Even fingerprints can be hacked, hacker group says
Fingerprints may not be a foolproof method for protecting sensitive data, Europe’s largest hacker consortium reports this week.
A hacker who calls himself “Starbug”, presenting at the Chaos Computer Club’s annual convention, describes how he coupled commercially available software with an image of the German defense minister’s thumb to synthesize her fingerprint.
As a result of the findings, Starbug observed, politicians “will presumably [start to] wear gloves when talking in public.”
Snowden lawyer: Location data potentially more invasive than private content
Individuals’ location information may reveal more about their activities than content like conversations, Edward Snowden’s lawyer suggests in an interview published this week.
Because location data offers a proxy for a person’s movement, social interactions and interests, it is much more valuable than conversation excerpts, Ben Winzer – an executive in the American Civil Liberties Union as well as an attorney – tells the nonprofit Index on Censorship.
“In bulk,” Winzer is quoted as saying, “meta data is more sensitive than content.”
Ad network placed cookies on Mac computers unlawfully, attorneys allege
Ad network PointRoll illegally ignored cookie blocking settings on the Safari web browser, attorneys general in four states say.
PointRoll did not admit wrongdoing but agreed to settle with the four states for $750,000. At issue is a setting in Safari that allows users to block some or all cookies when they browse the web. PointRoll, the attorneys general say, placed cookies on Safari users’ computers even when they’d selected the “block all cookies” option.
If you’re wondering, the Blur browser extension does block PointRoll tracking. You can view all of the trackers blocked by Blur by clicking on the extension icon > Settings > “view tracking companies” link under the “Don’t track my browsing” subheading.
Data broker sells consumer data to spammers, is sued by FTC
A Nevada data broker sold thousands of consumer records to fraudsters and marketing companies, the Federal Trade Commission says.
The company, LeapLab, received the records from websites that request people’s personal information for the purpose of selling them financial products. That means the data was collected legitimately – but what LeapLab did with it was not legitimate or legal.
According to the FTC allegations, LeapLab sold consumer dossiers for as little as $0.50 to telemarketers and other companies. The agency’s suit could be the first of many against data brokers who use consumer data unlawfully, the New York Times’ tech blog reports.
Mobile shopping apps demand substantial amounts of user info, study finds
Mobile apps from retailers like Target, Amazon and Zappos request private information to an extent that users may not expect, a CreditCards.com analysis shows.
Particularly on Android, the researchers learned, shopping apps can “see” significant amounts of user data. For example, the Dunkin’ Donuts app can view a user’s call logs. The Amazon app can access a device’s microphone. And four of the 12 apps examined offer social logins, which open up users’ social media profiles to closer scrutiny.
The privacy implications are worrying, Shirley Inscoe, an analyst at research firm Aite Group, told CreditCards.com. “Once your data is disclosed, you can’t change everything, and once criminals have it that’s it,” she said.