Full Disclosure - This Bluetooth tag is leaking your personal data


tintag unencrypted communications

If you have a TingTag, your location is being broadcast without encryption! Earlier this year I purchased and reviewed the TinTag. I've spent the last month trying to get hold of the company to report a serious privacy problem with their Android app. I've not received an adequate response, so I'm publishing this post to […] Read More

Another Google Privacy Flaw - Calendar Unexpectedly Leaks Private Information (Disclosed)


My wife likes to set reminders for herself in Google Calendar. Recently, she added a note to her personal Google Calendar reading "Email [email protected] to discuss pay rise" and set the date for a few months from now. She'd had a discussion with her boss, Alice, and they'd agreed to talk about salary later in […] Read More

The Perils of URL Shortners


I'm not a big fan of URL shortners - bit.ly, t.co, goo.gl, ow.ly, etc - I understand the need for them, but they seem to offer a fairly poor service in terms of privacy and usefulness. Take this recent example from Vodafone. Aside from the obvious downsides (user doesn't know where the link will take […] Read More

Path - Privacy & Security Problems


I'm trying out the new Android app for Path - the new social networking service. I've discovered something rather troubling... Most of the app's communication with the Path servers is over SSL. This means that no-one can see the data you're sending and receiving. If there are snoops on your network, they will only be […] Read More

A (Minor) Twitter Privacy Bug?


The Twitter Logo

Quick Summary Twitter's secure API hides the contents of the tweets you are reading. But it doesn't hide the images of those you converse with. Raised as Issue 2175. A Bit More Detail Twitter has a secure (HTTPS) and insecure (HTTP) API. When calling the secure API, all the content of the returned message (tweets) […] Read More

Vodafone Exposes Users' Email Addresses


(Disclaimer - I used to work for Vodafone. I don't any more.) A rather nasty flaw with Vodafone's "My Account" service was recently pointed out by Denny de la Haye. Vodafone will quite happily tell you the email address of any customer who has set up the "My Account" facility. Ugh. @VodafoneUK's website exposes my […] Read More