Posts

Showing posts with the label security

Why do consumers only care about identifiers?

Image
Tony Fish @My Digital Footprint I posted this yesterday , and been thinking in this world of digital identity, why do consumers only really care about identifies rather than other aspects of identity. By identifies I mean …. Unique identifies [health number, social security number, NI, bank account number, driver licence number, passport number, phone number, IMEI number, SIM number etc etc (Kaliya describes this as an end point)] – people are worried about this mostly for unique identity fraud purposes but mix what is possible with what is sensational. If unique…. far easier to detect fraud. Context identifies  [name, address, date of birth, home town, post code, aliments, age, likes, friends, employment, number plate]  these are semi unique, confusion is possible with a small number of data points. Consumers worry about this data set but you cannot be uniquely identified by only your name – there are a few exceptions I know, but the worry is because it is what the c

Anonymity, Privacy, and Security Online from @pewresearch

Image
Source: Pew Research : Download Most (US) internet users would like to be anonymous online at least occasionally, but many think it is not possible to be completely anonymous online. New findings in a national survey show: 86% of internet users have taken steps online to remove or mask their digital footprints—ranging from clearing cookies to encrypting their email, from avoiding using their name to using virtual networks that mask their internet protocol (IP) address. 55% of internet users have taken steps to avoid observation by specific people, organizations, or the government Love human behaviour, they think that by deleting what it says on their computer that the record has gone……

How PRISM could work via @ashk4n - excellent insight

Image
Source: http://ashkansoltani.org/2013/06/14/prism-solving-for-x/ This is presented by Ashkan Soltani who is an independent researcher and consultant focused on privacy, security, and behavioural economics. The entire post is worth reading as it just tries to put some sense out about what is possible….

My mums 2013 solution for digital security....

Image
If your workplace has been assessed and determined to be at a low level of risk, the following method is recommended to ensure no one can see your passwords or what you're typing:           For a moderate level of risk, this method ensures no one can see your passwords, what you're typing, or which website you're visiting.....             For a high level of risk, this method ensures ultimate security:       Be safe out there people .

bring your own device.. access...security... information... identity

Image
Just thinking out loud on how far Bring Your Own will go… Logo http://blog.byoinfo.com/p/core-concepts.html

GPS Tracking Is a "Search" - confusion over law and freedoms

Image
CDT joined in a  "friend of the court" brief   filed at the U.S. Supreme Court in what could be one of the major Fourth Amendment cases of the decade, U.S. v. Jones, which poses the question of whether the police can plant a GPS device on a person's car for 24/7 tracking without judicial oversight. The brief says: The issue before the Court in this case is not whether GPS tracking ever may be used by the government. Rather, it is whether the government must obtain a warrant in order to employ this technology. CDT's brief was filed jointly with our frequent partner in Fourth Amendment cases, the Electronic Frontier Foundation.  Several things make the brief special.  First, it is also signed by four technologists, whose expertise lends special credibility to the brief.  Moreover, one of the four is Roger Easton, often called the father of GPS for his groundbreaking work at the Naval Research Laboratory.  The other three represent the current generation of experts

Identity is the next big thing for payments

Image
This is an Article from Banking Technology by a sound and hugely respected friend David Birch ------ As the mobile payments area looks set to take finally take off, the next big area for payments services will be identity and authentication, according to a leading commentator. Digital money specialist Dave Birch, a director of Consult Hyperion, this week told the annual Payment Strategies Conference - organised by Experian Identity and Fraud - that "the evolution of an identity market is the next big step" in developing mobile payments and related services. But he warned that "the technologies involved are very different to those in the connectivity space". "In the mass market, biometrics are about convenience, not security," he said. Birch lambasted traditional banks and payments providers for their failure to grasp the nature of the opportunities presented by mobile technologies, which has led them to miss the boat. "I'm almost embarrass

Tokenpay: anonymous payment solution with no digital footprint !

Image
https://www.tokenpay.com/ Mission is to provide a full service, 100% anonymous online transaction solution.  Claims to take privacy and security to all new levels of protection through a closed-loop network allowing for complete anonymity and untraceable online transactions. You are able to maintain undisclosed your online spending habits as we pass absolutely no personal or account information on to the merchant. With Token Pay you keep your money, financial details, and identity safe, secure and private. They offer Indemnification of transactions and no chargebacks. And they are located…. DRS Holdings, Chancery Court Leeward Highway, Turks And Caicos Islands, BWI Assuming you keep your own “data” – this has the weakest of all levels of security !

Considering digital footprint within wider interdependencies: access, control, store, attributes and rights..

Image
The definition of digital footprint DATA in the following blog is used with the most all embracing and generic meaning of data which includes all raw data (collected, implicit, implied, passive or active collection); meta-data (data that defines the data, tags and attributes about the data); and information, insight, knowledge derived from analysis. I start with an assumption that all digital footprint DATA has a creator (seller) and consumer (buyer) and all DATA needs context.  The simple examples of content, you take a photo of me and share it or a transaction, I buy something; highlight a critical point, both the creator (seller) and consumer (buyer) have rights to the DATA.  There are two special cases, one where the creator and consumer is the same body and the other where there is an intermediary or third party (buy something using credit). Irrespective of the structure there may need to be an agreement/ barter/ trade about the DATA and rights. Some of these agreements

good read about the "Tenets of Digital Trust"

Image
  Good thinking   http://blog.lockerproject.org/tenets-of-digital-trust Authenticity   is essentially the digital identifiers that are associated with someone and the confidence in whatever system generates those identifiers, that they represent the same person when repeated. Verifiability   is the degree of your ability to establish the authenticity of someone, either actually in person or via another trusted person or system.  It typically precipitates and helps build authenticity, and comes into question when something unexpected or important happens. Security   is the confidence in the integrity of the computing system both that you're using, and that the other person is using.  There's less trust when using public terminals or if suspicious dialogs happen on your own system, and equally so you wouldn't share something important to a friend who's using a possibly compromised system. Transparency   is all about user interface and messaging, it's how clear and c

Mobile privacy infographic from Lookout

Image
Is Anything Private on Your Phone Anymore? is a blog/ article from Lookout "Outlook decided to look at the range of personal information on your phone, explain the top privacy concerns and give simple steps you can take to put your mind at ease."  Fear, Uncertainty and Doubt sell - especially if you are selling security.  

'Improving user protection and security in cyberspace" - my response to the EU proposal

Image
A Council of Europe members propose resolution on 'Improving user protection and security in cyberspace" "The Parliamentary Assembly is concerned that technological and commercial innovations in Internet and other digital information and communication media are taking place without an adequate analysis of the interests of the weakest part in this process: the user or consumer. For nearly a century, consumer protection principles have been established for traditional commerce of goods and services. However, they are more or less absent in modern cyberspace. Voluntary self-regulation by Internet stakeholders falls short of the legitimate expectations of protection. In their use of the Internet, people come into contact with a multitude of intermediaries and software applications of third parties without knowing. Users of mobile communication devices change their intermediaries while moving. The Internet of things, cloud computing, social networks, peer-to-peer network

Intel is focussing on giving users control of their data

Image
Inspiring consumer confidence through data privacy legislation is the title of the post by David Hoffman. The full / original source is here Essentially this is about new US law from Sen. John Kerry (D-Mass.) and Sen. John McCain (R-Ariz.) introducing the " Commercial Privacy Bill of Rights Act of 2011 ", which is aimed at protecting individuals privacy. David Hoffman, director of security policy and global privacy officer at Intel Corporation believes that federal privacy legislation is essential to individuals’ continued use of and trust in technology, and urges Congress to begin discussion of the bill, so we can establish such a framework of trust.  To which I actually have no major issue with the underlying ideals and principles.  Assuming these principles are : what is yours is yours and you should able to protect it. aka the digital locker, and you should be able to chose how to share your data/ content and with whom and on terms you can control. Here comes the

Mobile Carrier Delays Harm Internet Security via @eft

Image
Original blog : https://www.eff.org/deeplinks/2011/03/carrier-intransigence-harms-internet-security Love little stories like this as who is paying. Apple side load new updates via iTunes and therefore no OTA (over the air) update, therefore no cost to the operator. All the other create an OTA cost for the operator and why should the operator pay to update software that is not their business problem. However, who do I have the contract with! Implication. Free sounds good until you actually need to call someone to fix it. “By delaying or even blocking security updates for mobile devices, mobile carriers put their users, their business, and the country’s critical infrastructure at unnecessary risk. Mobile security problems plague the entire software stack — the baseband, the kernel, the application frameworks, and the applications — and carriers continue to resist shipping regular and frequent updates. Mobile carriers are chiefly to blame for this problem. Although Apple, Google, and Mi

Mobile Carrier Delays Harm Internet Security via @eft

Image
Original blog : https://www.eff.org/deeplinks/2011/03/carrier-intransigence-harms-internet-security Love little stories like this as who is paying.  Apple side load new updates via iTunes and therefore no OTA (over the air) update, therefore no cost to the operator. All the other create an OTA cost for the operator and why should the operator pay to update software that is not their business problem. However, who do I have the contract with! Implication. Free sounds good until you actually need to call someone to fix it. “By delaying or even blocking security updates for mobile devices, mobile carriers put their users, their business, and the country’s critical infrastructure at unnecessary risk. Mobile security problems plague the entire software stack —  the baseband , the kernel, the application frameworks, and the applications — and carriers continue to resist shipping regular and frequent updates. Mobile carriers are chiefly to blame for this problem.  Although Apple, Google,

Mobile Carrier Delays Harm Internet Security via @eft

Image
Original blog : https://www.eff.org/deeplinks/2011/03/carrier-intransigence-harms-internet-security Love little stories like this as who is paying.  Apple side load new updates via iTunes and therefore no OTA (over the air) update, therefore no cost to the operator. All the other create an OTA cost for the operator and why should the operator pay to update software that is not their business problem. However, who do I have the contract with! Implication. Free sounds good until you actually need to call someone to fix it. “By delaying or even blocking security updates for mobile devices, mobile carriers put their users, their business, and the country’s critical infrastructure at unnecessary risk. Mobile security problems plague the entire software stack —  the baseband , the kernel, the application frameworks, and the applications — and carriers continue to resist shipping regular and frequent updates. Mobile carriers are chiefly to blame for this problem.  Although Apple, Google,

Why using the same user ID may give away more than you think - Friday Thoughts

Image
Roger Grimes posted a very insightful blog about reuse of user ID and passwords, with the usual sprinkling of fairy dust and FUD to create sales for security experts, however it co-insides with Microsoft publishing some data about the reuse of passwords on different web sites and a very good research paper from INRIA in France which asked “ How unique and traceable are usernames ” Essentially can identities established on multiple web sites be linked together based on the usernames to recreate an “identity” and what are the implications for privacy?  INRIA experiment looked at over 10 million usernames from popular services such as Google and eBay. In some of the tests, Google profiles that listed multiple accounts on different web services were used to establish “ground truth” about linked usernames. The first finding was that the usernames chosen by people on the various websites tend to be very unique, with a probability of duplication being approximately one in one billion. Thi

Why using the same user ID may give away more than you think - Friday Thoughts

Image
Roger Grimes posted a very insightful blog about reuse of user ID and passwords, with the usual sprinkling of fairy dust and FUD to create sales for security experts, however it co-insides with Microsoft publishing some data about the reuse of passwords on different web sites and a very good research paper from INRIA in France which asked “ How unique and traceable are usernames ” Essentially can identities established on multiple web sites be linked together based on the usernames to recreate an “identity” and what are the implications for privacy?  INRIA experiment looked at over 10 million usernames from popular services such as Google and eBay. In some of the tests, Google profiles that listed multiple accounts on different web services were used to establish “ground truth” about linked usernames. The first finding was that the usernames chosen by people on the various websites tend to be very unique, with a probability of duplication being approximately one in one billion. Thi

Why using the same user ID may give away more than you think - Friday Thoughts

Image
Roger Grimes posted a very insightful blog about reuse of user ID and passwords, with the usual sprinkling of fairy dust and FUD to create sales for security experts, however it co-insides with Microsoft publishing some data about the reuse of passwords on different web sites and a very good research paper from INRIA in France which asked “ How unique and traceable are usernames ” Essentially can identities established on multiple web sites be linked together based on the usernames to recreate an “identity” and what are the implications for privacy?  INRIA experiment looked at over 10 million usernames from popular services such as Google and eBay. In some of the tests, Google profiles that listed multiple accounts on different web services were used to establish “ground truth” about linked usernames. The first finding was that the usernames chosen by people on the various websites tend to be very unique, with a probability of duplication being approximately one in one billion. Thi

Reveal hidden passwords in all major browsers

Image
Andrew Worcester has joined the long list of those offering a small software plug-in that allows a user to reveal stored passwords in browsers.  Worth noting that in Firefox and IE you can password protect your saved passwords, however, this is not currently available in Chrome. Why write this post - so when the pop-up appears "saved user name and password" you know that it is not secure, unless you have made it secure, but then you have the very problem we all face - remembering passwords?  Surely we will grow out of them soon. Firefox To access the list of saved passwords, click the Tools menu and click Options. Open the Security tab. Click on the Saved Passwords button. The password are stored in a list divided in two columns (sites and username) click Show Passwords to see the corresponding passwords. Click OK. The passwords are displayed in clear text. I don't have IE, but I am sure it is in options....