Linked by Thom Holwerda on Tue 9th Oct 2012 21:18 UTC
Privacy, Security, Encryption As it turns out, new Verizon customers (although there are reports existing customers are getting notified too) have 30 days to opt out of something really nasty: Verizon will sell your browsing history and location history to marketers. Apparently, AT&T does something similar. Doesn't matter what phone - iOS, Android, anything. Incredibly scummy and nasty. I quickly checked my own Dutch T-Mobile terms, and they don't seem to be doing this.
Thread beginning with comment 538287
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[8]: Wow...
by Laurence on Thu 11th Oct 2012 09:37 UTC in reply to "RE[7]: Wow..."
Laurence
Member since:
2007-03-26


Really? The DPI contents reveals specific search terms, the videos you watch, etc. This is far more personal than knowing which IPs you've connected to.

It's the difference between knowing you've connected to ebay, or knowing exactly which products you've been browsing (*).

* Not that I know what ATT & Verizon are actually doing with the data, but there's no doubt the URL/contents can reveal much more about you than the IPs do.

Ahh yes, good point. I forgot that URIs and query strings are sent in the HTTP headers *facepalm*


Another thing to consider is that one's browser may be "leaky" regardless of the transport encryption. There is a chromium fork designed to strip out identifying bits from packets sent to google.

http://www.srware.net/en/software_srware_iron_chrome_vs_iron.php

Don't run Iron, it's a scam:
http://insanitybit.wordpress.com/2012/06/23/srware-iron-browser-a-r...

Reply Parent Score: 2

RE[9]: Wow...
by Alfman on Thu 11th Oct 2012 14:07 in reply to "RE[8]: Wow..."
Alfman Member since:
2011-01-28

Laurence,

"Don't run Iron, it's a scam:"

Your link made some valid points, however I feel it is overreaching to call it a scam, at worst it'd be FUD. If Iron does what it claims to do (stop the browser from phoning home), then it seems legitimate to me even if chrome could manually be configured in a similar manor.

I guess instead of creating a chrome fork, he could provide instructions to end users on how to disable the phone home mechanisms in mainline chrome, but it still might be more convenient to install a browser which isn't hard coded to call google by default in the first place.

I know when I install firefox, I go into about:config and strip out all references to google's web services, but what sucks is that this has to be repeated for each user account on the system. Once in a while I'll forget to do this for new accounts and the browser starts making unrequested connections to google. It would be better for me to have a firefox executable where defaults were not hardcoded to contact google.

Edit: I also install adblock, ghostery, etc, but it has to be repeated for each user/computer/etc... It would be useful to me if someone released a version with these configured as defaults. I could probably do it myself, but then it would be criticised as a scam ;)

Edited 2012-10-11 14:20 UTC

Reply Parent Score: 2

RE[10]: Wow...
by Laurence on Thu 11th Oct 2012 15:02 in reply to "RE[9]: Wow..."
Laurence Member since:
2007-03-26


Your link made some valid points, however I feel it is overreaching to call it a scam, at worst it'd be FUD.

The reason people call Iron a scam is because it's primary function is to trick people into downloading an unnecessary browser pure to get money from ad sales.

Granted it's a pretty harmless scam in that it doesn't directly hurt users (though I'd argue it does promote complacency, which is harmful).


If Iron does what it claims to do (stop the browser from phoning home), then it seems legitimate to me even if chrome could manually be configured in a similar manor.

I guess instead of creating a chrome fork, he could provide instructions to end users on how to disable the phone home mechanisms in mainline chrome, but it still might be more convenient to install a browser which isn't hard coded to call google by default in the first place.

You can disable most of what Iron does in regular Chrome and those that you cannot, are disabled in Chromium. Iron offers no security benefits what-so-ever.


Edit: I also install adblock, ghostery, etc, but it has to be repeated for each user/computer/etc... It would be useful to me if someone released a version with these configured as defaults. I could probably do it myself, but then it would be criticised as a scam ;)

It depends how you market it. If you advertised it as the a "secured version of Firefox", then you would be misleading people into believing you've fixed some security flaws within Firefox. However if you advertised it as "Firefox with more secure defaults", then that would be fine.

The problem is most people don't understand this stuff, and the Iron devs are deliberately exploiting those users for their own personal financial gain.

In many ways, they're little better than the fake security software and some inexperienced users fall for.

Reply Parent Score: 2