Privacy

h-online: Mozilla has implemented changes to Firefox 14 that address concerns raised by privacy-conscious users over the “new tab” feature in Firefox 13. The Firefox developers have changed the browser’s behavior so that sensitive information should no longer leak via screenshots of web sites. When opening a new tab, Firefox 13 shows users a grid of screenshots of their most visited pages. After this feature was introduced, several users complained to Mozilla and pointed out that the feature also takes screenshots of sensitive web sites such as login pages for online banking sites. ...

H-Online: Yahoo! introduced a new “browser”, Axis, last night, both as a standalone application for iPhone and iPad and as a browser extension on Chrome, Firefox, Internet Explorer and Safari. Axis is meant to offer faster, smarter searching using Yahoo’s services. Within hours of the launch, hacker and blogger Nik Cubrilovic posted on his blog that the Chrome extension came with a worrying extra, a Yahoo private certificate file which was used to sign the extension package and prove the package’s authenticity to the Google browser. ...

Cross-posted from SophosLabs: A popular Firefox add-on appears to have started leaking private information about every website that users visit to a third-party server, including sensitive data which could identify individuals or reduce their security. Naked Security reader Rob Sanders alerted us to the activities of the recently updated ShowIP add-on for the Firefox browser. According to the description on the Mozilla add-ons website, ShowIP is designed to “show the IP address(es) of the current page in the status bar. It also allows querying custom information services by IP (right click) and hostname (left click), like whois, netcraft, etc. Additionally you can copy the IP address to the clipboard.” ...

SophosLabs: This week has seen the annual Mobile World Congress event. For 2012, the giants of the mobile tech world are back in Barcelona to captivate the imagination of the tech press with their latest smartphone and tablet offerings. The mobile industry trade show has certainly not disappointed. Announcements of smartphones with new quad core processors, phone cameras with huge numbers of megapixels crammed onto its sensor and 3 in 1 smartphone-tablet-netbooks have all provided much excitement. ...

H-Online.com: Following the revelation that Google and other online marketing companies have been bypassing the mechanism for blocking third-party cookies in Safari, the Internet Explorer development team asked themselves whether Google might be doing the same thing in IE. As they detail on IEBlog, they discovered that this was the case – Google circumvents Internet Explorer’s cookie policy by subverting the browser’s P3P-based privacy protection mechanism. P3P stands for Platform for Privacy Preferences Project and is an open W3C standard. It is intended to help both users and programs determine what sites do with personal data. The cookie management system in Internet Explorer blocks third party cookies from sites that do not supply a P3P policy statement telling it how cookies are used. ...

The H-Online: Google and other advertising companies have been found to be deliberately evading the privacy controls of Apple’s Safari browser. The evasion was revealed in a report in the Wall Street Journal and was based on work by Stanford researcher Jonathan Mayer. He found that the “+1” button code added to DoubleClick advertisements also allowed a Google DoubleClick tracking code to be installed on desktop Safari on 22 of the top 100 web sites. The same happened with 23 of those 100 sites when using Safari on the iPhone. ...

Take a look in the Email I got from Google a few minutes ago: Dear Website Optimizer user, We are writing to inform you of a potential security issue with Website Optimizer. By exploiting a vulnerability in the Website Optimizer Control Script, an attacker might be able to execute malicious code on your site using a Cross-Site Scripting (XSS) attack. This attack can only take place if a website or browser has already been compromised by a separate attack. While the immediate probability of this attack is low, we urge you to take action to protect your site. ...

The Register: YouPorn nabbed in real-world privacy sting Boffins from Southern California have caught YouPorn.com and 45 other sites pilfering visitors’ surfing habits in what is believed to be the first study to measure in-the-wild exploits of a decade-old browser vulnerability. YouPorn, which fancies itself the YouTube of smut, uses JavaScript to detect whether visitors have recently browsed to PornHub.com, tube8.com and 21 other sites, according to the study. It tracked the 50,000 most popular websites and found a total of 46 other offenders, including news sites charter.net and newsmax.com, finance site morningstar.com and sports site espnf1.com. ...

The U.S. Federal Trade Commission (FTC) has accepted a preliminary staff report that lays out a framework for Internet privacy and suggests a “do not track” mechanism – possibly a persistent cookie installed on browsers. The agency was careful to point out that the commissioners see privacy measures as a balancing act. The news release quotes FTC chairman Jon Leibowitz: “Technological and business ingenuity have spawned a whole new online culture and vocabulary – email, IMs, apps and blogs – that consumers have come to expect and enjoy. The FTC wants to help ensure that the growing, changing, thriving information marketplace is built on a framework that promotes privacy, transparency, business innovation and consumer choice. We believe that’s what most Americans want as well.” ...

You’ve locked down your computer. Nothing is going to bypass your privacy shielding programs. AdBlock is fully loaded, NoScript is ready to roll and RefControl is sending “Party on, Wayne” as your custom referrer to all and sundry. However, you really want to hide your IP address too and decide to load up one of the many web-based proxy services available. Something humorous I’ve noticed across many web-based proxies recently is that they’re jumping on a marketing strategy that might be slightly at odds with their attempts at privacy for the end-user. In order to keep your private details private, you have to _fill in a survey and hand over a bunch of information to third party marketers. _ Type in a URL, hit the “Go” button on the proxy and you’ll see one of these: ...