GDPR and common sense

by @edent | # # # # | 3 comments | Read ~124 times.
Some giant question marks standing in a field.

Every so often, I get a glimpse into the thought processes of someone who has a very different view of the world to me. I don’t deal with people’s personal information often. So I was surprised to receive an email with a multi-megabyte spreadsheet called “Pay and Bonuses 2020”. The email contained this doozy of…

Continue reading →

It’s OK to lie to WiFi providers

by @edent | # # # | 6 comments | Read ~206 times.
Give social networks fake details, advises Whitehall web security official.

Another day, another data breach. The email addresses and travel details of about 10,000 people who used free wi-fi at UK railway stations have been exposed online. The database, found online by a security researcher, contained 146 million records, including personal contact details and dates of birth. It was not password protected. BBC News There’s…

Continue reading →

Who is Facebook’s mysterious “Lan Tim 2”?

by @edent | # # # | 13 comments | Read ~145,437 times.
Facebook activity page saying they received data from "Lan Tim 2".

Facebook has an interesting feature. It will let you see which companies have associated your off-Facebook activity with your Facebook account. If you visit: https://www.facebook.com/off_facebook_activity/ you’ll see what companies are snitching on you to Facebook. #AirBnB shares your activity with #Facebook ?! Delete that @Airbnb app, folks! Mine didn't even allow me to change its…

Continue reading →

Bluetooth MAC, K-Anonymity, and Population Privacy

by @edent | # # # | 3 comments | Read ~120 times.
List of Bluetooth devices.

I recently went to a university hackathon, where students were trying to invent novel ways to help prevent pandemics. This was purely an academic exercise – they were not developing a fully-fledged app, nor were they creating official policies. I spent some time with one group discussing the privacy implications of what they had built.…

Continue reading →

Bitly finally starts taking privacy seriously

by @edent | # # # | Read ~171 times.

I’ve been ranting about Bitly for years! The ubiquitous link shortener had an interesting “feature” – add a + to the end of the URl and you could see all the statistics for the link. How many clicks, referers, location of users. Here’s a blog post I wrote about it way back in 2011. I…

Continue reading →

Why does my remote control need to know my location?

by @edent | # # # # | 3 comments | Read ~10,220 times.
Allow Pioneer Remote App to access this device's location?

Here’s an interesting user-hostile pattern which could easily be avoided if programmers and business-people thought like regular humans. I have a Pioneer / Onkyo sound system. It’s pretty nice and comes with a (not too crappy) Android app to let me remote control it. One day, the app updated itself. The changelog was the usual…

Continue reading →

Harvesting phone numbers and email addresses from GitHub

by @edent | # # # | 2 comments | Read ~206 times.
A user's email signature - the phone number has been blurred out.

Code-sharing site GitHub automatically sends email notifications to users. If you’ve commented on an issue, you’ll get an email each time there’s an update. That’s pretty handy. It also allows users to reply by email. The reply is then automatically posted in the issue thread. Also handy. But a little dangerous. Lots of people have…

Continue reading →

Responsible Disclosure – Citizens Advice Bureaux

by @edent | # # # # # | Read ~247 times.

A quick report into a nasty privacy vulnerability I found with the CAB. Unusually for me, this has no Internet component. Regular readers will know about my recent court visit. As part of that, I had to telephone the CAB Volunteers at the court who look after witnesses. I called, and was put on hold,…

Continue reading →

Personalisation is Asymmetric Psychological Warfare

by @edent | # # # | 6 comments | Read ~10,695 times.

Another privacy nightmare. An airline wants its cabin crew to know your birthday and favourite drinks order, to better personalise its service to you. My first instinct is to recoil in horror. It sounds like every dystopian sci-fi epic. But why do I feel this way? Partly it is the lack of genuine personality behind…

Continue reading →

Privacy, Security, & Ethics – Computer Science’s “Jüdische Physik”

by @edent | # # # # # | 1 comment | Read ~266 times.
A fist emerges from a computer screen and punches the user.

I’m going to tell you an anecdote which is a gross oversimplification of a complex topic. In the early half of the twentieth century, certain physicists made breakthroughs in relativity, quantum mechanics, and nuclear energy. Many of these scientists were Jewish. The Nazis called these heretical ideas “Jewish Science” and suppressed their teaching. Jewish physicists…

Continue reading →