Tag: data

NHS must wake up to preventable data loss

Earlier this week it was revealed that the NHS lost 800 patient records on an unencrypted memory stick. This was just the latest in a series of data blunders that the NHS is known for. Critics say losing last set of records was wholly preventable, and excuses about resources or education do not carry much weight.

Kingstong Technology sells secure options to large organisations which by their nature handle sensitive data. Including USB sticks – which it actively dares hackers to crack. With this in mind, TechEye had a chat with Bernd Dombrowsky, Inside Sales Director for the EMEA region.

“You will find within the NHS and local councils and other public entities, as well asp rivate corporate environments, you will find really serious efforts to make sure that data is secure on USB stick,” Dombrowsky says. “Many NHS trusts have bought password protected USB sticks by the hundres and thousands.”

What, then, is the problem? Dombrowsky isn’t sure, either. “I cannot speak for the NHS in general,” he says. But it certainly is puzzling when “they spend money on, admittedly, a significantly more expensive USB storage device and buy that by the 100,000’s, then allow someone to go to Sainsburys and buy a USB that also works in their environment. It’s very likely not a budget and money issue.”

According to Dombrowsky, it’s probably an oversight. Or maybe, a “really, really poor compromise with users, who are saying – but I want to have the data where I have my family photos or whatever else.”

Then, if you let people bring in their own, private devices into the corporate environment, there’s automatically a gaping hole for it to fall out of sooner or later. “You download the data, and this wide open door is open in both directions,” Dombrowsky says. “We’re mainly concerned today about the data loss issue, that if you allow non-approved devices and non-managed devices to be plugged in and connected to the organisation’s network, it’s an open invitation for malware and viruses to be brought into the organisation.”

At least part of the answer is endpoint management, so you can see what ports or open, where and why. It’s a necessary partner to encrypted devices. What, exactly, is the point of buying the secure hardware if the IT system in place renders it moot? Dombrowsky believes without a proper network – especially for an institution that carries as much sensitive information as the NHS – simply checking the secure kit off a civil-service drafted shopping list won’t do.

“This trust, another one that just allows people to use drives that are non-secure, which then can be read if they get dropped in a car park or a pub,” Dombrowsky tells us. “Though they have taken steps, and spent money to buy secure drives, that is not good enough. You need to do both things. You need to buy secure drives and put the software in place.”

Not only that, but to Dombrowsky there are some other questions that need looking at. And it goes beyond someone dropping a USB stick and someone else picking it up – “what the heck are you doing carrying around my personal data?” and “why are you taking this out at all?”

“I can relate to the need to have data portable within the organisation, maybe between different buildings, but you need to address this in the staff training up front,” he says to TechEye. “Would you have any justifiable reason to carry hundreds or thousands of patient data sets home? I don’t think so.”

The NHS trust this time, for Surrey and Sussex, claims it does train staff and it takes patient information extremely seriously. When the story broke, a representative from privacy advocates Big Brother Watch claimed the training is “clearly inadequate”. There’s another way to look at it, according to Kingston’s Dombrowsky, and that lies in the relatively recent nature of working with USB in a professional capacity – for the average member of public.

“Kingston started selling USB sticks in 2004,” he tells us. “You go back only a decade – anyone who becomes a consultant today started their medical training when there were no USB sticks around. So where in their medical training have they heard about where the danger with the technology begins?

“The benefits are obvious to you. It’s intuitively obvious. But I think you need to make an extra effort as an organisation to trade on the risks and the risk management.

“I was amazed just how many stories there are from just the last two or three months about these organisations having their data loss issues”.

Analyst wades into Oracle's Ellison

Oracle supremo Larry Ellison’s keynote has been given nil points by the analyst outfit Ovum for being too dull, too technical and missing the opportunity to say something interesting about his database company.

To be fair, we are talking about a database company rather than anything interesting, but Ovum seems to really have got the hump about Ellison’s keynote at Oracle World.

Ovum chief analyst Carter Lusher, who was in the audience for Oracle World, was apparently bored out of his mind as Ellison showed off a confusing number of diagrams and specs of Oracle’s Exadata and Exalogic appliances.

Over the last decade, CEO Larry Ellison has built Oracle from a large database company into what Ovum calls a mega-vendor, an IT vendor that can provide almost everything that enterprise and public sector IT organisations need, from hardware and enterprise applications, to infrastructure software and hardware, to services.

However, Lusher said that during the Oracle Open World Keynote Ellison missed the opportunity to deliver that vision beefed up with exciting customer stories, his world famous Belly Savalas party trick , some HP light bulb changing one-liners and perhaps a couple of knob gags.

“Rather, the crowd in attendance was subjected to mind numbing technical specifications about Oracle’s Exadata and Exalogic appliances. This recitation of specs was a missed opportunity,” Lusher moaned.

We suspected this would be the case, despite the fact that he has been at the centre of some interesting news and court cases lately, Ellison still runs a storage company and that is only marginally more exciting than attending a SAP annual meeting.  

Still, it is said that you become like your worst enemy – so maybe Ellison has started to become Leo Apotheker

 

Live in Europe? Force Facebook to give you back your data

Facebook isn’t known for respecting the privacy or rights of its users, this is nothing new, but it looks like Zuckerberg may have to anticipate a kick in the teeth.

That would be courtesy of European Data Protection, forcing Facebook to become a little more transparent over how much it holds on individuals.

Many people probably think that Facebook is immune from having to abide by the EU data laws. After all, isn’t it a company based in California – and therefore outside the scope of the EU?

At the very top of Facebook’s Terms: “Company Information: The website under www.facebook.com and the services on these pages are being offered to you by: 

Facebook Ireland Limited

Hanover Reach,

5-7 Hanover Quay,

Dublin 2

Ireland”

And from Section 18 of the Terms: “If you are a resident of or have your principal place of business in the US or Canada, this Statement is an agreement between you and Facebook, Inc. Otherwise, this Statement is an agreement between you and Facebook Ireland Limited. References to “us,” “we,” and “our” mean either Facebook, Inc. or Facebook Ireland Limited, as appropriate.”

According to this, take ‘Facebook’ as meaning ‘Facebook Ireland Limited’. If you’re outside of the US and Canada, you’re signed up with the company in Ireland instead of the US. Facebook has kindly made the language nice and clear so that you can be in no doubt about who you’re dealing with and where in the world.

Setting up shop in Ireland means that Facebook is an entity within the EU and, contrary to popular belief, it doesn’t have the option of picking and choosing which laws to abide by, European or US, or what rights it should grant the consumer.

Data protection in Ireland does some of that for it. Being based in Dublin means that Facebook is just as accountable as any other company there would be when it comes handling your information, even if your data is handed over to and used in the US. 

Just because it started in California it certainly doesn’t mean Zuckerberg’s immune from the laws in Europe. 

So what does this mean for you? Section 4 of the Data Protection Act is a notable point to emerge from its move across the pond. It states that you have a right to access all of the data a company is holding on you. Irish regulations allow the company to charge a maximum fee of €6.35 and the request must be filled by them within 40 days in order to comply with the act. 

Ever wanted to know exactly what Facebook has on you? Here’s the link to the data request form hidden within the depths of the help centre. 

You will have to scan and upload a copy of your ID to prove you are who you say you are and it probably wouldn’t hurt to throw in a quote from the relevant Data Protection Act (section 4 of the DPA or Article 12 of EU Directive 95/46/EG) to get things moving along.

According to website ‘Europe vs Facebook’ expect to have to send a few requests, maybe a couple of emails and perhaps even throw a little complaint towards the data commissioner before it gets around to complying.

The information will be sent to you on a CD as a PDF. Normally over 1,000 pages long and containing information you probably believed you had long since deleted, and perhaps even forgot about completely, the data you are requesting by filling out the form really is everything, or at least should be everything. All information attached to photographs, all phone numbers including from where you’ve synced your phone and  tags. 

Even private messages, allegedly including those which have been deleted and potentially contain some very private information, likes, status updates, notifications, all of it. 

If you request it, they have to send it.

TweakTown top picks

Hello TechEye viewers, this is TweakTown’s Content Editor reporting back with another weekly update of all the highlights over at TweakTown recently. This past week has seen another good dose of activity that covers multiple market segments.

The week started off with a look at one of Dell’s latest entries into its UltraSharp family of LCDs. Despite the model name being indicative as a replacement to the popular U2410, the new U2412M is a lower priced offering with its E-IPS (Economy) versus the more expensive S-IPS used in the former. It still proves to be a fantastic quality monitor, though, and could be a great alternative to help make Eyefinity (3+ screens) a possibility without breaking the bank.

If you frequently carry around a fair amount of precious data with you, but find yourself often getting paranoid with your choice of portable storage against the elements and want the ultimate peace of mind, we looked at one of the best options on the market this week from ruggedized specialists, ioSafe in the Rugged Portable. The primary purpose of the ioSafe Rugged Portable is to keep your data safe and secure no matter where you are. At CES we shot one with a shotgun, threw it on the concrete floor as hard as we could and the unit kept on running perfectly.

Do you find yourself using your notebook around the house more than your desktop? Or perhaps it’s even your desktop replacement of choice; you would be one of a very large group of users that do if so. I think you would also have found that heat buildup from most laptops that have been on for prolonged periods of time can get a little discomforting after a while, especially when simply resting on your lap.

We separately looked at two NotePal series solutions from Cooler Master this week to help combat that; the multi-tilt capable NotePal U Stand and the more nimble NotePal X-Slim, both of which faired quite well in our tests when it comes to helping keep those temps at bay.

Thinking of building a nice compact mini-ITX based rig? Motherboard manufacturers are really nailing it these days with multiple options on the market that pack a wealth of features and power, also using some of the latest desktop chipsets on the market. We looked at one such model from ASRock this week, the A75M-ITX which uses an ideal chipset for mITX, the new Fusion based A75. It could be that perfect candidate for your next HTPC or workhorse build.

Aside from the motherboard above, another of the primary decisions to make when planning your mITX build is of course the case you’re going to house it in. Lian Li graced us this week with one such unit in its Mini-Q series, the PC-Q25; a clean looking small form factor chassis which thanks to its compact box like stature and conservative, quiet design cues, should do rather well to blend into most any environment.

This week we also took a closer, more detailed look at Intel’s new Smart Response Technology found on their latest consumer level chipset, Z68. If you aren’t too sure what that’s all about, the basic idea is that you can use a smaller SSD drive, say 20GB, and combine that with a larger traditional mechanical drive whereby the SSD would act as a super fast cache, thus increasing the overall storage performance without having to invest in a high speed, high capacity SSD.

With GIGABYTE’s new 20GB mSATA SLC SSD equipped Z68XP-UD3-iSSD motherboard in hand, we covered the board in two separate articles this week – this first one looking at how effective Intel’s SRT is and another that gives a more detailed look at the overall board itself.

And that wraps up the major happenings from our neck of the woods over this past week. Until next, adios folks!

Dell commits to VMWare cloud service

The latest in boxmaker Dell’s portfolio is a data storage platform which will use VMWare

Basically it will be storage rental, but unlike your secret locker at the Docks, Dell’s service will be cloud-based.

We can expect, says Dell, the expected. Michael Dell’s lot promises that business buyers will be able to have their share of space based on a secure data centre. VMWare will be pleased with the win.

MarketWatch points out that the move lands Dell against other bigwigs in the sector, like IBM and Amazon, plus plenty of other smaller players. Of course, with Dell’s push towards the cloud – the coffers are stuffed with cash for marketing and service development – it will hope customers plump for it instead. 

The idea is to slowly help businesses move away from the traditional data centre and get connected, which is a bit like everyone else’s idea too. 

Dell plans to roll the service out as soon as by the end of this year for US customers, while everyone else will  be disappointed that the thrilling product will be on hold until  2012.

Financials for Dell this year were OK, but demonstrated a move away from hardware and into services.

How to stop Facebook and Google trampling on your privacy rights

Companies like Facebook and Google keep infringing on our rights to privacy. Their secretive and menacing privacy policies are ever reaching into our data, handing over the details of your life to third parties when our contacts agree, giving us little choice over who has our information.

We also have the government in the UK talking about shutting down social media in times of unrest and increasing monitoring of social networks, while the US has recently been trying to push through HR 1981, a far reaching data retention bill. Many other countries in Europe already do this, Denmark and Norway to name two, having adopted the EU data retention directive. Denmark goes further, imposing more monitoring than the directive requires.

We are also tracked online pretty much everywhere. Looked at something on Amazon recently?

Somewhere, sat on a data bank, there is a record of your purchases, planned purchases, and things you’ve looked at. Does your Amazon account send your confirmations and delivery reports about purchases to Gmail? Now Google know what you’ve bought, too. Then there’s e-tags and similar technology, which even if you delete cookies, they just reproduce them. Your IP is logged by law under the data retention act (UK).

Depending on the country, all of your activities may also be logged. Many countries have such strict censorship or such oppression of rights that you cannot be yourself online without facing privacy intrusions. Be sure to check the data retention that your country has in place to see how extreme the monitoring of your activities is. This may give you reason to follow these steps, if the rest isn’t enough to persuade you.

It’s time to fight back.

There are a lot of things you can do to protect yourself online, so here are a couple of basics.

Yes, it will take effort, maybe a little money, and a lot of reading up, but if you want to keep your privacy it’s worthwhile. It’s also a big ‘up yours’ to governments, Google and others who make a mockery of security around your data, and in some cases, profit from it.

This will not necessarily make you completely anonymous, these are just some basic steps, but it does prevent a lot of your footsteps being traced back to you, giving you some semblance of privacy on the internet.

These suggestions aren’t to be taken lightly, and please remember that abusing these things for ill gives the opportunity for governments to impose restrictions on them. Use them responsibly or don’t bother. Handle your own data. Yes, this one is really obvious, but many people seem to forget that using services online usually has a stipulation of ‘hey we can see what you’re doing!’.

Do you use a Gmail account when you sign up to services? What email address do you use for Facebook? For Amazon? For anything? Do you use webmail a lot? Stop. Get yourself a domain.

It’s cheap and most providers have a nice management system in place so that you can handle your email addresses and so on. Make yourself an email address, set it up in Evolution or whatever email software it is you use. Check that the privacy policy of the webmail service your domain provider has and see if the data stored there is used for anything, instead of just sitting there.

Hosting providers are less likely to be using it for marketing purposes than popular webmail providers like Google, keep in mind that you’re paying them to handle it. If you’re concerned about whether privacy will be available, or you can’t find anything about it, email the domain provider before you sign up and ask what your options are with regards to email privacy. Also ask whether you can permanently delete your content. Again, read their privacy policy. I cannot state enough how important reading the privacy policies of services is when it comes to controlling your data.

Be sure to opt out of showing your personal information in the website’s whois.

Start pretending to be from another country.

That doesn’t mean donning a kimono or wearing a string of garlic, it means getting a VPN. A virtual private network is a tunnelling service. You effectively, using lay terms here, connect to another computer somewhere else in the world and use that IP instead of your own. This makes it much harder for people to log your traffic online. There are plenty of public VPNs available if you believe your security may be at risk due to your habits online.

This is not a suggestion of ‘you can go and do illegal stuff because no one knows it’s you!’, people misusing it in this way risk the legality of the services for those who may actually need them for a number of reasons, or those who want to protect themselves from the prying eyes of companies and governments for their own peace of mind.

There are a lot of people around the world who may be at risk if they were found to be speaking out online, for example. So if you want anonymity to be a little shit, congratulations on making it harder for us who have legitimate reasons.

Private VPNs are available pretty cheap. They do keep information from when you sign up, and some will log your traffic online. Check the privacy policy before you sign up for any private VPN service to see exactly how much privacy you have when using their service. Some will state categorically that they do not log information, but they will still have your details from when you sign up for an account. Others may log absolutely everything you do, and then sell the data to a third party. They do not accept illegal use of their services, and rightly so, and they will hand over your information if you are found to be using it for ill.

Public VPNs are much more private, the whole point of them being anonymity. For most, there is no logging, there is no sign up and so they don’t have any contact details on you. There are many ‘proxy’ sites you can use too. You go to the site, you type in the address of the website you would like to surf anonymously, and voilà! There you go. Again, be sure to check any privacy policy attached to these sites. If you do not find one, do not use it.

Tor is a service which makes your web browsing anonymous. This has been a point of contention recently because of the activities of hacktivist groups who openly discuss the use of it. You download and install, make sure all your settings are right, and then you get surfing.

When you open it, it will tell you the IP address that you are surfing from, and it gives you the option of changing your address if you want to. It also features NoScript, another handy app.

Get NoScript here.  

This comes as standard with Tor, however you can still use it with Firefox without the use of Tor. It allows you control the scripts, cookies and other code websites try to load. You can blacklist certain things, whitelist certain things, and basically handle the amount of scripts that websites are allowed to load on your computer, hence ‘no script’.

From the website: “NoScript selectively, and non-intrusively, blocks all scripts, plug-ins, and other code on Web pages that could be used to attack your system during visits”.

Clear your browsing data.  

This one is probably obvious but you’d be amazed how many people leave their cookies, temp files, and everything else, just building up on their PC. This is not a clever thing to do.

Cookies and other seemingly harmless files are used to track what you do online. Companies leave a little unique ID in a cookie, which identifies that the person using the site is you. Every time you go to that site, if the cookie is there, they know. This is more data for them.

Regularly clear your browsing data. Not sure if it’s clear? Clear it again. Remove cookies, temp files, everything. Fine, you’ll be logged out of your favourite sites, but it’s a small price to pay and you can always just log back in each time.

Pseudonyms and aliases.  Google+ has introduced a ‘real names policy’. This means they want you to use your real name, and not a pseudonym on their services. The backlash from users has been immense.

The reason for the policy? Here’s what Google’sEric Schmidt had to say. “The only way to manage this is true transparency and no anonymity. In a world of asynchronous threats, it is too dangerous for there not to be some way to identify you. We need a name service for people. Governments will demand it.”

Apparently it’s dangerous for you to be anonymous.

Your government will demand that you have no anonymity on the internet and this implies that it justifies the naming policy! This is a dangerous idea, and it’s dangerous for Google to impose. Are you in China, using the internet to get a message out about human rights? Good luck with not getting arrested.

There’s a system in place to suspend the accounts of people whose names do not fit their policy.

This can still be your name, but if Google says it’s not? Well, there goes your account.

A way around this, if you don’t want to use your real identity for whatever reason (and many, many people have very legitimate reasons) is to use one that fits their policy. Common or bland looking names such as Jonathon Smithson are unlikely to raise any red flags. So instead of using a handle or nickname (hotgirl928143 will flag, stupid) use a made up name.

A first name, and a last name. Try not to make it too obscure, or too bland. Use your imagination a little. The same goes for on just about any other site. If you really want to be anonymous, do not use your name. Especially if it’s uncommon. Make up an identity and use that. Perhaps even make a few.

Don’t be sentimental about your online content.  

Much like ‘clear your browsing data’, this one is really obvious too. Many people are incredibly sentimental about the data they have put online. How much information is on your Facebook wall? Guess what! Facebook gets to keep that as long as it’s there.

A lot of users only keep it because it’s a time line, almost a diary, of the events that have happened over so many years. Records of interactions with your friends. It’s like your life written out online. Facebook plays on this, a lot. When you try and either deactivate or delete you account, you get a nice line of your friend’s tagged photos with the message ‘x will miss you!’. So stay, and minimise the amount of information that is stored on your wall and profile.

You can download your Facebook profile from the account settings. This allows you to download and keep everything that is on your wall if you’re a little sentimental. Every documentation of events, every photo, every status update, all in one handy .zip file. It might take a lot of time, but clearing the old posts from your wall will take a lot of data out of Facebook’s hands.

Every month or so, download a new backup from the account settings tab, and wipe out the old again. This counts for other ‘services’ too. Twitter and Google+ statuses. Old forum posts (if you can’t delete the post, you can always edit out the content). You don’t necessarily have to delete all of it, but have a think about how much of it identifies you, or things about you.

If you have a webmail account, store all of your old emails locally.

You can download them to Outlook or Evolution, and then export them to a file for backup, if your webmail does not offer the chance for you to do this. Then purge the emails stored online. Don’t use the same username everywhere. This one is more about hiding in search results and preventing your information from being easily searchable. Although do remember, data being linked across the web is not good for your privacy on the whole.

Does your gaming nickname cross over with places where you speak to your family, or real life friends? I’m sure you can see how separating them can make a lot of sense. What about support groups? If you are signed up to a forum for help with mental health, physical illness, or anything else, does that use the same name as, say, your Facebook account? Is your username the same everywhere? If you search for your username, does it link to a lot of different websites? This means that if someone wants to find out what you’ve been up to online, it’s only a quick Google search away.

This can include potential employers, current employers, co-workers or just about anyone else.

Are you in a country where your rights are under threat? Could some of your information leave you open to discrimination? Think about how your information can be linked up across the internet by the username you use, and how people accessing that information could harm you.

Switch it up a little and use different usernames for different websites, if you don’t, you could be very easy to find. If you have ever posted anything personal on a website, forum, anything… it means someone who’s run into you on another site can potentially find it. It means employers could find it. If armchair internet detectives can find it, you can bet government can definitely find it.

If you are using a very common nickname, then it’s going to be a little harder to join the dots, but still be cautious, and do not think you are hidden from view because of it.

Don’t use the same information everywhere.

If you are using just one email address and you use it to sign up to every service you use, that’s another way the accounts can be linked and you can be identified. Is your email address searchable on those accounts? Can you be looked up on Facebook with it? What about other places? Much like the username, there are a lot of potential dangers to this.

Get a domain or two, create a bunch of forwarders to your main account, or mailboxes if you have the patience, and use different email addresses in different places on the web. Depending on how much privacy you want to keep, it may be worth getting a few domains. If you keep using the same one, it may start becoming a little obvious.

Don’t be an ass.

Just to throw this in again, this information is intended to help people keep their privacy and control of their data in an age where exactly that is at risk. Do not use it to be an idiot.

People appreciate the ability to keep their lives private. The ability to be anonymous. Some may not have the same rights to privacy as we do here in the UK, and it makes advice like this valuable.

Anonymity online is not an excuse to do whatever you want. Acting like a moron is partially why there are attempts to banish it. Don’t ruin it for the rest of us. 

Ovum: Get secure, stupid

Security analysts have drawn up a shocking conclusion: security breaches happen because companies haven’t put enough security in place. Well, yes…

Ovum points the finger at lazy developers and tight budgets, citing Sony as an obvious example.

The hack which exposed all of its user’s data was because Sony’s priorities, says Ovum, were in making its services and websites look pretty rather than actually keeping sensitive information secure.

Ovum claims that in the past three years, 70 percent of the top 100 websites have at some point hosted malicious content or redirected to it. Analysts at Ovum suggest that rather than spending money on making websites enjoyable, developers should consider moulding their image on fortified compounds with a “hardened infrastructure”.

The report, simply called Web Security, is available now and also looks at things like social media security in business and securing mobile devices. We can save you some money on at least parts of the paper: Think about security, then do something about security.

Although it appears Ovum isn’t taking an innovative approach to security in its latest moneyspinner, it goes to show that there’s a demand for this kind of stuff and companies are starting to realise they shouldn’t stuff up the safety of their customers. 

Really, we can thank Anonymous and LulzSec for the helping hand they’ve given in waking the world up to the elephant in the room. We can also thank them for roughly three thousand times the normal volume of security press releases piggybacking on their work.  

The frightening truth about your data

Every day we’re hearing more stories coming in the media about how this company is doing this with your data, that company is doing that with your data. Firstly, let’s be clear. By saying ‘data’, what we mean is any and all personal information or content that you have generated or put online.

Your name, your age, photos of you and your friends, who your friends are and just about everything else. 

Some companies use your data for their own purposes which you have to allow if you want to use their product. Some of them are making it confusing or even difficult when you try and take it back off them. Facebook, which we reported on recently, try and get you to deactivate your account instead of delete it, archive your messages instead of delete them, and by doing so, continue to have royalty-free licence over content that’s related to your account. 

That’s your content they have licence to. The reason they make it so confusing and give you options like deactivation instead of just outright deletion is they lose licence over your intellectual property when you delete it. If the account is simply inactive rather than deleted, they continue to have that licence over it.  See section two of Facebook’s terms.

This also plays into Facebook’s reasons for taking 14 days for your account to be removed if you do find the delete button. Many people use single-sign-on or use Facebook to log into other sites. Absent mindedness can potentially leave your content in their clutches.

Of course, Facebook’s response is that it knows what it’s doing, and what it’s doing is good for you. When asked if Facebook deliberately makes leaving difficult – and if it is a reaction to the market – it sent us instructions on how to leave the service. The 14 day period is for your own good. Here’s what the press office has to say:

“We do save data for a short two week window, in case a person chooses to delete their profile by accident, or changes their mind having deleted their profile. This window also prevents the loss of potentially incriminating evidence – for example, if a person was harassing another person.”

Trust us.

As industry watchers know, companies are already tracking what you do online. Each time you go to one of the major web browsers (Google, Bing, and Yahoo! for example) a cookie is placed on your computer which can be used to help in tracking your search history. The claims are that it helps them to remember your search preferences, making your searching experience more personal and comfortable. 

From Microsoft’s privacy policy: We also use technologies, such as cookies and web beacons, to collect information about the pages you view, the links you click and other actions you take on our sites and services. Additionally, we receive certain standard information that your browser sends to every website you visit, such as your IP address, browser type and language, access times and referring Web site addresses

Quoted from EFF (Electronic Frontier Foundation): “Google, Yahoo, MSN, AOL and other search engines record your search queries and maintain massive databases that reach into the most intimate details of your life. When revealed to others, these details can be embarrassing and even cause great harm. Would you want strangers to know where you or your child work or go to school? How about everyone seeing searches that reference your medical history, financial information, sexual orientation, or religious affiliation?”

It’s not OK for your friends, family and certainly not for strangers to monitor these things, but corporations fall into the latter.

On top of this, analytics services are all over the place, offering solutions that help companies understand the traffic on their websites so they can adjust their marketing to fit your search behaviour.

Some companies have been caught using more extreme methods than just cookies. Kissmetrics were exposed for tracking users using dubious, hard to evade methods.

Using ETag technology, Flash, Silverlight and others means that even if you deleted your cookies, they could still gather information by recreating the cookies and continuing as usual.  They have come under heavy fire for using these methods and they, along with a number of their more high profile clients, are now being sued over user privacy

In addition to companies trying to keep your information and follow you around the web, governments worldwide are attempting to push through more and more legislation which allows them increased rights to view your data and activities, too.

The US has been trying to push through a bill which would force ISPs to keep logs of all of their users for 18 months. It’s titled “The Protecting Children from Internet Pornographers Act of 2011” or “H.R. 1981”. Aside from making ISPs keep your name, address and other details, it would make them track your movements online.  

It’s already made it through committee.

H.R. 1981 is supposedly meant to combat child pornography online, really what it’s doing is keeping a database of all American citizens and their online activity.  It will be shocking if it passes, given the backlash from not only privacy groups, but also government officials and the public at large.

Getting through committee and that in itself means there’s some people in government in the US who believe it’s actually a good idea. It means that similar legislation may have more support in future, perhaps not even under the guise of ‘Please, think of the children!’.

Does that sound incredibly far reaching to you? Try being Norwegian.

They have recently passed what is possibly the scariest EU directive yet, ‘The Data Retention Directive’, meaning ISPs are obligated to store traffic and localisation data from landlines, mobiles, internet, email and other devices and services.

The information is stored for up to six months and can be accessed by police with a court order. They are only allowed to use traffic data for crimes punishable by at least four years, and localisation data for crimes punishable by at least 5. These far reaching laws, monitoring users, are already there. It already exists.

New legislation is proposed all over world all the time. You read articles about new restrictions on where you’re allowed online, what you’re allowed to do, how you can and can’t conduct yourself. So what does this mean for the future of your choice when it comes to your surfing?

BT was recently told by the High Court in Britain that they had to block access to the popular file-sharing website Newzbin2 under the 1988 Copyright, Design and Patents Act (CDPA). It was quickly overturned amid censorship fears. But again, much like HR 1981, whether it’s in effect or not is not the whole concern.

A judge deemed it acceptable and the MPA and BPI stroked their beards, considering who to go for next. The fact it passed in the first place makes future censorship certain. Opinion will slowly be twisted and rights will be eroded as a result. 

The trouble with blocking this content is what’s stopping all file sharing websites – which are often used by people who are sharing legally, too – being blocked in the UK? If one ISP is being told it has to block content, how long before the others are told to bow down and follow suit? 

What about other groups becoming angered by the content of a site, and insisting that be blocked too?  It’s removing the rights of the user to decide what they want to see for themselves. The state is doing it for them.

Obscenity laws have deemed some online content illegal where it previously wasn’t. Some time ago, the ISP BT blocked access to images on 4chan for this reason. Some content being displayed there was deemed obscene or illegal. It’s an open forum where anyone can post anything, so the content being there was the responsibility of an individual, yet BT began denying access to the majority for the actions of a few. 

Changing the colours of the 2012 logo can potentially turn it into child pornography in Australia due to the shapes resembling child Simpsons characters. So what’s stopping every website that displays any kind of morally, ethically and legally questionable material being blocked in future – not much.

Or for open forums facing censorship because ‘someone might post something we don’t like’. It sounds like a ridiculous extreme, but if we allow the new trend of restrictions to continue, we are leaving ourselves vulnerable to such extremes being imposed. 

It’s just a case of whether those in power feel like employing them, and how much we’re willing to fight to stop them.

Companies are not only collecting and storing more of our data, but recent online protests by hacktivist groups LulzSec and Anonymous, among others, are continuing to expose the fact that data is not being protected to the standard that we should demand.

The lax database security means fairly simple methods to those with a bit of knowledge are allowing groups to steal our details, passwords, emails and so on, and post them online. 

Although the methods are morally grey, it surely must force companies and government agencies to become accountable and responsible when handling our information. 

You’ve got to think about the companies and agencies who haven’t been attacked. How are they handling it? It’s hard to imagine much has really changed for the majority, and it can only lead us to question exactly how secure we should feel. Can you really say that your name, address, phone number and other details won’t appear on pastebin one day?

Even the NHS ‘security has been found by LulzSec to have security vulnerabilities. Although the vulnerabilities were not exploited, think of the amount of highly sensitive data the NHS holds on you.

The NHS is doing a good job in leaking that information, it doesn’t need a helping hand

Though LulzSec may only be ‘doing it for the lulz’, there is an important underlying message of a need for accountability, freedom and security.

In 10 years time it’s hard to see that the ever extreme legislation and ever controlling companies won’t slowly sway public opinion. It’s a constantly changing compromise. “We’ll impose this, it means we can watch you everywhere on the internet and have rights to see everything about you, and we’ll have joint ownership of all of your intellectual property!”. 

The response from people who know is utter disgust. People want their basic right to have control over their own information. 

Unfortunately it usually leads to us compromising our privacy regardless. 

The compromise generally has no teeth, and it reads something like: “Well you didn’t like that idea so we’ve toned it down a bit and it’s not as invasive, sorry about that! We’ll track you in these areas, block you from accessing this, we’ll only keep some of your personal information and we’ll only have rights over your information while you’re an account holder”. 

Even though there’s still privacy groups pulling their hair out, the masses don’t gather to protest and the terms are accepted. The people still decrying the policy are then likened to conspiracy theorists and their concerns are met with rolling eyes, tuts, and being offered a tinfoil hat.

More of us are living out our lives online.

Facebook’s facial recognition for photo tagging is a prime example, it makes things simpler for us, but it also means they now hold the world’s largest facial recognition database. Most people weren’t even aware of the ramifications of keeping the default feature on. Many people still aren’t.

In 10 years time, medical records, legal documents, and so on, you can be assured that it will be stored online. We’re going to have to start using much more secure forms of authentication in order to access it. The use of retinal scans, facial recognition and fingerprint identification are all on the increase.

Obviously this means that a database of such details will be necessary for it to work. Will they be well protected, or will there be releases from hacktivist groups consisting of 70,000 fingerprints, retinal scans, and who knows what else.

Perhaps the ongoing data war will make us face up to a need for improvement, but you can be certain that the value of data will increase as a result. If there is value in it, someone will want it. Serious hacking is already on the black market.

As for our online habits, we can be quite sure that whatever we’re doing is going to be watched.

This could be at the hands of private companies making money from it, buying and selling it for marketing or other purposes, governments holding it in case you’re suspected of doing something illegal, or perhaps both. There is little chance of us having any form of anonymity without the use of VPN and pseudonyms.

We already have people creating false identities to keep their online lives privacy today – some would argue it’s already a necessity if you want your business to be your own now, and in the future.

We are all playthings in a data war, whether we want to be or not. Unlike Facebook’s facial recognition we can’t opt out.

Privacy advocates have already told us, off the record, that we must ‘be prepared to fight for your digital liberty’. And if we don’t? Who knows. 1984 indeed.

China's ZTE opens infrastructure testing in London

Chinese ZTE is one of the most fascinating companies doing the rounds right now, and it is moving in next to major internet hubs for the United Kingdom, the telehouses hosted in London’s Docklands. 

Its innovation centre has opened, which is a network and development project – the first of 10 it plans to open around the world. It will sit next to a QiComm data centre. The plan is for ZTE to test its infrastructure live for both wired and wireless networks. It will be housed in Greenwich View, just down the road from the heart of the UK’s financial sector. 

MD of ZTE UK, Jim Jing Hui, said in a statement: “ZTE is now a force to be reckoned with in the UK telecoms infrastructure market.” Indeed, it wants its paws in every other pie too, from consumer electronics all the way back up to infrastructure. And it’s succeeding. 

Although ZTE claims it will be helping the UK boost its infrastructure, there may be other concerns.

Rival Huawei was recently turned down for offering wireless networks on the London Underground in time for the Olympic Games. Security reasons weren’t made public, but industry watchers noted that a company entrenched with the Bank of China and the Chinese military operating a huge network essential to business and close to government should have raised eyebrows.

High level government security breaches often see the finger pointed squarely at China, while Lawmakers in the United States have voiced similar worries about ZTE’s ties at home. A source close to the Ministry of Defence in the UK told us last year that blocking malicious IP addresses from China would significantly lower the amount of attacks on UK IT systems, until they found another way around. 

Along with Huawei, ZTE is busy reassuring the world and its dog that it has nothing to worry about.

Both are already rolling out infrastructure worldwide, not just in the APAC region but across Europe and, they hope, the America too.

Soon enough relatively cheap technology from China will be powering the world. 

 

Facebook's grip on all of your data – exposed

Facebook is certainly making life difficult for users who want out. Could it be coincidence that a list of changes has appeared following the launch of Google’s G+? People are responding well to Google’s alternative, and, to us, it looks like Facebook is dabbling in the dark arts to keep its users users, whether they like it or not.

Data is the topic of the hour. People are growingly concerned with who owns our personal data and what they’re doing with it. Transparency isn’t exactly topping certain company’s to-do lists. So you’d like to think that once you sign up to an account with any service, you would have some control over your data. Or at least have the option of removing it without coming up against tricks and cons from the company holding it – your information.

Anyone who has tried to delete their Facebook account recently will probably have noticed it isn’t that simple.

Facebook has hidden the ‘Permanently delete’ option, at least for the average user who doesn’t Google everything they don’t understand or can’t find. Of its userbase, that will be a significant number of people.

When you go to ‘Account settings’ and then ‘Security’ you can see the option of deactivating the account. When you click to deactivate, not only do you have to give Zuckerberg a reason, but you have no option on the page to delete the data associated with the account in question.

To the average user, this looks a lot like ‘Facebook don’t let you delete your account. They only let you deactivate it.’

It looks as though you have no option to delete everything you’ve got attached to your account. And with some people, that’s a lot.

All of those private messages, photo albums and ‘likes’ still exist when your account is deactivated.

It just means that you are no longer searchable. The account still exists with all that information still attached to it.

With so many people falling for Facebook’s questionable cunning, people are manually deleting their albums, content on their wall, and their messages. The messages are the hardest to manually remove.

Did you know that the little ‘x’ next to your messages no longer means delete? It’s now ‘archive’. You archive your messages now!

If you want to delete your messages, you have to open them one by one, going through the menu time and time again, and keep hitting the delete button.

If you want to actually delete your Facebook account, you won’t find the link anywhere in your account settings. You have to scour the Help Centre for the ‘Permanently delete your account’ link. Which happens to be here.

You have to submit a request to Facebook to have your information removed and your account deleted. This takes approximately two weeks. If you log into, or use your account in any way, the deletion is cancelled and you will have to resubmit your request to delete all of your personal information.

That includes clicking any ‘like’ buttons, logging in to your account or logging into Facebook chat on external clients. Does facebook log in automatically on your phone? Opening that will reactivate it, too. 

Anyone would think Facebook is scared of losing users to Google+. Which happens to be why TechEye got its magnifying glass out and went on the trail. A lot of people are talking a lot about how to delete their accounts. Or at least thinning data out before deleting at a later date. Clearly, it’s not that easy. Why?