Privacy Roundup #0043 • February 2010
February 2010 was dominated by the Google Buzz backlash, the Lower Merion webcam spying scandal and a string of botnet and surveillance rows on both sides of the Atlantic.
1. One in three users reviewed the Facebook privacy roll-back
Facebook told an FTC roundtable that about 35 per cent of its 350 million users had reviewed their settings after the controversial December change. Critics noted that the prompt never explained that the company had actually weakened the default protections.
2. Virgin Media fights privacy campaigners over P2P monitoring
Virgin Media planned to trial CView, a deep packet inspection system built by Detica, to measure unlicensed music sharing across its network. Privacy International and other advocates opposed the scheme and warned that it could breach surveillance law.
3. Mozilla overlooked malware-laced Firefox add-ons
Two extensions hosted on Mozilla's official add-ons site shipped with malware for months before removal, including a password-stealing trojan in one popular video downloader. Roughly 4,600 Windows users were exposed before the files were pulled.
4. Zeus attack spoofs the NSA to target .gov and .mil
Criminals spread the Zeus banking trojan through emails that impersonated the National Intelligence Council and urged officials to download a bogus "2020 Project" file. Government and military recipients were the focus, and one state agency confirmed a couple of hundred infections.
5. Google Buzz criticised for disclosing Gmail contacts
A day after launch, Buzz was attacked for compiling each user's most frequent email and chat contacts and then publishing that list by default. The setting risked exposing sensitive relationships that many people had assumed were private.
6. Google Buzz leaves privacy concerns ringing in ears
Google slotted Buzz into all 176 million Gmail accounts without an opt-in, creating public profiles that exposed contact lists to search engines. Users had to hunt for hidden controls to switch the sharing off.
7. Google apologises for Buzz privacy issues
Google conceded it had not got things right and replaced the automatic follow feature with an opt-in suggestion model. The Gmail product manager said the company was very sorry for the concern it had caused.
8. EFF publishes its Google Buzz privacy update
The Electronic Frontier Foundation welcomed Google's weekend fixes as a significant step forward but argued that Buzz should be opt-in rather than opt-out. It said proper testing with outside users would have caught the flaws before launch.
9. PleaseRobMe highlights the danger of location oversharing
A Dutch trio built PleaseRobMe.com to scrape public Foursquare check-ins from Twitter and show when people were away from home. The site was meant to shame oversharers rather than help burglars, but it sparked a wider debate about location privacy.
10. EPIC asks the FTC to investigate Google Buzz
EPIC filed a complaint urging the Federal Trade Commission to investigate Buzz, arguing that Google had disclosed address book contacts without proper consent. The group said the service may have broken federal wiretap law and demanded a fully opt-in design.
11. Almost 2,500 firms breached in the Kneber Zeus campaign
NetWitness disclosed a Zeus botnet operation, dubbed Kneber, that had infected more than 74,000 PCs across roughly 2,500 companies and ten federal agencies since 2008. The malware harvested email passwords, network credentials and source code from victims in 196 countries.
12. Two Chinese schools implicated in Google Aurora attacks
Investigators traced the Operation Aurora intrusions against Google and dozens of other firms back to two Chinese institutions, Shanghai Jiaotong University and the Lanxiang Vocational School. Both schools denied any role, and analysts cautioned that the origin of the attacks did not prove they had been ordered by the Chinese government.
13. Harvard student files a class action over Buzz
Harvard law student Eva Hibnick filed a class action accusing Google of enrolling Gmail users in Buzz without consent and publicly disclosing their personal relationships. The complaint invoked several federal electronic communications statutes and California law.
14. Pennsylvania school sued over webcam spying
A family sued the Lower Merion School District after staff remotely activated a webcam on a school-issued MacBook and photographed their son at home. The case, later dubbed WebcamGate, alleged breaches of the Fourth Amendment and the Electronic Communications Privacy Act.
15. FBI opens a probe into the school spycam scandal
Federal investigators opened an inquiry into whether Lower Merion broke wiretapping or computer intrusion laws by activating laptop cameras in students' homes. The district admitted it had not told students the tracking feature was active.
16. Italian court convicts three Google executives
A Milan court handed suspended sentences to three Google executives over a video of a disabled boy being bullied that was uploaded to Google Video. The ruling held that Google should have sought permission before hosting the clip, a precedent the company vowed to appeal.
17. BT could face criminal charges over Phorm trials
The Crown Prosecution Service confirmed it was reviewing whether to charge BT over covert 2006 trials of Phorm's web-profiling technology. Prosecutors examined whether the secret monitoring of about 18,000 broadband lines breached the Regulation of Investigatory Powers Act.
18. Microsoft uses a court order to take out the Waledac botnet
A US judge granted Microsoft a restraining order severing 277 domains that controlled the spam-spewing Waledac botnet. Operation b49 cut off as many as 90,000 infected machines from their command channels, although the underlying compromises remained.
19. Privacy experts warn over the NHS Summary Care Record
Professor Ross Anderson urged patients to opt out of the Summary Care Record scheme that would expose medical outlines to hundreds of thousands of NHS staff. He pointed to an earlier Scottish system that a rogue clinician had abused to snoop on politicians' records.
20. Buzz privacy tweaks called a good start but not enough
Reviewers judged Google's first round of Buzz fixes a welcome but partial response, since they did nothing for the millions already exposed. Commentators urged Google to borrow Facebook's profile preview so people could see exactly how their accounts looked to others.
Enjoyed this post?
Well, you could share the post with others, follow me with RSS Feeds and/or send me a comment via email.
Tags
Category:
Year: