Even so, HTTPS – or HTTP Secure – is vital to sites where user data is particularly sensitive, such as online banking and communications where the risk of eavesdropping is possible. The system adds an added encryption layer of SSL/TLS to regular HTTP traffic, with a certified server ensuring a trusted link between it and the user.

The censorship is not the first move against a free internet by the Iranian government. A monitoring system is believed to be in place, and ISPs are legally required to keep records of all data sent and received by subscribers. Similarly, internet cafés and other places with public web access must keep records of users, including full name, national identification number, postcode and telephone number, in addition to a record of which sites are viewed.

It’s possible the government is hoping to prevent any possibility of public unrest, blocking off private communications that activists could use to organize protests.

[via ReadWriteWeb]

“What we learn from you, and others like you, will help us improve Google products and services and make a better online experience for everyone,” Google explained in a statement. Only those who are 13 years of age or older are eligible to apply. In addition, participants are oliged to use Google’s Chrome browser when surfing the Web. This program comes after Google faced heavy criticism for revamping its privacy policies across most of its online platforms.

Google noted that Amazon is not a sponsor of the promotion, which is known as Google Screenwise. It just so happens that Amazon gift cards are a pretty easy and efficient means of sending money online, since anyone can find $25 worth of stuff they need on Amazon. The program is obviously not designed with the intention of keeping tabs on any one individual users but rather to collect massive amounts of data and better understand how Internet browsers interact with the World Wide Web. If you’re interested, you can sign up here.

UPDATE: Google has reached out to us with the following statement:

“Like many other web and media companies, we do panel research to help better serve our users by learning more about people’s media use, on the web and elsewhere. This panel is one such small project that started near the beginning of the year. Of course, this is completely optional to join. People can choose to participate if it’s of interest (or if the gift appeals) and everyone who does participate has complete transparency and control over what Internet use is being included in the panel. People can stay on the panel as long as they’d like, or leave at any time.” – Google Spokesperson

What do you think, folks?

One of the major investors in Path mister Michael Arrington earlier today suggested that the correct way to move forward after this PR debacle fell was to first off delete all the information Path had collected. Path had collected the contacts from every person they had open their app – just so you know. The note left by David Morin today puts it all in perspective and makes it clear that the creators of Path take the whole situation very seriously:

As our mission is to build the world’s first personal network, a trusted place for you to journal and share life with close friends and family, we take the storage and transmission of your personal information very, very seriously.

Through the feedback we’ve received from all of you, we now understand that the way we had designed our ‘Add Friends’ feature was wrong. We are deeply sorry if you were uncomfortable with how our application used your phone contacts.

As for how exactly they were wrong and how the app did really use your contacts, Morin made such things clear as well:

In the interest of complete transparency we want to clarify that the use of this information is limited to improving the quality of friend suggestions when you use the ‘Add Friends’ feature and to notify you when one of your contacts joins Path–nothing else. We always transmit this and any other information you share on Path to our servers over an encrypted connection. It is also stored securely on our servers using industry standard firewall technology.

And of course the most important part did come with the update, the assurance that all the data they’d already collected has been deleted – we hope!

We believe you should have control when it comes to sharing your personal information. We also believe that actions speak louder than words. So, as a clear signal of our commitment to your privacy, we’ve deleted the entire collection of user uploaded contact information from our servers. Your trust matters to us and we want you to feel completely in control of your information on Path.

The newest version of Path, version 2.0.6 released today, will have you prompt in and out of sharing your phones contacts with Path’s servers. The download is still free, and will still act the same outside this extra little prompt. All for your privacy!

[via Path]

Although embarrassing for security reasons for the Syrian government, the leak also gives valuable insights into how top-level politicians perceive and are briefed on the west. One document prepared for Syrian President Bashar al-Assad ahead of his interview with ABC’s Barbara Walters in 2011 was reproduced by the Foreign Policy blog, and included advice on how to manipulate American perception:

“It is hugely important and worth mentioning that ‘mistakes’ have been done in the beginning of the crises because we did not have a well-organized ‘police force.’ American psyche can be easily manipulated when they hear that there are ‘mistakes’ done and now we are ‘fixing it.’ It’s worth mentioning also what is happening now in Wall Street and the way the demonstrations are been suppressed by policemen, police dogs and beatings” Leaked email from Sheherazad Jaafari

Poor password choice has been blamed for the attack, with some accounts using “12345″ as the sole security. A list of passwords released by Anonymous suggests a huge proportion resorted to a simple string of numbers, while others included “iloveyou” and “GODisgreatand1″.

No official statement has been made by the Syrian Ministry, though it’s likely the accounts have been locked down since the documents were leaked.

[via Ars Technica]

Thampi caught Path’s upload behavior when tinkering with the company’s APIs. “Upon inspecting closer, I noticed that my entire address book (including full names, emails and phone numbers) was being sent as a plist to Path” he writes, “I created a completely new “Path” and repeated the experiment and I got the same result – my address book was in Path’s hand.”

Path CEO Dave Morin weighed in in the comments, describing the data handling as “an important conversation” and arguing that the uploads were useful because they helped notify users when their contacts joined the service:

“Arun, thanks for pointing this out. We actually think this is an important conversation and take this very seriously. We upload the address book to our servers in order to help the user find and connect to their friends and family on Path quickly and effeciently as well as to notify them when friends and family join Path. Nothing more.

We believe that this type of friend finding & matching is important to the industry and that it is important that users clearly understand it, so we proactively rolled out an opt-in for this on our Android client a few weeks ago and are rolling out the opt-in for this in 2.0.6 of our iOS Client, pending App Store approval” Dave Morin, CEO, Path

He later went on to highlight that Apple lacks strict policies about specifically warning iOS users over apps that access address book data, unlike, say, location information. “The App Store guidelines do not specifically discuss contact information” Morin argues, though says that if users would like their information deleted from the server now they should email service@path.com with a request.

Unfortunately for the social network company, while an apology and PR offensive might be enough to salve North American wounds, the same may not be true in Europe. Forbes highlights the UK’s Data Protection Act, which insists that users must be made aware of what is being done with their data. “Fairness generally requires you to be transparent,” the Act says, “clear and open with individuals about how their information will be used.”

Companies found to have contravened the Data Protection Act can face penalties of up to £500,000 ($795k) as well as prison sentences, if investigated. There’s no word on whether Path is likely to face increased attention for its glitch.

Of course it’s absurd to expect any such complete forfeiture of a set of stolen codes which could so very easily be copied out and duplicated, so who do we look to questioning the logic behind a cash sum trade to hackers such as this? According to LoD, it was Symantec spokesperson Chris Paden, not the FBI or a federal commission of any kind as many news sources are reporting today. Though Paden is on record saying the following:

“The communications with the person(s) attempting to extort the payment from Symantec were part of the law enforcement investigation.” – Paden

A series of emails were sent back and forth between YamaTough and a person claiming to be working with Symantec but whom Symantec has since said was working with a law enforcement group they’d been working with specifically for this job. In the email conversation between the two, pasted in PasteBin for your full reading if you wish, the first mention of a cash transaction is made by DoM in their suggestion of a sale of the codes to the highest bidder. It’s the negotiator, on the other hand, that suggests Symantec purchase it first. In the middle of this negotiation is an interesting moment in which YamaTough is asked to provide a set of guarantees to Symantec for the deal:

“What are the guarantees that we wont come back for more? – NONE ofcourse, you have to trust us on this one, if we were really bad guys we would have already released or sold your code at the time of exchanging emails with you which is almost a month – AND WE KEPT SILENT all that time and stuck to our word given to you.” – YamaTough

At this point the negotiator, whose name is unimportant by the way since it’s almost certainly a placeholder “Sam Thomas”, suggests that $1,000 be sent to YamaTough via PayPal so they can continue negotiations. YamaTough disagrees and says they do not work with PayPal – they’ve been speaking about Liberty Reserve (an offshore group for no questions asked transactions) and Sam returns with an offer of the following:

“We are still looking into Liberty Reserve but we have to figure out how to get our money safely into our Liberty Reserve account through an exchanger.

We will pay you $50,000.00 USD total.

However, we need assurances that you are not going to release the code after payment. We will pay you $2,500 a month for the first three months. Payments start next week. After the first three months you have to convince us you have destroyed the code before we pay the balance. We are trusting you to keep your end of the bargain.” – Sam Thomas

At this point YamaTough sends the following message:

“Say hi to FBI agents,
It’s funny you do not use your corp account anymore =)
We wonder why is that be that way? =)” – YamaTough

And the stories begin to fly on the web that DoM has discovered an FBI link to the Symantec investigation on the situation. While this is happening, Sam notes that “We are not in contact with the FBI. We are using this email account to protect our network from you.” and appears to send no following messages after another offer of $50,000 total. This brings us up to now.

What’s happening now is DoM is releasing the code bit by bit (and perhaps all at once at some point down the line here) and is suggesting the following:

“The real sting sends money and bust the crooks at the cash pickup =) it wasn’t feds – it was slimey Paden UNEMPLOYED =)” – @YamaTough

And thus is the truth of the matter, in this part of the situation anyway: it would have made one whole heck of a lot more sense for the FBI to have set up a real-world drop of cash for code as they would have had the upper hand without a doubt. Instead the situation appears to be that the negotiators that were actually involved took no such precaution for exchange of cash online and are not falling victim to circumstance and hackers with a taste for trade.

For those of you out there using Symantec software: you likely have nothing to worry about. The codes that DoM are releasing are of pcAnywhere and blueprints for old software that has been long-since outdated. Or so Symantec says. The important part of this equation for Symantec is bad PR as well as a possibility that the codes, once analyzed, may prove to be helpful to competing companies as well as hacker groups hoping to gain some insight into their code-building process.

“Like China, we too can block such websites” Kait told lawyers from Facebook and Google, going on to refer to laws passed in India last year that mandates a 36-hour take-down from the point of complaint. Both Google and Facebook have already complied with such requests, the two companies confirmed.

Now, the high court has demanded the two firms – along with 19 others – present their plans for a blocking system that will prevent “objectionable material” from being accessed by users in India. A fifteen day deadline has been imposed, though Facebook, Yahoo! and Microsoft have all protested that they are yet to be targeted with specific complaints.

The argument that users are responsible for their own uploads and shared content, however, and that Facebook, Google and others have a non-interference policy, did not go down well with the Indian judge. The sites face criticisms from the Indian government that standards deemed suitable for the US market are insufficient for India’s 100m internet users.

According to the Article 29 group, the French National Commission for Computing and Liberties (CNIL) has been drafted in to look at whether the privacy policy represents a threat to the personal data of those users in Europe.

Google’s changes have been the cause of much controversy and confusion over the past week. The search giant billed the amended privacy policy as a boon to users, condensing more than sixty separate documents for different Google products into one single document.

However, privacy advocates took issue with some of the data sharing provisions in the policy, though Google says the vast majority were already permitted under older versions. These allow Google to share information about an individual user account across the various services that account is registered to use, so that – for instance – calendar entries can be synchronized with current location and local traffic data filtered in as well.

Lawmakers in the US are now demanding a single opt-out page, where privacy-concerned users can deactivate any tracking. Google believes it already offers this with its existing Dashboard.

The search company has no plans to delay any of its privacy policy changes, spokesperson Anthony House says, based on there being no “substantial concerns” raised when European privacy regulators were initially informed of the changes.

“Given the wide range of services you offer, and popularity of these services, changes in your privacy policy may affect many citizens in most or all of the EU member states.

We wish to check the possible consequences for the protection of the personal data of these citizens in a coordinated procedure. We have therefore asked the French data protection authority, the CNIL, to take the lead. The CNIL has kindly accepted this task and will be your point of contact for the data protection authorities in the EU.

In light of the above, we call for a pause in the interests of ensuring that there can be no misunderstanding about Google’s commitments to information rights of their users and EU citizens, until we have completed our analysis.” Article 29 Working Party

[via Bloomberg]

In fact, that demo only convinced Mack that Google’s system had become more of a potential threat to privacy. “By being more simple, [the privacy policy] is actually more complicated” she claims. Google had been asked to meet with the subcommittee this week to answer questions on how its streamlined privacy policy would work, sending director of public policy Pablo Chavez and senior counsel Michael Yang to field Congress’ concerns.

Fellow subcommittee member G.K. Butterfield wants Google to offer a “one-stop” site where opt-outs can be managed, something the company has at least partially offered with its Dashboard. That, and other tools, was highlighted earlier this week when Google slapped down Microsoft’s allegations that the new privacy policy was not in the public interest.

Google privacy policy changes:

“The concern of Congress is how much active participation does a user have to do to protect their own privacy” Mack concluded. Google has insisted that the new policy has no significant impact on users’ privacy across its services, pointing out that several – including search and YouTube – demand no login information before they can be accessed. The search company argues that the harmonized policy merely collates all-but identical conditions previously spread across more than 60 separate documents, rather than introducing new terms.

Microsoft’s video – which was seen last year, though not hosted on the company’s own YouTube account - suggests Google is in effect reading your email and using that information for promotions. On the contrary, “no one reads your email but you” Google insists.”Like most major email providers,” the company says “our computers scan messages to get rid of spam and malware, as well as show ads that are relevant to you.”

As for suggestions Google’s changes are impacting their government users, the company says that’s also false. “Our new Privacy Policy does not change our contractual agreements,” it explains, “which have always superseded Google’s Privacy Policy for enterprise customers.”

“We don’t make judgments about other people’s policies or controls. But our industry-leading Privacy Dashboard, Ads Preferences Manager and data liberation efforts enable you to understand and control the information we collect and how we use it—and we’ve simplified our privacy policy to make it easier to understand. Microsoft has no data liberation effort or Dashboard-like hub for users. Their privacy policy states that “information collected through one Microsoft service may be combined with information obtained through other Microsoft services” Betsy Masiello, Policy Manager, Google

Google deputy general counsel Mike Yang and public policy director Pablo Chavez will appear in a private meeting with the House Subcommittee on Commerce, Manufacturing and Trade this week, USA Today reports. The pair will be expected to comment on one of the key concerns the Subcommittee has, that “Google will not permit users to opt out of this information collection and sharing across platforms and devices.”

Google has insisted that the change to its privacy policy does not collect any more information from users, but simply streamlines the privacy policy across its multiple services into one single document. The online ads it has purchased display a simple message saying, “We’re changing our Privacy Policy. Not your privacy controls.”

Privacy advocates reacted strongly when Google first announced the change, fearing that it would make it harder for people to control their own information. The US Congress also got involved, shooting a long list of questions to Google, which it must respond to later this month.

[via PaidContent]

“Every data point Google collects and connects to you increases how valuable you are to an advertiser” Microsoft argues. “To be clear, there’s nothing inherently wrong with wanting to improve the quality of an advertising product. But, that effort needs to be balanced with continuing to meet the needs and interests of users.”

Microsoft isn’t the first to take issue with Google’s changes. Privacy advocates reacted strongly to the streamlined privacy policy, which combined the majority of the company’s product policies into a single document, and members of the US Congress followed up with questions of their own.

“The changes Google announced make it harder, not easier, for people to stay in control of their own information. We take a different approach – we work to keep you safe and secure online, to give you control over your data, and to offer you the choice of saving your information on your hard drive, in the cloud, or on both” Microsoft

That’s something Google denies vehemently, claiming that despite the tweaks its “approach to privacy has not changed.” We’re expecting to see a response to Microsoft’s promotion from Google soon.

“The main change in the updated privacy policy is for users signed into Google Accounts” Google writes in its letter. “Individuals don’t need to sign in to use many of our services including Search, Maps, and YouTube.” Meanwhile, “users can use as much or as little of Google as they want” and “continue to have the ability to take their information elsewhere quickly and simply.”

The lawmakers had issued Google with a long list of questions they wanted answers to, and given the search company until mid-February to reply. Google’s response – the bulk of the 13-page document – comes early, then; among the more interesting elements is that the increased interaction between Google services – one of the things that the company said was a key benefit to users – was actually possible already, based on the existing privacy policies. In fact, only integrating YouTube history and search history with other Google offerings was not permitted.

“So if a user who likes to cook searches for recipes on Google,” the company says of the existing policy, “we are not able to recommend cooking videos when that user visits YouTube, even though he is signed in to the same Google Account when using both.” That will change when the new terms come into effect on March 1.

As for deleting data should a user want to clear their footprint on Google services, the search company says that’s somewhat tricky: everything it does is set up to prevent data loss, not purposefully get rid of it. “Immediate deletion is not always practicable due to the way the archiving system operates” the company says, though requests for full deletion will eventually be carried out “within a reasonable period of time” bar anything retained for “legal compliance.”

The Mobile Device Privacy Act proposed by Markey would require companies to obtain customer consent in order to install monitoring software. Companies must also disclose if a device has the software installed, what information it collects and transmits, to whom it’s being transmitted, and how the data is used.

However, the legislation is still in draft and not yet a formal bill. But should it make it into federal law, the FTC will have one year before requiring the disclosure from carriers and phone manufacturers, many of which have already dropped Carrier IQ amid the controversy.

[via Bloomberg]

Sophos surveyed around 4,110 Facebook users, and discovered less than 8-percent actually like the new Timeline layout. Just over 8-percent said they thought they would get used to it, while a third said “I don’t know why I’m still on Facebook.”

In SlashGear’s own survey, just 3-percent of over 5,800 respondents said they were keen to take advantage of the new Timeline Apps. 5-percent said they intended to “try a couple of Facebook apps” but over a fifth of respondents said they were yet to be convinced.

Neither poll is scientific in its methodology, though both suggest that Facebook Timeline and the Open Graph Apps – which allow users to pull in more personal data culled from third-party services, such as when they eat at restaurants, travel or exercise – are still viewed with suspicion. Facebook made the new Timeline profile layout mandatory and will be forcing users to upgrade over the next few weeks, though early-adopters of the beta have been using it since mid-December and soon discovered that there was no way of turning it off.

Facebook maintains that Timeline shares no more information than the previous profile system, and that the Apps are accessible on a voluntary basis.

“While Google suggests that the purpose of this shift in policy is to make the consumer experience simpler, we want to make sure it does not make protecting consumer privacy more completed” eight members of Congress have said in a letter to Google this week. The lawmakers, including representatives from subcommittees on Commerce, Manufacturing & Trade, and Overside & Investigations, are apparently concerned that Google’s heft online means the changes “potentially touches billions of people worldwide.”

As such, there are some big questions to keep Google’s policy department busy, though the answers to many are likely to be confirmed already in the new privacy site. Google is asked to detail all the information it currently collects, how it encrypts or otherwise protects that data, how data-sharing across services will change with the new policies, and how opt-out provisions will work. There are also questions around whether users can permanently delete their personal information, including how long Google might take to enact this and what archives might be retained.

Android – which prompts for a new or existing Google account when phones are first activated – also comes in for some questions. “Is there any ability for users to opt-out, other than not purchasing and using an Android phone?” the letter asks. “How will Google’s new policy affect users who do not use an Android phone but automatically stay logged in to their Gmail accounts on their phones?”

Google has been given until February 16 2012 to respond to the letter, and Masiello says she and her team”look forward to answering those questions, and clearing up some of the misconceptions about our privacy policies.” Instant solutions she gives to user concerns include using different accounts for Google services you’d prefer not to share information, such as Google+ and YouTube, as well as making copious use of the Privacy Dashboard to control per-service settings.

It’s Bradley Horowitz, VP of Product for Google+ who updates us all today on how Google+ is now officially open to much younger citizens of earth (13+ in most cases) and what some new safety features are for them as they enter into this strange new world. It all begins with Circles, of course, the gatherings of acquaintances each of us has on Google+ and the tool with which we are able to limit who we share with.

Sharing content with “public” will now have a warning label which shows how “when you share publicly, people you haven’t added to your circles will be able to view your post and may be able to comment.” Next in regards to notifications, anyone inside circles are the only ones who can say hello (by default) and blocking anyone is “just a click or two away.” In Hangouts there’s a new feature for teens exclusively wherein each time a stranger outside a teen’s circles joins a hangout, the teen is temporarily removed with a chance to rejoin.

There’s now also a whole Google+ Safety Center where parents (or teens) can read up on how these changes will affect them, accessible at google.com/+/safety/. And, as Horowitz says, “we do have at least one thing in common with our newest users: we’re both busy growing up.” That’s so cute!

[via Google+]

However, over the past few hours, evidence of the header gaffe has disappeared, suggesting someone at O2 has flicked the right switch to deactivate the inadvertent privacy breach. The relatively swift action may not be sufficient to save the carrier from censure, though.

The UK Information Commissioners Office (ICO) told paidContent that, while revealing a number in itself does not officially count as a data breach, revealing that plus other personally-identifiable information would do. The government organization said it would be discussing the matter with O2:

“Keeping people’s personal information secure is a fundamental principle that sits at the heart of the Data Protection Act and the Privacy and Electronic Communications Regulations. When people visit a website via their mobile phone they would not expect their number to be made available to that website. We will now speak to O2 to remind them of their data breach notification obligations, and to better understand what has happened, before we decide how to proceed” ICO

There are indications, however, that O2 has been using mobile numbers to help sites identify users surfing on their handset. Last night, the company tweeted whistleblower Lewis Peckover with the explanation that “the mobile number in the HTML is linked to how the site determines that your browsing from a mobile device.”

Update: O2 has responded to the issue with an apology and the following Q&A. The carrier blames “technical changes” made as part of “routine maintenance” that accidentally shared users’ phone numbers with not only “trusted partners who work with us on age verification, premium content billing, such as for downloads, and O2′s own services” but all sites.

Q: What’s happened with O2 mobile numbers when I browse the internet on my mobile?

A: Every time you browse a website (via mobile or desktop), certain technical information about the machine you are using, is passed to website owners. This happens across the internet, and enables website owners to optimise the site you see. When you browse from an O2 mobile, we add the user’s mobile number to this technical information, but only with certain trusted partners. This is standard industry practice. We share mobile numbers with selected trusted partners for 3 reasons: 1) to manage age verification, which manages access to adult content, 2) to enable third party content partners to bill for premium content such as downloads or ring tones that the customer has purchased 3) to identify customers using O2 services, such as My O2 and Priority Moments. This only happens over 3G and WAP data services, not WiFi.

Q: How long has this been happening?

A: In between the 10th of January and 1400 Wednesday 25th of January, in addition to the usual trusted partners, there has been the potential for disclosure of customers’ mobile phone numbers to further website owners.

Q: Has it been fixed?

A: Yes. It was fixed as of 1400 on Wednesday 25th January 2012.

Q: Which of my information can website owners access?

A: The only information websites had access to is your mobile number, which could not have been linked to any other identifying information we have about customers.

Q: Why did this happen?

A: Technical changes we implemented as part of routine maintenance had the unintended effect of making it possible in certain circumstances for website owners to see the mobile numbers of those browsing their site.

Q: Which customers were affected?

A: It affected customers accessing the internet via their mobile phone on 3G or WAP services, but not WIFI, between 10th of January and 1400 on Wednesday the 25th of January.

Q: Which websites do you normally share my mobile number with?

A: Only where absolutely required by trusted partners who work with us on age verification, premium content billing, such as for downloads, and O2′s own services, have access to these mobile numbers.

Q: The Information Commissioner said he is investigating – what are you doing as part of this?

A: We are in contact with the Information Commissioner’s office, and we will be co-operating fully. We have also contacted OFCOM.

Google says it will use the harmonized data to improve its services. Spelling corrections will get better, auto-suggestions will become more accurate – and potentially confused topics, like Jaguar cars or jaguar cats, will be less likely to frustrate – and altogether more intelligent mash-ups of data will be enabled, such as using your location, calendar and traffic data to warn you if you’re likely to be late to an appointment.

However, privacy advocates have long been complaining about the extent of the data Google currently holds on each of its users, and this shift to collate that information has done nothing to assuage their concerns.

“Regulators globally have been calling for shorter, simpler privacy policies” Google points out, “and having one policy covering many different products is now fairly standard across the web.” The search company has also streamlined its language, in the hope that anyone who actually does read the new document – condensed down from around sixty policies to one – will stand a better chance of actually understanding it.

We visited the site on a Galaxy Nexus using an O2 SIM and the carrier’s 3G network, and saw no evidence of the number registered to the account. The screenshot above shows exactly what data is being received by Peckover’s site.

Where his testing identified a line in the headers called “x-up-calling-line-id:” with the mobile number in international format, though, ours did not. A quick check of Twitter indicates we’re not the only one to see it too. O2 says, via Twitter, that “we’re checking this out with our internal teams as we speak. Once we’ve got an update, we’ll let everyone know.”

Some giffgaff subscribers – an MVNO using O2′s network – also report seeing their own number show up in the headers. Even inconsistent across users, though, the issue could be potentially very damaging to O2′s reputation; we’ll update when we know more.

Update: TNW is reporting that its own testing – using an iPhone on O2 – showed the account’s phone number in the header data.

Update 2: Pocket-lint has suggested a temporary workaround, which involves using an alternative APN for O2. Changing to the following settings seemingly prevents your number from being shared:

APN: mobile.o2.co.uk

Username: bypass

Password: password

[via Matt Parker]

The news will come as a disappointment to those who have resisted Timeline since Facebook offered it as an optional upgrade last year. Announced at f8 2011, the system has been criticized for making a significantly larger amount of personal information publicly accessible than before.

Unfortunately, Facebook made clear that Timeline would be a mandatory upgrade for all users, despite calls for it to be made optional instead. With Open Graph, Facebook now integrates more closely with third-party services, such as flagging up your recent travel, food or entertainment exploits to your friends.

What this ruling does is take GPS devices and place them in the same category as a Police officer demanding that a person empty their pockets if they’ve got no real reason to do so. The word “search” is what’s important here, and the Supreme Court has found it unreasonable to search a person, or track a person, as it were, without justifiable intent. Have a peek at some important bits from the ruling here:

The Government’s attachment of the GPS device to the vehicle,
and its use of that device to monitor the vehicle’s movements, constitutes a search under the Fourth Amendment.

(a) The Fourth Amendment protects the “right of the people to be
secure in their persons, houses, papers, and effects, against unreasonable searches and seizures.” Here, the Government’s physical intrusion on an “effect” for the purpose of obtaining information constitutes a “search.” This type of encroachment on an area enumerated in the Amendment would have been considered a search within the meaning of the Amendment at the time it was adopted.

You can check out the entire ruling in PDF form if you wish, noting especially how the addition of a whole new category of search is important to us all when speaking about privacy in our country. The image you see above comes from Jon Snyder and Wired, Snyder being the fellow on trial here as his movements were tracked by the government for 32 days without his consent via his car and a couple of GPS devices, one of them being the one you see in the image above.

[via Wired]

What it does is to amend several rules that have to do with Child Pornography and preventing it, the bill itself called the “Protecting Children From Internet Pornographers Act of 2011.” What it also does is to change the U.S. code Chapter 18 section 2703 Required Disclosure of Customer Communications or Records to include a requirement that your internet service provider do the following:

A commercial provider of an electronic communication service shall retain for a period of at least one year a log of the temporarily assigned network addresses the provider assigns to a subscriber to or customer of such service that enables the identification of the corresponding customer or subscriber information under subsection (c)(2) of this section.

While it was legal for the government to issue a subpoena for the viewing of the information they speak about here before, it was not part of the law that internet service providers capture or retain that information at any point. In effect, while before the authorities would need to first find a reason for you to need to be watched to get the ISP to start collecting information from you, that information will already exist on file, effectively meaning you’re being watched and recorded even if you’ve done nothing wrong.

Don’t worry though, there’s an additional set of lines that should placate you because it’s so very kind of them to think of:

(1) to encourage electronic communication service providers to give prompt notice to their customers in the event of a breach of the data retained pursuant to section 2703(h) of title 18 of the United States Code, in order that those effected can take the necessary steps to protect themselves from potential misuse of private information; and

(2) that records retained pursuant to section 2703(h) of title 18, United States Code, should be stored securely to protect customer privacy and prevent against breaches of the records.

So don’t worry, your information will be “stored securely” so noone else can access it! But if they do access it, your ISP will give you “prompt notice” so you can change all your credit card numbers, hide your kids, hide your wife, and hide your husband. This bill has currently cleared its committee, this meaning that the next step is a full vote. This bill needs to be stopped, and if I might go one better, Lamar Smith needs to be stopped, for the good of the internet and YOUR privacy.

[via GCN]

Content theft is not something we advocate at SlashGear. Like many news sites online, there are numerous “scraper sites” grabbing the content we produce and republishing it without permission; we understand how frustrating that can be. Yet, there are already tools to tackle content theft – like the Digital Millennium Copyright Act (DMCA) – and which do so with the same mindfulness of due process that other laws in the US and abroad have been built upon.

Perhaps most frustrating is that neither the Stop Online Piracy Act nor the Protect IP Act would actually effectively address piracy in any way more effective than current tools. As Google and others have pointed out, those sharing or searching for illegal content could easily circumnavigate the limitations SOPA and PIPA would allow. Everybody else would be left to face the unnecessarily strict threat of censorship, with companies forced into monitoring users to ensure they didn’t upload anything remotely controversial.

Today’s tools may not be perfect, but blanket laws that threaten the free speech currently permitted on the internet are even more dangerous. The powers SOPA and PIPA would grant would not only mean sources of pirated content could be taken down without due process, but that any site daring to voice opinions not shared by big content companies, ISPs or the US government could also find itself taken offline before it had even had a chance to argue its case.

You can find out more about SOPA/PIPA in our plain English guide to the proposed acts, and details on how to contact your US Representative – or, if you are outside the US, how to make your voice heard too – at sopastrike.com/strike. There’s also more information at the Electronic Frontier Foundation.

“HTC can confirm that we’re working with Sprint to provide maintenance releases that will remove Carrier IQ and provide security enhancements and bug fixes beginning in January” the company said in a statement to The Verge today. No specific devices were cited, but the EVO 3D is believed to be one of the handsets affected by Carrier IQ tech.

Although initial outrage centered on the idea that Carrier IQ was sending private message details and other personally-identifiable information back to network operators, it eventually became clear that the truth was somewhat more complicated. Carrier IQ actually offers various tiers of monitoring, tracking not user-activity but how the handset works with the network.

Unfortunately by that point the system had been highlighted by at least one angry US senator, and a class-action lawsuit put together targeting Apple, Samsung and HTC.

“As for me, what I am hoping is that people outside the US who have friends or family who are voters in the US, will ask them to make a call to their senator or representative,” Wales explained, “and I hope we send a broad global message that the internet as a whole will not tolerate censorship in response to mere allegations of copyright infringement.”

The alternative, the Wikipedia founder says, was the possibility of only taking down the site for US visitors. That resulted in a close vote on how broad the protest should be: in the end, 591 of the Wikipedia community polled said they were in favor of the global blackout, against 479 calling for it to be US-only. “While there was a solid majority, it wasn’t the overwhelming majority that we had for the whole concept” Wales admits. “It seems to have been somewhat of a tough choice for many people.”

SOPA has, most recently, been apparently shelved after the Obama Administration voiced concerns that the proposed act might be too dangerous in terms of challenging the underlying openness of the internet. It’s a stance that earned the US President a tongue-lashing from News Corp.’s Rupert Murdoch, who described Obama as having “thrown in his lot with Silicon Valley paymasters” while Google is apparently the “piracy leader.”

If you’re panic-stricken at the thought of being without Wikipedia for 24hrs, there’s still hope. You can download an offline version of the database from here, assuming you have sufficient drive space and bandwidth.

M1 subsequently said that the link “has been removed as we are making some adjustments to this service” and declined to comment further on the changes it was implementing. Fellow Singaporean carriers StarHub and SingTel both confirmed they were in negotiations with the country’s Defense Ministry regarding non-camera models, but would not say if the iPhone was on the list of potential devices.

As is the case with many secure workplace environments, such as R&D labs, Singapore’s military bases refuse to allow photographic-capable devices on-site. The Defense Ministry is believed to require a certificate proving any cellphone has no camera functionality, issued by the carrier, before it will be permitted. Camera-free smartphones have become a niche segment within the industry, with BlackBerry perhaps the best-known option.

Since Apple itself has not stepped into the fray with a non-camera iPhone, Singapore carriers have apparently taken matters into their own hands. It’s unclear whether the modification process is reversible or if the two CMOS sensors in the iPhone 4S – front-facing and rear – are permanently removed.

[via GottaBeMobile]

“”Any effort to combat online piracy must guard against the risk of online censorship of lawful activity and must not inhibit innovation by our dynamic businesses large and small” Victoria Espinel, Intellectual Property Enforcement Coordinator at Office of Management and Budget, Aneesh Chopra, U.S. Chief Technology Officer, and Howard Schmidt, Special Assistant to the President and Cybersecurity Coordinator for National Security Staff wrote in a statement. ”We must avoid creating new cybersecurity risks or disrupting the underlying architecture of the Internet”"

The response has been tentatively welcomed by privacy advocates, though it’s clear that this isn’t the outright dismissal of either SOPA or PIPA that many have hoped for.

“We appreciate the Administration’s recognition that our ability to innovate, invest, and grow the economy is dependent upon keeping the Internet open and free. We are also pleased that Majority Leader Cantor has assured House Oversight and Government Reform Chairman Darrell Issa that the Stop Online Piracy Act (SOPA) will not go to the House floor without consensus, which is clearly not the case at this time” Markham Erickson, Executive Director, NetCoalition

High-profile sites have already begun to take advocacy against the acts-in-progress into their own hands. Crowd-sourced site reddit has announced that it will hold an anti-SOPA blackout on January 18, taking the site offline for twelve hours and directing visitors to contact their local US Representatives in order to voice their concerns about the acts. Meanwhile, Wikipedia is apparently considering a similar blackout, and hack-collective Anonymous has said it too will be going dark on January 18 in combined protest. CES-organizers CEA and NVIDIA have also recently thrown their support behind SOPA/PIPA.

The Obama Administration has said it will contact the organizer of a high-profile anti-SOPA petition, along with a random sample of those who signed it, to a conference call to discuss the issue further. Beyond that, it promises to ”host an online event to get more input and answer your questions.”

At the same time, the authors of the SOPA and PIPA acts have each said they will remove sections of the proposed acts that would force ISPs to block foreign sites offering content suspected of infringing US copyright. Both Representative Lamar Smith, a Texas Republican, and Senator Patrick Leahy, a Vermont Democrat, have said they will strip the ISP section in SOPA and PIPA respectively, MacWorld reports, though the potential for a DOJ court order to force search engines, advertisers and online payment companies to strip links for foreign sites and stop doing business with them remains.

Called “Search plus Your World“, the new system uses the Google+ social network to act as a filter for search results. For instance, if users have expressed interest in maritime history, a search for “navy” might pull up sea-bound warfare rather than results related to the color. Meanwhile other Google+ user suggestions are included in the autocomplete and flagged up as part of results.

Nonetheless, the news was met with anger by other online services and privacy campaigners. Twitter led the charge, furious that tweets from its own users might receive less priority than status messages left in Google+, while the Electronic Privacy Information Center, a watchdog organization, wrote a public letter to the FTC demanding it investigate Google’s actions.

Google, for its part, remains defiant. “We believe that our improvements to search will benefit consumers” spokesperson Adam Kovacevich said of the recent updates to the company’s filtering technologies, arguing that artificially limiting Google as the dominant player in search would be a business decision rather than one intended to actually help individuals making searches. “The laws are designed to help consumers benefit from innovation,” he argued, “not to help competitors.”

Kovacevich declined to comment on the potential inclusion of Google+ into an FTC investigation. Its practices in search, along with how it has handled Android as a potential hammer against competition in the mobile space are already under the microscope.

“We believe this is something that the FTC needs to look at” EPIC executive director Marc Rotenberg told the LA Times about the watchdog’s interest in the search tweaks. He frames the changes as an attempt by Google to use its privileged position in the search market to bolster its relatively fledgeling social network, with Facebook an obvious rival.

“Google is an entrenched player trying to fight off its challenger Facebook by using its market dominance in a separate sector … I think that should trouble people” Marc Rotenberg, EPIC

Shortly after Google announced the modifications, Twitter expressed its own concerns that the filtering would mean content shared in tweets would prove more difficult to find. Google responded, ironically, on Google+ this morning, saying that the company was “a bit surprised by Twitter’s comments about Search plus Your World, because they chose not to renew their agreement with us last summer and since then we have observed their rel=nofollow instructions.” The agreement cited was around the integration of live tweets in relevant Google search results, which ended in mid-2011.

Google is already facing the possibility of an FTC investigation over concerns that it is using its position in search to promote its other services rather than those of other companies.

Originally, threats against the PSN were made by Anonymous members as part of #OpSony, with the warning that Sony’s “support of the act is a signed death warrant” and that “yet again, we have decided to destroy your network.” That was later amended to single out Sony executives, PlayStationLifestyle reports, rather than the PSN itself, with Anonymous declaring open season on the credit card details and other personal information.

Sony is yet to comment on the Anonymous issue, but it’s worth noting that, while SCE has withdrawn its SOPA support, Sony/ATV Music Publishing, Sony Music Entertainment and Sony Music Nashville are all still listed as in favor of the act. Meanwhile both SCE and Nintendo are members of the Entertainment Software Association, which also remains a supporter.

Earlier this week, it was revealed that Google, eBay, PayPal and others were considering an attention-grabbing blackout of their respective sites in the hope of prompting a mass uprising of public complaint about SOPA. The move would follow a similar “call to arms” by microblogging platform Tumblr, which motivated almost 90,000 users to contact their Representatives to discuss the act.

Original Anonymous #OpSony Threat Video:

[via CVG]

The upfront explanation is likely a response to continued attention from regulators and privacy advocates over what information Facebook holds and shares about users. Yesterday the Irish privacy commissioner called on the social network to add better privacy controls, the recommendation coming shortly after Facebook confirmed it would be slotting adverts into the main news feed from January.

It’s not the only controversy as Facebook looks to make money off of its vast user-base. Facebook’s new Timeline profile style can’t be turned off and will eventually be pushed out to all users whether they want it or not, and last month the company agreed to FTC privacy probes every two years for the next two decades. Even so, privacy groups were unimpressed, describing the concession as the first step rather than the solution.

Some of Facebook’s advertising FAQs make for interesting reading. For instance, if you’ve ever wondered what happens after you click “Like” on a Facebook ad:

“[The] connection will be displayed on your profile (timeline) and your friends may receive a News Feed story about the connection. You may be displayed on the Page you connected to and in advertisements about that Page. The Page will also be able to post content into your News Feed and send you messages. You may also share this connection with apps on the Facebook Platform” Facebook

Nonetheless, Facebook points out, “you can unlike most content immediately, manage your connections on your profile, and restrict who you share your connections with in your privacy settings.”

Hawkes’ concerns mostly center around a lack of transparency between Facebook and the web apps that run on the platform. He wants Facebook to inform users on exactly how their data is used by apps, who has access to it, and then give them the power to remove personal information from multiple databases. The request extends to Facebook developers and advertisers – ideally, users would be able to press a button and remove, say, their work history from Facebook, all Facebook apps and all its adverting partners.

For its part, the Irish division of Facebook seemed to take the review in stride. “This was a challenging engagement both for my office and for Facebook Ireland. The audit has found a positive approach and commitment on the part of [Facebook Ireland] to respecting the privacy rights of its users,” replied the company in a prepared statement. The Dublin office a large part of its parent company, handling all data on the service that doesn’t originate from the United States or Canada. This arrangement means that Facebook is governed under EU data protection laws. Facebook is no stranger to security and privacy concerns, the latest coming over its new Timeline profile feature.

Commissioner Hawkes has given Facebook Ireland six months to implement his suggested changes, with an additional review to be conducted in July.

RIM will have several mobile operators to share the stage with at the summit, as Ofcom attempts to find a workable solution to the sexy oversight. The company is said to have already fashioned a system of its own, which was offered to UK networks, though only one – T-Mobile UK – apparently adopted it. On non-BlackBerry devices, content considered only suitable for adults – including not only pornography but mobile gambling and more – is blocked, usually requiring either a credit card be used to prove the user is over 18, or demanding that they contact their carrier’s customer services to have it revoked.

“We are very concerned and want to get this resolved as quickly as possible” Ofcom has said, though the issue has already caught the attention of at least one UK politician who intends to take it further with the government. BlackBerry handsets have seen a significant rise in demand among younger UK mobile users, tempted by the relative low cost of phones and service charges, the bundled BBM IM system, and the secure nature of communications between them.

That encryption led to BlackBerry phones helping rioters avoid police in widespread violence on UK streets earlier this year, with RIM threatened with hacks and data breaches if it agreed to cooperate with security services. The platform’s privacy has also led to problems in Indonesia where the government demanded a porn ban of its own.

Developers and early adopters who have tried Timeline using the pre-launch test workaround were able to deactivate the page and return to the regular profile layout, but that option has disappeared since the official launch. Those turning on Timeline now have seven days to preview and tweak what details, photos, likes, interests and videos are included on the page, before it automatically goes live.

As for Facebook’s help pages, there’s no reference given to turning off Timeline. In fact, the only conversion reference is if you accidentally switch your Timeline to a business page, something which requires contacting Facebook support to rectify. As the social network points out, only individuals are currently allowed to run Timelines, not brands.

What’s still unclear is whether eventually all Facebook accounts will be forced to change to a Timeline profile, or if hold-outs will be allowed to keep their existing pages. We’ve got a request in with Facebook for clarification and will update when we know more. Meanwhile, Facebook’s announcement post is filling up with comments from people who tried Timeline, weren’t impressed and now want to shut it off.

The new system has already come under fire from EPIC (the Electronic Privacy Information Center), which has blasted Facebook for introducing Timeline just weeks after settling a privacy lawsuit which accused it of “unfair and deceptive” business practices.

Update: Facebook has confirmed to us that there is no way to return to the old-style profile once you have switched to Timeline. Those who choose not to opt-in to Timeline will be automatically updated.

“Facebook’s opt-in period will be available for a few weeks” a Facebook spokesperson told SlashGear. “After that, we will begin moving the people who have not yet opted in over to the new profile.”

The Federal Trace Commission (FTC) is the US organization that protects consumer privacy and enforces privacy-related laws, and would be Carrier IQ’s primary foe if an investigation is undertaken. The company says it is “not aware of an official investigation into Carrier IQ at this time”; however, sources inside the FTC – who spoke anonymously as details have not been publicly announced yet – seemingly confirmed that an inquiry is, indeed, going ahead.

Carrier IQ made headlines in November, when security researchers discovered what appeared to be keypress logging in Android handsets. That logging and data collection was subsequently found across multiple platforms in devices distributed by various carriers, though the extent to which information was stored differed by handset.

The ensuing furore caught the attention of Congressman Edward J. Markey, who demanded an investigation into the software. Carrier IQ came out on the charm defensive, releasing a comprehensive FAQ detailing exactly what – and what not – was supposedly collected by its network monitoring tools. Nonetheless, many carriers themselves have been quick to put distance between them and the analytics firm.

“Carrier IQ has discovered that, due to this bug, in some unique circumstances, such as a when a user receives an SMS during a call, or during a simultaneous data session, SMS messages may have unintentionally been included in the layer 3 signaling traffic that is collected by the IQ Agent. These messages were encoded and embedded in layer 3 signaling traffic and are not human readable” Carrier IQ

Despite the flaw, Carrier IQ insists that the potential for privacy leaks is minimal. ”No multi-media messages (MMS), email, web, applications, photos, voice or video (or any content using the IP protocol) has been captured” the company insists, and the fault itself has been addressed.

The rest of the document details exactly what data Carrier IQ’s software can collect and what it can’t, though the exact extent of the collection is down to the operators themselves. “Carrier IQ has never intentionally captured or transmitted keystrokes and is not aware of any circumstances where this has occurred” the company concludes, reiterating that it “is not a keylogger and no customer has asked Carrier IQ to capture key strokes.”

Nonetheless, Carrier IQ should probably expect even more attention in the coming months, after it was revealed yesterday that the FBI has seemingly used some of the data collected in its investigations. The company is already the subject of a class-action lawsuit, and European regulators are looking into potential breaches of privacy law.

The complaint accused the companies of violating the Federal Wiretap Act, the Stored Electronic Communications Act, and the Federal Computer Fraud and Abuse Act. The filing asserted that the companies committed an “unprecedented breach in the digital privacy rights of 150 million cell phone users” and that the defendants, namely Apple, Samsung, HTC, and Motorola, pre-installed the Carrier IQ software on its cell phones for AT&T, Sprint, and T-Mobile.

The controversy began last week when Trevor Eckhart discovered the Carrier IQ software to be running in the background on his HTC device. He alerted other users and noted that the software appeared to be logging every single user action on the device, including keystrokes and text messages.

Following the revelation, several manufacturers along with network operators have had to issue statements regarding the use of Carrier IQ. Apple, for one, has admitted to using Carrier IQ on its iOS devices, but assured that most of its iOS 5 devices no longer use the software and that future updates would completely remove it.

[via AppleInsider]

This purchase started back a couple months ago when founder Josh Williams and his co-founder partner scott attended Facebook’s developer conference F8 2011. That was the place where Facebook showed off its new timeline features and presented a Facebook that showed off a person’s entire life, all the way back to birth. As much of the technologically socially connected world was, so where these two fellow impressed. A few weeks later, Gowalla was contacted by Facebook and asked to join the team, as it were.

So starting today, Facebook has begun swallowing up Gowalla as its own. Somewhere around the end of January 2012, you’ll be given a tool that will allow you to export your Gowalla Passport data, your Stamp and pin data (along with your legacy Item data) and your photos. Again Facebook will not be acquiring Gowalla’s user data, that remains between you and the Gowalla servers until deletion day. So stay tuned and get ready to download!

[via Gowalla]

Regulators in Europe are looking into the software to ensure that the company isn’t violating the privacy of users. PCWorld reports that the Bavarian State Office for Data Protection has sent a letter to Apple to ask if the company is using the software. The data protection office wants to be sure that the customers and users of smartphones are aware of how their data is collected and used.

Other regulators investigating the use of the Carrier IQ software include the UK Information Commissioner’s Office and the European Consumers Organization. The UK organizations are looking to be sure the private information of UK citizens is being used appropriately.

[via PCWorld]