There's something really troubling about CISPA. While the Internet rallied against SOPA (Stop Online Piracy Act) and Protect IP, including boycotts, there is near silence about the Cyber Intelligence Sharing and Protection Act. This lack of interest hits BetaNews, too. For more than three weeks, I've asked writers here to do a CISPA story. No one wants it. Am I the only one scared witless about this thing?

I got to thinking about CISPA, again, this afternoon after the info graphic accompanying this story dropped in my mail box. It's a tidy explanation of what is CISPA that sheds some light on why the Internet isn't in uproar about it. Where's Anonymous? Who muted the Reddit outrage?

Continue reading →

You’ve no doubt noticed that a huge number of websites require you to log into an account before you can do anything useful. This could be your banking site, a forum, a social network, or almost anything else imaginable and in all likelihood you have a huge number of passwords to remember. Some people simply use the same password for everything, but this has obvious security implications. Norton Identity Safe is one possible solution that rivals tools such as KeePass and 1Password as it stores all of you log in details in a secure database.

The app is available for Windows as well as iOS and Android and, providing you make sure you download the software before 1 October 2012, it is completely free of charge. Although there is a regular program installation to run through, the app is really a browser plugin for users of Windows and OS X, and it is compatible with Internet Explorer, Chrome, Firefox, Safari and Opera. As all of your password are stored in one place, you will obviously need to create a strong password to keep everything secure, and there is a two-step approach to this.

Continue reading →

If you’re looking to maintain your privacy online then you could sign up for a VPN service. But which one? There’s a lot of choice, and if you’re a networking novice then figuring out which service is right for you can be a real challenge.

But that’s where Spotflux comes in. This interesting new VPN service comes packed with useful functionality --- encryption, ad-blocking, antivirus and more -- yet really couldn’t be any easier to configure.

Continue reading →

User experience is important when developing any mobile app but in an enterprise context, what about security? For example, if you are developing an app that stores personal information there are regulations that ask where this information resides. Depending on the industry, mobile app developers may be completely accountable if any security issues happen on an app that they develop.

To ensure that you are in full compliance to any privacy, security or regulatory questions, it is recommended that apps be developed in-house or through a partner. So do mobile app developers need to consider regulatory, security or privacy concerns in advance of mobile app development projects?

Continue reading →

It's a serious question, following today's stunning privacy post from Facebook. Has an employer or prospective one asked you for your Facebook password, or that of another social media site; could be Google+, Tumblr or Twitter, among others?

The request might have come as condition of continued employment, and there threat of reprisal might seem, or even be, real given the current job market. Or perhaps a prospective employer said that you couldn't be considered for a new position without first giving up your password. Please answer in comments. This is one of those rare occasions I don't mind, and even recommend, anonymous commenting if answer is "Yes". There also is a poll. Please answer, and you can choose multiple responses.

Continue reading →

Reports of prospective employers asking for Facebook passwords during the hiring process or as terms of employment has the social networking site upset. Facebook says asking for your password is a violation of privacy, and very well could set up the employer for legal action.

Criticism of the practice came to a head earlier this week following an Associated Press story detailing several individuals who had been subjected to disclosing their passwords to either obtain or to keep a job. Employers' attempts to peer into your social life has the attention of lawmakers too: in both Maryland and Illinois legislation is being considered to make the practice illegal.

Continue reading →

Google's new privacy policy takes effect today, March 1. There are significant changes on how your data is handled across the Google family of sites, and that's enough to raise the concern of privacy regulators in both the European Union and Japan.

Their concern should be yours, too. Who's that looking over your shoulder online? Google.

Continue reading →

Are you shocked that Google is back in the news again for behaving badly? This latest "evil" is hard to excuse as being accidental. Several online advertising outfits, including Google, ignored the privacy settings of iPhone users and embedded tracking code in mobile advertisements, the Wall Street Journal finds. The code allowed Google and others to track browsing behavior across many different websites. Supposedly Google stopped the practice after being contacted by the Journal.

The browser breach raises important questions about the search and information giant's commitment to user privacy, and more importantly the lengths the company will go to build its advertising business. Considering that the Mountain View, Calif.-based company made such a big deal in its early years that "you can make money without doing evil", each successive report of Google acting just like any other company is ever more disturbing.

Continue reading →

In a major update to its privacy policy and the addition of "Search Plus Your World", Google has managed to attain the consensus from the tech-enthused world that it is way beyond the innocent baby days of "don’t be evil". Matt Honan of Gizmodo signalled the privacy shift as the end of Google’s "don’t be evil" promise, which the company built its business on, and Sarah Lacy of Pando Daily shared similar sentiments, though hers was related to the Search Plus Your World outcry.

In a nutshell, one of the biggest sore points that people are having with Google’s new privacy policy is the fact that it permits the search giant to utilize your basic profile information and extend it across your identities when using your other Google services. These changes aren't so much evil, but adaptation to our merging online and offline identities.

Continue reading →

There are lots of places where you can be anonymous online. Google+ isn't one of them. Late today, Google announced a revision to the G+ names policy that doesn't change this, but it does allow people to use nicknames and established pseudonyms. If anonymity is your thing, go somewhere else. I don't want you on Google+. You can bully pulpit somewhere else. As for those folks whose lives might be at risk for using real names, please be safe someplace else -- Facebook, Reddit, Twitter, Tumblr or WordPress, for example. Those services have proven they can protect your identity.

But, of course, the griping will continue from the Internet rabble determined to hide their identities everywhere. They want more from Google than just nicknames. What are you afraid of? I use my real name everywhere, as I have always done. I see that as being in the very spirit of the open -- and transparent -- Internet. Be who you are, not someone else. And if that comment --- or other online interaction -- requires you to hide your identity, shut the frak up. Vent somewhere else. For everyone else, and this includes people who have built up alternative identities, Google+ welcomes you.

Continue reading →

Jan. 18, 2012 is designated SOPA blackout day, with prominent websites planning to go dark in protest of two bills working through Congress -- Stop Online Piracy Act and PROTECT IP Act (PIPA). If you've got a big school project due Thursday and plan on using Wikipedia, get your research done today. The community-based encyclopedia plans to go dark tomorrow, and it's not alone.

The proposed legislation has generated gigabytes of negative responses, which included a Go Daddy boycott for supporting SOPA (since retracted) and culminates in tomorrow's blackout. Two months ago, I posed poll: "US Congress is considering two new copyright bills: PROTECT IP and Stop Online Piracy Act. Do you support them?" More than 3,500 responses later, 95 percent answered "No". You're not alone.

Continue reading →

Data on up to 24 million customers of online shoe retailer Zappos was compromised according to an email sent by its CEO Tony Hsieh on Sunday. While Hsieh says that full credit card information is safe, hackers may have the last four digits of the cards.

Hackers accessed names, email addresses, physical addresses, and phone numbers. Passwords were also compromised, however in encrypted form. As a result, the company sent out an email to all its customers, advising them to change their passwords as a protective measure. Zappos is also asking customers to reset their passwords elsewhere where it may be the same.

Continue reading →

I joined the Microsoft Security Response Center (MSRC) in April 2001 and left the company in December 2010. During that time I was involved in security and privacy at Microsoft, culminating in my role handling worldwide crisis communications for security and privacy incidents. I am one of a handful of people who knows what the security world was like at Microsoft before Chairman Bill Gates' Trustworthy Computing memo on Jan. 15, 2002. I was also part of the growth and transformation that memo brought about over the years.

As Microsoft marks the tenth year anniversary of that memo, it seems a good time to share a former insider’s view of what it really meant and accomplished. As well, I'll share thoughts on why, in the next 10 years, it’s critical that other technology companies follow Gates’ lead.

Continue reading →

The chorus of opposition to Google's recent search changes grows louder, with Electronic Privacy Information Center urging the Federal Trade Commission to launch an investigation into whether or not Google is violating users' privacy with the new feature.

Google settled with the FTC in March over its failed Buzz service, submitting to privacy audits for a period of 20 years as a result. EPIC is specifically concerned with personal data, photos, posts, and contact details being included in search results.

Continue reading →

Tomorrow is "Dump Go Daddy Day", not that many of you waited, based on your comments. For those considering to show their outrage at the registrar for active SOPA support (since withdrawn), it might be helpful to see what others are doing, where they're taking domains and exact reasoning for kicking Go Daddy down the hill.

But first, I must say that negative response to yesterday's Go Daddy/SOPA post surprised me. My some of you really are outraged. What I don't understand: Why focus all that anger on Go Daddy, or any other SOPA supporter, when legislators in the House and Senate who proposed the Stop Online Piracy Act, and sibling PROTECT IP ACT (PIPA), have the power to pass a bill into law? Wouldn't boycotting them make more sense? Or letting President Obama know how you would feel about him signing rather than vetoing the legislation? We are entering a big election year in just a few days, after all.

Continue reading →