Way back in the 1990s, during the Q&A session after an EICAR presentation on social engineering, there was an animated discussion arising from some slides I'd

If you don’t remember the Rumble in the Jungle, it was a boxing match between George Foreman and Muhammed Ali. Back in 1974 names like Foreman and Ali were as famous as companies like Google and Facebook are now. Google, like the older Ali, has been taking punches in the early rounds of the social networking bout, but is this the rope-a-dope strategy? Can Google score a later round victory with Google Plus? Currently Google Plus has landed a couple of punches that Facebook has noticed, but the reigning title holder is nowhere close to the ropes right now.

With Google Plus growing from virtually nothing to 10 million users in two weeks and reportedly on the verge of doubling that a week later it seems that Google is landing some significant punches. Skeptics will point out the failed Google Buzz, however unlike when Google hired the Keystone Kops to design, manage, and execute the Buzz launch, Google appears to have put a more seasoned professional in charge of the launch of Google Plus. The launch has not been without hiccups, such as running out of disk space, but nothing has been done to doom the roll-out as was the case with Buzz.

Despite a high satisfaction rate reported among Facebook users, this does not mean that users cannot or will not be swayed to a better platform. Google Plus clearly presents a far more honest and intuitive grouping mechanism that is much more reflective of real life in almost all respects. Google Plus will clearly continue to grow rapidly for a while, however ultimately Google has control of its destiny. Google will continue to be hammered over privacy issues until it cleans up its act.

Despite misconceptions that other major companies claim similar rights to content, Google’s claims of perpetual and irrevocable ownership of ALL content a user submits may be its Achilles heel and dynamically differentiates Google from most other services.

Currently, under the Google’s Terms of Service, any content you post is theirs. Here specifically is section 11.1 of the Google Terms of Service.

11.1 You retain copyright and any other rights you already hold in Content which you submit, post or display on or through, the Services. By submitting, posting or displaying the content you give Google a perpetual, irrevocable, worldwide, royalty-free, and non-exclusive license to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any Content which you submit, post or display on or through, the Services. This license is for the sole purpose of enabling Google to display, distribute and promote the Services and may be revoked for certain Services as defined in the Additional Terms of those Services.

Understand that this appears to mean Google has the right to republish your email and even photos that they claim are uploaded to a private album. Google claims much broader ownership and acceptable use rights of your data than most, if not any other major online company. This is where Facebook can punish Google Plus.

Contrast Google’s wide open and unrestrained Terms of Service with Facebook’s terms.

Sharing Your Content and Information

You own all of the content and information you post on Facebook, and you can control how it is shared through your privacy and application settings. In addition:
1. For content that is covered by intellectual property rights, like photos and videos (“IP content”), you specifically give us the following permission, subject to your privacy and application settings: you grant us a non-exclusive, transferable, sub-licensable, royalty-free, worldwide license to use any IP content that you post on or in connection with Facebook (“IP License”). This IP License ends when you delete your IP content or your account unless your content has been shared with others, and they have not deleted it.
2. When you delete IP content, it is deleted in a manner similar to emptying the recycle bin on a computer. However, you understand that removed content may persist in backup copies for a reasonable period of time (but will not be available to others).
3. When you use an application, your content and information is shared with the application. We require applications to respect your privacy, and your agreement with that application will control how the application can use, store, and transfer that content and information. (To learn more about Platform, read our Privacy Policy and Platform Page.)
4. When you publish content or information using the “everyone” setting, it means that you are allowing everyone, including people off of Facebook, to access and use that information, and to associate it with you (i.e., your name and profile picture).
5. We always appreciate your feedback or other suggestions about Facebook, but you understand that we may use them without any obligation to compensate you for them (just as you have no obligation to offer them).

Currently Facebook offers users far better assurances of data privacy than Google does and that may be a tough body blow to repeatedly endure.

Google has a shot with Google Plus, but like Ali did when he fought Foreman, Google is going to have to change their strategy to maintain momentum and be a real contender.

Randy Abrams
Director of Technical Education
Cyber Threat Analysis Center
ESET North America

Go here to read the rest:
Is Google Plus the Rumble in the Jungle?

This is an impressive looking certificate isn’t it? You might think it means something significant, but then you might be wrong. How hard is it to pass the Internet and Child Safety Advocate certification test? Ask Hanna, a 9 year old (10 this weekend) girl who I met with her father at a local coffee shop. Hanna did not have access to the KidZafe training materials, but with her father’s permission I gave Hanna the certification test under the same conditions that “Kidzafe” gives the test. Hanna had 20 minutes to answer 8 out of 10 questions correctly and could immediately retake the test if she failed. Like me, Hanna did not achieve the 80% passing grade the first time through, but the second time she aced the test with a perfect 100% score. The only thing between 9 year old Hanna and “Certified Internet and Child Safety Advocate” is $149 and the legal right to enter into a contract. Yes, in about 12 minutes Hanna demonstrated the knowledge and understanding of the core competencies required to share the Keeping Kids Safe: An Internet and Mobile Safety Workshop™ program. Perhaps what is more troubling is that is the only thing a child predator or violent sex offender needs to become a “Certified Internet and Child Safety Advocate” is $149 and the ability to pass a test that takes a 9 year old about 12 minutes to successfully complete without ever seeing the certification coursework.

So, if the test is that easy to pass, what is the point of it? The point of it is to help Zamzuu sales people to trick parents, teachers, guidance counselors, librarians, preachers, and others into hosting meetings designed to generate sales leads. The certificate is a marketing brochure used to make a person appear to have a much higher level of expertise than the certification actually represents. The fact is that during the Kidzafe training, Tim Woda, one of the product owners and creators states that they are not trying to make the sales people experts.

Here’s how the pitch goes. A Zamzuu sales person contacts schools, churches, libraries and other organizations and indicates that as a local resident, Internet business owner and Certified Internet and Child Safety Advocate they would like to volunteer to present a free Internet and Mobile Safety Workshop. What these sales people don’t disclose is that this “workshop” is “a 45 minute interview” for business partners, customers, and referrals. The sales person, during the course of the workshop indicates they know of tools to help parents and asks parents to provide contact information. The whole workshop is an elaborate ruse to get leads to generate sales, recruit more sales people and obtain more referrals.

I must thank Nilda G. Thomas for tipping me off to this story. Nilda sent a comment to the ESET threat blog indicating that she is a Certified Internet and Child Safety Advocate and offered to be interviewed for the blog. That sounded pretty nice to me, but I don’t want to interview someone for the blog if they aren’t qualified to speak on the subject. I wondered what is a “Certified Internet and Child Safety Advocate”, who certifies them, and what does the certification mean? I sent Nilda an email and asked her “Can you provide me with some information about what organization certifies Internet Child Safety advocates?”

The response I received back avoided answering my question. Nilda told me that “If your followers are interested in becoming certified they will need to become an Internet Broker and can get licensed through me.” Nilda is not the “organization that certifies these alleged “advocates”. I thought that maybe Nilda didn’t understand the question, so I posed it differently. Nilda replied that “The certification covers protecting kids online from predators, bullies and sexting and how to protect their privacy and reputation on Facebook, MySpace, Twitter and on select mobile phones. The certification also trains you on how to conduct Internet and Mobile Safety Workshops. Wodabiz is the creator of our real-time child safety monitoring product KidZafe providing parents with alerts on who their child is frequently texting, communicating with on social media sites, and inappropriate language…of which I sell through my website”.

The certification training materials do provide some lightweight online child safety information, but the certification is not by any means an indicator of any significant knowledge or understanding of online child safety, much the less Internet safety. Much of the training information is statistics that are misused to create fear. For example, a statistic is quoted that 20% of kids have been sexually solicited online. The presenter goes on to state that “most of us never heard from our kids that they were sexually solicited online.” Do you see the twist? Most kids, 4 out of 5, have NEVER been sexually solicited online, yet to make parents believe that most kids have been the presenter states that “most of us never heard from our kids that they were sexually solicited online.” Of course not, because most of your kids were never sexually solicited online according to the statistics used. This is an example of creating fear, uncertainty, and doubt to create a need for the product that is to be sold. This statistic is further shattered by Larry Magid in slides 29-33 of his presentation at http://www.safekids.com/mommy.ppt. The speaker notes of slide 33 reveal that the real number was 1% and not 20%. This kind of insight is not useful to sell parental monitoring software, hype is far more effective.

In another example the statistic used is that 63% of teens said that they had been asked to meet offline by someone they hadn’t met before. This statistic is useful in understanding how society is interacting today, but it does not reveal a risk factor. There is no follow up about what percent of the meetings were in public places with parents or other trusted authority figures. There is no additional information provided about how often those meetings result in harm or if they ever result in a higher rate of harm than meeting someone at a school event, movie theater, or other physical venue where people encounter strangers on a daily basis. The idea is to raise fear, uncertainty and doubt in order to create the perception of need for the product to be sold.

In researching Kidzafe the more I learned the more distasteful the organization became to me. Tim Woda, allegedly a “nationally renowned Internet & Child Safety Advocate” (apparently he certified himself) with Hanna Masters appears to demonstrate how to deceive and lie while setting up and giving presentations. At the end of the prescribed workshop that the sales people trained are to present, they are encouraged to stress that they are volunteering and it isn’t their “day job” in order to foster the incorrect belief that it wasn’t a sales meeting. The fact is that the presenter is there doing business. The goal of the workshop is to make sales, recruit sales people and get referrals to do more of the same. In the product and sales training there is a place where Woda says NOT to ask the host to photocopy the handouts for the presentation. In the role playing he tells the pretend hostess that he went to the library on his lunch break to make photocopies of the handouts. When the hostess responds that she could have done that for him, Woda responds “well, too little too late, I didn’t think to ask…” What? “I didn’t think to ask?” The slide that is displayed as Woda goes through this exchange with Masters says “Don’t ask the host to photocopy your Parent Packs. Save your “ask” for something important!” Is that not encouraging the sales people to lie? Then Woda goes on to ask the hostess for a letter of reference for not making the photocopies. Is that not disgustingly manipulative? I suppose I should not be too surprised. KidZafe is sold by Zamzuu and Zamzuu is a subsidiary of YTB, Inc. In 2009 YTB settled a lawsuit with the state of California in which it was alleged that YTB was an unlawful endless chain scheme (pyramid scheme), and engaged in other deceptive and illegal practices. Part of the settlement included the payment of $400,000 in civil penalties though the total cost of the settlement for YTB was $1,000,000. In April of 2011 it was announced that YTB agreed to pay $150,000 as part of its settlement with the State of Illinois.

I’ve already mentioned the deception used to trick parents, teacher, preachers, and others into setting up workshops, but I’d like to show you another example. At http://www.examiner.com/family-issues-in-san-diego/internet-safety Vangie Akridge writes about Internet safety and includes an invitation to attend a “free workshop”. According to Vangie’s Facebook profile she is a Zamzuu Business Owner/Broker. If this “free workshop” was one of those thinly disguised KidZafe sales meetings that would be a violation of common journalistic integrity as Vangie does not disclose her financial interest in the workshop.

The domain “KidZafe.com” appears to have been registered on July 6 2010. Another site, www.kidzSafe.org was registered on October 1, 2007 and is a non-profit, charitable organization that helps teach parents and educators about child safety. The site www.kidsafe.com was registered on October 31, 2000 and addresses many areas of child safety as well. At www.kidsafe.me Woda refers to his product as “Kidsafe”. It certainly appears like typo squatting and/or an attempt to trick people into thinking they are someone who they are not, but there is more that leads me to this conclusion. On the Kidzafe webpage at the bottom there is a logo that reads “Parental Intelligence powered by FamilyConnect™. The logo is not linked, which often, but not always, is a sign of someone trying to hide something. A search for “FamilyConnect” turns up www.familyconnect.org, a website for parents of children with visual impairments. It appears that KidZafe is trying to ride on the reputation of FamilyConnect as well.

Although Kidzafe claims that they partner “with some of the nation’s leading privacy and cyber safety experts and child safety advocates”, none that I checked with had heard of them or partnered with them and a message to the Internet Crimes Against Children mailing list asking if anyone had heard of KidZafe yielded no results.

So, what is the service these people are trying to sell? Kidzafe is a parental monitoring service, or spyware, depending upon your point of view. The way it works is that you provide your child’s Myspace, Facebook, and/or Twitter account credentials to Kidzafe and then they monitor EVERYTHING your child does. If they spot certain words they inform the parents. It goes a lot deeper than that and they have a mobile app for Blackberry and Android phones that also monitors all text messages.

A while back, the Taser company came out with a mobile phone monitoring service that was just as spy-happy as the KidZafe program. In writing about this product it is stated that Dr. Patti Agatston, a licensed professional counselor with the Prevention/Intervention Center of the Cobb County School District in Georgia, thinks that technology like this “would probably do more harm than good” for most kids. “The only place I can see this is with kids who are already exhibiting dangerous behavior, such as kids who are in gangs,” she said. “In general, I don’t see this as an appropriate solution for the risky behaviors that are generating headlines because it’s still a relatively small percentage of kids who are engaging in those activities.

“Kids need to have some type of privacy, it’s developmentally appropriate as kids get older,” said Agatston. She added that “part of my fear is that this type of technology appeals to the type of parents who are already being too controlling in their children’s lives.” With these families, “kids will want to have nothing to do with their parents once they leave the home.”

A study by the Berkman Center for Internet and Society at Harvard University concludes that Minors are not equally at risk online. Those who are most at risk often engage in risky
behaviors and have difficulties in other parts of their lives. The psychosocial makeup of
and family dynamics surrounding particular minors are better predictors of risk than the use
of specific media or technologies.

So, the product being sold is likely to be of limited benefit and may more frequently cause significant and long term harm. All the same, if you are the type of parent who feels that extreme monitoring is warranted that is not my call to make, however I would caution you not to use this product. Given the deceptive nature in which I believe the product is presented and marketed I think it is wrong to hand over your child’s communications to such a company. The fact is that Kidzafe, if not Zamzuu and YTB, have access to your child’s entire profile and every post, and private message. Based on the information you have seen, does it sound reasonable to you to give your child’s information to such people. Note, and product that claims to be powered by “Parental Intelligence”, “FamilyConnect™” or “Uknow™” is likely to be placing your child’s information into the hands of a company owned at least in part by Tim Woda. Everything I have seen tells me that giving him your child’s communications is not a good idea.

To summarize this all, there is an army of sales people armed with highly misleading certifications, who appear to be encouraged to lie to and deceive parents, PTA officials, school officials and church clergy in order to hold sales meetings that are euphemistically referred to as free workshops in order to sell a service that some experts claim would do more harm than good to address a problem that is significantly exaggerated.

Randy Abrams
Director of Technical Education
Cyber Threat Analysis Center
ESET North America

PS. For a partial listing of the components of Internet and child safety that the certification course does not cover, read on…

Firewalls – No
Wireless routers – No
Public Wifi – No
Computer viruses – No
Rogue antivirus/security software – No
Other malware – No
Phishing – No
Identity theft protection/response – No
Strong Passwords, Password reset questions, Changing Passwords – No
Configuring privacy settings for Facebook/Myspace/Twitter – No
Updating operating systems, security software, any software – No
Securing mobile devices – No
Encryption of data – No
Use of Https protocol – No
Intrusion detection/prevention software – No

Child Safety Education?

Drowning prevention – No
Traffic safety – No
Date rape – No
“Knowing my rules for safety” from the National Center for Missing & Exploited Children – No
Eating disorders – No
Health and Nutrition – No
Exercise – No
Family fire escape plan – No
Being approached in person by strangers – No

Go here to read the rest:
Parents, Teachers, Schools and Churches Sieged by Zamzuu’s KidZafe Sales Force

In a ComputerWorld article Gregg Kaiser cites a Microsoft engineer as saying that the trojan that Microsoft calls “Popureb” digs so deeply that the only way to eradicate it is to reinstall the operating system.

If you read the Microsoft blog Feng didn’t actually say that this is the only way to eradicate the trojan. In fact, the advice to restore a system to its factory state is wise advice for many infections. If the MS tool fixmbr can fix the MBR and the recovery CD and eradicate the trojan, then there are most definitely other programmatic means to remove the trojan, but that is not the whole picture.

When a malicious program that can download other programs is installed it can install all kinds of other malicious programs and there is no guarantee that any AV product in the world can detect all of them. The bad guys have the resources for quality control and can test their software to ensure that no product detects their malware initially. Using anti-virus means that you find what the product knows, not that you found everything.

If maximum system security is a high priority, then a restore to a known clean state is often the only assurance of a clean machine. The one critical piece of advice that was missing from the blog and the ComputerWorld article is that it is essential that when you clean up after such an infection, regardless if you disinfect or reinstall the OS, you have to use a new login password. If you keep other passwords on your computer in an unencrypted file, then you need to change all of those as well.

Randy Abrams
Director of Technical Education
Cyber Threat Analysis Center
ESET North America

Follow this link:
Windows Rootkit Requires Reinstall?

Quite rightly, such notables as Paul Ducklin and our own Randy Abrams have poured scorn on the idea of the “indestructible botnet”: indeed, Randy remarked:

“Calling the botnet indestructible is tantamount to calling the Internet unsustainable … I suspect that, in time, we'll discover the 'T' in TDL stands for 'Titanic,' and a currently unseen iceberg will sink it.”

I don’t think there’s such a thing as an indestructible botnet. TDSS is somewhat innovative. It's introduced

Yet another Facebook Clickjacking attack is making the rounds. This time the message shows as below.

A right-click (not left) will allow you to copy the source location and open the link in a protected environment. The link brings up the following image

The “Jaa” button is actually a “Share” button and will post the first picture on your wall. Following the links leads to a survey for which the attackers almost certainly get paid if you complete it. Following through with the “surveys” leads to a YouTube video of a clothed woman on a webcam that is a thinly disguised advertisement for a “sexy webcam” site.

You know, Facebook has their Facial recognition “feature”. Perhaps it is time to recognize a legitimate “share” button too. The current functionality of the Facebook share feature means that users have to know how to inspect links in order to safely use Facebook.

Randy Abrams
Director of Technical Education
Cyber Threat Analysis Center
ESET North America

Continue reading here:
Well That Was Embarrassing

As website appear to fall to hacks like the rain falls in Seattle, the question du jour doesn’t change from day to day. The same question is always asked… “Did Anonymous perform the attack?”

What do all of these links below have in common? You don’t have to read them, I’ll tell you..

http://sdchamber-members.org/Business%20Online%202009-10/Business%20Action%20Online%20May%202010/Business%20Action%20Online%20May%20ESET.html
http://www.theregister.co.uk/2008/03/17/scientology_anonymous_round_three/
http://mashable.com/2011/02/19/anonymous-westboro/
http://www.bbc.co.uk/news/technology-12535456
http://www.democraticunderground.com/discuss/duboard.php?az=show_mesg&forum=439&topic_id=572223&mesg_id=572590
http://www.theregister.co.uk/2010/12/13/amazon_outage_not_anonymous/
http://www.depravedmindset.com/2010/12/is-wikileaks-controversy-playing.html
http://topstoriesmilwaukee.com/uncategorized/attack-of-the-anonymous/
http://www.wowmaterials.com/2011/05/06/battle-of-the-immortals-turns-one/

In all of these links the group referred to as “Anonymous” denies responsibility. This is an exceptionally odd claim for anonymous to make, and here is why. In an article in the Huffington Post it is stated that “Anyone who claims to be acting under the banner of Anonymous is by virtue of that fact a member of Anonymous“. What this implies is that if you are a member of Anonymous and you carried out the attack, then you can claim responsibility on behalf of Anonymous, however, if you didn’t carry out the attack you don’t know if someone who claims to be a member of Anonymous carried out the attack or didn’t. At best, unless a group that knows that none of its members are also members of Anonymous claims responsibility, the best Anonymous can do is neither confirm nor deny involvement.

In reality, Anonymous can neither confirm nor deny that this blog was written by a member of Anonymous!

Randy Abrams
Director of Technical Education
Cyber Threat Analysis Center
ESET North America

Read more from the original source:
I Can Neither Confirm nor Deny

Today, June 8th Sony Pictures published a consumer alert on their site http://www.sonypictures.com/corp/consumeralert.html. The alert is about the data breach that was not discovered by Sony, but rather shoved in Sony’s face on June 2nd and specific details were confirmed by the Associated Press on June 3rd.

Despite the fact that it was confirmed that actual user email addresses and unencrypted passwords were compromised, the alert says “Sony Pictures Entertainment (SPE) has provided notice to the approximately 37,500 people who may have had some personally identifiable information stolen during the recent attack on sonypictures.com.”

People who *may* have had personally identifiable information stolen? Yeah, those who provided fake email addresses and passwords are ok, but many users obviously DID have personally identifiable information stolen as well as their passwords. This is not a smart time for Sony to be couching their language or trying to minimize the damage of the breach.

Sony does claim that they will be providing a complimentary ID theft protection service, but the details of the offering will understandably be sent to the victims separately.

If the various Sony properties had better communications you would expect that it would not have taken six days to get the consumer alert posted. Clearly Sony has a significant challenge in front of them in figuring out how to secure their properties and get incident response and alerting completed in a timely manner.

Man I hope this is the last time I have to mention Sony in a blog for a long time!

Randy Abrams
Director of Technical Education
Cyber Threat Analysis Center
ESET North America

View original post here:
Sony Says Personally Identifiable Information Might Have Been Stolen

A couple of days ago I blogged about a disturbing new way that Facebook was sharing information without notification or authorization. A friend of mine pointed me to an article on ZDNET that described the issue and what was happening. The “feature” is called “Instant Personalization” and the concept is simple. The concept is not comprehensible, but it is simple. I go to Yelp to read reviews about the gym that is closest to my house and Yelp shows me what a friend 1,000 miles away is up to. This somehow is supposed to be fun and relevant to me as I read about how the gym has a history of making it difficult to cancel memberships. Make sense? It does to Facebook and Yelp somehow. I’m sure this isn’t the finest example. I’m sure if you were searching for an Alcoholics Anonymous Chapter near you that Bing would show you what friends are in the bar right now, and Facebook thinks that’s a brilliant application of technology.

After publishing the blog, another friend checked his account settings and found that Instant personalization isn’t available to him at this instant, but that it has already been pre-enabled for deployment and he is not allowed to opt out of it. The check box is grayed out so he cannot deselect it. Paul Laudanski covers this option in his Facebook Privacy: An Easy How-to Guide to Protecting Yourself. What will happen is at some random point in time, Facebook will go to great lengths to avoid letting him know that they have enabled the feature and are automatically authorizing apps without asking him if he wants them. These apps will share varying degrees of his data with third parties and without his knowledge and Facebook plans do to the same thing to you if they haven't already.

Facebook has taken away your ability to approve an app before it is installed and is sharing your data without notification or approval.

The only reasonable option Facebook provides to allow you to prevent them from signing up corporate stalkers is for you to disable ALL platform apps.

You’ve been warned.

Randy Abrams
Director of Technical Education
Cyber Threat Analysis Center
ESET North America

Go here to see the original:
Facebook Invites Stalkers to Your Profile

What’s wrong with this picture?

Yes, that’s right, I am using Google’s incognito mode and Clicker knows exactly who I am!

I have previously blogged here and here about Facebook’s instant personalization, but let me spell it out for you. Facebook “Instant Personalization” destroys Google Chrome’s “Incognito mode”. There is nothing incognito about opening a clean browser with no cookies and going to a website you have never visited before and being called by name with your picture on the web page. Facebook and “Instant Personalization” partner sites deliberately ignores your obvious and explicit instructions NOT to track you.

In October 2010 Gigaom.com posted an article http://gigaom.com/2010/10/13/bing-launches-facebook-instant-personalization/ that claimed “Microsoft today launched social search features for Bing created in partnership with Facebook. The two companies are teaming up to take on their common enemy: Google.” Perhaps there is truth to that.

It is mind-boggling that Microsoft’s Bing ran an end game around the Microsoft Internet Explorer team by also defeating IE9’s “InPrivate Browsing” and poor Mozilla was caught in the crossfire as Microsoft and Facebook sneak around Firefox’s Private browsing feature as well. Apple’s Safari browser’s privacy mode was also hunted down and shot.

Let’s call it like it is. Facebook rolls out a “feature” that deliberately over-rides a user’s explicitly expressed desire to browse in privacy without tracking. Perhaps I should be thanking Facebook for exposing the pure and utterly misleading notion that these browsers offer a “private” browsing experience. You might be interested to see how much information your browser reveals by going to https://panopticlick.eff.org and running their test. In the meantime we’ll do a bit more investigating here to see if we can determine or maybe Facebook will simply tell us how they are running around the browser privacy modes.

It is true that in the above example “Clicker.com” does offer to let me disable their unauthorized Facebook enabled spying, however this does not happen until private browsing has already been subverted by Facebook. It would be very interesting if a legal team put these tactics to the test of whether or not it qualifies as unauthorized access to deliberately defeat “in private” browsing features without informed consent.

Having worked at Microsoft I can imagine how completely frustrating it must be for internal Microsoft privacy advocates to have to stand idle and watch Bing override Internet Explorer’s “InPrivate” browsing feature. Perhaps for IE10 Microsoft can make more open labels and claims of what the browser can really do.

The whole issue would have been avoided had Facebook had the decency to let users choose BEFORE they sabotage your browser and privacy.

Randy Abrams
Director of Technical Education
Cyber Threat Analysis Center
ESET North America

Originally posted here:
Facebook and Microsoft De-cloak Chrome – MS Neuters Their Privacy Advocate