Cryptocat Provides Privacy-Aware Chat Alternative with Security

Cryptocat is an open-source web app that uses encryption to secure online chat. If you’re looking for an option with even more security the  Cryptocat Chrome app, stores all code locally reducing the need to contact the server.

The website actually securely deletes all logs of conversations after an hour of inactivity. Cryptocat developer, Nadim Kobeissi, explained that “big data such as Google and Facebook continue to amass gigantic amounts of personal information without providing any guarantee of privacy, while encryption software remains largely inaccessible” in the about page of the web app.

Cryptocat allows the use of TOR and supports major phones operating systems including the iOS, Andriod and BlackBerry systems. Users can be verified using a “fingerprint” assigned to each user. All the code is available on Github and the website has also been translated to French, Italian, Basque and Catalan.

Facebook Inadvertently Leaks Private Photos


A security flaw published in a bodybuilding forum which had been up for a “couple weeks” according to the original poster, has allowed Facebook users to access private photos by exploiting a flaw in the “report abuse” tool which allows users to select “additional photos to include” in the report sent to Facebook staff.

It wasn’t too long when Zuckerberg, the creator of Facebook, became a victim. Mike Rundle, a designer and programmer, tweeted “Facebook security exploit allows you to view anyone’s private photos” and posted a link to Mark Zuckerberg’s personal images on Imgur, a popular photo sharing website (the link has since been removed).

The images show Zuckerberg holding a dead chicken and making sushi and with his girlfriend. However, some images released were also available elsewhere such as an image showing Zuckerberg with Obama.

Facebook addressed the issue in a statement, saying “the bug, was a result of one of our most recent code pushes and was live for a limited period of time. Not all content was accessible, rather a small number of one’s photos”.

Facebook recently settled with the Federal Trade Commission due to sharing information with third parties. For example, developers gaining access to information where settings for information were selected as “Only Friends” or “Friends of Friends”.

FBPwn Clones Profiles From Friend Lists

FBPwn is a social engineering tool which saves all useful information from a victims Facebook profile. FBPwn works by adding all the friends from the friend list of the victim and then “cloning” a profile from that list, it is likely that the victim will accept due to the high amount of mutual friends and the name. This is when FBPwn really gets into action, saving all the HTML from the added friend which the developers say includes “info, images, tags”.

The potentially creepy tool is just a “proof of concept (PoC) to make the world aware of the social engineering techniques used in the underworld”, according to the creator who works in an IT security team. Adding “use it on your own risk and please do not abuse!”

The tool highlights how easy it is for totally strangers to socially engineer information out of users. Since most users rightly trust the name and mutual friends count to be true. The developers say “after a a few minutes, probably the victim will unfriend the fake account after he/she figures out it’s a fake, but probably it’s too late!”

In a full disclosure detailing reasons for releasing the project Ahmed Saafan, project owner,  said “I have taken a significant amount of time thinking about releasing the program or not for the same reasons that everybody is discussing, abuse.”

In one part of a reason, Saafan said “accepting friend requests for even the smallest period of time without manually verifying that the friend is actually who he claims to be, is an example of wrong actions that we wanted to demonstrate”.

Two steps that users can do to avoid being a target is setting the friends list to private and using lists to filter new friends into a high privacy list. To use the second list technique, create a new list for new friends, such as, “new friends”. Then go to the privacy settings and block the “new friends” lists from aspects of your profile on the new friends lists. When you trust the new friend you added, add them to a relevant list such as “work friends”.

Of course, one of the best ways users can protect themselves is to only add information they are comfortable sharing with the public on their profile.

Google Engineer Slams Google+ in Accidental Public Post

Steve Yegge, a software engineer at Google, inadvertently posted a rant which was over 4,500 words criticizing Google+ and Amazon. He has since took down the post saying he “contacted our internal PR folks and asked what to do, and they were also nice and supportive”, and decided himself to take the post down. However, as PC World points out the post is still available on other users’ Google+ homepages.

The post included an interesting insight into Amazon. Yegge said “I think the pubsub system and their library-shelf system were two out of the grand total of three things Amazon does better than Google” and said that each Amazon team hired their own staff and that the “hiring bar is incredibly inconsistent across teams”. Yegge also posted some of the tough management techniques which helped transform Amazon towards a service-oriented architecture.

“Google+ is a prime example of our complete failure to understand platforms from the very highest levels of executive leadership (hi Larry, Sergey, Eric, Vic, howdy howdy) down to the very lowest leaf workers (hey yo)” said Yegge and continued saying “The Google+ platform is a pathetic afterthought. We had no API at all at launch, and last I checked, we had one measly API call.”

Yegge noted that good products made at companies such as Microsoft and Apple relied on good API. He said that “a platform needs a killer app”, pointing out the games was “a look at the aftermarket” and that “the problem is that we are trying to predict what people want and deliver it for them.”

“We don’t do internal service-oriented platforms, and we just as equally don’t do external ones … the PMs don’t get it, the engineers don’t get it, the product teams don’t get it, nobody gets it” said Yegge, who believes that Google requires a culture change to succeed with Google+.

On deleting the post, Yegge noted that the company was very open with their staff and said that he knows “astoundingly little about Google” as it is such a large company.

Remove Yourself from Online Records with UnlistMy.Info

UnlistMy.Info helps users remove personal information from popular privacy-invading website which scour the internet for information to run background checks and people searches by listing opt-out information.

The website was announced on Reddit by Reddit user Cblaz, saying “I think the information is important and should be easily accessible to anyone who wants to protect their privacy.” The Redditor highlighted that they learned of how the remove the information from a post by LawyerCT and Pibbman who used a list of “top” websites and found removal instructions.

The original Reddit poster works at Albine, an online privacy startup, who offer the service for $75 and say “many smaller search sites rely on the big guys for their data, so deleting you from the big databases prevents them from feeding your information to sites across the web.”

Spokeo, just one infamous people search engine, is willing to reveal your email address, social network links and even your ethnicity, gender, wealth and home value all for a monthly or yearly fee. Julian M Bucknall, programmer and journalist in the United States, paid $15 for access to the profile to see what information they actually successfully collected. The results showed wide inconsistencies even though Bucknall publishes a blog, résumé and has public social network profiles.

Will Privacy Settings Help Google+ Beat Facebook?

Just May last year, more than 30,000 disgruntled users committed to end their Facebook account en-masse on Quit Facebook Day. ‘For us it comes down to two things: fair choices and best intentions. In our view, Facebook doesn’t do a good job in either department,’ the website owners told fans. Later they compared quitting Facebook similar to quitting cigarettes, humorously adding ‘having peer support helps, but the way to quit Facebook is not to start a group on Facebook about leaving Facebook.’

Meanwhile, Diaspora secured more than $200,000 of funding using Kickstarter for what they call ‘the privacy aware, personally controlled, do-it-all distributed open source social network,’ the group is yet to hit a stable release as of July 2011. In response, to all the media coverage of privacy policy, Facebook simplified privacy controls and made certain changes easier (though the memory of this event is still engraved in the back of many minds).

Though, Facebook allows users to download their account information, Facebook makes it hard to exit. Users must wait for two weeks in a ‘deactivation’ period, after these weeks the account is ‘permanently deleted from Facebook.’ Google already has a much easier system for users exiting services which have carried over to Google+.  One of the projects undertaken at Google is The Data Liberation Front, which allows users to easily exit from Google services. In a video (see above), a staff member says ‘we believe that if we make it easy for you to leave Google, we have to work just that much harder to make sure that you don’t want to.’

The very foundation that Google+ was built on is also very different from Facebook. Google+ makes uses of grouping friends (Circles), while most Facebook users don’t categorize friends using lists. By using Circles, the theory is that the information you want to share with your work friends , the people you meet at clubs and old school buddies are different.

Facebook still can make changes to better improve their friend list function to make it more visible but Google+ may just be the social network alternative that users are looking for.

New Adobe Flash Player 10.3 Allows Quick Clearing of Flash Cookies

The latest edition of Adobe Flash Player, version 10.3,will allow for the clearing of flash cookies in your browser privacy setting. Emily Huang from the Adobe Flash team blog saying this feature ‘streamlines the controls of the Flash Player privacy, security and storage settings within the local control panel of desktop OSes.’

The update is available for Windows, MacOS, Linux and Android from Adobe. Two desktop-only features of ‘acoustic echo cancellation’ for clearer audio and ‘media measurement’ for in-depth user statistics for developers. Auto-update notifications will also be coming for the MacOS.

It is expected that users of Android Honeycomb tablets will experience improved speed due to  a previous 10.2 Flash player upgrade for Android devices.

Previously to delete flash cookies the installation of an add-on was necessary, such as BetterPrivacy which can automatically delete flash cookies in Firefox.

How to Find Old Forgotten Accounts Online

Finding old accounts on the internet can be a pain, especially if they come back to bite in years to come! Here are some top solutions for finding the old accounts.

To uncover old accounts try using non-specialized search engines: Google and Bing. Search for old usernames and your name, don’t stop at page one continue past the tenth page to uncover old pages. If you haven’t been using them, most likely, they would have been pushed down the search results.

Next use a username checking service. One of the options is KnowEm, at the start it will only check the most popular social networks, though try using ‘check more social sites’ to gain access to more options (see below). Another useful site is Namechk, it is not as exhaustive as KnowEm but searches the most popular 160 websites. If the option is crossed out or not available, then the username has been registered and you’ve found yourself an old internet account.

Remember to try all the combinations of usernames you have used, to close old accounts follow the instructions at Delete Your Account.