Domain: fightidentitytheft.com
Stories and comments across the archive that link to fightidentitytheft.com.
Comments · 7
-
Re:Journalist?
If you put your trash out on the curb, and a neighbor helps himself to the iPhone you accidentally dropped inside the bag, you can't later turn-round and sue your neighbor for stolen property in order to get it back. Abandoned property belongs to nobody.
Actually, you can turn-around and sue your neighbor for stolen property to get it back. I don't think you understand the legal system. You can pretty much sue anyone for anything. Whether you win or not is a whole different story.
Bzzt. I'm pretty sure the SCOTUS ruled that your trash was up for grabs years ago. But I'm too lazy to look it up.
No wait, there's this google thing:
-
Re:GPU acceleration and Opera
Super cookies, yes. Maybe you have some? Read:
http://www.imasuper.com/66/technology/flash-cookies-the-silent-privacy-killer/
http://www.fightidentitytheft.com/blog/new-breed-super-cookie-defies-removal-almost
http://lifehacker.com/5245418/betterprivacy-prevents-tracking-by-flash-other-super+cookies
In short, if you don't know any better, Adobe enables web sites to install a cookie that your browser doesn't even know about, let alone manage. And, those cookies persist forever, tracking anything that the website chooses to track.
-
Re:End of Proprietary Formats?
Including the ability to store super cookies on your computer, so that corporate America can watch over your shoulder?
http://www.fightidentitytheft.com/blog/new-breed-super-cookie-defies-removal-almost
(I like the pic on that page - looks like a girl from high school!)
-
Re:GP here, and yes (And I guess they can!)
As a followup it seems you're correct, that Facebook does indeed collect information about you via your friend's profile in an opt-out manner. The Facebook policies are contradictory on this as some sections state they will never do this, but then, well, I'll let this article give the full run down:
http://www.fightidentitytheft.com/blog/facebook-quizzes-sharing-your-private-data
Wikipedia provides a good rundown on some principles of the data protection act in plain English, and seems to confirm my understanding of the DPA also. The relevant points are:
- Data must not be disclosed to other parties without the consent of the individual whom it is about, unless there is legislation or other overriding legitimate reason to share the information (for example, the prevention or detection of crime). It is an offence for Other Parties to obtain this personal data without authorisation.
- Personal information may not be sent outside the European Economic Area unless the individual whom it is about has consented or adequate protection is in place, for example by the use of a prescribed form of contract to govern the transmission of the data.
- Subject to some exceptions for organisations that only do very simple processing, and for domestic use, all entities that process personal information must register with the Information Commissioner's Office.
Clearly Facebook and the 3rd parties collecting data are in breach of the first principle. It is also possible depending on the party that they could be in breach of the second and third principles also. The DPA does not cover anonymised information, but according to the above article, and the Facebook settings themselves, the data is clearly identifiable information.
-
Flash security has always frightened me
I've been worried about Flash security for a long time now. I'd like to point out three features of Flash that bother me.
First, Flash allows a web application to paste data to the clipboard even if the browser itself forbids this. Of the major browsers, only IE allows applications to directly set the clipboard content.
Second, Flash has an XMLHttpRequest equivalent with a lax security policy. Cross-domain retrieval is controlled by an XML control file listing permissible origins.
Finally, Flash has its own cookie system. These Flash cookies are hidden from the user, and require special tools to remove.
These features are secure in themselves, but are enablers: they give attackers the means to exploit other vulnerabilities.
Unfortunately, this cavalier attitude fits Adobe's business model. Lax security is as much a feature of Flash as its vector graphics. Flash allows web developers "get shit done" with no regard for the security of the web ecosystem as a whole. Web developers then come to rely on Flash, which increases the adoption of Flash Player among users, which in turn increases the value of Adobe's authoring tools. Being insecure is lucrative, up to the point that the vulnerabilities become so egregious that users disable Flash.
On the other hand, browser vendors seem to take a mostly-conservative approach to security (don't laugh yet): consider XMLHttpRequest: sure, its same-origin restriction on the target URL is inconvenient, and the restriction might have been loosened while remaining secure. But this same prudent restriction has also prevented many attacks. Browser vendors have the right incentives because users have a realistic choice of browsers. Flash is an all-or-nothing affair.
I wish I had an answer. Hopefully, HTML 5 will become widely supported enough that websites won't feel compelled to use Flash for graphics and storage, and eventually Flash's market penetration will sink below the point that web developers can consider it a viable way to circumvent browser security.
-
i've gotten those scam e-mails before...
http://www.fightidentitytheft.com/paypal_scam.html
mine was similar, only it claimed they were doing a fraud investigation about fraudulent use to my account.
they use the images and everything it looks exactly like a paypal e-mail, only the hyper link when you hover over it says a different website than in the email message. (they're doing a simple html trick, which is always the first thing i look for)
I've seen them do the same thing with say, yahoo mail login sites, etc. one of my less savvy friends got her IM name stolen for use sending IM spam.
safari is bass acwards to not show the real url on a tool bar! i couldn't live a day without that feature. -
Re:Credit Verification system
This is called Fraud Alert and it's a very useful utility and a device to get free copies of all your credit reports.