Why does my remote control need to know my location?

by @edent | # # # # | 3 comments | Read ~9,939 times.
Allow Pioneer Remote App to access this device's location?

Here's an interesting user-hostile pattern which could easily be avoided if programmers and business-people thought like regular humans. I have a Pioneer / Onkyo sound system. It's pretty nice and comes with a (not too crappy) Android app to let me remote control it. One day, the app updated itself. The changelog was the usual… Continue reading →

Harvesting phone numbers and email addresses from GitHub

by @edent | # # # | 2 comments | Read ~129 times.
A user's email signature - the phone number has been blurred out.

Code-sharing site GitHub automatically sends email notifications to users. If you've commented on an issue, you'll get an email each time there's an update. That's pretty handy. It also allows users to reply by email. The reply is then automatically posted in the issue thread. Also handy. But a little dangerous. Lots of people have… Continue reading →

Responsible Disclosure - Citizens Advice Bureaux

by @edent | # # # # # | Read ~213 times.

A quick report into a nasty privacy vulnerability I found with the CAB. Unusually for me, this has no Internet component. Regular readers will know about my recent court visit. As part of that, I had to telephone the CAB Volunteers at the court who look after witnesses. I called, and was put on hold,… Continue reading →

Personalisation is Asymmetric Psychological Warfare

by @edent | # # # | 6 comments | Read ~10,610 times.

Another privacy nightmare. An airline wants its cabin crew to know your birthday and favourite drinks order, to better personalise its service to you. My first instinct is to recoil in horror. It sounds like every dystopian sci-fi epic. But why do I feel this way? Partly it is the lack of genuine personality behind… Continue reading →

Privacy, Security, & Ethics - Computer Science's "Jüdische Physik"

by @edent | # # # # # | 1 comment | Read ~242 times.
A fist emerges from a computer screen and punches the user.

I'm going to tell you an anecdote which is a gross oversimplification of a complex topic. In the early half of the twentieth century, certain physicists made breakthroughs in relativity, quantum mechanics, and nuclear energy. Many of these scientists were Jewish. The Nazis called these heretical ideas "Jewish Science" and suppressed their teaching. Jewish physicists… Continue reading →

MailChimp leaks your email address

by @edent | # # # # | 6 comments | Read ~4,201 times.
Change email address page with obscured email address

An annoying privacy violation from leading email newsletter company MailChimp. Responsibly disclosed on 2017-12-04. When you click a link on a webpage or an email, your browser opens up that link and sends the newly visited webpage a Referer Header. (The misspelling is a historical artefact.) This says "Hello new site, I was referred here… Continue reading →

Full Disclosure - This Bluetooth tag is leaking your personal data

by @edent | # # # # # | 3 comments | Read ~547 times.

If you have a TingTag, your location is being broadcast without encryption! Earlier this year I purchased and reviewed the TinTag. I've spent the last month trying to get hold of the company to report a serious privacy problem with their Android app. I've not received an adequate response, so I'm publishing this post to… Continue reading →

Another Google Privacy Flaw - Calendar Unexpectedly Leaks Private Information (Disclosed)

by @edent | # # # # | 8 comments | Read ~32,077 times.

My wife likes to set reminders for herself in Google Calendar. Recently, she added a note to her personal Google Calendar reading "Email [email protected] to discuss pay rise" and set the date for a few months from now. She'd had a discussion with her boss, Alice, and they'd agreed to talk about salary later in… Continue reading →

The Perils of URL Shortners

by @edent | # # # # # # | 1 comment | Read ~222 times.

I'm not a big fan of URL shortners - bit.ly, t.co, goo.gl, ow.ly, etc - I understand the need for them, but they seem to offer a fairly poor service in terms of privacy and usefulness. Take this recent example from Vodafone. Aside from the obvious downsides (user doesn't know where the link will take… Continue reading →

Path - Privacy & Security Problems

by @edent | # # # # # # # | 2 comments | Read ~268 times.

I'm trying out the new Android app for Path - the new social networking service. I've discovered something rather troubling... Most of the app's communication with the Path servers is over SSL. This means that no-one can see the data you're sending and receiving. If there are snoops on your network, they will only be… Continue reading →