Do they have your dox!?

AboutTheData.com just publicly launched this week. It’s brought to you by Acxiom, one of the web’s advertising heavy hitters. After verifying your identity the site allows you to view all of the marketing data they’ve collected about you (demographics, family, loans, auto/home, employment, education etc). They’re also very nice —- they let you update the information in case it’s not accurate! I found my dox to be lacking — not surprising as I don’t believe I’m any of Acxiom’s target demographics.

More from NYTimes here

eBay’s new Terms of Service and Privacy Policy

I received a notification from eBay over the weekend regarding an update to their User Agreement, Privacy Policy and Buyer Protection Policy.  After skimming the updated policies I did not notice anything invasive or earth shattering.  Companies periodical perform a policy review/refresh and it is a time to try and sneak in anti-privacy clauses.

Some highlights:

Provisions regarding use of eBay’s mobile applications. To cover the growing popularity and use of eBay’s mobile applications and to provide for possible new ways we may display the terms and conditions applicable to them in the future, we added references to these applications throughout.

Updates relating to eBay’s contacts with members. We updated provisions of the User Agreement to provide further clarity regarding the purposes for and circumstances under which eBay or its service providers may contact members using autodialed or prerecorded voice message calls and/or text messages and the circumstances under which eBay may share members’ contact information with members of the eBay corporate family or other parties.

Updates to the Buyer Protection provision. We updated the provision to reflect our ability to remove funds from a seller’s PayPal account in a currency other than the currency of the transaction at issue where the seller does not have sufficient funds available in the transaction currency.

All in all, eBay and its corporate family (PayPal, StumbleUpon, StubHub) have fair policies.  You wouldn’t expect a large company with as many users to get away with substandard user protections for long.

A Guide to Defending Privacy at U.S. Border

Take a look at the EFF’s latest article “Defending Privacy at the U.S. Border: A Guide for Travelers Carrying Digital Devices”

Account Passwords vs. Full Disk Encryption:

This distinction makes a major practical difference. Bypassing an account password is a routine operation that can be done automatically with forensic software that bypasses the operating system and looks directly at the disk, your account password is no obstacle for this forensic software. Fortunately, modern computer systems come with comparatively easy full-disk encryption tools that let you encrypt the contents of your hard drive with a passphrase that will be required when you start your computer. Using these tools is the most fundamental security precaution for computer users who have confidential information on their hard drives and are concerned about losing control over their computers — not just at a border crossing, but at any moment during a trip when a computer could be lost or stolen.

Simply deleting data from your hard drive with your normal OS file deletion features is not secure and the data is still present and recoverable on your hard drive. Just because deleted files are no longer visible in your operating system’s file manager does not mean that a forensic expert can’t undelete them or deduce that they were once present.

If a border agent asks you to provide an account password or encryption passphrase or to decrypt data stored on your device, you don’t have to comply. Only a judge can force you to reveal information to the government, and only to the extent that you do not have a valid Fifth Amendment right against self-incrimination.

It’s extremely important that you do not tell a lie to a border agent. If you are absolutely sure that you don’t want to answer a specific question, it’s better to politely decline to answer than to give a false answer.

Be aware that border agents may search your camera, copy its contents, or try to undelete images or videos that you believe you’ve deleted and that are no longer visible from the camera’s user interface.

Dropbox’s new ToS, Privacy Policy and Security Overview

I received an email from Dropbox stating they’ve updated their terms of service and privacy policy.  I took a look at the update page and I really like the new layout.

Take a look here and see for yourself.  I’d like to see every website adopt a standard format to present their privacy policy to users.

I really like the work is doing at CMU and hopefully it will get mass adoption someday….