tag:blogger.com,1999:blog-4503292949532760618.post5004556956102762149..comments2024-03-16T18:42:21.178-07:00Comments on DSHR's Blog: "Privacy is dead, get over it" [updated]David.http://www.blogger.com/profile/14498131502038331594noreply@blogger.comBlogger32125tag:blogger.com,1999:blog-4503292949532760618.post-41016706081392645242018-03-03T05:48:20.920-08:002018-03-03T05:48:20.920-08:00Security through obscurity does work in some cases...Security through obscurity does work in some cases. Even after a <a href="https://arxiv.org/pdf/1802.02561.pdf" rel="nofollow">deep learning system read 130K privacy policy statements</a> it was only able to:<br /><br />"produce a correct answer among its top-3 results for 82% of the test questions"David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.comtag:blogger.com,1999:blog-4503292949532760618.post-4986401627650794062018-02-07T10:08:26.128-08:002018-02-07T10:08:26.128-08:00"Religiously turning off location services mi..."Religiously turning off location services might not save you from having your phone tracked: a paper from a group of IEEE researchers demonstrates tracking when GPS and Wi-Fi are turned off.<br /><br />And, as a kicker: at least some of the data used in the attack, published this week on arXiv, can be collected without permission, because smartphone makers don't consider it sensitive." writes <a href="https://www.theregister.co.uk/2018/02/07/boffins_crack_location_tracking_even_if_youve_turned_off_the_gps/" rel="nofollow">Richard Chirgwin at <i>The Register</i></a>.David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.comtag:blogger.com,1999:blog-4503292949532760618.post-80009045328243599912018-02-01T14:27:45.624-08:002018-02-01T14:27:45.624-08:00" Even the most stringent privacy rules have ..." Even the most <a href="https://boingboing.net/2018/01/09/information-controllers-galore.html" rel="nofollow">stringent privacy rules</a> have <a href="https://boingboing.net/2014/07/09/big-data-should-not-be-a-faith.html" rel="nofollow">massive loopholes</a>: they all allow for free distribution of "de-identified" or "anonymized" data that is deemed to be harmless because it has been subjected to some process.<br /><br />But the reality of "re-identification" attacks tells a different story: ... datasets are released on the promise that they have been de-identified, only to be rapidly (and often trivially) re-identified, putting privacy, financial security, lives and even geopolitical stability at risk." writes <a href="https://boingboing.net/2018/02/01/high-dimensional-data.html" rel="nofollow">Cory Doctorow at <i>Boing Boing</i></a>, pointing to <a href="http://randomwalker.info/publications/precautionary.pdf" rel="nofollow"><i>A Precautionary Approach to Big Data Privacy</i></a> by Arvind Narayanan, Joanna Huey and Edward Felten:<br /><br />"even staunch proponents of current de-identification methods admit that they are inadequate for high-dimensional data. These high-dimensional datasets, which contain many data points for each individual’s record, have become the norm: social network data has at least a hundred dimensions and genetic data can have millions. We expect that datasets will continue this trend towards higher dimensionality as the costs of data storage decrease and the ability to track a large number of observations about a single individual increase."David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.comtag:blogger.com,1999:blog-4503292949532760618.post-35959615060699749622017-12-11T10:06:35.654-08:002017-12-11T10:06:35.654-08:00Brian Merchant's How Email Open Tracking Quiet...Brian Merchant's <a href="https://www.wired.com/story/how-email-open-tracking-quietly-took-over-the-web/" rel="nofollow"><i>How Email Open Tracking Quietly Took Over the Web</i></a> shows why you should never read e-mail in HTML, only in plain text. Hat tip to <a href="https://boingboing.net/2017/12/11/google-could-fix-this.html" rel="nofollow">Cory Doctorow</a>:<br /><br />" It is routine for companies -- and even individuals -- to send emails with "beacons," transparent, tiny images that have to be fetched from a server. Through these beacons, companies can tell whether you've opened an email, whom you've forwarded it to, and even your location from moment to moment.<br /><br />The embedding of full-fledged HTML renderers in email and the growth of browser-based email clients mean that the tracking can also be effected through downloadable fonts or other elements -- anything that triggers loading a unique, per-recipient URL from a surveillance marketing company's server.<br /><br />The surveillance adoption curve means that these techniques have moved from marketing and hackers to individuals, and one analyst's report estimates that 19% of "conversational" email contains trackers."David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.comtag:blogger.com,1999:blog-4503292949532760618.post-7782654448134097992017-12-11T09:34:01.229-08:002017-12-11T09:34:01.229-08:00The Citizen Lab has a fascinating report on the Et...The Citizen Lab has a fascinating report on the <a href="https://citizenlab.ca/2017/12/champing-cyberbit-ethiopian-dissidents-targeted-commercial-spyware/" rel="nofollow">Ethiopian government's use of commercial spyware</a> from Israeli company Cyberbit to target dissidents, and the company's sales efforts to other unsavory governments.David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.comtag:blogger.com,1999:blog-4503292949532760618.post-32270970367575733012017-11-24T13:53:25.915-08:002017-11-24T13:53:25.915-08:00Google collects Android users’ locations even when...<a href="https://qz.com/1131515/google-collects-android-users-locations-even-when-location-services-are-disabled/" rel="nofollow"><i>Google collects Android users’ locations even when location services are disabled</i></a> reports Keith Collins at <i>Quartz</i>:<br /><br />"Many people realize that smartphones track their locations. But what if you actively turn off location services, haven’t used any apps, and haven’t even inserted a carrier SIM card?<br /><br />Even if you take all of those precautions, phones running Android software gather data about your location and send it back to Google when they’re connected to the internet, a Quartz investigation has revealed.<br /><br />Since the beginning of 2017, Android phones have been collecting the addresses of nearby cellular towers—even when location services are disabled—and sending that data back to Google. The result is that Google, the unit of Alphabet behind Android, has access to data about individuals’ locations and their movements that go far beyond a reasonable consumer expectation of privacy."<br /><br />Hat tip to <a href="https://www.theregister.co.uk/2017/11/22/permissionless_data_slurping_google/" rel="nofollow">Andrew Orlowski at <i>The Register</i></a>, who writes:<br /><br />"you may want to consider two questions about a story that goes to the heart of the human relationship with technology: "Who is in control, here?" Firstly, can you turn it off? If you can't turn it off then obviously you are not in control. Secondly, do you know it's happening? If you don't know it's happening, you're not even in a position to turn it off. This entirely changes the terms of that human-machine relationship.<br /><br />What Google did is also illegal here because consent is the key to data protection in the EU."David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.comtag:blogger.com,1999:blog-4503292949532760618.post-77314944492441923922017-11-17T08:06:50.599-08:002017-11-17T08:06:50.599-08:00Well, Duh! Anonymized location-tracking data prove...Well, Duh! <a href="https://www.theregister.co.uk/2017/11/17/anonymized_locationtracking_data_isnt/" rel="nofollow"><i>Anonymized location-tracking data proves anything but: Apps squeal on you like crazy</i></a>:<br /><br />"Anonymized location data won't necessarily preserve your anonymity.<br /><br />M. Keith Chen, associate professor of economics at UCLA's Anderson School of Management, and Ryne Rohla, a doctoral student at Washington State University, accomplished this minor miracle of data science by assuming that the GPS coordinates transmitted by mobile phones between 1am and 4am over several weeks represent the location of device owners' homes."David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.comtag:blogger.com,1999:blog-4503292949532760618.post-87157510246830522992017-11-17T08:00:53.525-08:002017-11-17T08:00:53.525-08:00No boundaries: Exfiltration of personal data by se...<a href="https://freedom-to-tinker.com/2017/11/15/no-boundaries-exfiltration-of-personal-data-by-session-replay-scripts/" rel="nofollow"><i>No boundaries: Exfiltration of personal data by session-replay scripts</i></a> is a paper you need to read <i>right now</i>:<br /><br />"You may know that most websites have third-party analytics scripts that record which pages you visit and the searches you make. But lately, more and more sites use “session replay” scripts. These scripts record your keystrokes, mouse movements, and scrolling behavior, along with the entire contents of the pages you visit, and send them to third-party servers. Unlike typical analytics services that provide aggregate statistics, these scripts are intended for the recording and playback of individual browsing sessions, as if someone is looking over your shoulder."David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.comtag:blogger.com,1999:blog-4503292949532760618.post-2030781933361912122017-11-14T20:02:45.056-08:002017-11-14T20:02:45.056-08:00The explanation of the Privacy Pass design is quit...The <a href="https://privacypass.github.io/protocol/" rel="nofollow">explanation of the Privacy Pass design</a> is quite understandable <a href="https://en.wikipedia.org/wiki/Elliptic-curve_cryptography" rel="nofollow">once you realize that</a>:<br /><br />"The security of elliptic curve cryptography depends on the ability to compute a point multiplication and the inability to compute the multiplicand given the original and product points."David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.comtag:blogger.com,1999:blog-4503292949532760618.post-48652014375857151122017-11-14T09:23:45.280-08:002017-11-14T09:23:45.280-08:00Privacy Pass is a really interesting development, ...<a href="https://privacypass.github.io/" rel="nofollow">Privacy Pass</a> is a really interesting development, allowing users to authenticate to services repeatedly without allowing the service to track them:<br /><br />"Privacy Pass interacts with supporting websites to introduce an anonymous user-authentication mechanism. In particular, Privacy Pass is suitable for cases where a user is required to complete some proof-of-work (e.g. solving an internet challenge) to authenticate to a service. In short, the extension receives blindly signed ‘passes’ for each authentication and these passes can be used to bypass future challenge solutions using an anonymous redemption procedure. For example, Privacy Pass is supported by Cloudflare to enable users to redeem passes instead of having to solve CAPTCHAs to visit Cloudflare-protected websites.<br /><br />The blind signing procedure ensures that passes that are redeemed in the future are not feasibly linkable to those that are signed. We use a privacy-preserving cryptographic protocol based on ‘Verifiable, Oblivious Pseudorandom Functions’ (VOPRFs) built from elliptic curves to enforce unlinkability. The protocol is exceptionally fast and guarantees privacy for the user. As such, Privacy Pass is safe to use for those with strict anonymity restrictions."<br /><br />Tip of the hat to <a href="https://www.theregister.co.uk/2017/11/14/privacy_pass_protocol/" rel="nofollow">Rebecca Hill at <i>The Register</i></a>.David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.comtag:blogger.com,1999:blog-4503292949532760618.post-64380217338014522972017-11-08T21:34:58.749-08:002017-11-08T21:34:58.749-08:00Facebook builds a profile of you that you cannot o...<a href="https://gizmodo.com/how-facebook-figures-out-everyone-youve-ever-met-1819822691?IR=T" rel="nofollow">Facebook builds a profile of you that you cannot opt out of</a>, even if you never use Facebook, reports Kashmir Hill at Gizmodo:<br /><br />"Behind the Facebook profile you’ve built for yourself is another one, a shadow profile, built from the inboxes and smartphones of other Facebook users. Contact information you’ve never given the network gets associated with your account, making it easier for Facebook to more completely map your social connections."David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.comtag:blogger.com,1999:blog-4503292949532760618.post-80962882453361717312017-09-28T11:22:58.263-07:002017-09-28T11:22:58.263-07:00The incentives for maintaining privacy can't c...The incentives for maintaining privacy can't compete with the incentives to leak. By resigning from Equifax, now ex-CEO <a href="http://fortune.com/2017/09/26/equifax-ceo-richard-smith-net-worth/" rel="nofollow">Richarrd Smith walks away with $90M</a> from the catastrophic breach:<br /><br />"The CEO of Equifax is retiring from the credit reporting bureau with a pay day worth as much as $90 million—or roughly 63 cents for every customer whose data was potentially exposed in its recent security breach."<br /><br />63 cents is a trivial addition to the costs his incompetence imposed on each of us, so maybe that's OK. But it certainly isn't a way to ensure that future CEOs in charge of our personal information are less carelessDavid.https://www.blogger.com/profile/14498131502038331594noreply@blogger.comtag:blogger.com,1999:blog-4503292949532760618.post-8204864078313615492017-09-27T14:00:53.157-07:002017-09-27T14:00:53.157-07:00BITAG Announces Technical Review Focused on Intern...<a href="https://www.bitag.org/documents/BITAG%20Press%20Release%20-%20Announcing%20Internet%20Data%20Collection%20and%20Privacy%20Topic%20(September%202017.).pdf" rel="nofollow">BITAG Announces Technical Review Focused on Internet Data Collection and Privacy</a>:<br /><br />"The Broadband Internet Technical Advisory Group (BITAG) will review the technical aspects of Internet of data collection and privacy. This review will result in a report with an anticipated publication date in early 2018."David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.comtag:blogger.com,1999:blog-4503292949532760618.post-69237688970283214242017-09-15T06:52:30.787-07:002017-09-15T06:52:30.787-07:00Catalin Cimpanu combines two of my favorite themes...Catalin Cimpanu combines two of my favorite themes in <a href="https://www.bleepingcomputer.com/news/security/malvertising-campaign-mines-cryptocurrency-right-in-your-browser/" rel="nofollow"><i>Malvertising Campaign Mines Cryptocurrency Right in Your Browser</i></a>:<br /><br />"Malware authors are using JavaScript code delivered via malvertising campaigns to mine different cryptocurrencies inside people's browsers, without their knowledge. ... According to a recent report, <a href="https://www.bleepingcomputer.com/news/security/over-1-65-million-computers-infected-with-cryptocurrency-miners-in-2017-so-far/" rel="nofollow">at least 1.65 million computers</a> have been infected with cryptocurrency mining malware this year so far.David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.comtag:blogger.com,1999:blog-4503292949532760618.post-17513028020446767842017-08-29T11:56:20.784-07:002017-08-29T11:56:20.784-07:00Go read Bruce Schneier's interview with the Ha...Go read <a href="https://news.harvard.edu/gazette/story/2017/08/when-it-comes-to-internet-privacy-be-very-afraid-analyst-suggests/" rel="nofollow">Bruce Schneier's interview with the <i>Harvard Gazette</i></a>:<br /><br />"Consumers are concerned about their privacy and don’t like companies knowing their intimate secrets. But they feel powerless and are often resigned to the privacy invasions because they don’t have any real choice. People need to own credit cards, carry cellphones, and have email addresses and social media accounts. That’s what it takes to be a fully functioning human being in the early 21st century. This is why we need the government to step in."David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.comtag:blogger.com,1999:blog-4503292949532760618.post-38588809347113808212017-08-29T08:19:07.427-07:002017-08-29T08:19:07.427-07:00The title of Karl Bode's CCTV + Lip-Reading So...The title of Karl Bode's <a href="https://www.techdirt.com/articles/20170822/05364238054/cctv-lip-reading-software-even-less-privacy-even-more-surveillance.shtml" rel="nofollow"><i>CCTV + Lip-Reading Software = Even Less Privacy, Even More Surveillance</i></a> speaks for itself.David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.comtag:blogger.com,1999:blog-4503292949532760618.post-58846397900992793152017-08-28T16:02:53.214-07:002017-08-28T16:02:53.214-07:00Alexander Muse claims that How the NSA Identified ...Alexander Muse claims that <a href="https://medium.com/@amuse/how-the-nsa-caught-satoshi-nakamoto-868affcef595" rel="nofollow"><i>How the NSA Identified Satoshi Nakamoto</i></a> was by using stylometry:<br /><br />"Satoshi has taken great care to keep his identity secret employing the latest encryption and obfuscation methods in his communications. Despite these efforts (according to my source at the DHS) Satoshi Nakamoto gave investigators the only tool they needed to find him — <a href="http://online.wsj.com/public/resources/documents/finneynakamotoemails.pdf" rel="nofollow">his own words</a>.<br /><br />Using stylometry one is able to compare texts to determine authorship of a particular work. Throughout the years Satoshi wrote thousands of posts and emails and most of which are publicly available. According to my source, the NSA was able to the use the ‘writer invariant’ method of stylometry to compare Satoshi’s ‘known’ writings with trillions of writing samples from people across the globe."<br /><br />So, not just privacy but pseudonymity is dead.David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.comtag:blogger.com,1999:blog-4503292949532760618.post-10627082422666808912017-08-28T15:49:29.267-07:002017-08-28T15:49:29.267-07:00At Techdirt, Karl Bode reports that:
"A new ...At <i>Techdirt</i>, <a href="https://www.techdirt.com/articles/20170828/08152938092/iot-devices-provide-comcast-wonderful-new-opportunity-to-spy-you.shtml" rel="nofollow">Karl Bode reports that</a>:<br /><br />"A <a href="https://www.newscientist.com/article/2145450-your-broadband-provider-can-use-your-smart-devices-to-spy-on-you/" rel="nofollow">new study out of Princeton</a> recently constructed a fake home, filled it with real IOT devices, and then monitored just how much additional data an ISP could collect on you based in these devices' network traffic. Their findings? It's relatively trivial for ISPs to build even deeper behavior profiles on you based on everything from your internet-connected baby monitor to your <a href="https://www.techdirt.com/articles/20170315/05415736923/smart-vibrator-company-to-pay-375-million-private-data-collection.shtml" rel="nofollow">not so smart vibrator</a>."<br /><br />And notes that even using a VPN doesn't help much.David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.comtag:blogger.com,1999:blog-4503292949532760618.post-77480220129752974222017-08-28T15:42:41.838-07:002017-08-28T15:42:41.838-07:00Mark St. Cyr asks Is Facebook Staring Down Its “AO...Mark St. Cyr asks <a href="https://markstcyr.com/2017/08/27/is-facebook-staring-down-its-aol-moment/" rel="nofollow"><i>Is Facebook Staring Down Its “AOL Moment?”</i></a>, pointing out that once AOL <a href="https://en.wikipedia.org/wiki/Jumping_the_shark" rel="nofollow">jumped the shark</a> its collapse was rapid. He notes that:<br /><br />"Facebook is, for all intents and purposes, an advertising tool for advertisers only. It derives nearly all its revenue from advertisers. i.e., If there’s no advertisers buying on Facebook – there’s no Facebook."<br /><br />And that it isn't merely the world's biggest advertiser who is backing away:<br /><br />"The first shot across the proverbial bow was ... when <a href="https://www.wsj.com/articles/p-g-to-scale-back-targeted-facebook-ads-1470760949" rel="nofollow">P&G™ announced it was pulling ad dollars</a> from what was considered FB’s ultimate ad model and raison d’être, i.e., targeted ads. The reason? All that targeting (via all that charged-for data) wasn’t hitting the mark."<br /><br />But also the world's biggest ad agency:<br /><br />"This past week none other that WPP™, which just so happens to be the world’s largest ad company, stock value plummeted after <a href="http://www.zerohedge.com/news/2017-08-23/worlds-largest-ad-company-crashes-after-dismal-earnings-terrible-guidance" rel="nofollow">reporting dismal earnings, and “terrible” guidance</a>."David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.comtag:blogger.com,1999:blog-4503292949532760618.post-67438815728439614092017-08-17T13:56:36.254-07:002017-08-17T13:56:36.254-07:00It isn't as if all this Web advertising actual...It isn't as if all this Web advertising actually works. At <i>The Register</i> <a href="https://www.theregister.co.uk/2017/08/17/ad_fraud_looks_really_bad/" rel="nofollow">Thomas Claburn writes</a>:<br /><br />"'It's about 60 to 100 per cent fraud, with an average of 90 per cent, but it is not evenly distributed,' said Augustine Fou, an independent ad fraud researcher, in <a href="https://www.slideshare.net/augustinefou/state-of-digital-ad-fraud-august-2017" rel="nofollow">a report</a> published this month.<br /><br />... Among quality publishers, Fou reckons $1 spent buys $0.68 in ads actually viewed by real people. But on ad networks and open exchanges, fraud is rampant.<br /><br />With ad networks, after fees and bots – which account for 30 per cent of traffic – are taken into account, $1 buys $0.07 worth of ad impressions viewed by real people. With open ad exchanges – where bots make up 70 per cent of traffic – that figure is more like $0.01. In other words, web adverts displayed via these networks just aren't being seen by actual people, just automated software scamming advertisers."David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.comtag:blogger.com,1999:blog-4503292949532760618.post-31238714148991855512017-08-11T20:22:36.715-07:002017-08-11T20:22:36.715-07:00Cliff Lynch points me to Jonathan Albright's W...Cliff Lynch points me to Jonathan Albright's <a href="https://medium.com/@d1gi/who-hacked-the-election-43d4019f705f" rel="nofollow"><i>Who Hacked the Election? Ad Tech did. Through “Fake News,” Identify Resolution and Hyper-Personalization</i></a> which reveals that fringe "fake news" and propaganda sites are simply fronts for major AdTech companies suchas Facebook, Axciom, Google and a host of smaller, less well-known companies:<br /><br />"The conclusion: While this set of “fake news” sites might not have the sheer quantity of ad tech that, say, the Alexa 500 have, the behavioral targeting and identity resolution technologies associated with many of these conspiracy, hyper-partisan, and propaganda sites are as sophisticated as it gets.<br /><br />Facebook Custom Audiences — near the center of the graph above — for example, can be used to easily target voters in real life based on curated lists from something as simple as an Excel workbook. But most often this is done professionally through a “trusted data partner” like Acxiom (alarming, since example #1, the “LiveRamp” tracker above, is part of the same company)"David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.comtag:blogger.com,1999:blog-4503292949532760618.post-5229427397333129372017-08-11T06:34:26.071-07:002017-08-11T06:34:26.071-07:00Thomas Claburn's Revealed: The naughty tricks ...Thomas Claburn's <a href="https://www.theregister.co.uk/2017/08/11/ad_blocker_bypass_code/" rel="nofollow"><i>Revealed: The naughty tricks used by web ads to bypass blockers</i></a> looks at the arms race between advertisers and users:<br /><br />"The company's technology disguises third-party network requests so they appear to be first-party network requests. This allows ad services used by website publishers to place cookies and serve ads that would otherwise by blocked by the browser's <a href="https://www.w3.org/Security/wiki/Same_Origin_Policy" rel="nofollow">same-origin</a> security model."<br /><br />And:<br /><br />"<a href="https://uponit.com/" rel="nofollow">Uponit</a> provides publishing clients with JavaScipt code that attempts to bypass content blocking. "Our JavaScript detects all blocked ad calls, fully recreates them (including targeting) and communicates them to our servers through a secure, undetectable channel that bypasses ad blockers," the company explains on its website."<br /><br />From the user's point of view, these are all malware. The companies' excuses for peddling malware are an entertaining read.David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.comtag:blogger.com,1999:blog-4503292949532760618.post-88442218144674122812017-07-07T15:19:43.611-07:002017-07-07T15:19:43.611-07:00Note that what is for sale in Australia is not a p...Note that what is for sale in Australia is not a patient medical record just the <a href="http://www.listbox.com/member/archive/247/2017/07/sort/time_rev/page/1/entry/4:34/20170706233019:95616502-62C4-11E7-A7CA-F4EDD68AD1DF/" rel="nofollow">details on the Medicare card</a> which enable identity theft.David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.comtag:blogger.com,1999:blog-4503292949532760618.post-51962324065499762942017-07-06T15:27:52.156-07:002017-07-06T15:27:52.156-07:00Cory Doctorow at Boing Boing points me to Paul Far...<a href="https://boingboing.net/2017/07/05/medicare-machine.html" rel="nofollow">Cory Doctorow at <i>Boing Boing</i></a> points me to Paul Farrell's <a href="https://boingboing.net/2017/07/05/medicare-machine.html" rel="nofollow"><i>The Medicare machine: patient details of 'any Australian' for sale on darknet</i></a>:<br /><br />"The price for purchasing an Australian’s Medicare card details is 0.0089 bitcoin, which is equivalent to US$22.<br /><br />Guardian Australia has verified that the seller is making legitimate Medicare details of Australians available by requesting the data of a Guardian staff member. <br /><br />The darknet vendor says they are “exploiting a vulnerability which has a much more solid foundation which means not only will it be a lot faster and easier for myself, but it will be here to stay. I hope, lol.”<br /><br />The listing continues: “Purchase this listing and leave the first and last name, and DOB of any Australian citizen, and you will receive their Medicare patient details in full.”<br /><br />The vendor said they would soon create a “mass batch requesting of details”.<br /><br />The seller is listed as a highly trusted vendor on the site and has received dozens of positive sale reviews."David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.comtag:blogger.com,1999:blog-4503292949532760618.post-35069040676405935222017-06-16T09:14:50.368-07:002017-06-16T09:14:50.368-07:00At The Register, John Leyden's Banking website...At <i>The Register</i>, John Leyden's <a href="http://www.theregister.co.uk/2017/06/15/bank_tracker_risk/" rel="nofollow"><i>Banking websites are 'littered with trackers' ogling your credit risk</i></a> discusses a report from eBlocker:<br /><br />"A new study has warned that third-party trackers litter banking websites and the privacy-invading tech is being used to rate surfers' creditworthiness.<br /><br />Among the top 10 financial institution websites visited in the US and UK, there are 110 third-party trackers snooping on surfers each time they visit."David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.com