ITsecurity
twitter facebook rss

It is official, you can’t trust TRUSTe.

Posted by Alexander Hanff on November 17, 2014

Today the Federal Trade Commission (FTC) issued a press release outlining details of a settlement reached with TRUSTe on the grounds that the “company failed to conduct annual recertifications, facilitated misrepresentation as non-profit”.  The FTC goes on to accuse TRUSTe of not following through on annual recertifications of companies who obtained their privacy seal from […]

Taking Back My Privacy – DIY Secure Phone

Posted by Alexander Hanff on November 14, 2014

Over the last week I decided to start a new project mostly as a proof of concept but also down to curiosity as to how easy/difficult it would be – I decided to try to make myself a secure phone. Hardware-wise it was fairly simple, I have an old HTC Desire handset which has been […]

Protect your Privacy from as little as 7p per day

Posted by Alexander Hanff on November 10, 2014

How many of you use mobile data? Have you read the terms and conditions of your mobile contract? If you have you will be aware that pretty much every mobile carrier in the world grants themselves permission to read your emails, monitor which web sites you visit and a whole host of other privacy invading […]

Westin’s “Privacy Segmentation” critiqued.

Posted by Alexander Hanff on November 9, 2014

Professor Alan Westin was a privacy giant with research dating back to the 1960s and a professional career seen by many privacy professionals as paramount to the development of the current legal regime regarding privacy and data processing. It is without question that Westin dedicated his life to privacy law but his research was often private […]

Google and Differential Privacy – RAPPOR

Posted by Alexander Hanff on November 8, 2014

There is a great deal of press coverage this week about Google’s announcement at CCS 2014 that they are working on a new project called RAPPOR (PDF) which reportedly uses techniques from the 1960s based around differential privacy. This is good news, or would be if it meant Google were becoming more ethical with regards […]

ShazzleMail – a new approach to encrypted email.

Posted by Alexander Hanff on October 28, 2014

The Problem One of the key issues we face with regards to the privacy and security of our electronic communications is encryption. Email protocols were designed decades ago with little mind for security and for the past twenty years we have been frantically trying to put our proverbial thumb in the hole. In 1991 Phil […]

Mozilla proposes changes to the Privacy Principles

Posted by Alexander Hanff on July 19, 2014

Today I received an email from Mozilla’s privacy list with proposed “Revisions to Privacy Principles” which I feel are a clear illustration that Mozilla is becoming a rogue player in the browser space and is now more interested in monetizing their users than protecting them. Allow me to address each of the proposed changes in […]

A life-long commitment to privacy.

Posted by Alexander Hanff on June 30, 2014

For the past seven years I have been advocating for stronger privacy across the globe, both in my role at Privacy International, where I managed their digital privacy portfolio for three years, and as an independent expert. Much of the first five years were focused on lobbying for changes in global privacy laws to change […]

The Darker Side of Jeff Bezos’ Fire Phone

Posted by Alexander Hanff on June 19, 2014

Amazon’s Jeff Bezos took to the stage this week to talk about Fire Phone – Amazon’s inaugural step into mobile devices. The world’s press and media are buzzing with activity over the device and in particular the Firefly app which can be used to identify objects and images from the camera with the immediate opportunity […]

JavaScript: New Privacy/Security Threat

Posted by Alexander Hanff on June 13, 2014

  Recently, a developer I know reasonably well contacted me to show me a new JavaScript library he had written which exposes information on all network adapters and connections on a PC. This code was able to detect -all- network adapters along with the IP addresses assigned to them including virtual adapters. This means that […]