close
  • Sc chevron_right

    Experian Privacy Vulnerability

    news.movim.eu / Schneier · Wednesday, 11 January - 20:53

Brian Krebs is reporting on a vulnerability in Experian’s website:

Identity thieves have been exploiting a glaring security weakness in the website of Experian, one of the big three consumer credit reporting bureaus. Normally, Experian requires that those seeking a copy of their credit report successfully answer several multiple choice questions about their financial history. But until the end of 2022, Experian’s website allowed anyone to bypass these questions and go straight to the consumer’s report. All that was needed was the person’s name, address, birthday and Social Security number.



  • reply

    Original post deleted

  • wifi_tethering open_in_new

    This post is public

    mov.im

  • favorite

    5 Like

    mario, hugh, lexa36region, marzanna, Timothée Jaussoin

  • Sc chevron_right

    Digital License Plates

    news.movim.eu / Schneier · Wednesday, 12 October - 19:52 · 1 minute

California just legalized digital license plates, which seems like a solution without a problem.

The Rplate can reportedly function in extreme temperatures, has some customization features, and is managed via Bluetooth using a smartphone app. Rplates are also equipped with an LTE antenna, which can be used to push updates, change the plate if the vehicle is reported stolen or lost, and notify vehicle owners if their car may have been stolen.

Perhaps most importantly to the average car owner, Reviver said Rplate owners can renew their registration online through the Reviver mobile app.

That’s it?

Right now, an Rplate for a personal vehicle (the battery version) runs to $19.95 a month for 48 months, which will total $975.60 if kept for the full term. If opting to pay a year at a time, the price is $215.40 a year for the same four-year period, totaling $861.60. Wired plates for commercial vehicles run $24.95 for 48 months, and $275.40 if paid yearly.

That’s a lot to pay for the luxury of not having to find an envelope and stamp.

Plus, the privacy risks:

Privacy risks are an obvious concern when thinking about strapping an always-connected digital device to a car, but the California law has taken steps that may address some of those concerns.

“The bill would generally prohibit an alternative device [i.e. digital plate] from being equipped with GPS or other vehicle location tracking capability,” California’s legislative digest said of the new law. Commercial fleets are exempt from the rule, unsurprisingly.

More important are the security risks. Do we think for a minute that your digital license plate is secure from denial-of-service attacks, or number swapping attacks, or whatever new attacks will be dreamt up? Seems like a piece of stamped metal is the most secure option.

  • Ar chevron_right

    Amazon studio plans lighthearted show of Ring surveillance footage

    news.movim.eu / ArsTechnica · Thursday, 11 August - 22:13

Amazon's combining its endless reach with its constant surveillance—but for laughs.

Enlarge / Amazon's combining its endless reach with its constant surveillance—but for laughs. (credit: Getty Images)

For some people, the term "Ring Nation" might evoke a warrantless surveillance dystopia overseen by an omnipotent megacorp. To Amazon-owned MGM , Ring Nation is a clip show hosted by comedian Wanda Sykes, featuring dancing delivery people and adorable pets.

Deadline reports that the show, due to debut on September 26, is "the latest example of corporate synergy at Amazon." Amazon owns household video security brand Ring, Hollywood studio MGM, and Big Fish, the producer of Ring Nation

Viral videos captured by doorbell cameras have been hot for a while now. You can catch them on late-night talk shows, the r/CaughtOnRing subreddit, and on millions of TikTok users' For You page. Amazon's media properties, perhaps sensing an opportunity to capitalize and soften Ring's image, are sallying forth with an officially branded offering.

Read 5 remaining paragraphs | Comments

  • Ar chevron_right

    FTC aims to counter the “massive scale” of online data collection

    news.movim.eu / ArsTechnica · Thursday, 11 August - 18:09 · 1 minute

FTC Chair Lina Khan said the commission intends to act on commercial data collection, which happens at "a massive scale and in a stunning array of contexts."

Enlarge / FTC Chair Lina Khan said the commission intends to act on commercial data collection, which happens at "a massive scale and in a stunning array of contexts." (credit: Getty Images)

The Federal Trade Commission has kicked off the rulemaking process for privacy regulations that could restrict online surveillance and punish bad data-security practices. It's a move that some privacy advocates say is long overdue, as similar Congressional efforts face endless uncertainty.

The Advanced Notice of Proposed Rulemaking , approved on a 3-2 vote along partisan lines, was spurred by commercial data collection, which occurs at "a massive scale and in a stunning array of contexts," FTC Chair Lina M. Khan said in a press release . Companies surveil online activity, friend networks, browsing and purchase history, location data, and other details; analyze it with opaque algorithms; and sell it through "the massive, opaque market for consumer data," Khan said.

Companies can also fail to secure that data or use it to make services addictive to children. They can also potentially discriminate against customers based on legally protected statuses like race, gender, religion, and age, the FTC said. What's more, the release said, some companies make taking part in their "commercial surveillance" required for service or charge a premium to avoid it, employing dark patterns to keep the systems in place.

Read 8 remaining paragraphs | Comments

  • Ar chevron_right

    Amid backlash from privacy advocates, Meta expands end-to-end encryption trial

    news.movim.eu / ArsTechnica · Thursday, 11 August - 17:46

Meta is ever so slowly expanding its testing of end-to-end encryption

Enlarge (credit: Getty Images)

Meta is ever so slowly expanding its trial of end-to-end encryption in a bid to protect users from snoops and law enforcement.

End-to-end encryption, often abbreviated as E2EE, uses strong cryptography to encrypt messages with a key that is unique to each user. Because the key is in the sole possession of each user, E2EE prevents everyone else—including the app maker, ISP or carrier, and three-letter agencies—from reading a message. Meta first rolled out E2EE in 2016 in its WhatsApp and Messenger apps, with the former providing it by default and the latter offering it as an opt-in feature. The company said it expects to make E2EE the default setting in Messenger by sometime next year. The Instagram messenger, meanwhile, doesn’t offer E2EE at all.

Starting this week, the social media behemoth will begin testing a secure online storage feature for Messenger communication. For now, it’s available only to select users who connect using either an iOS or Android device. Users who are selected will have the option of turning it on.

Read 7 remaining paragraphs | Comments

  • Ar chevron_right

    Small businesses count cost of Apple’s privacy changes

    news.movim.eu / ArsTechnica · Tuesday, 9 August - 13:29

Small businesses count cost of Apple’s privacy changes

Enlarge (credit: Kentaroo Tryman | Getty Images )

Small businesses are cutting back marketing spending due to Apple’s sweeping privacy changes that have made it harder to target new customers online, in a growing trend that has led to billions of dollars in lost revenues for platforms like Facebook.

Apple last year began forcing app developers to get permission to track users and serve them personalized adverts on iPhones and iPads in changes that have transformed the online advertising sector.

Many small companies which are reliant on online ads to attract new customers told the Financial Times they did not initially notice the full impact of Apple’s restrictions until recent months, when price inflation squeezed consumer demand in major markets worldwide.

Read 21 remaining paragraphs | Comments

  • Sc chevron_right

    Ring Gives Videos to Police without a Warrant or User Consent

    news.movim.eu / Schneier · Monday, 1 August, 2022 - 08:16 · 1 minute

Amazon has revealed that it gives police videos from its Ring doorbells without a warrant and without user consent.

Ring recently revealed how often the answer to that question has been yes. The Amazon company responded to an inquiry from US Senator Ed Markey (D-Mass.), confirming that there have been 11 cases in 2022 where Ring complied with police “emergency” requests. In each case, Ring handed over private recordings, including video and audio, without letting users know that police had access to—and potentially downloaded—their data. This raises many concerns about increased police reliance on private surveillance, a practice that has long gone unregulated.

EFF writes :

Police are not the customers for Ring; the people who buy the devices are the customers. But Amazon’s long-standing relationships with police blur that line. For example, in the past Amazon has given coaching to police to tell residents to install the Ring app and purchase cameras for their homes—­an arrangement that made salespeople out of the police force. The LAPD launched an investigation into how Ring provided free devices to officers when people used their discount codes to purchase cameras.

Ring, like other surveillance companies that sell directly to the general public, continues to provide free services to the police, even though they don’t have to. Ring could build a device, sold straight to residents, that ensures police come to the user’s door if they are interested in footage—­but Ring instead has decided it would rather continue making money from residents while providing services to police.

CNet has a good explainer .

Slashdot thread .