tell FTC to Protect Consumers from Online Advertising

Richard Cleland Bureau of Consumer Protection 202-326-3088 FTC seeking public comment on possible revisions to the guidance document, the staff is interested in the technical and legal issues that marketers, consumer advocates, and others believe should be addressed. https://ftcpublic.commentworks.com/ftc/dotcomdisclosures/

FTC Seeks Input for Revising Its Guidance to Businesses About Disclosures in Online Advertising

Needed Revisions Will Reflect Dramatic Changes in Online World Since Guidance Was Issued 11 Years Ago

Continue reading “tell FTC to Protect Consumers from Online Advertising”

Privacy /Google / anyone gets 36 million database that includes YOU.

Epsilon Fell To Spear-Phishing Attack

Breach apparently lasted for months despite warning of targeted attacks against email service providers.
10 Massive Security Breaches   10 Massive Security Breaches   10 Massive Security Breaches   10 Massive Security Breaches   10 Massive Security Breaches   10 Massive Security Breaches   10 Massive Security Breaches   10 Massive Security Breaches   10 Massive Security Breaches   10 Massive Security Breaches   10 Massive Security Breaches

35 Million Google Profiles Captured In Database

Caveat poster: A security researcher has assembled a single database
containing 35 million people’s Google Profiles information, including
Twitter feeds, real names, and email addresses, among other data points.
Google bills Profiles as a way to “decide what the world sees when it
searches for you.”
But Matthijs R. Koot, a privacy and anonymity researcher at the
University of Amsterdam, also found that because of the nature of Google
Profiles–it’s meant to be indexed by search engines–he was able to
easily save available information into a SQL database. Doing so required
about a month’s effort “to retrieve the data, convert it to SQL using
spidermonkey and some custom Javascript code, and import it into a
database,” he said in a blog post.
 

1 Database Containing 35.000.000 Google Profiles. Implications?

In February 2011 it showed trivial to create a database containing ALL ~35.000.000 Google Profiles without Google throttling, blocking, CAPTCHAing or otherwise make more difficult mass-downloading attempts. It took only 1 month to retrieve the data, convert it to SQL using spidermonkey and some custom Javascript code, and import it into a database. The database contains Twitter conversations (also stored in the OZ_initData variable) , person names, aliases/nicknames, multiple past educations (institute, study, start/end date),multiple past work experiences (employer, function, start/end date), links to Picasa photoalbums, …. — and in ~15.000.000 cases, also the username and therefore @gmail.com address. In summary: 1 month + 1 connection = 1 database containing 35.000.000 Google Profiles. 

My activities are directed at inciting, or poking up, debate about privacy — NOT to create DISTRUST but to achieve REALISTIC trust — and the meaning of “informed consent”. Which, when signing up for online services like Google Profile, amounts to checking a box. How can a user possibly be considered to be “informed” when they’re not made aware 1) about the fact that it does not seem to bother Google that profiles can be mass-downloaded (Dutch) and 2) about misuse value –or hopefully the lack of it– of their social data to criminals and certain types of marketeers? Does this enable mass spear phishing attacks and other types of social engineering, or is that risk negligible, e.g. because criminals use other methods of attack and/or have other, better sources of personal data? Absence of ANY protection against mass-downloading is the status quo at Google Profile. Strictly speaking I did not even violate Google policy in retrieving the profiles, because http://www.google.com/robots.txt explicitly ALLOWS indexing of Google Profiles and my code is part of a personal experimental search engine project.

Mexico Tribal Music and Pointy Boots

Tribal Monterrey music, super-pointy boots Matehulala, Mexico Bellavista Dance Crew, the botas vaqueras exóticas phenomenon has overrun the rodeo dance floors.

Tribal Music Brought The Best Pointy Boots Ever!
[youtube=http://www.youtube.com/watch?v=CEiMA3QtYWc ]
Spreading North into Texas, Tennessee, Oklahoma, and any place where big groups of immigrant Mexicans have taken root.
Continue reading “Mexico Tribal Music and Pointy Boots”