Category Archives: Data Privacy

Login Managers and Web Trackers

The site Freedom to Tinker, which is hosted by Princeton’s Center for Information Technology Policy, has started publishing an ongoing series called “No Boundries” around the topic of how third-party scripts on sites can exploit browsers to collect/extract user data in growing ways. 

Their second installment focuses on how the well-known vulnerabilities of browser login managers can provide trackers with user information – not for the purposes of stealing passwords which has been looked at many times, but for the purposes of web tracking which can then be monetized to other companies. Continue reading

Tech Predictions for 2018

2017 has been a busy year for Technology. Dominating the news cycle since January have been ongoing stories and discussions about hacking (from elections to ad networks), cryptocurrencies, smart speakers, self-driving cars, and of course net neutrality. Here are some predictions of what the top Technology stories in 2018 might turn out to be… Continue reading

So Long, Social Security Numbers

In an age where the next major data security breach seems to be lurking just around the corner, or perhaps has already happened and we just don’t know about it yet, it’s refreshing to hear talk of sunsetting the archaic social security number as a universal identifier for US citizens. While it should come as no surprise, with cybersecurity at the forefront of international headlines, and regular password-update requirements all but ubiquitous with online accounts, the onus has been largely on the individual to vigilantly guard their own digital information. At the heart of this information lies a single, 9 digit identifier meant to last a lifetime – big red flag. Continue reading

Fake WordPress API Malware Alert

WorePress logoAlthough WannaCry, the massive worldwide ransomeware attack, is the biggest story these days when it comes to cyber crime, it’s definitely not the only issue causing problems for sites right now.

Last week, website security leader Sucuri identified code that appears to be WordPress API related, but is actually sending active cookie data to attackers. This is most problematic when the active user is a site admin because it gives someone the opportunity to create a new admin user which can be then used to do considerable damage to a site and/or gain access to user data.

Continue reading

Data Wars in Ad Tech

In today’s digital economy, data is one of the most valuable assets of any organization. For online advertising, quality data is a requirement for ensuring that the right ad is seen by the right audience at the right time. In the ongoing battle for acquiring this data, several ad tech companies announced last week a new technology consortium to enable the sharing of a common, omni-channel, people-based identifier, between publishers and advertisers who are members.

Continue reading

Oath: Verizon’s latest promise

Last week, Verizon confirmed that AOL & Yahoo would be merged under a new umbrella brand called Oath. The general expectation is that combining the two will help Verizon scale its ad tech opportunity by better connecting advertisers with content across these platforms – which themselves already include many disparate sub-brands acquired through past acquisitions and mergers.

Continue reading

Goodbye, Internet Privacy Rules

Mr. FlakeIt’s no surprise that we’re very interested in how our current administration is impacting topics like Net Neutrality and Internet Privacy. When Ajit Pai was appointed to be FCC chairman a couple months ago, we encouraged everyone to stay informed and keep an eye out for new issues. Well, this week the House voted to undo rules which prevented Internet Service Providers (ISPs) from selling user data to the highest bidder, just the latest roll back of protections that had been put in place by former President Obama. Although President Trump has not yet signed the roll back into effect, the White House has suggested that he will and the implications for Internet privacy concerns are pretty significant. (Update – As expected, President Trump did sign the bill in question on April 3rd, 2017, to repeal online privacy protections established under the previous administration.)

Continue reading

The Return of Lavabit

Lavabit logoThis past Friday, when most of the world was watching (or actively not-watching) the events in Washington, D.C., the formerly shuttered, Snowden-affiliated webmail service Lavabit announced it was re-launching with a new generation of email privacy and security.

If you’re unfamiliar with the history, here’s the gist: Lavabit formed in 2004, in part because of privacy concerns around email. They launched as an email service with significant protection and encryption capabilities and served a relatively small group of folk for almost a decade.

Continue reading