Google is now letting its user's password protect the Web & App Activity page. It contains the histories of the web search with the Google Maps usage. A password can now prevent the activity of a user from having easy access by other people who are using the same device.

Google lets its user's password to protect their search history

The Web & App Activity page contains a lot of private data. Moreover, to the activity in the Search and Maps, track all your YouTube watch history. Also, it tracks the Google Play Usage, Google Assistant queries, and many more.

This data is usually helpful for those users who look back while trying to retrace how they found something. But the reason behind why Google tracks it is to serve the search results and ads with personalized suggestions.

Also, for the first time, users can prevent their data from getting the view from those people who should not see it. Previously those who wanted to see someone’s search history had to pick up their device and type activity.google.com from the address bar.

With this new verification option, users can easily set a password that will need to be entered before anyone views the Web & App Activity page. First, they have to log into your Google account. Then they can navigate to your activity.google.com. After that, one has to click on Manage My Activity verification. Then they have to click on the Require Extra Verification and Save. The next one has to enter the users password to confirm the identity.

As you have successfully protected your activity page, you will be able to see a Verify button in a historic place. Clicking on that button will take you to a screen. There you have to enter your account password. It will then take you to the activity page, where your fill history is visible. Google is also offering multiple ways to manage your activity history. From the top of the page, there is a row of buttons to toggle the data collection off and on.

[Source: This article was published in flipweb.org By Ishita Paul - Uploaded by the Association Member: Edna Thomas]
Published in Search Techniques

Cyberattacks are performed by malicious actors with various intentions, though the tools and methods they use are often the same

  • A cyberattack is an assault on any computer or network, almost always launched from another computer or network.
  • There are a lot of ways malicious actors can launch a cyberattack, including malware, zero-day exploits, and denial-of-service attacks.
  • Here's a brief overview of cyberattacks and what you need to know about their risk.

We live in an age in which every major government, military organization, corporation, and medical institution relies on computer technology for nearly every aspect of its operation, and those systems are always at risk of being attacked.

A cyberattack is just that: an assault on a computer, computer network, or the data stored within that network. The intent of the attack can vary - some attacks are intended to disable the computer system while others intend to gain control over it. Still, others intend to infiltrate the system to steal or destroy data. While cyberattacks are often aimed at organizations, individuals are not immune from cyberattacks either.

It's important to understand that cyberattacks can be launched by any kind of malicious actor, including criminals whose primary goal is monetary gain, state actors trying to gain leverage through intelligence gathering, corporate espionage or other spycraft, and terrorists attempting to damage, destroy, or gain access to computer systems. The tools and methods used by all these malicious actors may be largely the same.

Types of cyberattacks

There are a number of common kinds of cyberattacks. They include:

  • Malware: This is a general term that describes all manner of malicious software including viruses, Trojans, worms, and more. Depending on the software, it might be able to steal data, block access to the PC, remotely control it, and more.
  • Ransomware: Sometimes considered a kind of malware, ransomware is worth also discussing on its own because of how serious the risk has become. A ransomware infection can encrypt a computer and hold the data for ransom; its frequency has ballooned in recent years.
  • Zero-day exploits: This refers to any attack that leverages a known security flaw in a computer system after the problem is discovered but before a security patch can be deployed to fix it.
  • Phishing: In a phishing attack, a malicious email or text message can impersonate a legitimate message, luring users to accidentally give up sensitive information or login credentials for computer systems.
  • Man-in-the-middle (MITM): This is an attack in which a malicious user manages to take control of a node between a user and a destination on the network or internet. For example, a MITM attack might use a compromised Wi-Fi hotspot to masquerade as a site that users need to log into, allowing the MITM to harvest critical information.
  • Denial-of-service (DoS): In a denial of service attack, a malicious user overwhelms a computer system with traffic or data requests so it can't perform any legitimate activities. This is often in the form of a distributed denial-of-service (DDoS) attack, in which a large number of computers are used for the attack, often remotely controlled by malware without the actual owner's knowledge.
  • SQL injection: Many computer networks rely on Structured Query Language (SQL) databases for internal storage and operation. An SQL injection attack occurs when an attacker inserts SQL commands into the computer (such as via a form on a webpage). If the network's security isn't robust enough, it might allow that SQL instruction to be processed, which can compromise the network.

How to prevent a cyberattack?

There is an entire industry focused on preventing cyberattacks, staffed with IT and cybersecurity professionals.

To prevent attacks, teams of cybersecurity personnel typically develop detailed protection plans that include operational security procedures designed to protect physical systems and the data stored within those networks. This includes data access procedures, identity and credential verification, user training and education, and more.

IT professionals also install and manage anti-malware software and train users to recognize and deal with spam, phishing attacks, and malware that slips through the filters and protective software. Organizations also invest in firewalls along with other security tools and processes.

[Source: This article was published in businessinsider.in By Dave Johnson - Uploaded by the Association Member: Martin Grossner]
Published in Internet Privacy

In the technology world, one of the major talking points centers on the challenges regarding consumer data privacy. There is no coherent approach, however, and many people have strong, and differing, opinions about privacy.
The consumer privacy debate pervades most things businesses and consumers do (even if many consumers are unaware). Taking 2021, this is seen with Apple's new strong stance on data privacy and how it’s impacting advertising, with the California Consumer Protection Act, and how Internet cookies are being phased out, people.

Many people remain unclear as to what they can do to ensure their data stays private. To gain some tips on what can be considered, Digital Journal caught up with Don Vaughn, Invisibly’s Head of Product.

Vaughn provides Digital Journal readers with the following suggestions for consumers that want to keep their data private.

Get a virtual private network (VPN)

A virtual private network provides a strong degree of privacy, anonymity, and security for people by creating a private network connection. Vaughn recommends: "People and companies can spy on what websites you’re visiting, where you are located, and your computer’s identification number. You can stop them by using a virtual private network) which protects your information and makes it look like you’re browsing using a computer somewhere else. "

Use a private search engine

Vaughn points out: "Google makes money by tracking you, collecting as much information as possible on you, and then sells your attention using adverts based on that." Instead a private search engine and be used, and Vaughn recommends using DuckDuckGo."
With such systems, there is very little risk that your searches will be leaked to anyone because most private search engines do not track any information that can link a user to their search terms.

Tune-up your privacy settings

Looking at this often neglected area, Vaughn proposes: "We leave a data trail about us every time we use social media. Most companies let us choose what should or should not be shared and others even let us choose what data should be deleted." To counter this, it is important that users manage their privacy settings for each social media site they use.

Have a Backup ”Public” Email or Unsubscribe From Unwanted Emails

Vaughn's communications tip runs: "When you provide your email address to a company, many times you end up being bombarded with marketing emails and spam. While many services offer an opt-out checkbox for marketing emails, it's easy to forget to do this every time we enter our email online." It is important to unsubscribe from these services.
Expanding upon this, Vaughn notes: "If you use a bulk unsubscribe email service, make sure you are using a safe service. Some free services could collect and sell your data. If you are willing to pay for such a service, as an example, Clean Email is safe and does not sell their user’s data."
Check Permissions
Vaughn's final tip goes: "Most apps and browser extensions have a list of permissions that you sign off on when you start using that service. Sometimes, permissions are required for a service to work. By double-checking the permissions an app has access to, you could be stopping an app from accessing certain data it doesn’t have to access."

[Source: This article was published in digitaljournal.com By Tim Sandle - Uploaded by the Association Member: David J. Redcliff]  

Published in Internet Privacy

Most web browsers access your geographic location via your IP address to serve local search results. Your browser may also have permission to use your device’s built-in camera and microphone. It’s certainly convenient, but it’s a huge security risk.

Here is a list of browser security settings you need to check now.

Browser cookies, extensions, and software bugs can slow your internet connection speeds to a crawl. Use these proven tricks to speed up Chrome, Firefox, Safari, and Edge.

A browser is your gateway to the web and the cybercriminals looking to take advantage of you. If you’re ready to make a move to a more privacy-focused browser or see if yours makes my list, keep reading.

Best overall browser for privacy: Brave

If you’re fed up with trackers, ads, and data-hungry bits of code that follow you across the internet, Brave is the browser for you. Brave’s servers don’t see or store your browsing data, so it stays private until you delete it. That means your info is never packaged up and sold to advertisers.

The browser’s default settings block harmful junk like malware, phishing, and malicious advertising and plug-ins that could harm your computer.

Advertising and trackers are blocked by default. Because of all it stops, Brave says it is three times faster than Chrome overall and loads major sites up to six times faster than its competitors. 

Brave is free to use, but you can turn on Brave Rewards to give back to the sites you visit most.  Once enabled,  "privacy-respecting" ads will show to support the content you see. Your browsing history remains private.

What about user experience? It runs on the Chromium source code, which powers Google Chrome, so it will likely feel familiar.

Download Brave for free here. It’s also available as an app on Apple and Android devices.

Best browser for customizable privacy: Firefox

Mozilla’s Firefox bills itself as a fast browser that “doesn’t sell you out.” Detecting a theme here? Firefox collects very little data, and you don’t even need to give your email address to download it.

It also blocks trackers by default, so you don't have any settings to change.

The customization features make Firefox stand out. You can use global protection levels, such as "Strict" or "Standard" or go the custom route. You can choose precisely which trackers and scripts Firefox blocks to get the experience you want.

When it comes to privacy, it’s got many bells and whistles: a built-in password manager, breached website alerts, Private Browsing mode, and secure form autofill.

Firefox is compatible with Windows, Mac, and Linux, and smartphones to make it easy to sync across all your devices. Take Firefox for a test drive on your computer by clicking here. Or click to download it for Apple or Android.

Best browser for maximum security: Tor

If you’re super security-focused, you probably already use a virtual private network or VPN. Want even more anonymity? Turn to Tor. This name started as an acronym for "The Onion Router," and it's popular among computer-savvy circles.

Tor runs your connection through multiple servers across the globe before you reach your destination. Your data is encrypted between each “node,” adding layers of protection – hence the onion logo.

Tor has been used for illegal activity online, but the software itself is perfectly legal and shouldn’t pose any problems. It’s often the route into the Dark Web.

Tor runs on a modified version of the Firefox browser. You can download Tor here.

Best browser for privacy on Mac: Safari

Many people use the browser that came with their computer as a matter of convenience. If you've got a Mac, this is a good thing. Safari blocks cross-site tracking that lets you enjoy the sites you use most without worrying about being followed.

Safari uses Google as its default search browser, which blocks malicious websites and protects you from malware and phishing scams. It blocks pop-ups, too.

Safari’s built-in password manager (Keychain) lets you know if a site you saved was involved in a data breach and helps you change your password. Download Safari here, directly from Apple.

Alternative option: Microsoft Edge

Microsoft said so long to Internet Explorer, and the new Edge is a robust browser with lots of built-in privacy features. It, too, runs on Chromium and feels a lot like Google Chrome.

Edge offers protection from trackers and blocks ad providers from monitoring your activity and learning more about you.

Choose the level of restriction you prefer from three settings, and you can decide which sites to block or not on a case-by-case basis. Want to know what Edge is blocking for a particular site? Click the lock icon to the left of the URL, then click Trackers for a list.

Edge’s built-in Password Monitor will alert you if you visit a compromised website and prompt you to change your password to a stronger one. You can make your own or use a suggested password.

[Source: This article was published in usatoday.com By Kim Komando - Uploaded by the Association Member: Issac Avila] 
Published in Search Engine

By now, you’re probably familiar with common advice surrounding online passwords. Don’t use a sequence of numbers. Don’t use your name. Don’t reuse the same password for all of your accounts.

And yet, despite the stress on such tips by experts year after year, most people ignore them.

Some 81% of hacking-related data breaches stem from poor password security, according to Verizon’s 2017 data breach investigations report. And with the rise of remote work and learning in the wake of the pandemic, it’s a bad habit that needs to be squashed. That starts by knowing what not to do.

ID Agent, a dark web monitoring company owned by IT software company Kaseya, says it identified the most common stolen passwords found on the dark web in 2020 based on a scan of nearly 3 million passwords.

What’s the dark web, you ask? The dark web is a part of the deep web, an area of the internet that doesn’t get indexed and cannot be found by a search engine.

“The dark web can only be accessed through a specific browser that provides anonymity to its users,” said Mike Puglia, chief strategy officer for Kaseya. “Though not all content on the dark web is malicious, cybercriminals use the dark web for various illegal purposes, including the sale of stolen credentials.”

20 Most Common Passwords Found On The Dark Web

Based on the top 250 passwords they discovered on the dark web, ID Agent said the most common categories used to generate those passwords include sequential strings of numbers, names, sports references, famous people or characters, and more.

Fifty-nine percent of Americans use a person’s name or birthday in their passwords, while 33% include a pet’s name and 22% use their own name, the company said. The average user also reused their bad password 14 times.

Here’s a look at the top 20 passwords found on the dark web in 2020:

  1. 123456
  2. password
  3. 12345678
  4. 12341234
  5. 1asdasdasdasd
  6. Qwerty123
  7. Password1
  8. 123456789
  9. Qwerty1
  10. :12345678secret
  11. Abc123
  12. 111111
  13. stratfor
  14. lemonfish
  15. sunshine
  16. 123123123
  17. 1234567890
  18. Password123
  19. 123123
  20. 1234567

The analysis also identified the most common words used within various categories of passwords. For instance, it found that “maggie” was the most common name among the top 250 passwords on the dark web. Sports lovers like to include the word “baseball” most often in their passwords. “Newyork” was found the most often among cities that were used, and “cookie” was the most common food word.

How To Avoid Having Your Password Hacked

Worried your password is too similar to some of those mentioned above? In order to protect yourself against identity theft, data breaches, and other fraud, it’s crucial to create passwords that can’t be guessed by cybercriminals. Here are a few ways to do that.

Don’t use names.

It might seem a bit obvious, but putting your name ― or the name of a close family member ― in your password makes it much easier for hackers to guess. In fact, at least 92 of the top 250 most common passwords found by ID agents were first names or variations of first names. Instead, come up with a nonsensical phrase that only you would know.

Mix up your numbers.

Notice how many of the top passwords found on the dark web were some variation of “123?” Thirty-five of the top 250 most common passwords, including 12 of the top 20, contained sequential numbers. Don’t make it that easy for hackers. “Individuals should create passwords that include a combination of numbers, symbols, uppercase and lowercase letters that are non-sequential,” Puglia said.

Create a unique password for every account.

If you reuse the same password for every account, you make it that much easier for criminals to hit the jackpot if they figure out what it is. According to Puglia, about 39% of people say most of their passwords across both their work and home applications are identical. If you can’t think of that many unique passwords, password generators can help with that. Google Chrome has the function built in, or you can try tools such as passwordgenerators.net or LastPass.

Use a password manager.

Puglia said that the average U.S. adult has between 90 and 135 different applications that require a set of credentials. Clearly, no one could memorize that many. “The best way to keep track of numerous passwords is to use a secure password manager,” he said. These tools prevent you from storing passwords on your phone or tablet, a common habit that makes it easier for cybercriminals to get their hands on your credentials. Some options include LastPass, Keeper Security, or 1Password.

[Source: This article was published in huffpost.com By Casey Bond - Uploaded by the Association Member: Clara Johnson]

Published in Deep Web

This may form part of the social media guidelines currently underway by the IT Ministry and could be out soon.

Social media platforms such as Facebook, WhatsApp, Instagram, Twitter, and TikTok may have to scramble for developing an account identity-verification option to check "fake news, malicious content, misinformation, racial slurs, gender abuse that may have an impact on the individual and society as a whole." This may form part of the social media guidelines currently underway by the IT Ministry and could be out soon. "The work is in progress, we have sent it to the Law Ministry for vetting," said a source.

The IT Ministry is learned to have finalized the social media guidelines to check misinformation, malicious info, and gender-biased views and have sent them to the Law Ministry for vetting it where account holder verification could be made mandatory.

The new draft personal data protection Bill has proposed social media intermediaries to enable "voluntary verification" of user accounts. The method for this, as suggested in the bill, is that these verified users should be given a demonstrable and visible mark of verification which is akin to biometric or physical identification which is publicly visible to all users.

If this is implemented, then this verification system would be different from the existing verified accounts category on platforms such as Instagram and Twitter.

The security check user account verification will be developed by the social media company.

Another major change that may come up is in the definition of the "significant data fiduciary" based on the volume of personal data they possess because there is a feeling that big or small, any incorrect or fake information through even a small social media platform has the potential to multiply the fake news irrespective of the volume of personal data it holds.

Therefore, there may be another layer included for those social media companies who don't have volumes of personal data, but they can affect the democratic nature of the country.

Under Section 26 of the 2019 Bill, certain thresholds in terms of volume of personal data processed, the sensitivity of personal data processed, risk of harm, etc are specified, upon satisfaction of which, the Data Protection Authority may notify a data fiduciary as a "significant data fiduciary" (social media companies).

This provision in the data privacy Bill is only applicable to "significant" social media platforms. The significant status of a company is determined by the Central government on the basis of the number of users and the potential impact that these companies can have on Indian democracy and the country's security and general harmony. But this may change, said sources.

A social media intermediary has been defined as a body that primarily or solely enables online interaction between two or more users and allows them to create, upload, share, disseminate, modify or access information using its services.

Earlier, there was a proposal to link social media accounts with Aadhaar to trail the real source of fake news, but the nodal agency for UIDAI shot down the proposal, saying Aadhaar is meant for the distribution of government welfare benefits not catching culprits which is a policing job.

IT Minister Ravi Shankar Prasad later said there is no proposal to link social media accounts of individuals to Aadhaar.

With the rise in fake news and hate speeches online, the need for verification of social media accounts has been felt for a while. This became even more pronounced following a series of lynching incidents over religious issues. Earlier this year, Facebook reported taking down 2.19 billion fake accounts in the first quarter of 2019, a significant hike from 1.2 bn accounts in Q4 of 2018.

[Source: This article was published in gadgets.ndtv.com  - Uploaded by the Association Member: James Gill]

Published in Internet Privacy

The process of getting your social media accounts verified is mysterious and extremely desirable. For those who don’t know, social media verification is when your account handle has a blue check next to it. You will see A-list celebrities, athletes, musicians, successful brands, and top social media personalities with the blue verified account checks. Simply put, the blue check signifies massive credibility and digital fame.

What most people don’t understand is what it actually takes to qualify and receive the blue check. A few months ago, my TikTok account and personal Instagram account were verified. Here is how it happened. 

Four years ago, I created a liquor brand with my two best friends. The marketing and branding plan was to create an exciting and engaging social media presence. We saw that the liquor industry was largely boring and run by traditional executives who did not understand social media or modern-day digital marketing. While we were building the brand, I became a social media expert and developed a deep understanding of what it would take to become successful. I also took content creation to the next level with unique-point-of-view videos using GoPros. Instead of traditional industry content, we leveraged people and an exciting lifestyle to position the brand. The success of the brand earned me frequent news interviews, a newspaper column, and many interviews in major publications.

During the beginning of the Covid-19 pandemic, I became frustrated with the ever-increasing pay-to-play growth and engagement models of most social media platforms. So, I decided to get serious about TikTok. It seemed to be the only platform where huge organic growth was still possible. This paid off big. My video style was working for the audience, and I began growing quickly. My account has gone from 2,000 followers to almost 100,000 followers. A few videos early on had over 10,000 views, then 50,000 views, 100,000 views, and 500,000 views — and now, many have over 1,000,000 views. 

During a flight when I was flying a privately owned fighter jet trainer, I passed out from the massive G-forces. This video immediately went viral. It had over 3 million views within a few weeks. I decided to license the video, and it really exploded immediately after that. The Daily Mail featured the video, and then many other news sources and social media accounts followed suit. Currently, the video has over 50 million total views across all digital platforms. The Daily Mail article headline directly referenced my TikTok account and that the video had 3 million views. One week later, I opened up my TikTok, and there it was: the blue check.

After my TikTok account was verified, I opened my Instagram app, took a picture of my driver's license, and submitted it directly to Instagram for verification. Within a few hours, there it was: the blue check.

So what does it take to get your social media accounts verified? The answer is generally to be an A-list celebrity or be a leader in your industry who gains massive press and extremely viral content. If you don’t have the above, there is no third-party service I know of that can help you get a blue check. Do not fall for the rampant verification scam services out there. 

If you want to get your social media accounts verified, start off by identifying your unique skill sets and expertise. Next, work hard to become a leader in your field of expertise. Start sharing this expertise and provide value to those around you. Share your ideas on social media and work to get published in small publications. Then, small publications can become large publications.

Next, leverage your skill sets and share them in creative ways on social media. This will take time but can pay off in huge dividends. I never wanted to start a TikTok account, but I learned this was the only place I could quickly grow a massive audience. Spend time mastering social media and staying ahead of the trends. This even includes moving on to new platforms when they launch.

Now, go work on taking your content to the next level, earning major press, and getting your social media accounts verified.

[Source: This article was published in forbes.com By Alex Kowtun - Uploaded by the Association Member: Deborah Tannen] 
Published in Investigative Research

The largest-ever study of facial-recognition data shows how much the rise of deep learning has fueled a loss of privacy.

In 1964, mathematician and computer scientist Woodrow Bledsoe first attempted the task of matching suspects’ faces to mugshots. He measured out the distances between different facial features in printed photographs and fed them into a computer program. His rudimentary successes would set off decades of research into teaching machines to recognize human faces.

Now a new study shows just how much this enterprise has eroded our privacy. It hasn’t just fueled an increasingly powerful tool of surveillance. The latest generation of deep-learning-based facial recognition has completely disrupted our norms of consent.

Deborah Raji, a fellow at nonprofit Mozilla, and Genevieve Fried, who advises members of the US Congress on algorithmic accountability, examined over 130 facial-recognition data sets compiled over 43 years. They found that researchers, driven by the exploding data requirements of deep learning, gradually abandoned asking for people’s consent. This has led more and more of people’s personal photos to be incorporated into systems of surveillance without their knowledge.

It has also led to far messier data sets: they may unintentionally include photos of minors, use racist and sexist labels, or have inconsistent quality and lighting. The trend could help explain the growing number of cases in which facial-recognition systems have failed with troubling consequences, such as the false arrests of two Black men in the Detroit area last year.

People were extremely cautious about collecting, documenting, and verifying face data in the early days, says Raji. “Now we don’t care anymore. All of that has been abandoned,” she says. “You just can’t keep track of a million faces. After a certain point, you can’t even pretend that you have control.”

A history of facial-recognition data

The researchers identified four major eras of facial recognition, each driven by an increasing desire to improve the technology. The first phase, which ran until the 1990s, was largely characterized by manually intensive and computationally slow methods.

But then, spurred by the realization that facial recognition could track and identify individuals more effectively than fingerprints, the US Department of Defense pumped $6.5 million into creating the first large-scale face data set. Over 15 photography sessions in three years, the project captured 14,126 images of 1,199 individuals. The Face Recognition Technology (FERET) database was released in 1996.

The four eras of facial recognition

download.png

The following decade saw an uptick in academic and commercial facial-recognition research, and many more data sets were created. The vast majority were sourced through photoshoots like FERET’s and had full participant consent. Many also included meticulous metadata, Raji says, such as the age and ethnicity of subjects, or illumination information. But these early systems struggled in real-world settings, which drove researchers to seek larger and more diverse data sets.

In 2007, the release of the Labeled Faces in the Wild (LFW) data set opened the floodgates to data collection through a web search. Researchers began downloading images directly from Google, Flickr, and Yahoo without concern for consent. LFW also relaxed standards around the inclusion of minors, using photos found with search terms like “baby,” “juvenile,” and “teen” to increase diversity. This process made it possible to create significantly larger data sets in a short time, but facial recognition still faced many of the same challenges as before. This pushed researchers to seek yet more methods and data to overcome the technology’s poor performance.

Then, in 2014, Facebook used its user photos to train a deep-learning model called DeepFace. While the company never released the data set, the system’s superhuman performance elevated deep learning to the de facto method for analyzing faces. This is when manual verification and labeling became nearly impossible as data sets grew to tens of millions of photos, says Raji. It’s also when really strange phenomena start appearing, like auto-generated labels that include offensive terminology.

The way the data sets were used began to change around this time, too. Instead of trying to match individuals, new models began focusing more on classification. “Instead of saying, ‘Is this a photo of Karen? Yes or no,’ it turned into ‘Let’s predict Karen’s internal personality or her ethnicity,’ and boxing people into these categories,” Raji says.

Amba Kak, the global policy director at AI Now, who did not participate in the research, says the paper offers a stark picture of how the biometrics industry has evolved. Deep learning may have rescued the technology from some of its struggles, but “that technological advance also has come at a cost,” she says. “It’s thrown up all these issues that we now are quite familiar with: consent, extraction, IP issues, privacy.”

Harm that begets harm

Raji says her investigation into the data has made her gravely concerned about deep-learning-based facial recognition.

“It’s so much more dangerous,” she says. “The data requirement forces you to collect incredibly sensitive information about, at minimum, tens of thousands of people. It forces you to violate their privacy. That in itself is a basis of harm. And then we’re hoarding all this information that you can’t control to build something that likely will function in ways you can’t even predict. That’s really the nature of where we’re at.”

She hopes the paper will provoke researchers to reflect on the trade-off between the performance gains derived from deep learning and the loss of consent, meticulous data verification, and thorough documentation. “Was it worth abandoning all of these practices in order to do deep learning?” she says.

She urges those who want to continue building facial recognition to consider developing different techniques: “For us to really try to use this tool without hurting people will require re-envisioning everything we know about it.”

[Source: This article was published in technologyreview.com By Karen Haoarchive - Uploaded by the Association Member: Jay Harris]
Published in Internet Privacy

We all probably did a lot more online shopping this year during the pandemic than ever before. After online shopping, you will notice that pop-up ads are constant, and continue to pop up even if you continue to “x” them out. Or you might check the weather, and find that the site you access knows exactly which town and state you are in.

That’s because of cookies and your browser. Here are some tips to minimize the use of your browsing history by third parties.

First, when you use a computer and Wi-Fi in a public place, your browsing history can be accessed and stored. Even if you are browsing using your own Wi-Fi, you can do it privately. All you have to do is go to the far right side of the browser toolbar, click on the three little dots and select private or incognito.

Next, you can delete your browsing history by going to those same little three dots and clicking on “More Tools;” when the menu comes down, click on “Clear browsing data.”

When visiting websites, be wary of any pop-up that asks you to click on “I agree.” Usually, it is asking you to agree to allow cookies. If it gives you an option to say “no,” say “no.” If a pop-up asks you if you want to delete cookies or “do-not-track,” say “yes.”

To restrict browsers from sending your location-based data, refuse to provide consent if asked when you visit a site.  Depending on the browser you use, you can go into “preference” in settings and choose the option of disallowing or asking for the request of location when you visit a site.

Use other browsers that have advanced privacy settings, such as DuckDuckGo.

To restrict Google from creating an ad profile on you, you may wish to consider downloading Google Analytic Browser Add-on so your tracking activity is restricted.

Social media sites like Facebook, Twitter, and LinkedIn also track our online activities. To limit these platforms from tracking, go to “Settings” in each site, and click on the choices that allow you to limit targeted ads, tailor ads, or managing advertising preferences.

All websites track users. Controlling cookies and browsing history to limit this tracking will reduce the number of pop-up ads you receive, and the sharing of information about your browsing without your knowledge.

 [Source: This article was published in natlawreview.com  - Uploaded by the Association Member: Dorothy Allen]
Published in Internet Privacy

DuckDuckGo’s Daniel Davis discusses the privacy-focused search engine’s future in the market

INTERVIEW DuckDuckGo’s journey started as an idea in the mind of Gabriel Weinberg, who found poor search results and high levels of spam a daily annoyance when he was browsing the web.

The first iterations of the DuckDuckGo search engine, launched in 2008, focused on offering improved search results – taking on the likes of Google and Yahoo! – but as time went on, the company’s attention pivoted to emerging security and privacy challenges.

There is money to be made in online advertising, and this ecosystem is the lifeblood of everything from media outlets to search engines and social media platforms.

This revenue stream becomes its most lucrative when data is used to create user profiles, resulting in personalized ad targeting.

Rather than charge users for an online service, some would argue that collecting data on users – such as their search queries, web page visits, and ‘likes’ on social media – is a fair trade.

For DuckDuckGo, however, the company believes that a right to privacy should trump marketing interests.

b7f8 article ddg search The DuckDuckGo homepage has become a familiar sight

Speaking to The Daily Swig, Daniel Davis, DuckDuckGo’s communications manager, said that the company has taken a different approach and “we believe getting privacy online should be simple and accessible to everyone, period”.

“We share our most intimate information with search engines – financial, medical, [and more] – and that information deserves to be private and not used for profiling or data targeting,” Davis commented.

No intrusion

DuckDuckGo does not collect user data, search queries, or purchase histories, and does not use or permit trackers – the most common approach employed by organizations to compile user profiles – so searches are kept private.

But how does such a company make money? Adverts are displayed on search engine results, but rather than targeting ads at users, DuckDuckGo’s advertising is based on the search results being viewed.

Today, DuckDuckGo has expanded beyond a simple search engine and now offers a mobile browser app, the DuckDuckGo Privacy Browser on Android and iOS, and a desktop extension for Google Chrome.

ddgo body text

DuckDuckGo’s Daniel Davis says user privacy should trump an organization’s marketing interests

As the company does not track visitors, user base estimates are difficult. However, Davis says that within the course of a year, the number of searches a day has increased from roughly 30 million to 80 million – suggesting that the firm’s privacy message is catching on.

The current record, at the time of writing, is almost 86 million queries in a single day.

“Since we don’t track our users, we don't know the same things about them that other companies do, including how many users we have!,” the executive said. “However, we know many of them are increasingly discovering the importance of protecting their privacy.”

Privacy improvements

No company achieves its goals 100% of the time, however. Back in July, Weinberg was roused out of bed one Thursday morning to deal with a security storm online, in which users were questioning a favicon-fetching “design flaw” in DuckDuckGo’s domain that could impact their privacy.

At the time, the DuckDuckGo founder told us that different favicon fetching methods offered “basically a similar amount” of privacy, but the organization chose to change its method due to community feedback.

DuckDuckGo’s slogan is “Privacy Simplified”, and for Weinberg, this means users should not have to understand complex security concepts in order to feel safe.

This approach appears to be working. Over 2020, despite the disruption caused by the Covid-19 pandemic, DuckDuckGo is growing, with searches increasing by roughly 44% year-over-year.

“This makes us the number two search engine in several countries include the US, Canada, UK, and Australia,” Davis noted. “In addition, our mobile app is now the most downloaded browser on Android and second most downloaded browser on iOS.”

Searching for balance

Google still holds the lion’s share of the global search engine market, but the growth is grounds for optimism – and according to DuckDuckGo, the tech giant’s iron grip needs to be loosened.

In October, the US Department of Justice (DoJ) accused Google of illegally holding a monopoly in the search engine and advertising market. Google was accused of using tactics including enforcing agreements that excluded rivals from fairly competing with it, alleged actions designed to maintain its pre-eminent position in the market.

While Google denies these claims, the company, described by the DoJ as a “gateway to the internet”, also maintains a dominant position in the browser market through Chrome, a business Davis says Google continues to “exploit” in conjunction with its search monopoly, thereby restricting user choice – and impacting privacy.

ddgo hq 2

DuckDuckGo’s headquarters in Paoli, Pennsylvania

“This anti-competitive behavior enables them to collect data at an unprecedented scale and use that to behaviorally target users,” Davis says.

“Even people not directly using Google products are targeted due to the proliferation of Google-hosted trackers found on around 75% of websites. Not only does this hurt competition and innovation, but the behavioral profiles that result are also used in ways that have a negative impact on society and democracy.”

When it comes to the browser security landscape, Davis said there is work to be done by major browser providers, including Google.

Privacy improvements are being made over time, but according to the executive, these are “not enough to properly block the pervasive tracking that people have grown tired of”.

Davis mentioned tracker-blocking technology implemented in the DuckDuckGo browser as an example, which has been released to the open-source community.

“People deserve a private alternative to the products and services they use,” he added. “They deserve simple tools that empower them to take back their privacy, without any trade-offs.”

Privacy beyond search

Davis said there is a growing demand for privacy-focused online products and services, and the company has been “delighted” with the response to the DuckDuckGo mobile browser, launched three years ago.

Recent improvements include adding route planning to private maps, allowing iOS users to set their default browser to DuckDuckGo, and becoming a founding member of a new privacy standard, Global Privacy Control (GPC).

There is “nothing to announce” when it comes to a fully-fledged DuckDuckGo desktop browser at present, but given the vendor’s current trajectory, this kind of offering could be a natural fit, eventually, within DuckDuckGo’s portfolio.

“We’re always looking to introduce new privacy protection products and features where people don't have the protection they deserve,” Davis said. “So next year, you'll see us rolling out new simple services that protect people's privacy in other places outside of search and browsing the web.”

[Source: This article was published in portswigger.net By Charlie Osborne - Uploaded by the Association Member: Jeremy Frink]
Published in Internet Privacy
Page 1 of 11

AOFIRS

World's leading professional association of Internet Research Specialists - We deliver Knowledge, Education, Training, and Certification in the field of Professional Online Research. The AOFIRS is considered a major contributor in improving Web Search Skills and recognizes Online Research work as a full-time occupation for those that use the Internet as their primary source of information.

Get Exclusive Research Tips in Your Inbox

Receive Great tips via email, enter your email to Subscribe.