We don’t need no steenkin’ permission

On my planet, we call this accessing a computer in ways that exceed one’s authorization. A few hundred thousand counts of that particular violation would send a hacker to jail for the rest of the Long Now. But it would be terribly wrong to interfere with commerce.

Congress accuses American Phorm of ‘beating consumers’ | The Register

According to Dykes, NebuAd uses a one-way hash to anonymize each user’s IP address, and all that search and surfing data is merely used to place users in certain advertising categories. One category might include web surfers looking for luxury cars, Dykes once told us, and another might pool people researching French vacations.

But NebuAd is still tracking all your search and browsing activity. And it looks like this data is shuttled to its servers even if you opt-out.

Plus, the opt-out is cookie-based. And that “robust notice” bit is just talk.

Yep, let us keep a cookie on your machine indefinitely to tell us not to process the information we collect about you. But another thing just occurred to me: this one-way hash that supposedly anonymizes IP addresses. There are 4 billion total IP addresses in the world. Any given ISP has only a tiny fraction of those, maybe a few million. So anyone with access to the “one-way” hash function could store a table of all the hashes (and corresponding IP addresses) for a single ISP in a tiny corner of one PC’s RAM. They could store the hash-to-IP mapping for the whole damn world on a single thumb drive.

Logged in or out, Facebook is watching you: News – Security – ZDNet Australia

In the first instance, he saved a recipe while still logged in to Facebook.

“An alert appeared allowing me to opt-out of Facebook’s publishing this as a story on my feed, which I did,” he said.

He then saved a recipe on Epicurious.com with the Facebook window closed, but while he was still logged in to Facebook. Again he was alerted, and this time chose “No, thanks” — and therefore opting out of the service.

He then saved a third recipe while he was completely logged out of the Facebook site under a new browser session, and received no alert.

Berteau then consulted CA’s network traffic logs, and found that in all three cases, data (such as his Facebook account name and details of his actions on the affiliate site) had been submitted to Facebook.



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: