A report over at ProPublica
breathlessly proclaims this week that there's a new advertising and tracking system that's "virtually impossible to block." The technology, being developed by a company called AddThis
, utilizes something called "canvas fingerprinting." Canvas fingerprinting, first discussed in a 2012 paper by Keaton Mowery and Hovav Shacham
(pdf), uses your computer's unique graphics rendering capabilities (graphics card, browser, driver variant) to track your movements across the Internet --without storing any data locally.
Reliability of canvas fingerprinting has been somewhat iffy; especially on wireless networks (where device hardware and software is far more uniform), and large scale Internet use is far off if it happens at all. Still, the ProPublica report paints canvas fingerprinting as a pretty immediate threat to user privacy, and claims that tools like AdBlock won't work:
Like other tracking tools, canvas fingerprints are used to build profiles of users based on the websites they visit — profiles that shape which ads, news articles, or other types of content are displayed to them. But fingerprints are unusually hard to block: They can’t be prevented by using standard Web browser privacy settings or using anti-tracking tools such as AdBlock Plus.
Not so fast, argues AdBlock's Wladimir Palant in a blog post
. Palant reiterates that canvas fingerprinting isn't really reliable enough to replace cookies, and even if it does see widespread adoption, AdBlock Plus should be able to block it just fine:
...what we have here is a potential (but not too reliable it seems) way to track users who clear cookies or block third-party cookies completely. And what about Adblock Plus? When you add the EasyPrivacy filter list in Adblock Plus this won’t make Adblock Plus block tracking cookies directly. Instead, Adblock Plus will block the script that would try to set these cookies. And guess what: blocking that script doesn’t just prevent cookie-based tracking, it also lets you deal with canvas fingerprinting or evercookie or any other tracking approach. In particular, the rules to prevent AddThis tracking were added to EasyPrivacy almost five years ago.
Even AdThis, the company that is working on the technology, states they may drop the effort because it may not be "uniquely identifying enough." As such, this new "unstoppable" and "impossible to block" ad technology doesn't appear to be much of any immediate threat.
In a blog post
, OpenDNS CEO David Ulevitch notes that the company will no longer be embedding ads in their redirection page (which pops up when you misstype or enter a nonexistent URL). One reason was the ads didn't gel with security (Comcast had to shut down their own redirection ads years ago
because they don't play nice with DNSSEC upgrades).
Add Google, Facebook, Microsoft, Amazon, DropBox, Yahoo and about 145 other companies to the list of voices that aren't particularly impressed with FCC boss Tom Wheeler's half-hearted effort to protect network neutrality. In a letter
(pdf) the companies express concerns that Wheeler's approach effectively signs off on the kinds of gatekeeper, pay-to-play efforts incumbents like AT&T have been dreaming about for years
Those of you who use Google Voice to dodge your cell carrier's voicemail services (like myself) may want to take note: 9 to 5 Google notes
that Google appears to be preparing to "kill" Google Voice and integrate most of that application's functionality into Google Hangouts. If you've watched Google integrate Google+ Messenger, Talk, Messaging and Voice into just Voice and Hangouts, this shouldn't be too much of a surprise. It seems safe to assume that most of your Google Voice settings (including your phone number) would remain intact during any such transition -- which the website suggests is still "months out."
by amungus 12:18PM Thursday Mar 13 2014 story continues..
Since the demise
of the free LogMeIn service, you might have lost access to your home PC. Fortunately, with the right router, and a little bit of time, you can gain free access to your home machines very easily with OpenVPN.
A malicious worm has been detected on roughly 1,000 different Linksys branded routers, according to a statement from SANS ISC
. According to the report, "TheMoon" worm takes advantage of a CGI script within the administration interface of multiple Linksys’ E-Series router models. An exploit writer has published a proof of concept exploit
, also noting that some older Wireless-N access points and routers may also be impacted. "The exploit to bypass the admin authentication used by the worm only works when the Remote Management Access feature is enabled," Linksys says. "Linksys ships these products with the Remote Management Access feature turned off by default."
Google today announced that they're embedding data compression by default in their latest mobile Chrome update. According to a company blog post
, the compression is disabled by default, but when enabled promises bandwidth consumption savings of up to 50%.
We recently noted how the UK's effort to force ISPs to filter porn by default wasn't working very well, with simple chrome proxy extensions
allowing porn hunters to easily bypass the filters. Worse perhaps is the fact that the filters aren't even really working, not only failing to filter a significant number of major porn sites, but accidentally filtering sexual education and rape support websites
Blogger Peter Hansteen has since put the filters through their paces, and found they're filtering a number of technology and civil liberty websites as well
...checking a semi-random collection of mainly fairly mainstream and some rather obscure tech URLs shows that far from focusing on its stated main objective, keeping innocent children away from online porn, the UK Internet filter shuts the UK's children out of a number of valuable IT resources, was well as several important civil liberties resources...if this is the true face of Parental Controls, I for one would take using controls like these as a sufficient indicator that the parents in question are in fact not qualified to do their parenting without proper supervision.
The filtered websites aren't exactly obscure, either, including Slashdot, Ars Technica, and the EFF. The broken filters come at the cost of higher rates for UK broadband users, as ISPs pass on the filter costs to users. The UK government continues to be rather tone deaf to the entire pile of dysfunction, suggesting they'd like to take things further by censoring websites that promote "extremist" views.
dropped a bit of a bombshell on Friday with a report claiming that security firm RSA was paid $10 million by the NSA to incorporate a deliberately flawed encryption algorithm into products, then promote those products knowing they weren't truly secure. RSA, now a subsidiary of computer storage giant EMC Corp, only started warning their customers about the weakened encryption after the Snowden revelations.
"RSA always acts in the best interest of its customers and under no circumstances does RSA design or enable any back doors in our products," the company claimed in a statement. "Decisions about the features and functionality of RSA products are our own."Update
: RSA has posted another non-denial denial of sorts, here
As noted yesterday
, the British government is moving forward with its effort to impose Internet filters, willfully-oblivious to the facts that such filters usually don't work, often filter legit content, are usually easily bypassed by those looking for porn, and lead down a slippery slope toward greater filters. Not too surprisingly then, the BBC reports
that UK ISP filters have been failing to filter many major porn websites, but have been filtering user access to sex ed websites, rape support websites, and porn addiction websites. That doesn't seem much of a concern for British Prime Minister David Cameron, who is also interested in forcing ISPs to filter out government-determined "extremism"-linked websites and content
Broadband Reports readers are already familiar with ICSI Netalyzr
, a free network measurement and diagnostic tool developed at the International Computer Science Institute
at Berkeley. Netalyzr's a "two-mouse click" network tester that runs in your web browser as a Java applet.
by whamel 02:33PM Thursday Sep 26 2013
Broadband delivers everything at the touch of a key or click of a mouse. Broadband delivers healthcare, security, education, entertainment. story continues..
RIAA boss Cary Sherman yesterday spoke before a House Judiciary Subcommittee to push for additional anti-piracy countermeasures, including requiring that Google implement filters into their Chrome browser. Sherman's testimony
(pdf) starts off by praising the new ISP copyright alert system, though noting it's a work in progress with no evidence it's doing much of anything:
The CAS is still in the initial implementation stages and proper metrics are being determined.
If you've got something you'd like to write about or review that is suitable for the home page, please contact us story continues..
When I first heard about Chromecast, I was skeptical on whether I would end up buying one. I have always been annoyed and aggravating by streaming solutions for TVs.
In response to the growing number of countries that have forced ISPs to ban access to The Pirate Bay, the website has launched their own Pirate Browser
, which uses the Tor network to skirt government censorship. "It's a simple one-click browser that circumvents censorship and blockades and makes the site instantly available and accessible," the Pirate Bay explains in a blog post
. "No bundled ad-ware, toolbars or other crap, just a Pre-configured Firefox browser." The browser is currently Windows only, though the folks behind the website say that Mac and Linux versions will be offered soon.
Yesterday secure e-mail operator Lavabit announced they were closing up shop
, strongly hinting they'd been forced via Patriot Act to not only spy on customers, but were gagged from talking about. Instead of offering a compromised service that didn't really provide what it claimed, they chose to shut down.
CNET is the latest out of the gate with tales of government surveillance run amok, Declan McCullagh reporting
that the FBI has developed a custom "port reader" software installed at ISPs that can intercept metadata in real time. The report notes that the FBI has been happily threatening ISPs with legal action if they don't install the new "harvesting program," which they say is their right under the Patriot Act.
A rather amazing story has bubbled up over the last week after half of the onion sites in the TOR
network were compromised, revealing the supposedly anonymous identities of Tor users. Malware popped up last Sunday morning on numerous sites hosted by anonymous hosting operation Freedom Hosting, the code exploiting a critical memory management vulnerability in Firefox (see the Tor security advisory
by JNhome 08:35AM Thursday Jul 25 2013 The following is part of our effort to solicit front page content from the Broadband Reports community. If you've got something you'd like to write about, please contact us. story continues..
I have a plethora of phone numbers. For my job I use a Google Voice virtual phone number on my business cards. The number forwards to my business cell phone – or any other phone I wish. I have also been experimenting with Comcast’s virtual phone service, Xfinity Voice 2go.
·more stories, story search, most popular ..
Recent news contributors