online privacy | Breaking Cybersecurity News | The Hacker News

Are your tags really safe with Google Tag Manager? If you've been thinking that using GTM means that your tracking tags and pixels are safely managed , then it might be time to think again. In this article we look at how a big-ticket seller that does business on every continent came unstuck when it forgot that you can't afford to allow tags to go unmanaged or become misconfigured.  Read the full case study here . Google Tag Manager saves website owners time and money. Its visual interface lets them attach tracking tags to their sites and then modify them as needed without the need to call a developer every time. Such tags gather the marketing and analytics data that power growth, and GTM makes them easier to manage, but with strict rules around data privacy to consider, you can't trust it completely; it needs active oversight. The ticket seller A case in point that we recently became aware of involves a global company that sells tickets to live events. With global operations i...

End-to-end encrypted (E2EE) messaging app Signal said it's piloting a new feature that allows users to create unique usernames (not to be confused with profile names) and keep the phone numbers away from prying eyes. "If you use Signal, your phone number will no longer be visible to everyone you chat with by default," Signal's Randall Sarafa  said . "People who have your number saved in their phone's contacts will still see your phone number since they already know it." Setting a new username requires account holders to provide two or more numbers at the end of it (e.g., axolotl.99) in an effort to keep them "egalitarian and minimize spoofing." Usernames can be changed any number of times, but it's worth noting that they are not logins or handles. Put differently, a username is an anonymous way to initiate conversations on the chat platform without having to share phone numbers. The feature is opt-in, although Signal said it's also taking steps to hide by default users' phone ...

Vulnerability Management (VM) has long been a cornerstone of organizational cybersecurity. Nearly as old as the discipline of cybersecurity itself, it aims to help organizations identify and address potential security issues before they become serious problems. Yet, in recent years, the limitations of this approach have become increasingly evident.  At its core, Vulnerability Management processes remain essential for identifying and addressing weaknesses. But as time marches on and attack avenues evolve, this approach is beginning to show its age. In a recent report, How to Grow Vulnerability Management into Exposure Management (Gartner, How to Grow Vulnerability Management Into Exposure Management, 8 November 2024, Mitchell Schneider Et Al.), we believe Gartner® addresses this point precisely and demonstrates how organizations can – and must – shift from a vulnerability-centric strategy to a broader Exposure Management (EM) framework. We feel it's more than a worthwhile read an...

Google has announced plans to officially flip the switch on its twice-delayed  Privacy Sandbox  initiatives as it slowly works its way to deprecate support for third-party cookies in Chrome browser. To that end, the search and advertising giant said it intends to phase out third-party cookies for 1% of Chrome users globally in the first quarter of 2024. "This will support developers in conducting real world experiments that assess the readiness and effectiveness of their products without third-party cookies," Anthony Chavez, vice president of Privacy Sandbox at Google,  said . Prior to rolling this out, Google said it would introduce the ability for third-party developers to simulate the process for a configurable subset of their users (up to 10%) in Q4 2023. Google further emphasized that the plans have been designed and developed with regulatory oversight and input from the U.K.'s Competition and Markets Authority ( CMA ), which is overseeing the implementation to...

Researchers have uncovered a potential means to profile and track online users using a novel approach that combines device identifiers with their biometric information. The details come from a newly published research titled "Nowhere to Hide: Cross-modal Identity Leakage between Biometrics and Devices" by a group of academics from the University of Liverpool, New York University, The Chinese University of Hong Kong, and University at Buffalo SUNY. "Prior studies on identity theft only consider the attack goal for a single type of identity, either for device IDs or biometrics," Chris Xiaoxuan Lu, Assistant Professor at the University of Liverpool, told The Hacker News in an email interview. "The missing part, however, is to explore the feasibility of compromising the two types of identities simultaneously and deeply understand their correlation in multi-modal IoT environments." The researchers presented the findings at the Web Conference 2020 held...

Cybersecurity has been regarded as a necessity for all computer users, especially today when data breaches and malware attacks have become rampant. However, one of the more overlooked aspects of cybersecurity is the prevention of other forms of cybercrime, such as the spread of harmful content and predatory behavior. Most current discussions on cybersecurity revolve around organizations needing to protect customer data or for individual users to prevent their sensitive data from being intercepted. However, given the prevalence of toxic behavior, it's about time the cybersecurity community also gives internet safety, especially for children and younger users, its due attention. Israel-based startup L1ght aims to curb the spread of bad behavior online. It uses artificial intelligence (AI) and machine learning (ML) to detect harmful content, hate speech, bullying, and other predatory behavior in social networks, communication applications, and online video games. The firm ...

Google has finally agreed to pay $170 million fine to settle allegations by the Federal Trade Commission and the New York attorney general that its YouTube service earned millions by illegally harvesting personal information from children without their parents' consent. The settlement requires Google to pay $136 million to the FTC and an additional $34 million fine to New York state for allegedly violating the Children's Online Privacy Protection Act (COPPA) Rule. The COPPA rule requires child-directed websites and online services to explicitly obtain parental consent before collecting personal information from children under the age of 13 and then using it for targeted advertising. However, an FTC investigation [ PDF ] against Google's video service for children, called YouTube Kids, revealed that it had illegally gathered kids' data under 13. The data also includes children' persistent identification codes used to track a user's Internet browsing hab...

Apple today announced some major changes to its controversial 'Siri audio grading program' following criticism for employing humans to listen to audio recordings of users collected via its voice-controlled Siri personal assistant without their knowledge or consent. The move came a month after The Guardian reported that third-party contractors were regularly listening to private conversations of Apple users giving voice commands to Siri in a bid to improve the quality of its product's response. While the data received by the contractors were anonymized and not associated to Apple devices, the private conversations—which also includes private discussions between doctors and patients, business deals, seemingly criminal dealings, people having sex and so on—sometimes reveal identifiable details like a person's name or medical records. In response to the backlash Apple received after the report went public, the company initially responded by temporarily suspending ...

Google today announced a new initiative—called Privacy Sandbox —in an attempt to develop a set of open standards that fundamentally enhances privacy on the web while continuing to support a free, open and democratic Internet through digital advertisements. A lot of websites on the Internet today, including The Hacker News, rely on online advertisements as their primary source of funding to operate and keep their professionally created content open and freely accessible to everyone. However, with the evolution of online advertising, the targeted advertisement technologies have become too much invasive because of involved intrusive practices and more prudent approaches to accurately curate users' personal information, thereby raising serious privacy concerns among Internet users. In its latest blog post , Google acknowledged that ad tracking is "now being used far beyond its original design intent," but also highlights that unplanned attempts to address privacy con...

Well, here we have great news for Facebook users, which is otherwise terrible for marketers and publishers whose businesses rely on Facebook advertisement for re-targeted conversations. Following the Cambridge Analytica scandal , Facebook has taken several privacy measures in the past one year with an aim to give its users more control over their data and transparency about how the social media giant and other apps on its platform use that data. Now in its new effort, Facebook has launched a new privacy feature that allows its users to control data that the social media platform receives from other apps and websites about their online activity. Dubbed " Off-Facebook Activity ," the feature was initially announced by Facebook CEO Mark Zuckerberg last year as "Clear History," allowing users to clear the data that third-party websites and apps share with Facebook. "Off-Facebook Activity lets you see a summary of the apps and websites that send us infor...

FaceApp—the AI-powered photo-morphing app that recently gone viral for its age filter but hit the headlines for its controversial privacy policy—has been found collecting the list of your Facebook friends for no reason. The Russian-made FaceApp has been around since the spring of 2017 but taken social media by storm over the course of the past few weeks as millions of people downloaded the app to see how they would look when they are older or younger, or swap genders. The app also contains a feature that allows users to download and edit photos from their Facebook accounts, which only works when a user enables FaceApp to access the social media account via the 'Login with Facebook' option. As you can see in the screenshot above, besides requesting for access to your basic profile information and photos, FaceApp also fetches the list of your Facebook friends "who also use and have shared their friends' lists with FaceApp." Have you yet asked yourself why...

The Federal Trade Commission (FTC) today officially confirmed that Facebook has agreed to pay a record-breaking $5 billion fine over privacy violations surrounding the Cambridge Analytica scandal . Besides the multibillion-dollar penalty, the company has also accepted a 20-year-long agreement that enforces it to implement a new organizational framework designed to strengthen its data privacy practices and policies. The agreement requires Facebook to make some major structural changes, as explained below, that will hold the company accountable for the decisions it makes about its users' privacy and information it collects on them. "The order requires Facebook to restructure its approach to privacy from the corporate board-level down, and establishes strong new mechanisms to ensure that Facebook executives are accountable for the decisions they make about privacy and that those decisions are subject to meaningful oversight," the FTC said in a press release . Ac...

As promised, Mozilla has finally enabled "Enhanced Tracking Protection" feature on its Firefox browser by default, which from now onwards would automatically block all third-party tracking cookies that allow advertisers and websites to track you across the web. Tracking cookies, also known as third-party cookies, allows advertisers to monitor your online behavior and interests, using which they display relevant advertisements, content, and promotions on the websites you visit. Which makes sense as no one likes to waste time in watching advertisements and offers that are not of one's interest. However, since tracking cookies gather way more information without requiring users' explicit permissions and there is no control over how companies would use it, the technique also poses a massive threat to users' online privacy. To limit this extensive tracking, Mozilla included the "Enhanced Tracking Protection" option as an experimental feature in Octo...

Twitter just admitted that the social network accidentally revealed some Android users' protected tweets to the public for more than 4 years — a kind of privacy blunder that you'd typically expect from Facebook . When you sign up for Twitter, all your Tweets are public by default, allowing anyone to view and interact with your Tweets. Fortunately, Twitter also gives you control of your information, allowing you to choose if you want to keep your Tweets protected. Enabling "Protect your Tweets" setting makes your tweets private, and you'll receive a request whenever new people want to follow you, which you can approve or deny. It's just similar to private Facebook updates that limit your information to your friends only. In a post on its Help Center on Thursday, Twitter disclosed a privacy bug dating back to November 3, 2014, potentially caused the Twitter for Android app to disable the "Protect your Tweets" setting for users without their k...

Kickass Torrents (KAT cr) was once a hugely popular online portal, renowned for its vast archive of movies, music, TV shows, and other media. It was a treasure trove for those seeking rare content and for users looking to share their creations. However, Kickass Torrents faced significant opposition. The movie and music industries saw the site as a threat to their revenue, accusing it of promoting copyright infringement. Despite this, the Kickass Torrents team continued to advocate for its users, claiming they were providing a valuable service. The Downfall and Resurgence of Kickass Torrents Eventually, legal action caught up with Kickass Torrents. In July 2017, U.S. authorities shut down the site after its owner, Artem Vaulin, was charged with allowing the distribution of copyrighted material. Following the shutdown, a group of loyal contributors founded the Katcr.co forum, aiming to restore the popular torrent site to its former glory. Many wondered if this was the end for Kicka...

Facebook has admitted that the company gave dozens of tech companies and app developers special access to its users' data after publicly saying it had restricted outside companies to access such data back in 2015. It's an unusual clear view of how the largest social networking site manages your personal information. During the Cambridge Analytica scandal revealed March this year, Facebook stated that it already cut off third-party access to its users' data and their friends in May 2015 only. However, in a 747-page long document [ PDF ] delivered to Congress late Friday, the social networking giant admitted that it continued sharing data with 61 hardware and software makers , as well as app developers after 2015 as well. The disclosure comes in response to hundreds of questions posed to Facebook CEO Mark Zuckerberg by members of Congress in April about its company's practices with data of its billions of users. The Washington Post reported that the company...