-commercial use.[1]

You must not give data you receive from us to any third party, including ad networks.[1]

You may not give data you receive from us to any third party, including advertising networks.[2]

… with respect to the Statement of Rights and Responsibilities clause 9.2.4, if the user de-authorizes, disconnects, or otherwise disassociates from your application, the permission to “store indefinitely” is rescinded for all user data you received from Facebook except for the User ID. In that event you can retain the User ID indefinitely (so that you can recognize the returning user, identify who created Independent Data in your application, or for other purposes limited to use related to your application), but all other user data you received from Facebook must be deleted as soon as possible (and in no case longer than 24 hours after you received it).[3]

It looks like they store the data offline, in a commercial product a coupon. And they share the data with a third party.

Written by Daniël W. Crompton (webhat)

April 17, 2010 at 9:59 pm

Implementation of Security #risk

with one comment

The lack of trained and experienced computer security people working in small to medium sized businesses today means that many times this is left to the regular IT departments to solve, if there even is an IT department. In many cases this leads to vendors educating the IT department on what are best practices, this is often to the advantage of both the vendors and the company. Important to remember is that such inequality and lack of knowledge on the part of the IT department can lead to a situation that when a vendor leaves the knowledge leaves with him/her. In the end the vendor is there to sell their software.

Read the rest of this entry »

Written by Daniël W. Crompton (webhat)

March 5, 2010 at 10:57 am

Tightening your Security Budget #security

leave a comment »

I was reading 6 Tips For Doing More Security With Less and was happily surprised by the following points:

1. Get out of the deployment business.
3. Get more out of your existing security tools and systems

1. Get out of the deployment business.
IT security should definitely be involved in selecting data protection tools, but shouldn’t be dealing with provisioning tools that require heavy customization, Forrester’s Jaquith says. That can drain already-limited resources.

Many companies want provisioning tools with which they can specifically add users and specific edit fields, they want a helpdesk to perform this task so they can have cheap labour without compromising security. This is a short term thinking by Forrester, in my opinion.

3. Get more out of your existing security tools and systems
Consider reorienting the more labor-intensive tools, such as those for data leakage prevention (DLP), he says. Forrester recommends using DLP products mainly for monitoring activity rather than for blocking the leakage of data. And enlist the help of your business units to get the big picture on where data is flowing in the organization. “If you are looking at DLP to stop a data leak, you’re probably a little too late. You need to understand how users are using the information they have, what they are downloading, [etc.],” he says.

Absolutely, if you are using DLP to prevent data leakage you are doing it wrong. Implementing controls to monitor data leakage and informing your employees is far more effective and less intensive on the budget. The recently passed Nokia Law to allow email snooping may look evil on the surface, but this is also part of DLP. Personally I am against the tactics used by Nokia, but they have a valid reason to monitor their network traffic for data leakage, corporate espionage.

Technorati Technorati Tags: , , , , , , ,

Written by Daniël W. Crompton (webhat)

March 5, 2009 at 7:33 pm

Banks don’t understand Privacy #privacy

leave a comment »

I was approached by a recruiter for a role as PKI specialist for a Dutch bank. They asked me to send them a copy of my passport over the internet. They wanted to forward this to the bank. According to the recruiter this was normal practice for them and the bank.

Interestingly enough when I had privacy concerns they thought I was making a big deal about nothing. This is the recruiter for the Triple-A rated Dutch bank, who I’ve mentioned in my blog before. I refused to send a copy of my passport over the internet, and told the recruiter that I would need some assurance that they would not send it over the internet.

Technorati Tags: , , , ,

Written by Daniël W. Crompton (webhat)

September 7, 2008 at 7:39 pm

Posted in pki, privacy, risk, security

Tagged with , , , ,

Predicting Chrome Privacy and Banking #google

leave a comment »

I have the proof: German Security Office Smells Stink on Google Chrome, and the irony is that he wasn’t even the first to predict this: Chrome in Sandbox. I installed it in a sandbox to protect me from the combination Internet & Beta Software, and I protected myself from Google.

Technorati Tags: , , ,

Written by Daniël W. Crompton (webhat)

September 7, 2008 at 7:11 pm

Posted in privacy, risk, security

Tagged with , , ,

Chrome in Sandbox #google

with one comment

I finally decided to install Google Chrome, but I thought to make it even more powerful as a privacy protector I would install it in a sandbox, specifically Sandboxie.

Technorati Tags: , , ,

Written by Daniël W. Crompton (webhat)

September 5, 2008 at 5:19 pm

Posted in privacy

Tagged with , , ,

%d bloggers like this: